diff --git a/manifests/server/files.pp b/manifests/server/files.pp
index ca4c8cd..c9a31d2 100644
--- a/manifests/server/files.pp
+++ b/manifests/server/files.pp
@@ -53,11 +53,25 @@ class cd_nagios::server::files (
notify => Service[$ng_service],
}
- # manage nagios.conf for httpd
+# # manage nagios.conf for httpd
- file { $ng_nagios_conf:
+# file { $ng_nagios_conf:
+# ensure => file,
+# path => $ng_nagios_conf,
+# owner => 'root',
+# group => 'root',
+# mode => '0644',
+# selrange => s0,
+# selrole => object_r,
+# seltype => httpd_config_t,
+# seluser => system_u,
+# content => template($ng_nagios_conf_erb),
+# notify => Service[$ae_service],
+# }
+
+ file { $ng_forward_conf:
ensure => file,
- path => $ng_nagios_conf,
+ path => $ng_forward_conf,
owner => 'root',
group => 'root',
mode => '0644',
@@ -65,28 +79,14 @@ class cd_nagios::server::files (
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
- content => template($ng_nagios_conf_erb),
- notify => Service[$ae_service],
- }
-
- # manage welcome.conf for nagios web server
-
- file { $ng_welcome_conf:
- ensure => file,
- path => $ng_welcome_conf,
- owner => 'root',
- group => 'root',
- mode => '0644',
- selrange => s0,
- selrole => object_r,
- seltype => httpd_config_t,
- seluser => system_u,
- content => template($ng_welcome_conf_erb),
+ content => template($ng_forward_conf_erb),
notify => Service[$ae_service],
}
if $ng_use_https == true {
+ # create ssl vhost
+
file { $ng_ssl_vhost_file:
ensure => file,
path => $ng_ssl_vhost_file,
@@ -100,39 +100,14 @@ class cd_nagios::server::files (
content => template($ng_ssl_vhost_erb),
notify => Service[$ae_service],
}
-
- if $ng_http_https_fw == true {
-
- file { $ng_forward_conf:
- ensure => file,
- path => $ng_forward_conf,
- owner => 'root',
- group => 'root',
- mode => '0644',
- selrange => s0,
- selrole => object_r,
- seltype => httpd_config_t,
- seluser => system_u,
- content => template($ng_forward_conf_erb),
- notify => Service[$ae_service],
- }
- }
}
- if $ng_enable_index == true {
+ if $ng_use_https != true {
- file { $ng_index_html_file:
- ensure => file,
- path => $ng_index_html_file,
- owner => 'root',
- group => 'root',
- mode => '0644',
- selrange => s0,
- selrole => object_r,
- seltype => httpd_sys_content_t,
- seluser => system_u,
- content => template($ng_index_html_erb),
- notify => Service[$ae_service],
+ # remove ssl_vhost
+
+ file { $ng_ssl_vhost_file:
+ ensure => absent,
}
}
}
diff --git a/templates/httpd/forward_conf.erb b/templates/httpd/forward_conf.erb
index c81678a..ffde1a8 100644
--- a/templates/httpd/forward_conf.erb
+++ b/templates/httpd/forward_conf.erb
@@ -7,7 +7,85 @@
Redirect permanent / https://<%= @ng_webserver_name %>/nagios
<% end -%>
<% if @ng_use_https != true -%>
- Redirect permanent / http://<%= @ng_webserver_name %>/nagios
+ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
+
+
+<% if @ng_use_https == true -%>
+ SSLRequireSSL
+<% else -%>
+# SSLRequireSSL
+<% end -%>
+ Options ExecCGI
+ AllowOverride None
+ = 2.3>
+
+ Require all granted
+<% unless @ng_required_hosts.empty? -%>
+ Require host <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+ Require ip <%= @ng_required_ips %>
+<% end -%>
+ AuthName "Nagios Access"
+ AuthType Basic
+ AuthUserFile /etc/nagios/passwd
+ Require valid-user
+
+
+
+ Order allow,deny
+<% unless @ng_required_hosts.empty? -%>
+ Allow from <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+ Allow from <%= @ng_required_ips %>
+<% end -%>
+ AuthName "Nagios Access"
+ AuthType Basic
+ AuthUserFile /etc/nagios/passwd
+ Require valid-user
+
+
+
+Alias /nagios "/usr/share/nagios/html"
+
+
+<% if @ng_use_https == true -%>
+ SSLRequireSSL
+<% else -%>
+# SSLRequireSSL
+<% end -%>
+ Options None
+ AllowOverride None
+ = 2.3>
+
+ Require all granted
+<% unless @ng_required_hosts.empty? -%>
+ Require host <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+ Require ip <%= @ng_required_ips %>
+<% end -%>
+ AuthName "Nagios Access"
+ AuthType Basic
+ AuthUserFile /etc/nagios/passwd
+ Require valid-user
+
+
+
+ Order allow,deny
+<% unless @ng_required_hosts.empty? -%>
+ Allow from <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+ Allow from <%= @ng_required_ips %>
+<% end -%>
+ AuthName "Nagios Access"
+ AuthType Basic
+ AuthUserFile /etc/nagios/passwd
+ Require valid-user
+
+
<% end -%>
AllowOverride All
diff --git a/templates/httpd/nagios_ssl_vhost.erb b/templates/httpd/nagios_ssl_vhost.erb
index 7bac827..d147661 100644
--- a/templates/httpd/nagios_ssl_vhost.erb
+++ b/templates/httpd/nagios_ssl_vhost.erb
@@ -2,12 +2,12 @@
##### virtual_host file created by puppet, changes will be overwritten ######
###############################################################################
-
+>
ServerAdmin root@localhost
DocumentRoot /var/www/html
ServerName <%= @ng_webserver_name %>
- DirectoryIndex index.html
+ ServerAlias <%= @ng_webserver_name %>
ErrorLog /var/log/httpd/nagios_ssl_error_log
# ErrorLog syslog:local1
TransferLog /var/log/httpd/nagios_ssl_transfer_log
diff --git a/templates/httpd/welcome_conf.erb b/templates/httpd/welcome_conf.erb
deleted file mode 100644
index 2a61ae5..0000000
--- a/templates/httpd/welcome_conf.erb
+++ /dev/null
@@ -1,20 +0,0 @@
-################################################################################
-########### welcome.conf generated by Puppet ##########
-########### manual changes will be overwritten !!! ##########
-################################################################################
-
-
- Options -Indexes
- ErrorDocument 403 /.noindex.html
-
-
-
- AllowOverride None
- Require all granted
-
-
-Alias /.noindex.html /usr/share/httpd/noindex/index.html
-Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
-Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
-Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
-Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png