problem with dashboard behind appache poroxy
347 views
Skip to first unread message
Andrija Radičević
Aug 17, 2023, 8:43:27 AM8/17/23
to Wazuh mailing list
Hi,
I have wazuh running on an cloud server which does not have a public ip and I can access the dashboard via ssh tunneling. However, I'm not able to access the dashboard with apache proxy, which is on a cloud server with pulic ip. In my apache conf file I have following:
ProxyPass /monitor https://172.16.0.3/
ProxyPassReverse /monitor https://172.16.0.3/
ProxyPass /app https://172.16.0.3/app
ProxyPassReverse /app https://172.16.0.3/app
ProxyPassReverse /monitor https://172.16.0.3/
ProxyPass /app https://172.16.0.3/app
ProxyPassReverse /app https://172.16.0.3/app
and if I try to get to the dashboard with https://mysite.com/monitor I get a blank page with the url
https://mysite.com/app/login?.
In the developer tools of the browser in the console I have this:
Content-Security-Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). login:352:78902
and this:
Loading failed for the <script> with source “https://
mysite.com
/bootstrap.js”. login:358:47
and in the inspector I see a script tag with this:
// Since this is an unsafe inline script, this code will not run
// in browsers that support content security policy(CSP). This is
// intentional as we check for the existence of __osdCspNotEnforced__ in
// bootstrap.
window.__osdCspNotEnforced__ = true;
regars
Andrija
Gonzalo Acuña
Aug 17, 2023, 1:21:27 PM8/17/23
to Wazuh mailing list
Hi, Andrija.
I was not able to reproduce the error. I have configured an Apache and the issue is the difference with the configured paths (/monitor and /app). To solve it you'll have to configure a rewrite rule. e.g.:
Let me know if it works for you.
Regards.
Gonzalo.
I was not able to reproduce the error. I have configured an Apache and the issue is the difference with the configured paths (/monitor and /app). To solve it you'll have to configure a rewrite rule. e.g.:
RewriteEngine on
RewriteRule ^/monitor$ /monitor/ [R]
RewriteRule ^/monitor/(.*) /$1 [P]
ProxyPass / https://localhost:4443/
ProxyPassReverse / https://localhost:4443/
ProxyPreserveHost On
Let me know if it works for you.
Regards.
Gonzalo.
Andrija Radičević
Aug 17, 2023, 5:58:37 PM8/17/23
to Wazuh mailing list
Hi Gonzalo,
thank You for the response, however this does not work for me. Perhaps you have missed that I have the apache running not on the same server on which I'm running wazuh so the ProxyPass on the localhost cannot work because nothing is listening on port 4443.
The apace server is running on the server with a pubic ip and it is serving other web pages. My intention is to serve the wazuh dashboard, which is running on an server that has not a public ip via proxy on the apache server, e.g. :
https://mysite.com/ is serving my web pages
https://mysite.com/ is serving my web pages
and I want my wazuh dashboard to be served at:
On the apche server I have 2 conf files, one for http and one for https protocol
for http I have the rewrite rules to force https:
RewriteEngine on
RewriteCond %{SERVER_NAME} = mysite.com [OR]
RewriteCond %{SERVER_NAME} = www.mysite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanenta]
RewriteEngine on
RewriteCond %{SERVER_NAME} = mysite.com [OR]
RewriteCond %{SERVER_NAME} = www.mysite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanenta]
for https I have the proxy lines
ProxyPreserveHost On
ProxyPass /monitor https://172.16.0.3/
ProxyPassReverse /monitor https://172.16.0.3/
ProxyPass /app https://172.16.0.3/app
ProxyPassReverse /monitor https://172.16.0.3/
ProxyPass /app https://172.16.0.3/app
ProxyPassReverse /app https://172.16.0.3/app
regards
Andrija
Gonzalo Acuña
Aug 18, 2023, 7:28:14 AM8/18/23
to Wazuh mailing list
Hi, Andrija.
I just wanted to remind you that Apache is not part of the Wazuh stack. However, I pointed out where the issue was.
The issue is not related to Wazuh. Wazuh works fine with an Nginx or Apache in front.
Please take the example I gave in the previous response and adapt it to your Apache configuration.
From what I see, you just need to add the corresponding rewrite rules in the HTTPS part of your configuration.
Regards.
I just wanted to remind you that Apache is not part of the Wazuh stack. However, I pointed out where the issue was.
The issue is not related to Wazuh. Wazuh works fine with an Nginx or Apache in front.
Please take the example I gave in the previous response and adapt it to your Apache configuration.
From what I see, you just need to add the corresponding rewrite rules in the HTTPS part of your configuration.
Regards.
Gonzalo.
Andrija Radičević
Aug 18, 2023, 8:38:13 AM8/18/23
to Wazuh mailing list
Hi Gonzalo,
thank you for your effort. These rewrite rules, after adopting them, actually made it possible to open the wazuh dashboard, however I have ended up with the dashboard opening even for the url https://mysite.com, not only for https://mysite.com/monitor. And you're right, this is apache issue. Probably I'll have to install apache or some other web browser on the wazuh macine and do the rewrite there.
thank you again
regards
Andrija
Reply all
Reply to author
Forward
0 new messages