diff --git a/CHANGELOG.md b/CHANGELOG.md index 177b611..fdec853 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,16 @@ Changelog of Git Changelog.

No issue

+10741c6eacd385f Jenkins Server 2017-07-21 15:46:57 +

+

recommit for updates in build 38

+ +

+09372f68657c04b Arne Teuke 2017-07-21 15:46:40 +

+

removing all final config files on certbot level

+ +

919531809c41d5a Jenkins Server 2017-07-21 15:24:59

recommit for updates in build 37

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index b258133..79c14a1 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -54,12 +54,12 @@ | `-- params.pp |-- templates | |-- certbot -| | |-- create_tempfile.erb | | |-- get_cert.erb | | |-- unless_get_cert.erb | | `-- unless_renew_cert.erb | |-- httpd | | |-- forward_conf.erb +| | |-- index_html.erb | | |-- nagios_conf.erb | | `-- welcome_conf.erb | |-- nagios diff --git a/doc/_index.html b/doc/_index.html index 287db70..5adf359 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -186,7 +186,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index ec778fc..3a774f8 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -304,7 +304,7 @@ environments.

diff --git a/doc/index.html b/doc/index.html index ea50e11..16a34f1 100644 --- a/doc/index.html +++ b/doc/index.html @@ -304,7 +304,7 @@ environments.

diff --git a/doc/puppet_classes/cd_nagios.html b/doc/puppet_classes/cd_nagios.html index e36d674..e5bf056 100644 --- a/doc/puppet_classes/cd_nagios.html +++ b/doc/puppet_classes/cd_nagios.html @@ -139,7 +139,7 @@ class cd_nagios { diff --git a/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Aconfig.html index 888eb0c..c26eed5 100644 --- a/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nagios_3A_3Acertbot_3A_3Aconfig.html @@ -169,44 +169,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

60 61 62 -63 -64 -65 -66 -67 -68 -69 -70 -71 -72 -73 -74 -75 -76 -77 -78 -79 -80 -81 -82 -83 -84 -85 -86 -87 -88 -89 -90 -91 -92 -93 -94 -95 -96 -97 -98 -99 -100 +63 
# File 'manifests/certbot/config.pp', line 23
@@ -221,31 +184,6 @@ class cd_nagios::certbot::config (
 
         require cd_certbot
 
-        # ensure there is no forward vhost file
-
-        exec { 'remove_forward_vhost':
-          command   =>  "rm -Rf ${ng_forward_conf}",
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-        }
-
-        exec { 'remove_nagios_conf':
-          command   =>  "rm -Rf ${ng_nagios_conf}",
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-          require   =>  Exec['remove_forward_vhost'],
-        }
-
-        # create temp vhost file
-
-        exec { 'create_temp_vhost':
-          command   =>  template('cd_nagios/certbot/create_tempfile.erb'),
-          cwd       =>  '/tmp',
-          path      =>  ['/bin','/usr/bin'],
-          provider  =>  'shell',
-          creates   =>  '/etc/httpd/conf.d/.created',
-          notify    =>  Service['httpd'],
-          require   =>  Exec['remove_nagios_conf'],
-        }
-
         # create cert
 
         exec { 'create_cert':
@@ -259,18 +197,6 @@ class cd_nagios::certbot::config (
           require   =>  Exec['create_temp_vhost'],
         }
 
-        # remove temp_vhost
-
-        exec { 'remove_temp_vhost':
-          command   =>  "rm -Rf ${ng_certbot_temp_file}",
-          cwd       =>  '/tmp',
-          path      =>  ['/bin','/usr/bin'],
-          provider  =>  'shell',
-          notify    =>  Service['httpd'],
-          require   =>  Exec['create_cert'],
-          creates   =>  "/etc/letsencrypt/live/${ng_nagios_server}/cert.pem",
-        }
-
         # renew certs
 
