1. Overview
In the previous tutorial we had covered how to install Nagios performance monitoring application as a network monitoring tools or server monitoring tools on CentOS 7. We access to Nagios performance monitoring application using IP address following with “nagios” directory such “http://192.168.171.14/nagios” with default local Nagios performance monitoring application account name “nagiosadmin”.
In this article will configure Apache VHost for our Nagios performance monitoring application server and integrates it with identity management software which is LDAP/Active Directory Domain Controller. So, we will access it using domain name instead of IP address and using LDAP/Active Directory account for user login credential with Nagios performance monitoring application.
2. Prerequisites
In this tutorial of configuring Nagios performance monitoring application VHost and LDAP/Active Directory authentication (AD), it is supposed that:
a. You have an Active Directory server in place up and running.
c. You have already done creating the DNS A and CNAME record for nagios domain such “nagios.techspacekh.com”.
d. You have a self signed SSL certificate generated. Please refer to this link Generating a Self Signed SSL Certificate in RHEL/CentOS 7.
e. You have already installed Nagios performance monitoring application server. Please refer to this link. Installing Nagios Core For IT Infrastructure Monitoring on RHEL/CentOS 7
3. Configure Nagios VHost
To create a virtual host for Nagios performance monitoring application, we need to edit the virtual host file in the virtual host configurations directory which is “/etc/httpd/conf.d” which is come by default when we install Nagios performance monitoring application server. In the following configuration, it will redirect from HTTP to HTTPS protocol.
# vim /etc/httpd/conf.d/nagios.conf ## <VirtualHost *:80> RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] </VirtualHost> ## <VirtualHost *:443> ServerAdmin netadmin@techspacekh.com ServerName nagios.techspacekh.com DocumentRoot /usr/local/nagios/share ## SSLEngine on SSLCertificateFile /etc/pki/tls/certs/cacti.techspacekh.com/techspacekh.com.crt SSLCertificateKeyFile /etc/pki/tls/certs/cacti.techspacekh.com/techspacekh.com.key SSLCACertificateFile /etc/pki/tls/certs/cacti.techspacekh.com/techspacekh.com.crt ## ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin" ## <Directory "/usr/local/nagios/sbin"> Options ExecCGI AllowOverride None <IfVersion >= 2.3> <RequireAll> Require all granted AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-user </RequireAll> </IfVersion> <IfVersion < 2.3> Order allow,deny Allow from all AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-user </IfVersion> </Directory> ## Alias /nagios "/usr/local/nagios/share" ## <Directory "/usr/local/nagios/share"> Options None AllowOverride None <IfVersion >= 2.3> <RequireAll> Require all granted AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-user </RequireAll> </IfVersion> <IfVersion < 2.3> Order allow,deny Allow from all AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-user </IfVersion> </Directory> </VirtualHost>
We need to restart Apache services as the below.
# systemctl restart httpd
Now try to access http://nagios.techspacekh.com, and it will redirect to https://nagios.techspacekh.com automatically.
4. Integrate Nagios With Active Directory
After we successfully configure VHost for Nagios performance monitoring application, now it is time to integrate Nagios performance monitoring application user authentication with Active Directory Domain Controller.
To integrate Nagios performance monitoring application with with Active Directory, we need to edit the virtual host file “/etc/httpd/conf.d/nagios.conf” as the following.
# vim /etc/httpd/conf.d/techspacekh.conf<VirtualHost *:80> RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] </VirtualHost> ## <VirtualHost *:443> ServerAdmin netadmin@techspacekh.com ServerName nagios.techspacekh.com DocumentRoot /usr/local/nagios/share ## SSLEngine on SSLCertificateFile /etc/pki/tls/certs/cacti.techspacekh.com/techspacekh.crt SSLCertificateKeyFile /etc/pki/tls/certs/cacti.techspacekh.com/techspacekh.key SSLCACertificateFile /etc/pki/tls/certs/cacti.techspacekh.com/techspacekh.crt ## ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin" ## <Directory "/usr/local/nagios/sbin"> Options ExecCGI AllowOverride None <IfVersion >= 2.3> <RequireAll> Require all granted AuthBasicProvider ldap AuthType Basic AuthName "Please Enter Your Active Directory Credential" AuthLDAPURL "ldap://10.0.0.1:3268/dc=techspacekh,dc=local?sAMAccountName?sub" NONE AuthLDAPBindDN "CN=ldap user,OU=System User,DC=TECHSPACEKH,DC=COM" AuthLDAPBindPassword P@ssw0rd123 Require valid-user </RequireAll> </IfVersion> <IfVersion < 2.3> Order allow,deny Allow from all AuthBasicProvider ldap AuthType Basic AuthName "Please Enter Your Active Directory Credential" AuthLDAPURL "ldap://10.0.0.1:3268/dc=techspacekh,dc=com?sAMAccountName?sub" NONE AuthLDAPBindDN "CN=ldap user,OU=System User,DC=TECHSPACEKH,DC=COM" AuthLDAPBindPassword P@ssw0rd123 Require valid-user </IfVersion> </Directory> ## Alias /nagios "/usr/local/nagios/share" ## <Directory "/usr/local/nagios/share"> Options None AllowOverride None <IfVersion >= 2.3> <RequireAll> Require all granted AuthBasicProvider ldap AuthType Basic AuthName "Please Enter Your Active Directory Credential" AuthLDAPURL "ldap://10.0.0.1:3268/dc=techspacekh,dc=com?sAMAccountName?sub" NONE AuthLDAPBindDN "CN=ldap user,OU=System User,DC=TECHSPACEKH,DC=COM" AuthLDAPBindPassword P@ssw0rd123 Require valid-user </RequireAll> </IfVersion> <IfVersion < 2.3> Order allow,deny Allow from all AuthBasicProvider ldap AuthType Basic AuthName "Please Enter Your Active Directory Credential" AuthLDAPURL "ldap://10.0.0.1:3268/dc=techspacekh,dc=com?sAMAccountName?sub" NONE AuthLDAPBindDN "CN=ldap user,OU=System User,DC=TECHSPACEKH,DC=COM" AuthLDAPBindPassword P@ssw0rd123 Require valid-user </IfVersion> </Directory> </VirtualHost>
We need to restart Apache services as the below.
# systemctl restart httpd
After successfully restart Apache service, now we need to edit Nagios performance monitoring application configuration file “/usr/local/nagios/etc/cgi.cfg” as the following.
# vim /usr/local/nagios/etc/cgi.cfg authorized_for_system_information=* authorized_for_configuration_information=* authorized_for_system_commands=* authorized_for_all_services=* authorized_for_all_hosts=* authorized_for_all_service_commands=* authorized_for_all_host_commands=*
We need to restart the service of Nagios performance monitoring application as the below.
# systemctl restart nagios
Now we can try using active directory account to login.
We should be able to login to Nagios performance monitoring application with Active Directory user account. As you may see in the following picture the login account is “kann.vannath” which the Active Directory account.
6. Conclusion
That’s all about configuring Apache VHost for our Nagios performance monitoring application server and integrates it with Active Directory Domain Controller from Tech Space KH. Nagios performance monitoring application is one of the best network monitoring tools and server monitoring tools. Hopefully, you can find this guide informative. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them.
