diff --git a/README.md b/README.md index b35d51f..9b394ac 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ Configuration * configure NRPE on clients (optional) * configure firewall (optional) * configure selinux policies (optional) +* configure forwarding http to https including accesing the /nagios url directly (optional) Service * manage Nagios service on server diff --git a/manifests/params.pp b/manifests/params.pp index 669ed5c..38bd54f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -199,6 +199,9 @@ # 'host1.example.com host2.example.com' # @param [string] ng_required_ips string of **__Ip addresses __** for hosts which # should be allowed/reqired. Requires format 'ipaddress ip address range' +# @param [boolean] ng_disable_welcome Whether the regular welcome screen should +# be disabled. this is required for the nagios http check on the nagios server +# to be successful. ############################################################################### class cd_nagios::params ( @@ -310,6 +313,7 @@ $ng_use_selinux_tools = true, $ng_required_hosts = '', $ng_required_ips = '127.0.0.0/8', $ng_disable_welcome = true, + ) { # installation section @@ -352,8 +356,11 @@ $ng_taccgi_erb = 'cd_nagios/selinux/taccgi.erb' $ng_statcgi_erb = 'cd_nagios/selinux/statuscgi.erb' $ng_nagios_conf = '/etc/httpd/conf.d/nagios.conf' $ng_nagios_conf_erb = 'cd_nagios/httpd/nagios_conf.erb' -$ng_welcome_conf ='/etc/httpd/conf.d/welcome.conf' +$ng_welcome_conf = '/etc/httpd/conf.d/welcome.conf' $ng_welcome_conf_erb = 'cd_nagios/httpd/welcome_conf.erb' +$ng_forward_conf = '/etc/httpd/conf.d/nagios_forward.conf' +$ng_forward_conf_erb = 'cd_nagios/httpd/forward_conf.erb' + # includes must be last diff --git a/manifests/server/files.pp b/manifests/server/files.pp index 552fdd3..9a8c0ce 100644 --- a/manifests/server/files.pp +++ b/manifests/server/files.pp @@ -63,7 +63,24 @@ class cd_nagios::server::files ( notify => Service[$ae_service], } - # manage index.gtml for nagios web server + if $ng_http_https_fw == true { + + file { $ng_forward_conf: + ensure => file, + path => $ng_forward_conf, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + content => template($ng_forward_conf_erb), + notify => Service[$ae_service], + } + } + + # manage welcome.conf for nagios web server if $ng_disable_welcome == true { diff --git a/templates/httpd/forward_conf.erb b/templates/httpd/forward_conf.erb new file mode 100644 index 0000000..b682fd5 --- /dev/null +++ b/templates/httpd/forward_conf.erb @@ -0,0 +1,12 @@ + + ServerAdmin root@localhost + DocumentRoot /var/www/html + ServerName www.<%= @ng_nagios_server %> + ServerAlias <%= @ng_nagios_server %> + Redirect permanent / https://<%= @ng_nagios_server %>/nagios + + AllowOverride All + + ErrorLog /var/log/httpd/<%= @ng_nagios_server %>-error_log + CustomLog /var/log/httpd/<%= @ng_nagios_server %>-access_log common + diff --git a/templates/httpd/nagios_conf.erb b/templates/httpd/nagios_conf.erb index 2e84105..1884734 100644 --- a/templates/httpd/nagios_conf.erb +++ b/templates/httpd/nagios_conf.erb @@ -23,7 +23,7 @@ ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/" Require host <%= @ng_required_hosts %> <% end -%> <% unless @ng_required_ips.empty? -%> - Require ip <%= required_ips %> + Require ip <%= @ng_required_ip %> <% end -%> AuthName "Nagios Access" AuthType Basic @@ -58,7 +58,7 @@ Alias /nagios "/usr/share/nagios/html" Require host <%= @ng_required_hosts %> <% end -%> <% unless @ng_required_ips.empty? -%> - Require ip <%= required_ips %> + Require ip <%= @ng_required_ip %> <% end -%> AuthName "Nagios Access" AuthType Basic