         exec {  'renew_cert':
@@ -296,7 +222,7 @@ class cd_nagios::certbot::config (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html
index 6550dfd..f810268 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aclient_3A_3Atarget.html
@@ -368,7 +368,7 @@ class cd_nagios::client::target (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html
index 71f05ac..94df1c2 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Afirewall_3A_3Aiptables.html
@@ -207,7 +207,7 @@ class cd_nagios::firewall::iptables (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html
index 96d8475..7cd5a10 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Aconfig.html
@@ -187,7 +187,7 @@ class cd_nagios::main::config (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
index 711662a..42c0f87 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Adirs.html
@@ -468,7 +468,7 @@ class cd_nagios::main::dirs (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
index 20a3649..9175c7b 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Ainstall.html
@@ -235,7 +235,7 @@ class cd_nagios::main::install (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
index 45950ff..436244e 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Amain_3A_3Auser.html
@@ -200,7 +200,7 @@ class cd_nagios::main::user (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aparams.html b/doc/puppet_classes/cd_nagios_3A_3Aparams.html
index 0b671f8..ef8811a 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aparams.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aparams.html
@@ -1860,27 +1860,6 @@ choose '0.0.0.0/0'

       
     
   
-    
  • 
-      
-        ng_disable_welcome
-      
-      
-        (boolean)
-      
-      
-        (defaults to: true)
-      
-      
-        —
-        
    
-
    Whether the regular welcome screen should
-be disabled. this is required for
-the nagios http check on the nagios server
- to be successful.
    
-
    
-      
-    
    • 
-  
     
  • 
       
         ng_enable_certbot
@@ -1914,7 +1893,7 @@ certificate management
    
 
    the path for certbot to place
-challenges for teh certification process.
    
+challenges for the certification process.
    
 
    
       
     
    • 
@@ -1935,6 +1914,26 @@ challenges for teh certification process.
    
 
    email address to receive administrative mail.
 used for nagios itself as
 well as for certbot.
    
+
+      
+    
+  
+    
  • 
+      
+        ng_enable_index
+      
+      
+        (boolean)
+      
+      
+        (defaults to: true)
+      
+      
+        —
+        
    
+
    Whether to create an index file to allow
+httpd checks with nagios on the
+nagios server.
    
 
    
       
     
    • 
@@ -1956,6 +1955,7 @@ well as for certbot.
    
         
     
 
+212
 213
 214
 215
@@ -2127,11 +2127,10 @@ well as for certbot.
    
 381
 382
 383
-384
-385
    
+384
    - 
    # File 'manifests/params.pp', line 213
+        
    # File 'manifests/params.pp', line 212
 
 class cd_nagios::params (
 
@@ -2243,7 +2242,7 @@ $ng_use_selinux_tools = true,
 # httpd
 $ng_required_hosts    = '',
 $ng_required_ips      = '127.0.0.0/8',
-$ng_disable_welcome   = true,
+$ng_enable_index      = true,
 
 # certbot
 $ng_enable_certbot    = true,
@@ -2298,8 +2297,8 @@ $ng_forward_conf_erb  = 'cd_nagios/httpd/forward_conf.erb'
 $ng_get_cert_erb      = 'cd_nagios/certbot/get_cert.erb'
 $ng_unless_get_cert   = 'cd_nagios/certbot/unless_get_cert.erb'
 $ng_unless_renew_erb  = 'cd_nagios/certbot/unless_renew_cert.erb'
-$ng_create_tempvhost  = 'cd_nagios/certbot/create_tempfile.erb'
-$ng_certbot_temp_file = '/etc/httpd/conf.d/certbot_temp.conf'
+$ng_index_html_file   = '/var/www/html/index.html'
+$ng_index_html_erb    = 'cd_nagios/httpd/index_html.erb'
 
 # includes must be last
 
@@ -2313,7 +2312,7 @@ $ng_certbot_temp_file = '/etc/httpd/conf.d/certbot_temp.conf'
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
index 6bbb2d1..0d12d12 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aselinux_3A_3Aconfig.html
@@ -249,7 +249,7 @@ class cd_nagios::selinux::config (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
index 1fd0278..63ff744 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aaccess_rules.html
@@ -195,7 +195,7 @@ class cd_nagios::server::access_rules (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
index 4ed64f9..4f50930 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Afiles.html
@@ -230,64 +230,7 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.
    
