Configuring Nagios VHost and LDAP/Active Directory Authentication (AD)

1. Overview

 

In the previous tutorial we had covered how to install Nagios performance monitoring application as a network monitoring tools or server monitoring tools on CentOS 7. We access to Nagios performance monitoring application using IP address following with “nagios” directory such “http://192.168.171.14/nagios” with default local Nagios performance monitoring application account name “nagiosadmin”.

In this article will configure Apache VHost for our Nagios performance monitoring application server and integrates it with identity management software which is LDAP/Active Directory Domain Controller. So, we will access it using domain name instead of IP address and using LDAP/Active Directory account for user login credential with Nagios performance monitoring application.

2. Prerequisites

 

In this tutorial of configuring Nagios performance monitoring application VHost and LDAP/Active Directory authentication (AD), it is supposed that:

a. You have an Active Directory server in place up and running.
c. You have already done creating the DNS A and CNAME record for nagios domain such “nagios.techspacekh.com”.
d. You have a self signed SSL certificate generated. Please refer to this link Generating a Self Signed SSL Certificate in RHEL/CentOS 7.
e. You have already installed Nagios performance monitoring application server. Please refer to this link. Installing Nagios Core For IT Infrastructure Monitoring on RHEL/CentOS 7

3. Configure Nagios VHost

 

To create a virtual host for Nagios performance monitoring application, we need to edit the virtual host file in the virtual host configurations directory which is “/etc/httpd/conf.d” which is come by default when we install Nagios performance monitoring application server. In the following configuration, it will redirect from HTTP to HTTPS protocol.

# vim /etc/httpd/conf.d/nagios.conf  
##
<VirtualHost *:80>
 RewriteEngine on
 RewriteCond %{SERVER_PORT} !^443$
 RewriteRule ^/(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
</VirtualHost>
##
<VirtualHost *:443>
      ServerAdmin netadmin@techspacekh.com
      ServerName nagios.techspacekh.com
      DocumentRoot /usr/local/nagios/share
## 
     SSLEngine on
     SSLCertificateFile /etc/pki/tls/certs/cacti.techspacekh.com/techspacekh.com.crt
     SSLCertificateKeyFile /etc/pki/tls/certs/cacti.techspacekh.com/techspacekh.com.key
     SSLCACertificateFile /etc/pki/tls/certs/cacti.techspacekh.com/techspacekh.com.crt
##
     ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
##
    <Directory "/usr/local/nagios/sbin">
        Options ExecCGI
        AllowOverride None
       <IfVersion >= 2.3>
              <RequireAll>
                     Require all granted
                     AuthName "Nagios Access"
                     AuthType Basic
                     AuthUserFile /usr/local/nagios/etc/htpasswd.users
                     Require valid-user
              </RequireAll>
       </IfVersion>
       <IfVersion < 2.3>
           Order allow,deny
           Allow from all
           AuthName "Nagios Access"
           AuthType Basic
           AuthUserFile /usr/local/nagios/etc/htpasswd.users
           Require valid-user
       </IfVersion>
     </Directory>
##

Alias /nagios "/usr/local/nagios/share"

##
     <Directory "/usr/local/nagios/share">
          Options None
          AllowOverride None
          <IfVersion >= 2.3>
                 <RequireAll>
                       Require all granted
                       AuthName "Nagios Access"
                       AuthType Basic
                       AuthUserFile /usr/local/nagios/etc/htpasswd.users
                       Require valid-user
                 </RequireAll>
          </IfVersion>
            <IfVersion < 2.3>
                Order allow,deny
                Allow from all
                AuthName "Nagios Access"
                AuthType Basic
                AuthUserFile /usr/local/nagios/etc/htpasswd.users
                Require valid-user
          </IfVersion>
       </Directory>
</VirtualHost>

We need to restart Apache services as the below.

# systemctl restart httpd

Now try to access http://nagios.techspacekh.com, and it will redirect to  https://nagios.techspacekh.com automatically.

4. Integrate Nagios With Active Directory

 

After we successfully configure VHost for Nagios performance monitoring application, now it is time to integrate Nagios performance monitoring application user authentication with Active Directory Domain Controller.

To integrate Nagios performance monitoring application with with Active Directory, we need to edit the virtual host file “/etc/httpd/conf.d/nagios.conf” as the following.

