nagios core | nagios plugins | nagios ssh
see nginx-php to begin with
this would be needed to re-schedule checks from the UI – however the vhost is into a chroot anyway
ls -lF /var/nagios/rw/nagios.cmd
usermod -aG nagios-cmd www-data
prepare a password for the web ui
vi /usr/local/bin/htpasswd.pl
#!/usr/bin/perl
use strict;
if ( @ARGV != 2 ){
print "usage:./htpasswd.pl <username> <password>\n";
}
else {
print $ARGV[0].":".crypt($ARGV[1],$ARGV[1])."\n";
}
chmod +x /usr/local/bin/htpasswd.pl
cd /etc/nagios/
htpasswd.pl nagiosadmin PASSWORD-HERE > passwd
cd /usr/local/nagios/share/
ln -s ../sbin cgi-bin
cp -pi config.inc.php config.inc.php.dist
vi config.inc.php
$cfg['cgi_base_url']='/cgi-bin';
cd /etc/nginx/conf.d/
vi nagios.conf
server {
listen 80;
server_name nagios.nethence.com;
return 301 https://nagios.nethence.com$request_uri;
# deal with http-01 challenges (no http2 there)
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
# trailing slash matters
alias /var/www/dehydrated/;
}
}
server {
listen 443 ssl http2;
server_name nagios.nethence.com;
ssl_certificate /etc/dehydrated/certs/nagios.nethence.com/fullchain.pem;
ssl_certificate_key /etc/dehydrated/certs/nagios.nethence.com/privkey.pem;
ssl_certificate /etc/dehydrated/certs/ECC/nagios.nethence.com/fullchain.pem;
ssl_certificate_key /etc/dehydrated/certs/ECC/nagios.nethence.com/privkey.pem;
access_log /var/log/nginx/nagios.access.log compression;
error_log /var/log/nginx/nagios.error.log warn;
auth_basic "Access to the web interface is restricted";
auth_basic_user_file /etc/nagios/passwd;
rewrite ^/nagios/(.*) /$1 break;
root /usr/local/nagios/share;
index index.php;
add_header X-Frame-Options SAMEORIGIN;
location ~* \.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php-fpm.sock;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
}
location ~* \.cgi$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/fcgiwrap.socket;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
}
ssi off;
autoindex off;
autoindex_exact_size off;
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ~ /apple-touch-icon { access_log off; log_not_found off; }
}
and restart everything so user groups are taken into account
nginx -s stop && sleep 1 && /usr/local/sbin/nginx && echo OK || echo FAIL systemctl restart php8.2-fpm.service systemctl restart nagios.service
check that you can reach that one
chsh -s /bin/bash www-data su - www-data cd /var/nagios/rw/ file nagios.cmd ^D chsh -s /sbin/nologin www-data
so if you still get the infamous error, that’s because of nginx’s chroot (which we would like to keep anyhow).
the infamous error while attemping to re-schedule a check from the web UI
Error: Could not open command file '/var/nagios/rw/nagios.cmd' for update!
==> either you forgot to add www-data as a member of nagios-cmd group –OR– that’s a vhost chroot