From 9ddc12c8ee38f0849174116630001547f7d1c836 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sun, 23 Jul 2017 13:28:28 +0100 Subject: [PATCH] changed logig for http vs https and removed index+ welcome file control --- manifests/server/files.pp | 75 +++++++++----------------- templates/httpd/forward_conf.erb | 80 +++++++++++++++++++++++++++- templates/httpd/nagios_ssl_vhost.erb | 4 +- templates/httpd/welcome_conf.erb | 20 ------- 4 files changed, 106 insertions(+), 73 deletions(-) delete mode 100644 templates/httpd/welcome_conf.erb diff --git a/manifests/server/files.pp b/manifests/server/files.pp index ca4c8cd..c9a31d2 100644 --- a/manifests/server/files.pp +++ b/manifests/server/files.pp @@ -53,11 +53,25 @@ class cd_nagios::server::files ( notify => Service[$ng_service], } - # manage nagios.conf for httpd +# # manage nagios.conf for httpd - file { $ng_nagios_conf: +# file { $ng_nagios_conf: +# ensure => file, +# path => $ng_nagios_conf, +# owner => 'root', +# group => 'root', +# mode => '0644', +# selrange => s0, +# selrole => object_r, +# seltype => httpd_config_t, +# seluser => system_u, +# content => template($ng_nagios_conf_erb), +# notify => Service[$ae_service], +# } + + file { $ng_forward_conf: ensure => file, - path => $ng_nagios_conf, + path => $ng_forward_conf, owner => 'root', group => 'root', mode => '0644', @@ -65,28 +79,14 @@ class cd_nagios::server::files ( selrole => object_r, seltype => httpd_config_t, seluser => system_u, - content => template($ng_nagios_conf_erb), - notify => Service[$ae_service], - } - - # manage welcome.conf for nagios web server - - file { $ng_welcome_conf: - ensure => file, - path => $ng_welcome_conf, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => httpd_config_t, - seluser => system_u, - content => template($ng_welcome_conf_erb), + content => template($ng_forward_conf_erb), notify => Service[$ae_service], } if $ng_use_https == true { + # create ssl vhost + file { $ng_ssl_vhost_file: ensure => file, path => $ng_ssl_vhost_file, @@ -100,39 +100,14 @@ class cd_nagios::server::files ( content => template($ng_ssl_vhost_erb), notify => Service[$ae_service], } - - if $ng_http_https_fw == true { - - file { $ng_forward_conf: - ensure => file, - path => $ng_forward_conf, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => httpd_config_t, - seluser => system_u, - content => template($ng_forward_conf_erb), - notify => Service[$ae_service], - } - } } - if $ng_enable_index == true { + if $ng_use_https != true { - file { $ng_index_html_file: - ensure => file, - path => $ng_index_html_file, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => httpd_sys_content_t, - seluser => system_u, - content => template($ng_index_html_erb), - notify => Service[$ae_service], + # remove ssl_vhost + + file { $ng_ssl_vhost_file: + ensure => absent, } } } diff --git a/templates/httpd/forward_conf.erb b/templates/httpd/forward_conf.erb index c81678a..ffde1a8 100644 --- a/templates/httpd/forward_conf.erb +++ b/templates/httpd/forward_conf.erb @@ -7,7 +7,85 @@ Redirect permanent / https://<%= @ng_webserver_name %>/nagios <% end -%> <% if @ng_use_https != true -%> - Redirect permanent / http://<%= @ng_webserver_name %>/nagios +ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/" + + +<% if @ng_use_https == true -%> + SSLRequireSSL +<% else -%> +# SSLRequireSSL +<% end -%> + Options ExecCGI + AllowOverride None + = 2.3> + + Require all granted +<% unless @ng_required_hosts.empty? -%> + Require host <%= @ng_required_hosts %> +<% end -%> +<% unless @ng_required_ips.empty? -%> + Require ip <%= @ng_required_ips %> +<% end -%> + AuthName "Nagios Access" + AuthType Basic + AuthUserFile /etc/nagios/passwd + Require valid-user + + + + Order allow,deny +<% unless @ng_required_hosts.empty? -%> + Allow from <%= @ng_required_hosts %> +<% end -%> +<% unless @ng_required_ips.empty? -%> + Allow from <%= @ng_required_ips %> +<% end -%> + AuthName "Nagios Access" + AuthType Basic + AuthUserFile /etc/nagios/passwd + Require valid-user + + + +Alias /nagios "/usr/share/nagios/html" + + +<% if @ng_use_https == true -%> + SSLRequireSSL +<% else -%> +# SSLRequireSSL +<% end -%> + Options None + AllowOverride None + = 2.3> + + Require all granted +<% unless @ng_required_hosts.empty? -%> + Require host <%= @ng_required_hosts %> +<% end -%> +<% unless @ng_required_ips.empty? -%> + Require ip <%= @ng_required_ips %> +<% end -%> + AuthName "Nagios Access" + AuthType Basic + AuthUserFile /etc/nagios/passwd + Require valid-user + + + + Order allow,deny +<% unless @ng_required_hosts.empty? -%> + Allow from <%= @ng_required_hosts %> +<% end -%> +<% unless @ng_required_ips.empty? -%> + Allow from <%= @ng_required_ips %> +<% end -%> + AuthName "Nagios Access" + AuthType Basic + AuthUserFile /etc/nagios/passwd + Require valid-user + + <% end -%> AllowOverride All diff --git a/templates/httpd/nagios_ssl_vhost.erb b/templates/httpd/nagios_ssl_vhost.erb index 7bac827..d147661 100644 --- a/templates/httpd/nagios_ssl_vhost.erb +++ b/templates/httpd/nagios_ssl_vhost.erb @@ -2,12 +2,12 @@ ##### virtual_host file created by puppet, changes will be overwritten ###### ############################################################################### - +> ServerAdmin root@localhost DocumentRoot /var/www/html ServerName <%= @ng_webserver_name %> - DirectoryIndex index.html + ServerAlias <%= @ng_webserver_name %> ErrorLog /var/log/httpd/nagios_ssl_error_log # ErrorLog syslog:local1 TransferLog /var/log/httpd/nagios_ssl_transfer_log diff --git a/templates/httpd/welcome_conf.erb b/templates/httpd/welcome_conf.erb deleted file mode 100644 index 2a61ae5..0000000 --- a/templates/httpd/welcome_conf.erb +++ /dev/null @@ -1,20 +0,0 @@ -################################################################################ -########### welcome.conf generated by Puppet ########## -########### manual changes will be overwritten !!! ########## -################################################################################ - - - Options -Indexes - ErrorDocument 403 /.noindex.html - - - - AllowOverride None - Require all granted - - -Alias /.noindex.html /usr/share/httpd/noindex/index.html -Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css -Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css -Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif -Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png