Bookmark url to be displayed in same browser tab

T.J_Yang · August 28, 2020, 8:07pm

From browsing past bookmark topics(R1), I still can’t get my external URL displayed in same browser tab.

centos8t01.test.lan is master CRE while monitor01.test.lan is a slave1 CRE slave.
I like to have monitor01.test.lan displayed in centos8t01.test.lan wcss Brower without opened in a new tab.

image765×428 73.1 KB
my security.conf before change

OMD[wcss]:~/etc$ cat ~/etc/apache/conf.d/security.conf |egrep -v '^#|^$|.#’

Header always set Content-Security-Policy "default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ ssh: rdp:; img-src ‘self’ data: https://.tile.openstreetmap.org/ ; connect-src ‘self’ https://crash.checkmk.com/ ; frame-ancestors ‘self’ ; base-uri ‘self’; form-action ‘self’ javascript: ‘unsafe-inline’; object-src ‘self’"
<FilesMatch “.(js|css|png|ico|wav|jpg)$”>
Header always unset Content-Security-Policy

ServerTokens Prod
TraceEnable Off
<Directory “/”>

order deny,allow
deny from all

OMD[wcss]:~/etc$

After adding *child-src .test.lan (from R2)into security.conf file and reload apache

OMD[wcss]:~/etc$ cat ~/etc/apache/conf.d/security.conf |egrep -v '^#|^$|.#’

Header always set Content-Security-Policy "default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ ssh: rdp:; img-src ‘self’ data: https://.tile.openstreetmap.org/ ; connect-src ‘self’ https://crash.checkmk.com/ ; frame-ancestors ‘self’ ; base-uri ‘self’; form-action ‘self’ javascript: ‘unsafe-inline’; object-src ‘self’;child-src *.test.lan"
<FilesMatch “.(js|css|png|ico|wav|jpg)$”>
Header always unset Content-Security-Policy

ServerTokens Prod
TraceEnable Off
<Directory “/”>

order deny,allow
deny from all

OMD[wcss]:~/etc$

monitor01.test.lan URL still failed to do in-place display. I had to open it to another tab.

Or is there a way to auto open it up in another tab when user click on the external URL ?

R1: Search results for 'bookmark' - Checkmk Community
R2: 1.6.0p9 Custom URL dashlet/External URL Bookmarks issue

cjcox · August 28, 2020, 8:10pm

I’d use a dashboard for this. You may find the video here useful: Integrating Checkmk and Netdata

T.J_Yang · August 28, 2020, 8:27pm

It is a very interesting topic to connect netdata with checkmk. I only watched 10/20 minutes, your video is too advanced for beginner like me

cjcox · August 28, 2020, 8:29pm

Yeah, but there is an example of embedding the netdata url into a dashboard for presentation.

T.J_Yang · August 28, 2020, 8:32pm

In my current nagios:/var/nagios/html/side.php, I have brunch of external URLs need to be ported over thus this asking.

andreas-doehler · August 29, 2020, 8:14am

@T.J_Yang what you try to do is forbidden by your browser and not a problem with the Apache security config.
I try to describe the problem - you try to link to another https resource and display this resource inside a frame in another https connection - this is forbidden.
What you can do - create a proxy config on your master site that it is possible to reach your slave with the hostname of your master.
https://checkmk.com/cms_distributed_monitoring.html#pnp4nagios
Go to the point “retrieval via master”
After the change you can access your slave with “https://centos8t01.test.lan/slavesite/”

T.J_Yang · August 29, 2020, 11:45pm

This is my desire out, after click, the content of monitor01:/slave1 got displayed in right iframe of centos8t01.

Knowing little of CSP this is what was changed
Replace CSP directives in both centos8t01 and monitor01:[mysite]~/etc/apache/conf.d/security.conf

frame-ancestors ‘self’ → frame-ancestors ‘self’ *.test.lan
default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ ssh: rdp: → default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ ssh: rdp: *.test.lan

Both web servers need to in agreement of doing so.
How bad the consequence of doing so in an intranet ?

andreas-doehler · August 30, 2020, 7:49am

Why this way?
The solution with the reverse proxy configuration is the clean and secure way.
I don’t know what the complete impact of the changed CSP is. But the reverse proxy configuration was working a long time before. Also it has the positive impact that you are already signed in at the slave site.
In your setup you need to re authenticate at your slave the first time you click a link.

T.J_Yang · August 30, 2020, 9:48am

Why this way?

Bookmark snapin provide me a GUI way to simplified URLs management, without directly editing html/php file on web servers.
I can provide selected internal URLs and group them for checkmk login users from either ldap or active directory accounts. (kudos to ldap connection part of work).
I will look at proxy approach also but some of my URLs are not for checkmk sites.

Again, @andreas-doehler, Thanks for being friendly to new checkmk user like me and spend your time to provide very good suggestion.

system · September 29, 2020, 7:48pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.