Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

ok let us try this non location on external to get nagios to work

Browse source
This commit is contained in:
Stephen Smoogen 2017-06-23 16:54:37 +00:00
parent 707e0e606d
commit 73c9a0b035
1 changed files with 41 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

60
roles/nagios_server/templates/httpd/nagios.conf.j2
View file

@ -1,23 +1,14 @@
# noc1
# Set up the script aliases
ScriptAlias /nagios/cgi-bin/ /usr/lib64/nagios/cgi-bin/
ScriptAlias /tac.cgi /usr/lib64/nagios/cgi-bin/tac.cgi
ScriptAlias /tac.cgi /usr/lib64/nagios/cgi-bin/tac.cgi
# Set up the authorization
{% if vars['nagios_location'] == 'internal' %}
<Location />
AuthName "Nagios GSSAPI Login"
{% if env == "production" %}
{% if vars['nagios_location'] == 'internal' %}
GssapiCredStore keytab:/etc/krb5.HTTP_nagios.fedoraproject.org.keytab
{% else %}
GssapiCredStore keytab:/etc/krb5.HTTP_nagios-external.fedoraproject.org.keytab
{% endif %}
{% else %}
{% if vars['nagios_location'] == 'internal' %}
GssapiCredStore keytab:/etc/krb5.HTTP_nagios.stg.fedoraproject.org.keytab
{% else %}
GssapiCredStore keytab:/etc/krb5.HTTP_nagios-external.stg.fedoraproject.org.keytab
{% endif %}
{% endif %}
GssapiCredStore keytab:/etc/krb5.HTTP_nagios{{env_suffix}}.fedoraproject.org.keytab
AuthType GSSAPI
# This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
GssapiSSLonly Off
@ -29,12 +20,43 @@ ScriptAlias /tac.cgi /usr/lib64/nagios/cgi-bin/tac.cgi
Options ExecCGI
</Location>
<Directory "/usr/share/nagios/html">
Options None
</Directory>
RewriteEngine on
RewriteRule ^/$ /nagios/ [R]
Alias /nagios /usr/share/nagios/html/
<Directory "/usr/share/nagios/html">
Options None
</Directory>
{% else %}
<Directory "/usr/lib64/nagios/cgi-bin/">
SSLRequireSSL
Options ExecCGI
AllowOverride None
AuthName "Nagios GSSAPI Login"
GssapiCredStore keytab:/etc/krb5.HTTP_nagios-external{{env_suffix}}.fedoraproject.org.keytab
AuthType GSSAPI
# This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
GssapiSSLonly Off
GssapiLocalName on
Require valid-user
</Directory>
Alias /nagios "/usr/share/nagios/html"
<Directory "/usr/share/nagios/html">
SSLRequireSSL
Options None
AllowOverride None
AuthName "Nagios GSSAPI Login"
GssapiCredStore keytab:/etc/krb5.HTTP_nagios-external{{env_suffix}}.fedoraproject.org.keytab
AuthType GSSAPI
# This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
GssapiSSLonly Off
GssapiLocalName on
Require valid-user
</Directory>
{% endif %}