OP#491 update README

OP#491 update remoteip.conf
OP#491 split config files for remoteip
2026-03-12 16:42:04 +01:00 · 2026-03-12 16:37:09 +01:00 · 2026-03-12 16:22:29 +01:00
5 changed files with 6 additions and 21 deletions
--- a/README.md
+++ b/README.md
@@ -50,7 +50,7 @@ At this stage, the module is being redeveloped and being built to the latest sta
 - configures the main nagios configuration file and sets values as (pre)configured per values in params, which can be overwritten.
 - if `ng_include_nrpe`is set to `true`, the confdroid_nrpe module is automatically applied on clients ([confdroid_nrpe](https://sourcecode.confdroid.com/confdroid/confdroid_nrpe) must be in the catalogue then)
 - if `ng_enable_fail2ban`is set to `true`, a fail2ban jail and filter will be added for the Nagios service (requires confdroid_fail2ban).
- manage remoteIP logging if running behind a Loadbalancer like HAproxy: if `ng_use_lb` is set to `true`, a configuration file `etc/httpd/conf.d/loadbalancer-remoteip.conf`is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer.
+- manage remoteIP logging if running behind a Loadbalancer like HAproxy: if `ng_use_lb` is set to `true`, a configuration file `etc/httpd/conf.d/loadbalancer-remoteip.conf`is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer. Make sure to set `ng_trusted_proxy`to the proper IP or range for the loadbalancer!

 ## Repo Documentation

--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -735,7 +735,6 @@ class confdroid_nagios::params (
  $ng_cgi_cfg_file            = "${ng_main_dir}/cgi.cfg"
  $ng_cgi_cfg_erb             = 'confdroid_nagios/nagios/cgi_cfg.erb'
  $ng_remoteip_file           = '/etc/httpd/conf.d/loadbalancer-remoteip.conf'
-  $ng_loadmodule_file         = '/etc/httpd/conf.modules.d/10-remoteip.conf'

 # nagios
  $ng_target_templates        = "${ng_conf_d_dir}/nagios_templates.cfg"
--- a/manifests/server/files.pp
+++ b/manifests/server/files.pp
@@ -59,18 +59,5 @@ class confdroid_nagios::server::files (
        notify   => Service['httpd'],
      }
    }
-
-    file { $ng_loadmodule_file:
-      ensure   => file,
-      owner    => 'root',
-      group    => 'root',
-      mode     => '0644',
-      selrange => s0,
-      selrole  => object_r,
-      seltype  => httpd_conf_t,
-      seluser  => system_u,
-      content  => template('confdroid_nagios/loadbalancer/loadmodule.conf.erb'),
-      notify   => Service['httpd'],
-    }
  }
 }
--- a/templates/loadbalancer/loadmodule.conf.erb
+++ b/templates/loadbalancer/loadmodule.conf.erb
@@ -1,6 +0,0 @@
-###############################################################################
-##########    parameterized loadmodule config created by Puppet      ##########
-##########      manual changes will be overwritten !!!               ##########
-###############################################################################
-
-LoadModule remoteip_module modules/mod_remoteip.so
--- a/templates/loadbalancer/remoteip.conf.erb
+++ b/templates/loadbalancer/remoteip.conf.erb
@@ -5,3 +5,8 @@

 RemoteIPHeader X-Forwarded-For
 RemoteIPTrustedProxy <%= @ng_trusted_proxy %>
+RemoteIPInternalProxy <%= @ng_trusted_proxy %>
+
+# mod_remoteip rewrites client address for %a; use it in common/combined logs.
+LogFormat "%a %l %u %t \"%r\" %>s %b" common
+LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
Author	SHA1	Message	Date
12ww1160	3d0ff148fa	OP#491 update README	2026-03-12 16:42:04 +01:00
12ww1160	708662c53a	OP#491 update remoteip.conf	2026-03-12 16:37:09 +01:00
12ww1160	e301619012	OP#491 split config files for remoteip	2026-03-12 16:22:29 +01:00