diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/.geppetto-rc.json b/modules/services/unix/http/apache_kali_compatible/apache/.geppetto-rc.json
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/.geppetto-rc.json
rename to modules/services/unix/http/apache_kali_compatible/apache/.geppetto-rc.json
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/auto_release.yml b/modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/auto_release.yml
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/auto_release.yml
rename to modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/auto_release.yml
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/nightly.yml b/modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/nightly.yml
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/nightly.yml
rename to modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/nightly.yml
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/pr_test.yml b/modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/pr_test.yml
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/pr_test.yml
rename to modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/pr_test.yml
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/release.yml b/modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/release.yml
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/release.yml
rename to modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/release.yml
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/spec.yml b/modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/spec.yml
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/.github/workflows/spec.yml
rename to modules/services/unix/http/apache_kali_compatible/apache/.github/workflows/spec.yml
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/.github_changelog_generator b/modules/services/unix/http/apache_kali_compatible/apache/.github_changelog_generator
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/.github_changelog_generator
rename to modules/services/unix/http/apache_kali_compatible/apache/.github_changelog_generator
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/.gitpod.Dockerfile b/modules/services/unix/http/apache_kali_compatible/apache/.gitpod.Dockerfile
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/.gitpod.Dockerfile
rename to modules/services/unix/http/apache_kali_compatible/apache/.gitpod.Dockerfile
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/.gitpod.yml b/modules/services/unix/http/apache_kali_compatible/apache/.gitpod.yml
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/.gitpod.yml
rename to modules/services/unix/http/apache_kali_compatible/apache/.gitpod.yml
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/.nodeset.yml b/modules/services/unix/http/apache_kali_compatible/apache/.nodeset.yml
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/.nodeset.yml
rename to modules/services/unix/http/apache_kali_compatible/apache/.nodeset.yml
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/.rubocop_todo.yml b/modules/services/unix/http/apache_kali_compatible/apache/.rubocop_todo.yml
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/.rubocop_todo.yml
rename to modules/services/unix/http/apache_kali_compatible/apache/.rubocop_todo.yml
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/CHANGELOG.md b/modules/services/unix/http/apache_kali_compatible/apache/CHANGELOG.md
new file mode 100644
index 000000000..7ee7a7855
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/CHANGELOG.md
@@ -0,0 +1,1482 @@
+# Change log
+
+All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
+
+## [v7.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v7.0.0) (2021-10-11)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.5.1...v7.0.0)
+
+### Changed
+
+- Drop Debian \< 8 and Ubuntu \< 14.04 code [\#2189](https://github.com/puppetlabs/puppetlabs-apache/pull/2189) ([ekohl](https://github.com/ekohl))
+- Drop support and compatibility for Debian \< 9 and Ubuntu \< 16.04 [\#2123](https://github.com/puppetlabs/puppetlabs-apache/pull/2123) ([ekohl](https://github.com/ekohl))
+
+### Added
+
+- pdksync - \(IAC-1751\) - Add Support for Rocky 8 [\#2196](https://github.com/puppetlabs/puppetlabs-apache/pull/2196) ([david22swan](https://github.com/david22swan))
+- Allow `docroot` with `mod_vhost_alias` `virtual_docroot` [\#2195](https://github.com/puppetlabs/puppetlabs-apache/pull/2195) ([yakatz](https://github.com/yakatz))
+
+### Fixed
+
+- Restore Ubuntu 14.04 support in suphp [\#2193](https://github.com/puppetlabs/puppetlabs-apache/pull/2193) ([ekohl](https://github.com/ekohl))
+- add double quote on scope parameter [\#2191](https://github.com/puppetlabs/puppetlabs-apache/pull/2191) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
+- Debian 11: fix typo in `versioncmp()` / set default php to 7.4 [\#2186](https://github.com/puppetlabs/puppetlabs-apache/pull/2186) ([bastelfreak](https://github.com/bastelfreak))
+
+## [v6.5.1](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.5.1) (2021-08-25)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.5.0...v6.5.1)
+
+### Fixed
+
+- \(maint\) Allow stdlib 8.0.0 [\#2184](https://github.com/puppetlabs/puppetlabs-apache/pull/2184) ([smortex](https://github.com/smortex))
+
+## [v6.5.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.5.0) (2021-08-24)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.4.0...v6.5.0)
+
+### Added
+
+- pdksync - \(IAC-1709\) - Add Support for Debian 11 [\#2180](https://github.com/puppetlabs/puppetlabs-apache/pull/2180) ([david22swan](https://github.com/david22swan))
+
+## [v6.4.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.4.0) (2021-08-02)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.3.1...v6.4.0)
+
+### Added
+
+- \(MODULES-11075\) Improve future version handling for RHEL [\#2174](https://github.com/puppetlabs/puppetlabs-apache/pull/2174) ([mwhahaha](https://github.com/mwhahaha))
+- Allow custom userdir directives [\#2164](https://github.com/puppetlabs/puppetlabs-apache/pull/2164) ([hunner](https://github.com/hunner))
+- Add feature to reload apache service when content of ssl files has changed [\#2157](https://github.com/puppetlabs/puppetlabs-apache/pull/2157) ([timdeluxe](https://github.com/timdeluxe))
+
+## [v6.3.1](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.3.1) (2021-07-22)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.3.0...v6.3.1)
+
+### Fixed
+
+- \(MODULES-10899\) Load php module with the right libphp file [\#2166](https://github.com/puppetlabs/puppetlabs-apache/pull/2166) ([sheenaajay](https://github.com/sheenaajay))
+- \(maint\) Fix puppet-strings docs on apache::vhost [\#2165](https://github.com/puppetlabs/puppetlabs-apache/pull/2165) ([ekohl](https://github.com/ekohl))
+
+## [v6.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.3.0) (2021-06-22)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/kps_ssl_reload_and_cache_disk_combined_tag...v6.3.0)
+
+### Added
+
+- The default disk\_cache.conf.erb caches everything.  [\#2142](https://github.com/puppetlabs/puppetlabs-apache/pull/2142) ([Pawa2NR](https://github.com/Pawa2NR))
+
+### Fixed
+
+- Update the default version of Apache for Amazon Linux 2 [\#2158](https://github.com/puppetlabs/puppetlabs-apache/pull/2158) ([turnopil](https://github.com/turnopil))
+- Only warn about servername logging if relevant [\#2154](https://github.com/puppetlabs/puppetlabs-apache/pull/2154) ([ekohl](https://github.com/ekohl))
+
+## [kps_ssl_reload_and_cache_disk_combined_tag](https://github.com/puppetlabs/puppetlabs-apache/tree/kps_ssl_reload_and_cache_disk_combined_tag) (2021-06-14)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.2.0...kps_ssl_reload_and_cache_disk_combined_tag)
+
+## [v6.2.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.2.0) (2021-05-24)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.1.0...v6.2.0)
+
+### Added
+
+- \(MODULES-11068\) Allow apache::vhost ssl\_honorcipherorder to take boolean parameter [\#2152](https://github.com/puppetlabs/puppetlabs-apache/pull/2152) ([davidc](https://github.com/davidc))
+
+## [v6.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.1.0) (2021-05-17)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.0.1...v6.1.0)
+
+### Added
+
+- support for uri for severname with use\_servername\_for\_filenames [\#2150](https://github.com/puppetlabs/puppetlabs-apache/pull/2150) ([Zarne](https://github.com/Zarne))
+- \(MODULES-11061\) mod\_security custom rule functionality [\#2145](https://github.com/puppetlabs/puppetlabs-apache/pull/2145) ([k2patel](https://github.com/k2patel))
+
+## [v6.0.1](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.0.1) (2021-05-10)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.0.0...v6.0.1)
+
+### Fixed
+
+- Fix HEADER\* and README\* wildcards in IndexIgnore [\#2138](https://github.com/puppetlabs/puppetlabs-apache/pull/2138) ([keto](https://github.com/keto))
+- Fix dav\_svn for Debian 10 [\#2135](https://github.com/puppetlabs/puppetlabs-apache/pull/2135) ([martijndegouw](https://github.com/martijndegouw))
+
+## [v6.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.0.0) (2021-03-02)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.10.0...v6.0.0)
+
+### Changed
+
+- pdksync - \(MAINT\) Remove SLES 11 support [\#2132](https://github.com/puppetlabs/puppetlabs-apache/pull/2132) ([sanfrancrisko](https://github.com/sanfrancrisko))
+- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 [\#2125](https://github.com/puppetlabs/puppetlabs-apache/pull/2125) ([carabasdaniel](https://github.com/carabasdaniel))
+
+## [v5.10.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.10.0) (2021-02-17)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.9.0...v5.10.0)
+
+### Added
+
+- \(IAC-1186\) Add $use\_port\_for\_filenames parameter [\#2122](https://github.com/puppetlabs/puppetlabs-apache/pull/2122) ([smortex](https://github.com/smortex))
+
+### Fixed
+
+- \(MODULES-10899\) Handle PHP8 MOD package naming convention changes [\#2121](https://github.com/puppetlabs/puppetlabs-apache/pull/2121) ([sanfrancrisko](https://github.com/sanfrancrisko))
+
+## [v5.9.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.9.0) (2021-01-25)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.8.0...v5.9.0)
+
+### Added
+
+- Add ssl\_user\_name vhost parameter [\#2093](https://github.com/puppetlabs/puppetlabs-apache/pull/2093) ([bodgit](https://github.com/bodgit))
+- Add support for mod\_md [\#2090](https://github.com/puppetlabs/puppetlabs-apache/pull/2090) ([smortex](https://github.com/smortex))
+
+### Fixed
+
+- \(FIX\) Correct PHP packages on Ubuntu 16.04 [\#2111](https://github.com/puppetlabs/puppetlabs-apache/pull/2111) ([ekohl](https://github.com/ekohl))
+
+## [v5.8.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.8.0) (2020-12-07)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.7.0...v5.8.0)
+
+### Added
+
+- \(MODULES-10887\) Set `use_servername_for_filenames` for defaults [\#2103](https://github.com/puppetlabs/puppetlabs-apache/pull/2103) ([towo](https://github.com/towo))
+- pdksync - \(feat\) Add support for Puppet 7 [\#2101](https://github.com/puppetlabs/puppetlabs-apache/pull/2101) ([daianamezdrea](https://github.com/daianamezdrea))
+- \(feat\) Add support for apreq2 MOD on Debian 9, 10 [\#2085](https://github.com/puppetlabs/puppetlabs-apache/pull/2085) ([TigerKriika](https://github.com/TigerKriika))
+
+### Fixed
+
+- \(fix\) Convert unnecessary multi line warnings to single lines [\#2104](https://github.com/puppetlabs/puppetlabs-apache/pull/2104) ([rj667](https://github.com/rj667))
+- Fix bool2httpd function call for older ruby versions [\#2102](https://github.com/puppetlabs/puppetlabs-apache/pull/2102) ([carabasdaniel](https://github.com/carabasdaniel))
+- Use Ruby 2.7 compatible string matching [\#2060](https://github.com/puppetlabs/puppetlabs-apache/pull/2060) ([ekohl](https://github.com/ekohl))
+
+## [v5.7.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.7.0) (2020-11-24)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.6.0...v5.7.0)
+
+### Added
+
+- Add cas\_cookie\_path in vhosts [\#2089](https://github.com/puppetlabs/puppetlabs-apache/pull/2089) ([yakatz](https://github.com/yakatz))
+- \(IAC-1186\) Add new $use\_servername\_for\_filenames parameter [\#2086](https://github.com/puppetlabs/puppetlabs-apache/pull/2086) ([sanfrancrisko](https://github.com/sanfrancrisko))
+- Allow relative paths in oidc\_redirect\_uri [\#2082](https://github.com/puppetlabs/puppetlabs-apache/pull/2082) ([sanfrancrisko](https://github.com/sanfrancrisko))
+- Improve SSLVerify options [\#2081](https://github.com/puppetlabs/puppetlabs-apache/pull/2081) ([bovy89](https://github.com/bovy89))
+- Change icon path [\#2079](https://github.com/puppetlabs/puppetlabs-apache/pull/2079) ([yakatz](https://github.com/yakatz))
+- Support mod\_auth\_gssapi parameters [\#2078](https://github.com/puppetlabs/puppetlabs-apache/pull/2078) ([traylenator](https://github.com/traylenator))
+- Add ssl\_proxy\_machine\_cert\_chain param to vhost class [\#2072](https://github.com/puppetlabs/puppetlabs-apache/pull/2072) ([AbelNavarro](https://github.com/AbelNavarro))
+
+### Fixed
+
+- Use Ruby 2.7 compatible string matching [\#2074](https://github.com/puppetlabs/puppetlabs-apache/pull/2074) ([sanfrancrisko](https://github.com/sanfrancrisko))
+
+## [v5.6.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.6.0) (2020-10-01)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.5.0...v5.6.0)
+
+### Added
+
+- Configure default shared lib path for mod\_wsgi on RHEL8 [\#2063](https://github.com/puppetlabs/puppetlabs-apache/pull/2063) ([nbarrientos](https://github.com/nbarrientos))
+- Various enhancements to apache::mod::passenger [\#2058](https://github.com/puppetlabs/puppetlabs-apache/pull/2058) ([smortex](https://github.com/smortex))
+
+### Fixed
+
+- make apache::mod::fcgid redhat 8 compatible [\#2071](https://github.com/puppetlabs/puppetlabs-apache/pull/2071) ([creativefre](https://github.com/creativefre))
+- pdksync - \(feat\) - Removal of inappropriate terminology [\#2062](https://github.com/puppetlabs/puppetlabs-apache/pull/2062) ([pmcmaw](https://github.com/pmcmaw))
+- Use python3-mod\_wsgi instead of mod\_wsgi on CentOS8 [\#2052](https://github.com/puppetlabs/puppetlabs-apache/pull/2052) ([kajinamit](https://github.com/kajinamit))
+
+## [v5.5.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.5.0) (2020-07-03)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.4.0...v5.5.0)
+
+### Added
+
+- Allow IPv6 CIDRs for proxy\_protocol\_exceptions in mod remoteip [\#2033](https://github.com/puppetlabs/puppetlabs-apache/pull/2033) ([thechristschn](https://github.com/thechristschn))
+- \(IAC-746\) - Add ubuntu 20.04 support [\#2032](https://github.com/puppetlabs/puppetlabs-apache/pull/2032) ([david22swan](https://github.com/david22swan))
+- Replace legacy `bool2httpd()` function with shim [\#2025](https://github.com/puppetlabs/puppetlabs-apache/pull/2025) ([alexjfisher](https://github.com/alexjfisher))
+- Tidy up `pw_hash` function [\#2024](https://github.com/puppetlabs/puppetlabs-apache/pull/2024) ([alexjfisher](https://github.com/alexjfisher))
+- Replace validate\_apache\_loglevel\(\) with data type [\#2023](https://github.com/puppetlabs/puppetlabs-apache/pull/2023) ([alexjfisher](https://github.com/alexjfisher))
+- Add ProxyIOBufferSize option [\#2014](https://github.com/puppetlabs/puppetlabs-apache/pull/2014) ([jplindquist](https://github.com/jplindquist))
+- Add support for SetInputFilter directive [\#2007](https://github.com/puppetlabs/puppetlabs-apache/pull/2007) ([HoucemEddine](https://github.com/HoucemEddine))
+- \[MODULES-10530\] Add request limiting directives on virtual host level [\#1996](https://github.com/puppetlabs/puppetlabs-apache/pull/1996) ([aursu](https://github.com/aursu))
+- \[MODULES-10528\] Add ErrorLogFormat directive on virtual host level [\#1995](https://github.com/puppetlabs/puppetlabs-apache/pull/1995) ([aursu](https://github.com/aursu))
+- Add template variables and parameters for ModSecurity Audit Logs [\#1988](https://github.com/puppetlabs/puppetlabs-apache/pull/1988) ([jplindquist](https://github.com/jplindquist))
+- \(MODULES-10432\) Add mod\_auth\_openidc support [\#1987](https://github.com/puppetlabs/puppetlabs-apache/pull/1987) ([asieraguado](https://github.com/asieraguado))
+
+### Fixed
+
+- \(MODULES-10712\) Fix mod\_ldap on RH/CentOS 5 and 6 [\#2041](https://github.com/puppetlabs/puppetlabs-apache/pull/2041) ([h-haaks](https://github.com/h-haaks))
+- Update mod\_dir, alias\_icons\_path, error\_documents\_path for CentOS 8 [\#2038](https://github.com/puppetlabs/puppetlabs-apache/pull/2038) ([initrd](https://github.com/initrd))
+- Ensure switching of thread module works on Debian 10 / Ubuntu 20.04 [\#2034](https://github.com/puppetlabs/puppetlabs-apache/pull/2034) ([tuxmea](https://github.com/tuxmea))
+- MODULES-10586 Centos 8: wrong package used to install mod\_authnz\_ldap [\#2021](https://github.com/puppetlabs/puppetlabs-apache/pull/2021) ([farebers](https://github.com/farebers))
+- Re-add package for fcgid on debian/ubuntu machines [\#2006](https://github.com/puppetlabs/puppetlabs-apache/pull/2006) ([vStone](https://github.com/vStone))
+- Use ldap\_trusted\_mode in conditional [\#1999](https://github.com/puppetlabs/puppetlabs-apache/pull/1999) ([dacron](https://github.com/dacron))
+- Typo in oidcsettings.pp [\#1997](https://github.com/puppetlabs/puppetlabs-apache/pull/1997) ([asieraguado](https://github.com/asieraguado))
+- Fix proxy\_html Module to work on Debian 10 [\#1994](https://github.com/puppetlabs/puppetlabs-apache/pull/1994) ([buchstabensalat](https://github.com/buchstabensalat))
+- \(MODULES-10360\) Fix icon paths for RedHat systems [\#1991](https://github.com/puppetlabs/puppetlabs-apache/pull/1991) ([2and3makes23](https://github.com/2and3makes23))
+- SSLProxyEngine on has to be set before any Proxydirective using it [\#1989](https://github.com/puppetlabs/puppetlabs-apache/pull/1989) ([zivis](https://github.com/zivis))
+
+## [v5.4.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.4.0) (2020-01-22)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.3.0...v5.4.0)
+
+### Added
+
+- Add an apache::vhost::fragment define [\#1980](https://github.com/puppetlabs/puppetlabs-apache/pull/1980) ([ekohl](https://github.com/ekohl))
+
+### Fixed
+
+- \(MODULES-10391\) ssl\_protocol includes SSLv2 and SSLv3 on all platforms [\#1990](https://github.com/puppetlabs/puppetlabs-apache/pull/1990) ([legooolas](https://github.com/legooolas))
+
+## [v5.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.3.0) (2019-12-11)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.2.0...v5.3.0)
+
+### Added
+
+- \(FM-8672\) - Addition of Support for CentOS 8 [\#1977](https://github.com/puppetlabs/puppetlabs-apache/pull/1977) ([david22swan](https://github.com/david22swan))
+- \(MODULES-9948\) Allow switching of thread modules [\#1961](https://github.com/puppetlabs/puppetlabs-apache/pull/1961) ([tuxmea](https://github.com/tuxmea))
+
+### Fixed
+
+- Fix newline being added before proxy params [\#1984](https://github.com/puppetlabs/puppetlabs-apache/pull/1984) ([oxc](https://github.com/oxc))
+- When using mod jk, we expect the libapache2-mod-jk package to be installed [\#1979](https://github.com/puppetlabs/puppetlabs-apache/pull/1979) ([tuxmea](https://github.com/tuxmea))
+- move unless into manage\_security\_corerules [\#1976](https://github.com/puppetlabs/puppetlabs-apache/pull/1976) ([SimonHoenscheid](https://github.com/SimonHoenscheid))
+- Change mod\_proxy's ProxyTimeout to follow Apache's global timeout [\#1975](https://github.com/puppetlabs/puppetlabs-apache/pull/1975) ([gcoxmoz](https://github.com/gcoxmoz))
+- \(FM-8721\) fix php version and ssl error on redhat8 [\#1973](https://github.com/puppetlabs/puppetlabs-apache/pull/1973) ([sheenaajay](https://github.com/sheenaajay))
+
+## [v5.2.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.2.0) (2019-11-01)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.1.0...v5.2.0)
+
+### Added
+
+- Add parameter version for mod security [\#1953](https://github.com/puppetlabs/puppetlabs-apache/pull/1953) ([tuxmea](https://github.com/tuxmea))
+- add possibility to define variables inside VirtualHost definition [\#1947](https://github.com/puppetlabs/puppetlabs-apache/pull/1947) ([trefzer](https://github.com/trefzer))
+
+### Fixed
+
+- \(FM-8662\) Correction in manifests/mod/ssl.pp for SLES 11 [\#1963](https://github.com/puppetlabs/puppetlabs-apache/pull/1963) ([sanfrancrisko](https://github.com/sanfrancrisko))
+- always quote ExpiresDefault in vhost::directories [\#1958](https://github.com/puppetlabs/puppetlabs-apache/pull/1958) ([evgeni](https://github.com/evgeni))
+- MODULES-9904 Fix lbmethod module load order [\#1956](https://github.com/puppetlabs/puppetlabs-apache/pull/1956) ([optiz0r](https://github.com/optiz0r))
+- Add owner, group, file\_mode and show\_diff to apache::custom\_config [\#1942](https://github.com/puppetlabs/puppetlabs-apache/pull/1942) ([treydock](https://github.com/treydock))
+- Add shibboleth support for Debian 10 [\#1939](https://github.com/puppetlabs/puppetlabs-apache/pull/1939) ([fabbks](https://github.com/fabbks))
+
+## [v5.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.1.0) (2019-09-13)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.0.0...v5.1.0)
+
+### Added
+
+- \(FM-8393\) add support on Debian 10 [\#1945](https://github.com/puppetlabs/puppetlabs-apache/pull/1945) ([ThoughtCrhyme](https://github.com/ThoughtCrhyme))
+- FM-8140 Add Redhat 8 support [\#1941](https://github.com/puppetlabs/puppetlabs-apache/pull/1941) ([sheenaajay](https://github.com/sheenaajay))
+- \(FM-8214\) converted to use litmus [\#1938](https://github.com/puppetlabs/puppetlabs-apache/pull/1938) ([tphoney](https://github.com/tphoney))
+- \(MODULES-9668 \) Please make ProxyRequests setting in vhost.pp configurable [\#1935](https://github.com/puppetlabs/puppetlabs-apache/pull/1935) ([aukesj](https://github.com/aukesj))
+- Added unmanaged\_path and custom\_fragment options to userdir [\#1931](https://github.com/puppetlabs/puppetlabs-apache/pull/1931) ([GeorgeCox](https://github.com/GeorgeCox))
+- Add LDAP parameters to httpd.conf [\#1930](https://github.com/puppetlabs/puppetlabs-apache/pull/1930) ([daveseff](https://github.com/daveseff))
+- Add LDAPReferrals configuration parameter [\#1928](https://github.com/puppetlabs/puppetlabs-apache/pull/1928) ([HT43-bqxFqB](https://github.com/HT43-bqxFqB))
+
+### Fixed
+
+- \(MODULES-9104\) Add file\_mode to config files. [\#1922](https://github.com/puppetlabs/puppetlabs-apache/pull/1922) ([stevegarn](https://github.com/stevegarn))
+- \(bugfix\) Add default package name for mod\_ldap [\#1913](https://github.com/puppetlabs/puppetlabs-apache/pull/1913) ([turnopil](https://github.com/turnopil))
+- Remove event mpm when using prefork, worker or itk [\#1905](https://github.com/puppetlabs/puppetlabs-apache/pull/1905) ([tuxmea](https://github.com/tuxmea))
+
+## [v5.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.0.0) (2019-05-20)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/4.1.0...v5.0.0)
+
+### Changed
+
+- pdksync - \(MODULES-8444\) - Raise lower Puppet bound [\#1908](https://github.com/puppetlabs/puppetlabs-apache/pull/1908) ([david22swan](https://github.com/david22swan))
+
+### Added
+
+- \(FM-7923\) Implement Puppet Strings [\#1916](https://github.com/puppetlabs/puppetlabs-apache/pull/1916) ([eimlav](https://github.com/eimlav))
+- Define SCL package name for mod\_ldap [\#1893](https://github.com/puppetlabs/puppetlabs-apache/pull/1893) ([treydock](https://github.com/treydock))
+
+### Fixed
+
+- \(MODULES-9014\) Improve SSLSessionTickets handling [\#1923](https://github.com/puppetlabs/puppetlabs-apache/pull/1923) ([FredericLespez](https://github.com/FredericLespez))
+- \(MODULES-8931\) Fix stahnma/epel failures [\#1914](https://github.com/puppetlabs/puppetlabs-apache/pull/1914) ([eimlav](https://github.com/eimlav))
+- Fix wsgi\_daemon\_process to support hash data type [\#1884](https://github.com/puppetlabs/puppetlabs-apache/pull/1884) ([mdechiaro](https://github.com/mdechiaro))
+
+## [4.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/4.1.0) (2019-04-05)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/4.0.0...4.1.0)
+
+### Added
+
+- \(MODULES-7196\) Allow setting CASRootProxiedAs per virtualhost \(replaces \#1857\) [\#1900](https://github.com/puppetlabs/puppetlabs-apache/pull/1900) ([Lavinia-Dan](https://github.com/Lavinia-Dan))
+- \(feat\) - Amazon Linux 2 compatibility added [\#1898](https://github.com/puppetlabs/puppetlabs-apache/pull/1898) ([david22swan](https://github.com/david22swan))
+- \(MODULES-8731\) Allow CIDRs for proxy\_ips/internal\_proxy in remoteip [\#1891](https://github.com/puppetlabs/puppetlabs-apache/pull/1891) ([JAORMX](https://github.com/JAORMX))
+- Manage all mod\_remoteip parameters supported by Apache [\#1882](https://github.com/puppetlabs/puppetlabs-apache/pull/1882) ([johanfleury](https://github.com/johanfleury))
+- MODULES-8541 : Allow HostnameLookups to be modified [\#1881](https://github.com/puppetlabs/puppetlabs-apache/pull/1881) ([k2patel](https://github.com/k2patel))
+- Add support for mod\_http2 [\#1867](https://github.com/puppetlabs/puppetlabs-apache/pull/1867) ([smortex](https://github.com/smortex))
+- Added code to paramertize the libphp prefix [\#1852](https://github.com/puppetlabs/puppetlabs-apache/pull/1852) ([grahamuk2018](https://github.com/grahamuk2018))
+- Added WSGI Options WSGIApplicationGroup and WSGIPythonOptimize [\#1847](https://github.com/puppetlabs/puppetlabs-apache/pull/1847) ([emetriqLikedeeler](https://github.com/emetriqLikedeeler))
+
+### Fixed
+
+- \(bugfix\) set kernel for facter version test [\#1895](https://github.com/puppetlabs/puppetlabs-apache/pull/1895) ([tphoney](https://github.com/tphoney))
+- \(MODULES-5990\) - Managing conf\_enabled [\#1875](https://github.com/puppetlabs/puppetlabs-apache/pull/1875) ([david22swan](https://github.com/david22swan))
+
+## [4.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/4.0.0) (2019-01-10)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.5.0...4.0.0)
+
+### Changed
+
+- default server\_tokens to prod - more secure default [\#1746](https://github.com/puppetlabs/puppetlabs-apache/pull/1746) ([juju4](https://github.com/juju4))
+
+### Added
+
+- \(Modules 8141/Modules 8379\) - Addition of support for SLES 15 [\#1862](https://github.com/puppetlabs/puppetlabs-apache/pull/1862) ([david22swan](https://github.com/david22swan))
+- SCL support for httpd and php7.1 [\#1822](https://github.com/puppetlabs/puppetlabs-apache/pull/1822) ([mmoll](https://github.com/mmoll))
+
+### Fixed
+
+- \(MODULES-5990\) - conf-enabled defaulted to undef [\#1869](https://github.com/puppetlabs/puppetlabs-apache/pull/1869) ([david22swan](https://github.com/david22swan))
+- pdksync - \(FM-7655\) Fix rubygems-update for ruby \< 2.3 [\#1866](https://github.com/puppetlabs/puppetlabs-apache/pull/1866) ([tphoney](https://github.com/tphoney))
+
+## [3.5.0](https://github.com/puppetlabs/puppetlabs-apache/tree/3.5.0) (2018-12-17)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.4.0...3.5.0)
+
+### Added
+
+- \(MODULES-5990\) Addition of 'IncludeOptional conf-enabled/\*.conf' to apache2.conf' on Debian Family OS [\#1851](https://github.com/puppetlabs/puppetlabs-apache/pull/1851) ([david22swan](https://github.com/david22swan))
+- \(MODULES-8107\) - Support added for Ubuntu 18.04. [\#1850](https://github.com/puppetlabs/puppetlabs-apache/pull/1850) ([david22swan](https://github.com/david22swan))
+- \(MODULES-8108\) - Support added for Debian 9 [\#1849](https://github.com/puppetlabs/puppetlabs-apache/pull/1849) ([david22swan](https://github.com/david22swan))
+- Add option to add comments to the header of a vhost file [\#1841](https://github.com/puppetlabs/puppetlabs-apache/pull/1841) ([jovandeginste](https://github.com/jovandeginste))
+
+### Fixed
+
+- \(FM-7605\) - Disabling conf\_enabled on Ubuntu 18.04  by default as it conflicts with Shibboleth causing errors with apache2. [\#1856](https://github.com/puppetlabs/puppetlabs-apache/pull/1856) ([david22swan](https://github.com/david22swan))
+- \(MODULES-8429\) Update GPG key for phusion passenger [\#1848](https://github.com/puppetlabs/puppetlabs-apache/pull/1848) ([abottchen](https://github.com/abottchen))
+- Fix default vhost priority in readme [\#1843](https://github.com/puppetlabs/puppetlabs-apache/pull/1843) ([HT43-bqxFqB](https://github.com/HT43-bqxFqB))
+- fix apache::mod::jk example typo and add link for more info [\#1812](https://github.com/puppetlabs/puppetlabs-apache/pull/1812) ([xorpaul](https://github.com/xorpaul))
+- MODULES-7379: Fixing syntax by adding newline [\#1803](https://github.com/puppetlabs/puppetlabs-apache/pull/1803) ([wimvr](https://github.com/wimvr))
+- ensure mpm\_event is disabled under debian 9 if mpm itk is used [\#1766](https://github.com/puppetlabs/puppetlabs-apache/pull/1766) ([zivis](https://github.com/zivis))
+
+## [3.4.0](https://github.com/puppetlabs/puppetlabs-apache/tree/3.4.0) (2018-09-27)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.3.0...3.4.0)
+
+### Added
+
+- pdksync - \(FM-7392\) - Puppet 6 Testing Changes [\#1838](https://github.com/puppetlabs/puppetlabs-apache/pull/1838) ([pmcmaw](https://github.com/pmcmaw))
+- pdksync - \(MODULES-6805\) metadata.json shows support for puppet 6 [\#1836](https://github.com/puppetlabs/puppetlabs-apache/pull/1836) ([tphoney](https://github.com/tphoney))
+
+### Fixed
+
+- Fix "audit\_log\_relevant\_status" typo in README.md [\#1830](https://github.com/puppetlabs/puppetlabs-apache/pull/1830) ([smokris](https://github.com/smokris))
+
+## [3.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/3.3.0) (2018-09-11)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.2.0...3.3.0)
+
+### Added
+
+- pdksync - \(MODULES-7705\) - Bumping stdlib dependency from \< 5.0.0 to \< 6.0.0 [\#1821](https://github.com/puppetlabs/puppetlabs-apache/pull/1821) ([pmcmaw](https://github.com/pmcmaw))
+- Add support for ProxyTimeout [\#1805](https://github.com/puppetlabs/puppetlabs-apache/pull/1805) ([agoodno](https://github.com/agoodno))
+- \(MODULES-7343\) - Allow overrides by adding mod\_libs in apache class [\#1800](https://github.com/puppetlabs/puppetlabs-apache/pull/1800) ([karelyatin](https://github.com/karelyatin))
+- Rework passenger VHost and Directories [\#1778](https://github.com/puppetlabs/puppetlabs-apache/pull/1778) ([smortex](https://github.com/smortex))
+
+### Fixed
+
+- MODULES-7575 reverse sort the aliases [\#1808](https://github.com/puppetlabs/puppetlabs-apache/pull/1808) ([k2patel](https://github.com/k2patel))
+- fixes for OpenSUSE ans SLES [\#1783](https://github.com/puppetlabs/puppetlabs-apache/pull/1783) ([tuxmea](https://github.com/tuxmea))
+
+## 3.2.0
+### Summary
+This is a clean release to prepare for several planned backwards incompatible changes.
+
+#### Changed
+- Parameter `passenger_pre_start` has been moved outside of `<VirtualHost>`.
+- Apache version fact has been enabled on FreeBSD.
+- Parameter `ssl_proxyengine` has had it's default changed to false.
+
+#### Added
+- Parameter `passenger_group` can now be set in `apache::vhost`.
+- Multiple `passenger_pre_start` URIs can now be set at once.
+- Manifest `mod::auth_gssapi` has been added to allow the deployment of authorisation with kerberos, through GSSAPI.
+
+#### Removed
+- Scientific 5 and Debian 7 are no longer supported on Apache.
+
+## Supported Release [3.1.0]
+### Summary
+This release includes the module being converted using version 1.4.1 of the PDK. It also includes a couple of additional parameters added.
+
+#### Added
+- Module has been pdk converted with version 1.4.1 ([MODULES-6331](https://tickets.puppet.com/browse/MODULES-6331))
+- Parameter `ssl_cert` to provide a SSLCertificateFile option for use with SSL, optional of type String.
+- Parameter `ssl_key` to provide a SSLCertificateKey option for use with SSL, optional of type String.
+
+#### Fixed
+- Documentation updates.
+- Updates to the Japanese translation based on documentation update.
+
+## Supported Release [3.0.0]
+### Summary
+This major release changes the default value of `keepalive` to `On`. It also includes many other features and bugfixes.
+
+#### Changed
+- Default `apache::keepalive` from `Off` to `On`.
+
+#### Added
+- Class `apache::mod::data`
+- Function `apache::apache_pw_hash` function (puppet 4 port of `apache_pw_hash()`)
+- Function `apache::bool2httpd` function (puppet 4 port of `bool2httpd()`)
+- Function `apache::validate_apache_log_level` function (puppet 4 port of `validate_apache_log_level()`)
+- Parameter `apache::balancer::options` for additional directives.
+- Parameter `apache::limitreqfields` setting the LimitRequestFields directive to 100.
+- Parameter `apache::use_canonical_name` to control how httpd uses self-referential URLs.
+- Parameter `apache::mod::disk_cache::cache_ignore_headers` to ignore cache headers.
+- Parameter `apache::mod::itk::enablecapabilities` to manage ITK capabilities.
+- Parameter `apache::mod::ldap::ldap_trusted_mode` to manage trusted mode.
+- Parameters for `apache::mod::passenger`:
+  - `passenger_allow_encoded_slashes`
+  - `passenger_app_group_name`
+  - `passenger_app_root`
+  - `passenger_app_type`
+  - `passenger_base_uri`
+  - `passenger_buffer_response`
+  - `passenger_buffer_upload`
+  - `passenger_concurrency_model`
+  - `passenger_debug_log_file`
+  - `passenger_debugger`
+  - `passenger_default_group`
+  - `passenger_default_user`
+  - `passenger_disable_security_update_check`
+  - `passenger_enabled`
+  - `passenger_error_override`
+  - `passenger_file_descriptor_log_file`
+  - `passenger_fly_with`
+  - `passenger_force_max_concurrent_requests_per_process`
+  - `passenger_friendly_error_pages`
+  - `passenger_group`
+  - `passenger_installed_version`
+  - `passenger_instance_registry_dir`
+  - `passenger_load_shell_envvars`
+  - `passenger_lve_min_uid`
+  - `passenger_max_instances`
+  - `passenger_max_preloader_idle_time`
+  - `passenger_max_request_time`
+  - `passenger_memory_limit`
+  - `passenger_meteor_app_settings`
+  - `passenger_nodejs`
+  - `passenger_pre_start`
+  - `passenger_python`
+  - `passenger_resist_deployment_errors`
+  - `passenger_resolve_symlinks_in_document_root`
+  - `passenger_response_buffer_high_watermark`
+  - `passenger_restart_dir`
+  - `passenger_rolling_restarts`
+  - `passenger_security_update_check_proxy`
+  - `passenger_show_version_in_header`
+  - `passenger_socket_backlog`
+  - `passenger_start_timeout`
+  - `passenger_startup_file`
+  - `passenger_sticky_sessions`
+  - `passenger_sticky_sessions_cookie_name`
+  - `passenger_thread_count`
+  - `passenger_user`
+  - `passenger_user_switching`
+  - `rack_auto_detect`
+  - `rack_base_uri`
+  - `rack_env`
+  - `rails_allow_mod_rewrite`
+  - `rails_app_spawner_idle_time`
+  - `rails_auto_detect`
+  - `rails_base_uri`
+  - `rails_default_user`
+  - `rails_env`
+  - `rails_framework_spawner_idle_time`
+  - `rails_ruby`
+  - `rails_spawn_method`
+  - `rails_user_switching`
+  - `wsgi_auto_detect`
+- Parameter `apache::mod::prefork::listenbacklog` to set the listen backlog to 511.
+- Parameter `apache::mod::python::loadfile_name` to workaround python.load filename conflicts.
+- Parameter `apache::mod::ssl::ssl_cert` to manage the client auth cert.
+- Parameter `apache::mod::ssl::ssl_key` to manage the client auth key.
+- Parameter `apache::mod::status::requires` as an alternative to `apache::mod::status::allow_from`
+- Parameter `apache::vhost::ssl_proxy_cipher_suite` to manage that directive.
+- Parameter `apache::vhost::shib_compat_valid_user` to manage that directive.
+- Parameter `apache::vhost::use_canonical_name` to manage that directive.
+- Parameter value `mellon_session_length` for `apache::vhost::directories`
+
+### Fixed
+- `apache_version` is confined to just Linux to avoid erroring on AIX.
+- Parameter `apache::mod::jk::workers_file_content` docs typo of "mantain" instead of maintain.
+- Deduplicate `apache::mod::ldap` managing `File['ldap.conf']` to avoid resource conflicts.
+- ITK package name on Debian 9
+- Dav_svn package for SLES
+- Log client IP instead of loadbalancer IP when behind a loadbalancer.
+- `apache::mod::remoteip` now notifies the `Class['apache::service']` class instead of `Service['httpd']` to avoid restarting the service when `apache::service_manage` is false.
+- `apache::vhost::cas_scrub_request_headers` actually manages the directive.
+
+## Supported Release [2.3.1]
+### Summary
+This release fixes CVE-2018-6508 which is a potential arbitrary code execution via tasks.
+
+### Fixed
+- Fix init task for arbitrary remote code
+
+## Supported Release [2.3.0]
+### Summary
+This is a feature release. It includes a task that will reload the apache service.
+
+#### Added
+- Add a task that allows the reloading of the Apache service.
+
+## Supported Release [2.2.0]
+### Summary
+This is a maintainence and feature release. It will include updates to translations in Japanese, some maintainence and adding `PassengerSpawnMethod` to vhost.
+
+#### Added
+- `PassengerSpawnMethod` added to `vhost`.
+
+#### Changed
+- Improve version match fact for `apache_version`
+- Update to prefork.conf params for Apache 2.4
+- Updates to `CONTRIBUTING.md`
+- Do not install mod_fastcgi on el7
+- Include mod_wsgi when using wsgi options
+
+## Supported Release [2.1.0]
+### Summary
+This is a feature release including a security patch (CVE-2017-2299)
+
+#### Added
+- `apache::mod::jk` class for managing the mod_jk connector
+- `apache_pw_hash` function
+- the ProxyPass directive in location contexts
+- more Puppet 4 type validation
+- `apache::mod::macro` class for managing mod_macro
+
+#### Changed
+- $ssl_certs_dir default to `undef` for all platorms
+- $ssl_verify_client must now be set to use any of the following: `$ssl_certs_dir`, `$ssl_ca`, `$ssl_crl_path`, `$ssl_crl`, `$ssl_verify_depth`, `$ssl_crl_check`
+
+#### Fixed
+- issue where mod_alias was not being loaded when RedirectMatch* directives were being used ([MODULES-3942](https://tickets.puppet.com/browse/MODULES-3942))
+- issue with `$directories` parameter in `apache::vhost`
+- issue in UserDir template where the UserDir path did not match the Directory path
+- **Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory**
+
+#### Removed
+- support for EOL platforms: Ubuntu 10.04, 12.04 and Debian 6 (Squeeze)
+
+## Supported Release [2.0.0]
+### Summary
+Major release **removing Puppet 3 support** and other backwards-incompatible changes.
+
+#### Added
+- support for FileETag directive configurable with the `file_e_tag` parameter
+- ability to configure multiple ports per vhost
+- RequestHeader directive to vhost template ([MODULES-4156](https://tickets.puppet.com/browse/MODULES-4156))
+- customizability for AllowOverride directive in userdir.conf ([MODULES-4516](https://tickets.puppet.com/browse/MODULES-4516))
+- AdvertiseFrequency directive for cluster.conf ([MODULES-4500](https://tickets.puppet.com/browse/MODULES-4500))
+- `ssl_proxy_protocol` and `ssl_sessioncache` parameters for mod::ssl ([MODULES-4737](https://tickets.puppet.com/browse/MODULES-4737))
+- SSLCACertificateFile directive in ssl.conf configurable with `ssl_ca` parameter
+- mod::authnz_pam 
+- mod::intercept_form_submit 
+- mod::lookup_identity
+- Suse compatibility for mod::proxy_html
+- support for AddCharset directive configurable with `add_charset` parameter
+- support for SSLProxyVerifyDepth and SSLProxyCACertificateFile directives configurable with `ssl_proxy_verify_depth` and `ssl_proxy_ca_cert` respectively
+- `manage_security_crs` parameter for mod::security
+- support for LimitExcept directive configurable with `limit_except` parameter
+- support for WSGIRestrictEmbedded directive configurable with `wsgi_restrict_embedded` parameter
+- support for custom UserDir path ([MODULES-4933](https://tickets.puppet.com/browse/MODULES-4933))
+- support for PassengerMaxRequests directive configurable with `passenger_max_requests`
+- option to override module package names with `mod_packages` parameter ([MODULES-3838](https://tickets.puppet.com/browse/MODULES-3838))
+
+#### Removed
+- enclose_ipv6 as it was added to puppetlabs-stdlib
+- deprecated `$verifyServerCert` parameter from the `apache::mod::authnz_ldap` class ([MODULES-4445](https://tickets.puppet.com/browse/MODULES-4445))
+
+#### Changed
+- `keepalive` default to 'On' from 'Off'
+- Puppet version compatibility to ">= 4.7.0 < 6.0.0"
+- puppetlabs-stdlib dependency to ">= 4.12.0 < 5.0.0"
+- `ssl_cipher` to explicitly disable 3DES because of Sweet32
+
+#### Fixed
+- various issues in the vhost template
+- use of deprecated `include_src` parameter in vhost_spec
+- management of ssl.conf on RedHat systems
+- various SLES/Suse params
+- mod::cgi ordering for FreeBSD
+- issue where ProxyPreserveHost could not be set without other Proxy* directives
+- the module attempting to install proxy_html on Ubuntu Xenial and Debian Stretch
+
+## Supported Release [1.11.1]
+#### Summary
+This is a security patch release (CVE-2017-2299). These changes are also in version 2.1.0 and higher.
+
+#### Changed
+- $ssl_certs_dir default to `undef` for all platorms
+- $ssl_verify_client must now be set to use any of the following: `$ssl_certs_dir`, `$ssl_ca`, `$ssl_crl_path`, `$ssl_crl`, `$ssl_verify_depth`, `$ssl_crl_check`
+
+#### Fixed
+- **Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory** ([MODULES-5471](https://tickets.puppet.com/browse/MODULES-5471))
+
+## Supported Release [1.11.0]
+### Summary
+This release adds SLES12 Support and many more features and bugfixes.
+
+#### Features
+- (MODULES-4049) Adds SLES 12 Support
+- Adds additional directories options for LDAP Auth
+  - `auth_ldap_url`
+  - `auth_ldap_bind_dn`
+  - `auth_ldap_bind_password`
+  - `auth_ldap_group_attribute`
+  - `auth_ldap_group_attribute_is_dn`
+- Allows `mod_event` parameters to be unset
+- Allows management of default root directory access rights
+- Adds class `apache::vhosts` to create apache::vhost resources
+- Adds class `apache::mod::proxy_wstunnel`
+- Adds class `apache::mod::dumpio`
+- Adds class `apache::mod::socache_shmcb`
+- Adds class `apache::mod::authn_dbd`
+- Adds support for apache 2.4 on Amazon Linux
+- Support the newer `mod_auth_cas` config options
+- Adds `wsgi_script_aliases_match` parameter to `apache::vhost`
+- Allow to override all SecDefaultAction attributes
+- Add audit_log_relevant_status parameter to apache::mod::security
+- Allow absolute path to $apache::mod::security::activated_rules
+- Allow setting SecAuditLog
+- Adds `passenger_max_instances_per_app` to `mod::passenger`
+- Allow the proxy_via setting to be configured
+- Allow no_proxy_uris to be used within proxy_pass
+- Add rpaf.conf template parameter to `mod::rpaf`
+- Allow user to specify alternative package and library names for shibboleth module
+- Allows configuration of shibboleth lib path
+- Adds parameter `passenger_data_buffer_dir` to `mod::passenger`
+- Adds SSL stapling 
+- Allows use of `balance_manager` with `mod_proxy_balancer`
+- Raises lower bound of `stdlib` dependency to version 4.2
+- Adds support for Passenger repo on Amazon Linux
+- Add ability to set SSLStaplingReturnResponderErrors on server level 
+- (MODULES-4213) Allow global rewrite rules inheritance in vhosts
+- Moves `mod_env` to its own class and load it when required
+
+#### Bugfixes
+- Deny access to .ht and .hg, which are created by mercurial hg.
+- Instead of failing, include apache::mod::prefork in manifests/mod/itk.pp instead.
+- Only set SSLCompression when it is set to true.
+- Remove duplicate shib2 hash element
+- (MODULES-3388) Include mpm_module classes instead of class declaration
+- Updates `apache::balancer` to respect `apache::confd_dir`
+- Wrap mod_security directives in an IfModule
+- Fixes to various mods for Ubuntu Xenial
+- Fix /etc/modsecurity perms to match package
+- Fix PassengerRoot under Debian stretch
+- (MODULES-3476) Updates regex in apache_version custom fact to work with EL5
+- Dont sql_injection_attacks.data
+- Add force option to confd file resource to purge directory without warnings
+- Patch httpoxy through mod_security
+- Fixes config ordering of IncludeOptional
+- Fixes bug where port numbers were unquoted
+- Fixes bug where empty servername for vhost were written to template
+- Auto-load `slotmem_shm` and `lbmethod_byrequests` with `proxy_balancer` on 2.4
+- Simplify MPM setup on FreeBSD
+- Adds requirement for httpd package
+- Do not set ssl_certs_dir on FreeBSD
+- Fixes bug that produces a duplicate `Listen 443` after a package update on EL7
+- Fixes bug where custom facts break structured facts
+- Avoid relative classname inclusion
+- Fixes a failure in `vhost` if the first element of `$rewrites` is not a hash
+- (MODULES-3744) Process $crs_package before $modsec_dir
+- (MODULES-1491) Adds `::apache` include to mods that need it
+
+## Supported Release [1.10.0]
+#### Summary
+This release fixes backwards compatibility bugs introduced in 1.9.0. Also includes a new mod class and a new vhost feature.
+
+#### Features
+- Allow setting KeepAlive related options per vhost
+  - `apache::vhost::keepalive`
+  - `apache::vhost::keepalive_timeout`
+  - `apache::vhost::max_keepalive_requests`
+- Adds new class `apache::mod::cluster`
+
+#### Bugfixes
+- MODULES-2890: Allow php_version != 5
+- MODULES-2890: mod::php: Explicit test on jessie
+- MODULES-2890: Fix PHP on Debian stretch and Ubuntu Xenial
+- MODULES-2890: Fix mod_php SetHandler and cleanup
+- Fixed trailing slash in lib_path on Suse
+- Revert "MODULES-2956: Enable options within location block on proxy_match". Bug introduced in release 1.9.0.
+- Revert "changed rpaf Configuration Directives: RPAF -> RPAF_". Bug introduced in release 1.9.0.
+- Set actual path to apachectl on FreeBSD. Fixes snippets verification.
+
+## Supported Release [1.9.0] [DELETED]
+#### Features
+- Added `apache_version` fact
+- Added `apache::balancer::target` attribute
+- Added `apache::fastcgi::server::pass_header` attribute
+- Added ability for `apache::fastcgi::server::host` using sockets
+- Added `apache::root_directory_options` attribute
+- Added for `apache::mod::ldap`:
+  - `ldap_shared_cache_size`
+  - `ldap_cache_entries`
+  - `ldap_cache_ttl`
+  - `ldap_opcache_entries`
+  - `ldap_opcache_ttl`
+- Added `apache::mod::pagespeed::package_ensure` attribute
+- Added `apache::mod::passenger` attributes:
+  - `passenger_log_level`
+  - `manage_repo`
+- Added upstream repo for `apache::mod::passenger`
+- Added `apache::mod::proxy_fcgi` class
+- Added `apache::mod::security` attributes:
+  - `audit_log_parts`
+  - `secpcrematchlimit`
+  - `secpcrematchlimitrecursion`
+  - `secdefaultaction`
+  - `anomaly_score_blocking`
+  - `inbound_anomaly_threshold`
+  - `outbound_anomaly_threshold`
+- Added `apache::mod::ssl` attributes:
+  - `ssl_mutex`
+  - `apache_version`
+- Added ubuntu 16.04 support
+- Added `apache::mod::authnz_ldap::package_name` attribute
+- Added `apache::mod::ldap::package_name` attribute
+- Added `apache::mod::proxy::package_name` attribute
+- Added `apache::vhost` attributes:
+  - `ssl_proxy_check_peen_expire`
+  - `ssl_proxy_protocol`
+  - `logroot_owner`
+  - `logroot_group`
+  - `setenvifnocase`
+  - `passenger_user`
+  - `passenger_high_performance`
+  - `jk_mounts`
+  - `fastcgi_idle_timeout`
+  - `modsec_disable_msgs`
+  - `modsec_disable_tags`
+- Added ability for 2.4-style `RequireAll|RequireNone|RequireAny` directory permissions
+- Added ability for includes in vhost directory
+- Added directory values:
+  - `AuthMerging`
+  - `MellonSPMetadataFile`
+- Adds Configurability of Collaborative Detection Severity Levels for OWASP Core Rule Set to `apache::mod::security` class
+  - `critical_anomaly_score`
+  - `error_anomaly_score`
+  - `warning_anomaly_score`
+  - `notice_anomaly_score`
+- Adds ability to configure `info_path` in `apache::mod::info` class
+- Adds ability to configure `verify_config` in `apache::vhost::custom`
+
+#### Bugfixes
+- Fixed apache mod setup for event/worker failing syntax
+- Fixed concat deprecation warnings
+- Fixed pagespeed mod
+- Fixed service restart on mod update
+- Fixed mod dir purging to happen after package installs
+- Fixed various `apache::mod::*` file modes
+- Fixed `apache::mod::authnz_ldap` parameter `verifyServerCert` to be `verify_server_cert`
+- Fixed loadfile name in `apache::mod::fcgid`
+- Fixed `apache::mod::remoteip` to fail on apache < 2.4 (because it is not available)
+- Fixed `apache::mod::ssl::ssl_honorcipherorder` interpolation
+- Lint fixes
+- Strict variable fixes
+- Fixed `apache::vhost` attribute `redirectmatch_status` to be optional
+- Fixed SSLv3 on by default in mod\_nss
+- Fixed mod\_rpaf directive names in template
+- Fixed mod\_worker needing MaxClients with ThreadLimit
+- Fixed quoting on vhost php\_value
+- Fixed xml2enc for proxy\_html on debian
+- Fixed a problem where the apache service restarts too fast
+
+## Supported Release [1.8.1]
+### Summary
+This release includes bug fixes and a documentation update.
+
+#### Bugfixes
+- Fixes a bug that occurs when using the module in combination with puppetlabs-concat 2.x.
+- Fixes a bug where passenger.conf was vulnerable to purging.
+- Removes the pin of the concat module dependency.
+
+## Supported Release [1.8.0]
+### Summary
+This release includes a lot of bug fixes and feature updates, including support for Debian 8, as well as many test improvements.
+
+#### Features
+- Debian 8 Support.
+- Added the 'file_mode' property to allow a custom permission setting for config files.
+- Enable 'PassengerMaxRequestQueueSize' to be set for mod_passenger.
+- MODULES-2956: Enable options within location block on proxy_match.
+- Support itk on redhat.
+- Support the mod_ssl SSLProxyVerify directive.
+- Support ProxPassReverseCookieDomain directive (mod_proxy).
+- Support proxy provider for vhost directories.
+- Added new 'apache::vhost::custom' resource.
+
+#### Bugfixes
+- Fixed ProxyPassReverse configuration.
+- Fixed error in Amazon operatingsystem detection.
+- Fixed mod_security catalog ordering issues for RedHat 7.
+- Fixed paths and packages for the shib2 apache module on Debian pre Jessie.
+- Fixed EL7 directory path for apache modules.
+- Fixed validation error when empty array is passed for the rewrites parameter.
+- Idempotency fixes with regards to '::apache::mod_enable_dir'.
+- ITK fixes.
+- (MODULES-2865) fix $mpm_module logic for 'false'.
+- Set SSLProxy directives even if ssl is false, due to issue with RewriteRules and ProxyPass directives.
+- Enable setting LimitRequestFieldSize globally, and remove it from vhost.
+
+#### Improvements
+- apache::mod::php now uses FilesMatch to configure the php handler. This is following the recommended upstream configuration guidelines (http://php.net/manual/en/install.unix.apache2.php#example-20) and distribution's default config (e.g.: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/vivid/php5/vivid/view/head:/debian/php5.conf). It avoids inadvertently exposing the PHP handler to executing uploads with names like 'file.php.jpg', but might impact setups with unusual requirements.
+- Improved compatibility for Gentoo.
+- Vhosts can now be supplied with a wildcard listen value.
+- Numerous test improvements.
+- Removed workarounds for https://bz.apache.org/bugzilla/show_bug.cgi?id=38864 as the issues have been fixed in Apache.
+- Documentation updates.
+- Ensureed order of ProxyPass and ProxyPassMatch parameters.
+- Ensure that ProxyPreserveHost is set to off mode explicitly if not set in manifest.
+- Put headers and request headers before proxy with regards to template generation.
+- Added X-Forwarded-For into log_formats defaults.
+- (MODULES-2703) Allow mod pagespeed to take an array of lines as additional_configuration.
+
+## Supported Release [1.7.1]
+###Summary
+
+Small release for support of newer PE versions. This increments the version of PE in the metadata.json file.
+
+## Supported Release [1.7.0]
+### Summary
+This release includes many new features and bugfixes. There are test, documentation and misc improvements.
+
+#### Features
+- allow groups with - like vhost-users 
+- ability to enable/disable the secruleengine through a parameter
+- add mod_auth_kerb parameters to vhost
+- client auth for reverse proxy
+- support for mod_auth_mellon
+- change SSLProtocol in apache::vhost to be space separated
+- RewriteLock support
+
+#### Bugfixes
+- fix apache::mod::cgid so it can be used with the event MPM 
+- load unixd before fcgid on all operating systems
+- fixes conditional in vhost aliases
+- corrects mod_cgid worker/event defaults
+- ProxyPassMatch parameters were ending up on a newline
+- catch that mod_authz_default has been removed in Apache 2.4
+- mod::ssl fails on SLES
+- fix typo of MPM_PREFORK for FreeBSD package install 
+- install all modules before adding custom configs
+- fix acceptance testing for SSLProtocol behaviour for real
+- fix ordering issue with conf_file and ports_file 
+
+#### Known Issues
+- mod_passenger is having issues installing on Redhat/Centos 6, This is due to package dependency issues.
+
+#### Improvements
+- added docs for forcetype directive
+- removes ruby 1.8.7 from the travisci test matrix
+- readme reorganisation, minor fixups
+- support the mod_proxy ProxyPassReverseCookiePath directive
+- the purge_vhost_configs parameter is actually called purge_vhost_dir
+- add ListenBacklog for mod worker
+- deflate application/json by default 
+- install mod_authn_alias as default mod in debian for apache < 2.4
+- optionally set LimitRequestFieldSize on an apache::vhost
+- add SecUploadDir parameter to support file uploads with mod_security
+- optionally set parameters for mod_ext_filter module
+- allow SetOutputFilter to be set on a directory
+- RC4 is deprecated
+- allow empty docroot
+- add option to configure the include pattern for the vhost_enable dir
+- allow multiple IP addresses per vhost
+- default document root update for Ubuntu 14.04 and Debian 8 
+
+## Supported Release [1.6.0]
+### Summary
+This release includes a couple of new features, along with test and documentation updates, and support for the latest AIO puppet builds.
+
+#### Features
+- Add `scan_proxy_header_field` parameter to `apache::mod::geoip`
+- Add `ssl_openssl_conf_cmd` parameter to `apache::vhost` and `apache::mod::ssl`
+- Add `filters` parameter to `apache::vhost`
+
+#### Bugfixes
+- Test updates
+- Do not use systemd on Amazon Linux
+- Add missing docs for `timeout` parameter (MODULES-2148)
+
+## Supported Release [1.5.0]
+### Summary
+This release primarily adds Suse compatibility. It also adds a handful of other
+parameters for greater configuration control.
+
+#### Features
+- Add `apache::lib_path` parameter
+- Add `apache::service_restart` parameter
+- Add `apache::vhost::geoip_enable` parameter
+- Add `apache::mod::geoip` class
+- Add `apache::mod::remoteip` class
+- Add parameters to `apache::mod::expires` class
+- Add `index_style_sheet` handling to `apache::vhost::directories`
+- Add some compatibility for SLES 11
+- Add `apache::mod::ssl::ssl_sessioncachetimeout` parameter
+- Add `apache::mod::ssl::ssl_cryptodevice` parameter
+- Add `apache::mod::ssl::ssl_honorcipherorder` parameter
+- Add `apache::mod::userdir::options` parameter
+
+#### Bugfixes
+- Document `apache::user` parameter
+- Document `apache::group` parameter
+- Fix apache::dev on FreeBSD
+- Fix proxy\_connect on apache >= 2.2
+- Validate log levels better
+- Fix `apache::apache_name` for package and vhost
+- Fix Debian Jessie mod\_prefork package name
+- Fix alias module being declared even when vhost is absent
+- Fix proxy\_pass\_match handling in vhost's proxy template
+- Fix userdir access permissions
+- Fix issue where the module was trying to use systemd on Amazon Linux.
+
+## Supported Release [1.4.1]
+
+This release corrects a metadata issue that has been present since release 1.2.0. The refactoring of `apache::vhost` to use `puppetlabs-concat` requires a version of concat newer than the version required in PE. If you are using PE 3.3.0 or earlier you will need to use version 1.1.1 or earlier of the `puppetlabs-apache` module.
+
+## Supported Release [1.4.0]
+###Summary
+
+This release fixes the issue where the docroot was still managed even if the default vhosts were disabled and has many other features and bugfixes including improved support for 'deny' and 'require' as arrays in the 'directories' parameter under `apache::vhost`
+
+#### Features
+- New parameters to `apache`
+  - `default_charset`
+  - `default_type`
+- New parameters to `apache::vhost`
+  - `proxy_error_override`
+  - `passenger_app_env` (MODULES-1776)
+  - `proxy_dest_match`
+  - `proxy_dest_reverse_match`
+  - `proxy_pass_match`
+  - `no_proxy_uris_match`
+- New parameters to `apache::mod::passenger`
+  - `passenger_app_env`
+  - `passenger_min_instances`
+- New parameter to `apache::mod::alias`
+  - `icons_options`
+- New classes added under `apache::mod::*`
+  - `authn_file`
+  - `authz_default`
+  - `authz_user`
+- Added support for 'deny' as an array in 'directories' under `apache::vhost`
+- Added support for RewriteMap
+- Improved support for FreeBSD. (Note: If using apache < 2.4.12, see the discussion [here](https://github.com/puppetlabs/puppetlabs-apache/pull/1030))
+- Added check for deprecated options in directories and fail when they are unsupported
+- Added gentoo compatibility
+- Added proper array support for `require` in the `directories` parameter in `apache::vhost`
+- Added support for `setenv` inside proxy locations
+
+### Bugfixes
+- Fix issue in `apache::vhost` that was preventing the scriptalias fragment from being included (MODULES-1784)
+- Install required `mod_ldap` package for EL7 (MODULES-1779)
+- Change default value of `maxrequestworkers` in `apache::mod::event` to be a multiple of the default `ThreadsPerChild` of 25.
+- Use the correct `mod_prefork` package name for trusty and jessie
+- Don't manage docroot when default vhosts are disabled
+- Ensure resources notify `Class['Apache::Service']` instead of `Service['httpd']` (MODULES-1829)
+- Change the loadfile name for `mod_passenger` so `mod_proxy` will load by default before `mod_passenger`
+- Remove old Debian work-around that removed `passenger_extra.conf`
+
+## Supported Release [1.3.0]
+### Summary
+
+This release has many new features and bugfixes, including the ability to optionally not trigger service restarts on config changes.
+
+#### Features
+- New parameters - `apache`
+  - `service_manage`
+  - `use_optional_includes`
+- New parameters - `apache::service`
+  - `service_manage`
+- New parameters - `apache::vhost`
+  - `access_logs`
+  - `php_flags`
+  - `php_values`
+  - `modsec_disable_vhost`
+  - `modsec_disable_ids`
+  - `modsec_disable_ips`
+  - `modsec_body_limit`
+- Improved FreeBSD support
+- Add ability to omit priority prefix if `$priority` is set to false
+- Add `apache::security::rule_link` define
+- Improvements to `apache::mod::*`
+  - Add `apache::mod::auth_cas` class
+  - Add `threadlimit`, `listenbacklog`, `maxrequestworkers`, `maxconnectionsperchild` parameters to `apache::mod::event`
+  - Add `apache::mod::filter` class
+  - Add `root_group` to `apache::mod::php`
+  - Add `apache::mod::proxy_connect` class
+  - Add `apache::mod::security` class
+  - Add `ssl_pass_phrase_dialog` and `ssl_random_seed_bytes` parameters to `apache::mod::ssl` (MODULES-1719)
+  - Add `status_path` parameter to `apache::mod::status`
+  - Add `apache_version` parameter to `apache::mod::version`
+  - Add `package_name` and `mod_path` parameters to `apache::mod::wsgi` (MODULES-1458)
+- Improved SCL support
+  - Add support for specifying the docroot
+- Updated `_directories.erb` to add support for SetEnv
+- Support multiple access log directives (MODULES-1382)
+- Add passenger support for Debian Jessie
+- Add support for not having puppet restart the apache service (MODULES-1559)
+
+#### Bugfixes
+- For apache 2.4 `mod_itk` requires `mod_prefork` (MODULES-825)
+- Allow SSLCACertificatePath to be unset in `apache::vhost` (MODULES-1457)
+- Load fcgid after unixd on RHEL7
+- Allow disabling default vhost for Apache 2.4
+- Test fixes
+- `mod_version` is now built-in (MODULES-1446)
+- Sort LogFormats for idempotency
+- `allow_encoded_slashes` was omitted from `apache::vhost`
+- Fix documentation bug (MODULES-1403, MODULES-1510)
+- Sort `wsgi_script_aliases` for idempotency (MODULES-1384)
+- lint fixes
+- Fix automatic version detection for Debian Jessie
+- Fix error docs and icons path for RHEL7-based systems (MODULES-1554)
+- Sort php_* hashes for idempotency (MODULES-1680)
+- Ensure `mod::setenvif` is included if needed (MODULES-1696)
+- Fix indentation in `vhost/_directories.erb` template (MODULES-1688)
+- Create symlinks on all distros if `vhost_enable_dir` is specified
+
+## Supported Release [1.2.0]
+### Summary
+
+This release features many improvements and bugfixes, including several new defines, a reworking of apache::vhost for more extensibility, and many new parameters for more customization. This release also includes improved support for strict variables and the future parser.
+
+#### Features
+- Convert apache::vhost to use concat for easier extensions
+- Test improvements
+- Synchronize files with modulesync
+- Strict variable and future parser support
+- Added apache::custom_config defined type to allow validation of configs before they are created
+- Added bool2httpd function to convert true/false to apache 'On' and 'Off'. Intended for internal use in the module.
+- Improved SCL support
+  - allow overriding of the mod_ssl package name
+- Add support for reverse_urls/ProxyPassReverse in apache::vhost
+- Add satisfy directive in apache::vhost::directories
+- Add apache::fastcgi::server defined type
+- New parameters - apache
+  - allow_encoded_slashes
+  - apache_name
+  - conf_dir
+  - default_ssl_crl_check
+  - docroot
+  - logroot_mode
+  - purge_vhost_dir
+- New parameters - apache::vhost
+  - add_default_charset
+  - allow_encoded_slashes
+  - logroot_ensure
+  - logroot_mode
+  - manage_docroot
+  - passenger_app_root
+  - passenger_min_instances
+  - passenger_pre_start
+  - passenger_ruby
+  - passenger_start_timeout
+  - proxy_preserve_host
+  - proxy_requests
+  - redirectmatch_dest
+  - ssl_crl_check
+  - wsgi_chunked_request
+  - wsgi_pass_authorization
+- Add support for ScriptAlias and ScriptAliasMatch in the apache::vhost::aliases parameter
+- Add support for rewrites in the apache::vhost::directories parameter
+- If the service_ensure parameter in apache::service is set to anything other than true, false, running, or stopped, ensure will not be passed to the service resource, allowing for the service to not be managed by puppet
+- Turn of SSLv3 by default
+- Improvements to apache::mod*
+  - Add restrict_access parameter to apache::mod::info
+  - Add force_language_priority and language_priority parameters to apache::mod::negotiation
+  - Add threadlimit parameter to apache::mod::worker
+  - Add content, template, and source parameters to apache::mod::php
+  - Add mod_authz_svn support via the authz_svn_enabled parameter in apache::mod::dav_svn
+  - Add loadfile_name parameter to apache::mod
+  - Add apache::mod::deflate class
+  - Add options parameter to apache::mod::fcgid
+  - Add timeouts parameter to apache::mod::reqtimeout
+  - Add apache::mod::shib
+  - Add apache_version parameter to apache::mod::ldap
+  - Add magic_file parameter to apache::mod::mime_magic
+  - Add apache_version parameter to apache::mod::pagespeed
+  - Add passenger_default_ruby parameter to apache::mod::passenger
+  - Add content, template, and source parameters to apache::mod::php
+  - Add apache_version parameter to apache::mod::proxy
+  - Add loadfiles parameter to apache::mod::proxy_html
+  - Add ssl_protocol and package_name parameters to apache::mod::ssl
+  - Add apache_version parameter to apache::mod::status
+  - Add apache_version parameter to apache::mod::userdir
+  - Add apache::mod::version class
+
+#### Bugfixes
+- Set osfamily defaults for wsgi_socket_prefix
+- Support multiple balancermembers with the same url
+- Validate apache::vhost::custom_fragment
+- Add support for itk with mod_php
+- Allow apache::vhost::ssl_certs_dir to not be set
+- Improved passenger support for Debian
+- Improved 2.4 support without mod_access_compat
+- Support for more than one 'Allow from'-directive in _directories.erb
+- Don't load systemd on Amazon linux based on CentOS6 with apache 2.4
+- Fix missing newline in ModPagespeed filter and memcached servers directive
+- Use interpolated strings instead of numbers where required by future parser
+- Make auth_require take precedence over default with apache 2.4
+- Lint fixes
+- Set default for php_admin_flags and php_admin_values to be empty hash instead of empty array
+- Correct typo in mod::pagespeed
+- spec_helper fixes
+- Install mod packages before dealing with the configuration
+- Use absolute scope to check class definition in apache::mod::php
+- Fix dependency loop in apache::vhost
+- Properly scope variables in the inline template in apache::balancer
+- Documentation clarification, typos, and formatting
+- Set apache::mod::ssl::ssl_mutex to default for debian on apache >= 2.4
+- Strict variables fixes
+- Add authn_core mode to Ubuntu trusty defaults
+- Keep default loadfile for authz_svn on Debian
+- Remove '.conf' from the site-include regexp for better Ubuntu/Debian support
+- Load unixd before fcgid for EL7
+- Fix RedirectMatch rules
+- Fix misleading error message in apache::version
+
+#### Known Bugs
+* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`.
+* SLES is unsupported.
+
+## Supported Release [1.1.1]
+### Summary
+
+This release merely updates metadata.json so the module can be uninstalled and
+upgraded via the puppet module command.
+
+## Supported Release [1.1.0]
+
+### Summary
+
+This release primarily focuses on extending the httpd 2.4 support, tested
+through adding RHEL7 and Ubuntu 14.04 support.  It also includes Passenger 
+4 support, as well as several new modules and important bugfixes.
+
+#### Features
+
+- Add support for RHEL7 and Ubuntu 14.04
+- More complete apache24 support
+- Passenger 4 support
+- Add support for max_keepalive_requests and log_formats parameters
+- Add mod_pagespeed support
+- Add mod_speling support
+- Added several parameters for mod_passenger
+- Added ssl_cipher parameter to apache::mod::ssl
+- Improved examples in documentation
+- Added docroot_mode, action, and suexec_user_group parameters to apache::vhost
+- Add support for custom extensions for mod_php
+- Improve proxy_html support for Debian
+
+#### Bugfixes
+
+- Remove NameVirtualHost directive for apache >= 2.4
+- Order proxy_set option so it doesn't change between runs
+- Fix inverted SSL compression
+- Fix missing ensure on concat::fragment resources
+- Fix bad dependencies in apache::mod and apache::mod::mime
+
+#### Known Bugs
+* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`.
+* SLES is unsupported.
+
+## Supported Release [1.0.1]
+### Summary
+
+This is a supported release.  This release removes a testing symlink that can
+cause trouble on systems where /var is on a seperate filesystem from the
+modulepath.
+
+#### Features
+#### Bugfixes
+#### Known Bugs
+* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`.
+* SLES is unsupported.
+ 
+## Supported Release [1.0.0]
+### Summary
+
+This is a supported release. This release introduces Apache 2.4 support for
+Debian and RHEL based osfamilies.
+
+#### Features
+
+- Add apache24 support
+- Add rewrite_base functionality to rewrites
+- Updated README documentation
+- Add WSGIApplicationGroup and WSGIImportScript directives
+
+#### Bugfixes
+
+- Replace mutating hashes with merge() for Puppet 3.5
+- Fix WSGI import_script and mod_ssl issues on Lucid
+
+#### Known Bugs
+* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`.
+* SLES is unsupported.
+
+---
+
+## Supported Release [0.11.0]
+### Summary:
+
+This release adds preliminary support for Windows compatibility and multiple rewrite support.
+
+#### Backwards-incompatible Changes:
+
+- The rewrite_rule parameter is deprecated in favor of the new rewrite parameter
+  and will be removed in a future release.
+
+#### Features:
+
+- add Match directive
+- quote paths for windows compatibility
+- add auth_group_file option to README.md
+- allow AuthGroupFile directive for vhosts
+- Support Header directives in vhost context
+- Don't purge mods-available dir when separate enable dir is used
+- Fix the servername used in log file name
+- Added support for mod_include
+- Remove index parameters.
+- Support environment variable control for CustomLog
+- added redirectmatch support
+- Setting up the ability to do multiple rewrites and conditions.
+- Convert spec tests to beaker.
+- Support php_admin_(flag|value)s
+
+#### Bugfixes:
+
+- directories are either a Hash or an Array of Hashes
+- Configure Passenger in separate .conf file on RH so PassengerRoot isn't lost
+- (docs) Update list of `apache::mod::[name]` classes
+- (docs) Fix apache::namevirtualhost example call style
+- Fix $ports_file reference in apache::listen.
+- Fix $ports_file reference in Namevirtualhost.
+
+
+## Supported Release [0.10.0]
+### Summary:
+
+This release adds FreeBSD osfamily support and various other improvements to some mods.
+
+#### Features:
+
+- Add suPHP_UserGroup directive to directory context
+- Add support for ScriptAliasMatch directives
+- Set SSLOptions StdEnvVars in server context
+- No implicit <Directory> entry for ScriptAlias path
+- Add support for overriding ErrorDocument
+- Add support for AliasMatch directives
+- Disable default "allow from all" in vhost-directories
+- Add WSGIPythonPath as an optional parameter to mod_wsgi. 
+- Add mod_rpaf support
+- Add directives: IndexOptions, IndexOrderDefault
+- Add ability to include additional external configurations in vhost
+- need to use the provider variable not the provider key value from the directory hash for matches
+- Support for FreeBSD and few other features
+- Add new params to apache::mod::mime class
+- Allow apache::mod to specify module id and path
+- added $server_root parameter
+- Add Allow and ExtendedStatus support to mod_status
+- Expand vhost/_directories.pp directive support
+- Add initial support for nss module (no directives in vhost template yet)
+- added peruser and event mpms
+- added $service_name parameter
+- add parameter for TraceEnable
+- Make LogLevel configurable for server and vhost
+- Add documentation about $ip
+- Add ability to pass ip (instead of wildcard) in default vhost files
+
+#### Bugfixes:
+
+- Don't listen on port or set NameVirtualHost for non-existent vhost
+- only apply Directory defaults when provider is a directory
+- Working mod_authnz_ldap support on Debian/Ubuntu
+
+## Supported Release [0.9.0]
+### Summary:
+This release adds more parameters to the base apache class and apache defined
+resource to make the module more flexible. It also adds or enhances SuPHP,
+WSGI, and Passenger mod support, and support for the ITK mpm module.
+
+#### Backwards-incompatible Changes:
+- Remove many default mods that are not normally needed.
+- Remove `rewrite_base` `apache::vhost` parameter; did not work anyway.
+- Specify dependencies on stdlib >=2.4.0 (this was already the case, but
+making explicit)
+- Deprecate `a2mod` in favor of the `apache::mod::*` classes and `apache::mod`
+defined resource.
+
+#### Features:
+- `apache` class
+  - Add `httpd_dir` parameter to change the location of the configuration
+  files.
+  - Add `logroot` parameter to change the logroot
+  - Add `ports_file` parameter to changes the `ports.conf` file location
+  - Add `keepalive` parameter to enable persistent connections
+  - Add `keepalive_timeout` parameter to change the timeout
+  - Update `default_mods` to be able to take an array of mods to enable.
+- `apache::vhost`
+  - Add `wsgi_daemon_process`, `wsgi_daemon_process_options`,
+  `wsgi_process_group`, and `wsgi_script_aliases` parameters for per-vhost
+  WSGI configuration.
+  - Add `access_log_syslog` parameter to enable syslogging.
+  - Add `error_log_syslog` parameter to enable syslogging of errors.
+  - Add `directories` hash parameter. Please see README for documentation.
+  - Add `sslproxyengine` parameter to enable SSLProxyEngine
+  - Add `suphp_addhandler`, `suphp_engine`, and `suphp_configpath` for
+  configuring SuPHP.
+  - Add `custom_fragment` parameter to allow for arbitrary apache
+  configuration injection. (Feature pull requests are prefered over using
+  this, but it is available in a pinch.)
+- Add `apache::mod::suphp` class for configuring SuPHP.
+- Add `apache::mod::itk` class for configuring ITK mpm module.
+- Update `apache::mod::wsgi` class for global WSGI configuration with
+`wsgi_socket_prefix` and `wsgi_python_home` parameters.
+- Add README.passenger.md to document the `apache::mod::passenger` usage.
+Added `passenger_high_performance`, `passenger_pool_idle_time`,
+`passenger_max_requests`, `passenger_stat_throttle_rate`, `rack_autodetect`,
+and `rails_autodetect` parameters.
+- Separate the httpd service resource into a new `apache::service` class for
+dependency chaining of `Class['apache'] -> <resource> ~>
+Class['apache::service']`
+- Added `apache::mod::proxy_balancer` class for `apache::balancer`
+
+#### Bugfixes:
+- Change dependency to puppetlabs-concat
+- Fix ruby 1.9 bug for `a2mod`
+- Change servername to be `$::hostname` if there is no `$::fqdn`
+- Make `/etc/ssl/certs` the default ssl certs directory for RedHat non-5.
+- Make `php` the default php package for RedHat non-5.
+- Made `aliases` able to take a single alias hash instead of requiring an
+array.
+
+## Supported Release [0.8.1]
+#### Bugfixes:
+- Update `apache::mpm_module` detection for worker/prefork
+- Update `apache::mod::cgi` and `apache::mod::cgid` detection for
+worker/prefork
+
+## Supported Release [0.8.0]
+#### Features:
+- Add `servername` parameter to `apache` class
+- Add `proxy_set` parameter to `apache::balancer` define
+
+#### Bugfixes:
+- Fix ordering for multiple `apache::balancer` clusters
+- Fix symlinking for sites-available on Debian-based OSs
+- Fix dependency ordering for recursive confdir management
+- Fix `apache::mod::*` to notify the service on config change
+- Documentation updates
+
+## Supported Release [0.7.0]
+#### Changes:
+- Essentially rewrite the module -- too many to list
+- `apache::vhost` has many abilities -- see README.md for details
+- `apache::mod::*` classes provide httpd mod-loading capabilities
+- `apache` base class is much more configurable
+
+#### Bugfixes:
+- Many. And many more to come
+
+## Supported Release [0.6.0]
+- update travis tests (add more supported versions)
+- add access log_parameter
+- make purging of vhost dir configurable
+
+## Supported Release [0.4.0]
+#### Changes:
+- `include apache` is now required when using `apache::mod::*`
+
+#### Bugfixes:
+- Fix syntax for validate_re
+- Fix formatting in vhost template
+- Fix spec tests such that they pass
+
+## Supported Release [0.0.4]
+* e62e362 Fix broken tests for ssl, vhost, vhost::*
+* 42c6363 Changes to match style guide and pass puppet-lint without error
+* 42bc8ba changed name => path for file resources in order to name namevar by it's name
+* 72e13de One end too much
+* 0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc.
+* 273f94d fix tests
+* a35ede5 (#13860) Make a2enmod/a2dismo commands optional
+* 98d774e (#13860) Autorequire Package['httpd']
+* 05fcec5 (#13073) Add missing puppet spec tests
+* 541afda (#6899) Remove virtual a2mod definition
+* 976cb69 (#13072) Move mod python and wsgi package names to params
+* 323915a (#13060) Add .gitignore to repo
+* fdf40af (#13060) Remove pkg directory from source tree
+* fd90015 Add LICENSE file and update the ModuleFile
+* d3d0d23 Re-enable local php class
+* d7516c7 Make management of firewalls configurable for vhosts
+* 60f83ba Explicitly lookup scope of apache_name in templates.
+* f4d287f (#12581) Add explicit ordering for vdir directory
+* 88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall
+* a776a8b (#11071) Fix to work with latest firewall module
+* 2b79e8b (#11070) Add support for Scientific Linux
+* 405b3e9 Fix for a2mod
+* 57b9048 Commit apache::vhost::redirect Manifest
+* 8862d01 Commit apache::vhost::proxy Manifest
+* d5c1fd0 Commit apache::mod::wsgi Manifest
+* a825ac7 Commit apache::mod::python Manifest
+* b77062f Commit Templates
+* 9a51b4a Vhost File Declarations
+* 6cf7312 Defaults for Parameters
+* 6a5b11a Ensure installed
+* f672e46 a2mod fix
+* 8a56ee9 add pthon support to apache
+
+[3.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/3.1.0...3.2.0
+[3.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/3.0.0...3.1.0
+[3.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.3.1...3.0.0
+[2.3.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.3.0...2.3.1
+[2.3.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.2.0...2.3.0
+[2.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.1.0...2.2.0
+[2.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.0.0...2.1.0
+[2.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...2.0.0
+[1.11.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...1.11.1
+[1.11.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.10.0...1.11.0
+[1.10.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.9.0...1.10.0
+[1.9.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.1...1.9.0
+[1.8.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.0...1.8.1
+[1.8.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.7.1...1.8.0
+[1.7.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.7.0...1.7.1
+[1.7.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.6.0...1.7.0
+[1.6.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.5.0...1.6.0
+[1.5.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.4.1...1.5.0
+[1.4.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.4.0...1.4.1
+[1.4.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.3.0...1.4.0
+[1.3.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.2.0...1.3.0
+[1.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.1.1...1.2.0
+[1.1.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.1.0...1.1.1
+[1.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.0.1...1.1.0
+[1.0.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.0.0...1.0.1
+[1.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.11.0...1.0.0
+[0.11.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.10.0...0.11.0
+[0.10.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.9.0...0.10.0
+[0.9.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.1...0.9.0
+[0.8.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.8.0...0.8.1
+[0.8.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.7.0...0.8.0
+[0.7.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.6.0...0.7.0
+[0.6.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.5.0-rc1...0.6.0
+[0.5.0-rc1]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.4.0...0.5.0-rc1
+[0.4.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.3.0...0.4.0
+[0.0.4]:https://github.com/puppetlabs/puppetlabs-apache/commits/0.0.4
+
+
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/CODEOWNERS b/modules/services/unix/http/apache_kali_compatible/apache/CODEOWNERS
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/CODEOWNERS
rename to modules/services/unix/http/apache_kali_compatible/apache/CODEOWNERS
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/CONTRIBUTING.md b/modules/services/unix/http/apache_kali_compatible/apache/CONTRIBUTING.md
new file mode 100644
index 000000000..e7a3a7c3f
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/CONTRIBUTING.md
@@ -0,0 +1,3 @@
+# Contributing to Puppet modules
+
+Check out our [Contributing to Supported Modules Blog Post](https://puppetlabs.github.io/iac/docs/contributing_to_a_module.html) to find all the information that you will need.
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/HISTORY.md b/modules/services/unix/http/apache_kali_compatible/apache/HISTORY.md
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/HISTORY.md
rename to modules/services/unix/http/apache_kali_compatible/apache/HISTORY.md
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/LICENSE b/modules/services/unix/http/apache_kali_compatible/apache/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/NOTICE b/modules/services/unix/http/apache_kali_compatible/apache/NOTICE
new file mode 100644
index 000000000..0bd06041e
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/NOTICE
@@ -0,0 +1,15 @@
+Puppet Module - puppetlabs-apache
+
+Copyright 2018 Puppet, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
\ No newline at end of file
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/README.md b/modules/services/unix/http/apache_kali_compatible/apache/README.md
new file mode 100755
index 000000000..481cda31b
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/README.md
@@ -0,0 +1,1008 @@
+# apache
+
+[Module description]: #module-description
+
+[Setup]: #setup
+[Beginning with Apache]: #beginning-with-apache
+
+[Usage]: #usage
+[Configuring virtual hosts]: #configuring-virtual-hosts
+[Configuring virtual hosts with SSL]: #configuring-virtual-hosts-with-ssl
+[Configuring virtual host port and address bindings]: #configuring-virtual-host-port-and-address-bindings
+[Configuring virtual hosts for apps and processors]: #configuring-virtual-hosts-for-apps-and-processors
+[Configuring IP-based virtual hosts]: #configuring-ip-based-virtual-hosts
+[Installing Apache modules]: #installing-apache-modules
+[Installing arbitrary modules]: #installing-arbitrary-modules
+[Installing specific modules]: #installing-specific-modules
+[Configuring FastCGI servers]: #configuring-fastcgi-servers-to-handle-php-files
+[Load balancing examples]: #load-balancing-examples
+[apache affects]: #what-the-apache-module-affects
+
+[Reference]: #reference
+
+[Limitations]: #limitations
+
+[Development]: #development
+[Contributing]: #contributing
+
+[`AddDefaultCharset`]: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset
+[`add_listen`]: #add_listen
+[`Alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#alias
+[`AliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#aliasmatch
+[aliased servers]: https://httpd.apache.org/docs/current/urlmapping.html
+[`AllowEncodedSlashes`]: https://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes
+[`apache`]: #class-apache
+[`apache_version`]: #apache_version
+[`apache::balancer`]: #defined-type-apachebalancer
+[`apache::balancermember`]: #defined-type-apachebalancermember
+[`apache::fastcgi::server`]: #defined-type-apachefastcgiserver
+[`apache::mod`]: #defined-type-apachemod
+[`apache::mod::<MODULE NAME>`]: #classes-apachemodmodule-name
+[`apache::mod::alias`]: #class-apachemodalias
+[`apache::mod::auth_cas`]: #class-apachemodauth_cas
+[`apache::mod::auth_mellon`]: #class-apachemodauth_mellon
+[`apache::mod::authn_dbd`]: #class-apachemodauthn_dbd
+[`apache::mod::authnz_ldap`]: #class-apachemodauthnz_ldap
+[`apache::mod::cluster`]: #class-apachemodcluster
+[`apache::mod::data]: #class-apachemoddata
+[`apache::mod::disk_cache`]: #class-apachemoddisk_cache
+[`apache::mod::dumpio`]: #class-apachemoddumpio
+[`apache::mod::event`]: #class-apachemodevent
+[`apache::mod::ext_filter`]: #class-apachemodext_filter
+[`apache::mod::geoip`]: #class-apachemodgeoip
+[`apache::mod::http2`]: #class-apachemodhttp2
+[`apache::mod::itk`]: #class-apachemoditk
+[`apache::mod::jk`]: #class-apachemodjk
+[`apache::mod::ldap`]: #class-apachemodldap
+[`apache::mod::passenger`]: #class-apachemodpassenger
+[`apache::mod::peruser`]: #class-apachemodperuser
+[`apache::mod::prefork`]: #class-apachemodprefork
+[`apache::mod::proxy`]: #class-apachemodproxy
+[`apache::mod::proxy_balancer`]: #class-apachemodproxybalancer
+[`apache::mod::proxy_fcgi`]: #class-apachemodproxy_fcgi
+[`apache::mod::proxy_html`]: #class-apachemodproxy_html
+[`apache::mod::python`]: #class-apachemodpython
+[`apache::mod::security`]: #class-apachemodsecurity
+[`apache::mod::shib`]: #class-apachemodshib
+[`apache::mod::ssl`]: #class-apachemodssl
+[`apache::mod::status`]: #class-apachemodstatus
+[`apache::mod::userdir`]: #class-apachemoduserdir
+[`apache::mod::worker`]: #class-apachemodworker
+[`apache::mod::wsgi`]: #class-apachemodwsgi
+[`apache::params`]: #class-apacheparams
+[`apache::version`]: #class-apacheversion
+[`apache::vhost`]: #defined-type-apachevhost
+[`apache::vhost::custom`]: #defined-type-apachevhostcustom
+[`apache::vhost::WSGIImportScript`]: #wsgiimportscript
+[Apache HTTP Server]: https://httpd.apache.org
+[Apache modules]: https://httpd.apache.org/docs/current/mod/
+[array]: https://docs.puppet.com/puppet/latest/reference/lang_data_array.html
+
+[audit log]: https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats#audit-log
+
+[beaker-rspec]: https://github.com/puppetlabs/beaker-rspec
+
+[certificate revocation list]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationfile
+[certificate revocation list path]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationpath
+[common gateway interface]: https://httpd.apache.org/docs/current/howto/cgi.html
+[`confd_dir`]: #confd_dir
+[`content`]: #content
+[CONTRIBUTING.md]: CONTRIBUTING.md
+[custom error documents]: https://httpd.apache.org/docs/current/custom-error.html
+[`custom_fragment`]: #custom_fragment
+
+[`default_mods`]: #default_mods
+[`default_ssl_crl`]: #default_ssl_crl
+[`default_ssl_crl_path`]: #default_ssl_crl_path
+[`default_ssl_vhost`]: #default_ssl_vhost
+[`dev_packages`]: #dev_packages
+[`directory`]: #directory
+[`directories`]: #parameter-directories-for-apachevhost
+[`DirectoryIndex`]: https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex
+[`docroot`]: #docroot
+[`docroot_owner`]: #docroot_owner
+[`docroot_group`]: #docroot_group
+[`DocumentRoot`]: https://httpd.apache.org/docs/current/mod/core.html#documentroot
+
+[`EnableSendfile`]: https://httpd.apache.org/docs/current/mod/core.html#enablesendfile
+[enforcing mode]: http://selinuxproject.org/page/Guide/Mode
+[`ensure`]: https://docs.puppet.com/latest/type.html#package-attribute-ensure
+[`error_log_file`]: #error_log_file
+[`error_log_syslog`]: #error_log_syslog
+[`error_log_pipe`]: #error_log_pipe
+[`ExpiresByType`]: https://httpd.apache.org/docs/current/mod/mod_expires.html#expiresbytype
+[exported resources]: http://docs.puppet.com/latest/reference/lang_exported.md
+[`ExtendedStatus`]: https://httpd.apache.org/docs/current/mod/core.html#extendedstatus
+
+[Facter]: http://docs.puppet.com/facter/
+[FastCGI]: http://www.fastcgi.com/
+[FallbackResource]: https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource
+[`fallbackresource`]: #fallbackresource
+[`FileETag`]: https://httpd.apache.org/docs/current/mod/core.html#fileetag
+[filter rules]: https://httpd.apache.org/docs/current/filter.html
+[`filters`]: #filters
+[`ForceType`]: https://httpd.apache.org/docs/current/mod/core.html#forcetype
+
+[GeoIPScanProxyHeaders]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives
+[`gentoo/puppet-portage`]: https://github.com/gentoo/puppet-portage
+
+[Hash]: https://docs.puppet.com/puppet/latest/reference/lang_data_hash.html
+[`HttpProtocolOptions`]: http://httpd.apache.org/docs/current/mod/core.html#httpprotocoloptions
+
+[IAC Team]: https://puppetlabs.github.io/iac/
+[`IncludeOptional`]: https://httpd.apache.org/docs/current/mod/core.html#includeoptional
+[`Include`]: https://httpd.apache.org/docs/current/mod/core.html#include
+[interval syntax]: https://httpd.apache.org/docs/current/mod/mod_expires.html#AltSyn
+[`ip`]: #ip
+[`ip_based`]: #ip_based
+[IP-based virtual hosts]: https://httpd.apache.org/docs/current/vhosts/ip-based.html
+
+[`KeepAlive`]: https://httpd.apache.org/docs/current/mod/core.html#keepalive
+[`KeepAliveTimeout`]: https://httpd.apache.org/docs/current/mod/core.html#keepalivetimeout
+[`keepalive` parameter]: #keepalive
+[`keepalive_timeout`]: #keepalive_timeout
+[`limitreqfieldsize`]: https://httpd.apache.org/docs/current/mod/core.html#limitrequestfieldsize
+[`limitreqfields`]: http://httpd.apache.org/docs/current/mod/core.html#limitrequestfields
+
+[`lib`]: #lib
+[`lib_path`]: #lib_path
+[`Listen`]: https://httpd.apache.org/docs/current/bind.html
+[`ListenBackLog`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#listenbacklog
+[`LoadFile`]: https://httpd.apache.org/docs/current/mod/mod_so.html#loadfile
+[`LogFormat`]: https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat
+[`logroot`]: #logroot
+[Log security]: https://httpd.apache.org/docs/current/logs.html#security
+
+[`manage_docroot`]: #manage_docroot
+[`manage_user`]: #manage_user
+[`manage_group`]: #manage_group
+[`supplementary_groups`]: #supplementary_groups
+[`MaxConnectionsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxconnectionsperchild
+[`max_keepalive_requests`]: #max_keepalive_requests
+[`MaxRequestWorkers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxrequestworkers
+[`MaxSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxsparethreads
+[MIME `content-type`]: https://www.iana.org/assignments/media-types/media-types.xhtml
+[`MinSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#minsparethreads
+[`mod_alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html
+[`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas
+[`mod_auth_kerb`]: http://modauthkerb.sourceforge.net/configure.html
+[`mod_auth_gssapi`]: https://github.com/modauthgssapi/mod_auth_gssapi
+[`mod_authnz_external`]: https://github.com/phokz/mod-auth-external
+[`mod_auth_dbd`]: http://httpd.apache.org/docs/current/mod/mod_authn_dbd.html
+[`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon
+[`mod_dbd`]: http://httpd.apache.org/docs/current/mod/mod_dbd.html
+[`mod_disk_cache`]: https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html
+[`mod_dumpio`]: https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html
+[`mod_env`]: http://httpd.apache.org/docs/current/mod/mod_env.html
+[`mod_expires`]: https://httpd.apache.org/docs/current/mod/mod_expires.html
+[`mod_ext_filter`]: https://httpd.apache.org/docs/current/mod/mod_ext_filter.html
+[`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
+[`mod_geoip`]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/
+[`mod_http2`]: https://httpd.apache.org/docs/current/mod/mod_http2.html
+[`mod_info`]: https://httpd.apache.org/docs/current/mod/mod_info.html
+[`mod_ldap`]: https://httpd.apache.org/docs/2.2/mod/mod_ldap.html
+[`mod_mpm_event`]: https://httpd.apache.org/docs/current/mod/event.html
+[`mod_negotiation`]: https://httpd.apache.org/docs/current/mod/mod_negotiation.html
+[`mod_pagespeed`]: https://developers.google.com/speed/pagespeed/module/?hl=en
+[`mod_passenger`]: https://www.phusionpassenger.com/library/config/apache/reference/
+[`mod_php`]: http://php.net/manual/en/book.apache.php
+[`mod_proxy`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html
+[`mod_proxy_balancer`]: https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html
+[`mod_reqtimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html
+[`mod_python`]: http://modpython.org/
+[`mod_rewrite`]: https://httpd.apache.org/docs/current/mod/mod_rewrite.html
+[`mod_security`]: https://www.modsecurity.org/
+[`mod_ssl`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html
+[`mod_status`]: https://httpd.apache.org/docs/current/mod/mod_status.html
+[`mod_version`]: https://httpd.apache.org/docs/current/mod/mod_version.html
+[`mod_wsgi`]: https://modwsgi.readthedocs.org/en/latest/
+[module contribution guide]: https://docs.puppet.com/forge/contributing.html
+[`mpm_module`]: #mpm_module
+[multi-processing module]: https://httpd.apache.org/docs/current/mpm.html
+
+[name-based virtual hosts]: https://httpd.apache.org/docs/current/vhosts/name-based.html
+[`no_proxy_uris`]: #no_proxy_uris
+
+[open source Puppet]: https://docs.puppet.com/puppet/
+[`Options`]: https://httpd.apache.org/docs/current/mod/core.html#options
+
+[`path`]: #path
+[`Peruser`]: https://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr
+[`port`]: #port
+[`priority`]: #defined-types-apachevhost
+[`proxy_dest`]: #proxy_dest
+[`proxy_dest_match`]: #proxy_dest_match
+[`proxy_pass`]: #proxy_pass
+[`ProxyPass`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass
+[`ProxySet`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset
+[Puppet Enterprise]: https://docs.puppet.com/pe/
+[Puppet Forge]: https://forge.puppet.com
+[Puppet]: https://puppet.com
+[Puppet module]: https://docs.puppet.com/puppet/latest/reference/modules_fundamentals.html
+[Puppet module's code]: https://github.com/puppetlabs/puppetlabs-apache/blob/main/manifests/default_mods.pp
+[`purge_configs`]: #purge_configs
+[`purge_vhost_dir`]: #purge_vhost_dir
+[Python]: https://www.python.org/
+
+[Rack]: http://rack.github.io/
+[`rack_base_uris`]: #rack_base_uris
+[RFC 2616]: https://www.ietf.org/rfc/rfc2616.txt
+[`RequestReadTimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html#requestreadtimeout
+[rspec-puppet]: http://rspec-puppet.com/
+
+[`ScriptAlias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptalias
+[`ScriptAliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptaliasmatch
+[`scriptalias`]: #scriptalias
+[SELinux]: http://selinuxproject.org/
+[`ServerAdmin`]: https://httpd.apache.org/docs/current/mod/core.html#serveradmin
+[`serveraliases`]: #serveraliases
+[`ServerLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#serverlimit
+[`ServerName`]: https://httpd.apache.org/docs/current/mod/core.html#servername
+[`ServerRoot`]: https://httpd.apache.org/docs/current/mod/core.html#serverroot
+[`ServerTokens`]: https://httpd.apache.org/docs/current/mod/core.html#servertokens
+[`ServerSignature`]: https://httpd.apache.org/docs/current/mod/core.html#serversignature
+[Service attribute restart]: http://docs.puppet.com/latest/type.html#service-attribute-restart
+[`source`]: #source
+[`SSLCARevocationCheck`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck
+[SSL certificate key file]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile
+[SSL chain]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile
+[SSL encryption]: https://httpd.apache.org/docs/current/ssl/index.html
+[`ssl`]: #ssl
+[`ssl_cert`]: #ssl_cert
+[`ssl_compression`]: #ssl_compression
+[`ssl_key`]: #ssl_key
+[`StartServers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#startservers
+[suPHP]: http://www.suphp.org/Home.html
+[`suphp_addhandler`]: #suphp_addhandler
+[`suphp_configpath`]: #suphp_configpath
+[`suphp_engine`]: #suphp_engine
+[supported operating system]: https://forge.puppet.com/supported#puppet-supported-modules-compatibility-matrix
+
+[`ThreadLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadlimit
+[`ThreadsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadsperchild
+[`TimeOut`]: https://httpd.apache.org/docs/current/mod/core.html#timeout
+[template]: http://docs.puppet.com/puppet/latest/reference/lang_template.html
+[`TraceEnable`]: https://httpd.apache.org/docs/current/mod/core.html#traceenable
+
+[`UseCanonicalName`]: https://httpd.apache.org/docs/current/mod/core.html#usecanonicalname
+
+[`verify_config`]: #verify_config
+[`vhost`]: #defined-type-apachevhost
+[`vhost_dir`]: #vhost_dir
+[`virtual_docroot`]: #virtual_docroot
+
+[Web Server Gateway Interface]: https://www.python.org/dev/peps/pep-3333/#abstract
+[`WSGIRestrictEmbedded`]: http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIRestrictEmbedded.html
+[`WSGIPythonPath`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonPath.html
+[`WSGIPythonHome`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonHome.html
+[`WSGIApplicationGroup`]: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html
+[`WSGIPythonOptimize`]: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIPythonOptimize.html
+
+#### Table of Contents
+
+1. [Module description - What is the apache module, and what does it do?][Module description]
+2. [Setup - The basics of getting started with apache][Setup]
+    - [What the apache module affects][apache affects]
+    - [Beginning with Apache - Installation][Beginning with Apache]
+3. [Usage - The classes and defined types available for configuration][Usage]
+    - [Configuring virtual hosts - Examples to help get started][Configuring virtual hosts]
+    - [Configuring FastCGI servers to handle PHP files][Configuring FastCGI servers]
+    - [Load balancing with exported and non-exported resources][Load balancing examples]
+4. [Reference - An under-the-hood peek at what the module is doing and how][Reference]
+5. [Limitations - OS compatibility, etc.][Limitations]
+6. [Development - Guide for contributing to the module][Development]
+    - [Contributing to the apache module][Contributing]
+    
+<a id="module-description"></a>
+## Module description
+
+[Apache HTTP Server][] (also called Apache HTTPD, or simply Apache) is a widely used web server. This [Puppet module][] simplifies the task of creating configurations to manage Apache servers in your infrastructure. It can configure and manage a range of virtual host setups and provides a streamlined way to install and configure [Apache modules][].
+
+<a id="setup"></a>
+## Setup
+
+<a id="apache-affects"></a>
+### What the apache module affects:
+
+- Configuration files and directories (created and written to)
+  - **WARNING**: Configurations *not* managed by Puppet will be purged.
+- Package/service/configuration files for Apache
+- Apache modules
+- Virtual hosts
+- Listened-to ports
+- `/etc/make.conf` on FreeBSD and Gentoo
+
+On Gentoo, this module depends on the [`gentoo/puppet-portage`][] Puppet module. Note that while several options apply or enable certain features and settings for Gentoo, it is not a [supported operating system][] for this module.
+
+> **Warning**: This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Apache configuration should be managed by Puppet, as unmanaged configuration files can cause unexpected failures.
+>
+>To temporarily disable full Puppet management, set the [`purge_configs`][] parameter in the [`apache`][] class declaration to false. We recommend this only as a temporary means of saving and relocating customized configurations.
+
+<a id="beginning-with-apache"></a>
+### Beginning with Apache
+
+To have Puppet install Apache with the default parameters, declare the [`apache`][] class:
+
+``` puppet
+class { 'apache': }
+```
+
+When you declare this class with the default options, the module:
+
+- Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system.
+- Places the required configuration files in a directory, with the [default location](#conf_dir) Depends on operating system.
+- Configures the server with a default virtual host and standard port ('80') and address ('\*') bindings.
+- Creates a document root directory Depends on operating system, typically `/var/www`.
+- Starts the Apache service.
+
+Apache defaults depend on your operating system. These defaults work in testing environments but are not suggested for production. We recommend customizing the class's parameters to suit your site.
+
+For instance, this declaration installs Apache without the apache module's [default virtual host configuration][Configuring virtual hosts], allowing you to customize all Apache virtual hosts:
+
+``` puppet
+class { 'apache':
+  default_vhost => false,
+}
+```
+
+> **Note**: When `default_vhost` is set to `false`, you have to add at least one `apache::vhost` resource or Apache will not start. To establish a default virtual host, either set the `default_vhost` in the `apache` class or use the [`apache::vhost`][] defined type. You can also configure additional specific virtual hosts with the [`apache::vhost`][] defined type.
+
+<a id="usage"></a>
+## Usage
+
+<a id="configuring-virtual-hosts"></a>
+### Configuring virtual hosts
+
+The default [`apache`][] class sets up a virtual host on port 80, listening on all interfaces and serving the [`docroot`][] parameter's default directory of `/var/www`.
+
+
+To configure basic [name-based virtual hosts][], specify the [`port`][] and [`docroot`][] parameters in the [`apache::vhost`][] defined type:
+
+``` puppet
+apache::vhost { 'vhost.example.com':
+  port    => '80',
+  docroot => '/var/www/vhost',
+}
+```
+
+See the [`apache::vhost`][] defined type's reference for a list of all virtual host parameters.
+
+> **Note**: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The [`apache::vhost`][] defined type applies a default [`priority`][] of 25, which Puppet interprets by prefixing the virtual host's file name with `25-`. This means that if multiple sites have the same priority, or if you disable priority numbers by setting the `priority` parameter's value to false, Apache still processes virtual hosts in alphabetical order.
+
+To configure user and group ownership for `docroot`, use the [`docroot_owner`][] and [`docroot_group`][] parameters:
+
+``` puppet
+apache::vhost { 'user.example.com':
+  port          => '80',
+  docroot       => '/var/www/user',
+  docroot_owner => 'www-data',
+  docroot_group => 'www-data',
+}
+```
+
+#### Configuring virtual hosts with SSL
+
+To configure a virtual host to use [SSL encryption][] and default SSL certificates, set the [`ssl`][] parameter. You must also specify the [`port`][] parameter, typically with a value of '443', to accommodate HTTPS requests:
+
+``` puppet
+apache::vhost { 'ssl.example.com':
+  port    => '443',
+  docroot => '/var/www/ssl',
+  ssl     => true,
+}
+```
+
+To configure a virtual host to use SSL and specific SSL certificates, use the paths to the certificate and key in the [`ssl_cert`][] and [`ssl_key`][] parameters, respectively:
+
+``` puppet
+apache::vhost { 'cert.example.com':
+  port     => '443',
+  docroot  => '/var/www/cert',
+  ssl      => true,
+  ssl_cert => '/etc/ssl/fourth.example.com.cert',
+  ssl_key  => '/etc/ssl/fourth.example.com.key',
+}
+```
+
+To configure a mix of SSL and unencrypted virtual hosts at the same domain, declare them with separate [`apache::vhost`][] defined types:
+
+``` puppet
+# The non-ssl virtual host
+apache::vhost { 'mix.example.com non-ssl':
+  servername => 'mix.example.com',
+  port       => '80',
+  docroot    => '/var/www/mix',
+}
+
+# The SSL virtual host at the same domain
+apache::vhost { 'mix.example.com ssl':
+  servername => 'mix.example.com',
+  port       => '443',
+  docroot    => '/var/www/mix',
+  ssl        => true,
+}
+```
+
+To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate [`apache::vhost`][] defined types and redirect unencrypted requests to the virtual host with SSL enabled:
+
+``` puppet
+apache::vhost { 'redirect.example.com non-ssl':
+  servername      => 'redirect.example.com',
+  port            => '80',
+  docroot         => '/var/www/redirect',
+  redirect_status => 'permanent',
+  redirect_dest   => 'https://redirect.example.com/'
+}
+
+apache::vhost { 'redirect.example.com ssl':
+  servername => 'redirect.example.com',
+  port       => '443',
+  docroot    => '/var/www/redirect',
+  ssl        => true,
+}
+```
+
+#### Configuring virtual host port and address bindings
+
+Virtual hosts listen on all IP addresses ('\*') by default. To configure the virtual host to listen on a specific IP address, use the [`ip`][] parameter:
+
+``` puppet
+apache::vhost { 'ip.example.com':
+  ip      => '127.0.0.1',
+  port    => '80',
+  docroot => '/var/www/ip',
+}
+```
+
+You can also configure more than one IP address per virtual host by using an array of IP addresses for the [`ip`][] parameter:
+
+``` puppet
+apache::vhost { 'ip.example.com':
+  ip      => ['127.0.0.1','169.254.1.1'],
+  port    => '80',
+  docroot => '/var/www/ip',
+}
+```
+
+You can configure multiple ports per virtual host by using an array of ports for the [`port`][] parameter:
+
+``` puppet
+apache::vhost { 'ip.example.com':
+  ip      => ['127.0.0.1'],
+  port    => ['80','8080']
+  docroot => '/var/www/ip',
+}
+```
+
+To configure a virtual host with [aliased servers][], refer to the aliases using the [`serveraliases`][] parameter:
+
+``` puppet
+apache::vhost { 'aliases.example.com':
+  serveraliases => [
+    'aliases.example.org',
+    'aliases.example.net',
+  ],
+  port          => '80',
+  docroot       => '/var/www/aliases',
+}
+```
+
+To set up a virtual host with a wildcard alias for the subdomain mapped to a directory of the same name, such as 'http://example.com.loc' mapped to `/var/www/example.com`, define the wildcard alias using the [`serveraliases`][] parameter and the document root with the [`virtual_docroot`][] parameter:
+
+``` puppet
+apache::vhost { 'subdomain.loc':
+  vhost_name      => '*',
+  port            => '80',
+  virtual_docroot => '/var/www/%-2+',
+  docroot         => '/var/www',
+  serveraliases   => ['*.loc',],
+}
+```
+
+To configure a virtual host with [filter rules][], pass the filter directives as an [array][] using the [`filters`][] parameter:
+
+``` puppet
+apache::vhost { 'subdomain.loc':
+  port    => '80',
+  filters => [
+    'FilterDeclare  COMPRESS',
+    'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html',
+    'FilterChain    COMPRESS',
+    'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no',
+  ],
+  docroot => '/var/www/html',
+}
+```
+
+#### Configuring virtual hosts for apps and processors
+
+To set up a virtual host with [suPHP][], use the following parameters:
+
+* [`suphp_engine`][], to enable the suPHP engine.
+* [`suphp_addhandler`][], to define a MIME type.
+* [`suphp_configpath`][], to set which path suPHP passes to the PHP interpreter.
+* [`directory`][], to configure Directory, File, and Location directive blocks.
+
+For example:
+
+``` puppet
+apache::vhost { 'suphp.example.com':
+  port             => '80',
+  docroot          => '/home/appuser/myphpapp',
+  suphp_addhandler => 'x-httpd-php',
+  suphp_engine     => 'on',
+  suphp_configpath => '/etc/php5/apache2',
+  directories      => [
+    { 'path'  => '/home/appuser/myphpapp',
+      'suphp' => {
+        user  => 'myappuser',
+        group => 'myappgroup',
+      },
+    },
+  ],
+}
+```
+
+To configure a virtual host to use the [Web Server Gateway Interface][] (WSGI) for [Python][] applications, use the `wsgi` set of parameters:
+
+``` puppet
+apache::vhost { 'wsgi.example.com':
+  port                        => '80',
+  docroot                     => '/var/www/pythonapp',
+  wsgi_application_group      => '%{GLOBAL}',
+  wsgi_daemon_process         => 'wsgi',
+  wsgi_daemon_process_options => {
+    processes    => '2',
+    threads      => '15',
+    display-name => '%{GROUP}',
+  },
+  wsgi_import_script          => '/var/www/demo.wsgi',
+  wsgi_import_script_options  => {
+    process-group     => 'wsgi',
+    application-group => '%{GLOBAL}',
+  },
+  wsgi_process_group          => 'wsgi',
+  wsgi_script_aliases         => { '/' => '/var/www/demo.wsgi' },
+}
+```
+
+As of Apache 2.2.16, Apache supports [FallbackResource][], a simple replacement for common RewriteRules. You can set a FallbackResource using the [`fallbackresource`][] parameter:
+
+``` puppet
+apache::vhost { 'wordpress.example.com':
+  port             => '80',
+  docroot          => '/var/www/wordpress',
+  fallbackresource => '/index.php',
+}
+```
+
+> **Note**: The `fallbackresource` parameter only supports the 'disabled' value since Apache 2.2.24.
+
+To configure a virtual host with a designated directory for [Common Gateway Interface][] (CGI) files, use the [`scriptalias`][] parameter to define the `cgi-bin` path:
+
+``` puppet
+apache::vhost { 'cgi.example.com':
+  port        => '80',
+  docroot     => '/var/www/cgi',
+  scriptalias => '/usr/lib/cgi-bin',
+}
+```
+
+To configure a virtual host for [Rack][], use the [`rack_base_uris`][] parameter:
+
+``` puppet
+apache::vhost { 'rack.example.com':
+  port           => '80',
+  docroot        => '/var/www/rack',
+  rack_base_uris => ['/rackapp1', '/rackapp2'],
+}
+```
+
+#### Configuring IP-based virtual hosts
+
+You can configure [IP-based virtual hosts][] to listen on any port and have them respond to requests on specific IP addresses. In this example, the server listens on ports 80 and 81, because the example virtual hosts are _not_ declared with a [`port`][] parameter:
+
+``` puppet
+apache::listen { '80': }
+
+apache::listen { '81': }
+```
+
+Configure the IP-based virtual hosts with the [`ip_based`][] parameter:
+
+``` puppet
+apache::vhost { 'first.example.com':
+  ip       => '10.0.0.10',
+  docroot  => '/var/www/first',
+  ip_based => true,
+}
+
+apache::vhost { 'second.example.com':
+  ip       => '10.0.0.11',
+  docroot  => '/var/www/second',
+  ip_based => true,
+}
+```
+
+You can also configure a mix of IP- and [name-based virtual hosts][] in any combination of [SSL][SSL encryption] and unencrypted configurations.
+
+In this example, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted:
+
+``` puppet
+apache::vhost { 'The first IP-based virtual host, non-ssl':
+  servername => 'first.example.com',
+  ip         => '10.0.0.10',
+  port       => '80',
+  ip_based   => true,
+  docroot    => '/var/www/first',
+}
+
+apache::vhost { 'The first IP-based vhost, ssl':
+  servername => 'first.example.com',
+  ip         => '10.0.0.10',
+  port       => '443',
+  ip_based   => true,
+  docroot    => '/var/www/first-ssl',
+  ssl        => true,
+}
+```
+
+Next, we add two name-based virtual hosts listening on a second IP address (10.0.0.20):
+
+``` puppet
+apache::vhost { 'second.example.com':
+  ip      => '10.0.0.20',
+  port    => '80',
+  docroot => '/var/www/second',
+}
+
+apache::vhost { 'third.example.com':
+  ip      => '10.0.0.20',
+  port    => '80',
+  docroot => '/var/www/third',
+}
+```
+
+To add name-based virtual hosts that answer on either 10.0.0.10 or 10.0.0.20, you **must** disable the Apache default `Listen 80`, as it conflicts with the preceding IP-based virtual hosts. To do this, set the [`add_listen`][] parameter to `false`:
+
+``` puppet
+apache::vhost { 'fourth.example.com':
+  port       => '80',
+  docroot    => '/var/www/fourth',
+  add_listen => false,
+}
+
+apache::vhost { 'fifth.example.com':
+  port       => '80',
+  docroot    => '/var/www/fifth',
+  add_listen => false,
+}
+```
+
+### Installing Apache modules
+
+There are two ways to install [Apache modules][] using the Puppet apache module:
+
+- Use the [`apache::mod::<MODULE NAME>`][] classes to [install specific Apache modules with parameters][Installing specific modules].
+- Use the [`apache::mod`][] defined type to [install arbitrary Apache modules][Installing arbitrary modules].
+
+#### Installing specific modules
+
+The Puppet apache module supports installing many common [Apache modules][], often with parameterized configuration options. For a list of supported Apache modules, see the [`apache::mod::<MODULE NAME>`][] class references.
+
+For example, you can install the `mod_ssl` Apache module with default settings by declaring the [`apache::mod::ssl`][] class:
+
+``` puppet
+class { 'apache::mod::ssl': }
+```
+
+[`apache::mod::ssl`][] has several parameterized options that you can set when declaring it. For instance, to enable `mod_ssl` with compression enabled, set the [`ssl_compression`][] parameter to true:
+
+``` puppet
+class { 'apache::mod::ssl':
+  ssl_compression => true,
+}
+```
+
+Note that some modules have prerequisites, which are documented in their references under [`apache::mod::<MODULE NAME>`][].
+
+#### Installing arbitrary modules
+
+You can pass the name of any module that your operating system's package manager can install to the [`apache::mod`][] defined type to install it. Unlike the specific-module classes, the [`apache::mod`][] defined type doesn't tailor the installation based on other installed modules or with specific parameters---Puppet only grabs and installs the module's package, leaving detailed configuration up to you.
+
+For example, to install the [`mod_authnz_external`][] Apache module, declare the defined type with the 'mod_authnz_external' name:
+
+``` puppet
+apache::mod { 'mod_authnz_external': }
+```
+
+There are several optional parameters you can specify when defining Apache modules this way. See the [defined type's reference][`apache::mod`] for details.
+
+<a id="configuring-fastcgi-servers-to-handle-php-files"></a>
+### Configuring FastCGI servers to handle PHP files
+
+#### FastCGI on Ubuntu 18.04
+
+On Ubuntu 18.04, `mod_fastcgi` is no longer supported. So considering:
+
+* an Apache Vhost with docroot set to `/var/www/html`
+* a FastCGI server listening on `127.0.0.1:9000`
+
+you can then use the [`custom_fragment`][] parameter to configure the virtual host to have the FastCGI server handle the specified file type:
+
+``` puppet
+apache::vhost { 'www':
+  ...
+  docroot         => '/var/www/html/',
+  custom_fragment => 'ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1',
+  ...
+}
+```
+
+Please note you have to adjust the second ProxyPassMatch parameter to you docroot value (here `/var/www/html/`).
+
+#### Other OSes
+
+Add the [`apache::fastcgi::server`][] defined type to allow [FastCGI][] servers to handle requests for specific files. For example, the following defines a FastCGI server at 127.0.0.1 (localhost) on port 9000 to handle PHP requests:
+
+``` puppet
+apache::fastcgi::server { 'php':
+  host       => '127.0.0.1:9000',
+  timeout    => 15,
+  flush      => false,
+  faux_path  => '/var/www/php.fcgi',
+  fcgi_alias => '/php.fcgi',
+  file_type  => 'application/x-httpd-php'
+}
+```
+
+You can then use the [`custom_fragment`][] parameter to configure the virtual host to have the FastCGI server handle the specified file type:
+
+``` puppet
+apache::vhost { 'www':
+  ...
+  custom_fragment => 'AddType application/x-httpd-php .php'
+  ...
+}
+```
+
+<a id="load-balancing-examples"></a> 
+### Load balancing examples
+
+Apache supports load balancing across groups of servers through the [`mod_proxy`][] Apache module. Puppet supports configuring Apache load balancing groups (also known as balancer clusters) through the [`apache::balancer`][] and [`apache::balancermember`][] defined types.
+
+To enable load balancing with [exported resources][], export the [`apache::balancermember`][] defined type from the load balancer member server:
+
+``` puppet
+@@apache::balancermember { "${::fqdn}-puppet00":
+  balancer_cluster => 'puppet00',
+  url              => "ajp://${::fqdn}:8009",
+  options          => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
+}
+```
+
+Then, on the proxy server, create the load balancing group:
+
+``` puppet
+apache::balancer { 'puppet00': }
+```
+
+To enable load balancing without exporting resources, declare the following on the proxy server:
+
+``` puppet
+apache::balancer { 'puppet00': }
+
+apache::balancermember { "${::fqdn}-puppet00":
+  balancer_cluster => 'puppet00',
+  url              => "ajp://${::fqdn}:8009",
+  options          => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
+}
+```
+
+Then declare the `apache::balancer` and `apache::balancermember` defined types on the proxy server.
+
+To use the [ProxySet](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) directive on the balancer, use the [`proxy_set`](#proxy_set) parameter of `apache::balancer`:
+
+``` puppet
+apache::balancer { 'puppet01':
+  proxy_set => {
+    'stickysession' => 'JSESSIONID',
+    'lbmethod'      => 'bytraffic',
+  },
+}
+```
+
+Load balancing scheduler algorithms (`lbmethod`) are listed [in mod_proxy_balancer documentation](https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html).
+
+<a id="reference"></a> 
+## Reference
+
+For information on classes, types and functions see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-apache/blob/main/REFERENCE.md)
+
+### Templates
+
+The Apache module relies heavily on templates to enable the [`apache::vhost`][] and [`apache::mod`][] defined types. These templates are built based on [Facter][] facts that are specific to your operating system. Unless explicitly called out, most templates are not meant for configuration.
+
+### Tasks
+
+The Apache module has a task that allows a user to reload the Apache config without restarting the service. Please refer to to the [PE documentation](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html) or [Bolt documentation](https://puppet.com/docs/bolt/latest/bolt.html) on how to execute a task.
+
+<a id="limitations"></a>
+## Limitations
+
+For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-apache/blob/main/metadata.json)
+
+### FreeBSD
+
+In order to use this module on FreeBSD, you _must_ use apache24-2.4.12 (www/apache24) or newer.
+
+### Gentoo
+
+On Gentoo, this module depends on the [`gentoo/puppet-portage`][] Puppet module. Although several options apply or enable certain features and settings for Gentoo, it is not a [supported operating system][] for this module.
+
+### RHEL/CentOS
+
+The [`apache::mod::auth_cas`][], [`apache::mod::passenger`][], [`apache::mod::proxy_html`][] and [`apache::mod::shib`][] classes are not functional on RH/CentOS without providing dependency packages from extra repositories.
+
+See their respective documentation below for related repositories and packages.
+
+#### RHEL/CentOS 5
+
+The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested because repositories are missing compatible packages.
+
+#### RHEL/CentOS 6
+
+The [`apache::mod::passenger`][] class is not installing, because the EL6 repository is missing compatible packages.
+
+#### RHEL/CentOS 7
+
+The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested because the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] defined type's [`rack_base_uris`][] parameter.
+
+### SELinux and custom paths
+
+If [SELinux][] is in [enforcing mode][] and you want to use custom paths for `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you need to manage the files' context yourself.
+
+You can do this with Puppet:
+
+``` puppet
+exec { 'set_apache_defaults':
+  command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"',
+  path    => '/bin:/usr/bin/:/sbin:/usr/sbin',
+  require => Package['policycoreutils-python'],
+}
+
+package { 'policycoreutils-python':
+  ensure => installed,
+}
+
+exec { 'restorecon_apache':
+  command => 'restorecon -Rv /apache_spec',
+  path    => '/bin:/usr/bin/:/sbin:/usr/sbin',
+  before  => Class['Apache::Service'],
+  require => Class['apache'],
+}
+
+class { 'apache': }
+
+host { 'test.server':
+  ip => '127.0.0.1',
+}
+
+file { '/custom/path':
+  ensure => directory,
+}
+
+file { '/custom/path/include':
+  ensure  => present,
+  content => '#additional_includes',
+}
+
+apache::vhost { 'test.server':
+  docroot             => '/custom/path',
+  additional_includes => '/custom/path/include',
+}
+```
+
+**NOTE:** On RHEL 8, the SELinux packages contained in `policycoreutils-python` have been replaced by the `policycoreutils-python-utils` package.
+See [here](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/considerations_in_adopting_rhel_8/index#selinux-python3_security) for more details.
+
+You must set the contexts using `semanage fcontext` instead of `chcon` because Puppet's `file` resources reset the values' context in the database if the resource doesn't specify it.
+
+### Ubuntu 16.04
+The [`apache::mod::suphp`][] class is untested since repositories are missing compatible packages.
+
+<a id="development"></a> 
+## Development
+
+### Testing
+
+To run the unit tests, install the necessary gems:
+
+```
+bundle install
+```
+
+And then execute the command:
+
+```
+bundle exec rake parallel_spec
+```
+
+To check the code coverage, run:
+
+```
+COVERAGE=yes bundle exec rake parallel_spec
+```
+
+
+
+Acceptance tests for this module leverage [puppet_litmus](https://github.com/puppetlabs/puppet_litmus).
+To run the acceptance tests follow the instructions [here](https://github.com/puppetlabs/puppet_litmus/wiki/Tutorial:-use-Litmus-to-execute-acceptance-tests-with-a-sample-module-(MoTD)#install-the-necessary-gems-for-the-module).
+You can also find a tutorial and walkthrough of using Litmus and the PDK on [YouTube](https://www.youtube.com/watch?v=FYfR7ZEGHoE).
+
+### Development Support
+If you run into an issue with this module, or if you would like to request a feature, please [file a ticket](https://tickets.puppetlabs.com/browse/MODULES/).
+Every Monday the Puppet IA Content Team has [office hours](https://puppet.com/community/office-hours) in the [Puppet Community Slack](http://slack.puppet.com/), alternating between an EMEA friendly time (1300 UTC) and an Americas friendly time (0900 Pacific, 1700 UTC).
+
+If you have problems getting this module up and running, please [contact Support](http://puppetlabs.com/services/customer-support).
+
+If you submit a change to this module, be sure to regenerate the reference documentation as follows:
+
+```bash
+puppet strings generate --format markdown --out REFERENCE.md
+```
+
+### Apache MOD Test & Support Lifecycle
+#### Adding Support for a new Apache MOD
+Support for new [Apache Modules] can be added under the [`apache::mod`] namespace.
+Acceptance tests should be added for each new [Apache Module][Apache Modules] added.
+Ideally, the acceptance tests should run on all compatible platforms that this module is supported on (see `metdata.json`), however there are cases when a more niche module is difficult to set up and install on a particular Linux distro.
+This could be for one or more of the following reasons:
+- Package not available in default repositories of distro
+- Package dependencies not available in default repositories of distro
+- Package (and/or its dependencies) are only available in a specific version of an OS
+
+In these cases, it is possible to exclude a module from a test platform using a specific tag, defined above the class declaration:
+```puppet
+# @note Unsupported platforms: OS: ver, ver; OS: ver, ver, ver; OS: all
+class apache::mod::foobar {
+...
+}
+```
+For example:
+```puppet
+# @note Unsupported platforms: RedHat: 5, 6; Ubuntu: 14.04; SLES: all; Scientific: 11 SP1
+class apache::mod::actions {
+...
+}
+```
+Please be aware of the following format guidelines for the tag:
+- All OS/Version declarations must be preceded with `@note Unsupported platforms:`
+- The tag must be declared ABOVE the class declaration (i.e. not as footer at the bottom of the file)
+- Each OS/Version declaration must be separated by semicolons (`;`)
+- Each version must be separated by a comma (`,`)
+- Versions CANNOT be declared in ranges (e.g. `RedHat:5-7`), they should be explicitly declared (e.g. `RedHat:5,6,7`)
+- However, to declare all versions of an OS as unsupported, use the word `all` (e.g. `SLES:all`)
+- OSs with word characters as part of their versions are acceptable (e.g. `Scientific: 11 SP1, 11 SP2, 12, 13`)
+- Spaces are permitted between OS/Version declarations and version numbers within a declaration
+- Refer to the `operatingsystem_support` values in the `metadata.json` to find the acceptable OS name and version syntax:
+  - E.g. `OracleLinux` OR `oraclelinux`, not: `Oracle` or `OraLinux`
+  - E.g. `RedHat` OR `redhat`, not: `Red Hat Enterprise Linux`, `RHEL`, or `Red Hat`
+
+If the tag is incorrectly formatted, a warning will be printed out at the end of the test run, indicating what tag(s) could not be parsed.
+This will not halt the execution of other tests.  
+
+Once the class is tagged, it is possible to exclude a test for that particular [Apache MOD][Apache Modules] using RSpec's filtering and a helper method:
+```ruby
+describe 'auth_oidc', if: mod_supported_on_platform('apache::mod::auth_openidc') do
+```
+The `mod_supported_on_platform` helper method takes the [Apache Module][Apache Modules] class definition as defined in the manifests under `manifest/mod`.
+
+This functionality can be disabled by setting the `DISABLE_MOD_TEST_EXCLUSION` environment variable.
+When set, all exclusions will be ignored.
+#### Test Support Lifecycle
+The puppetlabs-apache module supports a large number of compatible platforms and [Apache Modules][Apache modules].
+As a result, Apache Module tests can fail because a package or package dependency has been removed from a Linux distribution repository.
+The [IAC Team][IAC Team] will try to resolve these issues and keep instructions updated, but due to limited resources this won’t always be possible.
+In these cases, we will exclude test(s) from certain platforms.
+As always, we welcome help from our community members, and the IAC team is here to assist and answer questions.
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/REFERENCE.md b/modules/services/unix/http/apache_kali_compatible/apache/REFERENCE.md
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/REFERENCE.md
rename to modules/services/unix/http/apache_kali_compatible/apache/REFERENCE.md
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/apache.pp b/modules/services/unix/http/apache_kali_compatible/apache/apache.pp
new file mode 100644
index 000000000..0c63066b8
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/apache.pp
@@ -0,0 +1,29 @@
+#
+# apache::fastcgi::server { 'php':
+#   host       => '127.0.0.1:9000',
+#   timeout    => 15,
+#   flush      => false,
+#   faux_path  => '/var/www/php.fcgi',
+#   fcgi_alias => '/php.fcgi',
+#   file_type  => 'application/x-httpd-php'
+# }
+#
+# apache::vhost { 'www':
+# custom_fragment => 'AddType application/x-httpd-php .php',
+#   docroot => '/var/www/wordpress'
+# }
+
+class { 'apache':
+  mpm_module => 'prefork'
+}
+
+exec { 'apache2-systemd-reload':
+  command     => 'systemctl daemon-reload; systemctl enable apache2',
+  path        => [ '/usr/bin', '/bin', '/usr/sbin' ],
+}
+#->
+#service { 'apache2':
+#  ensure   => running,
+#  provider => systemd,
+#  enable   => true,
+#}
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/data/common.yaml b/modules/services/unix/http/apache_kali_compatible/apache/data/common.yaml
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/data/common.yaml
rename to modules/services/unix/http/apache_kali_compatible/apache/data/common.yaml
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/examples/apache.pp b/modules/services/unix/http/apache_kali_compatible/apache/examples/apache.pp
new file mode 100644
index 000000000..0d4543564
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/examples/apache.pp
@@ -0,0 +1,6 @@
+include apache
+include apache::mod::php
+include apache::mod::cgi
+include apache::mod::userdir
+include apache::mod::disk_cache
+include apache::mod::proxy_http
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/examples/dev.pp b/modules/services/unix/http/apache_kali_compatible/apache/examples/dev.pp
new file mode 100644
index 000000000..6c4f95571
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/examples/dev.pp
@@ -0,0 +1 @@
+include apache::mod::dev
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/examples/init.pp b/modules/services/unix/http/apache_kali_compatible/apache/examples/init.pp
new file mode 100644
index 000000000..b3f9f13aa
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/examples/init.pp
@@ -0,0 +1 @@
+include apache
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/examples/mod_load_params.pp b/modules/services/unix/http/apache_kali_compatible/apache/examples/mod_load_params.pp
new file mode 100644
index 000000000..879f2cfe5
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/examples/mod_load_params.pp
@@ -0,0 +1,10 @@
+# Tests the path and identifier parameters for the apache::mod class
+
+# Base class for clarity:
+class { 'apache': }
+
+# Exaple parameter usage:
+apache::mod { 'testmod':
+  path => '/usr/some/path/mod_testmod.so',
+  id   => 'testmod_custom_name',
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/examples/mods.pp b/modules/services/unix/http/apache_kali_compatible/apache/examples/mods.pp
new file mode 100644
index 000000000..dd64e3b23
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/examples/mods.pp
@@ -0,0 +1,8 @@
+## Default mods
+
+# Base class. Declares default vhost on port 80 and default ssl
+# vhost on port 443 listening on all interfaces and serving
+# $apache::docroot, and declaring our default set of modules.
+class { 'apache':
+  default_mods => true,
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/examples/mods_custom.pp b/modules/services/unix/http/apache_kali_compatible/apache/examples/mods_custom.pp
new file mode 100644
index 000000000..103e52a4f
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/examples/mods_custom.pp
@@ -0,0 +1,15 @@
+## custom mods
+
+# Base class. Declares default vhost on port 80 and default ssl
+# vhost on port 443 listening on all interfaces and serving
+# $apache::docroot, and declaring a custom set of modules.
+class { 'apache':
+  default_mods => [
+    'info',
+    'alias',
+    'mime',
+    'env',
+    'setenv',
+    'expires',
+  ],
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/examples/php.pp b/modules/services/unix/http/apache_kali_compatible/apache/examples/php.pp
new file mode 100644
index 000000000..1d926bfb4
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/examples/php.pp
@@ -0,0 +1,4 @@
+class { 'apache':
+  mpm_module => 'prefork',
+}
+include apache::mod::php
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost.pp b/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost.pp
new file mode 100644
index 000000000..c0813d160
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost.pp
@@ -0,0 +1,256 @@
+## Default vhosts, and custom vhosts
+# NB: Please see the other vhost_*.pp example files for further
+# examples.
+
+# Base class. Declares default vhost on port 80 and default ssl
+# vhost on port 443 listening on all interfaces and serving
+# $apache::docroot
+class { 'apache': }
+
+# Most basic vhost
+apache::vhost { 'first.example.com':
+  port    => '80',
+  docroot => '/var/www/first',
+}
+
+# Vhost with different docroot owner/group/mode
+apache::vhost { 'second.example.com':
+  port          => '80',
+  docroot       => '/var/www/second',
+  docroot_owner => 'third',
+  docroot_group => 'third',
+  docroot_mode  => '0770',
+}
+
+# Vhost with serveradmin
+apache::vhost { 'third.example.com':
+  port        => '80',
+  docroot     => '/var/www/third',
+  serveradmin => 'admin@example.com',
+}
+
+# Vhost with ssl (uses default ssl certs)
+apache::vhost { 'ssl.example.com':
+  port    => '443',
+  docroot => '/var/www/ssl',
+  ssl     => true,
+}
+
+# Vhost with ssl and specific ssl certs
+apache::vhost { 'fourth.example.com':
+  port     => '443',
+  docroot  => '/var/www/fourth',
+  ssl      => true,
+  ssl_cert => '/etc/ssl/fourth.example.com.cert',
+  ssl_key  => '/etc/ssl/fourth.example.com.key',
+}
+
+# Vhost with english title and servername parameter
+apache::vhost { 'The fifth vhost':
+  servername => 'fifth.example.com',
+  port       => '80',
+  docroot    => '/var/www/fifth',
+}
+
+# Vhost with server aliases
+apache::vhost { 'sixth.example.com':
+  serveraliases => [
+    'sixth.example.org',
+    'sixth.example.net',
+  ],
+  port          => '80',
+  docroot       => '/var/www/fifth',
+}
+
+# Vhost with alternate options
+apache::vhost { 'seventh.example.com':
+  port    => '80',
+  docroot => '/var/www/seventh',
+  options => [
+    'Indexes',
+    'MultiViews',
+  ],
+}
+
+# Vhost with AllowOverride for .htaccess
+apache::vhost { 'eighth.example.com':
+  port     => '80',
+  docroot  => '/var/www/eighth',
+  override => 'All',
+}
+
+# Vhost with access and error logs disabled
+apache::vhost { 'ninth.example.com':
+  port       => '80',
+  docroot    => '/var/www/ninth',
+  access_log => false,
+  error_log  => false,
+}
+
+# Vhost with custom access and error logs and logroot
+apache::vhost { 'tenth.example.com':
+  port            => '80',
+  docroot         => '/var/www/tenth',
+  access_log_file => 'tenth_vhost.log',
+  error_log_file  => 'tenth_vhost_error.log',
+  logroot         => '/var/log',
+}
+
+# Vhost with a cgi-bin
+apache::vhost { 'eleventh.example.com':
+  port        => '80',
+  docroot     => '/var/www/eleventh',
+  scriptalias => '/usr/lib/cgi-bin',
+}
+
+# Vhost with a proxypass configuration
+apache::vhost { 'twelfth.example.com':
+  port          => '80',
+  docroot       => '/var/www/twelfth',
+  proxy_dest    => 'http://internal.example.com:8080/twelfth',
+  no_proxy_uris => ['/login','/logout'],
+}
+
+# Vhost to redirect /login and /logout
+apache::vhost { 'thirteenth.example.com':
+  port            => '80',
+  docroot         => '/var/www/thirteenth',
+  redirect_source => [
+    '/login',
+    '/logout',
+  ],
+  redirect_dest   => [
+    'http://10.0.0.10/login',
+    'http://10.0.0.10/logout',
+  ],
+}
+
+# Vhost to permamently redirect
+apache::vhost { 'fourteenth.example.com':
+  port            => '80',
+  docroot         => '/var/www/fourteenth',
+  redirect_source => '/blog',
+  redirect_dest   => 'http://blog.example.com',
+  redirect_status => 'permanent',
+}
+
+# Vhost with a rack configuration
+apache::vhost { 'fifteenth.example.com':
+  port           => '80',
+  docroot        => '/var/www/fifteenth',
+  rack_base_uris => ['/rackapp1', '/rackapp2'],
+}
+
+# Vhost to redirect non-ssl to ssl
+apache::vhost { 'sixteenth.example.com non-ssl':
+  servername => 'sixteenth.example.com',
+  port       => '80',
+  docroot    => '/var/www/sixteenth',
+  rewrites   => [
+    {
+      comment      => 'redirect non-SSL traffic to SSL site',
+      rewrite_cond => ['%{HTTPS} off'],
+      rewrite_rule => ['(.*) https://%{HTTP_HOST}%{REQUEST_URI}'],
+    }
+  ],
+}
+
+# Rewrite a URL to lower case
+apache::vhost { 'sixteenth.example.com non-ssl':
+  servername => 'sixteenth.example.com',
+  port       => '80',
+  docroot    => '/var/www/sixteenth',
+  rewrites   => [
+    { comment      => 'Rewrite to lower case',
+      rewrite_cond => ['%{REQUEST_URI} [A-Z]'],
+      rewrite_map  => ['lc int:tolower'],
+      rewrite_rule => ["(.*) \${lc:\$1} [R=301,L]"],
+    }
+  ],
+}
+
+apache::vhost { 'sixteenth.example.com ssl':
+  servername => 'sixteenth.example.com',
+  port       => '443',
+  docroot    => '/var/www/sixteenth',
+  ssl        => true,
+}
+
+# Vhost to redirect non-ssl to ssl using old rewrite method
+apache::vhost { 'sixteenth.example.com non-ssl old rewrite':
+  servername   => 'sixteenth.example.com',
+  port         => '80',
+  docroot      => '/var/www/sixteenth',
+  rewrite_cond => '%{HTTPS} off',
+  rewrite_rule => '(.*) https://%{HTTP_HOST}%{REQUEST_URI}',
+}
+apache::vhost { 'sixteenth.example.com ssl old rewrite':
+  servername => 'sixteenth.example.com',
+  port       => '443',
+  docroot    => '/var/www/sixteenth',
+  ssl        => true,
+}
+
+# Vhost to block repository files
+apache::vhost { 'seventeenth.example.com':
+  port    => '80',
+  docroot => '/var/www/seventeenth',
+  block   => 'scm',
+}
+
+# Vhost with special environment variables
+apache::vhost { 'eighteenth.example.com':
+  port    => '80',
+  docroot => '/var/www/eighteenth',
+  setenv  => ['SPECIAL_PATH /foo/bin','KILROY was_here'],
+}
+
+apache::vhost { 'nineteenth.example.com':
+  port     => '80',
+  docroot  => '/var/www/nineteenth',
+  setenvif => 'Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1',
+}
+
+# Vhost with additional include files
+apache::vhost { 'twentyieth.example.com':
+  port                => '80',
+  docroot             => '/var/www/twelfth',
+  additional_includes => ['/tmp/proxy_group_a','/tmp/proxy_group_b'],
+}
+
+# Vhost with alias for subdomain mapped to same named directory
+# http://example.com.loc => /var/www/example.com
+apache::vhost { 'subdomain.loc':
+  vhost_name      => '*',
+  port            => '80',
+  virtual_docroot => '/var/www/%-2+',
+  docroot         => '/var/www',
+  serveraliases   => ['*.loc',],
+}
+
+# Vhost with SSL (SSLProtocol, SSLCipherSuite & SSLHonorCipherOrder from default)
+apache::vhost { 'securedomain.com':
+  priority   => '10',
+  vhost_name => 'www.securedomain.com',
+  port       => '443',
+  docroot    => '/var/www/secure',
+  ssl        => true,
+  ssl_cert   => '/etc/ssl/securedomain.cert',
+  ssl_key    => '/etc/ssl/securedomain.key',
+  ssl_chain  => '/etc/ssl/securedomain.crt',
+  add_listen => false,
+}
+
+# Vhost with access log environment variables writing control
+apache::vhost { 'twentyfirst.example.com':
+  port               => '80',
+  docroot            => '/var/www/twentyfirst',
+  access_log_env_var => 'admin',
+}
+
+# Vhost with a passenger_base configuration
+apache::vhost { 'twentysecond.example.com':
+  port           => '80',
+  docroot        => '/var/www/twentysecond',
+  rack_base_uris => ['/passengerapp1', '/passengerapp2'],
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_directories.pp b/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_directories.pp
new file mode 100644
index 000000000..f02734d02
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_directories.pp
@@ -0,0 +1,43 @@
+# Base class. Declares default vhost on port 80 and default ssl
+# vhost on port 443 listening on all interfaces and serving
+# $apache::docroot
+class { 'apache': }
+
+# Example from README adapted.
+apache::vhost { 'readme.example.net':
+  docroot     => '/var/www/readme',
+  directories => [
+    {
+      'path'         => '/var/www/readme',
+      'ServerTokens' => 'prod' ,
+    },
+    {
+      'path'  => '/usr/share/empty',
+      'allow' => 'from all',
+    },
+  ],
+}
+
+# location test
+apache::vhost { 'location.example.net':
+  docroot     => '/var/www/location',
+  directories => [
+    {
+      'path'         => '/location',
+      'provider'     => 'location',
+      'ServerTokens' => 'prod'
+    },
+  ],
+}
+
+# files test, curedly disable access to accidental backup files.
+apache::vhost { 'files.example.net':
+  docroot     => '/var/www/files',
+  directories => [
+    {
+      'path'     => '(\.swp|\.bak|~)$',
+      'provider' => 'filesmatch',
+      'deny'     => 'from all'
+    },
+  ],
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_filter.pp b/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_filter.pp
new file mode 100644
index 000000000..ef27639c9
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_filter.pp
@@ -0,0 +1,16 @@
+# Base class. Declares default vhost on port 80 with filters.
+class { 'apache': }
+
+# Example from README adapted.
+apache::vhost { 'readme.example.net':
+  docroot => '/var/www/html',
+  filters => [
+    'FilterDeclare   COMPRESS',
+    'FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/html',
+    'FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/css',
+    'FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/plain',
+    'FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/xml',
+    'FilterChain     COMPRESS',
+    'FilterProtocol  COMPRESS  DEFLATE change=yes;byteranges=no',
+  ],
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_ip_based.pp b/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_ip_based.pp
new file mode 100644
index 000000000..dc0fa4f33
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_ip_based.pp
@@ -0,0 +1,25 @@
+## IP-based vhosts on any listen port
+# IP-based vhosts respond to requests on specific IP addresses.
+
+# Base class. Turn off the default vhosts; we will be declaring
+# all vhosts below.
+class { 'apache':
+  default_vhost => false,
+}
+
+# Listen on port 80 and 81; required because the following vhosts
+# are not declared with a port parameter.
+apache::listen { '80': }
+apache::listen { '81': }
+
+# IP-based vhosts
+apache::vhost { 'first.example.com':
+  ip       => '10.0.0.10',
+  docroot  => '/var/www/first',
+  ip_based => true,
+}
+apache::vhost { 'second.example.com':
+  ip       => '10.0.0.11',
+  docroot  => '/var/www/second',
+  ip_based => true,
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_proxypass.pp b/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_proxypass.pp
new file mode 100644
index 000000000..ca9c57dff
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_proxypass.pp
@@ -0,0 +1,66 @@
+## vhost with proxyPass directive
+# NB: Please see the other vhost_*.pp example files for further
+# examples.
+
+# Base class. Declares default vhost on port 80 and default ssl
+# vhost on port 443 listening on all interfaces and serving
+# $apache::docroot
+class { 'apache': }
+
+# Most basic vhost with proxy_pass
+apache::vhost { 'first.example.com':
+  port       => 80,
+  docroot    => '/var/www/first',
+  proxy_pass => [
+    {
+      'path' => '/first',
+      'url'  => 'http://localhost:8080/first'
+    },
+  ],
+}
+
+# vhost with proxy_pass and parameters
+apache::vhost { 'second.example.com':
+  port       => 80,
+  docroot    => '/var/www/second',
+  proxy_pass => [
+    {
+      'path'   => '/second',
+      'url'    => 'http://localhost:8080/second',
+      'params' => {
+        'retry'   => '0',
+        'timeout' => '5',
+      }
+    },
+  ],
+}
+
+# vhost with proxy_pass and keywords
+apache::vhost { 'third.example.com':
+  port       => 80,
+  docroot    => '/var/www/third',
+  proxy_pass => [
+    {
+      'path'     => '/third',
+      'url'      => 'http://localhost:8080/third',
+      'keywords' => ['noquery', 'interpolate']
+    },
+  ],
+}
+
+# vhost with proxy_pass, parameters and keywords
+apache::vhost { 'fourth.example.com':
+  port       => 80,
+  docroot    => '/var/www/fourth',
+  proxy_pass => [
+    {
+      'path'     => '/fourth',
+      'url'      => 'http://localhost:8080/fourth',
+      'params'   => {
+        'retry'   => '0',
+        'timeout' => '5',
+      },
+      'keywords' => ['noquery', 'interpolate']
+    },
+  ],
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_ssl.pp b/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_ssl.pp
new file mode 100644
index 000000000..8e7a2b279
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/examples/vhost_ssl.pp
@@ -0,0 +1,23 @@
+## SSL-enabled vhosts
+# SSL-enabled vhosts respond only to HTTPS queries.
+
+# Base class. Turn off the default vhosts; we will be declaring
+# all vhosts below.
+class { 'apache':
+  default_vhost => false,
+}
+
+# Non-ssl vhost
+apache::vhost { 'first.example.com non-ssl':
+  servername => 'first.example.com',
+  port       => '80',
+  docroot    => '/var/www/first',
+}
+
+# SSL vhost at the same domain
+apache::vhost { 'first.example.com ssl':
+  servername => 'first.example.com',
+  port       => '443',
+  docroot    => '/var/www/first',
+  ssl        => true,
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/examples/vhosts_without_listen.pp b/modules/services/unix/http/apache_kali_compatible/apache/examples/vhosts_without_listen.pp
new file mode 100644
index 000000000..d42118bc2
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/examples/vhosts_without_listen.pp
@@ -0,0 +1,52 @@
+## Declare ip-based and name-based vhosts
+# Mixing Name-based vhost with IP-specific vhosts requires `add_listen =>
+# 'false'` on the non-IP vhosts
+
+# Base class. Turn off the default vhosts; we will be declaring
+# all vhosts below.
+class { 'apache':
+  default_vhost => false,
+}
+
+# Add two an IP-based vhost on 10.0.0.10, ssl and non-ssl
+apache::vhost { 'The first IP-based vhost, non-ssl':
+  servername => 'first.example.com',
+  ip         => '10.0.0.10',
+  port       => '80',
+  ip_based   => true,
+  docroot    => '/var/www/first',
+}
+apache::vhost { 'The first IP-based vhost, ssl':
+  servername => 'first.example.com',
+  ip         => '10.0.0.10',
+  port       => '443',
+  ip_based   => true,
+  docroot    => '/var/www/first-ssl',
+  ssl        => true,
+}
+
+# Two name-based vhost listening on 10.0.0.20
+apache::vhost { 'second.example.com':
+  ip      => '10.0.0.20',
+  port    => '80',
+  docroot => '/var/www/second',
+}
+apache::vhost { 'third.example.com':
+  ip      => '10.0.0.20',
+  port    => '80',
+  docroot => '/var/www/third',
+}
+
+# Two name-based vhosts without IPs specified, so that they will answer on either 10.0.0.10 or 10.0.0.20 . It is requried to declare
+# `add_listen => 'false'` to disable declaring "Listen 80" which will conflict
+# with the IP-based preceeding vhosts.
+apache::vhost { 'fourth.example.com':
+  port       => '80',
+  docroot    => '/var/www/fourth',
+  add_listen => false,
+}
+apache::vhost { 'fifth.example.com':
+  port       => '80',
+  docroot    => '/var/www/fifth',
+  add_listen => false,
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/files/httpd b/modules/services/unix/http/apache_kali_compatible/apache/files/httpd
new file mode 100644
index 000000000..d65a8d445
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/files/httpd
@@ -0,0 +1,24 @@
+# Configuration file for the httpd service.
+
+#
+# The default processing model (MPM) is the process-based
+# 'prefork' model.  A thread-based model, 'worker', is also
+# available, but does not work with some modules (such as PHP).
+# The service must be stopped before changing this variable.
+#
+#HTTPD=/usr/sbin/httpd.worker
+
+#
+# To pass additional options (for instance, -D definitions) to the
+# httpd binary at startup, set OPTIONS here.
+#
+#OPTIONS=
+#OPTIONS=-DDOWN
+
+#
+# By default, the httpd process is started in the C locale; to 
+# change the locale in which the server runs, the HTTPD_LANG
+# variable can be set.
+#
+#HTTPD_LANG=C
+export SHORTHOST=`hostname -s`
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/hiera.yaml b/modules/services/unix/http/apache_kali_compatible/apache/hiera.yaml
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/hiera.yaml
rename to modules/services/unix/http/apache_kali_compatible/apache/hiera.yaml
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/lib/facter/apache_version.rb b/modules/services/unix/http/apache_kali_compatible/apache/lib/facter/apache_version.rb
new file mode 100644
index 000000000..bb16670db
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/lib/facter/apache_version.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+Facter.add(:apache_version) do
+  confine kernel: ['FreeBSD', 'Linux']
+  setcode do
+    apache_version = nil
+
+    if Facter::Util::Resolution.which('httpd')
+      apache_version = Facter::Util::Resolution.exec('httpd -V 2>&1')
+      Facter.debug "Matching httpd '#{apache_version}'"
+    elsif Facter::Util::Resolution.which('apache2')
+      apache_version = Facter::Util::Resolution.exec('apache2 -V 2>&1')
+      Facter.debug "Matching apache2 '#{apache_version}'"
+    elsif Facter::Util::Resolution.which('apachectl')
+      apache_version = Facter::Util::Resolution.exec('apachectl -v 2>&1')
+      Facter.debug "Matching apachectl '#{apache_version}'"
+    elsif Facter::Util::Resolution.which('apache2ctl')
+      apache_version = Facter::Util::Resolution.exec('apache2ctl -v 2>&1')
+      Facter.debug "Matching apache2ctl '#{apache_version}'"
+    end
+
+    unless apache_version.nil?
+      match = %r{^Server version: Apache\/(\d+.\d+(.\d+)?)}.match(apache_version)
+      unless match.nil?
+        match[1]
+      end
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/apache/apache_pw_hash.rb b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/apache/apache_pw_hash.rb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/apache/apache_pw_hash.rb
rename to modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/apache/apache_pw_hash.rb
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/apache/bool2httpd.rb b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/apache/bool2httpd.rb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/apache/bool2httpd.rb
rename to modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/apache/bool2httpd.rb
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/apache/pw_hash.rb b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/apache/pw_hash.rb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/apache/pw_hash.rb
rename to modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/apache/pw_hash.rb
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/apache_pw_hash.rb b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/apache_pw_hash.rb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/apache_pw_hash.rb
rename to modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/apache_pw_hash.rb
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/bool2httpd.rb b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/bool2httpd.rb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/functions/bool2httpd.rb
rename to modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/functions/bool2httpd.rb
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod.rb b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod.rb
new file mode 100644
index 000000000..7406e01da
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+# a2mod.rb
+class Puppet::Provider::A2mod < Puppet::Provider
+  # Fetches the mod provider
+  def self.prefetch(mods)
+    instances.each do |prov|
+      mod = mods[prov.name]
+      if mod
+        mod.provider = prov
+      end
+    end
+  end
+
+  # Clear's the property_hash
+  def flush
+    @property_hash.clear
+  end
+
+  # Returns a copy of the property_hash
+  def properties
+    if @property_hash.empty?
+      @property_hash = query || { ensure: :absent }
+      @property_hash[:ensure] = :absent if @property_hash.empty?
+    end
+    @property_hash.dup
+  end
+
+  # Returns the properties of the given mod if it exists.
+  def query
+    self.class.instances.each do |mod|
+      if mod.name == name || mod.name.downcase == name
+        return mod.properties
+      end
+    end
+    nil
+  end
+
+  # Return's if the ensure property is absent or not
+  def exists?
+    properties[:ensure] != :absent
+  end
+end
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/a2mod.rb b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/a2mod.rb
new file mode 100644
index 000000000..3330fd5dc
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/a2mod.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'puppet/provider/a2mod'
+
+Puppet::Type.type(:a2mod).provide(:a2mod, parent: Puppet::Provider::A2mod) do
+  desc 'Manage Apache 2 modules on Debian and Ubuntu'
+
+  optional_commands encmd: 'a2enmod'
+  optional_commands discmd: 'a2dismod'
+  commands apache2ctl: 'apache2ctl'
+
+  confine osfamily: :debian
+  defaultfor operatingsystem: [:debian, :ubuntu]
+
+  def self.instances
+    modules = apache2ctl('-M').lines.map { |line|
+      m = line.match(%r{(\w+)_module \(shared\)$})
+      m[1] if m
+    }.compact
+
+    modules.map do |mod|
+      new(
+        name: mod,
+        ensure: :present,
+        provider: :a2mod,
+      )
+    end
+  end
+
+  def create
+    encmd resource[:name]
+  end
+
+  def destroy
+    discmd resource[:name]
+  end
+end
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/gentoo.rb b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/gentoo.rb
new file mode 100644
index 000000000..c53fbd5b6
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/gentoo.rb
@@ -0,0 +1,116 @@
+# frozen_string_literal: true
+
+require 'puppet/util/filetype'
+Puppet::Type.type(:a2mod).provide(:gentoo, parent: Puppet::Provider) do
+  desc 'Manage Apache 2 modules on Gentoo'
+
+  confine operatingsystem: :gentoo
+  defaultfor operatingsystem: :gentoo
+
+  attr_accessor :property_hash
+
+  def create
+    @property_hash[:ensure] = :present
+  end
+
+  def exists?
+    (!@property_hash[:ensure].nil? && @property_hash[:ensure] == :present)
+  end
+
+  def destroy
+    @property_hash[:ensure] = :absent
+  end
+
+  def flush
+    self.class.flush
+  end
+
+  class << self
+    attr_reader :conf_file
+  end
+
+  def self.clear
+    @mod_resources = []
+    @modules       = []
+    @other_args    = ''
+  end
+
+  def self.initvars
+    @conf_file     = '/etc/conf.d/apache2'
+    @filetype      = Puppet::Util::FileType.filetype(:flat).new(conf_file)
+    @mod_resources = []
+    @modules       = []
+    @other_args    = ''
+  end
+
+  initvars
+
+  # Retrieve an array of all existing modules
+  def self.modules
+    if @modules.length <= 0
+      # Locate the APACHE_OPTS variable
+      records = filetype.read.split(%r{\n})
+      apache2_opts = records.grep(%r{^\s*APACHE2_OPTS=}).first
+
+      # Extract all defines
+      @modules << Regexp.last_match(1).downcase while apache2_opts.sub!(%r{-D\s+(\w+)}, '')
+
+      # Hang on to any remaining options.
+      if apache2_opts =~ %r{APACHE2_OPTS="(.+)"}
+        @other_args = Regexp.last_match(1).strip
+      end
+
+      @modules.sort!.uniq!
+    end
+
+    @modules
+  end
+
+  def self.prefetch(resources = {})
+    # Match resources with existing providers
+    instances.each do |provider|
+      resource = resources[provider.name]
+      if resource
+        resource.provider = provider
+      end
+    end
+
+    # Store all resources using this provider for flushing
+    resources.each do |_name, resource|
+      @mod_resources << resource
+    end
+  end
+
+  def self.instances
+    modules.map { |mod| new(name: mod, provider: :gentoo, ensure: :present) }
+  end
+
+  def self.flush
+    mod_list       = modules
+    mods_to_remove = @mod_resources.select { |mod| mod.should(:ensure) == :absent }.map { |mod| mod[:name] }
+    mods_to_add    = @mod_resources.select { |mod| mod.should(:ensure) == :present }.map { |mod| mod[:name] }
+
+    mod_list -= mods_to_remove
+    mod_list += mods_to_add
+    mod_list.sort!.uniq!
+
+    return unless modules != mod_list
+
+    opts = @other_args + ' '
+    opts << mod_list.map { |mod| "-D #{mod.upcase}" }.join(' ')
+    opts.strip!
+    opts.gsub!(%r{\s+}, ' ')
+
+    apache2_opts = %(APACHE2_OPTS="#{opts}")
+    Puppet.debug("Writing back \"#{apache2_opts}\" to #{conf_file}")
+
+    records = filetype.read.split(%r{\n})
+
+    opts_index = records.find_index { |i| i.match(%r{^\s*APACHE2_OPTS}) }
+    records[opts_index] = apache2_opts
+
+    filetype.backup
+    filetype.write(records.join("\n"))
+    @modules = mod_list
+  end
+end
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/modfix.rb b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/modfix.rb
new file mode 100644
index 000000000..755c927e4
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/modfix.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+Puppet::Type.type(:a2mod).provide :modfix do
+  desc "Dummy provider for A2mod.
+  Fake nil resources when there is no crontab binary available. Allows
+  puppetd to run on a bootstrapped machine before a Cron package has been
+  installed. Workaround for: http://projects.puppetlabs.com/issues/2384
+  "
+
+  def self.instances
+    []
+  end
+end
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/redhat.rb b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/redhat.rb
new file mode 100644
index 000000000..149a7b909
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/provider/a2mod/redhat.rb
@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+require 'puppet/provider/a2mod'
+
+Puppet::Type.type(:a2mod).provide(:redhat, parent: Puppet::Provider::A2mod) do
+  desc 'Manage Apache 2 modules on RedHat family OSs'
+
+  commands apachectl: 'apachectl'
+
+  confine osfamily: :redhat
+  defaultfor osfamily: :redhat
+
+  require 'pathname'
+
+  # modpath: Path to default apache modules directory /etc/httpd/mod.d
+  # modfile: Path to module load configuration file; Default: resides under modpath directory
+  # libfile: Path to actual apache module library. Added in modfile LoadModule
+
+  attr_accessor :modfile, :libfile
+  class << self
+    attr_accessor :modpath
+    def preinit
+      @modpath = '/etc/httpd/mod.d'
+    end
+  end
+
+  preinit
+
+  def create
+    File.open(modfile, 'w') do |f|
+      f.puts "LoadModule #{resource[:identifier]} #{libfile}"
+    end
+  end
+
+  def destroy
+    File.delete(modfile)
+  end
+
+  def self.instances
+    modules = apachectl('-M').lines.map { |line|
+      m = line.match(%r{(\w+)_module \(shared\)$})
+      m[1] if m
+    }.compact
+
+    modules.map do |mod|
+      new(
+        name: mod,
+        ensure: :present,
+        provider: :redhat,
+      )
+    end
+  end
+
+  def modfile
+    "#{self.class.modpath}/#{resource[:name]}.load"
+  end
+
+  # Set libfile path: If absolute path is passed, then maintain it. Else, make it default from 'modules' dir.
+  def libfile
+    Pathname.new(resource[:lib]).absolute? ? resource[:lib] : "modules/#{resource[:lib]}"
+  end
+end
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/type/a2mod.rb b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/type/a2mod.rb
new file mode 100644
index 000000000..da04d7f4d
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/lib/puppet/type/a2mod.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+Puppet::Type.newtype(:a2mod) do
+  @doc = 'Manage Apache 2 modules'
+
+  ensurable
+
+  newparam(:name) do
+    Puppet.warning 'The a2mod provider is deprecated, please use apache::mod instead'
+    desc 'The name of the module to be managed'
+
+    isnamevar
+  end
+
+  newparam(:lib) do
+    desc 'The name of the .so library to be loaded'
+
+    defaultto { "mod_#{@resource[:name]}.so" }
+  end
+
+  newparam(:identifier) do
+    desc 'Module identifier string used by LoadModule. Default: module-name_module'
+
+    # http://httpd.apache.org/docs/2.2/mod/module-dict.html#ModuleIdentifier
+
+    defaultto { "#{resource[:name]}_module" }
+  end
+
+  autorequire(:package) { catalog.resource(:package, 'httpd') }
+end
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/balancer.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/balancer.pp
new file mode 100644
index 000000000..6740a73c2
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/balancer.pp
@@ -0,0 +1,106 @@
+# @summary
+#   This type will create an apache balancer cluster file inside the conf.d
+#   directory. 
+#
+# Each balancer cluster needs one or more balancer members (that can
+# be declared with the apache::balancermember defined resource type). Using
+# storeconfigs, you can export the apache::balancermember resources on all
+# balancer members, and then collect them on a single apache load balancer
+# server.
+#
+# @note 
+#   Currently requires the puppetlabs/concat module on the Puppet Forge and uses
+#   storeconfigs on the Puppet Server to export/collect resources from all
+#   balancer members.
+#
+# @param name
+#   The namevar of the defined resource type is the balancer clusters name.<br />
+#   This name is also used in the name of the conf.d file
+#
+# @param proxy_set
+#   Configures key-value pairs to be used as a ProxySet lines in the configuration.
+#
+# @param target
+#   The path to the file the balancer definition will be written in.
+#
+# @param collect_exported
+#   Determines whether to use exported resources.<br />
+#   If you statically declare all of your backend servers, set this parameter to false to rely 
+#   on existing, declared balancer member resources. Also, use apache::balancermember with array 
+#   arguments.<br />
+#   To dynamically declare backend servers via exported resources collected on a central node, 
+#   set this parameter to true to collect the balancer member resources exported by the balancer 
+#   member nodes.<br />
+#   If you don't use exported resources, a single Puppet run configures all balancer members. If 
+#   you use exported resources, Puppet has to run on the balanced nodes first, then run on the 
+#   balancer.
+#
+# @param options
+#   Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) 
+#   after the balancer URL, and accepts any key-value pairs available to `ProxyPass`.
+#
+# @example
+#   apache::balancer { 'puppet00': }
+#
+define apache::balancer (
+  $proxy_set = {},
+  $collect_exported = true,
+  $target = undef,
+  $options = [],
+) {
+  include apache::mod::proxy_balancer
+
+  if versioncmp($apache::mod::proxy_balancer::apache_version, '2.4') >= 0 {
+    $lbmethod = $proxy_set['lbmethod'] ? {
+      undef   => 'byrequests',
+      default => $proxy_set['lbmethod'],
+    }
+    ensure_resource('apache::mod', "lbmethod_${lbmethod}", {
+        'loadfile_name' => "proxy_balancer_lbmethod_${lbmethod}.load"
+    })
+  }
+
+  if $target {
+    $_target = $target
+  } else {
+    $_target = "${apache::confd_dir}/balancer_${name}.conf"
+  }
+
+  if !empty($options) {
+    $_options = " ${join($options, ' ')}"
+  } else {
+    $_options = ''
+  }
+
+  concat { "apache_balancer_${name}":
+    owner  => '0',
+    group  => '0',
+    path   => $_target,
+    mode   => $apache::file_mode,
+    notify => Class['Apache::Service'],
+  }
+
+  concat::fragment { "00-${name}-header":
+    target  => "apache_balancer_${name}",
+    order   => '01',
+    content => "<Proxy balancer://${name}${_options}>\n",
+  }
+
+  if $collect_exported {
+    Apache::Balancermember <<| balancer_cluster == $name |>>
+  }
+  # else: the resources have been created and they introduced their
+  # concat fragments. We don't have to do anything about them.
+
+  concat::fragment { "01-${name}-proxyset":
+    target  => "apache_balancer_${name}",
+    order   => '19',
+    content => inline_template("<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\n<% end %>"),
+  }
+
+  concat::fragment { "01-${name}-footer":
+    target  => "apache_balancer_${name}",
+    order   => '20',
+    content => "</Proxy>\n",
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/balancermember.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/balancermember.pp
new file mode 100644
index 000000000..3fa54960d
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/balancermember.pp
@@ -0,0 +1,50 @@
+# @summary
+#   Defines members of `mod_proxy_balancer`
+# 
+# Sets up a balancer member inside a listening service configuration block in 
+# the load balancer's `apache.cfg`.
+#   
+# This type will setup a balancer member inside a listening service
+# configuration block in /etc/apache/apache.cfg on the load balancer.
+# Currently it only has the ability to specify the instance name, url and an
+# array of options. More features can be added as needed. The best way to
+# implement this is to export this resource for all apache balancer member
+# servers, and then collect them on the main apache load balancer.
+#
+# @note
+#   Currently requires the puppetlabs/concat module on the Puppet Forge and
+#   uses storeconfigs on the Puppet Server to export/collect resources
+#   from all balancer members.
+#
+# @param name
+#   The title of the resource is arbitrary and only utilized in the concat
+#   fragment name.
+#
+# @param balancer_cluster
+#   The apache service's instance name (or, the title of the apache::balancer
+#   resource). This must match up with a declared apache::balancer resource.
+#
+# @param url
+#   The url used to contact the balancer member server.
+#
+# @param  options
+#   Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) 
+#   after the URL, and accepts any key-value pairs available to `ProxyPass`.
+#
+# @example
+#   @@apache::balancermember { 'apache':
+#     balancer_cluster => 'puppet00',
+#     url              => "ajp://${::fqdn}:8009"
+#     options          => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
+#   }
+#
+define apache::balancermember (
+  $balancer_cluster,
+  $url = "http://${::fqdn}/",
+  $options = [],
+) {
+  concat::fragment { "BalancerMember ${name}":
+    target  => "apache_balancer_${balancer_cluster}",
+    content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"),
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/confd/no_accf.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/confd/no_accf.pp
new file mode 100644
index 000000000..024a088a9
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/confd/no_accf.pp
@@ -0,0 +1,14 @@
+# @summary
+#   Manages the `no-accf.conf` file.
+#
+# @api private
+class apache::confd::no_accf {
+  # Template uses no variables
+  file { 'no-accf.conf':
+    ensure  => 'file',
+    path    => "${apache::confd_dir}/no-accf.conf",
+    content => template('apache/confd/no-accf.conf.erb'),
+    require => Exec["mkdir ${apache::confd_dir}"],
+    before  => File[$apache::confd_dir],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/custom_config.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/custom_config.pp
new file mode 100644
index 000000000..52b94b489
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/custom_config.pp
@@ -0,0 +1,125 @@
+# @summary
+#   Adds a custom configuration file to the Apache server's `conf.d` directory. 
+#
+# If the file is invalid and this defined type's `verify_config` parameter's value is 
+# `true`, Puppet throws an error during a Puppet run.
+#
+# @param ensure
+#   Specifies whether the configuration file should be present.
+#
+# @param confdir
+#   Sets the directory in which Puppet places configuration files.
+#
+# @param content
+#   Sets the configuration file's content. The `content` and `source` parameters are exclusive 
+#   of each other.
+#
+# @param filename
+#   Sets the name of the file under `confdir` in which Puppet stores the configuration.
+#
+# @param priority
+#   Sets the configuration file's priority by prefixing its filename with this parameter's 
+#   numeric value, as Apache processes configuration files in alphanumeric order.<br />
+#   To omit the priority prefix in the configuration file's name, set this parameter to `false`.
+#
+# @param source
+#   Points to the configuration file's source. The `content` and `source` parameters are 
+#   exclusive of each other.
+#
+# @param verify_command
+#   Specifies the command Puppet uses to verify the configuration file. Use a fully qualified 
+#   command.<br />
+#   This parameter is used only if the `verify_config` parameter's value is `true`. If the 
+#   `verify_command` fails, the Puppet run deletes the configuration file and raises an error, 
+#   but does not notify the Apache service.
+#
+# @param verify_config
+#   Specifies whether to validate the configuration file before notifying the Apache service.
+#
+# @param owner
+#   File owner of configuration file
+#
+# @param group
+#   File group of configuration file
+#
+# @param file_mode
+#   File mode of configuration file
+#
+# @param show_diff
+#   show_diff property for configuration file resource
+#
+define apache::custom_config (
+  Enum['absent', 'present'] $ensure = 'present',
+  $confdir                          = $apache::confd_dir,
+  $content                          = undef,
+  $priority                         = '25',
+  $source                           = undef,
+  $verify_command                   = $apache::params::verify_command,
+  Boolean $verify_config            = true,
+  $filename                         = undef,
+  $owner                            = undef,
+  $group                            = undef,
+  $file_mode                        = undef,
+  Boolean $show_diff                = true,
+) {
+  if $content and $source {
+    fail('Only one of $content and $source can be specified.')
+  }
+
+  if $ensure == 'present' and ! $content and ! $source {
+    fail('One of $content and $source must be specified.')
+  }
+
+  if $filename {
+    $_filename = $filename
+  } else {
+    if $priority {
+      $priority_prefix = "${priority}-"
+    } else {
+      $priority_prefix = ''
+    }
+
+    ## Apache include does not always work with spaces in the filename
+    $filename_middle = regsubst($name, ' ', '_', 'G')
+    $_filename = "${priority_prefix}${filename_middle}.conf"
+  }
+
+  if ! $verify_config or $ensure == 'absent' {
+    $notifies = Class['Apache::Service']
+  } else {
+    $notifies = undef
+  }
+
+  $_file_mode = pick($file_mode, $apache::file_mode)
+
+  file { "apache_${name}":
+    ensure    => $ensure,
+    path      => "${confdir}/${_filename}",
+    owner     => $owner,
+    group     => $group,
+    mode      => $_file_mode,
+    content   => $content,
+    source    => $source,
+    show_diff => $show_diff,
+    require   => Package['httpd'],
+    notify    => $notifies,
+  }
+
+  if $ensure == 'present' and $verify_config {
+    exec { "syntax verification for ${name}":
+      command     => $verify_command,
+      subscribe   => File["apache_${name}"],
+      refreshonly => true,
+      notify      => Class['Apache::Service'],
+      before      => Exec["remove ${name} if invalid"],
+      require     => Anchor['::apache::modules_set_up'],
+    }
+
+    exec { "remove ${name} if invalid":
+      command     => "/bin/rm ${confdir}/${_filename}",
+      unless      => $verify_command,
+      subscribe   => File["apache_${name}"],
+      refreshonly => true,
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/default_confd_files.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/default_confd_files.pp
new file mode 100644
index 000000000..ecf543eed
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/default_confd_files.pp
@@ -0,0 +1,19 @@
+# @summary
+#   Helper for setting up default conf.d files.
+#
+# @api private
+class apache::default_confd_files (
+  $all = true,
+) {
+  # The rest of the conf.d/* files only get loaded if we want them
+  if $all {
+    case $::osfamily {
+      'freebsd': {
+        include apache::confd::no_accf
+      }
+      default: {
+        # do nothing
+      }
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/default_mods.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/default_mods.pp
new file mode 100644
index 000000000..255c9239f
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/default_mods.pp
@@ -0,0 +1,186 @@
+# @summary
+#   Installs and congfigures default mods for Apache
+#
+# @api private
+class apache::default_mods (
+  $all            = true,
+  $mods           = undef,
+  $apache_version = $apache::apache_version,
+  $use_systemd    = $apache::use_systemd,
+) {
+  # These are modules required to run the default configuration.
+  # They are not configurable at this time, so we just include
+  # them to make sure it works.
+  case $::osfamily {
+    'redhat': {
+      ::apache::mod { 'log_config': }
+      if versioncmp($apache_version, '2.4') >= 0 {
+        # Lets fork it
+        # Do not try to load mod_systemd on RHEL/CentOS 6 SCL.
+        if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemmajrelease, '7') == -1) and !($::operatingsystem == 'Amazon') ) {
+          if ($use_systemd) {
+            ::apache::mod { 'systemd': }
+          }
+        }
+        if ($::operatingsystem == 'Amazon' and $::operatingsystemrelease == '2') {
+          ::apache::mod { 'systemd': }
+        }
+        ::apache::mod { 'unixd': }
+      }
+    }
+    'freebsd': {
+      ::apache::mod { 'log_config': }
+      ::apache::mod { 'unixd': }
+    }
+    'Suse': {
+      ::apache::mod { 'log_config': }
+    }
+    default: {}
+  }
+  case $::osfamily {
+    'gentoo': {}
+    default: {
+      ::apache::mod { 'authz_host': }
+    }
+  }
+  # The rest of the modules only get loaded if we want all modules enabled
+  if $all {
+    case $::osfamily {
+      'debian': {
+        include apache::mod::authn_core
+        include apache::mod::reqtimeout
+        if versioncmp($apache_version, '2.4') < 0 {
+          ::apache::mod { 'authn_alias': }
+        }
+      }
+      'redhat': {
+        include apache::mod::actions
+        include apache::mod::authn_core
+        include apache::mod::cache
+        include apache::mod::ext_filter
+        include apache::mod::mime
+        include apache::mod::mime_magic
+        include apache::mod::rewrite
+        include apache::mod::speling
+        include apache::mod::suexec
+        include apache::mod::version
+        include apache::mod::vhost_alias
+        ::apache::mod { 'auth_digest': }
+        ::apache::mod { 'authn_anon': }
+        ::apache::mod { 'authn_dbm': }
+        ::apache::mod { 'authz_dbm': }
+        ::apache::mod { 'authz_owner': }
+        ::apache::mod { 'expires': }
+        ::apache::mod { 'include': }
+        ::apache::mod { 'logio': }
+        ::apache::mod { 'substitute': }
+        ::apache::mod { 'usertrack': }
+
+        if versioncmp($apache_version, '2.4') < 0 {
+          ::apache::mod { 'authn_alias': }
+          ::apache::mod { 'authn_default': }
+        }
+      }
+      'freebsd': {
+        include apache::mod::actions
+        include apache::mod::authn_core
+        include apache::mod::cache
+        include apache::mod::disk_cache
+        include apache::mod::headers
+        include apache::mod::info
+        include apache::mod::mime_magic
+        include apache::mod::reqtimeout
+        include apache::mod::rewrite
+        include apache::mod::userdir
+        include apache::mod::version
+        include apache::mod::vhost_alias
+        include apache::mod::speling
+        include apache::mod::filter
+
+        ::apache::mod { 'asis': }
+        ::apache::mod { 'auth_digest': }
+        ::apache::mod { 'auth_form': }
+        ::apache::mod { 'authn_anon': }
+        ::apache::mod { 'authn_dbm': }
+        ::apache::mod { 'authn_socache': }
+        ::apache::mod { 'authz_dbd': }
+        ::apache::mod { 'authz_dbm': }
+        ::apache::mod { 'authz_owner': }
+        ::apache::mod { 'dumpio': }
+        ::apache::mod { 'expires': }
+        ::apache::mod { 'file_cache': }
+        ::apache::mod { 'imagemap': }
+        ::apache::mod { 'include': }
+        ::apache::mod { 'logio': }
+        ::apache::mod { 'request': }
+        ::apache::mod { 'session': }
+        ::apache::mod { 'unique_id': }
+      }
+      default: {}
+    }
+    case $apache::mpm_module {
+      'prefork': {
+        include apache::mod::cgi
+      }
+      'worker': {
+        include apache::mod::cgid
+      }
+      default: {
+        # do nothing
+      }
+    }
+    include apache::mod::alias
+    include apache::mod::authn_file
+    include apache::mod::autoindex
+    include apache::mod::dav
+    include apache::mod::dav_fs
+    include apache::mod::deflate
+    include apache::mod::dir
+    include apache::mod::mime
+    include apache::mod::negotiation
+    include apache::mod::setenvif
+    ::apache::mod { 'auth_basic': }
+
+    if versioncmp($apache_version, '2.4') >= 0 {
+      # filter is needed by mod_deflate
+      include apache::mod::filter
+
+      # authz_core is needed for 'Require' directive
+      ::apache::mod { 'authz_core':
+        id => 'authz_core_module',
+      }
+
+      # lots of stuff seems to break without access_compat
+      ::apache::mod { 'access_compat': }
+    } else {
+      include apache::mod::authz_default
+    }
+
+    include apache::mod::authz_user
+
+    ::apache::mod { 'authz_groupfile': }
+    include apache::mod::env
+  } elsif $mods {
+    ::apache::default_mods::load { $mods: }
+
+    if versioncmp($apache_version, '2.4') >= 0 {
+      # authz_core is needed for 'Require' directive
+      ::apache::mod { 'authz_core':
+        id => 'authz_core_module',
+      }
+
+      # filter is needed by mod_deflate
+      include apache::mod::filter
+    }
+  } else {
+    if versioncmp($apache_version, '2.4') >= 0 {
+      # authz_core is needed for 'Require' directive
+      ::apache::mod { 'authz_core':
+        id => 'authz_core_module',
+      }
+
+      # filter is needed by mod_deflate
+      include apache::mod::filter
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/default_mods/load.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/default_mods/load.pp
new file mode 100644
index 000000000..fc44ebcb3
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/default_mods/load.pp
@@ -0,0 +1,11 @@
+# @summary
+#   Helper used by `apache::default_mods`
+#
+# @api private
+define apache::default_mods::load ($module = $title) {
+  if defined("apache::mod::${module}") {
+    include "::apache::mod::${module}"
+  } else {
+    ::apache::mod { $module: }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/dev.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/dev.pp
new file mode 100644
index 000000000..106541032
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/dev.pp
@@ -0,0 +1,22 @@
+# @summary
+#   Installs Apache development libraries.
+#
+# The libraries installed depends on the `dev_packages` parameter of the `apache::params` 
+# class, based on your operating system:
+# - **Debian** : `libaprutil1-dev`, `libapr1-dev`; `apache2-dev`
+# - **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`.
+# - **Gentoo**: `undef`.
+# - **Red Hat**: `httpd-devel`.
+class apache::dev {
+  if ! defined(Class['apache']) {
+    fail('You must include the apache base class before using any apache defined resources')
+  }
+
+  $packages = $apache::dev_packages
+  if $packages { # FreeBSD doesn't have dev packages to install
+    package { $packages:
+      ensure  => present,
+      require => Package['httpd'],
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/fastcgi/server.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/fastcgi/server.pp
new file mode 100644
index 000000000..2e372b1a1
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/fastcgi/server.pp
@@ -0,0 +1,59 @@
+# @summary
+#   Defines one or more external FastCGI servers to handle specific file types. Use this 
+#   defined type with `mod_fastcgi`.
+#
+# @param host
+#   Determines the FastCGI's hostname or IP address and TCP port number (1-65535).
+#
+# @param timeout
+#   Sets the number of seconds a [FastCGI](http://www.fastcgi.com/) application can be inactive before aborting the 
+#   request and logging the event at the error LogLevel. The inactivity timer applies only as 
+#   long as a connection is pending with the FastCGI application. If a request is queued to an 
+#   application, but the application doesn't respond by writing and flushing within this period, 
+#   the request is aborted. If communication is complete with the application but incomplete with 
+#   the client (the response is buffered), the timeout does not apply.
+#
+# @param flush
+#   Forces `mod_fastcgi` to write to the client as data is received from the 
+#   application. By default, `mod_fastcgi` buffers data in order to free the application 
+#   as quickly as possible.
+#
+# @param faux_path
+#   Apache has FastCGI handle URIs that resolve to this filename. The path set in this 
+#   parameter does not have to exist in the local filesystem.
+#
+# @param fcgi_alias
+#   Internally links actions with the FastCGI server. This alias must be unique.
+#
+# @param file_type
+#   Sets the MIME `content-type` of the file to be processed by the FastCGI server.
+#
+define apache::fastcgi::server (
+  $host          = '127.0.0.1:9000',
+  $timeout       = 15,
+  $flush         = false,
+  $faux_path     = "/var/www/${name}.fcgi",
+  $fcgi_alias    = "/${name}.fcgi",
+  $file_type     = 'application/x-httpd-php',
+  $pass_header   = undef,
+) {
+  include apache::mod::fastcgi
+
+  Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server[$title]
+
+  if $host =~ Stdlib::Absolutepath {
+    $socket = $host
+  }
+
+  file { "fastcgi-pool-${name}.conf":
+    ensure  => file,
+    path    => "${apache::confd_dir}/fastcgi-pool-${name}.conf",
+    owner   => 'root',
+    group   => $apache::params::root_group,
+    mode    => $apache::file_mode,
+    content => template('apache/fastcgi/server.erb'),
+    require => Exec["mkdir ${apache::confd_dir}"],
+    before  => File[$apache::confd_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/init.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/init.pp
new file mode 100755
index 000000000..26ded53a7
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/init.pp
@@ -0,0 +1,870 @@
+# @summary
+#   Guides the basic setup and installation of Apache on your system.
+#
+# When this class is declared with the default options, Puppet:
+# - Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system.
+# - Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system.
+# - Configures the server with a default virtual host and standard port (`80`) and address (`\*`) bindings.
+# - Creates a document root directory determined by your operating system, typically `/var/www`.
+# - Starts the Apache service.
+#
+# @example
+#   class { 'apache': }
+#
+# @param allow_encoded_slashes
+#   Sets the server default for the `AllowEncodedSlashes` declaration, which modifies the 
+#   responses to URLs containing '\' and '/' characters. If not specified, this parameter omits 
+#   the declaration from the server's configuration and uses Apache's default setting of 'off'.
+#
+# @param apache_version
+#   Configures module template behavior, package names, and default Apache modules by defining 
+#   the version of Apache to use. We do not recommend manually configuring this parameter 
+#   without reason.
+#
+# @param conf_dir
+#   Sets the directory where the Apache server's main configuration file is located.
+#
+# @param conf_template
+#   Defines the template used for the main Apache configuration file. Modifying this 
+#   parameter is potentially risky, as the apache module is designed to use a minimal 
+#   configuration file customized by `conf.d` entries.
+#
+# @param confd_dir
+#   Sets the location of the Apache server's custom configuration directory.
+#
+# @param default_charset
+#   Used as the `AddDefaultCharset` directive in the main configuration file.
+#
+# @param default_confd_files
+#   Determines whether Puppet generates a default set of includable Apache configuration files 
+#   in the directory defined by the `confd_dir` parameter. These configuration files 
+#   correspond to what is typically installed with the Apache package on the server's 
+#   operating system.
+#
+# @param default_mods
+#   Determines whether to configure and enable a set of default Apache modules depending on 
+#   your operating system.<br />
+#   If `false`, Puppet includes only the Apache modules required to make the HTTP daemon work 
+#   on your operating system, and you can declare any other modules separately using the 
+#   `apache::mod::<MODULE NAME>` class or `apache::mod` defined type.<br />
+#   If `true`, Puppet installs additional modules, depending on the operating system and 
+#   the values of `apache_version` and `mpm_module` parameters. Because these lists of 
+#   modules can change frequently, consult the Puppet module's code for up-to-date lists.<br />
+#   If this parameter contains an array, Puppet instead enables all passed Apache modules.
+#
+# @param default_ssl_ca
+#   Sets the default certificate authority for the Apache server.<br />
+#   Although the default value results in a functioning Apache server, you **must** update 
+#   this parameter with your certificate authority information before deploying this server in 
+#   a production environment.
+#
+# @param default_ssl_cert
+#   Sets the SSL encryption certificate location.<br />
+#   Although the default value results in a functioning Apache server, you **must** update this 
+#   parameter with your certificate location before deploying this server in a production environment.
+#
+# @param default_ssl_chain
+#   Sets the default SSL chain location.<br />
+#   Although this default value results in a functioning Apache server, you **must** update 
+#   this parameter with your SSL chain before deploying this server in a production environment.
+#
+# @param default_ssl_crl
+#   Sets the path of the default certificate revocation list (CRL) file to use.<br />
+#   Although this default value results in a functioning Apache server, you **must** update 
+#   this parameter with the CRL file path before deploying this server in a production 
+#   environment. You can use this parameter with or in place of the `default_ssl_crl_path`.
+#
+# @param default_ssl_crl_path
+#   Sets the server's certificate revocation list path, which contains your CRLs.<br />
+#   Although this default value results in a functioning Apache server, you **must** update 
+#   this parameter with the CRL file path before deploying this server in a production environment.
+#
+# @param default_ssl_crl_check
+#   Sets the default certificate revocation check level via the `SSLCARevocationCheck` directive. 
+#   This parameter applies only to Apache 2.4 or higher and is ignored on older versions.<br />
+#   Although this default value results in a functioning Apache server, you **must** specify 
+#   this parameter when using certificate revocation lists in a production environment.
+#
+# @param default_ssl_key
+#   Sets the SSL certificate key file location.
+#   Although the default values result in a functioning Apache server, you **must** update 
+#   this parameter with your SSL key's location before deploying this server in a production 
+#   environment.
+#
+# @param default_ssl_reload_on_change
+#   Enable reloading of apache if the content of ssl files have changed.
+#
+# @param default_ssl_vhost
+#   Configures a default SSL virtual host.
+#   If `true`, Puppet automatically configures the following virtual host using the 
+#   `apache::vhost` defined type:
+#   ```puppet
+#   apache::vhost { 'default-ssl':
+#     port            => 443,
+#     ssl             => true,
+#     docroot         => $docroot,
+#     scriptalias     => $scriptalias,
+#     serveradmin     => $serveradmin,
+#     access_log_file => "ssl_${access_log_file}",
+#   }
+#   ```
+#   **Note**: SSL virtual hosts only respond to HTTPS queries.
+#
+# @param default_type
+#   _Apache 2.2 only_. Sets the MIME `content-type` sent if the server cannot otherwise 
+#   determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and 
+#   newer, and is only for backwards compatibility in configuration files.
+#
+# @param default_vhost
+#   Configures a default virtual host when the class is declared.<br />
+#   To configure customized virtual hosts, set this parameter's 
+#   value to `false`.<br />
+#   > **Note**: Apache will not start without at least one virtual host. If you set this 
+#   to `false` you must configure a virtual host elsewhere.
+#
+# @param dev_packages
+#   Configures a specific dev package to use.<br />
+#   For example, using httpd 2.4 from the IUS yum repo:<br />
+#   ``` puppet
+#   include ::apache::dev
+#   class { 'apache':
+#     apache_name  => 'httpd24u',
+#     dev_packages => 'httpd24u-devel',
+#   }
+#   ```
+#
+# @param docroot
+#   Sets the default `DocumentRoot` location.
+#
+# @param error_documents
+#   Determines whether to enable [custom error documents](https://httpd.apache.org/docs/current/custom-error.html) on the Apache server.
+#
+# @param group
+#   Sets the group ID that owns any Apache processes spawned to answer requests.<br />
+#   By default, Puppet attempts to manage this group as a resource under the `apache` 
+#   class, determining the group based on the operating system as detected by the 
+#   `apache::params` class. To prevent the group resource from being created and use a group 
+#   created by another Puppet module, set the `manage_group` parameter's value to `false`.<br />
+#   > **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn 
+#   child processes to access resources. It does not change the user that owns the parent server 
+#   process.
+#
+# @param httpd_dir
+#   Sets the Apache server's base configuration directory. This is useful for specially 
+#   repackaged Apache server builds but might have unintended consequences when combined 
+#   with the default distribution packages.
+#
+# @param http_protocol_options
+#   Specifies the strictness of HTTP protocol checks.<br />
+#   Valid options: any sequence of the following alternative values: `Strict` or `Unsafe`, 
+#   `RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`.
+#
+# @param keepalive
+#   Determines whether to enable persistent HTTP connections with the `KeepAlive` directive. 
+#   If you set this to `On`, use the `keepalive_timeout` and `max_keepalive_requests` parameters 
+#   to set relevant options.<br />
+#
+# @param keepalive_timeout
+#   Sets the `KeepAliveTimeout` directive, which determines the amount of time the Apache 
+#   server waits for subsequent requests on a persistent HTTP connection. This parameter is 
+#   only relevant if the `keepalive` parameter is enabled.
+#
+# @param max_keepalive_requests
+#   Limits the number of requests allowed per connection when the `keepalive` parameter is enabled.
+#
+# @param hostname_lookups
+#   This directive enables DNS lookups so that host names can be logged and passed to 
+#   CGIs/SSIs in REMOTE_HOST.<br />
+#   > **Note**: If enabled, it impacts performance significantly.
+#
+# @param ldap_trusted_mode
+#  The following modes are supported:
+#
+#    NONE - no encryption
+#    SSL - ldaps:// encryption on default port 636
+#    TLS - STARTTLS encryption on default port 389
+#  Not all LDAP toolkits support all the above modes. An error message will be logged at
+#  runtime if a mode is not supported, and the connection to the LDAP server will fail.
+#
+#If an ldaps:// URL is specified, the mode becomes SSL and the setting of LDAPTrustedMode is ignored.
+#
+# @param ldap_verify_server_cert
+#  Specifies whether to force the verification of a server certificate when establishing an SSL
+#  connection to the LDAP server.
+#  On|Off
+#
+# @param lib_path
+#   Specifies the location whereApache module files are stored.<br />
+#   > **Note**: Do not configure this parameter manually without special reason.
+#
+# @param log_level
+#   Configures the apache [LogLevel](https://httpd.apache.org/docs/current/mod/core.html#loglevel) directive
+#   which adjusts the verbosity of the messages recorded in the error logs.
+#
+# @param log_formats
+#   Define additional `LogFormat` directives. Values: A hash, such as:
+#   ``` puppet
+#   $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' }
+#   ```
+#     There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates:
+#   ``` httpd
+#     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+#     LogFormat "%h %l %u %t \"%r\" %>s %b" common
+#     LogFormat "%{Referer}i -> %U" referer
+#     LogFormat "%{User-agent}i" agent
+#     LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded
+#   ```
+#   If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition.
+#
+# @param logroot
+#   Changes the directory of Apache log files for the virtual host.
+#
+# @param logroot_mode
+#   Overrides the default `logroot` directory's mode.<br />
+#   > **Note**: Do _not_ grant write access to the directory where the logs are stored 
+#   without being aware of the consequences. See the [Apache documentation](https://httpd.apache.org/docs/current/logs.html#security)
+#   for details.
+#
+# @param manage_group
+#   When `false`, stops Puppet from creating the group resource.<br />
+#   If you have a group created from another Puppet module that you want to use to run Apache, 
+#   set this to `false`. Without this parameter, attempting to use a previously established 
+#   group results in a duplicate resource error.
+#
+# @param supplementary_groups
+#   A list of groups to which the user belongs. These groups are in addition to the primary group.<br />
+#   Notice: This option only has an effect when `manage_user` is set to true.
+#
+# @param manage_user
+#   When `false`, stops Puppet from creating the user resource.<br />
+#   This is for instances when you have a user, created from another Puppet module, you want 
+#   to use to run Apache. Without this parameter, attempting to use a previously established 
+#   user would result in a duplicate resource error.
+#
+# @param mod_dir
+#   Sets where Puppet places configuration files for your Apache modules.
+#
+# @param mod_libs
+#   Allows the user to override default module library names.
+#   ```puppet
+#   include apache::params
+#   class { 'apache':
+#     mod_libs => merge($::apache::params::mod_libs, {
+#       'wsgi' => 'mod_wsgi_python3.so',
+#     })
+#   }
+#   ```
+#
+# @param mod_packages
+#   Allows the user to override default module package names.
+#   ```puppet
+#   include apache::params
+#   class { 'apache':
+#     mod_packages => merge($::apache::params::mod_packages, {
+#       'auth_kerb' => 'httpd24-mod_auth_kerb',
+#     })
+#   }
+#   ```
+#
+# @param mpm_module
+#   Determines which [multi-processing module](https://httpd.apache.org/docs/current/mpm.html) (MPM) is loaded and configured for the 
+#   HTTPD process. Valid values are: `event`, `itk`, `peruser`, `prefork`, `worker` or `false`.<br />
+#   You must set this to `false` to explicitly declare the following classes with custom parameters:
+#   - `apache::mod::event`
+#   - `apache::mod::itk`
+#   - `apache::mod::peruser`
+#   - `apache::mod::prefork`
+#   - `apache::mod::worker`
+#
+# @param package_ensure
+#   Controls the `package` resource's `ensure` attribute. Valid values are: `absent`, `installed`
+#   (or equivalent `present`), or a version string.
+#
+# @param pidfile
+#   Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm.
+#
+# @param ports_file
+#   Sets the path to the file containing Apache ports configuration.
+#
+# @param protocols
+#   Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols) 
+#   directive, which lists available protocols for the server.
+#
+# @param protocols_honor_order
+#   Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder)
+#   directive which determines whether the order of Protocols sets precedence during negotiation.
+#
+# @param purge_configs
+#   Removes all other Apache configs and virtual hosts.<br />
+#   Setting this to `false` is a stopgap measure to allow the apache module to coexist with 
+#   existing or unmanaged configurations. We recommend moving your configuration to resources 
+#   within this module. For virtual host configurations, see `purge_vhost_dir`.
+#
+# @param purge_vhost_dir
+#   If the `vhost_dir` parameter's value differs from the `confd_dir` parameter's, this parameter 
+#   determines whether Puppet removes any configurations inside `vhost_dir` that are _not_ managed 
+#   by Puppet.<br />
+#   Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache module to 
+#   coexist with existing or otherwise unmanaged configurations within `vhost_dir`.
+#
+# @param rewrite_lock
+#   Allows setting a custom location for a rewrite lock - considered best practice if using 
+#   a RewriteMap of type prg in the `rewrites` parameter of your virtual host. This parameter 
+#   only applies to Apache version 2.2 or lower and is ignored on newer versions.
+#
+# @param sendfile
+#   Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the 
+#   `EnableSendfile` directive.
+#
+# @param serveradmin
+#   Sets the Apache server administrator's contact information via Apache's `ServerAdmin` directive.
+#
+# @param servername
+#   Sets the Apache server name via Apache's `ServerName` directive.
+#   Setting to `false` will not set ServerName at all.
+#
+# @param server_root
+#   Sets the Apache server's root directory via Apache's `ServerRoot` directive.
+#
+# @param server_signature
+#   Configures a trailing footer line to display at the bottom of server-generated documents, 
+#   such as error documents and output of certain Apache modules, via Apache's `ServerSignature`
+#   directive. Valid values are: `On` or `Off`.
+# 
+# @param server_tokens
+#   Controls how much information Apache sends to the browser about itself and the operating 
+#   system, via Apache's `ServerTokens` directive.
+# 
+# @param service_enable
+#   Determines whether Puppet enables the Apache HTTPD service when the system is booted.
+# 
+# @param service_ensure
+#   Determines whether Puppet should make sure the service is running. 
+#   Valid values are: `true` (or `running`) or `false` (or `stopped`).<br />
+#   The `false` or `stopped` values set the 'httpd' service resource's `ensure` parameter 
+#   to `false`, which is useful when you want to let the service be managed by another 
+#   application, such as Pacemaker.<br />
+# 
+# @param service_name
+#   Sets the name of the Apache service.
+# 
+# @param service_manage
+#   Determines whether Puppet manages the HTTPD service's state.
+#
+# @param service_restart
+#   Determines whether Puppet should use a specific command to restart the HTTPD service.
+#   Values: a command to restart the Apache service.
+#
+# @param timeout
+#   Sets Apache's `TimeOut` directive, which defines the number of seconds Apache waits for 
+#   certain events before failing a request.
+#
+# @param trace_enable
+#   Controls how Apache handles `TRACE` requests (per RFC 2616) via the `TraceEnable` directive.
+#
+# @param use_canonical_name
+#   Controls Apache's `UseCanonicalName` directive which controls how Apache handles 
+#   self-referential URLs. If not specified, this parameter omits the declaration from the 
+#   server's configuration and uses Apache's default setting of 'off'.
+#
+# @param use_systemd
+#   Controls whether the systemd module should be installed on Centos 7 servers, this is 
+#   especially useful if using custom-built RPMs.
+#
+# @param file_mode
+#   Sets the desired permissions mode for config files.
+#   Valid values are: a string, with permissions mode in symbolic or numeric notation.
+#
+# @param root_directory_options
+#   Array of the desired options for the `/` directory in httpd.conf.
+#
+# @param root_directory_secured
+#   Sets the default access policy for the `/` directory in httpd.conf. A value of `false` 
+#   allows access to all resources that are missing a more specific access policy. A value of 
+#   `true` denies access to all resources by default. If `true`, more specific rules must be 
+#   used to allow access to these resources (for example, in a directory block using the 
+#   `directories` parameter).
+#
+# @param vhost_dir
+#   Changes your virtual host configuration files' location.
+#
+# @param vhost_include_pattern
+#   Defines the pattern for files included from the `vhost_dir`.
+#   If set to a value like `[^.#]\*.conf[^~]` to make sure that files accidentally created in 
+#   this directory (such as files created by version control systems or editor backups) are 
+#   *not* included in your server configuration.<br />
+#   Some operating systems use a value of `*.conf`. By default, this module creates configuration 
+#   files ending in `.conf`.
+#
+# @param user
+#   Changes the user that Apache uses to answer requests. Apache's parent process continues 
+#   to run as root, but child processes access resources as the user defined by this parameter. 
+#   To prevent Puppet from managing the user, set the `manage_user` parameter to `false`.
+#
+# @param apache_name
+#   The name of the Apache package to install. If you are using a non-standard Apache package 
+#   you might need to override the default setting.<br />
+#   For CentOS/RHEL Software Collections (SCL), you can also use `apache::version::scl_httpd_version`.
+#
+# @param error_log
+#   The name of the error log file for the main server instance. If the string starts with 
+#   `/`, `|`, or `syslog`: the full path is set. Otherwise, the filename  is prefixed with 
+#   `$logroot`.
+#
+# @param scriptalias
+#   Directory to use for global script alias
+#
+# @param access_log_file
+#   The name of the access log file for the main server instance.
+#
+# @param limitreqfields
+#   The `limitreqfields` parameter sets the maximum number of request header fields in 
+#   an HTTP request. This directive gives the server administrator greater control over 
+#   abnormal client request behavior, which may be useful for avoiding some forms of 
+#   denial-of-service attacks. The value should be increased if normal clients see an error 
+#   response from the server that indicates too many fields were sent in the request.
+#
+# @param limitreqfieldsize
+#   The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will
+#   be allowed within a request header.
+#
+# @param ip
+#   Specifies the ip address
+#
+# @param purge_vdir
+#   Removes all other Apache configs and virtual hosts.<br />
+#   > **Note**: This parameter is deprecated in favor of the `purge_config` parameter.<br />
+# 
+# @param conf_enabled
+#   Whether the additional config files in `/etc/apache2/conf-enabled` should be managed.
+# 
+# @param vhost_enable_dir
+#   Set's whether the vhost definitions will be stored in sites-availible and if
+#   they will be symlinked to and from sites-enabled.
+#
+# @param mod_enable_dir
+#   Set's whether the mods-enabled directory should be managed.
+#
+# @param ssl_file
+#   This parameter allows you to set an ssl.conf file to be managed in order to implement
+#   an SSL Certificate.
+# 
+# @param file_e_tag
+#   Sets the server default for the `FileETag` declaration, which modifies the response header 
+#   field for static files.
+# 
+# @param use_optional_includes
+#   Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for 
+#   `additional_includes` in Apache 2.4 or newer.
+# 
+# @param mime_types_additional
+#   Specifies any idditional Internet media (mime) types that you wish to be configured.
+# 
+class apache (
+  $apache_name                                                          = $apache::params::apache_name,
+  $service_name                                                         = $apache::params::service_name,
+  $default_mods                                                         = true,
+  Boolean $default_vhost                                                = true,
+  $default_charset                                                      = undef,
+  Boolean $default_confd_files                                          = true,
+  Boolean $default_ssl_vhost                                            = false,
+  $default_ssl_cert                                                     = $apache::params::default_ssl_cert,
+  $default_ssl_key                                                      = $apache::params::default_ssl_key,
+  $default_ssl_chain                                                    = undef,
+  $default_ssl_ca                                                       = undef,
+  $default_ssl_crl_path                                                 = undef,
+  $default_ssl_crl                                                      = undef,
+  $default_ssl_crl_check                                                = undef,
+  Boolean $default_ssl_reload_on_change                                 = false,
+  $default_type                                                         = 'none',
+  $dev_packages                                                         = $apache::params::dev_packages,
+  $ip                                                                   = undef,
+  Boolean $service_enable                                               = true,
+  Boolean $service_manage                                               = true,
+  $service_ensure                                                       = 'running',
+  $service_restart                                                      = undef,
+  $purge_configs                                                        = true,
+  $purge_vhost_dir                                                      = undef,
+  $purge_vdir                                                           = false,
+  $serveradmin                                                          = 'root@localhost',
+  Enum['On', 'Off', 'on', 'off'] $sendfile                              = 'On',
+  $ldap_verify_server_cert                                              = undef,
+  $ldap_trusted_mode                                                    = undef,
+  $error_documents                                                      = false,
+  $timeout                                                              = '60',
+  $httpd_dir                                                            = $apache::params::httpd_dir,
+  $server_root                                                          = $apache::params::server_root,
+  $conf_dir                                                             = $apache::params::conf_dir,
+  $confd_dir                                                            = $apache::params::confd_dir,
+  Enum['Off', 'On', 'Double', 'off', 'on', 'double'] $hostname_lookups  = $apache::params::hostname_lookups,
+  $conf_enabled                                                         = $apache::params::conf_enabled,
+  $vhost_dir                                                            = $apache::params::vhost_dir,
+  $vhost_enable_dir                                                     = $apache::params::vhost_enable_dir,
+  $mod_libs                                                             = $apache::params::mod_libs,
+  $mod_packages                                                         = $apache::params::mod_packages,
+  $vhost_include_pattern                                                = $apache::params::vhost_include_pattern,
+  $mod_dir                                                              = $apache::params::mod_dir,
+  $mod_enable_dir                                                       = $apache::params::mod_enable_dir,
+  $mpm_module                                                           = $apache::params::mpm_module,
+  $lib_path                                                             = $apache::params::lib_path,
+  $conf_template                                                        = $apache::params::conf_template,
+  $servername                                                           = $apache::params::servername,
+  $pidfile                                                              = $apache::params::pidfile,
+  Optional[Stdlib::Absolutepath] $rewrite_lock                          = undef,
+  Boolean $manage_user                                                  = true,
+  Boolean $manage_group                                                 = true,
+  $user                                                                 = $apache::params::user,
+  $group                                                                = $apache::params::group,
+  $http_protocol_options                                                = $apache::params::http_protocol_options,
+  $supplementary_groups                                                 = [],
+  $keepalive                                                            = $apache::params::keepalive,
+  $keepalive_timeout                                                    = $apache::params::keepalive_timeout,
+  $max_keepalive_requests                                               = $apache::params::max_keepalive_requests,
+  $limitreqfieldsize                                                    = '8190',
+  $limitreqfields                                                       = '100',
+  $logroot                                                              = $apache::params::logroot,
+  $logroot_mode                                                         = $apache::params::logroot_mode,
+  Apache::LogLevel $log_level                                           = $apache::params::log_level,
+  $log_formats                                                          = {},
+  $ssl_file                                                             = undef,
+  $ports_file                                                           = $apache::params::ports_file,
+  $docroot                                                              = $apache::params::docroot,
+  $apache_version                                                       = $apache::version::default,
+  $server_tokens                                                        = 'Prod',
+  $server_signature                                                     = 'On',
+  $trace_enable                                                         = 'On',
+  Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes        = undef,
+  $file_e_tag                                                           = undef,
+  Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']]
+  $use_canonical_name                                          = undef,
+  $package_ensure                                                = 'installed',
+  Boolean $use_optional_includes                                 = $apache::params::use_optional_includes,
+  $use_systemd                                                   = $apache::params::use_systemd,
+  $mime_types_additional                                         = $apache::params::mime_types_additional,
+  $file_mode                                                     = $apache::params::file_mode,
+  $root_directory_options                                        = $apache::params::root_directory_options,
+  Boolean $root_directory_secured                                = false,
+  $error_log                                                     = $apache::params::error_log,
+  $scriptalias                                                   = $apache::params::scriptalias,
+  $access_log_file                                               = $apache::params::access_log_file,
+  Array[Enum['h2', 'h2c', 'http/1.1']] $protocols                = [],
+  Optional[Boolean] $protocols_honor_order                       = undef,
+) inherits ::apache::params {
+  $valid_mpms_re = $apache_version ? {
+    '2.4'   => '(event|itk|peruser|prefork|worker)',
+    default => '(event|itk|prefork|worker)'
+  }
+
+  if $::osfamily == 'RedHat' and $facts['operatingsystemmajrelease'] == '7' {
+    # On redhat 7 the ssl.conf lives in /etc/httpd/conf.d (the confd_dir)
+    # when all other module configs live in /etc/httpd/conf.modules.d (the
+    # mod_dir). On all other platforms and versions, ssl.conf lives in the
+    # mod_dir. This should maintain the expected location of ssl.conf
+    $_ssl_file = $ssl_file ? {
+      undef   => "${apache::confd_dir}/ssl.conf",
+      default => $ssl_file
+    }
+  } else {
+    $_ssl_file = $ssl_file ? {
+      undef   => "${apache::mod_dir}/ssl.conf",
+      default => $ssl_file
+    }
+  }
+
+  if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans
+    assert_type(Pattern[$valid_mpms_re], $mpm_module)
+  }
+
+  # NOTE: on FreeBSD it's mpm module's responsibility to install httpd package.
+  # NOTE: the same strategy may be introduced for other OSes. For this, you
+  # should delete the 'if' block below and modify all MPM modules' manifests
+  # such that they include apache::package class (currently event.pp, itk.pp,
+  # peruser.pp, prefork.pp, worker.pp).
+  if $::osfamily != 'FreeBSD' {
+    package { 'httpd':
+      ensure => $package_ensure,
+      name   => $apache_name,
+      notify => Class['Apache::Service'],
+    }
+  }
+
+  # declare the web server user and group
+  # Note: requiring the package means the package ought to create them and not puppet
+  if $manage_user {
+    user { $user:
+      ensure  => present,
+      gid     => $group,
+      groups  => $supplementary_groups,
+      require => Package['httpd'],
+    }
+  }
+  if $manage_group {
+    group { $group:
+      ensure  => present,
+      require => Package['httpd'],
+    }
+  }
+
+  class { 'apache::service':
+    service_name    => $service_name,
+    service_enable  => $service_enable,
+    service_manage  => $service_manage,
+    service_ensure  => $service_ensure,
+    service_restart => $service_restart,
+  }
+
+  # Deprecated backwards-compatibility
+  if $purge_vdir {
+    warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs')
+    $purge_confd = $purge_vdir
+  } else {
+    $purge_confd = $purge_configs
+  }
+
+  # Set purge vhostd appropriately
+  if $purge_vhost_dir == undef {
+    $purge_vhostd = $purge_confd
+  } else {
+    $purge_vhostd = $purge_vhost_dir
+  }
+
+  Exec {
+    path => '/bin:/sbin:/usr/bin:/usr/sbin',
+  }
+
+  exec { "mkdir ${confd_dir}":
+    creates => $confd_dir,
+    require => Package['httpd'],
+  }
+  file { $confd_dir:
+    ensure  => directory,
+    recurse => true,
+    purge   => $purge_confd,
+    force   => $purge_confd,
+    notify  => Class['Apache::Service'],
+    require => Package['httpd'],
+  }
+
+  if $conf_enabled and ! defined(File[$conf_enabled]) {
+    file { $conf_enabled:
+      ensure  => directory,
+      recurse => true,
+      purge   => $purge_confd,
+      force   => $purge_confd,
+      notify  => Class['Apache::Service'],
+      require => Package['httpd'],
+    }
+  }
+
+  if ! defined(File[$mod_dir]) {
+    exec { "mkdir ${mod_dir}":
+      creates => $mod_dir,
+      require => Package['httpd'],
+    }
+    # Don't purge available modules if an enable dir is used
+    $purge_mod_dir = $purge_configs and !$mod_enable_dir
+    file { $mod_dir:
+      ensure  => directory,
+      recurse => true,
+      purge   => $purge_mod_dir,
+      notify  => Class['Apache::Service'],
+      require => Package['httpd'],
+      before  => Anchor['::apache::modules_set_up'],
+    }
+  }
+
+  if $mod_enable_dir and ! defined(File[$mod_enable_dir]) {
+    $mod_load_dir = $mod_enable_dir
+    exec { "mkdir ${mod_enable_dir}":
+      creates => $mod_enable_dir,
+      require => Package['httpd'],
+    }
+    file { $mod_enable_dir:
+      ensure  => directory,
+      recurse => true,
+      purge   => $purge_configs,
+      notify  => Class['Apache::Service'],
+      require => Package['httpd'],
+    }
+  } else {
+    $mod_load_dir = $mod_dir
+  }
+
+  if ! defined(File[$vhost_dir]) {
+    exec { "mkdir ${vhost_dir}":
+      creates => $vhost_dir,
+      require => Package['httpd'],
+    }
+    file { $vhost_dir:
+      ensure  => directory,
+      recurse => true,
+      purge   => $purge_vhostd,
+      notify  => Class['Apache::Service'],
+      require => Package['httpd'],
+    }
+  }
+
+  if $vhost_enable_dir and ! defined(File[$vhost_enable_dir]) {
+    $vhost_load_dir = $vhost_enable_dir
+    exec { "mkdir ${vhost_load_dir}":
+      creates => $vhost_load_dir,
+      require => Package['httpd'],
+    }
+    file { $vhost_enable_dir:
+      ensure  => directory,
+      recurse => true,
+      purge   => $purge_vhostd,
+      notify  => Class['Apache::Service'],
+      require => Package['httpd'],
+    }
+  } else {
+    $vhost_load_dir = $vhost_dir
+  }
+
+  concat { $ports_file:
+    ensure  => present,
+    owner   => 'root',
+    group   => $apache::params::root_group,
+    mode    => $apache::file_mode,
+    notify  => Class['Apache::Service'],
+    require => Package['httpd'],
+  }
+  concat::fragment { 'Apache ports header':
+    target  => $ports_file,
+    content => template('apache/ports_header.erb'),
+  }
+
+  if $apache::conf_dir and $apache::params::conf_file {
+    if $::osfamily == 'gentoo' {
+      $error_documents_path = '/usr/share/apache2/error'
+      if $default_mods =~ Array {
+        if versioncmp($apache_version, '2.4') >= 0 {
+          if defined('apache::mod::ssl') {
+            ::portage::makeconf { 'apache2_modules':
+              content => concat($default_mods, ['authz_core', 'socache_shmcb']),
+            }
+          } else {
+            ::portage::makeconf { 'apache2_modules':
+              content => concat($default_mods, 'authz_core'),
+            }
+          }
+        } else {
+          ::portage::makeconf { 'apache2_modules':
+            content => $default_mods,
+          }
+        }
+      }
+
+      file { [
+          '/etc/apache2/modules.d/.keep_www-servers_apache-2',
+          '/etc/apache2/vhosts.d/.keep_www-servers_apache-2',
+        ]:
+          ensure  => absent,
+          require => Package['httpd'],
+      }
+    }
+
+    $apxs_workaround = $::osfamily ? {
+      'freebsd' => true,
+      default   => false
+    }
+
+    # Template uses:
+    # - $pidfile
+    # - $user
+    # - $group
+    # - $logroot
+    # - $error_log
+    # - $sendfile
+    # - $mod_dir
+    # - $ports_file
+    # - $confd_dir
+    # - $vhost_dir
+    # - $error_documents
+    # - $error_documents_path
+    # - $apxs_workaround
+    # - $http_protocol_options
+    # - $keepalive
+    # - $keepalive_timeout
+    # - $max_keepalive_requests
+    # - $server_root
+    # - $server_tokens
+    # - $server_signature
+    # - $trace_enable
+    # - $rewrite_lock
+    # - $root_directory_secured
+    file { "${apache::conf_dir}/${apache::params::conf_file}":
+      ensure  => file,
+      mode    => $apache::file_mode,
+      content => template($conf_template),
+      notify  => Class['Apache::Service'],
+      require => [Package['httpd'], Concat[$ports_file]],
+    }
+
+    # preserve back-wards compatibility to the times when default_mods was
+    # only a boolean value. Now it can be an array (too)
+    if $default_mods =~ Array {
+      class { 'apache::default_mods':
+        all  => false,
+        mods => $default_mods,
+      }
+    } else {
+      class { 'apache::default_mods':
+        all => $default_mods,
+      }
+    }
+    class { 'apache::default_confd_files':
+      all => $default_confd_files,
+    }
+    if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans
+      include "::apache::mod::${mpm_module}"
+    }
+
+    $default_vhost_ensure = $default_vhost ? {
+      true  => 'present',
+      false => 'absent'
+    }
+    $default_ssl_vhost_ensure = $default_ssl_vhost ? {
+      true  => 'present',
+      false => 'absent'
+    }
+
+    ::apache::vhost { 'default':
+      ensure                       => $default_vhost_ensure,
+      port                         => '80',
+      docroot                      => $docroot,
+      scriptalias                  => $scriptalias,
+      serveradmin                  => $serveradmin,
+      access_log_file              => $access_log_file,
+      priority                     => '15',
+      ip                           => $ip,
+      logroot_mode                 => $logroot_mode,
+      manage_docroot               => $default_vhost,
+      use_servername_for_filenames => true,
+      use_port_for_filenames       => true,
+    }
+    $ssl_access_log_file = $::osfamily ? {
+      'freebsd' => $access_log_file,
+      default   => "ssl_${access_log_file}",
+    }
+    ::apache::vhost { 'default-ssl':
+      ensure                       => $default_ssl_vhost_ensure,
+      port                         => '443',
+      ssl                          => true,
+      docroot                      => $docroot,
+      scriptalias                  => $scriptalias,
+      serveradmin                  => $serveradmin,
+      access_log_file              => $ssl_access_log_file,
+      priority                     => '15',
+      ip                           => $ip,
+      logroot_mode                 => $logroot_mode,
+      manage_docroot               => $default_ssl_vhost,
+      use_servername_for_filenames => true,
+      use_port_for_filenames       => true,
+    }
+  }
+
+  # This anchor can be used as a reference point for things that need to happen *after*
+  # all modules have been put in place.
+  anchor { '::apache::modules_set_up': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/listen.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/listen.pp
new file mode 100644
index 000000000..3eb60baad
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/listen.pp
@@ -0,0 +1,15 @@
+# @summary
+#   Adds `Listen` directives to `ports.conf` that define the 
+#   Apache server's or a virtual host's listening address and port.
+#
+# The `apache::vhost` class uses this defined type, and titles take the form 
+# `<PORT>`, `<IPV4>:<PORT>`, or `<IPV6>:<PORT>`.
+define apache::listen {
+  $listen_addr_port = $name
+
+  # Template uses: $listen_addr_port
+  concat::fragment { "Listen ${listen_addr_port}":
+    target  => $apache::ports_file,
+    content => template('apache/listen.erb'),
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod.pp
new file mode 100644
index 000000000..0f7105d63
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod.pp
@@ -0,0 +1,210 @@
+# @summary
+#   Installs packages for an Apache module that doesn't have a corresponding 
+#   `apache::mod::<MODULE NAME>` class.
+#
+# Checks for or places the module's default configuration files in the Apache server's 
+# `module` and `enable` directories. The default locations depend on your operating system.
+#
+# @param package
+#   **Required**.<br />
+#   Names the package Puppet uses to install the Apache module.
+#
+# @param package_ensure
+#   Determines whether Puppet ensures the Apache module should be installed.
+#
+# @param lib
+#   Defines the module's shared object name. Do not configure manually without special reason.
+#
+# @param lib_path
+#   Specifies a path to the module's libraries. Do not manually set this parameter 
+#   without special reason. The `path` parameter overrides this value.
+#
+# @param loadfile_name
+#   Sets the filename for the module's `LoadFile` directive, which can also set 
+#   the module load order as Apache processes them in alphanumeric order.
+#
+# @param id
+#   Specifies the package id
+#
+# @param loadfiles
+#   Specifies an array of `LoadFile` directives.
+#
+# @param path
+#   Specifies a path to the module. Do not manually set this parameter without a special reason.
+#
+define apache::mod (
+  $package        = undef,
+  $package_ensure = 'present',
+  $lib            = undef,
+  $lib_path       = $apache::lib_path,
+  $id             = undef,
+  $path           = undef,
+  $loadfile_name  = undef,
+  $loadfiles      = undef,
+) {
+  if ! defined(Class['apache']) {
+    fail('You must include the apache base class before using any apache defined resources')
+  }
+
+  $mod = $name
+  #include apache #This creates duplicate resources in rspec-puppet
+  $mod_dir = $apache::mod_dir
+
+  # Determine if we have special lib
+  $mod_libs = $apache::mod_libs
+  if $lib {
+    $_lib = $lib
+  } elsif has_key($mod_libs, $mod) { # 2.6 compatibility hack
+    $_lib = $mod_libs[$mod]
+  } else {
+    $_lib = "mod_${mod}.so"
+  }
+
+  # Determine if declaration specified a path to the module
+  if $path {
+    $_path = $path
+  } else {
+    $_path = "${lib_path}/${_lib}"
+  }
+
+  if $id {
+    $_id = $id
+  } else {
+    $_id = "${mod}_module"
+  }
+
+  if $loadfile_name {
+    $_loadfile_name = $loadfile_name
+  } else {
+    $_loadfile_name = "${mod}.load"
+  }
+
+  # Determine if we have a package
+  $mod_packages = $apache::mod_packages
+  if $package {
+    $_package = $package
+  } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack
+    if ($apache::apache_version == '2.4' and $::operatingsystem =~ /^[Aa]mazon$/ and $::operatingsystemmajrelease != '2') {
+      # On amazon linux we need to prefix our package name with mod24 instead of mod to support apache 2.4
+      $_package = regsubst($mod_packages[$mod],'^(mod_)?(.*)','mod24_\2')
+    } else {
+      $_package = $mod_packages[$mod]
+    }
+  } else {
+    $_package = undef
+  }
+  if $_package and ! defined(Package[$_package]) {
+    # note: FreeBSD/ports uses apxs tool to activate modules; apxs clutters
+    # httpd.conf with 'LoadModule' directives; here, by proper resource
+    # ordering, we ensure that our version of httpd.conf is reverted after
+    # the module gets installed.
+    $package_before = $::osfamily ? {
+      'freebsd' => [
+        File[$_loadfile_name],
+        File["${apache::conf_dir}/${apache::params::conf_file}"]
+      ],
+      default => [
+        File[$_loadfile_name],
+        File[$apache::confd_dir],
+      ],
+    }
+    # if there are any packages, they should be installed before the associated conf file
+    Package[$_package] -> File<| title == "${mod}.conf" |>
+    # $_package may be an array
+    package { $_package:
+      ensure  => $package_ensure,
+      require => Package['httpd'],
+      before  => $package_before,
+      notify  => Class['apache::service'],
+    }
+  }
+
+  file { $_loadfile_name:
+    ensure  => file,
+    path    => "${mod_dir}/${_loadfile_name}",
+    owner   => 'root',
+    group   => $apache::params::root_group,
+    mode    => $apache::file_mode,
+    content => template('apache/mod/load.erb'),
+    require => [
+      Package['httpd'],
+      Exec["mkdir ${mod_dir}"],
+    ],
+    before  => File[$mod_dir],
+    notify  => Class['apache::service'],
+  }
+
+  if $::osfamily == 'Debian' {
+    $enable_dir = $apache::mod_enable_dir
+    file { "${_loadfile_name} symlink":
+      ensure  => link,
+      path    => "${enable_dir}/${_loadfile_name}",
+      target  => "${mod_dir}/${_loadfile_name}",
+      owner   => 'root',
+      group   => $apache::params::root_group,
+      mode    => $apache::file_mode,
+      require => [
+        File[$_loadfile_name],
+        Exec["mkdir ${enable_dir}"],
+      ],
+      before  => File[$enable_dir],
+      notify  => Class['apache::service'],
+    }
+    # Each module may have a .conf file as well, which should be
+    # defined in the class apache::mod::module
+    # Some modules do not require this file.
+    if defined(File["${mod}.conf"]) {
+      file { "${mod}.conf symlink":
+        ensure  => link,
+        path    => "${enable_dir}/${mod}.conf",
+        target  => "${mod_dir}/${mod}.conf",
+        owner   => 'root',
+        group   => $apache::params::root_group,
+        mode    => $apache::file_mode,
+        require => [
+          File["${mod}.conf"],
+          Exec["mkdir ${enable_dir}"],
+        ],
+        before  => File[$enable_dir],
+        notify  => Class['apache::service'],
+      }
+    }
+  } elsif $::osfamily == 'Suse' {
+    $enable_dir = $apache::mod_enable_dir
+    file { "${_loadfile_name} symlink":
+      ensure  => link,
+      path    => "${enable_dir}/${_loadfile_name}",
+      target  => "${mod_dir}/${_loadfile_name}",
+      owner   => 'root',
+      group   => $apache::params::root_group,
+      mode    => $apache::file_mode,
+      require => [
+        File[$_loadfile_name],
+        Exec["mkdir ${enable_dir}"],
+      ],
+      before  => File[$enable_dir],
+      notify  => Class['apache::service'],
+    }
+    # Each module may have a .conf file as well, which should be
+    # defined in the class apache::mod::module
+    # Some modules do not require this file.
+    if defined(File["${mod}.conf"]) {
+      file { "${mod}.conf symlink":
+        ensure  => link,
+        path    => "${enable_dir}/${mod}.conf",
+        target  => "${mod_dir}/${mod}.conf",
+        owner   => 'root',
+        group   => $apache::params::root_group,
+        mode    => $apache::file_mode,
+        require => [
+          File["${mod}.conf"],
+          Exec["mkdir ${enable_dir}"],
+        ],
+        before  => File[$enable_dir],
+        notify  => Class['apache::service'],
+      }
+    }
+  }
+
+  Apache::Mod[$name] -> Anchor['::apache::modules_set_up']
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/actions.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/actions.pp
new file mode 100644
index 000000000..c9b7d15d6
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/actions.pp
@@ -0,0 +1,8 @@
+# @summary
+#   Installs Apache mod_actions
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_actions.html for additional documentation.
+#
+class apache::mod::actions {
+  apache::mod { 'actions': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/alias.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/alias.pp
new file mode 100644
index 000000000..58ab0bdf8
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/alias.pp
@@ -0,0 +1,46 @@
+# @summary
+#   Installs and configures `mod_alias`.
+# 
+# @param apache_version
+#   The version of Apache, if not set will be retrieved from the init class.
+# 
+# @param icons_options
+#   Disables directory listings for the icons directory, via Apache [Options](https://httpd.apache.org/docs/current/mod/core.html#options)
+#   directive.
+# 
+# @param icons_path
+#   Sets the local path for an /icons/ Alias. Default depends on operating system:
+#   - Debian: /usr/share/apache2/icons
+#   - FreeBSD: /usr/local/www/apache24/icons
+#   - Gentoo: /var/www/icons
+#   - Red Hat: /var/www/icons, except on Apache 2.4, where it's /usr/share/httpd/icons
+# 
+# @param icons_path
+#   Change the alias for /icons/.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_alias.html for additional documentation.
+#
+class apache::mod::alias (
+  $apache_version = undef,
+  $icons_options  = 'Indexes MultiViews',
+  # set icons_path to false to disable the alias
+  $icons_path     = $apache::params::alias_icons_path,
+  $icons_prefix   = $apache::params::icons_prefix
+) inherits ::apache::params {
+  include apache
+  $_apache_version = pick($apache_version, $apache::apache_version)
+  apache::mod { 'alias': }
+
+  # Template uses $icons_path, $_apache_version
+  if $icons_path {
+    file { 'alias.conf':
+      ensure  => file,
+      path    => "${apache::mod_dir}/alias.conf",
+      mode    => $apache::file_mode,
+      content => template('apache/mod/alias.conf.erb'),
+      require => Exec["mkdir ${apache::mod_dir}"],
+      before  => File[$apache::mod_dir],
+      notify  => Class['apache::service'],
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/apreq2.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/apreq2.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/apreq2.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/apreq2.pp
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_basic.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_basic.pp
new file mode 100644
index 000000000..cb2d1313c
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_basic.pp
@@ -0,0 +1,8 @@
+# @summary
+#   Installs `mod_auth_basic`
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_auth_basic.html for additional documentation.
+#
+class apache::mod::auth_basic {
+  ::apache::mod { 'auth_basic': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_cas.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_cas.pp
new file mode 100644
index 000000000..51e7d2c08
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_cas.pp
@@ -0,0 +1,136 @@
+# @summary
+#   Installs and configures `mod_auth_cas`.
+# 
+# @param cas_login_url
+#   Sets the URL to which the module redirects users when they attempt to access a 
+#   CAS-protected resource and don't have an active session.
+# 
+# @param cas_validate_url
+#   Sets the URL to use when validating a client-presented ticket in an HTTP query string.
+# 
+# @param cas_cookie_path
+#   Sets the location where information on the current session should be stored. This should
+#   be writable by the web server only.
+# 
+# @param cas_cookie_path_mode
+#   The mode of cas_cookie_path.
+#
+# @param cas_version
+#   The version of the CAS protocol to adhere to.
+# 
+# @param cas_debug
+#   Whether to enable or disable debug mode.
+# 
+# @param cas_validate_server
+#   Whether to validate the presented certificate. This has been deprecated and
+#   removed from Version 1.1-RC1 onward.
+# 
+# @param cas_validatedepth
+#   The maximum depth for chained certificate validation.
+# 
+# @param cas_proxy_validate_url
+#   The URL to use when performing a proxy validation.
+# 
+# @param cas_root_proxied_as
+#   Sets the URL end users see when access to this Apache server is proxied per vhost. 
+#   This URL should not include a trailing slash.
+# 
+# @param cas_cookie_entropy
+#   When creating a local session, this many random bytes are used to create a unique 
+#   session identifier.
+# 
+# @param cas_timeout
+#   The hard limit, in seconds, for a mod_auth_cas session.
+# 
+# @param cas_idle_timeout
+#   The limit, in seconds, of how long a mod_auth_cas session can be idle.
+# 
+# @param cas_cache_clean_interval
+#   The minimum amount of time that must pass inbetween cache cleanings.
+# 
+# @param cas_cookie_domain
+#   The value for the 'Domain=' parameter in the Set-Cookie header.
+# 
+# @param cas_cookie_http_only
+#   Setting this flag prevents the mod_auth_cas cookies from being accessed by 
+#   client side Javascript.
+# 
+# @param cas_authoritative
+#   Determines whether an optional authorization directive is authoritative and thus binding.
+# 
+# @param cas_validate_saml
+#   Parse response from CAS server for SAML.
+# 
+# @param cas_sso_enabled
+#   Enables experimental support for single sign out (may mangle POST data).
+# 
+# @param cas_attribute_prefix
+#   Adds a header with the value of this header being the attribute values when SAML 
+#   validation is enabled.
+# 
+# @param cas_attribute_delimiter
+#   Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
+# 
+# @param cas_scrub_request_headers
+#   Remove inbound request headers that may have special meaning within mod_auth_cas.
+# 
+# @param suppress_warning
+#   Suppress warning about being on RedHat (mod_auth_cas package is now available in epel-testing repo).
+#
+# @note The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL.
+#
+# @see https://github.com/apereo/mod_auth_cas for additional documentation.
+#
+class apache::mod::auth_cas (
+  String $cas_login_url,
+  String $cas_validate_url,
+  String $cas_cookie_path    = $apache::params::cas_cookie_path,
+  $cas_cookie_path_mode      = '0750',
+  $cas_version               = 2,
+  $cas_debug                 = 'Off',
+  $cas_validate_server       = undef,
+  $cas_validate_depth        = undef,
+  $cas_certificate_path      = undef,
+  $cas_proxy_validate_url    = undef,
+  $cas_root_proxied_as       = undef,
+  $cas_cookie_entropy        = undef,
+  $cas_timeout               = undef,
+  $cas_idle_timeout          = undef,
+  $cas_cache_clean_interval  = undef,
+  $cas_cookie_domain         = undef,
+  $cas_cookie_http_only      = undef,
+  $cas_authoritative         = undef,
+  $cas_validate_saml         = undef,
+  $cas_sso_enabled           = undef,
+  $cas_attribute_prefix      = undef,
+  $cas_attribute_delimiter   = undef,
+  $cas_scrub_request_headers = undef,
+  $suppress_warning          = false,
+) inherits ::apache::params {
+  if $::osfamily == 'RedHat' and ! $suppress_warning {
+    warning('RedHat distributions do not have Apache mod_auth_cas in their default package repositories.')
+  }
+
+  include apache
+  ::apache::mod { 'auth_cas': }
+
+  file { $cas_cookie_path:
+    ensure => directory,
+    before => File['auth_cas.conf'],
+    mode   => $cas_cookie_path_mode,
+    owner  => $apache::user,
+    group  => $apache::group,
+  }
+
+  # Template uses
+  # - All variables beginning with cas_
+  file { 'auth_cas.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/auth_cas.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/auth_cas.conf.erb'),
+    require => [Exec["mkdir ${apache::mod_dir}"],],
+    before  => File[$apache::mod_dir],
+    notify  => Class['Apache::Service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_gssapi.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_gssapi.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_gssapi.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_gssapi.pp
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_kerb.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_kerb.pp
new file mode 100644
index 000000000..093c26d22
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_kerb.pp
@@ -0,0 +1,9 @@
+# @summary
+#   Installs `mod_auth_kerb`
+#
+# @see http://modauthkerb.sourceforge.net for additional documentation.
+class apache::mod::auth_kerb {
+  include apache
+  include apache::mod::authn_core
+  ::apache::mod { 'auth_kerb': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_mellon.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_mellon.pp
new file mode 100644
index 000000000..d585aed64
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_mellon.pp
@@ -0,0 +1,50 @@
+# @summary
+#   Installs and configures `mod_auth_mellon`.
+# 
+# @param mellon_cache_size
+#   Maximum number of sessions which can be active at once.
+# 
+# @param mellon_lock_file
+#   Full path to a file used for synchronizing access to the session data.
+# 
+# @param mellon_post_directory
+#   Full path of a directory where POST requests are saved during authentication.
+# 
+# @param mellon_cache_entry_size
+#   Maximum size for a single session entry in bytes.
+# 
+# @param mellon_post_ttl
+#   Delay in seconds before a saved POST request can be flushed.
+# 
+# @param mellon_post_size
+#   Maximum size for saved POST requests.
+# 
+# @param mellon_post_count
+#   Maximum amount of saved POST requests.
+# 
+# @see https://github.com/Uninett/mod_auth_mellon for additional documentation.
+#
+class apache::mod::auth_mellon (
+  $mellon_cache_size = $apache::params::mellon_cache_size,
+  $mellon_lock_file  = $apache::params::mellon_lock_file,
+  $mellon_post_directory = $apache::params::mellon_post_directory,
+  $mellon_cache_entry_size = undef,
+  $mellon_post_ttl = undef,
+  $mellon_post_size = undef,
+  $mellon_post_count = undef
+) inherits ::apache::params {
+  include apache
+  ::apache::mod { 'auth_mellon': }
+
+  # Template uses
+  # - All variables beginning with mellon_
+  file { 'auth_mellon.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/auth_mellon.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/auth_mellon.conf.erb'),
+    require => [Exec["mkdir ${apache::mod_dir}"],],
+    before  => File[$apache::mod_dir],
+    notify  => Class['Apache::Service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_openidc.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_openidc.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_openidc.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/auth_openidc.pp
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authn_core.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authn_core.pp
new file mode 100644
index 000000000..f145982e2
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authn_core.pp
@@ -0,0 +1,15 @@
+# @summary
+#   Installs `mod_authn_core`.
+# 
+# @param apache_version
+#   The version of apache being run.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_authn_core.html for additional documentation.
+#
+class apache::mod::authn_core (
+  $apache_version = $apache::apache_version
+) {
+  if versioncmp($apache_version, '2.4') >= 0 {
+    ::apache::mod { 'authn_core': }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authn_dbd.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authn_dbd.pp
new file mode 100644
index 000000000..b5e8d2c91
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authn_dbd.pp
@@ -0,0 +1,59 @@
+# @summary
+#   Installs `mod_authn_dbd`.
+# 
+# @param authn_dbd_params
+#   The params needed for the mod to function.
+#   
+# @param authn_dbd_dbdriver
+#   Selects an apr_dbd driver by name.
+#   
+# @param authn_dbd_query
+#   
+# @param authn_dbd_min
+#   Set the minimum number of connections per process.
+#   
+# @param authn_dbd_max
+#   Set the maximum number of connections per process.
+#   
+# @param authn_dbd_keep
+#   Set the maximum number of connections per process to be sustained.
+#   
+# @param authn_dbd_exptime
+#   Set the time to keep idle connections alive when the number of 
+#   connections specified in DBDKeep has been exceeded.
+#   
+# @param authn_dbd_alias
+#   Sets an alias for `AuthnProvider.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_authn_dbd.html for additional documentation.
+#
+class apache::mod::authn_dbd (
+  $authn_dbd_params,
+  $authn_dbd_dbdriver    = 'mysql',
+  $authn_dbd_query       = undef,
+  $authn_dbd_min         = '4',
+  $authn_dbd_max         = '20',
+  $authn_dbd_keep        = '8',
+  $authn_dbd_exptime     = '300',
+  $authn_dbd_alias       = undef,
+) inherits ::apache::params {
+  include apache
+  include apache::mod::dbd
+  ::apache::mod { 'authn_dbd': }
+
+  if $authn_dbd_alias {
+    include apache::mod::authn_core
+  }
+
+  # Template uses
+  # - All variables beginning with authn_dbd
+  file { 'authn_dbd.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/authn_dbd.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/authn_dbd.conf.erb'),
+    require => [Exec["mkdir ${apache::mod_dir}"],],
+    before  => File[$apache::mod_dir],
+    notify  => Class['Apache::Service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authn_file.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authn_file.pp
new file mode 100644
index 000000000..141804507
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authn_file.pp
@@ -0,0 +1,8 @@
+# @summary
+#   Installs `mod_authn_file`.
+# 
+# @see https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html for additional documentation.
+#
+class apache::mod::authn_file {
+  ::apache::mod { 'authn_file': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authnz_ldap.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authnz_ldap.pp
new file mode 100644
index 000000000..3f194d736
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authnz_ldap.pp
@@ -0,0 +1,33 @@
+# @summary
+#   Installs `mod_authnz_ldap`.
+# 
+# @param verify_server_cert
+#   Whether to force te verification of a server cert or not.
+# 
+# @param package_name
+#   The name of the ldap package.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html for additional documentation.
+# @note Unsupported platforms: RedHat: 6, 8; CentOS: 6, 8; OracleLinux: 6, 8; Ubuntu: all; Debian: all; SLES: all
+class apache::mod::authnz_ldap (
+  Boolean $verify_server_cert = true,
+  $package_name               = undef,
+) {
+  include apache
+  include 'apache::mod::ldap'
+  ::apache::mod { 'authnz_ldap':
+    package => $package_name,
+  }
+
+  # Template uses:
+  # - $verify_server_cert
+  file { 'authnz_ldap.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/authnz_ldap.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/authnz_ldap.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authnz_pam.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authnz_pam.pp
new file mode 100644
index 000000000..35ddb779e
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authnz_pam.pp
@@ -0,0 +1,9 @@
+# @summary
+#   Installs `mod_authnz_pam`.
+# 
+# @see https://www.adelton.com/apache/mod_authnz_pam for additional documentation.
+#
+class apache::mod::authnz_pam {
+  include apache
+  ::apache::mod { 'authnz_pam': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authz_default.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authz_default.pp
new file mode 100644
index 000000000..540d086ab
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authz_default.pp
@@ -0,0 +1,17 @@
+# @summary
+#   Installs and configures `mod_authz_default`.
+# 
+# @param apache_version
+#   Version of Apache to install module on.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_authz_default.html for additional documentation.
+#
+class apache::mod::authz_default (
+  $apache_version = $apache::apache_version
+) {
+  if versioncmp($apache_version, '2.4') >= 0 {
+    warning('apache::mod::authz_default has been removed in Apache 2.4')
+  } else {
+    ::apache::mod { 'authz_default': }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authz_user.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authz_user.pp
new file mode 100644
index 000000000..81bdf5f31
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/authz_user.pp
@@ -0,0 +1,8 @@
+# @summary
+#   Installs `mod_authz_user`
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_authz_user.html for additional documentation.
+#
+class apache::mod::authz_user {
+  ::apache::mod { 'authz_user': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/autoindex.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/autoindex.pp
new file mode 100644
index 000000000..e3215540a
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/autoindex.pp
@@ -0,0 +1,31 @@
+# @summary
+#   Installs `mod_autoindex`
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_autoindex.html for additional documentation.
+#
+class apache::mod::autoindex (
+  $icons_prefix   = $apache::params::icons_prefix
+) inherits ::apache::params {
+  include apache
+  ::apache::mod { 'autoindex': }
+
+  # Determine icon filename suffix for autoindex.conf.erb
+  case $::operatingsystem {
+    'Debian', 'Ubuntu': {
+      $icon_suffix = '-20x22'
+    }
+    default: {
+      $icon_suffix = ''
+    }
+  }
+
+  file { 'autoindex.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/autoindex.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/autoindex.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cache.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cache.pp
new file mode 100644
index 000000000..a822ae9aa
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cache.pp
@@ -0,0 +1,8 @@
+# @summary
+#   Installs `mod_cache`
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_cache.html for additional documentation.
+#
+class apache::mod::cache {
+  ::apache::mod { 'cache': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cgi.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cgi.pp
new file mode 100644
index 000000000..c11ea7fc9
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cgi.pp
@@ -0,0 +1,28 @@
+# @summary
+#   Installs `mod_cgi`.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_cgi.html for additional documentation.
+#
+class apache::mod::cgi {
+  include apache
+  case $::osfamily {
+    'FreeBSD': {}
+    default: {
+      if defined(Class['::apache::mod::itk']) {
+        Class['::apache::mod::itk'] -> Class['::apache::mod::cgi']
+      } elsif defined(Class['::apache::mod::peruser']) {
+        Class['::apache::mod::peruser'] -> Class['::apache::mod::cgi']
+      } else {
+        Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi']
+      }
+    }
+  }
+
+  if $::osfamily == 'Suse' {
+    ::apache::mod { 'cgi':
+      lib_path => '/usr/lib64/apache2-prefork',
+    }
+  } else {
+    ::apache::mod { 'cgi': }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cgid.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cgid.pp
new file mode 100644
index 000000000..e40af45b4
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cgid.pp
@@ -0,0 +1,47 @@
+# @summary
+#   Installs `mod_cgid`.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_cgid.html
+#
+class apache::mod::cgid {
+  include apache
+  case $::osfamily {
+    'FreeBSD': {}
+    default: {
+      if defined(Class['::apache::mod::event']) {
+        Class['::apache::mod::event'] -> Class['::apache::mod::cgid']
+      } else {
+        Class['::apache::mod::worker'] -> Class['::apache::mod::cgid']
+      }
+    }
+  }
+
+  # Debian specifies it's cgid sock path, but RedHat uses the default value
+  # with no config file
+  $cgisock_path = $::osfamily ? {
+    'debian'  => "\${APACHE_RUN_DIR}/cgisock",
+    'freebsd' => 'cgisock',
+    default   => undef,
+  }
+
+  if $::osfamily == 'Suse' {
+    ::apache::mod { 'cgid':
+      lib_path => '/usr/lib64/apache2-worker',
+    }
+  } else {
+    ::apache::mod { 'cgid': }
+  }
+
+  if $cgisock_path {
+    # Template uses $cgisock_path
+    file { 'cgid.conf':
+      ensure  => file,
+      path    => "${apache::mod_dir}/cgid.conf",
+      mode    => $apache::file_mode,
+      content => template('apache/mod/cgid.conf.erb'),
+      require => Exec["mkdir ${apache::mod_dir}"],
+      before  => File[$apache::mod_dir],
+      notify  => Class['apache::service'],
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cluster.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cluster.pp
new file mode 100644
index 000000000..9b827f763
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/cluster.pp
@@ -0,0 +1,87 @@
+# @summary
+#   Installs `mod_cluster`.
+# 
+# @param allowed_network
+#   Balanced members network.
+# 
+# @param balancer_name
+#   Name of balancer.
+# 
+# @param ip
+#   Specifies the IP address to listen to.
+# 
+# @param version
+#   Specifies the mod_cluster version. Version 1.3.0 or greater is required for httpd 2.4.
+#
+# @param enable_mcpm_receive
+#   Whether MCPM should be enabled.
+#   
+# @param port
+#   mod_cluster listen port.
+#
+# @param keep_alive_timeout
+#   Specifies how long Apache should wait for a request, in seconds.
+# 
+# @param manager_allowed_network
+#   Whether to allow the network to access the mod_cluster_manager.
+# 
+# @param max_keep_alive_requests
+#   Maximum number of requests kept alive.
+# 
+# @param server_advertise
+#   Whether the server should advertise.
+# 
+# @param advertise_frequency
+#   Sets the interval between advertise messages in seconds.
+#
+# @example
+#   class { '::apache::mod::cluster':
+#     ip                      => '172.17.0.1',
+#     allowed_network         => '172.17.0.',
+#     balancer_name           => 'mycluster',
+#     version                 => '1.3.1'
+#   }
+#
+# @note
+#   There is no official package available for mod_cluster, so you must make it available outside of the apache module. 
+#   Binaries can be found [here](https://modcluster.io/).
+#
+# @see https://modcluster.io/ for additional documentation.
+#
+class apache::mod::cluster (
+  $allowed_network,
+  $balancer_name,
+  $ip,
+  $version,
+  $enable_mcpm_receive = true,
+  $port = '6666',
+  $keep_alive_timeout = 60,
+  $manager_allowed_network = '127.0.0.1',
+  $max_keep_alive_requests = 0,
+  $server_advertise = true,
+  $advertise_frequency = undef,
+) {
+  include apache
+
+  ::apache::mod { 'proxy': }
+  ::apache::mod { 'proxy_ajp': }
+  ::apache::mod { 'manager': }
+  ::apache::mod { 'proxy_cluster': }
+  ::apache::mod { 'advertise': }
+
+  if (versioncmp($version, '1.3.0') >= 0 ) {
+    ::apache::mod { 'cluster_slotmem': }
+  } else {
+    ::apache::mod { 'slotmem': }
+  }
+
+  file { 'cluster.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/cluster.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/cluster.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/data.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/data.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/data.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/data.pp
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dav.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dav.pp
new file mode 100644
index 000000000..616492705
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dav.pp
@@ -0,0 +1,8 @@
+# @summary
+#   Installs `mod_dav`.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_dav.html for additional documentation.
+#
+class apache::mod::dav {
+  ::apache::mod { 'dav': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dav_fs.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dav_fs.pp
new file mode 100644
index 000000000..20fd5c015
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dav_fs.pp
@@ -0,0 +1,27 @@
+# @summary
+#   Installs `mod_dav_fs`.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_dav_fs.html for additional documentation.
+#
+class apache::mod::dav_fs {
+  include apache
+  $dav_lock = $::osfamily ? {
+    'debian'  => "\${APACHE_LOCK_DIR}/DAVLock",
+    'freebsd' => '/usr/local/var/DavLock',
+    default   => '/var/lib/dav/lockdb',
+  }
+
+  Class['::apache::mod::dav'] -> Class['::apache::mod::dav_fs']
+  ::apache::mod { 'dav_fs': }
+
+  # Template uses: $dav_lock
+  file { 'dav_fs.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/dav_fs.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/dav_fs.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dav_svn.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dav_svn.pp
new file mode 100644
index 000000000..4c04d1b35
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dav_svn.pp
@@ -0,0 +1,32 @@
+# @summary
+#   Installs and configures `mod_dav_svn`.
+# 
+# @param authz_svn_enabled
+#   Specifies whether to install Apache mod_authz_svn
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_dav_svn.html for additional documentation.
+#
+class apache::mod::dav_svn (
+  $authz_svn_enabled = false,
+) {
+  Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn']
+  include apache
+  include apache::mod::dav
+  if($::operatingsystem == 'SLES' and versioncmp($::operatingsystemmajrelease, '12') < 0) {
+    package { 'subversion-server':
+      ensure   => 'installed',
+      provider => 'zypper',
+    }
+  }
+
+  ::apache::mod { 'dav_svn': }
+
+  if $authz_svn_enabled {
+    ::apache::mod { 'authz_svn':
+      # authz_svn depends on symbols from the dav_svn module,
+      # therefore, make sure authz_svn is loaded after dav_svn.
+      loadfile_name => 'dav_svn_authz_svn.load',
+      require       => Apache::Mod['dav_svn'],
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dbd.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dbd.pp
new file mode 100644
index 000000000..cdc9cdf6f
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dbd.pp
@@ -0,0 +1,11 @@
+# @summary
+#   Installs `mod_dbd`.
+# 
+# @param apache_version
+#   Used to verify that the Apache version you have requested is compatible with the module.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_dbd.html for additional documentation.
+#
+class apache::mod::dbd {
+  ::apache::mod { 'dbd': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/deflate.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/deflate.pp
new file mode 100644
index 000000000..777c2f888
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/deflate.pp
@@ -0,0 +1,38 @@
+# @summary
+#   Installs and configures `mod_deflate`.
+# 
+# @param types
+#   An array of MIME types to be deflated. See https://www.iana.org/assignments/media-types/media-types.xhtml.
+#
+# @param notes
+#   A Hash where the key represents the type and the value represents the note name.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_deflate.html for additional documentation.
+#
+class apache::mod::deflate (
+  $types = [
+    'text/html text/plain text/xml',
+    'text/css',
+    'application/x-javascript application/javascript application/ecmascript',
+    'application/rss+xml',
+    'application/json',
+  ],
+  $notes = {
+    'Input'  => 'instream',
+    'Output' => 'outstream',
+    'Ratio'  => 'ratio',
+  }
+) {
+  include apache
+  ::apache::mod { 'deflate': }
+
+  file { 'deflate.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/deflate.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/deflate.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dev.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dev.pp
new file mode 100644
index 000000000..4039ff1fd
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dev.pp
@@ -0,0 +1,11 @@
+# @summary
+#   Installs `mod_dev`.
+#
+# @note
+#   This module is deprecated. Please use `apache::dev`.
+#
+class apache::mod::dev {
+  # Development packages are not apache modules
+  warning('apache::mod::dev is deprecated; please use apache::dev')
+  include apache::dev
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dir.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dir.pp
new file mode 100644
index 000000000..86f97a070
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dir.pp
@@ -0,0 +1,34 @@
+# @summary
+#   Installs and configures `mod_dir`.
+# 
+# @param types
+#   Specifies the text-based content types to compress.
+#
+# @param indexes
+#   Provides a string for the DirectoryIndex directive
+# 
+# @todo
+#   This sets the global DirectoryIndex directive, so it may be necessary to consider being able to modify the apache::vhost to declare 
+#   DirectoryIndex statements in a vhost configuration
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_dir.html for additional documentation.
+#
+class apache::mod::dir (
+  $dir                   = 'public_html',
+  Array[String] $indexes = ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'],
+) {
+  include apache
+  ::apache::mod { 'dir': }
+
+  # Template uses
+  # - $indexes
+  file { 'dir.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/dir.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/dir.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/disk_cache.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/disk_cache.pp
new file mode 100644
index 000000000..cb82b7b6b
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/disk_cache.pp
@@ -0,0 +1,68 @@
+# @summary
+#   Installs and configures `mod_disk_cache`.
+# 
+# @param cache_root
+#   Defines the name of the directory on the disk to contain cache files.
+#   Default depends on the Apache version and operating system:
+#   - Debian: /var/cache/apache2/mod_cache_disk
+#   - FreeBSD: /var/cache/mod_cache_disk
+#   - Red Hat, Apache 2.4: /var/cache/httpd/proxy
+#   - Red Hat, Apache 2.2: /var/cache/mod_proxy
+#
+# @param cache_ignore_headers
+#   Specifies HTTP header(s) that should not be stored in the cache.
+#
+# @param default_cache_enable
+#   Default value is true, which enables "CacheEnable disk /" in disk_cache.conf for the webserver. This would cache
+#   every request to apache by default for every vhost. If set to false the default cache all behaviour is supressed.
+#   You can then control this behaviour in individual vhosts by explicitly defining CacheEnable.
+#
+# @note
+#   Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed.
+#
+# @see https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html for additional documentation.
+#
+class apache::mod::disk_cache (
+  $cache_root           = undef,
+  $cache_ignore_headers = undef,
+  Boolean $default_cache_enable = true,
+) {
+  include apache
+  if $cache_root {
+    $_cache_root = $cache_root
+  }
+  elsif versioncmp($apache::apache_version, '2.4') >= 0 {
+    $_cache_root = $::osfamily ? {
+      'debian'  => '/var/cache/apache2/mod_cache_disk',
+      'redhat'  => '/var/cache/httpd/proxy',
+      'freebsd' => '/var/cache/mod_cache_disk',
+    }
+  }
+  else {
+    $_cache_root = $::osfamily ? {
+      'debian'  => '/var/cache/apache2/mod_disk_cache',
+      'redhat'  => '/var/cache/mod_proxy',
+      'freebsd' => '/var/cache/mod_disk_cache',
+    }
+  }
+
+  if versioncmp($apache::apache_version, '2.4') >= 0 {
+    apache::mod { 'cache_disk': }
+  }
+  else {
+    apache::mod { 'disk_cache': }
+  }
+
+  Class['::apache::mod::cache'] -> Class['::apache::mod::disk_cache']
+
+  # Template uses $_cache_root
+  file { 'disk_cache.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/disk_cache.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/disk_cache.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dumpio.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dumpio.pp
new file mode 100644
index 000000000..df892a919
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/dumpio.pp
@@ -0,0 +1,38 @@
+# @summary
+#   Installs and configures `mod_dumpio`.
+# 
+# @param dump_io_input
+#   Dump all input data to the error log
+#
+# @param dump_io_output
+#   Dump all output data to the error log
+#
+# @example
+#   class{'apache':
+#     default_mods => false,
+#     log_level    => 'dumpio:trace7',
+#   }
+#   class{'apache::mod::dumpio':
+#     dump_io_input  => 'On',
+#     dump_io_output => 'Off',
+#   }
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_dumpio.html for additional documentation.
+#
+class apache::mod::dumpio (
+  Enum['Off', 'On', 'off', 'on'] $dump_io_input  = 'Off',
+  Enum['Off', 'On', 'off', 'on'] $dump_io_output = 'Off',
+) {
+  include apache
+
+  ::apache::mod { 'dumpio': }
+  file { 'dumpio.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/dumpio.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/dumpio.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/env.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/env.pp
new file mode 100644
index 000000000..2ca17a5e7
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/env.pp
@@ -0,0 +1,8 @@
+# @summary
+#   Installs `mod_env`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_env.html for additional documentation.
+#
+class apache::mod::env {
+  ::apache::mod { 'env': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/event.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/event.pp
new file mode 100644
index 000000000..402a8530e
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/event.pp
@@ -0,0 +1,124 @@
+# @summary
+#   Installs and configures `mod_event`.
+# 
+# @param startservers
+#   Sets the number of child server processes created at startup, via the module's `StartServers` directive. Setting this to `false` 
+#   removes the parameter.
+#
+# @param maxclients
+#   Apache 2.3.12 or older alias for the `MaxRequestWorkers` directive.
+#
+# @param maxrequestworkers
+#   Sets the maximum number of connections Apache can simultaneously process, via the module's `MaxRequestWorkers` directive. Setting 
+#   these to `false` removes the parameters.
+#
+# @param minsparethreads
+#   Sets the minimum number of idle threads, via the `MinSpareThreads` directive. Setting this to `false` removes the parameters.
+#
+# @param maxsparethreads
+#   Sets the maximum number of idle threads, via the `MaxSpareThreads` directive. Setting this to `false` removes the parameters.
+#
+# @param threadsperchild
+#   Number of threads created by each child process.
+#
+# @param maxrequestsperchild
+#   Apache 2.3.8 or older alias for the `MaxConnectionsPerChild` directive.
+#
+# @param maxconnectionsperchild
+#   Limit on the number of connections that an individual child server will handle during its life.
+#
+# @param serverlimit
+#   Limits the configurable number of processes via the `ServerLimit` directive. Setting this to `false` removes the parameter.
+#
+# @param apache_version
+#   Version of Apache to install module on.
+#
+# @param threadlimit
+#    Limits the number of event threads via the module's `ThreadLimit` directive. Setting this to `false` removes the parameter.
+#
+# @param listenbacklog
+#   Sets the maximum length of the pending connections queue via the module's `ListenBackLog` directive. Setting this to `false` removes 
+#   the parameter.
+#
+# @note
+#   You cannot include apache::mod::event with apache::mod::itk, apache::mod::peruser, apache::mod::prefork, or 
+#   apache::mod::worker on the same server.
+#
+# @see https://httpd.apache.org/docs/current/mod/event.html for additional documentation.
+# @note Unsupported platforms: SLES: all
+class apache::mod::event (
+  $startservers           = '2',
+  $maxclients             = '150',
+  $maxrequestworkers      = undef,
+  $minsparethreads        = '25',
+  $maxsparethreads        = '75',
+  $threadsperchild        = '25',
+  $maxrequestsperchild    = '0',
+  $maxconnectionsperchild = undef,
+  $serverlimit            = '25',
+  $apache_version         = undef,
+  $threadlimit            = '64',
+  $listenbacklog          = '511',
+) {
+  include apache
+
+  $_apache_version = pick($apache_version, $apache::apache_version)
+
+  if defined(Class['apache::mod::itk']) {
+    fail('May not include both apache::mod::event and apache::mod::itk on the same node')
+  }
+  if defined(Class['apache::mod::peruser']) {
+    fail('May not include both apache::mod::event and apache::mod::peruser on the same node')
+  }
+  if defined(Class['apache::mod::prefork']) {
+    fail('May not include both apache::mod::event and apache::mod::prefork on the same node')
+  }
+  if defined(Class['apache::mod::worker']) {
+    fail('May not include both apache::mod::event and apache::mod::worker on the same node')
+  }
+  File {
+    owner => 'root',
+    group => $apache::params::root_group,
+    mode  => $apache::file_mode,
+  }
+
+  # Template uses:
+  # - $startservers
+  # - $maxclients
+  # - $minsparethreads
+  # - $maxsparethreads
+  # - $threadsperchild
+  # - $maxrequestsperchild
+  # - $serverlimit
+  file { "${apache::mod_dir}/event.conf":
+    ensure  => file,
+    mode    => $apache::file_mode,
+    content => template('apache/mod/event.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+
+  case $::osfamily {
+    'redhat': {
+      if versioncmp($_apache_version, '2.4') >= 0 {
+        apache::mpm { 'event':
+          apache_version => $_apache_version,
+        }
+      }
+    }
+    'debian','freebsd' : {
+      apache::mpm { 'event':
+        apache_version => $_apache_version,
+      }
+    }
+    'gentoo': {
+      ::portage::makeconf { 'apache2_mpms':
+        content => 'event',
+      }
+    }
+    default: {
+      fail("Unsupported osfamily ${::osfamily}")
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/expires.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/expires.pp
new file mode 100644
index 000000000..7a5bfddea
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/expires.pp
@@ -0,0 +1,38 @@
+# @summary
+#   Installs and configures `mod_expires`.
+# 
+# @param expires_active
+#   Enables generation of Expires headers.
+#
+# @param expires_default
+#   Specifies the default algorithm for calculating expiration time using ExpiresByType syntax or interval syntax.
+#
+# @param expires_by_type
+#   Describes a set of [MIME content-types](https://www.iana.org/assignments/media-types/media-types.xhtml) and their expiration
+#   times. This should be used as an array of Hashes, with each Hash's key a valid MIME content-type (i.e. 'text/json') and its 
+#   value following valid interval syntax.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_expires.html for additional documentation.
+#
+class apache::mod::expires (
+  $expires_active  = true,
+  $expires_default = undef,
+  $expires_by_type = undef,
+) {
+  include apache
+  ::apache::mod { 'expires': }
+
+  # Template uses
+  # $expires_active
+  # $expires_default
+  # $expires_by_type
+  file { 'expires.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/expires.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/expires.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/ext_filter.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/ext_filter.pp
new file mode 100644
index 000000000..d2a3d635e
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/ext_filter.pp
@@ -0,0 +1,38 @@
+# @summary
+#   Installs and configures `mod_ext_filter`.
+# 
+# @param ext_filter_define
+#   Hash of filter names and their parameters.
+#
+# @example
+#   class { 'apache::mod::ext_filter':
+#     ext_filter_define => {
+#       'slowdown'       => 'mode=output cmd=/bin/cat preservescontentlength',
+#       'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"',
+#     },
+#   }
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_ext_filter.html for additional documentation.
+#
+class apache::mod::ext_filter (
+  Optional[Hash] $ext_filter_define = undef
+) {
+  include apache
+
+  ::apache::mod { 'ext_filter': }
+
+  # Template uses
+  # -$ext_filter_define
+
+  if $ext_filter_define {
+    file { 'ext_filter.conf':
+      ensure  => file,
+      path    => "${apache::mod_dir}/ext_filter.conf",
+      mode    => $apache::file_mode,
+      content => template('apache/mod/ext_filter.conf.erb'),
+      require => [Exec["mkdir ${apache::mod_dir}"],],
+      before  => File[$apache::mod_dir],
+      notify  => Class['Apache::Service'],
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/fastcgi.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/fastcgi.pp
new file mode 100644
index 000000000..a3445c917
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/fastcgi.pp
@@ -0,0 +1,35 @@
+# @summary
+#   Installs `mod_fastcgi`.
+# 
+# @see https://github.com/FastCGI-Archives/mod_fastcgi for additional documentation.
+#
+class apache::mod::fastcgi {
+  include apache
+  if ($::osfamily == 'Redhat' and versioncmp($::operatingsystemmajrelease, '7') >= 0) {
+    fail('mod_fastcgi is no longer supported on el7 and above.')
+  }
+  if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '18.04') >= 0) {
+    fail('mod_fastcgi is no longer supported on Ubuntu 18.04 and above. Please use mod_proxy_fcgi')
+  }
+  # Debian specifies it's fastcgi lib path, but RedHat uses the default value
+  # with no config file
+  $fastcgi_lib_path = $apache::params::fastcgi_lib_path
+
+  ::apache::mod { 'fastcgi': }
+
+  if $fastcgi_lib_path {
+    # Template uses:
+    # - $fastcgi_server
+    # - $fastcgi_socket
+    # - $fastcgi_dir
+    file { 'fastcgi.conf':
+      ensure  => file,
+      path    => "${apache::mod_dir}/fastcgi.conf",
+      mode    => $apache::file_mode,
+      content => template('apache/mod/fastcgi.conf.erb'),
+      require => Exec["mkdir ${apache::mod_dir}"],
+      before  => File[$apache::mod_dir],
+      notify  => Class['apache::service'],
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/fcgid.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/fcgid.pp
new file mode 100644
index 000000000..14aa141d9
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/fcgid.pp
@@ -0,0 +1,65 @@
+# @summary
+#   Installs and configures `mod_fcgid`.
+# 
+# @param expires_active
+#   Enables generation of Expires headers.
+#
+# @param expires_default
+#   Default algorithm for calculating expiration time.
+#
+# @param expires_by_type
+#   Value of the Expires header configured by MIME type.
+#
+# @example The class does not individually parameterize all available options. Instead, configure mod_fcgid using the options hash. 
+#   class { 'apache::mod::fcgid':
+#     options => {
+#       'FcgidIPCDir'  => '/var/run/fcgidsock',
+#       'SharememPath' => '/var/run/fcgid_shm',
+#       'AddHandler'   => 'fcgid-script .fcgi',
+#     },
+#   }
+#
+# @example If you include apache::mod::fcgid, you can set the [FcgidWrapper][] per directory, per virtual host. The module must be 
+# loaded first; Puppet will not automatically enable it if you set the fcgiwrapper parameter in apache::vhost.
+#   include apache::mod::fcgid
+#   
+#   apache::vhost { 'example.org':
+#     docroot     => '/var/www/html',
+#     directories => {
+#       path        => '/var/www/html',
+#       fcgiwrapper => {
+#         command => '/usr/local/bin/fcgiwrapper',
+#       }
+#     },
+#   }
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_fcgid.html for additional documentation.
+#
+class apache::mod::fcgid (
+  $options = {},
+) {
+  include apache
+  if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease >= '7') or $::osfamily == 'FreeBSD' {
+    $loadfile_name = 'unixd_fcgid.load'
+    $conf_name = 'unixd_fcgid.conf'
+  } else {
+    $loadfile_name = undef
+    $conf_name = 'fcgid.conf'
+  }
+
+  ::apache::mod { 'fcgid':
+    loadfile_name => $loadfile_name,
+  }
+
+  # Template uses:
+  # - $options
+  file { $conf_name:
+    ensure  => file,
+    path    => "${apache::mod_dir}/${conf_name}",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/fcgid.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/filter.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/filter.pp
new file mode 100644
index 000000000..5cee27718
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/filter.pp
@@ -0,0 +1,8 @@
+# @summary
+#   Installs `mod_filter`.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_filter.html for additional documentation.
+#
+class apache::mod::filter {
+  ::apache::mod { 'filter': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/geoip.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/geoip.pp
new file mode 100644
index 000000000..b77ea05c6
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/geoip.pp
@@ -0,0 +1,61 @@
+# @summary
+#   Installs and configures `mod_geoip`.
+# 
+# @param enable
+#   Toggles whether to enable geoip.
+#
+# @param db_file
+#   Path to database for GeoIP to use.
+# 
+# @param flag
+#   Caching directive to use. Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'.
+# 
+# @param output
+#   Output variable locations. Values: 'All', 'Env', 'Request', 'Notes'.
+# 
+# @param enable_utf8
+#   Changes the output from ISO88591 (Latin1) to UTF8.
+# 
+# @param scan_proxy_headers
+#   Enables the GeoIPScanProxyHeaders option.
+# 
+# @param scan_proxy_headers_field
+#   Specifies the header mod_geoip uses to determine the client's IP address.
+# 
+# @param use_last_xforwarededfor_ip
+#   Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found.
+# 
+# @see https://dev.maxmind.com/geoip/legacy/mod_geoip2 for additional documentation.
+#
+class apache::mod::geoip (
+  $enable                     = false,
+  $db_file                    = '/usr/share/GeoIP/GeoIP.dat',
+  $flag                       = 'Standard',
+  $output                     = 'All',
+  $enable_utf8                = undef,
+  $scan_proxy_headers         = undef,
+  $scan_proxy_header_field    = undef,
+  $use_last_xforwarededfor_ip = undef,
+) {
+  include apache
+  ::apache::mod { 'geoip': }
+
+  # Template uses:
+  # - enable
+  # - db_file
+  # - flag
+  # - output
+  # - enable_utf8
+  # - scan_proxy_headers
+  # - scan_proxy_header_field
+  # - use_last_xforwarededfor_ip
+  file { 'geoip.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/geoip.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/geoip.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/headers.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/headers.pp
new file mode 100644
index 000000000..a86dbf76a
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/headers.pp
@@ -0,0 +1,11 @@
+# @summary
+#   Installs and configures `mod_headers`.
+# 
+# @param apache_version
+#   Version of Apache to install module on.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_headers.html for additional documentation.
+#
+class apache::mod::headers {
+  ::apache::mod { 'headers': }
+}
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/http2.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/http2.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/http2.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/http2.pp
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/include.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/include.pp
new file mode 100644
index 000000000..af9675a95
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/include.pp
@@ -0,0 +1,8 @@
+# @summary
+#   Installs `mod_include`.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_include.html for additional documentation.
+#
+class apache::mod::include {
+  ::apache::mod { 'include': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/info.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/info.pp
new file mode 100644
index 000000000..baf20cb32
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/info.pp
@@ -0,0 +1,51 @@
+# @summary
+#   Installs and configures `mod_info`.
+# 
+# @param allow_from
+#   Allowlist of IPv4 or IPv6 addresses or ranges that can access the info path.
+# 
+# @param apache_version
+#   Version of Apache to install module on.
+# 
+# @param restrict_access
+#   Toggles whether to restrict access to info path. If `false`, the `allow_from` allowlist is ignored and any IP address can
+#   access the info path.
+# 
+# @param info_path
+#   Path on server to file containing server configuration information.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_info.html for additional documentation.
+#
+class apache::mod::info (
+  $allow_from      = ['127.0.0.1','::1'],
+  $apache_version  = undef,
+  $restrict_access = true,
+  $info_path       = '/server-info',
+) {
+  include apache
+  $_apache_version = pick($apache_version, $apache::apache_version)
+
+  if $::osfamily == 'Suse' {
+    if defined(Class['::apache::mod::worker']) {
+      $suse_path = '/usr/lib64/apache2-worker'
+    } else {
+      $suse_path = '/usr/lib64/apache2-prefork'
+    }
+    ::apache::mod { 'info':
+      lib_path => $suse_path,
+    }
+  } else {
+    ::apache::mod { 'info': }
+  }
+
+  # Template uses $allow_from, $_apache_version
+  file { 'info.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/info.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/info.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/intercept_form_submit.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/intercept_form_submit.pp
new file mode 100644
index 000000000..f6ccf653b
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/intercept_form_submit.pp
@@ -0,0 +1,9 @@
+# @summary
+#   Installs `mod_intercept_form_submit`.
+# 
+# @see https://www.adelton.com/apache/mod_intercept_form_submit for additional documentation.
+#
+class apache::mod::intercept_form_submit {
+  include apache
+  ::apache::mod { 'intercept_form_submit': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/itk.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/itk.pp
new file mode 100644
index 000000000..2f44b01a8
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/itk.pp
@@ -0,0 +1,128 @@
+# @summary
+#   Installs MPM `mod_itk`.
+# 
+# @param startservers
+#   Number of child server processes created on startup.
+#
+# @param minspareservers
+#   Minimum number of idle child server processes.
+#
+# @param maxspareservers
+#   Maximum number of idle child server processes.
+#
+# @param serverlimit
+#   Maximum configured value for `MaxRequestWorkers` for the lifetime of the Apache httpd process.
+#
+# @param maxclients
+#   Limit on the number of simultaneous requests that will be served.
+#
+# @param maxrequestsperchild
+#   Limit on the number of connections that an individual child server process will handle.
+#
+# @param enablecapabilities
+#   Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra
+#   capabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor 
+#   capabilities, such as NFS.
+#
+# @param apache_version
+#   Used to verify that the Apache version you have requested is compatible with the module.
+# 
+# @see http://mpm-itk.sesse.net for additional documentation.
+# @note Unsupported platforms: CentOS: 8; RedHat: 8; SLES: all
+class apache::mod::itk (
+  $startservers        = '8',
+  $minspareservers     = '5',
+  $maxspareservers     = '20',
+  $serverlimit         = '256',
+  $maxclients          = '256',
+  $maxrequestsperchild = '4000',
+  $enablecapabilities  = undef,
+  $apache_version      = undef,
+) {
+  include apache
+
+  $_apache_version = pick($apache_version, $apache::apache_version)
+
+  if defined(Class['apache::mod::event']) {
+    fail('May not include both apache::mod::itk and apache::mod::event on the same node')
+  }
+  if defined(Class['apache::mod::peruser']) {
+    fail('May not include both apache::mod::itk and apache::mod::peruser on the same node')
+  }
+  if versioncmp($_apache_version, '2.4') < 0 {
+    if defined(Class['apache::mod::prefork']) {
+      fail('May not include both apache::mod::itk and apache::mod::prefork on the same node')
+    }
+  } else {
+    # prefork is a requirement for itk in 2.4; except on FreeBSD and Gentoo, which are special
+    if $::osfamily =~ /^(FreeBSD|Gentoo)/ {
+      if defined(Class['apache::mod::prefork']) {
+        fail('May not include both apache::mod::itk and apache::mod::prefork on the same node')
+      }
+    } else {
+      if ! defined(Class['apache::mod::prefork']) {
+        include apache::mod::prefork
+      }
+    }
+  }
+  if defined(Class['apache::mod::worker']) {
+    fail('May not include both apache::mod::itk and apache::mod::worker on the same node')
+  }
+  File {
+    owner => 'root',
+    group => $apache::params::root_group,
+    mode  => $apache::file_mode,
+  }
+
+  # Template uses:
+  # - $startservers
+  # - $minspareservers
+  # - $maxspareservers
+  # - $serverlimit
+  # - $maxclients
+  # - $maxrequestsperchild
+  file { "${apache::mod_dir}/itk.conf":
+    ensure  => file,
+    mode    => $apache::file_mode,
+    content => template('apache/mod/itk.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+
+  case $::osfamily {
+    'redhat': {
+      package { 'httpd-itk':
+        ensure => present,
+      }
+      if versioncmp($_apache_version, '2.4') >= 0 {
+        ::apache::mpm { 'itk':
+          apache_version => $_apache_version,
+        }
+      }
+      else {
+        file_line { '/etc/sysconfig/httpd itk enable':
+          ensure  => present,
+          path    => '/etc/sysconfig/httpd',
+          line    => 'HTTPD=/usr/sbin/httpd.itk',
+          match   => '#?HTTPD=/usr/sbin/httpd.itk',
+          require => Package['httpd'],
+          notify  => Class['apache::service'],
+        }
+      }
+    }
+    'debian', 'freebsd': {
+      apache::mpm { 'itk':
+        apache_version => $_apache_version,
+      }
+    }
+    'gentoo': {
+      ::portage::makeconf { 'apache2_mpms':
+        content => 'itk',
+      }
+    }
+    default: {
+      fail("Unsupported osfamily ${::osfamily}")
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/jk.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/jk.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/jk.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/jk.pp
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/ldap.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/ldap.pp
new file mode 100644
index 000000000..9c37b09e6
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/ldap.pp
@@ -0,0 +1,79 @@
+# @summary
+#   Installs and configures `mod_ldap`.
+# 
+# @param apache_version
+#   Used to verify that the Apache version you have requested is compatible with the module.
+# 
+# @param package_name
+#   Specifies the custom package name.
+# 
+# @param ldap_trusted_global_cert_file
+#   Sets the file or database containing global trusted Certificate Authority or global client certificates.
+# 
+# @param ldap_trusted_global_cert_type
+#   Sets the certificate parameter of the global trusted Certificate Authority or global client certificates.
+# 
+# @param ldap_shared_cache_size
+#   Size in bytes of the shared-memory cache
+# 
+# @param ldap_cache_entries
+#   Maximum number of entries in the primary LDAP cache
+# 
+# @param ldap_cache_ttl
+#   Time that cached items remain valid (in seconds).
+# 
+# @param ldap_opcache_entries
+#   Number of entries used to cache LDAP compare operations
+# 
+# @param ldap_opcache_ttl
+#   Time that entries in the operation cache remain valid (in seconds).
+# 
+# @param ldap_trusted_mode
+#   Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
+#
+# @param ldap_path
+#   The server location of the ldap status page.
+#
+# @example 
+#   class { 'apache::mod::ldap':
+#     ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt',
+#     ldap_trusted_global_cert_type => 'CA_DER',
+#     ldap_trusted_mode             => 'TLS',
+#     ldap_shared_cache_size        => '500000',
+#     ldap_cache_entries            => '1024',
+#     ldap_cache_ttl                => '600',
+#     ldap_opcache_entries          => '1024',
+#     ldap_opcache_ttl              => '600',
+#   }
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_ldap.html for additional documentation.
+# @note Unsupported platforms: CentOS: 8; RedHat: 8
+class apache::mod::ldap (
+  $apache_version                                  = undef,
+  $package_name                                    = undef,
+  $ldap_trusted_global_cert_file                   = undef,
+  Optional[String] $ldap_trusted_global_cert_type  = 'CA_BASE64',
+  $ldap_shared_cache_size                          = undef,
+  $ldap_cache_entries                              = undef,
+  $ldap_cache_ttl                                  = undef,
+  $ldap_opcache_entries                            = undef,
+  $ldap_opcache_ttl                                = undef,
+  $ldap_trusted_mode                               = undef,
+  String $ldap_path                                = '/ldap-status',
+) {
+  include apache
+  $_apache_version = pick($apache_version, $apache::apache_version)
+  ::apache::mod { 'ldap':
+    package => $package_name,
+  }
+  # Template uses $_apache_version
+  file { 'ldap.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/ldap.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/ldap.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/lookup_identity.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/lookup_identity.pp
new file mode 100644
index 000000000..3161ec329
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/lookup_identity.pp
@@ -0,0 +1,9 @@
+# @summary
+#   Installs `mod_lookup_identity`
+# 
+# @see https://www.adelton.com/apache/mod_lookup_identity for additional documentation.
+#
+class apache::mod::lookup_identity {
+  include apache
+  ::apache::mod { 'lookup_identity': }
+}
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/macro.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/macro.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/macro.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/macro.pp
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/md.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/md.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/md.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/md.pp
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/mime.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/mime.pp
new file mode 100644
index 000000000..9243ae1e1
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/mime.pp
@@ -0,0 +1,39 @@
+# @summary
+#   Installs and configures `mod_mime`.
+# 
+# @param mime_support_package
+#   Name of the MIME package to be installed.
+#
+# @param mime_types_config
+#   The location of the mime.types file.
+#
+# @param mime_types_additional
+#   List of additional MIME types to include.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_mime.html for additional documentation.
+#
+class apache::mod::mime (
+  $mime_support_package = $apache::params::mime_support_package,
+  $mime_types_config    = $apache::params::mime_types_config,
+  $mime_types_additional = undef,
+) inherits ::apache::params {
+  include apache
+  $_mime_types_additional = pick($mime_types_additional, $apache::mime_types_additional)
+  apache::mod { 'mime': }
+  # Template uses $_mime_types_config
+  file { 'mime.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/mime.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/mime.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+  if $mime_support_package {
+    package { $mime_support_package:
+      ensure => 'installed',
+      before => File['mime.conf'],
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/mime_magic.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/mime_magic.pp
new file mode 100644
index 000000000..99a1ec4bb
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/mime_magic.pp
@@ -0,0 +1,25 @@
+# @summary
+#   Installs and configures `mod_mime_magic`.
+# 
+# @param magic_file
+#   Enable MIME-type determination based on file contents using the specified magic file.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_mime_magic.html for additional documentation.
+#
+class apache::mod::mime_magic (
+  $magic_file = undef,
+) {
+  include apache
+  $_magic_file = pick($magic_file, "${apache::conf_dir}/magic")
+  apache::mod { 'mime_magic': }
+  # Template uses $magic_file
+  file { 'mime_magic.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/mime_magic.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/mime_magic.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/negotiation.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/negotiation.pp
new file mode 100644
index 000000000..bc018001a
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/negotiation.pp
@@ -0,0 +1,32 @@
+# @summary
+#   Installs and configures `mod_negotiation`.
+# 
+# @param force_language_priority
+#   Action to take if a single acceptable document is not found.
+#
+# @param language_priority
+#   The precedence of language variants for cases where the client does not express a preference.
+# 
+# @see [https://httpd.apache.org/docs/current/mod/mod_negotiation.html for additional documentation.
+#
+class apache::mod::negotiation (
+  Variant[Array[String], String] $force_language_priority = 'Prefer Fallback',
+  Variant[Array[String], String] $language_priority = ['en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et',
+    'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn',
+    'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN',
+  'zh-TW'],
+) {
+  include apache
+
+  ::apache::mod { 'negotiation': }
+  # Template uses no variables
+  file { 'negotiation.conf':
+    ensure  => file,
+    mode    => $apache::file_mode,
+    path    => "${apache::mod_dir}/negotiation.conf",
+    content => template('apache/mod/negotiation.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/nss.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/nss.pp
new file mode 100644
index 000000000..4c986ff81
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/nss.pp
@@ -0,0 +1,45 @@
+# @summary
+#   Installs and configures `mod_nss`.
+# 
+# @param transfer_log
+#   Path to `access.log`.
+#
+# @param error_Log
+#   Path to `error.log`
+#
+# @param passwd_file
+#   Path to file containing token passwords used for NSSPassPhraseDialog.
+#
+# @param port
+#   Sets the SSL port that should be used by mod_nss.
+# 
+# @see https://pagure.io/mod_nss for additional documentation.
+#
+class apache::mod::nss (
+  $transfer_log = "${apache::params::logroot}/access.log",
+  $error_log    = "${apache::params::logroot}/error.log",
+  $passwd_file  = undef,
+  $port     = 8443,
+) {
+  include apache
+  include apache::mod::mime
+
+  apache::mod { 'nss': }
+
+  $httpd_dir = $apache::httpd_dir
+
+  # Template uses:
+  # $transfer_log
+  # $error_log
+  # $http_dir
+  # passwd_file
+  file { 'nss.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/nss.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/nss.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/pagespeed.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/pagespeed.pp
new file mode 100644
index 000000000..54181545a
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/pagespeed.pp
@@ -0,0 +1,75 @@
+# @summary
+#   Installs and configures `mod_pagespeed`.
+# 
+# @todo
+#   Add docs
+#
+# @note
+#   Verify that your system is compatible with the latest Google Pagespeed requirements.
+#
+# Although this apache module requires the mod-pagespeed-stable package, Puppet does not manage the software repositories required to
+# automatically install the package. If you declare this class when the package is either not installed or not available to your 
+# package manager, your Puppet run will fail.
+# 
+# @see https://developers.google.com/speed/pagespeed/module/ for additional documentation.
+#
+class apache::mod::pagespeed (
+  $inherit_vhost_config          = 'on',
+  $filter_xhtml                  = false,
+  $cache_path                    = '/var/cache/mod_pagespeed/',
+  $log_dir                       = '/var/log/pagespeed',
+  $memcache_servers              = [],
+  $rewrite_level                 = 'CoreFilters',
+  $disable_filters               = [],
+  $enable_filters                = [],
+  $forbid_filters                = [],
+  $rewrite_deadline_per_flush_ms = 10,
+  $additional_domains            = undef,
+  $file_cache_size_kb            = 102400,
+  $file_cache_clean_interval_ms  = 3600000,
+  $lru_cache_per_process         = 1024,
+  $lru_cache_byte_limit          = 16384,
+  $css_flatten_max_bytes         = 2048,
+  $css_inline_max_bytes          = 2048,
+  $css_image_inline_max_bytes    = 2048,
+  $image_inline_max_bytes        = 2048,
+  $js_inline_max_bytes           = 2048,
+  $css_outline_min_bytes         = 3000,
+  $js_outline_min_bytes          = 3000,
+  $inode_limit                   = 500000,
+  $image_max_rewrites_at_once    = 8,
+  $num_rewrite_threads           = 4,
+  $num_expensive_rewrite_threads = 4,
+  $collect_statistics            = 'on',
+  $statistics_logging            = 'on',
+  $allow_view_stats              = [],
+  $allow_pagespeed_console       = [],
+  $allow_pagespeed_message       = [],
+  $message_buffer_size           = 100000,
+  $additional_configuration      = {},
+  $apache_version                = undef,
+  $package_ensure                = undef,
+) {
+  include apache
+  $_apache_version = pick($apache_version, $apache::apache_version)
+  $_lib = $_apache_version ? {
+    '2.4'   => 'mod_pagespeed_ap24.so',
+    default => undef
+  }
+
+  apache::mod { 'pagespeed':
+    lib            => $_lib,
+    package_ensure => $package_ensure,
+  }
+
+  # Template uses $_apache_version
+  file { 'pagespeed.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/pagespeed.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/pagespeed.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/passenger.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/passenger.pp
new file mode 100644
index 000000000..9019c33e4
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/passenger.pp
@@ -0,0 +1,965 @@
+# @summary
+#   Installs `mod_pasenger`.
+#
+# @param manage_repo
+#   Toggle whether to manage yum repo if on a RedHat node.
+#
+# @param mod_id
+#   Specifies the package id.
+#
+# @param mod_lib
+#   Defines the module's shared object name. Do not configure manually without special reason.
+#
+# @param mod_lib_path
+#   Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter overrides
+#   this value.
+#
+# @param mod_package
+#   Name of the module package to install.
+#
+# @param mod_package_ensure
+#   Determines whether Puppet ensures the module should be installed.
+#
+# @param mod_path
+#   Specifies a path to the module. Do not manually set this parameter without a special reason.
+#
+# @param passenger_allow_encoded_slashes
+#   Toggle whether URLs with encoded slashes (%2f) can be used (by default Apache does not support this).
+#
+# @param passenger_app_env
+#   This option sets, for the current application, the value of the following environment variables:
+#   - RAILS_ENV
+#   - RACK_ENV
+#   - WSGI_ENV
+#   - NODE_ENV
+#   - PASSENGER_APP_ENV
+#
+# @param passenger_app_group_name
+#   Sets the name of the application group that the current application should belong to.
+#
+# @param passenger_app_root
+#   Path to the application root which allows access independent from the DocumentRoot.
+#
+# @param passenger_app_type
+#   Specifies the type of the application. If you set this option, then you must also set PassengerAppRoot, otherwise Passenger will
+#   not properly recognize your application.
+#
+# @param passenger_base_uri
+#   Used to specify that the given URI is an distinct application that should be served by Passenger.
+#
+# @param passenger_buffer_response
+#   Toggle whether application-generated responses are buffered by Apache. Buffering will happen in memory.
+#
+# @param passenger_buffer_upload
+#   Toggle whether HTTP client request bodies are buffered before they are sent to the application. 
+#
+# @param passenger_concurrency_model
+#   Specifies the I/O concurrency model that should be used for Ruby application processes.
+#
+# @param passenger_conf_file
+#   
+#
+# @param passenger_conf_package_file
+#   
+#
+# @param passenger_data_buffer_dir
+#   Specifies the directory in which to store data buffers.
+#
+# @param passenger_debug_log_file
+#   
+#
+# @param passenger_debugger
+#   Turns support for Ruby application debugging on or off. 
+#
+# @param passenger_default_group
+#   Allows you to specify the group that applications must run as, if user switching fails or is disabled.
+#
+# @param passenger_default_ruby
+#   File path to desired ruby interpreter to use by default.
+#
+# @param passenger_default_user
+#   Allows you to specify the user that applications must run as, if user switching fails or is disabled.
+#
+# @param passenger_disable_security_update_check
+#   Allows disabling the Passenger security update check, a daily check with https://securitycheck.phusionpassenger.com for important
+#   security updates that might be available.
+#
+# @param passenger_enabled
+#   Toggles whether Passenger should be enabled for that particular context.
+#
+# @param passenger_error_override
+#   Toggles whether Apache will intercept and handle responses with HTTP status codes of 400 and higher. 
+#
+# @param passenger_file_descriptor_log_file
+#   Log file descriptor debug tracing messages to the given file.
+#
+# @param passenger_fly_with
+#   Enables the Flying Passenger mode, and configures Apache to connect to the Flying Passenger daemon that's listening on the 
+#   given socket filename.
+#
+# @param passenger_force_max_concurrent_requests_per_process
+#   Use this option to tell Passenger how many concurrent requests the application can handle per process. 
+#
+# @param passenger_friendly_error_pages
+#   Toggles whether Passenger should display friendly error pages whenever an application fails to start.
+#
+# @param passenger_group
+#   Allows you to override that behavior and explicitly set a group to run the web application as, regardless of the ownership of the 
+#   startup file.
+#
+# @param passenger_high_performance
+#   Toggles whether to enable PassengerHighPerformance which will make Passenger will be a little faster, in return for reduced
+#   compatibility with other Apache modules.
+#
+# @param passenger_installed_version
+#   
+#
+# @param passenger_instance_registry_dir
+#   Specifies the directory that Passenger should use for registering its current instance.
+#
+# @param passenger_load_shell_envvars
+#   Enables or disables the loading of shell environment variables before spawning the application.
+#
+# @param passenger_log_file
+#   File path to log file. By default Passenger log messages are written to the Apache global error log.
+#
+# @param passenger_log_level
+#   Specifies how much information Passenger should log to its log file. A higher log level value means that more 
+#   information will be logged.
+#
+# @param passenger_lve_min_uid
+#   When using Passenger on a LVE-enabled kernel, a security check (enter) is run for spawning application processes. This options
+#   tells the check to only allow processes with UIDs equal to, or higher than, the specified value.
+#
+# @param passenger_max_instances
+#   The maximum number of application processes that may simultaneously exist for an application. 
+#
+# @param passenger_max_instances_per_app
+#   The maximum number of application processes that may simultaneously exist for a single application. 
+#
+# @param passenger_max_pool_size
+#   The maximum number of application processes that may simultaneously exist.
+#
+# @param passenger_max_preloader_idle_time
+#   Set the preloader's idle timeout, in seconds. A value of 0 means that it should never idle timeout.
+#
+# @param passenger_max_request_queue_size
+#   Specifies the maximum size for the queue of all incoming requests.
+#
+# @param passenger_max_request_time
+#   The maximum amount of time, in seconds, that an application process may take to process a request.
+#
+# @param passenger_max_requests
+#   The maximum number of requests an application process will process. 
+#
+# @param passenger_memory_limit
+#   The maximum amount of memory that an application process may use, in megabytes.
+#
+# @param passenger_meteor_app_settings
+#   When using a Meteor application in non-bundled mode, use this option to specify a JSON file with settings for the application.
+#
+# @param passenger_min_instances
+#   Specifies the minimum number of application processes that should exist for a given application. 
+#
+# @param passenger_nodejs
+#   Specifies the Node.js command to use for serving Node.js web applications.
+#
+# @param passenger_pool_idle_time
+#   The maximum number of seconds that an application process may be idle.
+#
+# @param passenger_pre_start
+#   URL of the web application you want to pre-start.
+#
+# @param passenger_python
+#   Specifies the Python interpreter to use for serving Python web applications.
+#
+# @param passenger_resist_deployment_errors
+#   Enables or disables resistance against deployment errors.
+#
+# @param passenger_resolve_symlinks_in_document_root
+#   This option is no longer available in version 5.2.0. Switch to PassengerAppRoot if you are setting the application root via a
+#   document root containing symlinks.
+#
+# @param passenger_response_buffer_high_watermark
+#   Configures the maximum size of the real-time disk-backed response buffering system.
+#
+# @param passenger_restart_dir
+#   Path to directory containing restart.txt file. Can be either absolute or relative.
+#
+# @param passenger_rolling_restarts
+#   Enables or disables support for zero-downtime application restarts through restart.txt.
+#
+# @param passenger_root
+#   Refers to the location to the Passenger root directory, or to a location configuration file. 
+#
+# @param passenger_ruby
+#   Specifies the Ruby interpreter to use for serving Ruby web applications. 
+#
+# @param passenger_security_update_check_proxy
+#   Allows use of an intermediate proxy for the Passenger security update check.
+#
+# @param passenger_show_version_in_header
+#   Toggle whether Passenger will output its version number in the X-Powered-By header in all Passenger-served requests:
+#
+# @param passenger_socket_backlog
+#   This option can be raised if Apache manages to overflow the backlog queue.
+#
+# @param passenger_spawn_method
+#   Controls whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.
+#
+# @param passenger_start_timeout
+#   Specifies a timeout for the startup of application processes.
+#
+# @param passenger_startup_file
+#   Specifies the startup file that Passenger should use when loading the application. 
+#
+# @param passenger_stat_throttle_rate
+#   Setting this option to a value of x means that certain filesystem checks will be performed at most once every x seconds.
+#
+# @param passenger_sticky_sessions
+#   Toggles whether all requests that a client sends will be routed to the same originating application process, whenever possible. 
+#
+# @param passenger_sticky_sessions_cookie_name
+#   Sets the name of the sticky sessions cookie.
+#
+# @param passenger_thread_count
+#   Specifies the number of threads that Passenger should spawn per Ruby application process.
+#
+# @param passenger_use_global_queue
+#   N/A.
+#
+# @param passenger_user
+#   Allows you to override that behavior and explicitly set a user to run the web application as, regardless of the ownership of the
+#   startup file.
+#
+# @param passenger_user_switching
+#   Toggles whether to attempt to enable user account sandboxing, also known as user switching.
+#
+# @param rack_auto_detect
+#   This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+#
+# @param rack_autodetect
+#   This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+#
+# @param rack_base_uri
+#   Deprecated in 3.0.0 in favor of PassengerBaseURI.
+#
+# @param rack_env
+#   Alias for PassengerAppEnv.
+#
+# @param rails_allow_mod_rewrite
+#   This option doesn't do anything anymore since version 4.0.0.
+#
+# @param rails_app_spawner_idle_time
+#   This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.
+#
+# @param rails_auto_detect
+#   This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+#
+# @param rails_autodetect
+#   This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+#
+# @param rails_base_uri
+#   Deprecated in 3.0.0 in favor of PassengerBaseURI.
+#
+# @param rails_default_user
+#   Deprecated in 3.0.0 in favor of PassengerDefaultUser
+#
+# @param rails_env
+#   Alias for PassengerAppEnv.
+#
+# @param rails_framework_spawner_idle_time
+#   This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed 
+#   altogether. You should use smart spawning instead.
+#
+# @param rails_ruby
+#   Deprecated in 3.0.0 in favor of PassengerRuby.
+#
+# @param rails_spawn_method
+#   Deprecated in 3.0.0 in favor of PassengerSpawnMethod.
+#
+# @param rails_user_switching
+#   Deprecated in 3.0.0 in favor of PassengerUserSwitching.
+#
+# @param wsgi_auto_detect
+#   This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+#
+# @note 
+#   In Passenger source code you can strip out what are all the available options by looking in
+#     - src/apache2_module/Configuration.cpp
+#     - src/apache2_module/ConfigurationCommands.cpp
+#   There are also several undocumented settings.
+#
+# @note
+#   For Red Hat based systems, ensure that you meet the minimum requirements described in the passenger docs.
+#
+# The current set of server configurations settings were taken directly from the Passenger Reference. To enable deprecation warnings 
+# and removal failure messages, set the passenger_installed_version to the version number installed on the server.
+#
+# Change Log:
+#   - As of 08/13/2017 there are 84 available/deprecated/removed settings.
+#   - Around 08/20/2017 UnionStation was discontinued options were removed.
+#   - As of 08/20/2017 there are 77 available/deprecated/removed settings.
+#
+# @see https://www.phusionpassenger.com/docs/references/config_reference/apache/ for additional documentation.
+#
+class apache::mod::passenger (
+  $manage_repo                                                                               = true,
+  $mod_id                                                                                    = undef,
+  $mod_lib                                                                                   = undef,
+  $mod_lib_path                                                                              = undef,
+  $mod_package                                                                               = undef,
+  $mod_package_ensure                                                                        = undef,
+  $mod_path                                                                                  = undef,
+  $passenger_allow_encoded_slashes                                                           = undef,
+  Optional[String] $passenger_anonymous_telemetry_proxy                                      = undef,
+  $passenger_app_env                                                                         = undef,
+  $passenger_app_group_name                                                                  = undef,
+  $passenger_app_root                                                                        = undef,
+  $passenger_app_type                                                                        = undef,
+  $passenger_base_uri                                                                        = undef,
+  $passenger_buffer_response                                                                 = undef,
+  $passenger_buffer_upload                                                                   = undef,
+  $passenger_concurrency_model                                                               = undef,
+  $passenger_conf_file                                                                       = $apache::params::passenger_conf_file,
+  $passenger_conf_package_file                                                               = $apache::params::passenger_conf_package_file,
+  $passenger_data_buffer_dir                                                                 = undef,
+  $passenger_debug_log_file                                                                  = undef,
+  $passenger_debugger                                                                        = undef,
+  $passenger_default_group                                                                   = undef,
+  $passenger_default_ruby                                                                    = $apache::params::passenger_default_ruby,
+  $passenger_default_user                                                                    = undef,
+  Optional[Boolean] $passenger_disable_anonymous_telemetry                                   = undef,
+  Optional[Boolean] $passenger_disable_log_prefix                                           = undef,
+  $passenger_disable_security_update_check                                                   = undef,
+  $passenger_enabled                                                                         = undef,
+  $passenger_error_override                                                                  = undef,
+  $passenger_file_descriptor_log_file                                                        = undef,
+  $passenger_fly_with                                                                        = undef,
+  $passenger_force_max_concurrent_requests_per_process                                       = undef,
+  $passenger_friendly_error_pages                                                            = undef,
+  $passenger_group                                                                           = undef,
+  $passenger_high_performance                                                                = undef,
+  $passenger_installed_version                                                               = undef,
+  $passenger_instance_registry_dir                                                           = undef,
+  $passenger_load_shell_envvars                                                              = undef,
+  Optional[Stdlib::Absolutepath] $passenger_log_file                                         = undef,
+  $passenger_log_level                                                                       = undef,
+  $passenger_lve_min_uid                                                                     = undef,
+  $passenger_max_instances                                                                   = undef,
+  $passenger_max_instances_per_app                                                           = undef,
+  $passenger_max_pool_size                                                                   = undef,
+  $passenger_max_preloader_idle_time                                                         = undef,
+  $passenger_max_request_queue_size                                                          = undef,
+  $passenger_max_request_time                                                                = undef,
+  $passenger_max_requests                                                                    = undef,
+  $passenger_memory_limit                                                                    = undef,
+  $passenger_meteor_app_settings                                                             = undef,
+  $passenger_min_instances                                                                   = undef,
+  $passenger_nodejs                                                                          = undef,
+  $passenger_pool_idle_time                                                                  = undef,
+  Optional[Variant[String,Array[String]]] $passenger_pre_start                               = undef,
+  $passenger_python                                                                          = undef,
+  $passenger_resist_deployment_errors                                                        = undef,
+  $passenger_resolve_symlinks_in_document_root                                               = undef,
+  $passenger_response_buffer_high_watermark                                                  = undef,
+  $passenger_restart_dir                                                                     = undef,
+  $passenger_rolling_restarts                                                                = undef,
+  $passenger_root                                                                            = $apache::params::passenger_root,
+  $passenger_ruby                                                                            = $apache::params::passenger_ruby,
+  $passenger_security_update_check_proxy                                                     = undef,
+  $passenger_show_version_in_header                                                          = undef,
+  $passenger_socket_backlog                                                                  = undef,
+  Optional[String] $passenger_spawn_dir                                                      = undef,
+  Optional[Enum['smart', 'direct', 'smart-lv2', 'conservative']] $passenger_spawn_method     = undef,
+  $passenger_start_timeout                                                                   = undef,
+  $passenger_startup_file                                                                    = undef,
+  $passenger_stat_throttle_rate                                                              = undef,
+  $passenger_sticky_sessions                                                                 = undef,
+  $passenger_sticky_sessions_cookie_name                                                     = undef,
+  Optional[String] $passenger_sticky_sessions_cookie_attributes                              = undef,
+  $passenger_thread_count                                                                    = undef,
+  $passenger_use_global_queue                                                                = undef,
+  $passenger_user                                                                            = undef,
+  $passenger_user_switching                                                                  = undef,
+  $rack_auto_detect                                                                          = undef,
+  $rack_autodetect                                                                           = undef,
+  $rack_base_uri                                                                             = undef,
+  $rack_env                                                                                  = undef,
+  $rails_allow_mod_rewrite                                                                   = undef,
+  $rails_app_spawner_idle_time                                                               = undef,
+  $rails_auto_detect                                                                         = undef,
+  $rails_autodetect                                                                          = undef,
+  $rails_base_uri                                                                            = undef,
+  $rails_default_user                                                                        = undef,
+  $rails_env                                                                                 = undef,
+  $rails_framework_spawner_idle_time                                                         = undef,
+  $rails_ruby                                                                                = undef,
+  $rails_spawn_method                                                                        = undef,
+  $rails_user_switching                                                                      = undef,
+  $wsgi_auto_detect                                                                          = undef,
+) inherits ::apache::params {
+  include apache
+  if $passenger_installed_version {
+    if $passenger_allow_encoded_slashes {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_allow_encoded_slashes is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_anonymous_telemetry_proxy {
+      if (versioncmp($passenger_installed_version, '6.0.0') < 0) {
+        fail("Passenger config option :: passenger_anonymous_telemetry_proxy is not introduced until version 6.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_app_env {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_app_env is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_app_group_name {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_app_group_name is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_app_root {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_app_root is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_app_type {
+      if (versioncmp($passenger_installed_version, '4.0.25') < 0) {
+        fail("Passenger config option :: passenger_app_type is not introduced until version 4.0.25 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_base_uri {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_base_uri is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_buffer_response {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_buffer_response is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_buffer_upload {
+      if (versioncmp($passenger_installed_version, '4.0.26') < 0) {
+        fail("Passenger config option :: passenger_buffer_upload is not introduced until version 4.0.26 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_concurrency_model {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_concurrency_model is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_data_buffer_dir {
+      if (versioncmp($passenger_installed_version, '5.0.0') < 0) {
+        fail("Passenger config option :: passenger_data_buffer_dir is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_debug_log_file {
+      if (versioncmp($passenger_installed_version, '5.0.5') > 0) {
+        warning('DEPRECATED PASSENGER OPTION :: passenger_debug_log_file :: This option has been renamed in version 5.0.5 to PassengerLogFile.')
+      }
+    }
+    if $passenger_debugger {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_debugger is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_default_group {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_default_group is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_default_ruby {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_default_ruby is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_default_user {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_default_user is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_disable_anonymous_telemetry {
+      if (versioncmp($passenger_installed_version, '6.0.0') < 0) {
+        fail("Passenger config option :: passenger_disable_anonymous_telemetry is not introduced until version 6.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_disable_log_prefix {
+      if (versioncmp($passenger_installed_version, '6.0.2') < 0) {
+        fail("Passenger config option :: passenger_disable_log_prefix is not introduced until version 6.0.2 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_disable_security_update_check {
+      if (versioncmp($passenger_installed_version, '5.1.0') < 0) {
+        fail("Passenger config option :: passenger_disable_security_update_check is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_enabled {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_enabled is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_error_override {
+      if (versioncmp($passenger_installed_version, '4.0.24') < 0) {
+        fail("Passenger config option :: passenger_error_override is not introduced until version 4.0.24 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_file_descriptor_log_file {
+      if (versioncmp($passenger_installed_version, '5.0.5') < 0) {
+        fail("Passenger config option :: passenger_file_descriptor_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_fly_with {
+      if (versioncmp($passenger_installed_version, '4.0.45') < 0) {
+        fail("Passenger config option :: passenger_fly_with is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_force_max_concurrent_requests_per_process {
+      if (versioncmp($passenger_installed_version, '5.0.22') < 0) {
+        fail("Passenger config option :: passenger_force_max_concurrent_requests_per_process is not introduced until version 5.0.22 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_friendly_error_pages {
+      if (versioncmp($passenger_installed_version, '4.0.42') < 0) {
+        fail("Passenger config option :: passenger_friendly_error_pages is not introduced until version 4.0.42 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_group {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_group is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_high_performance {
+      if (versioncmp($passenger_installed_version, '2.0.0') < 0) {
+        fail("Passenger config option :: passenger_high_performance is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_instance_registry_dir {
+      if (versioncmp($passenger_installed_version, '5.0.0') < 0) {
+        fail("Passenger config option :: passenger_instance_registry_dir is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_load_shell_envvars {
+      if (versioncmp($passenger_installed_version, '4.0.20') < 0) {
+        fail("Passenger config option :: passenger_load_shell_envvars is not introduced until version 4.0.20 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_log_file {
+      if (versioncmp($passenger_installed_version, '5.0.5') < 0) {
+        fail("Passenger config option :: passenger_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_log_level {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_log_level is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_lve_min_uid {
+      if (versioncmp($passenger_installed_version, '5.0.28') < 0) {
+        fail("Passenger config option :: passenger_lve_min_uid is not introduced until version 5.0.28 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_max_instances {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_max_instances is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_max_instances_per_app {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_max_instances_per_app is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_max_pool_size {
+      if (versioncmp($passenger_installed_version, '1.0.0') < 0) {
+        fail("Passenger config option :: passenger_max_pool_size is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_max_preloader_idle_time {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_max_preloader_idle_time is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_max_request_queue_size {
+      if (versioncmp($passenger_installed_version, '4.0.15') < 0) {
+        fail("Passenger config option :: passenger_max_request_queue_size is not introduced until version 4.0.15 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_max_request_time {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_max_request_time is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_max_requests {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_max_requests is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_memory_limit {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_memory_limit is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_meteor_app_settings {
+      if (versioncmp($passenger_installed_version, '5.0.7') < 0) {
+        fail("Passenger config option :: passenger_meteor_app_settings is not introduced until version 5.0.7 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_min_instances {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_min_instances is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_nodejs {
+      if (versioncmp($passenger_installed_version, '4.0.24') < 0) {
+        fail("Passenger config option :: passenger_nodejs is not introduced until version 4.0.24 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_pool_idle_time {
+      if (versioncmp($passenger_installed_version, '1.0.0') < 0) {
+        fail("Passenger config option :: passenger_pool_idle_time is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_pre_start {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_pre_start is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_python {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_python is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_resist_deployment_errors {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_resist_deployment_errors is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_resolve_symlinks_in_document_root {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_resolve_symlinks_in_document_root is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_response_buffer_high_watermark {
+      if (versioncmp($passenger_installed_version, '5.0.0') < 0) {
+        fail("Passenger config option :: passenger_response_buffer_high_watermark is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_restart_dir {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_restart_dir is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_rolling_restarts {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_rolling_restarts is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_root {
+      if (versioncmp($passenger_installed_version, '1.0.0') < 0) {
+        fail("Passenger config option :: passenger_root is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_ruby {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_ruby is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_security_update_check_proxy {
+      if (versioncmp($passenger_installed_version, '5.1.0') < 0) {
+        fail("Passenger config option :: passenger_security_update_check_proxy is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_show_version_in_header {
+      if (versioncmp($passenger_installed_version, '5.1.0') < 0) {
+        fail("Passenger config option :: passenger_show_version_in_header is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_socket_backlog {
+      if (versioncmp($passenger_installed_version, '5.0.24') < 0) {
+        fail("Passenger config option :: passenger_socket_backlog is not introduced until version 5.0.24 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_spawn_dir {
+      if (versioncmp($passenger_installed_version, '6.0.3') < 0) {
+        fail("Passenger config option :: passenger_spawn_dir is not introduced until version 6.0.3 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_spawn_method {
+      if (versioncmp($passenger_installed_version, '2.0.0') < 0) {
+        fail("Passenger config option :: passenger_spawn_method is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_start_timeout {
+      if (versioncmp($passenger_installed_version, '4.0.15') < 0) {
+        fail("Passenger config option :: passenger_start_timeout is not introduced until version 4.0.15 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_startup_file {
+      if (versioncmp($passenger_installed_version, '4.0.25') < 0) {
+        fail("Passenger config option :: passenger_startup_file is not introduced until version 4.0.25 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_stat_throttle_rate {
+      if (versioncmp($passenger_installed_version, '2.2.0') < 0) {
+        fail("Passenger config option :: passenger_stat_throttle_rate is not introduced until version 2.2.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_sticky_sessions {
+      if (versioncmp($passenger_installed_version, '4.0.45') < 0) {
+        fail("Passenger config option :: passenger_sticky_sessions is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_sticky_sessions_cookie_name {
+      if (versioncmp($passenger_installed_version, '4.0.45') < 0) {
+        fail("Passenger config option :: passenger_sticky_sessions_cookie_name is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_sticky_sessions_cookie_attributes {
+      if (versioncmp($passenger_installed_version, '6.0.5') < 0) {
+        fail("Passenger config option :: passenger_sticky_sessions_cookie_attributes is not introduced until version 6.0.5 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_thread_count {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_thread_count is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_use_global_queue {
+      if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
+        fail('REMOVED PASSENGER OPTION :: passenger_use_global_queue :: -- no message on the current passenger reference webpage -- ')
+      }
+      if (versioncmp($passenger_installed_version, '2.0.4') < 0) {
+        fail("Passenger config option :: passenger_use_global_queue is not introduced until version 2.0.4 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_user {
+      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
+        fail("Passenger config option :: passenger_user is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $passenger_user_switching {
+      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
+        fail("Passenger config option :: passenger_user_switching is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if ($rack_auto_detect or $rack_autodetect) {
+      if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
+        fail('REMOVED PASSENGER OPTION :: rack_auto_detect ::  These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.')
+      }
+    }
+    if $rack_base_uri {
+      if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
+        warning('DEPRECATED PASSENGER OPTION :: rack_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.')
+      }
+    }
+    if $rack_env {
+      if (versioncmp($passenger_installed_version, '2.0.0') < 0) {
+        fail("Passenger config option :: rack_env is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $rails_allow_mod_rewrite {
+      if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
+        warning("DEPRECATED PASSENGER OPTION :: rails_allow_mod_rewrite :: This option doesn't do anything anymore in since version 4.0.0.")
+      }
+    }
+    if $rails_app_spawner_idle_time {
+      if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
+        fail('REMOVED PASSENGER OPTION :: rails_app_spawner_idle_time ::  This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.')
+      }
+    }
+    if ($rails_auto_detect or $rails_autodetect) {
+      if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
+        fail('REMOVED PASSENGER OPTION :: rails_auto_detect ::  These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.')
+      }
+    }
+    if $rails_base_uri {
+      if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
+        warning('DEPRECATED PASSENGER OPTION :: rails_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.')
+      }
+    }
+    if $rails_default_user {
+      if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
+        warning('DEPRECATED PASSENGER OPTION :: rails_default_user :: Deprecated in 3.0.0 in favor of PassengerDefaultUser.')
+      }
+    }
+    if $rails_env {
+      if (versioncmp($passenger_installed_version, '2.0.0') < 0) {
+        fail("Passenger config option :: rails_env is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported")
+      }
+    }
+    if $rails_framework_spawner_idle_time {
+      if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
+        fail('REMOVED PASSENGER OPTION :: rails_framework_spawner_idle_time ::  This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead.')
+      }
+    }
+    if $rails_ruby {
+      if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
+        warning('DEPRECATED PASSENGER OPTION :: rails_ruby :: Deprecated in 3.0.0 in favor of PassengerRuby.')
+      }
+    }
+    if $rails_spawn_method {
+      if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
+        warning('DEPRECATED PASSENGER OPTION :: rails_spawn_method :: Deprecated in 3.0.0 in favor of PassengerSpawnMethod.')
+      }
+    }
+    if $rails_user_switching {
+      if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
+        warning('DEPRECATED PASSENGER OPTION :: rails_user_switching :: Deprecated in 3.0.0 in favor of PassengerUserSwitching.')
+      }
+    }
+    if $wsgi_auto_detect {
+      if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
+        fail('REMOVED PASSENGER OPTION :: wsgi_auto_detect ::  These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.')
+      }
+    }
+  }
+  # Managed by the package, but declare it to avoid purging
+  if $passenger_conf_package_file {
+    file { 'passenger_package.conf':
+      path => "${apache::confd_dir}/${passenger_conf_package_file}",
+    }
+  }
+
+  $_package = $mod_package
+  $_package_ensure = $mod_package_ensure
+  $_lib = $mod_lib
+  if $::osfamily == 'FreeBSD' {
+    if $mod_lib_path {
+      $_lib_path = $mod_lib_path
+    } else {
+      $_lib_path = "${passenger_root}/buildout/apache2"
+    }
+  } else {
+    $_lib_path = $mod_lib_path
+  }
+
+  if $::osfamily == 'RedHat' and $manage_repo {
+    if $::operatingsystem == 'Amazon' {
+      if $::operatingsystemmajrelease == '2' {
+        $baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/7/$basearch'
+      } else {
+        $baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/6/$basearch'
+      }
+    } else {
+      $baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch'
+    }
+
+    yumrepo { 'passenger':
+      ensure        => 'present',
+      baseurl       => $baseurl,
+      descr         => 'passenger',
+      enabled       => '1',
+      gpgcheck      => '0',
+      gpgkey        => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt',
+      repo_gpgcheck => '1',
+      sslcacert     => '/etc/pki/tls/certs/ca-bundle.crt',
+      sslverify     => '1',
+      before        => Apache::Mod['passenger'],
+    }
+  }
+
+  unless ($::operatingsystem == 'SLES') {
+    $_id = $mod_id
+    $_path = $mod_path
+    ::apache::mod { 'passenger':
+      package        => $_package,
+      package_ensure => $_package_ensure,
+      lib            => $_lib,
+      lib_path       => $_lib_path,
+      id             => $_id,
+      path           => $_path,
+      loadfile_name  => 'zpassenger.load',
+    }
+  }
+
+  # Template uses:
+  # - $passenger_allow_encoded_slashes : since 4.0.0.
+  # - $passenger_app_env : since 4.0.0.
+  # - $passenger_app_group_name : since 4.0.0.
+  # - $passenger_app_root : since 4.0.0.
+  # - $passenger_app_type : since 4.0.25.
+  # - $passenger_base_uri : since 4.0.0.
+  # - $passenger_buffer_response : since 4.0.0.
+  # - $passenger_buffer_upload : since 4.0.26.
+  # - $passenger_concurrency_model : since 4.0.0.
+  # - $passenger_data_buffer_dir : since 5.0.0.
+  # - $passenger_debug_log_file : since unkown. Deprecated in 5.0.5.
+  # - $passenger_debugger : since 3.0.0.
+  # - $passenger_default_group : since 3.0.0.
+  # - $passenger_default_ruby : since 4.0.0.
+  # - $passenger_default_user : since 3.0.0.
+  # - $passenger_disable_security_update_check : since 5.1.0.
+  # - $passenger_enabled : since 4.0.0.
+  # - $passenger_error_override : since 4.0.24.
+  # - $passenger_file_descriptor_log_file : since 5.0.5.
+  # - $passenger_fly_with : since 4.0.45.
+  # - $passenger_force_max_concurrent_requests_per_process : since 5.0.22.
+  # - $passenger_friendly_error_pages : since 4.0.42.
+  # - $passenger_group : since 4.0.0.
+  # - $passenger_high_performance : since 2.0.0.
+  # - $passenger_instance_registry_dir : since 5.0.0.
+  # - $passenger_load_shell_envvars : since 4.0.20.
+  # - $passenger_log_file : since 5.0.5.
+  # - $passenger_log_level : since 3.0.0.
+  # - $passenger_lve_min_uid : since 5.0.28.
+  # - $passenger_max_instances : since 3.0.0.
+  # - $passenger_max_instances_per_app : since 3.0.0.
+  # - $passenger_max_pool_size : since 1.0.0.
+  # - $passenger_max_preloader_idle_time : since 4.0.0.
+  # - $passenger_max_request_queue_size : since 4.0.15.
+  # - $passenger_max_request_time : since 3.0.0.
+  # - $passenger_max_requests : since 3.0.0.
+  # - $passenger_memory_limit : since 3.0.0.
+  # - $passenger_meteor_app_settings : since 5.0.7.
+  # - $passenger_min_instances : since 3.0.0.
+  # - $passenger_nodejs : since 4.0.24.
+  # - $passenger_pool_idle_time : since 1.0.0.
+  # - $passenger_pre_start : since 3.0.0.
+  # - $passenger_python : since 4.0.0.
+  # - $passenger_resist_deployment_errors : since 3.0.0.
+  # - $passenger_resolve_symlinks_in_document_root : since 3.0.0.
+  # - $passenger_response_buffer_high_watermark : since 5.0.0.
+  # - $passenger_restart_dir : since 3.0.0.
+  # - $passenger_rolling_restarts : since 3.0.0.
+  # - $passenger_root : since 1.0.0.
+  # - $passenger_ruby : since 4.0.0.
+  # - $passenger_security_update_check_proxy : since 5.1.0.
+  # - $passenger_show_version_in_header : since 5.1.0.
+  # - $passenger_socket_backlog : since 5.0.24.
+  # - $passenger_spawn_method : since 2.0.0.
+  # - $passenger_start_timeout : since 4.0.15.
+  # - $passenger_startup_file : since 4.0.25.
+  # - $passenger_stat_throttle_rate : since 2.2.0.
+  # - $passenger_sticky_sessions : since 4.0.45.
+  # - $passenger_sticky_sessions_cookie_name : since 4.0.45.
+  # - $passenger_thread_count : since 4.0.0.
+  # - $passenger_use_global_queue : since 2.0.4.Deprecated in 4.0.0.
+  # - $passenger_user : since 4.0.0.
+  # - $passenger_user_switching : since 3.0.0.
+  # - $rack_auto_detect : since unkown. Deprecated in 4.0.0.
+  # - $rack_base_uri : since unkown. Deprecated in 3.0.0.
+  # - $rack_env : since 2.0.0.
+  # - $rails_allow_mod_rewrite : since unkown. Deprecated in 4.0.0.
+  # - $rails_app_spawner_idle_time : since unkown. Deprecated in 4.0.0.
+  # - $rails_auto_detect : since unkown. Deprecated in 4.0.0.
+  # - $rails_base_uri : since unkown. Deprecated in 3.0.0.
+  # - $rails_default_user : since unkown. Deprecated in 3.0.0.
+  # - $rails_env : since 2.0.0.
+  # - $rails_framework_spawner_idle_time : since unkown. Deprecated in 4.0.0.
+  # - $rails_ruby : since unkown. Deprecated in 3.0.0.
+  # - $rails_spawn_method : since unkown. Deprecated in 3.0.0.
+  # - $rails_user_switching : since unkown. Deprecated in 3.0.0.
+  # - $wsgi_auto_detect : since unkown. Deprecated in 4.0.0.
+  # - $rails_autodetect : this options is only for backward compatiblity with older versions of this class
+  # - $rack_autodetect : this options is only for backward compatiblity with older versions of this class
+  file { 'passenger.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/${passenger_conf_file}",
+    content => template('apache/mod/passenger.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/perl.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/perl.pp
new file mode 100644
index 000000000..f883305ea
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/perl.pp
@@ -0,0 +1,9 @@
+# @summary
+#   Installs `mod_perl`.
+# 
+# @see https://perl.apache.org for additional documentation.
+#
+class apache::mod::perl {
+  include apache
+  ::apache::mod { 'perl': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/peruser.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/peruser.pp
new file mode 100644
index 000000000..4fec2c04c
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/peruser.pp
@@ -0,0 +1,82 @@
+# @summary
+#   Installs `mod_peruser`.
+# 
+# @todo
+#   Add docs
+class apache::mod::peruser (
+  $minspareprocessors = '2',
+  $minprocessors = '2',
+  $maxprocessors = '10',
+  $maxclients = '150',
+  $maxrequestsperchild = '1000',
+  $idletimeout = '120',
+  $expiretimeout = '120',
+  $keepalive = 'Off',
+) {
+  include apache
+  case $::osfamily {
+    'freebsd' : {
+      fail("Unsupported osfamily ${::osfamily}")
+    }
+    default: {
+      if $::osfamily == 'gentoo' {
+        ::portage::makeconf { 'apache2_mpms':
+          content => 'peruser',
+        }
+      }
+
+      if defined(Class['apache::mod::event']) {
+        fail('May not include both apache::mod::peruser and apache::mod::event on the same node')
+      }
+      if defined(Class['apache::mod::itk']) {
+        fail('May not include both apache::mod::peruser and apache::mod::itk on the same node')
+      }
+      if defined(Class['apache::mod::prefork']) {
+        fail('May not include both apache::mod::peruser and apache::mod::prefork on the same node')
+      }
+      if defined(Class['apache::mod::worker']) {
+        fail('May not include both apache::mod::peruser and apache::mod::worker on the same node')
+      }
+      File {
+        owner => 'root',
+        group => $apache::params::root_group,
+        mode  => $apache::file_mode,
+      }
+
+      $mod_dir = $apache::mod_dir
+
+      # Template uses:
+      # - $minspareprocessors
+      # - $minprocessors
+      # - $maxprocessors
+      # - $maxclients
+      # - $maxrequestsperchild
+      # - $idletimeout
+      # - $expiretimeout
+      # - $keepalive
+      # - $mod_dir
+      file { "${apache::mod_dir}/peruser.conf":
+        ensure  => file,
+        mode    => $apache::file_mode,
+        content => template('apache/mod/peruser.conf.erb'),
+        require => Exec["mkdir ${apache::mod_dir}"],
+        before  => File[$apache::mod_dir],
+        notify  => Class['apache::service'],
+      }
+      file { "${apache::mod_dir}/peruser":
+        ensure  => directory,
+        require => File[$apache::mod_dir],
+      }
+      file { "${apache::mod_dir}/peruser/multiplexers":
+        ensure  => directory,
+        require => File["${apache::mod_dir}/peruser"],
+      }
+      file { "${apache::mod_dir}/peruser/processors":
+        ensure  => directory,
+        require => File["${apache::mod_dir}/peruser"],
+      }
+
+      ::apache::peruser::multiplexer { '01-default': }
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/php.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/php.pp
new file mode 100644
index 000000000..02c51be64
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/php.pp
@@ -0,0 +1,118 @@
+# @summary
+#   Installs `mod_php`.
+# 
+# @todo
+#   Add docs
+class apache::mod::php (
+  $package_name     = undef,
+  $package_ensure   = 'present',
+  $path             = undef,
+  Array $extensions = ['.php'],
+  $content          = undef,
+  $template         = 'apache/mod/php.conf.erb',
+  $source           = undef,
+  $root_group       = $apache::params::root_group,
+  $php_version      = $apache::params::php_version,
+  $libphp_prefix    = 'libphp'
+) inherits apache::params {
+  include apache
+  if (versioncmp($php_version, '8') < 0) {
+    $mod = "php${php_version}"
+  } else {
+    $mod = 'php'
+  }
+
+  if $apache::version::scl_httpd_version == undef and $apache::version::scl_php_version != undef {
+    fail('If you define apache::version::scl_php_version, you also need to specify apache::version::scl_httpd_version')
+  }
+  if defined(Class['::apache::mod::prefork']) {
+    Class['::apache::mod::prefork']->File["${mod}.conf"]
+  }
+  elsif defined(Class['::apache::mod::itk']) {
+    Class['::apache::mod::itk']->File["${mod}.conf"]
+  }
+  else {
+    fail('apache::mod::php requires apache::mod::prefork or apache::mod::itk; please enable mpm_module => \'prefork\' or mpm_module => \'itk\' on Class[\'apache\']')
+  }
+
+  if $source and ($content or $template != 'apache/mod/php.conf.erb') {
+    warning('source and content or template parameters are provided. source parameter will be used')
+  } elsif $content and $template != 'apache/mod/php.conf.erb' {
+    warning('content and template parameters are provided. content parameter will be used')
+  }
+
+  $manage_content = $source ? {
+    undef   => $content ? {
+      undef   => template($template),
+      default => $content,
+    },
+    default => undef,
+  }
+
+  # Determine if we have a package
+  $mod_packages = $apache::mod_packages
+  if $package_name {
+    $_package_name = $package_name
+  } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack
+    $_package_name = $mod_packages[$mod]
+  } elsif has_key($mod_packages, 'phpXXX') { # 2.6 compatibility hack
+    $_package_name = regsubst($mod_packages['phpXXX'], 'XXX', $php_version)
+  } else {
+    $_package_name = undef
+  }
+
+  $_php_major = regsubst($php_version, '^(\d+)\..*$', '\1')
+  $_php_version_no_dot = regsubst($php_version, '\.', '')
+  if $apache::version::scl_httpd_version {
+    $_lib = "librh-php${_php_version_no_dot}-php${_php_major}.so"
+  } else {
+    # Controls php version and libphp prefix
+    $_lib = $_php_major ? {
+      '8'     => "${libphp_prefix}.so",
+      default => "${libphp_prefix}${php_version}.so",
+    }
+  }
+  $_module_id = $_php_major ? {
+    '5'     => 'php5_module',
+    '7'     => 'php7_module',
+    default => 'php_module',
+  }
+
+  if $::operatingsystem == 'SLES' {
+    ::apache::mod { $mod:
+      package        => $_package_name,
+      package_ensure => $package_ensure,
+      lib            => "mod_${mod}.so",
+      id             => $_module_id,
+      path           => "${apache::lib_path}/mod_${mod}.so",
+    }
+  } else {
+    ::apache::mod { $mod:
+      package        => $_package_name,
+      package_ensure => $package_ensure,
+      lib            => $_lib,
+      id             => $_module_id,
+      path           => $path,
+    }
+  }
+
+  include apache::mod::mime
+  include apache::mod::dir
+  Class['::apache::mod::mime'] -> Class['::apache::mod::dir'] -> Class['::apache::mod::php']
+
+  # Template uses $extensions
+  file { "${mod}.conf":
+    ensure  => file,
+    path    => "${apache::mod_dir}/${mod}.conf",
+    owner   => 'root',
+    group   => $root_group,
+    mode    => $apache::file_mode,
+    content => $manage_content,
+    source  => $source,
+    require => [
+      Exec["mkdir ${apache::mod_dir}"],
+    ],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/prefork.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/prefork.pp
new file mode 100644
index 000000000..f6c6315ae
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/prefork.pp
@@ -0,0 +1,134 @@
+# @summary
+#   Installs and configures MPM `prefork`.
+# 
+# @param startservers
+#   Number of child server processes created at startup.
+#
+# @param minspareservers
+#   Minimum number of idle child server processes.
+# 
+# @param maxspareservers
+#   Maximum number of idle child server processes.
+# 
+# @param serverlimit
+#   Upper limit on configurable number of processes.
+# 
+# @param maxclients
+#   Old alias for MaxRequestWorkers.
+# 
+# @param maxrequestworkers
+#   Maximum number of connections that will be processed simultaneously.
+# 
+# @param maxrequestsperchild
+#  Old alias for MaxConnectionsPerChild.
+# 
+# @param maxconnectionsperchild
+#   Limit on the number of connections that an individual child server will handle during its life.
+#
+# @param apache_version
+#   Used to verify that the Apache version you have requested is compatible with the module.
+#
+# @param listenbacklog
+#   Maximum length of the queue of pending connections.
+# 
+# @see https://httpd.apache.org/docs/current/mod/prefork.html for additional documentation.
+#
+class apache::mod::prefork (
+  $startservers           = '8',
+  $minspareservers        = '5',
+  $maxspareservers        = '20',
+  $serverlimit            = '256',
+  $maxclients             = '256',
+  $maxrequestworkers      = undef,
+  $maxrequestsperchild    = '4000',
+  $maxconnectionsperchild = undef,
+  $apache_version         = undef,
+  $listenbacklog          = '511'
+) {
+  include apache
+  $_apache_version = pick($apache_version, $apache::apache_version)
+  if defined(Class['apache::mod::event']) {
+    fail('May not include both apache::mod::prefork and apache::mod::event on the same node')
+  }
+  if versioncmp($_apache_version, '2.4') < 0 {
+    if defined(Class['apache::mod::itk']) {
+      fail('May not include both apache::mod::prefork and apache::mod::itk on the same node')
+    }
+  }
+  if defined(Class['apache::mod::peruser']) {
+    fail('May not include both apache::mod::prefork and apache::mod::peruser on the same node')
+  }
+  if defined(Class['apache::mod::worker']) {
+    fail('May not include both apache::mod::prefork and apache::mod::worker on the same node')
+  }
+
+  if versioncmp($_apache_version, '2.3.13') < 0 {
+    if $maxrequestworkers == undef {
+      warning("For newer versions of Apache, \$maxclients is deprecated, please use \$maxrequestworkers.")
+    } elsif $maxconnectionsperchild == undef {
+      warning("For newer versions of Apache, \$maxrequestsperchild is deprecated, please use \$maxconnectionsperchild.")
+    }
+  }
+
+  File {
+    owner => 'root',
+    group => $apache::params::root_group,
+    mode  => $apache::file_mode,
+  }
+
+  # Template uses:
+  # - $startservers
+  # - $minspareservers
+  # - $maxspareservers
+  # - $serverlimit
+  # - $maxclients
+  # - $maxrequestworkers
+  # - $maxrequestsperchild
+  # - $maxconnectionsperchild
+  file { "${apache::mod_dir}/prefork.conf":
+    ensure  => file,
+    content => template('apache/mod/prefork.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+
+  case $::osfamily {
+    'redhat': {
+      if versioncmp($_apache_version, '2.4') >= 0 {
+        ::apache::mpm { 'prefork':
+          apache_version => $_apache_version,
+        }
+      }
+      else {
+        file_line { '/etc/sysconfig/httpd prefork enable':
+          ensure  => present,
+          path    => '/etc/sysconfig/httpd',
+          line    => '#HTTPD=/usr/sbin/httpd.worker',
+          match   => '#?HTTPD=/usr/sbin/httpd.worker',
+          require => Package['httpd'],
+          notify  => Class['apache::service'],
+        }
+      }
+    }
+    'debian', 'freebsd': {
+      ::apache::mpm { 'prefork':
+        apache_version => $_apache_version,
+      }
+    }
+    'Suse': {
+      ::apache::mpm { 'prefork':
+        apache_version => $apache_version,
+        lib_path       => '/usr/lib64/apache2-prefork',
+      }
+    }
+    'gentoo': {
+      ::portage::makeconf { 'apache2_mpms':
+        content => 'prefork',
+      }
+    }
+    default: {
+      fail("Unsupported osfamily ${::osfamily}")
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy.pp
new file mode 100644
index 000000000..2a9eb7149
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy.pp
@@ -0,0 +1,52 @@
+# @summary
+#   Installs and configures `mod_proxy`.
+#
+# @param proxy_requests
+#   Enables forward (standard) proxy requests.
+#
+# @param allow_from
+#   List of IPs allowed to access proxy.
+#
+# @param apache_version
+#   Used to verify that the Apache version you have requested is compatible with the module.
+#
+# @param package_name
+#   Name of the proxy package to install.
+#
+# @param proxy_via
+#   Set local IP address for outgoing proxy connections.
+#
+# @param proxy_timeout
+#   Network timeout for proxied requests.
+#
+# @param proxy_iobuffersize
+#   Set the size of internal data throughput buffer
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy.html for additional documentation.
+#
+class apache::mod::proxy (
+  $proxy_requests     = 'Off',
+  $allow_from         = undef,
+  $apache_version     = undef,
+  $package_name       = undef,
+  $proxy_via          = 'On',
+  $proxy_timeout      = undef,
+  $proxy_iobuffersize = undef,
+) {
+  include apache
+  $_proxy_timeout = $apache::timeout
+  $_apache_version = pick($apache_version, $apache::apache_version)
+  ::apache::mod { 'proxy':
+    package => $package_name,
+  }
+  # Template uses $proxy_requests, $_apache_version
+  file { 'proxy.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/proxy.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/proxy.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_ajp.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_ajp.pp
new file mode 100644
index 000000000..36bea00c8
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_ajp.pp
@@ -0,0 +1,9 @@
+# @summary
+#   Installs `mod_proxy_ajp`.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy_ajp.html for additional documentation.
+#
+class apache::mod::proxy_ajp {
+  Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_ajp']
+  ::apache::mod { 'proxy_ajp': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_balancer.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_balancer.pp
new file mode 100644
index 000000000..43bd0af65
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_balancer.pp
@@ -0,0 +1,45 @@
+# @summary
+#   Installs and configures `mod_proxy_balancer`.
+# 
+# @param manager
+#   Toggle whether to enable balancer manager support.
+#
+# @param maanger_path
+#   Server relative path to balancer manager.
+#
+# @param allow_from
+#   List of IPs from which the balancer manager can be accessed.
+#
+# @param apache_version
+#   Version of Apache to install module on.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html for additional documentation.
+#
+class apache::mod::proxy_balancer (
+  Boolean $manager                   = false,
+  Stdlib::Absolutepath $manager_path = '/balancer-manager',
+  Array $allow_from                  = ['127.0.0.1','::1'],
+  $apache_version                    = $apache::apache_version,
+) {
+  include apache::mod::proxy
+  include apache::mod::proxy_http
+  if versioncmp($apache_version, '2.4') >= 0 {
+    ::apache::mod { 'slotmem_shm': }
+  }
+
+  Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_balancer']
+  Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_balancer']
+  ::apache::mod { 'proxy_balancer': }
+  if $manager {
+    include apache::mod::status
+    file { 'proxy_balancer.conf':
+      ensure  => file,
+      path    => "${apache::mod_dir}/proxy_balancer.conf",
+      mode    => $apache::file_mode,
+      content => template('apache/mod/proxy_balancer.conf.erb'),
+      require => Exec["mkdir ${apache::mod_dir}"],
+      before  => File[$apache::mod_dir],
+      notify  => Class['apache::service'],
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_connect.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_connect.pp
new file mode 100644
index 000000000..e09cab079
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_connect.pp
@@ -0,0 +1,18 @@
+# @summary
+#   Installs `mod_proxy_connect`.
+# 
+# @param apache_version
+#   Used to verify that the Apache version you have requested is compatible with the module.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy_connect.html for additional documentation.
+#
+class apache::mod::proxy_connect (
+  $apache_version  = undef,
+) {
+  include apache
+  $_apache_version = pick($apache_version, $apache::apache_version)
+  if versioncmp($_apache_version, '2.2') >= 0 {
+    Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_connect']
+    ::apache::mod { 'proxy_connect': }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_fcgi.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_fcgi.pp
new file mode 100644
index 000000000..84bc3d178
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_fcgi.pp
@@ -0,0 +1,9 @@
+# @summary
+#   Installs `mod_proxy_fcgi`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy_fcgi.html for additional documentation.
+#
+class apache::mod::proxy_fcgi {
+  Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_fcgi']
+  ::apache::mod { 'proxy_fcgi': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_html.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_html.pp
new file mode 100644
index 000000000..0205af848
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_html.pp
@@ -0,0 +1,60 @@
+# @summary
+#   Installs `mod_proxy_html`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy_html.html for additional documentation.
+#
+class apache::mod::proxy_html {
+  include apache
+  Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_html']
+  Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_html']
+
+  # Add libxml2
+  case $::osfamily {
+    /RedHat|FreeBSD|Gentoo|Suse/: {
+      ::apache::mod { 'xml2enc': }
+      $loadfiles = undef
+    }
+    'Debian': {
+      $gnu_path = $::hardwaremodel ? {
+        'i686'  => 'i386',
+        default => $::hardwaremodel,
+      }
+      case $::operatingsystem {
+        'Ubuntu': {
+          $loadfiles = $facts['operatingsystemmajrelease'] ? {
+            '10'    => ['/usr/lib/libxml2.so.2'],
+            default => ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"],
+          }
+        }
+        'Debian': {
+          $loadfiles = $facts['operatingsystemmajrelease'] ? {
+            '6'     => ['/usr/lib/libxml2.so.2'],
+            default => ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"],
+          }
+        }
+        default: {
+          $loadfiles = ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"]
+        }
+      }
+      if versioncmp($apache::apache_version, '2.4') >= 0 {
+        ::apache::mod { 'xml2enc': }
+      }
+    }
+    default: {}
+  }
+
+  ::apache::mod { 'proxy_html':
+    loadfiles => $loadfiles,
+  }
+
+  # Template uses $icons_path
+  file { 'proxy_html.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/proxy_html.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/proxy_html.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_http.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_http.pp
new file mode 100644
index 000000000..b80857c20
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_http.pp
@@ -0,0 +1,9 @@
+# @summary
+#   Installs `mod_proxy_http`.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy_http.html for additional documentation.
+#
+class apache::mod::proxy_http {
+  Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_http']
+  ::apache::mod { 'proxy_http': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_wstunnel.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_wstunnel.pp
new file mode 100644
index 000000000..a7dc00f0f
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/proxy_wstunnel.pp
@@ -0,0 +1,10 @@
+# @summary
+#   Installs `mod_proxy_wstunnel`.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html for additional documentation.
+#
+class apache::mod::proxy_wstunnel {
+  include apache, apache::mod::proxy
+  Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_wstunnel']
+  ::apache::mod { 'proxy_wstunnel': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/python.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/python.pp
new file mode 100644
index 000000000..91f1d3818
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/python.pp
@@ -0,0 +1,16 @@
+# @summary
+#   Installs and configures `mod_python`.
+# 
+# @param loadfile_name
+#   Sets the name of the configuration file that is used to load the python module.
+# 
+# @see https://github.com/grisha/mod_python for additional documentation.
+#
+class apache::mod::python (
+  Optional[String] $loadfile_name = undef,
+) {
+  include apache
+  ::apache::mod { 'python':
+    loadfile_name => $loadfile_name,
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/remoteip.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/remoteip.pp
new file mode 100644
index 000000000..addc966fa
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/remoteip.pp
@@ -0,0 +1,114 @@
+# @summary 
+#   Installs and configures `mod_remoteip`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_remoteip.html
+#
+# @param header
+#   The header field in which `mod_remoteip` will look for the useragent IP.
+#
+# @param internal_proxy
+#   A list of IP addresses, IP blocks or hostname that are trusted to set a
+#   valid value inside specified header. Unlike the `$trusted_proxy_ips`
+#   parameter, any IP address (including private addresses) presented by these
+#   proxies will trusted by `mod_remoteip`.
+#
+# @param proxy_ips
+#   *Deprecated*: use `$internal_proxy` instead.
+#
+# @param internal_proxy_list
+#   The path to a file containing a list of IP addresses, IP blocks or hostname
+#   that are trusted to set a valid value inside the specified header. See
+#   `$internal_proxy` for details.
+#
+# @param proxies_header
+#   A header into which `mod_remoteip` will collect a list of all of the
+#   intermediate client IP addresses trusted to resolve the useragent IP of the
+#   request (e.g. `X-Forwarded-By`).
+#
+# @param proxy_protocol
+#   Wether or not to enable the PROXY protocol header handling. If enabled
+#   upstream clients must set the header every time they open a connection.
+#
+# @param proxy_protocol_exceptions
+#   A list of IP address or IP blocks that are not required to use the PROXY
+#   protocol.
+#
+# @param trusted_proxy
+#   A list of IP addresses, IP blocks or hostname that are trusted to set a
+#   valid value inside the specified header. Unlike the `$proxy_ips` parameter,
+#   any private IP presented by these proxies will be disgarded by
+#   `mod_remoteip`.
+#
+# @param trusted_proxy_ips
+#   *Deprecated*: use `$trusted_proxy` instead.
+#
+# @param trusted_proxy_list
+#   The path to a file containing a list of IP addresses, IP blocks or hostname
+#   that are trusted to set a valid value inside the specified header. See
+#   `$trusted_proxy` for details.
+#
+# @param apache_version
+#   A version string used to validate that your apache version supports
+#   `mod_remoteip`. If not specified, `$::apache::apache_version` is used.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_remoteip.html for additional documentation.
+#
+class apache::mod::remoteip (
+  String                                                     $header                    = 'X-Forwarded-For',
+  Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $internal_proxy            = undef,
+  Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $proxy_ips                 = undef,
+  Optional[Stdlib::Absolutepath]                             $internal_proxy_list       = undef,
+  Optional[String]                                           $proxies_header            = undef,
+  Boolean                                                    $proxy_protocol            = false,
+  Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $proxy_protocol_exceptions = undef,
+  Optional[Array[Stdlib::Host]]                              $trusted_proxy             = undef,
+  Optional[Array[Stdlib::Host]]                              $trusted_proxy_ips         = undef,
+  Optional[Stdlib::Absolutepath]                             $trusted_proxy_list        = undef,
+  Optional[String]                                           $apache_version            = undef,
+) {
+  include apache
+
+  $_apache_version = pick($apache_version, $apache::apache_version)
+  if versioncmp($_apache_version, '2.4') < 0 {
+    fail('mod_remoteip is only available in Apache 2.4')
+  }
+
+  if $proxy_ips {
+    deprecation('apache::mod::remoteip::proxy_ips', 'This parameter is deprecated, please use `internal_proxy`.')
+    $_internal_proxy = $proxy_ips
+  } elsif $internal_proxy {
+    $_internal_proxy = $internal_proxy
+  } else {
+    $_internal_proxy = ['127.0.0.1']
+  }
+
+  if $trusted_proxy_ips {
+    deprecation('apache::mod::remoteip::trusted_proxy_ips', 'This parameter is deprecated, please use `trusted_proxy`.')
+    $_trusted_proxy = $trusted_proxy_ips
+  } else {
+    $_trusted_proxy = $trusted_proxy
+  }
+
+  ::apache::mod { 'remoteip': }
+
+  $template_parameters = {
+    header                    => $header,
+    internal_proxy            => $_internal_proxy,
+    internal_proxy_list       => $internal_proxy_list,
+    proxies_header            => $proxies_header,
+    proxy_protocol            => $proxy_protocol,
+    proxy_protocol_exceptions => $proxy_protocol_exceptions,
+    trusted_proxy             => $_trusted_proxy,
+    trusted_proxy_list        => $trusted_proxy_list,
+  }
+
+  file { 'remoteip.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/remoteip.conf",
+    mode    => $apache::file_mode,
+    content => epp('apache/mod/remoteip.conf.epp', $template_parameters),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/reqtimeout.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/reqtimeout.pp
new file mode 100644
index 000000000..a971e045d
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/reqtimeout.pp
@@ -0,0 +1,24 @@
+# @summary
+#   Installs and configures `mod_reqtimeout`.
+# 
+# @param timeouts
+#   List of timeouts and data rates for receiving requests.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html for additional documentation.
+#
+class apache::mod::reqtimeout (
+  $timeouts = ['header=20-40,minrate=500', 'body=10,minrate=500']
+) {
+  include apache
+  ::apache::mod { 'reqtimeout': }
+  # Template uses no variables
+  file { 'reqtimeout.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/reqtimeout.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/reqtimeout.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/rewrite.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/rewrite.pp
new file mode 100644
index 000000000..06986d1e8
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/rewrite.pp
@@ -0,0 +1,9 @@
+# @summary
+#   Installs `mod_rewrite`.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_rewrite.html for additional documentation.
+#
+class apache::mod::rewrite {
+  include apache::params
+  ::apache::mod { 'rewrite': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/rpaf.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/rpaf.pp
new file mode 100644
index 000000000..7e4bab23e
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/rpaf.pp
@@ -0,0 +1,40 @@
+# @summary
+#   Installs and configures `mod_rpaf`.
+# 
+# @param sethostname
+#   Toggles whether to update vhost name so ServerName and ServerAlias work.
+# 
+# @param proxy_ips
+#   List of IPs & bitmasked subnets to adjust requests for
+#
+# @param header
+#   Header to use for the real IP address.
+#
+# @param template
+#   Path to template to use for configuring mod_rpaf.
+#
+# @see https://github.com/gnif/mod_rpaf for additional documentation.
+#
+class apache::mod::rpaf (
+  $sethostname = true,
+  $proxy_ips   = ['127.0.0.1'],
+  $header      = 'X-Forwarded-For',
+  $template    = 'apache/mod/rpaf.conf.erb'
+) {
+  include apache
+  ::apache::mod { 'rpaf': }
+
+  # Template uses:
+  # - $sethostname
+  # - $proxy_ips
+  # - $header
+  file { 'rpaf.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/rpaf.conf",
+    mode    => $apache::file_mode,
+    content => template($template),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/security.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/security.pp
new file mode 100644
index 000000000..4234f4088
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/security.pp
@@ -0,0 +1,269 @@
+# @summary
+#   Installs and configures `mod_security`.
+# 
+# @param version
+#   Manage mod_security or mod_security2
+#
+# @param logroot
+#   Configures the location of audit and debug logs.
+# 
+# @param crs_package
+#   Name of package that installs CRS rules.
+# 
+# @param activated_rules
+#   An array of rules from the modsec_crs_path or absolute to activate via symlinks.
+# 
+# @param modsec_dir
+#   Defines the path where Puppet installs the modsec configuration and activated rules links.
+# 
+# @param modsec_secruleengine
+#   Configures the rules engine.
+# 
+# @param audit_log_relevant_status
+#   Configures which response status code is to be considered relevant for the purpose of audit logging.
+# 
+# @param audit_log_parts
+#   Defines which parts of each transaction are going to be recorded in the audit log. Each part is assigned a single letter; when a
+#   letter appears in the list then the equivalent part will be recorded.
+# 
+# @param audit_log_type
+#   Defines the type of audit logging mechanism to be used.
+# 
+# @param audit_log_storage_dir
+#   Defines the directory where concurrent audit log entries are to be stored. This directive is only needed when concurrent audit logging is used.
+# 
+# @param secpcrematchlimit
+#   Sets the match limit in the PCRE library.
+# 
+# @param secpcrematchlimitrecursion
+#   Sets the match limit recursion in the PCRE library.
+# 
+# @param allowed_methods
+#   A space-separated list of allowed HTTP methods.
+# 
+# @param content_types
+#   A list of one or more allowed MIME types.
+# 
+# @param restricted_extensions
+#   A space-sparated list of prohibited file extensions.
+# 
+# @param restricted_headers
+#   A list of restricted headers separated by slashes and spaces.
+# 
+# @param secdefaultaction
+#   Defines the default list of actions, which will be inherited by the rules in the same configuration context.
+# 
+# @param anomaly_score_blocking
+#   Activates or deactivates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set.
+# 
+# @param inbound_anomaly_threshold
+#   Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
+# 
+# @param outbound_anomaly_threshold
+#   Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
+# 
+# @param critical_anomaly_score
+#   Sets the Anomaly Score for rules assigned with a critical severity.
+# 
+# @param error_anomaly_score
+#   Sets the Anomaly Score for rules assigned with a error severity.
+# 
+# @param warning_anomaly_score
+#   Sets the Anomaly Score for rules assigned with a warning severity.
+# 
+# @param notice_anomaly_score
+#   Sets the Anomaly Score for rules assigned with a notice severity.
+# 
+# @param secrequestmaxnumargs
+#   Sets the maximum number of arguments in the request.
+# 
+# @param secrequestbodylimit
+#   Sets the maximum request body size ModSecurity will accept for buffering.
+# 
+# @param secrequestbodynofileslimit
+#   Configures the maximum request body size ModSecurity will accept for buffering, excluding the size of any files being transported 
+#   in the request.
+# 
+# @param secrequestbodyinmemorylimit
+#   Configures the maximum request body size that ModSecurity will store in memory.
+# 
+# @param manage_security_crs
+#   Toggles whether to manage ModSecurity Core Rule Set 
+#
+# @see https://github.com/SpiderLabs/ModSecurity/wiki for additional documentation.
+#
+class apache::mod::security (
+  $logroot                    = $apache::params::logroot,
+  $version                     = $apache::params::modsec_version,
+  $crs_package                 = $apache::params::modsec_crs_package,
+  $activated_rules             = $apache::params::modsec_default_rules,
+  $custom_rules                = $apache::params::modsec_custom_rules,
+  $custom_rules_set            = $apache::params::modsec_custom_rules_set,
+  $modsec_dir                  = $apache::params::modsec_dir,
+  $modsec_secruleengine        = $apache::params::modsec_secruleengine,
+  $audit_log_relevant_status   = '^(?:5|4(?!04))',
+  $audit_log_parts             = $apache::params::modsec_audit_log_parts,
+  $audit_log_type              = $apache::params::modsec_audit_log_type,
+  $audit_log_storage_dir       = undef,
+  $secpcrematchlimit           = $apache::params::secpcrematchlimit,
+  $secpcrematchlimitrecursion  = $apache::params::secpcrematchlimitrecursion,
+  $allowed_methods             = 'GET HEAD POST OPTIONS',
+  $content_types               = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf',
+  $restricted_extensions       = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/',
+  $restricted_headers          = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/',
+  $secdefaultaction            = 'deny',
+  $anomaly_score_blocking      = 'off',
+  $inbound_anomaly_threshold   = '5',
+  $outbound_anomaly_threshold  = '4',
+  $critical_anomaly_score      = '5',
+  $error_anomaly_score         = '4',
+  $warning_anomaly_score       = '3',
+  $notice_anomaly_score        = '2',
+  $secrequestmaxnumargs        = '255',
+  $secrequestbodylimit         = '13107200',
+  $secrequestbodynofileslimit  = '131072',
+  $secrequestbodyinmemorylimit = '131072',
+  $manage_security_crs         = true,
+) inherits ::apache::params {
+  include apache
+
+  $_secdefaultaction = $secdefaultaction ? {
+    /log/   => $secdefaultaction, # it has log or nolog,auditlog or log,noauditlog
+    default => "${secdefaultaction},log",
+  }
+
+  if $::osfamily == 'FreeBSD' {
+    fail('FreeBSD is not currently supported')
+  }
+
+  if ($::osfamily == 'Suse' and versioncmp($::operatingsystemrelease, '11') < 0) {
+    fail('SLES 10 is not currently supported.')
+  }
+
+  case $version {
+    1: {
+      $mod_name = 'security'
+      $mod_conf_name = 'security.conf'
+    }
+    2: {
+      $mod_name = 'security2'
+      $mod_conf_name = 'security2.conf'
+    }
+    default: {
+      fail('Unsuported version for mod security')
+    }
+  }
+  ::apache::mod { $mod_name:
+    id  => 'security2_module',
+    lib => 'mod_security2.so',
+  }
+
+  ::apache::mod { 'unique_id_module':
+    id  => 'unique_id_module',
+    lib => 'mod_unique_id.so',
+  }
+
+  if $crs_package {
+    package { $crs_package:
+      ensure => 'installed',
+      before => [
+        File[$apache::confd_dir],
+        File[$modsec_dir],
+      ],
+    }
+  }
+
+  # Template uses:
+  # - logroot
+  # - $modsec_dir
+  # - $audit_log_parts
+  # - $audit_log_type
+  # - $audit_log_storage_dir
+  # - secpcrematchlimit
+  # - secpcrematchlimitrecursion
+  # - secrequestbodylimit
+  # - secrequestbodynofileslimit
+  # - secrequestbodyinmemorylimit
+  file { 'security.conf':
+    ensure  => file,
+    content => template('apache/mod/security.conf.erb'),
+    mode    => $apache::file_mode,
+    path    => "${apache::mod_dir}/${mod_conf_name}",
+    owner   => $apache::params::user,
+    group   => $apache::params::group,
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+
+  file { $modsec_dir:
+    ensure  => directory,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
+    purge   => true,
+    force   => true,
+    recurse => true,
+    require => Package['httpd'],
+  }
+
+  file { "${modsec_dir}/activated_rules":
+    ensure  => directory,
+    owner   => $apache::params::user,
+    group   => $apache::params::group,
+    mode    => '0555',
+    purge   => true,
+    force   => true,
+    recurse => true,
+    notify  => Class['apache::service'],
+  }
+
+  if $custom_rules {
+    # Template to add custom rule and included in security configuration
+    file {"${modsec_dir}/custom_rules":
+      ensure  => directory,
+      owner   => $apache::params::user,
+      group   => $apache::params::group,
+      mode    => $apache::file_mode,
+      require => File[$modsec_dir],
+    }
+
+    file { "${modsec_dir}/custom_rules/custom_01_rules.conf":
+      ensure  => file,
+      owner   => $apache::params::user,
+      group   => $apache::params::group,
+      mode    => $apache::file_mode,
+      content => template('apache/mod/security_custom.conf.erb'),
+      require => File["${modsec_dir}/custom_rules"],
+      notify  => Class['apache::service'],
+    }
+  }
+
+  if $manage_security_crs {
+    # Template uses:
+    # - $_secdefaultaction
+    # - $critical_anomaly_score
+    # - $error_anomaly_score
+    # - $warning_anomaly_score
+    # - $notice_anomaly_score
+    # - $inbound_anomaly_threshold
+    # - $outbound_anomaly_threshold
+    # - $anomaly_score_blocking
+    # - $allowed_methods
+    # - $content_types
+    # - $restricted_extensions
+    # - $restricted_headers
+    # - $secrequestmaxnumargs
+    file { "${modsec_dir}/security_crs.conf":
+      ensure  => file,
+      content => template('apache/mod/security_crs.conf.erb'),
+      require => File[$modsec_dir],
+      notify  => Class['apache::service'],
+    }
+
+    # Debian 9 has a different rule setup
+    unless $::operatingsystem == 'SLES' or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) {
+      apache::security::rule_link { $activated_rules: }
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/setenvif.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/setenvif.pp
new file mode 100644
index 000000000..6b3586a7a
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/setenvif.pp
@@ -0,0 +1,19 @@
+# @summary
+#   Installs `mod_setenvif`.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_setenvif.html for additional documentation.
+#
+class apache::mod::setenvif {
+  include apache
+  ::apache::mod { 'setenvif': }
+  # Template uses no variables
+  file { 'setenvif.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/setenvif.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/setenvif.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/shib.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/shib.pp
new file mode 100644
index 000000000..85946a10b
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/shib.pp
@@ -0,0 +1,45 @@
+# @summary
+#   Installs and configures `mod_shib`.
+# 
+# @param suppress_warning
+#   Toggles whether to trigger warning on RedHat nodes.
+# 
+# @param mod_full_path
+#   Specifies a path to the module. Do not manually set this parameter without a special reason.
+# 
+# @param package_name
+#   Name of the Shibboleth package to be installed.
+# 
+# @param mod_lib
+#   Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter 
+#   overrides this value. 
+#
+# This class installs and configures only the Apache components of a web application that consumes Shibboleth SSO identities. You
+# can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth).
+# 
+# @note
+#   The Shibboleth module isn't available on RH/CentOS without providing dependency packages provided by Shibboleth's repositories. 
+#   See the [Shibboleth Service Provider Installation Guide](http://wiki.aaf.edu.au/tech-info/sp-install-guide).
+#
+# @see https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig for additional documentation.
+# @note Unsupported platforms: RedHat: all; CentOS: all; Scientific: all; SLES: all; Debian: 7, 8; Ubuntu: all; OracleLinux: all
+class apache::mod::shib (
+  $suppress_warning = false,
+  $mod_full_path    = undef,
+  $package_name     = undef,
+  $mod_lib          = undef,
+) {
+  include apache
+  if $::osfamily == 'RedHat' and ! $suppress_warning {
+    warning('RedHat distributions do not have Apache mod_shib in their default package repositories.')
+  }
+
+  $mod_shib = 'shib2'
+
+  apache::mod { $mod_shib:
+    id      => 'mod_shib',
+    path    => $mod_full_path,
+    package => $package_name,
+    lib     => $mod_lib,
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/socache_shmcb.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/socache_shmcb.pp
new file mode 100644
index 000000000..e9be75dce
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/socache_shmcb.pp
@@ -0,0 +1,8 @@
+# @summary
+#   Installs `mod_socache_shmcb`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_socache_shmcb.html for additional documentation.
+#
+class apache::mod::socache_shmcb {
