# apache configuration for nagios 4.x

ScriptAlias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4
ScriptAlias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4

# Where the stylesheets (config files) reside
Alias /nagios4/stylesheets /etc/nagios4/stylesheets

# Where the HTML pages live
Alias /nagios4 /usr/share/nagios4/htdocs

<DirectoryMatch (/usr/share/nagios4/htdocs|/usr/lib/cgi-bin/nagios4|/etc/nagios4/stylesheets)>
    Options FollowSymLinks
    DirectoryIndex index.php index.html
    AllowOverride AuthConfig
    #
    # The default Debian nagios4 install sets use_authentication=0 in
    # /etc/nagios4/cgi.cfg, which turns off nagos's internal authentication.
    # This is insecure.  As a compromise this default apache2 configuration
    # only allows private IP addresses access.
    #
    # The <Files>...</Files> below shows how you can secure the nagios4
    # web site so anybody can view it, but only authenticated users can issue
    # commands (such as silence notifications).  To do that replace the
    # "Require all granted" with "Require valid-user", and use htdigest
    # program from the apache2-utils package to add users to
    # /etc/nagios4/htdigest.users.
    #
    # A step up is to insist all users validate themselves by moving
    # the stanza's in the <Files>..<Files> into the <DirectoryMatch>.
    # Then by setting use_authentication=1 in /etc/nagios4/cgi.cfg you
    # can configure which people get to see a particular service from
    # within the nagios configuration.
    # 
    Require ip	::1/128 fc00::/7 fe80::/10 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16
    <Files "cmd.cgi">
	AuthDigestDomain "Nagios4"
	AuthDigestProvider file
	AuthUserFile	"/etc/nagios4/htdigest.users"
	AuthGroupFile	"/etc/group"
	AuthName	"Nagios4"
	AuthType	Digest
	Require all	granted
	#Require	valid-user
    </Files>
</DirectoryMatch>

<Directory /usr/share/nagios4/htdocs>
    Options	+ExecCGI	
</Directory>