Ubuntu 22上Nagios Core的Nginx配置,04

rn0zuynd  于 2023-04-29  发布在  Nginx
关注(0)|答案(1)|浏览(180)

我正在努力为Nagios核心服务器配置nginx前端,我希望在本地测试VM上试用它。
我想我有一段时间的PHP-FPM问题得到了解决,至少部分是因为我现在可以看到“Nagios Core”主页,当我加载网站。
但是我不能导航到任何子页面,我总是给一个403禁止。
我还可以尝试哪些配置方法?
安装在我的ubuntu 22上的软件包。04主持人:

nagios-images/jammy,now 0.9.4 all [installed,automatic]
nagios4-cgi/jammy,now 4.4.6-4 amd64 [installed,automatic]
nagios4-common/jammy,now 4.4.6-4 all [installed,automatic]
nagios4-core/jammy,now 4.4.6-4 amd64 [installed,automatic]
nagios4/jammy,now 4.4.6-4 amd64 [installed]
php-common/jammy,now 2:92ubuntu1 all [installed,automatic]
php8.1-cli/jammy-updates,jammy-security,now 8.1.2-1ubuntu2.11 amd64 [installed,automatic]
php8.1-common/jammy-updates,jammy-security,now 8.1.2-1ubuntu2.11 amd64 [installed,automatic]
php8.1-fpm/jammy-updates,jammy-security,now 8.1.2-1ubuntu2.11 amd64 [installed]
php8.1-opcache/jammy-updates,jammy-security,now 8.1.2-1ubuntu2.11 amd64 [installed,automatic]
php8.1-readline/jammy-updates,jammy-security,now 8.1.2-1ubuntu2.11 amd64 [installed,automatic]
php8.1/jammy-updates,jammy-security,now 8.1.2-1ubuntu2.11 all [installed]

这是我的主要nagios。/etc/nginx/conf中加载的conf文件。d/目录(它本身在/etc/nginx/nginx中指定。conf文件):

upstream php {
        server unix:/var/run/php/php8.1-fpm.sock;
}
upstream fcgiwrap {
        server  unix:/var/run/fcgiwrap.socket;
}
server {
        listen  80;
        server_name     $HOSTNAME;
        return  302     https://$HOSTNAME;
}
server {
        listen  443 ssl;
        server_name     $HOSTNAME;
        ssl_certificate        /etc/ssl/certs/nginx-selfsigned.crt;
        ssl_certificate_key    /etc/ssl/private/nginx-selfsigned.key;
        access_log      /var/log/nginx/nagios.access.log;
        error_log       /var/log/nginx/nagios.error.log info;
        expires         5m;
        root            /usr/share/nagios4/htdocs;
        index           index.php index.html;
        auth_basic      "Restricted Access";
        auth_basic_user_file /etc/nagios4/htpasswd.users;
        
        location /stylesheets {
                alias /etc/nagios4/stylesheets;
        }
        location ~ /nagios4/ {
                location ~ /(\w*\.cgi)$ {
                        include /etc/nginx/fastcgi_params;
                        fastcgi_param AUTH_USER $remote_user;
                        fastcgi_param REMOTE_USER $remote_user;
                        fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/nagios4/$1;
                        fastcgi_pass fcgiwrap;
                }
        }
        
        location ~ \.php$ {
           fastcgi_split_path_info ^(.+?\.php)(/.*)$;
           fastcgi_pass php;
           include /etc/nginx/snippets/fastcgi-php.conf;
           include /etc/nginx/fastcgi_params;
           fastcgi_param SCRIPT_FILENAME /usr/share/nagios4/htdocs$fastcgi_script_name;
        }
        
        # nagiosgraph
        location ~ /nagiosgraph/ {
                alias /usr/local/nagiosgraph/share/;
                location ~ /(\w*\.cgi)$ {
                        include /etc/nginx/fastcgi_params;
                        fastcgi_param SCRIPT_FILENAME /usr/local/nagiosgraph/cgi/$1;
                        fastcgi_param REMOTE_USER $remote_user;
                        fastcgi_param AUTH_USER $remote_user;
                        fastcgi_pass unix:/var/run/fcgiwrap.socket;
                }
        }
}

下面是它调用的fastcgi代码段:

# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+?\.php)(/.*)$;

# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;

# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;

fastcgi_param PATH_INFO $path_info;

fastcgi_index index.php;

include fastcgi.conf;
~

这是我的主要nginx。conf文件:

user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
        worker_connections 1024;
}
http {
        include          /etc/nginx/mime.types;
        default_type application/octet-stream;
        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                                        '$status $body_bytes_sent "$http_referer" '
                                        '"$http_user_agent" "$http_x_forwarded_for"';
        client_max_body_size 0;
        access_log      /var/log/nginx/access.log main;
        sendfile        on;
#       tcp_nopush      on;
        keepalive_timeout 65;
        gzip on;
        server_tokens off;
        # https://wiki.mozilla.org/Security/Server_Side_TLS
        ssl_session_timeout 1d;
        ssl_session_cache   shared:SSL:50m;
        ssl_session_tickets off;
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_ciphers   DEFAULT:!RC4:!DH:!DES:!3DES;
#       ssl_ciphers   'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
        ssl_prefer_server_ciphers on;
        # OCSP Stapling ---
        # fetch OCSP records from URL in ssl_certificate and cache them
        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 8.8.4.4 8.8.8.8;
        include /etc/nginx/conf.d/*.conf;
}

我一直在玩弄各种配置,但到目前为止,每一次都失败了。
我已经创建了一个填充的基本身份验证文件,并通过以下方式提示输入用户名和密码以匹配:

htpasswd -b -c /etc/nagios4/htpasswd.users nagiosadmin $SOMEPASSWORD

我跟踪了nagios core generating error 403 forbidden并尝试重新定位htpass。users文件到/usr/local/nagios/,并设置root:nagios的所有权,但这在本例中没有任何区别。
我已经剥离了所有的配置,并遵循https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/只是为了确保php-fpm工作,它似乎是(从主页的响应匹配的指南)。

alen0pnh

alen0pnh1#

这个配置的问题是php-fpm模块的默认配置(/etc/php/8.1/fpm/pool.d/www.conf)被配置用于www-data用户。
这个nginx.conf指定一个名为“nginx”的用户作为运行的用户上下文。
修改/etc/php/8。1/fpm/pool.d/www.conf引用'nginx'代替'www-data'并重新启动php 8。1-fpm服务(systemctl重新启动)解决了这个问题。

相关问题