Accessing the nagios host from the outside: best practice?

[Andreas Ericsson]

Emmanuel Halbwachs wrote:
> Hi again,
> 
> This question isn't exactly a nagios issue, but I would like to
> have advices from experienced people.
> 
> Currently, my nagios host is on a private network, unreachable from
> the Internet, for security's sake. Do you feel this is ok or do you
> think it's better to put nagios on a public Internet host (HTTPS, of
> course)? The latter would have some firewall issues to reach the
> NRPE on private hosts.
> 
> If nagios is on a private network, what is the best practice to
> access to the web interface from everywhere? To set a reverse HTTP
> proxy (squid, apache) on the public network? Other solutions?
> 

Reverse proxies are almost always bad ideas, as it adds a whopping 
amount of code for there to be bugs in, beside the actual webserver itself.

A simple portforwarding solution would be best, methinks.
man iptables, if you're running a linux kind of firewall.

> Does it work with HTTPS (I don't want passwords in clear on the
> Internet)?
> 

There are proxies that work with https. Portforwarding doesn't care of 
higher-level protocols, so that works too.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null