From 41407ad951072c299024a7c1dff8c4269990240f Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <smooge@redhat.com>
Date: Thu, 22 Jun 2017 23:42:13 +0000
Subject: [PATCH] and we have a ssl-conf file

---
 roles/nagios_server/tasks/main.yml              |  7 +++++++
 .../templates/httpd/0_nagios-external.conf      | 17 +++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 roles/nagios_server/templates/httpd/0_nagios-external.conf

diff --git a/roles/nagios_server/tasks/main.yml b/roles/nagios_server/tasks/main.yml
index faa9cf01ff..8c459f99fb 100644
--- a/roles/nagios_server/tasks/main.yml
+++ b/roles/nagios_server/tasks/main.yml
@@ -53,6 +53,13 @@
   tags:
   - nagios_server
 
+- name: Install the SSL apache module
+  yum: name={{ item }} state=present
+  with_items:
+  - mod_ssl
+  when: env == "production" and nagios_location == "external"
+
+
 ## Copy over the httpd SSL certs for external
 - name: Install the SSL cert so that we can use https
   copy: >
diff --git a/roles/nagios_server/templates/httpd/0_nagios-external.conf b/roles/nagios_server/templates/httpd/0_nagios-external.conf
new file mode 100644
index 0000000000..b868f5a449
--- /dev/null
+++ b/roles/nagios_server/templates/httpd/0_nagios-external.conf
@@ -0,0 +1,17 @@
+<VirtualHost *:80>
+   ServerName nagios-external.fedoraproject.org
+   Redirect permanent / https://nagios-external.fedoraproject.org/
+</VirtualHost>
+
+<VirtualHost *:443>
+   ServerName nagios-external.fedoraproject.org:443
+
+   SSLEngine on
+   SSLProtocol {{ ssl_protocols }}
+   SSLCipherSuite {{ ssl_ciphers }}
+   Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+
+   SSLCertificateFile /etc/pki/tls/certs/noc02.fedoraproject.org.cert
+   SSLCertificateChainFile /etc/pki/tls/certs/noc02.fedoraproject.org.intermediate.cert
+   SSLCertificateKeyFile /etc/pki/tls/certs/noc02.fedoraproject.org.key
+</VirtualHost>