I also came across this issue, the authz_groupfile module in apache is not enabled. To enable issue the following command.
# a2enmod authz_groupfile Then restart Apache. To completely remove any authentication (which is apparently the default configuration in Debian) modify the DirectoryMatch section in the file "/etc/apache2/conf-available/nagios4-cgi.conf" with the following. (Comment out all the Auth part and add "Order allow,deny" and "Allow from all") <DirectoryMatch (/usr/share/nagios4/htdocs|/usr/lib/cgi- bin/nagios4|/etc/nagios4/stylesheets)> Options FollowSymLinks DirectoryIndex index.php index.html AllowOverride AuthConfig # # The default Debian nagios4 install sets use_authentication=0 in # /etc/nagios4/cgi.cfg, which turns off nagos's internal # authentication. # This is insecure. As a compromise this default apache2 # configuration # only allows private IP addresses access. # # The <Files>...</Files> below shows how you can secure the nagios4 # web site so anybody can view it, but only authenticated users # can issue # commands (such as silence notifications). To do that replace the # "Require all granted" with "Require valid-user", and use htdigest # program from the apache2-utils package to add users to # /etc/nagios4/htdigest.users. # # A step up is to insist all users validate themselves by moving # the stanza's in the <Files>..<Files> into the <DirectoryMatch>. # Then by setting use_authentication=1 in /etc/nagios4/cgi.cfg you # can configure which people get to see a particular service from # within the nagios configuration. # <RequireAll> #Require all granted #AuthDigestDomain "/nagios4" #AuthDigestProvider file #AuthUserFile "/etc/nagios4/htdigest.users" #AuthGroupFile "/etc/null" #AuthName "Nagios4" #AuthType Digest #Require valid-user Order allow,deny Allow from all </RequireAll> </DirectoryMatch>