+  ::apache::mod { 'socache_shmcb': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/speling.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/speling.pp
new file mode 100644
index 000000000..538e8ffa6
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/speling.pp
@@ -0,0 +1,9 @@
+# @summary
+#   Installs `mod_spelling`.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_speling.html for additional documentation.
+#
+class apache::mod::speling {
+  include apache
+  ::apache::mod { 'speling': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/ssl.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/ssl.pp
new file mode 100644
index 000000000..20acb814e
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/ssl.pp
@@ -0,0 +1,224 @@
+# @summary
+#   Installs `mod_ssl`.
+# 
+# @param ssl_compression
+#   Enable compression on the SSL level.
+#
+# @param ssl_cryptodevice
+#   Enable use of a cryptographic hardware accelerator.
+#
+# @param ssl_options
+#   Configure various SSL engine run-time options.
+#
+# @param ssl_openssl_conf_cmd
+#   Configure OpenSSL parameters through its SSL_CONF API.
+#
+# @param ssl_cert
+#   Path to server PEM-encoded X.509 certificate data file.
+#
+# @param ssl_key
+#   Path to server PEM-encoded private key file
+#
+# @param ssl_ca
+#   File of concatenated PEM-encoded CA Certificates for Client Auth.
+#
+# @param ssl_cipher
+#   Cipher Suite available for negotiation in SSL handshake.
+#
+# @param ssl_honorcipherorder
+#   Option to prefer the server's cipher preference order.
+#
+# @param ssl_protocol
+#   Configure usable SSL/TLS protocol versions.
+#   Default based on the OS:
+#   - RedHat 8: [ 'all' ].
+#   - Other Platforms: [ 'all', '-SSLv2', '-SSLv3' ].
+#
+# @param ssl_proxy_protocol
+#   Configure usable SSL protocol flavors for proxy usage.
+#
+# @param ssl_pass_phrase_dialog
+#   Type of pass phrase dialog for encrypted private keys.
+#
+# @param ssl_random_seed_bytes
+#   Pseudo Random Number Generator (PRNG) seeding source.
+#
+# @param ssl_sessioncache
+#   Configures the storage type of the global/inter-process SSL Session Cache
+#
+# @param ssl_sessioncachetimeout
+#   Number of seconds before an SSL session expires in the Session Cache.
+#
+# @param ssl_stapling
+#   Enable stapling of OCSP responses in the TLS handshake.
+#
+# @param ssl_stapling_return_errors
+#   Pass stapling related OCSP errors on to client.
+#
+# @param ssl_mutex
+#   Configures mutex mechanism and lock file directory for all or specified mutexes.
+#   Default based on the OS and/or Apache version:
+#   - RedHat/FreeBSD/Suse/Gentoo: 'default'.
+#   - Debian/Ubuntu + Apache >= 2.4: 'default'.
+#   - Debian/Ubuntu + Apache < 2.4: 'file:${APACHE_RUN_DIR}/ssl_mutex'.
+#
+# @param ssl_reload_on_change
+#   Enable reloading of apache if the content of ssl files have changed. It only affects ssl files configured here and not vhost ones.
+#
+# @param apache_version
+#   Used to verify that the Apache version you have requested is compatible with the module.
+#
+# @param package_name
+#   Name of ssl package to install.
+#
+# On most operating systems, the ssl.conf is placed in the module configuration directory. On Red Hat based operating systems, this
+# file is placed in /etc/httpd/conf.d, the same location in which the RPM stores the configuration.
+#
+# To use SSL with a virtual host, you must either set the default_ssl_vhost parameter in ::apache to true or the ssl parameter in 
+# apache::vhost to true.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_ssl.html for additional documentation.
+#
+class apache::mod::ssl (
+  Boolean $ssl_compression                                  = false,
+  Optional[Boolean] $ssl_sessiontickets                     = undef,
+  $ssl_cryptodevice                                         = 'builtin',
+  $ssl_options                                              = ['StdEnvVars'],
+  $ssl_openssl_conf_cmd                                     = undef,
+  Optional[String] $ssl_cert                                = undef,
+  Optional[String] $ssl_key                                 = undef,
+  $ssl_ca                                                   = undef,
+  $ssl_cipher                                               = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES',
+  Variant[Boolean, Enum['on', 'off']] $ssl_honorcipherorder = true,
+  $ssl_protocol                                             = $apache::params::ssl_protocol,
+  Array $ssl_proxy_protocol                                 = [],
+  $ssl_pass_phrase_dialog                                   = 'builtin',
+  $ssl_random_seed_bytes                                    = '512',
+  String $ssl_sessioncache                                  = $apache::params::ssl_sessioncache,
+  $ssl_sessioncachetimeout                                  = '300',
+  Boolean $ssl_stapling                                     = false,
+  Optional[String] $stapling_cache                          = undef,
+  Optional[Boolean] $ssl_stapling_return_errors             = undef,
+  $ssl_mutex                                                = undef,
+  Boolean $ssl_reload_on_change                             = false,
+  $apache_version                                           = undef,
+  $package_name                                             = undef,
+) inherits ::apache::params {
+  include apache
+  include apache::mod::mime
+  $_apache_version = pick($apache_version, $apache::apache_version)
+  if $ssl_mutex {
+    $_ssl_mutex = $ssl_mutex
+  } else {
+    case $::osfamily {
+      'debian': {
+        if versioncmp($_apache_version, '2.4') >= 0 {
+          $_ssl_mutex = 'default'
+        } else {
+          $_ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex"
+        }
+      }
+      'redhat': {
+        $_ssl_mutex = 'default'
+      }
+      'freebsd': {
+        $_ssl_mutex = 'default'
+      }
+      'gentoo': {
+        $_ssl_mutex = 'default'
+      }
+      'Suse': {
+        $_ssl_mutex = 'default'
+      }
+      default: {
+        fail("Unsupported osfamily ${::osfamily}, please explicitly pass in \$ssl_mutex")
+      }
+    }
+  }
+
+  if $ssl_honorcipherorder =~ Boolean {
+    $_ssl_honorcipherorder = $ssl_honorcipherorder
+  } else {
+    $_ssl_honorcipherorder = $ssl_honorcipherorder ? {
+      'on'    => true,
+      'off'   => false,
+      default => true,
+    }
+  }
+
+  if $stapling_cache =~ Undef {
+    $_stapling_cache = $::osfamily ? {
+      'debian'  => "\${APACHE_RUN_DIR}/ocsp(32768)",
+      'redhat'  => '/run/httpd/ssl_stapling(32768)',
+      'freebsd' => '/var/run/ssl_stapling(32768)',
+      'gentoo'  => '/var/run/ssl_stapling(32768)',
+      'Suse'    => '/var/lib/apache2/ssl_stapling(32768)',
+    }
+  } else {
+    $_stapling_cache = $stapling_cache
+  }
+
+  if $::osfamily == 'Suse' {
+    if defined(Class['::apache::mod::worker']) {
+      $suse_path = '/usr/lib64/apache2-worker'
+    } else {
+      $suse_path = '/usr/lib64/apache2-prefork'
+    }
+    ::apache::mod { 'ssl':
+      package  => $package_name,
+      lib_path => $suse_path,
+    }
+  } else {
+    ::apache::mod { 'ssl':
+      package => $package_name,
+    }
+  }
+
+  if versioncmp($_apache_version, '2.4') >= 0 {
+    include apache::mod::socache_shmcb
+  }
+
+  if $ssl_reload_on_change {
+    [$ssl_cert, $ssl_key, $ssl_ca].each |$ssl_file| {
+      if $ssl_file {
+        include apache::mod::ssl::reload
+        $_ssl_file_copy = regsubst($ssl_file, '/', '_', 'G')
+        file { $_ssl_file_copy:
+          path    => "${apache::params::puppet_ssl_dir}/${_ssl_file_copy}",
+          source  => "file://${ssl_file}",
+          owner   => 'root',
+          group   => $apache::params::root_group,
+          mode    => '0640',
+          seltype => 'cert_t',
+          notify  => Class['apache::service'],
+        }
+      }
+    }
+  }
+
+  # Template uses
+  #
+  # $ssl_compression
+  # $ssl_sessiontickets
+  # $ssl_cryptodevice
+  # $ssl_ca
+  # $ssl_cipher
+  # $ssl_honorcipherorder
+  # $ssl_options
+  # $ssl_openssl_conf_cmd
+  # $ssl_sessioncache
+  # $_stapling_cache
+  # $ssl_mutex
+  # $ssl_random_seed_bytes
+  # $ssl_sessioncachetimeout
+  # $_apache_version
+  file { 'ssl.conf':
+    ensure  => file,
+    path    => $apache::_ssl_file,
+    mode    => $apache::file_mode,
+    content => template('apache/mod/ssl.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/ssl/reload.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/ssl/reload.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/ssl/reload.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/ssl/reload.pp
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/status.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/status.pp
new file mode 100644
index 000000000..ddd969049
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/status.pp
@@ -0,0 +1,66 @@
+# @summary
+#   Installs and configures `mod_status`.
+#
+# @param allow_from
+#   Array of hosts, ip addresses, partial network numbers or networks, in CIDR notation specifying what hosts can view the special
+#   /server-status URL.  Defaults to ['127.0.0.1', '::1']. 
+#   > Creates Apache < 2.4 directive "Allow from".
+#
+# @param requires
+#   A Variant type that can be:
+#   - String with:
+#     - '' or 'unmanaged' - Host auth control done elsewhere
+#     - 'ip <List of IPs>' - Allowed IPs/ranges
+#     - 'host <List of names>' - Allowed names/domains
+#     - 'all [granted|denied]'
+#   - Array of strings with ip or host as above
+#   - Hash with following keys:
+#     - 'requires' - Value => Array as above
+#     - 'enforce' - Value => String 'Any', 'All' or 'None'
+#       This encloses "Require" directives in "<Require(Any|All|None)>" block
+#       Optional - If unspecified, "Require" directives follow current flow
+#   > Creates Apache >= 2.4 directives "Require"
+#
+# @param extended_status
+#   Determines whether to track extended status information for each request, via the ExtendedStatus directive.
+#
+# @param status_path 
+#   Path assigned to the Location directive which defines the URL to access the server status.
+#
+# @param apache_version
+#   Used to verify that the Apache version you have requested is compatible with the module.
+#
+# @example
+#   # Simple usage allowing access from localhost and a private subnet
+#   class { 'apache::mod::status':
+#     $allow_from => ['127.0.0.1', '10.10.10.10/24'],
+#   }
+#
+# @see http://httpd.apache.org/docs/current/mod/mod_status.html for additional documentation.
+#
+class apache::mod::status (
+  Optional[Array] $allow_from                      = undef,
+  Optional[Variant[String, Array, Hash]] $requires = undef,
+  Enum['On', 'Off', 'on', 'off'] $extended_status  = 'On',
+  $apache_version                                  = undef,
+  $status_path                                     = '/server-status',
+) inherits ::apache::params {
+  include apache
+  $_apache_version = pick($apache_version, $apache::apache_version)
+  ::apache::mod { 'status': }
+
+  # Defaults for "Allow from" or "Require" directives
+  $allow_defaults = ['127.0.0.1','::1']
+  $requires_defaults = 'ip 127.0.0.1 ::1'
+
+  # Template uses $allow_from, $extended_status, $_apache_version, $status_path
+  file { 'status.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/status.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/status.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/suexec.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/suexec.pp
new file mode 100644
index 000000000..b6a28b1f1
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/suexec.pp
@@ -0,0 +1,8 @@
+# @summary
+#   Installs `mod_suexec`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_suexec.html for additional documentation.
+#
+class apache::mod::suexec {
+  ::apache::mod { 'suexec': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/suphp.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/suphp.pp
new file mode 100644
index 000000000..ae8841321
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/suphp.pp
@@ -0,0 +1,23 @@
+# @summary
+#   Installs `mod_suphp`.
+#
+# @see https://www.suphp.org/DocumentationView.html?file=apache/INSTALL for additional documentation.
+#
+class apache::mod::suphp (
+) {
+  if $facts['os']['family'] == 'Debian' {
+    fail("suphp was declared EOL by it's creators as of 2013 and so is no longer supported on Ubuntu 15.10/Debian 8 and above. Please use php-fpm")
+  }
+  include apache
+  ::apache::mod { 'suphp': }
+
+  file { 'suphp.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/suphp.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/suphp.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/userdir.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/userdir.pp
new file mode 100644
index 000000000..67d7717dd
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/userdir.pp
@@ -0,0 +1,80 @@
+# @summary
+#   Installs and configures `mod_userdir`.
+# 
+# @param home
+#   *Deprecated* Path to system home directory.
+#   
+# @param dir
+#   *Deprecated* Path from user's home directory to public directory.
+#
+# @param userdir
+#   Path or directory name to be used as the UserDir.
+#
+# @param disable_root
+#   Toggles whether to allow use of root directory.
+# 
+# @param apache_version
+#   Used to verify that the Apache version you have requested is compatible with the module.
+# 
+# @param path
+#   Path to directory or pattern from which to find user-specific directories.
+# 
+# @param overrides
+#   Array of directives that are allowed in .htaccess files.
+# 
+# @param options
+#   Configures what features are available in a particular directory.
+#
+# @param unmanaged_path
+#   Toggles whether to manage path in userdir.conf
+#
+# @param custom_fragment
+#   Custom configuration to be added to userdir.conf
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_userdir.html for additional documentation.
+#
+class apache::mod::userdir (
+  $home = undef,
+  $dir = undef,
+  Optional[String[1]] $userdir = undef,
+  $disable_root = true,
+  $apache_version = undef,
+  $path = '/home/*/public_html',
+  $overrides = ['FileInfo', 'AuthConfig', 'Limit', 'Indexes'],
+  $options = ['MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec'],
+  $unmanaged_path = false,
+  $custom_fragment = undef,
+) {
+  include apache
+  $_apache_version = pick($apache_version, $apache::apache_version)
+
+  if $home or $dir {
+    $_home = $home ? {
+      undef   => '/home',
+      default => $home,
+    }
+    $_dir = $dir ? {
+      undef   => 'public_html',
+      default => $dir,
+    }
+    warning('home and dir are deprecated; use path instead')
+    $_path = "${_home}/*/${_dir}"
+  } else {
+    $_path = $path
+  }
+
+  $_userdir = pick($userdir, $_path)
+
+  ::apache::mod { 'userdir': }
+
+  # Template uses $home, $dir, $disable_root, $_apache_version
+  file { 'userdir.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/userdir.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/userdir.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/version.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/version.pp
new file mode 100644
index 000000000..7dd89adce
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/version.pp
@@ -0,0 +1,17 @@
+# @summary
+#   Installs `mod_version`.
+# 
+# @param apache_version
+#   Used to verify that the Apache version you have requested is compatible with the module.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_version.html for additional documentation.
+#
+class apache::mod::version (
+  $apache_version = $apache::apache_version
+) {
+  if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) {
+    warning("${module_name}: module version_module is built-in and can't be loaded")
+  } else {
+    ::apache::mod { 'version': }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/vhost_alias.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/vhost_alias.pp
new file mode 100644
index 000000000..3ff6fd1aa
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/vhost_alias.pp
@@ -0,0 +1,8 @@
+# @summary
+#   Installs Apache `mod_vhost_alias`.
+# 
+# @see https://httpd.apache.org/docs/current/mod/mod_vhost_alias.html for additional documentation.
+#
+class apache::mod::vhost_alias {
+  ::apache::mod { 'vhost_alias': }
+}
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/watchdog.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/watchdog.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/watchdog.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/watchdog.pp
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/worker.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/worker.pp
new file mode 100644
index 000000000..d6b57b89b
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/worker.pp
@@ -0,0 +1,136 @@
+# @summary
+#   Installs and manages the MPM `worker`.
+#
+# @param startservers
+#   The number of child server processes created on startup
+#
+# @param maxclients
+#   The max number of simultaneous requests that will be served.
+#   This is the old name and is still supported. The new name is
+#   MaxRequestWorkers as of 2.3.13.
+#
+# @param minsparethreads
+#   Minimum number of idle threads to handle request spikes.
+#
+# @param maxsparethreads
+#   Maximum number of idle threads.
+#
+# @param threadsperchild
+#   The number of threads created by each child process.
+#
+# @param maxrequestsperchild
+#   Limit on the number of connectiojns an individual child server
+#   process will handle. This is the old name and is still supported. The new
+#   name is MaxConnectionsPerChild as of 2.3.9+.
+#
+# @param serverlimit
+#   With worker, use this directive only if your MaxRequestWorkers
+#   and ThreadsPerChild settings require more than 16 server processes
+#   (default). Do not set the value of this directive any higher than the
+#   number of server processes required by what you may want for
+#   MaxRequestWorkers and ThreadsPerChild.
+#
+# @param threadlimit
+#   This directive sets the maximum configured value for
+#   ThreadsPerChild for the lifetime of the Apache httpd process.
+#
+# @param listenbacklog
+#    Maximum length of the queue of pending connections.
+#
+# @param apache_version
+#   Used to verify that the Apache version you have requested is compatible with the module.
+#
+# @see https://httpd.apache.org/docs/current/mod/worker.html for additional documentation.
+#
+class apache::mod::worker (
+  $startservers        = '2',
+  $maxclients          = '150',
+  $minsparethreads     = '25',
+  $maxsparethreads     = '75',
+  $threadsperchild     = '25',
+  $maxrequestsperchild = '0',
+  $serverlimit         = '25',
+  $threadlimit         = '64',
+  $listenbacklog       = '511',
+  $apache_version      = undef,
+) {
+  include apache
+  $_apache_version = pick($apache_version, $apache::apache_version)
+
+  if defined(Class['apache::mod::event']) {
+    fail('May not include both apache::mod::worker and apache::mod::event on the same node')
+  }
+  if defined(Class['apache::mod::itk']) {
+    fail('May not include both apache::mod::worker and apache::mod::itk on the same node')
+  }
+  if defined(Class['apache::mod::peruser']) {
+    fail('May not include both apache::mod::worker and apache::mod::peruser on the same node')
+  }
+  if defined(Class['apache::mod::prefork']) {
+    fail('May not include both apache::mod::worker and apache::mod::prefork on the same node')
+  }
+  File {
+    owner => 'root',
+    group => $apache::params::root_group,
+    mode  => $apache::file_mode,
+  }
+
+  # Template uses:
+  # - $startservers
+  # - $maxclients
+  # - $minsparethreads
+  # - $maxsparethreads
+  # - $threadsperchild
+  # - $maxrequestsperchild
+  # - $serverlimit
+  # - $threadLimit
+  # - $listenbacklog
+  file { "${apache::mod_dir}/worker.conf":
+    ensure  => file,
+    content => template('apache/mod/worker.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+
+  case $::osfamily {
+    'redhat': {
+      if versioncmp($_apache_version, '2.4') >= 0 {
+        ::apache::mpm { 'worker':
+          apache_version => $_apache_version,
+        }
+      }
+      else {
+        file_line { '/etc/sysconfig/httpd worker enable':
+          ensure  => present,
+          path    => '/etc/sysconfig/httpd',
+          line    => 'HTTPD=/usr/sbin/httpd.worker',
+          match   => '#?HTTPD=/usr/sbin/httpd.worker',
+          require => Package['httpd'],
+          notify  => Class['apache::service'],
+        }
+      }
+    }
+
+    'debian', 'freebsd': {
+      ::apache::mpm { 'worker':
+        apache_version => $_apache_version,
+      }
+    }
+    'Suse': {
+      ::apache::mpm { 'worker':
+        apache_version => $apache_version,
+        lib_path       => '/usr/lib64/apache2-worker',
+      }
+    }
+
+    'gentoo': {
+      ::portage::makeconf { 'apache2_mpms':
+        content => 'worker',
+      }
+    }
+    default: {
+      fail("Unsupported osfamily ${::osfamily}")
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/wsgi.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/wsgi.pp
new file mode 100644
index 000000000..0d326a4d5
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/wsgi.pp
@@ -0,0 +1,74 @@
+# @summary
+#   Installs and configures `mod_wsgi`.
+# 
+# @param wsgi_restrict_embedded
+#   Enable restrictions on use of embedded mode.
+# 
+# @param wsgi_socket_prefix
+#   Configure directory to use for daemon sockets.
+# 
+# @param wsgi_python_path
+#   Additional directories to search for Python modules.
+# 
+# @param wsgi_python_home
+#   Absolute path to Python prefix/exec_prefix directories.
+# 
+# @param wsgi_python_optimize
+#   Enables basic Python optimisation features.
+# 
+# @param wsgi_application_group
+#   Sets which application group WSGI application belongs to.
+# 
+# @param package_name
+#   Names of package that installs mod_wsgi.
+# 
+# @param mod_path
+#   Defines the path to the mod_wsgi shared object (.so) file.
+# 
+# @see https://github.com/GrahamDumpleton/mod_wsgi for additional documentation.
+# @note Unsupported platforms: SLES: all; RedHat: all; CentOS: all; OracleLinux: all; Scientific: all
+class apache::mod::wsgi (
+  $wsgi_restrict_embedded = undef,
+  $wsgi_socket_prefix     = $apache::params::wsgi_socket_prefix,
+  $wsgi_python_path       = undef,
+  $wsgi_python_home       = undef,
+  $wsgi_python_optimize   = undef,
+  $wsgi_application_group = undef,
+  $package_name           = undef,
+  $mod_path               = undef,
+) inherits ::apache::params {
+  include apache
+  if ($package_name != undef and $mod_path == undef) or ($package_name == undef and $mod_path != undef) {
+    fail('apache::mod::wsgi - both package_name and mod_path must be specified!')
+  }
+
+  if $package_name != undef {
+    if $mod_path =~ /\// {
+      $_mod_path = $mod_path
+    } else {
+      $_mod_path = "${apache::lib_path}/${mod_path}"
+    }
+    ::apache::mod { 'wsgi':
+      package => $package_name,
+      path    => $_mod_path,
+    }
+  }
+  else {
+    ::apache::mod { 'wsgi': }
+  }
+
+  # Template uses:
+  # - $wsgi_restrict_embedded
+  # - $wsgi_socket_prefix
+  # - $wsgi_python_path
+  # - $wsgi_python_home
+  file { 'wsgi.conf':
+    ensure  => file,
+    path    => "${apache::mod_dir}/wsgi.conf",
+    mode    => $apache::file_mode,
+    content => template('apache/mod/wsgi.conf.erb'),
+    require => Exec["mkdir ${apache::mod_dir}"],
+    before  => File[$apache::mod_dir],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/xsendfile.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/xsendfile.pp
new file mode 100644
index 000000000..955488461
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mod/xsendfile.pp
@@ -0,0 +1,9 @@
+# @summary
+#   Installs `mod_xsendfile`.
+# 
+# @see https://tn123.org/mod_xsendfile/ for additional documentation.
+#
+class apache::mod::xsendfile {
+  include apache::params
+  ::apache::mod { 'xsendfile': }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/mpm.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mpm.pp
new file mode 100644
index 000000000..b76772eaf
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mpm.pp
@@ -0,0 +1,160 @@
+# @summary Enables the use of Apache MPMs.
+#
+# @api private
+define apache::mpm (
+  $lib_path       = $apache::lib_path,
+  $apache_version = $apache::apache_version,
+) {
+  if ! defined(Class['apache']) {
+    fail('You must include the apache base class before using any apache defined resources')
+  }
+
+  $mpm     = $name
+  $mod_dir = $apache::mod_dir
+
+  $_lib  = "mod_mpm_${mpm}.so"
+  $_path = "${lib_path}/${_lib}"
+  $_id   = "mpm_${mpm}_module"
+
+  if $::osfamily == 'Suse' {
+    #mpms on Suse 12 don't use .so libraries so create a placeholder load file
+    if versioncmp($apache_version, '2.4') >= 0 {
+      file { "${mod_dir}/${mpm}.load":
+        ensure  => file,
+        path    => "${mod_dir}/${mpm}.load",
+        content => '',
+        require => [
+          Package['httpd'],
+          Exec["mkdir ${mod_dir}"],
+        ],
+        before  => File[$mod_dir],
+        notify  => Class['apache::service'],
+      }
+    }
+  } else {
+    if versioncmp($apache_version, '2.4') >= 0 {
+      file { "${mod_dir}/${mpm}.load":
+        ensure  => file,
+        path    => "${mod_dir}/${mpm}.load",
+        content => "LoadModule ${_id} ${_path}\n",
+        require => [
+          Package['httpd'],
+          Exec["mkdir ${mod_dir}"],
+        ],
+        before  => File[$mod_dir],
+        notify  => Class['apache::service'],
+      }
+    }
+  }
+
+  case $::osfamily {
+    'debian': {
+      file { "${apache::mod_enable_dir}/${mpm}.conf":
+        ensure  => link,
+        target  => "${apache::mod_dir}/${mpm}.conf",
+        require => Exec["mkdir ${apache::mod_enable_dir}"],
+        before  => File[$apache::mod_enable_dir],
+        notify  => Class['apache::service'],
+      }
+
+      if versioncmp($apache_version, '2.4') >= 0 {
+        file { "${apache::mod_enable_dir}/${mpm}.load":
+          ensure  => link,
+          target  => "${apache::mod_dir}/${mpm}.load",
+          require => Exec["mkdir ${apache::mod_enable_dir}"],
+          before  => File[$apache::mod_enable_dir],
+          notify  => Class['apache::service'],
+        }
+
+        if $mpm == 'itk' {
+          file { "${lib_path}/mod_mpm_itk.so":
+            ensure  => link,
+            target  => "${lib_path}/mpm_itk.so",
+            require => Package['httpd'],
+            before  => Class['apache::service'],
+          }
+        }
+      } else {
+        package { "apache2-mpm-${mpm}":
+          ensure => present,
+          before => [
+            Class['apache::service'],
+            File[$apache::mod_enable_dir],
+          ],
+        }
+      }
+
+      if $mpm == 'itk' {
+        include apache::mpm::disable_mpm_event
+        include apache::mpm::disable_mpm_worker
+
+        package { 'libapache2-mpm-itk':
+          ensure => present,
+          before => [
+            Class['apache::service'],
+            File[$apache::mod_enable_dir],
+          ],
+        }
+      }
+
+      if $mpm == 'prefork' {
+        if ( ( $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease,'18.04') >= 0 ) or $::operatingsystem == 'Debian' ) {
+          include apache::mpm::disable_mpm_event
+          include apache::mpm::disable_mpm_worker
+        }
+      }
+
+      if $mpm == 'worker' {
+        if ( ( $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease,'18.04') >= 0 ) or $::operatingsystem == 'Debian' ) {
+          include apache::mpm::disable_mpm_event
+          include apache::mpm::disable_mpm_prefork
+        }
+      }
+    }
+
+    'freebsd': {
+      class { 'apache::package':
+        mpm_module => $mpm,
+      }
+    }
+    'gentoo': {
+      # so we don't fail
+    }
+    'redhat': {
+      # so we don't fail
+    }
+    'Suse': {
+      file { "${apache::mod_enable_dir}/${mpm}.conf":
+        ensure  => link,
+        target  => "${apache::mod_dir}/${mpm}.conf",
+        require => Exec["mkdir ${apache::mod_enable_dir}"],
+        before  => File[$apache::mod_enable_dir],
+        notify  => Class['apache::service'],
+      }
+
+      if versioncmp($apache_version, '2.4') >= 0 {
+        file { "${apache::mod_enable_dir}/${mpm}.load":
+          ensure  => link,
+          target  => "${apache::mod_dir}/${mpm}.load",
+          require => Exec["mkdir ${apache::mod_enable_dir}"],
+          before  => File[$apache::mod_enable_dir],
+          notify  => Class['apache::service'],
+        }
+
+        if $mpm == 'itk' {
+          file { "${lib_path}/mod_mpm_itk.so":
+            ensure => link,
+            target => "${lib_path}/mpm_itk.so",
+          }
+        }
+      }
+
+      package { "apache2-${mpm}":
+        ensure => present,
+      }
+    }
+    default: {
+      fail("Unsupported osfamily ${::osfamily}")
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mpm/disable_mpm_event.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mpm/disable_mpm_event.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/manifests/mpm/disable_mpm_event.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/manifests/mpm/disable_mpm_event.pp
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mpm/disable_mpm_prefork.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mpm/disable_mpm_prefork.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/manifests/mpm/disable_mpm_prefork.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/manifests/mpm/disable_mpm_prefork.pp
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mpm/disable_mpm_worker.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/mpm/disable_mpm_worker.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/manifests/mpm/disable_mpm_worker.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/manifests/mpm/disable_mpm_worker.pp
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/namevirtualhost.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/namevirtualhost.pp
new file mode 100644
index 000000000..246df53dd
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/namevirtualhost.pp
@@ -0,0 +1,15 @@
+# @summary
+#   Enables name-based virtual hosts 
+#
+# Adds all related directives to the `ports.conf` file in the Apache HTTPD configuration 
+# directory. Titles can take the forms `\*`, `\*:\<PORT\>`, `\_default\_:\<PORT\>`, 
+# `\<IP\>`, or `\<IP\>:\<PORT\>`.
+define apache::namevirtualhost {
+  $addr_port = $name
+
+  # Template uses: $addr_port
+  concat::fragment { "NameVirtualHost ${addr_port}":
+    target  => $apache::ports_file,
+    content => template('apache/namevirtualhost.erb'),
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/package.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/package.pp
new file mode 100644
index 000000000..684995ea3
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/package.pp
@@ -0,0 +1,40 @@
+# @summary
+#   Installs an Apache MPM.
+#
+# @api private
+class apache::package (
+  $ensure     = 'present',
+  $mpm_module = $apache::params::mpm_module,
+) inherits ::apache::params {
+  # The base class must be included first because it is used by parameter defaults
+  if ! defined(Class['apache']) {
+    fail('You must include the apache base class before using any apache defined resources')
+  }
+
+  case $::osfamily {
+    'FreeBSD': {
+      case $mpm_module {
+        'prefork': {
+        }
+        'worker': {
+        }
+        'event': {
+        }
+        'itk': {
+          package { 'www/mod_mpm_itk':
+            ensure => installed,
+          }
+        }
+        default: { fail("MPM module ${mpm_module} not supported on FreeBSD") }
+      }
+    }
+    default: {
+    }
+  }
+
+  package { 'httpd':
+    ensure => $ensure,
+    name   => $apache::apache_name,
+    notify => Class['Apache::Service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/params.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/params.pp
new file mode 100644
index 000000000..79313de8b
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/params.pp
@@ -0,0 +1,789 @@
+# @summary
+#   This class manages Apache parameters
+#
+# @api private
+class apache::params inherits ::apache::version {
+  if($::fqdn) {
+    $servername = $::fqdn
+  } else {
+    $servername = $::hostname
+  }
+
+  # The default error log level
+  $log_level = 'warn'
+  $use_optional_includes = false
+
+  # Default mime types settings
+  $mime_types_additional = {
+    'AddHandler'      => { 'type-map'  => 'var', },
+    'AddType'         => { 'text/html' => '.shtml', },
+    'AddOutputFilter' => { 'INCLUDES'  => '.shtml', },
+  }
+
+  # should we use systemd module?
+  $use_systemd = true
+
+  # Default mode for files
+  $file_mode = '0644'
+
+  # The default value for host hame lookup
+  $hostname_lookups = 'Off'
+
+  # Default options for / directory
+  $root_directory_options = ['FollowSymLinks']
+
+  $vhost_include_pattern = '*'
+
+  $modsec_audit_log_parts = 'ABIJDEFHZ'
+  $modsec_audit_log_type = 'Serial'
+  $modsec_custom_rules = false
+  $modsec_custom_rules_set = undef
+
+  # no client certs should be trusted for auth by default.
+  $ssl_certs_dir          = undef
+
+  # Allow overriding the autoindex alias location
+  $icons_prefix = 'icons'
+
+  if ($apache::version::scl_httpd_version) {
+    if $apache::version::scl_php_version == undef {
+      fail('If you define apache::version::scl_httpd_version, you also need to specify apache::version::scl_php_version')
+    }
+    $_scl_httpd_version_nodot = regsubst($apache::version::scl_httpd_version, '\.', '')
+    $_scl_httpd_name = "httpd${_scl_httpd_version_nodot}"
+
+    $_scl_php_version_no_dot = regsubst($apache::version::scl_php_version, '\.', '')
+    $user                 = 'apache'
+    $group                = 'apache'
+    $root_group           = 'root'
+    $apache_name          = "${_scl_httpd_name}-httpd"
+    $service_name         = "${_scl_httpd_name}-httpd"
+    $httpd_root           = "/opt/rh/${_scl_httpd_name}/root"
+    $httpd_dir            = "${httpd_root}/etc/httpd"
+    $server_root          = "${httpd_root}/etc/httpd"
+    $conf_dir             = "${httpd_dir}/conf"
+    $confd_dir            = "${httpd_dir}/conf.d"
+    $puppet_ssl_dir       = "${httpd_dir}/puppet_ssl"
+    $mod_dir              = $facts['operatingsystemmajrelease'] ? {
+      '7'     => "${httpd_dir}/conf.modules.d",
+      default => "${httpd_dir}/conf.d",
+    }
+    $mod_enable_dir       = undef
+    $vhost_dir            = "${httpd_dir}/conf.d"
+    $vhost_enable_dir     = undef
+    $conf_file            = 'httpd.conf'
+    $conf_enabled         = undef
+    $ports_file           = "${conf_dir}/ports.conf"
+    $pidfile              = 'run/httpd.pid'
+    $logroot              = "/var/log/${_scl_httpd_name}"
+    $logroot_mode         = undef
+    $lib_path             = 'modules'
+    $mpm_module           = 'prefork'
+    $dev_packages         = "${_scl_httpd_name}-httpd-devel"
+    $default_ssl_cert     = '/etc/pki/tls/certs/localhost.crt'
+    $default_ssl_key      = '/etc/pki/tls/private/localhost.key'
+    $ssl_sessioncache     = '/var/cache/mod_ssl/scache(512000)'
+    $passenger_conf_file  = 'passenger_extra.conf'
+    $passenger_conf_package_file = 'passenger.conf'
+    $passenger_root       = undef
+    $passenger_ruby       = undef
+    $passenger_default_ruby = undef
+    $suphp_addhandler     = 'php5-script'
+    $suphp_engine         = 'off'
+    $suphp_configpath     = undef
+    $php_version          = $apache::version::scl_php_version
+    $mod_packages         = {
+      'authnz_ldap' => "${_scl_httpd_name}-mod_ldap",
+      'ldap' => "${_scl_httpd_name}-mod_ldap",
+      "php${apache::version::scl_php_version}" => "rh-php${_scl_php_version_no_dot}-php",
+      'ssl'                   => "${_scl_httpd_name}-mod_ssl",
+    }
+    $mod_libs             = {
+      'nss' => 'libmodnss.so',
+    }
+    $conf_template        = 'apache/httpd.conf.erb'
+    $http_protocol_options  = undef
+    $keepalive            = 'On'
+    $keepalive_timeout    = 15
+    $max_keepalive_requests = 100
+    $fastcgi_lib_path     = undef
+    $mime_support_package = 'mailcap'
+    $mime_types_config    = '/etc/mime.types'
+    $docroot              = "${httpd_root}/var/www/html"
+    $alias_icons_path     = $facts['operatingsystemmajrelease'] ? {
+      '7'     => "${httpd_root}/usr/share/httpd/icons",
+      default => '/var/www/icons',
+    }
+    $error_documents_path = $facts['operatingsystemmajrelease'] ? {
+      '7'     => "${httpd_root}/usr/share/httpd/error",
+      default => '/var/www/error'
+    }
+    if $::osfamily == 'RedHat' {
+      $wsgi_socket_prefix = '/var/run/wsgi'
+    } else {
+      $wsgi_socket_prefix = undef
+    }
+    $cas_cookie_path      = '/var/cache/mod_auth_cas/'
+    $mellon_lock_file     = '/run/mod_auth_mellon/lock'
+    $mellon_cache_size    = 100
+    $mellon_post_directory = undef
+    $modsec_version       = 1
+    $modsec_crs_package   = 'mod_security_crs'
+    $modsec_crs_path      = '/usr/lib/modsecurity.d'
+    $modsec_dir           = '/etc/httpd/modsecurity.d'
+    $secpcrematchlimit = 1500
+    $secpcrematchlimitrecursion = 1500
+    $modsec_secruleengine = 'On'
+    $modsec_default_rules = [
+      'base_rules/modsecurity_35_bad_robots.data',
+      'base_rules/modsecurity_35_scanners.data',
+      'base_rules/modsecurity_40_generic_attacks.data',
+      'base_rules/modsecurity_50_outbound.data',
+      'base_rules/modsecurity_50_outbound_malware.data',
+      'base_rules/modsecurity_crs_20_protocol_violations.conf',
+      'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
+      'base_rules/modsecurity_crs_23_request_limits.conf',
+      'base_rules/modsecurity_crs_30_http_policy.conf',
+      'base_rules/modsecurity_crs_35_bad_robots.conf',
+      'base_rules/modsecurity_crs_40_generic_attacks.conf',
+      'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
+      'base_rules/modsecurity_crs_41_xss_attacks.conf',
+      'base_rules/modsecurity_crs_42_tight_security.conf',
+      'base_rules/modsecurity_crs_45_trojans.conf',
+      'base_rules/modsecurity_crs_47_common_exceptions.conf',
+      'base_rules/modsecurity_crs_49_inbound_blocking.conf',
+      'base_rules/modsecurity_crs_50_outbound.conf',
+      'base_rules/modsecurity_crs_59_outbound_blocking.conf',
+      'base_rules/modsecurity_crs_60_correlation.conf',
+    ]
+    $error_log           = 'error_log'
+    $scriptalias         = "${httpd_root}/var/www/cgi-bin"
+    $access_log_file     = 'access_log'
+  }
+  elsif $::osfamily == 'RedHat' or $::operatingsystem =~ /^[Aa]mazon$/ {
+    $user                 = 'apache'
+    $group                = 'apache'
+    $root_group           = 'root'
+    $apache_name          = 'httpd'
+    $service_name         = 'httpd'
+    $httpd_dir            = '/etc/httpd'
+    $server_root          = '/etc/httpd'
+    $conf_dir             = "${httpd_dir}/conf"
+    $confd_dir            = "${httpd_dir}/conf.d"
+    $puppet_ssl_dir       = "${httpd_dir}/puppet_ssl"
+    $conf_enabled         = undef
+    if $::operatingsystem =~ /^[Aa]mazon$/ and $::operatingsystemmajrelease == '2' {
+      # Amazon Linux 2 uses the /conf.modules.d/ dir
+      $mod_dir            = "${httpd_dir}/conf.modules.d"
+    } else {
+      $mod_dir              = $facts['operatingsystemmajrelease'] ? {
+        '6'     => "${httpd_dir}/conf.d",
+        default => "${httpd_dir}/conf.modules.d",
+      }
+    }
+    $mod_enable_dir       = undef
+    $vhost_dir            = "${httpd_dir}/conf.d"
+    $vhost_enable_dir     = undef
+    $conf_file            = 'httpd.conf'
+    $ports_file           = "${conf_dir}/ports.conf"
+    $pidfile              = 'run/httpd.pid'
+    $logroot              = '/var/log/httpd'
+    $logroot_mode         = undef
+    $lib_path             = 'modules'
+    $mpm_module           = 'prefork'
+    $dev_packages         = 'httpd-devel'
+    $default_ssl_cert     = '/etc/pki/tls/certs/localhost.crt'
+    $default_ssl_key      = '/etc/pki/tls/private/localhost.key'
+    $ssl_sessioncache     = '/var/cache/mod_ssl/scache(512000)'
+    $passenger_conf_file  = 'passenger_extra.conf'
+    $passenger_conf_package_file = 'passenger.conf'
+    $passenger_root       = undef
+    $passenger_ruby       = undef
+    $passenger_default_ruby = undef
+    $suphp_addhandler     = 'php5-script'
+    $suphp_engine         = 'off'
+    $suphp_configpath     = undef
+    $php_version = $facts['operatingsystemmajrelease'] ? {
+      '8'     => '7', # RedHat8
+      default => '5', # RedHat5, RedHat6, RedHat7
+    }
+    $mod_packages         = {
+      # NOTE: The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL.
+      'auth_cas'              => 'mod_auth_cas',
+      'auth_kerb'             => 'mod_auth_kerb',
+      'auth_gssapi'           => 'mod_auth_gssapi',
+      'auth_mellon'           => 'mod_auth_mellon',
+      'auth_openidc'          => 'mod_auth_openidc',
+      'authnz_ldap'           => $facts['operatingsystemmajrelease'] ? {
+        '6'     => 'mod_authz_ldap',
+        default => 'mod_ldap',
+      },
+      'authnz_pam'            => 'mod_authnz_pam',
+      'fastcgi'               => $facts['operatingsystemmajrelease'] ? {
+        '5'     => 'mod_fastcgi',
+        '6'     => 'mod_fastcgi',
+        default => undef,
+      },
+      'fcgid'                 => 'mod_fcgid',
+      'geoip'                 => 'mod_geoip',
+      'intercept_form_submit' => 'mod_intercept_form_submit',
+      'ldap'                  => $facts['operatingsystemmajrelease'] ? {
+        '5'     => undef,
+        '6'     => undef,
+        default => 'mod_ldap',
+      },
+      'lookup_identity'       => 'mod_lookup_identity',
+      'md'                    => 'mod_md',
+      'pagespeed'             => 'mod-pagespeed-stable',
+      # NOTE: The passenger module isn't available on RH/CentOS without
+      # providing dependency packages provided by EPEL and passenger
+      # repositories. See
+      # https://www.phusionpassenger.com/library/install/apache/install/oss/el7/
+      'passenger'             => 'mod_passenger',
+      'perl'                  => 'mod_perl',
+      'php5'                  => $facts['operatingsystemmajrelease'] ? {
+        '5'     => 'php53',
+        default => 'php',
+      },
+      'phpXXX'                => 'php',
+      'proxy_html'            => 'mod_proxy_html',
+      'python'                => 'mod_python',
+      'security'              => 'mod_security',
+      # NOTE: The module for Shibboleth is not available on RH/CentOS without
+      # providing dependency packages provided by Shibboleth's repositories.
+      # See http://wiki.aaf.edu.au/tech-info/sp-install-guide
+      'shibboleth'            => 'shibboleth',
+      'ssl'                   => 'mod_ssl',
+      'wsgi'                  => $facts['operatingsystemmajrelease'] ? {
+        '6'     => 'mod_wsgi',         # RedHat6
+        '7'     => 'mod_wsgi',         # RedHat7
+        default => 'python3-mod_wsgi', # RedHat8+
+      },
+      'dav_svn'               => 'mod_dav_svn',
+      'suphp'                 => 'mod_suphp',
+      'xsendfile'             => 'mod_xsendfile',
+      'nss'                   => 'mod_nss',
+      'shib2'                 => 'shibboleth',
+    }
+    $mod_libs             = {
+      'nss' => 'libmodnss.so',
+      'wsgi'                  => $facts['operatingsystemmajrelease'] ? {
+        '6'     => 'mod_wsgi.so',
+        '7'     => 'mod_wsgi.so',
+        default => 'mod_wsgi_python3.so',
+      },
+    }
+    $conf_template        = 'apache/httpd.conf.erb'
+    $http_protocol_options  = undef
+    $keepalive            = 'On'
+    $keepalive_timeout    = 15
+    $max_keepalive_requests = 100
+    $fastcgi_lib_path     = undef
+    $mime_support_package = 'mailcap'
+    $mime_types_config    = '/etc/mime.types'
+    $docroot              = '/var/www/html'
+    $alias_icons_path     = $facts['operatingsystemmajrelease'] ? {
+      '6'     => '/var/www/icons',
+      default => '/usr/share/httpd/icons',
+    }
+    $error_documents_path = $facts['operatingsystemmajrelease'] ? {
+      '6'     => '/var/www/error',
+      default => '/usr/share/httpd/error',
+    }
+    if $::osfamily == 'RedHat' {
+      $wsgi_socket_prefix = '/var/run/wsgi'
+    } else {
+      $wsgi_socket_prefix = undef
+    }
+    $cas_cookie_path      = '/var/cache/mod_auth_cas/'
+    $mellon_lock_file     = '/run/mod_auth_mellon/lock'
+    $mellon_cache_size    = 100
+    $mellon_post_directory = undef
+    $modsec_version       = 1
+    $modsec_crs_package   = 'mod_security_crs'
+    $modsec_crs_path      = '/usr/lib/modsecurity.d'
+    $modsec_dir           = '/etc/httpd/modsecurity.d'
+    $secpcrematchlimit = 1500
+    $secpcrematchlimitrecursion = 1500
+    $modsec_secruleengine = 'On'
+    $modsec_default_rules = [
+      'base_rules/modsecurity_35_bad_robots.data',
+      'base_rules/modsecurity_35_scanners.data',
+      'base_rules/modsecurity_40_generic_attacks.data',
+      'base_rules/modsecurity_50_outbound.data',
+      'base_rules/modsecurity_50_outbound_malware.data',
+      'base_rules/modsecurity_crs_20_protocol_violations.conf',
+      'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
+      'base_rules/modsecurity_crs_23_request_limits.conf',
+      'base_rules/modsecurity_crs_30_http_policy.conf',
+      'base_rules/modsecurity_crs_35_bad_robots.conf',
+      'base_rules/modsecurity_crs_40_generic_attacks.conf',
+      'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
+      'base_rules/modsecurity_crs_41_xss_attacks.conf',
+      'base_rules/modsecurity_crs_42_tight_security.conf',
+      'base_rules/modsecurity_crs_45_trojans.conf',
+      'base_rules/modsecurity_crs_47_common_exceptions.conf',
+      'base_rules/modsecurity_crs_49_inbound_blocking.conf',
+      'base_rules/modsecurity_crs_50_outbound.conf',
+      'base_rules/modsecurity_crs_59_outbound_blocking.conf',
+      'base_rules/modsecurity_crs_60_correlation.conf',
+    ]
+    $error_log           = 'error_log'
+    $scriptalias         = '/var/www/cgi-bin'
+    $access_log_file     = 'access_log'
+  } elsif $::osfamily == 'Debian' {
+    $user                = 'www-data'
+    $group               = 'www-data'
+    $root_group          = 'root'
+    $apache_name         = 'apache2'
+    $service_name        = 'apache2'
+    $httpd_dir           = '/etc/apache2'
+    $server_root         = '/etc/apache2'
+    $conf_dir            = $httpd_dir
+    $confd_dir           = "${httpd_dir}/conf.d"
+    # Overwrite conf_enabled causes errors with Shibboleth when enabled on Ubuntu 18.04
+    $conf_enabled        = undef #"${httpd_dir}/conf-enabled.d"
+    $puppet_ssl_dir      = "${httpd_dir}/puppet_ssl"
+    $mod_dir             = "${httpd_dir}/mods-available"
+    $mod_enable_dir      = "${httpd_dir}/mods-enabled"
+    $vhost_dir           = "${httpd_dir}/sites-available"
+    $vhost_enable_dir    = "${httpd_dir}/sites-enabled"
+    $conf_file           = 'apache2.conf'
+    $ports_file          = "${conf_dir}/ports.conf"
+    $pidfile             = "\${APACHE_PID_FILE}"
+    $logroot             = '/var/log/apache2'
+    $logroot_mode        = undef
+    $lib_path            = '/usr/lib/apache2/modules'
+    $mpm_module          = 'worker'
+    $default_ssl_cert    = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+    $default_ssl_key     = '/etc/ssl/private/ssl-cert-snakeoil.key'
+    $ssl_sessioncache    = "\${APACHE_RUN_DIR}/ssl_scache(512000)"
+    $suphp_addhandler    = 'x-httpd-php'
+    $suphp_engine        = 'off'
+    $suphp_configpath    = '/etc/php5/apache2'
+    if ($::operatingsystem == 'Ubuntu') or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemmajrelease, '11') < 0) {
+      $php_version = $facts['operatingsystemmajrelease'] ? {
+        '9'     => '7.0', # Debian Stretch
+        '16.04' => '7.0', # Ubuntu Xenial
+        '10'    => '7.3', # Debian Buster
+        '20.04' => '7.4', # Ubuntu Foccal Fossal
+        default => '7.2', # Ubuntu Bionic, Cosmic and Disco
+      }
+      $mod_packages = {
+        'apreq2'                => 'libapache2-mod-apreq2',
+        'auth_cas'              => 'libapache2-mod-auth-cas',
+        'auth_kerb'             => 'libapache2-mod-auth-kerb',
+        'auth_openidc'          => 'libapache2-mod-auth-openidc',
+        'auth_gssapi'           => 'libapache2-mod-auth-gssapi',
+        'auth_mellon'           => 'libapache2-mod-auth-mellon',
+        'authnz_pam'            => 'libapache2-mod-authnz-pam',
+        'dav_svn'               => 'libapache2-mod-svn',
+        'fastcgi'               => 'libapache2-mod-fastcgi',
+        'fcgid'                 => 'libapache2-mod-fcgid',
+        'geoip'                 => 'libapache2-mod-geoip',
+        'intercept_form_submit' => 'libapache2-mod-intercept-form-submit',
+        'jk'                    => 'libapache2-mod-jk',
+        'lookup_identity'       => 'libapache2-mod-lookup-identity',
+        'nss'                   => 'libapache2-mod-nss',
+        'pagespeed'             => 'mod-pagespeed-stable',
+        'passenger'             => 'libapache2-mod-passenger',
+        'perl'                  => 'libapache2-mod-perl2',
+        'phpXXX'                => 'libapache2-mod-phpXXX',
+        'python'                => 'libapache2-mod-python',
+        'rpaf'                  => 'libapache2-mod-rpaf',
+        'security'              => 'libapache2-mod-security2',
+        'shib2'                 => 'libapache2-mod-shib2',
+        'wsgi'                  => 'libapache2-mod-wsgi',
+        'xsendfile'             => 'libapache2-mod-xsendfile',
+      }
+    } else {
+      $php_version = $facts['operatingsystemmajrelease'] ? {
+        default => '7.4', # Debian Bullseye
+      }
+      $mod_packages = {
+        'apreq2'                => 'libapache2-mod-apreq2',
+        'auth_cas'              => 'libapache2-mod-auth-cas',
+        'auth_kerb'             => 'libapache2-mod-auth-kerb',
+        'auth_openidc'          => 'libapache2-mod-auth-openidc',
+        'auth_gssapi'           => 'libapache2-mod-auth-gssapi',
+        'auth_mellon'           => 'libapache2-mod-auth-mellon',
+        'authnz_pam'            => 'libapache2-mod-authnz-pam',
+        'dav_svn'               => 'libapache2-mod-svn',
+        'fastcgi'               => 'libapache2-mod-fastcgi',
+        'fcgid'                 => 'libapache2-mod-fcgid',
+        'geoip'                 => 'libapache2-mod-geoip',
+        'intercept_form_submit' => 'libapache2-mod-intercept-form-submit',
+        'jk'                    => 'libapache2-mod-jk',
+        'lookup_identity'       => 'libapache2-mod-lookup-identity',
+        'nss'                   => 'libapache2-mod-nss',
+        'pagespeed'             => 'mod-pagespeed-stable',
+        'passenger'             => 'libapache2-mod-passenger',
+        'perl'                  => 'libapache2-mod-perl2',
+        'phpXXX'                => 'libapache2-mod-phpXXX',
+        'python'                => 'libapache2-mod-python',
+        'rpaf'                  => 'libapache2-mod-rpaf',
+        'security'              => 'libapache2-mod-security2',
+        'shib2'                 => 'libapache2-mod-shib',
+        'wsgi'                  => 'libapache2-mod-wsgi-py3',
+        'xsendfile'             => 'libapache2-mod-xsendfile',
+      }
+    }
+
+    $error_log           = 'error.log'
+    $scriptalias         = '/usr/lib/cgi-bin'
+    $access_log_file     = 'access.log'
+    if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '19.04') < 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '10') < 0) {
+      $shib2_lib = 'mod_shib2.so'
+    } else {
+      $shib2_lib = 'mod_shib.so'
+    }
+    $mod_libs             = {
+      'shib2' => $shib2_lib,
+    }
+    $conf_template          = 'apache/httpd.conf.erb'
+    $http_protocol_options  = undef
+    $keepalive              = 'On'
+    $keepalive_timeout      = 15
+    $max_keepalive_requests = 100
+    $fastcgi_lib_path       = '/var/lib/apache2/fastcgi'
+    $mime_support_package = 'mime-support'
+    $mime_types_config    = '/etc/mime.types'
+    $docroot              = '/var/www/html'
+    $cas_cookie_path      = '/var/cache/apache2/mod_auth_cas/'
+    $mellon_lock_file     = undef
+    $mellon_cache_size    = undef
+    $mellon_post_directory = '/var/cache/apache2/mod_auth_mellon/'
+    $modsec_version       = 1
+    $modsec_crs_package   = 'modsecurity-crs'
+    $modsec_crs_path      = '/usr/share/modsecurity-crs'
+    $modsec_dir           = '/etc/modsecurity'
+    $secpcrematchlimit = 1500
+    $secpcrematchlimitrecursion = 1500
+    $modsec_secruleengine = 'On'
+    if ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) {
+      $modsec_default_rules = [
+        'crawlers-user-agents.data',
+        'iis-errors.data',
+        'java-code-leakages.data',
+        'java-errors.data',
+        'lfi-os-files.data',
+        'php-config-directives.data',
+        'php-errors.data',
+        'php-function-names-933150.data',
+        'php-function-names-933151.data',
+        'php-variables.data',
+        'restricted-files.data',
+        'scanners-headers.data',
+        'scanners-urls.data',
+        'scanners-user-agents.data',
+        'scripting-user-agents.data',
+        'sql-errors.data',
+        'sql-function-names.data',
+        'unix-shell.data',
+        'windows-powershell-commands.data',
+      ]
+    } else {
+      $modsec_default_rules = [
+        'base_rules/modsecurity_35_bad_robots.data',
+        'base_rules/modsecurity_35_scanners.data',
+        'base_rules/modsecurity_40_generic_attacks.data',
+        'base_rules/modsecurity_50_outbound.data',
+        'base_rules/modsecurity_50_outbound_malware.data',
+        'base_rules/modsecurity_crs_20_protocol_violations.conf',
+        'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
+        'base_rules/modsecurity_crs_23_request_limits.conf',
+        'base_rules/modsecurity_crs_30_http_policy.conf',
+        'base_rules/modsecurity_crs_35_bad_robots.conf',
+        'base_rules/modsecurity_crs_40_generic_attacks.conf',
+        'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
+        'base_rules/modsecurity_crs_41_xss_attacks.conf',
+        'base_rules/modsecurity_crs_42_tight_security.conf',
+        'base_rules/modsecurity_crs_45_trojans.conf',
+        'base_rules/modsecurity_crs_47_common_exceptions.conf',
+        'base_rules/modsecurity_crs_49_inbound_blocking.conf',
+        'base_rules/modsecurity_crs_50_outbound.conf',
+        'base_rules/modsecurity_crs_59_outbound_blocking.conf',
+        'base_rules/modsecurity_crs_60_correlation.conf',
+      ]
+    }
+    $alias_icons_path     = '/usr/share/apache2/icons'
+    $error_documents_path = '/usr/share/apache2/error'
+    $dev_packages        = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev']
+
+    #
+    # Passenger-specific settings
+    #
+
+    $passenger_conf_file         = 'passenger.conf'
+    $passenger_conf_package_file = undef
+    $passenger_root         = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
+    $passenger_ruby         = undef
+    $passenger_default_ruby = '/usr/bin/ruby'
+    $wsgi_socket_prefix = undef
+  } elsif $::osfamily == 'FreeBSD' {
+    $user             = 'www'
+    $group            = 'www'
+    $root_group       = 'wheel'
+    $apache_name      = 'apache24'
+    $service_name     = 'apache24'
+    $httpd_dir        = '/usr/local/etc/apache24'
+    $server_root      = '/usr/local'
+    $conf_dir         = $httpd_dir
+    $confd_dir        = "${httpd_dir}/Includes"
+    $conf_enabled     = undef
+    $puppet_ssl_dir   = "${httpd_dir}/puppet_ssl"
+    $mod_dir          = "${httpd_dir}/Modules"
+    $mod_enable_dir   = undef
+    $vhost_dir        = "${httpd_dir}/Vhosts"
+    $vhost_enable_dir = undef
+    $conf_file        = 'httpd.conf'
+    $ports_file       = "${conf_dir}/ports.conf"
+    $pidfile          = '/var/run/httpd.pid'
+    $logroot          = '/var/log/apache24'
+    $logroot_mode     = undef
+    $lib_path         = '/usr/local/libexec/apache24'
+    $mpm_module       = 'prefork'
+    $dev_packages     = undef
+    $default_ssl_cert = '/usr/local/etc/apache24/server.crt'
+    $default_ssl_key  = '/usr/local/etc/apache24/server.key'
+    $ssl_sessioncache  = '/var/run/ssl_scache(512000)'
+    $passenger_conf_file = 'passenger.conf'
+    $passenger_conf_package_file = undef
+    $passenger_root   = '/usr/local/lib/ruby/gems/2.0/gems/passenger-4.0.58'
+    $passenger_ruby   = '/usr/local/bin/ruby'
+    $passenger_default_ruby = undef
+    $suphp_addhandler = 'php5-script'
+    $suphp_engine     = 'off'
+    $suphp_configpath = undef
+    $php_version      = '5'
+    $mod_packages     = {
+      # NOTE: I list here only modules that are not included in www/apache24
+      # NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config
+      # NOTE: 'php' needs to enable APACHE option in make config
+      # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config
+      # NOTE: not sure where the shibboleth should come from
+      'auth_kerb'   => 'www/mod_auth_kerb2',
+      'auth_gssapi' => 'www/mod_auth_gssapi',
+      'auth_openidc'=> 'www/mod_auth_openidc',
+      'fcgid'       => 'www/mod_fcgid',
+      'passenger'   => 'www/rubygem-passenger',
+      'perl'        => 'www/mod_perl2',
+      'phpXXX'      => 'www/mod_phpXXX',
+      'proxy_html'  => 'www/mod_proxy_html',
+      'python'      => 'www/mod_python3',
+      'wsgi'        => 'www/mod_wsgi',
+      'dav_svn'     => 'devel/subversion',
+      'xsendfile'   => 'www/mod_xsendfile',
+      'rpaf'        => 'www/mod_rpaf2',
+      'shib2'       => 'security/shibboleth2-sp',
+    }
+    $mod_libs         = {
+    }
+    $conf_template        = 'apache/httpd.conf.erb'
+    $http_protocol_options = undef
+    $keepalive            = 'On'
+    $keepalive_timeout    = 15
+    $max_keepalive_requests = 100
+    $fastcgi_lib_path     = undef # TODO: revisit
+    $mime_support_package = 'misc/mime-support'
+    $mime_types_config    = '/usr/local/etc/mime.types'
+    $wsgi_socket_prefix   = undef
+    $docroot              = '/usr/local/www/apache24/data'
+    $alias_icons_path     = '/usr/local/www/apache24/icons'
+    $error_documents_path = '/usr/local/www/apache24/error'
+    $error_log            = 'httpd-error.log'
+    $scriptalias          = '/usr/local/www/apache24/cgi-bin'
+    $access_log_file      = 'httpd-access.log'
+  } elsif $::osfamily == 'Gentoo' {
+    $user             = 'apache'
+    $group            = 'apache'
+    $root_group       = 'wheel'
+    $apache_name      = 'www-servers/apache'
+    $service_name     = 'apache2'
+    $httpd_dir        = '/etc/apache2'
+    $server_root      = '/var/www'
+    $conf_dir         = $httpd_dir
+    $confd_dir        = "${httpd_dir}/conf.d"
+    $conf_enabled     = undef
+    $puppet_ssl_dir   = "${httpd_dir}/puppet_ssl"
+    $mod_dir          = "${httpd_dir}/modules.d"
+    $mod_enable_dir   = undef
+    $vhost_dir        = "${httpd_dir}/vhosts.d"
+    $vhost_enable_dir = undef
+    $conf_file        = 'httpd.conf'
+    $ports_file       = "${conf_dir}/ports.conf"
+    $logroot          = '/var/log/apache2'
+    $logroot_mode     = undef
+    $lib_path         = '/usr/lib/apache2/modules'
+    $mpm_module       = 'prefork'
+    $dev_packages     = undef
+    $default_ssl_cert = '/etc/ssl/apache2/server.crt'
+    $default_ssl_key  = '/etc/ssl/apache2/server.key'
+    $ssl_sessioncache  = '/var/run/ssl_scache(512000)'
+    $passenger_root   = '/usr'
+    $passenger_ruby   = '/usr/bin/ruby'
+    $passenger_conf_file = 'passenger.conf'
+    $passenger_conf_package_file = undef
+    $passenger_default_ruby = undef
+    $suphp_addhandler = 'x-httpd-php'
+    $suphp_engine     = 'off'
+    $suphp_configpath = '/etc/php5/apache2'
+    $php_version      = '5'
+    $mod_packages     = {
+      # NOTE: I list here only modules that are not included in www-servers/apache
+      'auth_kerb'       => 'www-apache/mod_auth_kerb',
+      'auth_gssapi'     => 'www-apache/mod_auth_gssapi',
+      'authnz_external' => 'www-apache/mod_authnz_external',
+      'fcgid'           => 'www-apache/mod_fcgid',
+      'passenger'       => 'www-apache/passenger',
+      'perl'            => 'www-apache/mod_perl',
+      'phpXXX'          => 'dev-lang/php',
+      'proxy_html'      => 'www-apache/mod_proxy_html',
+      'proxy_fcgi'      => 'www-apache/mod_proxy_fcgi',
+      'python'          => 'www-apache/mod_python',
+      'wsgi'            => 'www-apache/mod_wsgi',
+      'dav_svn'         => 'dev-vcs/subversion',
+      'xsendfile'       => 'www-apache/mod_xsendfile',
+      'rpaf'            => 'www-apache/mod_rpaf',
+      'xml2enc'         => 'www-apache/mod_xml2enc',
+    }
+    $mod_libs         = {
+    }
+    $conf_template        = 'apache/httpd.conf.erb'
+    $http_protocol_options = undef
+    $keepalive            = 'On'
+    $keepalive_timeout    = 15
+    $max_keepalive_requests = 100
+    $fastcgi_lib_path     = undef # TODO: revisit
+    $mime_support_package = 'app-misc/mime-types'
+    $mime_types_config    = '/etc/mime.types'
+    $wsgi_socket_prefix   = undef
+    $docroot              = '/var/www/localhost/htdocs'
+    $alias_icons_path     = '/usr/share/apache2/icons'
+    $error_documents_path = '/usr/share/apache2/error'
+    $pidfile              = '/var/run/apache2.pid'
+    $error_log            = 'error.log'
+    $scriptalias          = '/var/www/localhost/cgi-bin'
+    $access_log_file      = 'access.log'
+  } elsif $::osfamily == 'Suse' {
+    $user                = 'wwwrun'
+    $group               = 'www'
+    $root_group          = 'root'
+    $apache_name         = 'apache2'
+    $service_name        = 'apache2'
+    $httpd_dir           = '/etc/apache2'
+    $server_root         = '/etc/apache2'
+    $conf_dir            = $httpd_dir
+    $confd_dir           = "${httpd_dir}/conf.d"
+    $conf_enabled        = undef
+    $puppet_ssl_dir      = "${httpd_dir}/puppet_ssl"
+    $mod_dir             = "${httpd_dir}/mods-available"
+    $mod_enable_dir      = "${httpd_dir}/mods-enabled"
+    $vhost_dir           = "${httpd_dir}/sites-available"
+    $vhost_enable_dir    = "${httpd_dir}/sites-enabled"
+    $conf_file           = 'httpd.conf'
+    $ports_file          = "${conf_dir}/ports.conf"
+    $pidfile             = '/var/run/httpd2.pid'
+    $logroot             = '/var/log/apache2'
+    $logroot_mode        = undef
+    $lib_path            = '/usr/lib64/apache2' #changes for some modules based on mpm
+    $mpm_module          = 'prefork'
+    if versioncmp($::operatingsystemrelease, '15') < 0 {
+      $default_ssl_cert    = '/etc/apache2/ssl.crt/server.crt'
+      $default_ssl_key     = '/etc/apache2/ssl.key/server.key'
+      $php_version         = '5'
+    } else {
+      $default_ssl_cert    = '/etc/apache2/ssl.crt/default-server.crt'
+      $default_ssl_key     = '/etc/apache2/ssl.key/default-server.key'
+      $php_version         = '7'
+    }
+    $suphp_configpath    = "/etc/php${php_version}/apache2"
+    $ssl_sessioncache    = '/var/lib/apache2/ssl_scache(512000)'
+    $suphp_addhandler    = 'x-httpd-php'
+    $suphp_engine        = 'off'
+    if versioncmp($::operatingsystemrelease, '11') < 0 or versioncmp($::operatingsystemrelease, '12') >= 0 {
+      $mod_packages = {
+        'auth_kerb'   => 'apache2-mod_auth_kerb',
+        'auth_gssapi' => 'apache2-mod_auth_gssapi',
+        'dav_svn'     => 'subversion-server',
+        'perl'        => 'apache2-mod_perl',
+        'php5'        => 'apache2-mod_php5',
+        'php7'        => 'apache2-mod_php7',
+        'python'      => 'apache2-mod_python',
+        'security'    => 'apache2-mod_security2',
+        'worker'      => 'apache2-worker',
+      }
+    } else {
+      $mod_packages        = {
+        'auth_kerb'   => 'apache2-mod_auth_kerb',
+        'auth_gssapi' => 'apache2-mod_auth_gssapi',
+        'dav_svn'     => 'subversion-server',
+        'perl'        => 'apache2-mod_perl',
+        'php5'        => 'apache2-mod_php53',
+        'python'      => 'apache2-mod_python',
+        'security'    => 'apache2-mod_security2',
+      }
+    }
+    $mod_libs             = {
+      'security'       => '/usr/lib64/apache2/mod_security2.so',
+      'php53'          => '/usr/lib64/apache2/mod_php5.so',
+    }
+    $conf_template          = 'apache/httpd.conf.erb'
+    $http_protocol_options  = undef
+    $keepalive              = 'On'
+    $keepalive_timeout      = 15
+    $max_keepalive_requests = 100
+    $fastcgi_lib_path       = '/var/lib/apache2/fastcgi'
+    $mime_support_package = 'aaa_base'
+    $mime_types_config    = '/etc/mime.types'
+    $docroot              = '/srv/www'
+    $cas_cookie_path      = '/var/cache/apache2/mod_auth_cas/'
+    $mellon_lock_file     = undef
+    $mellon_cache_size    = undef
+    $mellon_post_directory = undef
+    $alias_icons_path     = '/usr/share/apache2/icons'
+    $error_documents_path = '/usr/share/apache2/error'
+    $dev_packages        = ['libapr-util1-devel', 'libapr1-devel', 'libcurl-devel']
+    $modsec_version       = 1
+    $modsec_crs_package   = undef
+    $modsec_crs_path      = undef
+    $modsec_default_rules = undef
+    $modsec_dir           = '/etc/apache2/modsecurity'
+    $secpcrematchlimit = 1500
+    $secpcrematchlimitrecursion = 1500
+    $modsec_secruleengine = 'On'
+    $error_log           = 'error.log'
+    $scriptalias         = '/usr/lib/cgi-bin'
+    $access_log_file     = 'access.log'
+
+    #
+    # Passenger-specific settings
+    #
+
+    $passenger_conf_file          = 'passenger.conf'
+    $passenger_conf_package_file  = undef
+
+    $passenger_root               = '/usr/lib64/ruby/gems/1.8/gems/passenger-5.0.30'
+    $passenger_ruby               = '/usr/bin/ruby'
+    $passenger_default_ruby       = '/usr/bin/ruby'
+    $wsgi_socket_prefix           = undef
+  } else {
+    fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}")
+  }
+
+  if $::operatingsystem == 'SLES' {
+    $verify_command = '/usr/sbin/apache2ctl -t'
+  } elsif $::operatingsystem == 'FreeBSD' {
+    $verify_command = '/usr/local/sbin/apachectl -t'
+  } elsif ($apache::version::scl_httpd_version) {
+    $verify_command = "/opt/rh/${_scl_httpd_name}/root/usr/sbin/apachectl -t"
+  } else {
+    $verify_command = '/usr/sbin/apachectl -t'
+  }
+
+  if $::osfamily == 'RedHat' and versioncmp($facts['operatingsystemmajrelease'], '8') >= 0 {
+    $ssl_protocol = ['all'] # Implementations of the SSLv2 and SSLv3 protocol versions have been removed from OpenSSL (and hence mod_ssl) because these are no longer considered secure. For additional documentation https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/deploying_different_types_of_servers/setting-apache-web-server_deploying-different-types-of-servers
+  } else {
+    $ssl_protocol = ['all', '-SSLv2', '-SSLv3']
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/peruser/multiplexer.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/peruser/multiplexer.pp
new file mode 100644
index 000000000..5001090c4
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/peruser/multiplexer.pp
@@ -0,0 +1,23 @@
+# @summary
+#   Checks if an Apache module has a class.
+#
+# If Apache has a class, it includes that class. If it does not, it passes the module name to the `apache::mod` defined type.
+#
+# @api private
+define apache::peruser::multiplexer (
+  $user = $apache::user,
+  $group = $apache::group,
+  $file = undef,
+) {
+  if ! $file {
+    $filename = "${name}.conf"
+  } else {
+    $filename = $file
+  }
+  file { "${apache::mod_dir}/peruser/multiplexers/${filename}":
+    ensure  => file,
+    content => "Multiplexer ${user} ${group}\n",
+    require => File["${apache::mod_dir}/peruser/multiplexers"],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/peruser/processor.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/peruser/processor.pp
new file mode 100644
index 000000000..57c26fa9f
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/peruser/processor.pp
@@ -0,0 +1,21 @@
+# @summary
+#   Enables the `Peruser` module for FreeBSD only.
+#
+# @api private
+define apache::peruser::processor (
+  $user,
+  $group,
+  $file = undef,
+) {
+  if ! $file {
+    $filename = "${name}.conf"
+  } else {
+    $filename = $file
+  }
+  file { "${apache::mod_dir}/peruser/processors/${filename}":
+    ensure  => file,
+    content => "Processor ${user} ${group}\n",
+    require => File["${apache::mod_dir}/peruser/processors"],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/php.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/php.pp
new file mode 100644
index 000000000..32999a929
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/php.pp
@@ -0,0 +1,11 @@
+# @summary
+#   This class installs PHP for Apache.
+#
+# @note 
+#    This class is deprecated.
+#
+# @api private
+class apache::php {
+  warning('apache::php is deprecated; please use apache::mod::php')
+  include apache::mod::php
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/proxy.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/proxy.pp
new file mode 100644
index 000000000..9df41958c
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/proxy.pp
@@ -0,0 +1,11 @@
+# @summary
+#   This class enabled the proxy module for Apache.
+#
+# @note
+#   This class is deprecated.
+#
+# @api private
+class apache::proxy {
+  warning('apache::proxy is deprecated; please use apache::mod::proxy')
+  include apache::mod::proxy
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/python.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/python.pp
new file mode 100644
index 000000000..586ed9e81
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/python.pp
@@ -0,0 +1,18 @@
+# @summary
+#   This class installs Python for Apache
+#
+# Parameters:
+# - $php_package
+#
+# Actions:
+#   - Install Apache Python package
+#
+# Requires:
+#
+# Sample Usage:
+#
+# @api private
+class apache::python {
+  warning('apache::python is deprecated; please use apache::mod::python')
+  include apache::mod::python
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/security/rule_link.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/security/rule_link.pp
new file mode 100644
index 000000000..a3f70b109
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/security/rule_link.pp
@@ -0,0 +1,21 @@
+# @summary
+#   Links the activated_rules from `apache::mod::security` to the respective CRS rules on disk.
+#
+# @api private
+define apache::security::rule_link () {
+  $parts = split($title, '/')
+  $filename = $parts[-1]
+
+  $target = $title ? {
+    /^\//   => $title,
+    default => "${apache::params::modsec_crs_path}/${title}",
+  }
+
+  file { $filename:
+    ensure  => 'link',
+    path    => "${apache::mod::security::modsec_dir}/activated_rules/${filename}",
+    target  => $target ,
+    require => File["${apache::mod::security::modsec_dir}/activated_rules"],
+    notify  => Class['apache::service'],
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/service.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/service.pp
new file mode 100644
index 000000000..7366e5fd3
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/service.pp
@@ -0,0 +1,36 @@
+# @summary
+#   Installs and configures Apache service.
+#
+# @api private
+class apache::service (
+  $service_name           = $apache::params::service_name,
+  Boolean $service_enable = true,
+  $service_ensure         = 'running',
+  Boolean $service_manage = true,
+  $service_restart        = undef
+) {
+  # The base class must be included first because parameter defaults depend on it
+  if ! defined(Class['apache::params']) {
+    fail('You must include the apache::params class before using any apache defined resources')
+  }
+  case $service_ensure {
+    true, false, 'running', 'stopped': {
+      $_service_ensure = $service_ensure
+    }
+    default: {
+      $_service_ensure = undef
+    }
+  }
+
+  $service_hasrestart = $service_restart == undef
+
+  if $service_manage {
+    service { 'httpd':
+      ensure     => $_service_ensure,
+      name       => $service_name,
+      enable     => $service_enable,
+      restart    => $service_restart,
+      hasrestart => $service_hasrestart,
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/ssl.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/ssl.pp
new file mode 100644
index 000000000..a241a98a2
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/ssl.pp
@@ -0,0 +1,11 @@
+# @summary
+#   This class installs Apache SSL capabilities
+#
+# @note
+#   This class is deprecated.
+#
+# @api private
+class apache::ssl {
+  warning('apache::ssl is deprecated; please use apache::mod::ssl')
+  include apache::mod::ssl
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/version.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/version.pp
new file mode 100644
index 000000000..f799db73b
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/version.pp
@@ -0,0 +1,42 @@
+# @summary
+#   Try to automatically detect the version by OS
+#
+# @api private
+class apache::version (
+  Optional[String] $scl_httpd_version = undef,
+  Optional[String] $scl_php_version   = undef,
+) {
+  case $::osfamily {
+    'RedHat': {
+      if $scl_httpd_version {
+        $default = $scl_httpd_version
+      }
+      elsif ($::operatingsystem == 'Amazon' and $::operatingsystemmajrelease == '2') {
+        $default = '2.4'
+      } elsif ($::operatingsystem == 'Fedora' and versioncmp($facts['operatingsystemmajrelease'], '18') >= 0) or ($::operatingsystem != 'Fedora' and versioncmp($facts['operatingsystemmajrelease'], '7') >= 0) {
+        $default = '2.4'
+      } else {
+        $default = '2.2'
+      }
+    }
+    'Debian': {
+      $default = '2.4'
+    }
+    'FreeBSD': {
+      $default = '2.4'
+    }
+    'Gentoo': {
+      $default = '2.4'
+    }
+    'Suse': {
+      if ($::operatingsystem == 'SLES' and versioncmp($facts['operatingsystemmajrelease'], '12') >= 0) or ($::operatingsystem == 'OpenSuSE' and versioncmp($facts['operatingsystemmajrelease'], '42') >= 0) {
+        $default = '2.4'
+      } else {
+        $default = '2.2'
+      }
+    }
+    default: {
+      fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}")
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/vhost.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/vhost.pp
new file mode 100644
index 000000000..b5604dd26
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/vhost.pp
@@ -0,0 +1,3041 @@
+# @summary
+#   Allows specialised configurations for virtual hosts that possess requirements 
+#   outside of the defaults.
+#
+# The apache module allows a lot of flexibility in the setup and configuration of virtual hosts. 
+# This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache 
+# to evaluate it multiple times with different parameters.<br />
+# The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts 
+# that have requirements outside the defaults. You can set up a default virtual host within 
+# the base `::apache` class, as well as set a customized virtual host as the default. 
+# Customized virtual hosts have a lower numeric `priority` than the base class's, causing 
+# Apache to process the customized virtual host first.<br />
+# The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To 
+# inject custom fragments for pieces of the configuration that the defined type doesn't 
+# inherently support, add a custom fragment.<br />
+# For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples 
+# of 10, so any `order` that isn't a multiple of 10 should work.<br />
+# > **Note:** When creating an `apache::vhost`, it cannot be named `default` or `default-ssl`, 
+# because vhosts with these titles are always managed by the module. This means that you cannot 
+# override `Apache::Vhost['default']`  or `Apache::Vhost['default-ssl]` resources. An optional 
+# workaround is to create a vhost named something else, such as `my default`, and ensure that the 
+# `default` and `default_ssl` vhosts are set to `false`:
+#
+# @example
+#   class { 'apache':
+#     default_vhost     => false,
+#     default_ssl_vhost => false,
+#   }
+#
+# @param apache_version
+#   Apache's version number as a string, such as '2.2' or '2.4'.
+#
+# @param access_log
+#   Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`).
+# 
+# @param access_log_env_var
+#   Specifies that only requests with particular environment variables be logged.
+# 
+# @param access_log_file
+#   Sets the filename of the `*_access.log` placed in `logroot`. Given a virtual host ---for 
+#   instance, example.com--- it defaults to 'example.com_ssl.log' for 
+#   [SSL-encrypted](https://httpd.apache.org/docs/current/ssl/index.html) virtual hosts and 
+#   `example.com_access.log` for unencrypted virtual hosts.
+# 
+# @param access_log_format
+#   Specifies the use of either a `LogFormat` nickname or a custom-formatted string for the 
+#   access log.
+# 
+# @param access_log_pipe
+#   Specifies a pipe where Apache sends access log messages.
+#
+# @param access_log_syslog
+#   Sends all access log messages to syslog.
+#
+# @param access_logs
+#   Allows you to give a hash that specifies the state of each of the `access_log_*` 
+#   directives shown above, i.e. `access_log_pipe` and `access_log_syslog`.
+# 
+# @param add_default_charset
+#   Sets a default media charset value for the `AddDefaultCharset` directive, which is 
+#   added to `text/plain` and `text/html` responses.
+# 
+# @param add_listen
+#   Determines whether the virtual host creates a `Listen` statement.<br />
+#   Setting `add_listen` to `false` prevents the virtual host from creating a `Listen` 
+#   statement. This is important when combining virtual hosts that aren't passed an `ip` 
+#   parameter with those that are.
+# 
+# @param use_optional_includes
+#   Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for 
+#   `additional_includes` in Apache 2.4 or newer.
+# 
+# @param additional_includes
+#   Specifies paths to additional static, virtual host-specific Apache configuration files. 
+#   You can use this parameter to implement a unique, custom configuration not supported by 
+#   this module.
+# 
+# @param aliases
+#   Passes a list of [hashes][hash] to the virtual host to create `Alias`, `AliasMatch`, 
+#   `ScriptAlias` or `ScriptAliasMatch` directives as per the `mod_alias` documentation.<br />
+#   For example:
+#   ``` puppet
+#   aliases => [
+#     { aliasmatch       => '^/image/(.*)\.jpg$',
+#       path             => '/files/jpg.images/$1.jpg',
+#     },
+#     { alias            => '/image',
+#       path             => '/ftp/pub/image',
+#     },
+#     { scriptaliasmatch => '^/cgi-bin(.*)',
+#       path             => '/usr/local/share/cgi-bin$1',
+#     },
+#     { scriptalias      => '/nagios/cgi-bin/',
+#       path             => '/usr/lib/nagios/cgi-bin/',
+#     },
+#     { alias            => '/nagios',
+#       path             => '/usr/share/nagios/html',
+#     },
+#   ],
+#   ```
+#   For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs 
+#   a corresponding context, such as `<Directory /path/to/directory>` or 
+#   `<Location /some/location/here>`. Puppet creates the directives in the order specified in 
+#   the `aliases` parameter. As described in the `mod_alias` documentation, add more specific 
+#   `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more 
+#   general ones to avoid shadowing.<BR />
+#   > **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because 
+#   you can precisely control the order of various alias directives. Defining `ScriptAliases` 
+#   using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after 
+#   *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` 
+#   directives. This often causes problems; for example, this could cause problems with Nagios.<BR />
+#   If `apache::mod::passenger` is loaded and `PassengerHighPerformance` is `true`, the `Alias` 
+#   directive might not be able to honor the `PassengerEnabled => off` statement. See 
+#   [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details.
+# 
+# @param allow_encoded_slashes
+#   Sets the `AllowEncodedSlashes` declaration for the virtual host, overriding the server 
+#   default. This modifies the virtual host responses to URLs with `\` and `/` characters. The 
+#   default setting omits the declaration from the server configuration and selects the 
+#   Apache default setting of `Off`.
+# 
+# @param block
+#   Specifies the list of things to which Apache blocks access. Valid options are: `scm` (which 
+#   blocks web access to `.svn`), `.git`, and `.bzr` directories.
+# 
+# @param cas_attribute_prefix
+#   Adds a header with the value of this header being the attribute values when SAML 
+#   validation is enabled.
+# 
+# @param cas_attribute_delimiter
+#   Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
+# 
+# @param cas_login_url
+#   Sets the URL to which the module redirects users when they attempt to access a 
+#   CAS-protected resource and don't have an active session.
+# 
+# @param cas_root_proxied_as
+#   Sets the URL end users see when access to this Apache server is proxied per vhost. 
+#   This URL should not include a trailing slash.
+# 
+# @param cas_scrub_request_headers
+#   Remove inbound request headers that may have special meaning within mod_auth_cas.
+# 
+# @param cas_sso_enabled
+#   Enables experimental support for single sign out (may mangle POST data).
+# 
+# @param cas_validate_saml
+#   Parse response from CAS server for SAML.
+# 
+# @param cas_validate_url
+#   Sets the URL to use when validating a client-presented ticket in an HTTP query string.
+# 
+# @param cas_cookie_path
+#   Sets the location where information on the current session should be stored. This should
+#   be writable by the web server only.
+#
+# @param comment
+#   Adds comments to the header of the configuration file. Pass as string or an array of strings.
+#   For example:
+#   ``` puppet
+#   comment => "Account number: 123B",
+#   ```
+#   Or:
+#   ``` puppet
+#   comment => [
+#     "Customer: X",
+#     "Frontend domain: x.example.org",
+#   ]
+#   ```
+# 
+# @param custom_fragment
+#   Passes a string of custom configuration directives to place at the end of the virtual 
+#   host configuration.
+# 
+# @param default_vhost
+#   Sets a given `apache::vhost` defined type as the default to serve requests that do not 
+#   match any other `apache::vhost` defined types.
+# 
+# @param directoryindex
+#   Sets the list of resources to look for when a client requests an index of the directory 
+#   by specifying a '/' at the end of the directory name. See the `DirectoryIndex` directive 
+#   documentation for details.
+# 
+# @param docroot
+#   **Required**.<br />
+#   Sets the `DocumentRoot` location, from which Apache serves files.<br />
+#   If `docroot` and `manage_docroot` are both set to `false`, no `DocumentRoot` will be set 
+#   and the accompanying `<Directory /path/to/directory>` block will not be created.
+# 
+# @param docroot_group
+#   Sets group access to the `docroot` directory.
+# 
+# @param docroot_owner
+#   Sets individual user access to the `docroot` directory.
+# 
+# @param docroot_mode
+#   Sets access permissions for the `docroot` directory, in numeric notation.
+# 
+# @param manage_docroot
+#   Determines whether Puppet manages the `docroot` directory.
+# 
+# @param error_log
+#   Specifies whether `*_error.log` directives should be configured.
+# 
+# @param error_log_file
+#   Points the virtual host's error logs to a `*_error.log` file. If this parameter is 
+#   undefined, Puppet checks for values in `error_log_pipe`, then `error_log_syslog`.<br />
+#   If none of these parameters is set, given a virtual host `example.com`, Puppet defaults 
+#   to `$logroot/example.com_error_ssl.log` for SSL virtual hosts and 
+#   `$logroot/example.com_error.log` for non-SSL virtual hosts.
+# 
+# @param error_log_pipe
+#   Specifies a pipe to send error log messages to.<br />
+#   This parameter has no effect if the `error_log_file` parameter has a value. If neither 
+#   this parameter nor `error_log_file` has a value, Puppet then checks `error_log_syslog`.
+# 
+# @param error_log_syslog
+#   Determines whether to send all error log messages to syslog.
+#   This parameter has no effect if either of the `error_log_file` or `error_log_pipe` 
+#   parameters has a value. If none of these parameters has a value, given a virtual host 
+#   `example.com`, Puppet defaults to `$logroot/example.com_error_ssl.log` for SSL virtual 
+#   hosts and `$logroot/example.com_error.log` for non-SSL virtual hosts.
+#
+# @param error_log_format
+#   Sets the [ErrorLogFormat](https://httpd.apache.org/docs/current/mod/core.html#errorlogformat)
+#   format specification for error log entries inside virtual host
+#   For example:
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     ...
+#     error_log_format => [
+#       '[%{uc}t] [%-m:%-l] [R:%L] [C:%{C}L] %7F: %E: %M',
+#       { '[%{uc}t] [R:%L] Request %k on C:%{c}L pid:%P tid:%T' => 'request' }, 
+#       { "[%{uc}t] [R:%L] UA:'%+{User-Agent}i'" => 'request' },
+#       { "[%{uc}t] [R:%L] Referer:'%+{Referer}i'" => 'request' },
+#       { '[%{uc}t] [C:%{c}L] local\ %a remote\ %A' => 'connection' },
+#     ],
+#   }
+#   ```
+# 
+# @param error_documents
+#   A list of hashes which can be used to override the 
+#   [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) 
+#   settings for this virtual host.<br />
+#   For example:
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     error_documents => [
+#       { 'error_code' => '503', 'document' => '/service-unavail' },
+#       { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },
+#     ],
+#   }
+#   ```
+# 
+# @param ensure
+#   Specifies if the virtual host is present or absent.<br />
+# 
+# @param fallbackresource
+#   Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) 
+#   directive, which specifies an action to take for any URL that doesn't map to anything in 
+#   your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin 
+#   with a `/` or be `disabled`.
+# 
+# @param fastcgi_server
+#   Specify an external FastCGI server to manage a connection to.
+# 
+# @param fastcgi_socket
+#   Specify the socket that will be used to communicate with an external FastCGI server.
+# 
+# @param fastcgi_idle_timeout
+#   If using fastcgi, this option sets the timeout for the server to respond.
+# 
+# @param fastcgi_dir
+#   Specify an internal FastCGI directory that is to be managed.
+# 
+# @param filters
+#   [Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart, 
+#   context-sensitive configuration of output content filters.
+#   ``` puppet
+#   apache::vhost { "$::fqdn":
+#     filters => [
+#       'FilterDeclare   COMPRESS',
+#       'FilterProvider  COMPRESS DEFLATE resp=Content-Type $text/html',
+#       'FilterChain     COMPRESS',
+#       'FilterProtocol  COMPRESS DEFLATE change=yes;byteranges=no',
+#     ],
+#   }
+#   ```
+# 
+# @param h2_copy_files
+#   Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles)
+#   directive which influences how the requestion process pass files to the main connection.
+# 
+# @param h2_direct
+#   Sets the [H2Direct](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2direct)
+#   directive which toggles the usage of the HTTP/2 Direct Mode.
+# 
+# @param h2_early_hints
+#   Sets the [H2EarlyHints](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2earlyhints)
+#   directive which controls if HTTP status 103 interim responses are forwarded to
+#   the client or not.
+# 
+# @param h2_max_session_streams
+#   Sets the [H2MaxSessionStreams](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2maxsessionstreams)
+#   directive which sets the maximum number of active streams per HTTP/2 session
+#   that the server allows.
+# 
+# @param h2_modern_tls_only
+#   Sets the [H2ModernTLSOnly](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2moderntlsonly)
+#   directive which toggles the security checks on HTTP/2 connections in TLS mode.
+# 
+# @param h2_push
+#   Sets the [H2Push](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2push)
+#   directive which toggles the usage of the HTTP/2 server push protocol feature.
+# 
+# @param h2_push_diary_size
+#   Sets the [H2PushDiarySize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushdiarysize)
+#   directive which toggles the maximum number of HTTP/2 server pushes that are
+#   remembered per HTTP/2 connection.
+# 
+# @param h2_push_priority
+#   Sets the [H2PushPriority](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushpriority)
+#   directive which defines the priority handling of pushed responses based on the
+#   content-type of the response.
+# 
+# @param h2_push_resource
+#   Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource)
+#   directive which declares resources for early pushing to the client.
+# 
+# @param h2_serialize_headers
+#   Sets the [H2SerializeHeaders](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2serializeheaders)
+#   directive which toggles if HTTP/2 requests are serialized in HTTP/1.1
+#   format for processing by httpd core.
+# 
+# @param h2_stream_max_mem_size
+#   Sets the [H2StreamMaxMemSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2streammaxmemsize)
+#   directive which sets the maximum number of outgoing data bytes buffered in
+#   memory for an active stream.
+# 
+# @param h2_tls_cool_down_secs
+#   Sets the [H2TLSCoolDownSecs](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlscooldownsecs)
+#   directive which sets the number of seconds of idle time on a TLS connection
+#   before the TLS write size falls back to a small (~1300 bytes) length.
+# 
+# @param h2_tls_warm_up_size
+#   Sets the [H2TLSWarmUpSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlswarmupsize)
+#   directive which sets the number of bytes to be sent in small TLS records (~1300
+#   bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections.
+# 
+# @param h2_upgrade
+#   Sets the [H2Upgrade](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2upgrade)
+#   directive which toggles the usage of the HTTP/1.1 Upgrade method for switching
+#   to HTTP/2.
+# 
+# @param h2_window_size
+#   Sets the [H2WindowSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2windowsize)
+#   directive which sets the size of the window that is used for flow control from
+#   client to server and limits the amount of data the server has to buffer.
+# 
+# @param headers
+#   Adds lines to replace, merge, or remove response headers. See 
+#   [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information.
+# 
+# @param ip
+#   Sets the IP address the virtual host listens on. By default, uses Apache's default behavior 
+#   of listening on all IPs.
+# 
+# @param ip_based
+#   Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual 
+#   host. This parameter inhibits the creation of a NameVirtualHost directive, since those are 
+#   used to funnel requests to name-based virtual hosts.
+# 
+# @param itk
+#   Configures [ITK](http://mpm-itk.sesse.net/) in a hash.<br />
+#   Usage typically looks something like:
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     docroot => '/path/to/directory',
+#     itk     => {
+#       user  => 'someuser',
+#       group => 'somegroup',
+#     },
+#   }
+#   ```
+#   Valid values are: a hash, which can include the keys:
+#   * `user` + `group`
+#   * `assignuseridexpr`
+#   * `assigngroupidexpr`
+#   * `maxclientvhost`
+#   * `nice`
+#   * `limituidrange` (Linux 3.5.0 or newer)
+#   * `limitgidrange` (Linux 3.5.0 or newer)
+# 
+# @param action
+#   Specifies whether you wish to configure mod_actions action directive which will
+#   activate cgi-script when triggered by a request.
+# 
+# @param jk_mounts
+#   Sets up a virtual host with `JkMount` and `JkUnMount` directives to handle the paths 
+#   for URL mapping between Tomcat and Apache.<br />
+#   The parameter must be an array of hashes where each hash must contain the `worker` 
+#   and either the `mount` or `unmount` keys.<br />
+#   Usage typically looks like:
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     jk_mounts => [
+#       { mount   => '/*',     worker => 'tcnode1', },
+#       { unmount => '/*.jpg', worker => 'tcnode1', },
+#     ],
+#   }
+#   ```
+# 
+# @param http_protocol_options
+#   Specifies the strictness of HTTP protocol checks.
+# 
+# @param keepalive
+#   Determines whether to enable persistent HTTP connections with the `KeepAlive` directive 
+#   for the virtual host. By default, the global, server-wide `KeepAlive` setting is in effect.<br />
+#   Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options 
+#   for the virtual host.
+# 
+# @param keepalive_timeout
+#   Sets the `KeepAliveTimeout` directive for the virtual host, which determines the amount 
+#   of time to wait for subsequent requests on a persistent HTTP connection. By default, the 
+#   global, server-wide `KeepAlive` setting is in effect.<br />
+#   This parameter is only relevant if either the global, server-wide `keepalive` parameter or 
+#   the per-vhost `keepalive` parameter is enabled.
+# 
+# @param max_keepalive_requests
+#   Limits the number of requests allowed per connection to the virtual host. By default,  
+#   the global, server-wide `KeepAlive` setting is in effect.<br />
+#   This parameter is only relevant if either the global, server-wide `keepalive` parameter or 
+#   the per-vhost `keepalive` parameter is enabled.
+# 
+# @param auth_kerb
+#   Enable `mod_auth_kerb` parameters for a virtual host.<br />
+#   Usage typically looks like:
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     auth_kerb              => `true`,
+#     krb_method_negotiate   => 'on',
+#     krb_auth_realms        => ['EXAMPLE.ORG'],
+#     krb_local_user_mapping => 'on',
+#     directories            => {
+#       path         => '/var/www/html',
+#       auth_name    => 'Kerberos Login',
+#       auth_type    => 'Kerberos',
+#       auth_require => 'valid-user',
+#     },
+#   }
+#   ```
+# 
+# @param krb_method_negotiate
+#   Determines whether to use the Negotiate method.
+# 
+# @param krb_method_k5passwd
+#   Determines whether to use password-based authentication for Kerberos v5.
+# 
+# @param krb_authoritative
+#   If set to `off`, authentication controls can be passed on to another module.
+# 
+# @param krb_auth_realms
+#   Specifies an array of Kerberos realms to use for authentication.
+# 
+# @param krb_5keytab
+#   Specifies the Kerberos v5 keytab file's location.
+# 
+# @param krb_local_user_mapping
+#   Strips @REALM from usernames for further use.
+# 
+# @param krb_verify_kdc
+#   This option can be used to disable the verification tickets against local keytab to prevent 
+#   KDC spoofing attacks.
+# 
+# @param krb_servicename
+#   Specifies the service name that will be used by Apache for authentication. Corresponding 
+#   key of this name must be stored in the keytab.
+# 
+# @param krb_save_credentials
+#   This option enables credential saving functionality.
+# 
+# @param logroot
+#   Specifies the location of the virtual host's logfiles.
+# 
+# @param logroot_ensure
+#   Determines whether or not to remove the logroot directory for a virtual host.
+# 
+# @param logroot_mode
+#   Overrides the mode the logroot directory is set to. Do *not* grant write access to the 
+#   directory the logs are stored in without being aware of the consequences; for more 
+#   information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security).
+# 
+# @param logroot_owner
+#   Sets individual user access to the logroot directory.
+# 
+# @param logroot_group
+#   Sets group access to the `logroot` directory.
+# 
+# @param log_level
+#   Specifies the verbosity of the error log.
+# 
+# @param modsec_body_limit
+#   Configures the maximum request body size (in bytes) ModSecurity accepts for buffering.
+# 
+# @param modsec_disable_vhost
+#   Disables `mod_security` on a virtual host. Only valid if `apache::mod::security` is included.
+# 
+# @param modsec_disable_ids
+#   Removes `mod_security` IDs from the virtual host.<br />
+#   Also takes a hash allowing removal of an ID from a specific location.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     modsec_disable_ids => [ 90015, 90016 ],
+#   }
+#   ```
+# 
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     modsec_disable_ids => { '/location1' => [ 90015, 90016 ] },
+#   }
+#   ```
+# 
+# @param modsec_disable_ips
+#   Specifies an array of IP addresses to exclude from `mod_security` rule matching.
+# 
+# @param modsec_disable_msgs
+#   Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing 
+#   removal of an Msg from a specific location.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'],
+#   }
+#   ```
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] },
+#   }
+#   ```
+# 
+# @param modsec_disable_tags
+#   Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing 
+#   removal of an Tag from a specific location.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'],
+#   }
+#   ```
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] },
+#   }
+#   ```
+# 
+# @param modsec_audit_log_file
+#   If set, it is relative to `logroot`.<br />
+#   One of the parameters that determines how to send `mod_security` audit 
+#   log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
+#   If none of those parameters are set, the global audit log is used 
+#   (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
+# 
+# @param modsec_audit_log_pipe
+#   If `modsec_audit_log_pipe` is set, it should start with a pipe. Example 
+#   `|/path/to/mlogc /path/to/mlogc.conf`.<br />
+#   One of the parameters that determines how to send `mod_security` audit 
+#   log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
+#   If none of those parameters are set, the global audit log is used 
+#   (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
+# 
+# @param modsec_audit_log
+#   If `modsec_audit_log` is `true`, given a virtual host ---for instance, example.com--- it 
+#   defaults to `example.com\_security\_ssl.log` for SSL-encrypted virtual hosts 
+#   and `example.com\_security.log` for unencrypted virtual hosts.<br />
+#   One of the parameters that determines how to send `mod_security` audit 
+#   log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).<br />
+#   If none of those parameters are set, the global audit log is used 
+#   (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
+# 
+# @param no_proxy_uris
+#   Specifies URLs you do not want to proxy. This parameter is meant to be used in combination 
+#   with [`proxy_dest`](#proxy_dest).
+# 
+# @param no_proxy_uris_match
+#   This directive is equivalent to `no_proxy_uris`, but takes regular expressions.
+# 
+# @param proxy_preserve_host
+#   Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost).<br />
+#   Setting this parameter to `true` enables the `Host:` line from an incoming request to be 
+#   proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'.
+# 
+# @param proxy_add_headers
+#   Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders).<br />
+#   This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For, 
+#   X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server.
+# 
+# @param proxy_error_override
+#   Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). 
+#   This directive controls whether Apache should override error pages for proxied content.
+# 
+# @param options
+#   Sets the `Options` for the specified virtual host. For example:
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     ...
+#     options => ['Indexes','FollowSymLinks','MultiViews'],
+#   }
+#   ```
+#   > **Note**: If you use the `directories` parameter of `apache::vhost`, 'Options', 
+#   'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`.
+# 
+# @param override
+#   Sets the overrides for the specified virtual host. Accepts an array of 
+#   [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments.
+#
+# @param passenger_enabled
+#   Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) 
+#   directive to `on` or `off`. Requires `apache::mod::passenger` to be included.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     docroot     => '/path/to/directory',
+#     directories => [
+#       { path              => '/path/to/directory',
+#         passenger_enabled => 'on',
+#       },
+#     ],
+#   }
+#   ```
+#   > **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) 
+#   using the PassengerEnabled directive with the PassengerHighPerformance directive.
+# 
+# @param passenger_base_uri
+#   Sets [PassengerBaseURI](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbase_rui),
+#    to specify that the given URI is a distinct application served by Passenger.
+# 
+# @param passenger_ruby
+#   Sets [PassengerRuby](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerruby),
+#   specifying the Ruby interpreter to use when serving the relevant web applications.
+# 
+# @param passenger_python
+#   Sets [PassengerPython](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerpython),
+#   specifying the Python interpreter to use when serving the relevant web applications.
+# 
+# @param passenger_nodejs
+#   Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengernodejs),
+#   specifying Node.js command to use when serving the relevant web applications.
+# 
+# @param passenger_meteor_app_settings
+#   Sets [PassengerMeteorAppSettings](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermeteorappsettings),
+#   specifying a JSON file with settings for the application when using a Meteor 
+#   application in non-bundled mode.
+# 
+# @param passenger_app_env
+#   Sets [PassengerAppEnv](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappenv),
+#   the environment for the Passenger application. If not specified, defaults to the global 
+#   setting or 'production'.
+# 
+# @param passenger_app_root
+#   Sets [PassengerRoot](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapproot),
+#   the location of the Passenger application root if different from the DocumentRoot.
+# 
+# @param passenger_app_group_name
+#   Sets [PassengerAppGroupName](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappgroupname),
+#    the name of the application group that the current application should belong to.
+# 
+# @param passenger_app_start_command
+#   Sets [PassengerAppStartCommand](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappstartcommand),
+#    how Passenger should start your app on a specific port.
+#
+# @param passenger_app_type
+#   Sets [PassengerAppType](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapptype),
+#    to force Passenger to recognize the application as a specific type.
+# 
+# @param passenger_startup_file
+#   Sets the [PassengerStartupFile](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstartupfile),
+#   path. This path is relative to the application root.
+# 
+# @param passenger_restart_dir
+#   Sets the [PassengerRestartDir](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerrestartdir),
+#    to customize the directory in which `restart.txt` is searched for.
+# 
+# @param passenger_spawn_method
+#   Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerspawnmethod),
+#   whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.
+# 
+# @param passenger_load_shell_envvars
+#   Sets [PassengerLoadShellEnvvars](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerloadshellenvvars),
+#   to enable or disable the loading of shell environment variables before spawning the application.
+# 
+# @param passenger_rolling_restarts
+#   Sets [PassengerRollingRestarts](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerrollingrestarts),
+#   to enable or disable support for zero-downtime application restarts through `restart.txt`.
+# 
+# @param passenger_resist_deployment_errors
+#   Sets [PassengerResistDeploymentErrors](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerresistdeploymenterrors),
+#   to enable or disable resistance against deployment errors.
+# 
+# @param passenger_user
+#   Sets [PassengerUser](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengeruser),
+#   the running user for sandboxing applications.
+# 
+# @param passenger_group
+#   Sets [PassengerGroup](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengergroup),
+#   the running group for sandboxing applications.
+# 
+# @param passenger_friendly_error_pages
+#   Sets [PassengerFriendlyErrorPages](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerfriendlyerrorpages),
+#   which can display friendly error pages whenever an application fails to start. This 
+#   friendly error page presents the startup error message, some suggestions for solving 
+#   the problem, a backtrace and a dump of the environment variables.
+# 
+# @param passenger_min_instances
+#   Sets [PassengerMinInstances](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermininstances),
+#   the minimum number of application processes to run.
+# 
+# @param passenger_max_instances
+#   Sets [PassengerMaxInstances](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxinstances),
+#   the maximum number of application processes to run.
+# 
+# @param passenger_max_preloader_idle_time
+#   Sets [PassengerMaxPreloaderIdleTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxpreloaderidletime),
+#   the maximum amount of time the preloader waits before shutting down an idle process.
+# 
+# @param passenger_force_max_concurrent_requests_per_process
+#   Sets [PassengerForceMaxConcurrentRequestsPerProcess](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerforcemaxconcurrentrequestsperprocess),
+#   the maximum amount of concurrent requests the application can handle per process.
+# 
+# @param passenger_start_timeout
+#   Sets [PassengerStartTimeout](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstarttimeout),
+#   the timeout for the application startup.
+# 
+# @param passenger_concurrency_model
+#   Sets [PassengerConcurrencyModel](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerconcurrencyodel),
+#   to specify the I/O concurrency model that should be used for Ruby application processes. 
+#   Passenger supports two concurrency models:<br />
+#   * `process` - single-threaded, multi-processed I/O concurrency.
+#   * `thread` - multi-threaded, multi-processed I/O concurrency.
+# 
+# @param passenger_thread_count
+#   Sets [PassengerThreadCount](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerthreadcount),
+#   the number of threads that Passenger should spawn per Ruby application process.<br />
+#   This option only has effect if PassengerConcurrencyModel is `thread`.
+# 
+# @param passenger_max_requests
+#   Sets [PassengerMaxRequests](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequests),
+#   the maximum number of requests an application process will process.
+# 
+# @param passenger_max_request_time
+#   Sets [PassengerMaxRequestTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequesttime),
+#   the maximum amount of time, in seconds, that an application process may take to 
+#   process a request.
+# 
+# @param passenger_memory_limit
+#   Sets [PassengerMemoryLimit](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermemorylimit),
+#   the maximum amount of memory that an application process may use, in megabytes.
+# 
+# @param passenger_stat_throttle_rate
+#   Sets [PassengerStatThrottleRate](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstatthrottlerate),
+#   to set a limit, in seconds, on how often Passenger will perform it's filesystem checks.
+# 
+# @param passenger_pre_start
+#   Sets [PassengerPreStart](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerprestart),
+#   the URL of the application if pre-starting is required.
+# 
+# @param passenger_high_performance
+#   Sets [PassengerHighPerformance](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerhighperformance),
+#   to enhance performance in return for reduced compatibility.
+# 
+# @param passenger_buffer_upload
+#   Sets [PassengerBufferUpload](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbufferupload),
+#   to buffer HTTP client request bodies before they are sent to the application.
+# 
+# @param passenger_buffer_response
+#   Sets [PassengerBufferResponse](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbufferresponse),
+#   to buffer Happlication-generated responses.
+# 
+# @param passenger_error_override
+#   Sets [PassengerErrorOverride](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengererroroverride),
+#   to specify whether Apache will intercept and handle response with HTTP status codes of
+#   400 and higher.
+# 
+# @param passenger_max_request_queue_size
+#   Sets [PassengerMaxRequestQueueSize](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequestqueuesize),
+#   to specify the maximum amount of requests that are allowed to queue whenever the maximum
+#   concurrent request limit is reached. If the queue is already at this specified limit, then 
+#   Passenger immediately sends a "503 Service Unavailable" error to any incoming requests.<br />
+#   A value of 0 means that the queue size is unbounded.
+# 
+# @param passenger_max_request_queue_time
+#   Sets [PassengerMaxRequestQueueTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequestqueuetime),
+#   to specify the maximum amount of time that requests are allowed to stay in the queue 
+#   whenever the maximum concurrent request limit is reached. If a request reaches this specified 
+#   limit, then Passenger immeaditly sends a "504 Gateway Timeout" error for that request.<br />
+#   A value of 0 means that the queue time is unbounded.
+# 
+# @param passenger_sticky_sessions
+#   Sets [PassengerStickySessions](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessions),
+#   to specify that, whenever possible, all requests sent by a client will be routed to the same 
+#   originating application process.
+# 
+# @param passenger_sticky_sessions_cookie_name
+#   Sets [PassengerStickySessionsCookieName](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessionscookiename),
+#   to specify the name of the sticky sessions cookie.
+#
+# @param passenger_sticky_sessions_cookie_attributes
+#   Sets [PassengerStickySessionsCookieAttributes](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessionscookieattributes),
+#   the attributes of the sticky sessions cookie.
+# 
+# @param passenger_allow_encoded_slashes
+#   Sets [PassengerAllowEncodedSlashes](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerallowencodedslashes),
+#   to allow URLs with encoded slashes. Please note that this feature will not work properly
+#   unless Apache's `AllowEncodedSlashes` is also enabled.
+# 
+# @param passenger_app_log_file
+#   Sets [PassengerAppLogFile](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapplogfile),
+#   app specific messages logged to a different file in addition to Passenger log file.
+#
+# @param passenger_debugger
+#   Sets [PassengerDebugger](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerdebugger),
+#   to turn support for Ruby application debugging on or off. 
+# 
+# @param passenger_lve_min_uid
+#   Sets [PassengerLveMinUid](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerlveminuid),
+#   to only allow the spawning of application processes with UIDs equal to, or higher than, this 
+#   specified value on LVE-enabled kernels.
+# 
+# @param php_values
+#   Allows per-virtual host setting [`php_value`s](http://php.net/manual/en/configuration.changes.php). 
+#   These flags or values can be overwritten by a user or an application.
+#   Within a vhost declaration:
+#   ``` puppet
+#     php_values    => [ 'include_path ".:/usr/local/example-app/include"' ],
+#   ```
+#
+# @param php_flags
+#   Allows per-virtual host setting [`php_flags\``](http://php.net/manual/en/configuration.changes.php). 
+#   These flags or values can be overwritten by a user or an application.
+#
+# @param php_admin_values
+#   Allows per-virtual host setting [`php_admin_value`](http://php.net/manual/en/configuration.changes.php). 
+#   These flags or values cannot be overwritten by a user or an application.
+#
+# @param php_admin_flags
+#   Allows per-virtual host setting [`php_admin_flag`](http://php.net/manual/en/configuration.changes.php). 
+#   These flags or values cannot be overwritten by a user or an application.
+#
+# @param port
+#   Sets the port the host is configured on. The module's defaults ensure the host listens 
+#   on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only 
+#   listens on the port set in this parameter.
+#
+# @param priority
+#   Sets the relative load-order for Apache HTTPD VirtualHost configuration files.<br />
+#   If nothing matches the priority, the first name-based virtual host is used. Likewise, 
+#   passing a higher priority causes the alphabetically first name-based virtual host to be 
+#   used if no other names match.<br />
+#   > **Note:** You should not need to use this parameter. However, if you do use it, be 
+#   aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'.<br />
+#   To omit the priority prefix in file names, pass a priority of `false`.
+#
+# @param protocols
+#   Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols) 
+#   directive, which lists available protocols for the virutal host.
+#
+# @param protocols_honor_order
+#   Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder) 
+#   directive which determines wether the order of Protocols sets precedence during negotiation.
+#
+# @param proxy_dest
+#   Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration.
+#
+# @param proxy_pass
+#   Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) 
+#   configuration. Optionally, parameters can be added as an array.
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     ...
+#     proxy_pass => [
+#       { 'path' => '/a', 'url' => 'http://backend-a/' },
+#       { 'path' => '/b', 'url' => 'http://backend-b/' },
+#       { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}},
+#       { 'path' => '/l', 'url' => 'http://backend-xy',
+#         'reverse_urls' => ['http://backend-x', 'http://backend-y'] },
+#       { 'path' => '/d', 'url' => 'http://backend-a/d',
+#         'params' => { 'retry' => '0', 'timeout' => '5' }, },
+#       { 'path' => '/e', 'url' => 'http://backend-a/e',
+#         'keywords' => ['nocanon', 'interpolate'] },
+#       { 'path' => '/f', 'url' => 'http://backend-f/',
+#         'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']},
+#       { 'path' => '/g', 'url' => 'http://backend-g/',
+#         'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], },
+#       { 'path' => '/h', 'url' => 'http://backend-h/h',
+#         'no_proxy_uris' => ['/h/admin', '/h/server-status'] },
+#     ],
+#   }
+#   ```
+#   * `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string.
+#   * `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`.
+#   * `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings.
+#   * `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array.
+#
+# @param proxy_dest_match
+#   This directive is equivalent to `proxy_dest`, but takes regular expressions, see 
+#   [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) 
+#   for details.
+#
+# @param proxy_dest_reverse_match
+#   Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See 
+#   [ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) 
+#   for details.
+#
+# @param proxy_pass_match
+#   This directive is equivalent to `proxy_pass`, but takes regular expressions, see 
+#   [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) 
+#   for details.
+#
+# @param redirect_dest
+#   Specifies the address to redirect to.
+#
+# @param redirect_source
+#   Specifies the source URIs that redirect to the destination specified in `redirect_dest`. 
+#   If more than one item for redirect is supplied, the source and destination must be the same 
+#   length, and the items are order-dependent.
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     ...
+#     redirect_source => ['/images','/downloads'],
+#     redirect_dest   => ['http://img.example.com/','http://downloads.example.com/'],
+#   }
+#   ```
+#
+# @param redirect_status
+#   Specifies the status to append to the redirect.
+#   ``` puppet
+#     apache::vhost { 'site.name.fdqn':
+#     ...
+#     redirect_status => ['temp','permanent'],
+#   }
+#   ```
+#
+# @param redirectmatch_regexp
+#   Determines which server status should be raised for a given regular expression 
+#   and where to forward the user to. Entered as an array alongside redirectmatch_status 
+#   and redirectmatch_dest.
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     ...
+#     redirectmatch_status => ['404','404'],
+#     redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
+#     redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
+#   }
+#   ```
+#
+# @param redirectmatch_status
+#   Determines which server status should be raised for a given regular expression 
+#   and where to forward the user to. Entered as an array alongside redirectmatch_regexp 
+#   and redirectmatch_dest.
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     ...
+#     redirectmatch_status => ['404','404'],
+#     redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
+#     redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
+#   }
+#   ```
+#
+# @param redirectmatch_dest
+#   Determines which server status should be raised for a given regular expression 
+#   and where to forward the user to. Entered as an array alongside redirectmatch_status 
+#   and redirectmatch_regexp.
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     ...
+#     redirectmatch_status => ['404','404'],
+#     redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
+#     redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
+#   }
+#   ```
+#
+# @param request_headers
+#   Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) 
+#   in various ways, including adding additional request headers, removing request headers, 
+#   and so on.
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     ...
+#     request_headers => [
+#       'append MirrorID "mirror 12"',
+#       'unset MirrorID',
+#     ],
+#   }
+#   ```
+#
+# @param rewrites
+#   Creates URL rewrite rules. Expects an array of hashes.<br />
+#   Valid Hash keys include `comment`, `rewrite_base`, `rewrite_cond`, `rewrite_rule`
+#   or `rewrite_map`.<br />
+#   For example, you can specify that anyone trying to access index.html is served welcome.html
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     ...
+#     rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ]
+#   }
+#   ```
+#   The parameter allows rewrite conditions that, when `true`, execute the associated rule. 
+#   For instance, if you wanted to rewrite URLs only if the visitor is using IE
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     ...
+#     rewrites => [
+#       {
+#         comment      => 'redirect IE',
+#         rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
+#         rewrite_rule => ['^index\.html$ welcome.html'],
+#       },
+#     ],
+#   }
+#   ```
+#   You can also apply multiple conditions. For instance, rewrite index.html to welcome.html 
+#   only when the browser is Lynx or Mozilla (version 1 or 2)
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     ...
+#     rewrites => [
+#       {
+#         comment      => 'Lynx or Mozilla v1/2',
+#         rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
+#         rewrite_rule => ['^index\.html$ welcome.html'],
+#       },
+#     ],
+#   }
+#   ```
+#   Multiple rewrites and conditions are also possible
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     ...
+#     rewrites => [
+#       {
+#         comment      => 'Lynx or Mozilla v1/2',
+#         rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
+#         rewrite_rule => ['^index\.html$ welcome.html'],
+#       },
+#       {
+#         comment      => 'Internet Explorer',
+#         rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
+#         rewrite_rule => ['^index\.html$ /index.IE.html [L]'],
+#       },
+#       {
+#         rewrite_base => /apps/,
+#         rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'],
+#       },
+#       { comment      => 'Rewrite to lower case',
+#         rewrite_cond => ['%{REQUEST_URI} [A-Z]'],
+#         rewrite_map  => ['lc int:tolower'],
+#         rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'],
+#       },
+#     ],
+#   }
+#   ```
+#   Refer to the [`mod_rewrite` documentation](https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html)
+#   for more details on what is possible with rewrite rules and conditions.<br />
+#   > **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` 
+#   and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather 
+#   than setting the rewrites in the virtual host's directories.
+#
+# @param rewrite_base
+#   The parameter [`rewrite_base`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase)
+#   specifies the URL prefix to be used for per-directory (htaccess) RewriteRule directives
+#   that substitue a relative path.
+# 
+# @param rewrite_rule
+#   The parameter [`rewrite_rile`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule)
+#   allows the user to define the rules that will be used by the rewrite engine.
+# 
+# @param rewrite_cond
+#   The parameter [`rewrite_cond`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond)
+#   defines a rule condition, that when satisfied will implement that rule within the 
+#   rewrite engine.
+#
+# @param rewrite_inherit
+#   Determines whether the virtual host inherits global rewrite rules.<br />
+#   Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or 
+#   inside the virtual host `.conf` file. By default, virtual hosts do not inherit 
+#   global settings. To activate inheritance, specify the `rewrites` parameter and set 
+#   `rewrite_inherit` parameter to `true`:
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     ...
+#     rewrites => [
+#       <rules>,
+#     ],
+#     rewrite_inherit => `true`,
+#   }
+#   ```
+#   > **Note**: The `rewrites` parameter is **required** for this to have effect<br />
+#   Apache activates global `Rewrite` rules inheritance if the virtual host files contains 
+#   the following directives:
+#   ``` ApacheConf
+#   RewriteEngine On
+#   RewriteOptions Inherit
+#   ```
+#   Refer to the official [`mod_rewrite`](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html)
+#   documentation, section "Rewriting in Virtual Hosts".
+#
+# @param scriptalias
+#   Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as 
+#   '/usr/scripts'.
+#
+# @param scriptaliases
+#   > **Note**: This parameter is deprecated in favor of the `aliases` parameter.<br />
+#   Passes an array of hashes to the virtual host to create either ScriptAlias or 
+#   ScriptAliasMatch statements per the `mod_alias` documentation.
+#   ``` puppet
+#   scriptaliases => [
+#     {
+#       alias => '/myscript',
+#       path  => '/usr/share/myscript',
+#     },
+#     {
+#       aliasmatch => '^/foo(.*)',
+#       path       => '/usr/share/fooscripts$1',
+#     },
+#     {
+#       aliasmatch => '^/bar/(.*)',
+#       path       => '/usr/share/bar/wrapper.sh/$1',
+#     },
+#     {
+#       alias => '/neatscript',
+#       path  => '/usr/share/neatscript',
+#     },
+#   ]
+#   ```
+#   The ScriptAlias and ScriptAliasMatch directives are created in the order specified. 
+#   As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases 
+#   before more general ones to avoid shadowing.
+#
+# @param serveradmin
+#   Specifies the email address Apache displays when it renders one of its error pages.
+#
+# @param serveraliases
+#   Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias) 
+#   of the site.
+#
+# @param servername
+#   Sets the servername corresponding to the hostname you connect to the virtual host at.
+#
+# @param setenv
+#   Used by HTTPD to set environment variables for virtual hosts.<br />
+#   Example:
+#   ``` puppet
+#   apache::vhost { 'setenv.example.com':
+#     setenv => ['SPECIAL_PATH /foo/bin'],
+#   }
+#   ```
+#
+# @param setenvif
+#   Used by HTTPD to conditionally set environment variables for virtual hosts.
+#
+# @param setenvifnocase
+#   Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching).
+#
+# @param suexec_user_group
+#   Allows the spcification of user and group execution privileges for CGI programs through
+#   inclusion of the `mod_suexec` module.
+# 
+# @param suphp_addhandler
+#   Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
+#   working together with suphp_configpath and suphp_engine.<br />
+#   An example virtual host configuration with suPHP:
+#   ``` puppet
+#   apache::vhost { 'suphp.example.com':
+#     port             => '80',
+#     docroot          => '/home/appuser/myphpapp',
+#     suphp_addhandler => 'x-httpd-php',
+#     suphp_engine     => 'on',
+#     suphp_configpath => '/etc/php5/apache2',
+#     directories      => { path => '/home/appuser/myphpapp',
+#       'suphp'        => { user => 'myappuser', group => 'myappgroup' },
+#     }
+#   }
+#   ```
+#
+# @param suphp_configpath
+#   Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
+#   working together with suphp_addhandler and suphp_engine.<br />
+#   An example virtual host configuration with suPHP:
+#   ``` puppet
+#   apache::vhost { 'suphp.example.com':
+#     port             => '80',
+#     docroot          => '/home/appuser/myphpapp',
+#     suphp_addhandler => 'x-httpd-php',
+#     suphp_engine     => 'on',
+#     suphp_configpath => '/etc/php5/apache2',
+#     directories      => { path => '/home/appuser/myphpapp',
+#       'suphp'        => { user => 'myappuser', group => 'myappgroup' },
+#     }
+#   }
+#   ```
+#
+# @param suphp_engine
+#   Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
+#   working together with suphp_configpath and suphp_addhandler.<br />
+#   An example virtual host configuration with suPHP:
+#   ``` puppet
+#   apache::vhost { 'suphp.example.com':
+#     port             => '80',
+#     docroot          => '/home/appuser/myphpapp',
+#     suphp_addhandler => 'x-httpd-php',
+#     suphp_engine     => 'on',
+#     suphp_configpath => '/etc/php5/apache2',
+#     directories      => { path => '/home/appuser/myphpapp',
+#       'suphp'        => { user => 'myappuser', group => 'myappgroup' },
+#     }
+#   }
+#   ```
+#
+# @param vhost_name
+#   Enables name-based virtual hosting. If no IP is passed to the virtual host, but the 
+#   virtual host is assigned a port, then the virtual host name is `vhost_name:port`. 
+#   If the virtual host has no assigned IP or port, the virtual host name is set to the 
+#   title of the resource.
+#
+# @param virtual_docroot
+#   Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the 
+#   same name. For example, `http://example.com` would map to `/var/www/example.com`.
+#   Note that the `DocumentRoot` directive will not be present even though there is a value
+#   set for `docroot` in the manifest. See [`virtual_use_default_docroot`](#virtual_use_default_docroot) to change this behavior.
+#   ``` puppet
+#   apache::vhost { 'subdomain.loc':
+#     vhost_name      => '*',
+#     port            => '80',
+#     virtual_docroot => '/var/www/%-2+',
+#     docroot         => '/var/www',
+#     serveraliases   => ['*.loc',],
+#   }
+#   ```
+# 
+# @param virtual_use_default_docroot
+#   By default, when using `virtual_docroot`, the value of `docroot` is ignored. Setting this
+#   to `true` will mean both directives will be added to the configuration.
+#   ``` puppet
+#   apache::vhost { 'subdomain.loc':
+#     vhost_name                  => '*',
+#     port                        => '80',
+#     virtual_docroot             => '/var/www/%-2+',
+#     docroot                     => '/var/www',
+#     virtual_use_default_docroot => true,
+#     serveraliases               => ['*.loc',],
+#   }
+#   ```
+#
+# @param wsgi_daemon_process
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process_options, wsgi_process_group, 
+#   wsgi_script_aliases and wsgi_pass_authorization.<br />
+#   A hash that sets the name of the WSGI daemon, accepting 
+#   [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html).<br />
+#   An example virtual host configuration with WSGI:
+#   ``` puppet
+#   apache::vhost { 'wsgi.example.com':
+#     port                        => '80',
+#     docroot                     => '/var/www/pythonapp',
+#     wsgi_daemon_process         => 'wsgi',
+#     wsgi_daemon_process_options =>
+#       { processes    => '2',
+#         threads      => '15',
+#         display-name => '%{GROUP}',
+#       },
+#     wsgi_process_group          => 'wsgi',
+#     wsgi_script_aliases         => { '/' => '/var/www/demo.wsgi' },
+#     wsgi_chunked_request        => 'On',
+#   }
+#   ```
+#
+# @param wsgi_daemon_process_options
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_process_group, 
+#   wsgi_script_aliases and wsgi_pass_authorization.<br />
+#   Sets the group ID that the virtual host runs under.
+#
+# @param wsgi_application_group
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, 
+#   and wsgi_pass_authorization.<br />
+#   This parameter defines the [`WSGIApplicationGroup directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html),
+#   thus allowing you to specify which application group the WSGI application belongs to,
+#   with all WSGI applications within the same group executing within the context of the
+#   same Python sub interpreter.
+#
+# @param wsgi_import_script
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, 
+#   and wsgi_pass_authorization.<br />
+#   This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html),
+#   which can be used in order to specify a script file to be loaded upon a process starting.
+#
+# @param wsgi_import_script_options
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, 
+#   and wsgi_pass_authorization.<br />
+#   This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html),
+#   which can be used in order to specify a script file to be loaded upon a process starting.<br />
+#   Specifies the process and aplication groups of the script.
+#
+# @param wsgi_chunked_request
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, 
+#   and wsgi_pass_authorization.<br />
+#   This parameter defines the [`WSGIChunkedRequest directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIChunkedRequest.html),
+#   allowing you to enable support for chunked request content.<br />
+#   WSGI is technically incapable of supporting chunked request content without all chunked
+#   request content having first been read in and buffered.
+#
+# @param wsgi_process_group
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options,  
+#   wsgi_script_aliases and wsgi_pass_authorization.<br />
+#   Requires a hash of web paths to filesystem `.wsgi paths/`.
+#
+# @param wsgi_script_aliases
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, 
+#   and wsgi_pass_authorization.<br />
+#   Uses the WSGI application to handle authorization instead of Apache when set to `On`.<br />
+#   For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).
+#
+# @param wsgi_script_aliases_match
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, 
+#   and wsgi_pass_authorization.<br />
+#   Uses the WSGI application to handle authorization instead of Apache when set to `On`.<br />
+#   This directive is similar to `wsgi_script_aliases`, but makes use of regular expressions
+#   in place of simple prefix matching.<br />
+#   For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).
+# 
+# @param wsgi_pass_authorization
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group and
+#   wsgi_script_aliases.<br />
+#   Enables support for chunked requests.
+#
+# @param directories
+#   The `directories` parameter within the `apache::vhost` class passes an array of hashes 
+#   to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory), 
+#   [File](https://httpd.apache.org/docs/current/mod/core.html#files), and 
+#   [Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. 
+#   These blocks take the form, `< Directory /path/to/directory>...< /Directory>`.<br />
+#   The `path` key sets the path for the directory, files, and location blocks. Its value 
+#   must be a path for the `directory`, `files`, and `location` providers, or a regex for 
+#   the `directorymatch`, `filesmatch`, or `locationmatch` providers. Each hash passed to 
+#   `directories` **must** contain `path` as one of the keys.<br />
+#   The `provider` key is optional. If missing, this key defaults to `directory`.
+#    Values: `directory`, `files`, `proxy`, `location`, `directorymatch`, `filesmatch`, 
+#   `proxymatch` or `locationmatch`. If you set `provider` to `directorymatch`, it 
+#   uses the keyword `DirectoryMatch` in the Apache config file.<br />
+#   An example use of `directories`:
+#   ``` puppet
+#   apache::vhost { 'files.example.net':
+#     docroot     => '/var/www/files',
+#     directories => [
+#       { 'path'     => '/var/www/files',
+#         'provider' => 'files',
+#         'deny'     => 'from all',
+#       },
+#     ],
+#   }
+#   ```
+#   > **Note:** At least one directory should match the `docroot` parameter. After you 
+#   start declaring directories, `apache::vhost` assumes that all required Directory blocks 
+#   will be declared. If not defined, a single default Directory block is created that matches 
+#   the `docroot` parameter.<br />
+#   Available handlers, represented as keys, should be placed within the `directory`, 
+#   `files`, or `location` hashes. This looks like
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     docroot     => '/path/to/directory',
+#     directories => [ { path => '/path/to/directory', handler => value } ],
+#   }
+#   ```
+#   Any handlers you do not set in these hashes are considered `undefined` within Puppet and 
+#   are not added to the virtual host, resulting in the module using their default values.
+#
+# @param custom_fragment
+#   Pass a string of custom configuration directives to be placed at the end of the directory 
+#   configuration.
+#   ``` puppet
+#   apache::vhost { 'monitor':
+#     ...
+#     directories => [
+#       {
+#         path => '/path/to/directory',
+#         custom_fragment => '
+#   <Location /balancer-manager>
+#     SetHandler balancer-manager
+#     Order allow,deny
+#     Allow from all
+#   </Location>
+#   <Location /server-status>
+#     SetHandler server-status
+#     Order allow,deny
+#     Allow from all
+#   </Location>
+#   ProxyStatus On',
+#       },
+#     ]
+#   }
+#   ```
+#
+# @param error_documents
+#   An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) 
+#   settings for the directory.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     directories => [
+#       { path            => '/srv/www',
+#         error_documents => [
+#           { 'error_code' => '503',
+#             'document'   => '/service-unavail',
+#           },
+#         ],
+#       },
+#     ],
+#   }
+#   ```
+#
+# @param h2_copy_files
+#   Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive.<br />
+#   Note that you must declare `class {'apache::mod::http2': }` before using this directive.
+#
+# @param h2_push_resource
+#   Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive.<br />
+#   Note that you must declare `class {'apache::mod::http2': }` before using this directive.
+#
+# @param headers
+#   Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     docroot     => '/path/to/directory',
+#     directories => {
+#       path    => '/path/to/directory',
+#       headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
+#     },
+#   }
+#   ```
+#
+# @param options
+#   Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the 
+#   given Directory block.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     docroot     => '/path/to/directory',
+#     directories => [
+#       { path    => '/path/to/directory',
+#         options => ['Indexes','FollowSymLinks','MultiViews'],
+#       },
+#     ],
+#   }
+#   ```
+# 
+# @param shib_compat_valid_user
+#   Default is Off, matching the behavior prior to this command's existence. Addresses a conflict 
+#   when using Shibboleth in conjunction with other auth/auth modules by restoring `standard` 
+#   Apache behavior when processing the `valid-user` and `user` Require rules. See the 
+#   [`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions), 
+#   and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess) 
+#   topic for more details. This key is disabled if `apache::mod::shib` is not defined.
+#
+# @param ssl_options
+#   String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), 
+#   which configure SSL engine run-time options. This handler takes precedence over SSLOptions 
+#   set in the parent block of the virtual host.
+#   ``` puppet
+#   apache::vhost { 'secure.example.net':
+#     docroot     => '/path/to/directory',
+#     directories => [
+#       { path        => '/path/to/directory',
+#         ssl_options => '+ExportCertData',
+#       },
+#       { path        => '/path/to/different/dir',
+#         ssl_options => ['-StdEnvVars', '+ExportCertData'],
+#       },
+#     ],
+#   }
+#   ```
+#
+# @param additional_includes
+#   Specifies paths to additional static, specific Apache configuration files in virtual 
+#   host directories.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     docroot     => '/path/to/directory',
+#     directories => [
+#       { path  => '/path/to/different/dir',
+#         additional_includes => ['/custom/path/includes', '/custom/path/another_includes',],
+#       },
+#     ],
+#   }
+#   ```
+# 
+# @param gssapi
+#  Specfies mod_auth_gssapi parameters for particular directories in a virtual host directory
+#  ```puppet
+#   include apache::mod::auth_gssapi
+#   apache::vhost { 'sample.example.net':
+#     docroot     => '/path/to/directory',
+#     directories => [
+#       { path   => '/path/to/different/dir',
+#         gssapi => {
+#           credstore => 'keytab:/foo/bar.keytab',
+#           localname => 'Off',
+#           sslonly   => 'On',
+#         }
+#       },
+#     ],
+#   }
+#   ```
+#
+# @param ssl
+#   Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries.
+#
+# @param ssl_ca
+#   Specifies the SSL certificate authority to be used to verify client certificates used 
+#   for authentication.
+#
+# @param ssl_cert
+#   Specifies the SSL certification.
+#
+# @param ssl_protocol
+#   Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). 
+#   Expects an array or space separated string of accepted protocols.
+#
+# @param ssl_cipher
+#   Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite).
+#
+# @param ssl_honorcipherorder
+#   Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), 
+#   to cause Apache to use the server's preferred order of ciphers rather than the client's 
+#   preferred order.
+#
+# @param ssl_certs_dir
+#   Specifies the location of the SSL certification directory to verify client certs.
+#
+# @param ssl_chain
+#   Specifies the SSL chain. This default works out of the box, but it must be updated in 
+#   the base `apache` class with your specific certificate information before being used in 
+#   production.
+#
+# @param ssl_crl
+#   Specifies the certificate revocation list to use. (This default works out of the box but 
+#   must be updated in the base `apache` class with your specific certificate information 
+#   before being used in production.)
+#
+# @param ssl_crl_path
+#   Specifies the location of the certificate revocation list to verify certificates for 
+#   client authentication with. (This default works out of the box but must be updated in 
+#   the base `apache` class with your specific certificate information before being used in 
+#   production.)
+#
+# @param ssl_crl_check
+#   Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck) 
+#   for ssl client authentication. The default works out of the box but must be specified when 
+#   using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on 
+#   older versions.
+#
+# @param ssl_key
+#   Specifies the SSL key.<br />
+#   Defaults are based on your operating system. Default work out of the box but must be 
+#   updated in the base `apache` class with your specific certificate information before 
+#   being used in production.
+#
+# @param ssl_verify_client
+#   Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) 
+#   directive, which sets the certificate verification level for client authentication.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     ...
+#     ssl_verify_client => 'optional',
+#   }
+#   ```
+#
+# @param ssl_verify_depth
+#   Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) 
+#   directive, which specifies the maximum depth of CA certificates in client certificate 
+#   verification. You must set `ssl_verify_client` for it to take effect.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     ...
+#     ssl_verify_client => 'require',
+#     ssl_verify_depth => 1,
+#   }
+#   ```
+#
+# @param ssl_proxy_protocol
+#   Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) 
+#   directive, which controls which SSL protocol flavors `mod_ssl` should use when establishing 
+#   its server environment for proxy. It connects to servers using only one of the provided 
+#   protocols.
+#
+# @param ssl_proxy_verify
+#   Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) 
+#   directive, which configures certificate verification of the remote server when a proxy is 
+#   configured to forward requests to a remote SSL server.
+#
+# @param ssl_proxy_verify_depth
+#   Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth) 
+#   directive, which configures how deeply mod_ssl should verify before deciding that the 
+#   remote server does not have a valid certificate.<br />
+#   A depth of 0 means that only self-signed remote server certificates are accepted, 
+#   the default depth of 1 means the remote server certificate can be self-signed or 
+#   signed by a CA that is directly known to the server.
+#
+# @param ssl_proxy_cipher_suite
+#   Sets the [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite) 
+#   directive, which controls cipher suites supported for ssl proxy traffic.
+#
+# @param ssl_proxy_ca_cert
+#   Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile) 
+#   directive, which specifies an all-in-one file where you can assemble the Certificates 
+#   of Certification Authorities (CA) whose remote servers you deal with. These are used 
+#   for Remote Server Authentication. This file should be a concatenation of the PEM-encoded 
+#   certificate files in order of preference.
+#
+# @param ssl_proxy_machine_cert
+#   Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) 
+#   directive, which specifies an all-in-one file where you keep the certs and keys used 
+#   for this server to authenticate itself to remote servers. This file should be a 
+#   concatenation of the PEM-encoded certificate files in order of preference.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     ...
+#     ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem',
+#   }
+#   ```
+# @param ssl_proxy_machine_cert_chain
+#   Sets the [SSLProxyMachineCertificateChainFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatechainfile)
+#   directive, which specifies an all-in-one file where you keep the certificate chain for
+#   all of the client certs in use. This directive will be needed if the remote server
+#   presents a list of CA certificates that are not direct signers of one of the configured
+#   client certificates. This referenced file is simply the concatenation of the various
+#   PEM-encoded certificate files. Upon startup, each client certificate configured will be
+#   examined and a chain of trust will be constructed.
+#
+# @param ssl_proxy_check_peer_cn
+#   Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) 
+#   directive, which specifies whether the remote server certificate's CN field is compared 
+#   against the hostname of the request URL.
+#
+# @param ssl_proxy_check_peer_name
+#   Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) 
+#   directive, which specifies whether the remote server certificate's CN field is compared 
+#   against the hostname of the request URL.
+#
+# @param ssl_proxy_check_peer_expire
+#   Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) 
+#   directive, which specifies whether the remote server certificate is checked for expiration 
+#   or not.
+#
+# @param ssl_options
+#   Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) 
+#   directive, which configures various SSL engine run-time options. This is the global 
+#   setting for the given virtual host and can be a string or an array.<br />
+#   A string:
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     ...
+#     ssl_options => '+ExportCertData',
+#   }
+#   ```
+#   An array:
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     ...
+#     ssl_options => ['+StrictRequire', '+ExportCertData'],
+#   }
+#   ```
+#
+# @param ssl_openssl_conf_cmd
+#   Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) 
+#   directive, which provides direct configuration of OpenSSL parameters.
+#
+# @param ssl_proxyengine
+#   Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine).
+#
+# @param ssl_stapling
+#   Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). 
+#   By default, uses what is set globally.<br />
+#   This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+#
+# @param ssl_stapling_timeout
+#   Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive.<br />
+#   This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+#
+# @param ssl_stapling_return_errors
+#   Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.<br />
+#   This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+#
+# @param ssl_user_name
+#   Sets the [SSLUserName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusername) directive.
+#
+# @param ssl_reload_on_change
+#   Enable reloading of apache if the content of ssl files have changed.
+#
+# @param use_canonical_name
+#   Specifies whether to use the [`UseCanonicalName directive`](https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname),
+#   which allows you to configure how the server determines it's own name and port.
+# 
+# @param define
+#   this lets you define configuration variables inside a vhost using [`Define`](https://httpd.apache.org/docs/2.4/mod/core.html#define),
+#   these can then be used to replace configuration values. All Defines are Undefined at the end of the VirtualHost.
+#
+# @param auth_oidc
+#   Enable `mod_auth_openidc` parameters for OpenID Connect authentication.
+#
+# @param oidc_settings
+#   An Apache::OIDCSettings Struct containing (mod_auth_openidc settings)[https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf].
+#
+# @param limitreqfields
+#   The `limitreqfields` parameter sets the maximum number of request header fields in
+#   an HTTP request. This directive gives the server administrator greater control over
+#   abnormal client request behavior, which may be useful for avoiding some forms of
+#   denial-of-service attacks. The value should be increased if normal clients see an error
+#   response from the server that indicates too many fields were sent in the request.
+#
+# @param limitreqfieldsize
+#   The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will
+#   be allowed within a request header.
+#
+# @param limitreqline
+#   Limit the size of the HTTP request line that will be accepted from the client
+#   This directive sets the number of bytes that will be allowed on the HTTP
+#   request-line. The LimitRequestLine directive allows the server administrator
+#   to set the limit on the allowed size of a client's HTTP request-line. Since
+#   the request-line consists of the HTTP method, URI, and protocol version, the
+#   LimitRequestLine directive places a restriction on the length of a request-URI
+#   allowed for a request on the server. A server needs this value to be large
+#   enough to hold any of its resource names, including any information that might
+#   be passed in the query part of a GET request.
+#
+# @param limitreqbody
+#   Restricts the total size of the HTTP request body sent from the client
+#   The LimitRequestBody directive allows the user to set a limit on the allowed
+#   size of an HTTP request message body within the context in which the
+#   directive is given (server, per-directory, per-file or per-location). If the
+#   client request exceeds that limit, the server will return an error response
+#   instead of servicing the request.
+#
+# @param $use_servername_for_filenames
+#   When set to true, default log / config file names will be derived from the sanitized
+#   value of the $servername parameter.
+#   When set to false (default), the existing behaviour of using the $name parameter
+#   will remain.
+#
+# @param $use_port_for_filenames
+#   When set to true and use_servername_for_filenames is also set to true, default log /
+#   config file names will be derived from the sanitized value of both the $servername and
+#   $port parameters.
+#   When set to false (default), the port is not included in the file names and may lead to
+#   duplicate declarations if two virtual hosts use the same domain.
+#
+# @param $mdomain
+#   All the names in the list are managed as one Managed Domain (MD). mod_md will request
+#   one single certificate that is valid for all these names.
+define apache::vhost (
+  Variant[Boolean,String] $docroot,
+  $manage_docroot                                                                   = true,
+  $virtual_docroot                                                                  = false,
+  $virtual_use_default_docroot                                                      = false,
+  $port                                                                             = undef,
+  $ip                                                                               = undef,
+  Boolean $ip_based                                                                 = false,
+  $add_listen                                                                       = true,
+  $docroot_owner                                                                    = 'root',
+  $docroot_group                                                                    = $apache::params::root_group,
+  $docroot_mode                                                                     = undef,
+  Array[Enum['h2', 'h2c', 'http/1.1']] $protocols                                   = [],
+  Optional[Boolean] $protocols_honor_order                                          = undef,
+  $serveradmin                                                                      = undef,
+  Boolean $ssl                                                                      = false,
+  $ssl_cert                                                                         = $apache::default_ssl_cert,
+  $ssl_key                                                                          = $apache::default_ssl_key,
+  $ssl_chain                                                                        = $apache::default_ssl_chain,
+  $ssl_ca                                                                           = $apache::default_ssl_ca,
+  $ssl_crl_path                                                                     = $apache::default_ssl_crl_path,
+  $ssl_crl                                                                          = $apache::default_ssl_crl,
+  $ssl_crl_check                                                                    = $apache::default_ssl_crl_check,
+  $ssl_certs_dir                                                                    = $apache::params::ssl_certs_dir,
+  Boolean $ssl_reload_on_change                                                     = $apache::default_ssl_reload_on_change,
+  $ssl_protocol                                                                     = undef,
+  $ssl_cipher                                                                       = undef,
+  Variant[Boolean, Enum['on', 'On', 'off', 'Off'], Undef] $ssl_honorcipherorder     = undef,
+  Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_verify_client = undef,
+  $ssl_verify_depth                                                                 = undef,
+  Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_proxy_verify = undef,
+  Optional[Integer[0]] $ssl_proxy_verify_depth                                      = undef,
+  $ssl_proxy_ca_cert                                                                = undef,
+  Optional[Enum['on', 'off']] $ssl_proxy_check_peer_cn                              = undef,
+  Optional[Enum['on', 'off']] $ssl_proxy_check_peer_name                            = undef,
+  Optional[Enum['on', 'off']] $ssl_proxy_check_peer_expire                          = undef,
+  $ssl_proxy_machine_cert                                                           = undef,
+  $ssl_proxy_machine_cert_chain                                                     = undef,
+  $ssl_proxy_cipher_suite                                                           = undef,
+  $ssl_proxy_protocol                                                               = undef,
+  $ssl_options                                                                      = undef,
+  $ssl_openssl_conf_cmd                                                             = undef,
+  Boolean $ssl_proxyengine                                                          = false,
+  Optional[Boolean] $ssl_stapling                                                   = undef,
+  $ssl_stapling_timeout                                                             = undef,
+  $ssl_stapling_return_errors                                                       = undef,
+  Optional[String] $ssl_user_name                                                   = undef,
+  $priority                                                                         = undef,
+  Boolean $default_vhost                                                            = false,
+  $servername                                                                       = $name,
+  $serveraliases                                                                    = [],
+  $options                                                                          = ['Indexes','FollowSymLinks','MultiViews'],
+  $override                                                                         = ['None'],
+  $directoryindex                                                                   = '',
+  $vhost_name                                                                       = '*',
+  $logroot                                                                          = $apache::logroot,
+  Enum['directory', 'absent'] $logroot_ensure                                       = 'directory',
+  $logroot_mode                                                                     = undef,
+  $logroot_owner                                                                    = undef,
+  $logroot_group                                                                    = undef,
+  Optional[Apache::LogLevel] $log_level                                             = undef,
+  Boolean $access_log                                                               = true,
+  $access_log_file                                                                  = false,
+  $access_log_pipe                                                                  = false,
+  $access_log_syslog                                                                = false,
+  $access_log_format                                                                = false,
+  $access_log_env_var                                                               = false,
+  Optional[Array] $access_logs                                                      = undef,
+  Optional[Boolean] $use_servername_for_filenames                                   = false,
+  Optional[Boolean] $use_port_for_filenames                                         = false,
+  $aliases                                                                          = undef,
+  Optional[Variant[Hash, Array[Variant[Array,Hash]]]] $directories                  = undef,
+  Boolean $error_log                                                                = true,
+  $error_log_file                                                                   = undef,
+  $error_log_pipe                                                                   = undef,
+  $error_log_syslog                                                                 = undef,
+  Optional[
+    Array[
+      Variant[
+        String,
+        Hash[String, Enum['connection', 'request']]
+      ]
+    ]
+  ]       $error_log_format                                                         = undef,
+  Optional[Pattern[/^((Strict|Unsafe)?\s*(\b(Registered|Lenient)Methods)?\s*(\b(Allow0\.9|Require1\.0))?)$/]] $http_protocol_options = undef,
+  $modsec_audit_log                                                                 = undef,
+  $modsec_audit_log_file                                                            = undef,
+  $modsec_audit_log_pipe                                                            = undef,
+  $error_documents                                                                  = [],
+  Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]] $fallbackresource       = undef,
+  $scriptalias                                                                      = undef,
+  $scriptaliases                                                                    = [],
+  Optional[Integer] $limitreqfieldsize                                              = undef,
+  Optional[Integer] $limitreqfields                                                 = undef,
+  Optional[Integer] $limitreqline                                                   = undef,
+  Optional[Integer] $limitreqbody                                                   = undef,
+  $proxy_dest                                                                       = undef,
+  $proxy_dest_match                                                                 = undef,
+  $proxy_dest_reverse_match                                                         = undef,
+  $proxy_pass                                                                       = undef,
+  $proxy_pass_match                                                                 = undef,
+  Boolean $proxy_requests                                                           = false,
+  $suphp_addhandler                                                                 = $apache::params::suphp_addhandler,
+  Enum['on', 'off'] $suphp_engine                                                   = $apache::params::suphp_engine,
+  $suphp_configpath                                                                 = $apache::params::suphp_configpath,
+  $php_flags                                                                        = {},
+  $php_values                                                                       = {},
+  $php_admin_flags                                                                  = {},
+  $php_admin_values                                                                 = {},
+  $no_proxy_uris                                                                    = [],
+  $no_proxy_uris_match                                                              = [],
+  $proxy_preserve_host                                                              = false,
+  $proxy_add_headers                                                                = undef,
+  $proxy_error_override                                                             = false,
+  $redirect_source                                                                  = '/',
+  $redirect_dest                                                                    = undef,
+  $redirect_status                                                                  = undef,
+  $redirectmatch_status                                                             = undef,
+  $redirectmatch_regexp                                                             = undef,
+  $redirectmatch_dest                                                               = undef,
+  $headers                                                                          = undef,
+  $request_headers                                                                  = undef,
+  $filters                                                                          = undef,
+  Optional[Array] $rewrites                                                         = undef,
+  $rewrite_base                                                                     = undef,
+  $rewrite_rule                                                                     = undef,
+  $rewrite_cond                                                                     = undef,
+  $rewrite_inherit                                                                  = false,
+  $setenv                                                                           = [],
+  $setenvif                                                                         = [],
+  $setenvifnocase                                                                   = [],
+  $block                                                                            = [],
+  Enum['absent', 'present'] $ensure                                                 = 'present',
+  $wsgi_application_group                                                           = undef,
+  Optional[Variant[String,Hash]] $wsgi_daemon_process                               = undef,
+  Optional[Hash] $wsgi_daemon_process_options                                       = undef,
+  $wsgi_import_script                                                               = undef,
+  Optional[Hash] $wsgi_import_script_options                                        = undef,
+  $wsgi_process_group                                                               = undef,
+  Optional[Hash] $wsgi_script_aliases_match                                         = undef,
+  Optional[Hash] $wsgi_script_aliases                                               = undef,
+  Optional[Enum['on', 'off', 'On', 'Off']] $wsgi_pass_authorization                 = undef,
+  $wsgi_chunked_request                                                             = undef,
+  Optional[String] $custom_fragment                                                 = undef,
+  Optional[Hash] $itk                                                               = undef,
+  $action                                                                           = undef,
+  $fastcgi_server                                                                   = undef,
+  $fastcgi_socket                                                                   = undef,
+  $fastcgi_dir                                                                      = undef,
+  $fastcgi_idle_timeout                                                             = undef,
+  $additional_includes                                                              = [],
+  $use_optional_includes                                                            = $apache::use_optional_includes,
+  $apache_version                                                                   = $apache::apache_version,
+  Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes                    = undef,
+  Optional[Pattern[/^[\w-]+ [\w-]+$/]] $suexec_user_group                           = undef,
+
+  Optional[Boolean] $h2_copy_files                                                  = undef,
+  Optional[Boolean] $h2_direct                                                      = undef,
+  Optional[Boolean] $h2_early_hints                                                 = undef,
+  Optional[Integer] $h2_max_session_streams                                         = undef,
+  Optional[Boolean] $h2_modern_tls_only                                             = undef,
+  Optional[Boolean] $h2_push                                                        = undef,
+  Optional[Integer] $h2_push_diary_size                                             = undef,
+  Array[String]     $h2_push_priority                                               = [],
+  Array[String]     $h2_push_resource                                               = [],
+  Optional[Boolean] $h2_serialize_headers                                           = undef,
+  Optional[Integer] $h2_stream_max_mem_size                                         = undef,
+  Optional[Integer] $h2_tls_cool_down_secs                                          = undef,
+  Optional[Integer] $h2_tls_warm_up_size                                            = undef,
+  Optional[Boolean] $h2_upgrade                                                     = undef,
+  Optional[Integer] $h2_window_size                                                 = undef,
+
+  Optional[Boolean] $passenger_enabled                                              = undef,
+  Optional[String] $passenger_base_uri                                              = undef,
+  Optional[Stdlib::Absolutepath] $passenger_ruby                                    = undef,
+  Optional[Stdlib::Absolutepath] $passenger_python                                  = undef,
+  Optional[Stdlib::Absolutepath] $passenger_nodejs                                  = undef,
+  Optional[String] $passenger_meteor_app_settings                                   = undef,
+  Optional[String] $passenger_app_env                                               = undef,
+  Optional[Stdlib::Absolutepath] $passenger_app_root                                = undef,
+  Optional[String] $passenger_app_group_name                                        = undef,
+  Optional[String] $passenger_app_start_command                                     = undef,
+  Optional[Enum['meteor', 'node', 'rack', 'wsgi']] $passenger_app_type              = undef,
+  Optional[String] $passenger_startup_file                                          = undef,
+  Optional[String] $passenger_restart_dir                                           = undef,
+  Optional[Enum['direct', 'smart']] $passenger_spawn_method                         = undef,
+  Optional[Boolean] $passenger_load_shell_envvars                                   = undef,
+  Optional[Boolean] $passenger_rolling_restarts                                     = undef,
+  Optional[Boolean] $passenger_resist_deployment_errors                             = undef,
+  Optional[String] $passenger_user                                                  = undef,
+  Optional[String] $passenger_group                                                 = undef,
+  Optional[Boolean] $passenger_friendly_error_pages                                 = undef,
+  Optional[Integer] $passenger_min_instances                                        = undef,
+  Optional[Integer] $passenger_max_instances                                        = undef,
+  Optional[Integer] $passenger_max_preloader_idle_time                              = undef,
+  Optional[Integer] $passenger_force_max_concurrent_requests_per_process            = undef,
+  Optional[Integer] $passenger_start_timeout                                        = undef,
+  Optional[Enum['process', 'thread']] $passenger_concurrency_model                  = undef,
+  Optional[Integer] $passenger_thread_count                                         = undef,
+  Optional[Integer] $passenger_max_requests                                         = undef,
+  Optional[Integer] $passenger_max_request_time                                     = undef,
+  Optional[Integer] $passenger_memory_limit                                         = undef,
+  Optional[Integer] $passenger_stat_throttle_rate                                   = undef,
+  Optional[Variant[String,Array[String]]] $passenger_pre_start                      = undef,
+  Optional[Boolean] $passenger_high_performance                                     = undef,
+  Optional[Boolean] $passenger_buffer_upload                                        = undef,
+  Optional[Boolean] $passenger_buffer_response                                      = undef,
+  Optional[Boolean] $passenger_error_override                                       = undef,
+  Optional[Integer] $passenger_max_request_queue_size                               = undef,
+  Optional[Integer] $passenger_max_request_queue_time                               = undef,
+  Optional[Boolean] $passenger_sticky_sessions                                      = undef,
+  Optional[String] $passenger_sticky_sessions_cookie_name                           = undef,
+  Optional[String] $passenger_sticky_sessions_cookie_attributes                     = undef,
+  Optional[Boolean] $passenger_allow_encoded_slashes                                = undef,
+  Optional[String] $passenger_app_log_file                                          = undef,
+  Optional[Boolean] $passenger_debugger                                             = undef,
+  Optional[Integer] $passenger_lve_min_uid                                          = undef,
+  $add_default_charset                                                              = undef,
+  $modsec_disable_vhost                                                             = undef,
+  Optional[Variant[Hash, Array]] $modsec_disable_ids                                = undef,
+  $modsec_disable_ips                                                               = undef,
+  Optional[Variant[Hash, Array]] $modsec_disable_msgs                               = undef,
+  Optional[Variant[Hash, Array]] $modsec_disable_tags                               = undef,
+  $modsec_body_limit                                                                = undef,
+  $jk_mounts                                                                        = undef,
+  Boolean $auth_kerb                                                                = false,
+  $krb_method_negotiate                                                             = 'on',
+  $krb_method_k5passwd                                                              = 'on',
+  $krb_authoritative                                                                = 'on',
+  $krb_auth_realms                                                                  = [],
+  $krb_5keytab                                                                      = undef,
+  $krb_local_user_mapping                                                           = undef,
+  $krb_verify_kdc                                                                   = 'on',
+  $krb_servicename                                                                  = 'HTTP',
+  $krb_save_credentials                                                             = 'off',
+  Optional[Enum['on', 'off']] $keepalive                                            = undef,
+  $keepalive_timeout                                                                = undef,
+  $max_keepalive_requests                                                           = undef,
+  $cas_attribute_prefix                                                             = undef,
+  $cas_attribute_delimiter                                                          = undef,
+  $cas_root_proxied_as                                                              = undef,
+  $cas_scrub_request_headers                                                        = undef,
+  $cas_sso_enabled                                                                  = undef,
+  $cas_login_url                                                                    = undef,
+  $cas_validate_url                                                                 = undef,
+  $cas_validate_saml                                                                = undef,
+  $cas_cookie_path                                                                  = undef,
+  Optional[String] $shib_compat_valid_user                                          = undef,
+  Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']] $use_canonical_name        = undef,
+  Optional[Variant[String,Array[String]]] $comment                                  = undef,
+  Hash $define                                                                      = {},
+  Boolean $auth_oidc                                                                = false,
+  Optional[Apache::OIDCSettings] $oidc_settings                                     = undef,
+  Optional[Variant[Boolean,String]] $mdomain                                        = undef,
+) {
+  # The base class must be included first because it is used by parameter defaults
+  if ! defined(Class['apache']) {
+    fail('You must include the apache base class before using any apache defined resources')
+  }
+
+  $apache_name = $apache::apache_name
+
+  if $rewrites {
+    unless empty($rewrites) {
+      $rewrites_flattened = delete_undef_values(flatten([$rewrites]))
+      assert_type(Array[Hash], $rewrites_flattened)
+    }
+  }
+
+  # Input validation begins
+
+  if $access_log_file and $access_log_pipe {
+    fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time")
+  }
+
+  if $error_log_file and $error_log_pipe {
+    fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time")
+  }
+
+  if $modsec_audit_log_file and $modsec_audit_log_pipe {
+    fail("Apache::Vhost[${name}]: 'modsec_audit_log_file' and 'modsec_audit_log_pipe' cannot be defined at the same time")
+  }
+
+  # Input validation ends
+
+  if $ssl and $ensure == 'present' {
+    include apache::mod::ssl
+    # Required for the AddType lines.
+    include apache::mod::mime
+  }
+
+  if $ssl_honorcipherorder =~ Boolean or $ssl_honorcipherorder == undef {
+    $_ssl_honorcipherorder = $ssl_honorcipherorder
+  } else {
+    $_ssl_honorcipherorder = $ssl_honorcipherorder ? {
+      'on'    => true,
+      'On'    => true,
+      'off'   => false,
+      'Off'   => false,
+      default => true,
+    }
+  }
+
+  if $auth_kerb and $ensure == 'present' {
+    include apache::mod::auth_kerb
+  }
+
+  if $auth_oidc and $ensure == 'present' {
+    include apache::mod::auth_openidc
+  }
+
+  if $virtual_docroot {
+    include apache::mod::vhost_alias
+  }
+
+  if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization {
+    include apache::mod::wsgi
+  }
+
+  if $suexec_user_group {
+    include apache::mod::suexec
+  }
+
+  if $passenger_enabled != undef or $passenger_start_timeout != undef or $passenger_ruby != undef or $passenger_python != undef or $passenger_nodejs != undef or $passenger_meteor_app_settings != undef or $passenger_app_env != undef or $passenger_app_root != undef or $passenger_app_group_name != undef or $passenger_app_start_command != undef or $passenger_app_type != undef or $passenger_startup_file != undef or $passenger_restart_dir != undef or $passenger_spawn_method != undef or $passenger_load_shell_envvars != undef or $passenger_rolling_restarts != undef or $passenger_resist_deployment_errors != undef or $passenger_min_instances != undef or $passenger_max_instances != undef or $passenger_max_preloader_idle_time != undef or $passenger_force_max_concurrent_requests_per_process != undef or $passenger_concurrency_model != undef or $passenger_thread_count != undef or $passenger_high_performance != undef or $passenger_max_request_queue_size != undef or $passenger_max_request_queue_time != undef or $passenger_user != undef or $passenger_group != undef or $passenger_friendly_error_pages != undef or $passenger_buffer_upload != undef or $passenger_buffer_response != undef or $passenger_allow_encoded_slashes != undef or $passenger_lve_min_uid != undef or $passenger_base_uri != undef or $passenger_error_override != undef or $passenger_sticky_sessions != undef or $passenger_sticky_sessions_cookie_name != undef or $passenger_sticky_sessions_cookie_attributes != undef or $passenger_app_log_file != undef or $passenger_debugger != undef or $passenger_max_requests != undef or $passenger_max_request_time != undef or $passenger_memory_limit != undef {
+    include apache::mod::passenger
+  }
+
+  # Configure the defaultness of a vhost
+  if $priority {
+    $priority_real = "${priority}-"
+  } elsif $priority == false {
+    $priority_real = ''
+  } elsif $default_vhost {
+    $priority_real = '10-'
+  } else {
+    $priority_real = '25-'
+  }
+
+  # https://httpd.apache.org/docs/2.4/fr/mod/core.html#servername
+  # Syntax:	ServerName [scheme://]domain-name|ip-address[:port]
+  # Sometimes, the server runs behind a device that processes SSL, such as a reverse proxy, load balancer or SSL offload
+  # appliance.
+  # When this is the case, specify the https:// scheme and the port number to which the clients connect in the ServerName
+  # directive to make sure that the server generates the correct self-referential URLs.
+  $normalized_servername = regsubst($servername, '(https?:\/\/)?([a-z0-9\/%_+.,#?!@&=-]+)(:?\d+)?', '\2', 'G')
+
+  # IAC-1186: A number of configuration and log file names are generated using the $name parameter. It is possible for
+  # the $name parameter to contain spaces, which could then be transferred to the log / config filenames. Although
+  # POSIX compliant, this can be cumbersome.
+  #
+  # It seems more appropriate to use the $servername parameter to derive default log / config filenames from. We should
+  # also perform some sanitiation on the $servername parameter to strip spaces from it, as it defaults to the value of
+  # $name, should $servername NOT be defined.
+  #
+  # Because a single hostname may be use by multiple virtual hosts listening on different ports, the $port paramter can
+  # optionaly be used to avoid duplicate resources.
+  #
+  # We will retain the default behaviour for filenames but allow the use of a sanitized version of $servername to be
+  # used, using the new $use_servername_for_filenames and $use_port_for_filenames parameters.
+  #
+  # This will default to false until the next major release (v7.0.0), at which point, we will default this to true and
+  # warn about it's imminent deprecation in the subsequent major release (v8.0.0)
+  #
+  # In v8.0.0, we will deprecate the $use_servername_for_filenames and $use_port_for_filenames parameters altogether
+  # and use the sanitized value of $servername for default log / config filenames.
+  $filename = $use_servername_for_filenames ? {
+    true => $use_port_for_filenames ? {
+      true  => regsubst("${normalized_servername}-${port}", ' ', '_', 'G'),
+      false => regsubst($normalized_servername, ' ', '_', 'G'),
+    },
+    false => $name,
+  }
+
+  if ! $use_servername_for_filenames and $name != $normalized_servername {
+    $use_servername_for_filenames_warn_msg = '
+    It is possible for the $name parameter to be defined with spaces in it. Although supported on POSIX systems, this
+    can lead to cumbersome file names. The $servername attribute has stricter conditions from Apache (i.e. no spaces)
+    When $use_servername_for_filenames = true, the $servername parameter, sanitized, is used to construct log and config
+    file names.
+
+    From version v7.0.0 of the puppetlabs-apache module, this parameter will default to true. From version v8.0.0 of the
+    module, the $use_servername_for_filenames will be removed and log/config file names will be derived from the
+    sanitized $servername parameter when not explicitly defined.'
+    warning($use_servername_for_filenames_warn_msg)
+  } elsif ! $use_port_for_filenames {
+    $use_port_for_filenames_warn_msg = '
+    It is possible for multiple virtual hosts to be configured using the same $servername but a different port. When
+    using $use_servername_for_filenames, this can lead to duplicate resource declarations.
+    When $use_port_for_filenames = true, the $servername and $port parameters, sanitized, are used to construct log and
+    config file names.
+
+    From version v7.0.0 of the puppetlabs-apache module, this parameter will default to true. From version v8.0.0 of the
+    module, the $use_port_for_filenames will be removed and log/config file names will be derived from the
+    sanitized $servername parameter when not explicitly defined.'
+    warning($use_port_for_filenames_warn_msg)
+  }
+
+  # This ensures that the docroot exists
+  # But enables it to be specified across multiple vhost resources
+  if $manage_docroot and $docroot and ! defined(File[$docroot]) {
+    file { $docroot:
+      ensure  => directory,
+      owner   => $docroot_owner,
+      group   => $docroot_group,
+      mode    => $docroot_mode,
+      require => Package['httpd'],
+      before  => Concat["${priority_real}${filename}.conf"],
+    }
+  }
+
+  # Same as above, but for logroot
+  if ! defined(File[$logroot]) {
+    file { $logroot:
+      ensure  => $logroot_ensure,
+      owner   => $logroot_owner,
+      group   => $logroot_group,
+      mode    => $logroot_mode,
+      require => Package['httpd'],
+      before  => Concat["${priority_real}${filename}.conf"],
+      notify  => Class['Apache::Service'],
+    }
+  }
+
+  # Is apache::mod::shib enabled (or apache::mod['shib2'])
+  $shibboleth_enabled = defined(Apache::Mod['shib2'])
+
+  # Is apache::mod::cas enabled (or apache::mod['cas'])
+  $cas_enabled = defined(Apache::Mod['auth_cas'])
+
+  if $access_log and !$access_logs {
+    $_access_logs = [{
+        'file'        => $access_log_file,
+        'pipe'        => $access_log_pipe,
+        'syslog'      => $access_log_syslog,
+        'format'      => $access_log_format,
+        'env'         => $access_log_env_var
+    }]
+  } elsif $access_logs {
+    $_access_logs = $access_logs
+  }
+
+  if $error_log_file {
+    if $error_log_file =~ /^\// {
+      # Absolute path provided - don't prepend $logroot
+      $error_log_destination = $error_log_file
+    } else {
+      $error_log_destination = "${logroot}/${error_log_file}"
+    }
+  } elsif $error_log_pipe {
+    $error_log_destination = $error_log_pipe
+  } elsif $error_log_syslog {
+    $error_log_destination = $error_log_syslog
+  } else {
+    if $ssl {
+      $error_log_destination = "${logroot}/${filename}_error_ssl.log"
+    } else {
+      $error_log_destination = "${logroot}/${filename}_error.log"
+    }
+  }
+
+  if versioncmp($apache_version, '2.4') >= 0 {
+    $error_log_format24 = $error_log_format
+  }
+  else {
+    $error_log_format24 = undef
+  }
+
+  if $modsec_audit_log == false {
+    $modsec_audit_log_destination = undef
+  } elsif $modsec_audit_log_file {
+    $modsec_audit_log_destination = "${logroot}/${modsec_audit_log_file}"
+  } elsif $modsec_audit_log_pipe {
+    $modsec_audit_log_destination = $modsec_audit_log_pipe
+  } elsif $modsec_audit_log {
+    if $ssl {
+      $modsec_audit_log_destination = "${logroot}/${filename}_security_ssl.log"
+    } else {
+      $modsec_audit_log_destination = "${logroot}/${filename}_security.log"
+    }
+  } else {
+    $modsec_audit_log_destination = undef
+  }
+
+  if $ip {
+    $_ip = any2array(enclose_ipv6($ip))
+    if $port {
+      $_port = any2array($port)
+      $listen_addr_port = split(inline_template("<%= @_ip.product(@_port).map {|x| x.join(':')  }.join(',')%>"), ',')
+      $nvh_addr_port = split(inline_template("<%= @_ip.product(@_port).map {|x| x.join(':')  }.join(',')%>"), ',')
+    } else {
+      $listen_addr_port = undef
+      $nvh_addr_port = $_ip
+      if ! $servername and ! $ip_based {
+        fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts")
+      }
+    }
+  } else {
+    if $port {
+      $listen_addr_port = $port
+      $nvh_addr_port = prefix(any2array($port),"${vhost_name}:")
+    } else {
+      $listen_addr_port = undef
+      $nvh_addr_port = $name
+      if ! $servername and $servername != '' {
+        fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter")
+      }
+    }
+  }
+
+  if $add_listen {
+    if $ip and defined(Apache::Listen[String($port)]) {
+      fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this")
+    }
+    if $listen_addr_port and $ensure == 'present' {
+      ensure_resource('apache::listen', $listen_addr_port)
+    }
+  }
+  if ! $ip_based {
+    if $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) {
+      ensure_resource('apache::namevirtualhost', $nvh_addr_port)
+    }
+  }
+
+  # Load mod_rewrite if needed and not yet loaded
+  if $rewrites or $rewrite_cond {
+    if ! defined(Class['apache::mod::rewrite']) {
+      include apache::mod::rewrite
+    }
+  }
+
+  # Load mod_alias if needed and not yet loaded
+  if ($scriptalias or $scriptaliases != [])
+  or ($aliases and $aliases != [])
+  or ($redirect_source and $redirect_dest)
+  or ($redirectmatch_regexp or $redirectmatch_status or $redirectmatch_dest) {
+    if ! defined(Class['apache::mod::alias'])  and ($ensure == 'present') {
+      include apache::mod::alias
+    }
+  }
+
+  # Load mod_proxy if needed and not yet loaded
+  if ($proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match) {
+    if ! defined(Class['apache::mod::proxy']) {
+      include apache::mod::proxy
+    }
+    if ! defined(Class['apache::mod::proxy_http']) {
+      include apache::mod::proxy_http
+    }
+  }
+
+  # Load mod_fastcgi if needed and not yet loaded
+  if $fastcgi_server and $fastcgi_socket {
+    if ! defined(Class['apache::mod::fastcgi']) {
+      include apache::mod::fastcgi
+    }
+  }
+
+  # Check if mod_headers is required to process $headers/$request_headers
+  if $headers or $request_headers {
+    if ! defined(Class['apache::mod::headers']) {
+      include apache::mod::headers
+    }
+  }
+
+  # Check if mod_filter is required to process $filters
+  if $filters {
+    if ! defined(Class['apache::mod::filter']) {
+      include apache::mod::filter
+    }
+  }
+
+  # Check if mod_env is required and not yet loaded.
+  # create an expression to simplify the conditional check
+  $use_env_mod = $setenv and ! empty($setenv)
+  if ($use_env_mod) {
+    if ! defined(Class['apache::mod::env']) {
+      include apache::mod::env
+    }
+  }
+  # Check if mod_setenvif is required and not yet loaded.
+  # create an expression to simplify the conditional check
+  $use_setenvif_mod = ($setenvif and ! empty($setenvif)) or ($setenvifnocase and ! empty($setenvifnocase))
+
+  if ($use_setenvif_mod) {
+    if ! defined(Class['apache::mod::setenvif']) {
+      include apache::mod::setenvif
+    }
+  }
+
+  ## Create a default directory list if none defined
+  if $directories {
+    $_directories = $directories
+  } elsif $docroot {
+    $_directory = {
+      provider       => 'directory',
+      path           => $docroot,
+      options        => $options,
+      allow_override => $override,
+      directoryindex => $directoryindex,
+    }
+
+    if versioncmp($apache_version, '2.4') >= 0 {
+      $_directory_version = {
+        require => 'all granted',
+      }
+    } else {
+      $_directory_version = {
+        order => 'allow,deny',
+        allow => 'from all',
+      }
+    }
+
+    $_directories = [merge($_directory, $_directory_version)]
+  } else {
+    $_directories = undef
+  }
+
+  ## Create a global LocationMatch if locations aren't defined
+  if $modsec_disable_ids {
+    if $modsec_disable_ids =~ Array {
+      $_modsec_disable_ids = { '.*' => $modsec_disable_ids }
+    } else {
+      $_modsec_disable_ids = $modsec_disable_ids
+    }
+  }
+
+  if $modsec_disable_msgs {
+    if $modsec_disable_msgs =~ Array {
+      $_modsec_disable_msgs = { '.*' => $modsec_disable_msgs }
+    } else {
+      $_modsec_disable_msgs = $modsec_disable_msgs
+    }
+  }
+
+  if $modsec_disable_tags {
+    if $modsec_disable_tags =~ Array {
+      $_modsec_disable_tags = { '.*' => $modsec_disable_tags }
+    } else {
+      $_modsec_disable_tags = $modsec_disable_tags
+    }
+  }
+
+  concat { "${priority_real}${filename}.conf":
+    ensure  => $ensure,
+    path    => "${apache::vhost_dir}/${priority_real}${filename}.conf",
+    owner   => 'root',
+    group   => $apache::params::root_group,
+    mode    => $apache::file_mode,
+    order   => 'numeric',
+    require => Package['httpd'],
+    notify  => Class['apache::service'],
+  }
+  # NOTE(pabelanger): This code is duplicated in ::apache::vhost::custom and
+  # needs to be converted into something generic.
+  if $apache::vhost_enable_dir {
+    $vhost_enable_dir = $apache::vhost_enable_dir
+    $vhost_symlink_ensure = $ensure ? {
+      'present' => link,
+      default => $ensure,
+    }
+    file { "${priority_real}${filename}.conf symlink":
+      ensure  => $vhost_symlink_ensure,
+      path    => "${vhost_enable_dir}/${priority_real}${filename}.conf",
+      target  => "${apache::vhost_dir}/${priority_real}${filename}.conf",
+      owner   => 'root',
+      group   => $apache::params::root_group,
+      mode    => $apache::file_mode,
+      require => Concat["${priority_real}${filename}.conf"],
+      notify  => Class['apache::service'],
+    }
+  }
+
+  # Template uses:
+  # - $comment
+  # - $nvh_addr_port
+  # - $servername
+  # - $serveradmin
+  # - $protocols
+  # - $protocols_honor_order
+  # - $apache_version
+  concat::fragment { "${name}-apache-header":
+    target  => "${priority_real}${filename}.conf",
+    order   => 0,
+    content => template('apache/vhost/_file_header.erb'),
+  }
+
+  # Template uses:
+  # - $virtual_docroot
+  # - $virtual_use_default_docroot
+  # - $docroot
+  if $docroot {
+    concat::fragment { "${name}-docroot":
+      target  => "${priority_real}${filename}.conf",
+      order   => 10,
+      content => template('apache/vhost/_docroot.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $aliases
+  if $aliases and ! empty($aliases) {
+    concat::fragment { "${name}-aliases":
+      target  => "${priority_real}${filename}.conf",
+      order   => 20,
+      content => template('apache/vhost/_aliases.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $itk
+  # - $::kernelversion
+  if $itk and ! empty($itk) {
+    concat::fragment { "${name}-itk":
+      target  => "${priority_real}${filename}.conf",
+      order   => 30,
+      content => template('apache/vhost/_itk.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $fallbackresource
+  if $fallbackresource {
+    concat::fragment { "${name}-fallbackresource":
+      target  => "${priority_real}${filename}.conf",
+      order   => 40,
+      content => template('apache/vhost/_fallbackresource.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $allow_encoded_slashes
+  if $allow_encoded_slashes {
+    concat::fragment { "${name}-allow_encoded_slashes":
+      target  => "${priority_real}${filename}.conf",
+      order   => 50,
+      content => template('apache/vhost/_allow_encoded_slashes.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $_directories
+  # - $docroot
+  # - $apache_version
+  # - $suphp_engine
+  # - $shibboleth_enabled
+  if $_directories and ! empty($_directories) {
+    concat::fragment { "${name}-directories":
+      target  => "${priority_real}${filename}.conf",
+      order   => 60,
+      content => template('apache/vhost/_directories.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $additional_includes
+  if $additional_includes and ! empty($additional_includes) {
+    concat::fragment { "${name}-additional_includes":
+      target  => "${priority_real}${filename}.conf",
+      order   => 70,
+      content => template('apache/vhost/_additional_includes.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $error_log
+  # - $error_log_format24
+  # - $log_level
+  # - $error_log_destination
+  # - $log_level
+  if $error_log or $log_level {
+    concat::fragment { "${name}-logging":
+      target  => "${priority_real}${filename}.conf",
+      order   => 80,
+      content => template('apache/vhost/_logging.erb'),
+    }
+  }
+
+  # Template uses no variables
+  concat::fragment { "${name}-serversignature":
+    target  => "${priority_real}${filename}.conf",
+    order   => 90,
+    content => template('apache/vhost/_serversignature.erb'),
+  }
+
+  # Template uses:
+  # - $access_log
+  # - $_access_log_env_var
+  # - $access_log_destination
+  # - $_access_log_format
+  # - $_access_log_env_var
+  # - $access_logs
+  if $access_log or $access_logs {
+    concat::fragment { "${name}-access_log":
+      target  => "${priority_real}${filename}.conf",
+      order   => 100,
+      content => template('apache/vhost/_access_log.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $action
+  if $action {
+    concat::fragment { "${name}-action":
+      target  => "${priority_real}${filename}.conf",
+      order   => 110,
+      content => template('apache/vhost/_action.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $block
+  # - $apache_version
+  if $block and ! empty($block) {
+    concat::fragment { "${name}-block":
+      target  => "${priority_real}${filename}.conf",
+      order   => 120,
+      content => template('apache/vhost/_block.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $error_documents
+  if $error_documents and ! empty($error_documents) {
+    concat::fragment { "${name}-error_document":
+      target  => "${priority_real}${filename}.conf",
+      order   => 130,
+      content => template('apache/vhost/_error_document.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $headers
+  if $headers and ! empty($headers) {
+    concat::fragment { "${name}-header":
+      target  => "${priority_real}${filename}.conf",
+      order   => 140,
+      content => template('apache/vhost/_header.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $request_headers
+  if $request_headers and ! empty($request_headers) {
+    concat::fragment { "${name}-requestheader":
+      target  => "${priority_real}${filename}.conf",
+      order   => 150,
+      content => template('apache/vhost/_requestheader.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $ssl_proxyengine
+  # - $ssl_proxy_verify
+  # - $ssl_proxy_verify_depth
+  # - $ssl_proxy_ca_cert
+  # - $ssl_proxy_check_peer_cn
+  # - $ssl_proxy_check_peer_name
+  # - $ssl_proxy_check_peer_expire
+  # - $ssl_proxy_machine_cert
+  # - $ssl_proxy_machine_cert_chain
+  # - $ssl_proxy_protocol
+  if $ssl_proxyengine {
+    concat::fragment { "${name}-sslproxy":
+      target  => "${priority_real}${filename}.conf",
+      order   => 160,
+      content => template('apache/vhost/_sslproxy.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $proxy_dest
+  # - $proxy_pass
+  # - $proxy_pass_match
+  # - $proxy_preserve_host
+  # - $proxy_add_headers
+  # - $no_proxy_uris
+  if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match or $proxy_preserve_host {
+    concat::fragment { "${name}-proxy":
+      target  => "${priority_real}${filename}.conf",
+      order   => 170,
+      content => template('apache/vhost/_proxy.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $redirect_source
+  # - $redirect_dest
+  # - $redirect_status
+  # - $redirect_dest_a
+  # - $redirect_source_a
+  # - $redirect_status_a
+  # - $redirectmatch_status
+  # - $redirectmatch_regexp
+  # - $redirectmatch_dest
+  # - $redirectmatch_status_a
+  # - $redirectmatch_regexp_a
+  # - $redirectmatch_dest
+  if ($redirect_source and $redirect_dest) or ($redirectmatch_regexp and $redirectmatch_dest) {
+    concat::fragment { "${name}-redirect":
+      target  => "${priority_real}${filename}.conf",
+      order   => 180,
+      content => template('apache/vhost/_redirect.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $rewrites
+  # - $rewrite_base
+  # - $rewrite_rule
+  # - $rewrite_cond
+  # - $rewrite_map
+  if $rewrites or $rewrite_rule {
+    concat::fragment { "${name}-rewrite":
+      target  => "${priority_real}${filename}.conf",
+      order   => 190,
+      content => template('apache/vhost/_rewrite.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $scriptaliases
+  # - $scriptalias
+  if ( $scriptalias or $scriptaliases != []) {
+    concat::fragment { "${name}-scriptalias":
+      target  => "${priority_real}${filename}.conf",
+      order   => 200,
+      content => template('apache/vhost/_scriptalias.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $serveraliases
+  if $serveraliases and ! empty($serveraliases) {
+    concat::fragment { "${name}-serveralias":
+      target  => "${priority_real}${filename}.conf",
+      order   => 210,
+      content => template('apache/vhost/_serveralias.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $setenv
+  # - $setenvif
+  if ($use_env_mod or $use_setenvif_mod) {
+    concat::fragment { "${name}-setenv":
+      target  => "${priority_real}${filename}.conf",
+      order   => 220,
+      content => template('apache/vhost/_setenv.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $ssl
+  # - $ssl_cert
+  # - $ssl_key
+  # - $ssl_chain
+  # - $ssl_certs_dir
+  # - $ssl_ca
+  # - $ssl_crl_path
+  # - $ssl_crl
+  # - $ssl_crl_check
+  # - $ssl_protocol
+  # - $ssl_cipher
+  # - $_ssl_honorcipherorder
+  # - $ssl_verify_client
+  # - $ssl_verify_depth
+  # - $ssl_options
+  # - $ssl_openssl_conf_cmd
+  # - $ssl_stapling
+  # - $apache_version
+  if $ssl and $ensure == 'present' {
+    concat::fragment { "${name}-ssl":
+      target  => "${priority_real}${filename}.conf",
+      order   => 230,
+      content => template('apache/vhost/_ssl.erb'),
+    }
+
+    if $ssl_reload_on_change {
+      [$ssl_cert, $ssl_key, $ssl_ca, $ssl_chain, $ssl_crl].each |$ssl_file| {
+        if $ssl_file {
+          include apache::mod::ssl::reload
+          $_ssl_file_copy = regsubst($ssl_file, '/', '_', 'G')
+          file { "${filename}${_ssl_file_copy}":
+            path    => "${apache::params::puppet_ssl_dir}/${filename}${_ssl_file_copy}",
+            source  => "file://${ssl_file}",
+            owner   => 'root',
+            group   => $apache::params::root_group,
+            mode    => '0640',
+            seltype => 'cert_t',
+            notify  => Class['apache::service'],
+          }
+        }
+      }
+    }
+  }
+
+  # Template uses:
+  # - $auth_kerb
+  # - $krb_method_negotiate
+  # - $krb_method_k5passwd
+  # - $krb_authoritative
+  # - $krb_auth_realms
+  # - $krb_5keytab
+  # - $krb_local_user_mapping
+  if $auth_kerb {
+    concat::fragment { "${name}-auth_kerb":
+      target  => "${priority_real}${filename}.conf",
+      order   => 230,
+      content => template('apache/vhost/_auth_kerb.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $suphp_engine
+  # - $suphp_addhandler
+  # - $suphp_configpath
+  if $suphp_engine == 'on' {
+    concat::fragment { "${name}-suphp":
+      target  => "${priority_real}${filename}.conf",
+      order   => 240,
+      content => template('apache/vhost/_suphp.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $php_values
+  # - $php_flags
+  if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) {
+    concat::fragment { "${name}-php":
+      target  => "${priority_real}${filename}.conf",
+      order   => 240,
+      content => template('apache/vhost/_php.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $php_admin_values
+  # - $php_admin_flags
+  if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) {
+    concat::fragment { "${name}-php_admin":
+      target  => "${priority_real}${filename}.conf",
+      order   => 250,
+      content => template('apache/vhost/_php_admin.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $wsgi_application_group
+  # - $wsgi_daemon_process
+  # - $wsgi_daemon_process_options
+  # - $wsgi_import_script
+  # - $wsgi_import_script_options
+  # - $wsgi_process_group
+  # - $wsgi_script_aliases
+  # - $wsgi_pass_authorization
+  if $wsgi_daemon_process_options {
+    deprecation('apache::vhost::wsgi_daemon_process_options', 'This parameter is deprecated. Please add values inside Hash `wsgi_daemon_process`.')
+  }
+  if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization {
+    concat::fragment { "${name}-wsgi":
+      target  => "${priority_real}${filename}.conf",
+      order   => 260,
+      content => template('apache/vhost/_wsgi.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $custom_fragment
+  if $custom_fragment {
+    concat::fragment { "${name}-custom_fragment":
+      target  => "${priority_real}${filename}.conf",
+      order   => 270,
+      content => template('apache/vhost/_custom_fragment.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $fastcgi_server
+  # - $fastcgi_socket
+  # - $fastcgi_dir
+  # - $fastcgi_idle_timeout
+  # - $apache_version
+  if $fastcgi_server or $fastcgi_dir {
+    concat::fragment { "${name}-fastcgi":
+      target  => "${priority_real}${filename}.conf",
+      order   => 280,
+      content => template('apache/vhost/_fastcgi.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $suexec_user_group
+  if $suexec_user_group {
+    concat::fragment { "${name}-suexec":
+      target  => "${priority_real}${filename}.conf",
+      order   => 290,
+      content => template('apache/vhost/_suexec.erb'),
+    }
+  }
+
+  if $h2_copy_files != undef or $h2_direct != undef or $h2_early_hints != undef or $h2_max_session_streams != undef or $h2_modern_tls_only != undef or $h2_push != undef or $h2_push_diary_size != undef or $h2_push_priority != [] or $h2_push_resource != [] or $h2_serialize_headers != undef or $h2_stream_max_mem_size != undef or $h2_tls_cool_down_secs != undef or $h2_tls_warm_up_size != undef or $h2_upgrade != undef or $h2_window_size != undef {
+    include apache::mod::http2
+
+    concat::fragment { "${name}-http2":
+      target  => "${priority_real}${filename}.conf",
+      order   => 300,
+      content => template('apache/vhost/_http2.erb'),
+    }
+  }
+
+  if $mdomain {
+    include apache::mod::md
+  }
+
+  # Template uses:
+  # - $passenger_enabled
+  # - $passenger_start_timeout
+  # - $passenger_ruby
+  # - $passenger_python
+  # - $passenger_nodejs
+  # - $passenger_meteor_app_settings
+  # - $passenger_app_env
+  # - $passenger_app_root
+  # - $passenger_app_group_name
+  # - $passenger_app_start_command
+  # - $passenger_app_type
+  # - $passenger_startup_file
+  # - $passenger_restart_dir
+  # - $passenger_spawn_method
+  # - $passenger_load_shell_envvars
+  # - $passenger_rolling_restarts
+  # - $passenger_resist_deployment_errors
+  # - $passenger_min_instances
+  # - $passenger_max_instances
+  # - $passenger_max_preloader_idle_time
+  # - $passenger_force_max_concurrent_requests_per_process
+  # - $passenger_concurrency_model
+  # - $passenger_thread_count
+  # - $passenger_high_performance
+  # - $passenger_max_request_queue_size
+  # - $passenger_max_request_queue_time
+  # - $passenger_user
+  # - $passenger_group
+  # - $passenger_friendly_error_pages
+  # - $passenger_buffer_upload
+  # - $passenger_buffer_response
+  # - $passenger_allow_encoded_slashes
+  # - $passenger_lve_min_uid
+  # - $passenger_base_uri
+  # - $passenger_error_override
+  # - $passenger_sticky_sessions
+  # - $passenger_sticky_sessions_cookie_name
+  # - $passenger_sticky_sessions_cookie_attributes
+  # - $passenger_app_log_file
+  # - $passenger_debugger
+  # - $passenger_max_requests
+  # - $passenger_max_request_time
+  # - $passenger_memory_limit
+  if $passenger_enabled != undef or $passenger_start_timeout != undef or $passenger_ruby != undef or $passenger_python != undef or $passenger_nodejs != undef or $passenger_meteor_app_settings != undef or $passenger_app_env != undef or $passenger_app_root != undef or $passenger_app_group_name != undef or $passenger_app_start_command != undef or $passenger_app_type != undef or $passenger_startup_file != undef or $passenger_restart_dir != undef or $passenger_spawn_method != undef or $passenger_load_shell_envvars != undef or $passenger_rolling_restarts != undef or $passenger_resist_deployment_errors != undef or $passenger_min_instances != undef or $passenger_max_instances != undef or $passenger_max_preloader_idle_time != undef or $passenger_force_max_concurrent_requests_per_process != undef or $passenger_concurrency_model != undef or $passenger_thread_count != undef or $passenger_high_performance != undef or $passenger_max_request_queue_size != undef or $passenger_max_request_queue_time != undef or $passenger_user != undef or $passenger_group != undef or $passenger_friendly_error_pages != undef or $passenger_buffer_upload != undef or $passenger_buffer_response != undef or $passenger_allow_encoded_slashes != undef or $passenger_lve_min_uid != undef or $passenger_base_uri != undef or $passenger_error_override != undef or $passenger_sticky_sessions != undef or $passenger_sticky_sessions_cookie_name != undef or $passenger_sticky_sessions_cookie_attributes != undef or $passenger_app_log_file != undef or $passenger_debugger != undef or $passenger_max_requests != undef or $passenger_max_request_time != undef or $passenger_memory_limit != undef {
+    concat::fragment { "${name}-passenger":
+      target  => "${priority_real}${filename}.conf",
+      order   => 300,
+      content => template('apache/vhost/_passenger.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $add_default_charset
+  if $add_default_charset {
+    concat::fragment { "${name}-charsets":
+      target  => "${priority_real}${filename}.conf",
+      order   => 310,
+      content => template('apache/vhost/_charsets.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $modsec_disable_vhost
+  # - $modsec_disable_ids
+  # - $modsec_disable_ips
+  # - $modsec_disable_msgs
+  # - $modsec_disable_tags
+  # - $modsec_body_limit
+  # - $modsec_audit_log_destination
+  if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips or $modsec_disable_msgs or $modsec_disable_tags or $modsec_audit_log_destination {
+    concat::fragment { "${name}-security":
+      target  => "${priority_real}${filename}.conf",
+      order   => 320,
+      content => template('apache/vhost/_security.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $filters
+  if $filters and ! empty($filters) {
+    concat::fragment { "${name}-filters":
+      target  => "${priority_real}${filename}.conf",
+      order   => 330,
+      content => template('apache/vhost/_filters.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $jk_mounts
+  if $jk_mounts and ! empty($jk_mounts) {
+    concat::fragment { "${name}-jk_mounts":
+      target  => "${priority_real}${filename}.conf",
+      order   => 340,
+      content => template('apache/vhost/_jk_mounts.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $keepalive
+  # - $keepalive_timeout
+  # - $max_keepalive_requests
+  if $keepalive or $keepalive_timeout or $max_keepalive_requests {
+    concat::fragment { "${name}-keepalive_options":
+      target  => "${priority_real}${filename}.conf",
+      order   => 350,
+      content => template('apache/vhost/_keepalive_options.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $cas_*
+  if $cas_enabled {
+    concat::fragment { "${name}-auth_cas":
+      target  => "${priority_real}${filename}.conf",
+      order   => 350,
+      content => template('apache/vhost/_auth_cas.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $http_protocol_options
+  if $http_protocol_options {
+    concat::fragment { "${name}-http_protocol_options":
+      target  => "${priority_real}${filename}.conf",
+      order   => 350,
+      content => template('apache/vhost/_http_protocol_options.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $auth_oidc
+  # - $oidc_settings
+  if $auth_oidc {
+    concat::fragment { "${name}-auth_oidc":
+      target  => "${priority_real}${filename}.conf",
+      order   => 360,
+      content => template('apache/vhost/_auth_oidc.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $shib_compat_valid_user
+  if $shibboleth_enabled {
+    concat::fragment { "${name}-shibboleth":
+      target  => "${priority_real}${filename}.conf",
+      order   => 370,
+      content => template('apache/vhost/_shib.erb'),
+    }
+  }
+
+  # - $use_canonical_name
+  if $use_canonical_name {
+    concat::fragment { "${name}-use_canonical_name":
+      target  => "${priority_real}${filename}.conf",
+      order   => 360,
+      content => template('apache/vhost/_use_canonical_name.erb'),
+    }
+  }
+
+  # Template uses no variables
+  concat::fragment { "${name}-file_footer":
+    target  => "${priority_real}${filename}.conf",
+    order   => 999,
+    content => template('apache/vhost/_file_footer.erb'),
+  }
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/vhost/custom.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/vhost/custom.pp
new file mode 100644
index 000000000..56e8b1258
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/vhost/custom.pp
@@ -0,0 +1,56 @@
+# @summary
+#   A wrapper around the `apache::custom_config` defined type.
+#  
+# The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache.
+#
+# @param content
+#   Sets the configuration file's content.
+#
+# @param ensure
+#   Specifies if the virtual host file is present or absent.
+#
+# @param priority
+#   Sets the relative load order for Apache HTTPD VirtualHost configuration files.
+#
+# @param verify_config
+#   Specifies whether to validate the configuration file before notifying the Apache service.
+#
+define apache::vhost::custom (
+  $content,
+  $ensure = 'present',
+  $priority = '25',
+  $verify_config = true,
+) {
+  include apache
+
+  ## Apache include does not always work with spaces in the filename
+  $filename = regsubst($name, ' ', '_', 'G')
+
+  ::apache::custom_config { $filename:
+    ensure        => $ensure,
+    confdir       => $apache::vhost_dir,
+    content       => $content,
+    priority      => $priority,
+    verify_config => $verify_config,
+  }
+
+  # NOTE(pabelanger): This code is duplicated in ::apache::vhost and needs to
+  # converted into something generic.
+  if $apache::vhost_enable_dir {
+    $vhost_symlink_ensure = $ensure ? {
+      'present' => link,
+      default => $ensure,
+    }
+
+    file { "${priority}-${filename}.conf symlink":
+      ensure  => $vhost_symlink_ensure,
+      path    => "${apache::vhost_enable_dir}/${priority}-${filename}.conf",
+      target  => "${apache::vhost_dir}/${priority}-${filename}.conf",
+      owner   => 'root',
+      group   => $apache::params::root_group,
+      mode    => $apache::file_mode,
+      require => Apache::Custom_config[$filename],
+      notify  => Class['apache::service'],
+    }
+  }
+}
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhost/fragment.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/vhost/fragment.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhost/fragment.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/manifests/vhost/fragment.pp
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/manifests/vhosts.pp b/modules/services/unix/http/apache_kali_compatible/apache/manifests/vhosts.pp
new file mode 100644
index 000000000..6d0fcf27f
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/manifests/vhosts.pp
@@ -0,0 +1,26 @@
+# @summary
+#   Creates `apache::vhost` defined types.
+# 
+# @note See the `apache::vhost` defined type's reference for a list of all virtual 
+# host parameters or Configuring virtual hosts in the README section.
+#
+# @example To create a [name-based virtual host](https://httpd.apache.org/docs/current/vhosts/name-based.html) `custom_vhost_1`
+#   class { 'apache::vhosts':
+#     vhosts => {
+#       'custom_vhost_1' => {
+#         'docroot' => '/var/www/custom_vhost_1',
+#         'port'    => '81',
+#       },
+#     },
+#   }
+#
+# @param vhosts
+#   A hash, where the key represents the name and the value represents a hash of 
+#   `apache::vhost` defined type's parameters.
+#
+class apache::vhosts (
+  $vhosts = {},
+) {
+  include apache
+  create_resources('apache::vhost', $vhosts)
+}
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/metadata.json b/modules/services/unix/http/apache_kali_compatible/apache/metadata.json
new file mode 100644
index 000000000..29255598e
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/metadata.json
@@ -0,0 +1,91 @@
+{
+  "name": "puppetlabs-apache",
+  "version": "7.0.0",
+  "author": "puppetlabs",
+  "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.",
+  "license": "Apache-2.0",
+  "source": "https://github.com/puppetlabs/puppetlabs-apache",
+  "project_page": "https://github.com/puppetlabs/puppetlabs-apache",
+  "issues_url": "https://tickets.puppetlabs.com/browse/MODULES",
+  "dependencies": [
+    {
+      "name": "puppetlabs/stdlib",
+      "version_requirement": ">= 4.13.1 < 9.0.0"
+    },
+    {
+      "name": "puppetlabs/concat",
+      "version_requirement": ">= 2.2.1 < 8.0.0"
+    }
+  ],
+  "operatingsystem_support": [
+    {
+      "operatingsystem": "RedHat",
+      "operatingsystemrelease": [
+        "6",
+        "7",
+        "8"
+      ]
+    },
+    {
+      "operatingsystem": "CentOS",
+      "operatingsystemrelease": [
+        "6",
+        "7",
+        "8"
+      ]
+    },
+    {
+      "operatingsystem": "OracleLinux",
+      "operatingsystemrelease": [
+        "6",
+        "7"
+      ]
+    },
+    {
+      "operatingsystem": "Scientific",
+      "operatingsystemrelease": [
+        "6",
+        "7"
+      ]
+    },
+    {
+      "operatingsystem": "Debian",
+      "operatingsystemrelease": [
+        "9",
+        "10",
+        "11"
+      ]
+    },
+    {
+      "operatingsystem": "SLES",
+      "operatingsystemrelease": [
+        "12",
+        "15"
+      ]
+    },
+    {
+      "operatingsystem": "Ubuntu",
+      "operatingsystemrelease": [
+        "16.04",
+        "18.04",
+        "20.04"
+      ]
+    },
+    {
+      "operatingsystem": "Rocky",
+      "operatingsystemrelease": [
+        "8"
+      ]
+    }
+  ],
+  "requirements": [
+    {
+      "name": "puppet",
+      "version_requirement": ">= 6.0.0 < 8.0.0"
+    }
+  ],
+  "description": "Module for Apache configuration",
+  "pdk-version": "2.1.0",
+  "template-url": "https://github.com/puppetlabs/pdk-templates.git#main",
+  "template-ref": "heads/main-0-g03daa92"
+}
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/pdk.yaml b/modules/services/unix/http/apache_kali_compatible/apache/pdk.yaml
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/pdk.yaml
rename to modules/services/unix/http/apache_kali_compatible/apache/pdk.yaml
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/provision.yaml b/modules/services/unix/http/apache_kali_compatible/apache/provision.yaml
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/provision.yaml
rename to modules/services/unix/http/apache_kali_compatible/apache/provision.yaml
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/readmes/README_ja_JP.md b/modules/services/unix/http/apache_kali_compatible/apache/readmes/README_ja_JP.md
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/readmes/README_ja_JP.md
rename to modules/services/unix/http/apache_kali_compatible/apache/readmes/README_ja_JP.md
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/secgen_metadata.xml b/modules/services/unix/http/apache_kali_compatible/apache/secgen_metadata.xml
new file mode 100644
index 000000000..50049ab44
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/secgen_metadata.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0"?>
+
+<service xmlns="http://www.github/cliffe/SecGen/service"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/service">
+  <name>Apache HTTP Server - Stretch/Kali Compatible</name>
+  <author>Z. Cliffe Schreuders</author>
+  <author>Connor Wilson</author>
+  <author>Puppet Labs</author>
+  <module_license>Apache v2</module_license>
+  <description>An installation of Apache</description>
+
+  <type>httpd</type>
+  <platform>linux</platform>
+
+  <!--optional details-->
+  <reference>https://httpd.apache.org/</reference>
+  <reference>https://forge.puppet.com/puppetlabs/apache</reference>
+  <software_name>apache</software_name>
+  <software_license>Apache v2</software_license>
+
+  <!--Cannot co-exist with other apache installations-->
+  <conflict>
+    <software_name>apache</software_name>
+  </conflict>
+  <conflict>
+    <name>.*Stretch.*</name>
+  </conflict>
+  <conflict>
+    <name>.*Buster.*</name>
+  </conflict>
+  <conflict>
+    <name>.*Wheezy.*</name>
+  </conflict>
+  <requires>
+    <type>update</type>
+  </requires>
+</service>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/tasks/init.json b/modules/services/unix/http/apache_kali_compatible/apache/tasks/init.json
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/tasks/init.json
rename to modules/services/unix/http/apache_kali_compatible/apache/tasks/init.json
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/tasks/init.rb b/modules/services/unix/http/apache_kali_compatible/apache/tasks/init.rb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/tasks/init.rb
rename to modules/services/unix/http/apache_kali_compatible/apache/tasks/init.rb
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/confd/no-accf.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/confd/no-accf.conf.erb
new file mode 100644
index 000000000..10e51644c
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/confd/no-accf.conf.erb
@@ -0,0 +1,4 @@
+<IfDefine NOHTTPACCEPT>
+   AcceptFilter http none
+   AcceptFilter https none
+</IfDefine>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/fastcgi/server.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/fastcgi/server.erb
new file mode 100644
index 000000000..bae56d48e
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/fastcgi/server.erb
@@ -0,0 +1,22 @@
+<%
+  timeout = " -idle-timeout #{@timeout}"
+  flush = ""
+  if @flush
+    flush = " -flush"
+  end
+  if @socket
+    host_or_socket = " -socket #{@socket}"
+  else
+    host_or_socket = " -host #{@host}"
+  end
+
+  pass_header = ""
+  if @pass_header and ! @pass_header.empty?
+    pass_header = " -pass-header #{@pass_header}"
+  end
+
+  options = timeout + flush + host_or_socket + pass_header
+-%>
+FastCGIExternalServer <%= @faux_path %><%= options %>
+Alias <%= @fcgi_alias %> <%= @faux_path %>
+Action <%= @file_type %> <%= @fcgi_alias %>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/httpd.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/httpd.conf.erb
new file mode 100755
index 000000000..b19d8da81
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/httpd.conf.erb
@@ -0,0 +1,180 @@
+# Security
+ServerTokens <%= @server_tokens %>
+ServerSignature <%= scope.call_function('apache::bool2httpd', [@server_signature]) %>
+TraceEnable <%= scope.call_function('apache::bool2httpd', [@trace_enable]) %>
+
+ServerName "<%= @servername %>"
+ServerRoot "<%= @server_root %>"
+PidFile <%= @pidfile %>
+Timeout <%= @timeout %>
+KeepAlive <%= @keepalive %>
+MaxKeepAliveRequests <%= @max_keepalive_requests %>
+KeepAliveTimeout <%= @keepalive_timeout %>
+LimitRequestFieldSize <%= @limitreqfieldsize %>
+LimitRequestFields <%= @limitreqfields %>
+<%# Actually >= 2.4.24, but the minor version is not provided -%>
+<%- if @http_protocol_options and scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+HttpProtocolOptions <%= @http_protocol_options %>
+<%- end -%>
+
+<%# Actually >= 2.4.17, but the minor version is not provided -%>
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+  <%- unless @protocols.empty? -%>
+Protocols <%= @protocols.join(' ') %>
+  <%- end -%>
+  <%- unless @protocols_honor_order.nil? -%>
+ProtocolsHonorOrder <%= scope.call_function('apache::bool2httpd', [@protocols_honor_order]) %>
+  <%- end -%>
+<%- end -%>
+
+<%- if @rewrite_lock and scope.function_versioncmp([@apache_version, '2.2']) <= 0 -%>
+RewriteLock <%= @rewrite_lock %>
+<%- end -%>
+
+User <%= @user %>
+Group <%= @group %>
+
+AccessFileName .htaccess
+<FilesMatch "^\.ht">
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+    Require all denied
+<%- else -%>
+     Order allow,deny
+     Deny from all
+     Satisfy all
+<%- end -%>
+</FilesMatch>
+
+<Directory />
+  Options <%= Array(@root_directory_options).join(' ') %>
+  AllowOverride None
+<%- if @root_directory_secured -%>
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+  Require all denied
+<%- else -%>
+  Order deny,allow
+  Deny from all
+<%- end -%>
+<%- end -%>
+</Directory>
+
+<% if @default_charset -%>
+AddDefaultCharset <%= @default_charset %>
+<% end -%>
+
+<%- if scope.function_versioncmp([@apache_version, '2.4']) < 0 -%>
+DefaultType <%= @default_type %>
+<%- end -%>
+HostnameLookups <%= @hostname_lookups %>
+<%- if /^[|\/]/.match(@error_log) || /^syslog:/.match(@error_log) -%>
+ErrorLog "<%= @error_log %>"
+<%- else -%>
+ErrorLog "<%= @logroot %>/<%= @error_log %>"
+<%- end -%>
+LogLevel <%= @log_level %>
+EnableSendfile <%= @sendfile %>
+<%- if @allow_encoded_slashes -%>
+AllowEncodedSlashes <%= @allow_encoded_slashes %>
+<%- end -%>
+<%- if @file_e_tag -%>
+FileETag <%= @file_e_tag %>
+<%- end -%>
+<%- if @use_canonical_name -%>
+UseCanonicalName <%= @use_canonical_name %>
+<%- end -%>
+
+#Listen 80
+
+<% if @apxs_workaround -%>
+# Workaround: without this hack apxs would be confused about where to put
+# LoadModule directives and fail entire procedure of apache package
+# installation/reinstallation. This problem was observed on FreeBSD (apache22).
+#LoadModule fake_module libexec/apache22/mod_fake.so
+<% end -%>
+
+Include "<%= @mod_load_dir %>/*.load"
+<% if @mod_load_dir != @confd_dir and @mod_load_dir != @vhost_load_dir -%>
+Include "<%= @mod_load_dir %>/*.conf"
+<% end -%>
+Include "<%= @ports_file %>"
+
+<% unless @log_formats.has_key?('combined') -%>
+LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+<% end -%>
+<% unless @log_formats.has_key?('common') -%>
+LogFormat "%a %l %u %t \"%r\" %>s %b" common
+<% end -%>
+<% unless @log_formats.has_key?('referer') -%>
+LogFormat "%{Referer}i -> %U" referer
+<% end -%>
+<% unless @log_formats.has_key?('agent') -%>
+LogFormat "%{User-agent}i" agent
+<% end -%>
+<% unless @log_formats.has_key?('forwarded') -%>
+LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded
+<% end -%>
+<% if @log_formats and !@log_formats.empty? -%>
+  <%- @log_formats.sort.each do |nickname,format| -%>
+LogFormat "<%= format -%>" <%= nickname %>
+  <%- end -%>
+<% end -%>
+
+<%- if @conf_enabled and scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+IncludeOptional "<%= @conf_enabled %>/*.conf"
+<%- end -%>
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+IncludeOptional "<%= @confd_dir %>/*.conf"
+<%- else -%>
+Include "<%= @confd_dir %>/*.conf"
+<%- end -%>
+<% if @vhost_load_dir != @confd_dir -%>
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+IncludeOptional "<%= @vhost_load_dir %>/<%= @vhost_include_pattern %>"
+<%- else -%>
+Include "<%= @vhost_load_dir %>/<%= @vhost_include_pattern %>"
+<%- end -%>
+<% end -%>
+<% if @ldap_verify_server_cert -%>
+LDAPVerifyServerCert <%= @ldap_verify_server_cert %>
+<% end -%>
+<% if @ldap_trusted_mode -%>
+LDAPTrustedMode <%= @ldap_trusted_mode %>
+<% end -%>
+
+<% if @error_documents -%>
+# /usr/share/apache2/error on debian
+Alias /error/ "<%= @error_documents_path %>/"
+
+<Directory "<%= @error_documents_path %>">
+  AllowOverride None
+  Options IncludesNoExec
+  AddOutputFilter Includes html
+  AddHandler type-map var
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+  Require all granted
+<%- else -%>
+  Order allow,deny
+  Allow from all
+<%- end -%>
+  LanguagePriority en cs de es fr it nl sv pt-br ro
+  ForceLanguagePriority Prefer Fallback
+</Directory>
+
+ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+ErrorDocument 410 /error/HTTP_GONE.html.var
+ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/listen.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/listen.erb
new file mode 100644
index 000000000..8fc871b0a
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/listen.erb
@@ -0,0 +1,6 @@
+<%# Listen should always be one of:
+  - <port>
+  - <ipv4>:<port>
+  - [<ipv6]:<port>
+-%>
+Listen <%= @listen_addr_port %>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/_allow.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/_allow.erb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/_allow.erb
rename to modules/services/unix/http/apache_kali_compatible/apache/templates/mod/_allow.erb
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/_require.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/_require.erb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/_require.erb
rename to modules/services/unix/http/apache_kali_compatible/apache/templates/mod/_require.erb
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/alias.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/alias.conf.erb
new file mode 100644
index 000000000..313fdf9d1
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/alias.conf.erb
@@ -0,0 +1,13 @@
+<IfModule alias_module>
+Alias /<%= @icons_prefix %>/ "<%= @icons_path %>/"
+<Directory "<%= @icons_path %>">
+    Options <%= @icons_options %>
+    AllowOverride None
+<%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
+    Require all granted
+<%- else -%>
+     Order allow,deny
+     Allow from all
+<%- end -%>
+</Directory>
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/auth_cas.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/auth_cas.conf.erb
new file mode 100644
index 000000000..b59c5357f
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/auth_cas.conf.erb
@@ -0,0 +1,58 @@
+CASCookiePath <%= @cas_cookie_path %>
+CASLoginURL <%= @cas_login_url %>
+CASValidateURL <%= @cas_validate_url %>
+
+CASVersion <%= @cas_version %>
+CASDebug <%= @cas_debug %>
+
+<% if @cas_certificate_path -%>
+CASCertificatePath <%= @cas_certificate_path %>
+<% end -%>
+<% if @cas_proxy_validate_url -%>
+CASProxyValidateURL <%= @cas_proxy_validate_url %>
+<% end -%>
+<% if @cas_validate_server -%>
+CASValidateServer <%= @cas_validate_server %>
+<% end -%>
+<% if @cas_validate_depth -%>
+CASValidateDepth <%= @cas_validate_depth %>
+<% end -%>
+<% if @cas_root_proxied_as -%>
+CASRootProxiedAs <%= @cas_root_proxied_as %>
+<% end -%>
+<% if @cas_cookie_entropy -%>
+CASCookieEntropy <%= @cas_cookie_entropy %>
+<% end -%>
+<% if @cas_timeout -%>
+CASTimeout <%= @cas_timeout %>
+<% end -%>
+<% if @cas_idle_timeout -%>
+CASIdleTimeout <%= @cas_idle_timeout %>
+<% end -%>
+<% if @cas_cache_clean_interval -%>
+CASCacheCleanInterval <%= @cas_cache_clean_interval %>
+<% end -%>
+<% if @cas_cookie_domain -%>
+CASCookieDomain <%= @cas_cookie_domain %>
+<% end -%>
+<% if @cas_cookie_http_only -%>
+CASCookieHttpOnly <%= @cas_cookie_http_only %>
+<% end -%>
+<% if @cas_authoritative -%>
+CASAuthoritative <%= @cas_authoritative %>
+<% end -%>
+<%- if @cas_sso_enabled -%>
+CASSSOEnabled On
+<%- end -%>
+<%- if @cas_validate_saml -%>
+CASValidateSAML On
+<%- end -%>
+<%- if @cas_attribute_prefix -%>
+CASAttributePrefix <%= @cas_attribute_prefix %>
+<%- end -%>
+<%- if @cas_attribute_delimiter -%>
+CASAttributeDelimiter <%= @cas_attribute_delimiter %>
+<%- end -%>
+<%- if @cas_scrub_request_headers -%>
+CASAttributeDelimiter On
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/auth_mellon.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/auth_mellon.conf.erb
new file mode 100644
index 000000000..e36a73390
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/auth_mellon.conf.erb
@@ -0,0 +1,21 @@
+<%- if @mellon_cache_size -%>
+MellonCacheSize <%= @mellon_cache_size %>
+<%- end -%>
+<%- if @mellon_cache_entry_size -%>
+MellonCacheEntrySize <%= @mellon_cache_entry_size %>
+<%- end -%>
+<%- if @mellon_lock_file -%>
+MellonLockFile "<%= @mellon_lock_file %>"
+<%- end -%>
+<%- if @mellon_post_directory -%>
+MellonPostDirectory "<%= @mellon_post_directory %>"
+<%- end -%>
+<%- if @mellon_post_ttl -%>
+MellonPostTTL <%= @mellon_post_ttl %>
+<%- end -%>
+<%- if @mellon_post_size -%>
+MellonPostSize <%= @mellon_post_size %>
+<%- end -%>
+<%- if @mellon_post_count -%>
+MellonPostCount <%= @mellon_post_count %>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/authn_dbd.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/authn_dbd.conf.erb
new file mode 100644
index 000000000..e04fb3ec4
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/authn_dbd.conf.erb
@@ -0,0 +1,17 @@
+#Database Management
+DBDriver <%= @authn_dbd_dbdriver %>
+
+#Connection string: database name and login credentials
+DBDParams "<%= @authn_dbd_params %>"
+
+#Parameters for Connection Pool Management
+DBDMin     <%= @authn_dbd_min %>
+DBDMax     <%= @authn_dbd_max %>
+DBDKeep    <%= @authn_dbd_keep %>
+DBDExptime <%= @authn_dbd_exptime %>
+
+<%- if @authn_dbd_alias -%>
+<AuthnProviderAlias dbd <%= @authn_dbd_alias %>>
+  AuthDBDUserPWQuery "<%= @authn_dbd_query %>"
+</AuthnProviderAlias>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/authnz_ldap.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/authnz_ldap.conf.erb
new file mode 100644
index 000000000..ed1334ec2
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/authnz_ldap.conf.erb
@@ -0,0 +1,5 @@
+<% if @verify_server_cert == true -%>
+LDAPVerifyServerCert On
+<% else -%>
+LDAPVerifyServerCert Off
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/autoindex.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/autoindex.conf.erb
new file mode 100644
index 000000000..e097f9c9b
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/autoindex.conf.erb
@@ -0,0 +1,56 @@
+IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
+AddIconByEncoding (CMP,/<%= @icons_prefix %>/compressed.gif) x-compress x-gzip x-bzip2
+
+AddIconByType (TXT,/<%= @icons_prefix %>/text.gif) text/*
+AddIconByType (IMG,/<%= @icons_prefix %>/image2.gif) image/*
+AddIconByType (SND,/<%= @icons_prefix %>/sound2.gif) audio/*
+AddIconByType (VID,/<%= @icons_prefix %>/movie.gif) video/*
+
+AddIcon /<%= @icons_prefix %>/binary.gif .bin .exe
+AddIcon /<%= @icons_prefix %>/binhex.gif .hqx
+AddIcon /<%= @icons_prefix %>/tar.gif .tar
+AddIcon /<%= @icons_prefix %>/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /<%= @icons_prefix %>/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /<%= @icons_prefix %>/a.gif .ps .ai .eps
+AddIcon /<%= @icons_prefix %>/layout.gif .html .shtml .htm .pdf
+AddIcon /<%= @icons_prefix %>/text.gif .txt
+AddIcon /<%= @icons_prefix %>/c.gif .c
+AddIcon /<%= @icons_prefix %>/p.gif .pl .py
+AddIcon /<%= @icons_prefix %>/f.gif .for
+AddIcon /<%= @icons_prefix %>/dvi.gif .dvi
+AddIcon /<%= @icons_prefix %>/uuencoded.gif .uu
+AddIcon /<%= @icons_prefix %>/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /<%= @icons_prefix %>/tex.gif .tex
+AddIcon /<%= @icons_prefix %>/bomb.gif /core
+AddIcon (SND,/<%= @icons_prefix %>/sound2.gif) .ogg
+AddIcon (VID,/<%= @icons_prefix %>/movie.gif) .ogm
+
+AddIcon /<%= @icons_prefix %>/back.gif ..
+AddIcon /<%= @icons_prefix %>/hand.right.gif README
+AddIcon /<%= @icons_prefix %>/folder.gif ^^DIRECTORY^^
+AddIcon /<%= @icons_prefix %>/blank.gif ^^BLANKICON^^
+
+AddIcon /<%= @icons_prefix %>/odf6odt<%= @icon_suffix %>.png .odt
+AddIcon /<%= @icons_prefix %>/odf6ods<%= @icon_suffix %>.png .ods
+AddIcon /<%= @icons_prefix %>/odf6odp<%= @icon_suffix %>.png .odp
+AddIcon /<%= @icons_prefix %>/odf6odg<%= @icon_suffix %>.png .odg
+AddIcon /<%= @icons_prefix %>/odf6odc<%= @icon_suffix %>.png .odc
+AddIcon /<%= @icons_prefix %>/odf6odf<%= @icon_suffix %>.png .odf
+AddIcon /<%= @icons_prefix %>/odf6odb<%= @icon_suffix %>.png .odb
+AddIcon /<%= @icons_prefix %>/odf6odi<%= @icon_suffix %>.png .odi
+AddIcon /<%= @icons_prefix %>/odf6odm<%= @icon_suffix %>.png .odm
+
+AddIcon /<%= @icons_prefix %>/odf6ott<%= @icon_suffix %>.png .ott
+AddIcon /<%= @icons_prefix %>/odf6ots<%= @icon_suffix %>.png .ots
+AddIcon /<%= @icons_prefix %>/odf6otp<%= @icon_suffix %>.png .otp
+AddIcon /<%= @icons_prefix %>/odf6otg<%= @icon_suffix %>.png .otg
+AddIcon /<%= @icons_prefix %>/odf6otc<%= @icon_suffix %>.png .otc
+AddIcon /<%= @icons_prefix %>/odf6otf<%= @icon_suffix %>.png .otf
+AddIcon /<%= @icons_prefix %>/odf6oti<%= @icon_suffix %>.png .oti
+AddIcon /<%= @icons_prefix %>/odf6oth<%= @icon_suffix %>.png .oth
+
+DefaultIcon /<%= @icons_prefix %>/unknown.gif
+ReadmeName README.html
+HeaderName HEADER.html
+
+IndexIgnore .??* *~ *# HEADER.html README.html RCS CVS *,v *,t
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/cgid.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/cgid.conf.erb
new file mode 100644
index 000000000..5f82d7424
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/cgid.conf.erb
@@ -0,0 +1 @@
+ScriptSock "<%= @cgisock_path %>"
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/cluster.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/cluster.conf.erb
new file mode 100644
index 000000000..d2f9d52e4
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/cluster.conf.erb
@@ -0,0 +1,26 @@
+Listen <%= @ip %>:<%= @port %>
+<VirtualHost <%= @ip %>:<%= @port %>>
+  <Location />
+    Order deny,allow
+    Deny from all
+    Allow from <%= @allowed_network %>
+  </Location>
+
+  KeepAliveTimeout <%= @keep_alive_timeout %>
+  MaxKeepAliveRequests <%= @max_keep_alive_requests %>
+  EnableMCPMReceive <%= scope.call_function('apache::bool2httpd', [@enable_mcpm_receive]) %>
+
+  ManagerBalancerName <%= @balancer_name %>
+  ServerAdvertise <%= scope.call_function('apache::bool2httpd', [@server_advertise]) %>
+  <%- if @server_advertise == true and @advertise_frequency != nil -%>
+  AdvertiseFrequency <%= @advertise_frequency %>
+  <%- end -%>
+
+  <Location /mod_cluster_manager>
+    SetHandler mod_cluster-manager
+    Order deny,allow
+    Deny from all
+    Allow from <%= @manager_allowed_network %>
+  </Location>
+
+</VirtualHost>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/dav_fs.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/dav_fs.conf.erb
new file mode 100644
index 000000000..3c53e9e14
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/dav_fs.conf.erb
@@ -0,0 +1 @@
+DAVLockDB "<%= @dav_lock %>"
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/deflate.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/deflate.conf.erb
new file mode 100644
index 000000000..ede8b2e76
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/deflate.conf.erb
@@ -0,0 +1,7 @@
+<%- @types.sort.each do |type| -%>
+AddOutputFilterByType DEFLATE <%= type %>
+<%- end -%>
+
+<%- @notes.sort.each do |type,note| -%>
+DeflateFilterNote <%= type %> <%=note %>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/dir.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/dir.conf.erb
new file mode 100644
index 000000000..741f6ae03
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/dir.conf.erb
@@ -0,0 +1 @@
+DirectoryIndex <%= @indexes.join(' ') %>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/disk_cache.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/disk_cache.conf.erb
new file mode 100644
index 000000000..c97ee7662
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/disk_cache.conf.erb
@@ -0,0 +1,9 @@
+<% if @default_cache_enable -%>
+CacheEnable disk /
+<% end -%>
+CacheRoot "<%= @_cache_root %>"
+CacheDirLevels 2
+CacheDirLength 1
+<% if @cache_ignore_headers -%>
+CacheIgnoreHeaders <%= @cache_ignore_headers -%>
+<% end -%>
\ No newline at end of file
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/dumpio.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/dumpio.conf.erb
new file mode 100644
index 000000000..29c34e2a5
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/dumpio.conf.erb
@@ -0,0 +1,3 @@
+# https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html
+DumpIOInput "<%= @dump_io_input %>"
+DumpIOOutput "<%= @dump_io_output %>"
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/event.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/event.conf.erb
new file mode 100644
index 000000000..bca707c93
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/event.conf.erb
@@ -0,0 +1,33 @@
+<IfModule mpm_event_module>
+  <%- if @serverlimit -%>
+  ServerLimit            <%= @serverlimit %>
+  <%- end -%>
+  <%- if @startservers -%>
+  StartServers           <%= @startservers %>
+  <%- end -%>
+  <%- if @maxrequestworkers -%>
+  MaxRequestWorkers      <%= @maxrequestworkers %>
+  <%- elsif @maxclients -%>
+  MaxClients             <%= @maxclients %>
+  <%- end -%>
+  <%- if @minsparethreads -%>
+  MinSpareThreads        <%= @minsparethreads %>
+  <%- end -%>
+  <%- if @maxsparethreads -%>
+  MaxSpareThreads        <%= @maxsparethreads %>
+  <%- end -%>
+  <%- if @threadsperchild -%>
+  ThreadsPerChild        <%= @threadsperchild %>
+  <%- end -%>
+  <%- if @maxconnectionsperchild -%>
+  MaxConnectionsPerChild <%= @maxconnectionsperchild %>
+  <%- elsif @maxrequestsperchild -%>
+  MaxRequestsPerChild    <%= @maxrequestsperchild %>
+  <%- end -%>
+  <%- if @threadlimit -%>
+  ThreadLimit            <%= @threadlimit %>
+  <%- end -%>
+  <%- if @listenbacklog -%>
+  ListenBacklog          <%= @listenbacklog %>
+  <%- end -%>
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/expires.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/expires.conf.erb
new file mode 100644
index 000000000..a864c6ca1
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/expires.conf.erb
@@ -0,0 +1,11 @@
+ExpiresActive <%= scope.call_function('apache::bool2httpd', [@expires_active]) %>
+<%- if ! @expires_default.nil? and ! @expires_default.empty? -%>
+ExpiresDefault "<%= @expires_default %>"
+<%- end -%>
+<%- if ! @expires_by_type.nil? and ! @expires_by_type.empty? -%>
+<%-   [@expires_by_type].flatten.each do |line| -%>
+<%-     line.map do |type, seconds| -%>
+ExpiresByType <%= type %> "<%= seconds -%>"
+<%-     end -%>
+<%-   end -%>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/ext_filter.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/ext_filter.conf.erb
new file mode 100644
index 000000000..67f98fd4c
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/ext_filter.conf.erb
@@ -0,0 +1,6 @@
+# mod_ext_filter definitions
+<%- if @ext_filter_define.length >= 1 -%>
+<%- @ext_filter_define.keys.sort.each do |name| -%>
+ExtFilterDefine <%= name %> <%= @ext_filter_define[name] %>
+<%- end -%>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/fastcgi.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/fastcgi.conf.erb
new file mode 100644
index 000000000..93c8d86ab
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/fastcgi.conf.erb
@@ -0,0 +1,8 @@
+# The Fastcgi Apache module configuration file is being
+# managed by Puppet and changes will be overwritten.
+<IfModule mod_fastcgi.c>
+  <FilesMatch ".+(\.fcgi)$">
+    SetHandler fastcgi-script
+  </FilesMatch>
+  FastCgiIpcDir "<%= @fastcgi_lib_path %>"
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/fcgid.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/fcgid.conf.erb
new file mode 100644
index 000000000..a82bc30df
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/fcgid.conf.erb
@@ -0,0 +1,5 @@
+<IfModule mod_fcgid.c>
+<% @options.sort_by {|key, value| key}.each do |key, value| -%>
+  <%= key %> <%= value %>
+<% end -%>
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/geoip.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/geoip.conf.erb
new file mode 100644
index 000000000..a99bee048
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/geoip.conf.erb
@@ -0,0 +1,25 @@
+GeoIPEnable <%= scope.call_function('apache::bool2httpd', [@enable]) %>
+
+<%- if @db_file and ! [ false, 'false', '' ].include?(@db_file) -%>
+    <%- if @db_file.kind_of?(Array) -%>
+      <%- Array(@db_file).each do |file| -%>
+GeoIPDBFile <%= file %> <%= @flag %>
+      <%- end -%>
+    <%- else -%>
+GeoIPDBFile <%= @db_file %> <%= @flag %>
+    <%- end -%>
+<%- end -%>
+GeoIPOutput <%= @output %>
+<% if ! @enable_utf8.nil? -%>
+GeoIPEnableUTF8 <%= scope.call_function('apache::bool2httpd', [@enable_utf8]) %>
+<% end -%>
+<% if ! @scan_proxy_headers.nil? -%>
+GeoIPScanProxyHeaders <%= scope.call_function('apache::bool2httpd', [@scan_proxy_headers]) %>
+<% end -%>
+<% if ! @scan_proxy_header_field.nil? -%>
+GeoIPScanProxyHeaderField <%= @scan_proxy_header_field %>
+<% end -%>
+<% if ! @use_last_xforwarededfor_ip.nil? -%>
+GeoIPUseLastXForwardedForIP <%= scope.call_function('apache::bool2httpd', [@use_last_xforwarededfor_ip]) %>
+<% end -%>
+
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/http2.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/http2.conf.erb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/http2.conf.erb
rename to modules/services/unix/http/apache_kali_compatible/apache/templates/mod/http2.conf.erb
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/info.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/info.conf.erb
new file mode 100644
index 000000000..c661a23ab
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/info.conf.erb
@@ -0,0 +1,19 @@
+<Location <%= @info_path %>>
+    SetHandler server-info
+<%- if @restrict_access -%>
+  <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
+    Require ip <%= Array(@allow_from).join(" ") %>
+  <%- else -%>
+    Order deny,allow
+    Deny from all
+    <%- if @allow_from and ! @allow_from.empty? -%>
+      <%- @allow_from.each do |allowed| -%>
+    Allow from <%= allowed %>
+      <%- end -%>
+    <%- else -%>
+    Allow from 127.0.0.1
+    Allow from ::1
+    <%- end -%>
+  <%- end -%>
+<%- end -%>
+</Location>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/itk.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/itk.conf.erb
new file mode 100644
index 000000000..4abade8fb
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/itk.conf.erb
@@ -0,0 +1,11 @@
+<IfModule mpm_itk_module>
+  StartServers        <%= @startservers %>
+  MinSpareServers     <%= @minspareservers %>
+  MaxSpareServers     <%= @maxspareservers %>
+  ServerLimit         <%= @serverlimit %>
+  MaxClients          <%= @maxclients %>
+  MaxRequestsPerChild <%= @maxrequestsperchild %>
+  <%- if (not @enablecapabilities.nil?) && (scope.function_versioncmp([@_apache_version, '2.4']) >= 0) -%>
+  EnableCapabilities  <%= scope.call_function('apache::bool2httpd', [@enablecapabilities]) %>
+  <%- end -%>
+</IfModule>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/jk.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/jk.conf.erb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/jk.conf.erb
rename to modules/services/unix/http/apache_kali_compatible/apache/templates/mod/jk.conf.erb
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/jk/uriworkermap.properties.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/jk/uriworkermap.properties.erb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/jk/uriworkermap.properties.erb
rename to modules/services/unix/http/apache_kali_compatible/apache/templates/mod/jk/uriworkermap.properties.erb
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/jk/workers.properties.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/jk/workers.properties.erb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/jk/workers.properties.erb
rename to modules/services/unix/http/apache_kali_compatible/apache/templates/mod/jk/workers.properties.erb
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/ldap.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/ldap.conf.erb
new file mode 100644
index 000000000..7c2dac5e9
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/ldap.conf.erb
@@ -0,0 +1,32 @@
+<Location <%= @ldap_path %>>
+    SetHandler ldap-status
+    <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
+    Require ip 127.0.0.1 ::1
+    <%- else -%>
+    Order deny,allow
+    Deny from all
+    Allow from 127.0.0.1 ::1
+    Satisfy all
+    <%- end -%>
+</Location>
+<% if @ldap_trusted_global_cert_file -%>
+LDAPTrustedGlobalCert <%= @ldap_trusted_global_cert_type %> <%= @ldap_trusted_global_cert_file %>
+<% end -%>
+<% if @ldap_trusted_mode -%>
+LDAPTrustedMode <%= @ldap_trusted_mode %>
+<% end -%>
+<%- if @ldap_shared_cache_size -%>
+LDAPSharedCacheSize <%= @ldap_shared_cache_size %>
+<%- end -%>
+<%- if @ldap_cache_entries -%>
+LDAPCacheEntries <%= @ldap_cache_entries %>
+<%- end -%>
+<%- if @ldap_cache_ttl -%>
+LDAPCacheTTL <%= @ldap_cache_ttl %>
+<%- end -%>
+<%- if @ldap_opcache_entries -%>
+LDAPOpCacheEntries <%= @ldap_opcache_entries %>
+<%- end -%>
+<%- if @ldap_opcache_ttl -%>
+LDAPOpCacheTTL <%= @ldap_opcache_ttl %>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/load.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/load.erb
new file mode 100644
index 000000000..51f45edb2
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/load.erb
@@ -0,0 +1,7 @@
+<% if @loadfiles -%>
+<% Array(@loadfiles).each do |loadfile| -%>
+LoadFile <%= loadfile %>
+<% end -%>
+
+<% end -%>
+LoadModule <%= @_id %> <%= @_path %>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/md.conf.epp b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/md.conf.epp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/md.conf.epp
rename to modules/services/unix/http/apache_kali_compatible/apache/templates/mod/md.conf.epp
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/mime.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/mime.conf.erb
new file mode 100644
index 000000000..46d021c21
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/mime.conf.erb
@@ -0,0 +1,38 @@
+TypesConfig <%= @mime_types_config %>
+
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+AddType application/x-bzip2 .bz2
+
+AddLanguage ca .ca
+AddLanguage cs .cz .cs
+AddLanguage da .dk
+AddLanguage de .de
+AddLanguage el .el
+AddLanguage en .en
+AddLanguage eo .eo
+AddLanguage es .es
+AddLanguage et .et
+AddLanguage fr .fr
+AddLanguage he .he
+AddLanguage hr .hr
+AddLanguage it .it
+AddLanguage ja .ja
+AddLanguage ko .ko
+AddLanguage ltz .ltz
+AddLanguage nl .nl
+AddLanguage nn .nn
+AddLanguage no .no
+AddLanguage pl .po
+AddLanguage pt .pt
+AddLanguage pt-BR .pt-br
+AddLanguage ru .ru
+AddLanguage sv .sv
+AddLanguage zh-CN .zh-cn
+AddLanguage zh-TW .zh-tw
+
+<%- @_mime_types_additional.sort.each do |add_mime, config| -%>
+        <%- config.each do |type, extension| %>
+<%= add_mime %> <%= type %> <%= extension%>
+        <%- end -%>
+<% end %>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/mime_magic.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/mime_magic.conf.erb
new file mode 100644
index 000000000..cbc173deb
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/mime_magic.conf.erb
@@ -0,0 +1 @@
+MIMEMagicFile "<%= @_magic_file %>"
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/mpm_event.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/mpm_event.conf.erb
new file mode 100644
index 000000000..eb6f1ff5f
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/mpm_event.conf.erb
@@ -0,0 +1,9 @@
+<IfModule mpm_event_module>
+  StartServers          2
+  MinSpareThreads      25
+  MaxSpareThreads      75
+  ThreadLimit          64
+  ThreadsPerChild      25
+  MaxClients          150
+  MaxRequestsPerChild   0
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/negotiation.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/negotiation.conf.erb
new file mode 100644
index 000000000..2fb4700d6
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/negotiation.conf.erb
@@ -0,0 +1,2 @@
+LanguagePriority <%= Array(@language_priority).join(' ') %>
+ForceLanguagePriority <%= Array(@force_language_priority).join(' ') %>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/nss.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/nss.conf.erb
new file mode 100644
index 000000000..36f83d865
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/nss.conf.erb
@@ -0,0 +1,228 @@
+#
+# This is the Apache server configuration file providing SSL support using.
+# the mod_nss plugin.  It contains the configuration directives to instruct
+# the server how to serve pages over an https connection.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.
+#
+
+#LoadModule nss_module modules/libmodnss.so
+
+#
+# When we also provide SSL we have to listen to the
+# standard HTTP port (see above) and to the HTTPS port
+#
+# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
+#       Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:443"
+#
+Listen <%= @port %>
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#
+#   Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+<% if @passwd_file -%>
+NSSPassPhraseDialog  "file:<%= @passwd_file %>"
+<% else -%>
+NSSPassPhraseDialog  builtin
+<% end -%>
+
+#   Pass Phrase Helper:
+#   This helper program stores the token password pins between
+#   restarts of Apache.
+NSSPassPhraseHelper /usr/sbin/nss_pcache
+
+#   Configure the SSL Session Cache.
+#   NSSSessionCacheSize is the number of entries in the cache.
+#   NSSSessionCacheTimeout is the SSL2 session timeout (in seconds).
+#   NSSSession3CacheTimeout is the SSL3/TLS session timeout (in seconds).
+NSSSessionCacheSize 10000
+NSSSessionCacheTimeout 100
+NSSSession3CacheTimeout 86400
+
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. Those platforms usually also provide a non-blocking
+# device, /dev/urandom, which may be used instead.
+#
+# This does not support seeding the RNG with each connection.
+
+NSSRandomSeed startup builtin
+#NSSRandomSeed startup file:/dev/random  512
+#NSSRandomSeed startup file:/dev/urandom 512
+
+#
+# TLS Negotiation configuration under RFC 5746
+#
+# Only renegotiate if the peer's hello bears the TLS renegotiation_info
+# extension. Default off.
+NSSRenegotiation off
+
+# Peer must send Signaling Cipher Suite Value (SCSV) or
+# Renegotiation Info (RI) extension in ALL handshakes.  Default: off
+NSSRequireSafeNegotiation off
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:<%= @port %>>
+
+#   General setup for the virtual host
+#DocumentRoot "/etc/httpd/htdocs"
+#ServerName www.example.com:8443
+#ServerAdmin you@example.com
+
+# mod_nss can log to separate log files, you can choose to do that if you'd like
+# LogLevel is not inherited from httpd.conf.
+ErrorLog "<%= @error_log %>"
+TransferLog "<%= @transfer_log %>"
+LogLevel warn
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+NSSEngine on
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_nss documentation for a complete list.
+
+# SSL 3 ciphers. SSL 2 is disabled by default.
+NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
+
+# SSL 3 ciphers + ECC ciphers. SSL 2 is disabled by default.
+#
+# Comment out the NSSCipherSuite line above and use the one below if you have
+# ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography
+#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha
+
+#   SSL Protocol:
+#   Cryptographic protocols that provide communication security.
+#   NSS handles the specified protocols as "ranges", and automatically
+#   negotiates the use of the strongest protocol for a connection starting
+#   with the maximum specified protocol and downgrading as necessary to the
+#   minimum specified protocol that can be used between two processes.
+#   Since all protocol ranges are completely inclusive, and no protocol in the
+#   middle of a range may be excluded, the entry "NSSProtocol TLSv1.0,TLSv1.2"
+#   is identical to the entry "NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2".
+NSSProtocol TLSv1.0,TLSv1.1
+
+#   SSL Certificate Nickname:
+#   The nickname of the RSA server certificate you are going to use.
+NSSNickname Server-Cert
+
+#   SSL Certificate Nickname:
+#   The nickname of the ECC server certificate you are going to use, if you
+#   have an ECC-enabled version of NSS and mod_nss
+#NSSECCNickname Server-Cert-ecc
+
+#   Server Certificate Database:
+#   The NSS security database directory that holds the certificates and
+#   keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
+#   Provide the directory that these files exist.
+NSSCertificateDatabase "<%= @httpd_dir -%>/alias"
+
+#   Database Prefix:
+#   In order to be able to store multiple NSS databases in one directory
+#   they need unique names. This option sets the database prefix used for
+#   cert8.db and key3.db.
+#NSSDBPrefix my-prefix-
+
+#   Client Authentication (Type):
+#   Client certificate verification type.  Types are none, optional and
+#   require.
+#NSSVerifyClient none
+
+#
+#   Online Certificate Status Protocol (OCSP).
+#   Verify that certificates have not been revoked before accepting them.
+#NSSOCSP off
+
+#
+#   Use a default OCSP responder. If enabled this will be used regardless
+#   of whether one is included in a client certificate. Note that the
+#   server certificate is verified during startup.
+#
+#   NSSOCSPDefaultURL defines the service URL of the OCSP responder
+#   NSSOCSPDefaultName is the nickname of the certificate to trust to
+#       sign the OCSP responses.
+#NSSOCSPDefaultResponder on
+#NSSOCSPDefaultURL http://example.com/ocsp/status
+#NSSOCSPDefaultName ocsp-nickname
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_nss documentation
+#   for more details.
+#<Location />
+#NSSRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "NSSRequireSSL" or "NSSRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context.
+#NSSOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
+<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
+    NSSOptions +StdEnvVars
+</FilesMatch>
+<Directory "/var/www/cgi-bin">
+    NSSOptions +StdEnvVars
+</Directory>
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+#CustomLog /home/rcrit/redhat/apache/logs/ssl_request_log \
+#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>
+
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/pagespeed.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/pagespeed.conf.erb
new file mode 100644
index 000000000..56e72fe29
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/pagespeed.conf.erb
@@ -0,0 +1,102 @@
+ModPagespeed on
+
+ModPagespeedInheritVHostConfig <%= @inherit_vhost_config %>
+AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html
+<% if @filter_xhtml -%>
+AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER application/xhtml+xml
+<% end -%>
+ModPagespeedFileCachePath "<%= @cache_path %>"
+ModPagespeedLogDir "<%= @log_dir %>"
+
+<% @memcache_servers.each do |server| -%>
+ModPagespeedMemcachedServers <%= server %>
+<% end -%>
+
+ModPagespeedRewriteLevel <%= @rewrite_level -%>
+
+<% @disable_filters.each do |filter| -%>
+ModPagespeedDisableFilters <%= filter %>
+<% end -%>
+
+<% @enable_filters.each do |filter| -%>
+ModPagespeedEnableFilters <%= filter %>
+<% end -%>
+
+<% @forbid_filters.each do |filter| -%>
+ModPagespeedForbidFilters <%= filter %>
+<% end -%>
+
+ModPagespeedRewriteDeadlinePerFlushMs <%= @rewrite_deadline_per_flush_ms %>
+
+<% if @additional_domains -%>
+ModPagespeedDomain <%= @additional_domains -%>
+<% end -%>
+
+ModPagespeedFileCacheSizeKb          <%= @file_cache_size_kb %>
+ModPagespeedFileCacheCleanIntervalMs <%= @file_cache_clean_interval_ms %>
+ModPagespeedLRUCacheKbPerProcess     <%= @lru_cache_per_process %>
+ModPagespeedLRUCacheByteLimit        <%= @lru_cache_byte_limit %>
+ModPagespeedCssFlattenMaxBytes       <%= @css_flatten_max_bytes %>
+ModPagespeedCssInlineMaxBytes        <%= @css_inline_max_bytes %>
+ModPagespeedCssImageInlineMaxBytes   <%= @css_image_inline_max_bytes %>
+ModPagespeedImageInlineMaxBytes      <%= @image_inline_max_bytes %>
+ModPagespeedJsInlineMaxBytes         <%= @js_inline_max_bytes %>
+ModPagespeedCssOutlineMinBytes       <%= @css_outline_min_bytes %>
+ModPagespeedJsOutlineMinBytes        <%= @js_outline_min_bytes %>
+
+
+ModPagespeedFileCacheInodeLimit <%= @inode_limit %>
+ModPagespeedImageMaxRewritesAtOnce <%= @image_max_rewrites_at_once %>
+
+ModPagespeedNumRewriteThreads <%= @num_rewrite_threads %>
+ModPagespeedNumExpensiveRewriteThreads <%= @num_expensive_rewrite_threads %>
+
+ModPagespeedStatistics <%= @collect_statistics %>
+
+<Location /mod_pagespeed_statistics>
+    # You may insert other "Allow from" lines to add hosts you want to
+    # allow to look at generated statistics.  Another possibility is
+    # to comment out the "Order" and "Allow" options from the config
+    # file, to allow any client that can reach your server to examine
+    # statistics.  This might be appropriate in an experimental setup or
+    # if the Apache server is protected by a reverse proxy that will
+    # filter URLs in some fashion.
+    <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
+    Require ip 127.0.0.1 ::1 <%= Array(@allow_view_stats).join(" ") %>
+    <%- else -%>
+    Order allow,deny
+    Allow from 127.0.0.1 ::1 <%= Array(@allow_view_stats).join(" ") %>
+    <%- end -%>
+    SetHandler mod_pagespeed_statistics
+</Location>
+
+ModPagespeedStatisticsLogging <%= @statistics_logging %>
+<Location /pagespeed_console>
+    <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
+    Require ip 127.0.0.1 ::1 <%= Array(@allow_pagespeed_console).join(" ") %>
+    <%- else -%>
+    Order allow,deny
+    Allow from 127.0.0.1 ::1 <%= Array(@allow_pagespeed_console).join(" ") %>
+    <%- end -%>
+    SetHandler pagespeed_console
+</Location>
+
+ModPagespeedMessageBufferSize <%= @message_buffer_size %>
+
+<Location /mod_pagespeed_message>
+    <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
+    Require ip 127.0.0.1 ::1 <%= Array(@allow_pagespeed_message).join(" ") %>
+    <%- else -%>
+    Order allow,deny
+    Allow from 127.0.0.1 ::1 <%= Array(@allow_pagespeed_message).join(" ") %>
+    <%- end -%>
+    SetHandler mod_pagespeed_message
+</Location>
+
+<% if @additional_configuration.is_a? Array -%>
+<%= @additional_configuration.join("\n") %>
+<% else -%>
+<% @additional_configuration.each_pair do |key, value| -%>
+<%= key %> <%= value %>
+<% end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/passenger.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/passenger.conf.erb
new file mode 100644
index 000000000..f7078db92
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/passenger.conf.erb
@@ -0,0 +1,259 @@
+# The Passenger Apache module configuration file is being
+# managed by Puppet and changes will be overwritten.
+<IfModule mod_passenger.c>
+  <%- if @passenger_allow_encoded_slashes -%>
+  PassengerAllowEncodedSlashes <%= @passenger_allow_encoded_slashes %>
+  <%- end -%>
+  <%- if @passenger_anonymous_telemetry_proxy -%>
+  PassengerAnonymousTelemetryProxy <%= @passenger_anonymous_telemetry_proxy %>
+  <%- end -%>
+  <%- if @passenger_app_env -%>
+  PassengerAppEnv <%= @passenger_app_env %>
+  <%- end -%>
+  <%- if @passenger_app_group_name -%>
+  PassengerAppGroupName <%= @passenger_app_group_name %>
+  <%- end -%>
+  <%- if @passenger_app_root -%>
+  PassengerAppRoot "<%= @passenger_app_root %>"
+  <%- end -%>
+  <%- if @passenger_app_type -%>
+  PassengerAppType <%= @passenger_app_type %>
+  <%- end -%>
+  <%- if @passenger_base_uri -%>
+  PassengerBaseURI <%= @passenger_base_uri %>
+  <%- end -%>
+  <%- if @passenger_buffer_response -%>
+  PassengerBufferResponse <%= @passenger_buffer_response %>
+  <%- end -%>
+  <%- if @passenger_buffer_upload -%>
+  PassengerBufferUpload <%= @passenger_buffer_upload %>
+  <%- end -%>
+  <%- if @passenger_concurrency_model -%>
+  PassengerConcurrencyModel <%= @passenger_concurrency_model %>
+  <%- end -%>
+  <%- if @passenger_data_buffer_dir -%>
+  PassengerDataBufferDir "<%= @passenger_data_buffer_dir %>"
+  <%- end -%>
+  <%- if @passenger_debug_log_file -%>
+  PassengerDebugLogFile <%= @passenger_debug_log_file %>
+  <%- end -%>
+  <%- if @passenger_debugger -%>
+  PassengerDebugger <%= @passenger_debugger %>
+  <%- end -%>
+  <%- if @passenger_default_group -%>
+  PassengerDefaultGroup <%= @passenger_default_group %>
+  <%- end -%>
+  <%- if @passenger_default_ruby -%>
+  PassengerDefaultRuby "<%= @passenger_default_ruby %>"
+  <%- end -%>
+  <%- if @passenger_default_user -%>
+  PassengerDefaultUser <%= @passenger_default_user %>
+  <%- end -%>
+  <%- unless @passenger_disable_anonymous_telemetry.nil? -%>
+  PassengerDisableAnonymousTelemetry <%= scope.call_function('apache::bool2httpd', [@passenger_disable_anonymous_telemetry]) %>
+  <%- end -%>
+  <%- unless @passenger_disable_log_prefix.nil? -%>
+  PassengerDisableLogPrefix <%= scope.call_function('apache::bool2httpd', [@passenger_disable_log_prefix]) %>
+  <%- end -%>
+  <%- if @passenger_disable_security_update_check -%>
+  PassengerDisableSecurityUpdateCheck <%= @passenger_disable_security_update_check %>
+  <%- end -%>
+  <%- if @passenger_enabled -%>
+  PassengerEnabled <%= @passenger_enabled %>
+  <%- end -%>
+  <%- if @passenger_error_override -%>
+  PassengerErrorOverride <%= @passenger_error_override %>
+  <%- end -%>
+  <%- if @passenger_file_descriptor_log_file -%>
+  PassengerFileDescriptorLogFile "<%= @passenger_file_descriptor_log_file %>"
+  <%- end -%>
+  <%- if @passenger_fly_with -%>
+  PassengerFlyWith "<%= @passenger_fly_with %>"
+  <%- end -%>
+  <%- if @passenger_force_max_concurrent_requests_per_process -%>
+  PassengerForceMaxConcurrentRequestsPerProcess <%= @passenger_force_max_concurrent_requests_per_process %>
+  <%- end -%>
+  <%- if @passenger_friendly_error_pages -%>
+  PassengerFriendlyErrorPages <%= @passenger_friendly_error_pages %>
+  <%- end -%>
+  <%- if @passenger_group -%>
+  PassengerGroup <%= @passenger_group %>
+  <%- end -%>
+  <%- if @passenger_high_performance -%>
+  PassengerHighPerformance <%= @passenger_high_performance %>
+  <%- end -%>
+  <%- if @passenger_instance_registry_dir -%>
+  PassengerInstanceRegistryDir "<%= @passenger_instance_registry_dir %>"
+  <%- end -%>
+  <%- if @passenger_load_shell_envvars -%>
+  PassengerLoadShellEnvvars <%= @passenger_load_shell_envvars %>
+  <%- end -%>
+  <%- if @passenger_log_file -%>
+  PassengerLogFile "<%= @passenger_log_file %>"
+  <%- end -%>
+  <%- if @passenger_log_level -%>
+  PassengerLogLevel <%= @passenger_log_level %>
+  <%- end -%>
+  <%- if @passenger_lve_min_uid -%>
+  PassengerLveMinUid <%= @passenger_lve_min_uid %>
+  <%- end -%>
+  <%- if @passenger_max_instances -%>
+  PassengerMaxInstances <%= @passenger_max_instances %>
+  <%- end -%>
+  <%- if @passenger_max_instances_per_app -%>
+  PassengerMaxInstancesPerApp <%= @passenger_max_instances_per_app %>
+  <%- end -%>
+  <%- if @passenger_max_pool_size -%>
+  PassengerMaxPoolSize <%= @passenger_max_pool_size %>
+  <%- end -%>
+  <%- if @passenger_max_preloader_idle_time -%>
+  PassengerMaxPreloaderIdleTime <%= @passenger_max_preloader_idle_time %>
+  <%- end -%>
+  <%- if @passenger_max_request_queue_size -%>
+  PassengerMaxRequestQueueSize <%= @passenger_max_request_queue_size %>
+  <%- end -%>
+  <%- if @passenger_max_request_time -%>
+  PassengerMaxRequestTime <%= @passenger_max_request_time %>
+  <%- end -%>
+  <%- if @passenger_max_requests -%>
+  PassengerMaxRequests <%= @passenger_max_requests %>
+  <%- end -%>
+  <%- if @passenger_memory_limit -%>
+  PassengerMemoryLimit <%= @passenger_memory_limit %>
+  <%- end -%>
+  <%- if @passenger_meteor_app_settings -%>
+  PassengerMeteorAppSettings "<%= @passenger_meteor_app_settings %>"
+  <%- end -%>
+  <%- if @passenger_min_instances -%>
+  PassengerMinInstances <%= @passenger_min_instances %>
+  <%- end -%>
+  <%- if @passenger_nodejs -%>
+  PassengerNodejs "<%= @passenger_nodejs %>"
+  <%- end -%>
+  <%- if @passenger_pool_idle_time -%>
+  PassengerPoolIdleTime <%= @passenger_pool_idle_time %>
+  <%- end -%>
+  <%- if @passenger_pre_start -%>
+    <%- [@passenger_pre_start].flatten.compact.each do |passenger_pre_start| -%>
+  PassengerPreStart <%= passenger_pre_start %>
+    <%- end -%>
+  <%- end -%>
+  <%- if @passenger_python -%>
+  PassengerPython "<%= @passenger_python %>"
+  <%- end -%>
+  <%- if @passenger_resist_deployment_errors -%>
+  PassengerResistDeploymentErrors <%= @passenger_resist_deployment_errors %>
+  <%- end -%>
+  <%- if @passenger_resolve_symlinks_in_document_root -%>
+  PassengerResolveSymlinksInDocumentRoot <%= @passenger_resolve_symlinks_in_document_root %>
+  <%- end -%>
+  <%- if @passenger_response_buffer_high_watermark -%>
+  PassengerResponseBufferHighWatermark <%= @passenger_response_buffer_high_watermark %>
+  <%- end -%>
+  <%- if @passenger_restart_dir -%>
+  PassengerRestartDir "<%= @passenger_restart_dir %>"
+  <%- end -%>
+  <%- if @passenger_rolling_restarts -%>
+  PassengerRollingRestarts <%= @passenger_rolling_restarts %>
+  <%- end -%>
+  <%- if @passenger_root -%>
+  PassengerRoot "<%= @passenger_root %>"
+  <%- end -%>
+  <%- if @passenger_ruby -%>
+  PassengerRuby "<%= @passenger_ruby %>"
+  <%- end -%>
+  <%- if @passenger_security_update_check_proxy -%>
+  PassengerSecurityUpdateCheckProxy <%= @passenger_security_update_check_proxy %>
+  <%- end -%>
+  <%- if @passenger_show_version_in_header -%>
+  PassengerShowVersionInHeader <%= @passenger_show_version_in_header %>
+  <%- end -%>
+  <%- if @passenger_socket_backlog -%>
+  PassengerSocketBacklog <%= @passenger_socket_backlog %>
+  <%- end -%>
+  <%- if @passenger_spawn_dir -%>
+  PassengerSpawnDir "<%= @passenger_spawn_dir %>"
+  <%- end -%>
+  <%- if @passenger_spawn_method -%>
+  PassengerSpawnMethod <%= @passenger_spawn_method %>
+  <%- end -%>
+  <%- if @passenger_start_timeout -%>
+  PassengerStartTimeout <%= @passenger_start_timeout %>
+  <%- end -%>
+  <%- if @passenger_startup_file -%>
+  PassengerStartupFile "<%= @passenger_startup_file %>"
+  <%- end -%>
+  <%- if @passenger_stat_throttle_rate -%>
+  PassengerStatThrottleRate <%= @passenger_stat_throttle_rate %>
+  <%- end -%>
+  <%- if @passenger_sticky_sessions -%>
+  PassengerStickySessions <%= @passenger_sticky_sessions %>
+  <%- end -%>
+  <%- if @passenger_sticky_sessions_cookie_name -%>
+  PassengerStickySessionsCookieName <%= @passenger_sticky_sessions_cookie_name %>
+  <%- end -%>
+  <%- if @passenger_sticky_sessions_cookie_attributes -%>
+  PassengerStickySessionsCookieAttributes "<%= @passenger_sticky_sessions_cookie_attributes %>"
+  <%- end -%>
+  <%- if @passenger_thread_count -%>
+  PassengerThreadCount <%= @passenger_thread_count %>
+  <%- end -%>
+  <%- if @passenger_use_global_queue -%>
+  PassengerUseGlobalQueue <%= @passenger_use_global_queue %>
+  <%- end -%>
+  <%- if @passenger_user -%>
+  PassengerUser <%= @passenger_user %>
+  <%- end -%>
+  <%- if @passenger_user_switching -%>
+  PassengerUserSwitching <%= @passenger_user_switching %>
+  <%- end -%>
+  <%- if @rack_auto_detect -%>
+  RackAutoDetect <%= @rack_auto_detect %>
+  <%- end -%>
+  <%- if @rack_base_uri -%>
+  RackBaseURI <%= @rack_base_uri %>
+  <%- end -%>
+  <%- if @rack_env -%>
+  RackEnv <%= @rack_env %>
+  <%- end -%>
+  <%- if @rails_allow_mod_rewrite -%>
+  RailsAllowModRewrite <%= @rails_allow_mod_rewrite %>
+  <%- end -%>
+  <%- if @rails_app_spawner_idle_time -%>
+  RailsAppSpawnerIdleTime <%= @rails_app_spawner_idle_time %>
+  <%- end -%>
+  <%- if @rails_auto_detect -%>
+  RailsAutoDetect <%= @rails_auto_detect %>
+  <%- end -%>
+  <%- if @rails_base_uri -%>
+  RailsBaseURI <%= @rails_base_uri %>
+  <%- end -%>
+  <%- if @rails_default_user -%>
+  RailsDefaultUser <%= @rails_default_user %>
+  <%- end -%>
+  <%- if @rails_env -%>
+  RailsEnv <%= @rails_env %>
+  <%- end -%>
+  <%- if @rails_framework_spawner_idle_time -%>
+  RailsFrameworkSpawnerIdleTime <%= @rails_framework_spawner_idle_time %>
+  <%- end -%>
+  <%- if @rails_ruby -%>
+  RailsRuby <%= @rails_ruby %>
+  <%- end -%>
+  <%- if @rails_spawn_method -%>
+  RailsSpawnMethod <%= @rails_spawn_method %>
+  <%- end -%>
+  <%- if @rails_user_switching -%>
+  RailsUserSwitching <%= @rails_user_switching %>
+  <%- end -%>
+  <%- if @wsgi_auto_detect -%>
+  WsgiAutoDetect <%= @wsgi_auto_detect %>
+  <%- end -%>
+  <%- if @rails_autodetect -%>
+  RailsAutoDetect <%= @rails_autodetect %>
+  <%- end -%>
+  <%- if @rack_autodetect -%>
+  RackAutoDetect <%= @rack_autodetect %>
+  <%- end -%>
+
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/peruser.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/peruser.conf.erb
new file mode 100644
index 000000000..13c8d708d
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/peruser.conf.erb
@@ -0,0 +1,12 @@
+<IfModule mpm_peruser_module>
+  MinSpareProcessors  <%= @minspareprocessors %>
+  MinProcessors       <%= @minprocessors %>
+  MaxProcessors       <%= @maxprocessors %>
+  MaxClients          <%= @maxclients %>
+  MaxRequestsPerChild <%= @maxrequestsperchild %>
+  IdleTimeout         <%= @idletimeout %>
+  ExpireTimeout       <%= @expiretimeout %>
+  KeepAlive           <%= @keepalive %>
+  Include             "<%= @mod_dir %>/peruser/multiplexers/*.conf"
+  Include             "<%= @mod_dir %>/peruser/processors/*.conf"
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/php.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/php.conf.erb
new file mode 100644
index 000000000..9e684fe6d
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/php.conf.erb
@@ -0,0 +1,23 @@
+#
+# PHP is an HTML-embedded scripting language which attempts to make it
+# easy for developers to write dynamically generated webpages.
+#
+
+#
+# Cause the PHP interpreter to handle files with a .php extension.
+#
+<FilesMatch ".+(<%= @extensions.flatten.compact.collect { |s| Regexp.escape(s) }.join('|') %>)$">
+    SetHandler application/x-httpd-php
+</FilesMatch>
+
+#
+# Add index.php to the list of files that will be served as directory
+# indexes.
+#
+DirectoryIndex index.php
+
+#
+# Uncomment the following line to allow PHP to pretty-print .phps
+# files as PHP source code:
+#
+#AddType application/x-httpd-php-source .phps
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/prefork.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/prefork.conf.erb
new file mode 100644
index 000000000..01f0b84f8
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/prefork.conf.erb
@@ -0,0 +1,17 @@
+<IfModule mpm_prefork_module>
+  StartServers        <%= @startservers %>
+  MinSpareServers     <%= @minspareservers %>
+  MaxSpareServers     <%= @maxspareservers %>
+  ServerLimit         <%= @serverlimit %>
+  <%- if @maxrequestworkers -%>
+  MaxRequestWorkers      <%= @maxrequestworkers %>
+  <%- elsif @maxclients -%>
+  MaxClients             <%= @maxclients %>
+  <%- end -%>
+  <%- if @maxconnectionsperchild -%>
+  MaxConnectionsPerChild <%= @maxconnectionsperchild %>
+  <%- elsif @maxrequestsperchild -%>
+  MaxRequestsPerChild    <%= @maxrequestsperchild %>
+  <%- end -%>
+  ListenBacklog       <%= @listenbacklog %>
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/proxy.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/proxy.conf.erb
new file mode 100644
index 000000000..76968cb6f
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/proxy.conf.erb
@@ -0,0 +1,34 @@
+#
+# Proxy Server directives. Uncomment the following lines to
+# enable the proxy server:
+#
+<IfModule mod_proxy.c>
+  # Do not enable proxying with ProxyRequests until you have secured your
+  # server.  Open proxy servers are dangerous both to your network and to the
+  # Internet at large.
+  ProxyRequests <%= @proxy_requests %>
+
+  <% if @proxy_requests != 'Off' or ( @allow_from and ! @allow_from.empty? ) -%>
+  <Proxy *>
+    <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
+    Require ip <%= Array(@allow_from).join(" ") %>
+    <%- else -%>
+    Order deny,allow
+    Deny from all
+    Allow from <%= Array(@allow_from).join(" ") %>
+    <%- end -%>
+  </Proxy>
+  <% end -%>
+
+  # Enable/disable the handling of HTTP/1.1 "Via:" headers.
+  # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+  # Set to one of: Off | On | Full | Block
+  ProxyVia <%= @proxy_via %>
+
+  <%- if @proxy_timeout -%>
+  ProxyTimeout <%= @proxy_timeout %>
+  <%- end -%>
+  <%- if @proxy_iobuffersize -%>
+  ProxyIOBufferSize <%= @proxy_iobuffersize %>
+  <%- end -%>
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/proxy_balancer.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/proxy_balancer.conf.erb
new file mode 100644
index 000000000..c1f37be8e
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/proxy_balancer.conf.erb
@@ -0,0 +1,10 @@
+<Location <%= @manager_path %>>
+    SetHandler balancer-manager
+    <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+    Require ip <%= Array(@allow_from).join(" ") %>
+    <%- else -%>
+    Order deny,allow
+    Deny from all
+    Allow from <%= Array(@allow_from).join(" ") %>
+    <%- end -%>
+</Location>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/proxy_html.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/proxy_html.conf.erb
new file mode 100644
index 000000000..3cb8eca62
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/proxy_html.conf.erb
@@ -0,0 +1,20 @@
+ProxyHTMLLinks  a               href
+ProxyHTMLLinks  area            href
+ProxyHTMLLinks  link            href
+ProxyHTMLLinks  img             src longdesc usemap
+ProxyHTMLLinks  object          classid codebase data usemap
+ProxyHTMLLinks  q               cite
+ProxyHTMLLinks  blockquote      cite
+ProxyHTMLLinks  ins             cite
+ProxyHTMLLinks  del             cite
+ProxyHTMLLinks  form            action
+ProxyHTMLLinks  input           src usemap
+ProxyHTMLLinks  head            profile
+ProxyHTMLLinks  base            href
+ProxyHTMLLinks  script          src for
+ProxyHTMLLinks  meta            content
+
+ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \
+                onmouseover onmousemove onmouseout onkeypress \
+                onkeydown onkeyup onfocus onblur onload \
+                onunload onsubmit onreset onselect onchange
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/remoteip.conf.epp b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/remoteip.conf.epp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/remoteip.conf.epp
rename to modules/services/unix/http/apache_kali_compatible/apache/templates/mod/remoteip.conf.epp
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/reqtimeout.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/reqtimeout.conf.erb
new file mode 100644
index 000000000..6ffc5ffe2
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/reqtimeout.conf.erb
@@ -0,0 +1,3 @@
+<% Array(@timeouts).each do |timeout| -%>
+RequestReadTimeout <%= timeout %>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/rpaf.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/rpaf.conf.erb
new file mode 100644
index 000000000..56e2398b5
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/rpaf.conf.erb
@@ -0,0 +1,15 @@
+# Enable reverse proxy add forward
+RPAFenable On
+# RPAFsethostname will, when enabled, take the incoming X-Host header and
+# update the virtual host settings accordingly. This allows to have the same
+# hostnames as in the "real" configuration for the forwarding proxy.
+<% if @sethostname -%>
+RPAFsethostname On
+<% else -%>
+RPAFsethostname Off
+<% end -%>
+# Which IPs are forwarding requests to us
+RPAFproxy_ips <%= Array(@proxy_ips).join(" ") %>
+# Setting RPAFheader allows you to change the header name to parse from the
+# default X-Forwarded-For to something of your choice.
+RPAFheader <%= @header %>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/security.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/security.conf.erb
new file mode 100644
index 000000000..0302cebf3
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/security.conf.erb
@@ -0,0 +1,86 @@
+<IfModule mod_security2.c>
+    # Default recommended configuration
+    SecRuleEngine <%= @modsec_secruleengine %>
+    SecRequestBodyAccess On
+  <%- if @custom_rules -%>
+    Include <%= @modsec_dir %>/custom_rules/*.conf
+  <%- end -%>
+    SecRule REQUEST_HEADERS:Content-Type "text/xml" \
+      "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+    SecRequestBodyLimit <%= @secrequestbodylimit %>
+    SecRequestBodyNoFilesLimit <%= @secrequestbodynofileslimit %>
+    SecRequestBodyInMemoryLimit <%= @secrequestbodyinmemorylimit %>
+    SecRequestBodyLimitAction Reject
+    SecRule REQBODY_ERROR "!@eq 0" \
+      "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+    SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
+      "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: \
+      PE %{REQBODY_PROCESSOR_ERROR}, \
+      BQ %{MULTIPART_BOUNDARY_QUOTED}, \
+      BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
+      DB %{MULTIPART_DATA_BEFORE}, \
+      DA %{MULTIPART_DATA_AFTER}, \
+      HF %{MULTIPART_HEADER_FOLDING}, \
+      LF %{MULTIPART_LF_LINE}, \
+      SM %{MULTIPART_MISSING_SEMICOLON}, \
+      IQ %{MULTIPART_INVALID_QUOTING}, \
+      IP %{MULTIPART_INVALID_PART}, \
+      IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
+      FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
+
+    SecRule &REQUEST_HEADERS:Proxy "@gt 0" "id:1000005,log,deny,msg:'httpoxy denied'"
+
+
+    SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
+      "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
+
+    SecPcreMatchLimit <%= @secpcrematchlimit %>
+    SecPcreMatchLimitRecursion <%= @secpcrematchlimitrecursion %>
+
+    SecRule TX:/^MSC_/ "!@streq 0" \
+      "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
+
+    SecResponseBodyAccess Off
+    SecResponseBodyMimeType text/plain text/html text/xml
+    SecResponseBodyLimit 524288
+    SecResponseBodyLimitAction ProcessPartial
+    SecDebugLogLevel 0
+    SecAuditEngine RelevantOnly
+    SecAuditLogRelevantStatus "<%= @audit_log_relevant_status %>"
+    SecAuditLogParts <%= @audit_log_parts %>
+    SecAuditLogType <%= @audit_log_type %>
+    <%- if @audit_log_storage_dir -%>
+    SecAuditLogStorageDir <%= @audit_log_storage_dir %>
+    <%- end -%>
+    SecArgumentSeparator &
+    SecCookieFormat 0
+<%- if scope.lookupvar('::osfamily') == 'Debian' -%>
+    SecDebugLog <%= @logroot %>/modsec_debug.log
+    SecAuditLog <%= @logroot %>/modsec_audit.log
+    SecTmpDir /var/cache/modsecurity
+    SecDataDir /var/cache/modsecurity
+    SecUploadDir /var/cache/modsecurity
+<%- elsif scope.lookupvar('::osfamily') == 'Suse' -%>
+    SecDebugLog /var/log/apache2/modsec_debug.log
+    SecAuditLog /var/log/apache2/modsec_audit.log
+    SecTmpDir /var/lib/mod_security
+    SecDataDir /var/lib/mod_security
+    SecUploadDir /var/lib/mod_security
+<% else -%>
+    SecDebugLog <%= @logroot %>/modsec_debug.log
+    SecAuditLog <%= @logroot %>/modsec_audit.log
+    SecTmpDir /var/lib/mod_security
+    SecDataDir /var/lib/mod_security
+    SecUploadDir /var/lib/mod_security
+<% end -%>
+    SecUploadKeepFiles Off
+
+    # ModSecurity Core Rules Set configuration
+<%- if scope.function_versioncmp([scope.lookupvar('::apache::apache_version'), '2.4']) >= 0 -%>
+    IncludeOptional <%= @modsec_dir %>/*.conf
+    IncludeOptional <%= @modsec_dir %>/activated_rules/*.conf
+<%- else -%>
+    Include <%= @modsec_dir %>/*.conf
+    Include <%= @modsec_dir %>/activated_rules/*.conf
+<%- end -%>
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/security_crs.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/security_crs.conf.erb
new file mode 100644
index 000000000..641daac3e
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/security_crs.conf.erb
@@ -0,0 +1,436 @@
+# ---------------------------------------------------------------
+# Core ModSecurity Rule Set ver.2.2.9
+# Copyright (C) 2006-2012 Trustwave All rights reserved.
+#
+# The OWASP ModSecurity Core Rule Set is distributed under 
+# Apache Software License (ASL) version 2
+# Please see the enclosed LICENCE file for full details.
+# ---------------------------------------------------------------
+
+
+#
+# -- [[ Recommended Base Configuration ]] ------------------------------------------------- 
+#
+# The configuration directives/settings in this file are used to control
+# the OWASP ModSecurity CRS. These settings do **NOT** configure the main
+# ModSecurity settings such as:
+# 
+# - SecRuleEngine
+# - SecRequestBodyAccess
+# - SecAuditEngine
+# - SecDebugLog
+#
+# You should use the modsecurity.conf-recommended file that comes with the
+# ModSecurity source code archive.
+#
+# Ref: https://github.com/SpiderLabs/ModSecurity/blob/master/modsecurity.conf-recommended 
+#
+
+
+#
+# -- [[ Rule Version ]] -------------------------------------------------------------------
+#
+# Rule version data is added to the "Producer" line of Section H of the Audit log:
+#
+# - Producer: ModSecurity for Apache/2.7.0-rc1 (http://www.modsecurity.org/); OWASP_CRS/2.2.4.
+#
+# Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecComponentSignature 
+#
+SecComponentSignature "OWASP_CRS/2.2.9"
+
+
+#
+# -- [[ Modes of Operation: Self-Contained vs. Collaborative Detection ]] -----------------
+#
+# Each detection rule uses the "block" action which will inherit the SecDefaultAction
+# specified below.  Your settings here will determine which mode of operation you use.
+#
+# -- [[ Self-Contained Mode ]] --
+# Rules inherit the "deny" disruptive action.  The first rule that matches will block.
+#
+# -- [[ Collaborative Detection Mode ]] --
+# This is a "delayed blocking" mode of operation where each matching rule will inherit
+# the "pass" action and will only contribute to anomaly scores.  Transactional blocking
+# can be applied 
+#
+# -- [[ Alert Logging Control ]] --
+# You have three options -
+#
+# - To log to both the Apache error_log and ModSecurity audit_log file use: "log"
+# - To log *only* to the ModSecurity audit_log file use: "nolog,auditlog"
+# - To log *only* to the Apache error_log file use: "log,noauditlog"
+#
+# Ref: http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html
+# Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecDefaultAction 
+#
+SecDefaultAction "phase:1,<%= @_secdefaultaction -%>"
+SecDefaultAction "phase:2,<%= @_secdefaultaction -%>"
+
+#
+# -- [[ Collaborative Detection Severity Levels ]] ----------------------------------------
+#
+# These are the default scoring points for each severity level.  You may
+# adjust these to you liking.  These settings will be used in macro expansion
+# in the rules to increment the anomaly scores when rules match.
+#
+# These are the default Severity ratings (with anomaly scores) of the individual rules -
+#
+#    - 2: Critical - Anomaly Score of 5.
+#         Is the highest severity level possible without correlation.  It is
+#         normally generated by the web attack rules (40 level files).
+#    - 3: Error - Anomaly Score of 4.
+#         Is generated mostly from outbound leakage rules (50 level files).
+#    - 4: Warning - Anomaly Score of 3.
+#         Is generated by malicious client rules (35 level files).
+#    - 5: Notice - Anomaly Score of 2.
+#         Is generated by the Protocol policy and anomaly files.
+#
+SecAction \
+  "id:'900001', \
+  phase:1, \
+  t:none, \
+  setvar:tx.critical_anomaly_score=<%= @critical_anomaly_score -%>, \
+  setvar:tx.error_anomaly_score=<%= @error_anomaly_score -%>, \
+  setvar:tx.warning_anomaly_score=<%= @warning_anomaly_score -%>, \
+  setvar:tx.notice_anomaly_score=<%= @notice_anomaly_score -%>, \
+  nolog, \
+  pass"
+
+
+#
+# -- [[ Collaborative Detection Scoring Initialization and Threshold Levels ]] ------------------------------
+#
+# These variables are used in macro expansion in the 49 inbound blocking and 59
+# outbound blocking files.
+#
+# **MUST HAVE** ModSecurity v2.5.12 or higher to use macro expansion in numeric
+# operators.  If you have an earlier version, edit the 49/59 files directly to
+# set the appropriate anomaly score levels.
+#
+# You should set the score level (rule 900003) to the proper threshold you 
+# would prefer.  If set to "5" it will work similarly to previous Mod CRS rules
+# and will create an event in the error_log file if there are any rules that
+# match.  If you would like to lessen the number of events generated in the 
+# error_log file, you should increase the anomaly score threshold to something 
+# like "20".  This would only generate an event in the error_log file if there
+# are multiple lower severity rule matches or if any 1 higher severity item matches.
+#
+SecAction \
+  "id:'900002', \
+  phase:1, \
+  t:none, \
+  setvar:tx.anomaly_score=0, \
+  setvar:tx.sql_injection_score=0, \
+  setvar:tx.xss_score=0, \
+  setvar:tx.inbound_anomaly_score=0, \
+  setvar:tx.outbound_anomaly_score=0, \
+  nolog, \
+  pass"
+
+
+SecAction \
+  "id:'900003', \
+  phase:1, \
+  t:none, \
+  setvar:tx.inbound_anomaly_score_level=<%= @inbound_anomaly_threshold -%>, \
+  setvar:tx.outbound_anomaly_score_level=<%= @outbound_anomaly_threshold -%>, \
+  nolog, \
+  pass"
+
+
+# 
+# -- [[ Collaborative Detection Blocking ]] -----------------------------------------------
+#
+# This is a collaborative detection mode where each rule will increment an overall
+# anomaly score for the transaction. The scores are then evaluated in the following files:
+#
+# Inbound anomaly score - checked in the modsecurity_crs_49_inbound_blocking.conf file
+# Outbound anomaly score - checked in the modsecurity_crs_59_outbound_blocking.conf file
+#
+# If you want to use anomaly scoring mode, then uncomment this line.
+#
+SecAction \
+  "id:'900004', \
+  phase:1, \
+  t:none, \
+  setvar:tx.anomaly_score_blocking=<%= @anomaly_score_blocking -%>, \
+  nolog, \
+  pass"
+
+
+#
+# -- [[ GeoIP Database ]] -----------------------------------------------------------------
+#
+# There are some rulesets that need to inspect the GEO data of the REMOTE_ADDR data.
+# 
+# You must first download the MaxMind GeoIP Lite City DB -
+#
+#       http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
+#
+# You then need to define the proper path for the SecGeoLookupDb directive
+#
+# Ref: http://blog.spiderlabs.com/2010/10/detecting-malice-with-modsecurity-geolocation-data.html
+# Ref: http://blog.spiderlabs.com/2010/11/detecting-malice-with-modsecurity-ip-forensics.html
+#
+#SecGeoLookupDb /opt/modsecurity/lib/GeoLiteCity.dat
+
+#
+# -- [[ Regression Testing Mode ]] --------------------------------------------------------
+#
+# If you are going to run the regression testing mode, you should uncomment the
+# following rule. It will enable DetectionOnly mode for the SecRuleEngine and
+# will enable Response Header tagging so that the client testing script can see
+# which rule IDs have matched.
+#
+# You must specify the your source IP address where you will be running the tests
+# from.
+#
+#SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" \
+  "id:'900005', \
+  phase:1, \
+  t:none, \
+  ctl:ruleEngine=DetectionOnly, \
+  setvar:tx.regression_testing=1, \
+  nolog, \
+  pass"
+
+
+#
+# -- [[ HTTP Policy Settings ]] ----------------------------------------------------------
+#
+# Set the following policy settings here and they will be propagated to the 23 rules
+# file (modsecurity_common_23_request_limits.conf) by using macro expansion.  
+# If you run into false positives, you can adjust the settings here.
+#
+# Only the max number of args is uncommented by default as there are a high rate
+# of false positives.  Uncomment the items you wish to set.
+# 
+#
+# -- Maximum number of arguments in request limited
+SecAction \
+  "id:'900006', \
+  phase:1, \
+  t:none, \
+  setvar:tx.max_num_args=<%= @secrequestmaxnumargs %>, \
+  nolog, \
+  pass"
+
+#
+# -- Limit argument name length
+#SecAction \
+  "id:'900007', \
+  phase:1, \
+  t:none, \
+  setvar:tx.arg_name_length=100, \
+  nolog, \
+  pass"
+
+#
+# -- Limit value name length
+#SecAction \
+  "id:'900008', \
+  phase:1, \
+  t:none, \
+  setvar:tx.arg_length=400, \
+  nolog, \
+  pass"
+
+#
+# -- Limit arguments total length
+#SecAction \
+  "id:'900009', \
+  phase:1, \
+  t:none, \
+  setvar:tx.total_arg_length=64000, \
+  nolog, \
+  pass"
+
+#
+# -- Individual file size is limited
+#SecAction \
+  "id:'900010', \
+  phase:1, \
+  t:none, \
+  setvar:tx.max_file_size=1048576, \
+  nolog, \
+  pass"
+
+#
+# -- Combined file size is limited
+#SecAction \
+  "id:'900011', \
+  phase:1, \
+  t:none, \
+  setvar:tx.combined_file_sizes=1048576, \
+  nolog, \
+  pass"
+
+
+#
+# Set the following policy settings here and they will be propagated to the 30 rules
+# file (modsecurity_crs_30_http_policy.conf) by using macro expansion.  
+# If you run into false positves, you can adjust the settings here.
+#
+SecAction \
+  "id:'900012', \
+  phase:1, \
+  t:none, \
+  setvar:'tx.allowed_methods=<%= @allowed_methods -%>', \
+  setvar:'tx.allowed_request_content_type=<%= @content_types -%>', \
+  setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \
+  setvar:'tx.restricted_extensions=<%= @restricted_extensions -%>', \
+  setvar:'tx.restricted_headers=<%= @restricted_headers -%>', \
+  nolog, \
+  pass"
+
+
+#
+# -- [[ Content Security Policy (CSP) Settings ]] -----------------------------------------
+#
+# The purpose of these settings is to send CSP response headers to
+# Mozilla FireFox users so that you can enforce how dynamic content
+# is used. CSP usage helps to prevent XSS attacks against your users.
+#  
+# Reference Link:
+#
+#	https://developer.mozilla.org/en/Security/CSP
+#
+# Uncomment this SecAction line if you want use CSP enforcement.
+# You need to set the appropriate directives and settings for your site/domain and
+# and activate the CSP file in the experimental_rules directory.
+# 
+# Ref: http://blog.spiderlabs.com/2011/04/modsecurity-advanced-topic-of-the-week-integrating-content-security-policy-csp.html
+#
+#SecAction \
+  "id:'900013', \
+  phase:1, \
+  t:none, \
+  setvar:tx.csp_report_only=1, \
+  setvar:tx.csp_report_uri=/csp_violation_report, \
+  setenv:'csp_policy=allow \'self\'; img-src *.yoursite.com; media-src *.yoursite.com; style-src *.yoursite.com; frame-ancestors *.yoursite.com; script-src *.yoursite.com; report-uri %{tx.csp_report_uri}', \
+  nolog, \
+  pass"
+
+
+#
+# -- [[ Brute Force Protection ]] ---------------------------------------------------------
+#
+# If you are using the Brute Force Protection rule set, then uncomment the following
+# lines and set the following variables:
+# - Protected URLs: resources to protect (e.g. login pages) - set to your login page
+# - Burst Time Slice Interval: time interval window to monitor for bursts
+# - Request Threshold: request # threshold to trigger a burst
+# - Block Period: temporary block timeout
+#
+#SecAction \
+  "id:'900014', \
+  phase:1, \
+  t:none, \
+  setvar:'tx.brute_force_protected_urls=#/login.jsp# #/partner_login.php#', \
+  setvar:'tx.brute_force_burst_time_slice=60', \
+  setvar:'tx.brute_force_counter_threshold=10', \
+  setvar:'tx.brute_force_block_timeout=300', \
+  nolog, \
+  pass"
+
+
+#
+# -- [[ DoS Protection ]] ----------------------------------------------------------------
+#
+# If you are using the DoS Protection rule set, then uncomment the following
+# lines and set the following variables:
+# - Burst Time Slice Interval: time interval window to monitor for bursts
+# - Request Threshold: request # threshold to trigger a burst
+# - Block Period: temporary block timeout
+#
+SecAction \
+  "id:'900015', \
+  phase:1, \
+  t:none, \
+  setvar:'tx.dos_burst_time_slice=60', \
+  setvar:'tx.dos_counter_threshold=100', \
+  setvar:'tx.dos_block_timeout=600', \
+  nolog, \
+  pass"
+
+
+#
+# -- [[ Check UTF enconding ]] -----------------------------------------------------------
+#
+# We only want to apply this check if UTF-8 encoding is actually used by the site, otherwise
+# it will result in false positives.
+#
+# Uncomment this line if your site uses UTF8 encoding
+#SecAction \
+  "id:'900016', \
+  phase:1, \
+  t:none, \
+  setvar:tx.crs_validate_utf8_encoding=1, \
+  nolog, \
+  pass"
+
+
+#
+# -- [[ Enable XML Body Parsing ]] -------------------------------------------------------
+#
+# The rules in this file will trigger the XML parser upon an XML request
+#
+# Initiate XML Processor in case of xml content-type
+#
+SecRule REQUEST_HEADERS:Content-Type "text/xml" \
+  "id:'900017', \
+  phase:1, \
+  t:none,t:lowercase, \
+  nolog, \
+  pass, \
+  chain"
+	SecRule REQBODY_PROCESSOR "!@streq XML" \
+	  "ctl:requestBodyProcessor=XML"
+
+
+#
+# -- [[ Global and IP Collections ]] -----------------------------------------------------
+#
+# Create both Global and IP collections for rules to use
+# There are some CRS rules that assume that these two collections
+# have already been initiated.
+#
+SecRule REQUEST_HEADERS:User-Agent "^(.*)$" \
+  "id:'900018', \
+  phase:1, \
+  t:none,t:sha1,t:hexEncode, \
+  setvar:tx.ua_hash=%{matched_var}, \
+  nolog, \
+  pass"
+
+
+SecRule REQUEST_HEADERS:x-forwarded-for "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" \
+  "id:'900019', \
+  phase:1, \
+  t:none, \
+  capture, \
+  setvar:tx.real_ip=%{tx.1}, \
+  nolog, \
+  pass"
+
+
+SecRule &TX:REAL_IP "!@eq 0" \
+  "id:'900020', \
+  phase:1, \
+  t:none, \
+  initcol:global=global, \
+  initcol:ip=%{tx.real_ip}_%{tx.ua_hash}, \
+  nolog, \
+  pass"
+
+
+SecRule &TX:REAL_IP "@eq 0" \
+  "id:'900021', \
+  phase:1, \
+  t:none, \
+  initcol:global=global, \
+  initcol:ip=%{remote_addr}_%{tx.ua_hash}, \
+  setvar:tx.real_ip=%{remote_addr}, \
+  nolog, \
+  pass"
+
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/security_custom.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/security_custom.conf.erb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/security_custom.conf.erb
rename to modules/services/unix/http/apache_kali_compatible/apache/templates/mod/security_custom.conf.erb
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/setenvif.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/setenvif.conf.erb
new file mode 100644
index 000000000..d31c79fe5
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/setenvif.conf.erb
@@ -0,0 +1,34 @@
+#
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+
+#
+# The following directive disables redirects on non-GET requests for
+# a directory that does not include the trailing slash.  This fixes a 
+# problem with Microsoft WebFolders which does not appropriately handle 
+# redirects for folders with DAV methods.
+# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+#
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
+BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+BrowserMatch "^gvfs/1" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+BrowserMatch " Konqueror/4" redirect-carefully
+
+<IfModule mod_ssl.c>
+  BrowserMatch "MSIE [2-6]" \
+    nokeepalive ssl-unclean-shutdown \
+    downgrade-1.0 force-response-1.0
+  # MSIE 7 and newer should be able to use keepalive
+  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/ssl.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/ssl.conf.erb
new file mode 100644
index 000000000..94dc7bb82
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/ssl.conf.erb
@@ -0,0 +1,53 @@
+<IfModule mod_ssl.c>
+  SSLRandomSeed startup builtin
+  SSLRandomSeed startup file:/dev/urandom <%= @ssl_random_seed_bytes %>
+  SSLRandomSeed connect builtin
+  SSLRandomSeed connect file:/dev/urandom <%= @ssl_random_seed_bytes %>
+
+  AddType application/x-x509-ca-cert .crt
+  AddType application/x-pkcs7-crl    .crl
+
+  SSLPassPhraseDialog <%= @ssl_pass_phrase_dialog %>
+  SSLSessionCache "shmcb:<%= @ssl_sessioncache %>"
+  SSLSessionCacheTimeout <%= @ssl_sessioncachetimeout %>
+  <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
+  Mutex <%= @_ssl_mutex %>
+    <%- if @ssl_compression -%>
+  SSLCompression <%= scope.call_function('apache::bool2httpd', [@ssl_compression]) %>
+    <%- end -%>
+    <%- unless @ssl_sessiontickets.nil? -%>
+  SSLSessionTickets <%= scope.call_function('apache::bool2httpd', [@ssl_sessiontickets]) %>
+    <%- end -%>
+  <%- else -%>
+  SSLMutex <%= @_ssl_mutex %>
+  <%- end -%>
+  SSLCryptoDevice <%= @ssl_cryptodevice %>
+  SSLHonorCipherOrder <%= scope.call_function('apache::bool2httpd', [@_ssl_honorcipherorder]) %>
+  <%- if @ssl_cert -%>
+  SSLCertificateFile      "<%= @ssl_cert %>"
+  <%- end -%>
+  <%- if @ssl_key -%>
+  SSLCertificateKeyFile   "<%= @ssl_key %>"
+  <%- end -%>
+  <%- if @ssl_ca -%>
+  SSLCACertificateFile    "<%= @ssl_ca %>"
+  <%- end -%>
+<% if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
+  SSLUseStapling <%= scope.call_function('apache::bool2httpd', [@ssl_stapling]) %>
+  <%- if not @ssl_stapling_return_errors.nil? -%>
+  SSLStaplingReturnResponderErrors <%= scope.call_function('apache::bool2httpd', [@ssl_stapling_return_errors]) %>
+  <%- end -%>
+  SSLStaplingCache "shmcb:<%= @_stapling_cache %>"
+<% end -%>
+  SSLCipherSuite <%= @ssl_cipher %>
+  SSLProtocol <%= @ssl_protocol.compact.join(' ') %>
+<% if not @ssl_proxy_protocol.empty? -%>
+  SSLProxyProtocol <%= @ssl_proxy_protocol.compact.join(' ') %>
+<% end -%>
+<% if @ssl_options -%>
+  SSLOptions <%= @ssl_options.compact.join(' ') %>
+<% end -%>
+<%- if @ssl_openssl_conf_cmd -%>
+  SSLOpenSSLConfCmd <%= @ssl_openssl_conf_cmd %>
+<%- end -%>
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/status.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/status.conf.erb
new file mode 100644
index 000000000..28cc55b4f
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/status.conf.erb
@@ -0,0 +1,18 @@
+<Location <%= @status_path %>>
+    SetHandler server-status
+    <%-# From Puppet 4.2 up, replace: -%>
+    <%-# "scope.function_template(["apache/mod/<Template>"])" -%>
+    <%-# with: -%>
+    <%-# "scope.call_function('template', ["apache/mod/<Template>"])" -%>
+    <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
+<%= scope.function_template(["apache/mod/_require.erb"]) -%>
+    <%- else -%>
+<%= scope.function_template(["apache/mod/_allow.erb"]) -%>
+    <%- end -%>
+</Location>
+ExtendedStatus <%= @extended_status %>
+
+<IfModule mod_proxy.c>
+    # Show Proxy LoadBalancer status in mod_status
+    ProxyStatus On
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/suphp.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/suphp.conf.erb
new file mode 100644
index 000000000..95fbf97c7
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/suphp.conf.erb
@@ -0,0 +1,19 @@
+<IfModule mod_suphp.c>
+    AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
+    suPHP_AddHandler application/x-httpd-suphp
+
+    <Directory />
+        suPHP_Engine on
+    </Directory>
+
+    # By default, disable suPHP for debian packaged web applications as files
+    # are owned by root and cannot be executed by suPHP because of min_uid.
+    <Directory /usr/share>
+        suPHP_Engine off
+    </Directory>
+
+# # Use a specific php config file (a dir which contains a php.ini file)
+#       suPHP_ConfigPath /etc/php4/cgi/suphp/
+# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
+#       suPHP_RemoveHandler <mime-type>
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/userdir.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/userdir.conf.erb
new file mode 100644
index 000000000..1ef99f69f
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/userdir.conf.erb
@@ -0,0 +1,32 @@
+<IfModule mod_userdir.c>
+<% if @disable_root -%>
+  UserDir disabled root
+<% end -%>
+  UserDir <%= @_userdir %>
+
+<%- if ! @unmanaged_path -%>
+  <Directory "<%= @_path %>">
+    AllowOverride <%= @overrides.join(' ') %>
+    Options <%= @options.join(' ') %>
+    <Limit GET POST OPTIONS>
+      <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
+      Require all granted
+      <%- else -%>
+      Order allow,deny
+      Allow from all
+      <%- end -%>
+    </Limit>
+    <LimitExcept GET POST OPTIONS>
+      <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
+      Require all granted
+      <%- else -%>
+      Order allow,deny
+      Allow from all
+      <%- end -%>
+    </LimitExcept>
+  </Directory>
+<%- end -%>
+<%- if @custom_fragment -%>
+<%= @custom_fragment %>
+<%- end -%>
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/worker.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/worker.conf.erb
new file mode 100644
index 000000000..8ad6451c7
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/worker.conf.erb
@@ -0,0 +1,11 @@
+<IfModule mpm_worker_module>
+  ServerLimit         <%= @serverlimit %>
+  StartServers        <%= @startservers %>
+  ThreadLimit         <%= @threadlimit %>
+  MaxClients          <%= @maxclients %>
+  MinSpareThreads     <%= @minsparethreads %>
+  MaxSpareThreads     <%= @maxsparethreads %>
+  ThreadsPerChild     <%= @threadsperchild %>
+  MaxRequestsPerChild <%= @maxrequestsperchild %>
+  ListenBacklog       <%= @listenbacklog %>
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/wsgi.conf.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/wsgi.conf.erb
new file mode 100644
index 000000000..490f8b616
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/mod/wsgi.conf.erb
@@ -0,0 +1,22 @@
+# The WSGI Apache module configuration file is being
+# managed by Puppet an changes will be overwritten.
+<IfModule mod_wsgi.c>
+  <%- if @wsgi_restrict_embedded -%>
+  WSGIRestrictEmbedded <%= scope.call_function('apache::bool2httpd', [@wsgi_restrict_embedded]) %>
+  <%- end -%>
+  <%- if @wsgi_socket_prefix -%>
+  WSGISocketPrefix <%= @wsgi_socket_prefix %>
+  <%- end -%>
+  <%- if @wsgi_python_home -%>
+  WSGIPythonHome "<%= @wsgi_python_home %>"
+  <%- end -%>
+  <%- if @wsgi_python_path -%>
+  WSGIPythonPath "<%= @wsgi_python_path %>"
+  <%- end -%>
+  <%- if @wsgi_application_group -%>
+  WSGIApplicationGroup "<%= @wsgi_application_group %>"
+  <%- end -%>
+  <%- if @wsgi_python_optimize -%>
+  WSGIPythonOptimize <%= @wsgi_python_optimize %>
+  <%- end -%>
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/namevirtualhost.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/namevirtualhost.erb
new file mode 100644
index 000000000..cf767680f
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/namevirtualhost.erb
@@ -0,0 +1,8 @@
+<%# NameVirtualHost should always be one of:
+  - *
+  - *:<port>
+  - _default_:<port>
+  - <ip>
+  - <ip>:<port>
+-%>
+NameVirtualHost <%= @addr_port %>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/ports_header.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/ports_header.erb
new file mode 100644
index 000000000..4908db4ad
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/ports_header.erb
@@ -0,0 +1,5 @@
+# ************************************
+# Listen & NameVirtualHost resources in module puppetlabs-apache
+# Managed by Puppet
+# ************************************
+
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_access_log.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_access_log.erb
new file mode 100644
index 000000000..6aa7815ad
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_access_log.erb
@@ -0,0 +1,21 @@
+<% @_access_logs.each do |log| -%>
+<%   env ||= "env=#{log['env']}" if log['env'] -%>
+<%   env ||= '' -%>
+<%   format ||= "\"#{log['format']}\"" if log['format'] -%>
+<%   format ||= 'combined' -%>
+<%   if log['file'] -%>
+<%     if log['file'].chars.first == '/' -%>
+<%       destination = "#{log['file']}" -%>
+<%     else -%>
+<%       destination = "#{@logroot}/#{log['file']}" -%>
+<%     end -%>
+<%   elsif log['syslog'] -%>
+<%     destination = log['syslog'] -%>
+<%   elsif log['pipe'] -%>
+<%     destination = log['pipe'] -%>
+<%   else -%>
+<%     destination ||= "#{@logroot}/#{@filename}_access_ssl.log" if @ssl -%>
+<%     destination ||= "#{@logroot}/#{@filename}_access.log" -%>
+<%   end -%>
+  CustomLog "<%= destination %>" <%= format %> <%= env %>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_action.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_action.erb
new file mode 100644
index 000000000..8a0229059
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_action.erb
@@ -0,0 +1,4 @@
+<% if @action -%>
+
+  Action <%= @action %> /cgi-bin virtual
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_additional_includes.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_additional_includes.erb
new file mode 100644
index 000000000..a07bb8112
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_additional_includes.erb
@@ -0,0 +1,9 @@
+<% Array(@additional_includes).each do |include| -%>
+
+  ## Load additional static includes
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 && @use_optional_includes -%>
+  IncludeOptional "<%= include %>"
+<%- else -%>
+  Include "<%= include %>"
+<%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_aliases.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_aliases.erb
new file mode 100644
index 000000000..f9771bc72
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_aliases.erb
@@ -0,0 +1,16 @@
+<% if @aliases and ! @aliases.empty? -%>
+  ## Alias declarations for resources outside the DocumentRoot
+  <%- [@aliases].flatten.compact.each do |alias_statement| -%>
+    <%- if alias_statement["path"] != '' -%>
+      <%- if alias_statement["alias"] and alias_statement["alias"] != '' -%>
+  Alias <%= alias_statement["alias"] %> "<%= alias_statement["path"] %>"
+      <%- elsif alias_statement["aliasmatch"] and alias_statement["aliasmatch"] != '' -%>
+  AliasMatch <%= alias_statement["aliasmatch"] %> "<%= alias_statement["path"] %>"
+      <%- elsif alias_statement["scriptalias"] and alias_statement["scriptalias"] != '' -%>
+  ScriptAlias <%= alias_statement["scriptalias"] %> "<%= alias_statement["path"] %>"
+      <%- elsif alias_statement["scriptaliasmatch"] and alias_statement["scriptaliasmatch"] != '' -%>
+  ScriptAliasMatch <%= alias_statement["scriptaliasmatch"] %> "<%= alias_statement["path"] %>"
+      <%- end -%>
+    <%- end -%>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_allow_encoded_slashes.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_allow_encoded_slashes.erb
new file mode 100644
index 000000000..40c73433b
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_allow_encoded_slashes.erb
@@ -0,0 +1,4 @@
+<%- if @allow_encoded_slashes -%>
+
+  AllowEncodedSlashes <%= @allow_encoded_slashes %>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_auth_cas.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_auth_cas.erb
new file mode 100644
index 000000000..39912a80c
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_auth_cas.erb
@@ -0,0 +1,65 @@
+<% if @cas_enabled -%>
+  <%- if @cas_cookie_path -%>
+  CASCookiePath <%= @cas_cookie_path %>
+  <%- end -%>
+  <%- if @cas_login_url -%>
+  CASLoginURL <%= @cas_login_url %>
+  <%- end -%>
+  <%- if @cas_validate_url -%>
+  CASValidateURL <%= @cas_validate_url %>
+  <%- end -%>
+  <%- if @cas_version -%>
+  CASVersion <%= @cas_version %>
+  <%- end -%>
+  <%- if @cas_debug -%>
+  CASDebug <%= @cas_debug %>
+  <%- end -%>
+  <%- if @cas_certificate_path -%>
+  CASCertificatePath <%= @cas_certificate_path %>
+  <%- end -%>
+  <%- if @cas_proxy_validate_url -%>
+  CASProxyValidateURL <%= @cas_proxy_validate_url %>
+  <%- end -%>
+  <%- if @cas_validate_depth -%>
+  CASValidateDepth <%= @cas_validate_depth %>
+  <%- end -%>
+  <%- if @cas_root_proxied_as -%>
+  CASRootProxiedAs <%= @cas_root_proxied_as %>
+  <%- end -%>
+  <%- if @cas_cookie_entropy -%>
+  CASCookieEntropy <%= @cas_cookie_entropy %>
+  <%- end -%>
+  <%- if @cas_timeout -%>
+  CASTimeout <%= @cas_timeout %>
+  <%- end -%>
+  <%- if @cas_idle_timeout -%>
+  CASIdleTimeout <%= @cas_idle_timeout %>
+  <%- end -%>
+  <%- if @cas_cache_clean_interval -%>
+  CASCacheCleanInterval <%= @cas_cache_clean_interval %>
+  <%- end -%>
+  <%- if @cas_cookie_domain -%>
+  CASCookieDomain <%= @cas_cookie_domain %>
+  <%- end -%>
+  <%- if @cas_cookie_http_only -%>
+  CASCookieHttpOnly <%= @cas_cookie_http_only %>
+  <%- end -%>
+  <%- if @cas_authoritative -%>
+  CASAuthoritative <%= @cas_authoritative %>
+  <%- end -%>
+  <%- if @cas_sso_enabled -%>
+  CASSSOEnabled On
+  <%- end -%>
+  <%- if @cas_validate_saml -%>
+  CASValidateSAML On
+  <%- end -%>
+  <%- if @cas_attribute_prefix -%>
+  CASAttributePrefix <%= @cas_attribute_prefix %>
+  <%- end -%>
+  <%- if @cas_attribute_delimiter -%>
+  CASAttributeDelimiter <%= @cas_attribute_delimiter %>
+  <%- end -%>
+  <%- if @cas_scrub_request_headers -%>
+  CASScrubRequestHeaders On
+  <%- end -%>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_auth_kerb.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_auth_kerb.erb
new file mode 100644
index 000000000..97f4c1fc6
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_auth_kerb.erb
@@ -0,0 +1,32 @@
+<% if @auth_kerb -%>
+
+  ## Kerberos directives
+  <%- if @krb_method_negotiate -%>
+  KrbMethodNegotiate <%= @krb_method_negotiate %>
+  <%- end -%>
+  <%- if @krb_method_k5passwd -%>
+  KrbMethodK5Passwd <%= @krb_method_k5passwd %>
+  <%- end -%>
+  <%- if @krb_authoritative -%>
+  KrbAuthoritative <%= @krb_authoritative %>
+  <%- end -%>
+  <%- if @krb_auth_realms and @krb_auth_realms.length >= 1 -%>
+  KrbAuthRealms <%= @krb_auth_realms.join(' ') %>
+  <%- end -%>
+  <%- if @krb_5keytab -%>
+  Krb5Keytab <%= @krb_5keytab %>
+  <%- end -%>
+  <%- if @krb_local_user_mapping -%>
+  KrbLocalUserMapping <%= @krb_local_user_mapping %>
+  <%- end -%>
+  <%- if @krb_verify_kdc -%>
+  KrbVerifyKDC <%= @krb_verify_kdc %>
+  <%- end -%>
+  <%- if @krb_servicename -%>
+  KrbServiceName <%= @krb_servicename %>
+  <%- end -%>
+  <%- if @krb_save_credentials -%>
+  KrbSaveCredentials <%= @krb_save_credentials -%>
+  <%- end -%>
+
+<% end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_auth_oidc.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_auth_oidc.erb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_auth_oidc.erb
rename to modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_auth_oidc.erb
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_block.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_block.erb
new file mode 100644
index 000000000..b07f685e4
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_block.erb
@@ -0,0 +1,14 @@
+<% if @block and ! @block.empty? -%>
+
+  ## Block access statements
+<% if @block.include? 'scm' -%>
+  # Block access to SCM directories.
+  <DirectoryMatch .*\.(svn|git|bzr|hg|ht)/.*>
+  <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+    Require all denied
+  <%- else -%>
+    Deny From All
+  <%- end -%>
+  </DirectoryMatch>
+<% end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_charsets.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_charsets.erb
new file mode 100644
index 000000000..ef83def4b
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_charsets.erb
@@ -0,0 +1,4 @@
+<% if @add_default_charset -%>
+
+  AddDefaultCharset <%= @add_default_charset %>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_custom_fragment.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_custom_fragment.erb
new file mode 100644
index 000000000..35c264adb
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_custom_fragment.erb
@@ -0,0 +1,5 @@
+<% if @custom_fragment -%>
+
+  ## Custom fragment
+  <%= @custom_fragment %>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_directories.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_directories.erb
new file mode 100644
index 000000000..2f43e0129
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_directories.erb
@@ -0,0 +1,512 @@
+<% if @_directories and ! @_directories.empty? -%>
+
+  <%- scope.setvar('_template_scope', {}) -%>
+  ## Directories, there should at least be a declaration for <%= @docroot %>
+  <%- [@_directories].flatten.compact.each do |directory| -%>
+    <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+      <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%>
+        <%- scope.function_warning(["Apache::Vhost: Using allow is deprecated in your Apache version"]) -%>
+      <%- end -%>
+      <%- if directory['deny'] and ! [ false, 'false', '' ].include?(directory['deny']) -%>
+        <%- scope.function_warning(["Apache::Vhost: Using deny is deprecated in your Apache version"]) -%>
+      <%- end -%>
+      <%- if directory['order'] and ! [ false, 'false', '' ].include?(directory['order']) -%>
+        <%- scope.function_warning(["Apache::Vhost: Using order is deprecated in your Apache version"]) -%>
+      <%- end -%>
+      <%- if directory['satisfy'] and ! [ false, 'false', '' ].include?(directory['satisfy']) -%>
+        <%- scope.function_warning(["Apache::Vhost: Using satisfy is deprecated in your Apache version"]) -%>
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['path'] and directory['path'] != '' -%>
+      <%- if directory['provider'] and directory['provider'].match('(directory|location|files|proxy)') -%>
+        <%- if /^(.*)match$/ =~ directory['provider'] -%>
+          <%- provider = $1.capitalize + 'Match' -%>
+        <%- else -%>
+          <%- provider = directory['provider'].capitalize -%>
+        <%- end -%>
+      <%- else -%>
+        <%- provider = 'Directory' -%>
+      <%- end -%>
+      <%- path = directory['path'] -%>
+
+  <<%= provider %> "<%= path %>">
+      <%- if directory['headers'] -%>
+        <%- Array(directory['headers']).each do |header| -%>
+    Header <%= header %>
+      <%- end -%>
+    <%- end -%>
+    <%- if ! directory['geoip_enable'].nil? -%>
+    GeoIPEnable <%= scope.call_function('apache::bool2httpd', [directory['geoip_enable']]) %>
+    <%- end -%>
+    <%- if directory['options'] -%>
+    Options <%= Array(directory['options']).join(' ') %>
+    <%- end -%>
+    <%- if provider == 'Directory' -%>
+      <%- if directory['index_options'] -%>
+    IndexOptions <%= Array(directory['index_options']).join(' ') %>
+      <%- end -%>
+      <%- if directory['index_order_default'] -%>
+    IndexOrderDefault <%= Array(directory['index_order_default']).join(' ') %>
+      <%- end -%>
+      <%- if directory['index_style_sheet'] -%>
+    IndexStyleSheet '<%= directory['index_style_sheet'] %>'
+      <%- end -%>
+      <%- if directory['allow_override'] -%>
+    AllowOverride <%= Array(directory['allow_override']).join(' ') %>
+      <%- elsif provider == 'Directory' -%>
+    AllowOverride None
+      <%- end -%>
+    <%- end -%>
+    <%- scope.lookupvar('_template_scope')[:item] = directory -%>
+<%= scope.function_template(["apache/vhost/_require.erb"]) -%>
+    <%- if directory['limit'] && directory['limit'] != '' -%>
+      <%- Array(directory['limit']).each do |lim| -%>
+    <Limit <%= lim['methods'] %>>
+    <%- scope.lookupvar('_template_scope')[:item] = lim -%>
+    <%= scope.function_template(["apache/vhost/_require.erb"]) -%>
+    </Limit>
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['limit_except'] && directory['limit_except'] != '' -%>
+      <%- Array(directory['limit_except']).each do |lim| -%>
+    <LimitExcept <%= lim['methods'] %>>
+    <%- scope.lookupvar('_template_scope')[:item] = lim -%>
+    <%= scope.function_template(["apache/vhost/_require.erb"]) -%>
+    </LimitExcept>
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%>
+      <%- [directory['addhandlers']].flatten.compact.each do |addhandler| -%>
+    <FilesMatch ".+(<%= Array(addhandler['extensions']).collect { |s| Regexp.escape(s) }.join('|') %>)$">
+        SetHandler <%= addhandler['handler'] %>
+    </FilesMatch>
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['sethandler'] and directory['sethandler'] != '' -%>
+    SetHandler <%= directory['sethandler'] %>
+    <%- end -%>
+    <%- unless directory['h2_copy_files'].nil? -%>
+    H2CopyFiles <%= scope.call_function('apache::bool2httpd', [directory['h2_copy_files']]) %>
+    <%- end -%>
+    <%- if directory['h2_push_resource'] && ! directory['h2_push_resource'].empty? -%>
+      <%- [directory['h2_push_resource']].flatten.compact.each do |h2_push_resource| -%>
+    H2PushResource <%= h2_push_resource %>
+      <%- end -%>
+    <%- end -%>
+    <%- unless directory['passenger_enabled'].nil? -%>
+    PassengerEnabled <%= scope.call_function('apache::bool2httpd', [directory['passenger_enabled']]) %>
+    <%- end -%>
+    <%- if directory['passenger_base_uri'] and ! directory['passenger_base_uri'].empty? -%>
+    PassengerBaseURI <%= directory['passenger_base_uri'] %>
+    <%- end -%>
+    <%- if directory['passenger_ruby'] and ! directory['passenger_ruby'].empty? -%>
+    PassengerRuby <%= directory['passenger_ruby'] %>
+    <%- end -%>
+    <%- if directory['passenger_python'] and ! directory['passenger_python'].empty? -%>
+    PassengerPython <%= directory['passenger_python'] %>
+    <%- end -%>
+    <%- if directory['passenger_nodejs'] and ! directory['passenger_nodejs'].empty? -%>
+    PassengerNodejs <%= directory['passenger_nodejs'] %>
+    <%- end -%>
+    <%- if directory['passenger_meteor_app_settings'] and ! directory['passenger_meteor_app_settings'].empty? -%>
+    PassengerMeteorAppSettings <%= directory['passenger_meteor_app_settings'] %>
+    <%- end -%>
+    <%- if directory['passenger_app_env'] and ! directory['passenger_app_env'].empty? -%>
+    PassengerAppEnv <%= directory['passenger_app_env'] %>
+    <%- end -%>
+    <%- if directory['passenger_app_root'] and ! directory['passenger_app_root'].empty? -%>
+    PassengerAppRoot <%= directory['passenger_app_root'] %>
+    <%- end -%>
+    <%- if directory['passenger_app_group_name'] and ! directory['passenger_app_group_name'].empty? -%>
+    PassengerAppGroupName <%= directory['passenger_app_group_name'] %>
+    <%- end -%>
+    <%- if directory['passenger_app_type'] and ! directory['passenger_app_type'].empty? -%>
+    PassengerAppType <%= directory['passenger_app_type'] %>
+    <%- end -%>
+    <%- if directory['passenger_startup_file'] and ! directory['passenger_startup_file'].empty? -%>
+    PassengerStartupFile <%= directory['passenger_startup_file'] %>
+    <%- end -%>
+    <%- if directory['passenger_restart_dir'] and ! directory['passenger_restart_dir'].empty? -%>
+    PassengerRestartDir <%= directory['passenger_restart_dir'] %>
+    <%- end -%>
+    <%- unless directory['passenger_load_shell_envvars'].nil? -%>
+    PassengerLoadShellEnvvars <%= scope.call_function('apache::bool2httpd', [directory['passenger_load_shell_envvars']]) %>
+    <%- end -%>
+    <%- unless directory['passenger_rolling_restarts'].nil? -%>
+    PassengerRollingRestarts <%= scope.call_function('apache::bool2httpd', [directory['passenger_rolling_restarts']]) %>
+    <%- end -%>
+    <%- unless directory['passenger_resist_deployment_errors'].nil? -%>
+    PassengerResistDeploymentErrors <%= scope.call_function('apache::bool2httpd', [directory['passenger_resist_deployment_errors']]) %>
+    <%- end -%>
+    <%- if directory['passenger_user'] and ! directory['passenger_user'].empty? -%>
+    PassengerUser <%= directory['passenger_user'] %>
+    <%- end -%>
+    <%- if directory['passenger_group'] and ! directory['passenger_group'].empty? -%>
+    PassengerGroup <%= directory['passenger_group'] %>
+    <%- end -%>
+    <%- unless directory['passenger_friendly_error_pages'].nil? -%>
+    PassengerFriendlyErrorPages <%= scope.call_function('apache::bool2httpd', [directory['passenger_friendly_error_pages']]) %>
+    <%- end -%>
+    <%- unless directory['passenger_min_instances'].nil? -%>
+    PassengerMinInstances <%= directory['passenger_min_instances'] %>
+    <%- end -%>
+    <%- unless directory['passenger_max_instances'].nil? -%>
+    PassengerMaxInstances <%= directory['passenger_max_instances'] %>
+    <%- end -%>
+    <%- unless directory['passenger_force_max_concurrent_requests_per_process'].nil? -%>
+    PassengerForceMaxConcurrentRequestsPerProcess <%= directory['passenger_force_max_concurrent_requests_per_process'] %>
+    <%- end -%>
+    <%- unless directory['passenger_start_timeout'].nil? -%>
+    PassengerStartTimeout <%= directory['passenger_start_timeout'] %>
+    <%- end -%>
+    <%- if directory['passenger_concurrency_model'] and ! directory['passenger_concurrency_model'].empty? -%>
+    PassengerConcurrencyModel <%= directory['passenger_concurrency_model'] %>
+    <%- end -%>
+    <%- unless directory['passenger_thread_count'].nil? -%>
+    PassengerThreadCount <%= directory['passenger_thread_count'] %>
+    <%- end -%>
+    <%- unless directory['passenger_max_requests'].nil? -%>
+    PassengerMaxRequests <%= directory['passenger_max_requests'] %>
+    <%- end -%>
+    <%- unless directory['passenger_max_request_time'].nil? -%>
+    PassengerMaxRequestTime <%= directory['passenger_max_request_time'] %>
+    <%- end -%>
+    <%- unless directory['passenger_memory_limit'].nil? -%>
+    PassengerMemoryLimit <%= directory['passenger_memory_limit'] %>
+    <%- end -%>
+    <%- unless directory['passenger_high_performance'].nil? -%>
+    PassengerHighPerformance <%= scope.call_function('apache::bool2httpd', [directory['passenger_high_performance']]) %>
+    <%- end -%>
+    <%- unless directory['passenger_buffer_upload'].nil? -%>
+    PassengerBufferUpload <%= scope.call_function('apache::bool2httpd', [directory['passenger_buffer_upload']]) %>
+    <%- end -%>
+    <%- unless directory['passenger_buffer_response'].nil? -%>
+    PassengerBufferResponse <%= scope.call_function('apache::bool2httpd', [directory['passenger_buffer_response']]) %>
+    <%- end -%>
+    <%- unless directory['passenger_error_override'].nil? -%>
+    PassengerErrorOverride <%= scope.call_function('apache::bool2httpd', [directory['passenger_error_override']]) %>
+    <%- end -%>
+    <%- unless directory['passenger_max_request_queue_size'].nil? -%>
+    PassengerMaxRequestQueueSize <%= directory['passenger_max_request_queue_size'] %>
+    <%- end -%>
+    <%- unless directory['passenger_max_request_queue_time'].nil? -%>
+    PassengerMaxRequestQueueTime <%= directory['passenger_max_request_queue_time'] %>
+    <%- end -%>
+    <%- unless directory['passenger_sticky_sessions'].nil? -%>
+    PassengerStickySessions <%= scope.call_function('apache::bool2httpd', [directory['passenger_sticky_sessions']]) %>
+    <%- end -%>
+    <%- if directory['passenger_sticky_sessions_cookie_name'] and ! directory['passenger_sticky_sessions_cookie_name'].empty? -%>
+    PassengerStickySessionsCookieName <%= directory['passenger_sticky_sessions_cookie_name'] %>
+    <%- end -%>
+    <%- unless directory['passenger_allow_encoded_slashes'].nil? -%>
+    PassengerAllowEncodedSlashes <%= scope.call_function('apache::bool2httpd', [directory['passenger_allow_encoded_slashes']]) %>
+    <%- end -%>
+    <%- unless directory['passenger_debugger'].nil? -%>
+    PassengerDebugger <%= scope.call_function('apache::bool2httpd', [directory['passenger_debugger']]) %>
+    <%- end -%>
+    <%- if directory['php_flags'] and ! directory['php_flags'].empty? -%>
+      <%- directory['php_flags'].sort.each do |flag,value| -%>
+        <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%>
+    php_flag <%= "#{flag} #{value}" %>
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['php_values'] and ! directory['php_values'].empty? -%>
+      <%- directory['php_values'].sort.each do |key,value| -%>
+    php_value <%= "#{key} #{value}" %>
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['php_admin_flags'] and ! directory['php_admin_flags'].empty? -%>
+      <%- directory['php_admin_flags'].sort.each do |flag,value| -%>
+        <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%>
+    php_admin_flag <%= "#{flag} #{value}" %>
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['php_admin_values'] and ! directory['php_admin_values'].empty? -%>
+      <%- directory['php_admin_values'].sort.each do |key,value| -%>
+    php_admin_value <%= "#{key} #{value}" %>
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['directoryindex'] and directory['directoryindex'] != '' -%>
+    DirectoryIndex <%= directory['directoryindex'] %>
+    <%- end -%>
+    <%- if directory['additional_includes'] and ! directory['additional_includes'].empty? -%>
+      <%- directory['additional_includes'].each do |include| -%>
+    Include '<%= "#{include}" %>'
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['error_documents'] and ! directory['error_documents'].empty? -%>
+      <%- [directory['error_documents']].flatten.compact.each do |error_document| -%>
+    ErrorDocument <%= error_document['error_code'] %> <%= error_document['document'] %>
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['dav'] -%>
+    Dav <%= directory['dav'] %>
+    <%- if directory['dav_depth_infinity'] -%>
+    DavDepthInfinity <%= scope.call_function('apache::bool2httpd', [directory['dav_depth_infinity']]) %>
+    <%- end -%>
+    <%- if directory['dav_min_timeout'] -%>
+    DavMinTimeout <%= directory['dav_min_timeout'] %>
+    <%- end -%>
+    <%- end -%>
+    <%- if directory['auth_type'] -%>
+    AuthType <%= directory['auth_type'] %>
+    <%- end -%>
+    <%- if directory['auth_name'] -%>
+    AuthName "<%= directory['auth_name'] %>"
+    <%- end -%>
+    <%- if directory['auth_digest_algorithm'] -%>
+    AuthDigestAlgorithm <%= directory['auth_digest_algorithm'] %>
+    <%- end -%>
+    <%- if directory['auth_digest_domain'] -%>
+    AuthDigestDomain <%= Array(directory['auth_digest_domain']).join(' ') %>
+    <%- end -%>
+    <%- if directory['auth_digest_nonce_lifetime'] -%>
+    AuthDigestNonceLifetime <%= directory['auth_digest_nonce_lifetime'] %>
+    <%- end -%>
+    <%- if directory['auth_digest_provider'] -%>
+    AuthDigestProvider <%= directory['auth_digest_provider'] %>
+    <%- end -%>
+    <%- if directory['auth_digest_qop'] -%>
+    AuthDigestQop <%= directory['auth_digest_qop'] %>
+    <%- end -%>
+    <%- if directory['auth_digest_shmem_size'] -%>
+    AuthDigestShmemSize <%= directory['auth_digest_shmem_size'] %>
+    <%- end -%>
+    <%- if directory['auth_basic_authoritative'] -%>
+    AuthBasicAuthoritative <%= directory['auth_basic_authoritative'] %>
+    <%- end -%>
+    <%- if directory['auth_basic_fake'] -%>
+    AuthBasicFake <%= directory['auth_basic_fake'] %>
+    <%- end -%>
+    <%- if directory['auth_basic_provider'] -%>
+    AuthBasicProvider <%= directory['auth_basic_provider'] %>
+    <%- end -%>
+    <%- if directory['auth_user_file'] -%>
+    AuthUserFile <%= directory['auth_user_file'] %>
+    <%- end -%>
+    <%- if directory['auth_group_file'] -%>
+    AuthGroupFile <%= directory['auth_group_file'] %>
+    <%- end -%>
+    <%- if directory['auth_merging'] -%>
+    AuthMerging <%= directory['auth_merging'] %>
+    <%- end -%>
+    <%- if directory['auth_ldap_referrals'] -%>
+    LDAPReferrals <%= directory['auth_ldap_referrals'] %>
+    <%- end -%>
+    <%- if directory['auth_ldap_url'] -%>
+    AuthLDAPURL <%= directory['auth_ldap_url'] %>
+    <%- end -%>
+    <%- if directory['auth_ldap_bind_dn'] -%>
+    AuthLDAPBindDN <%= directory['auth_ldap_bind_dn'] %>
+    <%- end -%>
+    <%- if directory['auth_ldap_bind_password'] -%>
+    AuthLDAPBindPassword <%= directory['auth_ldap_bind_password'] %>
+    <%- end -%>
+    <%- if directory['auth_ldap_group_attribute'] -%>
+      <%- Array(directory['auth_ldap_group_attribute']).each do |groupattr| -%>
+    AuthLDAPGroupAttribute <%= groupattr %>
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['auth_ldap_group_attribute_is_dn'] == 'off' -%>
+    AuthLDAPGroupAttributeIsDN Off
+    <%- end -%>
+    <%- if directory['auth_ldap_group_attribute_is_dn'] == 'on' -%>
+    AuthLDAPGroupAttributeIsDN On
+    <%- end -%>
+    <%- if directory['fallbackresource'] -%>
+    FallbackResource <%= directory['fallbackresource'] %>
+    <%- end -%>
+    <%- if directory['expires_active'] -%>
+    ExpiresActive <%= directory['expires_active'] %>
+    <%- end -%>
+    <%- if directory['expires_default'] -%>
+    ExpiresDefault "<%= directory['expires_default'] %>"
+    <%- end -%>
+    <%- if directory['expires_by_type'] -%>
+    <%- Array(directory['expires_by_type']).each do |rule| -%>
+    ExpiresByType <%= rule %>
+    <%- end -%>
+    <%- end -%>
+    <%- if directory['ext_filter_options'] -%>
+    ExtFilterOptions <%= directory['ext_filter_options'] %>
+    <%- end -%>
+    <%- if directory['force_type'] -%>
+    ForceType <%= directory['force_type'] %>
+    <%- end -%>
+    <%- if directory['add_charset'] -%>
+    AddCharset <%= directory['add_charset'] %>
+    <%- end -%>
+    <%- if directory['ssl_options'] -%>
+    SSLOptions <%= Array(directory['ssl_options']).join(' ') %>
+    <%- end -%>
+    <%- if directory['ssl_verify_client'] and directory['ssl_verify_client'].match('(none|optional|require|optional_no_ca)') -%>
+    SSLVerifyClient <%= directory['ssl_verify_client'] %>
+    <%- if directory['ssl_verify_depth'] -%>
+    SSLVerifyDepth <%= directory['ssl_verify_depth'] %>
+    <%- end -%>
+    <%- end -%>
+    <%- if directory['suphp'] and @suphp_engine == 'on' -%>
+    suPHP_UserGroup <%= directory['suphp']['user'] %> <%= directory['suphp']['group'] %>
+    <%- end -%>
+    <%- if directory['fcgiwrapper'] -%>
+    FcgidWrapper <%= directory['fcgiwrapper']['command'] %> <%= directory['fcgiwrapper']['suffix'] %> <%= directory['fcgiwrapper']['virtual'] %>
+    <%- end -%>
+    <%- if directory['rewrites'] -%>
+    # Rewrite rules
+    RewriteEngine On
+      <%- directory['rewrites'].flatten.compact.each do |rewrite_details| -%>
+        <%- if rewrite_details['comment'] -%>
+    #<%= rewrite_details['comment'] %>
+        <%- end -%>
+        <%- if rewrite_details['rewrite_base'] -%>
+    RewriteBase <%= rewrite_details['rewrite_base'] %>
+        <%- end -%>
+        <%- if rewrite_details['rewrite_cond'] -%>
+          <%- Array(rewrite_details['rewrite_cond']).each do |commands| -%>
+            <%- Array(commands).each do |command| -%>
+    RewriteCond <%= command %>
+            <%- end -%>
+          <%- end -%>
+        <%- end -%>
+        <%- Array(rewrite_details['rewrite_rule']).each do |commands| -%>
+          <%- Array(commands).each do |command| -%>
+    RewriteRule <%= command %>
+          <%- end -%>
+        <%- end -%>
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['setenv'] -%>
+      <%- Array(directory['setenv']).each do |setenv| -%>
+    SetEnv <%= setenv %>
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['set_output_filter'] -%>
+    SetOutputFilter <%= directory['set_output_filter'] %>
+    <%- end -%>
+    <%- if directory['set_input_filter'] -%>
+    SetInputFilter <%= directory['set_input_filter'] %>
+    <%- end -%>
+    <%- if @shibboleth_enabled -%>
+      <%- if directory['shib_require_session'] and ! directory['shib_require_session'].empty? -%>
+    ShibRequireSession <%= directory['shib_require_session'] %>
+      <%- end -%>
+      <%- if directory['shib_request_settings'] and ! directory['shib_request_settings'].empty? -%>
+        <%- directory['shib_request_settings'].each do |key,value| -%>
+    ShibRequestSetting <%= key %> <%= value %>
+        <%- end -%>
+      <%- end -%>
+      <%- if directory['shib_use_headers'] and ! directory['shib_use_headers'].empty? -%>
+    ShibUseHeaders <%= directory['shib_use_headers'] %>
+      <%- end -%>
+    <%- end -%>
+    <%- if @cas_enabled -%>
+      <%- if directory['cas_scope'] -%>
+    CASScope <%= directory['cas_scope'] %>
+      <%- end -%>
+      <%- if directory['cas_renew'] -%>
+    CASRenew <%= directory['cas_renew'] %>
+      <%- end -%>
+      <%- if directory['cas_gateway'] -%>
+    CASGateway <%= directory['cas_gateway'] %>
+      <%- end -%>
+      <%- if directory['cas_cookie'] -%>
+    CASCookie <%= directory['cas_cookie'] %>
+      <%- end -%>
+      <%- if directory['cas_secure_cookie'] -%>
+    CASSecureCookie <%= directory['cas_secure_cookie'] %>
+      <%- end -%>
+      <%- if directory['cas_gateway_cookie'] -%>
+    CASGatewayCookie <%= directory['cas_gateway_cookie'] %>
+      <%- end -%>
+      <%- if directory['cas_authn_header'] -%>
+    CASAuthNHeader <%= directory['cas_authn_header'] %>
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['mellon_enable'] -%>
+    MellonEnable "<%= directory['mellon_enable'] %>"
+      <%- if directory['mellon_endpoint_path'] -%>
+    MellonEndpointPath "<%= directory['mellon_endpoint_path'] %>"
+      <%- end -%>
+      <%- if directory['mellon_sp_private_key_file'] -%>
+    MellonSPPrivateKeyFile "<%= directory['mellon_sp_private_key_file'] %>"
+      <%- end -%>
+      <%- if directory['mellon_sp_cert_file'] -%>
+    MellonSPCertFile "<%= directory['mellon_sp_cert_file'] %>"
+      <%- end -%>
+      <%- if directory['mellon_sp_metadata_file'] -%>
+    MellonSPMetadataFile "<%= directory['mellon_sp_metadata_file'] %>"
+      <%- end -%>
+      <%- if directory['mellon_idp_metadata_file'] -%>
+    MellonIDPMetadataFile "<%= directory['mellon_idp_metadata_file'] %>"
+      <%- end -%>
+      <%- if directory['mellon_set_env_no_prefix'] -%>
+        <%- directory['mellon_set_env_no_prefix'].each do |key, value| -%>
+    MellonSetEnvNoPrefix "<%= key %>" "<%= value %>"
+        <%- end -%>
+      <%- end -%>
+      <%- if directory['mellon_user'] -%>
+    MellonUser "<%= directory['mellon_user'] %>"
+      <%- end -%>
+      <%- if directory['mellon_saml_response_dump'] -%>
+    MellonSamlResponseDump "<%= directory['mellon_saml_response_dump'] %>"
+      <%- end -%>
+      <%- if directory['mellon_cond'] -%>
+        <%- Array(directory['mellon_cond']).each do |cond| -%>
+    MellonCond <%= cond %>
+         <%- end -%>
+      <%- end -%>
+      <%- if directory['mellon_session_length'] -%>
+    MellonSessionLength "<%= directory['mellon_session_length'] %>"
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['request_headers'] and ! directory['request_headers'].empty? -%>
+      ## Request Header rules
+      <%- Array(directory['request_headers']).each do |request_statement| -%>
+        <%- if request_statement != '' -%>
+            RequestHeader <%= request_statement %>
+        <%- end -%>
+      <%- end -%>
+    <%- end -%>
+    <%- if directory['proxy_pass'] and directory['provider'] and directory['provider'].match('location') -%>
+      <%- directory['proxy_pass'].flatten.compact.each do |proxy| -%>
+    ProxyPass <%= proxy['url'] -%>
+        <%- if proxy['params'] -%>
+          <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%>
+          <%- end -%>
+        <%- end -%>
+        <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%>
+        <%- end %>
+        <%- if not proxy['reverse_cookies'].nil? -%>
+          <%- Array(proxy['reverse_cookies']).each do |reverse_cookies| -%>
+            <%- if reverse_cookies['path'] -%>
+    ProxyPassReverseCookiePath <%= reverse_cookies['path'] %> <%= reverse_cookies['url'] %>
+            <%- end -%>
+            <%- if reverse_cookies['domain'] -%>
+    ProxyPassReverseCookieDomain <%= reverse_cookies['domain'] %> <%= reverse_cookies['url'] %>
+            <%- end -%>
+          <%- end -%>
+        <%- end -%>
+        <%- if proxy['reverse_urls'].nil? -%>
+    ProxyPassReverse <%= proxy['url'] %>
+        <%- else -%>
+          <%- Array(proxy['reverse_urls']).each do |reverse_url| -%>
+    ProxyPassReverse <%= reverse_url %>
+          <%- end -%>
+        <%- end -%>
+        <%- if proxy['setenv'] -%>
+          <%- Array(proxy['setenv']).each do |setenv_var| -%>
+    SetEnv <%= setenv_var %>
+          <%- end -%>
+        <%- end -%>
+      <% end -%>
+    <%- end -%>
+    <%- if directory['custom_fragment'] -%>
+    <%= directory['custom_fragment'] %>
+    <%- end -%>
+    <%- if directory['gssapi'] -%>
+      <%= scope.call_function('epp',["apache/vhost/_gssapi.epp", directory['gssapi']]) -%>
+    <%- end -%>
+  </<%= provider %>>
+    <%- end -%>
+  <%- end -%>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_docroot.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_docroot.erb
new file mode 100644
index 000000000..1ec495fe2
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_docroot.erb
@@ -0,0 +1,8 @@
+
+  ## Vhost docroot
+<% if @virtual_docroot -%>
+  VirtualDocumentRoot "<%= @virtual_docroot %>"
+<% end -%>
+<% if @docroot and ((not @virtual_docroot) or @virtual_use_default_docroot) -%>
+  DocumentRoot "<%= @docroot %>"
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_error_document.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_error_document.erb
new file mode 100644
index 000000000..654e72c67
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_error_document.erb
@@ -0,0 +1,7 @@
+<% if @error_documents and ! @error_documents.empty? -%>
+  <%- [@error_documents].flatten.compact.each do |error_document| -%>
+    <%- if error_document["error_code"] != '' and error_document["document"] != '' -%>
+  ErrorDocument <%= error_document["error_code"] %> <%= error_document["document"] %>
+    <%- end -%>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_fallbackresource.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_fallbackresource.erb
new file mode 100644
index 000000000..f1e4c35dc
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_fallbackresource.erb
@@ -0,0 +1,4 @@
+<% if @fallbackresource -%>
+
+  FallbackResource <%= @fallbackresource %>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_fastcgi.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_fastcgi.erb
new file mode 100644
index 000000000..b4718391b
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_fastcgi.erb
@@ -0,0 +1,23 @@
+<% if @fastcgi_server -%>
+
+  FastCgiExternalServer <%= @fastcgi_server %> -socket <%= @fastcgi_socket -%>
+<%   unless @fastcgi_idle_timeout.nil? %> -idle-timeout <%= @fastcgi_idle_timeout %><% end %>
+<% end -%>
+<% if @fastcgi_dir -%>
+
+  <Directory "<%= @fastcgi_dir %>">
+    Options +ExecCGI
+    AllowOverride All
+    SetHandler fastcgi-script
+  <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+    Require all granted
+  <%- else -%>
+    Order allow,deny
+    Allow From All
+  <%- end -%>
+    AuthBasicAuthoritative Off
+  </Directory>
+
+  AllowEncodedSlashes On
+  ServerSignature Off
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_file_footer.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_file_footer.erb
new file mode 100644
index 000000000..d42a1bdbe
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_file_footer.erb
@@ -0,0 +1,9 @@
+<% @define.each do | k, v| -%>
+  Undefine <%= k %>
+<% end -%>
+</VirtualHost>
+<% if @passenger_pre_start -%>
+  <%- [@passenger_pre_start].flatten.compact.each do |passenger_pre_start| -%>
+PassengerPreStart <%= passenger_pre_start %>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_file_header.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_file_header.erb
new file mode 100644
index 000000000..6920f3e92
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_file_header.erb
@@ -0,0 +1,45 @@
+# ************************************
+# Vhost template in module puppetlabs-apache
+# Managed by Puppet
+# ************************************
+<%= [@comment].flatten.collect{|c| "# #{c}"}.join("\n") -%>
+<% if @mdomain -%>
+
+  <%- if @mdomain.is_a?(String) -%>
+MDomain <%= @mdomain %>
+  <%- else -%>
+MDomain <%= @servername %>
+  <%- end -%>
+<% end -%>
+
+<VirtualHost <%= [@nvh_addr_port].flatten.compact.join(' ') %>>
+<% @define.each do | k, v| -%>
+  Define <%= k %> <%= v %>
+<% end -%>
+<% if @servername and not @servername.empty? -%>
+  ServerName <%= @servername %>
+<% end -%>
+<% if @serveradmin -%>
+  ServerAdmin <%= @serveradmin %>
+<% end -%>
+<%# Actually >= 2.4.17, but the minor version is not provided -%>
+<% if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+  <%- unless @protocols.empty? -%>
+  Protocols <%= @protocols.join(' ') %>
+  <%- end -%>
+  <%- unless @protocols_honor_order.nil? -%>
+  ProtocolsHonorOrder <%= scope.call_function('apache::bool2httpd', [@protocols_honor_order]) %>
+  <%- end -%>
+<% end -%>
+<% if @limitreqfieldsize -%>
+  LimitRequestFieldSize <%= @limitreqfieldsize %>
+<% end -%>
+<% if @limitreqfields -%>
+  LimitRequestFields <%= @limitreqfields %>
+<% end -%>
+<% if @limitreqline -%>
+  LimitRequestLine <%= @limitreqline %>
+<% end -%>
+<% if @limitreqbody -%>
+  LimitRequestBody <%= @limitreqbody %>
+<% end -%>
\ No newline at end of file
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_filters.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_filters.erb
new file mode 100644
index 000000000..b86259734
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_filters.erb
@@ -0,0 +1,10 @@
+<% if @filters and ! @filters.empty? -%>
+
+  ## Filter module rules
+  ## as per http://httpd.apache.org/docs/2.2/mod/mod_filter.html
+  <%- Array(@filters).each do |filter| -%>
+    <%- if filter != '' -%>
+  <%= filter %>
+    <%- end -%>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_gssapi.epp b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_gssapi.epp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_gssapi.epp
rename to modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_gssapi.epp
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_header.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_header.erb
new file mode 100644
index 000000000..c0f68c825
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_header.erb
@@ -0,0 +1,10 @@
+<% if @headers and ! @headers.empty? -%>
+
+  ## Header rules
+  ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header
+  <%- Array(@headers).each do |header_statement| -%>
+    <%- if header_statement != '' -%>
+  Header <%= header_statement %>
+    <%- end -%>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_http2.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_http2.erb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_http2.erb
rename to modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_http2.erb
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_http_protocol_options.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_http_protocol_options.erb
new file mode 100644
index 000000000..efad7e6d8
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_http_protocol_options.erb
@@ -0,0 +1 @@
+HttpProtocolOptions <%= @http_protocol_options %>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_itk.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_itk.erb
new file mode 100644
index 000000000..803a73db7
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_itk.erb
@@ -0,0 +1,29 @@
+<% if @itk and ! @itk.empty? -%>
+
+  ## ITK statement
+  <IfModule mpm_itk_module>
+     <%- if @itk["user"] and @itk["group"] -%>
+     AssignUserId <%= @itk["user"] %> <%= @itk["group"] %>
+     <%- end -%>
+     <%- if @itk["assignuseridexpr"] -%>
+     AssignUserIdExpr <%= @itk["assignuseridexpr"] %>
+     <%- end -%>
+     <%- if @itk["assigngroupidexpr"] -%>
+     AssignGroupIdExpr <%= @itk["assigngroupidexpr"] %>
+     <%- end -%>
+     <%- if @itk["maxclientvhost"] -%>
+     MaxClientsVHost <%= @itk["maxclientvhost"] %>
+     <%- end -%>
+     <%- if @itk["nice"] -%>
+     NiceValue <%= @itk["nice"] %>
+     <%- end -%>
+     <%- if @kernelversion >= '3.5.0' -%>
+       <%- if @itk["limituidrange"] -%>
+     LimitUIDRange <%= @itk["limituidrange"] %>
+       <%- end -%>
+       <%- if @itk["limitgidrange"] -%>
+     LimitGIDRange <%= @itk["limitgidrange"] %>
+       <%- end -%>
+     <%- end -%>
+  </IfModule>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_jk_mounts.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_jk_mounts.erb
new file mode 100644
index 000000000..8cb1d116b
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_jk_mounts.erb
@@ -0,0 +1,12 @@
+<% if @jk_mounts and not @jk_mounts.empty? -%>
+
+  <%- @jk_mounts.each do |jk| -%>
+    <%- if jk.is_a?(Hash) -%>
+      <%- if jk.has_key?('mount') and jk.has_key?('worker') -%>
+  JkMount   <%= jk['mount'] %> <%= jk['worker'] %>
+      <%- elsif jk.has_key?('unmount') and jk.has_key?('worker') -%>
+  JkUnMount <%= jk['unmount'] %> <%= jk['worker'] %>
+      <%- end -%>
+    <%- end -%>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_keepalive_options.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_keepalive_options.erb
new file mode 100644
index 000000000..d14f5ed15
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_keepalive_options.erb
@@ -0,0 +1,9 @@
+<%- if @keepalive -%>
+  KeepAlive <%= @keepalive %>
+<%- end -%>
+<%- if @keepalive_timeout -%>
+  KeepAliveTimeout <%= @keepalive_timeout %>
+<%- end -%>
+<%- if @max_keepalive_requests -%>
+  MaxKeepAliveRequests <%= @max_keepalive_requests %>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_logging.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_logging.erb
new file mode 100644
index 000000000..b41c85cc5
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_logging.erb
@@ -0,0 +1,21 @@
+<% if @error_log or @log_level -%>
+
+  ## Logging
+<% end -%>
+<% if @error_log -%>
+  ErrorLog "<%= @error_log_destination %>"
+<% end -%>
+<% if @log_level -%>
+  LogLevel <%= @log_level %>
+<% end -%>
+<% if @error_log_format24 -%>
+  <%- @error_log_format24.each do |lfmt| -%>
+    <%- if lfmt.is_a?(Hash) -%>
+      <%- lfmt.each do |fmt, flag| -%>
+  ErrorLogFormat <%= flag %> "<%= fmt %>"
+      <%- end -%>
+    <%- else -%>
+  ErrorLogFormat "<%= lfmt %>"
+    <%- end -%>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_passenger.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_passenger.erb
new file mode 100644
index 000000000..6e6d6d4e5
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_passenger.erb
@@ -0,0 +1,141 @@
+<%# 1 - Essentials -%>
+<%# 2 - Deployment options -%>
+<% unless @passenger_enabled.nil? -%>
+  PassengerEnabled <%= scope.call_function('apache::bool2httpd', [@passenger_enabled]) %>
+<% end -%>
+<% if @passenger_base_uri -%>
+  PassengerBaseURI <%= @passenger_base_uri %>
+<% end -%>
+<%# 3 - Application loading options -%>
+<% if @passenger_ruby -%>
+  PassengerRuby <%= @passenger_ruby %>
+<% end -%>
+<% if @passenger_python -%>
+  PassengerPython <%= @passenger_python %>
+<% end -%>
+<% if @passenger_nodejs -%>
+  PassengerNodejs <%= @passenger_nodejs %>
+<% end -%>
+<% if @passenger_meteor_app_settings -%>
+  PassengerMeteorAppSettings <%= @passenger_meteor_app_settings %>
+<% end -%>
+<% if @passenger_app_env -%>
+  PassengerAppEnv <%= @passenger_app_env %>
+<% end -%>
+<% if @passenger_app_root -%>
+  PassengerAppRoot <%= @passenger_app_root %>
+<% end -%>
+<% if @passenger_app_group_name -%>
+  PassengerAppGroupName <%= @passenger_app_group_name %>
+<% end -%>
+<% if @passenger_app_start_command -%>
+  PassengerAppStartCommand <%= @passenger_app_start_command %>
+<% end -%>
+<% if @passenger_app_type -%>
+  PassengerAppType <%= @passenger_app_type %>
+<% end -%>
+<% if @passenger_startup_file -%>
+  PassengerStartupFile <%= @passenger_startup_file %>
+<% end -%>
+<% if @passenger_restart_dir -%>
+  PassengerRestartDir <%= @passenger_restart_dir %>
+<% end -%>
+<% if @passenger_spawn_method -%>
+  PassengerSpawnMethod <%= @passenger_spawn_method %>
+<% end -%>
+<% unless @passenger_load_shell_envvars.nil? -%>
+  PassengerLoadShellEnvvars <%= scope.call_function('apache::bool2httpd', [@passenger_load_shell_envvars]) %>
+<% end -%>
+<% unless @passenger_rolling_restarts.nil? -%>
+  PassengerRollingRestarts <%= scope.call_function('apache::bool2httpd', [@passenger_rolling_restarts]) %>
+<% end -%>
+<% unless @passenger_resist_deployment_errors.nil? -%>
+  PassengerResistDeploymentErrors <%= scope.call_function('apache::bool2httpd', [@passenger_resist_deployment_errors]) %>
+<% end -%>
+<%# 4 - Security options -%>
+<% if @passenger_user -%>
+  PassengerUser <%= @passenger_user %>
+<% end -%>
+<% if @passenger_group -%>
+  PassengerGroup <%= @passenger_group %>
+<% end -%>
+<% unless @passenger_friendly_error_pages.nil? -%>
+  PassengerFriendlyErrorPages <%= scope.call_function('apache::bool2httpd', [@passenger_friendly_error_pages]) %>
+<% end -%>
+<%# 5 - Resource control and optimization options -%>
+<% if @passenger_min_instances -%>
+  PassengerMinInstances <%= @passenger_min_instances %>
+<% end -%>
+<% if @passenger_max_instances -%>
+  PassengerMaxInstances <%= @passenger_max_instances %>
+<% end -%>
+<% if @passenger_max_preloader_idle_time -%>
+  PassengerMaxPreloaderIdleTime <%= @passenger_max_preloader_idle_time %>
+<% end -%>
+<% if @passenger_force_max_concurrent_requests_per_process -%>
+  PassengerForceMaxConcurrentRequestsPerProcess <%= @passenger_force_max_concurrent_requests_per_process %>
+<% end -%>
+<% if @passenger_start_timeout -%>
+  PassengerStartTimeout <%= @passenger_start_timeout %>
+<% end -%>
+<% if @passenger_concurrency_model -%>
+  PassengerConcurrencyModel <%= @passenger_concurrency_model %>
+<% end -%>
+<% if @passenger_thread_count -%>
+  PassengerThreadCount <%= @passenger_thread_count %>
+<% end -%>
+<% if @passenger_max_requests -%>
+  PassengerMaxRequests <%= @passenger_max_requests %>
+<% end -%>
+<% if @passenger_max_request_time -%>
+  PassengerMaxRequestTime <%= @passenger_max_request_time %>
+<% end -%>
+<% if @passenger_memory_limit -%>
+  PassengerMemoryLimit <%= @passenger_memory_limit %>
+<% end -%>
+<% if @passenger_stat_throttle_rate -%>
+  PassengerStatThrottleRate <%= @passenger_stat_throttle_rate %>
+<% end -%>
+<% unless @passenger_high_performance.nil? -%>
+  PassengerHighPerformance <%= scope.call_function('apache::bool2httpd', [@passenger_high_performance]) %>
+<% end -%>
+<%# 6 - Connection handling options -%>
+<% unless @passenger_buffer_upload.nil? -%>
+  PassengerBufferUpload <%= scope.call_function('apache::bool2httpd', [@passenger_buffer_upload]) %>
+<% end -%>
+<% unless @passenger_buffer_response.nil? -%>
+  PassengerBufferResponse <%= scope.call_function('apache::bool2httpd', [@passenger_buffer_response]) %>
+<% end -%>
+<% unless @passenger_error_override.nil? -%>
+  PassengerErrorOverride <%= scope.call_function('apache::bool2httpd', [@passenger_error_override]) %>
+<% end -%>
+<% if @passenger_max_request_queue_size -%>
+  PassengerMaxRequestQueueSize <%= @passenger_max_request_queue_size %>
+<% end -%>
+<% if @passenger_max_request_queue_time -%>
+  PassengerMaxRequestQueueTime <%= @passenger_max_request_queue_time %>
+<% end -%>
+<% unless @passenger_sticky_sessions.nil? -%>
+  PassengerStickySessions <%= scope.call_function('apache::bool2httpd', [@passenger_sticky_sessions]) %>
+<% end -%>
+<% if @passenger_sticky_sessions_cookie_name -%>
+  PassengerStickySessionsCookieName <%= @passenger_sticky_sessions_cookie_name %>
+<% end -%>
+<% if @passenger_sticky_sessions_cookie_attributes -%>
+  PassengerStickySessionsCookieAttributes <%= @passenger_sticky_sessions_cookie_attributes %>
+<% end -%>
+<%# 7 - Compatibility options -%>
+<% unless @passenger_allow_encoded_slashes.nil? -%>
+  PassengerAllowEncodedSlashes <%= scope.call_function('apache::bool2httpd', [@passenger_allow_encoded_slashes]) %>
+<% end -%>
+<% if @passenger_app_log_file -%>
+  PassengerAppLogFile <%= @passenger_app_log_file %>
+<% end -%>
+<%# 8 - Logging and debugging options -%>
+<% unless @passenger_debugger.nil? -%>
+  PassengerDebugger <%= scope.call_function('apache::bool2httpd', [@passenger_debugger]) %>
+<% end -%>
+<%# 9 - Advanced options -%>
+<% if @passenger_lve_min_uid -%>
+  PassengerLveMinUid <%= @passenger_lve_min_uid %>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_php.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_php.erb
new file mode 100644
index 000000000..8032a1ade
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_php.erb
@@ -0,0 +1,16 @@
+<% if @php_values and not @php_values.empty? -%>
+  <%- @php_values.sort.each do |key,value| -%>
+    <%- if value.is_a? String -%>
+  php_value <%= key %> "<%= value %>"
+    <%- else -%>
+  php_value <%= key %> <%= value %>
+    <%- end -%>
+  <%- end -%>
+<% end -%>
+<% if @php_flags and not @php_flags.empty? -%>
+  <%- @php_flags.sort.each do |key,flag| -%>
+    <%-# normalize flag -%>
+    <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%>
+  php_flag <%= key %> <%= flag %>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_php_admin.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_php_admin.erb
new file mode 100644
index 000000000..c0c8dd60a
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_php_admin.erb
@@ -0,0 +1,12 @@
+<% if @php_admin_values and not @php_admin_values.empty? -%>
+  <%- @php_admin_values.sort.each do |key,value| -%>
+  php_admin_value <%= key %> <%= value %>
+  <%- end -%>
+<% end -%>
+<% if @php_admin_flags and not @php_admin_flags.empty? -%>
+  <%- @php_admin_flags.sort.each do |key,flag| -%>
+    <%-# normalize flag -%>
+    <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%>
+  php_admin_flag <%= key %> <%= flag %>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_proxy.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_proxy.erb
new file mode 100644
index 000000000..feee7d8e1
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_proxy.erb
@@ -0,0 +1,102 @@
+<% if @proxy_dest or @proxy_pass or @proxy_pass_match or @proxy_dest_match -%>
+
+  ## Proxy rules
+<% if @proxy_requests -%>
+  ProxyRequests On
+<% else -%>
+  ProxyRequests Off
+<%- end -%>
+<%- end -%>
+<% if @proxy_preserve_host -%>
+  ProxyPreserveHost On
+<% else -%>
+  ProxyPreserveHost Off
+<%- end -%>
+<%- if defined?(@proxy_add_headers) -%>
+  <%- if @proxy_add_headers -%>
+  ProxyAddHeaders On
+  <%- else -%>
+  ProxyAddHeaders Off
+  <%- end -%>
+<%- end -%>
+<% if @proxy_error_override -%>
+  ProxyErrorOverride On
+<%- end -%>
+<%- [@proxy_pass].flatten.compact.each do |proxy| -%>
+  <%- Array(proxy['no_proxy_uris']).each do |uri| -%>
+  ProxyPass <%= uri %> !
+  <%- end -%>
+  <%- Array(proxy['no_proxy_uris_match']).each do |uri| -%>
+  ProxyPassMatch <%= uri %> !
+  <%- end -%>
+  ProxyPass <%= proxy['path'] %> <%= proxy['url'] -%>
+  <%- if proxy['params'] -%>
+    <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%>
+    <%- end -%>
+  <%- end -%>
+  <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%>
+  <%- end %>
+  <%- if not proxy['reverse_cookies'].nil? -%>
+    <%- Array(proxy['reverse_cookies']).each do |reverse_cookies| -%>
+      <%- if reverse_cookies['path'] -%>
+  ProxyPassReverseCookiePath <%= reverse_cookies['path'] %> <%= reverse_cookies['url'] %>
+      <%- end -%>
+      <%- if reverse_cookies['domain'] -%>
+  ProxyPassReverseCookieDomain <%= reverse_cookies['domain'] %> <%= reverse_cookies['url'] %>
+      <%- end -%>
+    <%- end -%>
+  <%- end -%>
+  <%- if proxy['reverse_urls'].nil? -%>
+  ProxyPassReverse <%= proxy['path'] %> <%= proxy['url'] %>
+  <%- else -%>
+    <%- Array(proxy['reverse_urls']).each do |reverse_url| -%>
+  ProxyPassReverse <%= proxy['path'] %> <%= reverse_url %>
+    <%- end -%>
+  <%- end -%>
+  <%- if proxy['setenv'] -%>
+    <%- Array(proxy['setenv']).each do |setenv_var| -%>
+  SetEnv <%= setenv_var %>
+    <%- end -%>
+  <%- end -%>
+<% end -%>
+<% [@proxy_pass_match].flatten.compact.each do |proxy| %>
+  <%- Array(proxy['no_proxy_uris']).each do |uri| -%>
+  ProxyPass <%= uri %> !
+  <%- end -%>
+  <%- Array(proxy['no_proxy_uris_match']).each do |uri| -%>
+  ProxyPassMatch <%= uri %> !
+  <%- end -%>
+  ProxyPassMatch <%= proxy['path'] %> <%= proxy['url'] -%>
+  <%- if proxy['params'] -%>
+    <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%>
+    <%- end -%>
+  <%- end -%>
+  <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%>
+  <%- end %>
+  <%- if proxy['reverse_urls'].nil? -%>
+  ProxyPassReverse <%= proxy['path'] %> <%= proxy['url'] %>
+  <%- else -%>
+    <%- Array(proxy['reverse_urls']).each do |reverse_url| -%>
+  ProxyPassReverse <%= proxy['path'] %> <%= reverse_url %>
+    <%- end -%>
+  <%- end -%>
+  <%- if proxy['setenv'] -%>
+    <%- Array(proxy['setenv']).each do |setenv_var| -%>
+  SetEnv <%= setenv_var %>
+    <%- end -%>
+  <%- end -%>
+<% end -%>
+<% if @proxy_dest -%>
+<%- Array(@no_proxy_uris).each do |uri| -%>
+  ProxyPass        <%= uri %> !
+<% end -%>
+  ProxyPass        / <%= @proxy_dest %>/
+  ProxyPassReverse / <%= @proxy_dest %>/
+<% end -%>
+<% if @proxy_dest_match -%>
+<%- Array(@no_proxy_uris_match).each do |uri| -%>
+  ProxyPassMatch   <%= uri %> !
+<% end -%>
+  ProxyPassMatch   / <%= @proxy_dest_match %>/
+  ProxyPassReverse / <%= @proxy_dest_reverse_match %>/
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_redirect.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_redirect.erb
new file mode 100644
index 000000000..209da646c
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_redirect.erb
@@ -0,0 +1,35 @@
+<% if @redirect_source and @redirect_dest -%>
+<% @redirect_dest_a   = Array(@redirect_dest) -%>
+<% @redirect_source_a = Array(@redirect_source) -%>
+<% @redirect_status_a = Array(@redirect_status) -%>
+
+  ## Redirect rules
+  <%- @redirect_source_a.each_with_index do |source, i| -%>
+<% @redirect_dest_a[i] ||= @redirect_dest_a[0] -%>
+<% @redirect_status_a[i] ||= @redirect_status_a[0] -%>
+  Redirect <%= "#{@redirect_status_a[i]} " %><%= source %> <%= @redirect_dest_a[i] %>
+  <%- end -%>
+<% end -%>
+<%- if @redirectmatch_status and @redirectmatch_regexp and @redirectmatch_dest -%>
+<% @redirectmatch_status_a = Array(@redirectmatch_status) -%>
+<% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%>
+<% @redirectmatch_dest_a = Array(@redirectmatch_dest) -%>
+
+  ## RedirectMatch rules
+  <%- @redirectmatch_status_a.each_with_index do |status, i| -%>
+<% @redirectmatch_status_a[i] ||= @redirectmatch_status_a[0] -%>
+<% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%>
+<% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%>
+  RedirectMatch <%= "#{@redirectmatch_status_a[i]} " %> <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %>
+  <%- end -%>
+<%- elsif @redirectmatch_regexp and @redirectmatch_dest -%>
+<% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%>
+<% @redirectmatch_dest_a = Array(@redirectmatch_dest) -%>
+
+  ## RedirectMatch rules
+  <%- @redirectmatch_regexp_a.each_with_index do |status, i| -%>
+<% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%>
+<% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%>
+  RedirectMatch <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_requestheader.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_requestheader.erb
new file mode 100644
index 000000000..9f175052b
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_requestheader.erb
@@ -0,0 +1,10 @@
+<% if @request_headers and ! @request_headers.empty? -%>
+
+  ## Request header rules
+  ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
+  <%- Array(@request_headers).each do |request_statement| -%>
+    <%- if request_statement != '' -%>
+  RequestHeader <%= request_statement %>
+    <%- end -%>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_require.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_require.erb
new file mode 100644
index 000000000..9ad780539
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_require.erb
@@ -0,0 +1,62 @@
+<%- _item = scope.lookupvar('_template_scope')[:item] -%>
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+  <%- if _item['require'] && _item['require'] != '' && _item['require'] !~ /unmanaged/i -%>
+    <%- if _item['require'].is_a?(Hash) -%>
+      <%- case _item['require']['enforce'].downcase
+          when 'all','none','any' then -%>
+    <Require<%= _item['require']['enforce'].capitalize %>>
+        <%- Array(_item['require']['requires']).each do |req| -%>
+      Require <%= req.strip %>
+        <%- end -%>
+    </Require<%= _item['require']['enforce'].capitalize %>>
+      <%- else -%>
+        <%- scope.function_warning(["Apache::Vhost: Require can only overwritten with all, none or any."]) -%>
+      <%- end -%>
+    <%- else -%>
+      <%- Array(_item['require']).each do |req| -%>
+    Require <%= req %>
+      <%- end -%>
+    <%- end -%>
+  <%- end -%>
+  <%- if _item['auth_require'] -%>
+    Require <%= _item['auth_require'] %>
+  <%- end -%>
+  <%- if !(_item['require'] && _item['require'] != '') && _item['require'] !~ /unmanaged/i && !(_item['auth_require']) -%>
+    Require all granted
+  <%- end -%>
+<%- else -%>
+  <%- if _item['auth_require'] -%>
+    Require <%= _item['auth_require'] %>
+  <%- end -%>
+  <%- if _item['order'] and _item['order'] != '' -%>
+    Order <%= Array(_item['order']).join(',') %>
+  <%- else -%>
+    Order allow,deny
+  <%- end -%>
+  <%- if _item['deny'] and ! [ false, 'false', '' ].include?(_item['deny']) -%>
+    <%- if _item['deny'].kind_of?(Array) -%>
+      <%- Array(_item['deny']).each do |restrict| -%>
+    Deny <%=  restrict %>
+      <%- end -%>
+    <%- else -%>
+    Deny <%= _item['deny'] %>
+    <%- end -%>
+  <%- end -%>
+  <%- if _item['allow'] and ! [ false, 'false', '' ].include?(_item['allow']) -%>
+    <%- if _item['allow'].kind_of?(Array) -%>
+      <%- Array(_item['allow']).each do |access| -%>
+    Allow <%=  access %>
+    <%- end -%>
+  <%- else -%>
+    Allow <%= _item['allow'] %>
+  <%- end -%>
+  <%- elsif [ 'from all', 'from All' ].include?(_item['deny']) -%>
+  <%- elsif ! _item['deny'] and [ false, 'false', '' ].include?(_item['allow']) -%>
+    Deny from all
+  <%- else -%>
+    Allow from all
+  <%- end -%>
+  <%- if _item['satisfy'] and _item['satisfy'] != '' -%>
+    Satisfy <%= _item['satisfy'] %>
+  <%- end -%>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_rewrite.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_rewrite.erb
new file mode 100644
index 000000000..282733757
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_rewrite.erb
@@ -0,0 +1,53 @@
+<%- if @rewrites -%>
+  ## Rewrite rules
+  RewriteEngine On
+  <%- if @rewrite_inherit -%>
+  RewriteOptions Inherit
+  <%- end -%>
+  <%- if @rewrite_base -%>
+  RewriteBase <%= @rewrite_base %>
+  <%- end -%>
+
+  <%- [@rewrites].flatten.compact.each do |rewrite_details| -%>
+    <%- if rewrite_details['comment'] -%>
+  #<%= rewrite_details['comment'] %>
+    <%- end -%>
+    <%- if rewrite_details['rewrite_base'] -%>
+  RewriteBase <%= rewrite_details['rewrite_base'] %>
+    <%- end -%>
+    <%- if rewrite_details['rewrite_cond'] -%>
+      <%- Array(rewrite_details['rewrite_cond']).each do |commands| -%>
+        <%- Array(commands).each do |command| -%>
+  RewriteCond <%= command %>
+        <%- end -%>
+      <%- end -%>
+    <%- end -%>
+    <%- if rewrite_details['rewrite_map'] -%>
+      <%- Array(rewrite_details['rewrite_map']).each do |commands| -%>
+        <%- Array(commands).each do |command| -%>
+  RewriteMap <%= command %>
+        <%- end -%>
+      <%- end -%>
+    <%- end -%>
+    <%- Array(rewrite_details['rewrite_rule']).each do |commands| -%>
+      <%- Array(commands).each do |command| -%>
+  RewriteRule <%= command %>
+      <%- end -%>
+
+    <%- end -%>
+  <%- end -%>
+<%- end -%>
+<%# reverse compatibility -%>
+<% if @rewrite_rule and !@rewrites -%>
+  ## Rewrite rules
+  RewriteEngine On
+  <%- if @rewrite_base -%>
+  RewriteBase <%= @rewrite_base %>
+  <%- end -%>
+  <%- if @rewrite_cond -%>
+    <%- Array(@rewrite_cond).each do |cond| -%>
+  RewriteCond <%= cond %>
+    <%- end -%>
+  <%- end -%>
+  RewriteRule <%= @rewrite_rule %>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_scriptalias.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_scriptalias.erb
new file mode 100644
index 000000000..bb4f6b316
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_scriptalias.erb
@@ -0,0 +1,24 @@
+<%- if @scriptaliases.is_a?(Array) -%>
+<%-  aliases = @scriptaliases -%>
+<%- elsif @scriptaliases.is_a?(Hash) -%>
+<%-  aliases = [@scriptaliases] -%>
+<%- else -%>
+<%-  # Nothing to do with any other data type -%>
+<%-  aliases = [] -%>
+<%- end -%>
+<%- if @scriptalias or !aliases.empty? -%>
+  ## Script alias directives
+<%# Combine scriptalais and scriptaliases into a single data structure -%>
+<%# for backward compatibility and ease of implementation -%>
+<%- aliases << { 'alias' => '/cgi-bin', 'path' => @scriptalias } if @scriptalias -%>
+<%- aliases.flatten.compact! -%>
+<%- aliases.each do |salias| -%>
+  <%- if salias["path"] != '' -%>
+    <%- if salias["alias"] and salias["alias"] != '' -%>
+  ScriptAlias <%= salias['alias'] %> "<%= salias['path'] %>"
+    <%- elsif salias["aliasmatch"] and salias["aliasmatch"] != '' -%>
+  ScriptAliasMatch <%= salias['aliasmatch'] %> "<%= salias['path'] %>"
+    <%- end -%>
+  <%- end -%>
+<%- end -%>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_security.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_security.erb
new file mode 100644
index 000000000..dc35c78af
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_security.erb
@@ -0,0 +1,43 @@
+<IfModule mod_security2.c>
+<% if @modsec_disable_vhost -%>
+  SecRuleEngine Off
+<% end -%>
+<% if @modsec_audit_log_destination -%>
+  SecAuditLog "<%= @modsec_audit_log_destination %>"
+<% end -%>
+<% if @_modsec_disable_ids.is_a?(Hash) -%>
+<%   @_modsec_disable_ids.each do |location,rules| -%>
+  <LocationMatch <%= location %>>
+<%     Array(rules).each do |rule| -%>
+    SecRuleRemoveById <%= rule %>
+<%     end -%>
+  </LocationMatch>
+<%   end -%>
+<% end -%>
+<% ips = Array(@modsec_disable_ips).join(',') %>
+<% if ips != '' %>
+  SecRule REMOTE_ADDR "<%= ips %>" "nolog,allow,id:1234123455"
+  SecAction  "phase:2,pass,nolog,id:1234123456"
+<% end -%>
+<% if @_modsec_disable_msgs.is_a?(Hash) -%>
+<%   @_modsec_disable_msgs.each do |location,rules| -%>
+  <LocationMatch <%= location %>>
+<%     Array(rules).each do |rule| -%>
+    SecRuleRemoveByMsg "<%= rule %>"
+<%     end -%>
+  </LocationMatch>
+<%   end -%>
+<% end -%>
+<% if @_modsec_disable_tags.is_a?(Hash) -%>
+<%   @_modsec_disable_tags.each do |location,rules| -%>
+  <LocationMatch <%= location %>>
+<%     Array(rules).each do |rule| -%>
+    SecRuleRemoveByTag "<%= rule %>"
+<%     end -%>
+  </LocationMatch>
+<%   end -%>
+<% end -%>
+<% if @modsec_body_limit -%>
+  SecRequestBodyLimit <%= @modsec_body_limit %>
+<% end -%>
+</IfModule>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_serveralias.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_serveralias.erb
new file mode 100644
index 000000000..e08a55e32
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_serveralias.erb
@@ -0,0 +1,7 @@
+<% if @serveraliases and ! @serveraliases.empty? -%>
+
+  ## Server aliases
+  <%- Array(@serveraliases).each do |serveralias| -%>
+  ServerAlias <%= serveralias %>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_serversignature.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_serversignature.erb
new file mode 100644
index 000000000..ff13aaf45
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_serversignature.erb
@@ -0,0 +1 @@
+  ServerSignature Off
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_setenv.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_setenv.erb
new file mode 100644
index 000000000..476a6b19c
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_setenv.erb
@@ -0,0 +1,17 @@
+<% if @setenv and ! @setenv.empty? -%>
+
+  ## SetEnv/SetEnvIf for environment variables
+  <%- Array(@setenv).each do |envvar| -%>
+  SetEnv <%= envvar %>
+  <%- end -%>
+<% end -%>
+<% if @setenvif and ! @setenvif.empty? -%>
+  <%- Array(@setenvif).each do |envifvar| -%>
+  SetEnvIf <%= envifvar %>
+  <%- end -%>
+<% end -%>
+<% if @setenvifnocase and ! @setenvifnocase.empty? -%>
+  <%- Array(@setenvifnocase).each do |envifncvar| -%>
+  SetEnvIfNoCase <%= envifncvar %>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_shib.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_shib.erb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_shib.erb
rename to modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_shib.erb
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_ssl.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_ssl.erb
new file mode 100644
index 000000000..7cab18de8
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_ssl.erb
@@ -0,0 +1,60 @@
+<% if @ssl -%>
+
+  ## SSL directives
+  SSLEngine on
+  <%- unless @mdomain -%>
+  SSLCertificateFile      "<%= @ssl_cert %>"
+  SSLCertificateKeyFile   "<%= @ssl_key %>"
+  <%- end -%>
+  <%- if @ssl_chain -%>
+  SSLCertificateChainFile "<%= @ssl_chain %>"
+  <%- end -%>
+  <%- if @ssl_protocol -%>
+  SSLProtocol             <%= [@ssl_protocol].flatten.compact.join(' ') %>
+  <%- end -%>
+  <%- if @ssl_cipher -%>
+  SSLCipherSuite          <%= @ssl_cipher %>
+  <%- end -%>
+  <%- if not @ssl_honorcipherorder.nil? -%>
+  SSLHonorCipherOrder     <%= scope.call_function('apache::bool2httpd', [@_ssl_honorcipherorder]) %>
+  <%- end -%>
+  <%- if @ssl_verify_client -%>
+  SSLVerifyClient         <%= @ssl_verify_client %>
+  <%- if @ssl_verify_depth -%>
+  SSLVerifyDepth          <%= @ssl_verify_depth %>
+  <%- end -%>
+  <%- end -%>
+  <%- if @ssl_certs_dir && @ssl_certs_dir != '' -%>
+  SSLCACertificatePath    "<%= @ssl_certs_dir %>"
+  <%- end -%>
+  <%- if @ssl_ca -%>
+  SSLCACertificateFile    "<%= @ssl_ca %>"
+  <%- end -%>
+  <%- if @ssl_crl_path -%>
+  SSLCARevocationPath     "<%= @ssl_crl_path %>"
+  <%- end -%>
+  <%- if @ssl_crl -%>
+  SSLCARevocationFile     "<%= @ssl_crl %>"
+  <%- end -%>
+  <%- if @ssl_crl_check && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+  SSLCARevocationCheck    <%= @ssl_crl_check %>
+  <%- end -%>
+  <%- if @ssl_options -%>
+  SSLOptions <%= Array(@ssl_options).join(' ') %>
+  <%- end -%>
+  <%- if @ssl_openssl_conf_cmd -%>
+  SSLOpenSSLConfCmd       <%= @ssl_openssl_conf_cmd %>
+  <%- end -%>
+  <%- if (not @ssl_stapling.nil?) && (scope.function_versioncmp([@apache_version, '2.4']) >= 0) -%>
+  SSLUseStapling <%= scope.call_function('apache::bool2httpd', [@ssl_stapling]) %>
+  <%- end -%>
+  <%- if @ssl_stapling_timeout && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+  SSLStaplingResponderTimeout <%= @ssl_stapling_timeout %>
+  <%- end -%>
+  <%- if (not @ssl_stapling_return_errors.nil?) && (scope.function_versioncmp([@apache_version, '2.4']) >= 0) -%>
+  SSLStaplingReturnResponderErrors <%= scope.call_function('apache::bool2httpd', [@ssl_stapling_return_errors]) %>
+  <%- end -%>
+  <%- if @ssl_user_name -%>
+  SSLUserName             <%= @ssl_user_name %>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_sslproxy.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_sslproxy.erb
new file mode 100644
index 000000000..ff6b61e3c
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_sslproxy.erb
@@ -0,0 +1,35 @@
+<% if @ssl_proxyengine -%>
+
+  # SSL Proxy directives
+  SSLProxyEngine On
+  <%- if @ssl_proxy_verify -%>
+  SSLProxyVerify <%= @ssl_proxy_verify %>
+  <%- end -%>
+  <%- if @ssl_proxy_verify_depth -%>
+  SSLProxyVerifyDepth <%= @ssl_proxy_verify_depth %>
+  <%- end -%>
+  <%- if @ssl_proxy_ca_cert -%>
+  SSLProxyCACertificateFile "<%= @ssl_proxy_ca_cert %>"
+  <%- end -%>
+  <%- if @ssl_proxy_check_peer_cn -%>
+  SSLProxyCheckPeerCN     <%= @ssl_proxy_check_peer_cn %>
+  <%- end -%>
+  <%- if @ssl_proxy_check_peer_name -%>
+  SSLProxyCheckPeerName   <%= @ssl_proxy_check_peer_name %>
+  <%- end -%>
+  <%- if @ssl_proxy_check_peer_expire -%>
+  SSLProxyCheckPeerExpire   <%= @ssl_proxy_check_peer_expire %>
+  <%- end -%>
+  <%- if @ssl_proxy_machine_cert -%>
+  SSLProxyMachineCertificateFile "<%= @ssl_proxy_machine_cert %>"
+  <%- end -%>
+  <%- if @ssl_proxy_machine_cert_chain -%>
+  SSLProxyMachineCertificateChainFile "<%= @ssl_proxy_machine_cert_chain %>"
+  <%- end -%>
+  <%- if @ssl_proxy_cipher_suite -%>
+  SSLProxyCipherSuite <%= @ssl_proxy_cipher_suite %>
+  <%- end -%>
+  <%- if @ssl_proxy_protocol -%>
+  SSLProxyProtocol  <%= [@ssl_proxy_protocol].flatten.compact.join(' ') %>
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_suexec.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_suexec.erb
new file mode 100644
index 000000000..8a7ae0f17
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_suexec.erb
@@ -0,0 +1,4 @@
+<% if @suexec_user_group -%>
+
+  SuexecUserGroup <%= @suexec_user_group %>
+<% end -%>
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_suphp.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_suphp.erb
new file mode 100644
index 000000000..e394b6f94
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_suphp.erb
@@ -0,0 +1,11 @@
+<% if @suphp_engine == 'on' -%>
+  <%- if @suphp_addhandler -%>
+  suPHP_AddHandler <%= @suphp_addhandler %>
+  <%- end -%>
+  <%- if @suphp_engine -%>
+  suPHP_Engine <%= @suphp_engine %>
+  <%- end -%>
+  <%- if @suphp_configpath -%>
+  suPHP_ConfigPath "<%= @suphp_configpath %>"
+  <%- end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_use_canonical_name.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_use_canonical_name.erb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_use_canonical_name.erb
rename to modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_use_canonical_name.erb
diff --git a/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_wsgi.erb b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_wsgi.erb
new file mode 100644
index 000000000..fdc814170
--- /dev/null
+++ b/modules/services/unix/http/apache_kali_compatible/apache/templates/vhost/_wsgi.erb
@@ -0,0 +1,50 @@
+<% if @wsgi_application_group or @wsgi_daemon_process or @wsgi_import_script or @wsgi_process_group -%>
+
+  ## WSGI configuration
+<% end -%>
+<% if @wsgi_application_group -%>
+  WSGIApplicationGroup <%= @wsgi_application_group %>
+<% end -%>
+<% if @wsgi_daemon_process.is_a? String and @wsgi_daemon_process_options -%>
+  WSGIDaemonProcess <%= @wsgi_daemon_process %> <%= @wsgi_daemon_process_options.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %>
+<% elsif @wsgi_daemon_process.is_a? String and !@wsgi_daemon_process_options -%>
+  WSGIDaemonProcess <%= @wsgi_daemon_process %>
+<% elsif @wsgi_daemon_process.is_a? Hash -%>
+  <%- @wsgi_daemon_process.each do |key, val| -%>
+    <%- if val.empty? -%>
+  WSGIDaemonProcess <%= key %>
+    <%- else -%>
+  WSGIDaemonProcess <%= key %> <%= val.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %>
+<% end -%>
+<% end -%>
+<% end -%>
+<% if @wsgi_import_script and @wsgi_import_script_options -%>
+  WSGIImportScript <%= @wsgi_import_script %> <%= @wsgi_import_script_options.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %>
+<% end -%>
+<% if @wsgi_process_group -%>
+  WSGIProcessGroup <%= @wsgi_process_group %>
+<% end -%>
+<% if @wsgi_script_aliases_match and ! @wsgi_script_aliases_match.empty? -%>
+  <%- @wsgi_script_aliases_match.keys.sort.reverse.each do |key| -%>
+    <%- if key != '' and @wsgi_script_aliases_match[key] != ''-%>
+  WSGIScriptAliasMatch <%= key %> "<%= @wsgi_script_aliases_match[key] %>"
+    <%- end -%>
+  <%- end -%>
+<% end -%>
+<% if @wsgi_script_aliases and ! @wsgi_script_aliases.empty? -%>
+  <%- @wsgi_script_aliases.keys.sort.reverse.each do |key| -%>
+    <%- if key != '' and @wsgi_script_aliases[key] != ''-%>
+      <%- if @wsgi_script_aliases[key].is_a? Array -%>
+  WSGIScriptAlias <%= key %> <%= @wsgi_script_aliases[key].join(' ') %>
+      <%- else -%>
+  WSGIScriptAlias <%= key %> "<%= @wsgi_script_aliases[key] %>"
+      <%- end -%>
+    <%- end -%>
+  <%- end -%>
+<% end -%>
+<% if @wsgi_pass_authorization -%>
+  WSGIPassAuthorization <%= @wsgi_pass_authorization %>
+<% end -%>
+<% if @wsgi_chunked_request -%>
+  WSGIChunkedRequest <%= @wsgi_chunked_request %>
+<% end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/types/loglevel.pp b/modules/services/unix/http/apache_kali_compatible/apache/types/loglevel.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/types/loglevel.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/types/loglevel.pp
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/types/oidcsettings.pp b/modules/services/unix/http/apache_kali_compatible/apache/types/oidcsettings.pp
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/types/oidcsettings.pp
rename to modules/services/unix/http/apache_kali_compatible/apache/types/oidcsettings.pp
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/util/_resources/tag_format_help_msg.txt b/modules/services/unix/http/apache_kali_compatible/apache/util/_resources/tag_format_help_msg.txt
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/util/_resources/tag_format_help_msg.txt
rename to modules/services/unix/http/apache_kali_compatible/apache/util/_resources/tag_format_help_msg.txt
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/util/apache_mod_platform_support.rb b/modules/services/unix/http/apache_kali_compatible/apache/util/apache_mod_platform_support.rb
similarity index 100%
rename from modules/services/unix/http/apache_stretch_compatible/apache/util/apache_mod_platform_support.rb
rename to modules/services/unix/http/apache_kali_compatible/apache/util/apache_mod_platform_support.rb
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/CHANGELOG.md b/modules/services/unix/http/apache_stretch_compatible/apache/CHANGELOG.md
index 7ee7a7855..7c8fa2b83 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/CHANGELOG.md
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/CHANGELOG.md
@@ -1,572 +1,7 @@
 # Change log
 
