Hi,
Here is the validate output:
====================================
Component | Version
--------- | -------
LibreNMS | 1.43-50-ge8cf6bb38
DB Schema | 267
PHP | 7.2.7-1+0~20180622080745.23+stretch~1.gbpfd8e2e
MySQL | 10.1.26-MariaDB-0+deb9u1
RRDTool | 1.6.0
SNMP | NET-SNMP 5.7.3
====================================
[OK] Composer Version: 1.7.2
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct
The web interface is completely broken because it force to use the non-https version.
The base URL is setup to force the HTTPS link but it doesn’t work after the tonight upgrade and it broken everything.
Mixed Content: The page at 'https://www.youmonit.me/login' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://www.youmonit.me/login'. This endpoint should be made available over a secure connection.
login:1 Refused to load the image 'http://www.youmonit.me/images/librenms_logo_light.svg' because it violates the following Content Security Policy directive: "default-src https: data: 'unsafe-inline' 'unsafe-eval' always". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
jquery.min.js:6 POST https://www.youmonit.me/ajax/set_resolution 401
The base url is:
$config['base_url'] = "https://www.youmonit.me/";
Someone have an idea ?
Thanks
I’m experiencing the same issue. It appears to me that the new laravel auth system isn’t taking base_url into account.
I’m also experiencing this mixed mode content problem, which stops me from logging into LibreNMS.
In addition to the warning about /images/librenms_logo_light.svg being loaded insecurely over HTTP, I also have a similar warning about the login form submitting to an insecure URL.
When submitting the form, I get “The password field is required”, despite obviously providing a password. If I modify the scheme for the form action to HTTPS instead of HTTP, then I am able to login.
It does seem that the base_url is now being ignored for some key elements.
validate.php gives the following:
bash-4.2$ ./validate.php
====================================
Component | Version
--------- | -------
LibreNMS | 1.43-50-ge8cf6bb
DB Schema | 267
PHP | 5.6.36
MySQL | 5.7.17-11
RRDTool | 1.4.8
SNMP | NET-SNMP 5.7.2
====================================
[OK] Composer Version: 1.7.2
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct
Oh, and I use a nginx reverse proxy in front of the LibreNMS, maybe that Laravel handle this badly https://laravel.com/docs/5.5/requests#configuring-trusted-proxies
Solved, needed to add a self signed certificate on the LibreNMS server and use SSL upstream on the proxy for this thing to work.
Now everything seems ok.
LibreNMS:
server {
listen 443 ssl;
root /opt/librenms/html;
index index.php index.html index.htm;
ssl_certificate /etc/ssl/certs/localhost.crt;
ssl_certificate_key /etc/ssl/private/localhost.key;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
location ~ .php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 60;
include fastcgi_params;
}
}
Reverse:
server {
listen 80;
server_name www.youmonit.me;
return 301 https://$host$request_uri;
location '/.well-known/acme-challenge' {
root /var/www/letsencrypt/;
try_files $uri /$1;
}
}
server {
listen 443 http2;
server_name www.youmonit.me;
ssl on;
ssl_certificate /etc/letsencrypt/live-ecdsa/youmonit.me/chain.pem;
ssl_certificate_key /etc/letsencrypt/live-ecdsa/youmonit.me/privkey-p384.pem;
location '/.well-known/acme-challenge' {
root /var/www/letsencrypt/;
try_files $uri /$1;
}
location / {
proxy_pass https://192.168.1.12/;
proxy_ssl_verify off;
}
}
My nginx.conf is available here: https://github.com/stylersnico/nginx-secure-config
Hi,
./validate.php
====================================
Component | Version
--------- | -------
LibreNMS | 1.43-66-gaa51613a1
DB Schema | 267
PHP | 7.0.30-0+deb9u1
MySQL | 10.1.26-MariaDB-0+deb9u1
RRDTool | 1.6.0
SNMP | NET-SNMP 5.7.3
====================================
[OK] Composer Version: 1.7.2
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct
LibreNMS:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Alias /lnms "/opt/librenms/html/"
<Directory "/opt/librenms/html/">
AllowOverride All
Require all granted
Options FollowSymLinks MultiViews
</Directory>
DocumentRoot /opt/librenms/html/
AllowEncodedSlashes NoDecode
ServerName librenms.example.com
CustomLog /opt/librenms/logs/access_log combined
ErrorLog /opt/librenms/logs/error_log
</VirtualHost>
$config['base_url'] = '/lnms/';
Reverse (apache):
ProxyPass "/lnms/" "https:***/lnms/"
ProxyPassReverse "/lnms/" "https:***/lnms/"
in this case, requests https:front/lnms/
are redirected to https:front/login
workaround: "ProxyPass "/login" "https:***/login"
also, reverse proxy on https:front/lnms/ does not work with http:librenms/ and redirects to http :front/login
Great, that’s working for me. Thank you 