Welcome to docs.opsview.com

Advanced Apache Configuration

There are some advanced options available for the Opsview front end.

Limiting Web Sessions

The recommended architecture for Opsview has an Apache front end that proxies to the Opsview Web application server to serve dynamic pages.

It is recommended that you limit the number of web sessions that hit the application server. With Apache, you can limit this by setting the option:

<IfModule mpm_prefork_module>
    MaxClients          20
</IfModule>

This limits the number of clients to 20 concurrent sessions (Opsview uses Apache with prefork due to Nagvis' PHP requirements).

Opsview via HTTP over SSL

By default Opsview is accessed by unencrypted HTTP. To use the more secure HTTP over SSL (HTTPS) communication you must first set up your certificates in your web server (not detailed here) and also amend the /usr/local/nagios/etc/opsview.conf file to include

$use_https = 1;

and restart the web interface by running

/etc/init.d/opsview-web restart

You should also use the /usr/local/nagios/installer/apache_ssl.conf file as a template for your Apache configuration in addition to apache_proxy.conf.

Relocatable web app

It is possible to relocate the web application on the master so that Opsview is anchored to a different location, rather than anchored to the root level.

Note: Slave web interfaces will be anchored to root

Create the Opsview Web configuration file /usr/local/opsview-web/opsview_web_local.yml if it doesn't exist. Add the lines:

override_base_prefix: /myopsview
Controller::Root:
    start_url: /myopsview/status/hostgroup

Note: You will need to restart opsview-web for these parameters to take effect.

If you are using Apache's proxy configuration, you will need to change the following lines:

32c32
< DocumentRoot /usr/local/nagios/share
---
> Alias /myopsview /usr/local/nagios/share
 
39c39
< Alias /static/nmis/ "/usr/local/nagios/nmis/htdocs/"
---
> Alias /myopsview/static/nmis/ "/usr/local/nagios/nmis/htdocs/"
 
52,61c52,61
< ProxyPass /error_pages !
< ProxyPass /javascript !
< ProxyPass /stylesheets !
< ProxyPass /help !
< ProxyPass /images !
< ProxyPass /xml !
< ProxyPass /favicon.ico !
< ProxyPass /graphs !
< ProxyPass /static !
< ProxyPass /media !
---
> ProxyPass /myopsview/error_pages !
> ProxyPass /myopsview/javascript !
> ProxyPass /myopsview/stylesheets !
> ProxyPass /myopsview/help !
> ProxyPass /myopsview/images !
> ProxyPass /myopsview/xml !
> ProxyPass /myopsview/favicon.ico !
> ProxyPass /myopsview/graphs !
> ProxyPass /myopsview/static !
> ProxyPass /myopsview/media !
 
69,70c69,70
< Alias /nagvis /usr/local/nagios/nagvis
< ProxyPass /nagvis !
---
> Alias /myopsview/nagvis /usr/local/nagios/nagvis
> ProxyPass /myopsview/nagvis !
 
80c80
< <Location /nagvis>
---
> <Location /myopsview/nagvis>
 
108,109c108,109
< ProxyPass / http://127.0.0.1:3000/ retry=5
< ProxyPassReverse / http://127.0.0.1:3000/
---
> ProxyPass /myopsview http://127.0.0.1:3000/ retry=5
> ProxyPassReverse /myopsview http://127.0.0.1:3000/

Restart Apache. You may get some errors about overlapping Aliases - in this case, move the Alias /myopsview /usr/local/nagios/share to the bottom of the configuration.

Opsview web will now be served off /myopsview.

You now need to do an Opsview reload otherwise the performance graphing links, Nagios® Core CGIs, MRTG and NMIS pages will not be correct.

JasperServer

Add emptySessionPath=“true” to the <Connector port=“8080” element in /opt/opsview/jasper/apache-tomcat/conf/server.xml. It should look like this:

<Connector port="8080" URIEncoding="UTF-8" maxHttpHeaderSize="8192"
           address="127.0.0.1" emptySessionPath="true"
           maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
           enableLookups="false" redirectPort="8443" acceptCount="100"
           connectionTimeout="20000" disableUploadTimeout="true" />

The Apache configuration for JasperServer should contain these lines:

ProxyPass /myopsview/jasperserver http://127.0.0.1:8080/jasperserver
ProxyPassReverse /myopsview/jasperserver http://127.0.0.1:8080/jasperserver
ProxyPass /jasperserver http://127.0.0.1:8080/jasperserver
ProxyPassReverse /jasperserver http://127.0.0.1:8080/jasperserver

and

<Location /myopsview/jasperserver>

Restart Apache and the reporting module.

Limitations

Nagvis and the reports module will not work with relocation.

Double proxying

You may want to have a secured proxy server in front of your Opsview instance for internal access to Opsview, so the flow would be:

  1. External request hits opsview-external.example.com
  2. opsview-external.example.com proxies to opsview-internal.example.com

However, we've found that Catalyst will set the originating URL as http://opsview-external.example.com, opsview-internal.example.com/ due to there being multiple hostnames in the X-Forwarded-For header.

You can help Catalyst by forcing Apache on opsview-internal.example.com to remove this header and explicitly set the appropriate value. Add this on opsview-internal.example.com:

# Help Catalyst deal correctly with our multiple reverse proxies
RequestHeader unset X-Forwarded-For
RequestHeader unset X-Forwarded-Host
RequestHeader unset X-Forwarded-Server
RequestHeader set Host "opsview-external.example.com"

From Opsview 3.15 onwards, the Apache changes will not be necessary as all URLs from Opsview will be relative (without the host portions).

You will also need to disable the IP checking in the authentication ticket, as it will not be possible to work out the correct IP of the end device talking to Opsview. Make this addition to opsview_web_local.yml:

Controller::Root:
  authtkt_ignoreip: 1
Navigation
Print/export
Toolbox