confdroid/confdroid_nagios
3
0
Fork 0
Code Issues Projects Wiki Activity

changed logig for http vs https and removed index+ welcome file control

Browse Source
This commit is contained in:
Arne Teuke
2017-07-23 13:28:28 +01:00
parent 382b1988f2
commit 9ddc12c8ee
4 changed files with 106 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
manifests/server/files.pp
View File

@@ -53,55 +53,21 @@ class cd_nagios::server::files (
notify => Service[$ng_service], notify => Service[$ng_service],
} }
# manage nagios.conf for httpd # # manage nagios.conf for httpd
file { $ng_nagios_conf: # file { $ng_nagios_conf:
ensure => file, # ensure => file,
path => $ng_nagios_conf, # path => $ng_nagios_conf,
owner => 'root', # owner => 'root',
group => 'root', # group => 'root',
mode => '0644', # mode => '0644',
selrange => s0, # selrange => s0,
selrole => object_r, # selrole => object_r,
seltype => httpd_config_t, # seltype => httpd_config_t,
seluser => system_u, # seluser => system_u,
content => template($ng_nagios_conf_erb), # content => template($ng_nagios_conf_erb),
notify => Service[$ae_service], # notify => Service[$ae_service],
} # }
# manage welcome.conf for nagios web server
file { $ng_welcome_conf:
ensure => file,
path => $ng_welcome_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_welcome_conf_erb),
notify => Service[$ae_service],
}
if $ng_use_https == true {
file { $ng_ssl_vhost_file:
ensure => file,
path => $ng_ssl_vhost_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ng_ssl_vhost_erb),
notify => Service[$ae_service],
}
if $ng_http_https_fw == true {
file { $ng_forward_conf: file { $ng_forward_conf:
ensure => file, ensure => file,
@@ -116,24 +82,33 @@ class cd_nagios::server::files (
content => template($ng_forward_conf_erb), content => template($ng_forward_conf_erb),
notify => Service[$ae_service], notify => Service[$ae_service],
} }
}
}
if $ng_enable_index == true { if $ng_use_https == true {
file { $ng_index_html_file: # create ssl vhost
file { $ng_ssl_vhost_file:
ensure => file, ensure => file,
path => $ng_index_html_file, path => $ng_ssl_vhost_file,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
selrange => s0, selrange => s0,
selrole => object_r, selrole => object_r,
seltype => httpd_sys_content_t, seltype => httpd_config_t,
seluser => system_u, seluser => system_u,
content => template($ng_index_html_erb), content => template($ng_ssl_vhost_erb),
notify => Service[$ae_service], notify => Service[$ae_service],
} }
} }
if $ng_use_https != true {
# remove ssl_vhost
file { $ng_ssl_vhost_file:
ensure => absent,
}
}
} }
} }

80
templates/httpd/forward_conf.erb
View File

@@ -7,7 +7,85 @@
Redirect permanent / https://<%= @ng_webserver_name %>/nagios Redirect permanent / https://<%= @ng_webserver_name %>/nagios
<% end -%> <% end -%>
<% if @ng_use_https != true -%> <% if @ng_use_https != true -%>
Redirect permanent / http://<%= @ng_webserver_name %>/nagios ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
<Directory "/usr/lib64/nagios/cgi-bin/">
<% if @ng_use_https == true -%>
SSLRequireSSL
<% else -%>
# SSLRequireSSL
<% end -%>
Options ExecCGI
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Require all granted
<% unless @ng_required_hosts.empty? -%>
Require host <%= @ng_required_hosts %>
<% end -%>
<% unless @ng_required_ips.empty? -%>
Require ip <%= @ng_required_ips %>
<% end -%>
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/passwd
Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
<% unless @ng_required_hosts.empty? -%>
Allow from <%= @ng_required_hosts %>
<% end -%>
<% unless @ng_required_ips.empty? -%>
Allow from <%= @ng_required_ips %>
<% end -%>
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/passwd
Require valid-user
</IfVersion>
</Directory>
Alias /nagios "/usr/share/nagios/html"
<Directory "/usr/share/nagios/html">
<% if @ng_use_https == true -%>
SSLRequireSSL
<% else -%>
# SSLRequireSSL
<% end -%>
Options None
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Require all granted
<% unless @ng_required_hosts.empty? -%>
Require host <%= @ng_required_hosts %>
<% end -%>
<% unless @ng_required_ips.empty? -%>
Require ip <%= @ng_required_ips %>
<% end -%>
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/passwd
Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
<% unless @ng_required_hosts.empty? -%>
Allow from <%= @ng_required_hosts %>
<% end -%>
<% unless @ng_required_ips.empty? -%>
Allow from <%= @ng_required_ips %>
<% end -%>
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/passwd
Require valid-user
</IfVersion>
</Directory>
<% end -%> <% end -%>
<Directory /> <Directory />
AllowOverride All AllowOverride All

4
templates/httpd/nagios_ssl_vhost.erb
View File

@@ -2,12 +2,12 @@
##### virtual_host file created by puppet, changes will be overwritten ###### ##### virtual_host file created by puppet, changes will be overwritten ######
############################################################################### ###############################################################################
<VirtualHost *:443> <VirtualHost *:<%= @ng_https_port %>>
ServerAdmin root@localhost ServerAdmin root@localhost
DocumentRoot /var/www/html DocumentRoot /var/www/html
ServerName <%= @ng_webserver_name %> ServerName <%= @ng_webserver_name %>
DirectoryIndex index.html ServerAlias <%= @ng_webserver_name %>
ErrorLog /var/log/httpd/nagios_ssl_error_log ErrorLog /var/log/httpd/nagios_ssl_error_log
# ErrorLog syslog:local1 # ErrorLog syslog:local1
TransferLog /var/log/httpd/nagios_ssl_transfer_log TransferLog /var/log/httpd/nagios_ssl_transfer_log

20
templates/httpd/welcome_conf.erb
View File

@@ -1,20 +0,0 @@
################################################################################
########### welcome.conf generated by Puppet ##########
########### manual changes will be overwritten !!! ##########
################################################################################
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /.noindex.html
</LocationMatch>
<Directory /usr/share/httpd/noindex>
AllowOverride None
Require all granted
</Directory>
Alias /.noindex.html /usr/share/httpd/noindex/index.html
Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png