added control for nagios_ssl vhost

templates/httpd/nagios_ssl_vhost.erb

@@ -0,0 +1,44 @@
+###############################################################################
+#####  virtual_host file created by puppet, changes will be overwritten  ######
+###############################################################################
+
+<VirtualHost *:443>
+
+    ServerAdmin root@localhost
+    DocumentRoot /var/www/html
+    ServerName <%= @ng_webserver_name %>
+    DirectoryIndex index.html
+    ErrorLog /var/log/httpd/nagios_ssl_error_log
+#    ErrorLog syslog:local1
+    TransferLog /var/log/httpd/nagios_ssl_transfer_log
+    LogLevel warn
+
+    SSLEngine on
+    SSLProtocol all -SSLv2 -SSLv3
+    SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
+
+<% if @js_use_certbot == true -%>
+    SSLCertificateFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/cert.pem
+    SSLCertificateKeyFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/privkey.pem
+    SSLCACertificateFile <%= @js_certbot_live %>/<%= @ng_webserver_name %>/fullchain.pem
+<% elsif @js_use_certbot != true -%>
+    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+    #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+<% end -%>
+    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    SSLOptions +StdEnvVars
+    </Files>
+    <Directory "/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+    </Directory>
+
+    SetEnvIf User-Agent ".*MSIE.*" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+
+     CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>