ok lets clean this up and just let patrick figure it out

2017-06-23 17:59:48 +00:00 · 2017-06-23 17:59:48 +00:00 · 9ff288e8dc
commit 9ff288e8dc
parent 19e61955b4
1 changed files with 10 additions and 33 deletions
--- a/roles/nagios_server/templates/httpd/nagios.conf.j2
+++ b/roles/nagios_server/templates/httpd/nagios.conf.j2
@ -4,41 +4,18 @@ ScriptAlias /tac.cgi         /usr/lib64/nagios/cgi-bin/tac.cgi

 # Set up the authorization

-{% if vars['nagios_location'] == 'internal' %}
-
-<Location />
+<Location /nagios>
  AuthName "Nagios GSSAPI Login"
+{% if vars['nagios_location'] == 'internal' %}
  GssapiCredStore keytab:/etc/krb5.HTTP_nagios{{env_suffix}}.fedoraproject.org.keytab
-  AuthType GSSAPI
  # This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
  GssapiSSLonly Off
-  GssapiLocalName on
-  Require valid-user
-</Location>
-
-<Location ~ "/(nagios)/cgi-bin/">
-  Options ExecCGI
-</Location>
-
-RewriteEngine on
-RewriteRule ^/$ /nagios/ [R]
-
-Alias /nagios /usr/share/nagios/html/
-<Directory "/usr/share/nagios/html">
-  Options None
-</Directory>
-
 {% else %}
-
-Alias /nagios "/usr/share/nagios/html"
-
-<Location ~ /nagios/>
-  AuthName "Nagios GSSAPI Login"
  GssapiCredStore keytab:/etc/krb5.HTTP_nagios-external{{env_suffix}}.fedoraproject.org.keytab
-  AuthType GSSAPI
  GssapiSSLonly On
+{% endif %}
  GssapiLocalName on
-  GssapiPublishErrors On
+  AuthType GSSAPI
  Require valid-user
 </Location>

@ -46,12 +23,12 @@ Alias /nagios "/usr/share/nagios/html"
  Options ExecCGI
 </Location>

+{% if vars['nagios_location'] == 'internal' %}
+RewriteEngine on
+RewriteRule ^/$ /nagios/ [R]
+{% endif %}
+
+Alias /nagios /usr/share/nagios/html/
 <Directory "/usr/share/nagios/html">
  Options None
 </Directory>
-
-
-{% endif %}
-
-
-