# apache configuration for nagios 4.x

ScriptAlias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4
ScriptAlias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4

# Where the stylesheets (config files) reside
Alias /nagios4/stylesheets /etc/nagios4/stylesheets

# Where the HTML pages live
Alias /nagios4 /usr/share/nagios4/htdocs

<DirectoryMatch (/usr/share/nagios4/htdocs|/usr/lib/cgi-bin/nagios4|/etc/nagios4/stylesheets)>
    Options FollowSymLinks
    DirectoryIndex index.php index.html
    AllowOverride AuthConfig
    #
    # The default Debian nagios4 install sets use_authentication=0 in
    # /etc/nagios4/cgi.cfg, which turns off nagos's internal authentication.
    # This is insecure.  As a compromise this default apache2 configuration
    # only allows private IP addresses access.
    #
    # The <Files>...</Files> below shows how you can secure the nagios4
    # web site so anybody can view it, but only authenticated users can issue
    # commands (such as silence notifications).  To do that replace the
    # "Require all granted" with "Require valid-user", and use htdigest
    # program from the apache2-utils package to add users to
    # /etc/nagios4/htdigest.users.
    #
    # A step up is to insist all users validate themselves by moving
    # the stanza's in the <Files>..<Files> into the <DirectoryMatch>.
    # Then by setting use_authentication=1 in /etc/nagios4/cgi.cfg you
    # can configure which people get to see a particular service from
    # within the nagios configuration.
    #
    #Require ip ::1/128 fc00::/7 fe80::/10 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16
    AuthDigestDomain "Nagios4"
    AuthDigestProvider file
    AuthUserFile        "/etc/nagios4/htdigest.users"
    AuthGroupFile       "/etc/group"
    AuthName    "Nagios4"
    AuthType    Digest
    #Require all        granted
    Require     valid-user
</DirectoryMatch>

<Directory /usr/share/nagios4/htdocs>
    Options     +ExecCGI
</Directory>