omd icon indicating copy to clipboard operation
omd copied to clipboard
verified publisher icon ConSol

Thruk URL not working after httpd update

Open Vani2468 opened this issue 1 year ago • 12 comments

Hi,

We have observed that an issue with Thruk URL after httpd update to httpd-2.4.62-1. As per github issue #192, it is advised to update apache inside OMD to 2.4.60+.

Kindly let me know how to update apache inside OMD to 2.4.60+.

Vani2468 avatar Nov 20 '24 10:11 Vani2468

You could simply update omd to a recent nightly version, then it should be fine again. There is no apache "in" omd. OMD uses the system apache.

sni avatar Nov 20 '24 12:11 sni

@sni - what was changed in addition, the update

  • from EL9.4 httpd-2.4.57
  • to EL9.5 httpd-2.4.62

while keeping OMD 5.40 and UnsafeAllow3F breaks, it looks like access to javascript URI /omdmon/thruk/cache/thruk-3.16.js is blocked and also authentication is suddenly required

Apache "base"

[21/Nov/2024:12:49:28 +0100] "GET /omdmon/thruk/cache/thruk-3.16.js HTTP/1.1" 302 253

Apache "OMD"

[21/Nov/2024:12:51:08 +0100] "GET /omdmon/thruk/cache/thruk-3.16.js HTTP/1.1" 302 253 "https://SERVER/omdmon/thruk/cgi-bin/login.cgi?nocookie" "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"

pbiering avatar Nov 21 '24 11:11 pbiering

Question is if it's working with the nightly builds? I am not aware of any issues with the nightly builds.

sni avatar Nov 21 '24 12:11 sni

tried now OMD 5.41 from 20241120 and found during upgrade of the site the issue:

There was an additional change since 5.40 which causes now an issue on httpd > 2.4.57, auth: needs to be inserted

-RewriteRule ^/(.*)$                  /%1/%{REMOTE_ADDR}~~%{HTTP:Authorization}~~%{HTTP:X-Thruk-Auth-Key}~~%{HTTP:X-Thruk-Auth-User}/____/$1/____/%{QUERY_STRING} [C,NS]
+RewriteRule ^/(.*)$                  /auth:%1/%{REMOTE_ADDR}~~%{HTTP:Authorization}~~%{HTTP:X-Thruk-Auth-Key}~~%{HTTP:X-Thruk-Auth-User}/____/$1/____/%{QUERY_STRING} [C,NS

pbiering avatar Nov 21 '24 13:11 pbiering

Right, but this change has been incorporated into OMD already in Sep 1st: 693ede5559dcf094ed3382c4d17f1d68c9d5c6f4 So it should just work with recent nightly OMD, right?

sni avatar Nov 21 '24 13:11 sni

Yes, working with OMD 5.41 from 20241120 and OMD 5.40 with patched file.

pbiering avatar Nov 21 '24 16:11 pbiering

After updating Red Hat 9 (and therefore the httpd package) and applying change 693ede5, I am able to connect. However, I have to re-authenticate constantly.

$ httpd -v
Server version: Apache/2.4.62 (Red Hat Enterprise Linux)
Server built:   Aug  3 2024 00:00:00
$ omd version
OMD - Open Monitoring Distribution Version 5.40-labs-edition, Python version 3.9.19

Do you have this issue with version 5.41?

fplancot avatar Nov 22 '24 16:11 fplancot

Since EL 9.4 there is a 2nd change required, related to "UnsafeAllow3F": https://github.com/ConSol-Monitoring/omd/issues/204

pbiering avatar Nov 23 '24 07:11 pbiering

I have to re-authenticate constantly.

Even if you cleaned up the cache/cookies or using another browser?

lausser avatar Dec 02 '24 14:12 lausser

I did indeed clear my browser cache (Firefox) entirely after noticing that navigation worked with Chrome or Edge. That indeed resolved the issue. Thank you!

fplancot avatar Dec 03 '24 13:12 fplancot

Is it working now that everybody (hopefully) has updated?

lausser avatar Jan 18 '25 13:01 lausser

For me all fine after updating to 5.50

pbiering avatar Jan 18 '25 20:01 pbiering

Lessons learned: always update!

lausser avatar Apr 22 '25 14:04 lausser