Dashing refused to connect

#1

In the default Icinga dashboard there are two frames used to display host and service problems.
I can’t seem to get them working. I’m getting server.fqdn refused to connect.

I’ve tried locahost and the fqdn, i’ve also ensured I have an API user configured. I’ve have moved my Icingaweb2 onto HTTPS and removed HTTP. I’ve configured the address to use HTTPS but it still doesn’t work. I see no reason for the connection failure.

Below is what the browser tries to render

    <!-- Icinga Web 2 iFrame. getIcingaWeb2Url() is defined in config.ru and reads from config/icinga2*.json -->
    <li data-row="3" data-col="1" data-sizex="2" data-sizey="2">
      <div data-id="iframe" data-view="Iframe" data-title="Icinga Web Host Problems" data-url="https://server.fqdn/icingaweb2/monitoring/list/hosts?host_problem=1&sort=host_severity&showFullscreen&showCompact"></div>
    </li>
    <li data-row="3" data-col="3" data-sizex="2" data-sizey="2">
      <div data-id="iframe" data-view="Iframe" data-title="Icinga Web Service Problems" data-url="https://server.fqdn/icingaweb2/monitoring/list/services?service_problem=1&sort=service_severity&dir=desc&showFullscreen&showCompact"></div>
    </li>
  </ul>
#2

Hi,

you only need to modify that icingaweb2/url configuration mentioned in this section: https://github.com/dnsmichi/dashing-icinga2#configuration-file

Troubleshooting is described here: https://github.com/dnsmichi/dashing-icinga2#misc-errors

A screenshot of the error would certainly help to better understand the problem.

Cheers,
Michael

#3

Capture
Capture738×733 135 KB

#4

my config file is


{
  "icinga2": {
    "api": {
      "host": "localhost",
      "port": 5665,
      "user": "api_user",
      "password": "api_password"
    }
  },
  "icingaweb2": {
    "url": "https://server.fqdn/icingaweb2"
  },
  "dashboard": {
    "show_only_hard_state_problems": false,
    "timezone": "UTC"
  }
}
#5

Have you tried the default icinga2.erb content for the iFrames?

<!-- Icinga Web 2 iFrame. getIcingaWeb2Url() is defined in config.ru and reads from config/icinga2*.json -->
    <li data-row="3" data-col="1" data-sizex="2" data-sizey="2">
      <div data-id="iframe" data-view="Iframe" data-title="Icinga Web Host Problems" data-url="<%=getIcingaWeb2Url()%>/monitoring/list/hosts?host_problem=1&sort=host_severity&showFullscreen&showCompact"></div>
    </li>
    <li data-row="3" data-col="3" data-sizex="2" data-sizey="2">
      <div data-id="iframe" data-view="Iframe" data-title="Icinga Web Service Problems" data-url="<%=getIcingaWeb2Url()%>/monitoring/list/services?service_problem=1&sort=service_severity&dir=desc&showFullscreen&showCompact"></div>
    </li>
#6

sorry not following you?

#7

managed to find the following error in the browser

Refused to display 'https://server.fqdn/icingaweb2/monitoring/list/hosts?host_problem=1&sort=host_severity&showFullscreen&showCompact' in a frame because it set 'X-Frame-Options' to 'deny'.
#8

Looking at the headers from Icingaweb2 it’s has X-Frame-Options: DENY set.
I’m assuming this is preventing it being embedded into the Dashing page. My Dashing is http, while Icinga is on https.

Do you think I’ve missed configured something or is this expected.

#9

As posted before by @dnsmichi

#10

unfortunately it didnt help

#11

Finally got there, found the sameorigin policy is two places.
Ubuntu 18
/etc/apache2/conf-enabled/security.conf
/etc/apache2/ssl-params.conf

#12

Hi,

@winem wrote a nice howto with putting an HTTP proxy in front of Dashing, terminating the TLS endpoint there as well. I’d recommend having a look instead of mixing http/https where browsers may block this even further in the future.

Cheers,
Michael

1 Like