Reports to the mail come with an error 401 Access Denied

[catkaff]

Monitorix installed on Ubuntu 16.04 Everything works except for reports on mail A letter arrives in which instead of reports it says: "401 Access Denied"

Please tell me what could be the problem? I guess that it’s a matter of rights, but I don’t know where exactly the problem is.

/var/log/monitorix

HTTPServer: You can connect to your server at http://localhost:2095/ Sat Jun 27 03:29:01 2020 - emailreports::emailreports_send: sending daily reports. Sat Jun 27 03:29:02 2020 - emailreports::emailreports_send: 401 Access Denied Sat Jun 27 03:29:03 2020 - emailreports::emailreports_send: 401 Access Denied Sat Jun 27 03:29:04 2020 - emailreports::emailreports_send: 401 Access Denied Sat Jun 27 03:29:05 2020 - emailreports::emailreports_send: 401 Access Denied Sat Jun 27 03:29:06 2020 - emailreports::emailreports_send: 401 Access Denied Sat Jun 27 03:29:07 2020 - emailreports::emailreports_send: 401 Access Denied Sat Jun 27 03:29:08 2020 - emailreports::emailreports_send: 401 Access Denied Sat Jun 27 03:29:09 2020 - emailreports::emailreports_send: 401 Access Denied Sat Jun 27 03:29:10 2020 - emailreports::emailreports_send: 401 Access Denied Sat Jun 27 03:29:11 2020 - emailreports::emailreports_send: 401 Access Denied Sat Jun 27 03:29:12 2020 - emailreports::emailreports_send: 401 Access Denied

enabled = y host = port = 2095 user = nobody group = nogroup log_file = /var/log/monitorix-httpd hosts_deny = hosts_allow = autocheck_responsiveness = y enabled = y msg = Monitorix: Restricted access htpasswd = /var/lib/monitorix/htpasswd enabled = y url_prefix = http://127.0.0.1:2095 smtp_hostname = localhost from_address = kotinblack@gmail.com hour = 3 minute = 29 enabled = y graphs = mysql, nginx, apache, nfsc, fs, du, chrony, net, netstat, port, user to = toXXX@gmail.com

/var/lib/monitorix# ls -la /var/lib/monitorix

drwxr-xr-x 5 root root 4096 Jun 27 02:39 . drwxr-xr-x 69 root root 4096 Jun 27 02:32 .. -rw-r--r-- 1 root root 1972664 Jun 27 03:38 apache.rrd -rw-r--r-- 1 root root 1315840 Jun 27 03:38 chrony.rrd -rw-r--r-- 1 root root 846680 Jun 27 03:38 du.rrd -rw-r--r-- 1 root root 6007440 Jun 27 03:38 fs.rrd -rw------- 1 nobody nogroup 22 Jun 27 02:36 htpasswd -rw-r--r-- 1 root root 24023184 Jun 27 02:32 int.rrd -rw-r--r-- 1 root root 1691168 Jun 27 02:32 kern.rrd -rw-r--r-- 1 root root 3567808 Jun 27 03:38 mysql.rrd -rw-r--r-- 1 root root 5632112 Jun 27 03:38 net.rrd -rw-r--r-- 1 root root 3380144 Jun 27 03:38 netstat.rrd -rw-r--r-- 1 root root 5162952 Jun 27 03:38 nfsc.rrd -rw-r--r-- 1 root root 659016 Jun 27 03:38 nginx.rrd -rw-r--r-- 1 root root 3380144 Jun 27 03:38 port.rrd -rw-r--r-- 1 root root 3380144 Jun 27 02:32 proc.rrd drwxr-xr-x 2 root root 4096 Jun 27 02:32 reports -rw-r--r-- 1 root root 1825168 Jun 27 02:32 serv.rrd -rw-r--r-- 1 root root 1972664 Jun 27 02:32 system.rrd drwxr-xr-x 2 root root 4096 Feb 24 10:40 usage -rw-r--r-- 1 root root 752848 Jun 27 03:38 user.rrd drwxr-xr-x 4 root root 4096 Jun 27 02:32 www

ls -la /var/lib/monitorix/www/

drwxr-xr-x 4 root root 4096 Jun 27 02:32 . drwxr-xr-x 5 root root 4096 Jun 27 02:39 .. drwxr-xr-x 2 root root 4096 Jun 27 03:15 cgi drwxr-xr-x 2 nobody nogroup 12288 Jun 27 03:33 imgs -rw-r--r-- 1 root root 7299 Jun 27 03:28 index.html -rw-r--r-- 1 root root 1870 Feb 24 10:40 logo_bot.png -rw-r--r-- 1 root root 179352 Jun 27 02:35 logo_top.png -rw-r--r-- 1 root root 2251 Feb 24 10:40 monitorixico.png

ls -la /var/lib/monitorix/reports/

drwxr-xr-x 2 root root 4096 Jun 27 02:32 . drwxr-xr-x 5 root root 4096 Jun 27 02:39 .. -rw-r--r-- 1 root root 1906 Feb 24 10:40 ca.html -rw-r--r-- 1 root root 1878 Feb 24 10:40 de.html -rw-r--r-- 1 root root 1840 Feb 24 10:40 en.html -rw-r--r-- 1 root root 1849 Feb 24 10:40 fr.html -rw-r--r-- 1 root root 1855 Feb 24 10:40 it.html -rw-r--r-- 1 root root 1873 Feb 24 10:40 nl_NL.html -rw-r--r-- 1 root root 1879 Feb 24 10:40 pl.html -rw-r--r-- 1 root root 1852 Feb 24 10:40 sk.html -rw-r--r-- 1 root root 1805 Feb 24 10:40 zh_CN.html

[mikaku]

It looks like you have enabled Basic Authentication in the HTTP server built-in:

    <auth>
            enabled = y
            msg = Monitorix: Restricted access
            htpasswd = /var/lib/monitorix/htpasswd
    </auth>

That means you'll need to provide the proper username and password in <emailreports> to access the Monitorix HTTP server built-in and be able to get the graphs:

    <emailreports>
        enabled = y
        url_prefix = http://username:password@localhost:2095
[...]

[catkaff]

Thank you A letter came with a report and graphs.

However, doesn’t it seem strange to you that in the same config we specify the encrypted password first, and then specify the username and password explicitly below?

I believe that it would be politically correct to use a ready-made file /var/lib/monitorix/htpasswd with encrypted data for authentication in a block

How do you think?

[mikaku]

Encrypted passwords are unusable for authentication.

If you don't like the idea of having your username and password saved in text plain format in the configuration file, then take a look to the #274 request, which includes a recent new feature in the HTTP built-in configuration.

[catkaff]

Interesting solution, thanks for the link

Encrypted passwords are unusable for authentication. I am very curious why?

[mikaku]

The Basic Authentication method forces username and password to be transmitted as plain text.

You might want to read the section 1 (Introduction) or section 4 (Security Considerations), from the RFC 7617.

This scheme is not considered to be a secure method of user authentication unless used in conjunction with some external secure system such as TLS (Transport Layer Security, [RFC5246]), as the user-id and password are passed over the network as cleartext.

You might add here also that local host network transmissions are secure.

[mikaku]

Closing due to no response for two weeks.

If you still need more information, please add a comment and the issue can be reopened.