Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot download PNP4Nagios image file. Server response: 500 Can't connect to hostname #7

Open
pilot513 opened this issue Oct 19, 2017 · 5 comments

Comments

@pilot513
Copy link

pilot513 commented Oct 19, 2017

Hello!
When i try send "graph" from pnp4nagios (https://hostname/pnp4nagios)
script get error:
Cannot download PNP4Nagios image file. Server response: 500 Can't connect to hostname:443

All variables set in
my $pnp4nagios_auth = "true"; # $pnp4nagios_auth = "true";
my $server_port = "hostname:443"; # $server_port = "nagios.frank4dd.com:80";
my $auth_name = "Nagios Access"; # $auth_name = "pnp4nagios";
my $web_user = "pnp4nget"; # $web_user = "pnp4nget";
my $web_pass = "P@ssw0rd"; # $web_pass = "mypass";

And little change URL:
#$img_get = "$pnp4nagios_url/image?host=" . urlencode($o_hostname) . "&srv=" . urlencode($o_servicedesc) . "&source=0&start=$tstart&end=$tstamp"; $img_get = "$pnp4nagios_url/graph?host=" . urlencode($o_hostname) . "&srv=" . urlencode($o_servicedesc) . "&source=0&start=$tstart&end=$tstamp";
In debug eMail, when i get it, link to graph right. In browser i get it.

img_get | https://hostname/pnp4nagios/graph?host=hostname&srv=Total_Processes&source=0&start=1508344713&end=1508434713

Why you used "=>" ? vs ", "
# Check if web authentication is required if (defined($pnp4nagios_auth)) { $ua->credentials("$server_port", "$auth_name", "$web_user" => "$web_pass"); }

http://search.cpan.org/~benning/LWP-Protocol-connect-6.09/lib/LWP/Protocol/connect.pm
$ua->credentials("localhost:3128", "Squid proxy-caching web server", "user", "pw");
3.10.0-693.2.1.el7.x86_64 #1 SMP Fri Aug 11 04:58:43 EDT 2017 x86_64
OEL 7.4
rpm -qa | egrep 'LWP|IO'
perl-LWP-Protocol-https-6.04-4.el7.noarch
perl-IO-Socket-SSL-1.94-6.el7.noarch
perl-IO-Socket-INET6-2.69-5.el7.noarch
perl-LWP-MediaTypes-6.02-2.el7.noarch
perl-IO-HTML-1.00-2.el7.noarch
perl-IO-Socket-IP-0.21-4.el7.noarch
perl-IO-Compress-2.061-2.el7.noarch

@pilot513 pilot513 changed the title annot download PNP4Nagios image file. Server response: 500 Can't connect to hostname Cannot download PNP4Nagios image file. Server response: 500 Can't connect to hostname Oct 19, 2017
@fm4dd
Copy link
Owner

fm4dd commented Oct 19, 2017

Hi pilot513,

Why you used "=>" ? vs ", "
# Check if web authentication is required if (defined($pnp4nagios_auth)) { $ua->credentials("$server_port", "$auth_name", "$web_user" => "$web_pass"); }

Yes! This looks indeed like a bug that slipped through testing. Can you change it to "," test and report back? I have no immediate validation chance, and would appreciate!

The HTTP Error 500 also suggests this a protocol problem caused by the wrong function call. For authentication or access issues there would be a 401 or 403 returned.

Cheers Frank

@pilot513
Copy link
Author

pilot513 commented Oct 20, 2017

Hi Frank
I replace "=>" to ", " in sub import_pnp_graph {} like this:
# Check if web authentication is required if (defined($pnp4nagios_auth)) { $ua->credentials("$server_port", "$auth_name", "$web_user", "$web_pass"); }
but error again:

/usr/local/src/scripts/nagios/pnp4n_send_service_mail.pl -v -t -p "MMS Branch" -r username@domain.com -f multi -f graph -u -l en

main: trying to create the PNP4Nagios graph image.
import_pnp_graph: Cannot download PNP4Nagios image file. Server response: 500 Can't connect to hostname:443
import_pnp_graph: Returning empty image file, format: gif

may be Auth function based on LWP::UserAgent not funct. correctly ? Because in browsers (like chromium, mozilla ) generated link opened correctly with login "pnp4nget"/ "P@ssw0rd"

The apache version:
httpd-2.4.6-67.el7_4.2.x86_64
httpd-tools-2.4.6-67.el7_4.2.x86_64

Httpd configured on SSL-connection only

@fm4dd
Copy link
Owner

fm4dd commented Oct 20, 2017

Hi pilot513,

Thank you for checking so far. For the web server error 500: Do you have access to the web server error log? Maybe there is additional info in the log message.

A general LWP::UserAgent problem is unlikely, it would cause widespread trouble beyond this script, and be visible through Google search.

Here is another thought: I just noticed your port is 443, indicating its a http/s connection. Could that be an issue? SSL/TLS should work, but I could not see your setting for $pnp4nagios_url. It should be something like:
my $pnp4nagios_url = "https://nagios.fm4dd.com/pnp4nagios";

If it were set to http, it may give the 500 error...

Frank

@pilot513
Copy link
Author

Yes, Frank
URL set correctly:
my $pnp4nagios_url = "https://hostname/pnp4nagios"; my $graph_history = 25; # in hours, a good range is between 12...48

In http (ssl_error.log) nothing .... I indeed because script don't connect to http daemon.
When i try get link (to generated graph) in log (ssl_access.log)
/var/log/httpd/ssl_access_log:10.189.16.200 - pnp4nget [19/Oct/2017:19:55:18 +0300] "GET /pnp4nagios/image?host=hostname&srv=Total_Processes&source=0&start=1508341239&end=1508431239&view=0 HTTP/1.1" 200 18469 /var/log/httpd/ssl_access_log:10.189.16.200 - pnp4nget [19/Oct/2017:19:55:18 +0300] "POST /pnp4nagios//ajax/filter/set-sfilter HTTP/1.1" 200 -

@fm4dd
Copy link
Owner

fm4dd commented Oct 28, 2017

Hi pilot513,

I ran across a similar issue this week that could be exactly your issue. The problem comes from using https with Perl LWP, which throws an HTTP error 500 when a certificate fails to verify. Since the script did not provision a way to verify certs, it would fail.

Quick fix-1, change:

682   # Download the image
683   my $ua = LWP::UserAgent->new( );

to:

682   # Download the image
683    my $ua = LWP::UserAgent->new(ssl_opts =>{verify_hostname => 0, SSL_verify_mode => 0x00});

This will disable checking the cert, and suppress the HTTP 500 error "certificate verification failed".

Of course in security-sensitive environments, its better to handle https correctly by verifying the certificate and let connections fail when insecure algoritms such as MD5 or SHA1 are encountered. In that case, googling for "Perl LWP https" helps to find information on how to configure it. Since there is quite a number of things that can fail with SSL/TLS, debugging the connection result after "$ua->get()" may become necessary: e.g. by temporarily using;

print "Debug Response: " . $res->status_line;

I hope this helps fixing your error. If you are able to confirm, I can update the script for adding this setting.

Best wishes,
Frank

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants