nagios core install | nagios core | nagios plugins | nagios ssh
see nginx-php to begin with
this would be needed to re-schedule checks from the UI – however the vhost is into a chroot anyway
ls -lF /var/nagios/rw/nagios.cmd usermod -aG nagios-cmd www-data
prepare a password for the web ui
vi /usr/local/bin/htpasswd.pl #!/usr/bin/perl use strict; if ( @ARGV != 2 ){ print "usage:./htpasswd.pl <username> <password>\n"; } else { print $ARGV[0].":".crypt($ARGV[1],$ARGV[1])."\n"; } chmod +x /usr/local/bin/htpasswd.pl cd /etc/nagios/ htpasswd.pl nagiosadmin PASSWORD-HERE > passwd
cd /usr/local/nagios/share/ ln -s ../sbin cgi-bin cp -pi config.inc.php config.inc.php.dist vi config.inc.php $cfg['cgi_base_url']='/cgi-bin'; cd /etc/nginx/conf.d/ vi nagios.conf server { listen 80; server_name nagios.nethence.com; return 301 https://nagios.nethence.com$request_uri; # deal with http-01 challenges (no http2 there) location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; # trailing slash matters alias /var/www/dehydrated/; } } server { listen 443 ssl http2; server_name nagios.nethence.com; ssl_certificate /etc/dehydrated/certs/nagios.nethence.com/fullchain.pem; ssl_certificate_key /etc/dehydrated/certs/nagios.nethence.com/privkey.pem; ssl_certificate /etc/dehydrated/certs/ECC/nagios.nethence.com/fullchain.pem; ssl_certificate_key /etc/dehydrated/certs/ECC/nagios.nethence.com/privkey.pem; access_log /var/log/nginx/nagios.access.log compression; error_log /var/log/nginx/nagios.error.log warn; auth_basic "Access to the web interface is restricted"; auth_basic_user_file /etc/nagios/passwd; rewrite ^/nagios/(.*) /$1 break; root /usr/local/nagios/share; index index.php; add_header X-Frame-Options SAMEORIGIN; location ~* \.php$ { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass unix:/run/php/php-fpm.sock; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; } location ~* \.cgi$ { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass unix:/run/fcgiwrap.socket; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; } ssi off; autoindex off; autoindex_exact_size off; location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } location ~ /apple-touch-icon { access_log off; log_not_found off; } }
and restart everything so user groups are taken into account
nginx -s stop && sleep 1 && /usr/local/sbin/nginx && echo OK || echo FAIL systemctl restart php8.2-fpm.service systemctl restart nagios.service
check that you can reach that one
chsh -s /bin/bash www-data su - www-data cd /var/nagios/rw/ file nagios.cmd ^D chsh -s /sbin/nologin www-data
so if you still get the infamous error, that’s because of nginx’s chroot (which we would like to keep anyhow).
the infamous error while attemping to re-schedule a check from the web UI
Error: Could not open command file '/var/nagios/rw/nagios.cmd' for update!
==> either you forgot to add www-data as a member of nagios-cmd group –OR– that’s a vhost chroot