-All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
-
-## [v7.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v7.0.0) (2021-10-11)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.5.1...v7.0.0)
-
-### Changed
-
-- Drop Debian \< 8 and Ubuntu \< 14.04 code [\#2189](https://github.com/puppetlabs/puppetlabs-apache/pull/2189) ([ekohl](https://github.com/ekohl))
-- Drop support and compatibility for Debian \< 9 and Ubuntu \< 16.04 [\#2123](https://github.com/puppetlabs/puppetlabs-apache/pull/2123) ([ekohl](https://github.com/ekohl))
-
-### Added
-
-- pdksync - \(IAC-1751\) - Add Support for Rocky 8 [\#2196](https://github.com/puppetlabs/puppetlabs-apache/pull/2196) ([david22swan](https://github.com/david22swan))
-- Allow `docroot` with `mod_vhost_alias` `virtual_docroot` [\#2195](https://github.com/puppetlabs/puppetlabs-apache/pull/2195) ([yakatz](https://github.com/yakatz))
-
-### Fixed
-
-- Restore Ubuntu 14.04 support in suphp [\#2193](https://github.com/puppetlabs/puppetlabs-apache/pull/2193) ([ekohl](https://github.com/ekohl))
-- add double quote on scope parameter [\#2191](https://github.com/puppetlabs/puppetlabs-apache/pull/2191) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
-- Debian 11: fix typo in `versioncmp()` / set default php to 7.4 [\#2186](https://github.com/puppetlabs/puppetlabs-apache/pull/2186) ([bastelfreak](https://github.com/bastelfreak))
-
-## [v6.5.1](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.5.1) (2021-08-25)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.5.0...v6.5.1)
-
-### Fixed
-
-- \(maint\) Allow stdlib 8.0.0 [\#2184](https://github.com/puppetlabs/puppetlabs-apache/pull/2184) ([smortex](https://github.com/smortex))
-
-## [v6.5.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.5.0) (2021-08-24)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.4.0...v6.5.0)
-
-### Added
-
-- pdksync - \(IAC-1709\) - Add Support for Debian 11 [\#2180](https://github.com/puppetlabs/puppetlabs-apache/pull/2180) ([david22swan](https://github.com/david22swan))
-
-## [v6.4.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.4.0) (2021-08-02)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.3.1...v6.4.0)
-
-### Added
-
-- \(MODULES-11075\) Improve future version handling for RHEL [\#2174](https://github.com/puppetlabs/puppetlabs-apache/pull/2174) ([mwhahaha](https://github.com/mwhahaha))
-- Allow custom userdir directives [\#2164](https://github.com/puppetlabs/puppetlabs-apache/pull/2164) ([hunner](https://github.com/hunner))
-- Add feature to reload apache service when content of ssl files has changed [\#2157](https://github.com/puppetlabs/puppetlabs-apache/pull/2157) ([timdeluxe](https://github.com/timdeluxe))
-
-## [v6.3.1](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.3.1) (2021-07-22)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.3.0...v6.3.1)
-
-### Fixed
-
-- \(MODULES-10899\) Load php module with the right libphp file [\#2166](https://github.com/puppetlabs/puppetlabs-apache/pull/2166) ([sheenaajay](https://github.com/sheenaajay))
-- \(maint\) Fix puppet-strings docs on apache::vhost [\#2165](https://github.com/puppetlabs/puppetlabs-apache/pull/2165) ([ekohl](https://github.com/ekohl))
-
-## [v6.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.3.0) (2021-06-22)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/kps_ssl_reload_and_cache_disk_combined_tag...v6.3.0)
-
-### Added
-
-- The default disk\_cache.conf.erb caches everything.  [\#2142](https://github.com/puppetlabs/puppetlabs-apache/pull/2142) ([Pawa2NR](https://github.com/Pawa2NR))
-
-### Fixed
-
-- Update the default version of Apache for Amazon Linux 2 [\#2158](https://github.com/puppetlabs/puppetlabs-apache/pull/2158) ([turnopil](https://github.com/turnopil))
-- Only warn about servername logging if relevant [\#2154](https://github.com/puppetlabs/puppetlabs-apache/pull/2154) ([ekohl](https://github.com/ekohl))
-
-## [kps_ssl_reload_and_cache_disk_combined_tag](https://github.com/puppetlabs/puppetlabs-apache/tree/kps_ssl_reload_and_cache_disk_combined_tag) (2021-06-14)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.2.0...kps_ssl_reload_and_cache_disk_combined_tag)
-
-## [v6.2.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.2.0) (2021-05-24)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.1.0...v6.2.0)
-
-### Added
-
-- \(MODULES-11068\) Allow apache::vhost ssl\_honorcipherorder to take boolean parameter [\#2152](https://github.com/puppetlabs/puppetlabs-apache/pull/2152) ([davidc](https://github.com/davidc))
-
-## [v6.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.1.0) (2021-05-17)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.0.1...v6.1.0)
-
-### Added
-
-- support for uri for severname with use\_servername\_for\_filenames [\#2150](https://github.com/puppetlabs/puppetlabs-apache/pull/2150) ([Zarne](https://github.com/Zarne))
-- \(MODULES-11061\) mod\_security custom rule functionality [\#2145](https://github.com/puppetlabs/puppetlabs-apache/pull/2145) ([k2patel](https://github.com/k2patel))
-
-## [v6.0.1](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.0.1) (2021-05-10)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.0.0...v6.0.1)
-
-### Fixed
-
-- Fix HEADER\* and README\* wildcards in IndexIgnore [\#2138](https://github.com/puppetlabs/puppetlabs-apache/pull/2138) ([keto](https://github.com/keto))
-- Fix dav\_svn for Debian 10 [\#2135](https://github.com/puppetlabs/puppetlabs-apache/pull/2135) ([martijndegouw](https://github.com/martijndegouw))
-
-## [v6.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.0.0) (2021-03-02)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.10.0...v6.0.0)
-
-### Changed
-
-- pdksync - \(MAINT\) Remove SLES 11 support [\#2132](https://github.com/puppetlabs/puppetlabs-apache/pull/2132) ([sanfrancrisko](https://github.com/sanfrancrisko))
-- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 [\#2125](https://github.com/puppetlabs/puppetlabs-apache/pull/2125) ([carabasdaniel](https://github.com/carabasdaniel))
-
-## [v5.10.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.10.0) (2021-02-17)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.9.0...v5.10.0)
-
-### Added
-
-- \(IAC-1186\) Add $use\_port\_for\_filenames parameter [\#2122](https://github.com/puppetlabs/puppetlabs-apache/pull/2122) ([smortex](https://github.com/smortex))
-
-### Fixed
-
-- \(MODULES-10899\) Handle PHP8 MOD package naming convention changes [\#2121](https://github.com/puppetlabs/puppetlabs-apache/pull/2121) ([sanfrancrisko](https://github.com/sanfrancrisko))
-
-## [v5.9.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.9.0) (2021-01-25)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.8.0...v5.9.0)
-
-### Added
-
-- Add ssl\_user\_name vhost parameter [\#2093](https://github.com/puppetlabs/puppetlabs-apache/pull/2093) ([bodgit](https://github.com/bodgit))
-- Add support for mod\_md [\#2090](https://github.com/puppetlabs/puppetlabs-apache/pull/2090) ([smortex](https://github.com/smortex))
-
-### Fixed
-
-- \(FIX\) Correct PHP packages on Ubuntu 16.04 [\#2111](https://github.com/puppetlabs/puppetlabs-apache/pull/2111) ([ekohl](https://github.com/ekohl))
-
-## [v5.8.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.8.0) (2020-12-07)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.7.0...v5.8.0)
-
-### Added
-
-- \(MODULES-10887\) Set `use_servername_for_filenames` for defaults [\#2103](https://github.com/puppetlabs/puppetlabs-apache/pull/2103) ([towo](https://github.com/towo))
-- pdksync - \(feat\) Add support for Puppet 7 [\#2101](https://github.com/puppetlabs/puppetlabs-apache/pull/2101) ([daianamezdrea](https://github.com/daianamezdrea))
-- \(feat\) Add support for apreq2 MOD on Debian 9, 10 [\#2085](https://github.com/puppetlabs/puppetlabs-apache/pull/2085) ([TigerKriika](https://github.com/TigerKriika))
-
-### Fixed
-
-- \(fix\) Convert unnecessary multi line warnings to single lines [\#2104](https://github.com/puppetlabs/puppetlabs-apache/pull/2104) ([rj667](https://github.com/rj667))
-- Fix bool2httpd function call for older ruby versions [\#2102](https://github.com/puppetlabs/puppetlabs-apache/pull/2102) ([carabasdaniel](https://github.com/carabasdaniel))
-- Use Ruby 2.7 compatible string matching [\#2060](https://github.com/puppetlabs/puppetlabs-apache/pull/2060) ([ekohl](https://github.com/ekohl))
-
-## [v5.7.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.7.0) (2020-11-24)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.6.0...v5.7.0)
-
-### Added
-
-- Add cas\_cookie\_path in vhosts [\#2089](https://github.com/puppetlabs/puppetlabs-apache/pull/2089) ([yakatz](https://github.com/yakatz))
-- \(IAC-1186\) Add new $use\_servername\_for\_filenames parameter [\#2086](https://github.com/puppetlabs/puppetlabs-apache/pull/2086) ([sanfrancrisko](https://github.com/sanfrancrisko))
-- Allow relative paths in oidc\_redirect\_uri [\#2082](https://github.com/puppetlabs/puppetlabs-apache/pull/2082) ([sanfrancrisko](https://github.com/sanfrancrisko))
-- Improve SSLVerify options [\#2081](https://github.com/puppetlabs/puppetlabs-apache/pull/2081) ([bovy89](https://github.com/bovy89))
-- Change icon path [\#2079](https://github.com/puppetlabs/puppetlabs-apache/pull/2079) ([yakatz](https://github.com/yakatz))
-- Support mod\_auth\_gssapi parameters [\#2078](https://github.com/puppetlabs/puppetlabs-apache/pull/2078) ([traylenator](https://github.com/traylenator))
-- Add ssl\_proxy\_machine\_cert\_chain param to vhost class [\#2072](https://github.com/puppetlabs/puppetlabs-apache/pull/2072) ([AbelNavarro](https://github.com/AbelNavarro))
-
-### Fixed
-
-- Use Ruby 2.7 compatible string matching [\#2074](https://github.com/puppetlabs/puppetlabs-apache/pull/2074) ([sanfrancrisko](https://github.com/sanfrancrisko))
-
-## [v5.6.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.6.0) (2020-10-01)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.5.0...v5.6.0)
-
-### Added
-
-- Configure default shared lib path for mod\_wsgi on RHEL8 [\#2063](https://github.com/puppetlabs/puppetlabs-apache/pull/2063) ([nbarrientos](https://github.com/nbarrientos))
-- Various enhancements to apache::mod::passenger [\#2058](https://github.com/puppetlabs/puppetlabs-apache/pull/2058) ([smortex](https://github.com/smortex))
-
-### Fixed
-
-- make apache::mod::fcgid redhat 8 compatible [\#2071](https://github.com/puppetlabs/puppetlabs-apache/pull/2071) ([creativefre](https://github.com/creativefre))
-- pdksync - \(feat\) - Removal of inappropriate terminology [\#2062](https://github.com/puppetlabs/puppetlabs-apache/pull/2062) ([pmcmaw](https://github.com/pmcmaw))
-- Use python3-mod\_wsgi instead of mod\_wsgi on CentOS8 [\#2052](https://github.com/puppetlabs/puppetlabs-apache/pull/2052) ([kajinamit](https://github.com/kajinamit))
-
-## [v5.5.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.5.0) (2020-07-03)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.4.0...v5.5.0)
-
-### Added
-
-- Allow IPv6 CIDRs for proxy\_protocol\_exceptions in mod remoteip [\#2033](https://github.com/puppetlabs/puppetlabs-apache/pull/2033) ([thechristschn](https://github.com/thechristschn))
-- \(IAC-746\) - Add ubuntu 20.04 support [\#2032](https://github.com/puppetlabs/puppetlabs-apache/pull/2032) ([david22swan](https://github.com/david22swan))
-- Replace legacy `bool2httpd()` function with shim [\#2025](https://github.com/puppetlabs/puppetlabs-apache/pull/2025) ([alexjfisher](https://github.com/alexjfisher))
-- Tidy up `pw_hash` function [\#2024](https://github.com/puppetlabs/puppetlabs-apache/pull/2024) ([alexjfisher](https://github.com/alexjfisher))
-- Replace validate\_apache\_loglevel\(\) with data type [\#2023](https://github.com/puppetlabs/puppetlabs-apache/pull/2023) ([alexjfisher](https://github.com/alexjfisher))
-- Add ProxyIOBufferSize option [\#2014](https://github.com/puppetlabs/puppetlabs-apache/pull/2014) ([jplindquist](https://github.com/jplindquist))
-- Add support for SetInputFilter directive [\#2007](https://github.com/puppetlabs/puppetlabs-apache/pull/2007) ([HoucemEddine](https://github.com/HoucemEddine))
-- \[MODULES-10530\] Add request limiting directives on virtual host level [\#1996](https://github.com/puppetlabs/puppetlabs-apache/pull/1996) ([aursu](https://github.com/aursu))
-- \[MODULES-10528\] Add ErrorLogFormat directive on virtual host level [\#1995](https://github.com/puppetlabs/puppetlabs-apache/pull/1995) ([aursu](https://github.com/aursu))
-- Add template variables and parameters for ModSecurity Audit Logs [\#1988](https://github.com/puppetlabs/puppetlabs-apache/pull/1988) ([jplindquist](https://github.com/jplindquist))
-- \(MODULES-10432\) Add mod\_auth\_openidc support [\#1987](https://github.com/puppetlabs/puppetlabs-apache/pull/1987) ([asieraguado](https://github.com/asieraguado))
-
-### Fixed
-
-- \(MODULES-10712\) Fix mod\_ldap on RH/CentOS 5 and 6 [\#2041](https://github.com/puppetlabs/puppetlabs-apache/pull/2041) ([h-haaks](https://github.com/h-haaks))
-- Update mod\_dir, alias\_icons\_path, error\_documents\_path for CentOS 8 [\#2038](https://github.com/puppetlabs/puppetlabs-apache/pull/2038) ([initrd](https://github.com/initrd))
-- Ensure switching of thread module works on Debian 10 / Ubuntu 20.04 [\#2034](https://github.com/puppetlabs/puppetlabs-apache/pull/2034) ([tuxmea](https://github.com/tuxmea))
-- MODULES-10586 Centos 8: wrong package used to install mod\_authnz\_ldap [\#2021](https://github.com/puppetlabs/puppetlabs-apache/pull/2021) ([farebers](https://github.com/farebers))
-- Re-add package for fcgid on debian/ubuntu machines [\#2006](https://github.com/puppetlabs/puppetlabs-apache/pull/2006) ([vStone](https://github.com/vStone))
-- Use ldap\_trusted\_mode in conditional [\#1999](https://github.com/puppetlabs/puppetlabs-apache/pull/1999) ([dacron](https://github.com/dacron))
-- Typo in oidcsettings.pp [\#1997](https://github.com/puppetlabs/puppetlabs-apache/pull/1997) ([asieraguado](https://github.com/asieraguado))
-- Fix proxy\_html Module to work on Debian 10 [\#1994](https://github.com/puppetlabs/puppetlabs-apache/pull/1994) ([buchstabensalat](https://github.com/buchstabensalat))
-- \(MODULES-10360\) Fix icon paths for RedHat systems [\#1991](https://github.com/puppetlabs/puppetlabs-apache/pull/1991) ([2and3makes23](https://github.com/2and3makes23))
-- SSLProxyEngine on has to be set before any Proxydirective using it [\#1989](https://github.com/puppetlabs/puppetlabs-apache/pull/1989) ([zivis](https://github.com/zivis))
-
-## [v5.4.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.4.0) (2020-01-22)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.3.0...v5.4.0)
-
-### Added
-
-- Add an apache::vhost::fragment define [\#1980](https://github.com/puppetlabs/puppetlabs-apache/pull/1980) ([ekohl](https://github.com/ekohl))
-
-### Fixed
-
-- \(MODULES-10391\) ssl\_protocol includes SSLv2 and SSLv3 on all platforms [\#1990](https://github.com/puppetlabs/puppetlabs-apache/pull/1990) ([legooolas](https://github.com/legooolas))
-
-## [v5.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.3.0) (2019-12-11)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.2.0...v5.3.0)
-
-### Added
-
-- \(FM-8672\) - Addition of Support for CentOS 8 [\#1977](https://github.com/puppetlabs/puppetlabs-apache/pull/1977) ([david22swan](https://github.com/david22swan))
-- \(MODULES-9948\) Allow switching of thread modules [\#1961](https://github.com/puppetlabs/puppetlabs-apache/pull/1961) ([tuxmea](https://github.com/tuxmea))
-
-### Fixed
-
-- Fix newline being added before proxy params [\#1984](https://github.com/puppetlabs/puppetlabs-apache/pull/1984) ([oxc](https://github.com/oxc))
-- When using mod jk, we expect the libapache2-mod-jk package to be installed [\#1979](https://github.com/puppetlabs/puppetlabs-apache/pull/1979) ([tuxmea](https://github.com/tuxmea))
-- move unless into manage\_security\_corerules [\#1976](https://github.com/puppetlabs/puppetlabs-apache/pull/1976) ([SimonHoenscheid](https://github.com/SimonHoenscheid))
-- Change mod\_proxy's ProxyTimeout to follow Apache's global timeout [\#1975](https://github.com/puppetlabs/puppetlabs-apache/pull/1975) ([gcoxmoz](https://github.com/gcoxmoz))
-- \(FM-8721\) fix php version and ssl error on redhat8 [\#1973](https://github.com/puppetlabs/puppetlabs-apache/pull/1973) ([sheenaajay](https://github.com/sheenaajay))
-
-## [v5.2.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.2.0) (2019-11-01)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.1.0...v5.2.0)
-
-### Added
-
-- Add parameter version for mod security [\#1953](https://github.com/puppetlabs/puppetlabs-apache/pull/1953) ([tuxmea](https://github.com/tuxmea))
-- add possibility to define variables inside VirtualHost definition [\#1947](https://github.com/puppetlabs/puppetlabs-apache/pull/1947) ([trefzer](https://github.com/trefzer))
-
-### Fixed
-
-- \(FM-8662\) Correction in manifests/mod/ssl.pp for SLES 11 [\#1963](https://github.com/puppetlabs/puppetlabs-apache/pull/1963) ([sanfrancrisko](https://github.com/sanfrancrisko))
-- always quote ExpiresDefault in vhost::directories [\#1958](https://github.com/puppetlabs/puppetlabs-apache/pull/1958) ([evgeni](https://github.com/evgeni))
-- MODULES-9904 Fix lbmethod module load order [\#1956](https://github.com/puppetlabs/puppetlabs-apache/pull/1956) ([optiz0r](https://github.com/optiz0r))
-- Add owner, group, file\_mode and show\_diff to apache::custom\_config [\#1942](https://github.com/puppetlabs/puppetlabs-apache/pull/1942) ([treydock](https://github.com/treydock))
-- Add shibboleth support for Debian 10 [\#1939](https://github.com/puppetlabs/puppetlabs-apache/pull/1939) ([fabbks](https://github.com/fabbks))
-
-## [v5.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.1.0) (2019-09-13)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.0.0...v5.1.0)
-
-### Added
-
-- \(FM-8393\) add support on Debian 10 [\#1945](https://github.com/puppetlabs/puppetlabs-apache/pull/1945) ([ThoughtCrhyme](https://github.com/ThoughtCrhyme))
-- FM-8140 Add Redhat 8 support [\#1941](https://github.com/puppetlabs/puppetlabs-apache/pull/1941) ([sheenaajay](https://github.com/sheenaajay))
-- \(FM-8214\) converted to use litmus [\#1938](https://github.com/puppetlabs/puppetlabs-apache/pull/1938) ([tphoney](https://github.com/tphoney))
-- \(MODULES-9668 \) Please make ProxyRequests setting in vhost.pp configurable [\#1935](https://github.com/puppetlabs/puppetlabs-apache/pull/1935) ([aukesj](https://github.com/aukesj))
-- Added unmanaged\_path and custom\_fragment options to userdir [\#1931](https://github.com/puppetlabs/puppetlabs-apache/pull/1931) ([GeorgeCox](https://github.com/GeorgeCox))
-- Add LDAP parameters to httpd.conf [\#1930](https://github.com/puppetlabs/puppetlabs-apache/pull/1930) ([daveseff](https://github.com/daveseff))
-- Add LDAPReferrals configuration parameter [\#1928](https://github.com/puppetlabs/puppetlabs-apache/pull/1928) ([HT43-bqxFqB](https://github.com/HT43-bqxFqB))
-
-### Fixed
-
-- \(MODULES-9104\) Add file\_mode to config files. [\#1922](https://github.com/puppetlabs/puppetlabs-apache/pull/1922) ([stevegarn](https://github.com/stevegarn))
-- \(bugfix\) Add default package name for mod\_ldap [\#1913](https://github.com/puppetlabs/puppetlabs-apache/pull/1913) ([turnopil](https://github.com/turnopil))
-- Remove event mpm when using prefork, worker or itk [\#1905](https://github.com/puppetlabs/puppetlabs-apache/pull/1905) ([tuxmea](https://github.com/tuxmea))
-
-## [v5.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.0.0) (2019-05-20)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/4.1.0...v5.0.0)
-
-### Changed
-
-- pdksync - \(MODULES-8444\) - Raise lower Puppet bound [\#1908](https://github.com/puppetlabs/puppetlabs-apache/pull/1908) ([david22swan](https://github.com/david22swan))
-
-### Added
-
-- \(FM-7923\) Implement Puppet Strings [\#1916](https://github.com/puppetlabs/puppetlabs-apache/pull/1916) ([eimlav](https://github.com/eimlav))
-- Define SCL package name for mod\_ldap [\#1893](https://github.com/puppetlabs/puppetlabs-apache/pull/1893) ([treydock](https://github.com/treydock))
-
-### Fixed
-
-- \(MODULES-9014\) Improve SSLSessionTickets handling [\#1923](https://github.com/puppetlabs/puppetlabs-apache/pull/1923) ([FredericLespez](https://github.com/FredericLespez))
-- \(MODULES-8931\) Fix stahnma/epel failures [\#1914](https://github.com/puppetlabs/puppetlabs-apache/pull/1914) ([eimlav](https://github.com/eimlav))
-- Fix wsgi\_daemon\_process to support hash data type [\#1884](https://github.com/puppetlabs/puppetlabs-apache/pull/1884) ([mdechiaro](https://github.com/mdechiaro))
-
-## [4.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/4.1.0) (2019-04-05)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/4.0.0...4.1.0)
-
-### Added
-
-- \(MODULES-7196\) Allow setting CASRootProxiedAs per virtualhost \(replaces \#1857\) [\#1900](https://github.com/puppetlabs/puppetlabs-apache/pull/1900) ([Lavinia-Dan](https://github.com/Lavinia-Dan))
-- \(feat\) - Amazon Linux 2 compatibility added [\#1898](https://github.com/puppetlabs/puppetlabs-apache/pull/1898) ([david22swan](https://github.com/david22swan))
-- \(MODULES-8731\) Allow CIDRs for proxy\_ips/internal\_proxy in remoteip [\#1891](https://github.com/puppetlabs/puppetlabs-apache/pull/1891) ([JAORMX](https://github.com/JAORMX))
-- Manage all mod\_remoteip parameters supported by Apache [\#1882](https://github.com/puppetlabs/puppetlabs-apache/pull/1882) ([johanfleury](https://github.com/johanfleury))
-- MODULES-8541 : Allow HostnameLookups to be modified [\#1881](https://github.com/puppetlabs/puppetlabs-apache/pull/1881) ([k2patel](https://github.com/k2patel))
-- Add support for mod\_http2 [\#1867](https://github.com/puppetlabs/puppetlabs-apache/pull/1867) ([smortex](https://github.com/smortex))
-- Added code to paramertize the libphp prefix [\#1852](https://github.com/puppetlabs/puppetlabs-apache/pull/1852) ([grahamuk2018](https://github.com/grahamuk2018))
-- Added WSGI Options WSGIApplicationGroup and WSGIPythonOptimize [\#1847](https://github.com/puppetlabs/puppetlabs-apache/pull/1847) ([emetriqLikedeeler](https://github.com/emetriqLikedeeler))
-
-### Fixed
-
-- \(bugfix\) set kernel for facter version test [\#1895](https://github.com/puppetlabs/puppetlabs-apache/pull/1895) ([tphoney](https://github.com/tphoney))
-- \(MODULES-5990\) - Managing conf\_enabled [\#1875](https://github.com/puppetlabs/puppetlabs-apache/pull/1875) ([david22swan](https://github.com/david22swan))
-
-## [4.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/4.0.0) (2019-01-10)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.5.0...4.0.0)
-
-### Changed
-
-- default server\_tokens to prod - more secure default [\#1746](https://github.com/puppetlabs/puppetlabs-apache/pull/1746) ([juju4](https://github.com/juju4))
-
-### Added
-
-- \(Modules 8141/Modules 8379\) - Addition of support for SLES 15 [\#1862](https://github.com/puppetlabs/puppetlabs-apache/pull/1862) ([david22swan](https://github.com/david22swan))
-- SCL support for httpd and php7.1 [\#1822](https://github.com/puppetlabs/puppetlabs-apache/pull/1822) ([mmoll](https://github.com/mmoll))
-
-### Fixed
-
-- \(MODULES-5990\) - conf-enabled defaulted to undef [\#1869](https://github.com/puppetlabs/puppetlabs-apache/pull/1869) ([david22swan](https://github.com/david22swan))
-- pdksync - \(FM-7655\) Fix rubygems-update for ruby \< 2.3 [\#1866](https://github.com/puppetlabs/puppetlabs-apache/pull/1866) ([tphoney](https://github.com/tphoney))
-
-## [3.5.0](https://github.com/puppetlabs/puppetlabs-apache/tree/3.5.0) (2018-12-17)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.4.0...3.5.0)
-
-### Added
-
-- \(MODULES-5990\) Addition of 'IncludeOptional conf-enabled/\*.conf' to apache2.conf' on Debian Family OS [\#1851](https://github.com/puppetlabs/puppetlabs-apache/pull/1851) ([david22swan](https://github.com/david22swan))
-- \(MODULES-8107\) - Support added for Ubuntu 18.04. [\#1850](https://github.com/puppetlabs/puppetlabs-apache/pull/1850) ([david22swan](https://github.com/david22swan))
-- \(MODULES-8108\) - Support added for Debian 9 [\#1849](https://github.com/puppetlabs/puppetlabs-apache/pull/1849) ([david22swan](https://github.com/david22swan))
-- Add option to add comments to the header of a vhost file [\#1841](https://github.com/puppetlabs/puppetlabs-apache/pull/1841) ([jovandeginste](https://github.com/jovandeginste))
-
-### Fixed
-
-- \(FM-7605\) - Disabling conf\_enabled on Ubuntu 18.04  by default as it conflicts with Shibboleth causing errors with apache2. [\#1856](https://github.com/puppetlabs/puppetlabs-apache/pull/1856) ([david22swan](https://github.com/david22swan))
-- \(MODULES-8429\) Update GPG key for phusion passenger [\#1848](https://github.com/puppetlabs/puppetlabs-apache/pull/1848) ([abottchen](https://github.com/abottchen))
-- Fix default vhost priority in readme [\#1843](https://github.com/puppetlabs/puppetlabs-apache/pull/1843) ([HT43-bqxFqB](https://github.com/HT43-bqxFqB))
-- fix apache::mod::jk example typo and add link for more info [\#1812](https://github.com/puppetlabs/puppetlabs-apache/pull/1812) ([xorpaul](https://github.com/xorpaul))
-- MODULES-7379: Fixing syntax by adding newline [\#1803](https://github.com/puppetlabs/puppetlabs-apache/pull/1803) ([wimvr](https://github.com/wimvr))
-- ensure mpm\_event is disabled under debian 9 if mpm itk is used [\#1766](https://github.com/puppetlabs/puppetlabs-apache/pull/1766) ([zivis](https://github.com/zivis))
-
-## [3.4.0](https://github.com/puppetlabs/puppetlabs-apache/tree/3.4.0) (2018-09-27)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.3.0...3.4.0)
-
-### Added
-
-- pdksync - \(FM-7392\) - Puppet 6 Testing Changes [\#1838](https://github.com/puppetlabs/puppetlabs-apache/pull/1838) ([pmcmaw](https://github.com/pmcmaw))
-- pdksync - \(MODULES-6805\) metadata.json shows support for puppet 6 [\#1836](https://github.com/puppetlabs/puppetlabs-apache/pull/1836) ([tphoney](https://github.com/tphoney))
-
-### Fixed
-
-- Fix "audit\_log\_relevant\_status" typo in README.md [\#1830](https://github.com/puppetlabs/puppetlabs-apache/pull/1830) ([smokris](https://github.com/smokris))
-
-## [3.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/3.3.0) (2018-09-11)
-
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.2.0...3.3.0)
-
-### Added
-
-- pdksync - \(MODULES-7705\) - Bumping stdlib dependency from \< 5.0.0 to \< 6.0.0 [\#1821](https://github.com/puppetlabs/puppetlabs-apache/pull/1821) ([pmcmaw](https://github.com/pmcmaw))
-- Add support for ProxyTimeout [\#1805](https://github.com/puppetlabs/puppetlabs-apache/pull/1805) ([agoodno](https://github.com/agoodno))
-- \(MODULES-7343\) - Allow overrides by adding mod\_libs in apache class [\#1800](https://github.com/puppetlabs/puppetlabs-apache/pull/1800) ([karelyatin](https://github.com/karelyatin))
-- Rework passenger VHost and Directories [\#1778](https://github.com/puppetlabs/puppetlabs-apache/pull/1778) ([smortex](https://github.com/smortex))
-
-### Fixed
-
-- MODULES-7575 reverse sort the aliases [\#1808](https://github.com/puppetlabs/puppetlabs-apache/pull/1808) ([k2patel](https://github.com/k2patel))
-- fixes for OpenSUSE ans SLES [\#1783](https://github.com/puppetlabs/puppetlabs-apache/pull/1783) ([tuxmea](https://github.com/tuxmea))
-
-## 3.2.0
-### Summary
-This is a clean release to prepare for several planned backwards incompatible changes.
-
-#### Changed
-- Parameter `passenger_pre_start` has been moved outside of `<VirtualHost>`.
-- Apache version fact has been enabled on FreeBSD.
-- Parameter `ssl_proxyengine` has had it's default changed to false.
-
-#### Added
-- Parameter `passenger_group` can now be set in `apache::vhost`.
-- Multiple `passenger_pre_start` URIs can now be set at once.
-- Manifest `mod::auth_gssapi` has been added to allow the deployment of authorisation with kerberos, through GSSAPI.
-
-#### Removed
-- Scientific 5 and Debian 7 are no longer supported on Apache.
-
-## Supported Release [3.1.0]
-### Summary
-This release includes the module being converted using version 1.4.1 of the PDK. It also includes a couple of additional parameters added.
-
-#### Added
-- Module has been pdk converted with version 1.4.1 ([MODULES-6331](https://tickets.puppet.com/browse/MODULES-6331))
-- Parameter `ssl_cert` to provide a SSLCertificateFile option for use with SSL, optional of type String.
-- Parameter `ssl_key` to provide a SSLCertificateKey option for use with SSL, optional of type String.
-
-#### Fixed
-- Documentation updates.
-- Updates to the Japanese translation based on documentation update.
-
-## Supported Release [3.0.0]
-### Summary
-This major release changes the default value of `keepalive` to `On`. It also includes many other features and bugfixes.
-
-#### Changed
-- Default `apache::keepalive` from `Off` to `On`.
-
-#### Added
-- Class `apache::mod::data`
-- Function `apache::apache_pw_hash` function (puppet 4 port of `apache_pw_hash()`)
-- Function `apache::bool2httpd` function (puppet 4 port of `bool2httpd()`)
-- Function `apache::validate_apache_log_level` function (puppet 4 port of `validate_apache_log_level()`)
-- Parameter `apache::balancer::options` for additional directives.
-- Parameter `apache::limitreqfields` setting the LimitRequestFields directive to 100.
-- Parameter `apache::use_canonical_name` to control how httpd uses self-referential URLs.
-- Parameter `apache::mod::disk_cache::cache_ignore_headers` to ignore cache headers.
-- Parameter `apache::mod::itk::enablecapabilities` to manage ITK capabilities.
-- Parameter `apache::mod::ldap::ldap_trusted_mode` to manage trusted mode.
-- Parameters for `apache::mod::passenger`:
-  - `passenger_allow_encoded_slashes`
-  - `passenger_app_group_name`
-  - `passenger_app_root`
-  - `passenger_app_type`
-  - `passenger_base_uri`
-  - `passenger_buffer_response`
-  - `passenger_buffer_upload`
-  - `passenger_concurrency_model`
-  - `passenger_debug_log_file`
-  - `passenger_debugger`
-  - `passenger_default_group`
-  - `passenger_default_user`
-  - `passenger_disable_security_update_check`
-  - `passenger_enabled`
-  - `passenger_error_override`
-  - `passenger_file_descriptor_log_file`
-  - `passenger_fly_with`
-  - `passenger_force_max_concurrent_requests_per_process`
-  - `passenger_friendly_error_pages`
-  - `passenger_group`
-  - `passenger_installed_version`
-  - `passenger_instance_registry_dir`
-  - `passenger_load_shell_envvars`
-  - `passenger_lve_min_uid`
-  - `passenger_max_instances`
-  - `passenger_max_preloader_idle_time`
-  - `passenger_max_request_time`
-  - `passenger_memory_limit`
-  - `passenger_meteor_app_settings`
-  - `passenger_nodejs`
-  - `passenger_pre_start`
-  - `passenger_python`
-  - `passenger_resist_deployment_errors`
-  - `passenger_resolve_symlinks_in_document_root`
-  - `passenger_response_buffer_high_watermark`
-  - `passenger_restart_dir`
-  - `passenger_rolling_restarts`
-  - `passenger_security_update_check_proxy`
-  - `passenger_show_version_in_header`
-  - `passenger_socket_backlog`
-  - `passenger_start_timeout`
-  - `passenger_startup_file`
-  - `passenger_sticky_sessions`
-  - `passenger_sticky_sessions_cookie_name`
-  - `passenger_thread_count`
-  - `passenger_user`
-  - `passenger_user_switching`
-  - `rack_auto_detect`
-  - `rack_base_uri`
-  - `rack_env`
-  - `rails_allow_mod_rewrite`
-  - `rails_app_spawner_idle_time`
-  - `rails_auto_detect`
-  - `rails_base_uri`
-  - `rails_default_user`
-  - `rails_env`
-  - `rails_framework_spawner_idle_time`
-  - `rails_ruby`
-  - `rails_spawn_method`
-  - `rails_user_switching`
-  - `wsgi_auto_detect`
-- Parameter `apache::mod::prefork::listenbacklog` to set the listen backlog to 511.
-- Parameter `apache::mod::python::loadfile_name` to workaround python.load filename conflicts.
-- Parameter `apache::mod::ssl::ssl_cert` to manage the client auth cert.
-- Parameter `apache::mod::ssl::ssl_key` to manage the client auth key.
-- Parameter `apache::mod::status::requires` as an alternative to `apache::mod::status::allow_from`
-- Parameter `apache::vhost::ssl_proxy_cipher_suite` to manage that directive.
-- Parameter `apache::vhost::shib_compat_valid_user` to manage that directive.
-- Parameter `apache::vhost::use_canonical_name` to manage that directive.
-- Parameter value `mellon_session_length` for `apache::vhost::directories`
-
-### Fixed
-- `apache_version` is confined to just Linux to avoid erroring on AIX.
-- Parameter `apache::mod::jk::workers_file_content` docs typo of "mantain" instead of maintain.
-- Deduplicate `apache::mod::ldap` managing `File['ldap.conf']` to avoid resource conflicts.
-- ITK package name on Debian 9
-- Dav_svn package for SLES
-- Log client IP instead of loadbalancer IP when behind a loadbalancer.
-- `apache::mod::remoteip` now notifies the `Class['apache::service']` class instead of `Service['httpd']` to avoid restarting the service when `apache::service_manage` is false.
-- `apache::vhost::cas_scrub_request_headers` actually manages the directive.
-
-## Supported Release [2.3.1]
-### Summary
-This release fixes CVE-2018-6508 which is a potential arbitrary code execution via tasks.
-
-### Fixed
-- Fix init task for arbitrary remote code
-
-## Supported Release [2.3.0]
-### Summary
-This is a feature release. It includes a task that will reload the apache service.
-
-#### Added
-- Add a task that allows the reloading of the Apache service.
-
-## Supported Release [2.2.0]
-### Summary
-This is a maintainence and feature release. It will include updates to translations in Japanese, some maintainence and adding `PassengerSpawnMethod` to vhost.
-
-#### Added
-- `PassengerSpawnMethod` added to `vhost`.
-
-#### Changed
-- Improve version match fact for `apache_version`
-- Update to prefork.conf params for Apache 2.4
-- Updates to `CONTRIBUTING.md`
-- Do not install mod_fastcgi on el7
-- Include mod_wsgi when using wsgi options
-
-## Supported Release [2.1.0]
-### Summary
-This is a feature release including a security patch (CVE-2017-2299)
-
-#### Added
-- `apache::mod::jk` class for managing the mod_jk connector
-- `apache_pw_hash` function
-- the ProxyPass directive in location contexts
-- more Puppet 4 type validation
-- `apache::mod::macro` class for managing mod_macro
-
-#### Changed
-- $ssl_certs_dir default to `undef` for all platorms
-- $ssl_verify_client must now be set to use any of the following: `$ssl_certs_dir`, `$ssl_ca`, `$ssl_crl_path`, `$ssl_crl`, `$ssl_verify_depth`, `$ssl_crl_check`
-
-#### Fixed
-- issue where mod_alias was not being loaded when RedirectMatch* directives were being used ([MODULES-3942](https://tickets.puppet.com/browse/MODULES-3942))
-- issue with `$directories` parameter in `apache::vhost`
-- issue in UserDir template where the UserDir path did not match the Directory path
-- **Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory**
-
-#### Removed
-- support for EOL platforms: Ubuntu 10.04, 12.04 and Debian 6 (Squeeze)
+All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](http://semver.org).
 
