[Opsview-checkins] [opsview] [10201] Cleaned up apache configuration so that nagvis does not say to use

Fri, 28 Sep 2012 06:56:48 -0700

Title: [opsview] [10201] Cleaned up apache configuration so that nagvis does not say to use
Revision
10201
Author
tvoon
Date
2012-09-28 14:56:43 +0100 (Fri, 28 Sep 2012)

Log Message

Cleaned up apache configuration so that nagvis does not say to use
basic auth any more, and that apache_ssl only handles SSL configuration
and that you should use the apache_proxy for normally purposes


Modified Paths




Added Paths




Removed Paths




Modified: trunk/CHANGES
===================================================================
--- trunk/CHANGES	2012-09-28 12:56:43 UTC (rev 10200)
+++ trunk/CHANGES	2012-09-28 13:56:43 UTC (rev 10201)
@@ -1,7 +1,14 @@
 This documents the major changes between releases
 
-????? ???
+??????
     FEATURES:
+    ENHANCEMENTS:
+    NOTICES:
+    FIXES:
+    Fixed apache configuration for redundancy, specifically removing apache_proxy_ssl.conf and replacing with apache_ssl.conf
+
+3.20120925
+    FEATURES:
     Added push notifications for IOS devices
     ENHANCEMENTS:
     REST API for listing currently running monitoring servers

Modified: trunk/opsview-core/filelist
===================================================================
--- trunk/opsview-core/filelist	2012-09-28 12:56:43 UTC (rev 10200)
+++ trunk/opsview-core/filelist	2012-09-28 13:56:43 UTC (rev 10201)
@@ -621,7 +621,7 @@
 f nagios:nagios 0750 /usr/local/nagios/bin/nagconfgen.pl bin/nagconfgen.pl
 
 f nagios:nagios 0644 /usr/local/nagios/installer/apache_proxy.conf installer/apache_proxy.conf
-f nagios:nagios 0644 /usr/local/nagios/installer/apache_proxy_ssl.conf installer/apache_proxy_ssl.conf
+f nagios:nagios 0644 /usr/local/nagios/installer/apache_ssl.conf   installer/apache_ssl.conf
 f nagios:nagios 0644 /usr/local/nagios/installer/apache_opsview_slave.conf installer/apache_opsview_slave.conf
 f nagios:nagios 0555 /usr/local/nagios/installer/check_hostgroup_restrictions installer/check_hostgroup_restrictions
 f nagios:nagios 0555 /usr/local/nagios/installer/check_reqs        installer/check_reqs

Modified: trunk/opsview-core/installer/apache_dir.conf
===================================================================
--- trunk/opsview-core/installer/apache_dir.conf	2012-09-28 12:56:43 UTC (rev 10200)
+++ trunk/opsview-core/installer/apache_dir.conf	2012-09-28 13:56:43 UTC (rev 10201)
@@ -1,3 +1,4 @@
+// This is only to be used for base Nagios installs, for testing
 ScriptAlias /cgi-bin/ /usr/local/nagios/sbin/
 <Directory "/usr/local/nagios/sbin/">
     AllowOverride AuthConfig

Deleted: trunk/opsview-core/installer/apache_fastcgi.conf
===================================================================
--- trunk/opsview-core/installer/apache_fastcgi.conf	2012-09-28 12:56:43 UTC (rev 10200)
+++ trunk/opsview-core/installer/apache_fastcgi.conf	2012-09-28 13:56:43 UTC (rev 10201)
@@ -1,8 +0,0 @@
-
-# Cannot do this in a virtual host
-# Need to startup the Catalyst app as nagios user with
-# ./script/opsview_web_fastcgi.pl -n 4 -p /usr/local/nagios/var/fastcgi.pid -d -l /tmp/opsview_web_socket
-
-FastCgiExternalServer /tmp/somewhere -socket /tmp/opsview_web_socket
-Alias / /tmp/somewhere/
-

Deleted: trunk/opsview-core/installer/apache_opsview.conf
===================================================================
--- trunk/opsview-core/installer/apache_opsview.conf	2012-09-28 12:56:43 UTC (rev 10200)
+++ trunk/opsview-core/installer/apache_opsview.conf	2012-09-28 13:56:43 UTC (rev 10201)
@@ -1,39 +0,0 @@
-<VirtualHost *>
-ServerName opsviewtest1.opsview.com
-ServerAdmin [email protected]
-
-DocumentRoot /usr/local/nagios/share
-
-Alias /test.html /usr/local/nagios/doc/README
-
-ScriptAlias /cgi-bin/ /usr/local/nagios/sbin/
-<Directory "/usr/local/nagios/sbin/">
-    AllowOverride AuthConfig
-    Options ExecCGI FollowSymLinks
-    Order allow,deny
-    Allow from all
-
-    AuthName "Nagios Access"
-    AuthType Basic
-    AuthUserFile /usr/local/nagios/etc/htpasswd.users
-    require valid-user
-</Directory>
-
-Alias / /usr/local/nagios/share/
-<Directory "/usr/local/nagios/share">
-    AllowOverride AuthConfig
-    Options None
-    Order allow,deny
-    Allow from all
-</Directory>
-
-# This will need to be amended per OS
-# Best left here because of post-logrotate scripts
-# Would make sense to write to /usr/local/nagios only if
-# we distribute Apache ourselves. Otherwise, use pre-packaged locations
-ErrorLog /var/log/apache2/nagios_error.log
-# Don't leave loglevel at debug
-#LogLevel debug
-CustomLog /var/log/apache2/nagios_access.log combined
-
-</VirtualHost> 

