Pandora:Documentation es:mod proxy en

From Pandora FMS Wiki

Jump to: navigation, search

Metaconsole configuration with Reverse Proxy

Let's assume that Pandora FMS serve customers with direct access to the meta, which is the only one that is operational outward with a public IP and customers have not direct access to the nodes below it there.



Mod proxy1.png




Metaconsole:

Hostname: meta.artica.es, 79.151.30.102 (Public IP), 192.168.1.10 (Private IP), http://meta.artica.es/pandora_console (Pandora metaconsole path) http://meta.artica.es/pandora_console (Public URL)

Node 1:

Hostname: node1.artica.es, 192.168.1.10 (Private IP), http://node1.artica.es/pandora_console (node1 Pandora path) http://meta.artica.es/node1 (Public URL)

Nodo 2:

Hostname: node2.artica.es, 192.168.1.11 (Private IP), http://node2.artica.es/pandora_console (node2 Pandora path) http://meta.artica.es/node2 (URL Pública)

Nodo 3:

Hostname: node3.artica.es, 192.168.1.12 (Private IP), http://node3.artica.es/pandora_console (node3 Pandora path) http://meta.artica.es/node3 (URL Pública)


The customer needs to have access through the metaconsole to all nodes, but initial form can not, because these have internal IPs First of all enable mod_proxy apache module in the metaconsole to have access to all nodes directly. The setting is indicated on centos 6.7 and apache 2.2.

Metaconsole Setup

Add in the file /etc/hosts all directions of the different nodes running something like this:

127.0.0.1   meta.artica.es
192.168.10.1  node1.artica.es
192.168.10.2  node2.artica.es
192.168.10.3  node3.artica.es

To enable mod_proxy module in apache server, open apache config file (httpd.conf) and check that these lines are enabled:

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so

Add the next lines to httpd.conf file:

ProxyRequests Off
ProxyPreserveHost On
ProxyPass /node1 http://node1.artica.es/pandora_console 
ProxyPassReverse /node1 http://node1.artica.es/pandora_console
ProxyPass /node2 http://node2.artica.es/pandora_console 
ProxyPassReverse /node2 http://node2.artica.es/pandora_console
ProxyPass /node3 http://node3.artica.es/pandora_console
ProxyPassReverse /node3 http://node3.artica.es/pandora_console

With this we are stating that when someone accesses to http://meta.artica.es/node1 it will automatically redirect to http://node1.artica.es/pandora_console and so with all nodes.

In case you have enabled https should add this setting:

SSLEngine on
SSLProxyEngine On
SSLCertificateFile /etc/httpd/ssl/ca.crt
SSLCertificateKeyFile /etc/httpd/ssl/ca.key
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /node1 https://node1.artica.es/pandora_console 
ProxyPassReverse /node1 https://node1.artica.es/pandora_console
ProxyPass /node2 https://node2.artica.es/pandora_console 
ProxyPassReverse /node2 https://node2.artica.es/pandora_console 
ProxyPass /node3 https://node3.artica.es/pandora_console 
ProxyPassReverse /node3 https://node3.artica.es/pandora_console

Being certified ca.key y ca.crt who uses apache servers node1, node2 and node3.

The last step to be performed is the metaconsole configuration.

Console URL: We will indicate Public URLs, for each node which they coincided with the set in the file httpd.conf (http://meta.artica.es/node1 , http://meta.artica.es/node2, http://meta.artica.es/node3 )



Mod proxy2.png



After setting the target metaconsole to contact the nodes, the next step would be to configure each node.

Template warning.png

It will vary in each case the links if you're using https instead of http.

 


Nodes Setup

The only special configuration to be added to each of the nodes is "Public URL" in the Console Setup.

You have to set this URL with the public URL indicated in each case in the scenario posed at the beginning. Ejemplo en el nodo 1:



Mod proxy3.png



Template warning.png

It will vary in each case the links if you're using https instead of http.

 


Go back to Pandora FMS documentation index