Access NagiosTV without authentication

[CyberBax]

Hi,

I want to be able to access nagiostv without using the nagios authentication, i have tried to place the nagiostv folder directly into the root web directory but this did not work and still asked for authentication

Has any one got and ideas on how to do this?

Thanks in advance

[MauroMaia]

Hi.

Without reading your configuration files and imagining that you probably don't have changed too much in the default configuration, I would say that Nagios himself is requiring the authentication.

I suggest that you create a simple PHP file with a curl request to work as a proxy that makes the authentication for you. In your NagiosTv, change the 'Nagios cgi-bin path' to send the request to your PHP that will send it to your Nagios server already authenticated. Then just backpropagate the HTTP status code and response body.

Another option, if you can change the Nagios configuration, its to check your cgi.cfg file and check your authentication settings. In this case, I recommend you read more about it here Nagios CGI - Authentication And Authorization. Be careful this can impact your Nagios server security.

[chriscareycode]

If you want to have NagiosTV without authentication, while your Nagios web UI has authentication, then you must run a proxy which adds authentication and proxies the request to the Nagios web cgis.

In the code, I have a node/ folder which has an example Node.js proxy that does this. Read the README.txt in that folder. You can also do this with Apache mod_proxy which I don't have a example of at this time, but its just a few lines of config.

Then you point NagiosTV to the proxy in the Nagios cgi-bin path setting, and the proxy points to the Nagios web cgis authenticated.

[chriscareycode]

Also gitgeek007, if after you put NagiosTV in the web root it still asked for authentication, then that tells me the entire Apache virtual host is set with authentication enabled. Which I believe is how it's configured by default.

So you either need to run a second virtual host with another domain name, another doc root, etc and stick nagiostv there, or in the nagios virtual host config you need to add an Apache config to remove authentication from the nagiostv subfolder under the web root.

This is just to get the files hosted and serving without authentication. You would still need to use the proxy technique in the post above once the nagiostv app is hosted without authentication.

[chriscareycode]

I looked a bit more into how the Nagios CGIs handle auth, and if they are configured to require auth, then they will not return data unless you do some sort of basic auth with Apache.

There are two layers to the authentication. First is Apache in the nagios Apache config file where Basic Auth is enabled by default.

Second is the Nagios cgi.cfg configuration file where you find use_authentication=1. If you unblock Auth on Apache, the cgis still will not work until you set use_authentication=0 in that file as well

If you wanted to fully turn off the auth, then you would need to disable both the Apache Basic Auth, restart Apache, then set use_authentication=0 in cgi.cfg in Nagios and restart Nagios. If you did this you better not have your Apache remotely accessible and also must trust everyone on your network.

Other option is the proxy/auth methods I was mentioning, where the proxy will add the username/password to requests going through it and pass that on to Apache and the Nagios CGIs.

[pezzotto]

Hi all, i'm trying to showup nagiostv using node.js proxy to pass username ad password but i still get authentication prompt.

The proxy is working, i need to configure nagios also?

[chriscareycode]

@pezzotto no nothing to do on the Nagios side.

Can I see your NagiosTV settings page? In the NagiosTV Settings page did you configure Nagios cgi-bin path to http://[your-proxy-ip]:4000/nagios/ ?

actually I just read your reply again. It looks like you moved the proxy to port 4000, not 8181 So your settings should be set to http://[your-proxy-ip]:4000/nagios/ not http://[your-proxy-ip]:8181/nagios/

[pezzotto]

@pezzotto no nothing to do on the Nagios side.

Can I see your NagiosTV settings page? In the NagiosTV Settings page did you configure Nagios cgi-bin path to http://[your-proxy-ip]:4000/nagios/ ?

actually I just read your reply again. It looks like you moved the proxy to port 4000, not 8181 So your settings should be set to http://[your-proxy-ip]:4000/nagios/ not http://[your-proxy-ip]:8181/nagios/

Sure in settings i have the same port stored in js file.

If i --inspect the proxy is working but seems that dont pass credentials

My node version:

[root@localhost node]# node --version
v10.21.0

Here is my NagiosTV settings page, now listening on 4000

Thanks

[chriscareycode]

@pezzotto and in your settings-nagios.js you have "auth": true ?

Line 100-106 in app.js is what adds the authentication. You can uncomment the console.log lines on 104 and 105 , then run again to help verify these lines are running.

[pezzotto]

@pezzotto and in your settings-nagios.js you have "auth": true ?

Line 100-106 in app.js is what adds the authentication. You can uncomment the console.log lines on 104 and 105 , then run again to help verify these lines are running.

Uncommented ad yes node is passing auth:

Adding proxy auth
{ proxyReqPathResolver: [Function: proxyReqPathResolver],
  proxyReqOptDecorator: [Function: proxyReqOptDecorator],
  headers: { Authorization: 'Basic ##################' } }
Listening on port 4000...

Strange thing is that when i open nagiostv page, without do nothing after some seconds i get this loop

[chriscareycode]

I started a document here that is a work in progress: https://nagiostv.com/bypassing-authentication

Please try the Apache Proxy technique and see if this works for you

[pezzotto]

I started a document here that is a work in progress: https://nagiostv.com/bypassing-authentication

Please try the Apache Proxy technique and see if this works for you

Hi, following your guide i had success to pass auth through proxy.

But i had to change some lines in my environment:

CentOS Linux release 8.3.2011 Apache/2.4.37

Location is not "/usr/local/nagios/nagiostv" but "/usr/local/nagios/share/nagiostv"

And the autentication in passed by AuthBasicFake "user pass" Directive and not RequestHeader set Authorization

Thank you for your work!