 ## Supported Release [2.0.0]
 ### Summary
@@ -612,17 +47,6 @@ Major release **removing Puppet 3 support** and other backwards-incompatible cha
 - issue where ProxyPreserveHost could not be set without other Proxy* directives
 - the module attempting to install proxy_html on Ubuntu Xenial and Debian Stretch
 
-## Supported Release [1.11.1]
-#### Summary
-This is a security patch release (CVE-2017-2299). These changes are also in version 2.1.0 and higher.
-
-#### Changed
-- $ssl_certs_dir default to `undef` for all platorms
-- $ssl_verify_client must now be set to use any of the following: `$ssl_certs_dir`, `$ssl_ca`, `$ssl_crl_path`, `$ssl_crl`, `$ssl_verify_depth`, `$ssl_crl_check`
-
-#### Fixed
-- **Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory** ([MODULES-5471](https://tickets.puppet.com/browse/MODULES-5471))
-
 ## Supported Release [1.11.0]
 ### Summary
 This release adds SLES12 Support and many more features and bugfixes.
@@ -1086,7 +510,6 @@ This release features many improvements and bugfixes, including several new defi
   - passenger_ruby
   - passenger_start_timeout
   - proxy_preserve_host
-  - proxy_requests
   - redirectmatch_dest
   - ssl_crl_check
   - wsgi_chunked_request
@@ -1441,15 +864,7 @@ worker/prefork
 * f672e46 a2mod fix
 * 8a56ee9 add pthon support to apache
 
