Collector / Satellite setup TLS proxy config for Thruk perfdata inline display

[pbiering]

On a collector/satellite setup with following extension it was possible to fetch pnp4nagios charts directly inside the central collector

• extend Thruk's "proxifiy_url" function to prepend the $peer_key in non-HTTP case

--- lib/Thruk/Utils.pm.orig       2023-12-19 14:50:29.643030812 +0000
+++ lib/Thruk/Utils.pm  2023-12-19 14:49:32.907533633 +0000
@@ -1232,7 +1232,7 @@
     my $peer     = $c->db->get_peer_by_key($peer_key);
     return($url) unless $peer;
     if($peer->{'type'} ne 'http') {
-        return($url);
+        return("/" . $peer_key . $url);
     }

     my $proxy_prefix = $c->stash->{'url_prefix'}.'cgi-bin/proxy.cgi/'.$peer_key;

Create Apache config sniplet for acting as reverse proxy towards an OMD site:

<Location /<SITE>/>
        ProxyPass        https://<SITE-HOST>/ ttl=600 keepalive=On
        ProxyPassReverse https://<SITE-HOST>/
        ProxyPreserveHost Off

        # fix location header if not done by ProxyPass
        Header edit Location "(.*)/<SITE>(/<OMDSITE>/.)" "$1$2"
        Header edit Location "(.*)(/<OMDSITE>/.)" "$1/<SITE>$2"

        SetOutputFilter INFLATE;proxy-html;DEFLATE

        AddOutputFilterByType SUBSTITUTE text/html

        # substitutes for OMD
        Substitute "s|\"/<OMDSITE>/|\"/<SITE>/<OMDSITE>/|ni"
        Substitute "s|'/<OMDSITE>/|'/<SITE>/<OMDSITE>/|ni"
        Substitute "s|#/<OMDSITE>/|#/<SITE>/<OMDSITE>/|ni"
</Location>

This reverse proxy can also be used for direct access to OMD in a particular site by using https://<COLLECTOR>/<SITE>/

[sni]

What's the advantage over just connecting those sites as http backend.

[pbiering]

What's the advantage over just connecting those sites as http backend.

Security requirements forbid cleartext communication, Thruk itself uses TLS protected (client+server certificates) connection to livestatus.

[sni]

http backends can use https as well. That way you could even set up a read-only connection.