diff --git a/CHANGELOG.md b/CHANGELOG.md index 223b60b..1814ec0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,16 @@ Changelog of Git Changelog.

No issue

+60407116a503868 Jenkins Server 2017-07-21 13:47:34 +

+

recommit for updates in build 27

+ +

+409ec084543f0d8 Arne Teuke 2017-07-21 13:47:12 +

+

added control for forward.conf

+ +

1fc9ffeacdebd20 Jenkins Server 2017-07-21 13:43:26

recommit for updates in build 26

diff --git a/README.md b/README.md index 9b394ac..34580ae 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ |Repo Name| version | Build Status| |---|---|---|---| -|`cd_nagios`| 0.0.0.7 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_nagios)](https://jenkins.confdroid.com/job/cd_nagios/)| +|`cd_nagios`| 0.0.0.8 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_nagios)](https://jenkins.confdroid.com/job/cd_nagios/)| ### Synopsis Nagios is a powerful open source software solution for monitoring your IT environments. @@ -62,6 +62,7 @@ All dependencies must be included in the catalogue. * [cd_apache](https://gitlab.puppetsoft.com/12WW1160/cd_apache) for installing httpd * [cd_firewall](https://gitlab.puppetsoft.com/12WW1160/cd_firewall) or [puppetlabs firewall](https://github.com/puppetlabs/puppetlabs-firewall) (optional) * [cd_selinux](https://gitlab.puppetsoft.com/12WW1160/cd_selinux) for selinux policy adjustments +* [cd_certbot](https://gitlab.puppetsoft.com/12WW1160/cd_certbot) to auto-manage TLS certificates (optional) ### Deployment diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index c4685b9..055e76b 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -31,6 +31,8 @@ | |-- puppet_defined_type_list.html | `-- top-level-namespace.html |-- manifests +| |-- certbot +| | `-- config.pp | |-- client | | `-- target.pp | |-- firewall @@ -50,6 +52,9 @@ | |-- init.pp | `-- params.pp |-- templates +| |-- certbot +| | |-- get_cert.erb +| | `-- unless_get_cert.erb | |-- httpd | | |-- forward_conf.erb | | |-- nagios_conf.erb @@ -70,4 +75,4 @@ |-- README.md `-- REPOSTRUCTURE.md -16 directories, 54 files +18 directories, 57 files diff --git a/doc/_index.html b/doc/_index.html index d9d83c8..7386db1 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -73,6 +73,11 @@ +
  • + cd_nagios::certbot::config + +
    • +
  • cd_nagios::client::target @@ -181,7 +186,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index 492304a..c8e1439 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -61,7 +61,7 @@

    |Repo Name| version | Build Status| |---|---|---|---| -|cd_nagios| 0.0.0.7 | cd_nagios| 0.0.0.8 | {Build Status/]|

    @@ -174,6 +174,9 @@ firewall (optional)

  • cd_selinux for selinux policy adjustments

    +
  • +

    cd_certbot +to auto-manage TLS certificates (optional)

    • Deployment

    @@ -299,7 +302,7 @@ environments.

    diff --git a/doc/index.html b/doc/index.html index b244631..cae5a69 100644 --- a/doc/index.html +++ b/doc/index.html @@ -61,7 +61,7 @@

    |Repo Name| version | Build Status| |---|---|---|---| -|cd_nagios| 0.0.0.7 | cd_nagios| 0.0.0.8 | {Build Status/]|

    @@ -174,6 +174,9 @@ firewall (optional)

  • cd_selinux for selinux policy adjustments

    +
  • +

    cd_certbot +to auto-manage TLS certificates (optional)

    • Deployment

    @@ -299,7 +302,7 @@ environments.

    diff --git a/doc/puppet_class_list.html b/doc/puppet_class_list.html index d7b54ba..898b58e 100644 --- a/doc/puppet_class_list.html +++ b/doc/puppet_class_list.html @@ -47,77 +47,84 @@ -
  • +
  • +
    + cd_nagios::certbot::config +
    +
    • + + +
  • cd_nagios::client::target
    • -
  • +
  • cd_nagios::firewall::iptables
    • -
  • +
  • cd_nagios::main::config
    • -
  • +
  • cd_nagios::main::dirs
    • -
  • +
  • cd_nagios::main::install
    • -
  • +
  • cd_nagios::main::user
    • -
  • +
  • cd_nagios::params
    • -
  • +
  • cd_nagios::selinux::config
    • -
  • +
  • cd_nagios::server::access_rules
    • -
  • +
  • cd_nagios::server::files
    • -
  • +
  • cd_nagios::server::service
    diff --git a/doc/puppet_classes/cd_nagios.html b/doc/puppet_classes/cd_nagios.html index a406761..02516ee 100644 --- a/doc/puppet_classes/cd_nagios.html +++ b/doc/puppet_classes/cd_nagios.html @@ -139,7 +139,7 @@ class cd_nagios { diff --git a/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Aconfig.html new file mode 100644 index 0000000..ce54145 --- /dev/null +++ b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Aconfig.html @@ -0,0 +1,218 @@ + + + + + + + Puppet Class: cd_nagios::certbot::config + + — Documentation by YARD 0.9.9 + + + + + + + + + + + + + + + + + +
    + +
    +
    + +
    + + +

    Puppet Class: cd_nagios::certbot::config

    +
    + +
    +
    Inherits:
    +
    cd_nagios::params
    +
    + + +
    +
    Defined in:
    +
    + manifests/certbot/config.pp +
    +
    +
    + +

    Summary

    + Class manages all configuration files required for cd_nagios. + +

    Overview

    +
    +
    + +

    cd_nagios::certbot::config.pp +Module name: cd_nagios +Author: Arne Teuke +(arne_teuke@ConfDroid.com)

    + +

    License:

    + +

    This file is part of cd_nagios.

    + +

    cd_nagios is used for providing automatic configuration of Nagios + +Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com) + This program is +free software: you can redistribute it and/or modify + it under the terms of +the GNU General Public License as published by + the Free Software +Foundation, either version 3 of the License, or + (at your option) any later +version.

    + +

    This program is distributed in the hope that it will be useful, + but +WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License +for more details.

    + +

    You should have received a copy of the GNU General Public License + along +with this program. If not, see www.gnu.org/licenses/.

    + +
    +
    +
    + + +
    + + + + + +
    + 
    +
+
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
    +     		+ 
    # File 'manifests/certbot/config.pp', line 23
+
+class cd_nagios::certbot::config (
+
+) inherits cd_nagios::params {
+
+  if $::fqdn == $ng_nagios_server {
+    if $ng_enable_certbot == true {
+
+      require cd_certbot
+
+      # create cert
+
+      exec { 'create_cert':
+        command   =>  template('cd_nagios/certbot/get_cert.erb'),
+        cwd       =>  '/tmp',
+        path      =>  ['/bin','/usr/bin'],
+        provider  =>  'shell',
+        unless    =>  template('cd_nagios/certbot/unless_get_cert.erb'),
+        notify    =>  Service['httpd'],
+        creates   =>  '/etc/httpd/conf.d/.cert_created',
+       }
+
+      # renew certs
+
+      exec {  'renew_cert':
+        command   =>  'certbot renew',
+        cwd       =>  '/tmp',
+        path      =>  ['/bin','/usr/bin','/opt/'],
+        provider  =>  'shell',
+        notify    =>  Service['httpd'],
+        unless    =>  template('cd_nagios/certbot/unless_renew_cert.erb'),
+      }
+    }
+  }
+}
    +
    +
    +
    + + + +
    + + \ No newline at end of file diff --git a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html index 66eed35..b879f96 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html @@ -368,7 +368,7 @@ class cd_nagios::client::target ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html index 1192f9c..f51a4bb 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html @@ -207,7 +207,7 @@ class cd_nagios::firewall::iptables ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html index 3b3f42e..e8d073e 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html @@ -187,7 +187,7 @@ class cd_nagios::main::config ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html index f40f521..ee2f010 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html @@ -468,7 +468,7 @@ class cd_nagios::main::dirs ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html index 66076d7..806b849 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html @@ -235,7 +235,7 @@ class cd_nagios::main::install ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html index 51fcf3b..bcaf6f4 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html +++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html @@ -200,7 +200,7 @@ class cd_nagios::main::user ( diff --git a/doc/puppet_classes/cd_nagios_3A_3Aparams.html b/doc/puppet_classes/cd_nagios_3A_3Aparams.html index 5c15df8..ea160d8 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Aparams.html +++ b/doc/puppet_classes/cd_nagios_3A_3Aparams.html @@ -79,6 +79,8 @@ cd_nagios::client::target
    + cd_nagios::certbot::config
    + cd_nagios::selinux::config
    cd_nagios::server::service
    @@ -1826,7 +1828,7 @@ enabled.

    should be allowed/required. Requires format 'host1.example.com -host2.example.com'

    +host2.example.com'. If you want no restriction, chose 'all'.

    • @@ -1846,10 +1848,14 @@ host2.example.com'

    string of <b>_<em>Ip addresses __** for hosts which should be -allowed/reqired. Requires format 'ipaddress ip address range'Ip -addresses _</em></b> for hosts which -should be allowed/reqired. -Requires format 'ipaddress ip address range'

    +allowed/reqired. Requires format 'ipaddress ip address range'. +If +you want no restriction, choose '0.0.0.0/0'Ip addresses +_</em></b> for hosts which +should be allowed/reqired. Requires +format 'ipaddress ip address range'. +If you want no restriction, +choose '0.0.0.0/0'

    @@ -1875,6 +1881,64 @@ the nagios http check on the nagios server +
  • + + ng_enable_certbot + + + (boolean) + + + (defaults to: true) + + + — +
    +

    Whether to use certbot for automated TLS +certificate management

    +
    + +
    • + +
  • + + ng_certbot_cert_path + + + (string) + + + (defaults to: '/var/www/html') + + + — +
    +

    the path for certbot to place +challenges for teh certification process.

    +
    + +
    • + +
  • + + ng_mail_user + + + (string) + + + (defaults to: "admin@${::domain}") + + + — +
    +

    email address to receive administrative mail. +used for nagios itself as +well as for certbot.

    +
    + +
    • + @@ -1892,13 +1956,6 @@ the nagios http check on the nagios server 
     
 
-206
-207
-208
-209
-210
-211
-212
 213
 214
 215
@@ -2055,10 +2112,22 @@ the nagios http check on the nagios server
 366
 367
 368
-369
    +369 +370 +371 +372 +373 +374 +375 +376 +377 +378 +379 +380 +381 - 
    # File 'manifests/params.pp', line 206
+        
    # File 'manifests/params.pp', line 213
 
 class cd_nagios::params (
 
@@ -2066,6 +2135,7 @@ $pkg_ensure           = 'latest',
 
 $ng_nagios_server     = "nagios.${::domain}",
 $ng_nagios_ext_ip     = undef,
+$ng_mail_user         = "admin@${::domain}",
 
 $ng_include_nrpe      = true,
 
@@ -2171,6 +2241,10 @@ $ng_required_hosts    = '',
 $ng_required_ips      = '127.0.0.0/8',
 $ng_disable_welcome   = true,
 
+# certbot
+$ng_enable_certbot    = true,
+$ng_certbot_cert_path = '/var/www/html',
+
 ) {
 
