added index file

manifests/certbot/config.pp

@@ -30,31 +30,6 @@ class cd_nagios::certbot::config (
 
         require cd_certbot
 
-        # ensure there is no forward vhost file
-
-        exec { 'remove_forward_vhost':
-          command   =>  "rm -Rf ${ng_forward_conf}",
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-        }
-
-        exec { 'remove_nagios_conf':
-          command   =>  "rm -Rf ${ng_nagios_conf}",
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-          require   =>  Exec['remove_forward_vhost'],
-        }
-
-        # create temp vhost file
-
-        exec { 'create_temp_vhost':
-          command   =>  template('cd_nagios/certbot/create_tempfile.erb'),
-          cwd       =>  '/tmp',
-          path      =>  ['/bin','/usr/bin'],
-          provider  =>  'shell',
-          creates   =>  '/etc/httpd/conf.d/.created',
-          notify    =>  Service['httpd'],
-          require   =>  Exec['remove_nagios_conf'],
-        }
-
         # create cert
 
         exec { 'create_cert':
@@ -68,18 +43,6 @@ class cd_nagios::certbot::config (
           require   =>  Exec['create_temp_vhost'],
         }
 
-        # remove temp_vhost
-
-        exec { 'remove_temp_vhost':
-          command   =>  "rm -Rf ${ng_certbot_temp_file}",
-          cwd       =>  '/tmp',
-          path      =>  ['/bin','/usr/bin'],
-          provider  =>  'shell',
-          notify    =>  Service['httpd'],
-          require   =>  Exec['create_cert'],
-          creates   =>  "/etc/letsencrypt/live/${ng_nagios_server}/cert.pem",
-        }
-
         # renew certs
 
         exec {  'renew_cert':

manifests/params.pp

@@ -200,15 +200,14 @@
 # @param  [string] ng_required_ips string of **__Ip addresses __** for hosts which
 #   should be allowed/reqired. Requires format 'ipaddress ip address range'.
 #   If you want no restriction, choose '0.0.0.0/0'
-# @param  [boolean] ng_disable_welcome Whether the regular welcome screen should
-#   be disabled. this is required for the nagios http check on the nagios server
-#    to be successful.
 # @param [boolean]  ng_enable_certbot Whether to use certbot for automated TLS
 #   certificate management
 # @param  [string]  ng_certbot_cert_path the path for certbot to place
-#   challenges for teh certification process.
+#   challenges for the certification process.
 # @param  [string] ng_mail_user email address to receive administrative mail.
 #   used for nagios itself as well as for certbot.
+# @param  [boolean] ng_enable_index Whether to create an index file to allow
+#   httpd checks with nagios on the nagios server.
 ###############################################################################
 class cd_nagios::params (
 
@@ -320,7 +319,7 @@ $ng_use_selinux_tools = true,
 # httpd
 $ng_required_hosts    = '',
 $ng_required_ips      = '127.0.0.0/8',
-$ng_disable_welcome   = true,
+$ng_enable_index      = true,
 
 # certbot
 $ng_enable_certbot    = true,
@@ -375,8 +374,8 @@ $ng_forward_conf_erb  = 'cd_nagios/httpd/forward_conf.erb'
 $ng_get_cert_erb      = 'cd_nagios/certbot/get_cert.erb'
 $ng_unless_get_cert   = 'cd_nagios/certbot/unless_get_cert.erb'
 $ng_unless_renew_erb  = 'cd_nagios/certbot/unless_renew_cert.erb'
-$ng_create_tempvhost  = 'cd_nagios/certbot/create_tempfile.erb'
+$ng_index_html_file   = '/var/www/html/index.html'
-$ng_certbot_temp_file = '/etc/httpd/conf.d/certbot_temp.conf'
+$ng_index_html_erb    = 'cd_nagios/httpd/index_html.erb'
 
 # includes must be last
 

manifests/server/files.pp

@@ -29,6 +29,10 @@ class cd_nagios::server::files (
       if $ng_enable_certbot == true {
 
         require cd_nagios::certbot::config
+
+      }
+    }
+
         require cd_nagios::main::dirs
 
