templates/httpd/nagios_ssl_vhost.erb

###############################################################################
#####  virtual_host file created by puppet, changes will be overwritten  ######
###############################################################################

<VirtualHost *:<%= @ng_https_port %>>

    ServerAdmin root@localhost
    DocumentRoot /var/www/html
    ServerName <%= @ng_webserver_name %>
    ServerAlias <%= @ng_webserver_name %>
    ErrorLog /var/log/httpd/nagios_ssl_error_log
#    ErrorLog syslog:local1
    TransferLog /var/log/httpd/nagios_ssl_transfer_log
    LogLevel warn

    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"

<% if @ng_enable_certbot == true -%>
    SSLCertificateFile <%= @ng_certbot_live %>/<%= @ng_webserver_name %>/cert.pem
    SSLCertificateKeyFile <%= @ng_certbot_live %>/<%= @ng_webserver_name %>/privkey.pem
    SSLCACertificateFile <%= @ng_certbot_live %>/<%= @ng_webserver_name %>/fullchain.pem
<% elsif @ng_enable_certbot != true -%>
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
<% end -%>
    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
    </Files>
    <Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
    </Directory>

ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"

<Directory "/usr/lib64/nagios/cgi-bin/">
<% if @ng_use_https == true -%>
   SSLRequireSSL
<% else -%>
#  SSLRequireSSL
<% end -%>
   Options ExecCGI
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
         Require all granted
<% unless @ng_required_hosts.empty? -%>
    Require host <%= @ng_required_hosts %>
<% end -%>
<% unless @source_range.empty? -%>
         Require ip <%= @source_range %>
<% end -%>
         AuthName "Nagios Access"
         AuthType Basic
         AuthUserFile /etc/nagios/passwd
         Require valid-user
      </RequireAll>
   </IfVersion>
   <IfVersion < 2.3>
      Order allow,deny
<% unless @ng_required_hosts.empty? -%>
      Allow from <%= @ng_required_hosts %>
<% end -%>
<% unless @source_range.empty? -%>
         Allow from <%= @source_range %>
<% end -%>
      AuthName "Nagios Access"
      AuthType Basic
      AuthUserFile /etc/nagios/passwd
      Require valid-user
   </IfVersion>
</Directory>

Alias /nagios "/usr/share/nagios/html"

<Directory "/usr/share/nagios/html">
<% if @ng_use_https == true -%>
   SSLRequireSSL
<% else -%>
#  SSLRequireSSL
<% end -%>
   Options None
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
         Require all granted
<% unless @ng_required_hosts.empty? -%>
    Require host <%= @ng_required_hosts %>
<% end -%>
<% unless @source_range.empty? -%>
         Require ip <%= @source_range %>
<% end -%>
         AuthName "Nagios Access"
         AuthType Basic
         AuthUserFile /etc/nagios/passwd
         Require valid-user
      </RequireAll>
   </IfVersion>
   <IfVersion < 2.3>
      Order allow,deny
<% unless @ng_required_hosts.empty? -%>
      Allow from <%= @ng_required_hosts %>
<% end -%>
<% unless @source_range.empty? -%>
         Allow from <%= @source_range %>
<% end -%>
      AuthName "Nagios Access"
      AuthType Basic
      AuthUserFile /etc/nagios/passwd
      Require valid-user
   </IfVersion>
</Directory>

RedirectMatch ^/$ https://<%= @ng_webserver_name %>/nagios

    SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0


     CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>
added control for nagios_ssl vhost 2017-07-23 11:54:58 +01:00			`###############################################################################`
			`##### virtual_host file created by puppet, changes will be overwritten ######`
			`###############################################################################`

changed logig for http vs https and removed index+ welcome file control 2017-07-23 13:28:28 +01:00			`<VirtualHost *:<%= @ng_https_port %>>`
added control for nagios_ssl vhost 2017-07-23 11:54:58 +01:00
			`ServerAdmin root@localhost`
			`DocumentRoot /var/www/html`
			`ServerName <%= @ng_webserver_name %>`
changed logig for http vs https and removed index+ welcome file control 2017-07-23 13:28:28 +01:00			`ServerAlias <%= @ng_webserver_name %>`
added control for nagios_ssl vhost 2017-07-23 11:54:58 +01:00			`ErrorLog /var/log/httpd/nagios_ssl_error_log`
			`# ErrorLog syslog:local1`
			`TransferLog /var/log/httpd/nagios_ssl_transfer_log`
			`LogLevel warn`

