Nagvis Auto Login Issue with Nagios Core User

nagvis

(Bayram Karagoz) #1

Hi,

I’ve integrated Nagvis solution to Nagios Core successfully.
But I can not figure out auto login to Nagvis after logged in to Nagios Core.

I have same user created both on Nagvis and Nagios Core.

I’m using different user(named as “monites”) other the nagiosadmin for nagios core and nagvis.
Please find apache2 config for nagios core and nagvis in below.

I have integrated nagvis web interface into nagios core web interface with adding link into side.php
I can able to login nagios core with “monites” user successfully. But when I click to nagvis link again it’s asking me password. After entering same user credential into nagvis login page i can successfully login to nagvis web interface.
I need to go directly nagvis dashboard without logged into nagvis.

Tried to implement the following link article but no luck.

https://www.nagvis.org/docs/general/faq
“How to run NagVis WITHOUT authentication?”

Also tried with the solution that presents in the following two link but none of them working.

https://monitoring-portal.org/woltlab/i … ntication/
viewtopic.php?f=16&t=35596&start=10

Could you please recommend any solution?

# less /usr/local/nagios/share/side.php
<li><a href="/nagvis" target="<?php echo $link_target;?>">Dashboard</a></li>

# cat /etc/apache2/sites-enabled/nagios4.conf
` # SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file. Customize the paths, etc. as
# needed to fit your system.

ScriptAlias /monites/cgi-bin "/usr/local/nagios/sbin"
RedirectMatch ^/$ http://demo.monites.com/monites

<Directory "/usr/local/nagios/sbin">
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
         Require all granted
#        Require host 127.0.0.1

         AuthName "Monites Giris"
         AuthType Basic
         AuthUserFile /usr/local/nagios/etc/htpasswd.users
         Require valid-user
      </RequireAll>
   </IfVersion>
   <IfVersion < 2.3>
      Order allow,deny
      Allow from all
#     Order deny,allow
#     Deny from all
#     Allow from 127.0.0.1

      AuthName "Monites Giris"
      AuthType Basic
      AuthUserFile /usr/local/nagios/etc/htpasswd.users
      Require valid-user
   </IfVersion>
</Directory>

Alias /monites "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
#  SSLRequireSSL
   Options None
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
         Require all granted
#        Require host 127.0.0.1

         AuthName "Monites Giris"
         AuthType Basic
         AuthUserFile /usr/local/nagios/etc/htpasswd.users
         Require valid-user
      </RequireAll>
   </IfVersion>
   <IfVersion < 2.3>
      Order allow,deny
      Allow from all
#     Order deny,allow
#     Deny from all
#     Allow from 127.0.0.1

      AuthName "Monites Giris"
      AuthType Basic
      AuthUserFile /usr/local/nagios/etc/htpasswd.users
      Require valid-user
   </IfVersion>
</Directory>`

# cat /etc/apache2/sites-enabled/nagvis.conf
` # NagVis Apache2 sample configuration file
#
# #############################################################################

Alias /nagvis "/usr/local/nagvis/share"

<Directory "/usr/local/nagvis/share">
  Options FollowSymLinks
  AllowOverride None

  <IfModule mod_authz_core.c>
    # Apache >= 2.4
    Require all granted
  </IfModule>
  <IfModule !mod_authz_core.c>
    # Apache < 2.4
   # Order allow,deny
   # Allow from all
   Require all granted
  </IfModule>

  # To enable Nagios basic auth on NagVis use the following options
  # Just uncomment it. Maybe you need to adjust the path to the
  # Auth user file.
  #
  # If you use the NagVis internal auth mechanism based on the web
  # for you won't need this.
  #
  #AuthName "NagVis Access"
  #AuthType Basic
  #AuthUserFile /usr/local/nagios/etc/htpasswd.users
  #Require valid-user
  # With installed and enabled mod_rewrite there are several redirections
  # available to fix deprecated and/or wrong urls. None of those rules is
  # mandatory to get NagVis working.
  <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /nagvis
   
    # Use mod_rewrite for old url redirection even if there are php files which
    # redirect the queries itselfs. In some cases the mod_rewrite redirect
    # is better than the php redirect.
    #
    # Using the php redirect seems to be better in some cases where https/http servers
    # are mixed. For example in OMD setups where using apache own mode and https in the
    # frontend and http in the backend apache servers.
    #
    # Disabling this redirect by default in the hope that the php direct works better.
    #RewriteCond %{REQUEST_URI} ^/nagvis(/config\.php|/index\.php|/|)(\?.*|)$
    #RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/%1%2 [R=301,L]
   
    # Redirect old regular map links
    RewriteCond %{REQUEST_URI} ^/nagvis/frontend/(wui|nagvis-js)
    RewriteCond %{QUERY_STRING} map=(.*)
    RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=%1 [R=301,L]

    # Without map= param
    RewriteCond %{REQUEST_URI} ^/nagvis/frontend(/wui)?/?(index.php)?$
    RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php [R=301,L]

    # Redirect old rotation calls
    RewriteCond %{REQUEST_URI} ^/nagvis/frontend/nagvis-js
    RewriteCond %{QUERY_STRING} !mod
    RewriteCond %{QUERY_STRING} rotation=(.*)
    RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php?mod=Rotation&act=view&show=%1 [R=301,L]
  </IfModule>
</Directory>
Mutex file:/var/log default
RewriteRule     /nagvis/ - [E=REMOTE_USER:monites]

`

OS: Debian 8.11 (Jessie)
Nagios Core Version: 4.3.4
Nagvis Version: 1.9.8
Apache2 Version : 2.4.10
php Version : 5.6.36

Thanks


#2

Looking at the configuration files it seems that the NagVis files (share/...) are below /usr/local/nagios. This seems odd… How did you install NagVis?


