Apache Webserver auf SSL umstellen

DAU-Anleitung

Apache Module:

/etc/sysconfig.d/loadmodule.conf
LoadModule ssl_module                     /usr/lib/apache2-prefork/mod_ssl.so

Ueber YaST2 konfigurieren, da die Apache Module in der Datei “/etc/sysconfig/apache2“ aufgefuehrt werden!

SSL ueber Vhosts

/etc/apache2/vhosts.d/nagios-ssl.conf
<IfDefine SSL>

<VirtualHost nagios_host:443>

        ServerName nagios_host.domain.local
        ServerAdmin support@pasicx.net
        DocumentRoot /usr/local/nagios/share

        ErrorLog /var/log/apache2/error_log
        TransferLog /var/log/apache2/access_log
   SSLEngine on
   SSLCertificateFile /etc/apache2/ssl.crt/nagios.crt
   SSLCertificateKeyFile /etc/apache2/ssl.key/nagios.key
</VirtualHost>
</IfDefine>

Apache neustarten:

/usr/sbin/apache2ctl restart

Vorspiel:

cd /usr/ports/www/apache22
make config -> MOD SSL 
make deinstall && make && make all && make install

httpd.conf Beispiel:

<VirtualHost *:443>
   ServerName       nagiosservername
   DocumentRoot     /usr/local/nagios/share/
   <Directory /usr/local/nagios/sbin>
        Options ExecCGI
    </Directory>

    SSLEngine on
    SSLCertificateFile      /usr/local/etc/apache22/nagios.crt
    SSLCertificateKeyFile   /usr/local/etc/apache22/nagios.key

   ScriptAlias /nagios/cgi-bin/ /usr/local/nagios/sbin/
   Alias /nagios /usr/local/nagios/share
   <DirectoryMatch /usr/local/nagios/>
        AuthName    "Bitte Anmelden!"
        AuthType    Basic
        AuthLDAPURL ldaps:
        Require ldap-group
        Require ldap-group

        AuthLDAPGroupAttribute memberUid
        AuthLDAPGroupAttributeIsDN off
        AuthBasicProvider ldap
        AuthUserFile /dev/null
        require valid-user
    </DirectoryMatch>

    Alias /pnp4nagios "/usr/local/nagios/share/pnp4nagios/share"
    <Directory "/usr/local/nagios/share/pnp4nagios/share">
            <IfModule mod_rewrite.c>
                RewriteEngine On
                Options FollowSymLinks
                RewriteBase /pnp4nagios/
                RewriteRule ^(application|modules|system) - [F,L]
                RewriteCond %{REQUEST_FILENAME} !-f
                RewriteCond %{REQUEST_FILENAME} !-d
                RewriteRule .* index.php/$0 [PT,L]
            </IfModule>
    </Directory>
</VirtualHost>

/usr/local/etc/rc.d/apache22 configtest && /usr/local/etc/rc.d/apache22 graceful

Funktioniert ohne Probleme mit Nagios 3.2.0

Noch den rewrite ( MOD Rewrite nicht vergessen ) einbauen:

RewriteEngine   on
RewriteCond     %{SERVER_PORT}   !^443$
RewriteRule     (.*)             https://%{HTTP_HOST}/$1   [L]

Ueber „index.html“

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="de-DE">
  <head>
    <title>Monitoring/Logging System</title>
    <meta http-equiv="refresh" content="0; URL=https://nagiossystem/">
  </head>
  <body align="center" bgcolor="#ffffff">
    Redirecting to Monitoring/Logging System login ...<br>
    <a href="https://nagiossystem/">link</a>
  </body>
</html>

Rewrite folgt…