From 92015e6a78305c7c009d625b9ee430fcba3786ba Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sun, 23 Jul 2017 14:13:02 +0100 Subject: [PATCH] forwarding is workg properly now --- README.md | 7 ++++--- templates/httpd/forward_conf.erb | 3 ++- templates/httpd/nagios_ssl_vhost.erb | 2 ++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ee78d59..9811da6 100644 --- a/README.md +++ b/README.md @@ -106,11 +106,12 @@ A working instance of PuppetDBconnected to the Puppet master is required for thi All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored. ### Certbot -This module can optionally setup [certbot](https://certbot.eff.org/) TLS certificate management for the frontend GUI. In order to do so, set `ng_enable_certbot` to true (default). Effectively, this will manage the certs before even installing Nagios, so there will be no problems with the Nagios showing up with a self-signed certificate. -Once enabled, the module will go and try to obtain a certificate automatically. For this to work, you need to have proper DNS resolution set up for your domain / nagios server. +This module can optionally setup [certbot](https://certbot.eff.org/) TLS certificate management for the frontend GUI. In order to do so, set `$ng_enable_certbot` as well as `$ng_use_https` to `true` (default). Effectively, this will manage the certs before even installing Nagios, so there will be no problems with the Nagios showing up with a self-signed certificate. Once enabled, the module will go and try to obtain a certificate automatically. For this to work, you need to have proper DNS resolution set up for your domain / nagios server. Certs are also automatically renewed. + +If you prefer to use https but use self-signed certs or your own CA, simply set to false. This will point the SSL vhost config file to the default location for TLS certificates. ### httpd vHost files -by Default, Nagios creates its own nagios.conf file, which is not a vhost file and relies on the main ssd.conf. However, as Nagios might be running on a regular web server with various other web instances (not recommended through), we will not want to manage ssl.conf directly, hence the module creates a vhost for the ssl host. +by Default, Nagios creates its own nagios.conf file, which is not a vhost file and relies on the main ssd.conf. However, as Nagios might be running on a regular web server with various other web instances (not recommended through for performance reasons), we will not want to manage ssl.conf directly, hence the module creates a vhost for the ssl host. ### Known Problems diff --git a/templates/httpd/forward_conf.erb b/templates/httpd/forward_conf.erb index ffde1a8..d7728b5 100644 --- a/templates/httpd/forward_conf.erb +++ b/templates/httpd/forward_conf.erb @@ -1,12 +1,13 @@ > ServerAdmin root@localhost DocumentRoot /var/www/html - ServerName www.<%= @ng_webserver_name %> + ServerName www.<%= @ng_webserver_name %>/nagios ServerAlias <%= @ng_webserver_name %> <% if @ng_use_https == true -%> Redirect permanent / https://<%= @ng_webserver_name %>/nagios <% end -%> <% if @ng_use_https != true -%> + ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/" diff --git a/templates/httpd/nagios_ssl_vhost.erb b/templates/httpd/nagios_ssl_vhost.erb index d147661..63eefae 100644 --- a/templates/httpd/nagios_ssl_vhost.erb +++ b/templates/httpd/nagios_ssl_vhost.erb @@ -113,6 +113,8 @@ Alias /nagios "/usr/share/nagios/html" +RedirectMatch ^/$ https://<%= @ng_webserver_name %>/nagios + SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \