You can read the Nagios HTML docs in a local web browser or HTML-enabled file browser like Konqueror, but Apache doesn't seem to know they exist. Nagios needs Apache support to be fully functional and to display all the status pages and command pages. How do you make it go?
You need to use Apache's access controls. First, create an Apache password for the Nagios user:
# cd /usr/local/nagios/etc/
# htpasswd -c htpasswd.users nagios
New password:
Re-type new password:
Adding password for user nagiosThen, make the password file owned and readable/writable only by the HTTP user:
# chown HTTP user htpasswd.users
# chmod 0600 htpasswd.usersOn Fedora, add this directive to your /etc/httpd/conf/httpd.conf file:
Include /etc/httpd/conf.d
Next, create /etc/httpd/conf.d/nagios. On
Debian. create /etc/apache2/conf.d/nagios. Add
these directives to the file, using your own subnet on the line
Allowfrom192.168.1.:
## conf.d/nagios ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin <Directory "/usr/local/nagios/sbin"> Options ExecCGI AllowOverride None Order allow,deny HostnameLookups On Allow from localhost Allow from 127.0.0.1 Allow from 192.168.1. AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-user </Directory> Alias /nagios /usr/local/nagios/share <Directory "/usr/local/nagios/share"> Options None AllowOverride None Order allow,deny HostnameLookups On Allow from localhost Allow from 127.0.0.1 Allow from 192.168.1. AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-user </Directory>
Restart Apache on Fedora with this command:
# /etc/init.d/httpd restartThis command restarts it on Debian:
# /etc/init.d/apache2 restartNow, enter this URL in a web browser on the Nagios server:
http://localhost/nagiosIt should pop up a login window. Log in as nagios, using the password you just created, and there you are, just like in Figure 13-1, shown in the previous recipe.
127.0.0.1/nagios and the IP address and hostname of the server should all work as well. Try logging in from a neighboring PC using the IP address or hostname of your Nagios server.
You have successfully enabled using and administering Nagios on your LAN only, and blocked it from the outside world.
Apache is not required; you may use any HTTP server. You should consider using an HTTP server dedicated only to Nagios, and not running other services. You'll get better performance, and it's easier to manage.
To find the name of your HTTP user, search your main Apache configuration file. Use this command on Fedora:
$ grep 'User ' /etc/httpd/conf/httpd.conf
User apacheOn Debian, use this command:
$ grep 'User ' /etc/apache2/apache2.conf
User www-dataYou may call the htpasswd.users file
anything you like. If you wish to add more Nagios admins, use the
htpasswd command without the
-c option because -c means "create a new file:"
# htpasswd /usr/local/nagios/etc/htpasswd.users admin-user2At this point, Nagios is not running. All you can do is read the user manual, and click on the links to see exciting error messages like "Whoops! Error: Could not open CGI config file '/usr/local/nagios/etc/cgi.cfg' for reading!" There is no basic con-figuration framework set up yet, and Nagios will not run without one.
Apache's Basic authentication isn't particularly strong. Passwords are stored encrypted in a plaintext file, and all traffic goes across the wires unencrypted, including the encrypted password. Anyone on your LAN could sniff the encrypted password and try to crack it, or just snoop on the data traffic. You definitely do not want to run unencrypted Nagios sessions over the Internet. An easy way to add encryption is to tunnel your Nagios sessions over SSH; see Recipe 13.14 to learn how. Another option is to add SSL support. Unlike SSH, this doesn't require you to log in to a user account on the Nagios server. See Recipe 13.14 to learn how to do this.
"Setting up the web interface" section of your local Nagios documentation:
http://localhost/nagios
Nagios.org: http://www.nagios.org/
Chapter 22, "Running an Apache Web Server," in Linux Cookbook, by Carla Schroder (O'Reilly)