 # installation section
@@ -2231,7 +2305,7 @@ $ng_forward_conf_erb  = 'cd_nagios/httpd/forward_conf.erb'
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
index 2134869..92fee8d 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
@@ -249,7 +249,7 @@ class cd_nagios::selinux::config (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
index a30527c..e15fb30 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
@@ -195,7 +195,7 @@ class cd_nagios::server::access_rules (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
index e24c31a..7894bb0 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
@@ -300,7 +300,7 @@ class cd_nagios::server::files (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
index c081b85..35cb2f0 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
@@ -174,7 +174,7 @@ class cd_nagios::server::service (
 
 
       
diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
index 7c879fa..4d4a689 100644
--- a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
+++ b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
@@ -220,7 +220,7 @@ $ng_service       = $::cd_nagios::params::ng_service
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index adbdd9e..aa02f34 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@
 
 
       
diff --git a/manifests/certbot/config.pp b/manifests/certbot/config.pp
new file mode 100644
index 0000000..3f0c635
--- /dev/null
+++ b/manifests/certbot/config.pp
@@ -0,0 +1,56 @@
+## cd_nagios::certbot::config.pp
+# Module name: cd_nagios
+# Author: Arne Teuke (arne_teuke@ConfDroid.com)
+# # License:
+#    This file is part of cd_nagios.
+#
+#    cd_nagios is used for providing automatic configuration of Nagios
+#    Copyright (C) 2016  ConfDroid (copyright@ConfDroid.com)
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see .
+# @summary  Class manages all configuration files required for cd_nagios.
+##############################################################################
+class cd_nagios::certbot::config (
+
+) inherits cd_nagios::params {
+
+  if $::fqdn == $ng_nagios_server {
+    if $ng_enable_certbot == true {
+
+      require cd_certbot
+
+      # create cert
+
+      exec { 'create_cert':
+        command   =>  template('cd_nagios/certbot/get_cert.erb'),
+        cwd       =>  '/tmp',
+        path      =>  ['/bin','/usr/bin'],
+        provider  =>  'shell',
+        unless    =>  template('cd_nagios/certbot/unless_get_cert.erb'),
+        notify    =>  Service['httpd'],
+        creates   =>  '/etc/httpd/conf.d/.cert_created',
+       }
+
+      # renew certs
+
+      exec {  'renew_cert':
+        command   =>  'certbot renew',
+        cwd       =>  '/tmp',
+        path      =>  ['/bin','/usr/bin','/opt/'],
+        provider  =>  'shell',
+        notify    =>  Service['httpd'],
+        unless    =>  template('cd_nagios/certbot/unless_renew_cert.erb'),
+      }
+    }
+  }
+}
diff --git a/manifests/params.pp b/manifests/params.pp
index 38bd54f..8902987 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -196,12 +196,19 @@
 #   policies. only effective if selinux is enabled.
 # @param  [string] ng_required_hosts String of **__FQDNs__** for hosts which
 #   should be allowed/required. Requires format
-#   'host1.example.com host2.example.com'
+#   'host1.example.com host2.example.com'. If you want no restriction, chose 'all'.
 # @param  [string] ng_required_ips string of **__Ip addresses __** for hosts which
-#   should be allowed/reqired. Requires format 'ipaddress ip address range'
+#   should be allowed/reqired. Requires format 'ipaddress ip address range'.
+#   If you want no restriction, choose '0.0.0.0/0'
 # @param  [boolean] ng_disable_welcome Whether the regular welcome screen should
 #   be disabled. this is required for the nagios http check on the nagios server
 #    to be successful.
+# @param [boolean]  ng_enable_certbot Whether to use certbot for automated TLS
+#   certificate management
+# @param  [string]  ng_certbot_cert_path the path for certbot to place
+#   challenges for teh certification process.
+# @param  [string] ng_mail_user email address to receive administrative mail.
+#   used for nagios itself as well as for certbot.
 ###############################################################################
 class cd_nagios::params (
 
