Package: nagios4
Version: 4.4.6-4.1
Severity: normal
Dear Maintainer,
config.inc.php is currently installed as
/usr/share/nagios4/htdocs/config.inc.php
This prevents the local system administrator from correctly overriding paths.
Even if you override them in
- /etc/nagios4/nagios.cfg
- /etc/nagios4/cgi.cfg
They will be inconsistent with config.inc.php, and the web CGI scripts will
continue to output the hard-coded paths.
As you correctly noted in README.Debian, as of version 4.4.6 nagios hardcodes
cgiurl in various places so even this (symlinking config.inc.php) is not 100%
effective. HOWEVER upstream was in the process of fixing this, and it is now
fixed in the current upstream version 4.5.10, so that config.inc.php is the
only place that hardcodes @cgiurl@ and everything else reads it from there.
So updating to the latest upstream version (#1052527) AS WELL AS fixing the
subject of this bug report, will allow you to get rid of the overly complex
instructions and caveats in README.Debian for running nagios4-cgi under a
non-default web path. The instructions will then be simply to edit:
- /etc/nagios4/nagios.cfg
- /etc/nagios4/cgi.cfg
- /etc/nagios4/config.inc.php
As it stands, the current situation in version 4.4.6 is actually not that
complicated, more simple than README.Debian makes out. The only hardcoded path
is /cgi-bin/nagios4 for the CGI scripts, everything else can be fixed via
url_html_path in cgi.cfg. So a working web config would only need to alias
these paths (plus stylesheets). An example lighttpd config is here:
~~~~
alias.url += (
"/cgi-bin/nagios4/" => "/usr/lib/cgi-bin/nagios4/",
"/nagios4/stylesheets/" => "/etc/nagios4/stylesheets/",
"/nagios4/" => "/usr/share/nagios4/htdocs/",
)
$HTTP["url"] =~ "^/nagios4/|^/cgi-bin/nagios4/" {
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/nagios4/htdigest.users"
auth.require = ( "" => ( "method" => "basic",
"realm" => "Nagios",
"require" => "valid-user" ) )
fastcgi.server += ( ".php" =>
((
"socket" => "/run/php/php-fpm.sock",
"broken-scriptfilename" => "enable"
))
)
cgi.assign = ( ".cgi" => "" )
}
~~~~
Note the necessity of making the htpasswd config work for both /nagios4 (or
whatever url_html_path is) as well as the hard-coded /cgi-bin/nagios4.
After this bug and #1052527 are complete, the local administrator will have the
option to easily put everything underneath any path of their choosing, e.g.:
~~~~
alias.url += (
"/CUSTOMPATH/cgi-bin/" => "/usr/lib/cgi-bin/nagios4/",
"/CUSTOMPATH/stylesheets/" => "/etc/nagios4/stylesheets/",
"/CUSTOMPATH/" => "/usr/share/nagios4/htdocs/",
)
$HTTP["url"] =^ "/CUSTOMPATH/" {
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/nagios4/htdigest.users"
auth.require = ( "" => ( "method" => "basic",
"realm" => "Nagios",
"require" => "valid-user" ) )
fastcgi.server += ( ".php" =>
((
"socket" => "/run/php/php-fpm.sock",
"broken-scriptfilename" => "enable"
))
)
cgi.assign = ( ".cgi" => "" )
}
~~~~
alongside the relevant path config changes in /etc/nagios4, as described above.
Best,
X
-- System Information:
Debian Release: forky/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable-debug'), (500,
'testing-debug'), (500, 'stable-security'), (300, 'unstable'), (200,
'experimental'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.17.8+deb14-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages nagios4 depends on:
ii nagios4-cgi 4.4.6-4.1
ii nagios4-common 4.4.6-4.1
ii nagios4-core 4.4.6-4.1
nagios4 recommends no packages.
Versions of packages nagios4 suggests:
pn nagios-nrpe-plugin <none>
-- no debconf information