# vim /etc/httpd/conf.d/techspacekh.conf
<VirtualHost *:80>
 RewriteEngine on
 RewriteCond %{SERVER_PORT} !^443$
 RewriteRule ^/(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
</VirtualHost>
##
<VirtualHost *:443>
          ServerAdmin netadmin@techspacekh.com
          ServerName nagios.techspacekh.com
          DocumentRoot /usr/local/nagios/share
## 
          SSLEngine on
          SSLCertificateFile /etc/pki/tls/certs/cacti.techspacekh.com/techspacekh.crt
          SSLCertificateKeyFile /etc/pki/tls/certs/cacti.techspacekh.com/techspacekh.key
          SSLCACertificateFile /etc/pki/tls/certs/cacti.techspacekh.com/techspacekh.crt
##
          ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
##
          <Directory "/usr/local/nagios/sbin">
              Options ExecCGI
              AllowOverride None
              <IfVersion >= 2.3>
                      <RequireAll>
                            Require all granted
                            AuthBasicProvider ldap
                            AuthType Basic
                            AuthName "Please Enter Your Active Directory Credential"
                            AuthLDAPURL "ldap://10.0.0.1:3268/dc=techspacekh,dc=local?sAMAccountName?sub" NONE
                            AuthLDAPBindDN "CN=ldap user,OU=System User,DC=TECHSPACEKH,DC=COM"
                            AuthLDAPBindPassword P@ssw0rd123
                            Require valid-user
                      </RequireAll>
              </IfVersion>
              <IfVersion < 2.3>
                     Order allow,deny
                     Allow from all
                     AuthBasicProvider ldap
                     AuthType Basic
                     AuthName "Please Enter Your Active Directory Credential"
                     AuthLDAPURL "ldap://10.0.0.1:3268/dc=techspacekh,dc=com?sAMAccountName?sub" NONE
                     AuthLDAPBindDN "CN=ldap user,OU=System User,DC=TECHSPACEKH,DC=COM"
                     AuthLDAPBindPassword P@ssw0rd123
                     Require valid-user
              </IfVersion>
          </Directory>
##

          Alias /nagios "/usr/local/nagios/share"

##
          <Directory "/usr/local/nagios/share">
                  Options None
                  AllowOverride None
                  <IfVersion >= 2.3>
                             <RequireAll>
                                  Require all granted
                                  AuthBasicProvider ldap
                                  AuthType Basic
                                  AuthName "Please Enter Your Active Directory Credential"
                                  AuthLDAPURL "ldap://10.0.0.1:3268/dc=techspacekh,dc=com?sAMAccountName?sub" NONE
                                  AuthLDAPBindDN "CN=ldap user,OU=System User,DC=TECHSPACEKH,DC=COM"
                                  AuthLDAPBindPassword P@ssw0rd123
                                  Require valid-user
                             </RequireAll>
                  </IfVersion>
                  <IfVersion < 2.3>
                          Order allow,deny
                          Allow from all
                          AuthBasicProvider ldap
                          AuthType Basic
                          AuthName "Please Enter Your Active Directory Credential"
                          AuthLDAPURL "ldap://10.0.0.1:3268/dc=techspacekh,dc=com?sAMAccountName?sub" NONE
                          AuthLDAPBindDN "CN=ldap user,OU=System User,DC=TECHSPACEKH,DC=COM"
                          AuthLDAPBindPassword P@ssw0rd123
                          Require valid-user
                 </IfVersion>
          </Directory>
</VirtualHost>

We need to restart Apache services as the below.

# systemctl restart httpd

After successfully restart Apache service, now we need to edit Nagios performance monitoring application configuration file “/usr/local/nagios/etc/cgi.cfg” as the following.

# vim /usr/local/nagios/etc/cgi.cfg

authorized_for_system_information=*
authorized_for_configuration_information=*
authorized_for_system_commands=*

authorized_for_all_services=*
authorized_for_all_hosts=*

authorized_for_all_service_commands=*
authorized_for_all_host_commands=*

We need to restart the service of Nagios performance monitoring application as the below.

# systemctl restart nagios

Now we can try using active directory account to login.


We should be able to login to Nagios performance monitoring application with Active Directory user account. As you may see in the following picture the login account is “kann.vannath” which the Active Directory account.

6. Conclusion

 

That’s all about configuring Apache VHost for our Nagios performance monitoring application server and integrates it with Active Directory Domain Controller from Tech Space KH. Nagios performance monitoring application is one of the best network monitoring tools and server monitoring tools. Hopefully, you can find this guide informative. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them.

 

Comments

comments