Page 1 of 2
https rewrite problems
Posted: Thu Mar 14, 2013 7:12 am
by gambolputty
Greetings,
I searched for previous threads on this topic, but the most recent that I found was from October 2011, so I hope I don't ruffle too many feathers by starting a new thread instead of resurrecting an old one.
My ultimate goal is to use SSL and force https traffic, and use mod_rewrite to make the URL appear as "
https://nagios.ourdomain.com" instead of "
https://nagios.ourdomain.com/nagioxi". I've installed Nagios XI 2012R1.6 on a fresh install of RHEL 6.2 on x86_64.
To that end, I have successfully configured /etc/httpd/conf.d/ssl.conf to point to our cert and chain file. I added the following three lines in /etc/httpd/conf/http.conf within the <Directory "/var/www/html"> stanza:
Code: Select all
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://nagios.stsci.edu/$1 [R,L]
This seems to be working on a basic level. I can enter "nagios.ourdomain.com" into a browser and get redirected to the welcome page at
https://nagios.ourdomain.com. Logging in is fine, working through much of the content is fine. My problem appears when I go into Configure -> Core Config Manager -> Hosts (or Services, Host Groups, or Service Groups). The page loads fine, I see the localhost configured, but if I make a small edit and click on the "Apply Configuration" button, I get taken to the "Applying Configuration" page where the dots after "Waiting for configuration verification.........." just grow and grow.
I can run the "nagios -v nagios.cfg" command from the command line and see that it verifies cleanly. This is still a relatively fresh install with only the localhost configured after all. My research in these forums and elsewhere on the web seems to indicate that my rewrite rule may be gumming up the works somehow. What can I do to get these configuration changes to succeed through the web UI?
Please let me know if I can provide any additional information.
Thanks in advance.
Re: https rewrite problems
Posted: Thu Mar 14, 2013 8:42 am
by scottwilkerson
gambolputty wrote:so I hope I don't ruffle too many feathers by starting a new thread instead of resurrecting an old one.
We prefer this
If you go to CCM -> Config Manager Admin -> Manage Config Access
is the "Server Protocol*" set to https?
Re: https rewrite problems
Posted: Thu Mar 14, 2013 9:45 am
by gambolputty
Thanks for the quick reply.
I believe you meant to ask about CCM -> Config Manager Admin -> Config Manager Settings, not the Manage Config Access link. Yes, I do have https specified as the server protocol on that page.
I was able to clear up some weirdness that I believe was related to a poorly writted Apache ReWrite rule. I had an apache guru from the office just give me a hand, so it seems that part of it is now settled. However, I still have the unending "Waiting for configuration verification........................" when applying a configuration.
I can run /usr/local/nagios/bin/nagios -v ./nagios.cfg from the command line successfully. I see the one host checked, and only 2 contacts, etc.
Re: https rewrite problems
Posted: Thu Mar 14, 2013 9:55 am
by slansing
Can you run the following and report the output?:
Before you Apply Configuration please run the following:
Code: Select all
tail -f /usr/local/nagiosxi/var/cmdsubsys.log
Then Apply Configuration, once it has had a minute or so to chew please post the output from that log tail as well.
Re: https rewrite problems
Posted: Thu Mar 14, 2013 10:23 am
by gambolputty
Sure thing:
Code: Select all
[root@plnagiosv1 etc]# tail -30 /var/log/httpd/error_log
[Tue Mar 12 01:24:37 2013] [error] [client 130.167.180.45] script '/var/www/cgi-bin/comments.php' not found or unable to stat
[Wed Mar 13 15:22:04 2013] [error] [client 130.167.180.45] script not found or unable to stat: /var/www/cgi-bin/kvm.cgi
[Thu Mar 14 07:45:19 2013] [notice] caught SIGTERM, shutting down
[Thu Mar 14 07:45:20 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Mar 14 07:45:20 2013] [notice] Digest: generating secret for digest authentication ...
[Thu Mar 14 07:45:20 2013] [notice] Digest: done
[Thu Mar 14 07:45:21 2013] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
[Thu Mar 14 10:25:20 2013] [notice] SIGHUP received. Attempting to restart
[Thu Mar 14 10:25:20 2013] [notice] Digest: generating secret for digest authentication ...