			`SSLEngine on`
			`SSLProtocol all -SSLv2 -SSLv3`
			`SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"`

typos 2017-07-23 12:27:50 +01:00			`<% if @ng_enable_certbot == true -%>`
typos 2017-07-23 12:38:08 +01:00			`SSLCertificateFile <%= @ng_certbot_live %>/<%= @ng_webserver_name %>/cert.pem`
			`SSLCertificateKeyFile <%= @ng_certbot_live %>/<%= @ng_webserver_name %>/privkey.pem`
			`SSLCACertificateFile <%= @ng_certbot_live %>/<%= @ng_webserver_name %>/fullchain.pem`
typos 2017-07-23 12:27:50 +01:00			`<% elsif @ng_enable_certbot != true -%>`
added control for nagios_ssl vhost 2017-07-23 11:54:58 +01:00			`SSLCertificateFile /etc/pki/tls/certs/localhost.crt`
			`SSLCertificateKeyFile /etc/pki/tls/private/localhost.key`
			`#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt`
			`<% end -%>`
			`<Files ~ "\.(cgi\|shtml\|phtml\|php3?)$">`
			`SSLOptions +StdEnvVars`
			`</Files>`
			`<Directory "/var/www/cgi-bin">`
			`SSLOptions +StdEnvVars`
			`</Directory>`

added nagios directories 2017-07-23 12:49:04 +01:00			`ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"`

			`<Directory "/usr/lib64/nagios/cgi-bin/">`
			`<% if @ng_use_https == true -%>`
			`SSLRequireSSL`
			`<% else -%>`
			`# SSLRequireSSL`
			`<% end -%>`
			`Options ExecCGI`
			`AllowOverride None`
			`<IfVersion >= 2.3>`
			`<RequireAll>`
			`Require all granted`
			`<% unless @ng_required_hosts.empty? -%>`
			`Require host <%= @ng_required_hosts %>`
			`<% end -%>`
updates template 2019-12-21 17:57:23 +01:00			`<% unless @source_range.empty? -%>`
			`Require ip <%= @source_range %>`
added nagios directories 2017-07-23 12:49:04 +01:00			`<% end -%>`
			`AuthName "Nagios Access"`
			`AuthType Basic`
			`AuthUserFile /etc/nagios/passwd`
			`Require valid-user`
			`</RequireAll>`
			`</IfVersion>`
			`<IfVersion < 2.3>`
			`Order allow,deny`
			`<% unless @ng_required_hosts.empty? -%>`
			`Allow from <%= @ng_required_hosts %>`
			`<% end -%>`
updates template 2019-12-21 17:57:23 +01:00			`<% unless @source_range.empty? -%>`
			`Allow from <%= @source_range %>`
added nagios directories 2017-07-23 12:49:04 +01:00			`<% end -%>`
			`AuthName "Nagios Access"`
			`AuthType Basic`
			`AuthUserFile /etc/nagios/passwd`
			`Require valid-user`
			`</IfVersion>`
			`</Directory>`

			`Alias /nagios "/usr/share/nagios/html"`

			`<Directory "/usr/share/nagios/html">`
			`<% if @ng_use_https == true -%>`
			`SSLRequireSSL`
			`<% else -%>`
			`# SSLRequireSSL`
			`<% end -%>`
			`Options None`
			`AllowOverride None`
			`<IfVersion >= 2.3>`
			`<RequireAll>`
			`Require all granted`
			`<% unless @ng_required_hosts.empty? -%>`
			`Require host <%= @ng_required_hosts %>`
			`<% end -%>`
updates template 2019-12-21 17:57:23 +01:00			`<% unless @source_range.empty? -%>`
			`Require ip <%= @source_range %>`
added nagios directories 2017-07-23 12:49:04 +01:00			`<% end -%>`
			`AuthName "Nagios Access"`
			`AuthType Basic`
			`AuthUserFile /etc/nagios/passwd`
			`Require valid-user`
			`</RequireAll>`
			`</IfVersion>`
			`<IfVersion < 2.3>`
			`Order allow,deny`
			`<% unless @ng_required_hosts.empty? -%>`
			`Allow from <%= @ng_required_hosts %>`
			`<% end -%>`
updates template 2019-12-21 17:57:23 +01:00			`<% unless @source_range.empty? -%>`
			`Allow from <%= @source_range %>`
added nagios directories 2017-07-23 12:49:04 +01:00			`<% end -%>`
			`AuthName "Nagios Access"`
			`AuthType Basic`
			`AuthUserFile /etc/nagios/passwd`
			`Require valid-user`
			`</IfVersion>`
			`</Directory>`

forwarding is workg properly now 2017-07-23 14:13:02 +01:00			`RedirectMatch ^/$ https://<%= @ng_webserver_name %>/nagios`

added control for nagios_ssl vhost 2017-07-23 11:54:58 +01:00			`SetEnvIf User-Agent ".MSIE." \`
			`nokeepalive ssl-unclean-shutdown \`
			`downgrade-1.0 force-response-1.0`


			`CustomLog logs/ssl_request_log \`
			`"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"`

			`</VirtualHost>`