Metaconsole configuration with reverse proxy
This article uses CentOS 6, an operating system that has completed its End-of-life product cycle.
Introduction
Let's assume that Pandora FMS serve customers with direct access to the meta, which is the only one that is operational outward with a public IP and customers have not direct access to the nodes below it there.
Metaconsole:
Hostname: meta.artica.es, 79.151.30.102 (Public IP), 192.168.1.10 (Private IP), http://meta.artica.es/pandora_console (Pandora metaconsole path) http://meta.artica.es/pandora_console (Public URL)
Node 1:
Hostname: node1.artica.es, 192.168.1.10 (Private IP), http://node1.artica.es/pandora_console (node1 Pandora path) http://meta.artica.es/node1 (Public URL)
Nodo 2:
Hostname: node2.artica.es, 192.168.1.11 (Private IP), http://node2.artica.es/pandora_console (node2 Pandora path) http://meta.artica.es/node2 (URL Pública)
Nodo 3:
Hostname: node3.artica.es, 192.168.1.12 (Private IP), http://node3.artica.es/pandora_console (node3 Pandora path) http://meta.artica.es/node3 (URL Pública)
The customer needs to have access through the Metaconsole to all nodes, but initial form can not because these have internal IPs First of all, enable mod_proxy apache module in the Metaconsole to have access to all nodes directly. The setting is indicated on centos 6.7 and apache 2.2.
Metaconsole Setup
Add in the file /etc/hosts all directions of the different nodes running something like this:
127.0.0.1 meta.artica.es 192.168.10.1 node1.artica.es 192.168.10.2 node2.artica.es 192.168.10.3 node3.artica.es
To enable mod_proxy module in apache server, open apache config file (httpd.conf) and check that these lines are enabled:
LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule proxy_connect_module modules/mod_proxy_connect.so
Add the next lines to httpd.conf file:
ProxyRequests Off ProxyPreserveHost On ProxyPass /node1 http://node1.artica.es/pandora_console ProxyPassReverse /node1 http://node1.artica.es/pandora_console ProxyPass /node2 http://node2.artica.es/pandora_console ProxyPassReverse /node2 http://node2.artica.es/pandora_console ProxyPass /node3 http://node3.artica.es/pandora_console ProxyPassReverse /node3 http://node3.artica.es/pandora_console
With this, we are stating that when someone accesses to http://meta.artica.es/node1 it will automatically redirect to http://node1.artica.es/pandora_console and so with all nodes.
In case you have enabled https should add this setting:
SSLEngine on SSLProxyEngine On SSLCertificateFile /etc/httpd/ssl/ca.crt SSLCertificateKeyFile /etc/httpd/ssl/ca.key ProxyRequests Off ProxyPreserveHost On ProxyPass /node1 https://node1.artica.es/pandora_console ProxyPassReverse /node1 https://node1.artica.es/pandora_console ProxyPass /node2 https://node2.artica.es/pandora_console ProxyPassReverse /node2 https://node2.artica.es/pandora_console ProxyPass /node3 https://node3.artica.es/pandora_console ProxyPassReverse /node3 https://node3.artica.es/pandora_console
Being certified ca.key y ca.crt who uses apache servers node1, node2 and node3.
The last step to be performed is the metaconsole configuration.
Console URL: We will indicate Public URLs, for each node which they coincided with the set in the file httpd.conf (http://meta.artica.es/node1 , http://meta.artica.es/node2, http://meta.artica.es/node3 )
After setting the target metaconsole to contact the nodes, the next step would be to configure each node.
It will vary in each case the links if you're using https instead of http.
Nodes Setup
The only special configuration to be added to each of the nodes is “Public URL” in the Console Setup.
You have to set this URL with the public URL indicated in each case in the scenario posed at the beginning. Ejemplo en el nodo 1:
It will vary in each case the links if you're using https instead of http.