[Thu Mar 14 10:25:20 2013] [notice] Digest: done
[Thu Mar 14 10:25:20 2013] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
[Thu Mar 14 10:32:55 2013] [notice] SIGHUP received. Attempting to restart
[Thu Mar 14 10:32:55 2013] [notice] Digest: generating secret for digest authentication ...
[Thu Mar 14 10:32:55 2013] [notice] Digest: done
[Thu Mar 14 10:32:55 2013] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
[Thu Mar 14 10:42:54 2013] [notice] caught SIGTERM, shutting down
[Thu Mar 14 10:42:54 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Mar 14 10:42:54 2013] [notice] Digest: generating secret for digest authentication ...
[Thu Mar 14 10:42:54 2013] [notice] Digest: done
[Thu Mar 14 10:42:54 2013] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
[Thu Mar 14 11:17:34 2013] [notice] caught SIGTERM, shutting down
[Thu Mar 14 11:17:35 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Mar 14 11:17:35 2013] [notice] Digest: generating secret for digest authentication ...
[Thu Mar 14 11:17:35 2013] [notice] Digest: done
[Thu Mar 14 11:17:35 2013] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
[Thu Mar 14 11:17:47 2013] [notice] caught SIGTERM, shutting down
[Thu Mar 14 11:18:18 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Mar 14 11:18:18 2013] [notice] Digest: generating secret for digest authentication ...
[Thu Mar 14 11:18:18 2013] [notice] Digest: done
[Thu Mar 14 11:18:18 2013] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
The 'script not found' error was from earlier this morning, before I had help with the rewrite rule.
Code: Select all
[root@plnagiosv1 etc]# tail -f /usr/local/nagiosxi/var/cmdsubsys.log
tail: cannot open `/usr/local/nagiosxi/var/cmdsubsys.log' for reading: No such file or directory
I also did a "updatedb" and "locate cmdsubsys.log" to see if there was a typo in the path you provided, but the locate command returned 0 for that filename.
Re: https rewrite problems
Posted: Thu Mar 14, 2013 10:48 am
by abrist
Try the steps from the following link:
http://support.nagios.com/wiki/index.ph ... n_Problems
Post the "reconfig.txt" and "cmd.txt" files in code wraps.
Re: https rewrite problems
Posted: Thu Mar 14, 2013 2:09 pm
by gambolputty
Thanks again for the prompt reply. Here are the results. I did a quick sed replace for our domain to 'ourdomain.com' in the output of reconfig.txt. I did the same for the password. Should i be concerned about the certificate mismatch warnings? Where can I change the value nagios is using as the requested host name from localhost?
Code: Select all
[root@plnagiosv1 scripts]# cat reconfig.txt
URL: https://localhost/nagiosql/index.php
CMDLINE
/usr/bin/wget --save-cookies nagiosql.cookies --keep-session-cookies https://localhost/nagiosql/index.php --no-check-certificate --post-data 'Submit=Login&tfUsername=nagiosxi&tfPassword=somepassword' -O nagiosql.login--2013-03-14 13:31:01-- https://localhost/nagiosql/index.php
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:443... connected.
WARNING: certificate common name “*.ourdomain.com” doesn’t match requested host name “localhost”.
HTTP request sent, awaiting response... 302 Found
Location: https://localhost/nagiosql/admin.php [following]
--2013-03-14 13:31:01-- https://localhost/nagiosql/admin.php
Connecting to localhost|::1|:443... connected.
WARNING: certificate common name “*.ourdomain.com” doesn’t match requested host name “localhost”.
HTTP request sent, awaiting response... 200 OK
Length: 5286 (5.2K) [text/html]
Saving to: “nagiosql.login”
0K ..... 100% 40.5M=0s
2013-03-14 13:31:02 (40.5 MB/s) - “nagiosql.login” saved [5286/5286]
LOGIN SUCCESSFUL!
