I am getting the below error when I am accessing the web interface of nagios.
Forbidden
You don't have permission to access /nagios/ on this server.
Apache/2.2.15 (Red Hat) Server at localhost Port 80
Please help me .. I am working from one week still not resolved.
Couple of places to visit in the configuration files.
check your /etc/httpd/conf.d/nagios.conf file , if the option for SSL is turned on ,try disabling it
then
restart httpd service.
below is the sample entry from the file /etc/httpd/conf.d/nagios.conf
ScriptAlias /nagios/cgi-bin "/usr/lib64/nagios/cgi"
<Directory "/usr/lib64/nagios/cgi">
#SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
Require valid-user
</Directory>
Alias /nagios "/usr/share/nagios"
<Directory "/usr/share/nagios">
#SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
Require valid-user
</Directory>
I have set up http-auth for an ubuntu webserver running apache2. I have done this with the following steps (note that the instance already had apache2 running and an A record for the route53 dns address):
mkdir -p /etc/httpd/conf.d
apt-get install -y apache2-utils
htpasswd -b -c /etc/apache2/.htpasswd demo $PASSWORD
Then I created the file /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
DocumentRoot /var/www/blah/
ServerName some-test.blah.info
ServerAdmin some-random-admin
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/blah/">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
</VirtualHost>
Last I applied this change by restarting apache.
After this there is a credentials prompt (for the username and password) through the IP address but not the dns address set through route53.
I believe the issue is a route53 problem as it is working correctly when you go directly do the IP address.
The solution is to edit the /etc/apache2/apache2.conf and find the directories section (it should be lines 153 to 174) and add in the auth requirements. So basically find all the directories and add these four lines inside of each one:
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
For example this is what it originally looks like:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
And this is what it needs to be changed to:
<Directory />
Options FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
<Directory /usr/share>
AllowOverride None
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
<Directory "/var/www/blah/">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
I recently installed Munin on my machines. I got everything to work and the data is actually being drawn on the graphs! :)
But, for some reason, when I click on each individual graph, it brings me to the dynazoom page but it's all plain text with no images :(
Here is my apache.conf:
# Enable this for template generation
Alias /munin /var/cache/munin/www
# Enable this for cgi-based templates
#Alias /munin-cgi/static /var/cache/munin/www/static
#ScriptAlias /munin-cgi /usr/lib/munin/cgi/munin-cgi-html
#<Location /munin-cgi>
# Order allow,deny
# Allow from localhost 127.0.0.0/8 ::1
# AuthUserFile /etc/munin/munin-htpasswd
# AuthName "Munin"
# AuthType Basic
# require valid-user
#</Location>
<Directory /var/cache/munin/www>
Order allow,deny
# Allow from localhost 127.0.0.0/8 ::1
Allow from all
Options None
AllowOverride None
# This file can be used as a .htaccess file, or a part of your apache
# config file.
#
# For the .htaccess file option to work the munin www directory
# (/var/cache/munin/www) must have "AllowOverride all" or something
# close to that set.
#
AuthUserFile /etc/munin/munin-htpasswd
AuthName "Munin"
AuthType Basic
require valid-user
# This next part requires mod_expires to be enabled.
#
# Set the default expiration time for files to 5 minutes 10 seconds from
# their creation (modification) time. There are probably new files by
# that time.
#
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault M310
</IfModule>
</Directory>
# Enables fastcgi for munin-cgi-html if present
#<Location /munin-cgi>
# <IfModule mod_fastcgi.c>
# SetHandler fastcgi-script
# </IfModule>
#</Location>
#<Location /munin-cgi/static>
# SetHandler None
#</Location>
# Enables fastcgi for munin-cgi-graph if present
ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
<Location /munin-cgi/munin-cgi-graph>
Order allow,deny
Allow from localhost 127.0.0.0/8 ::1
# AuthUserFile /etc/munin/munin-htpasswd
# AuthName "Munin"
# AuthType Basic
# require valid-user
<IfModule mod_fcgid.c>
SetHandler fcgid-script
</IfModule>
<IfModule !mod_fcgid.c>
SetHandler cgi-script
</IfModule>
</Location>
ScriptAlias /munin-cgi/munin-cgi-html /usr/lib/munin/cgi/munin-cgi-html
<Location /munin-cgi/munin-cgi-html>
Order allow,deny
Allow from localhost 127.0.0.0/8 ::1
# AuthUserFile /etc/munin/munin-htpasswd
# AuthName "Munin"
# AuthType Basic
# require valid-user
<IfModule mod_fcgid.c>
SetHandler fcgid-script
</IfModule>
<IfModule !mod_fcgid.c>
SetHandler cgi-script
</IfModule>
</Location>
Any reason why this could not be working? If I haven't given enough information, please let me know. Thank you
Enabling the apache2 cgi (or cgid) makes the dynazoom work.
sudo a2enmod cgi; sudo service apache2 restart
I had the same issue on Ubuntu 14.04.
By checking /var/log/apache2/error.log I found the script complaining about missing modules:
Can't locate CGI/Fast.pm in #INC (you may need to install the CGI::Fast module) (#INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl) at /usr/lib/munin/cgi/munin-cgi-graph line 36.
I did install the CGI::Fast module to solve the issue:
sudo apt-get install libcgi-fast-perl
There is no need for any rewrite rule as indicated in another answer. Packages in Ubuntu 14.04 have the path names configured correctly.
In addition to ermannob's answer; my apache2 error.log reported
AH01797: client denied by server configuration: /usr/lib/munin/cgi/munin-cgi-graph
which stopped me from messing around with file permissions within the OS and caused me to look at the apache config. All that was required was to change
<Location /munin-cgi/munin-cgi-graph>
Order allow,deny
Allow from localhost 127.0.0.0/8 ::1
...
in /etc/apache2/conf-enabled/munin.conf, to
<Location /munin-cgi/munin-cgi-graph>
Require all granted
Options FollowSymLinks SymLinksIfOwnerMatch
I did not need to install any fastcgi packages and followed the tutorial here. They suggest that configuration be added to the apache.conf file directly, however, relaxing the permissions in the conf-enabled/munin.conf file (for /munin, /munin-cgi/munin-cgi-graph and /munin-cgi/munin-cgi-html) was sufficient. I omitted the changes to apache.conf.
When running Ubuntu 14.04 I fixed this on my own servers by updating the apache config in /etc/apache2/conf-available/munin.conf from 2.2 style to 2.4
Example:
<Directory /var/cache/munin/www>
Order allow,deny
Allow from localhost 127.0.0.0/8 ::1
....
</Directory>
needs to be changed to
<Directory /var/cache/munin/www>
# Order allow,deny
# Allow from localhost 127.0.0.0/8 ::1
Require all granted
....
</Directory>
or you could do
Require host localhost
or
Require ip 127.0.0.0/8 ::8
see apache documentation about the changes here. By the time I realized this, I had already gone through and installed FastCGI and the perl module listed in this thread. This change would need to be done to all the location/directory areas you see in munin.conf.
I had the same problem on Debian 8. I've edited the file /etc/munin/apache24.conf like that:
Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/www>
Require all granted
Options FollowSymLinks SymLinksIfOwnerMatch
</Directory>
ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
<Location /munin-cgi/munin-cgi-graph>
Require all granted
Options FollowSymLinks SymLinksIfOwnerMatch
<IfModule mod_fcgid.c>
SetHandler fcgid-script
</IfModule>
<IfModule !mod_fcgid.c>
SetHandler cgi-script
</IfModule>
</Location>
Then I installed the libapache2-mod-fcgid as mentioned earlier.
After a munin-node restart, it's working correctly.
You should change the configuration part about the munin-cgi-graph, setting the same permissions as the main section. Here's your configuration:
# Enables fastcgi for munin-cgi-graph if present
ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
<Location /munin-cgi/munin-cgi-graph>
Order allow,deny
Allow from localhost 127.0.0.0/8 ::1
# AuthUserFile /etc/munin/munin-htpasswd
# AuthName "Munin"
# AuthType Basic
# require valid-user
<IfModule mod_fcgid.c>
SetHandler fcgid-script
</IfModule>
<IfModule !mod_fcgid.c>
SetHandler cgi-script
</IfModule>
</Location>
change it to this:
# Enables fastcgi for munin-cgi-graph if present
ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
<Location /munin-cgi/munin-cgi-graph>
Order allow,deny
# Allow from localhost 127.0.0.0/8 ::1
Allow from all
AuthUserFile /etc/munin/munin-htpasswd
AuthName "Munin"
AuthType Basic
require valid-user
<IfModule mod_fcgid.c>
SetHandler fcgid-script
</IfModule>
<IfModule !mod_fcgid.c>
SetHandler cgi-script
</IfModule>
</Location>
Additionally I had to install the libcgi-fast-perl package, doing this:
sudo apt-get install libcgi-fast-perl
Checking /var/log/apache2/error.log helped me a lot.
I had experienced the same behavior in Ubuntu 14.04 LTS. The reason was the image URL in the dynazoom page was incorrectly using /cgi-bin/munin-cgi-graph/ instead of /munin-cgi/munin-cgi/graph/ so instead of hunting down in the code to fix this bug I worked around it with a quick rewrite rule:
RewriteRule ^/cgi-bin/munin-cgi-graph/(.*) /$1
Hope this helps
In my case following https://bugs.launchpad.net/ubuntu/+source/munin/+bug/1258026 and http://munin-monitoring.org/wiki/MuninConfigurationMasterCGI worked.
The only problematic part was where to put Apache virtual host configuration, it turned out that placing it at /etc/apache2/sites-enabled/001-munin.conf worked.
I have enabled the status mod
<IfModule mod_status.c>
ExtendedStatus On
<Location /server-status>
SetHandler server-status
#Order deny,allow
#Deny from all
#Allow from localhost 127.0.0.1
</Location>
</IfModule>
can i add an basic authentication without AuthUserFile? i just want to define username an password in my config file
I need to put Trac on a URL path other than /. If I take the configuration from http://trac.edgewall.org/wiki/TracOnUbuntu and modify the Location blocks, I get the error message "No handler matched request to /trac". How can I avoid this?
<VirtualHost *:80>
ServerName trac.local
<Location /trac> # instead of Location /
SetHandler mod_python
PythonInterpreter main_interpreter
PythonHandler trac.web.modpython_frontend
PythonOption TracEnv /var/local/trac
PythonOption TracEnvParentDir /var/local/trac
PythonOption TracUriRoot /
PythonOption TracEnv /var/local/trac
# PythonOption TracEnvIndexTemplate /var/local/trac/templates/index-template.html
PythonOption TracLocale en_US.UTF8
PythonOption PYTHON_EGG_CACHE /tmp
Order allow,deny
Allow from all
</Location>
<Location /trac/login> # instead of /login
AuthType Basic
AuthName "myproject"
AuthUserFile /var/local/trac/.htpasswd
Require valid-user
</Location>
</VirtualHost>
How about adjusting 'PythonOption TracUriRoot /' too?
Furthermore please acknowledge, that mod_python is depreciated (end-of-life), and you should rather choose WSGI for new installations instead.