 121
 122
 123
-124
-125
-126
-127
-128
-129
-130
-131
-132
-133
-134
-135
-136
-137
-138
-139
-140
-141
-142
-143
-144
-145
-146
-147
-148
-149
-150
-151
-152
-153
-154
-155
-156
-157
-158
-159
-160
-161
-162
-163
-164
-165
-166
-167
-168
-169
-170
-171
-172
-173
-174
-175
-176
-177
-178
-179
-180
-181
    
+124
    # File 'manifests/server/files.pp', line 23
@@ -301,107 +244,68 @@ class cd_nagios::server::files (
       if $ng_enable_certbot == true {
 
         require cd_nagios::certbot::config
-        require cd_nagios::main::dirs
 
-        # manage nagios.cfg
-
-
-        # manage cgi.cfg
-
-        file { $ng_cgi_cfg_file:
-          ensure    =>  file,
-          path      =>  $ng_cgi_cfg_file,
-          owner     =>  'root',
-          group     =>  'root',
-          mode      =>  '0644',
-          selrange  =>  s0,
-          selrole   =>  object_r,
-          seltype   =>  nagios_etc_t,
-          seluser   =>  system_u,
-          content   =>  template($ng_cgi_cfg_erb),
-          notify    =>  Service[$ng_service],
-        }
-
-        # manage nagios.conf for httpd
-
-        file { $ng_nagios_conf:
-          ensure    =>  file,
-          path      =>  $ng_nagios_conf,
-          owner     =>  'root',
-          group     =>  'root',
-          mode      =>  '0644',
-          selrange  =>  s0,
-          selrole   =>  object_r,
-          seltype   =>  httpd_config_t,
-          seluser   =>  system_u,
-          content   =>  template($ng_nagios_conf_erb),
-          notify    =>  Service[$ae_service],
-        }
-
-        if $ng_http_https_fw == true {
-          file { $ng_forward_conf:
-            ensure    =>  file,
-            path      =>  $ng_forward_conf,
-            owner     =>  'root',
-            group     =>  'root',
-            mode      =>  '0644',
-            selrange  =>  s0,
-            selrole   =>  object_r,
-            seltype   =>  httpd_config_t,
-            seluser   =>  system_u,
-            content   =>  template($ng_forward_conf_erb),
-            notify    =>  Service[$ae_service],
-          }
-        }
-
-        # manage welcome.conf for nagios web server
-
-        if $ng_disable_welcome == true {
-          file { $ng_welcome_conf:
-            ensure    =>  file,
-            path      =>  $ng_welcome_conf,
-            owner     =>  'root',
-            group     =>  'root',
-            mode      =>  '0644',
-            selrange  =>  s0,
-            selrole   =>  object_r,
-            seltype   =>  httpd_config_t,
-            seluser   =>  system_u,
-            content   =>  template($ng_welcome_conf_erb),
-            notify    =>  Service[$ae_service],
-          }
-        }
       }
     }
 
-  else {
-
     require cd_nagios::main::dirs
 
-      # manage nagios.cfg
+    # manage nagios.cfg
+
+    # manage cgi.cfg
+
+    file { $ng_cgi_cfg_file:
+      ensure    =>  file,
+      path      =>  $ng_cgi_cfg_file,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0644',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  nagios_etc_t,
+      seluser   =>  system_u,
+      content   =>  template($ng_cgi_cfg_erb),
+      notify    =>  Service[$ng_service],
+    }
+
+    # manage nagios.conf for httpd
+
+    file { $ng_nagios_conf:
+      ensure    =>  file,
+      path      =>  $ng_nagios_conf,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0644',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  httpd_config_t,
+      seluser   =>  system_u,
+      content   =>  template($ng_nagios_conf_erb),
+      notify    =>  Service[$ae_service],
+    }
+
+    # manage welcome.conf for nagios web server
+
+    file { $ng_welcome_conf:
+      ensure    =>  file,
+      path      =>  $ng_welcome_conf,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0644',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  httpd_config_t,
+      seluser   =>  system_u,
+      content   =>  template($ng_welcome_conf_erb),
+      notify    =>  Service[$ae_service],
+    }
 