IMPORTING CONFIG FILES...URL: https://localhost/nagiosql/admin/import.php
Array
(
[0] => f7cdf7rd.tmp.cfg
)
IMPORTING /usr/local/nagios/etc/import/f7cdf7rd.tmp.cfg
CMDLINE:
/usr/bin/wget --load-cookies=nagiosql.cookies https://localhost/nagiosql/admin/import.php --no-check-certificate --post-data 'chbOverwrite=1&selImportFile[]=/usr/local/nagios/etc/import/f7cdf7rd.tmp.cfg' -O nagiosql.import.monitoring
--2013-03-14 13:31:02-- https://localhost/nagiosql/admin/import.php
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:443... connected.
WARNING: certificate common name “*.ourdomain.com” doesn’t match requested host name “localhost”.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: “nagiosql.import.monitoring”
0K .......... . 5.61M=0.002s
2013-03-14 13:31:02 (5.61 MB/s) - “nagiosql.import.monitoring” saved [11784]
RESETTING PERMS
SETUID ROOT OK
URL: https://localhost/nagiosql/index.php
CMDLINE
/usr/bin/wget --save-cookies nagiosql.cookies --keep-session-cookies https://localhost/nagiosql/index.php --no-check-certificate --post-data 'Submit=Login&tfUsername=nagiosxi&tfPassword=somepassword' -O nagiosql.login--2013-03-14 13:31:02-- https://localhost/nagiosql/index.php
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:443... connected.
WARNING: certificate common name “*.ourdomain.com” doesn’t match requested host name “localhost”.
HTTP request sent, awaiting response... 302 Found
Location: https://localhost/nagiosql/admin.php [following]
--2013-03-14 13:31:02-- https://localhost/nagiosql/admin.php
Connecting to localhost|::1|:443... connected.
WARNING: certificate common name “*.ourdomain.com” doesn’t match requested host name “localhost”.
HTTP request sent, awaiting response... 200 OK
Length: 5286 (5.2K) [text/html]
Saving to: “nagiosql.login”
0K ..... 100% 39.9M=0s
2013-03-14 13:31:02 (39.9 MB/s) - “nagiosql.login” saved [5286/5286]
LOGIN SUCCESSFUL!
URL: https://localhost/nagiosql/admin/verify.php
CMDLINE:
/usr/bin/wget --load-cookies=nagiosql.cookies https://localhost/nagiosql/admin/verify.php --no-check-certificate --post-data 'writeMonitoring=Go' -O nagiosql.export.monitoring
--2013-03-14 13:31:02-- https://localhost/nagiosql/admin/verify.php
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:443... connected.
WARNING: certificate common name “*.ourdomain.com” doesn’t match requested host name “localhost”.
HTTP request sent, awaiting response... 200 OK
Length: 7096 (6.9K) [text/html]
Saving to: “nagiosql.export.monitoring”
0K ...... 100% 41.8M=0s
2013-03-14 13:31:03 (41.8 MB/s) - “nagiosql.export.monitoring” saved [7096/7096]
WRITE CONFIGS SUCCESSFUL!
--2013-03-14 13:31:03-- https://localhost/nagiosql/admin/verify.php
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:443... connected.
WARNING: certificate common name “*.ourdomain.com” doesn’t match requested host name “localhost”.
HTTP request sent, awaiting response... 200 OK
Length: 7400 (7.2K) [text/html]
Saving to: “nagiosql.export.additional”
0K ....... 100% 42.0M=0s
2013-03-14 13:31:03 (42.0 MB/s) - “nagiosql.export.additional” saved [7400/7400]
CMDLINE:
/usr/bin/wget --load-cookies=nagiosql.cookies https://localhost/nagiosql/admin/verify.php --no-check-certificate --post-data 'writeAdditional=Go' -O nagiosql.export.additional
OUTPUT:
Nagios Core 3.4.1
Copyright (c) 2009-2011 Nagios Core Development Team and Community Contributors
Copyright (c) 1999-2009 Ethan Galstad
Last Modified: 05-11-2012
License: GPL
Website: http://www.nagios.org
Reading configuration data...
Read main config file okay...
Processing object config directory '/usr/local/nagios/etc/static'...
Processing object config file '/usr/local/nagios/etc/static/xiobjects.cfg'...
Processing object config file '/usr/local/nagios/etc/static/xitest.cfg'...
Processing object config file '/usr/local/nagios/etc/static/xitemplates.cfg'...
Processing object config file '/usr/local/nagios/etc/contacttemplates.cfg'...
Processing object config file '/usr/local/nagios/etc/contactgroups.cfg'...
Processing object config file '/usr/local/nagios/etc/contacts.cfg'...
Processing object config file '/usr/local/nagios/etc/timeperiods.cfg'...
Processing object config file '/usr/local/nagios/etc/commands.cfg'...
Processing object config file '/usr/local/nagios/etc/hostgroups.cfg'...
Processing object config file '/usr/local/nagios/etc/servicegroups.cfg'...
Processing object config file '/usr/local/nagios/etc/hosttemplates.cfg'...
Processing object config file '/usr/local/nagios/etc/servicetemplates.cfg'...
Processing object config file '/usr/local/nagios/etc/servicedependencies.cfg'...
Processing object config file '/usr/local/nagios/etc/serviceescalations.cfg'...
Processing object config file '/usr/local/nagios/etc/hostdependencies.cfg'...
Processing object config file '/usr/local/nagios/etc/hostescalations.cfg'...
Processing object config file '/usr/local/nagios/etc/hostextinfo.cfg'...
Processing object config file '/usr/local/nagios/etc/serviceextinfo.cfg'...
Processing object config directory '/usr/local/nagios/etc/hosts'...
Processing object config file '/usr/local/nagios/etc/hosts/localhost.cfg'...
Processing object config directory '/usr/local/nagios/etc/services'...
Processing object config file '/usr/local/nagios/etc/services/localhost.cfg'...
Read object config files okay...
Running pre-flight check on configuration data...
Checking services...
Checked 8 services.
Checking hosts...
Checked 1 hosts.
Checking host groups...
Checked 1 host groups.
Checking service groups...
Checked 0 service groups.
Checking contacts...
Checked 3 contacts.
Checking contact groups...
Checked 2 contact groups.
Checking service escalations...
Checked 0 service escalations.
Checking service dependencies...
Checked 0 service dependencies.
Checking host escalations...
Checked 0 host escalations.
Checking host dependencies...
Checked 0 host dependencies.
Checking commands...
Checked 108 commands.
Checking time periods...
Checked 9 time periods.
Checking for circular paths between hosts...
Checking for circular host and service dependencies...
Checking global event handlers...
Checking obsessive compulsive processor commands...
Checking misc settings...
Total Warnings: 0
Total Errors: 0
Things look okay - No serious problems were detected during the pre-flight check
RET: 0
Running configuration check...done.
Stopping nagios: done.
Starting nagios: done.
and:
Code: Select all
[root@plnagiosv1 scripts]# more cmd.txt
tail: cannot open `/usr/local/nagiosxi/var/cmdsubsys.log' for reading: No such file or directory
Re: https rewrite problems
Posted: Thu Mar 14, 2013 2:27 pm
by abrist
gambolputty wrote:Should i be concerned about the certificate mismatch warnings? Where can I change the value nagios is using as the requested host name from localhost?
Not at all.
Did you attempt to Apply Configuration from the web interface before closing out the cmdsubsys.log tail?
Re: https rewrite problems
Posted: Fri Mar 15, 2013 6:52 am
by gambolputty
Yes. The file /usr/local/nagiosxi/var/cmdsubsys.log never gets created no matter how many times I attept to apply a configuration from the web UI. I ran
Code: Select all
touch /usr/local/nagiosxi/var/cmdsubsys.log
as the user nagios just to verify permissions and the like. To be absolutely sure, I also restarted the nagios and httpd services. Which logs can be used to figure out why that cmdsubsys.log file is not being created/used?
Re: https rewrite problems
Posted: Fri Mar 15, 2013 7:15 am
by scottwilkerson
Lets run the following
Code: Select all
ls -ld /usr/local/nagios
ls -ld /usr/local/nagios/var
ls -la /usr/local/nagios/var