diff --git a/manifests/certbot/config.pp b/manifests/certbot/config.pp
index 568bcdb..1e86b4d 100644
--- a/manifests/certbot/config.pp
+++ b/manifests/certbot/config.pp
@@ -30,31 +30,6 @@ class cd_nagios::certbot::config (
require cd_certbot
- # ensure there is no forward vhost file
-
- exec { 'remove_forward_vhost':
- command => "rm -Rf ${ng_forward_conf}",
- creates => '/etc/httpd/conf.d/.cert_created',
- }
-
- exec { 'remove_nagios_conf':
- command => "rm -Rf ${ng_nagios_conf}",
- creates => '/etc/httpd/conf.d/.cert_created',
- require => Exec['remove_forward_vhost'],
- }
-
- # create temp vhost file
-
- exec { 'create_temp_vhost':
- command => template('cd_nagios/certbot/create_tempfile.erb'),
- cwd => '/tmp',
- path => ['/bin','/usr/bin'],
- provider => 'shell',
- creates => '/etc/httpd/conf.d/.created',
- notify => Service['httpd'],
- require => Exec['remove_nagios_conf'],
- }
-
# create cert
exec { 'create_cert':
@@ -68,18 +43,6 @@ class cd_nagios::certbot::config (
require => Exec['create_temp_vhost'],
}
- # remove temp_vhost
-
- exec { 'remove_temp_vhost':
- command => "rm -Rf ${ng_certbot_temp_file}",
- cwd => '/tmp',
- path => ['/bin','/usr/bin'],
- provider => 'shell',
- notify => Service['httpd'],
- require => Exec['create_cert'],
- creates => "/etc/letsencrypt/live/${ng_nagios_server}/cert.pem",
- }
-
# renew certs
exec { 'renew_cert':
diff --git a/manifests/params.pp b/manifests/params.pp
index 20c01f2..9a5a6c1 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -200,15 +200,14 @@
# @param [string] ng_required_ips string of **__Ip addresses __** for hosts which
# should be allowed/reqired. Requires format 'ipaddress ip address range'.
# If you want no restriction, choose '0.0.0.0/0'
-# @param [boolean] ng_disable_welcome Whether the regular welcome screen should
-# be disabled. this is required for the nagios http check on the nagios server
-# to be successful.
# @param [boolean] ng_enable_certbot Whether to use certbot for automated TLS
# certificate management
# @param [string] ng_certbot_cert_path the path for certbot to place
-# challenges for teh certification process.
+# challenges for the certification process.
# @param [string] ng_mail_user email address to receive administrative mail.
# used for nagios itself as well as for certbot.
+# @param [boolean] ng_enable_index Whether to create an index file to allow
+# httpd checks with nagios on the nagios server.
###############################################################################
class cd_nagios::params (
@@ -320,7 +319,7 @@ $ng_use_selinux_tools = true,
# httpd
$ng_required_hosts = '',
$ng_required_ips = '127.0.0.0/8',
-$ng_disable_welcome = true,
+$ng_enable_index = true,
# certbot
$ng_enable_certbot = true,
@@ -375,8 +374,8 @@ $ng_forward_conf_erb = 'cd_nagios/httpd/forward_conf.erb'
$ng_get_cert_erb = 'cd_nagios/certbot/get_cert.erb'
$ng_unless_get_cert = 'cd_nagios/certbot/unless_get_cert.erb'
$ng_unless_renew_erb = 'cd_nagios/certbot/unless_renew_cert.erb'
-$ng_create_tempvhost = 'cd_nagios/certbot/create_tempfile.erb'
-$ng_certbot_temp_file = '/etc/httpd/conf.d/certbot_temp.conf'
+$ng_index_html_file = '/var/www/html/index.html'
+$ng_index_html_erb = 'cd_nagios/httpd/index_html.erb'
# includes must be last
diff --git a/manifests/server/files.pp b/manifests/server/files.pp
index 22cbd91..f79a084 100644
--- a/manifests/server/files.pp
+++ b/manifests/server/files.pp
@@ -29,6 +29,10 @@ class cd_nagios::server::files (
if $ng_enable_certbot == true {
require cd_nagios::certbot::config
+
+ }
+ }
+
require cd_nagios::main::dirs
# manage nagios.cfg
@@ -84,84 +88,6 @@ class cd_nagios::server::files (
# manage welcome.conf for nagios web server
- if $ng_disable_welcome == true {
- file { $ng_welcome_conf:
- ensure => file,
- path => $ng_welcome_conf,
- owner => 'root',
- group => 'root',
- mode => '0644',