-[3.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/3.1.0...3.2.0
-[3.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/3.0.0...3.1.0
-[3.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.3.1...3.0.0
-[2.3.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.3.0...2.3.1
-[2.3.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.2.0...2.3.0
-[2.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.1.0...2.2.0
-[2.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.0.0...2.1.0
 [2.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...2.0.0
-[1.11.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...1.11.1
 [1.11.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.10.0...1.11.0
 [1.10.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.9.0...1.10.0
 [1.9.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.1...1.9.0
@@ -1477,6 +892,3 @@ worker/prefork
 [0.5.0-rc1]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.4.0...0.5.0-rc1
 [0.4.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.3.0...0.4.0
 [0.0.4]:https://github.com/puppetlabs/puppetlabs-apache/commits/0.0.4
-
-
-\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/CONTRIBUTING.md b/modules/services/unix/http/apache_stretch_compatible/apache/CONTRIBUTING.md
index e7a3a7c3f..990edba7e 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/CONTRIBUTING.md
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/CONTRIBUTING.md
@@ -1,3 +1,217 @@
-# Contributing to Puppet modules
+Checklist (and a short version for the impatient)
+=================================================
 
-Check out our [Contributing to Supported Modules Blog Post](https://puppetlabs.github.io/iac/docs/contributing_to_a_module.html) to find all the information that you will need.
+  * Commits:
+
+    - Make commits of logical units.
+
+    - Check for unnecessary whitespace with "git diff --check" before
+      committing.
+
+    - Commit using Unix line endings (check the settings around "crlf" in
+      git-config(1)).
+
+    - Do not check in commented out code or unneeded files.
+
+    - The first line of the commit message should be a short
+      description (50 characters is the soft limit, excluding ticket
+      number(s)), and should skip the full stop.
+
+    - Associate the issue in the message. The first line should include
+      the issue number in the form "(#XXXX) Rest of message".
+
+    - The body should provide a meaningful commit message, which:
+
+      - uses the imperative, present tense: "change", not "changed" or
+        "changes".
+
+      - includes motivation for the change, and contrasts its
+        implementation with the previous behavior.
+
+    - Make sure that you have tests for the bug you are fixing, or
+      feature you are adding.
+
+    - Make sure the test suites passes after your commit:
+      `bundle exec rspec spec/acceptance` More information on [testing](#Testing) below
+
+    - When introducing a new feature, make sure it is properly
+      documented in the README.md
+
+  * Submission:
+
+    * Pre-requisites:
+
+      - Make sure you have a [GitHub account](https://github.com/join)
+
+      - [Create a ticket](https://tickets.puppet.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppet.com/browse/) you are patching for.
+
+    * Preferred method:
+
+      - Fork the repository on GitHub.
+
+      - Push your changes to a topic branch in your fork of the
+        repository. (the format ticket/1234-short_description_of_change is
+        usually preferred for this project).
+
+      - Submit a pull request to the repository in the puppetlabs
+        organization.
+
+The long version
+================
+
+  1.  Make separate commits for logically separate changes.
+
+      Please break your commits down into logically consistent units
+      which include new or changed tests relevant to the rest of the
+      change.  The goal of doing this is to make the diff easier to
+      read for whoever is reviewing your code.  In general, the easier
+      your diff is to read, the more likely someone will be happy to
+      review it and get it into the code base.
+
+      If you are going to refactor a piece of code, please do so as a
+      separate commit from your feature or bug fix changes.
+
+      We also really appreciate changes that include tests to make
+      sure the bug is not re-introduced, and that the feature is not
+      accidentally broken.
+
+      Describe the technical detail of the change(s).  If your
+      description starts to get too long, that is a good sign that you
+      probably need to split up your commit into more finely grained
+      pieces.
+
+      Commits which plainly describe the things which help
+      reviewers check the patch and future developers understand the
+      code are much more likely to be merged in with a minimum of
+      bike-shedding or requested changes.  Ideally, the commit message
+      would include information, and be in a form suitable for
+      inclusion in the release notes for the version of Puppet that
+      includes them.
+
+      Please also check that you are not introducing any trailing
+      whitespace or other "whitespace errors".  You can do this by
+      running "git diff --check" on your changes before you commit.
+
+  2.  Sending your patches
+
+      To submit your changes via a GitHub pull request, we _highly_
+      recommend that you have them on a topic branch, instead of
+      directly on "master".
+      It makes things much easier to keep track of, especially if
+      you decide to work on another thing before your first change
+      is merged in.
+
+      GitHub has some pretty good
+      [general documentation](http://help.github.com/) on using
+      their site.  They also have documentation on
+      [creating pull requests](http://help.github.com/send-pull-requests/).
+
+      In general, after pushing your topic branch up to your
+      repository on GitHub, you can switch to the branch in the
+      GitHub UI and click "Pull Request" towards the top of the page
+      in order to open a pull request.
+
+
+  3.  Update the related GitHub issue.
+
+      If there is a GitHub issue associated with the change you
+      submitted, then you should update the ticket to include the
+      location of your branch, along with any other commentary you
+      may wish to make.
+
+Testing
+=======
+
+Getting Started
+---------------
+
+Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby
+package manager such as [bundler](http://bundler.io/) what Ruby packages,
+or Gems, are required to build, develop, and test this software.
+
+Please make sure you have [bundler installed](http://bundler.io/#getting-started)
+on your system, then use it to install all dependencies needed for this project,
+by running
+
+```shell
+% bundle install
+Fetching gem metadata from https://rubygems.org/........
+Fetching gem metadata from https://rubygems.org/..
+Using rake (10.1.0)
+Using builder (3.2.2)
+-- 8><-- many more --><8 --
+Using rspec-system-puppet (2.2.0)
+Using serverspec (0.6.3)
+Using rspec-system-serverspec (1.0.0)
+Using bundler (1.3.5)
+Your bundle is complete!
+Use `bundle show [gemname]` to see where a bundled gem is installed.
+```
+
+NOTE some systems may require you to run this command with sudo.
+
+If you already have those gems installed, make sure they are up-to-date:
+
+```shell
+% bundle update
+```
+
+With all dependencies in place and up-to-date we can now run the tests:
+
+```shell
+% bundle exec rake spec
+```
+
+This will execute all the [rspec tests](http://rspec-puppet.com/) tests
+under [spec/defines](./spec/defines), [spec/classes](./spec/classes),
+and so on. rspec tests may have the same kind of dependencies as the
+module they are testing. While the module defines in its [Modulefile](./Modulefile),
+rspec tests define them in [.fixtures.yml](./fixtures.yml).
+
+Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker)
+tests. These tests spin up a virtual machine under
+[VirtualBox](https://www.virtualbox.org/)) with, controlling it with
+[Vagrant](http://www.vagrantup.com/) to actually simulate scripted test
+scenarios. In order to run these, you will need both of those tools
+installed on your system.
+
+You can run them by issuing the following command
+
+```shell
+% bundle exec rake spec_clean
+% bundle exec rspec spec/acceptance
+```
+
+This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml),
+install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb)
+and then run all the tests under [spec/acceptance](./spec/acceptance).
+
+Writing Tests
+-------------
+
+XXX getting started writing tests.
+
+If you have commit access to the repository
+===========================================
+
+Even if you have commit access to the repository, you will still need to
+go through the process above, and have someone else review and merge
+in your changes.  The rule is that all changes must be reviewed by a
+developer on the project (that did not write the code) to ensure that
+all changes go through a code review process.
+
+Having someone other than the author of the topic branch recorded as
+performing the merge is the record that they performed the code
+review.
+
+
+Additional Resources
+====================
+
+* [Getting additional help](http://puppet.com/community/get-help)
+
+* [Writing tests](https://docs.puppet.com/guides/module_guides/bgtm.html#step-three-module-testing)
+
+* [General GitHub documentation](http://help.github.com/)
+
+* [GitHub pull request documentation](http://help.github.com/send-pull-requests/)
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/Gemfile b/modules/services/unix/http/apache_stretch_compatible/apache/Gemfile
new file mode 100644
index 000000000..46cb2eace
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/Gemfile
@@ -0,0 +1,75 @@
+#This file is generated by ModuleSync, do not edit.
+
+source ENV['GEM_SOURCE'] || "https://rubygems.org"
+
+# Determines what type of gem is requested based on place_or_version.
+def gem_type(place_or_version)
+  if place_or_version =~ /^git:/
+    :git
+  elsif place_or_version =~ /^file:/
+    :file
+  else
+    :gem
+  end
+end
+
+# Find a location or specific version for a gem. place_or_version can be a
+# version, which is most often used. It can also be git, which is specified as
+# `git://somewhere.git#branch`. You can also use a file source location, which
+# is specified as `file://some/location/on/disk`.
+def location_for(place_or_version, fake_version = nil)
+  if place_or_version =~ /^(git[:@][^#]*)#(.*)/
+    [fake_version, { :git => $1, :branch => $2, :require => false }].compact
+  elsif place_or_version =~ /^file:\/\/(.*)/
+    ['>= 0', { :path => File.expand_path($1), :require => false }]
+  else
+    [place_or_version, { :require => false }]
+  end
+end
+
+# Used for gem conditionals
+supports_windows = false
+ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
+minor_version = "#{ruby_version_segments[0]}.#{ruby_version_segments[1]}"
+
+group :development do
+  gem "puppet-module-posix-default-r#{minor_version}", :require => false, :platforms => "ruby"
+  gem "puppet-module-win-default-r#{minor_version}",   :require => false, :platforms => ["mswin", "mingw", "x64_mingw"]
+  gem "puppet-module-posix-dev-r#{minor_version}",     :require => false, :platforms => "ruby"
+  gem "puppet-module-win-dev-r#{minor_version}",       :require => false, :platforms => ["mswin", "mingw", "x64_mingw"]
+  gem "json_pure", '<= 2.0.1',                         :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
+  gem "fast_gettext", '1.1.0',                         :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0')
+  gem "fast_gettext",                                  :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0')
+end
+
+group :system_tests do
+  gem "puppet-module-posix-system-r#{minor_version}",                            :require => false, :platforms => "ruby"
+  gem "puppet-module-win-system-r#{minor_version}",                              :require => false, :platforms => ["mswin", "mingw", "x64_mingw"]
+  gem "beaker", *location_for(ENV['BEAKER_VERSION'] || '>= 3')                  
+  gem "beaker-pe",                                                               :require => false
+  gem "beaker-rspec", *location_for(ENV['BEAKER_RSPEC_VERSION'])                
+  gem "beaker-hostgenerator", *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION'])
+  gem "beaker-abs", *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1')        
+end
+
+gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION'])
+
+# Only explicitly specify Facter/Hiera if a version has been specified.
+# Otherwise it can lead to strange bundler behavior. If you are seeing weird
+# gem resolution behavior, try setting `DEBUG_RESOLVER` environment variable
+# to `1` and then run bundle install.
+gem 'facter', *location_for(ENV['FACTER_GEM_VERSION']) if ENV['FACTER_GEM_VERSION']
+gem 'hiera', *location_for(ENV['HIERA_GEM_VERSION']) if ENV['HIERA_GEM_VERSION']
+
+
+# Evaluate Gemfile.local if it exists
+if File.exists? "#{__FILE__}.local"
+  eval(File.read("#{__FILE__}.local"), binding)
+end
+
+# Evaluate ~/.gemfile if it exists
+if File.exists?(File.join(Dir.home, '.gemfile'))
+  eval(File.read(File.join(Dir.home, '.gemfile')), binding)
+end
+
+# vim:ft=ruby
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/MAINTAINERS.md b/modules/services/unix/http/apache_stretch_compatible/apache/MAINTAINERS.md
new file mode 100644
index 000000000..18a33881e
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/MAINTAINERS.md
@@ -0,0 +1,6 @@
+## Maintenance
+
+Maintainers:
+  - Puppet Forge Modules Team `forge-modules |at| puppet |dot| com`
+
+Tickets: https://tickets.puppet.com/browse/MODULES. Make sure to set component to `apache`.
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/NOTICE b/modules/services/unix/http/apache_stretch_compatible/apache/NOTICE
index 0bd06041e..77c13089a 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/NOTICE
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/NOTICE
@@ -1,6 +1,6 @@
 Puppet Module - puppetlabs-apache
 
-Copyright 2018 Puppet, Inc.
+Copyright 2017 Puppet, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/README.md b/modules/services/unix/http/apache_stretch_compatible/apache/README.md
index 481cda31b..90f4a7094 100755
--- a/modules/services/unix/http/apache_stretch_compatible/apache/README.md
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/README.md
@@ -19,11 +19,17 @@
 [apache affects]: #what-the-apache-module-affects
 
 [Reference]: #reference
+[Public classes]: #public-classes
+[Private classes]: #private-classes
+[Public defined types]: #public-defined-types
+[Private defined types]: #private-defined-types
+[Templates]: #templates
 
 [Limitations]: #limitations
 
 [Development]: #development
 [Contributing]: #contributing
+[Testing]: #testing
 
 [`AddDefaultCharset`]: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset
 [`add_listen`]: #add_listen
@@ -44,15 +50,12 @@
 [`apache::mod::authn_dbd`]: #class-apachemodauthn_dbd
 [`apache::mod::authnz_ldap`]: #class-apachemodauthnz_ldap
 [`apache::mod::cluster`]: #class-apachemodcluster
-[`apache::mod::data]: #class-apachemoddata
 [`apache::mod::disk_cache`]: #class-apachemoddisk_cache
 [`apache::mod::dumpio`]: #class-apachemoddumpio
 [`apache::mod::event`]: #class-apachemodevent
 [`apache::mod::ext_filter`]: #class-apachemodext_filter
 [`apache::mod::geoip`]: #class-apachemodgeoip
-[`apache::mod::http2`]: #class-apachemodhttp2
 [`apache::mod::itk`]: #class-apachemoditk
-[`apache::mod::jk`]: #class-apachemodjk
 [`apache::mod::ldap`]: #class-apachemodldap
 [`apache::mod::passenger`]: #class-apachemodpassenger
 [`apache::mod::peruser`]: #class-apachemodperuser
@@ -61,12 +64,10 @@
 [`apache::mod::proxy_balancer`]: #class-apachemodproxybalancer
 [`apache::mod::proxy_fcgi`]: #class-apachemodproxy_fcgi
 [`apache::mod::proxy_html`]: #class-apachemodproxy_html
-[`apache::mod::python`]: #class-apachemodpython
 [`apache::mod::security`]: #class-apachemodsecurity
 [`apache::mod::shib`]: #class-apachemodshib
 [`apache::mod::ssl`]: #class-apachemodssl
 [`apache::mod::status`]: #class-apachemodstatus
-[`apache::mod::userdir`]: #class-apachemoduserdir
 [`apache::mod::worker`]: #class-apachemodworker
 [`apache::mod::wsgi`]: #class-apachemodwsgi
 [`apache::params`]: #class-apacheparams
@@ -87,7 +88,6 @@
 [common gateway interface]: https://httpd.apache.org/docs/current/howto/cgi.html
 [`confd_dir`]: #confd_dir
 [`content`]: #content
-[CONTRIBUTING.md]: CONTRIBUTING.md
 [custom error documents]: https://httpd.apache.org/docs/current/custom-error.html
 [`custom_fragment`]: #custom_fragment
 
@@ -129,7 +129,6 @@
 [Hash]: https://docs.puppet.com/puppet/latest/reference/lang_data_hash.html
 [`HttpProtocolOptions`]: http://httpd.apache.org/docs/current/mod/core.html#httpprotocoloptions
 
-[IAC Team]: https://puppetlabs.github.io/iac/
 [`IncludeOptional`]: https://httpd.apache.org/docs/current/mod/core.html#includeoptional
 [`Include`]: https://httpd.apache.org/docs/current/mod/core.html#include
 [interval syntax]: https://httpd.apache.org/docs/current/mod/mod_expires.html#AltSyn
@@ -142,7 +141,6 @@
 [`keepalive` parameter]: #keepalive
 [`keepalive_timeout`]: #keepalive_timeout
 [`limitreqfieldsize`]: https://httpd.apache.org/docs/current/mod/core.html#limitrequestfieldsize
-[`limitreqfields`]: http://httpd.apache.org/docs/current/mod/core.html#limitrequestfields
 
 [`lib`]: #lib
 [`lib_path`]: #lib_path
@@ -166,7 +164,6 @@
 [`mod_alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html
 [`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas
 [`mod_auth_kerb`]: http://modauthkerb.sourceforge.net/configure.html
-[`mod_auth_gssapi`]: https://github.com/modauthgssapi/mod_auth_gssapi
 [`mod_authnz_external`]: https://github.com/phokz/mod-auth-external
 [`mod_auth_dbd`]: http://httpd.apache.org/docs/current/mod/mod_authn_dbd.html
 [`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon
@@ -178,7 +175,6 @@
 [`mod_ext_filter`]: https://httpd.apache.org/docs/current/mod/mod_ext_filter.html
 [`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
 [`mod_geoip`]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/
-[`mod_http2`]: https://httpd.apache.org/docs/current/mod/mod_http2.html
 [`mod_info`]: https://httpd.apache.org/docs/current/mod/mod_info.html
 [`mod_ldap`]: https://httpd.apache.org/docs/2.2/mod/mod_ldap.html
 [`mod_mpm_event`]: https://httpd.apache.org/docs/current/mod/event.html
@@ -189,7 +185,6 @@
 [`mod_proxy`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html
 [`mod_proxy_balancer`]: https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html
 [`mod_reqtimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html
-[`mod_python`]: http://modpython.org/
 [`mod_rewrite`]: https://httpd.apache.org/docs/current/mod/mod_rewrite.html
 [`mod_security`]: https://www.modsecurity.org/
 [`mod_ssl`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html
@@ -219,7 +214,7 @@
 [Puppet Forge]: https://forge.puppet.com
 [Puppet]: https://puppet.com
 [Puppet module]: https://docs.puppet.com/puppet/latest/reference/modules_fundamentals.html
-[Puppet module's code]: https://github.com/puppetlabs/puppetlabs-apache/blob/main/manifests/default_mods.pp
+[Puppet module's code]: https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp
 [`purge_configs`]: #purge_configs
 [`purge_vhost_dir`]: #purge_vhost_dir
 [Python]: https://www.python.org/
@@ -264,8 +259,6 @@
 [template]: http://docs.puppet.com/puppet/latest/reference/lang_template.html
 [`TraceEnable`]: https://httpd.apache.org/docs/current/mod/core.html#traceenable
 
-[`UseCanonicalName`]: https://httpd.apache.org/docs/current/mod/core.html#usecanonicalname
-
 [`verify_config`]: #verify_config
 [`vhost`]: #defined-type-apachevhost
 [`vhost_dir`]: #vhost_dir
@@ -275,8 +268,6 @@
 [`WSGIRestrictEmbedded`]: http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIRestrictEmbedded.html
 [`WSGIPythonPath`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonPath.html
 [`WSGIPythonHome`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonHome.html
-[`WSGIApplicationGroup`]: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html
-[`WSGIPythonOptimize`]: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIPythonOptimize.html
 
 #### Table of Contents
 
@@ -289,19 +280,22 @@
     - [Configuring FastCGI servers to handle PHP files][Configuring FastCGI servers]
     - [Load balancing with exported and non-exported resources][Load balancing examples]
 4. [Reference - An under-the-hood peek at what the module is doing and how][Reference]
+    - [Public classes][]
+    - [Private classes][]
+    - [Public defined types][]
+    - [Private defined types][]
+    - [Templates][]
 5. [Limitations - OS compatibility, etc.][Limitations]
 6. [Development - Guide for contributing to the module][Development]
     - [Contributing to the apache module][Contributing]
-    
-<a id="module-description"></a>
+    - [Running tests - A quick guide][Running tests]
+
 ## Module description
 
 [Apache HTTP Server][] (also called Apache HTTPD, or simply Apache) is a widely used web server. This [Puppet module][] simplifies the task of creating configurations to manage Apache servers in your infrastructure. It can configure and manage a range of virtual host setups and provides a streamlined way to install and configure [Apache modules][].
 
-<a id="setup"></a>
 ## Setup
 
-<a id="apache-affects"></a>
 ### What the apache module affects:
 
 - Configuration files and directories (created and written to)
@@ -318,7 +312,6 @@ On Gentoo, this module depends on the [`gentoo/puppet-portage`][] Puppet module.
 >
 >To temporarily disable full Puppet management, set the [`purge_configs`][] parameter in the [`apache`][] class declaration to false. We recommend this only as a temporary means of saving and relocating customized configurations.
 
-<a id="beginning-with-apache"></a>
 ### Beginning with Apache
 
 To have Puppet install Apache with the default parameters, declare the [`apache`][] class:
@@ -347,10 +340,8 @@ class { 'apache':
 
 > **Note**: When `default_vhost` is set to `false`, you have to add at least one `apache::vhost` resource or Apache will not start. To establish a default virtual host, either set the `default_vhost` in the `apache` class or use the [`apache::vhost`][] defined type. You can also configure additional specific virtual hosts with the [`apache::vhost`][] defined type.
 
-<a id="usage"></a>
 ## Usage
 
-<a id="configuring-virtual-hosts"></a>
 ### Configuring virtual hosts
 
 The default [`apache`][] class sets up a virtual host on port 80, listening on all interfaces and serving the [`docroot`][] parameter's default directory of `/var/www`.
@@ -367,7 +358,7 @@ apache::vhost { 'vhost.example.com':
 
 See the [`apache::vhost`][] defined type's reference for a list of all virtual host parameters.
 
-> **Note**: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The [`apache::vhost`][] defined type applies a default [`priority`][] of 25, which Puppet interprets by prefixing the virtual host's file name with `25-`. This means that if multiple sites have the same priority, or if you disable priority numbers by setting the `priority` parameter's value to false, Apache still processes virtual hosts in alphabetical order.
+> **Note**: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The [`apache::vhost`][] defined type applies a default [`priority`][] of 15, which Puppet interprets by prefixing the virtual host's file name with `15-`. This all means that if multiple sites have the same priority, or if you disable priority numbers by setting the `priority` parameter's value to false, Apache still processes virtual hosts in alphabetical order.
 
 To configure user and group ownership for `docroot`, use the [`docroot_owner`][] and [`docroot_group`][] parameters:
 
@@ -624,7 +615,7 @@ apache::vhost { 'second.example.com':
 }
 ```
 
-You can also configure a mix of IP- and [name-based virtual hosts][] in any combination of [SSL][SSL encryption] and unencrypted configurations.
+You can also configure a mix of IP- and [name-based virtual hosts][] in any combination of [SSL][SSL encryption] and unencrypted configurations. 
 
 In this example, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted:
 
@@ -718,31 +709,8 @@ apache::mod { 'mod_authnz_external': }
 
 There are several optional parameters you can specify when defining Apache modules this way. See the [defined type's reference][`apache::mod`] for details.
 
-<a id="configuring-fastcgi-servers-to-handle-php-files"></a>
 ### Configuring FastCGI servers to handle PHP files
 
-#### FastCGI on Ubuntu 18.04
-
-On Ubuntu 18.04, `mod_fastcgi` is no longer supported. So considering:
-
-* an Apache Vhost with docroot set to `/var/www/html`
-* a FastCGI server listening on `127.0.0.1:9000`
-
-you can then use the [`custom_fragment`][] parameter to configure the virtual host to have the FastCGI server handle the specified file type:
-
-``` puppet
-apache::vhost { 'www':
-  ...
-  docroot         => '/var/www/html/',
-  custom_fragment => 'ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1',
-  ...
-}
-```
-
-Please note you have to adjust the second ProxyPassMatch parameter to you docroot value (here `/var/www/html/`).
-
-#### Other OSes
-
 Add the [`apache::fastcgi::server`][] defined type to allow [FastCGI][] servers to handle requests for specific files. For example, the following defines a FastCGI server at 127.0.0.1 (localhost) on port 9000 to handle PHP requests:
 
