I have 3 check_mk sites setup - one “overview” site, plus one server for each physical site.
I generally use the “overview” site for monitoring, configuration, etc.
I am not able to view the graphs of the remote site. Chrome is giving me “Content is blocked” error, and debug tools tell me it’s hitting the CSP policy " Referrer Policy: strict-origin-when-cross-origin".
There are old topics that discuss updating the pnp4nagios graph URL in multisite.mk, but the referenced files are empty, having been configured with WATO.
I was considering modifying the apache configuration to allow the CSP, but assumed any changes would get overwritten next time I update CMK.
First step is to check the defined “URL prefix” inside your definition of the distributed sites.
This should a relative prefix like “/worker1/”.
If you have done this you also need a reverse proxy / rewrite configuration inside your system Apache.
It is needed that your Apache knows how to handle the /worker1/ prefix.
Thanks for the reference! The reverse proxy part hadn’t been setup.
I am having difficulty setting up the reverse proxy - either it doesn’t work (404) or the browser gets stuck in a redirection loop.
mod_proxy and mod_rewrite are both enabled, and based on the redirection loop experience - I know the config file is getting read, but I’m missing something here.
Following the 1.6 documentation, the proxy config reads:
If you get too many redirects it looks more like your Apache is also serving the domain “site-east.domain.com”
What i test in such a setup is the following.
You must get the login for the remote monitoring site
Only if this works i continue with the config of the slave connection inside WATO.
There are many possible approaches for the configuration of your Apache.
Most examples i find are like the ones you posted.
Got this figured out this morning. The root issue is that HTTPS redirect was enabled at the east site. By disabling this redirection, ProxyPass started working.
The follow-on change was using ProxyPass over HTTPS, which was achieved with the following configuration:
user@master:/etc/apache2/conf-enabled# cat multisite_proxy.conf
SSLProxyEngine on
SSLProxyVerify off
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
<Location /prod_east>
ProxyPass https://east.domain.com/prod_east
ProxyPassReverse https://east.domain.com/prod_east
</Location>
Ok HTTPS is complete different problem for proxy connections
As this was not in the first question/error i only wrote the HTTP solution.
Nice that it is working now.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact @fayepal if you think this should be re-opened.