 
-      # manage cgi.cfg
+    if $ng_http_https_fw == true {
 
-      file { $ng_cgi_cfg_file:
+      file { $ng_forward_conf:
         ensure    =>  file,
-        path      =>  $ng_cgi_cfg_file,
-        owner     =>  'root',
-        group     =>  'root',
-        mode      =>  '0644',
-        selrange  =>  s0,
-        selrole   =>  object_r,
-        seltype   =>  nagios_etc_t,
-        seluser   =>  system_u,
-        content   =>  template($ng_cgi_cfg_erb),
-        notify    =>  Service[$ng_service],
-      }
-
-      # manage nagios.conf for httpd
-
-      file { $ng_nagios_conf:
-        ensure    =>  file,
-        path      =>  $ng_nagios_conf,
+        path      =>  $ng_forward_conf,
         owner     =>  'root',
         group     =>  'root',
         mode      =>  '0644',
@@ -409,44 +313,26 @@ class cd_nagios::server::files (
         selrole   =>  object_r,
         seltype   =>  httpd_config_t,
         seluser   =>  system_u,
-        content   =>  template($ng_nagios_conf_erb),
+        content   =>  template($ng_forward_conf_erb),
         notify    =>  Service[$ae_service],
       }
+    }
 
-      if $ng_http_https_fw == true {
 
-        file { $ng_forward_conf:
-          ensure    =>  file,
-          path      =>  $ng_forward_conf,
-          owner     =>  'root',
-          group     =>  'root',
-          mode      =>  '0644',
-          selrange  =>  s0,
-          selrole   =>  object_r,
-          seltype   =>  httpd_config_t,
-          seluser   =>  system_u,
-          content   =>  template($ng_forward_conf_erb),
-          notify    =>  Service[$ae_service],
-        }
-      }
+    if $ng_enable_index == true {
 
-      # manage welcome.conf for nagios web server
-
-      if $ng_disable_welcome == true {
-
-        file { $ng_welcome_conf:
-          ensure    =>  file,
-          path      =>  $ng_welcome_conf,
-          owner     =>  'root',
-          group     =>  'root',
-          mode      =>  '0644',
-          selrange  =>  s0,
-          selrole   =>  object_r,
-          seltype   =>  httpd_config_t,
-          seluser   =>  system_u,
-          content   =>  template($ng_welcome_conf_erb),
-          notify    =>  Service[$ae_service],
-        }
+      file { $ng_index_html_file:
+        ensure    =>  file,
+        path      =>  $ng_index_html_file,
+        owner     =>  'root',
+        group     =>  'root',
+        mode      =>  '0644',
+        selrange  =>  s0,
+        selrole   =>  object_r,
+        seltype   =>  httpd_config_t,
+        seluser   =>  system_u,
+        content   =>  template($ng_index_html_erb),
+        notify    =>  Service[$ae_service],
       }
     }
   }
@@ -458,7 +344,7 @@ class cd_nagios::server::files (
 
 
       
diff --git a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
index 015ee17..ddcb54a 100644
--- a/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
+++ b/doc/puppet_classes/cd_nagios_3A_3Aserver_3A_3Aservice.html
@@ -174,7 +174,7 @@ class cd_nagios::server::service (
 
 
       
diff --git a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
index 646a425..067dda4 100644
--- a/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
+++ b/doc/puppet_defined_types/cd_nagios_3A_3Aserver_3A_3Aaccess.html
@@ -220,7 +220,7 @@ $ng_service       = $::cd_nagios::params::ng_service
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index 8a49ac2..4197551 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@
 
 
       
diff --git a/manifests/certbot/config.pp b/manifests/certbot/config.pp
index 568bcdb..1e86b4d 100644
--- a/manifests/certbot/config.pp
+++ b/manifests/certbot/config.pp
@@ -30,31 +30,6 @@ class cd_nagios::certbot::config (
 
         require cd_certbot
 
-        # ensure there is no forward vhost file
-
-        exec { 'remove_forward_vhost':
-          command   =>  "rm -Rf ${ng_forward_conf}",
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-        }
-
-        exec { 'remove_nagios_conf':
-          command   =>  "rm -Rf ${ng_nagios_conf}",
-          creates   =>  '/etc/httpd/conf.d/.cert_created',
-          require   =>  Exec['remove_forward_vhost'],
-        }
-
-        # create temp vhost file
-
-        exec { 'create_temp_vhost':
-          command   =>  template('cd_nagios/certbot/create_tempfile.erb'),
-          cwd       =>  '/tmp',
-          path      =>  ['/bin','/usr/bin'],
-          provider  =>  'shell',
-          creates   =>  '/etc/httpd/conf.d/.created',
-          notify    =>  Service['httpd'],
-          require   =>  Exec['remove_nagios_conf'],
-        }
-
         # create cert
 
         exec { 'create_cert':
@@ -68,18 +43,6 @@ class cd_nagios::certbot::config (
           require   =>  Exec['create_temp_vhost'],
         }
 
