Thursday, March 15, 2012

Cacti: http to https

Though may not be required for most users to use Secured HTTP for their Cacti System, some may be required as a basic policy requirements especially for financial institutions. The simple PHP code below will redirect all http request to https, this is also the simplest method that will do the job compared to other methods that you may find on the web.

<?php
if ($_SERVER['SERVER_PORT']!=443)
{
$url = "https://". $_SERVER['SERVER_NAME'] . ":443".$_SERVER['REQUEST_URI'];
header("Location: $url");
}
?>

The code came from this blog, and is made for IIS Web Server, but after giving it a try on Centos 5, my Cacti System, it works like a charm and is very easy to deploy.

So here is the tip on how to deploy in your Linux-Cacti Machine:

1.  Edit the index.php located on cacti's root folder

#cd /var/www/cacti
#vi index.php

    copy the PHP code above and insert it on the first line of index.php

2. Exit from vi saving the changes and restart httpd service

#service httpd restart

Open your cacti using http://your-server-ip/cacti, this will redirect you to https://your-server-ip/cacti and ask you to verify and confirm web certificate on the first use. Just proceed and complete the process and you are good to go.


The only one problem is, upon login on your cacti and pointing the browser directly to the webpage content like:  http://your-server-ip/cacti/plugins/devices/device.php, it will NOT redirect you to https://your-server-ip/cacti/plugins/devices/device.php, instead, the page will just open as a regular http.

A simple fix would be ......insert the PHP code on "device.php". Do this on your other pages as well.





Posted by at 9:05 AM 3 comments
Labels: , , , , , , , , , ,

Wednesday, March 14, 2012

Cacti: Ping is "up" but Device status is "down"

This a simple solution to a problem on ping availability detection in Cacti. Commonly, you notice that when you use the ICMP ping for downed detection, cacti can ping the host but still, it displays "down" under the Devices. You may have tried already changing other parameter such as UDP or ICMP Ping to no avail, but the simple solution is pertaining to file permissions on spine.

Change the spine permission as follows

#cd /usr/local/spine/bin
#chmod a+s spine

You may run poller.php manually from your cacti root folder if you can't wait your cron cycle to run poller.php. You may see your device status as "Recovering" after running the poller.php.
Posted by at 2:21 AM 11 comments
Labels: , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)