@@ -209,6 +216,7 @@ $pkg_ensure           = 'latest',
 
 $ng_nagios_server     = "nagios.${::domain}",
 $ng_nagios_ext_ip     = undef,
+$ng_mail_user         = "admin@${::domain}",
 
 $ng_include_nrpe      = true,
 
@@ -314,6 +322,10 @@ $ng_required_hosts    = '',
 $ng_required_ips      = '127.0.0.0/8',
 $ng_disable_welcome   = true,
 
+# certbot
+$ng_enable_certbot    = true,
+$ng_certbot_cert_path = '/var/www/html',
+
 ) {
 
 # installation section
diff --git a/templates/certbot/get_cert.erb b/templates/certbot/get_cert.erb
new file mode 100644
index 0000000..87f47d9
--- /dev/null
+++ b/templates/certbot/get_cert.erb
@@ -0,0 +1,2 @@
+certbot certonly -t -n --agree-tos --webroot -w <%= @ng_certbot_cert_path %>/ -d <%= @ng_nagios_server %> --email <%= @ng_mail_user %>
+touch /etc/httpd/conf.d/.cert_created
diff --git a/templates/certbot/unless_get_cert.erb b/templates/certbot/unless_get_cert.erb
new file mode 100644
index 0000000..bc8ce29
--- /dev/null
+++ b/templates/certbot/unless_get_cert.erb
@@ -0,0 +1,4 @@
+#!/bin/bash 
+<% if @ng_enable_certbot == true %>
+test -d /etc/letsencrypt/archive/<%= @ng_nagios_server %>
+<% end %>
diff --git a/templates/httpd/forward_conf.erb b/templates/httpd/forward_conf.erb
index b682fd5..0f92a41 100644
--- a/templates/httpd/forward_conf.erb
+++ b/templates/httpd/forward_conf.erb
@@ -1,9 +1,14 @@
-
+>
     ServerAdmin root@localhost
     DocumentRoot /var/www/html
     ServerName www.<%= @ng_nagios_server %>
     ServerAlias <%= @ng_nagios_server %>
+<% if @ng_use_https == true -%>
     Redirect permanent / https://<%= @ng_nagios_server %>/nagios
+<% end -%>
+<% if @ng_use_https != true -%>
+    Redirect permanent / http://<%= @ng_nagios_server %>/nagios
+<% end -%>
     
     AllowOverride All
     
diff --git a/templates/httpd/nagios_conf.erb b/templates/httpd/nagios_conf.erb
index a310523..90bf810 100644
--- a/templates/httpd/nagios_conf.erb
+++ b/templates/httpd/nagios_conf.erb
@@ -33,11 +33,12 @@ ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
    
    
       Order allow,deny
-      Allow from all
-#     Order deny,allow
-#     Deny from all
-#     Allow from 127.0.0.1
-
+<% unless @ng_required_hosts.empty? -%>
+      Allow from <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+         Alloow from <%= @ng_required_ips %>
+<% end -%>
       AuthName "Nagios Access"
       AuthType Basic
       AuthUserFile /etc/nagios/passwd
@@ -48,7 +49,11 @@ ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
 Alias /nagios "/usr/share/nagios/html"
 
 
+<% if @ng_use_https == true -%>
+   SSLRequireSSL
+<% else -%>
 #  SSLRequireSSL
+<% end -%>
    Options None
    AllowOverride None
    = 2.3>
@@ -68,11 +73,12 @@ Alias /nagios "/usr/share/nagios/html"
    
    
       Order allow,deny
-      Allow from all
-#     Order deny,allow
-#     Deny from all
-#     Allow from 127.0.0.1
-
+<% unless @ng_required_hosts.empty? -%>
+      Allow from <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+         Alloow from <%= @ng_required_ips %>
+<% end -%>
       AuthName "Nagios Access"
       AuthType Basic
       AuthUserFile /etc/nagios/passwd