-        # remove temp_vhost
-
-        exec { 'remove_temp_vhost':
-          command   =>  "rm -Rf ${ng_certbot_temp_file}",
-          cwd       =>  '/tmp',
-          path      =>  ['/bin','/usr/bin'],
-          provider  =>  'shell',
-          notify    =>  Service['httpd'],
-          require   =>  Exec['create_cert'],
-          creates   =>  "/etc/letsencrypt/live/${ng_nagios_server}/cert.pem",
-        }
-
         # renew certs
 
         exec {  'renew_cert':
diff --git a/manifests/params.pp b/manifests/params.pp
index 20c01f2..9a5a6c1 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -200,15 +200,14 @@
 # @param  [string] ng_required_ips string of **__Ip addresses __** for hosts which
 #   should be allowed/reqired. Requires format 'ipaddress ip address range'.
 #   If you want no restriction, choose '0.0.0.0/0'
-# @param  [boolean] ng_disable_welcome Whether the regular welcome screen should
-#   be disabled. this is required for the nagios http check on the nagios server
-#    to be successful.
 # @param [boolean]  ng_enable_certbot Whether to use certbot for automated TLS
 #   certificate management
 # @param  [string]  ng_certbot_cert_path the path for certbot to place
-#   challenges for teh certification process.
+#   challenges for the certification process.
 # @param  [string] ng_mail_user email address to receive administrative mail.
 #   used for nagios itself as well as for certbot.
+# @param  [boolean] ng_enable_index Whether to create an index file to allow
+#   httpd checks with nagios on the nagios server.
 ###############################################################################
 class cd_nagios::params (
 
@@ -320,7 +319,7 @@ $ng_use_selinux_tools = true,
 # httpd
 $ng_required_hosts    = '',
 $ng_required_ips      = '127.0.0.0/8',
-$ng_disable_welcome   = true,
+$ng_enable_index      = true,
 
 # certbot
 $ng_enable_certbot    = true,
@@ -375,8 +374,8 @@ $ng_forward_conf_erb  = 'cd_nagios/httpd/forward_conf.erb'
 $ng_get_cert_erb      = 'cd_nagios/certbot/get_cert.erb'
 $ng_unless_get_cert   = 'cd_nagios/certbot/unless_get_cert.erb'
 $ng_unless_renew_erb  = 'cd_nagios/certbot/unless_renew_cert.erb'
-$ng_create_tempvhost  = 'cd_nagios/certbot/create_tempfile.erb'
-$ng_certbot_temp_file = '/etc/httpd/conf.d/certbot_temp.conf'
+$ng_index_html_file   = '/var/www/html/index.html'
+$ng_index_html_erb    = 'cd_nagios/httpd/index_html.erb'
 
 # includes must be last
 
diff --git a/manifests/server/files.pp b/manifests/server/files.pp
index 22cbd91..411022e 100644
--- a/manifests/server/files.pp
+++ b/manifests/server/files.pp
@@ -29,107 +29,68 @@ class cd_nagios::server::files (
       if $ng_enable_certbot == true {
 
