curl without -H ‘Accept: application/json’ → results in HTTP 302
credentials from /etc/icinga2/api-users.conf → also results in 401
setting up credentials via director → users (I cant find any properties matching “director/api” as specified in the documentation, so I didn’t look any further
Director version (System - About): 1.9.1
Icinga Web 2 version and modules (System - About): 2.11.1
Icinga 2 version (icinga2 --version): r2.13.4-1
Operating System and version: Debian 11.4
Webserver, PHP versions: Apache/2.4.54 (Debian), 7.4.30 (shown in icingaweb/about)
Thank you for the reply.
My User icingaadmin is able to login and administer the director via browser
I’ve also tested a different account that was added via https://icinga2.xyz.com/icingaweb2/user/ (full permissions to everything) I’m also able to view and administer the director using this username in my browser. You can also see that in the screenshot of my first post…
I must be doing something wrong for sure, but I don’t know what. Please help…
I’ve checked that, done that. I’m currently using a password with only alphanum (lowercase) characters
Maybe it’s my apache vhost then, what webserver are you using? And could you be so kind and compare your vhost with my vhost or post yours?
As an additional note because I set a new server for a new icingamaster using Debian 12, PHP 8.2 as FPM and was searching for the 401 response problem too.
(1)
If using FPM in the Icinga Vhost may need the “forwarding” if authentication information from apache to fpm service
# for authenticated access to director API
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
(2)
In Debian 12 by default not all http methods are allowed. Enable it with a limit section inside the icinga direcrory for icingaweb
<Directory "/usr/share/icingaweb2/public">
...
# for authenticated access to director API
<Limit GET HEAD POST PUT DELETE>
Order allow,deny
allow from <your-ip-with-director-modification-access>
</Limit>
# for web ui access
<Limit GET HEAD POST>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET HEAD POST PUT DELETE>
Order deny,allow
Deny from all
</LimitExcept>
...
</Directory>