         # manage nagios.cfg
@@ -84,84 +88,6 @@ class cd_nagios::server::files (
 
         # manage welcome.conf for nagios web server
 
-        if $ng_disable_welcome == true {
-          file { $ng_welcome_conf:
-            ensure    =>  file,
-            path      =>  $ng_welcome_conf,
-            owner     =>  'root',
-            group     =>  'root',
-            mode      =>  '0644',
-            selrange  =>  s0,
-            selrole   =>  object_r,
-            seltype   =>  httpd_config_t,
-            seluser   =>  system_u,
-            content   =>  template($ng_welcome_conf_erb),
-            notify    =>  Service[$ae_service],
-          }
-        }
-      }
-    }
-
-  else {
-
-    require cd_nagios::main::dirs
-
-      # manage nagios.cfg
-
-
-      # manage cgi.cfg
-
-      file { $ng_cgi_cfg_file:
-        ensure    =>  file,
-        path      =>  $ng_cgi_cfg_file,
-        owner     =>  'root',
-        group     =>  'root',
-        mode      =>  '0644',
-        selrange  =>  s0,
-        selrole   =>  object_r,
-        seltype   =>  nagios_etc_t,
-        seluser   =>  system_u,
-        content   =>  template($ng_cgi_cfg_erb),
-        notify    =>  Service[$ng_service],
-      }
-
-      # manage nagios.conf for httpd
-
-      file { $ng_nagios_conf:
-        ensure    =>  file,
-        path      =>  $ng_nagios_conf,
-        owner     =>  'root',
-        group     =>  'root',
-        mode      =>  '0644',
-        selrange  =>  s0,
-        selrole   =>  object_r,
-        seltype   =>  httpd_config_t,
-        seluser   =>  system_u,
-        content   =>  template($ng_nagios_conf_erb),
-        notify    =>  Service[$ae_service],
-      }
-
-      if $ng_http_https_fw == true {
-
-        file { $ng_forward_conf:
-          ensure    =>  file,
-          path      =>  $ng_forward_conf,
-          owner     =>  'root',
-          group     =>  'root',
-          mode      =>  '0644',
-          selrange  =>  s0,
-          selrole   =>  object_r,
-          seltype   =>  httpd_config_t,
-          seluser   =>  system_u,
-          content   =>  template($ng_forward_conf_erb),
-          notify    =>  Service[$ae_service],
-        }
-      }
-
-      # manage welcome.conf for nagios web server
-
-      if $ng_disable_welcome == true {
-
         file { $ng_welcome_conf:
           ensure    =>  file,
           path      =>  $ng_welcome_conf,
@@ -175,6 +101,24 @@ class cd_nagios::server::files (
           content   =>  template($ng_welcome_conf_erb),
           notify    =>  Service[$ae_service],
         }
+
+        if $ng_enable_index == true {
+
+          file { $ng_index_html_file:
+            ensure    =>  file,
+            path      =>  $ng_index_html_file,
+            owner     =>  'root',
+            group     =>  'root',
+            mode      =>  '0644',
+            selrange  =>  s0,
+            selrole   =>  object_r,
+            seltype   =>  httpd_config_t,
+            seluser   =>  system_u,
+            content   =>  template($ng_welcome_conf_erb),
+            notify    =>  Service[$ae_service],
+          }
+
+        }
       }
     }
   }

templates/certbot/create_tempfile.erb

@@ -1,11 +0,0 @@
-echo "# temporary vhost file
-  <VirtualHost *:80>
-    ServerAdmin root@localhost
-    DocumentRoot /var/www/html
-    ServerName <%= @ng_nagios_server %>
-    <Directory />
-    AllowOverride All
-    </Directory>
-  </VirtualHost>
-    " > <%= @ng_certbot_temp_file %>
-touch /etc/httpd/conf.d/.created

templates/httpd/welcome_conf.erb

@@ -3,25 +3,18 @@
 ###########             manual changes will be overwritten !!!        ##########
 ################################################################################
 
-#
+<LocationMatch "^/+$">
-# This configuration file enables the default "Welcome" page if there
+    Options -Indexes
-# is no default index page present for the root URL.  To disable the
+    ErrorDocument 403 /.noindex.html
-# Welcome page, comment out all the lines below.
+</LocationMatch>
-#
-# NOTE: if this file is removed, it will be restored on upgrades.
-#
-#<LocationMatch "^/+$">
-#    Options -Indexes
-#    ErrorDocument 403 /.noindex.html
-#</LocationMatch>
 
-#<Directory /usr/share/httpd/noindex>
+<Directory /usr/share/httpd/noindex>
-#    AllowOverride None
+    AllowOverride None
-#    Require all granted
+    Require all granted
-#</Directory>
+</Directory>
 
-#Alias /.noindex.html /usr/share/httpd/noindex/index.html
+Alias /.noindex.html /usr/share/httpd/noindex/index.html
-#Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
+Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
-#Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
+Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
-#Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
+Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
-#Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
+Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png