- selrange => s0,
- selrole => object_r,
- seltype => httpd_config_t,
- seluser => system_u,
- content => template($ng_welcome_conf_erb),
- notify => Service[$ae_service],
- }
- }
- }
- }
-
- else {
-
- require cd_nagios::main::dirs
-
- # manage nagios.cfg
-
-
- # manage cgi.cfg
-
- file { $ng_cgi_cfg_file:
- ensure => file,
- path => $ng_cgi_cfg_file,
- owner => 'root',
- group => 'root',
- mode => '0644',
- selrange => s0,
- selrole => object_r,
- seltype => nagios_etc_t,
- seluser => system_u,
- content => template($ng_cgi_cfg_erb),
- notify => Service[$ng_service],
- }
-
- # manage nagios.conf for httpd
-
- file { $ng_nagios_conf:
- ensure => file,
- path => $ng_nagios_conf,
- owner => 'root',
- group => 'root',
- mode => '0644',
- selrange => s0,
- selrole => object_r,
- seltype => httpd_config_t,
- seluser => system_u,
- content => template($ng_nagios_conf_erb),
- notify => Service[$ae_service],
- }
-
- if $ng_http_https_fw == true {
-
- file { $ng_forward_conf:
- ensure => file,
- path => $ng_forward_conf,
- owner => 'root',
- group => 'root',
- mode => '0644',
- selrange => s0,
- selrole => object_r,
- seltype => httpd_config_t,
- seluser => system_u,
- content => template($ng_forward_conf_erb),
- notify => Service[$ae_service],
- }
- }
-
- # manage welcome.conf for nagios web server
-
- if $ng_disable_welcome == true {
-
file { $ng_welcome_conf:
ensure => file,
path => $ng_welcome_conf,
@@ -175,6 +101,24 @@ class cd_nagios::server::files (
content => template($ng_welcome_conf_erb),
notify => Service[$ae_service],
}
+
+ if $ng_enable_index == true {
+
+ file { $ng_index_html_file:
+ ensure => file,
+ path => $ng_index_html_file,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ selrange => s0,
+ selrole => object_r,
+ seltype => httpd_config_t,
+ seluser => system_u,
+ content => template($ng_welcome_conf_erb),
+ notify => Service[$ae_service],
+ }
+
+ }
}
}
}
diff --git a/templates/certbot/create_tempfile.erb b/templates/certbot/create_tempfile.erb
deleted file mode 100644
index e7f4de6..0000000
--- a/templates/certbot/create_tempfile.erb
+++ /dev/null
@@ -1,11 +0,0 @@
-echo "# temporary vhost file
-
- ServerAdmin root@localhost
- DocumentRoot /var/www/html
- ServerName <%= @ng_nagios_server %>
-
- AllowOverride All
-
-
- " > <%= @ng_certbot_temp_file %>
-touch /etc/httpd/conf.d/.created
diff --git a/templates/httpd/index_html.erb b/templates/httpd/index_html.erb
new file mode 100644
index 0000000..e69de29
diff --git a/templates/httpd/welcome_conf.erb b/templates/httpd/welcome_conf.erb
index 8a7646b..2a61ae5 100644
--- a/templates/httpd/welcome_conf.erb
+++ b/templates/httpd/welcome_conf.erb
@@ -3,25 +3,18 @@
########### manual changes will be overwritten !!! ##########
################################################################################
-#
-# This configuration file enables the default "Welcome" page if there
-# is no default index page present for the root URL. To disable the
-# Welcome page, comment out all the lines below.
-#
-# NOTE: if this file is removed, it will be restored on upgrades.
-#
-#
-# Options -Indexes
-# ErrorDocument 403 /.noindex.html
-#
+
+ Options -Indexes
+ ErrorDocument 403 /.noindex.html
+
-#
-# AllowOverride None
-# Require all granted
-#
+
+ AllowOverride None
+ Require all granted
+
-#Alias /.noindex.html /usr/share/httpd/noindex/index.html
-#Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
-#Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
-#Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
-#Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
+Alias /.noindex.html /usr/share/httpd/noindex/index.html
+Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
+Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
+Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
+Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png