 ``` puppet
@@ -766,7 +734,6 @@ apache::vhost { 'www':
 }
 ```
 
-<a id="load-balancing-examples"></a> 
 ### Load balancing examples
 
 Apache supports load balancing across groups of servers through the [`mod_proxy`][] Apache module. Puppet supports configuring Apache load balancing groups (also known as balancer clusters) through the [`apache::balancer`][] and [`apache::balancermember`][] defined types.
@@ -814,23 +781,4304 @@ apache::balancer { 'puppet01':
 
 Load balancing scheduler algorithms (`lbmethod`) are listed [in mod_proxy_balancer documentation](https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html).
 
-<a id="reference"></a> 
 ## Reference
 
-For information on classes, types and functions see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-apache/blob/main/REFERENCE.md)
+- [**Public classes**](#public-classes)
+    - [Class: apache](#class-apache)
+    - [Class: apache::dev](#class-apachedev)
+    - [Class: apache::vhosts](#class-apachevhosts)
+    - [Classes: apache::mod::\*](#classes-apachemodname)
+- [**Private classes**](#private-classes)
+    - [Class: apache::confd::no_accf](#class-apacheconfdno_accf)
+    - [Class: apache::default_confd_files](#class-apachedefault_confd_files)
+    - [Class: apache::default_mods](#class-apachedefault_mods)
+    - [Class: apache::package](#class-apachepackage)
+    - [Class: apache::params](#class-apacheparams)
+    - [Class: apache::service](#class-apacheservice)
+    - [Class: apache::version](#class-apacheversion)
+- [**Public defined types**](#public-defined-types)
+    - [Defined type: apache::balancer](#defined-type-apachebalancer)
+    - [Defined type: apache::balancermember](#defined-type-apachebalancermember)
+    - [Defined type: apache::custom_config](#defined-type-apachecustom_config)
+    - [Defined type: apache::fastcgi::server](#defined-type-fastcgi-server)
+    - [Defined type: apache::listen](#defined-type-apachelisten)
+    - [Defined type: apache::mod](#defined-type-apachemod)
+    - [Defined type: apache::namevirtualhost](#defined-type-apachenamevirtualhost)
+    - [Defined type: apache::vhost](#defined-type-apachevhost)
+    - [Defined type: apache::vhost::custom](#defined-type-apachevhostcustom)
+- [**Private defined types**](#private-defined-types)
+    - [Defined type: apache::default_mods::load](#defined-type-default_mods-load)
+    - [Defined type: apache::peruser::multiplexer](#defined-type-apacheperusermultiplexer)
+    - [Defined type: apache::peruser::processor](#defined-type-apacheperuserprocessor)
+    - [Defined type: apache::security::file_link](#defined-type-apachesecurityfile_link)
+- [**Templates**](#templates)
+
+### Public Classes
+
+#### Class: `apache`
+
+Guides the basic setup and installation of Apache on your system.
+
+When this class is declared with the default options, Puppet:
+
+- Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system.
+- Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system.
+- Configures the server with a default virtual host and standard port ('80') and address ('\*') bindings.
+- Creates a document root directory determined by your operating system, typically `/var/www`.
+- Starts the Apache service.
+
+You can simply declare the default `apache` class:
+
+``` puppet
+class { 'apache': }
+```
+
+##### `allow_encoded_slashes`
+
+Sets the server default for the [`AllowEncodedSlashes`][] declaration, which modifies the responses to URLs containing '\' and '/' characters. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'.
+
+Values: 'on', 'off', 'nodecode'. 
+
+Default: `undef`.
+
+##### `apache_version`
+
+Configures module template behavior, package names, and default Apache modules by defining the version of Apache to use. We do not recommend manually configuring this parameter without reason.
+
+Default: Depends on operating system and release version detected by the [`apache::version`][] class. 
+
+##### `conf_dir`
+
+Sets the directory where the Apache server's main configuration file is located.
+
+Default: Depends on operating system.
+
+- **Debian**: `/etc/apache2`
+- **FreeBSD**: `/usr/local/etc/apache22`
+- **Gentoo**: `/etc/apache2`
+- **Red Hat**: `/etc/httpd/conf`
+
+##### `conf_template`
+
+Defines the [template][] used for the main Apache configuration file. Modifying this parameter is potentially risky, as the apache module is designed to use a minimal configuration file customized by `conf.d` entries.
+
+Default: `apache/httpd.conf.erb`.
+
+##### `confd_dir`
+
+Sets the location of the Apache server's custom configuration directory. 
+
+Default: Depends on operating system.
+
+- **Debian**: `/etc/apache2/conf.d`
+- **FreeBSD**: `/usr/local/etc/apache22`
+- **Gentoo**: `/etc/apache2/conf.d`
+- **Red Hat**: `/etc/httpd/conf.d`
+
+##### `default_charset`
+
+Used as the [`AddDefaultCharset`][] directive in the main configuration file.
+
+Default: `undef`.
+
+##### `default_confd_files`
+
+Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the [`confd_dir`][] parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system.
+
+Boolean. Default: `true`.
+
+##### `default_mods`
+
+Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system.
+
+If `false`, Puppet includes only the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::<MODULE NAME>`][] class or [`apache::mod`][] defined type.
+
+If `true`, Puppet installs additional modules, depending on the operating system and the values of [`apache_version`][] and [`mpm_module`][] parameters. Because these lists of modules can change frequently, consult the [Puppet module's code][] for up-to-date lists.
+
+If this parameter contains an array, Puppet instead enables all passed Apache modules.
+
+Values: Boolean or an array of Apache module names.
+
+Default: `true`.
+
+##### `default_ssl_ca`
+
+Sets the default certificate authority for the Apache server.
+
+Although the default value results in a functioning Apache server, you **must** update this parameter with your certificate authority information before deploying this server in a production environment.
+
+Boolean. Default: `undef`.
+
+##### `default_ssl_cert`
+
+Sets the [SSL encryption][] certificate location.
+
+Although the default value results in a functioning Apache server, you **must** update this parameter with your certificate location before deploying this server in a production environment.
+
+Default: Depends on operating system.
+
+- **Debian**: `/etc/ssl/certs/ssl-cert-snakeoil.pem`
+- **FreeBSD**: `/usr/local/etc/apache22/server.crt`
+- **Gentoo**: `/etc/ssl/apache2/server.crt`
+- **Red Hat**: `/etc/pki/tls/certs/localhost.crt`
+
+##### `default_ssl_chain`
+
+Sets the default [SSL chain][] location.
+
+Although this default value results in a functioning Apache server, you **must** update this parameter with your SSL chain before deploying this server in a production environment.
+
+Default: `undef`.
+
+##### `default_ssl_crl`
+
+Sets the path of the default [certificate revocation list][] (CRL) file to use.
+
+Although this default value results in a functioning Apache server, you **must** update this parameter with the CRL file path before deploying this server in a production environment. You can use this parameter with or in place of the [`default_ssl_crl_path`][].
+
+Default: `undef`.
+
+##### `default_ssl_crl_path`
+
+Sets the server's [certificate revocation list path][], which contains your CRLs.
+
+Although this default value results in a functioning Apache server, you **must** update this parameter with the CRL file path before deploying this server in a production environment.
+
+Default: `undef`.
+
+##### `default_ssl_crl_check`
+
+Sets the default certificate revocation check level via the [`SSLCARevocationCheck`][] directive. This parameter applies only to Apache 2.4 or higher and is ignored on older versions.
+
+Although this default value results in a functioning Apache server, you **must** specify this parameter when using certificate revocation lists in a production environment.
+
+Default: `undef`.
+
+##### `default_ssl_key`
+
+Sets the [SSL certificate key file][] location.
+
+Although the default values result in a functioning Apache server, you **must** update this parameter with your SSL key's location before deploying this server in a production environment.
+
+Default: Depends on operating system.
+
+- **Debian**: `/etc/ssl/private/ssl-cert-snakeoil.key`
+- **FreeBSD**: `/usr/local/etc/apache22/server.key`
+- **Gentoo**: `/etc/ssl/apache2/server.key`
+- **Red Hat**: `/etc/pki/tls/private/localhost.key`
+
+
+##### `default_ssl_vhost`
+
+Configures a default [SSL][SSL encryption] virtual host. 
+
+If `true`, Puppet automatically configures the following virtual host using the [`apache::vhost`][] defined type:
+
+```puppet
+apache::vhost { 'default-ssl':
+  port            => 443,
+  ssl             => true,
+  docroot         => $docroot,
+  scriptalias     => $scriptalias,
+  serveradmin     => $serveradmin,
+  access_log_file => "ssl_${access_log_file}",
+  }
+```
+
+> **Note**: SSL virtual hosts only respond to HTTPS queries.
+
+
+Boolean. Default: `false`.
+
+##### `default_type`
+
+_Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer, and is only for backwards compatibility in configuration files.
+
+Default: `undef`.
+
+##### `default_vhost`
+
+Configures a default virtual host when the class is declared. 
+
+To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to `false`.
+
+> **Note**: Apache will not start without at least one virtual host. If you set this to `false` you must configure a virtual host elsewhere.
+
+Boolean. Default: `true`.
+
+##### `dev_packages`
+
+Configures a specific dev package to use. 
+
+Values: A string or array of strings.
+
+Example for using httpd 2.4 from the IUS yum repo:
+
+``` puppet
+include ::apache::dev
+class { 'apache':
+  apache_name  => 'httpd24u',
+  dev_packages => 'httpd24u-devel',
+}
+```
+
+Default: Depends on operating system.
+
+- **Red Hat:** 'httpd-devel'
+- **Debian 8/Ubuntu 13.10 or newer:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev']
+- **Older Debian/Ubuntu versions:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev']
+- **FreeBSD, Gentoo:** `undef`
+- **Suse:** ['libapr-util1-devel', 'libapr1-devel']
+
+##### `docroot`
+
+Sets the default [`DocumentRoot`][] location.
+
+Default: Depends on operating system.
+
+- **Debian**: `/var/www/html`
+- **FreeBSD**: `/usr/local/www/apache22/data`
+- **Gentoo**: `/var/www/localhost/htdocs`
+- **Red Hat**: `/var/www/html`
+
+##### `error_documents`
+
+Determines whether to enable [custom error documents][] on the Apache server.
+
+Boolean. Default: `false`.
+
+##### `group`
+
+Sets the group ID that owns any Apache processes spawned to answer requests.
+
+By default, Puppet attempts to manage this group as a resource under the `apache` class, determining the group based on the operating system as detected by the [`apache::params`][] class. To to prevent the group resource from being created and use a group created by another Puppet module, set the [`manage_group`][] parameter's value to `false`.
+
+> **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process.
+
+##### `httpd_dir`
+
+Sets the Apache server's base configuration directory. This is useful for specially repackaged Apache server builds but might have unintended consequences when combined with the default distribution packages.
+
+Default: Depends on operating system.
+
+- **Debian**: `/etc/apache2`
+- **FreeBSD**: `/usr/local/etc/apache22`
+- **Gentoo**: `/etc/apache2`
+- **Red Hat**: `/etc/httpd`
+
+##### http_protocol_options`
+
+Specifies the strictness of HTTP protocol checks. Valid options: any sequence of the following alternative values: `Strict` or `Unsafe`, `RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`. Default '`Strict LenientMethods Allow0.9`'.
+
+##### `keepalive`
+
+Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive. If you set this to 'On', use the [`keepalive_timeout`][] and [`max_keepalive_requests`][] parameters to set relevant options.
+
+Values: 'Off', 'On'.
+
+Default: 'Off'.
+
+##### `keepalive_timeout`
+
+Sets the [`KeepAliveTimeout`] directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. This parameter is only relevant if the [`keepalive` parameter][] is enabled.
+
+Default: '15'.
+
+##### `max_keepalive_requests`
+
+Limits the number of requests allowed per connection when the [`keepalive` parameter][] is enabled.
+
+Default: '100'.
+
+##### `lib_path`
+
+Specifies the location where [Apache module][Apache modules] files are stored. Default: Depends on operating system.
+
+- **Debian** and **Gentoo**: `/usr/lib/apache2/modules`
+- **FreeBSD**: `/usr/local/libexec/apache24`
+- **Red Hat**: `modules`
+
+> **Note**: Do not configure this parameter manually without special reason.
+
+##### `log_level`
+
+Changes the error log's verbosity. Values: 'alert', 'crit', 'debug', 'emerg', 'error', 'info', 'notice', 'warn'.
+
+Default: 'warn'.
+
+##### `log_formats`
+
+Define additional [`LogFormat`][] directives. Values: A [hash][], such as:
+
+``` puppet
+$log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' }
+```
+
+There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates:
+
+``` httpd
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded
+```
+
+If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition.
+
+##### `logroot`
+
+Changes the directory of Apache log files for the virtual host.
+
+Default: Depends on operating system.
+
+- **Debian**: `/var/log/apache2`
+- **FreeBSD**: `/var/log/apache22`
+- **Gentoo**: `/var/log/apache2`
+- **Red Hat**: `/var/log/httpd`
+
+##### `logroot_mode`
+
+Overrides the default [`logroot`][] directory's mode.
+
+> **Note**: Do _not_ grant write access to the directory where the logs are stored without being aware of the consequences. See the [Apache documentation][Log security] for details.
+
+Default: `undef`.
+
+##### `manage_group`
+
+When `false`, stops Puppet from creating the group resource.
+
+If you have a group created from another Puppet module that you want to use to run Apache, set this to `false`. Without this parameter, attempting to use a previously established group results in a duplicate resource error.
+
+Boolean. Default: `true`.
+
+##### `supplementary_groups`
+
+A list of groups to which the user belongs. These groups are in addition to the primary group. Default: No additional groups.
+
+Notice: This option only has an effect when `manage_user` is set to true.
+
+##### `manage_user`
+
+When `false`, stops Puppet from creating the user resource.
+
+This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error.
+
+Boolean. Default: `true`.
+
+##### `mod_dir`
+
+Sets where Puppet places configuration files for your [Apache modules][].
+
+Default: Depends on operating system.
+
+- **Debian**: `/etc/apache2/mods-available`
+- **FreeBSD**: `/usr/local/etc/apache22/Modules`
+- **Gentoo**: `/etc/apache2/modules.d`
+- **Red Hat**: `/etc/httpd/conf.d`
+
+##### `mod_packages`
+
+Allows the user to override default module package names.
+
+```puppet
+include apache::params
+class { 'apache':
+  mod_packages => merge($::apache::params::mod_packages, {
+    'auth_kerb' => 'httpd24-mod_auth_kerb',
+  })
+}
+```
+
+Hash. Default: `$apache::params::mod_packages`
+
+##### `mpm_module`
+
+Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Values: 'event', 'itk', 'peruser', 'prefork', 'worker', or `false`.
+
+You must set this to `false` to explicitly declare the following classes with custom parameters:
+
+- [`apache::mod::event`][]
+- [`apache::mod::itk`][]
+- [`apache::mod::peruser`][]
+- [`apache::mod::prefork`][]
+- [`apache::mod::worker`][]
+
+Default: Depends on operating system.
+
+- **Debian**: 'worker'
+- **FreeBSD, Gentoo, and Red Hat**: 'prefork'
+
+##### `package_ensure`
+
+Controls the `package` resource's [`ensure`][] attribute. Values: 'absent', 'installed' (or equivalent 'present'), or a version string.
+
+Default: 'installed'.
+ 
+##### `pidfile`
+
+Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm.
+
+Default: Depends on operating system.
+
+- **Debian:** '\${APACHE_PID_FILE}'
+- **FreeBSD:** '/var/run/httpd.pid'
+- **Red Hat:** 'run/httpd.pid'
+
+##### `ports_file`
+
+Sets the path to the file containing Apache ports configuration.
+
+Default: '{$conf_dir}/ports.conf'.
+
+##### `purge_configs`
+
+Removes all other Apache configs and virtual hosts.
+
+Setting this to `false` is a stopgap measure to allow the apache module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_dir`][].
+
+Boolean. Default: `true`.
+
+##### `purge_vhost_dir`
+
+If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parameter's, this parameter determines whether Puppet removes any configurations inside `vhost_dir` that are _not_ managed by Puppet.
+
+Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`.
+
+Boolean. Default: same as [`purge_configs`][].
+
+##### `rewrite_lock`
+
+Allows setting a custom location for a rewrite lock - considered best practice if using a RewriteMap of type prg in the [`rewrites`][] parameter of your virtual host. This parameter only applies to Apache version 2.2 or lower and is ignored on newer versions.
+
+Default: `undef`.
+
+##### `sendfile`
+
+Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the [`EnableSendfile`][] directive. Values: 'On', 'Off'.
+
+Default: 'On'.
+
+##### `serveradmin`
+
+Sets the Apache server administrator's contact information via Apache's [`ServerAdmin`][] directive.
+
+Default: 'root@localhost'.
+
+##### `servername`
+
+Sets the Apache server name via Apache's [`ServerName`][] directive. 
+
+Setting to `false` will not set ServerName at all.
+
+Default: the 'fqdn' fact reported by [Facter][].
+
+##### `server_root`
+
+Sets the Apache server's root directory via Apache's [`ServerRoot`][] directive.
+
+Default: Depends on operating system.
+
+- **Debian**: `/etc/apache2`
+- **FreeBSD**: `/usr/local`
+- **Gentoo**: `/var/www`
+- **Red Hat**: `/etc/httpd`
+
+##### `server_signature`
+
+Configures a trailing footer line to display at the bottom of server-generated documents, such as error documents and output of certain [Apache modules][], via Apache's [`ServerSignature`][] directive. Values: 'Off', 'On'.
+
+Default: 'On'.
+
+##### `server_tokens`
+
+Controls how much information Apache sends to the browser about itself and the operating system, via Apache's [`ServerTokens`][] directive.
+
+Default: 'OS'.
+
+##### `service_enable`
+
+Determines whether Puppet enables the Apache HTTPD service when the system is booted.
+
+Boolean. Default: `true`.
+
+##### `service_ensure`
+
+Determines whether Puppet should make sure the service is running. Values: `true` (or 'running'), `false` (or 'stopped'). 
+
+The `false` or 'stopped' values set the 'httpd' service resource's `ensure` parameter to `false`, which is useful when you want to let the service be managed by another application, such as Pacemaker.
+
+Default: 'running'.
+
+##### `service_name`
+
+Sets the name of the Apache service.
+
+Default: Depends on operating system.
+
+- **Debian and Gentoo**: 'apache2'
+- **FreeBSD**: 'apache22'
+- **Red Hat**: 'httpd'
+
+##### `service_manage`
+
+Determines whether Puppet manages the HTTPD service's state.
+
+Boolean. Default: `true`.
+
+##### `service_restart`
+
+Determines whether Puppet should use a specific command to restart the HTTPD service.
+
+Values: a command to restart the Apache service. The default setting uses the [default Puppet behavior][Service attribute restart].
+
+Default: `undef`.
+
+##### `ssl_ca`
+
+Specifies the SSL certificate authority. [SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile). Default: undef. It is possible to override this on a vhost level.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+##### `timeout`
+
+Sets Apache's [`TimeOut`][] directive, which defines the number of seconds Apache waits for certain events before failing a request.
+
+Default: 120.
+
+##### `trace_enable`
+
+Controls how Apache handles `TRACE` requests (per [RFC 2616][]) via the [`TraceEnable`][] directive.
+
+Values: 'Off', 'On'.
+
+Default: 'On'.
+
+##### `use_systemd`
+
+Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs.
+
+Boolean. Default: `true`.
+
+##### `file_mode`
+
+Sets the desired permissions mode for config files.
+
+Values: A string, with permissions mode in symbolic or numeric notation.
+
+Default: '0644'.
+
+##### `root_directory_options`
+
+Array of the desired options for the / directory in httpd.conf. Defaults to 'FollowSymLinks'.
+
+##### `root_directory_secured`
+
+Sets the default access policy for the / directory in httpd.conf. A value of `false` allows access to all resources that are missing a more specific access policy. A value of `true` denies access to all resources by default. If `true`, more specific rules must be used to allow access to these resources (for example, in a directory block using the [`directories`](#parameter-directories-for-apachevhost) parameter).
+
+Boolean. Default: `false`.
+
+##### `vhost_dir`
+
+Changes your virtual host configuration files' location.
+
+Default: Depends on operating system:
+
+- **Debian**: `/etc/apache2/sites-available`
+- **FreeBSD**: `/usr/local/etc/apache22/Vhosts`
+- **Gentoo**: `/etc/apache2/vhosts.d`
+- **Red Hat**: `/etc/httpd/conf.d`
+
+##### `vhost_include_pattern`
+
+Defines the pattern for files included from the `vhost_dir`.
+
+If set to a value like `[^.#]\*.conf[^~]` to make sure that files accidentally created in this directory (such as files created by version control systems or editor backups) are *not* included in your server configuration.
+
+Default: '*', also for BC with previous versions of this module. TODO: what does "also for BC" mean?
+ 
+Some operating systems use a value of `*.conf`. By default, this module creates configuration files ending in `.conf`.
+
+##### `user`
+
+Changes the user that Apache uses to answer requests. Apache's parent process continues to run as root, but child processes access resources as the user defined by this parameter. To prevent Puppet from managing the user, set the [`manage_user`][] parameter to `false`.
+
+Default: Depends on the user set by [`apache::params`][] class, based on your operating system:
+
+- **Debian**: 'www-data'
+- **FreeBSD**: 'www'
+- **Gentoo** and **Red Hat**: 'apache'
+
+To prevent Puppet from managing the user, set the [`manage_user`][] parameter to false.
+
+##### `apache_name`
+
+The name of the Apache package to install. If you are using a non-standard Apache package, such as those from Red Hat's software collections, you might need to override the default setting.
+
+Default: Depends on the user set by [`apache::params`][] class, based on your operating system:
+
+- **Debian**: 'apache2'
+- **FreeBSD**: 'apache24'
+- **Gentoo**: 'www-servers/apache'
+- **Red Hat**: 'httpd'
+
+##### `error_log`
+
+The name of the error log file for the main server instance. If the string starts with `/`, `|`, or `syslog`: the full path is set. Otherwise, the filename  is prefixed with `$logroot`.
+
+Default: Depends on operating system:
+
+- **Debian**: 'error.log'
+- **FreeBSD**: 'httpd-error.log'
+- **Gentoo**: 'error.log'
+- **Red Hat**: 'error_log'
+- **Suse**: 'error.log'
+
+##### `scriptalias`
+
+Directory to use for global script alias 
+
+Default: Depends on operating system:
+
+- **Debian**: '/usr/lib/cgi-bin'
+- **FreeBSD**: '/usr/local/www/apache24/cgi-bin'
+- **Gentoo**: 'var/www/localhost/cgi-bin'
+- **Red Hat**: '/var/www/cgi-bin'
+- **Suse**: '/usr/lib/cgi-bin'
+
+##### `access_log_file`
+
+The name of the access log file for the main server instance.
+
+Default: Depends on operating system:
+
+- **Debian**: 'error.log'
+- **FreeBSD**: 'httpd-access.log'
+- **Gentoo**: 'access.log'
+- **Red Hat**: 'access_log'
+- **Suse**: 'access.log'
+
+#### Class: `apache::dev`
+
+Installs Apache development libraries. Default: Depends on the operating system:[`dev_packages`][] parameter of the [`apache::params`][] class, based on your operating system:
+
+- **Debian** : 'libaprutil1-dev', 'libapr1-dev'; 'apache2-dev' on Ubuntu 13.10 and Debian 8; 'apache2-prefork-dev' on other versions.
+- **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`.
+- **Gentoo**: `undef`.
+- **Red Hat**: 'httpd-devel'.
+
+#### Class: `apache::vhosts`
+
+Creates [`apache::vhost`][] defined types.
+
+**Parameters**:
+
+* `vhosts`: Specifies the [`apache::vhost`][] defined type's parameters. 
+
+  Values: A [hash][], where the key represents the name and the value represents a [hash][] of [`apache::vhost`][] defined type's parameters.
+
+  Default: '{}'
+
+  > **Note**: See the [`apache::vhost`][] defined type's reference for a list of all virtual host parameters or [Configuring virtual hosts].
+
+  For example, to create a [name-based virtual host][name-based virtual hosts] 'custom_vhost_1, declare this class with the `vhosts` parameter set to '{ "custom_vhost_1" => { "docroot" => "/var/www/custom_vhost_1", "port" => "81" }':
+
+``` puppet
+class { 'apache::vhosts':
+  vhosts => {
+    'custom_vhost_1' => {
+      'docroot' => '/var/www/custom_vhost_1',
+      'port'    => '81',
+    },
+  },
+}
+```
+
+#### Classes: `apache::mod::<MODULE NAME>`
+
+Enables specific [Apache modules][]. Enable and configure an Apache module by declaring its class.
+
+For example, to install and enable [`mod_alias`][] with no icons, declare the [`apache::mod::alias`][] class with the `icons_options` parameter set to 'None':
+
+``` puppet
+class { 'apache::mod::alias':
+  icons_options => 'None',
+}
+```
+
+The following Apache modules have supported classes, many of which allow for parameterized configuration. You can install other Apache modules with the [`apache::mod`][] defined type.
+
+* `actions`
+* `alias` (see [`apache::mod::alias`][])
+* `auth_basic`
+* `auth_cas`\* (see [`apache::mod::auth_cas`][])
+* `auth_mellon`\* (see [`apache::mod::auth_mellon`][])
+* `auth_kerb`
+* `authn_core`
+* `authn_dbd`\* (see [`apache::mod::authn_dbd`][])
+* `authn_file`
+* `authnz_ldap`\* (see [`apache::mod::authnz_ldap`][])
+* `authnz_pam`
+* `authz_default`
+* `authz_user`
+* `autoindex`
+* `cache`
+* `cgi`
+* `cgid`
+* `cluster` (see [`apache::mod::cluster`][])
+* `dav`
+* `dav_fs`
+* `dav_svn`\*
+* `dbd`
+* `deflate\`
+* `dev`
+* `dir`\*
+* `disk_cache` (see [`apache::mod::disk_cache`][])
+* `dumpio` (see [`apache::mod::dumpio`][])
+* `env`
+* `event` (see [`apache::mod::event`][])
+* `expires`
+* `ext_filter` (see [`apache::mod::ext_filter`][])
+* `fastcgi`
+* `fcgid`
+* `filter`
+* `geoip` (see [`apache::mod::geoip`][])
+* `headers`
+* `include`
+* `info`\*
+* `intercept_form_submit`
+* `itk`
+* `ldap` (see [`apache::mod::ldap`][])
+* `lookup_identity`
+* `mime`
+* `mime_magic`\*
+* `negotiation`
+* `nss`\* (see [`apache::mod::nss`][])
+* `pagespeed` (see [`apache::mod::pagespeed`][])
+* `passenger`\* (see [`apache::mod::passenger`][])
+* `perl`
+* `peruser`
+* `php` (requires [`mpm_module`][] set to `prefork`)
+* `prefork`\*
+* `proxy`\* (see [`apache::mod::proxy`][])
+* `proxy_ajp`
+* `proxy_balancer`\* (see [`apache::mod::proxy_balancer`][])
+* `proxy_balancer`
+* `proxy_html` (see [`apache::mod::proxy_html`][])
+* `proxy_http`
+* `python`
+* `reqtimeout`
+* `remoteip`\*
+* `rewrite`
+* `rpaf`\*
+* `setenvif`
+* `security`
+* `shib`\* (see [`apache::mod::shib`])
+* `speling`
+* `ssl`\* (see [`apache::mod::ssl`][])
+* `status`\* (see [`apache::mod::status`][])
+* `suphp`
+* `userdir`\*
+* `version`
+* `vhost_alias`
+* `worker`\*
+* `wsgi` (see [`apache::mod::wsgi`][])
+* `xsendfile`
+
+Modules noted with a * indicate that the module has settings and a template that includes parameters to configure the module. Most Apache module class parameters have default values and don't require configuration. For modules with templates, Puppet installs template files with the module; these template files are required for the module to work.
+
+##### Class: `apache::mod::alias`
+
+Installs and manages [`mod_alias`][].
+
+**Parameters**:
+
+* `icons_options`: Disables directory listings for the icons directory, via Apache [`Options`] directive.
+
+  Default: 'Indexes MultiViews'.
+
+* `icons_path`: Sets the local path for an `/icons/` Alias.
+
+  Default: Depends on operating system.
+
+    * **Debian**: `/usr/share/apache2/icons`
+    * **FreeBSD**: `/usr/local/www/apache24/icons`
+    * **Gentoo**: `/var/www/icons`
+    * *Red Hat**: `/var/www/icons`, except on Apache 2.4, where it's `/usr/share/httpd/icons`
+
+#### Class: `apache::mod::disk_cache`
+
+Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk`][] on Apache 2.4.
+
+Default: Depends on the Apache version and operating system:
+
+- **Debian**: `/var/cache/apache2/mod_cache_disk`
+- **FreeBSD**: `/var/cache/mod_cache_disk`
+- **Red Hat, Apache 2.4**: `/var/cache/httpd/proxy`
+- **Red Hat, Apache 2.2**: `/var/cache/mod_proxy`
+
+To specify the cache root, pass a path as a string to the `cache_root` parameter.
+
+``` puppet
+class {'::apache::mod::disk_cache':
+  cache_root => '/path/to/cache',
+}
+```
+
+##### Class: `apache::mod::diskio`
+
+Installs and configures [`mod_diskio`][].
+
+```puppet
+class{'apache':
+  default_mods => `false`,
+  log_level    => 'dumpio:trace7',
+}
+class{'apache::mod::diskio':
+  disk_io_input  => 'On',
+  disk_io_output => 'Off',
+}
+```
+
+**Parameters**:
+
+* `dump_io_input`: Dump all input data to the error log.
+
+  Values: 'On', 'Off'.
+  
+  Default: 'Off'.
+  
+* `dump_io_output`: Dump all output data to the error log.
+
+  Values: 'On', 'Off'.
+
+  Defaults to 'Off'.
+
+##### Class: `apache::mod::event`
+
+Installs and manages [`mod_mpm_event`][]. You cannot include `apache::mod::event` with [`apache::mod::itk`][], [`apache::mod::peruser`][], [`apache::mod::prefork`][], or [`apache::mod::worker`][] on the same server.
+
+**Parameters**:
+
+* `listenbacklog`: Sets the maximum length of the pending connections queue via the module's [`ListenBackLog`][] directive.  Setting this to `false` removes the parameter.
+
+  Default: '511'.
+  
+* `maxrequestworkers` (_Apache 2.3.12 or older_: `maxclients`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive.  Setting these to `false` removes the parameters.
+
+  Default: '150'.
+  
+* `maxconnectionsperchild` (_Apache 2.3.8 or older_: `maxrequestsperchild`): Limits the number of connections a child server handles during its life, via the module's [`MaxConnectionsPerChild`][] directive. Setting these to `false` removes the parameters.
+
+  Default: '0'.
+  
+* `maxsparethreads` and `minsparethreads`: Sets the maximum and minimum number of idle threads, via the [`MaxSpareThreads`][] and [`MinSpareThreads`][] directives. Setting these to `false` removes the parameters.
+
+  Default: '75' and '25', respectively.
+  
+* `serverlimit`: Limits the configurable number of processes via the [`ServerLimit`][] directive. Setting this to `false` removes the parameter.
+
+  Default: '25'.
+  
+* `startservers`: Sets the number of child server processes created at startup, via the module's [`StartServers`][] directive. Setting this to `false` removes the parameter.
+
+  Default: '2'.
+  
+* `threadlimit`: Limits the number of event threads via the module's [`ThreadLimit`][] directive. Setting this to `false` removes the parameter.
+
+  Default: '64'.
+  
+* `threadsperchild`: Sets the number of threads created by each child process, via the [`ThreadsPerChild`][] directive. Default: '25'. Setting this to `false` removes the parameter.
+
+##### Class: `apache::mod::auth_cas`
+
+Installs and manages [`mod_auth_cas`][]. Parameters share names with the Apache module's directives.
+
+The `cas_login_url` and `cas_validate_url` parameters are required; several other parameters have `undef` default values.
+
+> **Note**: The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. See [https://github.com/Jasig/mod_auth_cas]()
+
+**Parameters**:
+
+- `cas_attribute_prefix`: Adds a header with the value of this header being the attribute values when SAML validation is enabled.
+
+  Default: CAS_.
+  
+- `cas_attribute_delimiter`: The delimiter between attribute values in the header created by `cas_attribute_prefix`.
+  
+  Default: ,
+
+- `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding.
+
+  Default: `undef`.
+
+- `cas_certificate_path`: Sets the path to the X509 certificate of the Certificate Authority for the server in `cas_login_url` and `cas_validate_url`.
+
+  Default: `undef`.
+
+- `cas_cache_clean_interval`: Sets the minimum number of seconds that must pass between cache cleanings.
+
+  Default: `undef`.
+
+- `cas_cookie_domain`: Sets the value of the `Domain=` parameter in the `Set-Cookie` HTTP header.
+
+  Default: `undef`.
+
+- `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers. 
+
+  Default: `undef`.
+
+- `cas_cookie_http_only`: Sets the optional `HttpOnly` flag when `mod_auth_cas` issues cookies.
+
+  Default: `undef`.
+
+- `cas_cookie_path`: Where cas cookie session data is stored. Should be writable by web server user.
+
+  Default: OS dependent.
+
+- `cas_cookie_path_mode`: The mode of `cas_cookie_path`.
+
+  Default: '0750'.
+
+- `cas_debug`: Determines whether to enable the module's debugging mode.
+  
+  Default: 'Off'.
+
+- `cas_idle_timeout`: Sets the idle timeout limit, in seconds.
+
+  Default: `undef`.
+
+- `cas_login_url`: **Required**. Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session.
+
+- `cas_proxy_validate_url`: The URL to use when performing a proxy validation.
+
+  Default: `undef`.
+
+- `cas_root_proxied_as`: Sets the URL end users see when access to this Apache server is proxied.
+
+  Default: `undef`.
+
+- `cas_scrub_request_headers`: Remove inbound request headers that may have special meaning within mod_auth_cas.
+
+- `cas_sso_enabled`: Enables experimental support for single sign out (may mangle POST data).
+
+  Default: 'Off'.
+  
+- `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. 
+
+  Default: `undef`.
+
+- `cas_validate_depth`: Limits the depth for chained certificate validation.
+
+  Default: `undef`.
+
+- `cas_validate_saml`: Parse response from CAS server for SAML.
+
+  Default: 'Off'.
+
+- `cas_validate_server`: Whether to validate the cert of the CAS server (deprecated in 1.1 - RedHat 7).
+
+  Default: `undef`.
+
+- `cas_validate_url`: **Required**. Sets the URL to use when validating a client-presented ticket in an HTTP query string.
+
+- `cas_version`: The CAS protocol version to adhere to. Values: '1', '2'.
+
+  Default: '2'.
+
+- `suppress_warning`: Suppress warning about being on RedHat (`mod_auth_cas` package is now available in epel-testing repo).
+
+  Default: `false`.
+
+##### Class: `apache::mod::auth_mellon`
+
+Installs and manages [`mod_auth_mellon`][]. Parameters share names with the Apache module's directives.
+
+``` puppet
+class{ 'apache::mod::auth_mellon':
+  mellon_cache_size => 101,
+}
+```
+
+**Parameters**:
+
+* `mellon_cache_entry_size`: Maximum size for a single session.
+
+  Default: `undef`.
+
+* `mellon_cache_size`: Size in megabytes of the mellon cache.
+
+  Default: 100.
+
+* `mellon_lock_file`: Location of lock file.
+
+  Default: '`/run/mod_auth_mellon/lock`'.
+
+* `mellon_post_directory`: Full path where post requests are saved.
+
+  Default: '`/var/cache/apache2/mod_auth_mellon/`'
+
+* `mellon_post_ttl`: Time to keep post requests.
+
+  Default: `undef`.
+
+* `mellon_post_size`: Maximum size of post requests.
+
+  Default: `undef`.
+
+* `mellon_post_count`: Maximum number of post requests.
+
+ Default: `undef`.
+
+##### Class: `apache::mod::authn_dbd`
+
+Installs `mod_authn_dbd` and uses `authn_dbd.conf.erb` template to generate its configuration. Optionally, creates AuthnProviderAlias.
+
+``` puppet
+class { 'apache::mod::authn_dbd':
+  $authn_dbd_params =>
+    'host=db01 port=3306 user=apache password=xxxxxx dbname=apacheauth',
+  $authn_dbd_query  => 'SELECT password FROM authn WHERE user = %s',
+  $authn_dbd_alias  => 'db_auth',
+}
+```
+
+**Parameters**:
+
+* `authn_dbd_alias`: Name for the 'AuthnProviderAlias'.
+
+* `authn_dbd_dbdriver`: Specifies the database driver to use.
+  
+  Default: 'mysql'.
+  
+* `authn_dbd_exptime`: corresponds to DBDExptime.
+
+  Default: 300.
+
+* `authn_dbd_keep`: Corresponds to DBDKeep.
+
+  Default: 8.
+  
+* `authn_dbd_max`: Corresponds to DBDMax.
+
+  Default: 20.
+
+* `authn_dbd_min`: Corresponds to DBDMin.
+
+  Default: 4.
+
+* `authn_dbd_params`: **Required**. Corresponds to DBDParams for the connection string.
+
+* `authn_dbd_query`: Whether to query the user and password for authentication.
+
+##### Class: `apache::mod::authnz_ldap`
+
+Installs `mod_authnz_ldap` and uses the `authnz_ldap.conf.erb` template to generate its configuration.
+
+**Parameters**:
+
+* `package_name`: The name of the package.
+
+  Default: `undef`.
+  
+* `verify_server_cert`: Whether to verify the server certificate.
+  
+  Default: `undef`.
+
+##### Class: `apache::mod::cluster`
+
+**Note**: There is no official package available for `mod_cluster`, so you must make it available outside of the apache module. Binaries can be found at http://mod-cluster.jboss.org/
+
+``` puppet
+class { '::apache::mod::cluster':
+  ip                      => '172.17.0.1',
+  allowed_network         => '172.17.0.',
+  balancer_name           => 'mycluster',
+  version                 => '1.3.1'
+}
+```
+
+**Parameters**:
+
+* `port`: mod_cluster listen port.
+
+  Default: '6666'.
+  
+* `server_advertise`: Whether the server should advertise.
+
+  Default: `true`.
+  
+* `advertise_frequency`: Sets the interval between advertise messages in seconds[.miliseconds]. 
+
+  Default: 10.
+
+* `manager_allowed_network`: Whether to allow the network to access the mod_cluster_manager.
+
+  Default: '127.0.0.1'.
+
+* `keep_alive_timeout`: Specifies how long Apache should wait for a request, in seconds. 
+  
+  Default: 60.
+
+* `max_keep_alive_requests`: Maximum number of requests kept alive.
+
+  Default: 0.
+
+* `enable_mcpm_receive`: Whether MCPM should be enabled.
+
+  Default: `true`.
+
+* `ip`: Specifies the IP address to listen to.
+
+* `allowed_network`: Balanced members network.
+
+* `version`: Specifies the `mod_cluster` version. Version 1.3.0 or greater is required for httpd 2.4.
+
+##### Class: `apache::mod::deflate`
+
+Installs and configures [`mod_deflate`][].
+
+**Parameters**:
+
+* `types`: An [array][] of [MIME types][MIME `content*type`] to be deflated.
+
+  Default: [ 'text/html text/plain text/xml', 'text/css', 'application/x*javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json' ].
+  
+* `notes`: A [Hash][] where the key represents the type and the value represents the note name.
+
+  Default: { 'Input'  => 'instream', 'Output' => 'outstream', 'Ratio'  => 'ratio' }.
+
+##### Class: `apache::mod::expires`
+
+Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate its configuration.
+
+**Parameters**:
+
+* `expires_active`: Enables generation of `Expires` headers for a document realm.
+
+  Boolean. Default: `true`.
+
+* `expires_default`: Specifies the default algorithm for calculating expiration time using [`ExpiresByType`][] syntax or [interval syntax][].
+
+  Default: `undef`.
+  
+* `expires_by_type`: Describes a set of [MIME `content*type`][] and their expiration times.
+
+  Values: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content*type` (i.e. 'text/json') and its value following valid [interval syntax][].
+  
+  Default: `undef`.
+
+##### Class: `apache::mod::ext_filter`
+
+Installs and configures [`mod_ext_filter`][].
+
+``` puppet
+class { 'apache::mod::ext_filter':
+  ext_filter_define => {
+    'slowdown'       => 'mode=output cmd=/bin/cat preservescontentlength',
+    'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"',
+  },
+}
+```
+
+**Parameters**:
+
+* `ext_filter_define`: A hash of filter names and their parameters.
+
+  Default: `undef`.
+
+##### Class: `apache::mod::fcgid`
+
+Installs and configures [`mod_fcgid`][].
+
+The class does not individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [hash][]. For example:
+
+``` puppet
+class { 'apache::mod::fcgid':
+  options => {
+    'FcgidIPCDir'  => '/var/run/fcgidsock',
+    'SharememPath' => '/var/run/fcgid_shm',
+    'AddHandler'   => 'fcgid-script .fcgi',
+  },
+}
+```
+
+For a full list of options, see the [official `mod_fcgid` documentation][`mod_fcgid`].
+
+If you include `apache::mod::fcgid`, you can set the [`FcgidWrapper`][] per directory, per virtual host. The module must be loaded first; Puppet will not automatically enable it if you set the `fcgiwrapper` parameter in `apache::vhost`.
+
+``` puppet
+include apache::mod::fcgid
+
+apache::vhost { 'example.org':
+  docroot     => '/var/www/html',
+  directories => {
+    path        => '/var/www/html',
+    fcgiwrapper => {
+      command => '/usr/local/bin/fcgiwrapper',
+    }
+  },
+}
+```
+
+##### Class: `apache::mod::geoip`
+
+Installs and manages [`mod_geoip`][].
+
+**Parameters**:
+
+* `db_file`: Sets the path to your GeoIP database file.
+
+  Values: a path, or an [array][] paths for multiple GeoIP database files.
+
+  Default: `/usr/share/GeoIP/GeoIP.dat`.
+
+* `enable`: Determines whether to globally enable [`mod_geoip`][].
+
+  Boolean. Default: `false`.
+  
+* `flag`: Sets the GeoIP flag.
+
+  Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'.
+  
+  Default: 'Standard'.
+  
+* `output`: Defines which output variables to use.
+
+  Values: 'All', 'Env', 'Request', 'Notes'.
+  
+  Default: 'All'.
+
+* `enable_utf8`: Changes the output from ISO*8859*1 (Latin*1) to UTF*8.
+
+  Boolean. Default: `undef`.
+
+* `scan_proxy_headers`: Enables the [GeoIPScanProxyHeaders][] option.
+
+  Boolean. Default: `undef`.
+
+* `scan_proxy_header_field`: Specifies the header [`mod_geoip`][] uses to determine the client's IP address.
+
+  Default: `undef`.
+
+* `use_last_xforwarededfor_ip` (sic): Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found.
+
+  Boolean. Default: `undef`.
+
+##### Class: `apache::mod::info`
+
+Installs and manages [`mod_info`][], which provides a comprehensive overview of the server configuration.
+
+**Parameters**:
+
+* `allow_from`: Whitelist of IPv4 or IPv6 addresses or ranges that can access `/server*info`.
+
+  Values: One or more octets of an IPv4 address, an IPv6 address or range, or an array of either.
+  
+  Default: ['127.0.0.1','::1'].
+
+* `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'.
+
+  Default: The value of [`$::apache::apache_version`][`apache_version`].
+
+
+* `restrict_access`: Determines whether to enable access restrictions. If `false`, the `allow_from` whitelist is ignored and any IP address can access `/server*info`.
+
+  Boolean. Default: `true`.
+
+##### Class: `apache::mod::passenger`
+
+Installs and manages [`mod_passenger`][]. For Red Hat-based systems, ensure that you meet the minimum requirements described in the [passenger docs](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux).
+
+**Parameters**:
+
+* `passenger_high_performance`: Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance).
+
+  Values: 'On', 'Off'.
+  
+  Default: `undef`.
+  
+* `passenger_pool_idle_time`: Sets the [`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpoolidletime).
+
+  Default: `undef`.
+
+* `passenger_max_pool_size`: Sets the [`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpoolsize).
+
+  Default: `undef`.
+
+* `passenger_max_request_queue_size`: Sets the [`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize).
+
+  Default: `undef`.
+
+* `passenger_max_requests`: Sets the [`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests).
+
+  Default: `undef`.
+
+* `passenger_data_buffer_dir`: Sets the [`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerdatabufferdir).
+
+  Default: `undef`.
+
+##### Class: `apache::mod::ldap`
+
+Installs and configures [`mod_ldap`][], and allows you to modify the
+[`LDAPTrustedGlobalCert`](https://httpd.apache.org/docs/current/mod/mod_ldap.html#ldaptrustedglobalcert) Directive:
+
+``` puppet
+class { 'apache::mod::ldap':
+  ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt',
+  ldap_trusted_global_cert_type => 'CA_DER',
+  ldap_shared_cache_size        => '500000',
+  ldap_cache_entries            => '1024',
+  ldap_cache_ttl                => '600',
+  ldap_opcache_entries          => '1024',
+  ldap_opcache_ttl              => '600',
+}
+```
+
+**Parameters**
+
+* `apache_version`: Specifies the installed Apache version.
+
+  Default: `undef`.
+
+* `ldap_trusted_global_cert_file`: Specifies the path and file name of the trusted CA certificates to use when establishing SSL or TLS connections to an LDAP server.
+
+* `ldap_trusted_global_cert_type`: Specifies the global trust certificate format.
+
+  Default: 'CA_BASE64'.
+
+* `ldap_shared_cache_size`: Specifies the size, in bytes, of the shared memory cache.
+
+* `ldap_cache_entries`: Specifies the maximum number of entries in the primary LDAP cache.
+
+* `ldap_cache_ttl`: Specifies the time, in seconds, that cached items remain valid.
+
+* `ldap_opcache_entries`: Specifies the number of entries used to cache LDAP compare operations.
+
+* `ldap_opcache_ttl`: Specifies the time, in seconds, that entries in the operation cache remain valid.
+
+* `package_name`: Specifies the custom package name.
+
+  Default: `undef`.
+
+##### Class: `apache::mod::negotiation`
+
+Installs and configures [`mod_negotiation`][].
+
+**Parameters**:
+
+* `force_language_priority`: Sets the `ForceLanguagePriority` option.
+
+  Values: A string.
+  
+  Default: `Prefer Fallback`.
+  
+* `language_priority`: An [array][] of languages to set the `LanguagePriority` option of the module.
+
+  Default: [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt*BR', 'ru', 'sv', 'zh*CN', 'zh*TW' ]
+
+##### Class: `apache::mod::nss`
+
+An SSL provider for Apache using the NSS crypto libraries.
+
+**Parameters:**
+
+- `transfer_log`: path to access.log
+- `error_log`: path to error.log
+- `passwd_file`: path to file used for NSSPassPhraseDialog directive 
+- `port`: SSL port. Defaults to 8443
+
+##### Class: `apache::mod::pagespeed`
+
+Installs and manages [`mod_pagespeed`][], a Google module that rewrites web pages to reduce latency and bandwidth.
+
+Although this apache module requires the `mod-pagespeed-stable` package, Puppet **does not** manage the software repositories required to automatically install the package. If you declare this class when the package is either not installed or not available to your package manager, your Puppet run will fail.
+
+> **Note:** Verify that your system is compatible with the latest Google Pagespeed requirements.
+
+**Parameters**:
+
+These parameters correspond to the module's directives. See the [module's documentation][`mod_pagespeed`] for details.
+
+* `inherit_vhost_config`: Default: 'on'.
+* `filter_xhtml`: Default: `false`.
+* `cache_path`: Default: '/var/cache/mod_pagespeed/'.
+* `log_dir`: Default: '/var/log/pagespeed'.
+* `memcache_servers`: Default: [].
+* `rewrite_level`: Default: 'CoreFilters'.
+* `disable_filters`: Default: [].
+* `enable_filters`: Default: [].
+* `forbid_filters`: Default: [].
+* `rewrite_deadline_per_flush_ms`: Default: 10.
+* `additional_domains`: Default: `undef`.
+* `file_cache_size_kb`: Default: 102400.
+* `file_cache_clean_interval_ms`: Default: 3600000.
+* `lru_cache_per_process`: Default: 1024.
+* `lru_cache_byte_limit`: Default: 16384.
+* `css_flatten_max_bytes`: Default: 2048.
+* `css_inline_max_bytes`: Default: 2048.
+* `css_image_inline_max_bytes`: Default: 2048.
+* `image_inline_max_bytes`: Default: 2048.
+* `js_inline_max_bytes`: Default: 2048.
+* `css_outline_min_bytes`: Default: 3000.
+* `js_outline_min_bytes`: Default: 3000.
+* `inode_limit`: Default: 500000.
+* `image_max_rewrites_at_once`: Default: 8.
+* `num_rewrite_threads`: Default: 4.
+* `num_expensive_rewrite_threads`: Default: 4.
+* `collect_statistics`: Default: 'on'.
+* `statistics_logging`: Default: 'on'.
+* `allow_view_stats`: Default: [].
+* `allow_pagespeed_console`: Default: [].
+* `allow_pagespeed_message`: Default: [].
+* `message_buffer_size`: Default: 100000.
+* `additional_configuration`: A hash of directive value pairs, or an array of lines to insert at the end of the pagespeed configuration. Default: '{ }'.
+
+##### Class: `apache::mod::passenger`
+
+Installs and configures `mod_passenger`.
+
+>**Note**: The passenger module isn't available on RH/CentOS without providing the dependency packages provided by EPEL and the `mod_passengers` custom repository. See the `manage_repo` parameter above and [https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]()
+
+**Parameters**: [TODO: parameters were not listed (except `manage_repo`), so I pulled them out of the manifest. I need to know what these parameters do and what their values can be OR a link that points external documentation for the parameter mapping (as with mod_pagespeed above) <!--see also MODULES-4745-->]
+
+* `passenger_conf_file`: `$::apache::params::passenger_conf_file`
+* `passenger_conf_package_file: `$::apache::params::passenger_conf_package_file`
+* `passenger_high_performance`: Default: `undef`
+* `passenger_pool_idle_time`: Default: `undef`
+* `passenger_max_request_queue_size`: Default: `undef`
+* `passenger_max_requests`: Default: `undef`
+* `passenger_spawn_method`: Default: `undef`
+* `passenger_stat_throttle_rate`: Default: `undef`
+* `rack_autodetect`: Default: `undef`
+* `rails_autodetect`: Default: `undef`
+* `passenger_root` : `$::apache::params::passenger_root`
+* `passenger_ruby` : `$::apache::params::passenger_ruby`
+* `passenger_default_ruby`: `$::apache::params::passenger_default_ruby`
+* `passenger_max_pool_size`: Default: `undef`
+* `passenger_min_instances`: Default: `undef`
+* `passenger_max_instances_per_app`: Default: `undef`
+* `passenger_use_global_queue`: Default: `undef`
+* `passenger_app_env`: Default: `undef`
+* `passenger_log_file`: Default: `undef`
+* `passenger_log_level`: Default: `undef`
+* `passenger_data_buffer_dir`: Default: `undef`
+* `manage_repo`: Whether to manage the phusionpassenger.com repository. Default: `true`.
+* `mod_package`: Default: `undef`.
+* `mod_package_ensure`: Default: `undef`.
+* `mod_lib`: Default: `undef`.
+* `mod_lib_path`: Default: `undef`.
+* `mod_id`: Default: `undef`.
+* `mod_path`: Default: `undef`.
+
+##### Class: `apache::mod::proxy`
+
+Installs `mod_proxy` and uses the `proxy.conf.erb` template to generate its configuration.
+
+**Parameters within `apache::mod::proxy`**:
+
+TODO: What do these parameters do?
+
+- `allow_from`: Default: `undef`.
+- `apache_version`: Default: `undef`.
+- `package_name`: Default: `undef`.
+- `proxy_requests`: Default: 'Off'.
+- `proxy_via`: Default: 'On'.
+
+##### Class: `apache::mod::proxy_balancer`
+
+Installs and manages [`mod_proxy_balancer`][], which provides load balancing.
+
+**Parameters**:
+
+* `manager`: Determines whether to enable balancer manager support.
+
+  Default: `false`.
+  
+* `manager_path`: The server location of the balancer manager.
+
+  Default: '/balancer*manager'.
+  
+* `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/balancer*manager`.
+
+  Default: ['127.0.0.1','::1'].
+  
+* `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'.
+
+  Default: the value of [`$::apache::apache_version`][`apache_version`]. On Apache 2.4 or greater, `mod_slotmem_shm` is loaded.
+
+##### Class: `apache::mod::php`
+
+Installs and configures [`mod_php`][].
+
+**Parameters**:
+
+Default values for these parameters depend on your operating system. Most of this class's parameters correspond to `mod_php` directives; see the [module's documentation][`mod_php`] for details.
+
+* `package_name`: Names the package that installs `mod_php`.
+* `path`: Defines the path to the `mod_php` shared object (`.so`) file.
+* `source`: Defines the path to the default configuration. Values include a `puppet:///` path.
+* `template`: Defines the path to the `php.conf` template Puppet uses to generate the configuration file.
+* `content`: Adds arbitrary content to `php.conf`.
+
+##### Class: `apache::mod::proxy_html`
+
+**Note**: There is no official package available for `mod_proxy_html`, so you must make it available outside of the apache module. 
+
+##### Class: `apache::mod::reqtimeout`
+
+Installs and configures [`mod_reqtimeout`][].
+
+**Parameters**
+
+* `timeouts`: Sets the [`RequestReadTimeout`][] option. 
+
+  Values:  A string or [array][].
+  
+  Default: ['header=20-40,MinRate=500', 'body=20,MinRate=500'].
+
+##### Class: `apache::mod::rewrite`
+
+Installs and enables the Apache module `mod_rewrite`.
+
+##### Class: `apache::mod::shib`
+
+Installs the [Shibboleth](http://shibboleth.net/) Apache module `mod_shib`, which enables SAML2 single sign-on (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. Defining this class enables Shibboleth-specific parameters in `apache::vhost` instances.
+
+This class installs and configures only the Apache components of a web application that consumes Shibboleth SSO identities. You can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth).
+
+**Note**: The shibboleth module isn't available on RH/CentOS without providing dependency packages provided by Shibboleth's repositories. See [http://wiki.aaf.edu.au/tech-info/sp-install-guide]()
+
+##### Class: `apache::mod::ssl`
+
+Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template to generate its configuration. On most operating systems, this `ssl.conf` is placed in the module configuration directory. On Red Hat-based operating systems, this file is placed in `/etc/httpd/conf.d`, the same location in which the RPM stores the configuration.
+
+To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] parameter in `::apache` to `true` **or** the [`ssl`][] parameter in [`apache::vhost`][] to `true`.
+
+- `ssl_cipher`: Default: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4'.
+- `ssl_compression`: Default: false.
+- `ssl_cryptodevice`: Default: 'builtin'.
+- `ssl_honorcipherorder`: Default: true.
+- `ssl_openssl_conf_cmd`: Default: undef.
+- `ssl_options`: Default: [ 'StdEnvVars' ]
+- `ssl_pass_phrase_dialog`: Default: 'builtin'.
+- `ssl_protocol`: Default: [ 'all', '-SSLv2', '-SSLv3' ].
+- `ssl_proxy_protocol`: Default: [].
+- `ssl_random_seed_bytes`: Valid options: A string. Default: '512'.
+- `ssl_sessioncache`: Valid options: A string. Default: '300'.
+- `ssl_sessioncachetimeout`: Valid options: A string. Default: '300'.
+- `ssl_mutex`: Default: Determined based on the OS. Valid options: See [mod_ssl][mod_ssl] documentation.
+  - RedHat/FreeBSD/Suse/Gentoo: 'default'
+  - Debian/Ubuntu + Apache >= 2.4: 'default'
+  - Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex'
+**Parameters:
+
+* `ssl_cipher`
+
+  Default: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4'.
+
+* `ssl_compression`
+
+  Default: `false`.
+
+* `ssl_cryptodevice`
+
+  Default: 'builtin'.
+
+* `ssl_honorcipherorder`
+
+  Default: `true`.
+  
+* `ssl_openssl_conf_cmd`
+
+  Default: `undef`.
+
+* `ssl_options`
+
+  Default: [ 'StdEnvVars' ]
+
+* `ssl_pass_phrase_dialog`
+
+  Default: 'builtin'.
+
+* `ssl_protocol`
+
+  Default: [ 'all', '*SSLv2', '*SSLv3' ].
+  
+* `ssl_random_seed_bytes`
+
+  Values: A string.
+  
+  Default: '512'.
+  
+* `ssl_sessioncachetimeout`
+
+  Values: A string.
+  
+  Default: '300'.
+  
+* `ssl_mutex`:
+
+  Values: See [mod_ssl][mod_ssl] documentation.
+
+  Default: Based on the OS:
+ 
+  * RedHat/FreeBSD/Suse/Gentoo: 'default'.
+  * Debian/Ubuntu + Apache >= 2.4: 'default'.
+  * Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex'.
+  * Ubuntu 10.04: 'file:/var/run/apache2/ssl_mutex'.
+
+
+##### Class: `apache::mod::status`
+
+Installs [`mod_status`][] and uses the `status.conf.erb` template to generate its configuration.
+
+**Parameters**:
+
+* `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/server-status`. 
+
+  Default: ['127.0.0.1','::1'].
+* `extended_status`: Determines whether to track extended status information for each request, via the [`ExtendedStatus`][] directive.
+
+  Values: 'Off', 'On'.
+  
+  Default: 'On'.
+  
+* `status_path`: The server location of the status page.
+
+  Default: '/server-status'.
+
+##### Class: `apache::mod::version`
+
+Installs [`mod_version`][] on many operating systems and Apache configurations.
+
+If Debian and Ubuntu systems with Apache 2.4 are classified with `apache::mod::version`, Puppet warns that `mod_version` is built-in and can't be loaded.
+
+##### Class: `apache::mod::security`
+
+Installs and configures Trustwave's [`mod_security`][]. It is enabled and runs by default on all virtual hosts.
+
+**Parameters**:
+
+* `activated_rules`: An [array][] of rules from the `modsec_crs_path` or absolute to activate via symlinks.
+* `allowed_methods`: A space*separated list of allowed HTTP methods.
+
+  Default: 'GET HEAD POST OPTIONS'.
+
+* `content_types`: A list of one or more allowed [MIME types][MIME `content*type`]. 
+
+  Default: 'application/x*www*form*urlencoded|multipart/form*data|text/xml|application/xml|application/x*amf'.
+
+* `crs_package`: Names the package that installs CRS rules.
+
+  Default: `modsec_crs_package` in [`apache::params`][].
+
+* `manage_security_crs`: Manage security_crs.conf rules file.
+
+  Default: `true`.
+  
+* `modsec_dir`: Defines the path where Puppet installs the modsec configuration and activated rules links.
+
+  Default: 'On', set by `modsec_dir` in [`apache::params`][].
+${modsec\_dir}/activated\_rules.
+
+* `modsec_secruleengine`: Configures the modsec rules engine. Values: 'On', 'Off', and 'DetectionOnly'.
+
+  Default: `modsec_secruleengine` in [`apache::params`][].
+
+* `restricted_extensions`: A space*separated list of prohibited file extensions.
+
+  Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'.
+
+* `restricted_headers`: A list of restricted headers separated by slashes and spaces. 
+
+  Default: 'Proxy*Connection/ /Lock*Token/ /Content*Range/ /Translate/ /via/ /if/'.
+
+* `secdefaultaction`: Configures the Mode of Operation, Self-Contained ('deny') or Collaborative Detection ('pass'), for the OWASP ModSecurity Core Rule Set.
+
+  Default: 'deny'. You can also set full values, such as "log,auditlog,deny,status:406,tag:'SLA 24/7'".
+
+* `secpcrematchlimit`: Sets the number for the match limit in the PCRE library.
+
+  Default: 1500.
+
+* `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library.
+
+  Default: 1500.
+
+* `logroot`: Configures the location of audit and debug logs.
+
+  Defaults to the Apache log directory (Redhat: `/var/log/httpd`,  Debian: `/var/log/apache2`).
+
+* `audit_log_releavant_status`: Configures which response status code is to be considered relevant for the purpose of audit logging.
+
+  Default: '^(?:5|4(?!04))'.
+
+* `audit_log_parts`: Sets the sections to be put in the [audit log][].
+
+  Default: 'ABIJDEFHZ'.
+  
+* `anomaly_score_blocking`: Activates or deactivates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set.
+
+  Default: 'off'.
+  
+* `inbound_anomaly_threshold`: Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
+
+  Default: 5.
+  
+* `outbound_anomaly_threshold`: Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
+
+  Default: 4.
+  
+* `critical_anomaly_score`: Sets the scoring points of the critical severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
+
+  Default: 5.
+  
+* `error_anomaly_score`: Sets the scoring points of the error severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
+
+  Default: 4.
+  
+* `warning_anomaly_score`: Sets the scoring points of the warning severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
+
+  Default: 3.
+
+* `notice_anomaly_score`: Sets the scoring points of the notice severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
+
+Default: 2.
+
+* `secrequestmaxnumargs`: Sets the Maximum number of arguments in the request.
+
+  Default: 255.
+
+* `secrequestbodylimit`:  Sets the maximum request body size ModSecurity accepts for buffering.
+
+  Default: '13107200'.
+  
+* `secrequestbodynofileslimit`: Sets the maximum request body size ModSecurity accepts for buffering, excluding the size of any files being transported in the request.
+
+  Default: '131072'.
+  
+* `secrequestbodyinmemorylimit`: Sets the maximum request body size that ModSecurity stores in memory.
+
+  Default: '131072'
+
+##### Class: `apache::mod::wsgi`
+
+Enables Python support via [`mod_wsgi`][].
+
+**Parameters**:
+
+* `mod_path`: Defines the path to the `mod_wsgi` shared object (`.so`) file.
+
+  Default: `undef`.
+  
+  * If the `mod_path` parameter doesn't contain `/`, Puppet prefixes it with your operating system's default module path. Otherwise, Puppet follows it literally.
+  
+* `package_name`: Names the package that installs `mod_wsgi`.
+
+  Default: `undef`.
+
+* `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'. 
+
+  Values: A string specifying a path.
+
+  Default: `undef`.
+  
+* `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site*packages'.
+
+  Values: A string specifying a path.
+  
+  Default: `undef`.
+
+* `wsgi_restrict_embedded`: Defines the [`WSGIRestrictEmbedded`][] directive, such as 'On'. 
+
+Values: On|Off|undef.
+
+Default: undef.
+
+* `wsgi_socket_prefix`: Defines the [`WSGISocketPrefix`][] directive, such as "\${APACHE\_RUN\_DIR}WSGI".
+
+  Default: `wsgi_socket_prefix` in [`apache::params`][].
+
+The class's parameters correspond to the module's directives. See the [module's documentation][`mod_wsgi`] for details.
+
+### Private Classes
+
+#### Class: `apache::confd::no_accf`
+
+Creates the `no-accf.conf` configuration file in `conf.d`, required by FreeBSD's Apache 2.4.
+
+#### Class: `apache::default_confd_files`
+
+Includes `conf.d` files for FreeBSD.
+
+#### Class: `apache::default_mods`
+
+Installs the Apache modules required to run the default configuration. See the `apache` class's [`default_mods`][] parameter for details.
+
+#### Class: `apache::package`
+
+Installs and configures basic Apache packages.
+
+#### Class: `apache::params`
+
+Manages Apache parameters for different operating systems.
+
+#### Class: `apache::service`
+
+Manages the Apache daemon.
+
+#### Class: `apache::version`
+
+Attempts to automatically detect the Apache version based on the operating system.
+
+### Public defined types
+
+#### Defined type: `apache::balancer`
+
+Creates an Apache load balancing group, also known as a balancer cluster, using [`mod_proxy`][]. Each load balancing group needs one or more balancer members, which you can declare in Puppet with the  [`apache::balancermember`][] defined type.
+
+Declare one `apache::balancer` defined type for each Apache load balancing group. You can export `apache::balancermember` defined types for all balancer members and collect them on a single Apache load balancer server using [exported resources][].
+
+**Parameters**:
+
+##### `name`
+
+Sets the title of the balancer cluster and name of the `conf.d` file containing its configuration.
+
+##### `proxy_set`
+
+Configures key-value pairs as [`ProxySet`][] lines. Values: a [hash][]. Default: '{}'.
+
+##### `collect_exported`
+
+Determines whether to use [exported resources][].
+
+If you statically declare all of your backend servers, set this parameter to `false` to rely on existing, declared balancer member resources. Also, use `apache::balancermember` with [array][] arguments.
+
+To dynamically declare backend servers via exported resources collected on a central node, set this parameter to `true` to collect the balancer member resources exported by the balancer member nodes.
+
+If you don't use exported resources, a single Puppet run configures all balancer members. If you use exported resources, Puppet has to run on the balanced nodes first, then run on the balancer.
+
+Boolean. Default: `true`.
+
+#### Defined type: `apache::balancermember`
+
+Defines members of [`mod_proxy_balancer`][], which sets up a balancer member inside a listening service configuration block in the load balancer's `apache.cfg`.
+
+**Parameters**:
+
+##### `balancer_cluster`
+
+**Required**.
+
+Sets the Apache service's instance name, and must match the name of a declared [`apache::balancer`][] resource.
+
+##### `url`
+
+Specifies the URL used to contact the balancer member server.
+
+Default: 'http://${::fqdn}/'.
+
+##### `options`
+
+Specifies an [array][] of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the URL, and accepts any key-value pairs available to [`ProxyPass`][].
+
+Default: an empty array.
+
+#### Defined type: `apache::custom_config`
+
+Adds a custom configuration file to the Apache server's `conf.d` directory. If the file is invalid and this defined type's [`verify_config`][] parameter's value is `true`, Puppet throws an error during a Puppet run.
+
+**Parameters**:
+
+##### `ensure`
+
+Specifies whether the configuration file should be present.
+
+Values: 'absent', 'present'.
+
+Default: 'present'.
+
+##### `confdir`
+
+Sets the directory in which Puppet places configuration files.
+
+Default: the value of [`$::apache::confd_dir`][`confd_dir`].
+
+##### `content`
+
+Sets the configuration file's content. The `content` and [`source`][] parameters are exclusive of each other.
+
+Default: `undef`
+
+##### `filename`
+
+Sets the name of the file under `confdir` in which Puppet stores the configuration.
+
+Default: Filename generated from the `priority` parameter and the resource name.
+
+##### `priority`
+
+Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order.
+
+To omit the priority prefix in the configuration file's name, set this parameter to `false`.
+
+Default: '25'.
+
+##### `source`
+
+Points to the configuration file's source. The [`content`][] and `source` parameters are exclusive of each other. TODO: is this required or does it have a default value?
+
+Default: `undef`
+
+##### `verify_command`
+
+Specifies the command Puppet uses to verify the configuration file. Use a fully qualified command.
+
+This parameter is used only if the [`verify_config`][] parameter's value is `true`. If the `verify_command` fails, the Puppet run deletes the configuration file and raises an error, but does not notify the Apache service.
+
+Default: '/usr/sbin/apachectl -t'.
+
+##### `verify_config`
+
+Specifies whether to validate the configuration file before notifying the Apache service.
+
+Boolean. Default: `true`.
+
+#### Defined type: `apache::fastcgi::server`
+
+Defines one or more external FastCGI servers to handle specific file types. Use this defined type with [`mod_fastcgi`][FastCGI].
+
+**Parameters**
+
+##### `host`
+
+Determines the FastCGI's hostname or IP address and TCP port number (1-65535).
+
+Default: '127.0.0.1:9000'.
+
+##### `timeout`
+
+Sets the number of seconds a [FastCGI][] application can be inactive before aborting the request and logging the event at the error LogLevel. The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond by writing and flushing within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply.
+
+Default: 15.
+
+##### `flush`
+
+Forces [`mod_fastcgi`][FastCGI] to write to the client as data is received from the application. By default, `mod_fastcgi` buffers data in order to free the application as quickly as possible.
+
+Default: `false`.
+
+##### `faux_path`
+
+Apache has [FastCGI][] handle URIs that resolve to this filename. The path set in this parameter does not have to exist in the local filesystem.
+
+Default: "/var/www/${name}.fcgi".
+
+##### `alias`
+
+Internally links actions with the FastCGI server. This alias must be unique.
+
+Default: "/${name}.fcgi".
+
+##### `file_type`
+
+Sets the [MIME `content-type`][] of the file to be processed by the FastCGI server.
+
+Default: 'application/x-httpd-php'.
+
+#### Defined type: `apache::listen`
+
+Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directory that define the Apache server's or a virtual host's listening address and port. The [`apache::vhost`][] class uses this defined type, and titles take the form `<PORT>`, `<IPV4>:<PORT>`, or `<IPV6>:<PORT>`.
+
+#### Defined type: `apache::mod`
+
+Installs packages for an Apache module that doesn't have a corresponding [`apache::mod::<MODULE NAME>`][] class, and checks for or places the module's default configuration files in the Apache server's `module` and `enable` directories. The default locations depend on your operating system.
+
+**Parameters**:
+
+##### `package`
+
+**Required**.
+
+Names the package Puppet uses to install the Apache module.
+
+Default: `undef`.
+
+##### `package_ensure`
+
+Determines whether Puppet ensures the Apache module should be installed.
+
+Values: 'absent', 'present'.
+
+Default: 'present'.
+
+##### `lib`
+
+Defines the module's shared object name. Do not configure manually without special reason.
+
+Default: `mod_$name.so`.
+
+##### `lib_path`
+
+Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The [`path`][] parameter overrides this value.
+
+Default: The `apache` class's [`lib_path`][] parameter.
+
+
+##### `loadfile_name`
+
+Sets the filename for the module's [`LoadFile`][] directive, which can also set the module load order as Apache processes them in alphanumeric order.
+
+Values: Filenames formatted `\*.load`.
+
+Default: the resource's name followed by 'load', as in '$name.load'.
+
+##### `loadfiles`
+
+Specifies an array of [`LoadFile`][] directives.
+
+Default: `undef`.
+
+##### `path`
+
+Specifies a path to the module. Do not manually set this parameter without a special reason.
+
+Default: [`lib_path`][]/[`lib`][].
+
+#### Defined type: `apache::namevirtualhost`
+
+Enables [name-based virtual hosts][] and adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms '\*', '\*:\<PORT\>', '\_default\_:\<PORT\>, '\<IP\>', or '\<IP\>:\<PORT\>'.
+
+#### Defined type: `apache::vhost`
+
+The apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache to evaluate it multiple times with different parameters.
+
+The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default virtual host within the base `::apache` class, as well as set a customized virtual host as the default. Customized virtual hosts have a lower numeric [`priority`][] than the base class's, causing Apache to process the customized virtual host first.
+
+The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To inject custom fragments for pieces of the configuration that the defined type doesn't inherently support, add a custom fragment.
+
+For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples of 10, so any `order` that isn't a multiple of 10 should work.
+
+**Parameters**:
+
+##### `access_log`
+
+Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). 
+
+Boolean. Default: `true`.
+
+##### `access_log_env_var`
+
+Specifies that only requests with particular environment variables be logged.
+
+Default: `undef`.
+
+##### `access_log_file`
+
+Sets the filename of the `*_access.log` placed in [`logroot`][]. Given a virtual host---for instance, example.com---it defaults to 'example.com_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com_access.log' for unencrypted virtual hosts.
+
+Default: `false`.
+
+##### `access_log_format`
+
+Specifies the use of either a [`LogFormat`][] nickname or a custom-formatted string for the access log.
+
+Default: 'combined'.
+
+##### `access_log_pipe`
+
+Specifies a pipe where Apache sends access log messages.
+
+Default: `undef`.
+
+##### `access_log_syslog`
+
+Sends all access log messages to syslog.
+
+Default: `undef`.
+
+##### `add_default_charset`
+
+Sets a default media charset value for the [`AddDefaultCharset`][] directive, which is added to `text/plain` and `text/html` responses.
+
+Default: `undef`.
+
+##### `add_listen`
+
+Determines whether the virtual host creates a [`Listen`][] statement.
+
+Setting `add_listen` to `false` prevents the virtual host from creating a `Listen` statement. This is important when combining virtual hosts that aren't passed an `ip` parameter with those that are.
+
+Boolean. Default: `true`.
+
+##### `use_optional_includes`
+
+Specifies whether Apache uses the [`IncludeOptional`][] directive instead of [`Include`][] for `additional_includes` in Apache 2.4 or newer.
+
+Boolean. Default: `false`.
+
+##### `additional_includes`
+
+Specifies paths to additional static, virtual host-specific Apache configuration files. You can use this parameter to implement a unique, custom configuration not supported by this module.
+
+Values: a string or [array][] of strings specifying paths.
+
+Default: an empty array.
+
+##### `aliases`
+
+Passes a list of [hashes][hash] to the virtual host to create [`Alias`][], [`AliasMatch`][], [`ScriptAlias`][] or [`ScriptAliasMatch`][] directives as per the [`mod_alias`][] documentation.
+
+For example:
+
+``` puppet
+aliases => [
+  { aliasmatch       => '^/image/(.*)\.jpg$',
+    path             => '/files/jpg.images/$1.jpg',
+  },
+  { alias            => '/image',
+    path             => '/ftp/pub/image',
+  },
+  { scriptaliasmatch => '^/cgi-bin(.*)',
+    path             => '/usr/local/share/cgi-bin$1',
+  },
+  { scriptalias      => '/nagios/cgi-bin/',
+    path             => '/usr/lib/nagios/cgi-bin/',
+  },
+  { alias            => '/nagios',
+    path             => '/usr/share/nagios/html',
+  },
+],
+```
+
+For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs a corresponding context, such as `<Directory /path/to/directory>` or `<Location /some/location/here>`. Puppet creates the directives in the order specified in the `aliases` parameter. As described in the [`mod_alias`][] documentation, add more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more general ones to avoid shadowing.
+
+> **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because you can precisely control the order of various alias directives. Defining `ScriptAliases` using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` directives. This often causes problems; for example, this could cause problems with Nagios.
+
+If [`apache::mod::passenger`][] is loaded and `PassengerHighPerformance` is `true`, the `Alias` directive might not be able to honor the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details.
+
+##### `allow_encoded_slashes`
+
+Sets the [`AllowEncodedSlashes`][] declaration for the virtual host, overriding the server default. This modifies the virtual host responses to URLs with `\` and `/` characters. Values: 'nodecode', 'off', 'on'. The default setting omits the declaration from the server configuration and selects the Apache default setting of 'Off'.
+
+Default: `undef`
+
+##### `block`
+
+Specifies the list of things to which Apache blocks access. Valid option: 'scm', which blocks web access to `.svn`, `.git`, and `.bzr` directories.
+
+Default: an empty [array][].
+
+##### `cas_attribute_prefix`
+
+Adds a header with the value of this header being the attribute values when SAML validation is enabled.
+
+Defaults: The value set by [`apache::mod::auth_cas`][].
+
+##### `cas_attribute_delimiter`
+
+Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
+
+Default: The value set by [`apache::mod::auth_cas`][].
+
+##### `cas_login_url`
+
+Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and
+don't have an active session.
+
+Default: The value set by [`apache::mod::auth_cas`][].
+
+##### `cas_scrub_request_headers`
+
+Remove inbound request headers that may have special meaning within mod_auth_cas.
+
+Default: The value set by [`apache::mod::auth_cas`][].
+
+##### `cas_sso_enabled`
+
+Enables experimental support for single sign out (may mangle POST data).
+
+Default: The value set by [`apache::mod::auth_cas`][].
+
+##### `cas_validate_saml`
+
+Parse response from CAS server for SAML. Default: The value set by [`apache::mod::auth_cas`][].
+
+##### `cas_validate_url`
+
+Sets the URL to use when validating a client-presented ticket in an HTTP query string. 
+
+Defaults to the value set by [`apache::mod::auth_cas`][].
+
+##### `custom_fragment`
+
+Passes a string of custom configuration directives to place at the end of the virtual host configuration.
+
+Default: `undef`.
+
+##### `default_vhost`
+
+Sets a given `apache::vhost` defined type as the default to serve requests that do not match any other `apache::vhost` defined types.
+
+Default: `false`.
+
+##### `directories`
+
+See the [`directories`](#parameter-directories-for-apachevhost) section.
+
+##### `directoryindex`
+
+Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. See the [`DirectoryIndex`][] directive documentation for details.
+
+Default: `undef`.
+
+##### `docroot`
+
+**Required**.
+
+Sets the [`DocumentRoot`][] location, from which Apache serves files.
+
+If `docroot` and [`manage_docroot`][] are both set to `false`, no [`DocumentRoot`][] will be set and the accompanying `<Directory /path/to/directory>` block will not be created.
+
+Values: A string specifying a directory path.
+
+##### `docroot_group`
+
+Sets group access to the [`docroot`][] directory.
+
+Values: A string specifying a system group.
+
+Default: 'root'.
+
+##### `docroot_owner`
+
+Sets individual user access to the [`docroot`][] directory.
+
+Values: A string specifying a user account.
+
+Default: 'root'.
+
+##### `docroot_mode`
+
+Sets access permissions for the [`docroot`][] directory, in numeric notation.
+
+Values: A string.
+
+Default: `undef`.
+
+##### `manage_docroot`
+
+Determines whether Puppet manages the [`docroot`][] directory.
+
+Boolean. Default: `true`.
+
+##### `error_log`
+
+Specifies whether `*_error.log` directives should be configured.
+
+Boolean. Default: `true`.
+
+##### `error_log_file`
+
+Points the virtual host's error logs to a `*_error.log` file. If this parameter is undefined, Puppet checks for values in [`error_log_pipe`][], then [`error_log_syslog`][].
+
+If none of these parameters is set, given a virtual host `example.com`, Puppet defaults to '$logroot/example.com_error_ssl.log' for SSL virtual hosts and '$logroot/example.com_error.log' for non-SSL virtual hosts.
+
+Default: `undef`.
+
+##### `error_log_pipe`
+
+Specifies a pipe to send error log messages to.
+
+This parameter has no effect if the [`error_log_file`][] parameter has a value. If neither this parameter nor `error_log_file` has a value, Puppet then checks [`error_log_syslog`][].
+
+Default: `undef`.
+
+##### `error_log_syslog`
+
+Determines whether to send all error log messages to syslog.
+
+This parameter has no effect if either of the [`error_log_file`][] or [`error_log_pipe`][] parameters has a value. If none of these parameters has a value, given a virtual host `example.com`, Puppet defaults to '$logroot/example.com_error_ssl.log' for SSL virtual hosts and '$logroot/example.com_error.log' for non-SSL virtual hosts.
+
+Boolean. Default: `undef`.
+
+##### `error_documents`
+
+A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this virtual host.
+
+For example:
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  error_documents => [
+    { 'error_code' => '503', 'document' => '/service-unavail' },
+    { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },
+  ],
+}
+```
+
+Default: '[]'.
+
+##### `ensure`
+
+Specifies if the virtual host is present or absent.
+
+Values: 'absent', 'present'.
+
+Default: 'present'.
+
+##### `fallbackresource`
+
+Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin with a '/' or be 'disabled'.
+
+Default: `undef`.
+
+#####`fastcgi_idle_timeout`
+
+If using fastcgi, this option sets the timeout for the server to respond.
+
+Default: `undef`.
+
+##### `file_e_tag`
+
+Sets the server default for the [`FileETag`][] declaration, which modifies the response header field for static files.
+
+Values: 'INode', 'MTime', 'Size', 'All', 'None'. 
+
+Default: `undef`, which uses Apache's default setting of 'MTime Size'.
+
+##### `filters`
+
+[Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters.
+
+``` puppet
+apache::vhost { "$::fqdn":
+  filters => [
+    'FilterDeclare   COMPRESS',
+    'FilterProvider  COMPRESS DEFLATE resp=Content-Type $text/html',
+    'FilterChain     COMPRESS',
+    'FilterProtocol  COMPRESS DEFLATE change=yes;byteranges=no',
+  ],
+}
+```
+
+##### `force_type`
+
+Sets the [`ForceType`][] directive, which forces Apache to serve all matching files with a [MIME `content-type`][] matching this parameter's value.
+
+#### `add_charset`
+
+Lets Apache set custom content character sets per directory and/or file extension
+
+##### `headers`
+
+Adds lines to replace, merge, or remove response headers. See [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information.
+
+Values: A string or an array of strings.
+
+Default: `undef`.
+
+##### `ip`
+
+Sets the IP address the virtual host listens on. By default, uses Apache's default behavior of listening on all IPs.
+
+Values: A string or an array of strings.
+
+Default: `undef`. 
+
+##### `ip_based`
+
+Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual host. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based virtual hosts.
+
+Default: `false`.
+
+##### `itk`
+
+Configures [ITK](http://mpm-itk.sesse.net/) in a hash.
+
+Usage typically looks something like:
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot => '/path/to/directory',
+  itk     => {
+    user  => 'someuser',
+    group => 'somegroup',
+  },
+}
+```
+
+Values: a hash, which can include the keys:
+
+* user + group
+* `assignuseridexpr`
+* `assigngroupidexpr`
+* `maxclientvhost`
+* `nice`
+* `limituidrange` (Linux 3.5.0 or newer)
+* `limitgidrange` (Linux 3.5.0 or newer)
+
+Usage typically looks like:
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot => '/path/to/directory',
+  itk     => {
+    user  => 'someuser',
+    group => 'somegroup',
+  },
+}
+```
+
+Default: `undef`.
+
+##### `jk_mounts`
+
+Sets up a virtual host with 'JkMount' and 'JkUnMount' directives to handle the paths for URL mapping between Tomcat and Apache.
+
+The parameter must be an array of hashes where each hash must contain the 'worker' and either the 'mount' or 'unmount' keys.
+
+Usage typically looks like:
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  jk_mounts => [
+    { mount   => '/*',     worker => 'tcnode1', },
+    { unmount => '/*.jpg', worker => 'tcnode1', },
+  ],
+}
+```
+Default: `undef`.
+ 
+##### `keepalive`
+
+Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive for the virtual host. By default, the global, server-wide [`KeepAlive`][] setting is in effect.
+
+Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options for the virtual host.
+
+Values: 'Off', 'On'.
+
+Default: `undef`
+
+##### `keepalive_timeout`
+
+Sets the [`KeepAliveTimeout`] directive for the virtual host, which determines the amount of time to wait for subsequent requests on a persistent HTTP connection. By default, the global, server-wide [`KeepAlive`][] setting is in effect.
+
+This parameter is only relevant if either the global, server-wide [`keepalive` parameter][] or the per-vhost `keepalive` parameter is enabled.
+
+Default: `undef`
+
+##### `max_keepalive_requests`
+
+Limits the number of requests allowed per connection to the virtual host. By default,  the global, server-wide [`KeepAlive`][] setting is in effect.
+
+This parameter is only relevant if either the global, server-wide [`keepalive` parameter][] or the per-vhost `keepalive` parameter is enabled.
+
+Default: `undef`.
+
+##### `auth_kerb`
+
+Enable [`mod_auth_kerb`][] parameters for a virtual host. 
+
+Usage typically looks like:
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  auth_kerb              => `true`,
+  krb_method_negotiate   => 'on',
+  krb_auth_realms        => ['EXAMPLE.ORG'],
+  krb_local_user_mapping => 'on',
+  directories            => {
+    path         => '/var/www/html',
+    auth_name    => 'Kerberos Login',
+    auth_type    => 'Kerberos',
+    auth_require => 'valid-user',
+  },
+}
+```
+
+Related parameters follow the names of `mod_auth_kerb` directives:
+
+- `krb_method_negotiate`: Determines whether to use the Negotiate method. Default: 'on'.
+- `krb_method_k5passwd`: Determines whether to use password-based authentication for Kerberos v5. Default: 'on'.
+- `krb_authoritative`: If set to 'off', authentication controls can be passed on to another module. Default: 'on'.
+- `krb_auth_realms`: Specifies an array of Kerberos realms to use for authentication. Default: '[]'.
+- `krb_5keytab`: Specifies the Kerberos v5 keytab file's location. Default: `undef`.
+- `krb_local_user_mapping`: Strips @REALM from usernames for further use. Default: `undef`.
+
+Boolean. Default: `false`.
+
+##### `krb_verify_kdc`
+
+This option can be used to disable the verification tickets against local keytab to prevent KDC spoofing attacks.
+
+Default: 'on'.
+
+##### `krb_servicename`
+
+Specifies the service name that will be used by Apache for authentication. Corresponding key of this name must be stored in the keytab.
+
+Default: 'HTTP'.
+
+##### `krb_save_credentials`
+
+This option enables credential saving functionality.
+
+Default is 'off'
+
+##### `logroot`
+
+Specifies the location of the virtual host's logfiles.
+
+Default: '/var/log/<apache log location>/'.
+
+##### `$logroot_ensure`
+
+Determines whether or not to remove the logroot directory for a virtual host.
+
+Values: 'directory', 'absent'.
+
+Default: 'directory'.
+
+##### `logroot_mode`
+
+Overrides the mode the logroot directory is set to. Do *not* grant write access to the directory the logs are stored in without being aware of the consequences; for more information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security).
+
+Default: `undef`.
+
+##### `logroot_owner`
+
+Sets individual user access to the logroot directory.
+
+Defaults to `undef`.
+
+##### `logroot_group`
+
+Sets group access to the [`logroot`][] directory.
+
+Defaults to `undef`.
+
+##### `log_level`
+
+Specifies the verbosity of the error log.
+
+Values: 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'.
+
+Default: 'warn' for the global server configuration. Can be overridden on a per-virtual host basis.
+
+###### `modsec_body_limit`
+
+Configures the maximum request body size (in bytes) ModSecurity accepts for buffering.
+
+Values: An integer.
+
+Default: `undef`.
+
+###### `modsec_disable_vhost`
+
+Disables [`mod_security`][] on a virtual host. Only valid if [`apache::mod::security`][] is included.
+
+Boolean. Default: `undef`.
+
+###### `modsec_disable_ids`
+
+Removes `mod_security` IDs from the virtual host.
+
+Values: An array of `mod_security` IDs to remove from the virtual host. Also takes a hash allowing removal of an ID from a specific location.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  modsec_disable_ids => [ 90015, 90016 ],
+}
+```
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  modsec_disable_ids => { '/location1' => [ 90015, 90016 ] },
+}
+```
+
+Default: `undef`.
+
+###### `modsec_disable_ips`
+
+Specifies an array of IP addresses to exclude from [`mod_security`][] rule matching.
+
+Default: `undef`.
+
+###### `modsec_disable_msgs`
+
+Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing removal of an Msg from a specific location.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  modsec_disable_msgs => [ 'Blind SQL Injection Attack', 'Session Fixation Attack' ],
+}
+```
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  modsec_disable_msgs => { '/location1' => [ 'Blind SQL Injection Attack', 'Session Fixation Attack' ] },
+}
+```
+
+Default: `undef`.
+
+###### `modsec_disable_tags`
+
+Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing removal of an Tag from a specific location.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  modsec_disable_tags => [ 'WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS' ],
+}
+```
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  modsec_disable_tags => { '/location1' => [ 'WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS' ] },
+}
+```
+
+Default: `undef`.
+
+##### `modsec_audit*`
+
+* `modsec_audit_log`
+* `modsec_audit_log_file`
+* `modsec_audit_log_pipe`
+
+These three parameters together determine how to send `mod_security` audit log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
+
+* If `modsec_audit_log_file` is set, it is relative to [`logroot`][].
+
+  Default: `undef`.
+
+* If `modsec_audit_log_pipe` is set, it should start with a pipe. Example '|/path/to/mlogc /path/to/mlogc.conf'.
+
+  Default: `undef`.
+
+* If `modsec_audit_log` is `true`, given a virtual host---for instance, example.com---it defaults to 'example.com\_security\_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com\_security.log' for unencrypted virtual hosts.
+
+  Default: `false`.
+
+If none of those parameters are set, the global audit log is used (''/var/log/httpd/modsec\_audit.log''; Debian and derivatives: ''/var/log/apache2/modsec\_audit.log''; others: ).
+
+##### `no_proxy_uris`
+
+Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest).
+
+Default: [].
+
+##### `no_proxy_uris_match`
+
+This directive is equivalent to [`no_proxy_uris`][], but takes regular expressions.
+
+Default: [].
+
+##### `proxy_preserve_host`
+
+Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). 
+
+Setting this parameter to `true` enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'.
+
+Boolean. Default: `false`.
+
+##### `proxy_add_headers`
+
+Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders). 
+
+This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server.
+
+Boolean. Default: `false`.
+
+##### `proxy_error_override`
+
+Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether Apache should override error pages for proxied content. 
+
+Boolean. Default: `false`.
+
+##### `options`
+
+Sets the [`Options`][] for the specified virtual host. For example:
+
+``` puppet
+apache::vhost { 'site.name.fdqn':
+  …
+  options => ['Indexes','FollowSymLinks','MultiViews'],
+}
+```
+
+> **Note**: If you use the [`directories`][] parameter of [`apache::vhost`][], 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`.
+
+Default: ['Indexes','FollowSymLinks','MultiViews'],
+
+##### `override`
+
+Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments.
+
+Default: '[none]'.
+
+##### `passenger_app_root`
+
+Sets [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot), the location of the Passenger application root if different from the DocumentRoot.
+
+Values: A string specifying a path.
+
+Default: `undef`.
+
+##### `passenger_app_env`
+
+Sets [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv), the environment for the Passenger application. If not specified, defaults to the global setting or 'production'.
+
+Values: A string specifying the name of the environment.
+
+Default: `undef`.
+
+##### `passenger_log_file`
+
+By default, Passenger log messages are written to the Apache global error log. With [PassengerLogFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlogfile), you can configure those messages to be logged to a different file. This option is only available since Passenger 5.0.5.
+
+Values: A string specifying a path.
+
+Default: `undef`.
+
+##### `passenger_log_level`
+
+This option allows to specify how much information should be written to the log file. If not set, [PassengerLogLevel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloglevel) will not show up in the configuration file and the defaults are used. 
+
+Default: Passenger versions less than 3.0.0: '0'; 5.0.0 and later: '3'.
+
+##### `passenger_ruby`
+
+Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby), the Ruby interpreter to use for the application, on this virtual host.
+
+Default: `undef`.
+
+##### `passenger_min_instances`
+
+Sets [PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances), the minimum number of application processes to run.
+
+##### `passenger_max_requests`
+
+Sets [PassengerMaxRequests](https://www.phusionpassenger.com/library/config/apache/reference/#pas
+sengermaxrequests), the maximum number of requests an application process will process.
+
+##### `passenger_max_instances_per_app`
+
+Sets [PassengerMaxInstancesPerApp](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstancesperapp), the maximum number of application processes that may simultaneously exist for a single application.
+
+Default: `undef`.
+
+##### `passenger_start_timeout`
+
+Sets [PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout), the timeout for the application startup.
+
+##### `passenger_pre_start`
+
+Sets [PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/reference/#passengerprestart), the URL of the application if pre-starting is required.
+
+##### `passenger_user`
+
+Sets [PassengerUser](https://www.phusionpassenger.com/library/config/apache/reference/#passengeruser), the running user for sandboxing applications.
+
+##### `passenger_high_performance`
+
+Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance) parameter. Values: `true`, `false`. Default: `undef`.
+
+##### `passenger_nodejs`
+
+Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#passengernodejs), the NodeJS interpreter to use for the application, on this virtual host.
+
+##### `passenger_sticky_sessions`
+
+Sets the [`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions) parameter.
+
+Boolean. Default: `undef`.
+
+##### `passenger_startup_file`
+
+Sets the [`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile) path. This path is relative to the application root.
+
+##### `php_flags & values`
+
+Allows per-virtual host setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application.
+
+Default: '{}'.
+
+##### `php_admin_flags & values`
+
+Allows per-virtual host setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application.
+
+Default: '{}'.
+
+##### `port`
+
+Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only listens on the port set in this parameter.
+
+##### `priority`
+
+Sets the relative load-order for Apache HTTPD VirtualHost configuration files.
+
+If nothing matches the priority, the first name-based virtual host is used. Likewise, passing a higher priority causes the alphabetically first name-based virtual host to be used if no other names match.
+
+> **Note:** You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'.
+
+To omit the priority prefix in file names, pass a priority of `false`.
+
+Default: '25'.
+
+##### `proxy_dest`
+
+Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration.
+
+Default: `undef`.
+
+##### `proxy_pass`
+
+Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Optionally, parameters can be added as an array.
+
+Default: `undef`.
+
+``` puppet
+apache::vhost { 'site.name.fdqn':
+  …
+  proxy_pass => [
+    { 'path' => '/a', 'url' => 'http://backend-a/' },
+    { 'path' => '/b', 'url' => 'http://backend-b/' },
+    { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}},
+    { 'path' => '/l', 'url' => 'http://backend-xy',
+      'reverse_urls' => ['http://backend-x', 'http://backend-y'] },
+    { 'path' => '/d', 'url' => 'http://backend-a/d',
+      'params' => { 'retry' => '0', 'timeout' => '5' }, },
+    { 'path' => '/e', 'url' => 'http://backend-a/e',
+      'keywords' => ['nocanon', 'interpolate'] },
+    { 'path' => '/f', 'url' => 'http://backend-f/',
+      'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']},
+    { 'path' => '/g', 'url' => 'http://backend-g/',
+      'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], },
+    { 'path' => '/h', 'url' => 'http://backend-h/h',
+      'no_proxy_uris' => ['/h/admin', '/h/server-status'] },
+  ],
+}
+```
+
+* `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string.
+* `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`.
+* `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings.
+* `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array.
+
+##### `proxy_dest_match`
+
+This directive is equivalent to [`proxy_dest`][], but takes regular expressions, see [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details.
+
+##### `proxy_dest_reverse_match`
+
+Allows you to pass a ProxyPassReverse if [`proxy_dest_match`][] is specified. See [ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) for details.
+
+##### `proxy_pass_match`
+
+This directive is equivalent to [`proxy_pass`][], but takes regular expressions, see [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details.
+
+##### `rack_base_uris`
+
+Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template.
+
+Default: `undef`.
+
+#####`passenger_base_uris`
+
+Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the _passenger_base_uris.erb template.
+
+Default: `undef`.
+
+##### `redirect_dest`
+
+Specifies the address to redirect to.
+
+Default: `undef`.
+
+##### `redirect_source`
+
+Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent.
+
+``` puppet
+apache::vhost { 'site.name.fdqn':
+  …
+  redirect_source => ['/images','/downloads'],
+  redirect_dest   => ['http://img.example.com/','http://downloads.example.com/'],
+}
+```
+
+##### `redirect_status`
+
+Specifies the status to append to the redirect.
+
+Default: `undef`.
+
+``` puppet
+apache::vhost { 'site.name.fdqn':
+  …
+  redirect_status => ['temp','permanent'],
+}
+```
+
+##### `redirectmatch_*`
+
+* `redirectmatch_regexp`
+* `redirectmatch_status`
+* `redirectmatch_dest`
+
+Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays.
+
+Default: `undef`.
+
+``` puppet
+apache::vhost { 'site.name.fdqn':
+  …
+  redirectmatch_status => ['404','404'],
+  redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
+  redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'],
+}
+```
+
+##### `request_headers`
+
+Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, and so on. 
+
+Default: `undef`.
+
+``` puppet
+apache::vhost { 'site.name.fdqn':
+  …
+  request_headers => [
+    'append MirrorID "mirror 12"',
+    'unset MirrorID',
+  ],
+}
+```
+
+##### `rewrites`
+
+Creates URL rewrite rules. Expects an array of hashes. 
+
+Values: Hash keys that are any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'.
+
+Default: `undef`.
+
+For example, you can specify that anyone trying to access index.html is served welcome.html
+
+``` puppet
+apache::vhost { 'site.name.fdqn':
+  …
+  rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ]
+}
+```
+
+The parameter allows rewrite conditions that, when `true`, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE
+
+``` puppet
+apache::vhost { 'site.name.fdqn':
+  …
+  rewrites => [
+    {
+      comment      => 'redirect IE',
+      rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
+      rewrite_rule => ['^index\.html$ welcome.html'],
+    },
+  ],
+}
+```
+
+You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2)
+
+``` puppet
+apache::vhost { 'site.name.fdqn':
+  …
+  rewrites => [
+    {
+      comment      => 'Lynx or Mozilla v1/2',
+      rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
+      rewrite_rule => ['^index\.html$ welcome.html'],
+    },
+  ],
+}
+```
+
+Multiple rewrites and conditions are also possible
+
+``` puppet
+apache::vhost { 'site.name.fdqn':
+  …
+  rewrites => [
+    {
+      comment      => 'Lynx or Mozilla v1/2',
+      rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
+      rewrite_rule => ['^index\.html$ welcome.html'],
+    },
+    {
+      comment      => 'Internet Explorer',
+      rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
+      rewrite_rule => ['^index\.html$ /index.IE.html [L]'],
+    },
+    {
+      rewrite_base => /apps/,
+      rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'],
+    },
+    { comment      => 'Rewrite to lower case',
+      rewrite_cond => ['%{REQUEST_URI} [A-Z]'],
+      rewrite_map  => ['lc int:tolower'],
+      rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'],
+    },
+  ],
+}
+```
+
+Refer to the [`mod_rewrite` documentation][`mod_rewrite`] for more details on what is possible with rewrite rules and conditions.
+
+##### `rewrite_inherit`
+
+Determines whether the virtual host inherits global rewrite rules.
+
+Default: `false`.
+
+Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or inside the virtual host `.conf` file. By default, virtual hosts do not inherit global settings. To activate inheritance, specify the `rewrites` parameter and set `rewrite_inherit` parameter to `true`:
+
+``` puppet
+apache::vhost { 'site.name.fdqn':
+  …
+  rewrites => [
+    <rules>,
+  ],
+  rewrite_inherit => `true`,
+}
+```
+
+> **Note**: The `rewrites` parameter is **required** for this to have effect
+
+Apache activates global `Rewrite` rules inheritance if the virtual host files contains the following directives:
+
+``` ApacheConf
+RewriteEngine On
+RewriteOptions Inherit
+```
+
+Refer to the [official `mod_rewrite` documentation](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html), section "Rewriting in Virtual Hosts".
+
+##### `scriptalias`
+
+Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as '/usr/scripts'.
+
+Default: `undef`.
+
+##### `scriptaliases`
+
+> **Note**: This parameter is deprecated in favor of the `aliases` parameter.
+
+Passes an array of hashes to the virtual host to create either ScriptAlias or ScriptAliasMatch statements per the [`mod_alias` documentation][`mod_alias`].
+
+``` puppet
+scriptaliases => [
+  {
+    alias => '/myscript',
+    path  => '/usr/share/myscript',
+  },
+  {
+    aliasmatch => '^/foo(.*)',
+    path       => '/usr/share/fooscripts$1',
+  },
+  {
+    aliasmatch => '^/bar/(.*)',
+    path       => '/usr/share/bar/wrapper.sh/$1',
+  },
+  {
+    alias => '/neatscript',
+    path  => '/usr/share/neatscript',
+  },
+]
+```
+
+The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases before more general ones to avoid shadowing.
+
+##### `serveradmin`
+
+Specifies the email address Apache displays when it renders one of its error pages. 
+
+Default: `undef`.
+
+##### `serveraliases`
+
+Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site.
+
+Default: '[]'.
+
+##### `servername`
+
+Sets the servername corresponding to the hostname you connect to the virtual host at. 
+
+Default: the title of the resource.
+
+##### `setenv`
+
+Used by HTTPD to set environment variables for virtual hosts.
+
+Default: '[]'.
+
+Example:
+
+``` puppet
+apache::vhost { 'setenv.example.com':
+  setenv => ['SPECIAL_PATH /foo/bin'],
+}
+```
+
+##### `setenvif`
+
+Used by HTTPD to conditionally set environment variables for virtual hosts.
+
+Default: '[]'.
+
+##### `setenvifnocase`
+
+Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching).
+
+Default: '[]'.
+
+##### `suphp_*`
+
+* `suphp_addhandler`
+* `suphp_configpath`
+* `suphp_engine`
+
+Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG).
+
+* `suphp_addhandler`. Default: 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian and Gentoo.
+* `suphp_configpath`. Default: `undef` on RedHat and FreeBSD, and '/etc/php5/apache2' on Debian and Gentoo.
+* `suphp_engine`. Values: 'on' or 'off'. Default: 'off'.
+
+An example virtual host configuration with suPHP:
+
+``` puppet
+apache::vhost { 'suphp.example.com':
+  port             => '80',
+  docroot          => '/home/appuser/myphpapp',
+  suphp_addhandler => 'x-httpd-php',
+  suphp_engine     => 'on',
+  suphp_configpath => '/etc/php5/apache2',
+  directories      => { path => '/home/appuser/myphpapp',
+    'suphp'        => { user => 'myappuser', group => 'myappgroup' },
+  }
+}
+```
+
+##### `vhost_name`
+
+Enables name-based virtual hosting. If no IP is passed to the virtual host, but the virtual host is assigned a port, then the virtual host name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the virtual host name is set to the title of the resource.
+
+Default: '*'.
+
+##### `virtual_docroot`
+
+Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'.
+
+Default: `false`.
+
+``` puppet
+apache::vhost { 'subdomain.loc':
+  vhost_name      => '*',
+  port            => '80',
+  virtual_docroot => '/var/www/%-2+',
+  docroot         => '/var/www',
+  serveraliases   => ['*.loc',],
+}
+```
+
+##### `wsgi*`
+
+* `wsgi_daemon_process`
+* `wsgi_daemon_process_options`
+* `wsgi_process_group`
+* `wsgi_script_aliases`
+* `wsgi_pass_authorization`
+
+Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi).
+
+* `wsgi_daemon_process`: A hash that sets the name of the WSGI daemon, accepting [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html). Default: `undef`.
+* `wsgi_daemon_process_options`. _Optional._ Default: `undef`.
+* `wsgi_process_group`: Sets the group ID that the virtual host runs under. Default: `undef`.
+* `wsgi_script_aliases`: Requires a hash of web paths to filesystem .wsgi paths. Default: `undef`.
+* `wsgi_script_aliases_match`: Requires a hash of web path regexes to filesystem .wsgi paths. Default: `undef`
+* `wsgi_pass_authorization`: Uses the WSGI application to handle authorization instead of Apache when set to 'On'. For more information, see [mod_wsgi's WSGIPassAuthorization documentation] (https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Default: `undef`, leading Apache to use its default value of 'Off'.
+* `wsgi_chunked_request`: Enables support for chunked requests. Default: `undef`.
+
+An example virtual host configuration with WSGI:
+
+``` puppet
+apache::vhost { 'wsgi.example.com':
+  port                        => '80',
+  docroot                     => '/var/www/pythonapp',
+  wsgi_daemon_process         => 'wsgi',
+  wsgi_daemon_process_options =>
+    { processes    => '2',
+      threads      => '15',
+      display-name => '%{GROUP}',
+     },
+  wsgi_process_group          => 'wsgi',
+  wsgi_script_aliases         => { '/' => '/var/www/demo.wsgi' },
+  wsgi_chunked_request        => 'On',
+}
+```
+
+#### Parameter `directories` for `apache::vhost`
+
+The `directories` parameter within the `apache::vhost` class passes an array of hashes to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory), [File](https://httpd.apache.org/docs/current/mod/core.html#files), and [Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'.
+
+The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys.
+
+The `provider` key is optional. If missing, this key defaults to 'directory'. Values: 'directory', 'files', 'proxy', 'location', 'directorymatch', 'filesmatch', 'proxymatch' or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file.
+
+An example use of `directories`:
+
+``` puppet
+apache::vhost { 'files.example.net':
+  docroot     => '/var/www/files',
+  directories => [
+    { 'path'     => '/var/www/files',
+      'provider' => 'files',
+      'deny'     => 'from all',
+     },
+  ],
+}
+```
+
+> **Note:** At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter.
+
+Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [ { path => '/path/to/directory', handler => value } ],
+}
+```
+
+Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are:
+
+##### `addhandlers`
+
+Sets [AddHandler](https://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension'] }`.
+
+An example:
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path        => '/path/to/directory',
+      addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}],
+    },
+  ],
+}
+```
+
+##### `allow`
+
+Sets an [Allow](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path  => '/path/to/directory',
+      allow => 'from example.org',
+    },
+  ],
+}
+```
+
+##### `allow_override`
+
+Sets the types of directives allowed in [.htaccess](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot      => '/path/to/directory',
+  directories  => [
+    { path           => '/path/to/directory',
+      allow_override => ['AuthConfig', 'Indexes'],
+    },
+  ],
+}
+```
+
+##### `auth_basic_authoritative`
+
+Sets the value for [AuthBasicAuthoritative](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicauthoritative), which determines whether authorization and authentication are passed to lower level Apache modules.
+
+##### `auth_basic_fake`
+
+Sets the value for [AuthBasicFake](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block.
+
+##### `auth_basic_provider`
+
+Sets the value for [AuthBasicProvider](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location.
+
+##### `auth_digest_algorithm`
+
+Sets the value for [AuthDigestAlgorithm](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes.
+
+###### `auth_digest_domain`
+
+Sets the value for [AuthDigestDomain](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication.
+
+##### `auth_digest_nonce_lifetime`
+
+Sets the value for [AuthDigestNonceLifetime](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid.
+
+##### `auth_digest_provider`
+
+Sets the value for [AuthDigestProvider](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location.
+
+##### `auth_digest_qop`
+
+Sets the value for [AuthDigestQop](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication.
+
+##### `auth_digest_shmem_size`
+
+Sets the value for [AuthAuthDigestShmemSize](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients.
+
+##### `auth_group_file`
+
+Sets the value for [AuthGroupFile](https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html#authgroupfile), which sets the name of the text file containing the list of user groups for authorization.
+
+##### `auth_name`
+
+Sets the value for [AuthName](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname), which sets the name of the authorization realm.
+
+##### `auth_require`
+
+Sets the entity name you're requiring to allow access. Read more about [Require](https://httpd.apache.org/docs/current/mod/mod_authz_host.html#requiredirectives).
+
+##### `auth_type`
+
+Sets the value for [AuthType](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication.
+
+##### `auth_user_file`
+
+Sets the value for [AuthUserFile](https://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication.
+
+##### `auth_merging`
+
+Sets the value for [AuthMerging](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#authmerging), which determines if authorization logic should be combined
+
+##### `auth_ldap_url`
+
+Sets the value for [AuthLDAPURL](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapurl), which determines URL of LDAP-server(s) if AuthBasicProvider 'ldap' is used
+
+##### `auth_ldap_bind_dn`
+
+Sets the value for [AuthLDAPBindDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbinddn), which allows use of an optional DN used to bind to the LDAP-server when searching for entries if AuthBasicProvider 'ldap' is used.
+
+##### `auth_ldap_bind_password`
+
+Sets the value for [AuthLDAPBindPassword](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbindpassword), which allows use of an optional bind password to use in conjunction with the bind DN if AuthBasicProvider 'ldap' is used.
+
+##### `auth_ldap_group_attribute`
+
+Array of values for [AuthLDAPGroupAttribute](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattribute), specifies which LDAP attributes are used to check for user members within ldap-groups. Defaults are: "member" and "uniquemember".
+
+##### `auth_ldap_group_attribute_is_dn`
+
+Sets value for [AuthLDAPGroupAttributeIsDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattributeisdn), specifies if member of a ldapgroup is a dn or simple username. When set on, this directive says to use the distinguished name of the client username when checking for group membership. Otherwise, the username will be used. valid values are: "on" or "off"
+
+##### `custom_fragment`
+
+Pass a string of custom configuration directives to be placed at the end of the directory configuration.
+
+``` puppet
+apache::vhost { 'monitor':
+  …
+  directories => [
+    {
+      path => '/path/to/directory',
+      custom_fragment => '
+<Location /balancer-manager>
+  SetHandler balancer-manager
+  Order allow,deny
+  Allow from all
+</Location>
+<Location /server-status>
+  SetHandler server-status
+  Order allow,deny
+  Allow from all
+</Location>
+ProxyStatus On',
+    },
+  ]
+}
+```
+
+##### `dav`
+
+Sets the value for [Dav](http://httpd.apache.org/docs/current/mod/mod_dav.html#dav), which determines if the WebDAV HTTP methods should be enabled. The value can be either 'On', 'Off' or the name of the provider. A value of 'On' enables the default filesystem provider implemented by the `mod_dav_fs` module.
+
+##### `dav_depth_infinity`
+
+Sets the value for [DavDepthInfinity](http://httpd.apache.org/docs/current/mod/mod_dav.html#davdepthinfinity), which is used to enable the processing of `PROPFIND` requests having a `Depth: Infinity` header.
+
+##### `dav_min_timeout`
+
+Sets the value for [DavMinTimeout](http://httpd.apache.org/docs/current/mod/mod_dav.html#davmintimeout), which sets the time the server holds a lock on a DAV resource. The value should be the number of seconds to set.
+
+##### `deny`
+
+Sets a [Deny](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path => '/path/to/directory',
+      deny => 'from example.org',
+    },
+  ],
+}
+```
+
+##### `error_documents`
+
+An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  directories => [
+    { path            => '/srv/www',
+      error_documents => [
+        { 'error_code' => '503',
+          'document'   => '/service-unavail',
+        },
+      ],
+    },
+  ],
+}
+```
+
+##### `ext_filter_options`
+
+Sets the [ExtFilterOptions](https://httpd.apache.org/docs/current/mod/mod_ext_filter.html) directive.
+Note that you must declare `class { 'apache::mod::ext_filter': }` before using this directive.
+
+``` puppet
+apache::vhost { 'filter.example.org':
+  docroot     => '/var/www/filter',
+  directories => [
+    { path               => '/var/www/filter',
+      ext_filter_options => 'LogStderr Onfail=abort',
+    },
+  ],
+}
+```
+
+##### `geoip_enable`
+
+Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration) directive.
+Note that you must declare `class {'apache::mod::geoip': }` before using this directive.
+
+``` puppet
+apache::vhost { 'first.example.com':
+  docroot     => '/var/www/first',
+  directories => [
+    { path         => '/var/www/first',
+      geoip_enable => `true`,
+    },
+  ],
+}
+```
+
+##### `headers`
+
+Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => {
+    path    => '/path/to/directory',
+    headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
+  },
+}
+```
+
+##### `index_options`
+
+Allows configuration settings for [directory indexing](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions).
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path           => '/path/to/directory',
+      directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work
+      options        => ['Indexes','FollowSymLinks','MultiViews'],
+      index_options  => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'],
+    },
+  ],
+}
+```
+
+##### `index_order_default`
+
+Sets the [default ordering](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path                => '/path/to/directory',
+      order               => 'Allow,Deny',
+      index_order_default => ['Descending', 'Date'],
+    },
+  ],
+}
+```
+
+###### `index_style_sheet`
+
+Sets the [IndexStyleSheet](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet), which adds a CSS stylesheet to the directory index.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path              => '/path/to/directory',
+      options           => ['Indexes','FollowSymLinks','MultiViews'],
+      index_options     => ['FancyIndexing'],
+      index_style_sheet => '/styles/style.css',
+    },
+  ],
+}
+```
+
+##### `limit`
+
+Creates a [Limit](https://httpd.apache.org/docs/current/mod/core.html#limit) block inside the Directory block, which can also contain `require` directives.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/docroot',
+  directories => [
+    { path     => '/',
+      provider => 'location',
+      limit    => [
+        { methods => 'GET HEAD',
+          require => ['valid-user']
+        },
+      ],
+    },
+  ],
+}
+```
+
+##### `limit_except`
+
+Creates a [LimitExcept](https://httpd.apache.org/docs/current/mod/core.html#limitexcept) block inside the Directory block, which can also contain `require` directives.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/docroot',
+  directories => [
+    { path         => '/',
+      provider     => 'location',
+      limit_except => [
+        { methods => 'GET HEAD',
+          require => ['valid-user']
+        },
+      ],
+    },
+  ],
+}
+```
+
+##### `mellon_enable`
+
+Sets the [MellonEnable][`mod_auth_mellon`] directory to enable [`mod_auth_mellon`][]. You can use [`apache::mod::auth_mellon`][] to install `mod_auth_mellon`.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path                       => '/',
+      provider                   => 'directory',
+      mellon_enable              => 'info',
+      mellon_sp_private_key_file => '/etc/certs/${::fqdn}.key',
+      mellon_endpoint_path       => '/mellon',
+      mellon_set_env_no_prefix   => { 'ADFS_GROUP' => 'http://schemas.xmlsoap.org/claims/Group',
+                                      'ADFS_EMAIL' => 'http://schemas.xmlsoap.org/claims/EmailAddress', },
+      mellon_user => 'ADFS_LOGIN',
+    },
+    { path          => '/protected',
+      provider      => 'location',
+      mellon_enable => 'auth',
+      auth_type     => 'Mellon',
+      auth_require  => 'valid-user',
+      mellon_cond   => ['ADFS_LOGIN userA [MAP]','ADFS_LOGIN userB [MAP]'],
+    },
+  ]
+}
+```
+
+Related parameters follow the names of `mod_auth_mellon` directives:
+
+- `mellon_cond`: Takes an array of mellon conditions that must be met to grant access, and creates a [MellonCond][`mod_auth_mellon`] directive for each item in the array.
+- `mellon_endpoint_path`: Sets the [MellonEndpointPath][`mod_auth_mellon`] to set the mellon endpoint path.
+- `mellon_sp_metadata_file`: Sets the [MellonSPMetadataFile][`mod_auth_mellon`] location of the SP metadata file.
+- `mellon_idp_metadata_file`: Sets the [MellonIDPMetadataFile][`mod_auth_mellon`] location of the IDP metadata file.
+- `mellon_saml_rsponse_dump`: Sets the [MellonSamlResponseDump][`mod_auth_mellon`] directive to enable debug of SAML.
+- `mellon_set_env_no_prefix`: Sets the [MellonSetEnvNoPrefix][`mod_auth_mellon`] directive to a hash of attribute names to map
+to environment variables.
+- `mellon_sp_private_key_file`: Sets the [MellonSPPrivateKeyFile][`mod_auth_mellon`] directive for the private key location of the service provider.
+- `mellon_sp_cert_file`: Sets the [MellonSPCertFile][`mod_auth_mellon`] directive for the public key location of the service provider.
+- `mellon_user`: Sets the [MellonUser][`mod_auth_mellon`] attribute to use for the username.
+
+##### `options`
+
+Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path    => '/path/to/directory',
+      options => ['Indexes','FollowSymLinks','MultiViews'],
+    },
+  ],
+}
+```
+
+##### `order`
+
+Sets the order of processing Allow and Deny statements as per [Apache core documentation](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path  => '/path/to/directory',
+      order => 'Allow,Deny',
+    },
+  ],
+}
+```
+
+##### `passenger_enabled`
+
+Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directive to 'on' or 'off'. Requires `apache::mod::passenger` to be included.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path              => '/path/to/directory',
+      passenger_enabled => 'on',
+    },
+  ],
+}
+```
+
+> **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive.
+
+##### `php_value` and `php_flag`
+
+`php_value` sets the value of the directory, and `php_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php).
+
+##### `php_admin_value` and `php_admin_flag`
+
+`php_admin_value` sets the value of the directory, and `php_admin_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php).
+
+
+##### `require`
+
+
+Sets a `Require` directive as per the [Apache Authz documentation](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#require). If no `require` is set, it will default to `Require all granted`.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path    => '/path/to/directory',
+      require => 'ip 10.17.42.23',
+    }
+  ],
+}
+```
+
+When more complex sets of requirement are needed, apache >= 2.4 provides the use of [RequireAll](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireall), [RequireNone](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requirenone) or [RequireAny](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireany) directives.
+Using the 'enforce' key, which only supports 'any','none','all' (other values are silently ignored), this could be established like:
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path    => '/path/to/directory',
+      require => {
+        enforce  => 'any',
+        requires => [
+          'ip 1.2.3.4',
+          'not host host.example.com',
+          'user xyz',
+        ],
+      },
+    },
+  ],
+}
+```
+
+If `require` is set to `unmanaged` it will not be set at all. This is useful for complex authentication/authorization requirements which are handled in a custom fragment.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path    => '/path/to/directory',
+      require => 'unmanaged',
+    }
+  ],
+}
+```
+
+
+
+##### `satisfy`
+
+Sets a `Satisfy` directive per the [Apache Core documentation](https://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is deprecated due to a change in Apache and only works with Apache 2.2 and lower.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path    => '/path/to/directory',
+      satisfy => 'Any',
+    }
+  ],
+}
+```
+
+##### `sethandler`
+
+Sets a `SetHandler` directive per the [Apache Core documentation](https://httpd.apache.org/docs/2.2/mod/core.html#sethandler).
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path       => '/path/to/directory',
+      sethandler => 'None',
+    }
+  ],
+}
+```
+
+##### `set_output_filter`
+
+Sets a `SetOutputFilter` directive per the [Apache Core documentation](https://httpd.apache.org/docs/current/mod/core.html#setoutputfilter).
+
+``` puppet
+apache::vhost{ 'filter.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path              => '/path/to/directory',
+      set_output_filter => puppetdb-strip-resource-params,
+    },
+  ],
+}
+```
+
+##### `rewrites`
+
+Creates URL [`rewrites`](#rewrites) rules in virtual host directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'.
+
+``` puppet
+apache::vhost { 'secure.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path        => '/path/to/directory',
+      rewrites => [ { comment      => 'Permalink Rewrites',
+                      rewrite_base => '/'
+                    },
+                    { rewrite_rule => [ '^index\.php$ - [L]' ]
+                    },
+                    { rewrite_cond => [ '%{REQUEST_FILENAME} !-f',
+                                        '%{REQUEST_FILENAME} !-d',
+                                      ],
+                      rewrite_rule => [ '. /index.php [L]' ],
+                    }
+                  ],
+    },
+  ],
+}
+```
+
+> **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the virtual host's directories.
+
+##### `shib_request_settings`
+
+Allows a valid content setting to be set or altered for the application request. This command takes two parameters: the name of the content setting, and the value to set it to. Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details.
+
+``` puppet
+apache::vhost { 'secure.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path                  => '/path/to/directory',
+      shib_request_settings => { 'requiresession' => 'On' },
+      shib_use_headers      => 'On',
+    },
+  ],
+}
+```
+
+##### `shib_use_headers`
+
+When set to 'On', this turns on the use of request headers to publish attributes to applications. Values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details.
+
+##### `ssl_options`
+
+String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the virtual host.
+
+``` puppet
+apache::vhost { 'secure.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path        => '/path/to/directory',
+      ssl_options => '+ExportCertData',
+    },
+    { path        => '/path/to/different/dir',
+      ssl_options => [ '-StdEnvVars', '+ExportCertData'],
+    },
+  ],
+}
+```
+
+##### `suphp`
+
+A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the virtual host declaration, and can only be passed within `directories`.
+
+``` puppet
+apache::vhost { 'secure.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path  => '/path/to/directory',
+      suphp => {
+        user  => 'myappuser',
+        group => 'myappgroup',
+      },
+    },
+  ],
+}
+```
+##### `additional_includes`
+
+Specifies paths to additional static, specific Apache configuration files in virtual host directories. Values: a array of string path.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  docroot     => '/path/to/directory',
+  directories => [
+    { path  => '/path/to/different/dir',
+      additional_includes => [ '/custom/path/includes', '/custom/path/another_includes', ],
+    },
+  ],
+}
+```
+
+#### SSL parameters for `apache::vhost`
+
+All of the SSL parameters for `::vhost` default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific virtual hosts.
+
+##### `ssl`
+
+Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. Values: Boolean.
+
+Default: `false`.
+
+##### `ssl_ca`
+
+Specifies the SSL certificate authority.
+
+Default: `undef`.
+
+##### `ssl_cert`
+
+Specifies the SSL certification. Defaults are based on your OS.
+
+* RedHat: '/etc/pki/tls/certs/localhost.crt'
+* Debian: '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+* FreeBSD: '/usr/local/etc/apache22/server.crt'
+* Gentoo: '/etc/ssl/apache2/server.crt'
+
+##### `ssl_protocol`
+
+Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array or space separated string of accepted protocols.
+
+Defaults: 'all', '-SSLv2', '-SSLv3'.
+
+##### `ssl_cipher`
+
+Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). 
+
+Default: 'HIGH:MEDIUM:!aNULL:!MD5'.
+
+##### `ssl_honorcipherorder`
+
+Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), to cause Apache to use the server's preferred order of ciphers rather than the client's preferred order. Values:
+
+Values: Boolean, 'on', 'off'.
+
+Default: `true`.
+
+##### `ssl_certs_dir`
+
+Specifies the location of the SSL certification directory. Default: Depends on operating system.
+
+- Debian: '/etc/ssl/certs'
+- Red Hat: '/etc/pki/tls/certs'
+- FreeBSD: `undef`
+- Gentoo: '/etc/ssl/apache2'
+
+##### `ssl_chain`
+
+Specifies the SSL chain. This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production.
+
+Default: `undef`. 
+
+##### `ssl_crl`
+
+Specifies the certificate revocation list to use. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.)
+
+Default: `undef`.
+
+##### `ssl_crl_path`
+
+Specifies the location of the certificate revocation list. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.)
+
+Default: `undef`. 
+
+##### `ssl_crl_check`
+
+Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck). The default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions.
+
+Default: `undef`.
+
+##### `ssl_key`
+
+Specifies the SSL key. Defaults are based on your operating system. Default work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.
+
+* RedHat: '/etc/pki/tls/private/localhost.key'
+* Debian: '/etc/ssl/private/ssl-cert-snakeoil.key'
+* FreeBSD: '/usr/local/etc/apache22/server.key'
+* Gentoo: '/etc/ssl/apache2/server.key'
+
+##### `ssl_verify_client`
+
+Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  …
+  ssl_verify_client => 'optional',
+}
+```
+
+Values: 'none', 'optional', 'require', and 'optional_no_ca'.
+
+Default: `undef`.
+
+
+##### `ssl_verify_depth`
+
+Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  …
+  ssl_verify_depth => 1,
+}
+```
+
+Default: `undef`.
+
+##### `ssl_proxy_protocol`
+
+Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) directive, which controls which SSL protocol flavors `mod_ssl` should use when establishing its server environment for proxy. It connects to servers using only one of the provided protocols.
+
+Default: `undef`.
+
+##### `ssl_proxy_verify`
+
+Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) directive, which configures certificate verification of the remote server when a proxy is configured to forward requests to a remote SSL server.
+
+Default: `undef`.
+
+##### `ssl_proxy_verify_depth`
+
+Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth) directive, which configures how deeply mod_ssl should verify before deciding that the remote server does not have a valid certificate.
+
+A depth of 0 means that only self-signed remote server certificates are accepted, the default depth of 1 means the remote server certificate can be self-signed or signed by a CA that is directly known to the server.
+
+Default: `undef`
+
+##### `ssl_proxy_ca_cert`
+
+Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile) directive, which specifies an all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose remote servers you deal with. These are used for Remote Server Authentication. This file should be a concatenation of the PEM-encoded certificate files in order of preference.
+
+Default: `undef`
+
+##### `ssl_proxy_machine_cert`
+
+Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference.
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  …
+  ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem',
+}
+```
+
+Default: `undef`
+
+##### `ssl_proxy_check_peer_cn`
+
+Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL.
+
+Values: 'on', 'off'.
+
+Default: `undef`
+
+##### `ssl_proxy_check_peer_name`
+
+Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL.
+
+Values: 'on', 'off'.
+
+Default: `undef`
+
+##### `ssl_proxy_check_peer_expire`
+
+Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) directive, which specifies whether the remote server certificate is checked for expiration or not.
+
+Values: 'on', 'off'.
+
+Default: `undef`
+
+##### `ssl_options`
+
+Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given virtual host and can be a string or an array.
+
+A string:
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  …
+  ssl_options => '+ExportCertData',
+}
+```
+
+An array:
+
+``` puppet
+apache::vhost { 'sample.example.net':
+  …
+  ssl_options => [ '+StrictRequire', '+ExportCertData' ],
+}
+```
+
+Default: `undef`.
+
+##### `ssl_openssl_conf_cmd`
+
+Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. 
+
+Default: `undef`
+
+##### `ssl_proxyengine`
+
+Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). 
+
+Boolean.
+
+Default: `true`.
+
+##### `ssl_stapling`
+
+Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). By default, uses what is set globally.
+
+This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+
+Boolean or `undef`.
+
+Default: `undef`
+
+##### `ssl_stapling_timeout`
+
+Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive.
+
+This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+
+Default: none.
+
+##### `ssl_stapling_return_errors`
+
+Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.
+
+This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+
+Default: none.
+
+#### Defined type: FastCGI Server
+
+This type is intended for use with mod\_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types.
+
+** Note ** If using Ubuntu 10.04+, you'll need to manually enable the multiverse repository.
+
+Ex:
+
+``` puppet
+apache::fastcgi::server { 'php':
+  host        => '127.0.0.1:9000',
+  timeout     => 15,
+  flush       => `false`,
+  faux_path   => '/var/www/php.fcgi',
+  fcgi_alias  => '/php.fcgi',
+  file_type   => 'application/x-httpd-php',
+  pass_header => ''
+}
+```
+
+Within your virtual host, you can then configure the specified file type to be handled by the fastcgi server specified above.
+
+``` puppet
+apache::vhost { 'www':
+  ...
+  custom_fragment => 'AddType application/x-httpd-php .php'
+  ...
+}
+```
+
+##### `host`
+
+The hostname or IP address and TCP port number (1-65535) of the FastCGI server.
+
+It is also possible to pass a unix socket:
+
+``` puppet
+apache::fastcgi::server { 'php':
+  host        => '/var/run/fcgi.sock',
+}
+```
+
+##### `timeout`
+
+The number of seconds of FastCGI application inactivity allowed before the request is aborted and the event is logged (at the error LogLevel). The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond (by writing and flushing) within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply.
+
+##### `flush`
+
+Force a write to the client as data is received from the application. By default, `mod_fastcgi` buffers data in order to free the application as quickly as possible.
+
+##### `faux_path`
+
+Does not have to exist in the local filesystem. URIs that Apache resolves to this filename are handled by this external FastCGI application.
+
+##### `alias`
+
+A unique alias. This is used internally to link the action with the FastCGI server.
+
+##### `file_type`
+
+The MIME-type of the file to be processed by the FastCGI server.
+
+##### `pass_header`
+
+The name of an HTTP Request Header to be passed in the request environment. This option makes available the contents of headers which are normally not available (e.g. Authorization) to a CGI environment.
+
+#### Defined type: `apache::vhost::custom`
+
+The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache.
+
+**Parameters within `apache::vhost::custom`**:
+
+##### `content`
+
+Sets the configuration file's content.
+
+##### `ensure`
+
+Specifies if the virtual host file is present or absent.
+
+Values: 'absent', 'present'.
+
+Default: 'present'.
+
+##### `priority`
+
+Sets the relative load order for Apache HTTPD VirtualHost configuration files.
+
+Default: '25'.
+
+##### `verify_config`
+
+Specifies whether to validate the configuration file before notifying the Apache service. 
+
+Boolean.
+
+Default: `true`.
+
+### Private defined types
+
+#### Defined type: `apache::peruser::multiplexer`
+
+This defined type checks if an Apache module has a class. If it does, it includes that class. If it does not, it passes the module name to the [`apache::mod`][] defined type.
+
+#### Defined type: `apache::peruser::multiplexer`
+
+Enables the [`Peruser`][] module for FreeBSD only.
+
+#### Defined type: `apache::peruser::processor`
+
+Enables the [`Peruser`][] module for FreeBSD only.
+
+#### Defined type: `apache::security::file_link`
+
+Links the `activated_rules` from [`apache::mod::security`][] to the respective CRS rules on disk.
 
 ### Templates
 
-The Apache module relies heavily on templates to enable the [`apache::vhost`][] and [`apache::mod`][] defined types. These templates are built based on [Facter][] facts that are specific to your operating system. Unless explicitly called out, most templates are not meant for configuration.
+The Apache module relies heavily on templates to enable the [`apache::vhost`][] and [`apache::mod`][] defined types. These templates are built based on [Facter][] facts specific to your operating system. Unless explicitly called out, most templates are not meant for configuration.
 
-### Tasks
-
-The Apache module has a task that allows a user to reload the Apache config without restarting the service. Please refer to to the [PE documentation](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html) or [Bolt documentation](https://puppet.com/docs/bolt/latest/bolt.html) on how to execute a task.
-
-<a id="limitations"></a>
 ## Limitations
 
-For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-apache/blob/main/metadata.json)
+### General
+
+This module is CI tested against both [open source Puppet][] and [Puppet Enterprise][] on:
+
+- CentOS 5 and 6
+- Ubuntu 12.04 and 14.04
+- Debian 7
+- RHEL 5, 6, and 7
+
+This module also provides functions for other distributions and operating systems, such as FreeBSD, Gentoo, and Amazon Linux, but is not formally tested on them and are subject to regressions.
 
 ### FreeBSD
 
@@ -841,7 +5089,6 @@ In order to use this module on FreeBSD, you _must_ use apache24-2.4.12 (www/apac
 On Gentoo, this module depends on the [`gentoo/puppet-portage`][] Puppet module. Although several options apply or enable certain features and settings for Gentoo, it is not a [supported operating system][] for this module.
 
 ### RHEL/CentOS
-
 The [`apache::mod::auth_cas`][], [`apache::mod::passenger`][], [`apache::mod::proxy_html`][] and [`apache::mod::shib`][] classes are not functional on RH/CentOS without providing dependency packages from extra repositories.
 
 See their respective documentation below for related repositories and packages.
@@ -852,7 +5099,7 @@ The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are u
 
 #### RHEL/CentOS 6
 
-The [`apache::mod::passenger`][] class is not installing, because the EL6 repository is missing compatible packages.
+The [`apache::mod::passenger`][] class is not installing, because the the EL6 repository is missing compatible packages.
 
 #### RHEL/CentOS 7
 
@@ -903,106 +5150,43 @@ apache::vhost { 'test.server':
 }
 ```
 
-**NOTE:** On RHEL 8, the SELinux packages contained in `policycoreutils-python` have been replaced by the `policycoreutils-python-utils` package.
-See [here](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/considerations_in_adopting_rhel_8/index#selinux-python3_security) for more details.
-
 You must set the contexts using `semanage fcontext` instead of `chcon` because Puppet's `file` resources reset the values' context in the database if the resource doesn't specify it.
 
+### Ubuntu 10.04
+
+The [`apache::vhost::WSGIImportScript`][] parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring.
+
 ### Ubuntu 16.04
 The [`apache::mod::suphp`][] class is untested since repositories are missing compatible packages.
 
-<a id="development"></a> 
 ## Development
 
+### Contributing
+
+[Puppet][] modules on the [Puppet Forge][] are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve.
+
+We want to make it as easy as possible to contribute changes so our modules work in your environment, but we also need contributors to follow a few guidelines to help us maintain and improve the modules' quality.
+
+For more information, please read the complete [module contribution guide][].
+
 ### Testing
 
-To run the unit tests, install the necessary gems:
+This project contains tests for both [rspec-puppet][] and [beaker-rspec][] to verify functionality. For detailed information on using these tools, please see their respective documentation.
+
+#### Testing quickstart: Ruby > 1.8.7
 
 ```
+gem install bundler
 bundle install
+bundle exec rake spec
+bundle exec rspec spec/acceptance
+RS_DEBUG=yes bundle exec rspec spec/acceptance
 ```
 
-And then execute the command:
+#### Testing quickstart: Ruby = 1.8.7
 
 ```
-bundle exec rake parallel_spec
+gem install bundler
+bundle install --without system_tests
+bundle exec rake spec
 ```
-
-To check the code coverage, run:
-
-```
-COVERAGE=yes bundle exec rake parallel_spec
-```
-
-
-
-Acceptance tests for this module leverage [puppet_litmus](https://github.com/puppetlabs/puppet_litmus).
-To run the acceptance tests follow the instructions [here](https://github.com/puppetlabs/puppet_litmus/wiki/Tutorial:-use-Litmus-to-execute-acceptance-tests-with-a-sample-module-(MoTD)#install-the-necessary-gems-for-the-module).
-You can also find a tutorial and walkthrough of using Litmus and the PDK on [YouTube](https://www.youtube.com/watch?v=FYfR7ZEGHoE).
-
-### Development Support
-If you run into an issue with this module, or if you would like to request a feature, please [file a ticket](https://tickets.puppetlabs.com/browse/MODULES/).
-Every Monday the Puppet IA Content Team has [office hours](https://puppet.com/community/office-hours) in the [Puppet Community Slack](http://slack.puppet.com/), alternating between an EMEA friendly time (1300 UTC) and an Americas friendly time (0900 Pacific, 1700 UTC).
-
-If you have problems getting this module up and running, please [contact Support](http://puppetlabs.com/services/customer-support).
-
-If you submit a change to this module, be sure to regenerate the reference documentation as follows:
-
-```bash
-puppet strings generate --format markdown --out REFERENCE.md
-```
-
-### Apache MOD Test & Support Lifecycle
-#### Adding Support for a new Apache MOD
-Support for new [Apache Modules] can be added under the [`apache::mod`] namespace.
-Acceptance tests should be added for each new [Apache Module][Apache Modules] added.
-Ideally, the acceptance tests should run on all compatible platforms that this module is supported on (see `metdata.json`), however there are cases when a more niche module is difficult to set up and install on a particular Linux distro.
-This could be for one or more of the following reasons:
-- Package not available in default repositories of distro
-- Package dependencies not available in default repositories of distro
-- Package (and/or its dependencies) are only available in a specific version of an OS
-
-In these cases, it is possible to exclude a module from a test platform using a specific tag, defined above the class declaration:
-```puppet
-# @note Unsupported platforms: OS: ver, ver; OS: ver, ver, ver; OS: all
-class apache::mod::foobar {
-...
-}
-```
-For example:
-```puppet
-# @note Unsupported platforms: RedHat: 5, 6; Ubuntu: 14.04; SLES: all; Scientific: 11 SP1
-class apache::mod::actions {
-...
-}
-```
-Please be aware of the following format guidelines for the tag:
-- All OS/Version declarations must be preceded with `@note Unsupported platforms:`
-- The tag must be declared ABOVE the class declaration (i.e. not as footer at the bottom of the file)
-- Each OS/Version declaration must be separated by semicolons (`;`)
-- Each version must be separated by a comma (`,`)
-- Versions CANNOT be declared in ranges (e.g. `RedHat:5-7`), they should be explicitly declared (e.g. `RedHat:5,6,7`)
-- However, to declare all versions of an OS as unsupported, use the word `all` (e.g. `SLES:all`)
-- OSs with word characters as part of their versions are acceptable (e.g. `Scientific: 11 SP1, 11 SP2, 12, 13`)
-- Spaces are permitted between OS/Version declarations and version numbers within a declaration
-- Refer to the `operatingsystem_support` values in the `metadata.json` to find the acceptable OS name and version syntax:
-  - E.g. `OracleLinux` OR `oraclelinux`, not: `Oracle` or `OraLinux`
-  - E.g. `RedHat` OR `redhat`, not: `Red Hat Enterprise Linux`, `RHEL`, or `Red Hat`
-
-If the tag is incorrectly formatted, a warning will be printed out at the end of the test run, indicating what tag(s) could not be parsed.
-This will not halt the execution of other tests.  
-
-Once the class is tagged, it is possible to exclude a test for that particular [Apache MOD][Apache Modules] using RSpec's filtering and a helper method:
-```ruby
-describe 'auth_oidc', if: mod_supported_on_platform('apache::mod::auth_openidc') do
-```
-The `mod_supported_on_platform` helper method takes the [Apache Module][Apache Modules] class definition as defined in the manifests under `manifest/mod`.
-
-This functionality can be disabled by setting the `DISABLE_MOD_TEST_EXCLUSION` environment variable.
-When set, all exclusions will be ignored.
-#### Test Support Lifecycle
-The puppetlabs-apache module supports a large number of compatible platforms and [Apache Modules][Apache modules].
-As a result, Apache Module tests can fail because a package or package dependency has been removed from a Linux distribution repository.
-The [IAC Team][IAC Team] will try to resolve these issues and keep instructions updated, but due to limited resources this won’t always be possible.
-In these cases, we will exclude test(s) from certain platforms.
-As always, we welcome help from our community members, and the IAC team is here to assist and answer questions.
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/Rakefile b/modules/services/unix/http/apache_stretch_compatible/apache/Rakefile
new file mode 100644
index 000000000..3994519d9
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/Rakefile
@@ -0,0 +1,38 @@
+require 'puppetlabs_spec_helper/rake_tasks'
+require 'puppet-lint/tasks/puppet-lint'
+require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any?
+
+PuppetLint.configuration.fail_on_warnings = true
+PuppetLint.configuration.send('relative')
+PuppetLint.configuration.send('disable_only_variable_string')
+
+desc 'Generate pooler nodesets'
+task :gen_nodeset do
+  require 'beaker-hostgenerator'
+  require 'securerandom'
+  require 'fileutils'
+
+  agent_target = ENV['TEST_TARGET']
+  if ! agent_target
+    STDERR.puts 'TEST_TARGET environment variable is not set'
+    STDERR.puts 'setting to default value of "redhat-64default."'
+    agent_target = 'redhat-64default.'
+  end
+
+  master_target = ENV['MASTER_TEST_TARGET']
+  if ! master_target
+    STDERR.puts 'MASTER_TEST_TARGET environment variable is not set'
+    STDERR.puts 'setting to default value of "redhat7-64mdcl"'
+    master_target = 'redhat7-64mdcl'
+  end
+
+  targets = "#{master_target}-#{agent_target}"
+  cli = BeakerHostGenerator::CLI.new([targets])
+  nodeset_dir = "tmp/nodesets"
+  nodeset = "#{nodeset_dir}/#{targets}-#{SecureRandom.uuid}.yaml"
+  FileUtils.mkdir_p(nodeset_dir)
+  File.open(nodeset, 'w') do |fh|
+    fh.print(cli.execute)
+  end
+  puts nodeset
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/apache.pp b/modules/services/unix/http/apache_stretch_compatible/apache/apache.pp
index 0c63066b8..88ea25494 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/apache.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/apache.pp
@@ -15,15 +15,4 @@
 
 class { 'apache':
   mpm_module => 'prefork'
-}
-
-exec { 'apache2-systemd-reload':
-  command     => 'systemctl daemon-reload; systemctl enable apache2',
-  path        => [ '/usr/bin', '/bin', '/usr/sbin' ],
-}
-#->
-#service { 'apache2':
-#  ensure   => running,
-#  provider => systemd,
-#  enable   => true,
-#}
+}
\ No newline at end of file
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/checksums.json b/modules/services/unix/http/apache_stretch_compatible/apache/checksums.json
new file mode 100644
index 000000000..c52d59c2a
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/checksums.json
@@ -0,0 +1,346 @@
+{
+  "CHANGELOG.md": "d5da65931d19f0aabf13a428dc56bc0c",
+  "CONTRIBUTING.md": "77d0440d7cd4206497f99065c60bed46",
+  "Gemfile": "bedf635025b279d7c7732adcc8ae9a29",
+  "LICENSE": "3b83ef96387f14655fc854ddc3c6bd57",
+  "MAINTAINERS.md": "6508b1d302b38186425992a66186c060",
+  "NOTICE": "b7760cf49f58b80b31df83244cc0fbd0",
+  "README.md": "b9a192cdc9ddecd060bc011a76df4b81",
+  "Rakefile": "a49b6653243c678ed33c8870db467d89",
+  "examples/apache.pp": "41e97262421ea5734fac16a338701a78",
+  "examples/dev.pp": "8da0d50d9d06834dd06329b8945f06d5",
+  "examples/init.pp": "d27415f33028c26d4031d30305eec5e0",
+  "examples/mod_load_params.pp": "e8d1c1b1b96d560c8288c51a76bffc87",
+  "examples/mods.pp": "78a25c9e226265353eabefd3ddfd4218",
+  "examples/mods_custom.pp": "bc9e6959c282984cf9cdd93869c89499",
+  "examples/php.pp": "afa0871b94040e3ae91fce9c375fb725",
+  "examples/vhost.pp": "27d808964b43d157de5ce8f47b441b46",
+  "examples/vhost_directories.pp": "95aa446a2fccf9f3561581a5d71c61a7",
+  "examples/vhost_filter.pp": "62c5af7868af9887b7d71769c319c1e5",
+  "examples/vhost_ip_based.pp": "7a4d4c1c00147c45e4534f58d2fbf4ed",
+  "examples/vhost_proxypass.pp": "2f0bd33b34a48554adcdf20d6d31a4c2",
+  "examples/vhost_ssl.pp": "ddd3c45964df56837d6c051a7d692378",
+  "examples/vhosts_without_listen.pp": "226afb3e87129a56fc9add21b120feb2",
+  "files/httpd": "295f5e924afe6f752d29327e73fe6d0a",
+  "lib/facter/apache_version.rb": "babb22b1d567021995b4b5fa9328047b",
+  "lib/puppet/parser/functions/bool2httpd.rb": "05d5deeb6e0c31acee7c55b249ec8e06",
+  "lib/puppet/parser/functions/validate_apache_log_level.rb": "d75bc4ef17ff5c9a1f94dd3948e733d1",
+  "lib/puppet/provider/a2mod/a2mod.rb": "d986d8e8373f3f31c97359381c180628",
+  "lib/puppet/provider/a2mod/gentoo.rb": "2492d446adbb68f678e86a75eb7ff3bd",
+  "lib/puppet/provider/a2mod/modfix.rb": "b689a1c83c9ccd8590399c67f3e588e5",
+  "lib/puppet/provider/a2mod/redhat.rb": "c39b80e75e7d0666def31c2a6cdedb0b",
+  "lib/puppet/provider/a2mod.rb": "03ed73d680787dd126ea37a03be0b236",
+  "lib/puppet/type/a2mod.rb": "9042ccc045bfeecca28bebb834114f05",
+  "locales/config.yaml": "ca04e502d031649d4aaa40d1803ade8b",
+  "locales/puppetlabs-apache.pot": "4bd09a821333cf6c272a64e944ef4e01",
+  "manifests/balancer.pp": "b444ff1415ba0bd6c8ec1497bcc9cfb3",
+  "manifests/balancermember.pp": "d74ab23d74fa198853b13ad837df925c",
+  "manifests/confd/no_accf.pp": "406d0ca41c3b90f83740ca218dc3f484",
+  "manifests/custom_config.pp": "357badc11586c8bb726f2a36364c0932",
+  "manifests/default_confd_files.pp": "86fdbe5773abb7c2da26db096973865c",
+  "manifests/default_mods/load.pp": "bc0b3b65edd1ba6178c09672352f9bce",
+  "manifests/default_mods.pp": "e4a7aa787443fce2e76c37e8fec99012",
+  "manifests/dev.pp": "8a7ead42f991e5dfdd364ba1aa1304e0",
+  "manifests/fastcgi/server.pp": "f177293f02a2878b43a863e8ab3015db",
+  "manifests/init.pp": "5d0b9eccf800e4c0b293bed68571c4ec",
+  "manifests/listen.pp": "6e44a9f49376cefb5694d52be5bc5a88",
+  "manifests/mod/actions.pp": "ec2a5d1cf54790204750f9b67938d230",
+  "manifests/mod/alias.pp": "1ef0d98a941bd796d428297b74acc8c4",
+  "manifests/mod/auth_basic.pp": "dffef6ff10145393cb78fcaa27220c53",
+  "manifests/mod/auth_cas.pp": "f2e61e67393a998a19f8b34506e07e0d",
+  "manifests/mod/auth_kerb.pp": "8759cab3dc12d6ba4cc12fcdbb699418",
+  "manifests/mod/auth_mellon.pp": "5bfbc604dd79923bdb65ecab02353059",
+  "manifests/mod/authn_core.pp": "4db773ddbc0d875230085782d4521951",
+  "manifests/mod/authn_dbd.pp": "8f03863a483184ca53b9bc3a45b2297f",
+  "manifests/mod/authn_file.pp": "eeb11513490beee901574746faaeabdf",
+  "manifests/mod/authnz_ldap.pp": "5fb4b52f54daf03358e08cde676ea4fc",
+  "manifests/mod/authnz_pam.pp": "9f99d93e289a2db42c74046c8ae1889f",
+  "manifests/mod/authz_default.pp": "b7c94cfa4e008155fffd241d35834064",
+  "manifests/mod/authz_user.pp": "d446c90c44304594206bd2a0112be625",
+  "manifests/mod/autoindex.pp": "3b50dc082dba420c3d564309601fd419",
+  "manifests/mod/cache.pp": "b56d68b9401ba3e02a1f2fe55cdfbcca",
+  "manifests/mod/cgi.pp": "731ed7bce75628afeb78afd3fa2fd793",
+  "manifests/mod/cgid.pp": "fb9ae9b5012d41e22cb85c0b50e17361",
+  "manifests/mod/cluster.pp": "8b67026e9a6a4bdc6a2481613896ded1",
+  "manifests/mod/dav.pp": "9df80d36dd609be9032a8260aa9d10c1",
+  "manifests/mod/dav_fs.pp": "9ad2359d64b0b6f219bd8a338917d114",
+  "manifests/mod/dav_svn.pp": "abc1ba954033b0b0187c079f310eb0e2",
+  "manifests/mod/dbd.pp": "4471dbd9fd67d0db885d4ba2a47a194a",
+  "manifests/mod/deflate.pp": "20231a22aba12eb905f1d7f1853e383e",
+  "manifests/mod/dev.pp": "42673bab60b6fc0f3aa6e2357ec0a27c",
+  "manifests/mod/dir.pp": "75039bc8c77b9b82fa12fc5aa1061291",
+  "manifests/mod/disk_cache.pp": "da18cbefced9bb32fc009e999c5b76e2",
+  "manifests/mod/dumpio.pp": "5492a7249450a7fdf335ecb0c3b948f4",
+  "manifests/mod/env.pp": "2a0321180a59161565b2b5f1b79d6b15",
+  "manifests/mod/event.pp": "a82a7ab979cc351eb660576bdc91d0e8",
+  "manifests/mod/expires.pp": "6f12edcf6863958af832db73b56e5f08",
+  "manifests/mod/ext_filter.pp": "287966c2c0fd450c72a1c9ef88a0e155",
+  "manifests/mod/fastcgi.pp": "96a3fcf0508a7eb8c9601eac329622eb",
+  "manifests/mod/fcgid.pp": "96e0a5f09c2d1ba21b2209a6e21b6847",
+  "manifests/mod/filter.pp": "b0039f3ae932b1204994ef2180dd76d2",
+  "manifests/mod/geoip.pp": "41762c637ab45dac05e564d1b3d03c3e",
+  "manifests/mod/headers.pp": "ef3de538a0a4c9406236faf43eb89710",
+  "manifests/mod/include.pp": "a3b66eda88e38d90825c16b834bacd8d",
+  "manifests/mod/info.pp": "c3e815ed9912bb9147805f7274508489",
+  "manifests/mod/intercept_form_submit.pp": "b3e55433272082bac1e7a5334df3b01f",
+  "manifests/mod/itk.pp": "f631157ebdff68b6fc2bb6dbd5b8e8c4",
+  "manifests/mod/ldap.pp": "319e62a24e30221e691b9cf85a6288e1",
+  "manifests/mod/lookup_identity.pp": "a3fd01d395ea09ec1488494fd077dd7b",
+  "manifests/mod/mime.pp": "24fe99c65367a3f606441605a2ff26dd",
+  "manifests/mod/mime_magic.pp": "d31702cee9007c2e65c8d3ccbed1fda3",
+  "manifests/mod/negotiation.pp": "35fb1e9fa643054271804e215bb47299",
+  "manifests/mod/nss.pp": "3cc69b59bba579181b0ceb1dfd2976d0",
+  "manifests/mod/pagespeed.pp": "1fcf4c30084bd1e4fa3006b4d3265c1a",
+  "manifests/mod/passenger.pp": "f1a4609f61e30fc839ad7f4b668a750b",
+  "manifests/mod/perl.pp": "b8180ca0e1e7f8d60030321f52c28d6d",
+  "manifests/mod/peruser.pp": "13761222709094653bca7bad4435fcdb",
+  "manifests/mod/php.pp": "b6d383242b3c52a2543f8f477ff308a0",
+  "manifests/mod/prefork.pp": "3deff89f43a1f55dda643ac66e3fc4dc",
+  "manifests/mod/proxy.pp": "a65065f0c7705b7b75b1dd6fc2222e27",
+  "manifests/mod/proxy_ajp.pp": "073e2406aea7822750d4c21f02d8ac80",
+  "manifests/mod/proxy_balancer.pp": "c717e51517043084854b26c89d7b99d9",
+  "manifests/mod/proxy_connect.pp": "7cd9b4b61ec6feb020f753ee74910a48",
+  "manifests/mod/proxy_fcgi.pp": "8c7fd559419b159e27218a17463d850d",
+  "manifests/mod/proxy_html.pp": "aa012e927e20d3f7734fdc026491fd20",
+  "manifests/mod/proxy_http.pp": "0db1b26f8b4036b0d46ba86b7eaac561",
+  "manifests/mod/proxy_wstunnel.pp": "88ee88d6d56a70f0000e690f80f64acb",
+  "manifests/mod/python.pp": "6f65b22271cf356832fe7a1949163861",
+  "manifests/mod/remoteip.pp": "9ad1d5712477f11ae2643f209bb08ce3",
+  "manifests/mod/reqtimeout.pp": "17b245b5d14f3f7b8c1d5fa07e5c159e",
+  "manifests/mod/rewrite.pp": "292f2d6ce2078fa9df7f686105ea7b95",
+  "manifests/mod/rpaf.pp": "54991f51a06e2b4171956e6ce1caf3a3",
+  "manifests/mod/security.pp": "b5ed320cbcce30b79557dd38941d339b",
+  "manifests/mod/setenvif.pp": "fa3b3e5f3a7e029f9db5b66ae499c6c8",
+  "manifests/mod/shib.pp": "8b75f8818fe9dc5728a478fc27962447",
+  "manifests/mod/socache_shmcb.pp": "c94ae23ab8cce744acad2f7e33dbfa9c",
+  "manifests/mod/speling.pp": "b6971e10caf22837e410b94910b66b1a",
+  "manifests/mod/ssl.pp": "ed4255fa17a174ce02fd8eef399c0ae1",
+  "manifests/mod/status.pp": "75d19ef4dde3529359d080c6607926f0",
+  "manifests/mod/suexec.pp": "2a8671856a0ece597e9b57867dc35e76",
+  "manifests/mod/suphp.pp": "5a7390ef0a0ceaa2d7e684bcb6300587",
+  "manifests/mod/userdir.pp": "8cce2ae6536eab6b809c63cb6ed59c55",
+  "manifests/mod/version.pp": "6cb31057ebffa796f95642cc95f9499d",
+  "manifests/mod/vhost_alias.pp": "ee1225a748daaf50aca39a6d93fb8470",
+  "manifests/mod/worker.pp": "41137580c48b89f2795c1295d87962c0",
+  "manifests/mod/wsgi.pp": "adcaac9e490512a58d0e6070904c85d2",
+  "manifests/mod/xsendfile.pp": "fba06f05a19c466654aca5ecaa705bf0",
+  "manifests/mod.pp": "405f340daea9c50913904818ca4041d7",
+  "manifests/mpm.pp": "d4bfe77df34110cb253557104b2e6310",
+  "manifests/namevirtualhost.pp": "5ad54a441ff26a55cc536069d8fad238",
+  "manifests/package.pp": "ebd1e1e815ef744ebd4e9d8a6c94a07a",
+  "manifests/params.pp": "605e33b78b4eb131ac9e9bad335ce88f",
+  "manifests/peruser/multiplexer.pp": "0ea75341b7a93e55bcfb431a93b1a6c9",
+  "manifests/peruser/processor.pp": "62f0ad5ed2ec36dadc7f40ad2a9e1bb9",
+  "manifests/php.pp": "9c9d07e12bf5d112b0b54f5bd69046fc",
+  "manifests/proxy.pp": "7c8515b88406922e148322ee15044b29",
+  "manifests/python.pp": "ddef4cd73850fdc2dc126d4579c30adf",
+  "manifests/security/rule_link.pp": "9c879ecfd7534347ccc8cf3ea77fa859",
+  "manifests/service.pp": "9984fd2cfd49cea0b8db61f7cc3c1c4b",
+  "manifests/ssl.pp": "173f3d6a7fd2b5f4100c4ff03d84e13b",
+  "manifests/version.pp": "3388b1978b04cba63ed7fc8e2ec3f692",
+  "manifests/vhost/custom.pp": "421081f6c4f33e1aca07ff789e53345e",
+  "manifests/vhost.pp": "707b86ad96804fed2413ef6366ac43b4",
+  "manifests/vhosts.pp": "d5cd9e6b701b7b2948c011546bc55497",
+  "metadata.json": "f9025597336b7ffb8631e1c5949985ae",
+  "spec/acceptance/apache_parameters_spec.rb": "d8d8f53c76a65558f189a33ef063976a",
+  "spec/acceptance/apache_ssl_spec.rb": "9cddf1b1b3a4ed2fe971fabe8785e9ed",
+  "spec/acceptance/class_spec.rb": "9d77ee23b734dd48ecea4353dee3d616",
+  "spec/acceptance/custom_config_spec.rb": "61e03d814d0671d194dd40e6b1ad5c9b",
+  "spec/acceptance/default_mods_spec.rb": "2481bfa99dd34e15f2b4c7eed194635f",
+  "spec/acceptance/itk_spec.rb": "812c855013c08ebb13e642dc5199b41a",
+  "spec/acceptance/mod_dav_svn_spec.rb": "e792a6d585026dd7bded38e62c8786f6",
+  "spec/acceptance/mod_deflate_spec.rb": "dd39bfb069e0233bf134caaeb1dc6fe6",
+  "spec/acceptance/mod_fcgid_spec.rb": "ef0e3368ea14247c05ff43217b5856ee",
+  "spec/acceptance/mod_mime_spec.rb": "0869792d98c1b2577f02d97c92f1765e",
+  "spec/acceptance/mod_negotiation_spec.rb": "017f6b0cc1496c25aa9b8a33ef8dbbb3",
+  "spec/acceptance/mod_pagespeed_spec.rb": "23256a41b700fc92a96edf34a16be499",
+  "spec/acceptance/mod_passenger_spec.rb": "a66264ef73ad6c5396a06ab9b5444c7c",
+  "spec/acceptance/mod_php_spec.rb": "98bc1ff97a36de86d5a1b800b2afd7a6",
+  "spec/acceptance/mod_proxy_html_spec.rb": "34478fc2f12a23cd5a95d424f85da150",
+  "spec/acceptance/mod_security_spec.rb": "c783d44cf3ccba2fa6a3c14de0e486a0",
+  "spec/acceptance/mod_suphp_spec.rb": "f5c1f21e4c5323b81afc354c82e7ceb9",
+  "spec/acceptance/nodesets/centos-7-x64.yml": "a713f3abd3657f0ae2878829badd23cd",
+  "spec/acceptance/nodesets/debian-8-x64.yml": "d2d2977900989f30086ad251a14a1f39",
+  "spec/acceptance/nodesets/default.yml": "b42da5a1ea0c964567ba7495574b8808",
+  "spec/acceptance/nodesets/docker/centos-7.yml": "8a3892807bdd62306ae4774f41ba11ae",
+  "spec/acceptance/nodesets/docker/debian-8.yml": "ac8e871d1068c96de5e85a89daaec6df",
+  "spec/acceptance/nodesets/docker/ubuntu-14.04.yml": "dc42ee922a96908d85b8f0f08203ce58",
+  "spec/acceptance/nodesets/suse.yml": "eff62186e4de2ffed45a72a375380338",
+  "spec/acceptance/prefork_worker_spec.rb": "1570eefe61d667a1b43824adc0b2bb78",
+  "spec/acceptance/service_spec.rb": "341f157cb33fa48d5166d2274ad3bc65",
+  "spec/acceptance/version.rb": "6a1f2db3e369f3dc2b5bd76f4921891a",
+  "spec/acceptance/vhost_spec.rb": "ac0e99a6dfbe8faa2837bf2356fdda7d",
+  "spec/acceptance/vhosts_spec.rb": "c9635037681d569a053da6eb7ae5f4f4",
+  "spec/classes/apache_spec.rb": "c75f9bf2fedf99c4d478536d3786223c",
+  "spec/classes/dev_spec.rb": "6bc9ff7cffb77aac52c5bd3acc157d2d",
+  "spec/classes/mod/alias_spec.rb": "e62706d9925b0dc1821db78d01986a7e",
+  "spec/classes/mod/auth_cas_spec.rb": "46a7ba3fe31d3fc6175b8dce5105326e",
+  "spec/classes/mod/auth_kerb_spec.rb": "d281ff13b8989d759bd7fcdb599a882a",
+  "spec/classes/mod/auth_mellon_spec.rb": "81d3ea4b7567718ca810b625fd36d231",
+  "spec/classes/mod/authn_dbd_spec.rb": "8c794faaa5244e16f432c76679cb12d7",
+  "spec/classes/mod/authnz_ldap_spec.rb": "bef6980f85489c5fd7388511cb65b644",
+  "spec/classes/mod/authnz_pam_spec.rb": "71759e9ab2dd8aeefeb4d79e3349e67e",
+  "spec/classes/mod/cluster_spec.rb": "c1d01cc4a4f9ce10d692294019791e2f",
+  "spec/classes/mod/dav_svn_spec.rb": "6b3c4123a067e249f6c78c5b0cbcbcc7",
+  "spec/classes/mod/deflate_spec.rb": "adf6e41357fefe4ff1128e8fea4d3057",
+  "spec/classes/mod/dev_spec.rb": "1a30ef5fb18073fd2bf6f7923ff9c57f",
+  "spec/classes/mod/dir_spec.rb": "9e25507c094cb3b2fe6eb1106668b484",
+  "spec/classes/mod/disk_cache_spec.rb": "e821fa50ace7ab3398c43b16034748e9",
+  "spec/classes/mod/dumpio_spec.rb": "689d167b05e669c29709fc36940e7b05",
+  "spec/classes/mod/event_spec.rb": "46a304c796ac3928be0a67bec1f46b4f",
+  "spec/classes/mod/expires_spec.rb": "0d27e3438627f2ad34abacf582fb8b0b",
+  "spec/classes/mod/ext_filter_spec.rb": "7af18fdf1376f17e68dc99e5627ba067",
+  "spec/classes/mod/fastcgi_spec.rb": "59f7ea857b0fa614e8808270c529300f",
+  "spec/classes/mod/fcgid_spec.rb": "bda06cc347a8da8d7c7374add2654248",
+  "spec/classes/mod/info_spec.rb": "d51c6a9e6ae4d944488a43c8c15b95c0",
+  "spec/classes/mod/intercept_form_submit_spec.rb": "2e7087360a57f6ccf88b80239ca5056e",
+  "spec/classes/mod/itk_spec.rb": "622f23a1346383846cbc98e38388034d",
+  "spec/classes/mod/ldap_spec.rb": "12863d495558fbe9f6cb7a50ab37688c",
+  "spec/classes/mod/lookup_identity.rb": "97997c0a2e7a1b717426b5845df604ee",
+  "spec/classes/mod/mime_magic_spec.rb": "259304a80e92e4ba15e7cd719fe25c17",
+  "spec/classes/mod/mime_spec.rb": "d946fb96659b67bf7117ad7ed4b25cce",
+  "spec/classes/mod/negotiation_spec.rb": "44d50f7e6ef8c6388baa4c7cfc07be43",
+  "spec/classes/mod/pagespeed_spec.rb": "56bd7d82920cb734ea8139c9fed97de7",
+  "spec/classes/mod/passenger_spec.rb": "e8daaeafddd8b8ac33800c04a93b5c03",
+  "spec/classes/mod/perl_spec.rb": "1daa227f563ac19ff8dcdea0d0005ec4",
+  "spec/classes/mod/peruser_spec.rb": "c379ce85a997789856b12c27957bf994",
+  "spec/classes/mod/php_spec.rb": "2cc1a1d5d097be26eef3139b4e8eafaf",
+  "spec/classes/mod/prefork_spec.rb": "d82f0f25691ba019b912cd000dbb845f",
+  "spec/classes/mod/proxy_balancer_spec.rb": "c0bd0c3ebf39d7c66120b3837551f6b1",
+  "spec/classes/mod/proxy_connect_spec.rb": "baef920356c839b698c2adb865e79b5f",
+  "spec/classes/mod/proxy_html_spec.rb": "c6fc0e6b0cbcd3d5f9e65d533366ee32",
+  "spec/classes/mod/proxy_wstunnel.rb": "69bcef5e88aeb115290d8428186c80ec",
+  "spec/classes/mod/python_spec.rb": "5ca2dd0829b7baa1022c551b66548b20",
+  "spec/classes/mod/remoteip_spec.rb": "f9bf0bc64fef6d570f7b798ceef0d598",
+  "spec/classes/mod/reqtimeout_spec.rb": "2af2919e8253100fbc2e001d30a5cd15",
+  "spec/classes/mod/rpaf_spec.rb": "5c4725a4bcab9339d7309765390aaed1",
+  "spec/classes/mod/security_spec.rb": "f2e41f16ff5e8aa8f4709cab68a7cf5e",
+  "spec/classes/mod/shib_spec.rb": "b4ec345e387f8d7186048f5d286bb71d",
+  "spec/classes/mod/speling_spec.rb": "96919b9fbd1e894fcfd649044c3dafb5",
+  "spec/classes/mod/ssl_spec.rb": "9c9fe05b815405d4e7fbb095e01d7d2a",
+  "spec/classes/mod/status_spec.rb": "1eeaf906baf6ca82bf24c4e23494c71c",
+  "spec/classes/mod/suphp_spec.rb": "cc7c02c42e985aa133f9d868e14d9435",
+  "spec/classes/mod/userdir_spec.rb": "648ab42ba4113b31712ecf8d9ec485e0",
+  "spec/classes/mod/worker_spec.rb": "c326e36fbcfe9f0c59dc1db389a33926",
+  "spec/classes/mod/wsgi_spec.rb": "902251d74d6d3c821f460b620158295b",
+  "spec/classes/params_spec.rb": "adbd9f0dee677ea9439b9ce0d620894f",
+  "spec/classes/service_spec.rb": "0709833b94c1a3fbd13b73042fa84967",
+  "spec/classes/vhosts_spec.rb": "9baf23eb534e944a1bd593e72dd3050e",
+  "spec/defines/balancer_spec.rb": "8793815eb22b5190977b154fcd97e85e",
+  "spec/defines/balancermember_spec.rb": "e93ded8b51cc1d73e52f453880b3576e",
+  "spec/defines/custom_config_spec.rb": "cd4ee6803b79a844442107ac385cc833",
+  "spec/defines/fastcgi_server_spec.rb": "8e167c1525cb9a7473efdde01efe0ca3",
+  "spec/defines/mod_spec.rb": "a10e5b2570419737c03cd0f6347cc985",
+  "spec/defines/modsec_link_spec.rb": "3421b21f8234637dd1c32ebcf89e44c3",
+  "spec/defines/vhost_custom_spec.rb": "d5596a7a0c239d4c0ed8bebbb6a124ab",
+  "spec/defines/vhost_spec.rb": "b338a9fe8d5bd1f2002025905c2c4a74",
+  "spec/fixtures/files/negotiation.conf": "9c11872e26327ec880749b5dfdea25d6",
+  "spec/fixtures/files/spec": "e964ecac35c35baa9b4c57dac4ff5b3e",
+  "spec/fixtures/site_apache/templates/fake.conf.erb": "6b0431dd0b9a0bf803eb0684300c2cff",
+  "spec/fixtures/templates/negotiation.conf.erb": "c838e612ce6f82a5efd12871ad562011",
+  "spec/spec_helper.rb": "b2db3bc02b4ac2fd5142a6621c641b07",
+  "spec/spec_helper_acceptance.rb": "97b5d5677a368ac97cdc3ae2ab5e204f",
+  "spec/spec_helper_local.rb": "1b6ccd9b2f6946b81560239881774e94",
+  "spec/unit/apache_version_spec.rb": "c9d7b8ab46fb21d370702f02088281a2",
+  "spec/unit/provider/a2mod/gentoo_spec.rb": "02f7510cbf4945c5e1094ebcb967c8e0",
+  "spec/unit/puppet/parser/functions/bool2httpd_spec.rb": "0c9bca53eb43b5fc888126514b2a174c",
+  "spec/unit/puppet/parser/functions/validate_apache_log_level.rb": "8f558fd81d1655e9ab20896152eca512",
+  "templates/confd/no-accf.conf.erb": "a614f28c4b54370e4fa88403dfe93eb0",
+  "templates/fastcgi/server.erb": "30cdd04393bdb4f68678d00e2930721b",
+  "templates/httpd.conf.erb": "3667dc46bedcfd2b79f82570b1063623",
+  "templates/listen.erb": "6286aa08f9e28caee54b1e1ee031b9d6",
+  "templates/mod/alias.conf.erb": "370e9d394dd462d3ebc0dd345ab68f6f",
+  "templates/mod/auth_cas.conf.erb": "35e1291a5fa05067d7623c02bafb0ada",
+  "templates/mod/auth_mellon.conf.erb": "4e17d22a8f1bc312e976e8513199c945",
+  "templates/mod/authn_dbd.conf.erb": "7a84f5d3b3a4b92a88fe052b13376f8e",
+  "templates/mod/authnz_ldap.conf.erb": "2262e6d90ae81f2b732bbf0163006c59",
+  "templates/mod/autoindex.conf.erb": "2421a3c6df32c7e38c2a7a22afdf5728",
+  "templates/mod/cgid.conf.erb": "f8ce27d60bc495bab16de2696ebb2fd0",
+  "templates/mod/cluster.conf.erb": "9e92178f1d45193868e41e7fe1a06976",
+  "templates/mod/dav_fs.conf.erb": "10c1131168e35319e22b3fbfe51aebfd",
+  "templates/mod/deflate.conf.erb": "e866ecf2bfe8e42ea984267f569723db",
+  "templates/mod/dir.conf.erb": "2485da78a2506c14bf51dde38dd03360",
+  "templates/mod/disk_cache.conf.erb": "48d1b54ec1dedea7f68451bc0774790e",
+  "templates/mod/dumpio.conf.erb": "260a03d5f5b450095a5374690fbb34b2",
+  "templates/mod/event.conf.erb": "5e4095242d8e5dd99fe0823cfa2f1434",
+  "templates/mod/expires.conf.erb": "7a77f8b1d50c53ee77a6cb798c51a2b9",
+  "templates/mod/ext_filter.conf.erb": "4e4e4143ab402a9f9d51301b1a192202",
+  "templates/mod/fastcgi.conf.erb": "2404caa7d91dea083fc4f8b6f18acd24",
+  "templates/mod/fcgid.conf.erb": "1780c7808bb3811deaf0007c890df4dc",
+  "templates/mod/geoip.conf.erb": "93b95f44ec733ee8231be82381e02782",
+  "templates/mod/info.conf.erb": "c8580f35594e8f76da9c961def618739",
+  "templates/mod/itk.conf.erb": "eff84b78e4f2f8c5c3a2e9fc4b8aad16",
+  "templates/mod/ldap.conf.erb": "03ef6f461e4778342e6b94b8b4f3cd3a",
+  "templates/mod/load.erb": "01132434e6101080c41548b0ba7e57d8",
+  "templates/mod/mime.conf.erb": "2fa5a10d06ff979de1d5d2544586ab45",
+  "templates/mod/mime_magic.conf.erb": "067c3180b4216439b039822114144e78",
+  "templates/mod/mpm_event.conf.erb": "80097a19d063a4f973465d9ef5c0c0bf",
+  "templates/mod/negotiation.conf.erb": "a2f0fb40cd038cb17bedc2b84d9f48ea",
+  "templates/mod/nss.conf.erb": "03a7a3721b19706e00df00e457c5df69",
+  "templates/mod/pagespeed.conf.erb": "d1d8dfb00e528aab10a24518c7f148a6",
+  "templates/mod/passenger.conf.erb": "81512838f2fb7f01bf7fd674f023d086",
+  "templates/mod/peruser.conf.erb": "c4f4054aee899249ea6fef5a9e5c14ff",
+  "templates/mod/php.conf.erb": "c535da6adea16bdcb0586260eedf8c93",
+  "templates/mod/prefork.conf.erb": "f9ec5a7eaea78a19b04fa69f8acd8a84",
+  "templates/mod/proxy.conf.erb": "33a6a57edd324ba56e879a7b077ecf08",
+  "templates/mod/proxy_balancer.conf.erb": "a9f8d51a2a7169e5fd0c8415a3f9c662",
+  "templates/mod/proxy_html.conf.erb": "1236e21e77bcc077dd71dbef98c911c7",
+  "templates/mod/remoteip.conf.erb": "ad58e174410e3ff46ff93d4ad1e7b8a0",
+  "templates/mod/reqtimeout.conf.erb": "314ef068b786ae5afded290a8b6eab15",
+  "templates/mod/rpaf.conf.erb": "5447539c083ae54f3a9e93c1ac8c988b",
+  "templates/mod/security.conf.erb": "e309716298ed8709df5496c27d47fe36",
+  "templates/mod/security_crs.conf.erb": "5c7bc134c0675d75b66a5c8faaf11eb6",
+  "templates/mod/setenvif.conf.erb": "c7ede4173da1915b7ec088201f030c28",
+  "templates/mod/ssl.conf.erb": "f88b0d03bbbc9b0773475434a2ef0f93",
+  "templates/mod/status.conf.erb": "574ecc6f74e8b75d84710a44c4260210",
+  "templates/mod/suphp.conf.erb": "05bb7b3ea23976b032ce405bfd4edd18",
+  "templates/mod/userdir.conf.erb": "5d0185dc69bc30849bc1a2f63f652b74",
+  "templates/mod/worker.conf.erb": "dc4c7049af7312f5e82b3e72e8fccdfd",
+  "templates/mod/wsgi.conf.erb": "ba2ba5a5699889626f4bc7f5604070b0",
+  "templates/namevirtualhost.erb": "fbfca19a639e18e6c477e191344ac8ae",
+  "templates/ports_header.erb": "afe35cb5747574b700ebaa0f0b3a626e",
+  "templates/vhost/_access_log.erb": "522414033856b19a50a7ebb1c729438a",
+  "templates/vhost/_action.erb": "a004dfcac2e63cef65cf8aa0e270b636",
+  "templates/vhost/_additional_includes.erb": "10e9c0056e962c49459839a1576b082e",
+  "templates/vhost/_aliases.erb": "6412f695e911feac18986da38f290dae",
+  "templates/vhost/_allow_encoded_slashes.erb": "37dee0b6fe9287342a10b533955dff81",
+  "templates/vhost/_auth_cas.erb": "96fb19c558e7e187fe9160f00f39061c",
+  "templates/vhost/_auth_kerb.erb": "3d0de0c3066440dffcbc75215174705b",
+  "templates/vhost/_block.erb": "8fa2f970222dbc0a38898b5a0ab80411",
+  "templates/vhost/_charsets.erb": "d152b6a7815e9edc0fe9bf9acbe2f1ec",
+  "templates/vhost/_custom_fragment.erb": "325ff48cefc06db035daa3491c391a88",
+  "templates/vhost/_directories.erb": "cb400adc888ef3632e155b700c2117aa",
+  "templates/vhost/_docroot.erb": "65d882a3c9d6b6bdd2f9b771f378035a",
+  "templates/vhost/_error_document.erb": "81d3007c1301a5c5f244c082cfee9de2",
+  "templates/vhost/_fallbackresource.erb": "e6c103bee7f6f76b10f244fc9fd1cd3b",
+  "templates/vhost/_fastcgi.erb": "e6d743e11b776e155dc4f80c602fb7e1",
+  "templates/vhost/_file_footer.erb": "e27b2525783e590ca1820f1e2118285d",
+  "templates/vhost/_file_header.erb": "7c3c04eb4ac67403604113e2628696cf",
+  "templates/vhost/_filters.erb": "597b9de5ae210af9182a1c95172115e7",
+  "templates/vhost/_header.erb": "9eb9d4075f288183d8224ddec5b2f126",
+  "templates/vhost/_http_protocol_options.erb": "9df9dec592fdb8fb4ab4abf7227cef9c",
+  "templates/vhost/_itk.erb": "8bf90b9855a9277f7a665b10f6c57fe9",
+  "templates/vhost/_jk_mounts.erb": "ce997ee7b5602af04062cd5f785da345",
+  "templates/vhost/_keepalive_options.erb": "16876858bac1e55b13545866b0428d90",
+  "templates/vhost/_logging.erb": "5bc4cbb1bc8a292acc0ba0420f96ca4e",
+  "templates/vhost/_passenger.erb": "2c720e3c849f81898be5f3822a3f67be",
+  "templates/vhost/_passenger_base_uris.erb": "c8d7f4da1434078e856c72671942dcd8",
+  "templates/vhost/_php.erb": "a16a9f3e146ce463481205e083d4bf79",
+  "templates/vhost/_php_admin.erb": "107a57e9e7b3f86d1abcf743f672a292",
+  "templates/vhost/_proxy.erb": "18b9bbb791d248179a08eb36ab895e12",
+  "templates/vhost/_rack.erb": "ebe187c1bdc81eec9c8e0d9026120b18",
+  "templates/vhost/_redirect.erb": "2d40ece74203cc00b861a058db91962c",
+  "templates/vhost/_requestheader.erb": "db1b0cdda069ae809b5b83b0871ef991",
+  "templates/vhost/_require.erb": "932106f2c9ea604bba4ace78d22bdfee",
+  "templates/vhost/_rewrite.erb": "b7858eac95352744196006b57d4091df",
+  "templates/vhost/_scriptalias.erb": "98713f33cca15b22c749bd35ea9a7b41",
+  "templates/vhost/_security.erb": "0ade536a9d25342e7128996add04be56",
+  "templates/vhost/_serveralias.erb": "95fed45853629924467aefc271d5b396",
+  "templates/vhost/_serversignature.erb": "9bf5a458783ab459e5043e1cdf671fa7",
+  "templates/vhost/_setenv.erb": "6e6a7efb1b168da9673c9e6d00eadec5",
+  "templates/vhost/_ssl.erb": "788b293b65736aead0007fe3bc52448b",
+  "templates/vhost/_sslproxy.erb": "8ab477ac3aa325e46f07b3fbf188303f",
+  "templates/vhost/_suexec.erb": "f2b3f9b9ff8fbac4e468e02cd824675a",
+  "templates/vhost/_suphp.erb": "a1c4a5e4461adbfce870df0abd158b59",
+  "templates/vhost/_wsgi.erb": "7939532279d7655896ce1a5942116ca7"
+}
\ No newline at end of file
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/examples/apache.pp b/modules/services/unix/http/apache_stretch_compatible/apache/examples/apache.pp
index 0d4543564..18ec55311 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/examples/apache.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/examples/apache.pp
@@ -1,6 +1,6 @@
-include apache
-include apache::mod::php
-include apache::mod::cgi
-include apache::mod::userdir
-include apache::mod::disk_cache
-include apache::mod::proxy_http
+include ::apache
+include ::apache::mod::php
+include ::apache::mod::cgi
+include ::apache::mod::userdir
+include ::apache::mod::disk_cache
+include ::apache::mod::proxy_http
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/examples/dev.pp b/modules/services/unix/http/apache_stretch_compatible/apache/examples/dev.pp
index 6c4f95571..5616e32ba 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/examples/dev.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/examples/dev.pp
@@ -1 +1 @@
-include apache::mod::dev
+include ::apache::mod::dev
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/examples/init.pp b/modules/services/unix/http/apache_stretch_compatible/apache/examples/init.pp
index b3f9f13aa..33911073b 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/examples/init.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/examples/init.pp
@@ -1 +1 @@
-include apache
+include ::apache
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/examples/mod_load_params.pp b/modules/services/unix/http/apache_stretch_compatible/apache/examples/mod_load_params.pp
index 879f2cfe5..fa43132b7 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/examples/mod_load_params.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/examples/mod_load_params.pp
@@ -1,7 +1,8 @@
 # Tests the path and identifier parameters for the apache::mod class
 
 # Base class for clarity:
-class { 'apache': }
+class { '::apache': }
+
 
 # Exaple parameter usage:
 apache::mod { 'testmod':
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/examples/mods.pp b/modules/services/unix/http/apache_stretch_compatible/apache/examples/mods.pp
index dd64e3b23..699638248 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/examples/mods.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/examples/mods.pp
@@ -3,6 +3,7 @@
 # Base class. Declares default vhost on port 80 and default ssl
 # vhost on port 443 listening on all interfaces and serving
 # $apache::docroot, and declaring our default set of modules.
-class { 'apache':
+class { '::apache':
   default_mods => true,
 }
+
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/examples/mods_custom.pp b/modules/services/unix/http/apache_stretch_compatible/apache/examples/mods_custom.pp
index 103e52a4f..4098c83aa 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/examples/mods_custom.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/examples/mods_custom.pp
@@ -3,7 +3,7 @@
 # Base class. Declares default vhost on port 80 and default ssl
 # vhost on port 443 listening on all interfaces and serving
 # $apache::docroot, and declaring a custom set of modules.
-class { 'apache':
+class { '::apache':
   default_mods => [
     'info',
     'alias',
@@ -13,3 +13,4 @@ class { 'apache':
     'expires',
   ],
 }
+
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/examples/php.pp b/modules/services/unix/http/apache_stretch_compatible/apache/examples/php.pp
index 1d926bfb4..ee187717e 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/examples/php.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/examples/php.pp
@@ -1,4 +1,4 @@
-class { 'apache':
+class { '::apache':
   mpm_module => 'prefork',
 }
-include apache::mod::php
+include ::apache::mod::php
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost.pp b/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost.pp
index c0813d160..440a56d4b 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost.pp
@@ -5,7 +5,7 @@
 # Base class. Declares default vhost on port 80 and default ssl
 # vhost on port 443 listening on all interfaces and serving
 # $apache::docroot
-class { 'apache': }
+class { '::apache': }
 
 # Most basic vhost
 apache::vhost { 'first.example.com':
@@ -141,6 +141,7 @@ apache::vhost { 'fifteenth.example.com':
   rack_base_uris => ['/rackapp1', '/rackapp2'],
 }
 
+
 # Vhost to redirect non-ssl to ssl
 apache::vhost { 'sixteenth.example.com non-ssl':
   servername => 'sixteenth.example.com',
@@ -228,17 +229,20 @@ apache::vhost { 'subdomain.loc':
   serveraliases   => ['*.loc',],
 }
 
-# Vhost with SSL (SSLProtocol, SSLCipherSuite & SSLHonorCipherOrder from default)
+# Vhost with SSLProtocol,SSLCipherSuite, SSLHonorCipherOrder
 apache::vhost { 'securedomain.com':
-  priority   => '10',
-  vhost_name => 'www.securedomain.com',
-  port       => '443',
-  docroot    => '/var/www/secure',
-  ssl        => true,
-  ssl_cert   => '/etc/ssl/securedomain.cert',
-  ssl_key    => '/etc/ssl/securedomain.key',
-  ssl_chain  => '/etc/ssl/securedomain.crt',
-  add_listen => false,
+        priority             => '10',
+        vhost_name           => 'www.securedomain.com',
+        port                 => '443',
+        docroot              => '/var/www/secure',
+        ssl                  => true,
+        ssl_cert             => '/etc/ssl/securedomain.cert',
+        ssl_key              => '/etc/ssl/securedomain.key',
+        ssl_chain            => '/etc/ssl/securedomain.crt',
+        ssl_protocol         => '-ALL +TLSv1',
+        ssl_cipher           => 'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM',
+        ssl_honorcipherorder => 'On',
+        add_listen           => false,
 }
 
 # Vhost with access log environment variables writing control
@@ -254,3 +258,4 @@ apache::vhost { 'twentysecond.example.com':
   docroot        => '/var/www/twentysecond',
   rack_base_uris => ['/passengerapp1', '/passengerapp2'],
 }
+
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_directories.pp b/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_directories.pp
index f02734d02..df5a2d52a 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_directories.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_directories.pp
@@ -1,7 +1,7 @@
 # Base class. Declares default vhost on port 80 and default ssl
 # vhost on port 443 listening on all interfaces and serving
 # $apache::docroot
-class { 'apache': }
+class { '::apache': }
 
 # Example from README adapted.
 apache::vhost { 'readme.example.net':
@@ -41,3 +41,4 @@ apache::vhost { 'files.example.net':
     },
   ],
 }
+
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_filter.pp b/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_filter.pp
index ef27639c9..1a66b856b 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_filter.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_filter.pp
@@ -1,5 +1,5 @@
 # Base class. Declares default vhost on port 80 with filters.
-class { 'apache': }
+class { '::apache': }
 
 # Example from README adapted.
 apache::vhost { 'readme.example.net':
@@ -14,3 +14,4 @@ apache::vhost { 'readme.example.net':
     'FilterProtocol  COMPRESS  DEFLATE change=yes;byteranges=no',
   ],
 }
+
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_ip_based.pp b/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_ip_based.pp
index dc0fa4f33..249c4199c 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_ip_based.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_ip_based.pp
@@ -3,7 +3,7 @@
 
 # Base class. Turn off the default vhosts; we will be declaring
 # all vhosts below.
-class { 'apache':
+class { '::apache':
   default_vhost => false,
 }
 
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_proxypass.pp b/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_proxypass.pp
index ca9c57dff..8edd0de9c 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_proxypass.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_proxypass.pp
@@ -5,7 +5,7 @@
 # Base class. Declares default vhost on port 80 and default ssl
 # vhost on port 443 listening on all interfaces and serving
 # $apache::docroot
-class { 'apache': }
+class { '::apache': }
 
 # Most basic vhost with proxy_pass
 apache::vhost { 'first.example.com':
@@ -30,7 +30,7 @@ apache::vhost { 'second.example.com':
       'params' => {
         'retry'   => '0',
         'timeout' => '5',
-      }
+        }
     },
   ],
 }
@@ -59,7 +59,7 @@ apache::vhost { 'fourth.example.com':
       'params'   => {
         'retry'   => '0',
         'timeout' => '5',
-      },
+        },
       'keywords' => ['noquery', 'interpolate']
     },
   ],
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_ssl.pp b/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_ssl.pp
index 8e7a2b279..53989ff1b 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_ssl.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhost_ssl.pp
@@ -3,7 +3,7 @@
 
 # Base class. Turn off the default vhosts; we will be declaring
 # all vhosts below.
-class { 'apache':
+class { '::apache':
   default_vhost => false,
 }
 
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhosts_without_listen.pp b/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhosts_without_listen.pp
index d42118bc2..0e97a0221 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhosts_without_listen.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/examples/vhosts_without_listen.pp
@@ -4,10 +4,11 @@
 
 # Base class. Turn off the default vhosts; we will be declaring
 # all vhosts below.
-class { 'apache':
+class { '::apache':
   default_vhost => false,
 }
 
+
 # Add two an IP-based vhost on 10.0.0.10, ssl and non-ssl
 apache::vhost { 'The first IP-based vhost, non-ssl':
   servername => 'first.example.com',
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/lib/facter/apache_version.rb b/modules/services/unix/http/apache_stretch_compatible/apache/lib/facter/apache_version.rb
index bb16670db..63e4e1c2b 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/lib/facter/apache_version.rb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/lib/facter/apache_version.rb
@@ -1,29 +1,13 @@
-# frozen_string_literal: true
-
 Facter.add(:apache_version) do
-  confine kernel: ['FreeBSD', 'Linux']
   setcode do
-    apache_version = nil
-
-    if Facter::Util::Resolution.which('httpd')
-      apache_version = Facter::Util::Resolution.exec('httpd -V 2>&1')
-      Facter.debug "Matching httpd '#{apache_version}'"
-    elsif Facter::Util::Resolution.which('apache2')
-      apache_version = Facter::Util::Resolution.exec('apache2 -V 2>&1')
-      Facter.debug "Matching apache2 '#{apache_version}'"
-    elsif Facter::Util::Resolution.which('apachectl')
+    if Facter::Util::Resolution.which('apachectl')
       apache_version = Facter::Util::Resolution.exec('apachectl -v 2>&1')
       Facter.debug "Matching apachectl '#{apache_version}'"
+      %r{^Server version: Apache\/(\d+.\d+(.\d+)?)}.match(apache_version)[1]
     elsif Facter::Util::Resolution.which('apache2ctl')
       apache_version = Facter::Util::Resolution.exec('apache2ctl -v 2>&1')
       Facter.debug "Matching apache2ctl '#{apache_version}'"
-    end
-
-    unless apache_version.nil?
-      match = %r{^Server version: Apache\/(\d+.\d+(.\d+)?)}.match(apache_version)
-      unless match.nil?
-        match[1]
-      end
+      %r{^Server version: Apache\/(\d+.\d+(.\d+)?)}.match(apache_version)[1]
     end
   end
 end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/parser/functions/bool2httpd.rb b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/parser/functions/bool2httpd.rb
new file mode 100644
index 000000000..5fb79f6f5
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/parser/functions/bool2httpd.rb
@@ -0,0 +1,30 @@
+Puppet::Parser::Functions::newfunction(:bool2httpd, :type => :rvalue, :doc => <<-EOS
+Transform a supposed boolean to On or Off. Pass all other values through.
+Given a nil value (undef), bool2httpd will return 'Off'
+
+Example:
+
+    $trace_enable     = false
+    $server_signature = 'mail'
+
+    bool2httpd($trace_enable)
+    # => 'Off'
+    bool2httpd($server_signature)
+    # => 'mail'
+    bool2httpd(undef)
+    # => 'Off'
+
+EOS
+) do |args|
+  raise(Puppet::ParseError, "bool2httpd() wrong number of arguments. Given: #{args.size} for 1)") if args.size != 1
+
+  arg = args[0]
+
+  if arg.nil? or arg == false or arg =~ /false/i or arg == :undef
+    return 'Off'
+  elsif arg == true or arg =~ /true/i
+    return 'On'
+  end
+
+  return arg.to_s
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/parser/functions/validate_apache_log_level.rb b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/parser/functions/validate_apache_log_level.rb
new file mode 100644
index 000000000..8a1ade0be
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/parser/functions/validate_apache_log_level.rb
@@ -0,0 +1,27 @@
+module Puppet::Parser::Functions
+  newfunction(:validate_apache_log_level, :doc => <<-'ENDHEREDOC') do |args|
+    Perform simple validation of a string against the list of known log
+    levels as per http://httpd.apache.org/docs/current/mod/core.html#loglevel
+        validate_apache_loglevel('info')
+
+    Modules maybe specified with their own levels like these:
+        validate_apache_loglevel('warn ssl:info')
+        validate_apache_loglevel('warn mod_ssl.c:info')
+        validate_apache_loglevel('warn ssl_module:info')
+
+    Expected to be used from the main or vhost.
+    
+    Might be used from directory too later as apaceh supports that
+
+    ENDHEREDOC
+    if (args.size != 1) then
+      raise Puppet::ParseError, ("validate_apache_loglevel(): wrong number of arguments (#{args.length}; must be 1)")
+    end
+
+    log_level = args[0]
+    msg = "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels."
+
+    raise Puppet::ParseError, (msg) unless log_level =~ Regexp.compile('(emerg|alert|crit|error|warn|notice|info|debug|trace[1-8])')
+
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod.rb b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod.rb
index 7406e01da..670aca3d0 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod.rb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod.rb
@@ -1,42 +1,33 @@
-# frozen_string_literal: true
-
-# a2mod.rb
 class Puppet::Provider::A2mod < Puppet::Provider
-  # Fetches the mod provider
   def self.prefetch(mods)
     instances.each do |prov|
-      mod = mods[prov.name]
-      if mod
+      if mod = mods[prov.name]
         mod.provider = prov
       end
     end
   end
 
-  # Clear's the property_hash
   def flush
     @property_hash.clear
   end
 
-  # Returns a copy of the property_hash
   def properties
     if @property_hash.empty?
-      @property_hash = query || { ensure: :absent }
+      @property_hash = query || {:ensure => :absent}
       @property_hash[:ensure] = :absent if @property_hash.empty?
     end
     @property_hash.dup
   end
 
-  # Returns the properties of the given mod if it exists.
   def query
     self.class.instances.each do |mod|
-      if mod.name == name || mod.name.downcase == name
+      if mod.name == self.name or mod.name.downcase == self.name
         return mod.properties
       end
     end
     nil
   end
 
-  # Return's if the ensure property is absent or not
   def exists?
     properties[:ensure] != :absent
   end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/a2mod.rb b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/a2mod.rb
index 3330fd5dc..e257a579e 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/a2mod.rb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/a2mod.rb
@@ -1,37 +1,35 @@
-# frozen_string_literal: true
-
 require 'puppet/provider/a2mod'
 
-Puppet::Type.type(:a2mod).provide(:a2mod, parent: Puppet::Provider::A2mod) do
-  desc 'Manage Apache 2 modules on Debian and Ubuntu'
+Puppet::Type.type(:a2mod).provide(:a2mod, :parent => Puppet::Provider::A2mod) do
+    desc "Manage Apache 2 modules on Debian and Ubuntu"
 
-  optional_commands encmd: 'a2enmod'
-  optional_commands discmd: 'a2dismod'
-  commands apache2ctl: 'apache2ctl'
+    optional_commands :encmd => "a2enmod"
+    optional_commands :discmd => "a2dismod"
+    commands :apache2ctl => "apache2ctl"
 
-  confine osfamily: :debian
-  defaultfor operatingsystem: [:debian, :ubuntu]
+    confine :osfamily => :debian
+    defaultfor :operatingsystem => [:debian, :ubuntu]
 
-  def self.instances
-    modules = apache2ctl('-M').lines.map { |line|
-      m = line.match(%r{(\w+)_module \(shared\)$})
-      m[1] if m
-    }.compact
+    def self.instances
+      modules = apache2ctl("-M").lines.collect { |line|
+        m = line.match(/(\w+)_module \(shared\)$/)
+        m[1] if m
+      }.compact
 
-    modules.map do |mod|
-      new(
-        name: mod,
-        ensure: :present,
-        provider: :a2mod,
-      )
+      modules.map do |mod|
+        new(
+          :name     => mod,
+          :ensure   => :present,
+          :provider => :a2mod
+        )
+      end
     end
-  end
 
-  def create
-    encmd resource[:name]
-  end
+    def create
+        encmd resource[:name]
+    end
 
-  def destroy
-    discmd resource[:name]
-  end
+    def destroy
+        discmd resource[:name]
+    end
 end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/gentoo.rb b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/gentoo.rb
index c53fbd5b6..07319dfdc 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/gentoo.rb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/gentoo.rb
@@ -1,11 +1,9 @@
-# frozen_string_literal: true
-
 require 'puppet/util/filetype'
-Puppet::Type.type(:a2mod).provide(:gentoo, parent: Puppet::Provider) do
-  desc 'Manage Apache 2 modules on Gentoo'
+Puppet::Type.type(:a2mod).provide(:gentoo, :parent => Puppet::Provider) do
+  desc "Manage Apache 2 modules on Gentoo"
 
-  confine operatingsystem: :gentoo
-  defaultfor operatingsystem: :gentoo
+  confine :operatingsystem => :gentoo
+  defaultfor :operatingsystem => :gentoo
 
   attr_accessor :property_hash
 
@@ -14,7 +12,7 @@ Puppet::Type.type(:a2mod).provide(:gentoo, parent: Puppet::Provider) do
   end
 
   def exists?
-    (!@property_hash[:ensure].nil? && @property_hash[:ensure] == :present)
+    (!(@property_hash[:ensure].nil?) and @property_hash[:ensure] == :present)
   end
 
   def destroy
@@ -32,32 +30,34 @@ Puppet::Type.type(:a2mod).provide(:gentoo, parent: Puppet::Provider) do
   def self.clear
     @mod_resources = []
     @modules       = []
-    @other_args    = ''
+    @other_args    = ""
   end
 
   def self.initvars
-    @conf_file     = '/etc/conf.d/apache2'
+    @conf_file     = "/etc/conf.d/apache2"
     @filetype      = Puppet::Util::FileType.filetype(:flat).new(conf_file)
     @mod_resources = []
     @modules       = []
-    @other_args    = ''
+    @other_args    = ""
   end
 
-  initvars
+  self.initvars
 
   # Retrieve an array of all existing modules
   def self.modules
     if @modules.length <= 0
       # Locate the APACHE_OPTS variable
-      records = filetype.read.split(%r{\n})
-      apache2_opts = records.grep(%r{^\s*APACHE2_OPTS=}).first
+      records = filetype.read.split(/\n/)
+      apache2_opts = records.grep(/^\s*APACHE2_OPTS=/).first
 
       # Extract all defines
-      @modules << Regexp.last_match(1).downcase while apache2_opts.sub!(%r{-D\s+(\w+)}, '')
+      while apache2_opts.sub!(/-D\s+(\w+)/, '')
+        @modules << $1.downcase
+      end
 
       # Hang on to any remaining options.
-      if apache2_opts =~ %r{APACHE2_OPTS="(.+)"}
-        @other_args = Regexp.last_match(1).strip
+      if apache2_opts.match(/APACHE2_OPTS="(.+)"/)
+        @other_args = $1.strip
       end
 
       @modules.sort!.uniq!
@@ -66,51 +66,51 @@ Puppet::Type.type(:a2mod).provide(:gentoo, parent: Puppet::Provider) do
     @modules
   end
 
-  def self.prefetch(resources = {})
+  def self.prefetch(resources={})
     # Match resources with existing providers
     instances.each do |provider|
-      resource = resources[provider.name]
-      if resource
+      if resource = resources[provider.name]
         resource.provider = provider
       end
     end
 
     # Store all resources using this provider for flushing
-    resources.each do |_name, resource|
+    resources.each do |name, resource|
       @mod_resources << resource
     end
   end
 
   def self.instances
-    modules.map { |mod| new(name: mod, provider: :gentoo, ensure: :present) }
+    modules.map {|mod| new(:name => mod, :provider => :gentoo, :ensure => :present)}
   end
 
   def self.flush
+
     mod_list       = modules
-    mods_to_remove = @mod_resources.select { |mod| mod.should(:ensure) == :absent }.map { |mod| mod[:name] }
-    mods_to_add    = @mod_resources.select { |mod| mod.should(:ensure) == :present }.map { |mod| mod[:name] }
+    mods_to_remove = @mod_resources.select {|mod| mod.should(:ensure) == :absent}.map {|mod| mod[:name]}
+    mods_to_add    = @mod_resources.select {|mod| mod.should(:ensure) == :present}.map {|mod| mod[:name]}
 
     mod_list -= mods_to_remove
     mod_list += mods_to_add
     mod_list.sort!.uniq!
 
-    return unless modules != mod_list
+    if modules != mod_list
+      opts = @other_args + " "
+      opts << mod_list.map {|mod| "-D #{mod.upcase}"}.join(" ")
+      opts.strip!
+      opts.gsub!(/\s+/, ' ')
 
-    opts = @other_args + ' '
-    opts << mod_list.map { |mod| "-D #{mod.upcase}" }.join(' ')
-    opts.strip!
-    opts.gsub!(%r{\s+}, ' ')
+      apache2_opts = %Q{APACHE2_OPTS="#{opts}"}
+      Puppet.debug("Writing back \"#{apache2_opts}\" to #{conf_file}")
 
-    apache2_opts = %(APACHE2_OPTS="#{opts}")
-    Puppet.debug("Writing back \"#{apache2_opts}\" to #{conf_file}")
+      records = filetype.read.split(/\n/)
 
-    records = filetype.read.split(%r{\n})
+      opts_index = records.find_index {|i| i.match(/^\s*APACHE2_OPTS/)}
+      records[opts_index] = apache2_opts
 
-    opts_index = records.find_index { |i| i.match(%r{^\s*APACHE2_OPTS}) }
-    records[opts_index] = apache2_opts
-
-    filetype.backup
-    filetype.write(records.join("\n"))
-    @modules = mod_list
+      filetype.backup
+      filetype.write(records.join("\n"))
+      @modules = mod_list
+    end
   end
 end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/modfix.rb b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/modfix.rb
index 755c927e4..8f35b2e4a 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/modfix.rb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/modfix.rb
@@ -1,13 +1,12 @@
-# frozen_string_literal: true
-
 Puppet::Type.type(:a2mod).provide :modfix do
-  desc "Dummy provider for A2mod.
-  Fake nil resources when there is no crontab binary available. Allows
-  puppetd to run on a bootstrapped machine before a Cron package has been
-  installed. Workaround for: http://projects.puppetlabs.com/issues/2384
-  "
+    desc "Dummy provider for A2mod.
 
