# apache configuration for nagios 4.x

#ScriptAlias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4
#ScriptAlias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4
Alias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4
Alias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4

# Where the stylesheets (config files) reside
Alias /nagios4/stylesheets /etc/nagios4/stylesheets

# Where the HTML pages live
Alias /nagios4 /usr/share/nagios4/htdocs

<DirectoryMatch (/usr/share/nagios4/htdocs|/usr/lib/cgi-bin/nagios4|/etc/nagios4/stylesheets)>
    Options FollowSymLinks
    DirectoryIndex index.php index.html
    AllowOverride AuthConfig
    #
    # The default Debian nagios4 install sets use_authentication=0 in
    # /etc/nagios4/cgi.cfg, which turns off nagos's internal authentication.
    # This is insecure.  As a compromise this default apache2 configuration
    # only allows private IP addresses access.
    #
    # The <Files>...</Files> below shows how you can secure the nagios4
    # web site so anybody can view it, but only authenticated users can issue
    # commands (such as silence notifications).  To do that replace the
    # "Require all granted" with "Require valid-user", and use htdigest
    # program from the apache2-utils package to add users to
    # /etc/nagios4/htdigest.users.
    #
    # A step up is to insist all users validate themselves by moving
    # the stanza's in the <Files>..<Files> into the <DirectoryMatch>.
    # Then by setting use_authentication=1 in /etc/nagios4/cgi.cfg you
    # can configure which people get to see a particular service from
    # within the nagios configuration.
    # 

    AuthDigestDomain "Nagios4"
    AuthDigestProvider file
    AuthUserFile	"/etc/apache2/htdigest"
    AuthGroupFile	"/etc/apache2/htgroups"
    AuthName	"dehnerts.com"
    AuthType	Digest
    Require group   nagios
    #Require	valid-user
</DirectoryMatch>

<Directory /usr/share/nagios4/htdocs>
    Options	+ExecCGI	
</Directory>

<Directory /usr/lib/cgi-bin/nagios4>
    Options	+ExecCGI	
</Directory>