On Wednesday, 11 April 2018 11:05:41 PM AEST Logan Hansen wrote:
> Check_MK Raw v1.4.0p27 on RHEL 7.4:
> There have been a number of posts over the years expressing difficulties -
> and solutions - for wrapping Check_MK inside SSL. What is the current best
> practice? I tried to simply throwing an Apache proxy in front, but
> somewhere in the code it redirects back to http. Adding
> RewriteEngine On
> RewriteCond %{HTTPS} off
> RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [NC,R,L]
In your https configuration add

RequestHeader set X-Forwarded-Proto "https"

if you're using apache, or

add_head X-Forwarded-Proto "https"

in the location section for the frontend in nginx.

> to the proxy keeps everything encrypted, and if the user enters
> http[s]://servername.dom/{site}/check_mk/
> everything works fine, but if they only enter the
> http[s]://servername.dom/
> part, the pnp4nagios graphs break with the error
> "ERROR: Received an unexpected response while trying to display the
> PNP-Graphs. Maybe there is a problem with the authentication."
> Further, if I click on a graph link it returns a 404
> "The requested URL /{site}/check_mk/pnp4nagios/index.php/graph was not found
> on this server."
> One of the odd things about it is that things seem to behave better in the
> All Hosts and Host Groups views, but behave worse if I use the Quicksearch
> and click on a specific host.
> For the record, I am using this with basic authentication to allow Kerberos
> auth, but I have verified this issue against the default auth.conf file.
> Thanks,
> Logan

checkmk-en mailing list

Reply via email to