Follow

How To Fix Malfunctioning Graphs On Remote Collectors When Using SSL With Zenoss

Applies To

  • Zenoss 4.2.3
  • Zenoss 4.2.2

Summary

Certain web browser security updates emerging in late 2013 disabled java script calls to insecure (http) content within secure (https) pages. As a result, in some cases where you have remote collectors and SSL (or an out-of-band SSL-enabled load balancer), the panning and zooming function for graphs of devices on remote collectors stops working due to blockage of mixed-mode content by updated browsers that disable insecure java script calls.

Procedure

How to Proxy ZenRenderer Traffic

Note: If you have customized nginx rules, ensure the primary server block in $ZENHOME/etc/nginx.conf contains the following directive:
include /opt/zenoss/etc/nginx-dc-*.conf;

  1. Set Collector URL Configuration

    Perform the following steps for each remote collector:

    1. Navigate to Advanced > Collectors > [remote collector name] > Edit.
    2. Make note of the value in "Render URL", in case you need to rollback the changes made while executing this procedure.
    3. Make note of the value in "hostname", for use in Step 2- Set Up and Verify Proxy Rules, below.
    4. Set the value of "Render URL" to:
      /remote-collector/[remote collector name]
    5. Save the changes.
  2. Set Up and Verify Proxy Rules

    Before you make changes to nginx-dc-*.conf files to setup the proxy rules, make backup copies in case you need to rollback changes performed in the following steps.

    Use the following code to configure proxying for ZenRender. If you want to configure proxying for ZenHub, contact Zenoss Support.

    # In $ZENHOME/etc/:
    ls nginx-dc-collector-*.conf
    # For each file nginx-dc-collector-[remote collector name].conf create or verify that the file contains (installs that started on 4.2.x will have these files, with the appropriate content):
    location ^~ /remote-collector/[remote collector name]/ {
        rewrite ^/remote-collector/[remote collector name]/(.*)$ /$1 break;
        proxy_pass http://[remote collector hostname]:8091;
    
        proxy_read_timeout 600s;
        client_max_body_size 500m;
        proxy_set_header        Host    $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    
  3. Reload the Nginix Configuration

    Perform the following steps to reload the configuration:

    1. Restart the webserver if you made changes to the proxy rules on the master in Step 2 Set Up and Verify Proxy Rules:
      # zenwebserver restart
    2. Verify that graph zooming/panning is working for a device on a remote collector. If zooming and panning does not work correctly, rollback the value change in step 1 Set Collector URL Information and contact Zenoss Support.
Was this article helpful?
0 out of 0 found this helpful

Comments

  • Avatar
    Andrew Egelhofer

    Hello - I too recently ran into this problem. Quick note: I'm using my own home-brewed nginx / multi-zope reverse proxy config that pretty much follows the same design as zenwebserver. However, setting the render urls and setting the correct proxy config in nginx didn't fix the problem. The issue I was getting was that my web browsers were recieving text/javascript content type, but the HTTP headers said it was an image/png, so I think chrome / firefox (where I tested this) was thinking something was fishy with the site, so they didn't run the scripts. Adding these config directives to the reverse proxy helped:

    {code}
    proxy_hide_header Content-Type;
    add_header Content-Type text/javascript;
    {code}

    It was a little strange that I couldn't use proxy_set_header, instead I had to use proxy_hid_header, then add it back. Maybe someone with more nginx experience can enlighten me to that dynamic, but for now I this works

Powered by Zendesk