On Wednesday, 11 April 2018 11:05:41 PM AEST Logan Hansen wrote:
> Check_MK Raw v1.4.0p27 on RHEL 7.4:
> 
> There have been a number of posts over the years expressing difficulties -
> and solutions - for wrapping Check_MK inside SSL. What is the current best
> practice? I tried to simply throwing an Apache proxy in front, but
> somewhere in the code it redirects back to http. Adding
> 
> RewriteEngine On
> RewriteCond %{HTTPS} off
> RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [NC,R,L]
> 
In your https configuration add

RequestHeader set X-Forwarded-Proto "https"

if you're using apache, or

add_head X-Forwarded-Proto "https"

in the location section for the frontend in nginx.



> to the proxy keeps everything encrypted, and if the user enters
> 
> http[s]://servername.dom/{site}/check_mk/
> 
> everything works fine, but if they only enter the
> 
> http[s]://servername.dom/
> 
> part, the pnp4nagios graphs break with the error
> 
> "ERROR: Received an unexpected response while trying to display the
> PNP-Graphs. Maybe there is a problem with the authentication."
> 
> Further, if I click on a graph link it returns a 404
> 
> "The requested URL /{site}/check_mk/pnp4nagios/index.php/graph was not found
> on this server."
> 
> One of the odd things about it is that things seem to behave better in the
> All Hosts and Host Groups views, but behave worse if I use the Quicksearch
> and click on a specific host.
> 
> For the record, I am using this with basic authentication to allow Kerberos
> auth, but I have verified this issue against the default auth.conf file.
> 
> Thanks,
> 
> Logan


_______________________________________________
checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

Reply via email to