From e160b3f919967bcedbc00da7b737a8961d56fc4b Mon Sep 17 00:00:00 2001
From: Arne Teuke <arne_teuke@confdroid.com>
Date: Fri, 21 Jul 2017 15:03:09 +0100
Subject: [PATCH] finished nagios.conf

---
 manifests/params.pp             |  5 +++--
 templates/httpd/nagios_conf.erb | 26 ++++++++++++++++----------
 2 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/manifests/params.pp b/manifests/params.pp
index 38bd54f..bc7b483 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -196,9 +196,10 @@
 #   policies. only effective if selinux is enabled.
 # @param  [string] ng_required_hosts String of **__FQDNs__** for hosts which
 #   should be allowed/required. Requires format
-#   'host1.example.com host2.example.com'
+#   'host1.example.com host2.example.com'. If you want no restriction, chose 'all'.
 # @param  [string] ng_required_ips string of **__Ip addresses __** for hosts which
-#   should be allowed/reqired. Requires format 'ipaddress ip address range'
+#   should be allowed/reqired. Requires format 'ipaddress ip address range'.
+#   If you want no restriction, choose '0.0.0.0/0'
 # @param  [boolean] ng_disable_welcome Whether the regular welcome screen should
 #   be disabled. this is required for the nagios http check on the nagios server
 #    to be successful.
diff --git a/templates/httpd/nagios_conf.erb b/templates/httpd/nagios_conf.erb
index a310523..90bf810 100644
--- a/templates/httpd/nagios_conf.erb
+++ b/templates/httpd/nagios_conf.erb
@@ -33,11 +33,12 @@ ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
    </IfVersion>
    <IfVersion < 2.3>
       Order allow,deny
-      Allow from all
-#     Order deny,allow
-#     Deny from all
-#     Allow from 127.0.0.1
-
+<% unless @ng_required_hosts.empty? -%>
+      Allow from <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+         Alloow from <%= @ng_required_ips %>
+<% end -%>
       AuthName "Nagios Access"
       AuthType Basic
       AuthUserFile /etc/nagios/passwd
@@ -48,7 +49,11 @@ ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
 Alias /nagios "/usr/share/nagios/html"
 
 <Directory "/usr/share/nagios/html">
+<% if @ng_use_https == true -%>
+   SSLRequireSSL
+<% else -%>
 #  SSLRequireSSL
+<% end -%>
    Options None
    AllowOverride None
    <IfVersion >= 2.3>
@@ -68,11 +73,12 @@ Alias /nagios "/usr/share/nagios/html"
    </IfVersion>
    <IfVersion < 2.3>
       Order allow,deny
-      Allow from all
-#     Order deny,allow
-#     Deny from all
-#     Allow from 127.0.0.1
-
+<% unless @ng_required_hosts.empty? -%>
+      Allow from <%= @ng_required_hosts %>
+<% end -%>
+<% unless @ng_required_ips.empty? -%>
+         Alloow from <%= @ng_required_ips %>
+<% end -%>
       AuthName "Nagios Access"
       AuthType Basic
       AuthUserFile /etc/nagios/passwd