New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


Using Apache Webserver as SSL Proxy for PRTG

Votes:

1

Your Vote:

Up

Down

Is it possible to use the Apache webserver as SSL proxy for PRTG?

apache ssl ssl-proxy

Created on Oct 11, 2012 9:12:20 AM by  Konstantin Wolff [Paessler Support]



7 Replies

Accepted Answer

Votes:

1

Your Vote:

Up

Down

This article applies to PRTG Network Monitor 12 or later

This article does NOT describe a full configuration of Apache. You might need to apply some security adjustments!!!

Using Apache Webserver as SSL Proxy for PRTG

There are some prerequisites that must be met if you plan to follow this article:

  • Basic knowledge of the Apache Webserver and rewrite rules
  • A running Apache web server
  • Activated modules: mod_ssl, mod_proxy, mod_proxy_http, mod_rewrite
  • Make sure the machine running PRTG is accessible from the machine running Apache

Configure PRTG

  • On the machine running the PRTG core server, open the PRTG Server Administrator tool and configure the PRTG web server to run without SSL on http (a custom http port may be used).
  • In the PRTG web interface, configure the same DNS name (Setup | System & Website, option DNS name) as you will use for the Apache later.

Configure Apache

Note: For reasons of simplicity we used the SSL certificates which are delivered with PRTG. If you want use your own SSL cert, please see: SSL Certificate Installation in Apache

  • Copy the PRTG certificate files (prtg.crt and prtg.key) from the machine where PRTG is installed (<PRTG Program Directory>\cert) to the machine where Apache is running (in this example to /var/www/cert).
  • Create a new file called vhost_prtg_ssl in your sites-available directory
  • Put the following content in it:
<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName yourdomain.com
        RewriteEngine on
        RewriteRule ^/(.*)$ http://YOUR_PRTG_SERVER/$1 [P,L]


        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
        SSLEngine on
        SSLCertificateFile    /var/www/cert/prtg.crt
        SSLCertificateKeyFile /var/www/cert/prtg.key

</VirtualHost>
</IfModule>
  • -> Replace the ServerName ("yourdomain.com" in this case) with the DNS name set up in PRTG (please make sure you have a valid A-Record for the used domain).
  • -> Replace "YOUR_PRTG_SERVER" with the internal server name used for PRTG (the IP also can be used). Don't forget to add the port if you use a non standard port.
  • Since PRTG runs in normal HTTP mode and thus it will create links without https, we will have to redirect them from http to https in Apache. To achieve this, create another file in your sites-available directory called vhost_prtg.
  • Put the following content in it:
<VirtualHost *:80>
        ServerName yourdomain.com
        RewriteEngine on
        RewriteCond %{HTTPS} !=on
        RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
  • -> Replace the ServerName ("yourdomain.com" in this case) with the DNS name set up in PRTG (Please make sure you have a valid A-Record for the used domain)
  • The ServerName and the set up DNS name in PRTG have to match in all files resp. PRTG itself
  • --> This will make Apache redirect all http requests to https.
  • Then either create a symbolic link ("ln -s source target") in your sites-enabled directory for the just created files or just copy them over from sites-enabled.
  • Restart your Apache Webserver. Now you should be able to connect to PRTG via your SSL Proxy

Note: All external PRTG applications (Enterprise Console, PRTGdroid, iPRTG) should work with this solution as well.

Any feedback on the article or further suggestions are highly appreciated.

See also

Created on Oct 11, 2012 9:17:14 AM by  Konstantin Wolff [Paessler Support]

Last change on Dec 11, 2012 4:38:49 PM by  Gerald Schoch [Paessler Support]



Votes:

0

Your Vote:

Up

Down

You also missed: -Enable the SSL module: sudo a2enmod ssl sudo a2enmod rewrite -disable the default config with: sudo a2dissite 000-default.conf -The config files should be vhost_prtg_ssl.conf and vhost_prtg.conf, respectively. This in order to be compliant with the Apache config file modularity. -Then enable both site configs with: sudo a2ensite vhost_prtg_ssl sudo a2ensite vhost_prtg sudo service apache2 reload (with this you can skip the part: Then either create a symbolic link ("ln -s source target") in your sites-enabled directory for the just created files or just copy them over from sites-enabled.)

Created on Oct 30, 2017 9:19:18 PM by  jdelgadocr (0)



Votes:

0

Your Vote:

Up

Down

Can I use Apache as reverseproxy to handle PRTG as context?

https://mydomain.com/prtg -> http://myprtgserver

Best Regards Christian

Created on Dec 7, 2017 9:49:53 AM by  christian_molecki (10) 1



Votes:

0

Your Vote:

Up

Down

Hello Christian,
please excuse the delay in our reply.

I was informed by the article's author that this is currently not possible due to the way PRTG internally handles links.

Best Regards,
Luciano Lingnau [Paessler Support]

Created on Dec 20, 2017 9:38:23 AM by  Luciano Lingnau [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hello

Is it possible to use SSL between apache and PRTG? Otherwise all passwords are transfered in plaintext between the proxy and the PRTG webserver.

We use the SSL proxy to acces the webserver from the internet (for app without VPN).

Cheers

Created on Jun 6, 2018 7:54:05 AM by  vps (0)



Votes:

0

Your Vote:

Up

Down

Dear vps,

I don't know about Apache's side, but PRTG can use HTTPS. This can be configured in the PRTG Administration Tool.

Created on Jun 6, 2018 12:04:48 PM by  Arne Seifert [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hello

I figured out how to use an apache as a reverse proxy for PRTG while still being able to use internal HTTPS certificate:

<IfModule mod_ssl.c> <VirtualHost *:443> ServerName YOUR_SERVER.COM DocumentRoot /var/www/html

ErrorLog ${APACHE_LOG_DIR}/error.log

  1. Possible values include: debug, info, notice, warn, error, crit,
  2. alert, emerg. LogLevel warn

CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined SSLEngine on

  1. Adjust the following two lines to use your own certificate (lets encrypt works fine) SSLCertificateFile /etc/letsencrypt/live/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/privkey.pem

SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off

  1. Adjust following two lines according to your infrastructure ProxyPass / "https://INTERNAL_IP_OR_DNSNAME:443/" ProxyPassReverse / "https://EXTERNAL_IP_OR_DNSNAME:443/"

</VirtualHost> </IfModule>

Created on Jun 7, 2018 7:14:16 AM by  vps (0)



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.