You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2024-05-17 18:03:57

drosera
Member
Registered: 2020-06-28
Posts: 41

Inventory sent to GLPI proxy server is not forwarded to inventory

Dear all,

to allow a host in our DMZ to send its inventory to the inventory server, I have set up an agent with enabled proxy plugin. As only port 443 can be reached from the DMZ and there are several webservices running on the host (CentOS 7.9), I've put a reverse proxy (Apache) in front of the agent (version 1.7.3).

The reverse proxy configuration is

<VirtualHost  *:443>
  ServerName proxy.dom.ain
  DocumentRoot /usr/share/glpi-agent/html/

  SSLEngine On
  SSLCertificateFile       /etc/pki/tls/certs/proxy.crt
  SSLCertificateKeyFile  /etc/pki/tls/private/proxy.key

  ProxyPass            / http://127.0.0.1:62354/
  ProxyPassReverse / http://127.0.0.1:62354/
</VirtualHost>

The agent config is like

server = https://glpi.dom.ain
delaytime = 3600
lazy = 0
scan-homedirs = 0
scan-profiles = 0
html = 0
json = 0
backend-collect-timeout = 180
force = 0
additional-content =
assetname-support = 1
no-p2p = 0
proxy =
user =
password =
ca-cert-dir =
ca-cert-file =
no-ssl-check = 1
timeout = 180
no-httpd = 0
httpd-ip =
httpd-port = 62354
httpd-trust =
logger = syslog
logfile = /var/log/glpi-agent.log
logfacility = LOG_DAEMON
color = 0
tag = 
debug = 0
include "conf.d/"

From the client (in the DMZ) I am now trying to send the inventory as we do from all other hosts, but using the proxy server URL as target:

/usr/bin/glpi-inventory --json 2>/dev/null | curl --header "Content-Type: Application/x-compress" --insecure  --silent --data @- https://proxy.dom.ain/proxy/glpi

I then get the error output

Unsupported Content-type

and in the agent log file I get

[info] [proxy server plugin] Unsupported 'application/json' Content-type header provided in glpi request from 127.0.0.1

When sending the data w/o special header:

/usr/bin/glpi-inventory --json 2>/dev/null | curl --insecure  --silent --data @- https://proxy.dom.ain/proxy/glpi

then I don't get any error message on the client side (exit status 0), but the message

[info] [proxy server plugin] Unsupported 'application/x-www-form-urlencoded' Content-type header provided in glpi request from 127.0.0.1

in the agent log file.

In neither of the cases, any data is added to the inventory.

Do you have any idea, how one can get this to work? Running the GLPI proxy directly on port 443 is not possible and 443 is also strictly the only port which is reachable from the DMZ

Offline

Pages: 1

Board footer

Powered by FluxBB