Description of problem: When the user installs RHSC, along with that Nagios server gets installed. The Nagios server should be auto configured automatically to stop the HTTP access to it's service and only allow HTTPS based communication. For e.g. if the RHSC is installed on the server "server-1" and the user points his/her browser to http://server-1/nagios, it should automatically go to https://server-1/nagios and prompt for user-name and password. Ref: https://trello.com/c/H6sXbesq/21-ssl-nagios Version-Release number of selected component (if applicable): rhsc-3.0.0-0.5.master.el6_5.noarch nagios-3.5.1-2.el6ost.x86_64 pnp4nagios-0.6.20-1.el6rhs.x86_64 nagios-server-addons-0.1.0-82.git77df8ca.el6rhs.x86_64 How reproducible: 100% Steps to Reproduce: 1. Install and setup RHSC with Monitoring enabled as per: http://rhsm.pad.engineering.redhat.com/rhsc-nagios-release-denali-4 2. Take http://<IP/Hostname>/nagios in the browser 3. Take http://<IP/Hostname>/pnp4nagios in the browser Actual results: Redirection to https is NOT happening automatically. Expected results: In both the cases, it should redirect to https to allow ONLY HTTPS based communication Additional info:
merged the patch in 3.0 branch
1. Installed and ran rhsc-setup with Monitoring enabled as per: http://rhsm.pad.engineering.redhat.com/rhsc-nagios-release-denali-5 2. Taken http://<IP/Hostname>/nagios in the browser 3. Taken http://<IP/Hostname>/pnp4nagios in the browser Both the above links throws 403 Forbidden error and following is what Apache error log says: ---------- [Thu Jun 05 11:31:41 2014] [error] [client 10.70.1.130] access to /usr/share/nagios/html failed, reason: SSL connection required [Thu Jun 05 11:31:52 2014] [error] [client 10.70.1.130] access to /usr/share/nagios/html failed, reason: SSL connection required [Thu Jun 05 11:32:24 2014] [error] [client 10.70.1.130] access to /usr/share/nagios/html/pnp4nagios failed, reason: SSL connection required [Thu Jun 05 11:32:59 2014] [error] [client 10.70.1.130] access to /usr/share/nagios/html/pnp4nagios failed, reason: SSL connection required ---------- Is this a new bug or got introduced as a result of fixing this bug?
On further debugging, I could see that the package "nagios-server-addons" didn't get updated as part of the rhsc installation of the latest build and hence the issue. Moving back the bug to ON_QA based on the above. However, in that case, I would like to know what is the expectation from the user here? Is the package supposed to get updated automatically during rhsc-setup when there is an update available in the channel (as monitoring is enabled by the user) or they have to manually update the package using yum??
rhsc should pull the latest nagios-server-addons package. Please open an another bug to track it.
(In reply to Kanagaraj from comment #5) > rhsc should pull the latest nagios-server-addons package. Please open an > another bug to track it. Based on the above confirmation, opened the following BZ: Bug 1104966 - rhsc-setup is not pulling the available updates for "nagios-server-addons"
https redirection seems to be working correctly now. However, I have noticed that the Security details of https://<IP>/nagios shows as "Connection Partially Encrypted" whereas Security details of https://<IP>/ovirt-engine clearly shows as "Connection Encrypted". I've attached both the screenshots. This one is a problem. It means you have mixed content on your page, which is bad practice because you can't be sure what can and cannot be trusted as coming from the server (as guaranteed by SSL/TLS otherwise). It's probably loading images, scripts, iframes or making XHR requests via plain HTTP. In some cases, it can leak sensitive data this way. So we will have to fix this as well to claim that the connection to Nagios URL is Fully Encrypted. Do you agree with me?? Moving back the bug to fix the above issue.
Created attachment 907969 [details] Security details of Nagios link
Created attachment 907970 [details] Security details of ovirt-engine link
This is the problem http://assets.nagios.com/images/events/nagios-world-conference-2014-sidebar_promo.png
Please open a separate a bug for this issue
(In reply to Kanagaraj from comment #11) > Please open a separate a bug for this issue Done! Bug 1108688 - Some of the elements in the Nagios page are not transferred via SSL and the Security details shows as "Connection Partially Encrypted"
Since the https redirection appers to be working correctly now, I'm marking this bug as verified. Verified in nagios-server-addons-0.1.1-2.el6rhs.x86_64.rpm
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2014-1277.html