changed logig for http vs https and removed index+ welcome file control

2017-07-23 13:28:28 +01:00
parent 382b1988f2
commit 9ddc12c8ee
4 changed files with 106 additions and 73 deletions
--- a/manifests/server/files.pp
+++ b/manifests/server/files.pp
@@ -53,11 +53,25 @@ class cd_nagios::server::files (
      notify    =>  Service[$ng_service],
    }

-    # manage nagios.conf for httpd
+#    # manage nagios.conf for httpd

-    file { $ng_nagios_conf:
+#    file { $ng_nagios_conf:
+#      ensure    =>  file,
+#      path      =>  $ng_nagios_conf,
+#      owner     =>  'root',
+#      group     =>  'root',
+#      mode      =>  '0644',
+#      selrange  =>  s0,
+#      selrole   =>  object_r,
+#      seltype   =>  httpd_config_t,
+#      seluser   =>  system_u,
+#      content   =>  template($ng_nagios_conf_erb),
+#      notify    =>  Service[$ae_service],
+#    }
+
+    file { $ng_forward_conf:
      ensure    =>  file,
-      path      =>  $ng_nagios_conf,
+      path      =>  $ng_forward_conf,
      owner     =>  'root',
      group     =>  'root',
      mode      =>  '0644',
@@ -65,28 +79,14 @@ class cd_nagios::server::files (
      selrole   =>  object_r,
      seltype   =>  httpd_config_t,
      seluser   =>  system_u,
-      content   =>  template($ng_nagios_conf_erb),
-      notify    =>  Service[$ae_service],
-    }
-
-    # manage welcome.conf for nagios web server
-
-    file { $ng_welcome_conf:
-      ensure    =>  file,
-      path      =>  $ng_welcome_conf,
-      owner     =>  'root',
-      group     =>  'root',
-      mode      =>  '0644',
-      selrange  =>  s0,
-      selrole   =>  object_r,
-      seltype   =>  httpd_config_t,
-      seluser   =>  system_u,
-      content   =>  template($ng_welcome_conf_erb),
+      content   =>  template($ng_forward_conf_erb),
      notify    =>  Service[$ae_service],
    }

    if $ng_use_https == true {

+      # create ssl vhost
+
      file { $ng_ssl_vhost_file:
        ensure    =>  file,
        path      =>  $ng_ssl_vhost_file,
@@ -100,39 +100,14 @@ class cd_nagios::server::files (
        content   =>  template($ng_ssl_vhost_erb),
        notify    =>  Service[$ae_service],
      }
-
-      if $ng_http_https_fw == true {
-
-        file { $ng_forward_conf:
-          ensure    =>  file,
-          path      =>  $ng_forward_conf,
-          owner     =>  'root',
-          group     =>  'root',
-          mode      =>  '0644',
-          selrange  =>  s0,
-          selrole   =>  object_r,
-          seltype   =>  httpd_config_t,
-          seluser   =>  system_u,
-          content   =>  template($ng_forward_conf_erb),
-          notify    =>  Service[$ae_service],
-        }
-      }
    }

