--- /dev/null
+# apache configuration for nagios 4.x
+
+#ScriptAlias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4
+#ScriptAlias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4
+Alias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4
+Alias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4
+
+# Where the stylesheets (config files) reside
+Alias /nagios4/stylesheets /etc/nagios4/stylesheets
+
+# Where the HTML pages live
+Alias /nagios4 /usr/share/nagios4/htdocs
+
+<DirectoryMatch (/usr/share/nagios4/htdocs|/usr/lib/cgi-bin/nagios4|/etc/nagios4/stylesheets)>
+ Options FollowSymLinks
+ DirectoryIndex index.php index.html
+ AllowOverride AuthConfig
+ #
+ # The default Debian nagios4 install sets use_authentication=0 in
+ # /etc/nagios4/cgi.cfg, which turns off nagos's internal authentication.
+ # This is insecure. As a compromise this default apache2 configuration
+ # only allows private IP addresses access.
+ #
+ # The <Files>...</Files> below shows how you can secure the nagios4
+ # web site so anybody can view it, but only authenticated users can issue
+ # commands (such as silence notifications). To do that replace the
+ # "Require all granted" with "Require valid-user", and use htdigest
+ # program from the apache2-utils package to add users to
+ # /etc/nagios4/htdigest.users.
+ #
+ # A step up is to insist all users validate themselves by moving
+ # the stanza's in the <Files>..<Files> into the <DirectoryMatch>.
+ # Then by setting use_authentication=1 in /etc/nagios4/cgi.cfg you
+ # can configure which people get to see a particular service from
+ # within the nagios configuration.
+ #
+
+ AuthDigestDomain "Nagios4"
+ AuthDigestProvider file
+ AuthUserFile "/etc/apache2/htdigest"
+ AuthGroupFile "/etc/apache2/htgroups"
+ AuthName "dehnerts.com"
+ AuthType Digest
+ Require group nagios
+ #Require valid-user
+</DirectoryMatch>
+
+<Directory /usr/share/nagios4/htdocs>
+ Options +ExecCGI
+</Directory>
+
+<Directory /usr/lib/cgi-bin/nagios4>
+ Options +ExecCGI
+</Directory>
--- /dev/null
+# Redirect to local php-fpm if mod_php is not available
+<IfModule !mod_php8.c>
+<IfModule proxy_fcgi_module>
+ # Enable http authorization headers
+ <IfModule setenvif_module>
+ SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+ </IfModule>
+
+ <FilesMatch ".+\.ph(ar|p|tml)$">
+ SetHandler "proxy:unix:/run/php/php8.1-fpm.sock|fcgi://localhost"
+ </FilesMatch>
+# The default configuration works for most of the installation, however it could
+# be improved in various ways. One simple improvement is to not pass files that
+# doesn't exist to the handler as shown below, for more configuration examples
+# see https://wiki.apache.org/httpd/PHP-FPM
+# <FilesMatch ".+\.ph(ar|p|tml)$">
+# <If "-f %{REQUEST_FILENAME}">
+# SetHandler "proxy:unix:/run/php/php8.1-fpm.sock|fcgi://localhost"
+# </If>
+# </FilesMatch>
+ <FilesMatch ".+\.phps$">
+ # Deny access to raw php sources by default
+ # To re-enable it's recommended to enable access to the files
+ # only in specific virtual host or directory
+ Require all denied
+ </FilesMatch>
+ # Deny access to files without filename (e.g. '.php')
+ <FilesMatch "^\.ph(ar|p|ps|tml)$">
+ Require all denied
+ </FilesMatch>
+</IfModule>
+</IfModule>
projects / sysconfig / apache2.git / commitdiff