Re: [omd-users] OMD & SSL
Sorry for the spam earlier - I was finally able to get things running
behind the second option (nginx as an https proxy).
Cheers,
-Chris
On 12/6/16 11:57 AM, Chris Moody wrote:
> Hello all.
>
> Wanted to first thank everyone for their work to streamline and
> integrate so many pieces together in such a cool package. I'm a huge
> fan of the OMD model. I used to have a bunch of custom routines I had
> built that were trying to accomplish some of the same goals, but this
> approach is -so- much better.
>
> I could use a hand though with what should hopefully be something
> simple that I just haven't come across in the Docs. I need to make
> all my instances SSL only instead of just plaintext http. Even if
> it's just the login page that's SSL, my user-base will not be
> comfortable with plaintext http logins.
>
> I've tried tinkering a bit with apache's config, but attempting
> rewrite rules in the main system 000-default.conf seem to cause other
> problems with things like the thruk login cgi. There seems to be too
> much redirecting and linking internally to non-https URLs basically
> that some links are working where others are not. I've not given up
> with this approach but it's definitely behaving more finicky than I
> had anticipated.
>
> ex>
> =[ Documented here: https://mathias-kettner.de/cms_omd_https.html
> RewriteEngine On
> RewriteCond %{SERVER_PORT} !^443$
> RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]
>
>
> I also attempted a quick pass at using nginx on the same host to proxy
> back all calls to the http apache daemon, but it was having troubles
> with passing frames through when proxying, so I found myself going
> down the rabbithole of disabling frames...but then also was running
> into some links not proxying correctly (the login cgi being the first
> case). I've also not given up on this approach either but it as well
> is being a bit more finicky that I anticipated.
>
>
> Has anyone implemented a total https OMD setup (multisite)...or are
> there docs/references that give clues as to how best to accomplish this?
> Any pointers to help smooth the path would be greatly appreciated.
>
> Cheers,
> -Chris
>
>
> ___
> omd-users mailing list
> omd-users@lists.mathias-kettner.de
> http://lists.mathias-kettner.de/mailman/listinfo/omd-users
signature.asc
Description: OpenPGP digital signature
___
omd-users mailing list
omd-users@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/omd-users
[omd-users] OMD & SSL
Hello all.
Wanted to first thank everyone for their work to streamline and
integrate so many pieces together in such a cool package. I'm a huge
fan of the OMD model. I used to have a bunch of custom routines I had
built that were trying to accomplish some of the same goals, but this
approach is -so- much better.
I could use a hand though with what should hopefully be something simple
that I just haven't come across in the Docs. I need to make all my
instances SSL only instead of just plaintext http. Even if it's just
the login page that's SSL, my user-base will not be comfortable with
plaintext http logins.
I've tried tinkering a bit with apache's config, but attempting rewrite
rules in the main system 000-default.conf seem to cause other problems
with things like the thruk login cgi. There seems to be too much
redirecting and linking internally to non-https URLs basically that some
links are working where others are not. I've not given up with this
approach but it's definitely behaving more finicky than I had anticipated.
ex>
=[ Documented here: https://mathias-kettner.de/cms_omd_https.html
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]
I also attempted a quick pass at using nginx on the same host to proxy
back all calls to the http apache daemon, but it was having troubles
with passing frames through when proxying, so I found myself going down
the rabbithole of disabling frames...but then also was running into some
links not proxying correctly (the login cgi being the first case). I've
also not given up on this approach either but it as well is being a bit
more finicky that I anticipated.
Has anyone implemented a total https OMD setup (multisite)...or are
there docs/references that give clues as to how best to accomplish this?
Any pointers to help smooth the path would be greatly appreciated.
Cheers,
-Chris
signature.asc
Description: OpenPGP digital signature
___
omd-users mailing list
omd-users@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/omd-users
[omd-users] Question RE anonymous thruk access / default_user_name
Hello, we use an OMD-based system with naemon and thruk for our monitoring and are trying to implement a two level access model: - anonymous access to status information (read-only) - cookie-based access for the rest. This means that apache and thruk must interact to allow access to certain URLs with a default username while requiring cookie auth for orther URLs. The Thruk part of this is easy and solved, we set a "default_user_name" and limited access and permissions of that user, this works nicely. But then all the interface is limited and we cannot use a different username. Now we are trying to configure apache to pass this username to thruk, but only for certain URL's, i.e. status.cgi. In other cases, suggestions were to make a link to the directory with the CGI's and use the different URLs to distinguish the two cases in the apache configuration. This seems to be difficult with thruk, as the URL's are not directories and how do you make a link to a location ?? We tried setting an alias but this did not help. Another approach could be to allow only this URL without auth by a combination of location and file directives; however there we seem to get stuck in the rewrite rules used for the cookie based auth. It seems that even if the user is passed the rewrite rule changes the status.cgi to the login page. Has anybody gotten a working solution for such a setup? Are we doing something wrong? Regards, Jakob Curdes ___ omd-users mailing list omd-users@lists.mathias-kettner.de http://lists.mathias-kettner.de/mailman/listinfo/omd-users
[omd-users] Still some Problems with OMD
Hello Community, I have Posted in the past on this Topic [omd-users] Migrate from nagios/Checkmk to OMD see at : http://www.mail-archive.com/omd-users@lists.mathias-kettner.de/msg01157.html ( big thanks to @Andreas Doehler so far for guidance me into the right direction ) I tried with several ( not all) configs and cfgs to run the webif and it seems to that everything works ... Now i'm further and i can use the nagios core and the icinga1. In the future i would change to the icinga2 or the neamon core so i need some help to run these properly. But i cannot run the icinga2 core with the classic icinga gui it comes the following error: Whoops! Error: Could not read host and service status information! It seems that Icinga is not running or has not yet finished the startup procedure and then creating the status data file. If Icinga is indeed not running, this is a normal error message. Please note that event broker modules and/or rdbms backends may slow down the overall (re)start and the cgis cannot retrieve any status information. Things to check in order to resolve this error include: Check the Icinga log file for messages relating to startup or status data errors. Always verify configuration options using the -v command-line option before starting or restarting Icinga! If using any event broker module for Icinga, look into their respective logs and/or on their behavior! make sure you read the documentation on installing, configuring and running Icinga thoroughly before continuing. If everything else fails, try sending a message to one of the mailing lists. More information can be found at http://www.icinga.org. Which settings i have to modify when i want to use the icinga2 core with the classic gui ? BTW: How about the main mechanism in OMD to run some cores and their related guis. Is this only restricted by the related Permissions in the apache configs? Could i run every core to every gui ? may someone could enlighten me a bit best regards john ___ omd-users mailing list omd-users@lists.mathias-kettner.de http://lists.mathias-kettner.de/mailman/listinfo/omd-users
