Command Center (Metaconsole) configuration with reverse proxy
Introduction
Let us suppose that Pandora FMS provides its service to clients that only have direct access to the Command Center (Metaconsole), which is the only one that is operative towards the outside with its public IP and they do not have direct access to the nodes below it. This would be the scenario proposed at this point.
Command Center (Metaconsole):
Hostname: meta.es
, 79.151.30.102 (Public IP address), 192.168.1.10 (Private IP address).
Pandora FMS Command Center (Metaconsole) path:
http://meta.es/pandora_console
Public URL:
http://meta.es/pandora_console
Node 1:
Hostname: node1.es, 192.168.1.11 (Private IP address).
Pandora FMS node1 path:
http://node1.es/pandora_console
Public URL:
http://meta.es/node1
Node 2:
Hostname: node2.es, 192.168.1.12 (Private IP address).
Pandora FMS node2 path:
http://node2.es/pandora_console
Public URL:
http://meta.es/node2
Nod3 3:
Hostname: node3.es, 192.168.1.13 (Private IP address).
Pandora FMS node1 path:
http://node1.es/pandora_console
Public URL:
http://meta.es/node1
The client will need to have access through the Command Center (Metaconsole) to all the nodes, but initially it cannot, since these have internal IP addresses and from outside there is no connectivity with them. To be able to do this, the mod_proxy module is enabled in the apache of the Command Center (Metaconsole) so that it has direct access to all nodes. The indicated configuration is on Apache 2 .
Command Center (Metaconsole) configuration
First of all add in the file /etc/hosts
all the addresses of the different nodes:
127.0.0.1 meta.es 192.168.1.11 node1.es 192.168.1.12 node2.es 192.168.1.13 node3.es
To enable mod_proxy
on the Apache server, open the httpd.conf
configuration file and first check that all these lines are enabled:
LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule proxy_connect_module modules/mod_proxy_connect.so
Once done, the following lines are added to the file httpd.conf
:
ProxyRequests Off ProxyPreserveHost On ProxyPass /node1 http://node1.es/pandora_console ProxyPassReverse /node1 http://node1.es/pandora_console ProxyPass /node2 http://node2.es/pandora_console ProxyPassReverse /node2 http://node2.es/pandora_console ProxyPass /node3 http://node3.es/pandora_console ProxyPassReverse /node3 http://node3.es/pandora_console
By this we are indicating that when someone accesses
http://meta.es/node1
will automatically redirect you to
http://node1.es/pandora_console
and so on with all nodes. If HTTPS is enabled, this configuration should be added:
SSLEngine on SSLProxyEngine On SSLCertificateFile /etc/httpd/ssl/ca.crt SSLCertificateKeyFile /etc/httpd/ssl/ca.key ProxyRequests Off ProxyPreserveHost On ProxyPass /node1 https://node1.es/pandora_console ProxyPassReverse /node1 https://node1.es/pandora_console ProxyPass /node2 https://node2.es/pandora_console ProxyPassReverse /node2 https://node2.es/pandora_console ProxyPass /node3 https://node3.es/pandora_console ProxyPassReverse /node3 https://node3.es/pandora_console
Being the certificates ca.key
and ca.crt
the ones used by the Apache servers of node1, node2 and node3.
The last step to be performed is the configuration of the Command Center (Metaconsole). The only parameter that must be made in a specific way is:
Console URL: Indicate the Public URLs of each one of the nodes that will match with the link configured in the httpd.conf file for each one of the nodes.
http://meta.es/node1 , http://meta.es/node2 , http://meta.es/node3
Once the Command Center (Metaconsole) is configured to contact the nodes, the next step is to configure each node.
The links will vary in each case if we are using HTTPS instead of HTTP.
Node configuration
The only special configuration that must be added to each of the nodes is the Public URL in the Console Setup. This URL must be configured with the public URL indicated in each case in the scenario that we presented at the beginning. Example in node 1:
The links will vary in each case if you are using HTTPS instead of HTTP.