         require cd_nagios::certbot::config
-        require cd_nagios::main::dirs
 
-        # manage nagios.cfg
-
-
-        # manage cgi.cfg
-
-        file { $ng_cgi_cfg_file:
-          ensure    =>  file,
-          path      =>  $ng_cgi_cfg_file,
-          owner     =>  'root',
-          group     =>  'root',
-          mode      =>  '0644',
-          selrange  =>  s0,
-          selrole   =>  object_r,
-          seltype   =>  nagios_etc_t,
-          seluser   =>  system_u,
-          content   =>  template($ng_cgi_cfg_erb),
-          notify    =>  Service[$ng_service],
-        }
-
-        # manage nagios.conf for httpd
-
-        file { $ng_nagios_conf:
-          ensure    =>  file,
-          path      =>  $ng_nagios_conf,
-          owner     =>  'root',
-          group     =>  'root',
-          mode      =>  '0644',
-          selrange  =>  s0,
-          selrole   =>  object_r,
-          seltype   =>  httpd_config_t,
-          seluser   =>  system_u,
-          content   =>  template($ng_nagios_conf_erb),
-          notify    =>  Service[$ae_service],
-        }
-
-        if $ng_http_https_fw == true {
-          file { $ng_forward_conf:
-            ensure    =>  file,
-            path      =>  $ng_forward_conf,
-            owner     =>  'root',
-            group     =>  'root',
-            mode      =>  '0644',
-            selrange  =>  s0,
-            selrole   =>  object_r,
-            seltype   =>  httpd_config_t,
-            seluser   =>  system_u,
-            content   =>  template($ng_forward_conf_erb),
-            notify    =>  Service[$ae_service],
-          }
-        }
-
-        # manage welcome.conf for nagios web server
-
-        if $ng_disable_welcome == true {
-          file { $ng_welcome_conf:
-            ensure    =>  file,
-            path      =>  $ng_welcome_conf,
-            owner     =>  'root',
-            group     =>  'root',
-            mode      =>  '0644',
-            selrange  =>  s0,
-            selrole   =>  object_r,
-            seltype   =>  httpd_config_t,
-            seluser   =>  system_u,
-            content   =>  template($ng_welcome_conf_erb),
-            notify    =>  Service[$ae_service],
-          }
-        }
       }
     }
 
-  else {
-
     require cd_nagios::main::dirs
 
-      # manage nagios.cfg
+    # manage nagios.cfg
+
+    # manage cgi.cfg
+
+    file { $ng_cgi_cfg_file:
+      ensure    =>  file,
+      path      =>  $ng_cgi_cfg_file,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0644',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  nagios_etc_t,
+      seluser   =>  system_u,
+      content   =>  template($ng_cgi_cfg_erb),
+      notify    =>  Service[$ng_service],
+    }
+
+    # manage nagios.conf for httpd
+
+    file { $ng_nagios_conf:
+      ensure    =>  file,
+      path      =>  $ng_nagios_conf,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0644',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  httpd_config_t,
+      seluser   =>  system_u,
+      content   =>  template($ng_nagios_conf_erb),
+      notify    =>  Service[$ae_service],
+    }
+
+    # manage welcome.conf for nagios web server
+
+    file { $ng_welcome_conf:
+      ensure    =>  file,
+      path      =>  $ng_welcome_conf,
+      owner     =>  'root',
+      group     =>  'root',
+      mode      =>  '0644',
+      selrange  =>  s0,
+      selrole   =>  object_r,
+      seltype   =>  httpd_config_t,
+      seluser   =>  system_u,
+      content   =>  template($ng_welcome_conf_erb),
+      notify    =>  Service[$ae_service],
+    }
 
 
-      # manage cgi.cfg
+    if $ng_http_https_fw == true {
 
-      file { $ng_cgi_cfg_file:
+      file { $ng_forward_conf:
         ensure    =>  file,
-        path      =>  $ng_cgi_cfg_file,
-        owner     =>  'root',
-        group     =>  'root',
-        mode      =>  '0644',
-        selrange  =>  s0,
-        selrole   =>  object_r,
-        seltype   =>  nagios_etc_t,
-        seluser   =>  system_u,
-        content   =>  template($ng_cgi_cfg_erb),
-        notify    =>  Service[$ng_service],
-      }
-
-      # manage nagios.conf for httpd
-
-      file { $ng_nagios_conf:
-        ensure    =>  file,
-        path      =>  $ng_nagios_conf,
+        path      =>  $ng_forward_conf,
         owner     =>  'root',
         group     =>  'root',
         mode      =>  '0644',
@@ -137,44 +98,26 @@ class cd_nagios::server::files (
         selrole   =>  object_r,
         seltype   =>  httpd_config_t,
         seluser   =>  system_u,
-        content   =>  template($ng_nagios_conf_erb),
+        content   =>  template($ng_forward_conf_erb),
         notify    =>  Service[$ae_service],
       }
+    }
 
