Ubuntu 22.04 上 Nagios Core 的 Nginx 配置

我正在努力为本地测试 VM 上的 Nagios 核心服务器配置 nginx 前端，我希望对其进行试用。

我想我遇到了一段时间的 PHP-FPM 问题，现在已经解决了，至少部分是因为我现在可以在加载站点时看到“Nagios Core”主页。

但是我无法导航到任何子页面，我总是被禁止访问 403。

我可以尝试哪些其他配置想法？

我的 ubuntu 22.04 主机上安装的软件包：

nagios-images/jammy,now 0.9.4 all [installed,automatic]
nagios4-cgi/jammy,now 4.4.6-4 amd64 [installed,automatic]
nagios4-common/jammy,now 4.4.6-4 all [installed,automatic]
nagios4-core/jammy,now 4.4.6-4 amd64 [installed,automatic]
nagios4/jammy,now 4.4.6-4 amd64 [installed]
php-common/jammy,now 2:92ubuntu1 all [installed,automatic]
php8.1-cli/jammy-updates,jammy-security,now 8.1.2-1ubuntu2.11 amd64 [installed,automatic]
php8.1-common/jammy-updates,jammy-security,now 8.1.2-1ubuntu2.11 amd64 [installed,automatic]
php8.1-fpm/jammy-updates,jammy-security,now 8.1.2-1ubuntu2.11 amd64 [installed]
php8.1-opcache/jammy-updates,jammy-security,now 8.1.2-1ubuntu2.11 amd64 [installed,automatic]
php8.1-readline/jammy-updates,jammy-security,now 8.1.2-1ubuntu2.11 amd64 [installed,automatic]
php8.1/jammy-updates,jammy-security,now 8.1.2-1ubuntu2.11 all [installed]

这是我在 /etc/nginx/conf.d/ 目录中加载的主要 nagios.conf 文件（它本身在 /etc/nginx/nginx.conf 文件中指定）：

upstream php {
        server unix:/var/run/php/php8.1-fpm.sock;
}
upstream fcgiwrap {
        server  unix:/var/run/fcgiwrap.socket;
}
server {
        listen  80;
        server_name     $HOSTNAME;
        return  302     https://$HOSTNAME;
}
server {
        listen  443 ssl;
        server_name     $HOSTNAME;
        ssl_certificate        /etc/ssl/certs/nginx-selfsigned.crt;
        ssl_certificate_key    /etc/ssl/private/nginx-selfsigned.key;
        access_log      /var/log/nginx/nagios.access.log;
        error_log       /var/log/nginx/nagios.error.log info;
        expires         5m;
        root            /usr/share/nagios4/htdocs;
        index           index.php index.html;
        auth_basic      "Restricted Access";
        auth_basic_user_file /etc/nagios4/htpasswd.users;
        
        location /stylesheets {
                alias /etc/nagios4/stylesheets;
        }
        location ~ /nagios4/ {
                location ~ /(\w*\.cgi)$ {
                        include /etc/nginx/fastcgi_params;
                        fastcgi_param AUTH_USER $remote_user;
                        fastcgi_param REMOTE_USER $remote_user;
                        fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/nagios4/$1;
                        fastcgi_pass fcgiwrap;
                }
        }
        
        location ~ \.php$ {
           fastcgi_split_path_info ^(.+?\.php)(/.*)$;
           fastcgi_pass php;
           include /etc/nginx/snippets/fastcgi-php.conf;
           include /etc/nginx/fastcgi_params;
           fastcgi_param SCRIPT_FILENAME /usr/share/nagios4/htdocs$fastcgi_script_name;
        }
        
        # nagiosgraph
        location ~ /nagiosgraph/ {
                alias /usr/local/nagiosgraph/share/;
                location ~ /(\w*\.cgi)$ {
                        include /etc/nginx/fastcgi_params;
                        fastcgi_param SCRIPT_FILENAME /usr/local/nagiosgraph/cgi/$1;
                        fastcgi_param REMOTE_USER $remote_user;
                        fastcgi_param AUTH_USER $remote_user;
                        fastcgi_pass unix:/var/run/fcgiwrap.socket;
                }
        }
}

这是它调用的 fastcgi 片段：

# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+?\.php)(/.*)$;

# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;

# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;

fastcgi_param PATH_INFO $path_info;

fastcgi_index index.php;

include fastcgi.conf;
~                        

这是我的主要 nginx.conf 文件：

user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
        worker_connections 1024;
}
http {
        include          /etc/nginx/mime.types;
        default_type application/octet-stream;
        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                                        '$status $body_bytes_sent "$http_referer" '
                                        '"$http_user_agent" "$http_x_forwarded_for"';
        client_max_body_size 0;
        access_log      /var/log/nginx/access.log main;
        sendfile        on;
#       tcp_nopush      on;
        keepalive_timeout 65;
        gzip on;
        server_tokens off;
        # https://wiki.mozilla.org/Security/Server_Side_TLS
        ssl_session_timeout 1d;
        ssl_session_cache   shared:SSL:50m;
        ssl_session_tickets off;
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_ciphers   DEFAULT:!RC4:!DH:!DES:!3DES;
#       ssl_ciphers   'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
        ssl_prefer_server_ciphers on;
        # OCSP Stapling ---
        # fetch OCSP records from URL in ssl_certificate and cache them
        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 8.8.4.4 8.8.8.8;
        include /etc/nginx/conf.d/*.conf;
}         

我一直在尝试各种配置，但到目前为止每次都失败了。

我已经创建了一个填充的基本身份验证文件，并提示输入用户名和密码以通过以下方式匹配：

htpasswd -b -c /etc/nagios4/htpasswd.users nagiosadmin $SOMEPASSWORD

我遵循了nagios core generating error 403 forbidden并尝试将 htpass.users 文件重定位到 /usr/local/nagios/ 并查看 root:nagios 的所有权，但这在这种情况下没有任何区别。

我已经剥离了所有配置并遵循https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/只是为了确保php-fpm正常工作并且它看起来是（主页的响应与指南的响应相符）。