Modified: trunk/opsview-core/installer/apache_proxy.conf
===================================================================
--- trunk/opsview-core/installer/apache_proxy.conf	2012-09-28 12:56:43 UTC (rev 10200)
+++ trunk/opsview-core/installer/apache_proxy.conf	2012-09-28 13:56:43 UTC (rev 10201)
@@ -41,15 +41,11 @@
 #RewriteRule ^/webmin(.*) https://%{SERVER_NAME}:10000/$1 [R=permanent,L]
 
 # Ensure the apache user is a member of the nagcmd group.
-#<Directory /usr/local/nagios/nagvis>
-#    Order allow,deny
-#    Allow from all
-#</Directory>
 Alias /nagvis /usr/local/nagios/nagvis
 ProxyPass /nagvis !
-# Have two authentication options for Nagvis.
-# Authtkt requires the AuthTkt apache module and allows single-sign-on with Opsview
-# Set this to the same as the shared secret in opsview.conf
+# Authentication for Nagvis requires the AuthTkt apache module, which is installed with Opsview
+# This enables single-sign-on
+# IMPORTANT: Set this to the same as the shared secret in opsview.conf
 TKTAuthSecret "shared-secret-please-change"
 <Location /nagvis>
    Options +Indexes

Deleted: trunk/opsview-core/installer/apache_proxy_ssl.conf
===================================================================
--- trunk/opsview-core/installer/apache_proxy_ssl.conf	2012-09-28 12:56:43 UTC (rev 10200)
+++ trunk/opsview-core/installer/apache_proxy_ssl.conf	2012-09-28 13:56:43 UTC (rev 10201)
@@ -1,93 +0,0 @@
-# This is the apache configuration when running opsview-web over a proxy mechanism
-# You also need to set 
-#   $use_https=1;
-# in opsview.conf and restart opsview-web
-#
-#<VirtualHost *:443>
-#ServerName 195.137.61.81
-#ServerAdmin [email protected]
-SSLEngine on
-SSLCertificateFile    /path/to/server.crt
-SSLCertificateKeyFile /path/to//server.key
-
-SSLVerifyClient none
-
-# Any files in here will be served by Apache
-DocumentRoot /usr/local/nagios/share
-
-# This alias required so that Apache serves NMIS' static files
-Alias /static/nmis/ "/usr/local/nagios/nmis/htdocs/"
-
-ProxyRequests Off
-<Proxy *>
-	Order deny,allow
-	Allow from all
-</Proxy>
-
-# Don't proxy error pages as these are served statically
-ProxyPass /error_pages !
-ProxyPass /_javascript_ !
-ProxyPass /stylesheets !
-ProxyPass /help !
-ProxyPass /images !
-ProxyPass /xml !
-ProxyPass /favicon.ico !
-ProxyPass /graphs !
-ProxyPass /static !
-ProxyPass /media !
-
-# Enables Nagvis - requires php5
-# Ensure the apache user is a member of the nagcmd group.
-#Alias /nagvis /usr/local/nagios/nagvis
-#ProxyPass /nagvis !
-# Have two authentication options for Nagvis.
-# Authtkt requires the AuthTkt apache module and allows single-sign-on with Opsview
-# Set this to the same as the shared secret in opsview.conf
-#TKTAuthSecret "shared-secret-please-change"
-#<Location /nagvis>
-#   AuthType None
-#   TKTAuthLoginURL /login?app=nagvis
-#   TKTAuthTimeout 86400s
-#   # Set below if you are getting "ticket is invalid" messages and you have multiple proxies in front of Opsview
-#   # You also need to set Opsview Web to ignore ip: http://docs.opsview.com/doku.php?id=opsview-core:webauthentication
-#   #TKTAuthIgnoreIP on
-#   require valid-user
-#</Location>
-# Alternatively use Basic auth. Point to Nagios' htpasswd file
-#<Location /nagvis>
-#   AuthType Basic
-#   AuthName "Opsview"
-#   AuthUserFile /usr/local/nagios/etc/htpasswd.users
-#   require valid-user
-#</Location>
-
-# Enables websvn for RANCID integration - requires php5
-#Alias /websvn /opt/opsview/repository
-#ProxyPass /websvn !
-# See above section for nagvis to set 'TKTAuthSecret' and other comments
-#<Location /websvn>
-#   AuthType None
-#   TKTAuthLoginURL /login?app=websvn
-#   TKTAuthTimeout 86400s
-#   #TKTAuthIgnoreIP on
-#   require valid-user
-#</Location>
-# Alternatively use Basic auth. Point to Nagios' htpasswd file
-#<Location /websvn>
-#   AuthType Basic
-#   AuthName "Opsview"
-#   AuthUserFile /usr/local/nagios/etc/htpasswd.users
-#   require valid-user
-#</Location>
-
-# Our own upstream proxy error page
-ErrorDocument 502 /error_pages/http502.html
-# Remove line below for apache < 2.2
-ErrorDocument 503 /error_pages/http502.html
-
-# Remove retry=5 for apache < 2.2 as not available in older versions
-ProxyPass / http://127.0.0.1:3000/ retry=5
-ProxyPassReverse / http://127.0.0.1:3000/
-#ProxyPreserveHost On
-
-#</VirtualHost>