-    if $ng_enable_index == true {
+    if $ng_use_https != true {

-      file { $ng_index_html_file:
-        ensure    =>  file,
-        path      =>  $ng_index_html_file,
-        owner     =>  'root',
-        group     =>  'root',
-        mode      =>  '0644',
-        selrange  =>  s0,
-        selrole   =>  object_r,
-        seltype   =>  httpd_sys_content_t,
-        seluser   =>  system_u,
-        content   =>  template($ng_index_html_erb),
-        notify    =>  Service[$ae_service],
+      # remove ssl_vhost
+
+      file { $ng_ssl_vhost_file:
+        ensure  =>   absent,
      }
    }
  }
--- a/templates/httpd/forward_conf.erb
+++ b/templates/httpd/forward_conf.erb
@@ -7,7 +7,85 @@
    Redirect permanent / https://<%= @ng_webserver_name %>/nagios
 <% end -%>
 <% if @ng_use_https != true -%>
-    Redirect permanent / http://<%= @ng_webserver_name %>/nagios
+ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
+
+<Directory "/usr/lib64/nagios/cgi-bin/">
+<% if @ng_use_https == true -%>
+   SSLRequireSSL
+<% else -%>
+#  SSLRequireSSL
+<% end -%>
+   Options ExecCGI
+   AllowOverride None
+   <IfVersion >= 2.3>
+      <RequireAll>
+         Require all granted
+<% unless @ng_required_hosts.empty? -%>
+    Require host <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+         Require ip <%= @ng_required_ips %>
+<% end -%>
+         AuthName "Nagios Access"
+         AuthType Basic
+         AuthUserFile /etc/nagios/passwd
+         Require valid-user
+      </RequireAll>
+   </IfVersion>
+   <IfVersion < 2.3>
+      Order allow,deny
+<% unless @ng_required_hosts.empty? -%>
+      Allow from <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+         Allow from <%= @ng_required_ips %>
+<% end -%>
+      AuthName "Nagios Access"
+      AuthType Basic
+      AuthUserFile /etc/nagios/passwd
+      Require valid-user
+   </IfVersion>
+</Directory>
+
+Alias /nagios "/usr/share/nagios/html"
+
+<Directory "/usr/share/nagios/html">
+<% if @ng_use_https == true -%>
+   SSLRequireSSL
+<% else -%>
+#  SSLRequireSSL
+<% end -%>
+   Options None
+   AllowOverride None
+   <IfVersion >= 2.3>
+      <RequireAll>
+         Require all granted
+<% unless @ng_required_hosts.empty? -%>
+    Require host <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+         Require ip <%= @ng_required_ips %>
+<% end -%>
+         AuthName "Nagios Access"
+         AuthType Basic
+         AuthUserFile /etc/nagios/passwd
+         Require valid-user
+      </RequireAll>
+   </IfVersion>
+   <IfVersion < 2.3>
+      Order allow,deny
+<% unless @ng_required_hosts.empty? -%>
+      Allow from <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+         Allow from <%= @ng_required_ips %>
+<% end -%>
+      AuthName "Nagios Access"
+      AuthType Basic
+      AuthUserFile /etc/nagios/passwd
+      Require valid-user
+   </IfVersion>
+</Directory>
 <% end -%>
    <Directory />
    AllowOverride All
--- a/templates/httpd/nagios_ssl_vhost.erb
+++ b/templates/httpd/nagios_ssl_vhost.erb
@@ -2,12 +2,12 @@
 #####  virtual_host file created by puppet, changes will be overwritten  ######
 ###############################################################################

-<VirtualHost *:443>
+<VirtualHost *:<%= @ng_https_port %>>

    ServerAdmin root@localhost
    DocumentRoot /var/www/html
    ServerName <%= @ng_webserver_name %>
-    DirectoryIndex index.html
+    ServerAlias <%= @ng_webserver_name %>
    ErrorLog /var/log/httpd/nagios_ssl_error_log
 #    ErrorLog syslog:local1
    TransferLog /var/log/httpd/nagios_ssl_transfer_log
--- a/templates/httpd/welcome_conf.erb
+++ b/templates/httpd/welcome_conf.erb
@@ -1,20 +0,0 @@
-################################################################################
-###########             welcome.conf generated by Puppet              ##########
-###########             manual changes will be overwritten !!!        ##########
-################################################################################
-
-<LocationMatch "^/+$">
-    Options -Indexes
-    ErrorDocument 403 /.noindex.html
-</LocationMatch>
-
-<Directory /usr/share/httpd/noindex>
-    AllowOverride None
-    Require all granted
-</Directory>
-
-Alias /.noindex.html /usr/share/httpd/noindex/index.html
-Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
-Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
-Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
-Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png