-  def self.instances
-    []
-  end
-end
+    Fake nil resources when there is no crontab binary available. Allows
+    puppetd to run on a bootstrapped machine before a Cron package has been
+    installed. Workaround for: http://projects.puppetlabs.com/issues/2384
+    "
+
+    def self.instances
+        []
+    end
+end
\ No newline at end of file
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/redhat.rb b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/redhat.rb
index 149a7b909..ea5494cb4 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/redhat.rb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/provider/a2mod/redhat.rb
@@ -1,14 +1,12 @@
-# frozen_string_literal: true
-
 require 'puppet/provider/a2mod'
 
-Puppet::Type.type(:a2mod).provide(:redhat, parent: Puppet::Provider::A2mod) do
-  desc 'Manage Apache 2 modules on RedHat family OSs'
+Puppet::Type.type(:a2mod).provide(:redhat, :parent => Puppet::Provider::A2mod) do
+  desc "Manage Apache 2 modules on RedHat family OSs"
 
-  commands apachectl: 'apachectl'
+  commands :apachectl => "apachectl"
 
-  confine osfamily: :redhat
-  defaultfor osfamily: :redhat
+  confine :osfamily => :redhat
+  defaultfor :osfamily => :redhat
 
   require 'pathname'
 
@@ -20,14 +18,14 @@ Puppet::Type.type(:a2mod).provide(:redhat, parent: Puppet::Provider::A2mod) do
   class << self
     attr_accessor :modpath
     def preinit
-      @modpath = '/etc/httpd/mod.d'
+      @modpath = "/etc/httpd/mod.d"
     end
   end
 
-  preinit
+  self.preinit
 
   def create
-    File.open(modfile, 'w') do |f|
+    File.open(modfile,'w') do |f|
       f.puts "LoadModule #{resource[:identifier]} #{libfile}"
     end
   end
@@ -37,26 +35,26 @@ Puppet::Type.type(:a2mod).provide(:redhat, parent: Puppet::Provider::A2mod) do
   end
 
   def self.instances
-    modules = apachectl('-M').lines.map { |line|
-      m = line.match(%r{(\w+)_module \(shared\)$})
+    modules = apachectl("-M").lines.collect { |line|
+      m = line.match(/(\w+)_module \(shared\)$/)
       m[1] if m
     }.compact
 
     modules.map do |mod|
       new(
-        name: mod,
-        ensure: :present,
-        provider: :redhat,
+        :name     => mod,
+        :ensure   => :present,
+        :provider => :redhat
       )
     end
   end
 
   def modfile
-    "#{self.class.modpath}/#{resource[:name]}.load"
+    modfile ||= "#{self.class.modpath}/#{resource[:name]}.load"
   end
 
   # Set libfile path: If absolute path is passed, then maintain it. Else, make it default from 'modules' dir.
   def libfile
-    Pathname.new(resource[:lib]).absolute? ? resource[:lib] : "modules/#{resource[:lib]}"
+    libfile = Pathname.new(resource[:lib]).absolute? ? resource[:lib] : "modules/#{resource[:lib]}"
   end
 end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/type/a2mod.rb b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/type/a2mod.rb
index da04d7f4d..07a911e5e 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/type/a2mod.rb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/lib/puppet/type/a2mod.rb
@@ -1,30 +1,30 @@
-# frozen_string_literal: true
-
 Puppet::Type.newtype(:a2mod) do
-  @doc = 'Manage Apache 2 modules'
+    @doc = "Manage Apache 2 modules"
 
-  ensurable
+    ensurable
 
-  newparam(:name) do
-    Puppet.warning 'The a2mod provider is deprecated, please use apache::mod instead'
-    desc 'The name of the module to be managed'
+    newparam(:name) do
+       Puppet.warning "The a2mod provider is deprecated, please use apache::mod instead"
+       desc "The name of the module to be managed"
 
-    isnamevar
-  end
+       isnamevar
 
-  newparam(:lib) do
-    desc 'The name of the .so library to be loaded'
+    end
 
-    defaultto { "mod_#{@resource[:name]}.so" }
-  end
+    newparam(:lib) do
+      desc "The name of the .so library to be loaded"
 
-  newparam(:identifier) do
-    desc 'Module identifier string used by LoadModule. Default: module-name_module'
+      defaultto { "mod_#{@resource[:name]}.so" }
+    end
+ 
+    newparam(:identifier) do
+      desc "Module identifier string used by LoadModule. Default: module-name_module"
 
-    # http://httpd.apache.org/docs/2.2/mod/module-dict.html#ModuleIdentifier
+      # http://httpd.apache.org/docs/2.2/mod/module-dict.html#ModuleIdentifier
 
-    defaultto { "#{resource[:name]}_module" }
-  end
+      defaultto { "#{resource[:name]}_module" }
+    end
+
+    autorequire(:package) { catalog.resource(:package, 'httpd')}
 
-  autorequire(:package) { catalog.resource(:package, 'httpd') }
 end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/locales/config.yaml b/modules/services/unix/http/apache_stretch_compatible/apache/locales/config.yaml
new file mode 100644
index 000000000..0ec10ba97
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/locales/config.yaml
@@ -0,0 +1,25 @@
+---
+# This is the project-specific configuration file for setting up
+# fast_gettext for your project.
+gettext:
+  # This is used for the name of the .pot and .po files; they will be
+  # called <project_name>.pot?
+  project_name: puppetlabs-apache
+  # This is used in comments in the .pot and .po files to indicate what
+  # project the files belong to and should bea little more desctiptive than
+  # <project_name>
+  package_name: puppetlabs-apache
+  # The locale that the default messages in the .pot file are in
+  default_locale: en
+  # The email used for sending bug reports.
+  bugs_address: docs@puppet.com
+  # The holder of the copyright.
+  copyright_holder: Puppet, Inc.
+  # This determines which comments in code should be eligible for translation.
+  # Any comments that start with this string will be externalized. (Leave
+  # empty to include all.)
+  comments_tag: TRANSLATOR
+  # Patterns for +Dir.glob+ used to find all files that might contain
+  # translatable content, relative to the project root directory
+  source_files:
+  
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/locales/puppetlabs-apache.pot b/modules/services/unix/http/apache_stretch_compatible/apache/locales/puppetlabs-apache.pot
new file mode 100644
index 000000000..7602dd885
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/locales/puppetlabs-apache.pot
@@ -0,0 +1,25 @@
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2017-03-21 14:19+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Translate Toolkit 2.0.0\n"
+
+#. metadata.json
+#: .summary
+msgid ""
+"Installs, configures, and manages Apache virtual hosts, web services, and "
+"modules."
+msgstr ""
+
+#. metadata.json
+#: .description
+msgid "Module for Apache configuration"
+msgstr ""
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/balancer.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/balancer.pp
index 6740a73c2..41db8a8dc 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/balancer.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/balancer.pp
@@ -1,89 +1,80 @@
-# @summary
-#   This type will create an apache balancer cluster file inside the conf.d
-#   directory. 
+# == Define Resource Type: apache::balancer
 #
-# Each balancer cluster needs one or more balancer members (that can
+# This type will create an apache balancer cluster file inside the conf.d
+# directory. Each balancer cluster needs one or more balancer members (that can
 # be declared with the apache::balancermember defined resource type). Using
 # storeconfigs, you can export the apache::balancermember resources on all
 # balancer members, and then collect them on a single apache load balancer
 # server.
 #
-# @note 
-#   Currently requires the puppetlabs/concat module on the Puppet Forge and uses
-#   storeconfigs on the Puppet Server to export/collect resources from all
-#   balancer members.
+# === Requirement/Dependencies:
 #
-# @param name
-#   The namevar of the defined resource type is the balancer clusters name.<br />
-#   This name is also used in the name of the conf.d file
+# Currently requires the puppetlabs/concat module on the Puppet Forge and uses
+# storeconfigs on the Puppet Master to export/collect resources from all
+# balancer members.
 #
-# @param proxy_set
-#   Configures key-value pairs to be used as a ProxySet lines in the configuration.
+# === Parameters
 #
-# @param target
-#   The path to the file the balancer definition will be written in.
+# [*name*]
+# The namevar of the defined resource type is the balancer clusters name.
+# This name is also used in the name of the conf.d file
 #
-# @param collect_exported
-#   Determines whether to use exported resources.<br />
-#   If you statically declare all of your backend servers, set this parameter to false to rely 
-#   on existing, declared balancer member resources. Also, use apache::balancermember with array 
-#   arguments.<br />
-#   To dynamically declare backend servers via exported resources collected on a central node, 
-#   set this parameter to true to collect the balancer member resources exported by the balancer 
-#   member nodes.<br />
-#   If you don't use exported resources, a single Puppet run configures all balancer members. If 
-#   you use exported resources, Puppet has to run on the balanced nodes first, then run on the 
-#   balancer.
+# [*proxy_set*]
+# Hash, default empty. If given, each key-value pair will be used as a ProxySet
+# line in the configuration.
 #
-# @param options
-#   Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) 
-#   after the balancer URL, and accepts any key-value pairs available to `ProxyPass`.
+# [*target*]
+# String, default undef. If given, path to the file the balancer definition will
+# be written.
 #
-# @example
-#   apache::balancer { 'puppet00': }
+# [*collect_exported*]
+# Boolean, default 'true'. True means 'collect exported @@balancermember
+# resources' (for the case when every balancermember node exports itself),
+# false means 'rely on the existing declared balancermember resources' (for the
+# case when you know the full set of balancermembers in advance and use
+# apache::balancermember with array arguments, which allows you to deploy
+# everything in 1 run)
+#
+#
+# === Examples
+#
+# Exporting the resource for a balancer member:
+#
+# apache::balancer { 'puppet00': }
 #
 define apache::balancer (
   $proxy_set = {},
   $collect_exported = true,
   $target = undef,
-  $options = [],
 ) {
-  include apache::mod::proxy_balancer
+  include ::apache::mod::proxy_balancer
 
   if versioncmp($apache::mod::proxy_balancer::apache_version, '2.4') >= 0 {
     $lbmethod = $proxy_set['lbmethod'] ? {
       undef   => 'byrequests',
       default => $proxy_set['lbmethod'],
     }
-    ensure_resource('apache::mod', "lbmethod_${lbmethod}", {
-        'loadfile_name' => "proxy_balancer_lbmethod_${lbmethod}.load"
-    })
+    ensure_resource('apache::mod', "lbmethod_${lbmethod}")
   }
 
   if $target {
     $_target = $target
   } else {
-    $_target = "${apache::confd_dir}/balancer_${name}.conf"
-  }
-
-  if !empty($options) {
-    $_options = " ${join($options, ' ')}"
-  } else {
-    $_options = ''
+    $_target = "${::apache::confd_dir}/balancer_${name}.conf"
   }
 
   concat { "apache_balancer_${name}":
     owner  => '0',
     group  => '0',
     path   => $_target,
-    mode   => $apache::file_mode,
+    mode   => $::apache::file_mode,
     notify => Class['Apache::Service'],
   }
 
   concat::fragment { "00-${name}-header":
     target  => "apache_balancer_${name}",
     order   => '01',
-    content => "<Proxy balancer://${name}${_options}>\n",
+    content => "<Proxy balancer://${name}>\n",
   }
 
   if $collect_exported {
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/balancermember.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/balancermember.pp
index 3fa54960d..6e8b29f13 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/balancermember.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/balancermember.pp
@@ -1,48 +1,50 @@
-# @summary
-#   Defines members of `mod_proxy_balancer`
-# 
-# Sets up a balancer member inside a listening service configuration block in 
-# the load balancer's `apache.cfg`.
-#   
+# == Define Resource Type: apache::balancermember
+#
 # This type will setup a balancer member inside a listening service
 # configuration block in /etc/apache/apache.cfg on the load balancer.
-# Currently it only has the ability to specify the instance name, url and an
+# currently it only has the ability to specify the instance name, url and an
 # array of options. More features can be added as needed. The best way to
 # implement this is to export this resource for all apache balancer member
 # servers, and then collect them on the main apache load balancer.
 #
-# @note
-#   Currently requires the puppetlabs/concat module on the Puppet Forge and
-#   uses storeconfigs on the Puppet Server to export/collect resources
-#   from all balancer members.
+# === Requirement/Dependencies:
 #
-# @param name
-#   The title of the resource is arbitrary and only utilized in the concat
-#   fragment name.
+# Currently requires the puppetlabs/concat module on the Puppet Forge and
+# uses storeconfigs on the Puppet Master to export/collect resources
+# from all balancer members.
 #
-# @param balancer_cluster
-#   The apache service's instance name (or, the title of the apache::balancer
-#   resource). This must match up with a declared apache::balancer resource.
+# === Parameters
 #
-# @param url
-#   The url used to contact the balancer member server.
+# [*name*]
+# The title of the resource is arbitrary and only utilized in the concat
+# fragment name.
 #
-# @param  options
-#   Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) 
-#   after the URL, and accepts any key-value pairs available to `ProxyPass`.
+# [*balancer_cluster*]
+# The apache service's instance name (or, the title of the apache::balancer
+# resource). This must match up with a declared apache::balancer resource.
 #
-# @example
-#   @@apache::balancermember { 'apache':
-#     balancer_cluster => 'puppet00',
-#     url              => "ajp://${::fqdn}:8009"
-#     options          => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
-#   }
+# [*url*]
+# The url used to contact the balancer member server.
 #
-define apache::balancermember (
+# [*options*]
+# An array of options to be specified after the url.
+#
+# === Examples
+#
+# Exporting the resource for a balancer member:
+#
+# @@apache::balancermember { 'apache':
+#   balancer_cluster => 'puppet00',
+#   url              => "ajp://${::fqdn}:8009"
+#   options          => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
+# }
+#
+define apache::balancermember(
   $balancer_cluster,
   $url = "http://${::fqdn}/",
   $options = [],
 ) {
+
   concat::fragment { "BalancerMember ${name}":
     target  => "apache_balancer_${balancer_cluster}",
     content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"),
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/confd/no_accf.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/confd/no_accf.pp
index 024a088a9..f35c0c8b9 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/confd/no_accf.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/confd/no_accf.pp
@@ -1,14 +1,10 @@
-# @summary
-#   Manages the `no-accf.conf` file.
-#
-# @api private
 class apache::confd::no_accf {
   # Template uses no variables
   file { 'no-accf.conf':
     ensure  => 'file',
-    path    => "${apache::confd_dir}/no-accf.conf",
+    path    => "${::apache::confd_dir}/no-accf.conf",
     content => template('apache/confd/no-accf.conf.erb'),
-    require => Exec["mkdir ${apache::confd_dir}"],
-    before  => File[$apache::confd_dir],
+    require => Exec["mkdir ${::apache::confd_dir}"],
+    before  => File[$::apache::confd_dir],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/custom_config.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/custom_config.pp
index 52b94b489..6bffa05c7 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/custom_config.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/custom_config.pp
@@ -1,67 +1,15 @@
-# @summary
-#   Adds a custom configuration file to the Apache server's `conf.d` directory. 
-#
-# If the file is invalid and this defined type's `verify_config` parameter's value is 
-# `true`, Puppet throws an error during a Puppet run.
-#
-# @param ensure
-#   Specifies whether the configuration file should be present.
-#
-# @param confdir
-#   Sets the directory in which Puppet places configuration files.
-#
-# @param content
-#   Sets the configuration file's content. The `content` and `source` parameters are exclusive 
-#   of each other.
-#
-# @param filename
-#   Sets the name of the file under `confdir` in which Puppet stores the configuration.
-#
-# @param priority
-#   Sets the configuration file's priority by prefixing its filename with this parameter's 
-#   numeric value, as Apache processes configuration files in alphanumeric order.<br />
-#   To omit the priority prefix in the configuration file's name, set this parameter to `false`.
-#
-# @param source
-#   Points to the configuration file's source. The `content` and `source` parameters are 
-#   exclusive of each other.
-#
-# @param verify_command
-#   Specifies the command Puppet uses to verify the configuration file. Use a fully qualified 
-#   command.<br />
-#   This parameter is used only if the `verify_config` parameter's value is `true`. If the 
-#   `verify_command` fails, the Puppet run deletes the configuration file and raises an error, 
-#   but does not notify the Apache service.
-#
-# @param verify_config
-#   Specifies whether to validate the configuration file before notifying the Apache service.
-#
-# @param owner
-#   File owner of configuration file
-#
-# @param group
-#   File group of configuration file
-#
-# @param file_mode
-#   File mode of configuration file
-#
-# @param show_diff
-#   show_diff property for configuration file resource
-#
+# See README.md for usage information
 define apache::custom_config (
   Enum['absent', 'present'] $ensure = 'present',
-  $confdir                          = $apache::confd_dir,
+  $confdir                          = $::apache::confd_dir,
   $content                          = undef,
   $priority                         = '25',
   $source                           = undef,
-  $verify_command                   = $apache::params::verify_command,
+  $verify_command                   = $::apache::params::verify_command,
   Boolean $verify_config            = true,
   $filename                         = undef,
-  $owner                            = undef,
-  $group                            = undef,
-  $file_mode                        = undef,
-  Boolean $show_diff                = true,
 ) {
+
   if $content and $source {
     fail('Only one of $content and $source can be specified.')
   }
@@ -90,19 +38,13 @@ define apache::custom_config (
     $notifies = undef
   }
 
-  $_file_mode = pick($file_mode, $apache::file_mode)
-
   file { "apache_${name}":
-    ensure    => $ensure,
-    path      => "${confdir}/${_filename}",
-    owner     => $owner,
-    group     => $group,
-    mode      => $_file_mode,
-    content   => $content,
-    source    => $source,
-    show_diff => $show_diff,
-    require   => Package['httpd'],
-    notify    => $notifies,
+    ensure  => $ensure,
+    path    => "${confdir}/${_filename}",
+    content => $content,
+    source  => $source,
+    require => Package['httpd'],
+    notify  => $notifies,
   }
 
   if $ensure == 'present' and $verify_config {
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/default_confd_files.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/default_confd_files.pp
index ecf543eed..c06b30c83 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/default_confd_files.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/default_confd_files.pp
@@ -1,7 +1,3 @@
-# @summary
-#   Helper for setting up default conf.d files.
-#
-# @api private
 class apache::default_confd_files (
   $all = true,
 ) {
@@ -9,7 +5,7 @@ class apache::default_confd_files (
   if $all {
     case $::osfamily {
       'freebsd': {
-        include apache::confd::no_accf
+        include ::apache::confd::no_accf
       }
       default: {
         # do nothing
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/default_mods.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/default_mods.pp
index 255c9239f..879df595c 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/default_mods.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/default_mods.pp
@@ -1,12 +1,8 @@
-# @summary
-#   Installs and congfigures default mods for Apache
-#
-# @api private
 class apache::default_mods (
   $all            = true,
   $mods           = undef,
-  $apache_version = $apache::apache_version,
-  $use_systemd    = $apache::use_systemd,
+  $apache_version = $::apache::apache_version,
+  $use_systemd    = $::apache::use_systemd,
 ) {
   # These are modules required to run the default configuration.
   # They are not configurable at this time, so we just include
@@ -17,14 +13,11 @@ class apache::default_mods (
       if versioncmp($apache_version, '2.4') >= 0 {
         # Lets fork it
         # Do not try to load mod_systemd on RHEL/CentOS 6 SCL.
-        if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemmajrelease, '7') == -1) and !($::operatingsystem == 'Amazon') ) {
+        if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon') ) {
           if ($use_systemd) {
             ::apache::mod { 'systemd': }
           }
         }
-        if ($::operatingsystem == 'Amazon' and $::operatingsystemrelease == '2') {
-          ::apache::mod { 'systemd': }
-        }
         ::apache::mod { 'unixd': }
       }
     }
@@ -47,24 +40,24 @@ class apache::default_mods (
   if $all {
     case $::osfamily {
       'debian': {
-        include apache::mod::authn_core
-        include apache::mod::reqtimeout
+        include ::apache::mod::authn_core
+        include ::apache::mod::reqtimeout
         if versioncmp($apache_version, '2.4') < 0 {
           ::apache::mod { 'authn_alias': }
         }
       }
       'redhat': {
-        include apache::mod::actions
-        include apache::mod::authn_core
-        include apache::mod::cache
-        include apache::mod::ext_filter
-        include apache::mod::mime
-        include apache::mod::mime_magic
-        include apache::mod::rewrite
-        include apache::mod::speling
-        include apache::mod::suexec
-        include apache::mod::version
-        include apache::mod::vhost_alias
+        include ::apache::mod::actions
+        include ::apache::mod::authn_core
+        include ::apache::mod::cache
+        include ::apache::mod::ext_filter
+        include ::apache::mod::mime
+        include ::apache::mod::mime_magic
+        include ::apache::mod::rewrite
+        include ::apache::mod::speling
+        include ::apache::mod::suexec
+        include ::apache::mod::version
+        include ::apache::mod::vhost_alias
         ::apache::mod { 'auth_digest': }
         ::apache::mod { 'authn_anon': }
         ::apache::mod { 'authn_dbm': }
@@ -82,20 +75,20 @@ class apache::default_mods (
         }
       }
       'freebsd': {
-        include apache::mod::actions
-        include apache::mod::authn_core
-        include apache::mod::cache
-        include apache::mod::disk_cache
-        include apache::mod::headers
-        include apache::mod::info
-        include apache::mod::mime_magic
-        include apache::mod::reqtimeout
-        include apache::mod::rewrite
-        include apache::mod::userdir
-        include apache::mod::version
-        include apache::mod::vhost_alias
-        include apache::mod::speling
-        include apache::mod::filter
+        include ::apache::mod::actions
+        include ::apache::mod::authn_core
+        include ::apache::mod::cache
+        include ::apache::mod::disk_cache
+        include ::apache::mod::headers
+        include ::apache::mod::info
+        include ::apache::mod::mime_magic
+        include ::apache::mod::reqtimeout
+        include ::apache::mod::rewrite
+        include ::apache::mod::userdir
+        include ::apache::mod::version
+        include ::apache::mod::vhost_alias
+        include ::apache::mod::speling
+        include ::apache::mod::filter
 
         ::apache::mod { 'asis': }
         ::apache::mod { 'auth_digest': }
@@ -109,7 +102,7 @@ class apache::default_mods (
         ::apache::mod { 'dumpio': }
         ::apache::mod { 'expires': }
         ::apache::mod { 'file_cache': }
-        ::apache::mod { 'imagemap': }
+        ::apache::mod { 'imagemap':}
         ::apache::mod { 'include': }
         ::apache::mod { 'logio': }
         ::apache::mod { 'request': }
@@ -118,32 +111,32 @@ class apache::default_mods (
       }
       default: {}
     }
-    case $apache::mpm_module {
+    case $::apache::mpm_module {
       'prefork': {
-        include apache::mod::cgi
+        include ::apache::mod::cgi
       }
       'worker': {
-        include apache::mod::cgid
+        include ::apache::mod::cgid
       }
       default: {
         # do nothing
       }
     }
-    include apache::mod::alias
-    include apache::mod::authn_file
-    include apache::mod::autoindex
-    include apache::mod::dav
-    include apache::mod::dav_fs
-    include apache::mod::deflate
-    include apache::mod::dir
-    include apache::mod::mime
-    include apache::mod::negotiation
-    include apache::mod::setenvif
+    include ::apache::mod::alias
+    include ::apache::mod::authn_file
+    include ::apache::mod::autoindex
+    include ::apache::mod::dav
+    include ::apache::mod::dav_fs
+    include ::apache::mod::deflate
+    include ::apache::mod::dir
+    include ::apache::mod::mime
+    include ::apache::mod::negotiation
+    include ::apache::mod::setenvif
     ::apache::mod { 'auth_basic': }
 
     if versioncmp($apache_version, '2.4') >= 0 {
       # filter is needed by mod_deflate
-      include apache::mod::filter
+      include ::apache::mod::filter
 
       # authz_core is needed for 'Require' directive
       ::apache::mod { 'authz_core':
@@ -153,13 +146,13 @@ class apache::default_mods (
       # lots of stuff seems to break without access_compat
       ::apache::mod { 'access_compat': }
     } else {
-      include apache::mod::authz_default
+      include ::apache::mod::authz_default
     }
 
-    include apache::mod::authz_user
+    include ::apache::mod::authz_user
 
     ::apache::mod { 'authz_groupfile': }
-    include apache::mod::env
+    include ::apache::mod::env
   } elsif $mods {
     ::apache::default_mods::load { $mods: }
 
@@ -170,7 +163,7 @@ class apache::default_mods (
       }
 
       # filter is needed by mod_deflate
-      include apache::mod::filter
+      include ::apache::mod::filter
     }
   } else {
     if versioncmp($apache_version, '2.4') >= 0 {
@@ -180,7 +173,7 @@ class apache::default_mods (
       }
 
       # filter is needed by mod_deflate
-      include apache::mod::filter
+      include ::apache::mod::filter
     }
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/default_mods/load.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/default_mods/load.pp
index fc44ebcb3..356e9fa00 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/default_mods/load.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/default_mods/load.pp
@@ -1,7 +1,4 @@
-# @summary
-#   Helper used by `apache::default_mods`
-#
-# @api private
+# private define
 define apache::default_mods::load ($module = $title) {
   if defined("apache::mod::${module}") {
     include "::apache::mod::${module}"
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/dev.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/dev.pp
index 106541032..d4a25a7e4 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/dev.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/dev.pp
@@ -1,18 +1,10 @@
-# @summary
-#   Installs Apache development libraries.
-#
-# The libraries installed depends on the `dev_packages` parameter of the `apache::params` 
-# class, based on your operating system:
-# - **Debian** : `libaprutil1-dev`, `libapr1-dev`; `apache2-dev`
-# - **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`.
-# - **Gentoo**: `undef`.
-# - **Red Hat**: `httpd-devel`.
 class apache::dev {
+
   if ! defined(Class['apache']) {
     fail('You must include the apache base class before using any apache defined resources')
   }
 
-  $packages = $apache::dev_packages
+  $packages = $::apache::dev_packages
   if $packages { # FreeBSD doesn't have dev packages to install
     package { $packages:
       ensure  => present,
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/fastcgi/server.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/fastcgi/server.pp
index 2e372b1a1..78363062b 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/fastcgi/server.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/fastcgi/server.pp
@@ -1,33 +1,3 @@
-# @summary
-#   Defines one or more external FastCGI servers to handle specific file types. Use this 
-#   defined type with `mod_fastcgi`.
-#
-# @param host
-#   Determines the FastCGI's hostname or IP address and TCP port number (1-65535).
-#
-# @param timeout
-#   Sets the number of seconds a [FastCGI](http://www.fastcgi.com/) application can be inactive before aborting the 
-#   request and logging the event at the error LogLevel. The inactivity timer applies only as 
-#   long as a connection is pending with the FastCGI application. If a request is queued to an 
-#   application, but the application doesn't respond by writing and flushing within this period, 
-#   the request is aborted. If communication is complete with the application but incomplete with 
-#   the client (the response is buffered), the timeout does not apply.
-#
-# @param flush
-#   Forces `mod_fastcgi` to write to the client as data is received from the 
-#   application. By default, `mod_fastcgi` buffers data in order to free the application 
-#   as quickly as possible.
-#
-# @param faux_path
-#   Apache has FastCGI handle URIs that resolve to this filename. The path set in this 
-#   parameter does not have to exist in the local filesystem.
-#
-# @param fcgi_alias
-#   Internally links actions with the FastCGI server. This alias must be unique.
-#
-# @param file_type
-#   Sets the MIME `content-type` of the file to be processed by the FastCGI server.
-#
 define apache::fastcgi::server (
   $host          = '127.0.0.1:9000',
   $timeout       = 15,
@@ -37,23 +7,23 @@ define apache::fastcgi::server (
   $file_type     = 'application/x-httpd-php',
   $pass_header   = undef,
 ) {
-  include apache::mod::fastcgi
+  include ::apache::mod::fastcgi
 
   Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server[$title]
 
-  if $host =~ Stdlib::Absolutepath {
+  if is_absolute_path($host) {
     $socket = $host
   }
 
   file { "fastcgi-pool-${name}.conf":
-    ensure  => file,
-    path    => "${apache::confd_dir}/fastcgi-pool-${name}.conf",
+    ensure  => present,
+    path    => "${::apache::confd_dir}/fastcgi-pool-${name}.conf",
     owner   => 'root',
-    group   => $apache::params::root_group,
-    mode    => $apache::file_mode,
+    group   => $::apache::params::root_group,
+    mode    => $::apache::file_mode,
     content => template('apache/fastcgi/server.erb'),
-    require => Exec["mkdir ${apache::confd_dir}"],
-    before  => File[$apache::confd_dir],
+    require => Exec["mkdir ${::apache::confd_dir}"],
+    before  => File[$::apache::confd_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/init.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/init.pp
index 26ded53a7..1a6e6665d 100755
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/init.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/init.pp
@@ -1,573 +1,116 @@
-# @summary
-#   Guides the basic setup and installation of Apache on your system.
+# Class: apache
 #
-# When this class is declared with the default options, Puppet:
-# - Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system.
-# - Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system.
-# - Configures the server with a default virtual host and standard port (`80`) and address (`\*`) bindings.
-# - Creates a document root directory determined by your operating system, typically `/var/www`.
-# - Starts the Apache service.
+# This class installs Apache
 #
-# @example
-#   class { 'apache': }
+# Parameters:
 #
-# @param allow_encoded_slashes
-#   Sets the server default for the `AllowEncodedSlashes` declaration, which modifies the 
-#   responses to URLs containing '\' and '/' characters. If not specified, this parameter omits 
-#   the declaration from the server's configuration and uses Apache's default setting of 'off'.
+# Actions:
+#   - Install Apache
+#   - Manage Apache service
 #
-# @param apache_version
-#   Configures module template behavior, package names, and default Apache modules by defining 
-#   the version of Apache to use. We do not recommend manually configuring this parameter 
-#   without reason.
+# Requires:
 #
-# @param conf_dir
-#   Sets the directory where the Apache server's main configuration file is located.
+# Sample Usage:
 #
-# @param conf_template
-#   Defines the template used for the main Apache configuration file. Modifying this 
-#   parameter is potentially risky, as the apache module is designed to use a minimal 
-#   configuration file customized by `conf.d` entries.
-#
-# @param confd_dir
-#   Sets the location of the Apache server's custom configuration directory.
-#
-# @param default_charset
-#   Used as the `AddDefaultCharset` directive in the main configuration file.
-#
-# @param default_confd_files
-#   Determines whether Puppet generates a default set of includable Apache configuration files 
-#   in the directory defined by the `confd_dir` parameter. These configuration files 
-#   correspond to what is typically installed with the Apache package on the server's 
-#   operating system.
-#
-# @param default_mods
-#   Determines whether to configure and enable a set of default Apache modules depending on 
-#   your operating system.<br />
-#   If `false`, Puppet includes only the Apache modules required to make the HTTP daemon work 
-#   on your operating system, and you can declare any other modules separately using the 
-#   `apache::mod::<MODULE NAME>` class or `apache::mod` defined type.<br />
-#   If `true`, Puppet installs additional modules, depending on the operating system and 
-#   the values of `apache_version` and `mpm_module` parameters. Because these lists of 
-#   modules can change frequently, consult the Puppet module's code for up-to-date lists.<br />
-#   If this parameter contains an array, Puppet instead enables all passed Apache modules.
-#
-# @param default_ssl_ca
-#   Sets the default certificate authority for the Apache server.<br />
-#   Although the default value results in a functioning Apache server, you **must** update 
-#   this parameter with your certificate authority information before deploying this server in 
-#   a production environment.
-#
-# @param default_ssl_cert
-#   Sets the SSL encryption certificate location.<br />
-#   Although the default value results in a functioning Apache server, you **must** update this 
-#   parameter with your certificate location before deploying this server in a production environment.
-#
-# @param default_ssl_chain
-#   Sets the default SSL chain location.<br />
-#   Although this default value results in a functioning Apache server, you **must** update 
-#   this parameter with your SSL chain before deploying this server in a production environment.
-#
-# @param default_ssl_crl
-#   Sets the path of the default certificate revocation list (CRL) file to use.<br />
-#   Although this default value results in a functioning Apache server, you **must** update 
-#   this parameter with the CRL file path before deploying this server in a production 
-#   environment. You can use this parameter with or in place of the `default_ssl_crl_path`.
-#
-# @param default_ssl_crl_path
-#   Sets the server's certificate revocation list path, which contains your CRLs.<br />
-#   Although this default value results in a functioning Apache server, you **must** update 
-#   this parameter with the CRL file path before deploying this server in a production environment.
-#
-# @param default_ssl_crl_check
-#   Sets the default certificate revocation check level via the `SSLCARevocationCheck` directive. 
-#   This parameter applies only to Apache 2.4 or higher and is ignored on older versions.<br />
-#   Although this default value results in a functioning Apache server, you **must** specify 
-#   this parameter when using certificate revocation lists in a production environment.
-#
-# @param default_ssl_key
-#   Sets the SSL certificate key file location.
-#   Although the default values result in a functioning Apache server, you **must** update 
-#   this parameter with your SSL key's location before deploying this server in a production 
-#   environment.
-#
-# @param default_ssl_reload_on_change
-#   Enable reloading of apache if the content of ssl files have changed.
-#
-# @param default_ssl_vhost
-#   Configures a default SSL virtual host.
-#   If `true`, Puppet automatically configures the following virtual host using the 
-#   `apache::vhost` defined type:
-#   ```puppet
-#   apache::vhost { 'default-ssl':
-#     port            => 443,
-#     ssl             => true,
-#     docroot         => $docroot,
-#     scriptalias     => $scriptalias,
-#     serveradmin     => $serveradmin,
-#     access_log_file => "ssl_${access_log_file}",
-#   }
-#   ```
-#   **Note**: SSL virtual hosts only respond to HTTPS queries.
-#
-# @param default_type
-#   _Apache 2.2 only_. Sets the MIME `content-type` sent if the server cannot otherwise 
-#   determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and 
-#   newer, and is only for backwards compatibility in configuration files.
-#
-# @param default_vhost
-#   Configures a default virtual host when the class is declared.<br />
-#   To configure customized virtual hosts, set this parameter's 
-#   value to `false`.<br />
-#   > **Note**: Apache will not start without at least one virtual host. If you set this 
-#   to `false` you must configure a virtual host elsewhere.
-#
-# @param dev_packages
-#   Configures a specific dev package to use.<br />
-#   For example, using httpd 2.4 from the IUS yum repo:<br />
-#   ``` puppet
-#   include ::apache::dev
-#   class { 'apache':
-#     apache_name  => 'httpd24u',
-#     dev_packages => 'httpd24u-devel',
-#   }
-#   ```
-#
-# @param docroot
-#   Sets the default `DocumentRoot` location.
-#
-# @param error_documents
-#   Determines whether to enable [custom error documents](https://httpd.apache.org/docs/current/custom-error.html) on the Apache server.
-#
-# @param group
-#   Sets the group ID that owns any Apache processes spawned to answer requests.<br />
-#   By default, Puppet attempts to manage this group as a resource under the `apache` 
-#   class, determining the group based on the operating system as detected by the 
-#   `apache::params` class. To prevent the group resource from being created and use a group 
-#   created by another Puppet module, set the `manage_group` parameter's value to `false`.<br />
-#   > **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn 
-#   child processes to access resources. It does not change the user that owns the parent server 
-#   process.
-#
-# @param httpd_dir
-#   Sets the Apache server's base configuration directory. This is useful for specially 
-#   repackaged Apache server builds but might have unintended consequences when combined 
-#   with the default distribution packages.
-#
-# @param http_protocol_options
-#   Specifies the strictness of HTTP protocol checks.<br />
-#   Valid options: any sequence of the following alternative values: `Strict` or `Unsafe`, 
-#   `RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`.
-#
-# @param keepalive
-#   Determines whether to enable persistent HTTP connections with the `KeepAlive` directive. 
-#   If you set this to `On`, use the `keepalive_timeout` and `max_keepalive_requests` parameters 
-#   to set relevant options.<br />
-#
-# @param keepalive_timeout
-#   Sets the `KeepAliveTimeout` directive, which determines the amount of time the Apache 
-#   server waits for subsequent requests on a persistent HTTP connection. This parameter is 
-#   only relevant if the `keepalive` parameter is enabled.
-#
-# @param max_keepalive_requests
-#   Limits the number of requests allowed per connection when the `keepalive` parameter is enabled.
-#
-# @param hostname_lookups
-#   This directive enables DNS lookups so that host names can be logged and passed to 
-#   CGIs/SSIs in REMOTE_HOST.<br />
-#   > **Note**: If enabled, it impacts performance significantly.
-#
-# @param ldap_trusted_mode
-#  The following modes are supported:
-#
-#    NONE - no encryption
-#    SSL - ldaps:// encryption on default port 636
-#    TLS - STARTTLS encryption on default port 389
-#  Not all LDAP toolkits support all the above modes. An error message will be logged at
-#  runtime if a mode is not supported, and the connection to the LDAP server will fail.
-#
-#If an ldaps:// URL is specified, the mode becomes SSL and the setting of LDAPTrustedMode is ignored.
-#
-# @param ldap_verify_server_cert
-#  Specifies whether to force the verification of a server certificate when establishing an SSL
-#  connection to the LDAP server.
-#  On|Off
-#
-# @param lib_path
-#   Specifies the location whereApache module files are stored.<br />
-#   > **Note**: Do not configure this parameter manually without special reason.
-#
-# @param log_level
-#   Configures the apache [LogLevel](https://httpd.apache.org/docs/current/mod/core.html#loglevel) directive
-#   which adjusts the verbosity of the messages recorded in the error logs.
-#
-# @param log_formats
-#   Define additional `LogFormat` directives. Values: A hash, such as:
-#   ``` puppet
-#   $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' }
-#   ```
-#     There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates:
-#   ``` httpd
-#     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-#     LogFormat "%h %l %u %t \"%r\" %>s %b" common
-#     LogFormat "%{Referer}i -> %U" referer
-#     LogFormat "%{User-agent}i" agent
-#     LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded
-#   ```
-#   If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition.
-#
-# @param logroot
-#   Changes the directory of Apache log files for the virtual host.
-#
-# @param logroot_mode
-#   Overrides the default `logroot` directory's mode.<br />
-#   > **Note**: Do _not_ grant write access to the directory where the logs are stored 
-#   without being aware of the consequences. See the [Apache documentation](https://httpd.apache.org/docs/current/logs.html#security)
-#   for details.
-#
-# @param manage_group
-#   When `false`, stops Puppet from creating the group resource.<br />
-#   If you have a group created from another Puppet module that you want to use to run Apache, 
-#   set this to `false`. Without this parameter, attempting to use a previously established 
-#   group results in a duplicate resource error.
-#
-# @param supplementary_groups
-#   A list of groups to which the user belongs. These groups are in addition to the primary group.<br />
-#   Notice: This option only has an effect when `manage_user` is set to true.
-#
-# @param manage_user
-#   When `false`, stops Puppet from creating the user resource.<br />
-#   This is for instances when you have a user, created from another Puppet module, you want 
-#   to use to run Apache. Without this parameter, attempting to use a previously established 
-#   user would result in a duplicate resource error.
-#
-# @param mod_dir
-#   Sets where Puppet places configuration files for your Apache modules.
-#
-# @param mod_libs
-#   Allows the user to override default module library names.
-#   ```puppet
-#   include apache::params
-#   class { 'apache':
-#     mod_libs => merge($::apache::params::mod_libs, {
-#       'wsgi' => 'mod_wsgi_python3.so',
-#     })
-#   }
-#   ```
-#
-# @param mod_packages
-#   Allows the user to override default module package names.
-#   ```puppet
-#   include apache::params
-#   class { 'apache':
-#     mod_packages => merge($::apache::params::mod_packages, {
-#       'auth_kerb' => 'httpd24-mod_auth_kerb',
-#     })
-#   }
-#   ```
-#
-# @param mpm_module
-#   Determines which [multi-processing module](https://httpd.apache.org/docs/current/mpm.html) (MPM) is loaded and configured for the 
-#   HTTPD process. Valid values are: `event`, `itk`, `peruser`, `prefork`, `worker` or `false`.<br />
-#   You must set this to `false` to explicitly declare the following classes with custom parameters:
-#   - `apache::mod::event`
-#   - `apache::mod::itk`
-#   - `apache::mod::peruser`
-#   - `apache::mod::prefork`
-#   - `apache::mod::worker`
-#
-# @param package_ensure
-#   Controls the `package` resource's `ensure` attribute. Valid values are: `absent`, `installed`
-#   (or equivalent `present`), or a version string.
-#
-# @param pidfile
-#   Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm.
-#
-# @param ports_file
-#   Sets the path to the file containing Apache ports configuration.
-#
-# @param protocols
-#   Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols) 
-#   directive, which lists available protocols for the server.
-#
-# @param protocols_honor_order
-#   Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder)
-#   directive which determines whether the order of Protocols sets precedence during negotiation.
-#
-# @param purge_configs
-#   Removes all other Apache configs and virtual hosts.<br />
-#   Setting this to `false` is a stopgap measure to allow the apache module to coexist with 
-#   existing or unmanaged configurations. We recommend moving your configuration to resources 
-#   within this module. For virtual host configurations, see `purge_vhost_dir`.
-#
-# @param purge_vhost_dir
-#   If the `vhost_dir` parameter's value differs from the `confd_dir` parameter's, this parameter 
-#   determines whether Puppet removes any configurations inside `vhost_dir` that are _not_ managed 
-#   by Puppet.<br />
-#   Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache module to 
-#   coexist with existing or otherwise unmanaged configurations within `vhost_dir`.
-#
-# @param rewrite_lock
-#   Allows setting a custom location for a rewrite lock - considered best practice if using 
-#   a RewriteMap of type prg in the `rewrites` parameter of your virtual host. This parameter 
-#   only applies to Apache version 2.2 or lower and is ignored on newer versions.
-#
-# @param sendfile
-#   Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the 
-#   `EnableSendfile` directive.
-#
-# @param serveradmin
-#   Sets the Apache server administrator's contact information via Apache's `ServerAdmin` directive.
-#
-# @param servername
-#   Sets the Apache server name via Apache's `ServerName` directive.
-#   Setting to `false` will not set ServerName at all.
-#
-# @param server_root
-#   Sets the Apache server's root directory via Apache's `ServerRoot` directive.
-#
-# @param server_signature
-#   Configures a trailing footer line to display at the bottom of server-generated documents, 
-#   such as error documents and output of certain Apache modules, via Apache's `ServerSignature`
-#   directive. Valid values are: `On` or `Off`.
-# 
-# @param server_tokens
-#   Controls how much information Apache sends to the browser about itself and the operating 
-#   system, via Apache's `ServerTokens` directive.
-# 
-# @param service_enable
-#   Determines whether Puppet enables the Apache HTTPD service when the system is booted.
-# 
-# @param service_ensure
-#   Determines whether Puppet should make sure the service is running. 
-#   Valid values are: `true` (or `running`) or `false` (or `stopped`).<br />
-#   The `false` or `stopped` values set the 'httpd' service resource's `ensure` parameter 
-#   to `false`, which is useful when you want to let the service be managed by another 
-#   application, such as Pacemaker.<br />
-# 
-# @param service_name
-#   Sets the name of the Apache service.
-# 
-# @param service_manage
-#   Determines whether Puppet manages the HTTPD service's state.
-#
-# @param service_restart
-#   Determines whether Puppet should use a specific command to restart the HTTPD service.
-#   Values: a command to restart the Apache service.
-#
-# @param timeout
-#   Sets Apache's `TimeOut` directive, which defines the number of seconds Apache waits for 
-#   certain events before failing a request.
-#
-# @param trace_enable
-#   Controls how Apache handles `TRACE` requests (per RFC 2616) via the `TraceEnable` directive.
-#
-# @param use_canonical_name
-#   Controls Apache's `UseCanonicalName` directive which controls how Apache handles 
-#   self-referential URLs. If not specified, this parameter omits the declaration from the 
-#   server's configuration and uses Apache's default setting of 'off'.
-#
-# @param use_systemd
-#   Controls whether the systemd module should be installed on Centos 7 servers, this is 
-#   especially useful if using custom-built RPMs.
-#
-# @param file_mode
-#   Sets the desired permissions mode for config files.
-#   Valid values are: a string, with permissions mode in symbolic or numeric notation.
-#
-# @param root_directory_options
-#   Array of the desired options for the `/` directory in httpd.conf.
-#
-# @param root_directory_secured
-#   Sets the default access policy for the `/` directory in httpd.conf. A value of `false` 
-#   allows access to all resources that are missing a more specific access policy. A value of 
-#   `true` denies access to all resources by default. If `true`, more specific rules must be 
-#   used to allow access to these resources (for example, in a directory block using the 
-#   `directories` parameter).
-#
-# @param vhost_dir
-#   Changes your virtual host configuration files' location.
-#
-# @param vhost_include_pattern
-#   Defines the pattern for files included from the `vhost_dir`.
-#   If set to a value like `[^.#]\*.conf[^~]` to make sure that files accidentally created in 
-#   this directory (such as files created by version control systems or editor backups) are 
-#   *not* included in your server configuration.<br />
-#   Some operating systems use a value of `*.conf`. By default, this module creates configuration 
-#   files ending in `.conf`.
-#
-# @param user
-#   Changes the user that Apache uses to answer requests. Apache's parent process continues 
-#   to run as root, but child processes access resources as the user defined by this parameter. 
-#   To prevent Puppet from managing the user, set the `manage_user` parameter to `false`.
-#
-# @param apache_name
-#   The name of the Apache package to install. If you are using a non-standard Apache package 
-#   you might need to override the default setting.<br />
-#   For CentOS/RHEL Software Collections (SCL), you can also use `apache::version::scl_httpd_version`.
-#
-# @param error_log
-#   The name of the error log file for the main server instance. If the string starts with 
-#   `/`, `|`, or `syslog`: the full path is set. Otherwise, the filename  is prefixed with 
-#   `$logroot`.
-#
-# @param scriptalias
-#   Directory to use for global script alias
-#
-# @param access_log_file
-#   The name of the access log file for the main server instance.
-#
-# @param limitreqfields
-#   The `limitreqfields` parameter sets the maximum number of request header fields in 
-#   an HTTP request. This directive gives the server administrator greater control over 
-#   abnormal client request behavior, which may be useful for avoiding some forms of 
-#   denial-of-service attacks. The value should be increased if normal clients see an error 
-#   response from the server that indicates too many fields were sent in the request.
-#
-# @param limitreqfieldsize
-#   The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will
-#   be allowed within a request header.
-#
-# @param ip
-#   Specifies the ip address
-#
-# @param purge_vdir
-#   Removes all other Apache configs and virtual hosts.<br />
-#   > **Note**: This parameter is deprecated in favor of the `purge_config` parameter.<br />
-# 
-# @param conf_enabled
-#   Whether the additional config files in `/etc/apache2/conf-enabled` should be managed.
-# 
-# @param vhost_enable_dir
-#   Set's whether the vhost definitions will be stored in sites-availible and if
-#   they will be symlinked to and from sites-enabled.
-#
-# @param mod_enable_dir
-#   Set's whether the mods-enabled directory should be managed.
-#
-# @param ssl_file
-#   This parameter allows you to set an ssl.conf file to be managed in order to implement
-#   an SSL Certificate.
-# 
-# @param file_e_tag
-#   Sets the server default for the `FileETag` declaration, which modifies the response header 
-#   field for static files.
-# 
-# @param use_optional_includes
-#   Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for 
-#   `additional_includes` in Apache 2.4 or newer.
-# 
-# @param mime_types_additional
-#   Specifies any idditional Internet media (mime) types that you wish to be configured.
-# 
 class apache (
-  $apache_name                                                          = $apache::params::apache_name,
-  $service_name                                                         = $apache::params::service_name,
-  $default_mods                                                         = true,
-  Boolean $default_vhost                                                = true,
-  $default_charset                                                      = undef,
-  Boolean $default_confd_files                                          = true,
-  Boolean $default_ssl_vhost                                            = false,
-  $default_ssl_cert                                                     = $apache::params::default_ssl_cert,
-  $default_ssl_key                                                      = $apache::params::default_ssl_key,
-  $default_ssl_chain                                                    = undef,
-  $default_ssl_ca                                                       = undef,
-  $default_ssl_crl_path                                                 = undef,
-  $default_ssl_crl                                                      = undef,
-  $default_ssl_crl_check                                                = undef,
-  Boolean $default_ssl_reload_on_change                                 = false,
-  $default_type                                                         = 'none',
-  $dev_packages                                                         = $apache::params::dev_packages,
-  $ip                                                                   = undef,
-  Boolean $service_enable                                               = true,
-  Boolean $service_manage                                               = true,
-  $service_ensure                                                       = 'running',
-  $service_restart                                                      = undef,
-  $purge_configs                                                        = true,
-  $purge_vhost_dir                                                      = undef,
-  $purge_vdir                                                           = false,
-  $serveradmin                                                          = 'root@localhost',
-  Enum['On', 'Off', 'on', 'off'] $sendfile                              = 'On',
-  $ldap_verify_server_cert                                              = undef,
-  $ldap_trusted_mode                                                    = undef,
-  $error_documents                                                      = false,
-  $timeout                                                              = '60',
-  $httpd_dir                                                            = $apache::params::httpd_dir,
-  $server_root                                                          = $apache::params::server_root,
-  $conf_dir                                                             = $apache::params::conf_dir,
-  $confd_dir                                                            = $apache::params::confd_dir,
-  Enum['Off', 'On', 'Double', 'off', 'on', 'double'] $hostname_lookups  = $apache::params::hostname_lookups,
-  $conf_enabled                                                         = $apache::params::conf_enabled,
-  $vhost_dir                                                            = $apache::params::vhost_dir,
-  $vhost_enable_dir                                                     = $apache::params::vhost_enable_dir,
-  $mod_libs                                                             = $apache::params::mod_libs,
-  $mod_packages                                                         = $apache::params::mod_packages,
-  $vhost_include_pattern                                                = $apache::params::vhost_include_pattern,
-  $mod_dir                                                              = $apache::params::mod_dir,
-  $mod_enable_dir                                                       = $apache::params::mod_enable_dir,
-  $mpm_module                                                           = $apache::params::mpm_module,
-  $lib_path                                                             = $apache::params::lib_path,
-  $conf_template                                                        = $apache::params::conf_template,
-  $servername                                                           = $apache::params::servername,
-  $pidfile                                                              = $apache::params::pidfile,
-  Optional[Stdlib::Absolutepath] $rewrite_lock                          = undef,
-  Boolean $manage_user                                                  = true,
-  Boolean $manage_group                                                 = true,
-  $user                                                                 = $apache::params::user,
-  $group                                                                = $apache::params::group,
-  $http_protocol_options                                                = $apache::params::http_protocol_options,
-  $supplementary_groups                                                 = [],
-  $keepalive                                                            = $apache::params::keepalive,
-  $keepalive_timeout                                                    = $apache::params::keepalive_timeout,
-  $max_keepalive_requests                                               = $apache::params::max_keepalive_requests,
-  $limitreqfieldsize                                                    = '8190',
-  $limitreqfields                                                       = '100',
-  $logroot                                                              = $apache::params::logroot,
-  $logroot_mode                                                         = $apache::params::logroot_mode,
-  Apache::LogLevel $log_level                                           = $apache::params::log_level,
-  $log_formats                                                          = {},
-  $ssl_file                                                             = undef,
-  $ports_file                                                           = $apache::params::ports_file,
-  $docroot                                                              = $apache::params::docroot,
-  $apache_version                                                       = $apache::version::default,
-  $server_tokens                                                        = 'Prod',
-  $server_signature                                                     = 'On',
-  $trace_enable                                                         = 'On',
-  Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes        = undef,
-  $file_e_tag                                                           = undef,
-  Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']]
-  $use_canonical_name                                          = undef,
+  $apache_name                                                   = $::apache::params::apache_name,
+  $service_name                                                  = $::apache::params::service_name,
+  $default_mods                                                  = true,
+  Boolean $default_vhost                                         = true,
+  $default_charset                                               = undef,
+  Boolean $default_confd_files                                   = true,
+  Boolean $default_ssl_vhost                                     = false,
+  $default_ssl_cert                                              = $::apache::params::default_ssl_cert,
+  $default_ssl_key                                               = $::apache::params::default_ssl_key,
+  $default_ssl_chain                                             = undef,
+  $default_ssl_ca                                                = undef,
+  $default_ssl_crl_path                                          = undef,
+  $default_ssl_crl                                               = undef,
+  $default_ssl_crl_check                                         = undef,
+  $default_type                                                  = 'none',
+  $dev_packages                                                  = $::apache::params::dev_packages,
+  $ip                                                            = undef,
+  Boolean $service_enable                                        = true,
+  Boolean $service_manage                                        = true,
+  $service_ensure                                                = 'running',
+  $service_restart                                               = undef,
+  $purge_configs                                                 = false,
+  $purge_vhost_dir                                               = undef,
+  $purge_vdir                                                    = false,
+  $serveradmin                                                   = 'root@localhost',
+  $sendfile                                                      = 'On',
+  $error_documents                                               = false,
+  $timeout                                                       = '120',
+  $httpd_dir                                                     = $::apache::params::httpd_dir,
+  $server_root                                                   = $::apache::params::server_root,
+  $conf_dir                                                      = $::apache::params::conf_dir,
+  $confd_dir                                                     = $::apache::params::confd_dir,
+  $vhost_dir                                                     = $::apache::params::vhost_dir,
+  $vhost_enable_dir                                              = $::apache::params::vhost_enable_dir,
+  $mod_packages                                                  = $::apache::params::mod_packages,
+  $vhost_include_pattern                                         = $::apache::params::vhost_include_pattern,
+  $mod_dir                                                       = $::apache::params::mod_dir,
+  $mod_enable_dir                                                = $::apache::params::mod_enable_dir,
+  $mpm_module                                                    = $::apache::params::mpm_module,
+  $lib_path                                                      = $::apache::params::lib_path,
+  $conf_template                                                 = $::apache::params::conf_template,
+  $servername                                                    = $::apache::params::servername,
+  $pidfile                                                       = $::apache::params::pidfile,
+  Optional[Stdlib::Absolutepath] $rewrite_lock                   = undef,
+  Boolean $manage_user                                           = true,
+  Boolean $manage_group                                          = true,
+  $user                                                          = $::apache::params::user,
+  $group                                                         = $::apache::params::group,
+  $http_protocol_options                                         = $::apache::params::http_protocol_options,
+  $supplementary_groups                                          = [],
+  $keepalive                                                     = $::apache::params::keepalive,
+  $keepalive_timeout                                             = $::apache::params::keepalive_timeout,
+  $max_keepalive_requests                                        = $::apache::params::max_keepalive_requests,
+  $limitreqfieldsize                                             = '8190',
+  $logroot                                                       = $::apache::params::logroot,
+  $logroot_mode                                                  = $::apache::params::logroot_mode,
+  $log_level                                                     = $::apache::params::log_level,
+  $log_formats                                                   = {},
+  $ssl_file                                                      = undef,
+  $ports_file                                                    = $::apache::params::ports_file,
+  $docroot                                                       = $::apache::params::docroot,
+  $apache_version                                                = $::apache::version::default,
+  $server_tokens                                                 = 'OS',
+  $server_signature                                              = 'On',
+  $trace_enable                                                  = 'On',
+  Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef,
+  $file_e_tag                                                    = undef,
   $package_ensure                                                = 'installed',
-  Boolean $use_optional_includes                                 = $apache::params::use_optional_includes,
-  $use_systemd                                                   = $apache::params::use_systemd,
-  $mime_types_additional                                         = $apache::params::mime_types_additional,
-  $file_mode                                                     = $apache::params::file_mode,
-  $root_directory_options                                        = $apache::params::root_directory_options,
+  Boolean $use_optional_includes                                 = $::apache::params::use_optional_includes,
+  $use_systemd                                                   = $::apache::params::use_systemd,
+  $mime_types_additional                                         = $::apache::params::mime_types_additional,
+  $file_mode                                                     = $::apache::params::file_mode,
+  $root_directory_options                                        = $::apache::params::root_directory_options,
   Boolean $root_directory_secured                                = false,
-  $error_log                                                     = $apache::params::error_log,
-  $scriptalias                                                   = $apache::params::scriptalias,
-  $access_log_file                                               = $apache::params::access_log_file,
-  Array[Enum['h2', 'h2c', 'http/1.1']] $protocols                = [],
-  Optional[Boolean] $protocols_honor_order                       = undef,
+  $error_log                                                     = $::apache::params::error_log,
+  $scriptalias                                                   = $::apache::params::scriptalias,
+  $access_log_file                                               = $::apache::params::access_log_file,
+  $overwrite_ports                                               = true, # TODO: Implement this as in wheezy apache
 ) inherits ::apache::params {
+
   $valid_mpms_re = $apache_version ? {
     '2.4'   => '(event|itk|peruser|prefork|worker)',
     default => '(event|itk|prefork|worker)'
   }
 
-  if $::osfamily == 'RedHat' and $facts['operatingsystemmajrelease'] == '7' {
+  if $::osfamily == 'RedHat' and $::apache::version::distrelease == '7' {
     # On redhat 7 the ssl.conf lives in /etc/httpd/conf.d (the confd_dir)
     # when all other module configs live in /etc/httpd/conf.modules.d (the
     # mod_dir). On all other platforms and versions, ssl.conf lives in the
     # mod_dir. This should maintain the expected location of ssl.conf
     $_ssl_file = $ssl_file ? {
       undef   => "${apache::confd_dir}/ssl.conf",
-      default => $ssl_file
+      default =>  $ssl_file
     }
   } else {
     $_ssl_file = $ssl_file ? {
       undef   => "${apache::mod_dir}/ssl.conf",
-      default => $ssl_file
+      default =>  $ssl_file
     }
   }
 
@@ -587,6 +130,7 @@ class apache (
       notify => Class['Apache::Service'],
     }
   }
+  validate_re($sendfile, [ '^[oO]n$' , '^[oO]ff$' ])
 
   # declare the web server user and group
   # Note: requiring the package means the package ought to create them and not puppet
@@ -605,7 +149,9 @@ class apache (
     }
   }
 
-  class { 'apache::service':
+  validate_apache_log_level($log_level)
+
+  class { '::apache::service':
     service_name    => $service_name,
     service_enable  => $service_enable,
     service_manage  => $service_manage,
@@ -645,17 +191,6 @@ class apache (
     require => Package['httpd'],
   }
 
-  if $conf_enabled and ! defined(File[$conf_enabled]) {
-    file { $conf_enabled:
-      ensure  => directory,
-      recurse => true,
-      purge   => $purge_confd,
-      force   => $purge_confd,
-      notify  => Class['Apache::Service'],
-      require => Package['httpd'],
-    }
-  }
-
   if ! defined(File[$mod_dir]) {
     exec { "mkdir ${mod_dir}":
       creates => $mod_dir,
@@ -721,27 +256,29 @@ class apache (
     $vhost_load_dir = $vhost_dir
   }
 
-  concat { $ports_file:
-    ensure  => present,
-    owner   => 'root',
-    group   => $apache::params::root_group,
-    mode    => $apache::file_mode,
-    notify  => Class['Apache::Service'],
-    require => Package['httpd'],
-  }
-  concat::fragment { 'Apache ports header':
-    target  => $ports_file,
-    content => template('apache/ports_header.erb'),
+  if $overwrite_ports {
+    concat { $ports_file:
+      ensure  => present,
+      owner   => 'root',
+      group   => $::apache::params::root_group,
+      mode    => $::apache::file_mode,
+      notify  => Class['Apache::Service'],
+      require => Package['httpd'],
+    }
+    concat::fragment { 'Apache ports header':
+      target  => $ports_file,
+      content => template('apache/ports_header.erb'),
+    }
   }
 
-  if $apache::conf_dir and $apache::params::conf_file {
+  if $::apache::conf_dir and $::apache::params::conf_file {
     if $::osfamily == 'gentoo' {
       $error_documents_path = '/usr/share/apache2/error'
-      if $default_mods =~ Array {
+      if is_array($default_mods) {
         if versioncmp($apache_version, '2.4') >= 0 {
           if defined('apache::mod::ssl') {
             ::portage::makeconf { 'apache2_modules':
-              content => concat($default_mods, ['authz_core', 'socache_shmcb']),
+              content => concat($default_mods, [ 'authz_core', 'socache_shmcb' ]),
             }
           } else {
             ::portage::makeconf { 'apache2_modules':
@@ -756,11 +293,11 @@ class apache (
       }
 
       file { [
-          '/etc/apache2/modules.d/.keep_www-servers_apache-2',
-          '/etc/apache2/vhosts.d/.keep_www-servers_apache-2',
-        ]:
-          ensure  => absent,
-          require => Package['httpd'],
+        '/etc/apache2/modules.d/.keep_www-servers_apache-2',
+        '/etc/apache2/vhosts.d/.keep_www-servers_apache-2',
+      ]:
+        ensure  => absent,
+        require => Package['httpd'],
       }
     }
 
@@ -793,27 +330,26 @@ class apache (
     # - $trace_enable
     # - $rewrite_lock
     # - $root_directory_secured
-    file { "${apache::conf_dir}/${apache::params::conf_file}":
+    file { "${::apache::conf_dir}/${::apache::params::conf_file}":
       ensure  => file,
-      mode    => $apache::file_mode,
       content => template($conf_template),
       notify  => Class['Apache::Service'],
-      require => [Package['httpd'], Concat[$ports_file]],
+      require => [Package['httpd']],
     }
 
     # preserve back-wards compatibility to the times when default_mods was
     # only a boolean value. Now it can be an array (too)
-    if $default_mods =~ Array {
-      class { 'apache::default_mods':
+    if is_array($default_mods) {
+      class { '::apache::default_mods':
         all  => false,
         mods => $default_mods,
       }
     } else {
-      class { 'apache::default_mods':
+      class { '::apache::default_mods':
         all => $default_mods,
       }
     }
-    class { 'apache::default_confd_files':
+    class { '::apache::default_confd_files':
       all => $default_confd_files,
     }
     if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans
@@ -830,37 +366,33 @@ class apache (
     }
 
     ::apache::vhost { 'default':
-      ensure                       => $default_vhost_ensure,
-      port                         => '80',
-      docroot                      => $docroot,
-      scriptalias                  => $scriptalias,
-      serveradmin                  => $serveradmin,
-      access_log_file              => $access_log_file,
-      priority                     => '15',
-      ip                           => $ip,
-      logroot_mode                 => $logroot_mode,
-      manage_docroot               => $default_vhost,
-      use_servername_for_filenames => true,
-      use_port_for_filenames       => true,
+      ensure          => $default_vhost_ensure,
+      port            => '80',
+      docroot         => $docroot,
+      scriptalias     => $scriptalias,
+      serveradmin     => $serveradmin,
+      access_log_file => $access_log_file,
+      priority        => '15',
+      ip              => $ip,
+      logroot_mode    => $logroot_mode,
+      manage_docroot  => $default_vhost,
     }
     $ssl_access_log_file = $::osfamily ? {
       'freebsd' => $access_log_file,
       default   => "ssl_${access_log_file}",
     }
     ::apache::vhost { 'default-ssl':
-      ensure                       => $default_ssl_vhost_ensure,
-      port                         => '443',
-      ssl                          => true,
-      docroot                      => $docroot,
-      scriptalias                  => $scriptalias,
-      serveradmin                  => $serveradmin,
-      access_log_file              => $ssl_access_log_file,
-      priority                     => '15',
-      ip                           => $ip,
-      logroot_mode                 => $logroot_mode,
-      manage_docroot               => $default_ssl_vhost,
-      use_servername_for_filenames => true,
-      use_port_for_filenames       => true,
+      ensure          => $default_ssl_vhost_ensure,
+      port            => '443',
+      ssl             => true,
+      docroot         => $docroot,
+      scriptalias     => $scriptalias,
+      serveradmin     => $serveradmin,
+      access_log_file => $ssl_access_log_file,
+      priority        => '15',
+      ip              => $ip,
+      logroot_mode    => $logroot_mode,
+      manage_docroot  => $default_ssl_vhost,
     }
   }
 
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/listen.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/listen.pp
index 3eb60baad..9730d3c75 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/listen.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/listen.pp
@@ -1,15 +1,25 @@
-# @summary
-#   Adds `Listen` directives to `ports.conf` that define the 
-#   Apache server's or a virtual host's listening address and port.
-#
-# The `apache::vhost` class uses this defined type, and titles take the form 
-# `<PORT>`, `<IPV4>:<PORT>`, or `<IPV6>:<PORT>`.
-define apache::listen {
+define apache::listen ($port='') {
   $listen_addr_port = $name
 
-  # Template uses: $listen_addr_port
-  concat::fragment { "Listen ${listen_addr_port}":
-    target  => $apache::ports_file,
-    content => template('apache/listen.erb'),
+  if defined(Concat[$::apache::ports_file]){
+    # Template uses: $listen_addr_port
+    concat::fragment { "Listen ${listen_addr_port}":
+      target  => $::apache::ports_file,
+      content => template('apache/listen.erb'),
+    }
+  } elsif $port != '80' {
+    # Create a temporary file
+    # join with cat $tmp_file >> $file
+    # remove tmp files
+    $ports_file = $::apache::ports_file
+    $tmp_file = "$ports_file-tmp_listen"
+    file { $tmp_file:
+      ensure => file,
+      content => template('apache/listen.erb'),
+    }
+
+    exec { "apache::listen: cat $tmp_file with ports.conf":
+      command => "/bin/cat $tmp_file >> $ports_file;/bin/rm $tmp_file"
+    }
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod.pp
index 0f7105d63..ddef130c8 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod.pp
@@ -1,42 +1,8 @@
-# @summary
-#   Installs packages for an Apache module that doesn't have a corresponding 
-#   `apache::mod::<MODULE NAME>` class.
-#
-# Checks for or places the module's default configuration files in the Apache server's 
-# `module` and `enable` directories. The default locations depend on your operating system.
-#
-# @param package
-#   **Required**.<br />
-#   Names the package Puppet uses to install the Apache module.
-#
-# @param package_ensure
-#   Determines whether Puppet ensures the Apache module should be installed.
-#
-# @param lib
-#   Defines the module's shared object name. Do not configure manually without special reason.
-#
-# @param lib_path
-#   Specifies a path to the module's libraries. Do not manually set this parameter 
-#   without special reason. The `path` parameter overrides this value.
-#
-# @param loadfile_name
-#   Sets the filename for the module's `LoadFile` directive, which can also set 
-#   the module load order as Apache processes them in alphanumeric order.
-#
-# @param id
-#   Specifies the package id
-#
-# @param loadfiles
-#   Specifies an array of `LoadFile` directives.
-#
-# @param path
-#   Specifies a path to the module. Do not manually set this parameter without a special reason.
-#
 define apache::mod (
   $package        = undef,
   $package_ensure = 'present',
   $lib            = undef,
-  $lib_path       = $apache::lib_path,
+  $lib_path       = $::apache::lib_path,
   $id             = undef,
   $path           = undef,
   $loadfile_name  = undef,
@@ -48,10 +14,10 @@ define apache::mod (
 
   $mod = $name
   #include apache #This creates duplicate resources in rspec-puppet
-  $mod_dir = $apache::mod_dir
+  $mod_dir = $::apache::mod_dir
 
   # Determine if we have special lib
-  $mod_libs = $apache::mod_libs
+  $mod_libs = $::apache::params::mod_libs
   if $lib {
     $_lib = $lib
   } elsif has_key($mod_libs, $mod) { # 2.6 compatibility hack
@@ -80,11 +46,11 @@ define apache::mod (
   }
 
   # Determine if we have a package
-  $mod_packages = $apache::mod_packages
+  $mod_packages = $::apache::mod_packages
   if $package {
     $_package = $package
   } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack
-    if ($apache::apache_version == '2.4' and $::operatingsystem =~ /^[Aa]mazon$/ and $::operatingsystemmajrelease != '2') {
+    if ($::apache::apache_version == '2.4' and $::operatingsystem =~ /^[Aa]mazon$/) {
       # On amazon linux we need to prefix our package name with mod24 instead of mod to support apache 2.4
       $_package = regsubst($mod_packages[$mod],'^(mod_)?(.*)','mod24_\2')
     } else {
@@ -101,11 +67,11 @@ define apache::mod (
     $package_before = $::osfamily ? {
       'freebsd' => [
         File[$_loadfile_name],
-        File["${apache::conf_dir}/${apache::params::conf_file}"]
+        File["${::apache::conf_dir}/${::apache::params::conf_file}"]
       ],
       default => [
         File[$_loadfile_name],
-        File[$apache::confd_dir],
+        File[$::apache::confd_dir],
       ],
     }
     # if there are any packages, they should be installed before the associated conf file
@@ -123,8 +89,8 @@ define apache::mod (
     ensure  => file,
     path    => "${mod_dir}/${_loadfile_name}",
     owner   => 'root',
-    group   => $apache::params::root_group,
-    mode    => $apache::file_mode,
+    group   => $::apache::params::root_group,
+    mode    => $::apache::file_mode,
     content => template('apache/mod/load.erb'),
     require => [
       Package['httpd'],
@@ -135,14 +101,14 @@ define apache::mod (
   }
 
   if $::osfamily == 'Debian' {
-    $enable_dir = $apache::mod_enable_dir
-    file { "${_loadfile_name} symlink":
+    $enable_dir = $::apache::mod_enable_dir
+    file{ "${_loadfile_name} symlink":
       ensure  => link,
       path    => "${enable_dir}/${_loadfile_name}",
       target  => "${mod_dir}/${_loadfile_name}",
       owner   => 'root',
-      group   => $apache::params::root_group,
-      mode    => $apache::file_mode,
+      group   => $::apache::params::root_group,
+      mode    => $::apache::file_mode,
       require => [
         File[$_loadfile_name],
         Exec["mkdir ${enable_dir}"],
@@ -154,13 +120,13 @@ define apache::mod (
     # defined in the class apache::mod::module
     # Some modules do not require this file.
     if defined(File["${mod}.conf"]) {
-      file { "${mod}.conf symlink":
+      file{ "${mod}.conf symlink":
         ensure  => link,
         path    => "${enable_dir}/${mod}.conf",
         target  => "${mod_dir}/${mod}.conf",
         owner   => 'root',
-        group   => $apache::params::root_group,
-        mode    => $apache::file_mode,
+        group   => $::apache::params::root_group,
+        mode    => $::apache::file_mode,
         require => [
           File["${mod}.conf"],
           Exec["mkdir ${enable_dir}"],
@@ -170,14 +136,14 @@ define apache::mod (
       }
     }
   } elsif $::osfamily == 'Suse' {
-    $enable_dir = $apache::mod_enable_dir
-    file { "${_loadfile_name} symlink":
+    $enable_dir = $::apache::mod_enable_dir
+    file{ "${_loadfile_name} symlink":
       ensure  => link,
       path    => "${enable_dir}/${_loadfile_name}",
       target  => "${mod_dir}/${_loadfile_name}",
       owner   => 'root',
-      group   => $apache::params::root_group,
-      mode    => $apache::file_mode,
+      group   => $::apache::params::root_group,
+      mode    => $::apache::file_mode,
       require => [
         File[$_loadfile_name],
         Exec["mkdir ${enable_dir}"],
@@ -189,13 +155,13 @@ define apache::mod (
     # defined in the class apache::mod::module
     # Some modules do not require this file.
     if defined(File["${mod}.conf"]) {
-      file { "${mod}.conf symlink":
+      file{ "${mod}.conf symlink":
         ensure  => link,
         path    => "${enable_dir}/${mod}.conf",
         target  => "${mod_dir}/${mod}.conf",
         owner   => 'root',
-        group   => $apache::params::root_group,
-        mode    => $apache::file_mode,
+        group   => $::apache::params::root_group,
+        mode    => $::apache::file_mode,
         require => [
           File["${mod}.conf"],
           Exec["mkdir ${enable_dir}"],
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/actions.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/actions.pp
index c9b7d15d6..3b60f297f 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/actions.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/actions.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs Apache mod_actions
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_actions.html for additional documentation.
-#
 class apache::mod::actions {
   apache::mod { 'actions': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/alias.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/alias.pp
index 58ab0bdf8..4eb42ac97 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/alias.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/alias.pp
@@ -1,33 +1,10 @@
-# @summary
-#   Installs and configures `mod_alias`.
-# 
-# @param apache_version
-#   The version of Apache, if not set will be retrieved from the init class.
-# 
-# @param icons_options
-#   Disables directory listings for the icons directory, via Apache [Options](https://httpd.apache.org/docs/current/mod/core.html#options)
-#   directive.
-# 
-# @param icons_path
-#   Sets the local path for an /icons/ Alias. Default depends on operating system:
-#   - Debian: /usr/share/apache2/icons
-#   - FreeBSD: /usr/local/www/apache24/icons
-#   - Gentoo: /var/www/icons
-#   - Red Hat: /var/www/icons, except on Apache 2.4, where it's /usr/share/httpd/icons
-# 
-# @param icons_path
-#   Change the alias for /icons/.
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_alias.html for additional documentation.
-#
-class apache::mod::alias (
+class apache::mod::alias(
   $apache_version = undef,
   $icons_options  = 'Indexes MultiViews',
   # set icons_path to false to disable the alias
-  $icons_path     = $apache::params::alias_icons_path,
-  $icons_prefix   = $apache::params::icons_prefix
+  $icons_path     = $::apache::params::alias_icons_path,
 ) inherits ::apache::params {
-  include apache
+  include ::apache
   $_apache_version = pick($apache_version, $apache::apache_version)
   apache::mod { 'alias': }
 
@@ -35,11 +12,11 @@ class apache::mod::alias (
   if $icons_path {
     file { 'alias.conf':
       ensure  => file,
-      path    => "${apache::mod_dir}/alias.conf",
-      mode    => $apache::file_mode,
+      path    => "${::apache::mod_dir}/alias.conf",
+      mode    => $::apache::file_mode,
       content => template('apache/mod/alias.conf.erb'),
-      require => Exec["mkdir ${apache::mod_dir}"],
-      before  => File[$apache::mod_dir],
+      require => Exec["mkdir ${::apache::mod_dir}"],
+      before  => File[$::apache::mod_dir],
       notify  => Class['apache::service'],
     }
   }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_basic.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_basic.pp
index cb2d1313c..cacfafa4d 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_basic.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_basic.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_auth_basic`
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_auth_basic.html for additional documentation.
-#
 class apache::mod::auth_basic {
   ::apache::mod { 'auth_basic': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_cas.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_cas.pp
index 51e7d2c08..00de62242 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_cas.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_cas.pp
@@ -1,90 +1,7 @@
-# @summary
-#   Installs and configures `mod_auth_cas`.
-# 
-# @param cas_login_url
-#   Sets the URL to which the module redirects users when they attempt to access a 
-#   CAS-protected resource and don't have an active session.
-# 
-# @param cas_validate_url
-#   Sets the URL to use when validating a client-presented ticket in an HTTP query string.
-# 
-# @param cas_cookie_path
-#   Sets the location where information on the current session should be stored. This should
-#   be writable by the web server only.
-# 
-# @param cas_cookie_path_mode
-#   The mode of cas_cookie_path.
-#
-# @param cas_version
-#   The version of the CAS protocol to adhere to.
-# 
-# @param cas_debug
-#   Whether to enable or disable debug mode.
-# 
-# @param cas_validate_server
-#   Whether to validate the presented certificate. This has been deprecated and
-#   removed from Version 1.1-RC1 onward.
-# 
-# @param cas_validatedepth
-#   The maximum depth for chained certificate validation.
-# 
-# @param cas_proxy_validate_url
-#   The URL to use when performing a proxy validation.
-# 
-# @param cas_root_proxied_as
-#   Sets the URL end users see when access to this Apache server is proxied per vhost. 
-#   This URL should not include a trailing slash.
-# 
-# @param cas_cookie_entropy
-#   When creating a local session, this many random bytes are used to create a unique 
-#   session identifier.
-# 
-# @param cas_timeout
-#   The hard limit, in seconds, for a mod_auth_cas session.
-# 
-# @param cas_idle_timeout
-#   The limit, in seconds, of how long a mod_auth_cas session can be idle.
-# 
-# @param cas_cache_clean_interval
-#   The minimum amount of time that must pass inbetween cache cleanings.
-# 
-# @param cas_cookie_domain
-#   The value for the 'Domain=' parameter in the Set-Cookie header.
-# 
-# @param cas_cookie_http_only
-#   Setting this flag prevents the mod_auth_cas cookies from being accessed by 
-#   client side Javascript.
-# 
-# @param cas_authoritative
-#   Determines whether an optional authorization directive is authoritative and thus binding.
-# 
-# @param cas_validate_saml
-#   Parse response from CAS server for SAML.
-# 
-# @param cas_sso_enabled
-#   Enables experimental support for single sign out (may mangle POST data).
-# 
-# @param cas_attribute_prefix
-#   Adds a header with the value of this header being the attribute values when SAML 
-#   validation is enabled.
-# 
-# @param cas_attribute_delimiter
-#   Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
-# 
-# @param cas_scrub_request_headers
-#   Remove inbound request headers that may have special meaning within mod_auth_cas.
-# 
-# @param suppress_warning
-#   Suppress warning about being on RedHat (mod_auth_cas package is now available in epel-testing repo).
-#
-# @note The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL.
-#
-# @see https://github.com/apereo/mod_auth_cas for additional documentation.
-#
 class apache::mod::auth_cas (
   String $cas_login_url,
   String $cas_validate_url,
-  String $cas_cookie_path    = $apache::params::cas_cookie_path,
+  String $cas_cookie_path    = $::apache::params::cas_cookie_path,
   $cas_cookie_path_mode      = '0750',
   $cas_version               = 2,
   $cas_debug                 = 'Off',
@@ -107,11 +24,12 @@ class apache::mod::auth_cas (
   $cas_scrub_request_headers = undef,
   $suppress_warning          = false,
 ) inherits ::apache::params {
+
   if $::osfamily == 'RedHat' and ! $suppress_warning {
     warning('RedHat distributions do not have Apache mod_auth_cas in their default package repositories.')
   }
 
-  include apache
+  include ::apache
   ::apache::mod { 'auth_cas': }
 
   file { $cas_cookie_path:
@@ -126,11 +44,12 @@ class apache::mod::auth_cas (
   # - All variables beginning with cas_
   file { 'auth_cas.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/auth_cas.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/auth_cas.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/auth_cas.conf.erb'),
-    require => [Exec["mkdir ${apache::mod_dir}"],],
-    before  => File[$apache::mod_dir],
+    require => [ Exec["mkdir ${::apache::mod_dir}"], ],
+    before  => File[$::apache::mod_dir],
     notify  => Class['Apache::Service'],
   }
+
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_kerb.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_kerb.pp
index 093c26d22..4b4887fe8 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_kerb.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_kerb.pp
@@ -1,9 +1,7 @@
-# @summary
-#   Installs `mod_auth_kerb`
-#
-# @see http://modauthkerb.sourceforge.net for additional documentation.
 class apache::mod::auth_kerb {
-  include apache
-  include apache::mod::authn_core
+  include ::apache
+  include ::apache::mod::authn_core
   ::apache::mod { 'auth_kerb': }
 }
+
+
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_mellon.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_mellon.pp
index d585aed64..5dbb6b577 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_mellon.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/auth_mellon.pp
@@ -1,50 +1,26 @@
-# @summary
-#   Installs and configures `mod_auth_mellon`.
-# 
-# @param mellon_cache_size
-#   Maximum number of sessions which can be active at once.
-# 
-# @param mellon_lock_file
-#   Full path to a file used for synchronizing access to the session data.
-# 
-# @param mellon_post_directory
-#   Full path of a directory where POST requests are saved during authentication.
-# 
-# @param mellon_cache_entry_size
-#   Maximum size for a single session entry in bytes.
-# 
-# @param mellon_post_ttl
-#   Delay in seconds before a saved POST request can be flushed.
-# 
-# @param mellon_post_size
-#   Maximum size for saved POST requests.
-# 
-# @param mellon_post_count
-#   Maximum amount of saved POST requests.
-# 
-# @see https://github.com/Uninett/mod_auth_mellon for additional documentation.
-#
 class apache::mod::auth_mellon (
-  $mellon_cache_size = $apache::params::mellon_cache_size,
-  $mellon_lock_file  = $apache::params::mellon_lock_file,
-  $mellon_post_directory = $apache::params::mellon_post_directory,
+  $mellon_cache_size = $::apache::params::mellon_cache_size,
+  $mellon_lock_file  = $::apache::params::mellon_lock_file,
+  $mellon_post_directory = $::apache::params::mellon_post_directory,
   $mellon_cache_entry_size = undef,
   $mellon_post_ttl = undef,
   $mellon_post_size = undef,
   $mellon_post_count = undef
 ) inherits ::apache::params {
-  include apache
+
+  include ::apache
   ::apache::mod { 'auth_mellon': }
 
   # Template uses
   # - All variables beginning with mellon_
   file { 'auth_mellon.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/auth_mellon.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/auth_mellon.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/auth_mellon.conf.erb'),
-    require => [Exec["mkdir ${apache::mod_dir}"],],
-    before  => File[$apache::mod_dir],
+    require => [ Exec["mkdir ${::apache::mod_dir}"], ],
+    before  => File[$::apache::mod_dir],
     notify  => Class['Apache::Service'],
   }
+
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authn_core.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authn_core.pp
index f145982e2..c5ce5b107 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authn_core.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authn_core.pp
@@ -1,13 +1,5 @@
-# @summary
-#   Installs `mod_authn_core`.
-# 
-# @param apache_version
-#   The version of apache being run.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_authn_core.html for additional documentation.
-#
-class apache::mod::authn_core (
-  $apache_version = $apache::apache_version
+class apache::mod::authn_core(
+  $apache_version = $::apache::apache_version
 ) {
   if versioncmp($apache_version, '2.4') >= 0 {
     ::apache::mod { 'authn_core': }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authn_dbd.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authn_dbd.pp
index b5e8d2c91..be6ff3e55 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authn_dbd.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authn_dbd.pp
@@ -1,32 +1,3 @@
-# @summary
-#   Installs `mod_authn_dbd`.
-# 
-# @param authn_dbd_params
-#   The params needed for the mod to function.
-#   
-# @param authn_dbd_dbdriver
-#   Selects an apr_dbd driver by name.
-#   
-# @param authn_dbd_query
-#   
-# @param authn_dbd_min
-#   Set the minimum number of connections per process.
-#   
-# @param authn_dbd_max
-#   Set the maximum number of connections per process.
-#   
-# @param authn_dbd_keep
-#   Set the maximum number of connections per process to be sustained.
-#   
-# @param authn_dbd_exptime
-#   Set the time to keep idle connections alive when the number of 
-#   connections specified in DBDKeep has been exceeded.
-#   
-# @param authn_dbd_alias
-#   Sets an alias for `AuthnProvider.
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_authn_dbd.html for additional documentation.
-#
 class apache::mod::authn_dbd (
   $authn_dbd_params,
   $authn_dbd_dbdriver    = 'mysql',
@@ -37,23 +8,23 @@ class apache::mod::authn_dbd (
   $authn_dbd_exptime     = '300',
   $authn_dbd_alias       = undef,
 ) inherits ::apache::params {
-  include apache
-  include apache::mod::dbd
+  include ::apache
+  include ::apache::mod::dbd
   ::apache::mod { 'authn_dbd': }
 
   if $authn_dbd_alias {
-    include apache::mod::authn_core
+  include ::apache::mod::authn_core
   }
 
   # Template uses
   # - All variables beginning with authn_dbd
   file { 'authn_dbd.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/authn_dbd.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/authn_dbd.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/authn_dbd.conf.erb'),
-    require => [Exec["mkdir ${apache::mod_dir}"],],
-    before  => File[$apache::mod_dir],
+    require => [ Exec["mkdir ${::apache::mod_dir}"], ],
+    before  => File[$::apache::mod_dir],
     notify  => Class['Apache::Service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authn_file.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authn_file.pp
index 141804507..bc787244a 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authn_file.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authn_file.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_authn_file`.
-# 
-# @see https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html for additional documentation.
-#
 class apache::mod::authn_file {
   ::apache::mod { 'authn_file': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authnz_ldap.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authnz_ldap.pp
index 3f194d736..cc9ab67f0 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authnz_ldap.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authnz_ldap.pp
@@ -1,20 +1,11 @@
-# @summary
-#   Installs `mod_authnz_ldap`.
-# 
-# @param verify_server_cert
-#   Whether to force te verification of a server cert or not.
-# 
-# @param package_name
-#   The name of the ldap package.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html for additional documentation.
-# @note Unsupported platforms: RedHat: 6, 8; CentOS: 6, 8; OracleLinux: 6, 8; Ubuntu: all; Debian: all; SLES: all
+# lint:ignore:variable_is_lowercase required for compatibility
 class apache::mod::authnz_ldap (
   Boolean $verify_server_cert = true,
   $package_name               = undef,
 ) {
-  include apache
-  include 'apache::mod::ldap'
+
+  include ::apache
+  include '::apache::mod::ldap'
   ::apache::mod { 'authnz_ldap':
     package => $package_name,
   }
@@ -23,11 +14,12 @@ class apache::mod::authnz_ldap (
   # - $verify_server_cert
   file { 'authnz_ldap.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/authnz_ldap.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/authnz_ldap.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/authnz_ldap.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
+# lint:endignore
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authnz_pam.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authnz_pam.pp
index 35ddb779e..c2672126d 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authnz_pam.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authnz_pam.pp
@@ -1,9 +1,4 @@
-# @summary
-#   Installs `mod_authnz_pam`.
-# 
-# @see https://www.adelton.com/apache/mod_authnz_pam for additional documentation.
-#
 class apache::mod::authnz_pam {
-  include apache
+  include ::apache
   ::apache::mod { 'authnz_pam': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authz_default.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authz_default.pp
index 540d086ab..e457774ae 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authz_default.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authz_default.pp
@@ -1,13 +1,5 @@
-# @summary
-#   Installs and configures `mod_authz_default`.
-# 
-# @param apache_version
-#   Version of Apache to install module on.
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_authz_default.html for additional documentation.
-#
-class apache::mod::authz_default (
-  $apache_version = $apache::apache_version
+class apache::mod::authz_default(
+    $apache_version = $::apache::apache_version
 ) {
   if versioncmp($apache_version, '2.4') >= 0 {
     warning('apache::mod::authz_default has been removed in Apache 2.4')
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authz_user.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authz_user.pp
index 81bdf5f31..948a3e2c9 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authz_user.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/authz_user.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_authz_user`
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_authz_user.html for additional documentation.
-#
 class apache::mod::authz_user {
   ::apache::mod { 'authz_user': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/autoindex.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/autoindex.pp
index e3215540a..67c7580e3 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/autoindex.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/autoindex.pp
@@ -1,31 +1,14 @@
-# @summary
-#   Installs `mod_autoindex`
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_autoindex.html for additional documentation.
-#
-class apache::mod::autoindex (
-  $icons_prefix   = $apache::params::icons_prefix
-) inherits ::apache::params {
-  include apache
+class apache::mod::autoindex {
+  include ::apache
   ::apache::mod { 'autoindex': }
-
-  # Determine icon filename suffix for autoindex.conf.erb
-  case $::operatingsystem {
-    'Debian', 'Ubuntu': {
-      $icon_suffix = '-20x22'
-    }
-    default: {
-      $icon_suffix = ''
-    }
-  }
-
+  # Template uses no variables
   file { 'autoindex.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/autoindex.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/autoindex.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/autoindex.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cache.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cache.pp
index a822ae9aa..4ab9f44ba 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cache.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cache.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_cache`
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_cache.html for additional documentation.
-#
 class apache::mod::cache {
   ::apache::mod { 'cache': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cgi.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cgi.pp
index c11ea7fc9..272f0ccd0 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cgi.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cgi.pp
@@ -1,19 +1,9 @@
-# @summary
-#   Installs `mod_cgi`.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_cgi.html for additional documentation.
-#
 class apache::mod::cgi {
-  include apache
   case $::osfamily {
     'FreeBSD': {}
     default: {
-      if defined(Class['::apache::mod::itk']) {
-        Class['::apache::mod::itk'] -> Class['::apache::mod::cgi']
-      } elsif defined(Class['::apache::mod::peruser']) {
-        Class['::apache::mod::peruser'] -> Class['::apache::mod::cgi']
-      } else {
-        Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi']
+      if $::apache::mpm_module =~ /^(itk|peruser|prefork)$/ {
+        Class["::apache::mod::${::apache::mpm_module}"] -> Class['::apache::mod::cgi']
       }
     }
   }
@@ -25,4 +15,5 @@ class apache::mod::cgi {
   } else {
     ::apache::mod { 'cgi': }
   }
+
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cgid.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cgid.pp
index e40af45b4..b2cb01655 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cgid.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cgid.pp
@@ -1,10 +1,5 @@
-# @summary
-#   Installs `mod_cgid`.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_cgid.html
-#
 class apache::mod::cgid {
-  include apache
+  include ::apache
   case $::osfamily {
     'FreeBSD': {}
     default: {
@@ -36,11 +31,11 @@ class apache::mod::cgid {
     # Template uses $cgisock_path
     file { 'cgid.conf':
       ensure  => file,
-      path    => "${apache::mod_dir}/cgid.conf",
-      mode    => $apache::file_mode,
+      path    => "${::apache::mod_dir}/cgid.conf",
+      mode    => $::apache::file_mode,
       content => template('apache/mod/cgid.conf.erb'),
-      require => Exec["mkdir ${apache::mod_dir}"],
-      before  => File[$apache::mod_dir],
+      require => Exec["mkdir ${::apache::mod_dir}"],
+      before  => File[$::apache::mod_dir],
       notify  => Class['apache::service'],
     }
   }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cluster.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cluster.pp
index 9b827f763..442b58352 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cluster.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/cluster.pp
@@ -1,53 +1,3 @@
-# @summary
-#   Installs `mod_cluster`.
-# 
-# @param allowed_network
-#   Balanced members network.
-# 
-# @param balancer_name
-#   Name of balancer.
-# 
-# @param ip
-#   Specifies the IP address to listen to.
-# 
-# @param version
-#   Specifies the mod_cluster version. Version 1.3.0 or greater is required for httpd 2.4.
-#
-# @param enable_mcpm_receive
-#   Whether MCPM should be enabled.
-#   
-# @param port
-#   mod_cluster listen port.
-#
-# @param keep_alive_timeout
-#   Specifies how long Apache should wait for a request, in seconds.
-# 
-# @param manager_allowed_network
-#   Whether to allow the network to access the mod_cluster_manager.
-# 
-# @param max_keep_alive_requests
-#   Maximum number of requests kept alive.
-# 
-# @param server_advertise
-#   Whether the server should advertise.
-# 
-# @param advertise_frequency
-#   Sets the interval between advertise messages in seconds.
-#
-# @example
-#   class { '::apache::mod::cluster':
-#     ip                      => '172.17.0.1',
-#     allowed_network         => '172.17.0.',
-#     balancer_name           => 'mycluster',
-#     version                 => '1.3.1'
-#   }
-#
-# @note
-#   There is no official package available for mod_cluster, so you must make it available outside of the apache module. 
-#   Binaries can be found [here](https://modcluster.io/).
-#
-# @see https://modcluster.io/ for additional documentation.
-#
 class apache::mod::cluster (
   $allowed_network,
   $balancer_name,
@@ -61,7 +11,8 @@ class apache::mod::cluster (
   $server_advertise = true,
   $advertise_frequency = undef,
 ) {
-  include apache
+
+  include ::apache
 
   ::apache::mod { 'proxy': }
   ::apache::mod { 'proxy_ajp': }
@@ -75,13 +26,14 @@ class apache::mod::cluster (
     ::apache::mod { 'slotmem': }
   }
 
-  file { 'cluster.conf':
+  file {'cluster.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/cluster.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/cluster.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/cluster.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
+
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dav.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dav.pp
index 616492705..ade9c0809 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dav.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dav.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_dav`.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_dav.html for additional documentation.
-#
 class apache::mod::dav {
   ::apache::mod { 'dav': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dav_fs.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dav_fs.pp
index 20fd5c015..60127e3f6 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dav_fs.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dav_fs.pp
@@ -1,10 +1,5 @@
-# @summary
-#   Installs `mod_dav_fs`.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_dav_fs.html for additional documentation.
-#
 class apache::mod::dav_fs {
-  include apache
+  include ::apache
   $dav_lock = $::osfamily ? {
     'debian'  => "\${APACHE_LOCK_DIR}/DAVLock",
     'freebsd' => '/usr/local/var/DavLock',
@@ -17,11 +12,11 @@ class apache::mod::dav_fs {
   # Template uses: $dav_lock
   file { 'dav_fs.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/dav_fs.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/dav_fs.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/dav_fs.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dav_svn.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dav_svn.pp
index 4c04d1b35..35d5417b5 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dav_svn.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dav_svn.pp
@@ -1,18 +1,10 @@
-# @summary
-#   Installs and configures `mod_dav_svn`.
-# 
-# @param authz_svn_enabled
-#   Specifies whether to install Apache mod_authz_svn
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_dav_svn.html for additional documentation.
-#
 class apache::mod::dav_svn (
   $authz_svn_enabled = false,
 ) {
   Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn']
-  include apache
-  include apache::mod::dav
-  if($::operatingsystem == 'SLES' and versioncmp($::operatingsystemmajrelease, '12') < 0) {
+  include ::apache
+  include ::apache::mod::dav
+  if($::operatingsystem == 'SLES' and $::operatingsystemmajrelease < '12'){
     package { 'subversion-server':
       ensure   => 'installed',
       provider => 'zypper',
@@ -21,11 +13,15 @@ class apache::mod::dav_svn (
 
   ::apache::mod { 'dav_svn': }
 
+  if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04' and $::operatingsystemrelease != '10.04' and $::operatingsystemmajrelease != '16.04') {
+    $loadfile_name = undef
+  } else {
+    $loadfile_name = 'dav_svn_authz_svn.load'
+  }
+
   if $authz_svn_enabled {
     ::apache::mod { 'authz_svn':
-      # authz_svn depends on symbols from the dav_svn module,
-      # therefore, make sure authz_svn is loaded after dav_svn.
-      loadfile_name => 'dav_svn_authz_svn.load',
+      loadfile_name => $loadfile_name,
       require       => Apache::Mod['dav_svn'],
     }
   }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dbd.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dbd.pp
index cdc9cdf6f..547acc77d 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dbd.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dbd.pp
@@ -1,11 +1,3 @@
-# @summary
-#   Installs `mod_dbd`.
-# 
-# @param apache_version
-#   Used to verify that the Apache version you have requested is compatible with the module.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_dbd.html for additional documentation.
-#
 class apache::mod::dbd {
   ::apache::mod { 'dbd': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/deflate.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/deflate.pp
index 777c2f888..70ac5be12 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/deflate.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/deflate.pp
@@ -1,14 +1,3 @@
-# @summary
-#   Installs and configures `mod_deflate`.
-# 
-# @param types
-#   An array of MIME types to be deflated. See https://www.iana.org/assignments/media-types/media-types.xhtml.
-#
-# @param notes
-#   A Hash where the key represents the type and the value represents the note name.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_deflate.html for additional documentation.
-#
 class apache::mod::deflate (
   $types = [
     'text/html text/plain text/xml',
@@ -23,16 +12,16 @@ class apache::mod::deflate (
     'Ratio'  => 'ratio',
   }
 ) {
-  include apache
+  include ::apache
   ::apache::mod { 'deflate': }
 
   file { 'deflate.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/deflate.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/deflate.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/deflate.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dev.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dev.pp
index 4039ff1fd..5abdedd36 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dev.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dev.pp
@@ -1,11 +1,5 @@
-# @summary
-#   Installs `mod_dev`.
-#
-# @note
-#   This module is deprecated. Please use `apache::dev`.
-#
 class apache::mod::dev {
   # Development packages are not apache modules
   warning('apache::mod::dev is deprecated; please use apache::dev')
-  include apache::dev
+  include ::apache::dev
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dir.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dir.pp
index 86f97a070..3c994d3e1 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dir.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dir.pp
@@ -1,34 +1,23 @@
-# @summary
-#   Installs and configures `mod_dir`.
-# 
-# @param types
-#   Specifies the text-based content types to compress.
-#
-# @param indexes
-#   Provides a string for the DirectoryIndex directive
-# 
-# @todo
-#   This sets the global DirectoryIndex directive, so it may be necessary to consider being able to modify the apache::vhost to declare 
-#   DirectoryIndex statements in a vhost configuration
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_dir.html for additional documentation.
-#
+# Note: this sets the global DirectoryIndex directive, it may be necessary to consider being able to modify the apache::vhost to declare DirectoryIndex statements in a vhost configuration
+# Parameters:
+# - $indexes provides a string for the DirectoryIndex directive http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex
 class apache::mod::dir (
   $dir                   = 'public_html',
   Array[String] $indexes = ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'],
 ) {
-  include apache
+
+  include ::apache
   ::apache::mod { 'dir': }
 
   # Template uses
   # - $indexes
   file { 'dir.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/dir.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/dir.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/dir.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/disk_cache.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/disk_cache.pp
index cb82b7b6b..7cd72701e 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/disk_cache.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/disk_cache.pp
@@ -1,37 +1,11 @@
-# @summary
-#   Installs and configures `mod_disk_cache`.
-# 
-# @param cache_root
-#   Defines the name of the directory on the disk to contain cache files.
-#   Default depends on the Apache version and operating system:
-#   - Debian: /var/cache/apache2/mod_cache_disk
-#   - FreeBSD: /var/cache/mod_cache_disk
-#   - Red Hat, Apache 2.4: /var/cache/httpd/proxy
-#   - Red Hat, Apache 2.2: /var/cache/mod_proxy
-#
-# @param cache_ignore_headers
-#   Specifies HTTP header(s) that should not be stored in the cache.
-#
-# @param default_cache_enable
-#   Default value is true, which enables "CacheEnable disk /" in disk_cache.conf for the webserver. This would cache
-#   every request to apache by default for every vhost. If set to false the default cache all behaviour is supressed.
-#   You can then control this behaviour in individual vhosts by explicitly defining CacheEnable.
-#
-# @note
-#   Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed.
-#
-# @see https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html for additional documentation.
-#
 class apache::mod::disk_cache (
-  $cache_root           = undef,
-  $cache_ignore_headers = undef,
-  Boolean $default_cache_enable = true,
+  $cache_root = undef,
 ) {
-  include apache
+  include ::apache
   if $cache_root {
     $_cache_root = $cache_root
   }
-  elsif versioncmp($apache::apache_version, '2.4') >= 0 {
+  elsif versioncmp($::apache::apache_version, '2.4') >= 0 {
     $_cache_root = $::osfamily ? {
       'debian'  => '/var/cache/apache2/mod_cache_disk',
       'redhat'  => '/var/cache/httpd/proxy',
@@ -46,7 +20,7 @@ class apache::mod::disk_cache (
     }
   }
 
-  if versioncmp($apache::apache_version, '2.4') >= 0 {
+  if versioncmp($::apache::apache_version, '2.4') >= 0 {
     apache::mod { 'cache_disk': }
   }
   else {
@@ -58,11 +32,11 @@ class apache::mod::disk_cache (
   # Template uses $_cache_root
   file { 'disk_cache.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/disk_cache.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/disk_cache.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/disk_cache.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dumpio.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dumpio.pp
index df892a919..c79f6da38 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dumpio.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/dumpio.pp
@@ -1,38 +1,18 @@
-# @summary
-#   Installs and configures `mod_dumpio`.
-# 
-# @param dump_io_input
-#   Dump all input data to the error log
-#
-# @param dump_io_output
-#   Dump all output data to the error log
-#
-# @example
-#   class{'apache':
-#     default_mods => false,
-#     log_level    => 'dumpio:trace7',
-#   }
-#   class{'apache::mod::dumpio':
-#     dump_io_input  => 'On',
-#     dump_io_output => 'Off',
-#   }
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_dumpio.html for additional documentation.
-#
-class apache::mod::dumpio (
+class apache::mod::dumpio(
   Enum['Off', 'On', 'off', 'on'] $dump_io_input  = 'Off',
   Enum['Off', 'On', 'off', 'on'] $dump_io_output = 'Off',
 ) {
-  include apache
+  include ::apache
 
   ::apache::mod { 'dumpio': }
-  file { 'dumpio.conf':
+  file{'dumpio.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/dumpio.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/dumpio.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/dumpio.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
+
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/env.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/env.pp
index 2ca17a5e7..b973005f4 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/env.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/env.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_env`.
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_env.html for additional documentation.
-#
 class apache::mod::env {
   ::apache::mod { 'env': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/event.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/event.pp
index 402a8530e..a87395916 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/event.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/event.pp
@@ -1,51 +1,3 @@
-# @summary
-#   Installs and configures `mod_event`.
-# 
-# @param startservers
-#   Sets the number of child server processes created at startup, via the module's `StartServers` directive. Setting this to `false` 
-#   removes the parameter.
-#
-# @param maxclients
-#   Apache 2.3.12 or older alias for the `MaxRequestWorkers` directive.
-#
-# @param maxrequestworkers
-#   Sets the maximum number of connections Apache can simultaneously process, via the module's `MaxRequestWorkers` directive. Setting 
-#   these to `false` removes the parameters.
-#
-# @param minsparethreads
-#   Sets the minimum number of idle threads, via the `MinSpareThreads` directive. Setting this to `false` removes the parameters.
-#
-# @param maxsparethreads
-#   Sets the maximum number of idle threads, via the `MaxSpareThreads` directive. Setting this to `false` removes the parameters.
-#
-# @param threadsperchild
-#   Number of threads created by each child process.
-#
-# @param maxrequestsperchild
-#   Apache 2.3.8 or older alias for the `MaxConnectionsPerChild` directive.
-#
-# @param maxconnectionsperchild
-#   Limit on the number of connections that an individual child server will handle during its life.
-#
-# @param serverlimit
-#   Limits the configurable number of processes via the `ServerLimit` directive. Setting this to `false` removes the parameter.
-#
-# @param apache_version
-#   Version of Apache to install module on.
-#
-# @param threadlimit
-#    Limits the number of event threads via the module's `ThreadLimit` directive. Setting this to `false` removes the parameter.
-#
-# @param listenbacklog
-#   Sets the maximum length of the pending connections queue via the module's `ListenBackLog` directive. Setting this to `false` removes 
-#   the parameter.
-#
-# @note
-#   You cannot include apache::mod::event with apache::mod::itk, apache::mod::peruser, apache::mod::prefork, or 
-#   apache::mod::worker on the same server.
-#
-# @see https://httpd.apache.org/docs/current/mod/event.html for additional documentation.
-# @note Unsupported platforms: SLES: all
 class apache::mod::event (
   $startservers           = '2',
   $maxclients             = '150',
@@ -60,7 +12,7 @@ class apache::mod::event (
   $threadlimit            = '64',
   $listenbacklog          = '511',
 ) {
-  include apache
+  include ::apache
 
   $_apache_version = pick($apache_version, $apache::apache_version)
 
@@ -78,8 +30,8 @@ class apache::mod::event (
   }
   File {
     owner => 'root',
-    group => $apache::params::root_group,
-    mode  => $apache::file_mode,
+    group => $::apache::params::root_group,
+    mode  => $::apache::file_mode,
   }
 
   # Template uses:
@@ -90,25 +42,25 @@ class apache::mod::event (
   # - $threadsperchild
   # - $maxrequestsperchild
   # - $serverlimit
-  file { "${apache::mod_dir}/event.conf":
+  file { "${::apache::mod_dir}/event.conf":
     ensure  => file,
-    mode    => $apache::file_mode,
+    mode    => $::apache::file_mode,
     content => template('apache/mod/event.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 
   case $::osfamily {
     'redhat': {
       if versioncmp($_apache_version, '2.4') >= 0 {
-        apache::mpm { 'event':
+        apache::mpm{ 'event':
           apache_version => $_apache_version,
         }
       }
     }
     'debian','freebsd' : {
-      apache::mpm { 'event':
+      apache::mpm{ 'event':
         apache_version => $_apache_version,
       }
     }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/expires.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/expires.pp
index 7a5bfddea..07ec82e27 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/expires.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/expires.pp
@@ -1,25 +1,9 @@
-# @summary
-#   Installs and configures `mod_expires`.
-# 
-# @param expires_active
-#   Enables generation of Expires headers.
-#
-# @param expires_default
-#   Specifies the default algorithm for calculating expiration time using ExpiresByType syntax or interval syntax.
-#
-# @param expires_by_type
-#   Describes a set of [MIME content-types](https://www.iana.org/assignments/media-types/media-types.xhtml) and their expiration
-#   times. This should be used as an array of Hashes, with each Hash's key a valid MIME content-type (i.e. 'text/json') and its 
-#   value following valid interval syntax.
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_expires.html for additional documentation.
-#
 class apache::mod::expires (
   $expires_active  = true,
   $expires_default = undef,
   $expires_by_type = undef,
 ) {
-  include apache
+  include ::apache
   ::apache::mod { 'expires': }
 
   # Template uses
@@ -28,11 +12,11 @@ class apache::mod::expires (
   # $expires_by_type
   file { 'expires.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/expires.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/expires.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/expires.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/ext_filter.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/ext_filter.pp
index d2a3d635e..11550320c 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/ext_filter.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/ext_filter.pp
@@ -1,23 +1,7 @@
-# @summary
-#   Installs and configures `mod_ext_filter`.
-# 
-# @param ext_filter_define
-#   Hash of filter names and their parameters.
-#
-# @example
-#   class { 'apache::mod::ext_filter':
-#     ext_filter_define => {
-#       'slowdown'       => 'mode=output cmd=/bin/cat preservescontentlength',
-#       'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"',
-#     },
-#   }
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_ext_filter.html for additional documentation.
-#
-class apache::mod::ext_filter (
+class apache::mod::ext_filter(
   Optional[Hash] $ext_filter_define = undef
 ) {
-  include apache
+  include ::apache
 
   ::apache::mod { 'ext_filter': }
 
@@ -27,11 +11,11 @@ class apache::mod::ext_filter (
   if $ext_filter_define {
     file { 'ext_filter.conf':
       ensure  => file,
-      path    => "${apache::mod_dir}/ext_filter.conf",
-      mode    => $apache::file_mode,
+      path    => "${::apache::mod_dir}/ext_filter.conf",
+      mode    => $::apache::file_mode,
       content => template('apache/mod/ext_filter.conf.erb'),
-      require => [Exec["mkdir ${apache::mod_dir}"],],
-      before  => File[$apache::mod_dir],
+      require => [ Exec["mkdir ${::apache::mod_dir}"], ],
+      before  => File[$::apache::mod_dir],
       notify  => Class['Apache::Service'],
     }
   }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/fastcgi.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/fastcgi.pp
index a3445c917..543a32233 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/fastcgi.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/fastcgi.pp
@@ -1,19 +1,9 @@
-# @summary
-#   Installs `mod_fastcgi`.
-# 
-# @see https://github.com/FastCGI-Archives/mod_fastcgi for additional documentation.
-#
 class apache::mod::fastcgi {
-  include apache
-  if ($::osfamily == 'Redhat' and versioncmp($::operatingsystemmajrelease, '7') >= 0) {
-    fail('mod_fastcgi is no longer supported on el7 and above.')
-  }
-  if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '18.04') >= 0) {
-    fail('mod_fastcgi is no longer supported on Ubuntu 18.04 and above. Please use mod_proxy_fcgi')
-  }
+  include ::apache
+
   # Debian specifies it's fastcgi lib path, but RedHat uses the default value
   # with no config file
-  $fastcgi_lib_path = $apache::params::fastcgi_lib_path
+  $fastcgi_lib_path = $::apache::params::fastcgi_lib_path
 
   ::apache::mod { 'fastcgi': }
 
@@ -24,12 +14,13 @@ class apache::mod::fastcgi {
     # - $fastcgi_dir
     file { 'fastcgi.conf':
       ensure  => file,
-      path    => "${apache::mod_dir}/fastcgi.conf",
-      mode    => $apache::file_mode,
+      path    => "${::apache::mod_dir}/fastcgi.conf",
+      mode    => $::apache::file_mode,
       content => template('apache/mod/fastcgi.conf.erb'),
-      require => Exec["mkdir ${apache::mod_dir}"],
-      before  => File[$apache::mod_dir],
+      require => Exec["mkdir ${::apache::mod_dir}"],
+      before  => File[$::apache::mod_dir],
       notify  => Class['apache::service'],
     }
   }
+
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/fcgid.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/fcgid.pp
index 14aa141d9..0e99a9b79 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/fcgid.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/fcgid.pp
@@ -1,45 +1,8 @@
-# @summary
-#   Installs and configures `mod_fcgid`.
-# 
-# @param expires_active
-#   Enables generation of Expires headers.
-#
-# @param expires_default
-#   Default algorithm for calculating expiration time.
-#
-# @param expires_by_type
-#   Value of the Expires header configured by MIME type.
-#
-# @example The class does not individually parameterize all available options. Instead, configure mod_fcgid using the options hash. 
-#   class { 'apache::mod::fcgid':
-#     options => {
-#       'FcgidIPCDir'  => '/var/run/fcgidsock',
-#       'SharememPath' => '/var/run/fcgid_shm',
-#       'AddHandler'   => 'fcgid-script .fcgi',
-#     },
-#   }
-#
-# @example If you include apache::mod::fcgid, you can set the [FcgidWrapper][] per directory, per virtual host. The module must be 
-# loaded first; Puppet will not automatically enable it if you set the fcgiwrapper parameter in apache::vhost.
-#   include apache::mod::fcgid
-#   
-#   apache::vhost { 'example.org':
-#     docroot     => '/var/www/html',
-#     directories => {
-#       path        => '/var/www/html',
-#       fcgiwrapper => {
-#         command => '/usr/local/bin/fcgiwrapper',
-#       }
-#     },
-#   }
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_fcgid.html for additional documentation.
-#
-class apache::mod::fcgid (
+class apache::mod::fcgid(
   $options = {},
 ) {
-  include apache
-  if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease >= '7') or $::osfamily == 'FreeBSD' {
+  include ::apache
+  if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7') or $::osfamily == 'FreeBSD' {
     $loadfile_name = 'unixd_fcgid.load'
     $conf_name = 'unixd_fcgid.conf'
   } else {
@@ -55,11 +18,11 @@ class apache::mod::fcgid (
   # - $options
   file { $conf_name:
     ensure  => file,
-    path    => "${apache::mod_dir}/${conf_name}",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/${conf_name}",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/fcgid.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/filter.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/filter.pp
index 5cee27718..26dc488b3 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/filter.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/filter.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_filter`.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_filter.html for additional documentation.
-#
 class apache::mod::filter {
   ::apache::mod { 'filter': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/geoip.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/geoip.pp
index b77ea05c6..66ae887de 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/geoip.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/geoip.pp
@@ -1,32 +1,3 @@
-# @summary
-#   Installs and configures `mod_geoip`.
-# 
-# @param enable
-#   Toggles whether to enable geoip.
-#
-# @param db_file
-#   Path to database for GeoIP to use.
-# 
-# @param flag
-#   Caching directive to use. Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'.
-# 
-# @param output
-#   Output variable locations. Values: 'All', 'Env', 'Request', 'Notes'.
-# 
-# @param enable_utf8
-#   Changes the output from ISO88591 (Latin1) to UTF8.
-# 
-# @param scan_proxy_headers
-#   Enables the GeoIPScanProxyHeaders option.
-# 
-# @param scan_proxy_headers_field
-#   Specifies the header mod_geoip uses to determine the client's IP address.
-# 
-# @param use_last_xforwarededfor_ip
-#   Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found.
-# 
-# @see https://dev.maxmind.com/geoip/legacy/mod_geoip2 for additional documentation.
-#
 class apache::mod::geoip (
   $enable                     = false,
   $db_file                    = '/usr/share/GeoIP/GeoIP.dat',
@@ -37,7 +8,7 @@ class apache::mod::geoip (
   $scan_proxy_header_field    = undef,
   $use_last_xforwarededfor_ip = undef,
 ) {
-  include apache
+  include ::apache
   ::apache::mod { 'geoip': }
 
   # Template uses:
@@ -51,11 +22,12 @@ class apache::mod::geoip (
   # - use_last_xforwarededfor_ip
   file { 'geoip.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/geoip.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/geoip.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/geoip.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
+
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/headers.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/headers.pp
index a86dbf76a..d18c5e279 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/headers.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/headers.pp
@@ -1,11 +1,3 @@
-# @summary
-#   Installs and configures `mod_headers`.
-# 
-# @param apache_version
-#   Version of Apache to install module on.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_headers.html for additional documentation.
-#
 class apache::mod::headers {
   ::apache::mod { 'headers': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/include.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/include.pp
index af9675a95..edbe81f32 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/include.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/include.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_include`.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_include.html for additional documentation.
-#
 class apache::mod::include {
   ::apache::mod { 'include': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/info.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/info.pp
index baf20cb32..c6f1355e5 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/info.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/info.pp
@@ -1,32 +1,14 @@
-# @summary
-#   Installs and configures `mod_info`.
-# 
-# @param allow_from
-#   Allowlist of IPv4 or IPv6 addresses or ranges that can access the info path.
-# 
-# @param apache_version
-#   Version of Apache to install module on.
-# 
-# @param restrict_access
-#   Toggles whether to restrict access to info path. If `false`, the `allow_from` allowlist is ignored and any IP address can
-#   access the info path.
-# 
-# @param info_path
-#   Path on server to file containing server configuration information.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_info.html for additional documentation.
-#
 class apache::mod::info (
   $allow_from      = ['127.0.0.1','::1'],
   $apache_version  = undef,
   $restrict_access = true,
   $info_path       = '/server-info',
-) {
-  include apache
+){
+  include ::apache
   $_apache_version = pick($apache_version, $apache::apache_version)
 
   if $::osfamily == 'Suse' {
-    if defined(Class['::apache::mod::worker']) {
+    if defined(Class['::apache::mod::worker']){
       $suse_path = '/usr/lib64/apache2-worker'
     } else {
       $suse_path = '/usr/lib64/apache2-prefork'
@@ -41,11 +23,11 @@ class apache::mod::info (
   # Template uses $allow_from, $_apache_version
   file { 'info.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/info.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/info.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/info.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/intercept_form_submit.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/intercept_form_submit.pp
index f6ccf653b..39f1f5e07 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/intercept_form_submit.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/intercept_form_submit.pp
@@ -1,9 +1,4 @@
-# @summary
-#   Installs `mod_intercept_form_submit`.
-# 
-# @see https://www.adelton.com/apache/mod_intercept_form_submit for additional documentation.
-#
 class apache::mod::intercept_form_submit {
-  include apache
+  include ::apache
   ::apache::mod { 'intercept_form_submit': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/itk.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/itk.pp
index 2f44b01a8..8ceb56d2b 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/itk.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/itk.pp
@@ -1,34 +1,3 @@
-# @summary
-#   Installs MPM `mod_itk`.
-# 
-# @param startservers
-#   Number of child server processes created on startup.
-#
-# @param minspareservers
-#   Minimum number of idle child server processes.
-#
-# @param maxspareservers
-#   Maximum number of idle child server processes.
-#
-# @param serverlimit
-#   Maximum configured value for `MaxRequestWorkers` for the lifetime of the Apache httpd process.
-#
-# @param maxclients
-#   Limit on the number of simultaneous requests that will be served.
-#
-# @param maxrequestsperchild
-#   Limit on the number of connections that an individual child server process will handle.
-#
-# @param enablecapabilities
-#   Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra
-#   capabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor 
-#   capabilities, such as NFS.
-#
-# @param apache_version
-#   Used to verify that the Apache version you have requested is compatible with the module.
-# 
-# @see http://mpm-itk.sesse.net for additional documentation.
-# @note Unsupported platforms: CentOS: 8; RedHat: 8; SLES: all
 class apache::mod::itk (
   $startservers        = '8',
   $minspareservers     = '5',
@@ -36,10 +5,9 @@ class apache::mod::itk (
   $serverlimit         = '256',
   $maxclients          = '256',
   $maxrequestsperchild = '4000',
-  $enablecapabilities  = undef,
   $apache_version      = undef,
 ) {
-  include apache
+  include ::apache
 
   $_apache_version = pick($apache_version, $apache::apache_version)
 
@@ -61,7 +29,7 @@ class apache::mod::itk (
       }
     } else {
       if ! defined(Class['apache::mod::prefork']) {
-        include apache::mod::prefork
+        include ::apache::mod::prefork
       }
     }
   }
@@ -70,8 +38,8 @@ class apache::mod::itk (
   }
   File {
     owner => 'root',
-    group => $apache::params::root_group,
-    mode  => $apache::file_mode,
+    group => $::apache::params::root_group,
+    mode  => $::apache::file_mode,
   }
 
   # Template uses:
@@ -81,12 +49,12 @@ class apache::mod::itk (
   # - $serverlimit
   # - $maxclients
   # - $maxrequestsperchild
-  file { "${apache::mod_dir}/itk.conf":
+  file { "${::apache::mod_dir}/itk.conf":
     ensure  => file,
-    mode    => $apache::file_mode,
+    mode    => $::apache::file_mode,
     content => template('apache/mod/itk.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 
@@ -96,7 +64,7 @@ class apache::mod::itk (
         ensure => present,
       }
       if versioncmp($_apache_version, '2.4') >= 0 {
-        ::apache::mpm { 'itk':
+        ::apache::mpm{ 'itk':
           apache_version => $_apache_version,
         }
       }
@@ -112,7 +80,7 @@ class apache::mod::itk (
       }
     }
     'debian', 'freebsd': {
-      apache::mpm { 'itk':
+      apache::mpm{ 'itk':
         apache_version => $_apache_version,
       }
     }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/ldap.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/ldap.pp
index 9c37b09e6..3e5159222 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/ldap.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/ldap.pp
@@ -1,53 +1,3 @@
-# @summary
-#   Installs and configures `mod_ldap`.
-# 
-# @param apache_version
-#   Used to verify that the Apache version you have requested is compatible with the module.
-# 
-# @param package_name
-#   Specifies the custom package name.
-# 
-# @param ldap_trusted_global_cert_file
-#   Sets the file or database containing global trusted Certificate Authority or global client certificates.
-# 
-# @param ldap_trusted_global_cert_type
-#   Sets the certificate parameter of the global trusted Certificate Authority or global client certificates.
-# 
-# @param ldap_shared_cache_size
-#   Size in bytes of the shared-memory cache
-# 
-# @param ldap_cache_entries
-#   Maximum number of entries in the primary LDAP cache
-# 
-# @param ldap_cache_ttl
-#   Time that cached items remain valid (in seconds).
-# 
-# @param ldap_opcache_entries
-#   Number of entries used to cache LDAP compare operations
-# 
-# @param ldap_opcache_ttl
-#   Time that entries in the operation cache remain valid (in seconds).
-# 
-# @param ldap_trusted_mode
-#   Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
-#
-# @param ldap_path
-#   The server location of the ldap status page.
-#
-# @example 
-#   class { 'apache::mod::ldap':
-#     ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt',
-#     ldap_trusted_global_cert_type => 'CA_DER',
-#     ldap_trusted_mode             => 'TLS',
-#     ldap_shared_cache_size        => '500000',
-#     ldap_cache_entries            => '1024',
-#     ldap_cache_ttl                => '600',
-#     ldap_opcache_entries          => '1024',
-#     ldap_opcache_ttl              => '600',
-#   }
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_ldap.html for additional documentation.
-# @note Unsupported platforms: CentOS: 8; RedHat: 8
 class apache::mod::ldap (
   $apache_version                                  = undef,
   $package_name                                    = undef,
@@ -58,10 +8,9 @@ class apache::mod::ldap (
   $ldap_cache_ttl                                  = undef,
   $ldap_opcache_entries                            = undef,
   $ldap_opcache_ttl                                = undef,
-  $ldap_trusted_mode                               = undef,
-  String $ldap_path                                = '/ldap-status',
-) {
-  include apache
+){
+
+  include ::apache
   $_apache_version = pick($apache_version, $apache::apache_version)
   ::apache::mod { 'ldap':
     package => $package_name,
@@ -69,11 +18,11 @@ class apache::mod::ldap (
   # Template uses $_apache_version
   file { 'ldap.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/ldap.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/ldap.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/ldap.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/lookup_identity.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/lookup_identity.pp
index 3161ec329..445c60ef2 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/lookup_identity.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/lookup_identity.pp
@@ -1,9 +1,4 @@
-# @summary
-#   Installs `mod_lookup_identity`
-# 
-# @see https://www.adelton.com/apache/mod_lookup_identity for additional documentation.
-#
 class apache::mod::lookup_identity {
-  include apache
+  include ::apache
   ::apache::mod { 'lookup_identity': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/mime.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/mime.pp
index 9243ae1e1..f68693093 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/mime.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/mime.pp
@@ -1,33 +1,19 @@
-# @summary
-#   Installs and configures `mod_mime`.
-# 
-# @param mime_support_package
-#   Name of the MIME package to be installed.
-#
-# @param mime_types_config
-#   The location of the mime.types file.
-#
-# @param mime_types_additional
-#   List of additional MIME types to include.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_mime.html for additional documentation.
-#
 class apache::mod::mime (
-  $mime_support_package = $apache::params::mime_support_package,
-  $mime_types_config    = $apache::params::mime_types_config,
+  $mime_support_package = $::apache::params::mime_support_package,
+  $mime_types_config    = $::apache::params::mime_types_config,
   $mime_types_additional = undef,
 ) inherits ::apache::params {
-  include apache
+  include ::apache
   $_mime_types_additional = pick($mime_types_additional, $apache::mime_types_additional)
   apache::mod { 'mime': }
   # Template uses $_mime_types_config
   file { 'mime.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/mime.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/mime.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/mime.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
   if $mime_support_package {
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/mime_magic.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/mime_magic.pp
index 99a1ec4bb..ecc74cfdd 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/mime_magic.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/mime_magic.pp
@@ -1,25 +1,17 @@
-# @summary
-#   Installs and configures `mod_mime_magic`.
-# 
-# @param magic_file
-#   Enable MIME-type determination based on file contents using the specified magic file.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_mime_magic.html for additional documentation.
-#
 class apache::mod::mime_magic (
   $magic_file = undef,
 ) {
-  include apache
-  $_magic_file = pick($magic_file, "${apache::conf_dir}/magic")
+  include ::apache
+  $_magic_file = pick($magic_file, "${::apache::conf_dir}/magic")
   apache::mod { 'mime_magic': }
   # Template uses $magic_file
   file { 'mime_magic.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/mime_magic.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/mime_magic.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/mime_magic.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/negotiation.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/negotiation.pp
index bc018001a..c7c34b81f 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/negotiation.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/negotiation.pp
@@ -1,32 +1,27 @@
-# @summary
-#   Installs and configures `mod_negotiation`.
-# 
-# @param force_language_priority
-#   Action to take if a single acceptable document is not found.
-#
-# @param language_priority
-#   The precedence of language variants for cases where the client does not express a preference.
-# 
-# @see [https://httpd.apache.org/docs/current/mod/mod_negotiation.html for additional documentation.
-#
 class apache::mod::negotiation (
-  Variant[Array[String], String] $force_language_priority = 'Prefer Fallback',
-  Variant[Array[String], String] $language_priority = ['en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et',
-    'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn',
-    'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN',
-  'zh-TW'],
+  $force_language_priority = 'Prefer Fallback',
+  $language_priority = [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et',
+                        'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn',
+                        'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN',
+                        'zh-TW' ],
 ) {
-  include apache
+  include ::apache
+  if !is_array($force_language_priority) and !is_string($force_language_priority) {
+    fail('force_languague_priority must be a string or array of strings')
+  }
+  if !is_array($language_priority) and !is_string($language_priority) {
+    fail('force_languague_priority must be a string or array of strings')
+  }
 
   ::apache::mod { 'negotiation': }
   # Template uses no variables
   file { 'negotiation.conf':
     ensure  => file,
-    mode    => $apache::file_mode,
-    path    => "${apache::mod_dir}/negotiation.conf",
+    mode    => $::apache::file_mode,
+    path    => "${::apache::mod_dir}/negotiation.conf",
     content => template('apache/mod/negotiation.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/nss.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/nss.pp
index 4c986ff81..8814c9366 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/nss.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/nss.pp
@@ -1,32 +1,15 @@
-# @summary
-#   Installs and configures `mod_nss`.
-# 
-# @param transfer_log
-#   Path to `access.log`.
-#
-# @param error_Log
-#   Path to `error.log`
-#
-# @param passwd_file
-#   Path to file containing token passwords used for NSSPassPhraseDialog.
-#
-# @param port
-#   Sets the SSL port that should be used by mod_nss.
-# 
-# @see https://pagure.io/mod_nss for additional documentation.
-#
 class apache::mod::nss (
-  $transfer_log = "${apache::params::logroot}/access.log",
-  $error_log    = "${apache::params::logroot}/error.log",
+  $transfer_log = "${::apache::params::logroot}/access.log",
+  $error_log    = "${::apache::params::logroot}/error.log",
   $passwd_file  = undef,
   $port     = 8443,
 ) {
-  include apache
-  include apache::mod::mime
+  include ::apache
+  include ::apache::mod::mime
 
   apache::mod { 'nss': }
 
-  $httpd_dir = $apache::httpd_dir
+  $httpd_dir = $::apache::httpd_dir
 
   # Template uses:
   # $transfer_log
@@ -35,11 +18,11 @@ class apache::mod::nss (
   # passwd_file
   file { 'nss.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/nss.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/nss.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/nss.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/pagespeed.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/pagespeed.pp
index 54181545a..052dad0b1 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/pagespeed.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/pagespeed.pp
@@ -1,18 +1,3 @@
-# @summary
-#   Installs and configures `mod_pagespeed`.
-# 
-# @todo
-#   Add docs
-#
-# @note
-#   Verify that your system is compatible with the latest Google Pagespeed requirements.
-#
-# Although this apache module requires the mod-pagespeed-stable package, Puppet does not manage the software repositories required to
-# automatically install the package. If you declare this class when the package is either not installed or not available to your 
-# package manager, your Puppet run will fail.
-# 
-# @see https://developers.google.com/speed/pagespeed/module/ for additional documentation.
-#
 class apache::mod::pagespeed (
   $inherit_vhost_config          = 'on',
   $filter_xhtml                  = false,
@@ -49,8 +34,8 @@ class apache::mod::pagespeed (
   $additional_configuration      = {},
   $apache_version                = undef,
   $package_ensure                = undef,
-) {
-  include apache
+){
+  include ::apache
   $_apache_version = pick($apache_version, $apache::apache_version)
   $_lib = $_apache_version ? {
     '2.4'   => 'mod_pagespeed_ap24.so',
@@ -65,11 +50,11 @@ class apache::mod::pagespeed (
   # Template uses $_apache_version
   file { 'pagespeed.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/pagespeed.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/pagespeed.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/pagespeed.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/passenger.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/passenger.pp
index 9019c33e4..3b17d3db3 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/passenger.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/passenger.pp
@@ -1,824 +1,40 @@
-# @summary
-#   Installs `mod_pasenger`.
-#
-# @param manage_repo
-#   Toggle whether to manage yum repo if on a RedHat node.
-#
-# @param mod_id
-#   Specifies the package id.
-#
-# @param mod_lib
-#   Defines the module's shared object name. Do not configure manually without special reason.
-#
-# @param mod_lib_path
-#   Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter overrides
-#   this value.
-#
-# @param mod_package
-#   Name of the module package to install.
-#
-# @param mod_package_ensure
-#   Determines whether Puppet ensures the module should be installed.
-#
-# @param mod_path
-#   Specifies a path to the module. Do not manually set this parameter without a special reason.
-#
-# @param passenger_allow_encoded_slashes
-#   Toggle whether URLs with encoded slashes (%2f) can be used (by default Apache does not support this).
-#
-# @param passenger_app_env
-#   This option sets, for the current application, the value of the following environment variables:
-#   - RAILS_ENV
-#   - RACK_ENV
-#   - WSGI_ENV
-#   - NODE_ENV
-#   - PASSENGER_APP_ENV
-#
-# @param passenger_app_group_name
-#   Sets the name of the application group that the current application should belong to.
-#
-# @param passenger_app_root
-#   Path to the application root which allows access independent from the DocumentRoot.
-#
-# @param passenger_app_type
-#   Specifies the type of the application. If you set this option, then you must also set PassengerAppRoot, otherwise Passenger will
-#   not properly recognize your application.
-#
-# @param passenger_base_uri
-#   Used to specify that the given URI is an distinct application that should be served by Passenger.
-#
-# @param passenger_buffer_response
-#   Toggle whether application-generated responses are buffered by Apache. Buffering will happen in memory.
-#
-# @param passenger_buffer_upload
-#   Toggle whether HTTP client request bodies are buffered before they are sent to the application. 
-#
-# @param passenger_concurrency_model
-#   Specifies the I/O concurrency model that should be used for Ruby application processes.
-#
-# @param passenger_conf_file
-#   
-#
-# @param passenger_conf_package_file
-#   
-#
-# @param passenger_data_buffer_dir
-#   Specifies the directory in which to store data buffers.
-#
-# @param passenger_debug_log_file
-#   
-#
-# @param passenger_debugger
-#   Turns support for Ruby application debugging on or off. 
-#
-# @param passenger_default_group
-#   Allows you to specify the group that applications must run as, if user switching fails or is disabled.
-#
-# @param passenger_default_ruby
-#   File path to desired ruby interpreter to use by default.
-#
-# @param passenger_default_user
-#   Allows you to specify the user that applications must run as, if user switching fails or is disabled.
-#
-# @param passenger_disable_security_update_check
-#   Allows disabling the Passenger security update check, a daily check with https://securitycheck.phusionpassenger.com for important
-#   security updates that might be available.
-#
-# @param passenger_enabled
-#   Toggles whether Passenger should be enabled for that particular context.
-#
-# @param passenger_error_override
-#   Toggles whether Apache will intercept and handle responses with HTTP status codes of 400 and higher. 
-#
-# @param passenger_file_descriptor_log_file
-#   Log file descriptor debug tracing messages to the given file.
-#
-# @param passenger_fly_with
-#   Enables the Flying Passenger mode, and configures Apache to connect to the Flying Passenger daemon that's listening on the 
-#   given socket filename.
-#
-# @param passenger_force_max_concurrent_requests_per_process
-#   Use this option to tell Passenger how many concurrent requests the application can handle per process. 
-#
-# @param passenger_friendly_error_pages
-#   Toggles whether Passenger should display friendly error pages whenever an application fails to start.
-#
-# @param passenger_group
-#   Allows you to override that behavior and explicitly set a group to run the web application as, regardless of the ownership of the 
-#   startup file.
-#
-# @param passenger_high_performance
-#   Toggles whether to enable PassengerHighPerformance which will make Passenger will be a little faster, in return for reduced
-#   compatibility with other Apache modules.
-#
-# @param passenger_installed_version
-#   
-#
-# @param passenger_instance_registry_dir
-#   Specifies the directory that Passenger should use for registering its current instance.
-#
-# @param passenger_load_shell_envvars
-#   Enables or disables the loading of shell environment variables before spawning the application.
-#
-# @param passenger_log_file
-#   File path to log file. By default Passenger log messages are written to the Apache global error log.
-#
-# @param passenger_log_level
-#   Specifies how much information Passenger should log to its log file. A higher log level value means that more 
-#   information will be logged.
-#
-# @param passenger_lve_min_uid
-#   When using Passenger on a LVE-enabled kernel, a security check (enter) is run for spawning application processes. This options
-#   tells the check to only allow processes with UIDs equal to, or higher than, the specified value.
-#
-# @param passenger_max_instances
-#   The maximum number of application processes that may simultaneously exist for an application. 
-#
-# @param passenger_max_instances_per_app
-#   The maximum number of application processes that may simultaneously exist for a single application. 
-#
-# @param passenger_max_pool_size
-#   The maximum number of application processes that may simultaneously exist.
-#
-# @param passenger_max_preloader_idle_time
-#   Set the preloader's idle timeout, in seconds. A value of 0 means that it should never idle timeout.
-#
-# @param passenger_max_request_queue_size
-#   Specifies the maximum size for the queue of all incoming requests.
-#
-# @param passenger_max_request_time
-#   The maximum amount of time, in seconds, that an application process may take to process a request.
-#
-# @param passenger_max_requests
-#   The maximum number of requests an application process will process. 
-#
-# @param passenger_memory_limit
-#   The maximum amount of memory that an application process may use, in megabytes.
-#
-# @param passenger_meteor_app_settings
-#   When using a Meteor application in non-bundled mode, use this option to specify a JSON file with settings for the application.
-#
-# @param passenger_min_instances
-#   Specifies the minimum number of application processes that should exist for a given application. 
-#
-# @param passenger_nodejs
-#   Specifies the Node.js command to use for serving Node.js web applications.
-#
-# @param passenger_pool_idle_time
-#   The maximum number of seconds that an application process may be idle.
-#
-# @param passenger_pre_start
-#   URL of the web application you want to pre-start.
-#
-# @param passenger_python
-#   Specifies the Python interpreter to use for serving Python web applications.
-#
-# @param passenger_resist_deployment_errors
-#   Enables or disables resistance against deployment errors.
-#
-# @param passenger_resolve_symlinks_in_document_root
-#   This option is no longer available in version 5.2.0. Switch to PassengerAppRoot if you are setting the application root via a
-#   document root containing symlinks.
-#
-# @param passenger_response_buffer_high_watermark
-#   Configures the maximum size of the real-time disk-backed response buffering system.
-#
-# @param passenger_restart_dir
-#   Path to directory containing restart.txt file. Can be either absolute or relative.
-#
-# @param passenger_rolling_restarts
-#   Enables or disables support for zero-downtime application restarts through restart.txt.
-#
-# @param passenger_root
-#   Refers to the location to the Passenger root directory, or to a location configuration file. 
-#
-# @param passenger_ruby
-#   Specifies the Ruby interpreter to use for serving Ruby web applications. 
-#
-# @param passenger_security_update_check_proxy
-#   Allows use of an intermediate proxy for the Passenger security update check.
-#
-# @param passenger_show_version_in_header
-#   Toggle whether Passenger will output its version number in the X-Powered-By header in all Passenger-served requests:
-#
-# @param passenger_socket_backlog
-#   This option can be raised if Apache manages to overflow the backlog queue.
-#
-# @param passenger_spawn_method
-#   Controls whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.
-#
-# @param passenger_start_timeout
-#   Specifies a timeout for the startup of application processes.
-#
-# @param passenger_startup_file
-#   Specifies the startup file that Passenger should use when loading the application. 
-#
-# @param passenger_stat_throttle_rate
-#   Setting this option to a value of x means that certain filesystem checks will be performed at most once every x seconds.
-#
-# @param passenger_sticky_sessions
-#   Toggles whether all requests that a client sends will be routed to the same originating application process, whenever possible. 
-#
-# @param passenger_sticky_sessions_cookie_name
-#   Sets the name of the sticky sessions cookie.
-#
-# @param passenger_thread_count
-#   Specifies the number of threads that Passenger should spawn per Ruby application process.
-#
-# @param passenger_use_global_queue
-#   N/A.
-#
-# @param passenger_user
-#   Allows you to override that behavior and explicitly set a user to run the web application as, regardless of the ownership of the
-#   startup file.
-#
-# @param passenger_user_switching
-#   Toggles whether to attempt to enable user account sandboxing, also known as user switching.
-#
-# @param rack_auto_detect
-#   This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
-#
-# @param rack_autodetect
-#   This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
-#
-# @param rack_base_uri
-#   Deprecated in 3.0.0 in favor of PassengerBaseURI.
-#
-# @param rack_env
-#   Alias for PassengerAppEnv.
-#
-# @param rails_allow_mod_rewrite
-#   This option doesn't do anything anymore since version 4.0.0.
-#
-# @param rails_app_spawner_idle_time
-#   This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.
-#
-# @param rails_auto_detect
-#   This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
-#
-# @param rails_autodetect
-#   This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
-#
-# @param rails_base_uri
-#   Deprecated in 3.0.0 in favor of PassengerBaseURI.
-#
-# @param rails_default_user
-#   Deprecated in 3.0.0 in favor of PassengerDefaultUser
-#
-# @param rails_env
-#   Alias for PassengerAppEnv.
-#
-# @param rails_framework_spawner_idle_time
-#   This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed 
-#   altogether. You should use smart spawning instead.
-#
-# @param rails_ruby
-#   Deprecated in 3.0.0 in favor of PassengerRuby.
-#
-# @param rails_spawn_method
-#   Deprecated in 3.0.0 in favor of PassengerSpawnMethod.
-#
-# @param rails_user_switching
-#   Deprecated in 3.0.0 in favor of PassengerUserSwitching.
-#
-# @param wsgi_auto_detect
-#   This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
-#
-# @note 
-#   In Passenger source code you can strip out what are all the available options by looking in
-#     - src/apache2_module/Configuration.cpp
-#     - src/apache2_module/ConfigurationCommands.cpp
-#   There are also several undocumented settings.
-#
-# @note
-#   For Red Hat based systems, ensure that you meet the minimum requirements described in the passenger docs.
-#
-# The current set of server configurations settings were taken directly from the Passenger Reference. To enable deprecation warnings 
-# and removal failure messages, set the passenger_installed_version to the version number installed on the server.
-#
-# Change Log:
-#   - As of 08/13/2017 there are 84 available/deprecated/removed settings.
-#   - Around 08/20/2017 UnionStation was discontinued options were removed.
-#   - As of 08/20/2017 there are 77 available/deprecated/removed settings.
-#
-# @see https://www.phusionpassenger.com/docs/references/config_reference/apache/ for additional documentation.
-#
 class apache::mod::passenger (
-  $manage_repo                                                                               = true,
-  $mod_id                                                                                    = undef,
-  $mod_lib                                                                                   = undef,
-  $mod_lib_path                                                                              = undef,
-  $mod_package                                                                               = undef,
-  $mod_package_ensure                                                                        = undef,
-  $mod_path                                                                                  = undef,
-  $passenger_allow_encoded_slashes                                                           = undef,
-  Optional[String] $passenger_anonymous_telemetry_proxy                                      = undef,
-  $passenger_app_env                                                                         = undef,
-  $passenger_app_group_name                                                                  = undef,
-  $passenger_app_root                                                                        = undef,
-  $passenger_app_type                                                                        = undef,
-  $passenger_base_uri                                                                        = undef,
-  $passenger_buffer_response                                                                 = undef,
-  $passenger_buffer_upload                                                                   = undef,
-  $passenger_concurrency_model                                                               = undef,
-  $passenger_conf_file                                                                       = $apache::params::passenger_conf_file,
-  $passenger_conf_package_file                                                               = $apache::params::passenger_conf_package_file,
-  $passenger_data_buffer_dir                                                                 = undef,
-  $passenger_debug_log_file                                                                  = undef,
-  $passenger_debugger                                                                        = undef,
-  $passenger_default_group                                                                   = undef,
-  $passenger_default_ruby                                                                    = $apache::params::passenger_default_ruby,
-  $passenger_default_user                                                                    = undef,
-  Optional[Boolean] $passenger_disable_anonymous_telemetry                                   = undef,
-  Optional[Boolean] $passenger_disable_log_prefix                                           = undef,
-  $passenger_disable_security_update_check                                                   = undef,
-  $passenger_enabled                                                                         = undef,
-  $passenger_error_override                                                                  = undef,
-  $passenger_file_descriptor_log_file                                                        = undef,
-  $passenger_fly_with                                                                        = undef,
-  $passenger_force_max_concurrent_requests_per_process                                       = undef,
-  $passenger_friendly_error_pages                                                            = undef,
-  $passenger_group                                                                           = undef,
-  $passenger_high_performance                                                                = undef,
-  $passenger_installed_version                                                               = undef,
-  $passenger_instance_registry_dir                                                           = undef,
-  $passenger_load_shell_envvars                                                              = undef,
-  Optional[Stdlib::Absolutepath] $passenger_log_file                                         = undef,
-  $passenger_log_level                                                                       = undef,
-  $passenger_lve_min_uid                                                                     = undef,
-  $passenger_max_instances                                                                   = undef,
-  $passenger_max_instances_per_app                                                           = undef,
-  $passenger_max_pool_size                                                                   = undef,
-  $passenger_max_preloader_idle_time                                                         = undef,
-  $passenger_max_request_queue_size                                                          = undef,
-  $passenger_max_request_time                                                                = undef,
-  $passenger_max_requests                                                                    = undef,
-  $passenger_memory_limit                                                                    = undef,
-  $passenger_meteor_app_settings                                                             = undef,
-  $passenger_min_instances                                                                   = undef,
-  $passenger_nodejs                                                                          = undef,
-  $passenger_pool_idle_time                                                                  = undef,
-  Optional[Variant[String,Array[String]]] $passenger_pre_start                               = undef,
-  $passenger_python                                                                          = undef,
-  $passenger_resist_deployment_errors                                                        = undef,
-  $passenger_resolve_symlinks_in_document_root                                               = undef,
-  $passenger_response_buffer_high_watermark                                                  = undef,
-  $passenger_restart_dir                                                                     = undef,
-  $passenger_rolling_restarts                                                                = undef,
-  $passenger_root                                                                            = $apache::params::passenger_root,
-  $passenger_ruby                                                                            = $apache::params::passenger_ruby,
-  $passenger_security_update_check_proxy                                                     = undef,
-  $passenger_show_version_in_header                                                          = undef,
-  $passenger_socket_backlog                                                                  = undef,
-  Optional[String] $passenger_spawn_dir                                                      = undef,
-  Optional[Enum['smart', 'direct', 'smart-lv2', 'conservative']] $passenger_spawn_method     = undef,
-  $passenger_start_timeout                                                                   = undef,
-  $passenger_startup_file                                                                    = undef,
-  $passenger_stat_throttle_rate                                                              = undef,
-  $passenger_sticky_sessions                                                                 = undef,
-  $passenger_sticky_sessions_cookie_name                                                     = undef,
-  Optional[String] $passenger_sticky_sessions_cookie_attributes                              = undef,
-  $passenger_thread_count                                                                    = undef,
-  $passenger_use_global_queue                                                                = undef,
-  $passenger_user                                                                            = undef,
-  $passenger_user_switching                                                                  = undef,
-  $rack_auto_detect                                                                          = undef,
-  $rack_autodetect                                                                           = undef,
-  $rack_base_uri                                                                             = undef,
-  $rack_env                                                                                  = undef,
-  $rails_allow_mod_rewrite                                                                   = undef,
-  $rails_app_spawner_idle_time                                                               = undef,
-  $rails_auto_detect                                                                         = undef,
-  $rails_autodetect                                                                          = undef,
-  $rails_base_uri                                                                            = undef,
-  $rails_default_user                                                                        = undef,
-  $rails_env                                                                                 = undef,
-  $rails_framework_spawner_idle_time                                                         = undef,
-  $rails_ruby                                                                                = undef,
-  $rails_spawn_method                                                                        = undef,
-  $rails_user_switching                                                                      = undef,
-  $wsgi_auto_detect                                                                          = undef,
+  $passenger_conf_file                                                                   = $::apache::params::passenger_conf_file,
+  $passenger_conf_package_file                                                           = $::apache::params::passenger_conf_package_file,
+  $passenger_high_performance                                                            = undef,
+  $passenger_pool_idle_time                                                              = undef,
+  $passenger_max_request_queue_size                                                      = undef,
+  $passenger_max_requests                                                                = undef,
+  Optional[Enum['smart', 'direct', 'smart-lv2', 'conservative']] $passenger_spawn_method = undef,
+  $passenger_stat_throttle_rate                                                          = undef,
+  $rack_autodetect                                                                       = undef,
+  $rails_autodetect                                                                      = undef,
+  $passenger_root                                                                        = $::apache::params::passenger_root,
+  $passenger_ruby                                                                        = $::apache::params::passenger_ruby,
+  $passenger_default_ruby                                                                = $::apache::params::passenger_default_ruby,
+  $passenger_max_pool_size                                                               = undef,
+  $passenger_min_instances                                                               = undef,
+  $passenger_max_instances_per_app                                                       = undef,
+  $passenger_use_global_queue                                                            = undef,
+  $passenger_app_env                                                                     = undef,
+  Optional[Stdlib::Absolutepath] $passenger_log_file                                     = undef,
+  $passenger_log_level                                                                   = undef,
+  $passenger_data_buffer_dir                                                             = undef,
+  $manage_repo                                                                           = true,
+  $mod_package                                                                           = undef,
+  $mod_package_ensure                                                                    = undef,
+  $mod_lib                                                                               = undef,
+  $mod_lib_path                                                                          = undef,
+  $mod_id                                                                                = undef,
+  $mod_path                                                                              = undef,
 ) inherits ::apache::params {
-  include apache
-  if $passenger_installed_version {
-    if $passenger_allow_encoded_slashes {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_allow_encoded_slashes is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_anonymous_telemetry_proxy {
-      if (versioncmp($passenger_installed_version, '6.0.0') < 0) {
-        fail("Passenger config option :: passenger_anonymous_telemetry_proxy is not introduced until version 6.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_app_env {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_app_env is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_app_group_name {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_app_group_name is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_app_root {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_app_root is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_app_type {
-      if (versioncmp($passenger_installed_version, '4.0.25') < 0) {
-        fail("Passenger config option :: passenger_app_type is not introduced until version 4.0.25 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_base_uri {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_base_uri is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_buffer_response {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_buffer_response is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_buffer_upload {
-      if (versioncmp($passenger_installed_version, '4.0.26') < 0) {
-        fail("Passenger config option :: passenger_buffer_upload is not introduced until version 4.0.26 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_concurrency_model {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_concurrency_model is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_data_buffer_dir {
-      if (versioncmp($passenger_installed_version, '5.0.0') < 0) {
-        fail("Passenger config option :: passenger_data_buffer_dir is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_debug_log_file {
-      if (versioncmp($passenger_installed_version, '5.0.5') > 0) {
-        warning('DEPRECATED PASSENGER OPTION :: passenger_debug_log_file :: This option has been renamed in version 5.0.5 to PassengerLogFile.')
-      }
-    }
-    if $passenger_debugger {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_debugger is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_default_group {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_default_group is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_default_ruby {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_default_ruby is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_default_user {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_default_user is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_disable_anonymous_telemetry {
-      if (versioncmp($passenger_installed_version, '6.0.0') < 0) {
-        fail("Passenger config option :: passenger_disable_anonymous_telemetry is not introduced until version 6.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_disable_log_prefix {
-      if (versioncmp($passenger_installed_version, '6.0.2') < 0) {
-        fail("Passenger config option :: passenger_disable_log_prefix is not introduced until version 6.0.2 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_disable_security_update_check {
-      if (versioncmp($passenger_installed_version, '5.1.0') < 0) {
-        fail("Passenger config option :: passenger_disable_security_update_check is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_enabled {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_enabled is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_error_override {
-      if (versioncmp($passenger_installed_version, '4.0.24') < 0) {
-        fail("Passenger config option :: passenger_error_override is not introduced until version 4.0.24 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_file_descriptor_log_file {
-      if (versioncmp($passenger_installed_version, '5.0.5') < 0) {
-        fail("Passenger config option :: passenger_file_descriptor_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_fly_with {
-      if (versioncmp($passenger_installed_version, '4.0.45') < 0) {
-        fail("Passenger config option :: passenger_fly_with is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_force_max_concurrent_requests_per_process {
-      if (versioncmp($passenger_installed_version, '5.0.22') < 0) {
-        fail("Passenger config option :: passenger_force_max_concurrent_requests_per_process is not introduced until version 5.0.22 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_friendly_error_pages {
-      if (versioncmp($passenger_installed_version, '4.0.42') < 0) {
-        fail("Passenger config option :: passenger_friendly_error_pages is not introduced until version 4.0.42 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_group {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_group is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_high_performance {
-      if (versioncmp($passenger_installed_version, '2.0.0') < 0) {
-        fail("Passenger config option :: passenger_high_performance is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_instance_registry_dir {
-      if (versioncmp($passenger_installed_version, '5.0.0') < 0) {
-        fail("Passenger config option :: passenger_instance_registry_dir is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_load_shell_envvars {
-      if (versioncmp($passenger_installed_version, '4.0.20') < 0) {
-        fail("Passenger config option :: passenger_load_shell_envvars is not introduced until version 4.0.20 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_log_file {
-      if (versioncmp($passenger_installed_version, '5.0.5') < 0) {
-        fail("Passenger config option :: passenger_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_log_level {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_log_level is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_lve_min_uid {
-      if (versioncmp($passenger_installed_version, '5.0.28') < 0) {
-        fail("Passenger config option :: passenger_lve_min_uid is not introduced until version 5.0.28 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_max_instances {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_max_instances is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_max_instances_per_app {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_max_instances_per_app is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_max_pool_size {
-      if (versioncmp($passenger_installed_version, '1.0.0') < 0) {
-        fail("Passenger config option :: passenger_max_pool_size is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_max_preloader_idle_time {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_max_preloader_idle_time is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_max_request_queue_size {
-      if (versioncmp($passenger_installed_version, '4.0.15') < 0) {
-        fail("Passenger config option :: passenger_max_request_queue_size is not introduced until version 4.0.15 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_max_request_time {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_max_request_time is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_max_requests {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_max_requests is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_memory_limit {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_memory_limit is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_meteor_app_settings {
-      if (versioncmp($passenger_installed_version, '5.0.7') < 0) {
-        fail("Passenger config option :: passenger_meteor_app_settings is not introduced until version 5.0.7 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_min_instances {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_min_instances is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_nodejs {
-      if (versioncmp($passenger_installed_version, '4.0.24') < 0) {
-        fail("Passenger config option :: passenger_nodejs is not introduced until version 4.0.24 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_pool_idle_time {
-      if (versioncmp($passenger_installed_version, '1.0.0') < 0) {
-        fail("Passenger config option :: passenger_pool_idle_time is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_pre_start {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_pre_start is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_python {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_python is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_resist_deployment_errors {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_resist_deployment_errors is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_resolve_symlinks_in_document_root {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_resolve_symlinks_in_document_root is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_response_buffer_high_watermark {
-      if (versioncmp($passenger_installed_version, '5.0.0') < 0) {
-        fail("Passenger config option :: passenger_response_buffer_high_watermark is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_restart_dir {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_restart_dir is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_rolling_restarts {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_rolling_restarts is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_root {
-      if (versioncmp($passenger_installed_version, '1.0.0') < 0) {
-        fail("Passenger config option :: passenger_root is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_ruby {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_ruby is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_security_update_check_proxy {
-      if (versioncmp($passenger_installed_version, '5.1.0') < 0) {
-        fail("Passenger config option :: passenger_security_update_check_proxy is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_show_version_in_header {
-      if (versioncmp($passenger_installed_version, '5.1.0') < 0) {
-        fail("Passenger config option :: passenger_show_version_in_header is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_socket_backlog {
-      if (versioncmp($passenger_installed_version, '5.0.24') < 0) {
-        fail("Passenger config option :: passenger_socket_backlog is not introduced until version 5.0.24 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_spawn_dir {
-      if (versioncmp($passenger_installed_version, '6.0.3') < 0) {
-        fail("Passenger config option :: passenger_spawn_dir is not introduced until version 6.0.3 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_spawn_method {
-      if (versioncmp($passenger_installed_version, '2.0.0') < 0) {
-        fail("Passenger config option :: passenger_spawn_method is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_start_timeout {
-      if (versioncmp($passenger_installed_version, '4.0.15') < 0) {
-        fail("Passenger config option :: passenger_start_timeout is not introduced until version 4.0.15 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_startup_file {
-      if (versioncmp($passenger_installed_version, '4.0.25') < 0) {
-        fail("Passenger config option :: passenger_startup_file is not introduced until version 4.0.25 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_stat_throttle_rate {
-      if (versioncmp($passenger_installed_version, '2.2.0') < 0) {
-        fail("Passenger config option :: passenger_stat_throttle_rate is not introduced until version 2.2.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_sticky_sessions {
-      if (versioncmp($passenger_installed_version, '4.0.45') < 0) {
-        fail("Passenger config option :: passenger_sticky_sessions is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_sticky_sessions_cookie_name {
-      if (versioncmp($passenger_installed_version, '4.0.45') < 0) {
-        fail("Passenger config option :: passenger_sticky_sessions_cookie_name is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_sticky_sessions_cookie_attributes {
-      if (versioncmp($passenger_installed_version, '6.0.5') < 0) {
-        fail("Passenger config option :: passenger_sticky_sessions_cookie_attributes is not introduced until version 6.0.5 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_thread_count {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_thread_count is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_use_global_queue {
-      if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
-        fail('REMOVED PASSENGER OPTION :: passenger_use_global_queue :: -- no message on the current passenger reference webpage -- ')
-      }
-      if (versioncmp($passenger_installed_version, '2.0.4') < 0) {
-        fail("Passenger config option :: passenger_use_global_queue is not introduced until version 2.0.4 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_user {
-      if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
-        fail("Passenger config option :: passenger_user is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $passenger_user_switching {
-      if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
-        fail("Passenger config option :: passenger_user_switching is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if ($rack_auto_detect or $rack_autodetect) {
-      if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
-        fail('REMOVED PASSENGER OPTION :: rack_auto_detect ::  These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.')
-      }
-    }
-    if $rack_base_uri {
-      if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
-        warning('DEPRECATED PASSENGER OPTION :: rack_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.')
-      }
-    }
-    if $rack_env {
-      if (versioncmp($passenger_installed_version, '2.0.0') < 0) {
-        fail("Passenger config option :: rack_env is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $rails_allow_mod_rewrite {
-      if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
-        warning("DEPRECATED PASSENGER OPTION :: rails_allow_mod_rewrite :: This option doesn't do anything anymore in since version 4.0.0.")
-      }
-    }
-    if $rails_app_spawner_idle_time {
-      if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
-        fail('REMOVED PASSENGER OPTION :: rails_app_spawner_idle_time ::  This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.')
-      }
-    }
-    if ($rails_auto_detect or $rails_autodetect) {
-      if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
-        fail('REMOVED PASSENGER OPTION :: rails_auto_detect ::  These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.')
-      }
-    }
-    if $rails_base_uri {
-      if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
-        warning('DEPRECATED PASSENGER OPTION :: rails_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.')
-      }
-    }
-    if $rails_default_user {
-      if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
-        warning('DEPRECATED PASSENGER OPTION :: rails_default_user :: Deprecated in 3.0.0 in favor of PassengerDefaultUser.')
-      }
-    }
-    if $rails_env {
-      if (versioncmp($passenger_installed_version, '2.0.0') < 0) {
-        fail("Passenger config option :: rails_env is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported")
-      }
-    }
-    if $rails_framework_spawner_idle_time {
-      if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
-        fail('REMOVED PASSENGER OPTION :: rails_framework_spawner_idle_time ::  This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead.')
-      }
-    }
-    if $rails_ruby {
-      if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
-        warning('DEPRECATED PASSENGER OPTION :: rails_ruby :: Deprecated in 3.0.0 in favor of PassengerRuby.')
-      }
-    }
-    if $rails_spawn_method {
-      if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
-        warning('DEPRECATED PASSENGER OPTION :: rails_spawn_method :: Deprecated in 3.0.0 in favor of PassengerSpawnMethod.')
-      }
-    }
-    if $rails_user_switching {
-      if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
-        warning('DEPRECATED PASSENGER OPTION :: rails_user_switching :: Deprecated in 3.0.0 in favor of PassengerUserSwitching.')
-      }
-    }
-    if $wsgi_auto_detect {
-      if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
-        fail('REMOVED PASSENGER OPTION :: wsgi_auto_detect ::  These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.')
-      }
-    }
-  }
+
+  include ::apache
+
   # Managed by the package, but declare it to avoid purging
   if $passenger_conf_package_file {
     file { 'passenger_package.conf':
-      path => "${apache::confd_dir}/${passenger_conf_package_file}",
+      path => "${::apache::confd_dir}/${passenger_conf_package_file}",
     }
   }
 
@@ -837,11 +53,7 @@ class apache::mod::passenger (
 
   if $::osfamily == 'RedHat' and $manage_repo {
     if $::operatingsystem == 'Amazon' {
-      if $::operatingsystemmajrelease == '2' {
-        $baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/7/$basearch'
-      } else {
-        $baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/6/$basearch'
-      }
+      $baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/6Server/$basearch'
     } else {
       $baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch'
     }
@@ -852,7 +64,7 @@ class apache::mod::passenger (
       descr         => 'passenger',
       enabled       => '1',
       gpgcheck      => '0',
-      gpgkey        => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt',
+      gpgkey        => 'https://packagecloud.io/gpg.key',
       repo_gpgcheck => '1',
       sslcacert     => '/etc/pki/tls/certs/ca-bundle.crt',
       sslverify     => '1',
@@ -875,91 +87,29 @@ class apache::mod::passenger (
   }
 
   # Template uses:
-  # - $passenger_allow_encoded_slashes : since 4.0.0.
-  # - $passenger_app_env : since 4.0.0.
-  # - $passenger_app_group_name : since 4.0.0.
-  # - $passenger_app_root : since 4.0.0.
-  # - $passenger_app_type : since 4.0.25.
-  # - $passenger_base_uri : since 4.0.0.
-  # - $passenger_buffer_response : since 4.0.0.
-  # - $passenger_buffer_upload : since 4.0.26.
-  # - $passenger_concurrency_model : since 4.0.0.
-  # - $passenger_data_buffer_dir : since 5.0.0.
-  # - $passenger_debug_log_file : since unkown. Deprecated in 5.0.5.
-  # - $passenger_debugger : since 3.0.0.
-  # - $passenger_default_group : since 3.0.0.
-  # - $passenger_default_ruby : since 4.0.0.
-  # - $passenger_default_user : since 3.0.0.
-  # - $passenger_disable_security_update_check : since 5.1.0.
-  # - $passenger_enabled : since 4.0.0.
-  # - $passenger_error_override : since 4.0.24.
-  # - $passenger_file_descriptor_log_file : since 5.0.5.
-  # - $passenger_fly_with : since 4.0.45.
-  # - $passenger_force_max_concurrent_requests_per_process : since 5.0.22.
-  # - $passenger_friendly_error_pages : since 4.0.42.
-  # - $passenger_group : since 4.0.0.
-  # - $passenger_high_performance : since 2.0.0.
-  # - $passenger_instance_registry_dir : since 5.0.0.
-  # - $passenger_load_shell_envvars : since 4.0.20.
-  # - $passenger_log_file : since 5.0.5.
-  # - $passenger_log_level : since 3.0.0.
-  # - $passenger_lve_min_uid : since 5.0.28.
-  # - $passenger_max_instances : since 3.0.0.
-  # - $passenger_max_instances_per_app : since 3.0.0.
-  # - $passenger_max_pool_size : since 1.0.0.
-  # - $passenger_max_preloader_idle_time : since 4.0.0.
-  # - $passenger_max_request_queue_size : since 4.0.15.
-  # - $passenger_max_request_time : since 3.0.0.
-  # - $passenger_max_requests : since 3.0.0.
-  # - $passenger_memory_limit : since 3.0.0.
-  # - $passenger_meteor_app_settings : since 5.0.7.
-  # - $passenger_min_instances : since 3.0.0.
-  # - $passenger_nodejs : since 4.0.24.
-  # - $passenger_pool_idle_time : since 1.0.0.
-  # - $passenger_pre_start : since 3.0.0.
-  # - $passenger_python : since 4.0.0.
-  # - $passenger_resist_deployment_errors : since 3.0.0.
-  # - $passenger_resolve_symlinks_in_document_root : since 3.0.0.
-  # - $passenger_response_buffer_high_watermark : since 5.0.0.
-  # - $passenger_restart_dir : since 3.0.0.
-  # - $passenger_rolling_restarts : since 3.0.0.
-  # - $passenger_root : since 1.0.0.
-  # - $passenger_ruby : since 4.0.0.
-  # - $passenger_security_update_check_proxy : since 5.1.0.
-  # - $passenger_show_version_in_header : since 5.1.0.
-  # - $passenger_socket_backlog : since 5.0.24.
-  # - $passenger_spawn_method : since 2.0.0.
-  # - $passenger_start_timeout : since 4.0.15.
-  # - $passenger_startup_file : since 4.0.25.
-  # - $passenger_stat_throttle_rate : since 2.2.0.
-  # - $passenger_sticky_sessions : since 4.0.45.
-  # - $passenger_sticky_sessions_cookie_name : since 4.0.45.
-  # - $passenger_thread_count : since 4.0.0.
-  # - $passenger_use_global_queue : since 2.0.4.Deprecated in 4.0.0.
-  # - $passenger_user : since 4.0.0.
-  # - $passenger_user_switching : since 3.0.0.
-  # - $rack_auto_detect : since unkown. Deprecated in 4.0.0.
-  # - $rack_base_uri : since unkown. Deprecated in 3.0.0.
-  # - $rack_env : since 2.0.0.
-  # - $rails_allow_mod_rewrite : since unkown. Deprecated in 4.0.0.
-  # - $rails_app_spawner_idle_time : since unkown. Deprecated in 4.0.0.
-  # - $rails_auto_detect : since unkown. Deprecated in 4.0.0.
-  # - $rails_base_uri : since unkown. Deprecated in 3.0.0.
-  # - $rails_default_user : since unkown. Deprecated in 3.0.0.
-  # - $rails_env : since 2.0.0.
-  # - $rails_framework_spawner_idle_time : since unkown. Deprecated in 4.0.0.
-  # - $rails_ruby : since unkown. Deprecated in 3.0.0.
-  # - $rails_spawn_method : since unkown. Deprecated in 3.0.0.
-  # - $rails_user_switching : since unkown. Deprecated in 3.0.0.
-  # - $wsgi_auto_detect : since unkown. Deprecated in 4.0.0.
-  # - $rails_autodetect : this options is only for backward compatiblity with older versions of this class
-  # - $rack_autodetect : this options is only for backward compatiblity with older versions of this class
+  # - $passenger_root
+  # - $passenger_ruby
+  # - $passenger_default_ruby
+  # - $passenger_max_pool_size
+  # - $passenger_min_instances
+  # - $passenger_max_instances_per_app
+  # - $passenger_high_performance
+  # - $passenger_max_requests
+  # - $passenger_spawn_method
+  # - $passenger_stat_throttle_rate
+  # - $passenger_use_global_queue
+  # - $passenger_log_file
+  # - $passenger_log_level
+  # - $passenger_app_env
+  # - $passenger_data_buffer_dir
+  # - $rack_autodetect
+  # - $rails_autodetect
   file { 'passenger.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/${passenger_conf_file}",
+    path    => "${::apache::mod_dir}/${passenger_conf_file}",
     content => template('apache/mod/passenger.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/perl.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/perl.pp
index f883305ea..3bfeac977 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/perl.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/perl.pp
@@ -1,9 +1,4 @@
-# @summary
-#   Installs `mod_perl`.
-# 
-# @see https://perl.apache.org for additional documentation.
-#
 class apache::mod::perl {
-  include apache
+  include ::apache
   ::apache::mod { 'perl': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/peruser.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/peruser.pp
index 4fec2c04c..5683dd66c 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/peruser.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/peruser.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_peruser`.
-# 
-# @todo
-#   Add docs
 class apache::mod::peruser (
   $minspareprocessors = '2',
   $minprocessors = '2',
@@ -13,7 +8,7 @@ class apache::mod::peruser (
   $expiretimeout = '120',
   $keepalive = 'Off',
 ) {
-  include apache
+  include ::apache
   case $::osfamily {
     'freebsd' : {
       fail("Unsupported osfamily ${::osfamily}")
@@ -39,11 +34,11 @@ class apache::mod::peruser (
       }
       File {
         owner => 'root',
-        group => $apache::params::root_group,
-        mode  => $apache::file_mode,
+        group => $::apache::params::root_group,
+        mode  => $::apache::file_mode,
       }
 
-      $mod_dir = $apache::mod_dir
+      $mod_dir = $::apache::mod_dir
 
       # Template uses:
       # - $minspareprocessors
@@ -55,25 +50,25 @@ class apache::mod::peruser (
       # - $expiretimeout
       # - $keepalive
       # - $mod_dir
-      file { "${apache::mod_dir}/peruser.conf":
+      file { "${::apache::mod_dir}/peruser.conf":
         ensure  => file,
-        mode    => $apache::file_mode,
+        mode    => $::apache::file_mode,
         content => template('apache/mod/peruser.conf.erb'),
-        require => Exec["mkdir ${apache::mod_dir}"],
-        before  => File[$apache::mod_dir],
+        require => Exec["mkdir ${::apache::mod_dir}"],
+        before  => File[$::apache::mod_dir],
         notify  => Class['apache::service'],
       }
-      file { "${apache::mod_dir}/peruser":
+      file { "${::apache::mod_dir}/peruser":
         ensure  => directory,
-        require => File[$apache::mod_dir],
+        require => File[$::apache::mod_dir],
       }
-      file { "${apache::mod_dir}/peruser/multiplexers":
+      file { "${::apache::mod_dir}/peruser/multiplexers":
         ensure  => directory,
-        require => File["${apache::mod_dir}/peruser"],
+        require => File["${::apache::mod_dir}/peruser"],
       }
-      file { "${apache::mod_dir}/peruser/processors":
+      file { "${::apache::mod_dir}/peruser/processors":
         ensure  => directory,
-        require => File["${apache::mod_dir}/peruser"],
+        require => File["${::apache::mod_dir}/peruser"],
       }
 
       ::apache::peruser::multiplexer { '01-default': }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/php.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/php.pp
index 02c51be64..c7c004888 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/php.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/php.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_php`.
-# 
-# @todo
-#   Add docs
 class apache::mod::php (
   $package_name     = undef,
   $package_ensure   = 'present',
@@ -11,20 +6,13 @@ class apache::mod::php (
   $content          = undef,
   $template         = 'apache/mod/php.conf.erb',
   $source           = undef,
-  $root_group       = $apache::params::root_group,
-  $php_version      = $apache::params::php_version,
-  $libphp_prefix    = 'libphp'
+  $root_group       = $::apache::params::root_group,
+  $php_version      = $::apache::params::php_version,
 ) inherits apache::params {
-  include apache
-  if (versioncmp($php_version, '8') < 0) {
-    $mod = "php${php_version}"
-  } else {
-    $mod = 'php'
-  }
 
-  if $apache::version::scl_httpd_version == undef and $apache::version::scl_php_version != undef {
-    fail('If you define apache::version::scl_php_version, you also need to specify apache::version::scl_httpd_version')
-  }
+  include ::apache
+  $mod = "php${php_version}"
+
   if defined(Class['::apache::mod::prefork']) {
     Class['::apache::mod::prefork']->File["${mod}.conf"]
   }
@@ -50,7 +38,7 @@ class apache::mod::php (
   }
 
   # Determine if we have a package
-  $mod_packages = $apache::mod_packages
+  $mod_packages = $::apache::mod_packages
   if $package_name {
     $_package_name = $package_name
   } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack
@@ -61,58 +49,46 @@ class apache::mod::php (
     $_package_name = undef
   }
 
+  $_lib = "libphp${php_version}.so"
   $_php_major = regsubst($php_version, '^(\d+)\..*$', '\1')
-  $_php_version_no_dot = regsubst($php_version, '\.', '')
-  if $apache::version::scl_httpd_version {
-    $_lib = "librh-php${_php_version_no_dot}-php${_php_major}.so"
-  } else {
-    # Controls php version and libphp prefix
-    $_lib = $_php_major ? {
-      '8'     => "${libphp_prefix}.so",
-      default => "${libphp_prefix}${php_version}.so",
-    }
-  }
-  $_module_id = $_php_major ? {
-    '5'     => 'php5_module',
-    '7'     => 'php7_module',
-    default => 'php_module',
-  }
 
   if $::operatingsystem == 'SLES' {
-    ::apache::mod { $mod:
-      package        => $_package_name,
-      package_ensure => $package_ensure,
-      lib            => "mod_${mod}.so",
-      id             => $_module_id,
-      path           => "${apache::lib_path}/mod_${mod}.so",
-    }
-  } else {
-    ::apache::mod { $mod:
-      package        => $_package_name,
-      package_ensure => $package_ensure,
-      lib            => $_lib,
-      id             => $_module_id,
-      path           => $path,
-    }
-  }
+      ::apache::mod { $mod:
+        package        => $_package_name,
+        package_ensure => $package_ensure,
+        lib            => 'mod_php5.so',
+        id             => "php${_php_major}_module",
+        path           => "${::apache::lib_path}/mod_php5.so",
+      }
+    } else {
+      ::apache::mod { $mod:
+        package        => $_package_name,
+        package_ensure => $package_ensure,
+        lib            => $_lib,
+        id             => "php${_php_major}_module",
+        path           => $path,
+      }
 
-  include apache::mod::mime
-  include apache::mod::dir
+    }
+
+
+  include ::apache::mod::mime
+  include ::apache::mod::dir
   Class['::apache::mod::mime'] -> Class['::apache::mod::dir'] -> Class['::apache::mod::php']
 
   # Template uses $extensions
   file { "${mod}.conf":
     ensure  => file,
-    path    => "${apache::mod_dir}/${mod}.conf",
+    path    => "${::apache::mod_dir}/${mod}.conf",
     owner   => 'root',
     group   => $root_group,
-    mode    => $apache::file_mode,
+    mode    => $::apache::file_mode,
     content => $manage_content,
     source  => $source,
     require => [
-      Exec["mkdir ${apache::mod_dir}"],
+      Exec["mkdir ${::apache::mod_dir}"],
     ],
-    before  => File[$apache::mod_dir],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/prefork.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/prefork.pp
index f6c6315ae..f35551ce6 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/prefork.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/prefork.pp
@@ -1,51 +1,13 @@
-# @summary
-#   Installs and configures MPM `prefork`.
-# 
-# @param startservers
-#   Number of child server processes created at startup.
-#
-# @param minspareservers
-#   Minimum number of idle child server processes.
-# 
-# @param maxspareservers
-#   Maximum number of idle child server processes.
-# 
-# @param serverlimit
-#   Upper limit on configurable number of processes.
-# 
-# @param maxclients
-#   Old alias for MaxRequestWorkers.
-# 
-# @param maxrequestworkers
-#   Maximum number of connections that will be processed simultaneously.
-# 
-# @param maxrequestsperchild
-#  Old alias for MaxConnectionsPerChild.
-# 
-# @param maxconnectionsperchild
-#   Limit on the number of connections that an individual child server will handle during its life.
-#
-# @param apache_version
-#   Used to verify that the Apache version you have requested is compatible with the module.
-#
-# @param listenbacklog
-#   Maximum length of the queue of pending connections.
-# 
-# @see https://httpd.apache.org/docs/current/mod/prefork.html for additional documentation.
-#
 class apache::mod::prefork (
-  $startservers           = '8',
-  $minspareservers        = '5',
-  $maxspareservers        = '20',
-  $serverlimit            = '256',
-  $maxclients             = '256',
-  $maxrequestworkers      = undef,
-  $maxrequestsperchild    = '4000',
-  $maxconnectionsperchild = undef,
-  $apache_version         = undef,
-  $listenbacklog          = '511'
+  $startservers        = '8',
+  $minspareservers     = '5',
+  $maxspareservers     = '20',
+  $serverlimit         = '256',
+  $maxclients          = '256',
+  $maxrequestsperchild = '4000',
+  $apache_version      = undef,
 ) {
-  include apache
+  include ::apache
   $_apache_version = pick($apache_version, $apache::apache_version)
   if defined(Class['apache::mod::event']) {
     fail('May not include both apache::mod::prefork and apache::mod::event on the same node')
@@ -61,19 +23,10 @@ class apache::mod::prefork (
   if defined(Class['apache::mod::worker']) {
     fail('May not include both apache::mod::prefork and apache::mod::worker on the same node')
   }
-
-  if versioncmp($_apache_version, '2.3.13') < 0 {
-    if $maxrequestworkers == undef {
-      warning("For newer versions of Apache, \$maxclients is deprecated, please use \$maxrequestworkers.")
-    } elsif $maxconnectionsperchild == undef {
-      warning("For newer versions of Apache, \$maxrequestsperchild is deprecated, please use \$maxconnectionsperchild.")
-    }
-  }
-
   File {
     owner => 'root',
-    group => $apache::params::root_group,
-    mode  => $apache::file_mode,
+    group => $::apache::params::root_group,
+    mode  => $::apache::file_mode,
   }
 
