search

librenms / librenms-agent

LibreNMS Agent & Scripts
GNU General Public License v2.0
118 stars 188 forks source link

Apache-stats.py - PYCURL ERROR 51 - "SSL: certificate subject name does not match target host name 'localhost'" #280

Closed wbollock closed 4 years ago

wbollock commented 4 years ago

No Apache stats populate on a handful of servers, but apache-stats.py works on most.

However, on the handful of servers not working:

root@<myserver> /etc/snmp# ./apache-stats.py
Traceback (most recent call last):
  File "./apache-stats.py", line 38, in <module>
    user_agent = 'SNMP Apache Stats' )
  File "/usr/lib/python2.7/dist-packages/urlgrabber/grabber.py", line 638, in urlread
    return default_grabber.urlread(url, limit, **kwargs)
  File "/usr/lib/python2.7/dist-packages/urlgrabber/grabber.py", line 1019, in urlread
    s = self._retry(opts, retryfunc, url, limit)
  File "/usr/lib/python2.7/dist-packages/urlgrabber/grabber.py", line 886, in _retry
    r = apply(func, (opts,) + args, {})
  File "/usr/lib/python2.7/dist-packages/urlgrabber/grabber.py", line 998, in retryfunc
    fo = PyCurlFileObject(url, filename=None, opts=opts)
  File "/usr/lib/python2.7/dist-packages/urlgrabber/grabber.py", line 1063, in __init__
    self._do_open()
  File "/usr/lib/python2.7/dist-packages/urlgrabber/grabber.py", line 1355, in _do_open
    self._do_grab()
  File "/usr/lib/python2.7/dist-packages/urlgrabber/grabber.py", line 1485, in _do_grab
    self._do_perform()
  File "/usr/lib/python2.7/dist-packages/urlgrabber/grabber.py", line 1342, in _do_perform
    raise err
urlgrabber.grabber.URLGrabError: [Errno 14] PYCURL ERROR 51 - "SSL: certificate subject name (my.org) does not match target host name 'localhost'"

The SSL cert is a wildcard on these servers, but other servers with the same cert work. Running Wordpress on Ubuntu 16.04.

Edit: python-urlgrabber package is installed, and the configuration was sent via Ansible to all servers, so it's the same across the board.

wbollock commented 4 years ago

I found a workaround. Absolutely related to running a Word-press multi-site, and possibly my wildcard SSL cert.

Edit the python script

sudo vim /etc/snmp/apache-stats.py

Replace edit data = urlread ( 'http://localhost/server-status?auto' with:

https://your-site-here/server-status?auto

curl that URL. It won't work by default (produce the stats). To fix the server-status redirects, edit /var/www/html/.htaccess:

RewriteRule  ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
# added rule here
RewriteCond %{REQUEST_URI} !=/server-status
RewriteRule . index.php [L]

The rule we added is RewriteCond %{REQUEST_URI} !=/server-status, and I found it has to be nested between those other two rules.

sudo systemctl restart apache2
# verify it works
sudo python /etc/snmp/apache-stats.py
sudo systemctl restart snmpd

I'm not sure if this is an issue that can be solved by "fixing" the python script. Please close this issue if it's just related to my setup.

SourceDoctor commented 4 years ago

with changing url to: https://your-site-here/server-status?auto i think you've also opened up server-status mod. It work's but it's an security issue, because now it's possibly world open.

SourceDoctor commented 4 years ago

possible not open on localhost for getting stats