(Bayram Karagoz) #3

Sorry it’s my mistake. I added two times nagios apache config into the post.
Now updated with the correct one. Please consider from now.

I installed Nagvis with compiling code.

Thanks


#4

Please alter nagvis.conf and add the following lines (similar to nagios4.conf):

"Monites Giris"
 AuthType Basic
 AuthUserFile /usr/local/nagios/etc/htpasswd.users
 Require valid-user

(Bayram Karagoz) #5

Tried but no luck.
Still I can see nagvis login page.


#6

Please check your Apache log for messages (informational and errors) which might indicate if the settings in nagvis.conf are processed/valid/…


(Bayram Karagoz) #7

I can see the following informational messages on /var/log/apache2/access.log and no log genareted on error.log file.

78.176.183.201 - monites [13/Aug/2018:14:41:25 +0300] "GET /monites/ HTTP/1.1" 200 895 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
78.176.183.201 - monites [13/Aug/2018:14:41:25 +0300] "GET /monites/side.php HTTP/1.1" 200 1442 "http://demo.monites.com/monites/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
78.176.183.201 - - [13/Aug/2018:14:41:25 +0300] "GET /nagvis HTTP/1.1" 301 588 "http://demo.monites.com/monites/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
78.176.183.201 - - [13/Aug/2018:14:41:25 +0300] "GET /monites/images/favicon.ico HTTP/1.1" 401 730 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
78.176.183.201 - - [13/Aug/2018:14:41:25 +0300] "GET /nagvis/ HTTP/1.1" 301 265 "http://demo.monites.com/monites/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
78.176.183.201 - - [13/Aug/2018:14:41:25 +0300] "GET /favicon.ico HTTP/1.1" 404 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
78.176.183.201 - - [13/Aug/2018:14:41:25 +0300] "GET /nagvis/frontend/nagvis-js/index.php HTTP/1.1" 200 1719 "http://demo.monites.com/monites/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"

#8

Please delete the lines added, uncomment the lines already in nagvis.conf and restart Apache.


(Bayram Karagoz) #9

Tried but same.
Also tried to login directly to nagvis web interface but still i can see nagvis login web page. I can not see apache pop-up authentication screen for nagvis. But I see apache pop-up authentication screen when i try to login to nagios core.

Here is the final content of nagvis.conf

# NagVis Apache2 sample configuration file
#
# #############################################################################

Alias /nagvis "/usr/local/nagvis/share"

<Directory "/usr/local/nagvis/share">
  Options FollowSymLinks
  AllowOverride None
  <IfModule mod_authz_core.c>
    # Apache >= 2.4
    Require all granted
  </IfModule>
  <IfModule !mod_authz_core.c>
    # Apache < 2.4
   # Order allow,deny
   # Allow from all
   Require all granted
  </IfModule>

  # To enable Nagios basic auth on NagVis use the following options
  # Just uncomment it. Maybe you need to adjust the path to the
  # Auth user file.
  #
  # If you use the NagVis internal auth mechanism based on the web
  # for you won't need this.
  #
  AuthName "NagVis Access"
  AuthType Basic
  AuthUserFile /usr/local/nagios/etc/htpasswd.users
  Require valid-user
  # With installed and enabled mod_rewrite there are several redirections
  # available to fix deprecated and/or wrong urls. None of those rules is
  # mandatory to get NagVis working.
  <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /nagvis
    
    # Use mod_rewrite for old url redirection even if there are php files which
    # redirect the queries itselfs. In some cases the mod_rewrite redirect
    # is better than the php redirect.
    #
    # Using the php redirect seems to be better in some cases where https/http servers
    # are mixed. For example in OMD setups where using apache own mode and https in the
    # frontend and http in the backend apache servers.
    #
    # Disabling this redirect by default in the hope that the php direct works better.
    #RewriteCond %{REQUEST_URI} ^/nagvis(/config\.php|/index\.php|/|)(\?.*|)$
    #RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/%1%2 [R=301,L]
    
    # Redirect old regular map links
    RewriteCond %{REQUEST_URI} ^/nagvis/frontend/(wui|nagvis-js)
    RewriteCond %{QUERY_STRING} map=(.*)
    RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=%1 [R=301,L]

    # Without map= param
    RewriteCond %{REQUEST_URI} ^/nagvis/frontend(/wui)?/?(index.php)?$
    RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php [R=301,L]

    # Redirect old rotation calls
    RewriteCond %{REQUEST_URI} ^/nagvis/frontend/nagvis-js
    RewriteCond %{QUERY_STRING} !mod
    RewriteCond %{QUERY_STRING} rotation=(.*)
    RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php?mod=Rotation&act=view&show=%1 [R=301,L]
  </IfModule>
</Directory>

#10

I’m afraid I led you onto the wrong track :-(. This was the way in the older days. So far I have no alternative.
Sorry.


(Bayram Karagoz) #11

no problem, that’s fine.

is there anybody who knows better solution?