added control for forward.conf

README.md

@@ -46,6 +46,7 @@ Configuration
 * configure NRPE on clients (optional)
 * configure firewall (optional)
 * configure selinux policies (optional)
+* configure forwarding http to https including accesing the /nagios url directly (optional)
 
 Service
 * manage Nagios service on server

manifests/params.pp

@@ -199,6 +199,9 @@
 #   'host1.example.com host2.example.com'
 # @param  [string] ng_required_ips string of **__Ip addresses __** for hosts which
 #   should be allowed/reqired. Requires format 'ipaddress ip address range'
+# @param  [boolean] ng_disable_welcome Whether the regular welcome screen should
+#   be disabled. this is required for the nagios http check on the nagios server
+#    to be successful.
 ###############################################################################
 class cd_nagios::params (
 
@@ -310,6 +313,7 @@ $ng_use_selinux_tools = true,
 $ng_required_hosts    = '',
 $ng_required_ips      = '127.0.0.0/8',
 $ng_disable_welcome   = true,
+
 ) {
 
 # installation section
@@ -352,8 +356,11 @@ $ng_taccgi_erb        = 'cd_nagios/selinux/taccgi.erb'
 $ng_statcgi_erb       = 'cd_nagios/selinux/statuscgi.erb'
 $ng_nagios_conf       = '/etc/httpd/conf.d/nagios.conf'
 $ng_nagios_conf_erb   = 'cd_nagios/httpd/nagios_conf.erb'
-$ng_welcome_conf      ='/etc/httpd/conf.d/welcome.conf'
+$ng_welcome_conf      = '/etc/httpd/conf.d/welcome.conf'
 $ng_welcome_conf_erb  = 'cd_nagios/httpd/welcome_conf.erb'
+$ng_forward_conf      = '/etc/httpd/conf.d/nagios_forward.conf'
+$ng_forward_conf_erb  = 'cd_nagios/httpd/forward_conf.erb'
+
 
 # includes must be last
 

manifests/server/files.pp

@@ -63,7 +63,24 @@ class cd_nagios::server::files (
       notify    =>  Service[$ae_service],
     }
 
-    # manage index.gtml for nagios web server
+    if $ng_http_https_fw == true {
+
+      file { $ng_forward_conf:
+        ensure    =>  file,
+        path      =>  $ng_forward_conf,
+        owner     =>  'root',
+        group     =>  'root',
+        mode      =>  '0644',
+        selrange  =>  s0,
+        selrole   =>  object_r,
+        seltype   =>  httpd_config_t,
+        seluser   =>  system_u,
+        content   =>  template($ng_forward_conf_erb),
+        notify    =>  Service[$ae_service],
+      }
+    }
+
+    # manage welcome.conf for nagios web server
 
     if $ng_disable_welcome == true {
 

templates/httpd/forward_conf.erb

@@ -0,0 +1,12 @@
+<VirtualHost *:80>
+    ServerAdmin root@localhost
+    DocumentRoot /var/www/html
+    ServerName www.<%= @ng_nagios_server %>
+    ServerAlias <%= @ng_nagios_server %>
+    Redirect permanent / https://<%= @ng_nagios_server %>/nagios
+    <Directory />
+    AllowOverride All
+    </Directory>
+    ErrorLog /var/log/httpd/<%= @ng_nagios_server %>-error_log
+    CustomLog /var/log/httpd/<%= @ng_nagios_server %>-access_log common
+</VirtualHost>

templates/httpd/nagios_conf.erb

@@ -23,7 +23,7 @@ ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
     Require host <%= @ng_required_hosts %>
 <% end -%>
 <% unless @ng_required_ips.empty? -%>
-         Require ip <%= required_ips %>
+         Require ip <%= @ng_required_ip %>
 <% end -%>
          AuthName "Nagios Access"
          AuthType Basic
@@ -58,7 +58,7 @@ Alias /nagios "/usr/share/nagios/html"
     Require host <%= @ng_required_hosts %>
 <% end -%>
 <% unless @ng_required_ips.empty? -%>
-         Require ip <%= required_ips %>
+         Require ip <%= @ng_required_ip %>
 <% end -%>
          AuthName "Nagios Access"
          AuthType Basic