-      if $ng_http_https_fw == true {
 
-        file { $ng_forward_conf:
-          ensure    =>  file,
-          path      =>  $ng_forward_conf,
-          owner     =>  'root',
-          group     =>  'root',
-          mode      =>  '0644',
-          selrange  =>  s0,
-          selrole   =>  object_r,
-          seltype   =>  httpd_config_t,
-          seluser   =>  system_u,
-          content   =>  template($ng_forward_conf_erb),
-          notify    =>  Service[$ae_service],
-        }
-      }
+    if $ng_enable_index == true {
 
-      # manage welcome.conf for nagios web server
-
-      if $ng_disable_welcome == true {
-
-        file { $ng_welcome_conf:
-          ensure    =>  file,
-          path      =>  $ng_welcome_conf,
-          owner     =>  'root',
-          group     =>  'root',
-          mode      =>  '0644',
-          selrange  =>  s0,
-          selrole   =>  object_r,
-          seltype   =>  httpd_config_t,
-          seluser   =>  system_u,
-          content   =>  template($ng_welcome_conf_erb),
-          notify    =>  Service[$ae_service],
-        }
+      file { $ng_index_html_file:
+        ensure    =>  file,
+        path      =>  $ng_index_html_file,
+        owner     =>  'root',
+        group     =>  'root',
+        mode      =>  '0644',
+        selrange  =>  s0,
+        selrole   =>  object_r,
+        seltype   =>  httpd_config_t,
+        seluser   =>  system_u,
+        content   =>  template($ng_index_html_erb),
+        notify    =>  Service[$ae_service],
       }
     }
   }
diff --git a/templates/certbot/create_tempfile.erb b/templates/certbot/create_tempfile.erb
deleted file mode 100644
index e7f4de6..0000000
--- a/templates/certbot/create_tempfile.erb
+++ /dev/null
@@ -1,11 +0,0 @@
-echo "# temporary vhost file
-  
-    ServerAdmin root@localhost
-    DocumentRoot /var/www/html
-    ServerName <%= @ng_nagios_server %>
-    
-    AllowOverride All
-    
-  
-    " > <%= @ng_certbot_temp_file %>
-touch /etc/httpd/conf.d/.created
diff --git a/templates/httpd/index_html.erb b/templates/httpd/index_html.erb
new file mode 100644
index 0000000..e69de29
diff --git a/templates/httpd/welcome_conf.erb b/templates/httpd/welcome_conf.erb
index 8a7646b..2a61ae5 100644
--- a/templates/httpd/welcome_conf.erb
+++ b/templates/httpd/welcome_conf.erb
@@ -3,25 +3,18 @@
 ###########             manual changes will be overwritten !!!        ##########
 ################################################################################
 
-#
-# This configuration file enables the default "Welcome" page if there
-# is no default index page present for the root URL.  To disable the
-# Welcome page, comment out all the lines below.
-#
-# NOTE: if this file is removed, it will be restored on upgrades.
-#
-#
-#    Options -Indexes
-#    ErrorDocument 403 /.noindex.html
-#
+
+    Options -Indexes
+    ErrorDocument 403 /.noindex.html
+
 
-#
-#    AllowOverride None
-#    Require all granted
-#
+
+    AllowOverride None
+    Require all granted
+
 
-#Alias /.noindex.html /usr/share/httpd/noindex/index.html
-#Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
-#Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
-#Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
-#Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
+Alias /.noindex.html /usr/share/httpd/noindex/index.html
+Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
+Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
+Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
+Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
diff --git a/tests/UTF_Files b/tests/UTF_Files
index a138597..ef73186 100644
--- a/tests/UTF_Files
+++ b/tests/UTF_Files
@@ -4,3 +4,4 @@
 ./.yardoc/objects/root.dat: data
 ./doc/css/style.css: HTML document, UTF-8 Unicode text, with very long lines
 ./doc/js/jquery.js: HTML document, UTF-8 Unicode text, with very long lines
+./templates/httpd/index_html.erb: empty