Copied: trunk/opsview-core/installer/apache_ssl.conf (from rev 10200, trunk/opsview-core/installer/apache_proxy_ssl.conf)
===================================================================
--- trunk/opsview-core/installer/apache_ssl.conf	                        (rev 0)
+++ trunk/opsview-core/installer/apache_ssl.conf	2012-09-28 13:56:43 UTC (rev 10201)
@@ -0,0 +1,12 @@
+# This is the apache configuration when running opsview-web over a proxy mechanism
+# You also need to set 
+#   $use_https=1;
+# in opsview.conf and restart opsview-web
+#
+SSLEngine on
+SSLCertificateFile    /path/to/server.crt
+SSLCertificateKeyFile /path/to/server.key
+
+SSLVerifyClient none
+
+# You will need to include Opsview's apache_proxy.conf file as well


Property changes on: trunk/opsview-core/installer/apache_ssl.conf
___________________________________________________________________
Added: svn:mergeinfo
   + /branches/DEV-capside/release-3.9.0/opsview-core/installer/apache_proxy_ssl.conf:6365-6370
/branches/DEV-extra-notification-data/opsview-core/installer/apache_proxy_ssl.conf:6734-6746
/branches/DEV-odw-calculations/opsview-core/installer/apache_proxy_ssl.conf:9016-9160
/branches/DEV-restapi-monitoringservers/opsview-core/installer/apache_proxy_ssl.conf:9778
/branches/DEV-snmp-multi/opsview-core/installer/apache_proxy_ssl.conf:7324-7376
/branches/US187/opsview-core/installer/apache_proxy_ssl.conf:9403-9479
/branches/US198b/opsview-core/installer/apache_proxy_ssl.conf:8875-8994
/branches/US310/opsview-core/installer/apache_proxy_ssl.conf:9851-9873
/branches/enterprise/BRAN-3.14/opsview-core/installer/apache_proxy_ssl.conf:6874,6882,6956
/branches/enterprise/DEV-professional/opsview-core/installer/apache_proxy_ssl.conf:6494-8475,8477-8478,8486,8490,8492,8494,8499-8500,8515,8518-8519,8524,8527-8529,8531-8532,8536,8538,8540-8544,8547-8552,8554,8557,8600-8601,8637,8749,8772,8897,8917,8944-8945,8947,8950-8952,8967,8969,8979,8982,8987,8998,9006,9008,9011,9013,9026,9033-9036,9038,9040,9042,9044,9048,9050-9053,9062,9064-9065,9069,9078,9081,9088,9096,9099-9101,9103,9105,9115,9118,9347,9353-9354,9411,9432,9445,9486,9538-9550,9569-9571,9620,9635,9637-9638,9645-9647,9693,9699,9721,9814,9825,9857,9879,9881,9939,10002,10029,10038-10041,10070,10086,10093
/branches/nagvis-iframe/opsview-core/installer/apache_proxy_ssl.conf:9764-9786
/branches/us168/opsview-core/installer/apache_proxy_ssl.conf:8759,8762-8763,8766-8768,8770,8774-8777,8794,8798-8799,8801-8803,8821-8822,8834,8837-8838,8932,8937,8947,8969,8977,8981,9004,9007,9009-9010,9012,9024,9049
/commercial/branches/US306-slaves/opsview-core/installer/apache_proxy_ssl.conf:9804-9823
/commercial/branches/US307-network-map/opsview-core/installer/apache_proxy_ssl.conf:9685-9837


_______________________________________________
Opsview-checkins mailing list
[email protected]
http://lists.opsview.org/lists/listinfo/opsview-checkins

Reply via email to