   # Template uses:
@@ -82,21 +35,19 @@ class apache::mod::prefork (
   # - $maxspareservers
   # - $serverlimit
   # - $maxclients
-  # - $maxrequestworkers
   # - $maxrequestsperchild
-  # - $maxconnectionsperchild
-  file { "${apache::mod_dir}/prefork.conf":
+  file { "${::apache::mod_dir}/prefork.conf":
     ensure  => file,
     content => template('apache/mod/prefork.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 
   case $::osfamily {
     'redhat': {
       if versioncmp($_apache_version, '2.4') >= 0 {
-        ::apache::mpm { 'prefork':
+        ::apache::mpm{ 'prefork':
           apache_version => $_apache_version,
         }
       }
@@ -112,12 +63,12 @@ class apache::mod::prefork (
       }
     }
     'debian', 'freebsd': {
-      ::apache::mpm { 'prefork':
+      ::apache::mpm{ 'prefork':
         apache_version => $_apache_version,
       }
     }
     'Suse': {
-      ::apache::mpm { 'prefork':
+      ::apache::mpm{ 'prefork':
         apache_version => $apache_version,
         lib_path       => '/usr/lib64/apache2-prefork',
       }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy.pp
index 2a9eb7149..ce82cb3a8 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy.pp
@@ -1,40 +1,11 @@
-# @summary
-#   Installs and configures `mod_proxy`.
-#
-# @param proxy_requests
-#   Enables forward (standard) proxy requests.
-#
-# @param allow_from
-#   List of IPs allowed to access proxy.
-#
-# @param apache_version
-#   Used to verify that the Apache version you have requested is compatible with the module.
-#
-# @param package_name
-#   Name of the proxy package to install.
-#
-# @param proxy_via
-#   Set local IP address for outgoing proxy connections.
-#
-# @param proxy_timeout
-#   Network timeout for proxied requests.
-#
-# @param proxy_iobuffersize
-#   Set the size of internal data throughput buffer
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_proxy.html for additional documentation.
-#
 class apache::mod::proxy (
-  $proxy_requests     = 'Off',
-  $allow_from         = undef,
-  $apache_version     = undef,
-  $package_name       = undef,
-  $proxy_via          = 'On',
-  $proxy_timeout      = undef,
-  $proxy_iobuffersize = undef,
+  $proxy_requests = 'Off',
+  $allow_from     = undef,
+  $apache_version = undef,
+  $package_name   = undef,
+  $proxy_via      = 'On',
 ) {
-  include apache
-  $_proxy_timeout = $apache::timeout
+  include ::apache
   $_apache_version = pick($apache_version, $apache::apache_version)
   ::apache::mod { 'proxy':
     package => $package_name,
@@ -42,11 +13,11 @@ class apache::mod::proxy (
   # Template uses $proxy_requests, $_apache_version
   file { 'proxy.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/proxy.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/proxy.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/proxy.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_ajp.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_ajp.pp
index 36bea00c8..a011a1789 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_ajp.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_ajp.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_proxy_ajp`.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_proxy_ajp.html for additional documentation.
-#
 class apache::mod::proxy_ajp {
   Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_ajp']
   ::apache::mod { 'proxy_ajp': }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_balancer.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_balancer.pp
index 43bd0af65..dbc86df42 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_balancer.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_balancer.pp
@@ -1,28 +1,12 @@
-# @summary
-#   Installs and configures `mod_proxy_balancer`.
-# 
-# @param manager
-#   Toggle whether to enable balancer manager support.
-#
-# @param maanger_path
-#   Server relative path to balancer manager.
-#
-# @param allow_from
-#   List of IPs from which the balancer manager can be accessed.
-#
-# @param apache_version
-#   Version of Apache to install module on.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html for additional documentation.
-#
-class apache::mod::proxy_balancer (
+class apache::mod::proxy_balancer(
   Boolean $manager                   = false,
   Stdlib::Absolutepath $manager_path = '/balancer-manager',
   Array $allow_from                  = ['127.0.0.1','::1'],
-  $apache_version                    = $apache::apache_version,
+  $apache_version                    = $::apache::apache_version,
 ) {
-  include apache::mod::proxy
-  include apache::mod::proxy_http
+
+  include ::apache::mod::proxy
+  include ::apache::mod::proxy_http
   if versioncmp($apache_version, '2.4') >= 0 {
     ::apache::mod { 'slotmem_shm': }
   }
@@ -31,14 +15,14 @@ class apache::mod::proxy_balancer (
   Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_balancer']
   ::apache::mod { 'proxy_balancer': }
   if $manager {
-    include apache::mod::status
+    include ::apache::mod::status
     file { 'proxy_balancer.conf':
       ensure  => file,
-      path    => "${apache::mod_dir}/proxy_balancer.conf",
-      mode    => $apache::file_mode,
+      path    => "${::apache::mod_dir}/proxy_balancer.conf",
+      mode    => $::apache::file_mode,
       content => template('apache/mod/proxy_balancer.conf.erb'),
-      require => Exec["mkdir ${apache::mod_dir}"],
-      before  => File[$apache::mod_dir],
+      require => Exec["mkdir ${::apache::mod_dir}"],
+      before  => File[$::apache::mod_dir],
       notify  => Class['apache::service'],
     }
   }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_connect.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_connect.pp
index e09cab079..cda5b89dc 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_connect.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_connect.pp
@@ -1,15 +1,7 @@
-# @summary
-#   Installs `mod_proxy_connect`.
-# 
-# @param apache_version
-#   Used to verify that the Apache version you have requested is compatible with the module.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_proxy_connect.html for additional documentation.
-#
 class apache::mod::proxy_connect (
   $apache_version  = undef,
 ) {
-  include apache
+  include ::apache
   $_apache_version = pick($apache_version, $apache::apache_version)
   if versioncmp($_apache_version, '2.2') >= 0 {
     Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_connect']
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_fcgi.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_fcgi.pp
index 84bc3d178..21473eb76 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_fcgi.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_fcgi.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_proxy_fcgi`.
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_proxy_fcgi.html for additional documentation.
-#
 class apache::mod::proxy_fcgi {
   Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_fcgi']
   ::apache::mod { 'proxy_fcgi': }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_html.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_html.pp
index 0205af848..94259bd77 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_html.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_html.pp
@@ -1,10 +1,5 @@
-# @summary
-#   Installs `mod_proxy_html`.
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_proxy_html.html for additional documentation.
-#
 class apache::mod::proxy_html {
-  include apache
+  include ::apache
   Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_html']
   Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_html']
 
@@ -19,28 +14,15 @@ class apache::mod::proxy_html {
         'i686'  => 'i386',
         default => $::hardwaremodel,
       }
-      case $::operatingsystem {
-        'Ubuntu': {
-          $loadfiles = $facts['operatingsystemmajrelease'] ? {
-            '10'    => ['/usr/lib/libxml2.so.2'],
-            default => ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"],
-          }
-        }
-        'Debian': {
-          $loadfiles = $facts['operatingsystemmajrelease'] ? {
-            '6'     => ['/usr/lib/libxml2.so.2'],
-            default => ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"],
-          }
-        }
-        default: {
-          $loadfiles = ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"]
-        }
+      $loadfiles = $::apache::params::distrelease ? {
+        '6'     => ['/usr/lib/libxml2.so.2'],
+        '10'    => ['/usr/lib/libxml2.so.2'],
+        default => ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"],
       }
-      if versioncmp($apache::apache_version, '2.4') >= 0 {
+      if versioncmp($::apache::apache_version, '2.4') >= 0 {
         ::apache::mod { 'xml2enc': }
       }
     }
-    default: {}
   }
 
   ::apache::mod { 'proxy_html':
@@ -50,11 +32,11 @@ class apache::mod::proxy_html {
   # Template uses $icons_path
   file { 'proxy_html.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/proxy_html.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/proxy_html.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/proxy_html.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_http.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_http.pp
index b80857c20..1579e68ee 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_http.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_http.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_proxy_http`.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_proxy_http.html for additional documentation.
-#
 class apache::mod::proxy_http {
   Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_http']
   ::apache::mod { 'proxy_http': }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_wstunnel.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_wstunnel.pp
index a7dc00f0f..290954b74 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_wstunnel.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/proxy_wstunnel.pp
@@ -1,10 +1,5 @@
-# @summary
-#   Installs `mod_proxy_wstunnel`.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html for additional documentation.
-#
 class apache::mod::proxy_wstunnel {
-  include apache, apache::mod::proxy
+  include ::apache, ::apache::mod::proxy
   Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_wstunnel']
   ::apache::mod { 'proxy_wstunnel': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/python.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/python.pp
index 91f1d3818..75af35011 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/python.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/python.pp
@@ -1,16 +1,6 @@
-# @summary
-#   Installs and configures `mod_python`.
-# 
-# @param loadfile_name
-#   Sets the name of the configuration file that is used to load the python module.
-# 
-# @see https://github.com/grisha/mod_python for additional documentation.
-#
-class apache::mod::python (
-  Optional[String] $loadfile_name = undef,
-) {
-  include apache
-  ::apache::mod { 'python':
-    loadfile_name => $loadfile_name,
-  }
+class apache::mod::python {
+  include ::apache
+  ::apache::mod { 'python': }
 }
+
+
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/remoteip.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/remoteip.pp
index addc966fa..92010cf96 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/remoteip.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/remoteip.pp
@@ -1,114 +1,30 @@
-# @summary 
-#   Installs and configures `mod_remoteip`.
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_remoteip.html
-#
-# @param header
-#   The header field in which `mod_remoteip` will look for the useragent IP.
-#
-# @param internal_proxy
-#   A list of IP addresses, IP blocks or hostname that are trusted to set a
-#   valid value inside specified header. Unlike the `$trusted_proxy_ips`
-#   parameter, any IP address (including private addresses) presented by these
-#   proxies will trusted by `mod_remoteip`.
-#
-# @param proxy_ips
-#   *Deprecated*: use `$internal_proxy` instead.
-#
-# @param internal_proxy_list
-#   The path to a file containing a list of IP addresses, IP blocks or hostname
-#   that are trusted to set a valid value inside the specified header. See
-#   `$internal_proxy` for details.
-#
-# @param proxies_header
-#   A header into which `mod_remoteip` will collect a list of all of the
-#   intermediate client IP addresses trusted to resolve the useragent IP of the
-#   request (e.g. `X-Forwarded-By`).
-#
-# @param proxy_protocol
-#   Wether or not to enable the PROXY protocol header handling. If enabled
-#   upstream clients must set the header every time they open a connection.
-#
-# @param proxy_protocol_exceptions
-#   A list of IP address or IP blocks that are not required to use the PROXY
-#   protocol.
-#
-# @param trusted_proxy
-#   A list of IP addresses, IP blocks or hostname that are trusted to set a
-#   valid value inside the specified header. Unlike the `$proxy_ips` parameter,
-#   any private IP presented by these proxies will be disgarded by
-#   `mod_remoteip`.
-#
-# @param trusted_proxy_ips
-#   *Deprecated*: use `$trusted_proxy` instead.
-#
-# @param trusted_proxy_list
-#   The path to a file containing a list of IP addresses, IP blocks or hostname
-#   that are trusted to set a valid value inside the specified header. See
-#   `$trusted_proxy` for details.
-#
-# @param apache_version
-#   A version string used to validate that your apache version supports
-#   `mod_remoteip`. If not specified, `$::apache::apache_version` is used.
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_remoteip.html for additional documentation.
-#
 class apache::mod::remoteip (
-  String                                                     $header                    = 'X-Forwarded-For',
-  Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $internal_proxy            = undef,
-  Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $proxy_ips                 = undef,
-  Optional[Stdlib::Absolutepath]                             $internal_proxy_list       = undef,
-  Optional[String]                                           $proxies_header            = undef,
-  Boolean                                                    $proxy_protocol            = false,
-  Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $proxy_protocol_exceptions = undef,
-  Optional[Array[Stdlib::Host]]                              $trusted_proxy             = undef,
-  Optional[Array[Stdlib::Host]]                              $trusted_proxy_ips         = undef,
-  Optional[Stdlib::Absolutepath]                             $trusted_proxy_list        = undef,
-  Optional[String]                                           $apache_version            = undef,
+  $header            = 'X-Forwarded-For',
+  $proxy_ips         = [ '127.0.0.1' ],
+  $proxies_header    = undef,
+  $trusted_proxy_ips = undef,
+  $apache_version    = undef,
 ) {
-  include apache
-
+  include ::apache
   $_apache_version = pick($apache_version, $apache::apache_version)
   if versioncmp($_apache_version, '2.4') < 0 {
     fail('mod_remoteip is only available in Apache 2.4')
   }
 
-  if $proxy_ips {
-    deprecation('apache::mod::remoteip::proxy_ips', 'This parameter is deprecated, please use `internal_proxy`.')
-    $_internal_proxy = $proxy_ips
-  } elsif $internal_proxy {
-    $_internal_proxy = $internal_proxy
-  } else {
-    $_internal_proxy = ['127.0.0.1']
-  }
-
-  if $trusted_proxy_ips {
-    deprecation('apache::mod::remoteip::trusted_proxy_ips', 'This parameter is deprecated, please use `trusted_proxy`.')
-    $_trusted_proxy = $trusted_proxy_ips
-  } else {
-    $_trusted_proxy = $trusted_proxy
-  }
-
   ::apache::mod { 'remoteip': }
 
-  $template_parameters = {
-    header                    => $header,
-    internal_proxy            => $_internal_proxy,
-    internal_proxy_list       => $internal_proxy_list,
-    proxies_header            => $proxies_header,
-    proxy_protocol            => $proxy_protocol,
-    proxy_protocol_exceptions => $proxy_protocol_exceptions,
-    trusted_proxy             => $_trusted_proxy,
-    trusted_proxy_list        => $trusted_proxy_list,
-  }
-
+  # Template uses:
+  # - $header
+  # - $proxy_ips
+  # - $proxies_header
+  # - $trusted_proxy_ips
   file { 'remoteip.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/remoteip.conf",
-    mode    => $apache::file_mode,
-    content => epp('apache/mod/remoteip.conf.epp', $template_parameters),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
-    notify  => Class['apache::service'],
+    path    => "${::apache::mod_dir}/remoteip.conf",
+    mode    => $::apache::file_mode,
+    content => template('apache/mod/remoteip.conf.erb'),
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
+    notify  => Service['httpd'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/reqtimeout.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/reqtimeout.pp
index a971e045d..f166f6d6f 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/reqtimeout.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/reqtimeout.pp
@@ -1,24 +1,15 @@
-# @summary
-#   Installs and configures `mod_reqtimeout`.
-# 
-# @param timeouts
-#   List of timeouts and data rates for receiving requests.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html for additional documentation.
-#
 class apache::mod::reqtimeout (
   $timeouts = ['header=20-40,minrate=500', 'body=10,minrate=500']
-) {
-  include apache
+){
+  include ::apache
   ::apache::mod { 'reqtimeout': }
   # Template uses no variables
   file { 'reqtimeout.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/reqtimeout.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/reqtimeout.conf",
     content => template('apache/mod/reqtimeout.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/rewrite.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/rewrite.pp
index 06986d1e8..694f0b6f5 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/rewrite.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/rewrite.pp
@@ -1,9 +1,4 @@
-# @summary
-#   Installs `mod_rewrite`.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_rewrite.html for additional documentation.
-#
 class apache::mod::rewrite {
-  include apache::params
+  include ::apache::params
   ::apache::mod { 'rewrite': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/rpaf.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/rpaf.pp
index 7e4bab23e..b9afa149f 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/rpaf.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/rpaf.pp
@@ -1,27 +1,10 @@
-# @summary
-#   Installs and configures `mod_rpaf`.
-# 
-# @param sethostname
-#   Toggles whether to update vhost name so ServerName and ServerAlias work.
-# 
-# @param proxy_ips
-#   List of IPs & bitmasked subnets to adjust requests for
-#
-# @param header
-#   Header to use for the real IP address.
-#
-# @param template
-#   Path to template to use for configuring mod_rpaf.
-#
-# @see https://github.com/gnif/mod_rpaf for additional documentation.
-#
 class apache::mod::rpaf (
   $sethostname = true,
-  $proxy_ips   = ['127.0.0.1'],
+  $proxy_ips   = [ '127.0.0.1' ],
   $header      = 'X-Forwarded-For',
   $template    = 'apache/mod/rpaf.conf.erb'
 ) {
-  include apache
+  include ::apache
   ::apache::mod { 'rpaf': }
 
   # Template uses:
@@ -30,11 +13,11 @@ class apache::mod::rpaf (
   # - $header
   file { 'rpaf.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/rpaf.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/rpaf.conf",
+    mode    => $::apache::file_mode,
     content => template($template),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/security.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/security.pp
index 4234f4088..95c58a033 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/security.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/security.pp
@@ -1,112 +1,13 @@
-# @summary
-#   Installs and configures `mod_security`.
-# 
-# @param version
-#   Manage mod_security or mod_security2
-#
-# @param logroot
-#   Configures the location of audit and debug logs.
-# 
-# @param crs_package
-#   Name of package that installs CRS rules.
-# 
-# @param activated_rules
-#   An array of rules from the modsec_crs_path or absolute to activate via symlinks.
-# 
-# @param modsec_dir
-#   Defines the path where Puppet installs the modsec configuration and activated rules links.
-# 
-# @param modsec_secruleengine
-#   Configures the rules engine.
-# 
-# @param audit_log_relevant_status
-#   Configures which response status code is to be considered relevant for the purpose of audit logging.
-# 
-# @param audit_log_parts
-#   Defines which parts of each transaction are going to be recorded in the audit log. Each part is assigned a single letter; when a
-#   letter appears in the list then the equivalent part will be recorded.
-# 
-# @param audit_log_type
-#   Defines the type of audit logging mechanism to be used.
-# 
-# @param audit_log_storage_dir
-#   Defines the directory where concurrent audit log entries are to be stored. This directive is only needed when concurrent audit logging is used.
-# 
-# @param secpcrematchlimit
-#   Sets the match limit in the PCRE library.
-# 
-# @param secpcrematchlimitrecursion
-#   Sets the match limit recursion in the PCRE library.
-# 
-# @param allowed_methods
-#   A space-separated list of allowed HTTP methods.
-# 
-# @param content_types
-#   A list of one or more allowed MIME types.
-# 
-# @param restricted_extensions
-#   A space-sparated list of prohibited file extensions.
-# 
-# @param restricted_headers
-#   A list of restricted headers separated by slashes and spaces.
-# 
-# @param secdefaultaction
-#   Defines the default list of actions, which will be inherited by the rules in the same configuration context.
-# 
-# @param anomaly_score_blocking
-#   Activates or deactivates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set.
-# 
-# @param inbound_anomaly_threshold
-#   Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
-# 
-# @param outbound_anomaly_threshold
-#   Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
-# 
-# @param critical_anomaly_score
-#   Sets the Anomaly Score for rules assigned with a critical severity.
-# 
-# @param error_anomaly_score
-#   Sets the Anomaly Score for rules assigned with a error severity.
-# 
-# @param warning_anomaly_score
-#   Sets the Anomaly Score for rules assigned with a warning severity.
-# 
-# @param notice_anomaly_score
-#   Sets the Anomaly Score for rules assigned with a notice severity.
-# 
-# @param secrequestmaxnumargs
-#   Sets the maximum number of arguments in the request.
-# 
-# @param secrequestbodylimit
-#   Sets the maximum request body size ModSecurity will accept for buffering.
-# 
-# @param secrequestbodynofileslimit
-#   Configures the maximum request body size ModSecurity will accept for buffering, excluding the size of any files being transported 
-#   in the request.
-# 
-# @param secrequestbodyinmemorylimit
-#   Configures the maximum request body size that ModSecurity will store in memory.
-# 
-# @param manage_security_crs
-#   Toggles whether to manage ModSecurity Core Rule Set 
-#
-# @see https://github.com/SpiderLabs/ModSecurity/wiki for additional documentation.
-#
 class apache::mod::security (
-  $logroot                    = $apache::params::logroot,
-  $version                     = $apache::params::modsec_version,
-  $crs_package                 = $apache::params::modsec_crs_package,
-  $activated_rules             = $apache::params::modsec_default_rules,
-  $custom_rules                = $apache::params::modsec_custom_rules,
-  $custom_rules_set            = $apache::params::modsec_custom_rules_set,
-  $modsec_dir                  = $apache::params::modsec_dir,
-  $modsec_secruleengine        = $apache::params::modsec_secruleengine,
+  $logroot                    = $::apache::params::logroot,
+  $crs_package                 = $::apache::params::modsec_crs_package,
+  $activated_rules             = $::apache::params::modsec_default_rules,
+  $modsec_dir                  = $::apache::params::modsec_dir,
+  $modsec_secruleengine        = $::apache::params::modsec_secruleengine,
   $audit_log_relevant_status   = '^(?:5|4(?!04))',
-  $audit_log_parts             = $apache::params::modsec_audit_log_parts,
-  $audit_log_type              = $apache::params::modsec_audit_log_type,
-  $audit_log_storage_dir       = undef,
-  $secpcrematchlimit           = $apache::params::secpcrematchlimit,
-  $secpcrematchlimitrecursion  = $apache::params::secpcrematchlimitrecursion,
+  $audit_log_parts             = $::apache::params::modsec_audit_log_parts,
+  $secpcrematchlimit           = $::apache::params::secpcrematchlimit,
+  $secpcrematchlimitrecursion  = $::apache::params::secpcrematchlimitrecursion,
   $allowed_methods             = 'GET HEAD POST OPTIONS',
   $content_types               = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf',
   $restricted_extensions       = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/',
@@ -125,7 +26,7 @@ class apache::mod::security (
   $secrequestbodyinmemorylimit = '131072',
   $manage_security_crs         = true,
 ) inherits ::apache::params {
-  include apache
+  include ::apache
 
   $_secdefaultaction = $secdefaultaction ? {
     /log/   => $secdefaultaction, # it has log or nolog,auditlog or log,noauditlog
@@ -136,38 +37,26 @@ class apache::mod::security (
     fail('FreeBSD is not currently supported')
   }
 
-  if ($::osfamily == 'Suse' and versioncmp($::operatingsystemrelease, '11') < 0) {
+  if ($::osfamily == 'Suse' and $::operatingsystemrelease < '11') {
     fail('SLES 10 is not currently supported.')
   }
 
-  case $version {
-    1: {
-      $mod_name = 'security'
-      $mod_conf_name = 'security.conf'
-    }
-    2: {
-      $mod_name = 'security2'
-      $mod_conf_name = 'security2.conf'
-    }
-    default: {
-      fail('Unsuported version for mod security')
-    }
-  }
-  ::apache::mod { $mod_name:
+  ::apache::mod { 'security':
     id  => 'security2_module',
     lib => 'mod_security2.so',
   }
 
+
   ::apache::mod { 'unique_id_module':
     id  => 'unique_id_module',
     lib => 'mod_unique_id.so',
   }
 
-  if $crs_package {
+  if $crs_package  {
     package { $crs_package:
       ensure => 'installed',
       before => [
-        File[$apache::confd_dir],
+        File[$::apache::confd_dir],
         File[$modsec_dir],
       ],
     }
@@ -177,8 +66,6 @@ class apache::mod::security (
   # - logroot
   # - $modsec_dir
   # - $audit_log_parts
-  # - $audit_log_type
-  # - $audit_log_storage_dir
   # - secpcrematchlimit
   # - secpcrematchlimitrecursion
   # - secrequestbodylimit
@@ -187,12 +74,12 @@ class apache::mod::security (
   file { 'security.conf':
     ensure  => file,
     content => template('apache/mod/security.conf.erb'),
-    mode    => $apache::file_mode,
-    path    => "${apache::mod_dir}/${mod_conf_name}",
-    owner   => $apache::params::user,
-    group   => $apache::params::group,
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    mode    => $::apache::file_mode,
+    path    => "${::apache::mod_dir}/security.conf",
+    owner   => $::apache::params::user,
+    group   => $::apache::params::group,
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 
@@ -209,8 +96,8 @@ class apache::mod::security (
 
   file { "${modsec_dir}/activated_rules":
     ensure  => directory,
-    owner   => $apache::params::user,
-    group   => $apache::params::group,
+    owner   => $::apache::params::user,
+    group   => $::apache::params::group,
     mode    => '0555',
     purge   => true,
     force   => true,
@@ -218,27 +105,6 @@ class apache::mod::security (
     notify  => Class['apache::service'],
   }
 
-  if $custom_rules {
-    # Template to add custom rule and included in security configuration
-    file {"${modsec_dir}/custom_rules":
-      ensure  => directory,
-      owner   => $apache::params::user,
-      group   => $apache::params::group,
-      mode    => $apache::file_mode,
-      require => File[$modsec_dir],
-    }
-
-    file { "${modsec_dir}/custom_rules/custom_01_rules.conf":
-      ensure  => file,
-      owner   => $apache::params::user,
-      group   => $apache::params::group,
-      mode    => $apache::file_mode,
-      content => template('apache/mod/security_custom.conf.erb'),
-      require => File["${modsec_dir}/custom_rules"],
-      notify  => Class['apache::service'],
-    }
-  }
-
   if $manage_security_crs {
     # Template uses:
     # - $_secdefaultaction
@@ -260,10 +126,8 @@ class apache::mod::security (
       require => File[$modsec_dir],
       notify  => Class['apache::service'],
     }
-
-    # Debian 9 has a different rule setup
-    unless $::operatingsystem == 'SLES' or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) {
-      apache::security::rule_link { $activated_rules: }
-    }
   }
+
+  unless $::operatingsystem == 'SLES' { apache::security::rule_link { $activated_rules: } }
+
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/setenvif.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/setenvif.pp
index 6b3586a7a..d7baf582e 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/setenvif.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/setenvif.pp
@@ -1,19 +1,14 @@
-# @summary
-#   Installs `mod_setenvif`.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_setenvif.html for additional documentation.
-#
 class apache::mod::setenvif {
-  include apache
+  include ::apache
   ::apache::mod { 'setenvif': }
   # Template uses no variables
   file { 'setenvif.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/setenvif.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/setenvif.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/setenvif.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/shib.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/shib.pp
index 85946a10b..318a3a340 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/shib.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/shib.pp
@@ -1,42 +1,17 @@
-# @summary
-#   Installs and configures `mod_shib`.
-# 
-# @param suppress_warning
-#   Toggles whether to trigger warning on RedHat nodes.
-# 
-# @param mod_full_path
-#   Specifies a path to the module. Do not manually set this parameter without a special reason.
-# 
-# @param package_name
-#   Name of the Shibboleth package to be installed.
-# 
-# @param mod_lib
-#   Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter 
-#   overrides this value. 
-#
-# This class installs and configures only the Apache components of a web application that consumes Shibboleth SSO identities. You
-# can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth).
-# 
-# @note
-#   The Shibboleth module isn't available on RH/CentOS without providing dependency packages provided by Shibboleth's repositories. 
-#   See the [Shibboleth Service Provider Installation Guide](http://wiki.aaf.edu.au/tech-info/sp-install-guide).
-#
-# @see https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig for additional documentation.
-# @note Unsupported platforms: RedHat: all; CentOS: all; Scientific: all; SLES: all; Debian: 7, 8; Ubuntu: all; OracleLinux: all
 class apache::mod::shib (
   $suppress_warning = false,
   $mod_full_path    = undef,
   $package_name     = undef,
   $mod_lib          = undef,
 ) {
-  include apache
+  include ::apache
   if $::osfamily == 'RedHat' and ! $suppress_warning {
     warning('RedHat distributions do not have Apache mod_shib in their default package repositories.')
   }
 
   $mod_shib = 'shib2'
 
-  apache::mod { $mod_shib:
+  apache::mod {$mod_shib:
     id      => 'mod_shib',
     path    => $mod_full_path,
     package => $package_name,
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/socache_shmcb.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/socache_shmcb.pp
index e9be75dce..7bfb4c6b5 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/socache_shmcb.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/socache_shmcb.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_socache_shmcb`.
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_socache_shmcb.html for additional documentation.
-#
 class apache::mod::socache_shmcb {
-  ::apache::mod { 'socache_shmcb': }
-}
+    ::apache::mod { 'socache_shmcb': }
+}
\ No newline at end of file
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/speling.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/speling.pp
index 538e8ffa6..fbd19d373 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/speling.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/speling.pp
@@ -1,9 +1,4 @@
-# @summary
-#   Installs `mod_spelling`.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_speling.html for additional documentation.
-#
 class apache::mod::speling {
-  include apache
+  include ::apache
   ::apache::mod { 'speling': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/ssl.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/ssl.pp
index 20acb814e..d27b6b8ee 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/ssl.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/ssl.pp
@@ -1,111 +1,26 @@
-# @summary
-#   Installs `mod_ssl`.
-# 
-# @param ssl_compression
-#   Enable compression on the SSL level.
-#
-# @param ssl_cryptodevice
-#   Enable use of a cryptographic hardware accelerator.
-#
-# @param ssl_options
-#   Configure various SSL engine run-time options.
-#
-# @param ssl_openssl_conf_cmd
-#   Configure OpenSSL parameters through its SSL_CONF API.
-#
-# @param ssl_cert
-#   Path to server PEM-encoded X.509 certificate data file.
-#
-# @param ssl_key
-#   Path to server PEM-encoded private key file
-#
-# @param ssl_ca
-#   File of concatenated PEM-encoded CA Certificates for Client Auth.
-#
-# @param ssl_cipher
-#   Cipher Suite available for negotiation in SSL handshake.
-#
-# @param ssl_honorcipherorder
-#   Option to prefer the server's cipher preference order.
-#
-# @param ssl_protocol
-#   Configure usable SSL/TLS protocol versions.
-#   Default based on the OS:
-#   - RedHat 8: [ 'all' ].
-#   - Other Platforms: [ 'all', '-SSLv2', '-SSLv3' ].
-#
-# @param ssl_proxy_protocol
-#   Configure usable SSL protocol flavors for proxy usage.
-#
-# @param ssl_pass_phrase_dialog
-#   Type of pass phrase dialog for encrypted private keys.
-#
-# @param ssl_random_seed_bytes
-#   Pseudo Random Number Generator (PRNG) seeding source.
-#
-# @param ssl_sessioncache
-#   Configures the storage type of the global/inter-process SSL Session Cache
-#
-# @param ssl_sessioncachetimeout
-#   Number of seconds before an SSL session expires in the Session Cache.
-#
-# @param ssl_stapling
-#   Enable stapling of OCSP responses in the TLS handshake.
-#
-# @param ssl_stapling_return_errors
-#   Pass stapling related OCSP errors on to client.
-#
-# @param ssl_mutex
-#   Configures mutex mechanism and lock file directory for all or specified mutexes.
-#   Default based on the OS and/or Apache version:
-#   - RedHat/FreeBSD/Suse/Gentoo: 'default'.
-#   - Debian/Ubuntu + Apache >= 2.4: 'default'.
-#   - Debian/Ubuntu + Apache < 2.4: 'file:${APACHE_RUN_DIR}/ssl_mutex'.
-#
-# @param ssl_reload_on_change
-#   Enable reloading of apache if the content of ssl files have changed. It only affects ssl files configured here and not vhost ones.
-#
-# @param apache_version
-#   Used to verify that the Apache version you have requested is compatible with the module.
-#
-# @param package_name
-#   Name of ssl package to install.
-#
-# On most operating systems, the ssl.conf is placed in the module configuration directory. On Red Hat based operating systems, this
-# file is placed in /etc/httpd/conf.d, the same location in which the RPM stores the configuration.
-#
-# To use SSL with a virtual host, you must either set the default_ssl_vhost parameter in ::apache to true or the ssl parameter in 
-# apache::vhost to true.
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_ssl.html for additional documentation.
-#
 class apache::mod::ssl (
   Boolean $ssl_compression                                  = false,
-  Optional[Boolean] $ssl_sessiontickets                     = undef,
   $ssl_cryptodevice                                         = 'builtin',
-  $ssl_options                                              = ['StdEnvVars'],
+  $ssl_options                                              = [ 'StdEnvVars' ],
   $ssl_openssl_conf_cmd                                     = undef,
-  Optional[String] $ssl_cert                                = undef,
-  Optional[String] $ssl_key                                 = undef,
   $ssl_ca                                                   = undef,
   $ssl_cipher                                               = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES',
   Variant[Boolean, Enum['on', 'off']] $ssl_honorcipherorder = true,
-  $ssl_protocol                                             = $apache::params::ssl_protocol,
+  $ssl_protocol                                             = [ 'all', '-SSLv2', '-SSLv3' ],
   Array $ssl_proxy_protocol                                 = [],
   $ssl_pass_phrase_dialog                                   = 'builtin',
   $ssl_random_seed_bytes                                    = '512',
-  String $ssl_sessioncache                                  = $apache::params::ssl_sessioncache,
+  String $ssl_sessioncache                                  = $::apache::params::ssl_sessioncache,
   $ssl_sessioncachetimeout                                  = '300',
   Boolean $ssl_stapling                                     = false,
-  Optional[String] $stapling_cache                          = undef,
   Optional[Boolean] $ssl_stapling_return_errors             = undef,
   $ssl_mutex                                                = undef,
-  Boolean $ssl_reload_on_change                             = false,
   $apache_version                                           = undef,
   $package_name                                             = undef,
 ) inherits ::apache::params {
-  include apache
-  include apache::mod::mime
+
+  include ::apache
+  include ::apache::mod::mime
   $_apache_version = pick($apache_version, $apache::apache_version)
   if $ssl_mutex {
     $_ssl_mutex = $ssl_mutex
@@ -114,6 +29,8 @@ class apache::mod::ssl (
       'debian': {
         if versioncmp($_apache_version, '2.4') >= 0 {
           $_ssl_mutex = 'default'
+        } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' {
+          $_ssl_mutex = 'file:/var/run/apache2/ssl_mutex'
         } else {
           $_ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex"
         }
@@ -136,7 +53,7 @@ class apache::mod::ssl (
     }
   }
 
-  if $ssl_honorcipherorder =~ Boolean {
+  if is_bool($ssl_honorcipherorder) {
     $_ssl_honorcipherorder = $ssl_honorcipherorder
   } else {
     $_ssl_honorcipherorder = $ssl_honorcipherorder ? {
@@ -146,23 +63,19 @@ class apache::mod::ssl (
     }
   }
 
-  if $stapling_cache =~ Undef {
-    $_stapling_cache = $::osfamily ? {
-      'debian'  => "\${APACHE_RUN_DIR}/ocsp(32768)",
-      'redhat'  => '/run/httpd/ssl_stapling(32768)',
-      'freebsd' => '/var/run/ssl_stapling(32768)',
-      'gentoo'  => '/var/run/ssl_stapling(32768)',
-      'Suse'    => '/var/lib/apache2/ssl_stapling(32768)',
-    }
-  } else {
-    $_stapling_cache = $stapling_cache
+  $stapling_cache = $::osfamily ? {
+    'debian'  => "\${APACHE_RUN_DIR}/ocsp(32768)",
+    'redhat'  => '/run/httpd/ssl_stapling(32768)',
+    'freebsd' => '/var/run/ssl_stapling(32768)',
+    'gentoo'  => '/var/run/ssl_stapling(32768)',
+    'Suse'    => '/var/lib/apache2/ssl_stapling(32768)',
   }
 
   if $::osfamily == 'Suse' {
-    if defined(Class['::apache::mod::worker']) {
+    if defined(Class['::apache::mod::worker']){
       $suse_path = '/usr/lib64/apache2-worker'
     } else {
-      $suse_path = '/usr/lib64/apache2-prefork'
+      $suse_path = '/usr/lib64/apache2-worker'
     }
     ::apache::mod { 'ssl':
       package  => $package_name,
@@ -175,31 +88,12 @@ class apache::mod::ssl (
   }
 
   if versioncmp($_apache_version, '2.4') >= 0 {
-    include apache::mod::socache_shmcb
-  }
-
-  if $ssl_reload_on_change {
-    [$ssl_cert, $ssl_key, $ssl_ca].each |$ssl_file| {
-      if $ssl_file {
-        include apache::mod::ssl::reload
-        $_ssl_file_copy = regsubst($ssl_file, '/', '_', 'G')
-        file { $_ssl_file_copy:
-          path    => "${apache::params::puppet_ssl_dir}/${_ssl_file_copy}",
-          source  => "file://${ssl_file}",
-          owner   => 'root',
-          group   => $apache::params::root_group,
-          mode    => '0640',
-          seltype => 'cert_t',
-          notify  => Class['apache::service'],
-        }
-      }
-    }
+    include ::apache::mod::socache_shmcb
   }
 
   # Template uses
   #
   # $ssl_compression
-  # $ssl_sessiontickets
   # $ssl_cryptodevice
   # $ssl_ca
   # $ssl_cipher
@@ -207,18 +101,18 @@ class apache::mod::ssl (
   # $ssl_options
   # $ssl_openssl_conf_cmd
   # $ssl_sessioncache
-  # $_stapling_cache
+  # $stapling_cache
   # $ssl_mutex
   # $ssl_random_seed_bytes
   # $ssl_sessioncachetimeout
   # $_apache_version
   file { 'ssl.conf':
     ensure  => file,
-    path    => $apache::_ssl_file,
-    mode    => $apache::file_mode,
+    path    => $::apache::_ssl_file,
+    mode    => $::apache::file_mode,
     content => template('apache/mod/ssl.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/status.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/status.pp
index ddd969049..54d0d8887 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/status.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/status.pp
@@ -1,66 +1,48 @@
-# @summary
-#   Installs and configures `mod_status`.
+# Class: apache::mod::status
 #
-# @param allow_from
-#   Array of hosts, ip addresses, partial network numbers or networks, in CIDR notation specifying what hosts can view the special
-#   /server-status URL.  Defaults to ['127.0.0.1', '::1']. 
-#   > Creates Apache < 2.4 directive "Allow from".
+# This class enables and configures Apache mod_status
+# See: http://httpd.apache.org/docs/current/mod/mod_status.html
 #
-# @param requires
-#   A Variant type that can be:
-#   - String with:
-#     - '' or 'unmanaged' - Host auth control done elsewhere
-#     - 'ip <List of IPs>' - Allowed IPs/ranges
-#     - 'host <List of names>' - Allowed names/domains
-#     - 'all [granted|denied]'
-#   - Array of strings with ip or host as above
-#   - Hash with following keys:
-#     - 'requires' - Value => Array as above
-#     - 'enforce' - Value => String 'Any', 'All' or 'None'
-#       This encloses "Require" directives in "<Require(Any|All|None)>" block
-#       Optional - If unspecified, "Require" directives follow current flow
-#   > Creates Apache >= 2.4 directives "Require"
+# Parameters:
+# - $allow_from is an array of hosts, ip addresses, partial network numbers
+#   or networks in CIDR notation specifying what hosts can view the special
+#   /server-status URL.  Defaults to ['127.0.0.1', '::1'].
+# - $extended_status track and display extended status information. Valid
+#   values are 'On' or 'Off'.  Defaults to 'On'.
+# - $status_path is the path assigned to the Location directive which
+#   defines the URL to access the server status. Defaults to '/server-status'.
 #
-# @param extended_status
-#   Determines whether to track extended status information for each request, via the ExtendedStatus directive.
+# Actions:
+# - Enable and configure Apache mod_status
 #
-# @param status_path 
-#   Path assigned to the Location directive which defines the URL to access the server status.
+# Requires:
+# - The apache class
 #
-# @param apache_version
-#   Used to verify that the Apache version you have requested is compatible with the module.
+# Sample Usage:
 #
-# @example
-#   # Simple usage allowing access from localhost and a private subnet
-#   class { 'apache::mod::status':
-#     $allow_from => ['127.0.0.1', '10.10.10.10/24'],
-#   }
-#
-# @see http://httpd.apache.org/docs/current/mod/mod_status.html for additional documentation.
+#  # Simple usage allowing access from localhost and a private subnet
+#  class { 'apache::mod::status':
+#    $allow_from => ['127.0.0.1', '10.10.10.10/24'],
+#  }
 #
 class apache::mod::status (
-  Optional[Array] $allow_from                      = undef,
-  Optional[Variant[String, Array, Hash]] $requires = undef,
-  Enum['On', 'Off', 'on', 'off'] $extended_status  = 'On',
-  $apache_version                                  = undef,
-  $status_path                                     = '/server-status',
+  Array $allow_from                               = ['127.0.0.1','::1'],
+  Enum['On', 'Off', 'on', 'off'] $extended_status = 'On',
+  $apache_version                                 = undef,
+  $status_path                                    = '/server-status',
 ) inherits ::apache::params {
-  include apache
+
+  include ::apache
   $_apache_version = pick($apache_version, $apache::apache_version)
   ::apache::mod { 'status': }
-
-  # Defaults for "Allow from" or "Require" directives
-  $allow_defaults = ['127.0.0.1','::1']
-  $requires_defaults = 'ip 127.0.0.1 ::1'
-
   # Template uses $allow_from, $extended_status, $_apache_version, $status_path
   file { 'status.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/status.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/status.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/status.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/suexec.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/suexec.pp
index b6a28b1f1..ded013d49 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/suexec.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/suexec.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs `mod_suexec`.
-#
-# @see https://httpd.apache.org/docs/current/mod/mod_suexec.html for additional documentation.
-#
 class apache::mod::suexec {
   ::apache::mod { 'suexec': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/suphp.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/suphp.pp
index ae8841321..955bba302 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/suphp.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/suphp.pp
@@ -1,23 +1,16 @@
-# @summary
-#   Installs `mod_suphp`.
-#
-# @see https://www.suphp.org/DocumentationView.html?file=apache/INSTALL for additional documentation.
-#
 class apache::mod::suphp (
-) {
-  if $facts['os']['family'] == 'Debian' {
-    fail("suphp was declared EOL by it's creators as of 2013 and so is no longer supported on Ubuntu 15.10/Debian 8 and above. Please use php-fpm")
-  }
-  include apache
+){
+  include ::apache
   ::apache::mod { 'suphp': }
 
-  file { 'suphp.conf':
+  file {'suphp.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/suphp.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/suphp.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/suphp.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
+
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/userdir.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/userdir.pp
index 67d7717dd..203b93dd1 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/userdir.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/userdir.pp
@@ -1,61 +1,23 @@
-# @summary
-#   Installs and configures `mod_userdir`.
-# 
-# @param home
-#   *Deprecated* Path to system home directory.
-#   
-# @param dir
-#   *Deprecated* Path from user's home directory to public directory.
-#
-# @param userdir
-#   Path or directory name to be used as the UserDir.
-#
-# @param disable_root
-#   Toggles whether to allow use of root directory.
-# 
-# @param apache_version
-#   Used to verify that the Apache version you have requested is compatible with the module.
-# 
-# @param path
-#   Path to directory or pattern from which to find user-specific directories.
-# 
-# @param overrides
-#   Array of directives that are allowed in .htaccess files.
-# 
-# @param options
-#   Configures what features are available in a particular directory.
-#
-# @param unmanaged_path
-#   Toggles whether to manage path in userdir.conf
-#
-# @param custom_fragment
-#   Custom configuration to be added to userdir.conf
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_userdir.html for additional documentation.
-#
 class apache::mod::userdir (
   $home = undef,
   $dir = undef,
-  Optional[String[1]] $userdir = undef,
   $disable_root = true,
   $apache_version = undef,
   $path = '/home/*/public_html',
-  $overrides = ['FileInfo', 'AuthConfig', 'Limit', 'Indexes'],
-  $options = ['MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec'],
-  $unmanaged_path = false,
-  $custom_fragment = undef,
+  $overrides = [ 'FileInfo', 'AuthConfig', 'Limit', 'Indexes' ],
+  $options = [ 'MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec' ],
 ) {
-  include apache
+  include ::apache
   $_apache_version = pick($apache_version, $apache::apache_version)
 
   if $home or $dir {
     $_home = $home ? {
       undef   => '/home',
-      default => $home,
+      default =>  $home,
     }
     $_dir = $dir ? {
       undef   => 'public_html',
-      default => $dir,
+      default =>  $dir,
     }
     warning('home and dir are deprecated; use path instead')
     $_path = "${_home}/*/${_dir}"
@@ -63,18 +25,16 @@ class apache::mod::userdir (
     $_path = $path
   }
 
-  $_userdir = pick($userdir, $_path)
-
   ::apache::mod { 'userdir': }
 
   # Template uses $home, $dir, $disable_root, $_apache_version
   file { 'userdir.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/userdir.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/userdir.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/userdir.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/version.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/version.pp
index 7dd89adce..1cc4412e1 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/version.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/version.pp
@@ -1,14 +1,7 @@
-# @summary
-#   Installs `mod_version`.
-# 
-# @param apache_version
-#   Used to verify that the Apache version you have requested is compatible with the module.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_version.html for additional documentation.
-#
-class apache::mod::version (
-  $apache_version = $apache::apache_version
+class apache::mod::version(
+  $apache_version = $::apache::apache_version
 ) {
+
   if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) {
     warning("${module_name}: module version_module is built-in and can't be loaded")
   } else {
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/vhost_alias.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/vhost_alias.pp
index 3ff6fd1aa..30ae122e1 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/vhost_alias.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/vhost_alias.pp
@@ -1,8 +1,3 @@
-# @summary
-#   Installs Apache `mod_vhost_alias`.
-# 
-# @see https://httpd.apache.org/docs/current/mod/mod_vhost_alias.html for additional documentation.
-#
 class apache::mod::vhost_alias {
   ::apache::mod { 'vhost_alias': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/worker.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/worker.pp
index d6b57b89b..00a9439b3 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/worker.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/worker.pp
@@ -1,46 +1,56 @@
-# @summary
-#   Installs and manages the MPM `worker`.
+# == Class: apache::mod::worker
 #
-# @param startservers
-#   The number of child server processes created on startup
 #
-# @param maxclients
-#   The max number of simultaneous requests that will be served.
+# === Parameters
+#
+#  [*startservers*]
+#   (optional) The number of child server processes created on startup
+#   Defaults is '2'
+#
+#  [*maxclients*]
+#   (optional) The max number of simultaneous requests that will be served.
 #   This is the old name and is still supported. The new name is
 #   MaxRequestWorkers as of 2.3.13.
+#   Default is '150'
 #
-# @param minsparethreads
-#   Minimum number of idle threads to handle request spikes.
+#  [*minsparethreads*]
+#   (optional) Minimum number of idle threads to handle request spikes.
+#   Default is '25'
 #
-# @param maxsparethreads
-#   Maximum number of idle threads.
+#  [*maxsparethreads*]
+#   (optional) Maximum number of idle threads.
+#   Default is '75'
 #
-# @param threadsperchild
-#   The number of threads created by each child process.
+#  [*threadsperchild*]
+#   (optional) The number of threads created by each child process.
+#   Default is '25'
 #
-# @param maxrequestsperchild
-#   Limit on the number of connectiojns an individual child server
+#  [*maxrequestsperchild*]
+#   (optional) Limit on the number of connectiojns an individual child server
 #   process will handle. This is the old name and is still supported. The new
 #   name is MaxConnectionsPerChild as of 2.3.9+.
+#   Default is '0'
 #
-# @param serverlimit
-#   With worker, use this directive only if your MaxRequestWorkers
+#  [*serverlimit*]
+#   (optional) With worker, use this directive only if your MaxRequestWorkers
 #   and ThreadsPerChild settings require more than 16 server processes
 #   (default). Do not set the value of this directive any higher than the
 #   number of server processes required by what you may want for
 #   MaxRequestWorkers and ThreadsPerChild.
+#   Default is '25'
 #
-# @param threadlimit
-#   This directive sets the maximum configured value for
+#  [*threadlimit*]
+#   (optional) This directive sets the maximum configured value for
 #   ThreadsPerChild for the lifetime of the Apache httpd process.
+#   Default is '64'
 #
-# @param listenbacklog
-#    Maximum length of the queue of pending connections.
+#  [*listenbacklog*]
+#    (optional) Maximum length of the queue of pending connections.
+#    Defaults is '511'
 #
-# @param apache_version
-#   Used to verify that the Apache version you have requested is compatible with the module.
-#
-# @see https://httpd.apache.org/docs/current/mod/worker.html for additional documentation.
+#  [*apache_version*]
+#   (optional)
+#   Default is $::apache::apache_version
 #
 class apache::mod::worker (
   $startservers        = '2',
@@ -54,7 +64,7 @@ class apache::mod::worker (
   $listenbacklog       = '511',
   $apache_version      = undef,
 ) {
-  include apache
+  include ::apache
   $_apache_version = pick($apache_version, $apache::apache_version)
 
   if defined(Class['apache::mod::event']) {
@@ -71,8 +81,8 @@ class apache::mod::worker (
   }
   File {
     owner => 'root',
-    group => $apache::params::root_group,
-    mode  => $apache::file_mode,
+    group => $::apache::params::root_group,
+    mode  => $::apache::file_mode,
   }
 
   # Template uses:
@@ -85,18 +95,19 @@ class apache::mod::worker (
   # - $serverlimit
   # - $threadLimit
   # - $listenbacklog
-  file { "${apache::mod_dir}/worker.conf":
+  file { "${::apache::mod_dir}/worker.conf":
     ensure  => file,
     content => template('apache/mod/worker.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 
   case $::osfamily {
     'redhat': {
+
       if versioncmp($_apache_version, '2.4') >= 0 {
-        ::apache::mpm { 'worker':
+        ::apache::mpm{ 'worker':
           apache_version => $_apache_version,
         }
       }
@@ -113,7 +124,7 @@ class apache::mod::worker (
     }
 
     'debian', 'freebsd': {
-      ::apache::mpm { 'worker':
+      ::apache::mpm{ 'worker':
         apache_version => $_apache_version,
       }
     }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/wsgi.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/wsgi.pp
index 0d326a4d5..6f9d4379a 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/wsgi.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/wsgi.pp
@@ -1,43 +1,12 @@
-# @summary
-#   Installs and configures `mod_wsgi`.
-# 
-# @param wsgi_restrict_embedded
-#   Enable restrictions on use of embedded mode.
-# 
-# @param wsgi_socket_prefix
-#   Configure directory to use for daemon sockets.
-# 
-# @param wsgi_python_path
-#   Additional directories to search for Python modules.
-# 
-# @param wsgi_python_home
-#   Absolute path to Python prefix/exec_prefix directories.
-# 
-# @param wsgi_python_optimize
-#   Enables basic Python optimisation features.
-# 
-# @param wsgi_application_group
-#   Sets which application group WSGI application belongs to.
-# 
-# @param package_name
-#   Names of package that installs mod_wsgi.
-# 
-# @param mod_path
-#   Defines the path to the mod_wsgi shared object (.so) file.
-# 
-# @see https://github.com/GrahamDumpleton/mod_wsgi for additional documentation.
-# @note Unsupported platforms: SLES: all; RedHat: all; CentOS: all; OracleLinux: all; Scientific: all
 class apache::mod::wsgi (
   $wsgi_restrict_embedded = undef,
-  $wsgi_socket_prefix     = $apache::params::wsgi_socket_prefix,
+  $wsgi_socket_prefix     = $::apache::params::wsgi_socket_prefix,
   $wsgi_python_path       = undef,
   $wsgi_python_home       = undef,
-  $wsgi_python_optimize   = undef,
-  $wsgi_application_group = undef,
   $package_name           = undef,
   $mod_path               = undef,
 ) inherits ::apache::params {
-  include apache
+  include ::apache
   if ($package_name != undef and $mod_path == undef) or ($package_name == undef and $mod_path != undef) {
     fail('apache::mod::wsgi - both package_name and mod_path must be specified!')
   }
@@ -46,7 +15,7 @@ class apache::mod::wsgi (
     if $mod_path =~ /\// {
       $_mod_path = $mod_path
     } else {
-      $_mod_path = "${apache::lib_path}/${mod_path}"
+      $_mod_path = "${::apache::lib_path}/${mod_path}"
     }
     ::apache::mod { 'wsgi':
       package => $package_name,
@@ -62,13 +31,14 @@ class apache::mod::wsgi (
   # - $wsgi_socket_prefix
   # - $wsgi_python_path
   # - $wsgi_python_home
-  file { 'wsgi.conf':
+  file {'wsgi.conf':
     ensure  => file,
-    path    => "${apache::mod_dir}/wsgi.conf",
-    mode    => $apache::file_mode,
+    path    => "${::apache::mod_dir}/wsgi.conf",
+    mode    => $::apache::file_mode,
     content => template('apache/mod/wsgi.conf.erb'),
-    require => Exec["mkdir ${apache::mod_dir}"],
-    before  => File[$apache::mod_dir],
+    require => Exec["mkdir ${::apache::mod_dir}"],
+    before  => File[$::apache::mod_dir],
     notify  => Class['apache::service'],
   }
 }
+
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/xsendfile.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/xsendfile.pp
index 955488461..7c5e88437 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/xsendfile.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mod/xsendfile.pp
@@ -1,9 +1,4 @@
-# @summary
-#   Installs `mod_xsendfile`.
-# 
-# @see https://tn123.org/mod_xsendfile/ for additional documentation.
-#
 class apache::mod::xsendfile {
-  include apache::params
+  include ::apache::params
   ::apache::mod { 'xsendfile': }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mpm.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mpm.pp
index b76772eaf..ca342f3f0 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mpm.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/mpm.pp
@@ -1,16 +1,13 @@
-# @summary Enables the use of Apache MPMs.
-#
-# @api private
 define apache::mpm (
-  $lib_path       = $apache::lib_path,
-  $apache_version = $apache::apache_version,
+  $lib_path       = $::apache::lib_path,
+  $apache_version = $::apache::apache_version,
 ) {
   if ! defined(Class['apache']) {
     fail('You must include the apache base class before using any apache defined resources')
   }
 
   $mpm     = $name
-  $mod_dir = $apache::mod_dir
+  $mod_dir = $::apache::mod_dir
 
   $_lib  = "mod_mpm_${mpm}.so"
   $_path = "${lib_path}/${_lib}"
@@ -49,20 +46,20 @@ define apache::mpm (
 
   case $::osfamily {
     'debian': {
-      file { "${apache::mod_enable_dir}/${mpm}.conf":
+      file { "${::apache::mod_enable_dir}/${mpm}.conf":
         ensure  => link,
-        target  => "${apache::mod_dir}/${mpm}.conf",
-        require => Exec["mkdir ${apache::mod_enable_dir}"],
-        before  => File[$apache::mod_enable_dir],
+        target  => "${::apache::mod_dir}/${mpm}.conf",
+        require => Exec["mkdir ${::apache::mod_enable_dir}"],
+        before  => File[$::apache::mod_enable_dir],
         notify  => Class['apache::service'],
       }
 
       if versioncmp($apache_version, '2.4') >= 0 {
-        file { "${apache::mod_enable_dir}/${mpm}.load":
+        file { "${::apache::mod_enable_dir}/${mpm}.load":
           ensure  => link,
-          target  => "${apache::mod_dir}/${mpm}.load",
-          require => Exec["mkdir ${apache::mod_enable_dir}"],
-          before  => File[$apache::mod_enable_dir],
+          target  => "${::apache::mod_dir}/${mpm}.load",
+          require => Exec["mkdir ${::apache::mod_enable_dir}"],
+          before  => File[$::apache::mod_enable_dir],
           notify  => Class['apache::service'],
         }
 
@@ -74,46 +71,42 @@ define apache::mpm (
             before  => Class['apache::service'],
           }
         }
+      }
+
+      if $mpm == 'itk' and ( ( $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '16.04' ) or ( $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9.0.0') >= 0 ) ) {
+        $packagename = 'libapache2-mpm-itk'
       } else {
-        package { "apache2-mpm-${mpm}":
+        $packagename = "apache2-mpm-${mpm}"
+      }
+
+      $mod_enabled_dir = $::apache::mod_enable_dir
+
+      if $mpm == 'prefork' and ( $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9.0.0') >= 0 ) {
+        exec { '/usr/sbin/a2dismod mpm_event':
+          onlyif  => "/usr/bin/test -e ${mod_enabled_dir}/mpm_event.load",
+        }
+      }
+
+      if $mpm == 'itk' and ( ( $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '14.04' ) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9.0.0') >= 0 ) ) {
+        # workaround https://bugs.launchpad.net/ubuntu/+source/mpm-itk/+bug/1286882
+        exec { '/usr/sbin/a2dismod mpm_event':
+          onlyif  => "/usr/bin/test -e ${mod_enabled_dir}/mpm_event.load",
+        }
+      }
+
+      if versioncmp($apache_version, '2.4') < 0 or $mpm == 'itk' {
+        package { $packagename:
           ensure => present,
-          before => [
-            Class['apache::service'],
-            File[$apache::mod_enable_dir],
-          ],
         }
-      }
-
-      if $mpm == 'itk' {
-        include apache::mpm::disable_mpm_event
-        include apache::mpm::disable_mpm_worker
-
-        package { 'libapache2-mpm-itk':
-          ensure => present,
-          before => [
-            Class['apache::service'],
-            File[$apache::mod_enable_dir],
-          ],
-        }
-      }
-
-      if $mpm == 'prefork' {
-        if ( ( $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease,'18.04') >= 0 ) or $::operatingsystem == 'Debian' ) {
-          include apache::mpm::disable_mpm_event
-          include apache::mpm::disable_mpm_worker
-        }
-      }
-
-      if $mpm == 'worker' {
-        if ( ( $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease,'18.04') >= 0 ) or $::operatingsystem == 'Debian' ) {
-          include apache::mpm::disable_mpm_event
-          include apache::mpm::disable_mpm_prefork
+        if $::apache::mod_enable_dir {
+          Package[$packagename] {
+            before => File[$::apache::mod_enable_dir],
+          }
         }
       }
     }
-
     'freebsd': {
-      class { 'apache::package':
+      class { '::apache::package':
         mpm_module => $mpm,
       }
     }
@@ -124,20 +117,20 @@ define apache::mpm (
       # so we don't fail
     }
     'Suse': {
-      file { "${apache::mod_enable_dir}/${mpm}.conf":
+      file { "${::apache::mod_enable_dir}/${mpm}.conf":
         ensure  => link,
-        target  => "${apache::mod_dir}/${mpm}.conf",
-        require => Exec["mkdir ${apache::mod_enable_dir}"],
-        before  => File[$apache::mod_enable_dir],
+        target  => "${::apache::mod_dir}/${mpm}.conf",
+        require => Exec["mkdir ${::apache::mod_enable_dir}"],
+        before  => File[$::apache::mod_enable_dir],
         notify  => Class['apache::service'],
       }
 
       if versioncmp($apache_version, '2.4') >= 0 {
-        file { "${apache::mod_enable_dir}/${mpm}.load":
+        file { "${::apache::mod_enable_dir}/${mpm}.load":
           ensure  => link,
-          target  => "${apache::mod_dir}/${mpm}.load",
-          require => Exec["mkdir ${apache::mod_enable_dir}"],
-          before  => File[$apache::mod_enable_dir],
+          target  => "${::apache::mod_dir}/${mpm}.load",
+          require => Exec["mkdir ${::apache::mod_enable_dir}"],
+          before  => File[$::apache::mod_enable_dir],
           notify  => Class['apache::service'],
         }
 
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/namevirtualhost.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/namevirtualhost.pp
index 246df53dd..d89cb0c5b 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/namevirtualhost.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/namevirtualhost.pp
@@ -1,15 +1,31 @@
-# @summary
-#   Enables name-based virtual hosts 
-#
-# Adds all related directives to the `ports.conf` file in the Apache HTTPD configuration 
-# directory. Titles can take the forms `\*`, `\*:\<PORT\>`, `\_default\_:\<PORT\>`, 
-# `\<IP\>`, or `\<IP\>:\<PORT\>`.
-define apache::namevirtualhost {
+define apache::namevirtualhost ($port=''){
   $addr_port = $name
 
-  # Template uses: $addr_port
-  concat::fragment { "NameVirtualHost ${addr_port}":
-    target  => $apache::ports_file,
-    content => template('apache/namevirtualhost.erb'),
+  if defined(Concat[$::apache::ports_file]){
+    # Template uses: $addr_port
+    concat::fragment { "NameVirtualHost ${addr_port}":
+      target  => $::apache::ports_file,
+      content => template('apache/namevirtualhost.erb'),
+    }
+  } elsif $port != '80' {  # if a second vhost is declared off port 80
+    # Create a temporary file
+    # join with cat $tmp_file >> $file
+    # remove tmp files
+    $ports_file = $::apache::ports_file
+    $tmp_file = "$ports_file-tmp_nvh"
+    file { $tmp_file:
+      ensure => file,
+      content => template('apache/namevirtualhost.erb'),
+    }
+
+    exec { "apache::listen: cat $tmp_file with ports.conf":
+      command => "/bin/cat $tmp_file >> $ports_file;/bin/rm $tmp_file",
+      require => File[$tmp_file]
+    }
+
+  } else {  # if a second vhost is declared on port 80
+    tidy { 'remove apache default site':
+      path =>'/etc/apache2/sites-enabled/000-default',
+    }
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/package.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/package.pp
index 684995ea3..7c95f9980 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/package.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/package.pp
@@ -1,11 +1,8 @@
-# @summary
-#   Installs an Apache MPM.
-#
-# @api private
 class apache::package (
   $ensure     = 'present',
-  $mpm_module = $apache::params::mpm_module,
+  $mpm_module = $::apache::params::mpm_module,
 ) inherits ::apache::params {
+
   # The base class must be included first because it is used by parameter defaults
   if ! defined(Class['apache']) {
     fail('You must include the apache base class before using any apache defined resources')
@@ -34,7 +31,7 @@ class apache::package (
 
   package { 'httpd':
     ensure => $ensure,
-    name   => $apache::apache_name,
+    name   => $::apache::apache_name,
     notify => Class['Apache::Service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/params.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/params.pp
index 79313de8b..0cf8eb9c6 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/params.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/params.pp
@@ -1,7 +1,23 @@
-# @summary
-#   This class manages Apache parameters
+# Class: apache::params
+#
+# This class manages Apache parameters
+#
+# Parameters:
+# - The $user that Apache runs as
+# - The $group that Apache runs as
+# - The $apache_name is the name of the package and service on the relevant
+#   distribution
+# - The $php_package is the name of the package that provided PHP
+# - The $ssl_package is the name of the Apache SSL package
+# - The $apache_dev is the name of the Apache development libraries package
+# - The $conf_contents is the contents of the Apache configuration file
+#
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
 #
-# @api private
 class apache::params inherits ::apache::version {
   if($::fqdn) {
     $servername = $::fqdn
@@ -26,141 +42,21 @@ class apache::params inherits ::apache::version {
   # Default mode for files
   $file_mode = '0644'
 
-  # The default value for host hame lookup
-  $hostname_lookups = 'Off'
-
   # Default options for / directory
   $root_directory_options = ['FollowSymLinks']
 
   $vhost_include_pattern = '*'
 
   $modsec_audit_log_parts = 'ABIJDEFHZ'
-  $modsec_audit_log_type = 'Serial'
-  $modsec_custom_rules = false
-  $modsec_custom_rules_set = undef
 
-  # no client certs should be trusted for auth by default.
-  $ssl_certs_dir          = undef
-
-  # Allow overriding the autoindex alias location
-  $icons_prefix = 'icons'
-
-  if ($apache::version::scl_httpd_version) {
-    if $apache::version::scl_php_version == undef {
-      fail('If you define apache::version::scl_httpd_version, you also need to specify apache::version::scl_php_version')
-    }
-    $_scl_httpd_version_nodot = regsubst($apache::version::scl_httpd_version, '\.', '')
-    $_scl_httpd_name = "httpd${_scl_httpd_version_nodot}"
-
-    $_scl_php_version_no_dot = regsubst($apache::version::scl_php_version, '\.', '')
-    $user                 = 'apache'
-    $group                = 'apache'
-    $root_group           = 'root'
-    $apache_name          = "${_scl_httpd_name}-httpd"
-    $service_name         = "${_scl_httpd_name}-httpd"
-    $httpd_root           = "/opt/rh/${_scl_httpd_name}/root"
-    $httpd_dir            = "${httpd_root}/etc/httpd"
-    $server_root          = "${httpd_root}/etc/httpd"
-    $conf_dir             = "${httpd_dir}/conf"
-    $confd_dir            = "${httpd_dir}/conf.d"
-    $puppet_ssl_dir       = "${httpd_dir}/puppet_ssl"
-    $mod_dir              = $facts['operatingsystemmajrelease'] ? {
-      '7'     => "${httpd_dir}/conf.modules.d",
-      default => "${httpd_dir}/conf.d",
-    }
-    $mod_enable_dir       = undef
-    $vhost_dir            = "${httpd_dir}/conf.d"
-    $vhost_enable_dir     = undef
-    $conf_file            = 'httpd.conf'
-    $conf_enabled         = undef
-    $ports_file           = "${conf_dir}/ports.conf"
-    $pidfile              = 'run/httpd.pid'
-    $logroot              = "/var/log/${_scl_httpd_name}"
-    $logroot_mode         = undef
-    $lib_path             = 'modules'
-    $mpm_module           = 'prefork'
-    $dev_packages         = "${_scl_httpd_name}-httpd-devel"
-    $default_ssl_cert     = '/etc/pki/tls/certs/localhost.crt'
-    $default_ssl_key      = '/etc/pki/tls/private/localhost.key'
-    $ssl_sessioncache     = '/var/cache/mod_ssl/scache(512000)'
-    $passenger_conf_file  = 'passenger_extra.conf'
-    $passenger_conf_package_file = 'passenger.conf'
-    $passenger_root       = undef
-    $passenger_ruby       = undef
-    $passenger_default_ruby = undef
-    $suphp_addhandler     = 'php5-script'
-    $suphp_engine         = 'off'
-    $suphp_configpath     = undef
-    $php_version          = $apache::version::scl_php_version
-    $mod_packages         = {
-      'authnz_ldap' => "${_scl_httpd_name}-mod_ldap",
-      'ldap' => "${_scl_httpd_name}-mod_ldap",
-      "php${apache::version::scl_php_version}" => "rh-php${_scl_php_version_no_dot}-php",
-      'ssl'                   => "${_scl_httpd_name}-mod_ssl",
-    }
-    $mod_libs             = {
-      'nss' => 'libmodnss.so',
-    }
-    $conf_template        = 'apache/httpd.conf.erb'
-    $http_protocol_options  = undef
-    $keepalive            = 'On'
-    $keepalive_timeout    = 15
-    $max_keepalive_requests = 100
-    $fastcgi_lib_path     = undef
-    $mime_support_package = 'mailcap'
-    $mime_types_config    = '/etc/mime.types'
-    $docroot              = "${httpd_root}/var/www/html"
-    $alias_icons_path     = $facts['operatingsystemmajrelease'] ? {
-      '7'     => "${httpd_root}/usr/share/httpd/icons",
-      default => '/var/www/icons',
-    }
-    $error_documents_path = $facts['operatingsystemmajrelease'] ? {
-      '7'     => "${httpd_root}/usr/share/httpd/error",
-      default => '/var/www/error'
-    }
-    if $::osfamily == 'RedHat' {
-      $wsgi_socket_prefix = '/var/run/wsgi'
-    } else {
-      $wsgi_socket_prefix = undef
-    }
-    $cas_cookie_path      = '/var/cache/mod_auth_cas/'
-    $mellon_lock_file     = '/run/mod_auth_mellon/lock'
-    $mellon_cache_size    = 100
-    $mellon_post_directory = undef
-    $modsec_version       = 1
-    $modsec_crs_package   = 'mod_security_crs'
-    $modsec_crs_path      = '/usr/lib/modsecurity.d'
-    $modsec_dir           = '/etc/httpd/modsecurity.d'
-    $secpcrematchlimit = 1500
-    $secpcrematchlimitrecursion = 1500
-    $modsec_secruleengine = 'On'
-    $modsec_default_rules = [
-      'base_rules/modsecurity_35_bad_robots.data',
-      'base_rules/modsecurity_35_scanners.data',
-      'base_rules/modsecurity_40_generic_attacks.data',
-      'base_rules/modsecurity_50_outbound.data',
-      'base_rules/modsecurity_50_outbound_malware.data',
-      'base_rules/modsecurity_crs_20_protocol_violations.conf',
-      'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
-      'base_rules/modsecurity_crs_23_request_limits.conf',
-      'base_rules/modsecurity_crs_30_http_policy.conf',
-      'base_rules/modsecurity_crs_35_bad_robots.conf',
-      'base_rules/modsecurity_crs_40_generic_attacks.conf',
-      'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
-      'base_rules/modsecurity_crs_41_xss_attacks.conf',
-      'base_rules/modsecurity_crs_42_tight_security.conf',
-      'base_rules/modsecurity_crs_45_trojans.conf',
-      'base_rules/modsecurity_crs_47_common_exceptions.conf',
-      'base_rules/modsecurity_crs_49_inbound_blocking.conf',
-      'base_rules/modsecurity_crs_50_outbound.conf',
-      'base_rules/modsecurity_crs_59_outbound_blocking.conf',
-      'base_rules/modsecurity_crs_60_correlation.conf',
-    ]
-    $error_log           = 'error_log'
-    $scriptalias         = "${httpd_root}/var/www/cgi-bin"
-    $access_log_file     = 'access_log'
+  if ($::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04') or ($::operatingsystem == 'SLES') {
+    $verify_command = '/usr/sbin/apache2ctl -t'
+  } elsif $::operatingsystem == 'FreeBSD' {
+    $verify_command = '/usr/local/sbin/apachectl -t'
+  } else {
+    $verify_command = '/usr/sbin/apachectl -t'
   }
-  elsif $::osfamily == 'RedHat' or $::operatingsystem =~ /^[Aa]mazon$/ {
+  if $::osfamily == 'RedHat' or $::operatingsystem =~ /^[Aa]mazon$/ {
     $user                 = 'apache'
     $group                = 'apache'
     $root_group           = 'root'
@@ -170,16 +66,9 @@ class apache::params inherits ::apache::version {
     $server_root          = '/etc/httpd'
     $conf_dir             = "${httpd_dir}/conf"
     $confd_dir            = "${httpd_dir}/conf.d"
-    $puppet_ssl_dir       = "${httpd_dir}/puppet_ssl"
-    $conf_enabled         = undef
-    if $::operatingsystem =~ /^[Aa]mazon$/ and $::operatingsystemmajrelease == '2' {
-      # Amazon Linux 2 uses the /conf.modules.d/ dir
-      $mod_dir            = "${httpd_dir}/conf.modules.d"
-    } else {
-      $mod_dir              = $facts['operatingsystemmajrelease'] ? {
-        '6'     => "${httpd_dir}/conf.d",
-        default => "${httpd_dir}/conf.modules.d",
-      }
+    $mod_dir              = $::apache::version::distrelease ? {
+      '7'     => "${httpd_dir}/conf.modules.d",
+      default => "${httpd_dir}/conf.d",
     }
     $mod_enable_dir       = undef
     $vhost_dir            = "${httpd_dir}/conf.d"
@@ -194,6 +83,7 @@ class apache::params inherits ::apache::version {
     $dev_packages         = 'httpd-devel'
     $default_ssl_cert     = '/etc/pki/tls/certs/localhost.crt'
     $default_ssl_key      = '/etc/pki/tls/private/localhost.key'
+    $ssl_certs_dir        = '/etc/pki/tls/certs'
     $ssl_sessioncache     = '/var/cache/mod_ssl/scache(512000)'
     $passenger_conf_file  = 'passenger_extra.conf'
     $passenger_conf_package_file = 'passenger.conf'
@@ -203,37 +93,26 @@ class apache::params inherits ::apache::version {
     $suphp_addhandler     = 'php5-script'
     $suphp_engine         = 'off'
     $suphp_configpath     = undef
-    $php_version = $facts['operatingsystemmajrelease'] ? {
-      '8'     => '7', # RedHat8
-      default => '5', # RedHat5, RedHat6, RedHat7
-    }
+    $php_version          = '5'
     $mod_packages         = {
       # NOTE: The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL.
       'auth_cas'              => 'mod_auth_cas',
       'auth_kerb'             => 'mod_auth_kerb',
-      'auth_gssapi'           => 'mod_auth_gssapi',
       'auth_mellon'           => 'mod_auth_mellon',
-      'auth_openidc'          => 'mod_auth_openidc',
-      'authnz_ldap'           => $facts['operatingsystemmajrelease'] ? {
-        '6'     => 'mod_authz_ldap',
-        default => 'mod_ldap',
+      'authnz_ldap'           => $::apache::version::distrelease ? {
+        '7'     => 'mod_ldap',
+        default => 'mod_authz_ldap',
       },
       'authnz_pam'            => 'mod_authnz_pam',
-      'fastcgi'               => $facts['operatingsystemmajrelease'] ? {
-        '5'     => 'mod_fastcgi',
-        '6'     => 'mod_fastcgi',
-        default => undef,
-      },
+      'fastcgi'               => 'mod_fastcgi',
       'fcgid'                 => 'mod_fcgid',
       'geoip'                 => 'mod_geoip',
       'intercept_form_submit' => 'mod_intercept_form_submit',
-      'ldap'                  => $facts['operatingsystemmajrelease'] ? {
-        '5'     => undef,
-        '6'     => undef,
-        default => 'mod_ldap',
+      'ldap'                  => $::apache::version::distrelease ? {
+        '7'     => 'mod_ldap',
+        default => undef,
       },
       'lookup_identity'       => 'mod_lookup_identity',
-      'md'                    => 'mod_md',
       'pagespeed'             => 'mod-pagespeed-stable',
       # NOTE: The passenger module isn't available on RH/CentOS without
       # providing dependency packages provided by EPEL and passenger
@@ -241,7 +120,7 @@ class apache::params inherits ::apache::version {
       # https://www.phusionpassenger.com/library/install/apache/install/oss/el7/
       'passenger'             => 'mod_passenger',
       'perl'                  => 'mod_perl',
-      'php5'                  => $facts['operatingsystemmajrelease'] ? {
+      'php5'                  => $::apache::version::distrelease ? {
         '5'     => 'php53',
         default => 'php',
       },
@@ -254,11 +133,7 @@ class apache::params inherits ::apache::version {
       # See http://wiki.aaf.edu.au/tech-info/sp-install-guide
       'shibboleth'            => 'shibboleth',
       'ssl'                   => 'mod_ssl',
-      'wsgi'                  => $facts['operatingsystemmajrelease'] ? {
-        '6'     => 'mod_wsgi',         # RedHat6
-        '7'     => 'mod_wsgi',         # RedHat7
-        default => 'python3-mod_wsgi', # RedHat8+
-      },
+      'wsgi'                  => 'mod_wsgi',
       'dav_svn'               => 'mod_dav_svn',
       'suphp'                 => 'mod_suphp',
       'xsendfile'             => 'mod_xsendfile',
@@ -267,11 +142,6 @@ class apache::params inherits ::apache::version {
     }
     $mod_libs             = {
       'nss' => 'libmodnss.so',
-      'wsgi'                  => $facts['operatingsystemmajrelease'] ? {
-        '6'     => 'mod_wsgi.so',
-        '7'     => 'mod_wsgi.so',
-        default => 'mod_wsgi_python3.so',
-      },
     }
     $conf_template        = 'apache/httpd.conf.erb'
     $http_protocol_options  = undef
@@ -282,13 +152,13 @@ class apache::params inherits ::apache::version {
     $mime_support_package = 'mailcap'
     $mime_types_config    = '/etc/mime.types'
     $docroot              = '/var/www/html'
-    $alias_icons_path     = $facts['operatingsystemmajrelease'] ? {
-      '6'     => '/var/www/icons',
-      default => '/usr/share/httpd/icons',
+    $alias_icons_path     = $::apache::version::distrelease ? {
+      '7'     => '/usr/share/httpd/icons',
+      default => '/var/www/icons',
     }
-    $error_documents_path = $facts['operatingsystemmajrelease'] ? {
-      '6'     => '/var/www/error',
-      default => '/usr/share/httpd/error',
+    $error_documents_path = $::apache::version::distrelease ? {
+      '7'     => '/usr/share/httpd/error',
+      default => '/var/www/error'
     }
     if $::osfamily == 'RedHat' {
       $wsgi_socket_prefix = '/var/run/wsgi'
@@ -299,7 +169,6 @@ class apache::params inherits ::apache::version {
     $mellon_lock_file     = '/run/mod_auth_mellon/lock'
     $mellon_cache_size    = 100
     $mellon_post_directory = undef
-    $modsec_version       = 1
     $modsec_crs_package   = 'mod_security_crs'
     $modsec_crs_path      = '/usr/lib/modsecurity.d'
     $modsec_dir           = '/etc/httpd/modsecurity.d'
@@ -341,9 +210,6 @@ class apache::params inherits ::apache::version {
     $server_root         = '/etc/apache2'
     $conf_dir            = $httpd_dir
     $confd_dir           = "${httpd_dir}/conf.d"
-    # Overwrite conf_enabled causes errors with Shibboleth when enabled on Ubuntu 18.04
-    $conf_enabled        = undef #"${httpd_dir}/conf-enabled.d"
-    $puppet_ssl_dir      = "${httpd_dir}/puppet_ssl"
     $mod_dir             = "${httpd_dir}/mods-available"
     $mod_enable_dir      = "${httpd_dir}/mods-enabled"
     $vhost_dir           = "${httpd_dir}/sites-available"
@@ -354,66 +220,55 @@ class apache::params inherits ::apache::version {
     $logroot             = '/var/log/apache2'
     $logroot_mode        = undef
     $lib_path            = '/usr/lib/apache2/modules'
-    $mpm_module          = 'worker'
+    $mpm_module          = 'prefork'
     $default_ssl_cert    = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
     $default_ssl_key     = '/etc/ssl/private/ssl-cert-snakeoil.key'
+    $ssl_certs_dir       = '/etc/ssl/certs'
     $ssl_sessioncache    = "\${APACHE_RUN_DIR}/ssl_scache(512000)"
     $suphp_addhandler    = 'x-httpd-php'
     $suphp_engine        = 'off'
     $suphp_configpath    = '/etc/php5/apache2'
-    if ($::operatingsystem == 'Ubuntu') or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemmajrelease, '11') < 0) {
-      $php_version = $facts['operatingsystemmajrelease'] ? {
-        '9'     => '7.0', # Debian Stretch
-        '16.04' => '7.0', # Ubuntu Xenial
-        '10'    => '7.3', # Debian Buster
-        '20.04' => '7.4', # Ubuntu Foccal Fossal
-        default => '7.2', # Ubuntu Bionic, Cosmic and Disco
-      }
+    if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '16.04') < 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') < 0) {
+      # Only the major version is used here
+      $php_version = '5'
       $mod_packages = {
-        'apreq2'                => 'libapache2-mod-apreq2',
         'auth_cas'              => 'libapache2-mod-auth-cas',
         'auth_kerb'             => 'libapache2-mod-auth-kerb',
-        'auth_openidc'          => 'libapache2-mod-auth-openidc',
-        'auth_gssapi'           => 'libapache2-mod-auth-gssapi',
         'auth_mellon'           => 'libapache2-mod-auth-mellon',
         'authnz_pam'            => 'libapache2-mod-authnz-pam',
-        'dav_svn'               => 'libapache2-mod-svn',
+        'dav_svn'               => 'libapache2-svn',
         'fastcgi'               => 'libapache2-mod-fastcgi',
         'fcgid'                 => 'libapache2-mod-fcgid',
         'geoip'                 => 'libapache2-mod-geoip',
         'intercept_form_submit' => 'libapache2-mod-intercept-form-submit',
-        'jk'                    => 'libapache2-mod-jk',
         'lookup_identity'       => 'libapache2-mod-lookup-identity',
         'nss'                   => 'libapache2-mod-nss',
         'pagespeed'             => 'mod-pagespeed-stable',
         'passenger'             => 'libapache2-mod-passenger',
         'perl'                  => 'libapache2-mod-perl2',
         'phpXXX'                => 'libapache2-mod-phpXXX',
+        'proxy_html'            => 'libapache2-mod-proxy-html',
         'python'                => 'libapache2-mod-python',
         'rpaf'                  => 'libapache2-mod-rpaf',
-        'security'              => 'libapache2-mod-security2',
+        'security'              => 'libapache2-modsecurity',
         'shib2'                 => 'libapache2-mod-shib2',
+        'suphp'                 => 'libapache2-mod-suphp',
         'wsgi'                  => 'libapache2-mod-wsgi',
         'xsendfile'             => 'libapache2-mod-xsendfile',
       }
     } else {
-      $php_version = $facts['operatingsystemmajrelease'] ? {
-        default => '7.4', # Debian Bullseye
-      }
+      # major.minor version used since Debian stretch and Ubuntu Xenial
+      $php_version = '7.0'
       $mod_packages = {
-        'apreq2'                => 'libapache2-mod-apreq2',
         'auth_cas'              => 'libapache2-mod-auth-cas',
         'auth_kerb'             => 'libapache2-mod-auth-kerb',
-        'auth_openidc'          => 'libapache2-mod-auth-openidc',
-        'auth_gssapi'           => 'libapache2-mod-auth-gssapi',
         'auth_mellon'           => 'libapache2-mod-auth-mellon',
         'authnz_pam'            => 'libapache2-mod-authnz-pam',
-        'dav_svn'               => 'libapache2-mod-svn',
+        'dav_svn'               => 'libapache2-svn',
         'fastcgi'               => 'libapache2-mod-fastcgi',
         'fcgid'                 => 'libapache2-mod-fcgid',
         'geoip'                 => 'libapache2-mod-geoip',
         'intercept_form_submit' => 'libapache2-mod-intercept-form-submit',
-        'jk'                    => 'libapache2-mod-jk',
         'lookup_identity'       => 'libapache2-mod-lookup-identity',
         'nss'                   => 'libapache2-mod-nss',
         'pagespeed'             => 'mod-pagespeed-stable',
@@ -422,93 +277,76 @@ class apache::params inherits ::apache::version {
         'phpXXX'                => 'libapache2-mod-phpXXX',
         'python'                => 'libapache2-mod-python',
         'rpaf'                  => 'libapache2-mod-rpaf',
-        'security'              => 'libapache2-mod-security2',
-        'shib2'                 => 'libapache2-mod-shib',
-        'wsgi'                  => 'libapache2-mod-wsgi-py3',
+        'security'              => 'libapache2-modsecurity',
+        'shib2'                 => 'libapache2-mod-shib2',
+        'suphp'                 => 'libapache2-mod-suphp',
+        'wsgi'                  => 'libapache2-mod-wsgi',
         'xsendfile'             => 'libapache2-mod-xsendfile',
       }
     }
-
     $error_log           = 'error.log'
     $scriptalias         = '/usr/lib/cgi-bin'
     $access_log_file     = 'access.log'
-    if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '19.04') < 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '10') < 0) {
-      $shib2_lib = 'mod_shib2.so'
+    if $::osfamily == 'Debian' and versioncmp($::operatingsystemrelease, '8') < 0 {
+      $shib2_lib = 'mod_shib_22.so'
     } else {
-      $shib2_lib = 'mod_shib.so'
+      $shib2_lib = 'mod_shib2.so'
     }
     $mod_libs             = {
       'shib2' => $shib2_lib,
     }
     $conf_template          = 'apache/httpd.conf.erb'
     $http_protocol_options  = undef
-    $keepalive              = 'On'
+    $keepalive              = 'Off'
     $keepalive_timeout      = 15
     $max_keepalive_requests = 100
     $fastcgi_lib_path       = '/var/lib/apache2/fastcgi'
     $mime_support_package = 'mime-support'
     $mime_types_config    = '/etc/mime.types'
-    $docroot              = '/var/www/html'
+    if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) {
+      $docroot              = '/var/www/html'
+    } else {
+      $docroot              = '/var/www'
+    }
     $cas_cookie_path      = '/var/cache/apache2/mod_auth_cas/'
     $mellon_lock_file     = undef
     $mellon_cache_size    = undef
     $mellon_post_directory = '/var/cache/apache2/mod_auth_mellon/'
-    $modsec_version       = 1
     $modsec_crs_package   = 'modsecurity-crs'
     $modsec_crs_path      = '/usr/share/modsecurity-crs'
     $modsec_dir           = '/etc/modsecurity'
     $secpcrematchlimit = 1500
     $secpcrematchlimitrecursion = 1500
     $modsec_secruleengine = 'On'
-    if ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) {
-      $modsec_default_rules = [
-        'crawlers-user-agents.data',
-        'iis-errors.data',
-        'java-code-leakages.data',
-        'java-errors.data',
-        'lfi-os-files.data',
-        'php-config-directives.data',
-        'php-errors.data',
-        'php-function-names-933150.data',
-        'php-function-names-933151.data',
-        'php-variables.data',
-        'restricted-files.data',
-        'scanners-headers.data',
-        'scanners-urls.data',
-        'scanners-user-agents.data',
-        'scripting-user-agents.data',
-        'sql-errors.data',
-        'sql-function-names.data',
-        'unix-shell.data',
-        'windows-powershell-commands.data',
-      ]
-    } else {
-      $modsec_default_rules = [
-        'base_rules/modsecurity_35_bad_robots.data',
-        'base_rules/modsecurity_35_scanners.data',
-        'base_rules/modsecurity_40_generic_attacks.data',
-        'base_rules/modsecurity_50_outbound.data',
-        'base_rules/modsecurity_50_outbound_malware.data',
-        'base_rules/modsecurity_crs_20_protocol_violations.conf',
-        'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
-        'base_rules/modsecurity_crs_23_request_limits.conf',
-        'base_rules/modsecurity_crs_30_http_policy.conf',
-        'base_rules/modsecurity_crs_35_bad_robots.conf',
-        'base_rules/modsecurity_crs_40_generic_attacks.conf',
-        'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
-        'base_rules/modsecurity_crs_41_xss_attacks.conf',
-        'base_rules/modsecurity_crs_42_tight_security.conf',
-        'base_rules/modsecurity_crs_45_trojans.conf',
-        'base_rules/modsecurity_crs_47_common_exceptions.conf',
-        'base_rules/modsecurity_crs_49_inbound_blocking.conf',
-        'base_rules/modsecurity_crs_50_outbound.conf',
-        'base_rules/modsecurity_crs_59_outbound_blocking.conf',
-        'base_rules/modsecurity_crs_60_correlation.conf',
-      ]
-    }
+    $modsec_default_rules = [
+      'base_rules/modsecurity_35_bad_robots.data',
+      'base_rules/modsecurity_35_scanners.data',
+      'base_rules/modsecurity_40_generic_attacks.data',
+      'base_rules/modsecurity_50_outbound.data',
+      'base_rules/modsecurity_50_outbound_malware.data',
+      'base_rules/modsecurity_crs_20_protocol_violations.conf',
+      'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
+      'base_rules/modsecurity_crs_23_request_limits.conf',
+      'base_rules/modsecurity_crs_30_http_policy.conf',
+      'base_rules/modsecurity_crs_35_bad_robots.conf',
+      'base_rules/modsecurity_crs_40_generic_attacks.conf',
+      'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
+      'base_rules/modsecurity_crs_41_xss_attacks.conf',
+      'base_rules/modsecurity_crs_42_tight_security.conf',
+      'base_rules/modsecurity_crs_45_trojans.conf',
+      'base_rules/modsecurity_crs_47_common_exceptions.conf',
+      'base_rules/modsecurity_crs_49_inbound_blocking.conf',
+      'base_rules/modsecurity_crs_50_outbound.conf',
+      'base_rules/modsecurity_crs_59_outbound_blocking.conf',
+      'base_rules/modsecurity_crs_60_correlation.conf',
+    ]
     $alias_icons_path     = '/usr/share/apache2/icons'
     $error_documents_path = '/usr/share/apache2/error'
-    $dev_packages        = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev']
+    if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) {
+      $dev_packages        = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev']
+    } else {
+      $dev_packages        = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev']
+    }
 
     #
     # Passenger-specific settings
@@ -516,9 +354,16 @@ class apache::params inherits ::apache::version {
 
     $passenger_conf_file         = 'passenger.conf'
     $passenger_conf_package_file = undef
-    $passenger_root         = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
-    $passenger_ruby         = undef
-    $passenger_default_ruby = '/usr/bin/ruby'
+
+    if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '14.04') < 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') < 0) {
+      $passenger_root         = '/usr'
+      $passenger_ruby         = '/usr/bin/ruby'
+      $passenger_default_ruby = undef
+    } else {
+      $passenger_root         = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
+      $passenger_ruby         = undef
+      $passenger_default_ruby = '/usr/bin/ruby'
+    }
     $wsgi_socket_prefix = undef
   } elsif $::osfamily == 'FreeBSD' {
     $user             = 'www'
@@ -530,8 +375,6 @@ class apache::params inherits ::apache::version {
     $server_root      = '/usr/local'
     $conf_dir         = $httpd_dir
     $confd_dir        = "${httpd_dir}/Includes"
-    $conf_enabled     = undef
-    $puppet_ssl_dir   = "${httpd_dir}/puppet_ssl"
     $mod_dir          = "${httpd_dir}/Modules"
     $mod_enable_dir   = undef
     $vhost_dir        = "${httpd_dir}/Vhosts"
@@ -546,6 +389,7 @@ class apache::params inherits ::apache::version {
     $dev_packages     = undef
     $default_ssl_cert = '/usr/local/etc/apache24/server.crt'
     $default_ssl_key  = '/usr/local/etc/apache24/server.key'
+    $ssl_certs_dir    = undef
     $ssl_sessioncache  = '/var/run/ssl_scache(512000)'
     $passenger_conf_file = 'passenger.conf'
     $passenger_conf_package_file = undef
@@ -562,26 +406,24 @@ class apache::params inherits ::apache::version {
       # NOTE: 'php' needs to enable APACHE option in make config
       # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config
       # NOTE: not sure where the shibboleth should come from
-      'auth_kerb'   => 'www/mod_auth_kerb2',
-      'auth_gssapi' => 'www/mod_auth_gssapi',
-      'auth_openidc'=> 'www/mod_auth_openidc',
-      'fcgid'       => 'www/mod_fcgid',
-      'passenger'   => 'www/rubygem-passenger',
-      'perl'        => 'www/mod_perl2',
-      'phpXXX'      => 'www/mod_phpXXX',
-      'proxy_html'  => 'www/mod_proxy_html',
-      'python'      => 'www/mod_python3',
-      'wsgi'        => 'www/mod_wsgi',
-      'dav_svn'     => 'devel/subversion',
-      'xsendfile'   => 'www/mod_xsendfile',
-      'rpaf'        => 'www/mod_rpaf2',
-      'shib2'       => 'security/shibboleth2-sp',
+      'auth_kerb'  => 'www/mod_auth_kerb2',
+      'fcgid'      => 'www/mod_fcgid',
+      'passenger'  => 'www/rubygem-passenger',
+      'perl'       => 'www/mod_perl2',
+      'phpXXX'     => 'www/mod_phpXXX',
+      'proxy_html' => 'www/mod_proxy_html',
+      'python'     => 'www/mod_python3',
+      'wsgi'       => 'www/mod_wsgi',
+      'dav_svn'    => 'devel/subversion',
+      'xsendfile'  => 'www/mod_xsendfile',
+      'rpaf'       => 'www/mod_rpaf2',
+      'shib2'      => 'security/shibboleth2-sp',
     }
     $mod_libs         = {
     }
     $conf_template        = 'apache/httpd.conf.erb'
     $http_protocol_options = undef
-    $keepalive            = 'On'
+    $keepalive            = 'Off'
     $keepalive_timeout    = 15
     $max_keepalive_requests = 100
     $fastcgi_lib_path     = undef # TODO: revisit
@@ -604,8 +446,6 @@ class apache::params inherits ::apache::version {
     $server_root      = '/var/www'
     $conf_dir         = $httpd_dir
     $confd_dir        = "${httpd_dir}/conf.d"
-    $conf_enabled     = undef
-    $puppet_ssl_dir   = "${httpd_dir}/puppet_ssl"
     $mod_dir          = "${httpd_dir}/modules.d"
     $mod_enable_dir   = undef
     $vhost_dir        = "${httpd_dir}/vhosts.d"
@@ -619,6 +459,7 @@ class apache::params inherits ::apache::version {
     $dev_packages     = undef
     $default_ssl_cert = '/etc/ssl/apache2/server.crt'
     $default_ssl_key  = '/etc/ssl/apache2/server.key'
+    $ssl_certs_dir    = '/etc/ssl/apache2'
     $ssl_sessioncache  = '/var/run/ssl_scache(512000)'
     $passenger_root   = '/usr'
     $passenger_ruby   = '/usr/bin/ruby'
@@ -632,7 +473,6 @@ class apache::params inherits ::apache::version {
     $mod_packages     = {
       # NOTE: I list here only modules that are not included in www-servers/apache
       'auth_kerb'       => 'www-apache/mod_auth_kerb',
-      'auth_gssapi'     => 'www-apache/mod_auth_gssapi',
       'authnz_external' => 'www-apache/mod_authnz_external',
       'fcgid'           => 'www-apache/mod_fcgid',
       'passenger'       => 'www-apache/passenger',
@@ -651,7 +491,7 @@ class apache::params inherits ::apache::version {
     }
     $conf_template        = 'apache/httpd.conf.erb'
     $http_protocol_options = undef
-    $keepalive            = 'On'
+    $keepalive            = 'Off'
     $keepalive_timeout    = 15
     $max_keepalive_requests = 100
     $fastcgi_lib_path     = undef # TODO: revisit
@@ -675,8 +515,6 @@ class apache::params inherits ::apache::version {
     $server_root         = '/etc/apache2'
     $conf_dir            = $httpd_dir
     $confd_dir           = "${httpd_dir}/conf.d"
-    $conf_enabled        = undef
-    $puppet_ssl_dir      = "${httpd_dir}/puppet_ssl"
     $mod_dir             = "${httpd_dir}/mods-available"
     $mod_enable_dir      = "${httpd_dir}/mods-enabled"
     $vhost_dir           = "${httpd_dir}/sites-available"
@@ -688,36 +526,26 @@ class apache::params inherits ::apache::version {
     $logroot_mode        = undef
     $lib_path            = '/usr/lib64/apache2' #changes for some modules based on mpm
     $mpm_module          = 'prefork'
-    if versioncmp($::operatingsystemrelease, '15') < 0 {
-      $default_ssl_cert    = '/etc/apache2/ssl.crt/server.crt'
-      $default_ssl_key     = '/etc/apache2/ssl.key/server.key'
-      $php_version         = '5'
-    } else {
-      $default_ssl_cert    = '/etc/apache2/ssl.crt/default-server.crt'
-      $default_ssl_key     = '/etc/apache2/ssl.key/default-server.key'
-      $php_version         = '7'
-    }
-    $suphp_configpath    = "/etc/php${php_version}/apache2"
+    $default_ssl_cert    = '/etc/apache2/ssl.crt/server.crt'
+    $default_ssl_key     = '/etc/apache2/ssl.key/server.key'
+    $ssl_certs_dir       = '/etc/ssl/certs'
     $ssl_sessioncache    = '/var/lib/apache2/ssl_scache(512000)'
     $suphp_addhandler    = 'x-httpd-php'
     $suphp_engine        = 'off'
-    if versioncmp($::operatingsystemrelease, '11') < 0 or versioncmp($::operatingsystemrelease, '12') >= 0 {
-      $mod_packages = {
+    $suphp_configpath    = '/etc/php5/apache2'
+    $php_version         = '5'
+    if $::operatingsystemrelease < '11' or $::operatingsystemrelease >= '12' {
+      $mod_packages      = {
         'auth_kerb'   => 'apache2-mod_auth_kerb',
-        'auth_gssapi' => 'apache2-mod_auth_gssapi',
-        'dav_svn'     => 'subversion-server',
         'perl'        => 'apache2-mod_perl',
         'php5'        => 'apache2-mod_php5',
-        'php7'        => 'apache2-mod_php7',
         'python'      => 'apache2-mod_python',
         'security'    => 'apache2-mod_security2',
         'worker'      => 'apache2-worker',
-      }
+        }
     } else {
       $mod_packages        = {
         'auth_kerb'   => 'apache2-mod_auth_kerb',
-        'auth_gssapi' => 'apache2-mod_auth_gssapi',
-        'dav_svn'     => 'subversion-server',
         'perl'        => 'apache2-mod_perl',
         'php5'        => 'apache2-mod_php53',
         'python'      => 'apache2-mod_python',
@@ -730,7 +558,7 @@ class apache::params inherits ::apache::version {
     }
     $conf_template          = 'apache/httpd.conf.erb'
     $http_protocol_options  = undef
-    $keepalive              = 'On'
+    $keepalive              = 'Off'
     $keepalive_timeout      = 15
     $max_keepalive_requests = 100
     $fastcgi_lib_path       = '/var/lib/apache2/fastcgi'
@@ -744,7 +572,6 @@ class apache::params inherits ::apache::version {
     $alias_icons_path     = '/usr/share/apache2/icons'
     $error_documents_path = '/usr/share/apache2/error'
     $dev_packages        = ['libapr-util1-devel', 'libapr1-devel', 'libcurl-devel']
-    $modsec_version       = 1
     $modsec_crs_package   = undef
     $modsec_crs_path      = undef
     $modsec_default_rules = undef
@@ -767,23 +594,8 @@ class apache::params inherits ::apache::version {
     $passenger_ruby               = '/usr/bin/ruby'
     $passenger_default_ruby       = '/usr/bin/ruby'
     $wsgi_socket_prefix           = undef
+
   } else {
     fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}")
   }
-
-  if $::operatingsystem == 'SLES' {
-    $verify_command = '/usr/sbin/apache2ctl -t'
-  } elsif $::operatingsystem == 'FreeBSD' {
-    $verify_command = '/usr/local/sbin/apachectl -t'
-  } elsif ($apache::version::scl_httpd_version) {
-    $verify_command = "/opt/rh/${_scl_httpd_name}/root/usr/sbin/apachectl -t"
-  } else {
-    $verify_command = '/usr/sbin/apachectl -t'
-  }
-
-  if $::osfamily == 'RedHat' and versioncmp($facts['operatingsystemmajrelease'], '8') >= 0 {
-    $ssl_protocol = ['all'] # Implementations of the SSLv2 and SSLv3 protocol versions have been removed from OpenSSL (and hence mod_ssl) because these are no longer considered secure. For additional documentation https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/deploying_different_types_of_servers/setting-apache-web-server_deploying-different-types-of-servers
-  } else {
-    $ssl_protocol = ['all', '-SSLv2', '-SSLv3']
-  }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/peruser/multiplexer.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/peruser/multiplexer.pp
index 5001090c4..97143a1d4 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/peruser/multiplexer.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/peruser/multiplexer.pp
@@ -1,12 +1,6 @@
-# @summary
-#   Checks if an Apache module has a class.
-#
-# If Apache has a class, it includes that class. If it does not, it passes the module name to the `apache::mod` defined type.
-#
-# @api private
 define apache::peruser::multiplexer (
-  $user = $apache::user,
-  $group = $apache::group,
+  $user = $::apache::user,
+  $group = $::apache::group,
   $file = undef,
 ) {
   if ! $file {
@@ -14,10 +8,10 @@ define apache::peruser::multiplexer (
   } else {
     $filename = $file
   }
-  file { "${apache::mod_dir}/peruser/multiplexers/${filename}":
+  file { "${::apache::mod_dir}/peruser/multiplexers/${filename}":
     ensure  => file,
     content => "Multiplexer ${user} ${group}\n",
-    require => File["${apache::mod_dir}/peruser/multiplexers"],
+    require => File["${::apache::mod_dir}/peruser/multiplexers"],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/peruser/processor.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/peruser/processor.pp
index 57c26fa9f..30de61d7c 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/peruser/processor.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/peruser/processor.pp
@@ -1,7 +1,3 @@
-# @summary
-#   Enables the `Peruser` module for FreeBSD only.
-#
-# @api private
 define apache::peruser::processor (
   $user,
   $group,
@@ -12,10 +8,10 @@ define apache::peruser::processor (
   } else {
     $filename = $file
   }
-  file { "${apache::mod_dir}/peruser/processors/${filename}":
+  file { "${::apache::mod_dir}/peruser/processors/${filename}":
     ensure  => file,
     content => "Processor ${user} ${group}\n",
-    require => File["${apache::mod_dir}/peruser/processors"],
+    require => File["${::apache::mod_dir}/peruser/processors"],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/php.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/php.pp
index 32999a929..9fa9c682e 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/php.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/php.pp
@@ -1,11 +1,18 @@
-# @summary
-#   This class installs PHP for Apache.
+# Class: apache::php
 #
-# @note 
-#    This class is deprecated.
+# This class installs PHP for Apache
+#
+# Parameters:
+# - $php_package
+#
+# Actions:
+#   - Install Apache PHP package
+#
+# Requires:
+#
+# Sample Usage:
 #
-# @api private
 class apache::php {
   warning('apache::php is deprecated; please use apache::mod::php')
-  include apache::mod::php
+  include ::apache::mod::php
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/proxy.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/proxy.pp
index 9df41958c..050f36c27 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/proxy.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/proxy.pp
@@ -1,11 +1,15 @@
-# @summary
-#   This class enabled the proxy module for Apache.
+# Class: apache::proxy
 #
-# @note
-#   This class is deprecated.
+# This class enabled the proxy module for Apache
+#
+# Actions:
+#   - Enables Apache Proxy module
+#
+# Requires:
+#
+# Sample Usage:
 #
-# @api private
 class apache::proxy {
   warning('apache::proxy is deprecated; please use apache::mod::proxy')
-  include apache::mod::proxy
+  include ::apache::mod::proxy
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/python.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/python.pp
index 586ed9e81..723a753f8 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/python.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/python.pp
@@ -1,5 +1,6 @@
-# @summary
-#   This class installs Python for Apache
+# Class: apache::python
+#
+# This class installs Python for Apache
 #
 # Parameters:
 # - $php_package
@@ -11,8 +12,7 @@
 #
 # Sample Usage:
 #
-# @api private
 class apache::python {
   warning('apache::python is deprecated; please use apache::mod::python')
-  include apache::mod::python
+  include ::apache::mod::python
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/security/rule_link.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/security/rule_link.pp
index a3f70b109..7edb1f442 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/security/rule_link.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/security/rule_link.pp
@@ -1,21 +1,18 @@
-# @summary
-#   Links the activated_rules from `apache::mod::security` to the respective CRS rules on disk.
-#
-# @api private
 define apache::security::rule_link () {
+
   $parts = split($title, '/')
   $filename = $parts[-1]
 
   $target = $title ? {
     /^\//   => $title,
-    default => "${apache::params::modsec_crs_path}/${title}",
+    default => "${::apache::params::modsec_crs_path}/${title}",
   }
 
   file { $filename:
     ensure  => 'link',
-    path    => "${apache::mod::security::modsec_dir}/activated_rules/${filename}",
+    path    => "${::apache::mod::security::modsec_dir}/activated_rules/${filename}",
     target  => $target ,
-    require => File["${apache::mod::security::modsec_dir}/activated_rules"],
+    require => File["${::apache::mod::security::modsec_dir}/activated_rules"],
     notify  => Class['apache::service'],
   }
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/service.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/service.pp
index 7366e5fd3..ff082dccb 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/service.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/service.pp
@@ -1,14 +1,29 @@
-# @summary
-#   Installs and configures Apache service.
+# Class: apache::service
+#
+# Manages the Apache daemon
+#
+# Parameters:
+#
+# Actions:
+#   - Manage Apache service
+#
+# Requires:
+#
+# Sample Usage:
+#
+#    sometype { 'foo':
+#      notify => Class['apache::service'],
+#    }
+#
 #
-# @api private
 class apache::service (
-  $service_name           = $apache::params::service_name,
+  $service_name           = $::apache::params::service_name,
   Boolean $service_enable = true,
   $service_ensure         = 'running',
   Boolean $service_manage = true,
   $service_restart        = undef
 ) {
+
   # The base class must be included first because parameter defaults depend on it
   if ! defined(Class['apache::params']) {
     fail('You must include the apache::params class before using any apache defined resources')
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/ssl.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/ssl.pp
index a241a98a2..d0b36593d 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/ssl.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/ssl.pp
@@ -1,11 +1,18 @@
-# @summary
-#   This class installs Apache SSL capabilities
+# Class: apache::ssl
 #
-# @note
-#   This class is deprecated.
+# This class installs Apache SSL capabilities
+#
+# Parameters:
+# - The $ssl_package name from the apache::params class
+#
+# Actions:
+#   - Install Apache SSL capabilities
+#
+# Requires:
+#
+# Sample Usage:
 #
-# @api private
 class apache::ssl {
   warning('apache::ssl is deprecated; please use apache::mod::ssl')
-  include apache::mod::ssl
+  include ::apache::mod::ssl
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/version.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/version.pp
index f799db73b..2d33a5f4f 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/version.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/version.pp
@@ -1,26 +1,33 @@
-# @summary
-#   Try to automatically detect the version by OS
+# Class: apache::version
 #
-# @api private
-class apache::version (
-  Optional[String] $scl_httpd_version = undef,
-  Optional[String] $scl_php_version   = undef,
-) {
+# Try to automatically detect the version by OS
+#
+class apache::version {
+  # This will be 5 or 6 on RedHat, 6 or wheezy on Debian, 12 or quantal on Ubuntu, etc.
+  $osr_array = split($::operatingsystemrelease,'[\/\.]')
+  $distrelease = $osr_array[0]
+  if ! $distrelease {
+    fail("Class['apache::version']: Unparsable \$::operatingsystemrelease: ${::operatingsystemrelease}")
+  }
+
   case $::osfamily {
     'RedHat': {
-      if $scl_httpd_version {
-        $default = $scl_httpd_version
-      }
-      elsif ($::operatingsystem == 'Amazon' and $::operatingsystemmajrelease == '2') {
-        $default = '2.4'
-      } elsif ($::operatingsystem == 'Fedora' and versioncmp($facts['operatingsystemmajrelease'], '18') >= 0) or ($::operatingsystem != 'Fedora' and versioncmp($facts['operatingsystemmajrelease'], '7') >= 0) {
+      if ($::operatingsystem == 'Amazon') {
+        $default = '2.2'
+      } elsif ($::operatingsystem == 'Fedora' and versioncmp($distrelease, '18') >= 0) or ($::operatingsystem != 'Fedora' and versioncmp($distrelease, '7') >= 0) {
         $default = '2.4'
       } else {
         $default = '2.2'
       }
     }
     'Debian': {
-      $default = '2.4'
+      if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0 {
+        $default = '2.4'
+      } elsif $::operatingsystem == 'Debian' and versioncmp($distrelease, '8') >= 0 {
+        $default = '2.4'
+      } else {
+        $default = '2.2'
+      }
     }
     'FreeBSD': {
       $default = '2.4'
@@ -29,7 +36,7 @@ class apache::version (
       $default = '2.4'
     }
     'Suse': {
-      if ($::operatingsystem == 'SLES' and versioncmp($facts['operatingsystemmajrelease'], '12') >= 0) or ($::operatingsystem == 'OpenSuSE' and versioncmp($facts['operatingsystemmajrelease'], '42') >= 0) {
+      if $::operatingsystem == 'SLES' and $::operatingsystemrelease >= '12' {
         $default = '2.4'
       } else {
         $default = '2.2'
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhost.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhost.pp
index b5604dd26..90912e92b 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhost.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhost.pp
@@ -1,1802 +1,37 @@
-# @summary
-#   Allows specialised configurations for virtual hosts that possess requirements 
-#   outside of the defaults.
-#
-# The apache module allows a lot of flexibility in the setup and configuration of virtual hosts. 
-# This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache 
-# to evaluate it multiple times with different parameters.<br />
-# The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts 
-# that have requirements outside the defaults. You can set up a default virtual host within 
-# the base `::apache` class, as well as set a customized virtual host as the default. 
-# Customized virtual hosts have a lower numeric `priority` than the base class's, causing 
-# Apache to process the customized virtual host first.<br />
-# The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To 
-# inject custom fragments for pieces of the configuration that the defined type doesn't 
-# inherently support, add a custom fragment.<br />
-# For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples 
-# of 10, so any `order` that isn't a multiple of 10 should work.<br />
-# > **Note:** When creating an `apache::vhost`, it cannot be named `default` or `default-ssl`, 
-# because vhosts with these titles are always managed by the module. This means that you cannot 
-# override `Apache::Vhost['default']`  or `Apache::Vhost['default-ssl]` resources. An optional 
-# workaround is to create a vhost named something else, such as `my default`, and ensure that the 
-# `default` and `default_ssl` vhosts are set to `false`:
-#
-# @example
-#   class { 'apache':
-#     default_vhost     => false,
-#     default_ssl_vhost => false,
-#   }
-#
-# @param apache_version
-#   Apache's version number as a string, such as '2.2' or '2.4'.
-#
-# @param access_log
-#   Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`).
-# 
-# @param access_log_env_var
-#   Specifies that only requests with particular environment variables be logged.
-# 
-# @param access_log_file
-#   Sets the filename of the `*_access.log` placed in `logroot`. Given a virtual host ---for 
-#   instance, example.com--- it defaults to 'example.com_ssl.log' for 
-#   [SSL-encrypted](https://httpd.apache.org/docs/current/ssl/index.html) virtual hosts and 
-#   `example.com_access.log` for unencrypted virtual hosts.
-# 
-# @param access_log_format
-#   Specifies the use of either a `LogFormat` nickname or a custom-formatted string for the 
-#   access log.
-# 
-# @param access_log_pipe
-#   Specifies a pipe where Apache sends access log messages.
-#
-# @param access_log_syslog
-#   Sends all access log messages to syslog.
-#
-# @param access_logs
-#   Allows you to give a hash that specifies the state of each of the `access_log_*` 
-#   directives shown above, i.e. `access_log_pipe` and `access_log_syslog`.
-# 
-# @param add_default_charset
-#   Sets a default media charset value for the `AddDefaultCharset` directive, which is 
-#   added to `text/plain` and `text/html` responses.
-# 
-# @param add_listen
-#   Determines whether the virtual host creates a `Listen` statement.<br />
-#   Setting `add_listen` to `false` prevents the virtual host from creating a `Listen` 
-#   statement. This is important when combining virtual hosts that aren't passed an `ip` 
-#   parameter with those that are.
-# 
-# @param use_optional_includes
-#   Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for 
-#   `additional_includes` in Apache 2.4 or newer.
-# 
-# @param additional_includes
-#   Specifies paths to additional static, virtual host-specific Apache configuration files. 
-#   You can use this parameter to implement a unique, custom configuration not supported by 
-#   this module.
-# 
-# @param aliases
-#   Passes a list of [hashes][hash] to the virtual host to create `Alias`, `AliasMatch`, 
-#   `ScriptAlias` or `ScriptAliasMatch` directives as per the `mod_alias` documentation.<br />
-#   For example:
-#   ``` puppet
-#   aliases => [
-#     { aliasmatch       => '^/image/(.*)\.jpg$',
-#       path             => '/files/jpg.images/$1.jpg',
-#     },
-#     { alias            => '/image',
-#       path             => '/ftp/pub/image',
-#     },
-#     { scriptaliasmatch => '^/cgi-bin(.*)',
-#       path             => '/usr/local/share/cgi-bin$1',
-#     },
-#     { scriptalias      => '/nagios/cgi-bin/',
-#       path             => '/usr/lib/nagios/cgi-bin/',
-#     },
-#     { alias            => '/nagios',
-#       path             => '/usr/share/nagios/html',
-#     },
-#   ],
-#   ```
-#   For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs 
-#   a corresponding context, such as `<Directory /path/to/directory>` or 
-#   `<Location /some/location/here>`. Puppet creates the directives in the order specified in 
-#   the `aliases` parameter. As described in the `mod_alias` documentation, add more specific 
-#   `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more 
-#   general ones to avoid shadowing.<BR />
-#   > **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because 
-#   you can precisely control the order of various alias directives. Defining `ScriptAliases` 
-#   using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after 
-#   *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` 
-#   directives. This often causes problems; for example, this could cause problems with Nagios.<BR />
-#   If `apache::mod::passenger` is loaded and `PassengerHighPerformance` is `true`, the `Alias` 
-#   directive might not be able to honor the `PassengerEnabled => off` statement. See 
-#   [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details.
-# 
-# @param allow_encoded_slashes
-#   Sets the `AllowEncodedSlashes` declaration for the virtual host, overriding the server 
-#   default. This modifies the virtual host responses to URLs with `\` and `/` characters. The 
-#   default setting omits the declaration from the server configuration and selects the 
-#   Apache default setting of `Off`.
-# 
-# @param block
-#   Specifies the list of things to which Apache blocks access. Valid options are: `scm` (which 
-#   blocks web access to `.svn`), `.git`, and `.bzr` directories.
-# 
-# @param cas_attribute_prefix
-#   Adds a header with the value of this header being the attribute values when SAML 
-#   validation is enabled.
-# 
-# @param cas_attribute_delimiter
-#   Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
-# 
-# @param cas_login_url
-#   Sets the URL to which the module redirects users when they attempt to access a 
-#   CAS-protected resource and don't have an active session.
-# 
-# @param cas_root_proxied_as
-#   Sets the URL end users see when access to this Apache server is proxied per vhost. 
-#   This URL should not include a trailing slash.
-# 
-# @param cas_scrub_request_headers
-#   Remove inbound request headers that may have special meaning within mod_auth_cas.
-# 
-# @param cas_sso_enabled
-#   Enables experimental support for single sign out (may mangle POST data).
-# 
-# @param cas_validate_saml
-#   Parse response from CAS server for SAML.
-# 
-# @param cas_validate_url
-#   Sets the URL to use when validating a client-presented ticket in an HTTP query string.
-# 
-# @param cas_cookie_path
-#   Sets the location where information on the current session should be stored. This should
-#   be writable by the web server only.
-#
-# @param comment
-#   Adds comments to the header of the configuration file. Pass as string or an array of strings.
-#   For example:
-#   ``` puppet
-#   comment => "Account number: 123B",
-#   ```
-#   Or:
-#   ``` puppet
-#   comment => [
-#     "Customer: X",
-#     "Frontend domain: x.example.org",
-#   ]
-#   ```
-# 
-# @param custom_fragment
-#   Passes a string of custom configuration directives to place at the end of the virtual 
-#   host configuration.
-# 
-# @param default_vhost
-#   Sets a given `apache::vhost` defined type as the default to serve requests that do not 
-#   match any other `apache::vhost` defined types.
-# 
-# @param directoryindex
-#   Sets the list of resources to look for when a client requests an index of the directory 
-#   by specifying a '/' at the end of the directory name. See the `DirectoryIndex` directive 
-#   documentation for details.
-# 
-# @param docroot
-#   **Required**.<br />
-#   Sets the `DocumentRoot` location, from which Apache serves files.<br />
-#   If `docroot` and `manage_docroot` are both set to `false`, no `DocumentRoot` will be set 
-#   and the accompanying `<Directory /path/to/directory>` block will not be created.
-# 
-# @param docroot_group
-#   Sets group access to the `docroot` directory.
-# 
-# @param docroot_owner
-#   Sets individual user access to the `docroot` directory.
-# 
-# @param docroot_mode
-#   Sets access permissions for the `docroot` directory, in numeric notation.
-# 
-# @param manage_docroot
-#   Determines whether Puppet manages the `docroot` directory.
-# 
-# @param error_log
-#   Specifies whether `*_error.log` directives should be configured.
-# 
-# @param error_log_file
-#   Points the virtual host's error logs to a `*_error.log` file. If this parameter is 
-#   undefined, Puppet checks for values in `error_log_pipe`, then `error_log_syslog`.<br />
-#   If none of these parameters is set, given a virtual host `example.com`, Puppet defaults 
-#   to `$logroot/example.com_error_ssl.log` for SSL virtual hosts and 
-#   `$logroot/example.com_error.log` for non-SSL virtual hosts.
-# 
-# @param error_log_pipe
-#   Specifies a pipe to send error log messages to.<br />
-#   This parameter has no effect if the `error_log_file` parameter has a value. If neither 
-#   this parameter nor `error_log_file` has a value, Puppet then checks `error_log_syslog`.
-# 
-# @param error_log_syslog
-#   Determines whether to send all error log messages to syslog.
-#   This parameter has no effect if either of the `error_log_file` or `error_log_pipe` 
-#   parameters has a value. If none of these parameters has a value, given a virtual host 
-#   `example.com`, Puppet defaults to `$logroot/example.com_error_ssl.log` for SSL virtual 
-#   hosts and `$logroot/example.com_error.log` for non-SSL virtual hosts.
-#
-# @param error_log_format
-#   Sets the [ErrorLogFormat](https://httpd.apache.org/docs/current/mod/core.html#errorlogformat)
-#   format specification for error log entries inside virtual host
-#   For example:
-#   ``` puppet
-#   apache::vhost { 'site.name.fdqn':
-#     ...
-#     error_log_format => [
-#       '[%{uc}t] [%-m:%-l] [R:%L] [C:%{C}L] %7F: %E: %M',
-#       { '[%{uc}t] [R:%L] Request %k on C:%{c}L pid:%P tid:%T' => 'request' }, 
-#       { "[%{uc}t] [R:%L] UA:'%+{User-Agent}i'" => 'request' },
-#       { "[%{uc}t] [R:%L] Referer:'%+{Referer}i'" => 'request' },
-#       { '[%{uc}t] [C:%{c}L] local\ %a remote\ %A' => 'connection' },
-#     ],
-#   }
-#   ```
-# 
-# @param error_documents
-#   A list of hashes which can be used to override the 
-#   [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) 
-#   settings for this virtual host.<br />
-#   For example:
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     error_documents => [
-#       { 'error_code' => '503', 'document' => '/service-unavail' },
-#       { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },
-#     ],
-#   }
-#   ```
-# 
-# @param ensure
-#   Specifies if the virtual host is present or absent.<br />
-# 
-# @param fallbackresource
-#   Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) 
-#   directive, which specifies an action to take for any URL that doesn't map to anything in 
-#   your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin 
-#   with a `/` or be `disabled`.
-# 
-# @param fastcgi_server
-#   Specify an external FastCGI server to manage a connection to.
-# 
-# @param fastcgi_socket
-#   Specify the socket that will be used to communicate with an external FastCGI server.
-# 
-# @param fastcgi_idle_timeout
-#   If using fastcgi, this option sets the timeout for the server to respond.
-# 
-# @param fastcgi_dir
-#   Specify an internal FastCGI directory that is to be managed.
-# 
-# @param filters
-#   [Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart, 
-#   context-sensitive configuration of output content filters.
-#   ``` puppet
-#   apache::vhost { "$::fqdn":
-#     filters => [
-#       'FilterDeclare   COMPRESS',
-#       'FilterProvider  COMPRESS DEFLATE resp=Content-Type $text/html',
-#       'FilterChain     COMPRESS',
-#       'FilterProtocol  COMPRESS DEFLATE change=yes;byteranges=no',
-#     ],
-#   }
-#   ```
-# 
-# @param h2_copy_files
-#   Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles)
-#   directive which influences how the requestion process pass files to the main connection.
-# 
-# @param h2_direct
-#   Sets the [H2Direct](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2direct)
-#   directive which toggles the usage of the HTTP/2 Direct Mode.
-# 
-# @param h2_early_hints
-#   Sets the [H2EarlyHints](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2earlyhints)
-#   directive which controls if HTTP status 103 interim responses are forwarded to
-#   the client or not.
-# 
-# @param h2_max_session_streams
-#   Sets the [H2MaxSessionStreams](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2maxsessionstreams)
-#   directive which sets the maximum number of active streams per HTTP/2 session
-#   that the server allows.
-# 
-# @param h2_modern_tls_only
-#   Sets the [H2ModernTLSOnly](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2moderntlsonly)
-#   directive which toggles the security checks on HTTP/2 connections in TLS mode.
-# 
-# @param h2_push
-#   Sets the [H2Push](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2push)
-#   directive which toggles the usage of the HTTP/2 server push protocol feature.
-# 
-# @param h2_push_diary_size
-#   Sets the [H2PushDiarySize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushdiarysize)
-#   directive which toggles the maximum number of HTTP/2 server pushes that are
-#   remembered per HTTP/2 connection.
-# 
-# @param h2_push_priority
-#   Sets the [H2PushPriority](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushpriority)
-#   directive which defines the priority handling of pushed responses based on the
-#   content-type of the response.
-# 
-# @param h2_push_resource
-#   Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource)
-#   directive which declares resources for early pushing to the client.
-# 
-# @param h2_serialize_headers
-#   Sets the [H2SerializeHeaders](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2serializeheaders)
-#   directive which toggles if HTTP/2 requests are serialized in HTTP/1.1
-#   format for processing by httpd core.
-# 
-# @param h2_stream_max_mem_size
-#   Sets the [H2StreamMaxMemSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2streammaxmemsize)
-#   directive which sets the maximum number of outgoing data bytes buffered in
-#   memory for an active stream.
-# 
-# @param h2_tls_cool_down_secs
-#   Sets the [H2TLSCoolDownSecs](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlscooldownsecs)
-#   directive which sets the number of seconds of idle time on a TLS connection
-#   before the TLS write size falls back to a small (~1300 bytes) length.
-# 
-# @param h2_tls_warm_up_size
-#   Sets the [H2TLSWarmUpSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlswarmupsize)
-#   directive which sets the number of bytes to be sent in small TLS records (~1300
-#   bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections.
-# 
-# @param h2_upgrade
-#   Sets the [H2Upgrade](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2upgrade)
-#   directive which toggles the usage of the HTTP/1.1 Upgrade method for switching
-#   to HTTP/2.
-# 
-# @param h2_window_size
-#   Sets the [H2WindowSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2windowsize)
-#   directive which sets the size of the window that is used for flow control from
-#   client to server and limits the amount of data the server has to buffer.
-# 
-# @param headers
-#   Adds lines to replace, merge, or remove response headers. See 
-#   [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information.
-# 
-# @param ip
-#   Sets the IP address the virtual host listens on. By default, uses Apache's default behavior 
-#   of listening on all IPs.
-# 
-# @param ip_based
-#   Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual 
-#   host. This parameter inhibits the creation of a NameVirtualHost directive, since those are 
-#   used to funnel requests to name-based virtual hosts.
-# 
-# @param itk
-#   Configures [ITK](http://mpm-itk.sesse.net/) in a hash.<br />
-#   Usage typically looks something like:
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     docroot => '/path/to/directory',
-#     itk     => {
-#       user  => 'someuser',
-#       group => 'somegroup',
-#     },
-#   }
-#   ```
-#   Valid values are: a hash, which can include the keys:
-#   * `user` + `group`
-#   * `assignuseridexpr`
-#   * `assigngroupidexpr`
-#   * `maxclientvhost`
-#   * `nice`
-#   * `limituidrange` (Linux 3.5.0 or newer)
-#   * `limitgidrange` (Linux 3.5.0 or newer)
-# 
-# @param action
-#   Specifies whether you wish to configure mod_actions action directive which will
-#   activate cgi-script when triggered by a request.
-# 
-# @param jk_mounts
-#   Sets up a virtual host with `JkMount` and `JkUnMount` directives to handle the paths 
-#   for URL mapping between Tomcat and Apache.<br />
-#   The parameter must be an array of hashes where each hash must contain the `worker` 
-#   and either the `mount` or `unmount` keys.<br />
-#   Usage typically looks like:
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     jk_mounts => [
-#       { mount   => '/*',     worker => 'tcnode1', },
-#       { unmount => '/*.jpg', worker => 'tcnode1', },
-#     ],
-#   }
-#   ```
-# 
-# @param http_protocol_options
-#   Specifies the strictness of HTTP protocol checks.
-# 
-# @param keepalive
-#   Determines whether to enable persistent HTTP connections with the `KeepAlive` directive 
-#   for the virtual host. By default, the global, server-wide `KeepAlive` setting is in effect.<br />
-#   Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options 
-#   for the virtual host.
-# 
-# @param keepalive_timeout
-#   Sets the `KeepAliveTimeout` directive for the virtual host, which determines the amount 
-#   of time to wait for subsequent requests on a persistent HTTP connection. By default, the 
-#   global, server-wide `KeepAlive` setting is in effect.<br />
-#   This parameter is only relevant if either the global, server-wide `keepalive` parameter or 
-#   the per-vhost `keepalive` parameter is enabled.
-# 
-# @param max_keepalive_requests
-#   Limits the number of requests allowed per connection to the virtual host. By default,  
-#   the global, server-wide `KeepAlive` setting is in effect.<br />
-#   This parameter is only relevant if either the global, server-wide `keepalive` parameter or 
-#   the per-vhost `keepalive` parameter is enabled.
-# 
-# @param auth_kerb
-#   Enable `mod_auth_kerb` parameters for a virtual host.<br />
-#   Usage typically looks like:
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     auth_kerb              => `true`,
-#     krb_method_negotiate   => 'on',
-#     krb_auth_realms        => ['EXAMPLE.ORG'],
-#     krb_local_user_mapping => 'on',
-#     directories            => {
-#       path         => '/var/www/html',
-#       auth_name    => 'Kerberos Login',
-#       auth_type    => 'Kerberos',
-#       auth_require => 'valid-user',
-#     },
-#   }
-#   ```
-# 
-# @param krb_method_negotiate
-#   Determines whether to use the Negotiate method.
-# 
-# @param krb_method_k5passwd
-#   Determines whether to use password-based authentication for Kerberos v5.
-# 
-# @param krb_authoritative
-#   If set to `off`, authentication controls can be passed on to another module.
-# 
-# @param krb_auth_realms
-#   Specifies an array of Kerberos realms to use for authentication.
-# 
-# @param krb_5keytab
-#   Specifies the Kerberos v5 keytab file's location.
-# 
-# @param krb_local_user_mapping
-#   Strips @REALM from usernames for further use.
-# 
-# @param krb_verify_kdc
-#   This option can be used to disable the verification tickets against local keytab to prevent 
-#   KDC spoofing attacks.
-# 
-# @param krb_servicename
-#   Specifies the service name that will be used by Apache for authentication. Corresponding 
-#   key of this name must be stored in the keytab.
-# 
-# @param krb_save_credentials
-#   This option enables credential saving functionality.
-# 
-# @param logroot
-#   Specifies the location of the virtual host's logfiles.
-# 
-# @param logroot_ensure
-#   Determines whether or not to remove the logroot directory for a virtual host.
-# 
-# @param logroot_mode
-#   Overrides the mode the logroot directory is set to. Do *not* grant write access to the 
-#   directory the logs are stored in without being aware of the consequences; for more 
-#   information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security).
-# 
-# @param logroot_owner
-#   Sets individual user access to the logroot directory.
-# 
-# @param logroot_group
-#   Sets group access to the `logroot` directory.
-# 
-# @param log_level
-#   Specifies the verbosity of the error log.
-# 
-# @param modsec_body_limit
-#   Configures the maximum request body size (in bytes) ModSecurity accepts for buffering.
-# 
-# @param modsec_disable_vhost
-#   Disables `mod_security` on a virtual host. Only valid if `apache::mod::security` is included.
-# 
-# @param modsec_disable_ids
-#   Removes `mod_security` IDs from the virtual host.<br />
-#   Also takes a hash allowing removal of an ID from a specific location.
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     modsec_disable_ids => [ 90015, 90016 ],
-#   }
-#   ```
-# 
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     modsec_disable_ids => { '/location1' => [ 90015, 90016 ] },
-#   }
-#   ```
-# 
-# @param modsec_disable_ips
-#   Specifies an array of IP addresses to exclude from `mod_security` rule matching.
-# 
-# @param modsec_disable_msgs
-#   Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing 
-#   removal of an Msg from a specific location.
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'],
-#   }
-#   ```
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] },
-#   }
-#   ```
-# 
-# @param modsec_disable_tags
-#   Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing 
-#   removal of an Tag from a specific location.
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'],
-#   }
-#   ```
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] },
-#   }
-#   ```
-# 
-# @param modsec_audit_log_file
-#   If set, it is relative to `logroot`.<br />
-#   One of the parameters that determines how to send `mod_security` audit 
-#   log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
-#   If none of those parameters are set, the global audit log is used 
-#   (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
-# 
-# @param modsec_audit_log_pipe
-#   If `modsec_audit_log_pipe` is set, it should start with a pipe. Example 
-#   `|/path/to/mlogc /path/to/mlogc.conf`.<br />
-#   One of the parameters that determines how to send `mod_security` audit 
-#   log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
-#   If none of those parameters are set, the global audit log is used 
-#   (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
-# 
-# @param modsec_audit_log
-#   If `modsec_audit_log` is `true`, given a virtual host ---for instance, example.com--- it 
-#   defaults to `example.com\_security\_ssl.log` for SSL-encrypted virtual hosts 
-#   and `example.com\_security.log` for unencrypted virtual hosts.<br />
-#   One of the parameters that determines how to send `mod_security` audit 
-#   log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).<br />
-#   If none of those parameters are set, the global audit log is used 
-#   (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
-# 
-# @param no_proxy_uris
-#   Specifies URLs you do not want to proxy. This parameter is meant to be used in combination 
-#   with [`proxy_dest`](#proxy_dest).
-# 
-# @param no_proxy_uris_match
-#   This directive is equivalent to `no_proxy_uris`, but takes regular expressions.
-# 
-# @param proxy_preserve_host
-#   Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost).<br />
-#   Setting this parameter to `true` enables the `Host:` line from an incoming request to be 
-#   proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'.
-# 
-# @param proxy_add_headers
-#   Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders).<br />
-#   This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For, 
-#   X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server.
-# 
-# @param proxy_error_override
-#   Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). 
-#   This directive controls whether Apache should override error pages for proxied content.
-# 
-# @param options
-#   Sets the `Options` for the specified virtual host. For example:
-#   ``` puppet
-#   apache::vhost { 'site.name.fdqn':
-#     ...
-#     options => ['Indexes','FollowSymLinks','MultiViews'],
-#   }
-#   ```
-#   > **Note**: If you use the `directories` parameter of `apache::vhost`, 'Options', 
-#   'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`.
-# 
-# @param override
-#   Sets the overrides for the specified virtual host. Accepts an array of 
-#   [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments.
-#
-# @param passenger_enabled
-#   Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) 
-#   directive to `on` or `off`. Requires `apache::mod::passenger` to be included.
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     docroot     => '/path/to/directory',
-#     directories => [
-#       { path              => '/path/to/directory',
-#         passenger_enabled => 'on',
-#       },
-#     ],
-#   }
-#   ```
-#   > **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) 
-#   using the PassengerEnabled directive with the PassengerHighPerformance directive.
-# 
-# @param passenger_base_uri
-#   Sets [PassengerBaseURI](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbase_rui),
-#    to specify that the given URI is a distinct application served by Passenger.
-# 
-# @param passenger_ruby
-#   Sets [PassengerRuby](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerruby),
-#   specifying the Ruby interpreter to use when serving the relevant web applications.
-# 
-# @param passenger_python
-#   Sets [PassengerPython](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerpython),
-#   specifying the Python interpreter to use when serving the relevant web applications.
-# 
-# @param passenger_nodejs
-#   Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengernodejs),
-#   specifying Node.js command to use when serving the relevant web applications.
-# 
-# @param passenger_meteor_app_settings
-#   Sets [PassengerMeteorAppSettings](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermeteorappsettings),
-#   specifying a JSON file with settings for the application when using a Meteor 
-#   application in non-bundled mode.
-# 
-# @param passenger_app_env
-#   Sets [PassengerAppEnv](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappenv),
-#   the environment for the Passenger application. If not specified, defaults to the global 
-#   setting or 'production'.
-# 
-# @param passenger_app_root
-#   Sets [PassengerRoot](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapproot),
-#   the location of the Passenger application root if different from the DocumentRoot.
-# 
-# @param passenger_app_group_name
-#   Sets [PassengerAppGroupName](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappgroupname),
-#    the name of the application group that the current application should belong to.
-# 
-# @param passenger_app_start_command
-#   Sets [PassengerAppStartCommand](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappstartcommand),
-#    how Passenger should start your app on a specific port.
-#
-# @param passenger_app_type
-#   Sets [PassengerAppType](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapptype),
-#    to force Passenger to recognize the application as a specific type.
-# 
-# @param passenger_startup_file
-#   Sets the [PassengerStartupFile](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstartupfile),
-#   path. This path is relative to the application root.
-# 
-# @param passenger_restart_dir
-#   Sets the [PassengerRestartDir](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerrestartdir),
-#    to customize the directory in which `restart.txt` is searched for.
-# 
-# @param passenger_spawn_method
-#   Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerspawnmethod),
-#   whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.
-# 
-# @param passenger_load_shell_envvars
-#   Sets [PassengerLoadShellEnvvars](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerloadshellenvvars),
-#   to enable or disable the loading of shell environment variables before spawning the application.
-# 
-# @param passenger_rolling_restarts
-#   Sets [PassengerRollingRestarts](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerrollingrestarts),
-#   to enable or disable support for zero-downtime application restarts through `restart.txt`.
-# 
-# @param passenger_resist_deployment_errors
-#   Sets [PassengerResistDeploymentErrors](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerresistdeploymenterrors),
-#   to enable or disable resistance against deployment errors.
-# 
-# @param passenger_user
-#   Sets [PassengerUser](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengeruser),
-#   the running user for sandboxing applications.
-# 
-# @param passenger_group
-#   Sets [PassengerGroup](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengergroup),
-#   the running group for sandboxing applications.
-# 
-# @param passenger_friendly_error_pages
-#   Sets [PassengerFriendlyErrorPages](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerfriendlyerrorpages),
-#   which can display friendly error pages whenever an application fails to start. This 
-#   friendly error page presents the startup error message, some suggestions for solving 
-#   the problem, a backtrace and a dump of the environment variables.
-# 
-# @param passenger_min_instances
-#   Sets [PassengerMinInstances](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermininstances),
-#   the minimum number of application processes to run.
-# 
-# @param passenger_max_instances
-#   Sets [PassengerMaxInstances](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxinstances),
-#   the maximum number of application processes to run.
-# 
-# @param passenger_max_preloader_idle_time
-#   Sets [PassengerMaxPreloaderIdleTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxpreloaderidletime),
-#   the maximum amount of time the preloader waits before shutting down an idle process.
-# 
-# @param passenger_force_max_concurrent_requests_per_process
-#   Sets [PassengerForceMaxConcurrentRequestsPerProcess](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerforcemaxconcurrentrequestsperprocess),
-#   the maximum amount of concurrent requests the application can handle per process.
-# 
-# @param passenger_start_timeout
-#   Sets [PassengerStartTimeout](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstarttimeout),
-#   the timeout for the application startup.
-# 
-# @param passenger_concurrency_model
-#   Sets [PassengerConcurrencyModel](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerconcurrencyodel),
-#   to specify the I/O concurrency model that should be used for Ruby application processes. 
-#   Passenger supports two concurrency models:<br />
-#   * `process` - single-threaded, multi-processed I/O concurrency.
-#   * `thread` - multi-threaded, multi-processed I/O concurrency.
-# 
-# @param passenger_thread_count
-#   Sets [PassengerThreadCount](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerthreadcount),
-#   the number of threads that Passenger should spawn per Ruby application process.<br />
-#   This option only has effect if PassengerConcurrencyModel is `thread`.
-# 
-# @param passenger_max_requests
-#   Sets [PassengerMaxRequests](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequests),
-#   the maximum number of requests an application process will process.
-# 
-# @param passenger_max_request_time
-#   Sets [PassengerMaxRequestTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequesttime),
-#   the maximum amount of time, in seconds, that an application process may take to 
-#   process a request.
-# 
-# @param passenger_memory_limit
-#   Sets [PassengerMemoryLimit](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermemorylimit),
-#   the maximum amount of memory that an application process may use, in megabytes.
-# 
-# @param passenger_stat_throttle_rate
-#   Sets [PassengerStatThrottleRate](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstatthrottlerate),
-#   to set a limit, in seconds, on how often Passenger will perform it's filesystem checks.
-# 
-# @param passenger_pre_start
-#   Sets [PassengerPreStart](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerprestart),
-#   the URL of the application if pre-starting is required.
-# 
-# @param passenger_high_performance
-#   Sets [PassengerHighPerformance](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerhighperformance),
-#   to enhance performance in return for reduced compatibility.
-# 
-# @param passenger_buffer_upload
-#   Sets [PassengerBufferUpload](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbufferupload),
-#   to buffer HTTP client request bodies before they are sent to the application.
-# 
-# @param passenger_buffer_response
-#   Sets [PassengerBufferResponse](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbufferresponse),
-#   to buffer Happlication-generated responses.
-# 
-# @param passenger_error_override
-#   Sets [PassengerErrorOverride](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengererroroverride),
-#   to specify whether Apache will intercept and handle response with HTTP status codes of
-#   400 and higher.
-# 
-# @param passenger_max_request_queue_size
-#   Sets [PassengerMaxRequestQueueSize](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequestqueuesize),
-#   to specify the maximum amount of requests that are allowed to queue whenever the maximum
-#   concurrent request limit is reached. If the queue is already at this specified limit, then 
-#   Passenger immediately sends a "503 Service Unavailable" error to any incoming requests.<br />
-#   A value of 0 means that the queue size is unbounded.
-# 
-# @param passenger_max_request_queue_time
-#   Sets [PassengerMaxRequestQueueTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequestqueuetime),
-#   to specify the maximum amount of time that requests are allowed to stay in the queue 
-#   whenever the maximum concurrent request limit is reached. If a request reaches this specified 
-#   limit, then Passenger immeaditly sends a "504 Gateway Timeout" error for that request.<br />
-#   A value of 0 means that the queue time is unbounded.
-# 
-# @param passenger_sticky_sessions
-#   Sets [PassengerStickySessions](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessions),
-#   to specify that, whenever possible, all requests sent by a client will be routed to the same 
-#   originating application process.
-# 
-# @param passenger_sticky_sessions_cookie_name
-#   Sets [PassengerStickySessionsCookieName](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessionscookiename),
-#   to specify the name of the sticky sessions cookie.
-#
-# @param passenger_sticky_sessions_cookie_attributes
-#   Sets [PassengerStickySessionsCookieAttributes](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessionscookieattributes),
-#   the attributes of the sticky sessions cookie.
-# 
-# @param passenger_allow_encoded_slashes
-#   Sets [PassengerAllowEncodedSlashes](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerallowencodedslashes),
-#   to allow URLs with encoded slashes. Please note that this feature will not work properly
-#   unless Apache's `AllowEncodedSlashes` is also enabled.
-# 
-# @param passenger_app_log_file
-#   Sets [PassengerAppLogFile](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapplogfile),
-#   app specific messages logged to a different file in addition to Passenger log file.
-#
-# @param passenger_debugger
-#   Sets [PassengerDebugger](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerdebugger),
-#   to turn support for Ruby application debugging on or off. 
-# 
-# @param passenger_lve_min_uid
-#   Sets [PassengerLveMinUid](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerlveminuid),
-#   to only allow the spawning of application processes with UIDs equal to, or higher than, this 
-#   specified value on LVE-enabled kernels.
-# 
-# @param php_values
-#   Allows per-virtual host setting [`php_value`s](http://php.net/manual/en/configuration.changes.php). 
-#   These flags or values can be overwritten by a user or an application.
-#   Within a vhost declaration:
-#   ``` puppet
-#     php_values    => [ 'include_path ".:/usr/local/example-app/include"' ],
-#   ```
-#
-# @param php_flags
-#   Allows per-virtual host setting [`php_flags\``](http://php.net/manual/en/configuration.changes.php). 
-#   These flags or values can be overwritten by a user or an application.
-#
-# @param php_admin_values
-#   Allows per-virtual host setting [`php_admin_value`](http://php.net/manual/en/configuration.changes.php). 
-#   These flags or values cannot be overwritten by a user or an application.
-#
-# @param php_admin_flags
-#   Allows per-virtual host setting [`php_admin_flag`](http://php.net/manual/en/configuration.changes.php). 
-#   These flags or values cannot be overwritten by a user or an application.
-#
-# @param port
-#   Sets the port the host is configured on. The module's defaults ensure the host listens 
-#   on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only 
-#   listens on the port set in this parameter.
-#
-# @param priority
-#   Sets the relative load-order for Apache HTTPD VirtualHost configuration files.<br />
-#   If nothing matches the priority, the first name-based virtual host is used. Likewise, 
-#   passing a higher priority causes the alphabetically first name-based virtual host to be 
-#   used if no other names match.<br />
-#   > **Note:** You should not need to use this parameter. However, if you do use it, be 
-#   aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'.<br />
-#   To omit the priority prefix in file names, pass a priority of `false`.
-#
-# @param protocols
-#   Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols) 
-#   directive, which lists available protocols for the virutal host.
-#
-# @param protocols_honor_order
-#   Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder) 
-#   directive which determines wether the order of Protocols sets precedence during negotiation.
-#
-# @param proxy_dest
-#   Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration.
-#
-# @param proxy_pass
-#   Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) 
-#   configuration. Optionally, parameters can be added as an array.
-#   ``` puppet
-#   apache::vhost { 'site.name.fdqn':
-#     ...
-#     proxy_pass => [
-#       { 'path' => '/a', 'url' => 'http://backend-a/' },
-#       { 'path' => '/b', 'url' => 'http://backend-b/' },
-#       { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}},
-#       { 'path' => '/l', 'url' => 'http://backend-xy',
-#         'reverse_urls' => ['http://backend-x', 'http://backend-y'] },
-#       { 'path' => '/d', 'url' => 'http://backend-a/d',
-#         'params' => { 'retry' => '0', 'timeout' => '5' }, },
-#       { 'path' => '/e', 'url' => 'http://backend-a/e',
-#         'keywords' => ['nocanon', 'interpolate'] },
-#       { 'path' => '/f', 'url' => 'http://backend-f/',
-#         'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']},
-#       { 'path' => '/g', 'url' => 'http://backend-g/',
-#         'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], },
-#       { 'path' => '/h', 'url' => 'http://backend-h/h',
-#         'no_proxy_uris' => ['/h/admin', '/h/server-status'] },
-#     ],
-#   }
-#   ```
-#   * `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string.
-#   * `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`.
-#   * `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings.
-#   * `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array.
-#
-# @param proxy_dest_match
-#   This directive is equivalent to `proxy_dest`, but takes regular expressions, see 
-#   [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) 
-#   for details.
-#
-# @param proxy_dest_reverse_match
-#   Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See 
-#   [ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) 
-#   for details.
-#
-# @param proxy_pass_match
-#   This directive is equivalent to `proxy_pass`, but takes regular expressions, see 
-#   [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) 
-#   for details.
-#
-# @param redirect_dest
-#   Specifies the address to redirect to.
-#
-# @param redirect_source
-#   Specifies the source URIs that redirect to the destination specified in `redirect_dest`. 
-#   If more than one item for redirect is supplied, the source and destination must be the same 
-#   length, and the items are order-dependent.
-#   ``` puppet
-#   apache::vhost { 'site.name.fdqn':
-#     ...
-#     redirect_source => ['/images','/downloads'],
-#     redirect_dest   => ['http://img.example.com/','http://downloads.example.com/'],
-#   }
-#   ```
-#
-# @param redirect_status
-#   Specifies the status to append to the redirect.
-#   ``` puppet
-#     apache::vhost { 'site.name.fdqn':
-#     ...
-#     redirect_status => ['temp','permanent'],
-#   }
-#   ```
-#
-# @param redirectmatch_regexp
-#   Determines which server status should be raised for a given regular expression 
-#   and where to forward the user to. Entered as an array alongside redirectmatch_status 
-#   and redirectmatch_dest.
-#   ``` puppet
-#   apache::vhost { 'site.name.fdqn':
-#     ...
-#     redirectmatch_status => ['404','404'],
-#     redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
-#     redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
-#   }
-#   ```
-#
-# @param redirectmatch_status
-#   Determines which server status should be raised for a given regular expression 
-#   and where to forward the user to. Entered as an array alongside redirectmatch_regexp 
-#   and redirectmatch_dest.
-#   ``` puppet
-#   apache::vhost { 'site.name.fdqn':
-#     ...
-#     redirectmatch_status => ['404','404'],
-#     redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
-#     redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
-#   }
-#   ```
-#
-# @param redirectmatch_dest
-#   Determines which server status should be raised for a given regular expression 
-#   and where to forward the user to. Entered as an array alongside redirectmatch_status 
-#   and redirectmatch_regexp.
-#   ``` puppet
-#   apache::vhost { 'site.name.fdqn':
-#     ...
-#     redirectmatch_status => ['404','404'],
-#     redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
-#     redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
-#   }
-#   ```
-#
-# @param request_headers
-#   Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) 
-#   in various ways, including adding additional request headers, removing request headers, 
-#   and so on.
-#   ``` puppet
-#   apache::vhost { 'site.name.fdqn':
-#     ...
-#     request_headers => [
-#       'append MirrorID "mirror 12"',
-#       'unset MirrorID',
-#     ],
-#   }
-#   ```
-#
-# @param rewrites
-#   Creates URL rewrite rules. Expects an array of hashes.<br />
-#   Valid Hash keys include `comment`, `rewrite_base`, `rewrite_cond`, `rewrite_rule`
-#   or `rewrite_map`.<br />
-#   For example, you can specify that anyone trying to access index.html is served welcome.html
-#   ``` puppet
-#   apache::vhost { 'site.name.fdqn':
-#     ...
-#     rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ]
-#   }
-#   ```
-#   The parameter allows rewrite conditions that, when `true`, execute the associated rule. 
-#   For instance, if you wanted to rewrite URLs only if the visitor is using IE
-#   ``` puppet
-#   apache::vhost { 'site.name.fdqn':
-#     ...
-#     rewrites => [
-#       {
-#         comment      => 'redirect IE',
-#         rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
-#         rewrite_rule => ['^index\.html$ welcome.html'],
-#       },
-#     ],
-#   }
-#   ```
-#   You can also apply multiple conditions. For instance, rewrite index.html to welcome.html 
-#   only when the browser is Lynx or Mozilla (version 1 or 2)
-#   ``` puppet
-#   apache::vhost { 'site.name.fdqn':
-#     ...
-#     rewrites => [
-#       {
-#         comment      => 'Lynx or Mozilla v1/2',
-#         rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
-#         rewrite_rule => ['^index\.html$ welcome.html'],
-#       },
-#     ],
-#   }
-#   ```
-#   Multiple rewrites and conditions are also possible
-#   ``` puppet
-#   apache::vhost { 'site.name.fdqn':
-#     ...
-#     rewrites => [
-#       {
-#         comment      => 'Lynx or Mozilla v1/2',
-#         rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
-#         rewrite_rule => ['^index\.html$ welcome.html'],
-#       },
-#       {
-#         comment      => 'Internet Explorer',
-#         rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
-#         rewrite_rule => ['^index\.html$ /index.IE.html [L]'],
-#       },
-#       {
-#         rewrite_base => /apps/,
-#         rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'],
-#       },
-#       { comment      => 'Rewrite to lower case',
-#         rewrite_cond => ['%{REQUEST_URI} [A-Z]'],
-#         rewrite_map  => ['lc int:tolower'],
-#         rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'],
-#       },
-#     ],
-#   }
-#   ```
-#   Refer to the [`mod_rewrite` documentation](https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html)
-#   for more details on what is possible with rewrite rules and conditions.<br />
-#   > **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` 
-#   and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather 
-#   than setting the rewrites in the virtual host's directories.
-#
-# @param rewrite_base
-#   The parameter [`rewrite_base`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase)
-#   specifies the URL prefix to be used for per-directory (htaccess) RewriteRule directives
-#   that substitue a relative path.
-# 
-# @param rewrite_rule
-#   The parameter [`rewrite_rile`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule)
-#   allows the user to define the rules that will be used by the rewrite engine.
-# 
-# @param rewrite_cond
-#   The parameter [`rewrite_cond`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond)
-#   defines a rule condition, that when satisfied will implement that rule within the 
-#   rewrite engine.
-#
-# @param rewrite_inherit
-#   Determines whether the virtual host inherits global rewrite rules.<br />
-#   Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or 
-#   inside the virtual host `.conf` file. By default, virtual hosts do not inherit 
-#   global settings. To activate inheritance, specify the `rewrites` parameter and set 
-#   `rewrite_inherit` parameter to `true`:
-#   ``` puppet
-#   apache::vhost { 'site.name.fdqn':
-#     ...
-#     rewrites => [
-#       <rules>,
-#     ],
-#     rewrite_inherit => `true`,
-#   }
-#   ```
-#   > **Note**: The `rewrites` parameter is **required** for this to have effect<br />
-#   Apache activates global `Rewrite` rules inheritance if the virtual host files contains 
-#   the following directives:
-#   ``` ApacheConf
-#   RewriteEngine On
-#   RewriteOptions Inherit
-#   ```
-#   Refer to the official [`mod_rewrite`](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html)
-#   documentation, section "Rewriting in Virtual Hosts".
-#
-# @param scriptalias
-#   Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as 
-#   '/usr/scripts'.
-#
-# @param scriptaliases
-#   > **Note**: This parameter is deprecated in favor of the `aliases` parameter.<br />
-#   Passes an array of hashes to the virtual host to create either ScriptAlias or 
-#   ScriptAliasMatch statements per the `mod_alias` documentation.
-#   ``` puppet
-#   scriptaliases => [
-#     {
-#       alias => '/myscript',
-#       path  => '/usr/share/myscript',
-#     },
-#     {
-#       aliasmatch => '^/foo(.*)',
-#       path       => '/usr/share/fooscripts$1',
-#     },
-#     {
-#       aliasmatch => '^/bar/(.*)',
-#       path       => '/usr/share/bar/wrapper.sh/$1',
-#     },
-#     {
-#       alias => '/neatscript',
-#       path  => '/usr/share/neatscript',
-#     },
-#   ]
-#   ```
-#   The ScriptAlias and ScriptAliasMatch directives are created in the order specified. 
-#   As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases 
-#   before more general ones to avoid shadowing.
-#
-# @param serveradmin
-#   Specifies the email address Apache displays when it renders one of its error pages.
-#
-# @param serveraliases
-#   Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias) 
-#   of the site.
-#
-# @param servername
-#   Sets the servername corresponding to the hostname you connect to the virtual host at.
-#
-# @param setenv
-#   Used by HTTPD to set environment variables for virtual hosts.<br />
-#   Example:
-#   ``` puppet
-#   apache::vhost { 'setenv.example.com':
-#     setenv => ['SPECIAL_PATH /foo/bin'],
-#   }
-#   ```
-#
-# @param setenvif
-#   Used by HTTPD to conditionally set environment variables for virtual hosts.
-#
-# @param setenvifnocase
-#   Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching).
-#
-# @param suexec_user_group
-#   Allows the spcification of user and group execution privileges for CGI programs through
-#   inclusion of the `mod_suexec` module.
-# 
-# @param suphp_addhandler
-#   Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
-#   working together with suphp_configpath and suphp_engine.<br />
-#   An example virtual host configuration with suPHP:
-#   ``` puppet
-#   apache::vhost { 'suphp.example.com':
-#     port             => '80',
-#     docroot          => '/home/appuser/myphpapp',
-#     suphp_addhandler => 'x-httpd-php',
-#     suphp_engine     => 'on',
-#     suphp_configpath => '/etc/php5/apache2',
-#     directories      => { path => '/home/appuser/myphpapp',
-#       'suphp'        => { user => 'myappuser', group => 'myappgroup' },
-#     }
-#   }
-#   ```
-#
-# @param suphp_configpath
-#   Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
-#   working together with suphp_addhandler and suphp_engine.<br />
-#   An example virtual host configuration with suPHP:
-#   ``` puppet
-#   apache::vhost { 'suphp.example.com':
-#     port             => '80',
-#     docroot          => '/home/appuser/myphpapp',
-#     suphp_addhandler => 'x-httpd-php',
-#     suphp_engine     => 'on',
-#     suphp_configpath => '/etc/php5/apache2',
-#     directories      => { path => '/home/appuser/myphpapp',
-#       'suphp'        => { user => 'myappuser', group => 'myappgroup' },
-#     }
-#   }
-#   ```
-#
-# @param suphp_engine
-#   Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
-#   working together with suphp_configpath and suphp_addhandler.<br />
-#   An example virtual host configuration with suPHP:
-#   ``` puppet
-#   apache::vhost { 'suphp.example.com':
-#     port             => '80',
-#     docroot          => '/home/appuser/myphpapp',
-#     suphp_addhandler => 'x-httpd-php',
-#     suphp_engine     => 'on',
-#     suphp_configpath => '/etc/php5/apache2',
-#     directories      => { path => '/home/appuser/myphpapp',
-#       'suphp'        => { user => 'myappuser', group => 'myappgroup' },
-#     }
-#   }
-#   ```
-#
-# @param vhost_name
-#   Enables name-based virtual hosting. If no IP is passed to the virtual host, but the 
-#   virtual host is assigned a port, then the virtual host name is `vhost_name:port`. 
-#   If the virtual host has no assigned IP or port, the virtual host name is set to the 
-#   title of the resource.
-#
-# @param virtual_docroot
-#   Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the 
-#   same name. For example, `http://example.com` would map to `/var/www/example.com`.
-#   Note that the `DocumentRoot` directive will not be present even though there is a value
-#   set for `docroot` in the manifest. See [`virtual_use_default_docroot`](#virtual_use_default_docroot) to change this behavior.
-#   ``` puppet
-#   apache::vhost { 'subdomain.loc':
-#     vhost_name      => '*',
-#     port            => '80',
-#     virtual_docroot => '/var/www/%-2+',
-#     docroot         => '/var/www',
-#     serveraliases   => ['*.loc',],
-#   }
-#   ```
-# 
-# @param virtual_use_default_docroot
-#   By default, when using `virtual_docroot`, the value of `docroot` is ignored. Setting this
-#   to `true` will mean both directives will be added to the configuration.
-#   ``` puppet
-#   apache::vhost { 'subdomain.loc':
-#     vhost_name                  => '*',
-#     port                        => '80',
-#     virtual_docroot             => '/var/www/%-2+',
-#     docroot                     => '/var/www',
-#     virtual_use_default_docroot => true,
-#     serveraliases               => ['*.loc',],
-#   }
-#   ```
-#
-# @param wsgi_daemon_process
-#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
-#   wsgi_daemon_process_options, wsgi_process_group, 
-#   wsgi_script_aliases and wsgi_pass_authorization.<br />
-#   A hash that sets the name of the WSGI daemon, accepting 
-#   [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html).<br />
-#   An example virtual host configuration with WSGI:
-#   ``` puppet
-#   apache::vhost { 'wsgi.example.com':
-#     port                        => '80',
-#     docroot                     => '/var/www/pythonapp',
-#     wsgi_daemon_process         => 'wsgi',
-#     wsgi_daemon_process_options =>
-#       { processes    => '2',
-#         threads      => '15',
-#         display-name => '%{GROUP}',
-#       },
-#     wsgi_process_group          => 'wsgi',
-#     wsgi_script_aliases         => { '/' => '/var/www/demo.wsgi' },
-#     wsgi_chunked_request        => 'On',
-#   }
-#   ```
-#
-# @param wsgi_daemon_process_options
-#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
-#   wsgi_daemon_process, wsgi_process_group, 
-#   wsgi_script_aliases and wsgi_pass_authorization.<br />
-#   Sets the group ID that the virtual host runs under.
-#
-# @param wsgi_application_group
-#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
-#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, 
-#   and wsgi_pass_authorization.<br />
-#   This parameter defines the [`WSGIApplicationGroup directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html),
-#   thus allowing you to specify which application group the WSGI application belongs to,
-#   with all WSGI applications within the same group executing within the context of the
-#   same Python sub interpreter.
-#
-# @param wsgi_import_script
-#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
-#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, 
-#   and wsgi_pass_authorization.<br />
-#   This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html),
-#   which can be used in order to specify a script file to be loaded upon a process starting.
-#
-# @param wsgi_import_script_options
-#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
-#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, 
-#   and wsgi_pass_authorization.<br />
-#   This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html),
-#   which can be used in order to specify a script file to be loaded upon a process starting.<br />
-#   Specifies the process and aplication groups of the script.
-#
-# @param wsgi_chunked_request
-#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
-#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, 
-#   and wsgi_pass_authorization.<br />
-#   This parameter defines the [`WSGIChunkedRequest directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIChunkedRequest.html),
-#   allowing you to enable support for chunked request content.<br />
-#   WSGI is technically incapable of supporting chunked request content without all chunked
-#   request content having first been read in and buffered.
-#
-# @param wsgi_process_group
-#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
-#   wsgi_daemon_process, wsgi_daemon_process_options,  
-#   wsgi_script_aliases and wsgi_pass_authorization.<br />
-#   Requires a hash of web paths to filesystem `.wsgi paths/`.
-#
-# @param wsgi_script_aliases
-#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
-#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, 
-#   and wsgi_pass_authorization.<br />
-#   Uses the WSGI application to handle authorization instead of Apache when set to `On`.<br />
-#   For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).
-#
-# @param wsgi_script_aliases_match
-#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
-#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, 
-#   and wsgi_pass_authorization.<br />
-#   Uses the WSGI application to handle authorization instead of Apache when set to `On`.<br />
-#   This directive is similar to `wsgi_script_aliases`, but makes use of regular expressions
-#   in place of simple prefix matching.<br />
-#   For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).
-# 
-# @param wsgi_pass_authorization
-#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
-#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group and
-#   wsgi_script_aliases.<br />
-#   Enables support for chunked requests.
-#
-# @param directories
-#   The `directories` parameter within the `apache::vhost` class passes an array of hashes 
-#   to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory), 
-#   [File](https://httpd.apache.org/docs/current/mod/core.html#files), and 
-#   [Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. 
-#   These blocks take the form, `< Directory /path/to/directory>...< /Directory>`.<br />
-#   The `path` key sets the path for the directory, files, and location blocks. Its value 
-#   must be a path for the `directory`, `files`, and `location` providers, or a regex for 
-#   the `directorymatch`, `filesmatch`, or `locationmatch` providers. Each hash passed to 
-#   `directories` **must** contain `path` as one of the keys.<br />
-#   The `provider` key is optional. If missing, this key defaults to `directory`.
-#    Values: `directory`, `files`, `proxy`, `location`, `directorymatch`, `filesmatch`, 
-#   `proxymatch` or `locationmatch`. If you set `provider` to `directorymatch`, it 
-#   uses the keyword `DirectoryMatch` in the Apache config file.<br />
-#   An example use of `directories`:
-#   ``` puppet
-#   apache::vhost { 'files.example.net':
-#     docroot     => '/var/www/files',
-#     directories => [
-#       { 'path'     => '/var/www/files',
-#         'provider' => 'files',
-#         'deny'     => 'from all',
-#       },
-#     ],
-#   }
-#   ```
-#   > **Note:** At least one directory should match the `docroot` parameter. After you 
-#   start declaring directories, `apache::vhost` assumes that all required Directory blocks 
-#   will be declared. If not defined, a single default Directory block is created that matches 
-#   the `docroot` parameter.<br />
-#   Available handlers, represented as keys, should be placed within the `directory`, 
-#   `files`, or `location` hashes. This looks like
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     docroot     => '/path/to/directory',
-#     directories => [ { path => '/path/to/directory', handler => value } ],
-#   }
-#   ```
-#   Any handlers you do not set in these hashes are considered `undefined` within Puppet and 
-#   are not added to the virtual host, resulting in the module using their default values.
-#
-# @param custom_fragment
-#   Pass a string of custom configuration directives to be placed at the end of the directory 
-#   configuration.
-#   ``` puppet
-#   apache::vhost { 'monitor':
-#     ...
-#     directories => [
-#       {
-#         path => '/path/to/directory',
-#         custom_fragment => '
-#   <Location /balancer-manager>
-#     SetHandler balancer-manager
-#     Order allow,deny
-#     Allow from all
-#   </Location>
-#   <Location /server-status>
-#     SetHandler server-status
-#     Order allow,deny
-#     Allow from all
-#   </Location>
-#   ProxyStatus On',
-#       },
-#     ]
-#   }
-#   ```
-#
-# @param error_documents
-#   An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) 
-#   settings for the directory.
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     directories => [
-#       { path            => '/srv/www',
-#         error_documents => [
-#           { 'error_code' => '503',
-#             'document'   => '/service-unavail',
-#           },
-#         ],
-#       },
-#     ],
-#   }
-#   ```
-#
-# @param h2_copy_files
-#   Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive.<br />
-#   Note that you must declare `class {'apache::mod::http2': }` before using this directive.
-#
-# @param h2_push_resource
-#   Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive.<br />
-#   Note that you must declare `class {'apache::mod::http2': }` before using this directive.
-#
-# @param headers
-#   Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives.
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     docroot     => '/path/to/directory',
-#     directories => {
-#       path    => '/path/to/directory',
-#       headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
-#     },
-#   }
-#   ```
-#
-# @param options
-#   Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the 
-#   given Directory block.
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     docroot     => '/path/to/directory',
-#     directories => [
-#       { path    => '/path/to/directory',
-#         options => ['Indexes','FollowSymLinks','MultiViews'],
-#       },
-#     ],
-#   }
-#   ```
-# 
-# @param shib_compat_valid_user
-#   Default is Off, matching the behavior prior to this command's existence. Addresses a conflict 
-#   when using Shibboleth in conjunction with other auth/auth modules by restoring `standard` 
-#   Apache behavior when processing the `valid-user` and `user` Require rules. See the 
-#   [`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions), 
-#   and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess) 
-#   topic for more details. This key is disabled if `apache::mod::shib` is not defined.
-#
-# @param ssl_options
-#   String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), 
-#   which configure SSL engine run-time options. This handler takes precedence over SSLOptions 
-#   set in the parent block of the virtual host.
-#   ``` puppet
-#   apache::vhost { 'secure.example.net':
-#     docroot     => '/path/to/directory',
-#     directories => [
-#       { path        => '/path/to/directory',
-#         ssl_options => '+ExportCertData',
-#       },
-#       { path        => '/path/to/different/dir',
-#         ssl_options => ['-StdEnvVars', '+ExportCertData'],
-#       },
-#     ],
-#   }
-#   ```
-#
-# @param additional_includes
-#   Specifies paths to additional static, specific Apache configuration files in virtual 
-#   host directories.
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     docroot     => '/path/to/directory',
-#     directories => [
-#       { path  => '/path/to/different/dir',
-#         additional_includes => ['/custom/path/includes', '/custom/path/another_includes',],
-#       },
-#     ],
-#   }
-#   ```
-# 
-# @param gssapi
-#  Specfies mod_auth_gssapi parameters for particular directories in a virtual host directory
-#  ```puppet
-#   include apache::mod::auth_gssapi
-#   apache::vhost { 'sample.example.net':
-#     docroot     => '/path/to/directory',
-#     directories => [
-#       { path   => '/path/to/different/dir',
-#         gssapi => {
-#           credstore => 'keytab:/foo/bar.keytab',
-#           localname => 'Off',
-#           sslonly   => 'On',
-#         }
-#       },
-#     ],
-#   }
-#   ```
-#
-# @param ssl
-#   Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries.
-#
-# @param ssl_ca
-#   Specifies the SSL certificate authority to be used to verify client certificates used 
-#   for authentication.
-#
-# @param ssl_cert
-#   Specifies the SSL certification.
-#
-# @param ssl_protocol
-#   Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). 
-#   Expects an array or space separated string of accepted protocols.
-#
-# @param ssl_cipher
-#   Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite).
-#
-# @param ssl_honorcipherorder
-#   Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), 
-#   to cause Apache to use the server's preferred order of ciphers rather than the client's 
-#   preferred order.
-#
-# @param ssl_certs_dir
-#   Specifies the location of the SSL certification directory to verify client certs.
-#
-# @param ssl_chain
-#   Specifies the SSL chain. This default works out of the box, but it must be updated in 
-#   the base `apache` class with your specific certificate information before being used in 
-#   production.
-#
-# @param ssl_crl
-#   Specifies the certificate revocation list to use. (This default works out of the box but 
-#   must be updated in the base `apache` class with your specific certificate information 
-#   before being used in production.)
-#
-# @param ssl_crl_path
-#   Specifies the location of the certificate revocation list to verify certificates for 
-#   client authentication with. (This default works out of the box but must be updated in 
-#   the base `apache` class with your specific certificate information before being used in 
-#   production.)
-#
-# @param ssl_crl_check
-#   Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck) 
-#   for ssl client authentication. The default works out of the box but must be specified when 
-#   using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on 
-#   older versions.
-#
-# @param ssl_key
-#   Specifies the SSL key.<br />
-#   Defaults are based on your operating system. Default work out of the box but must be 
-#   updated in the base `apache` class with your specific certificate information before 
-#   being used in production.
-#
-# @param ssl_verify_client
-#   Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) 
-#   directive, which sets the certificate verification level for client authentication.
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     ...
-#     ssl_verify_client => 'optional',
-#   }
-#   ```
-#
-# @param ssl_verify_depth
-#   Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) 
-#   directive, which specifies the maximum depth of CA certificates in client certificate 
-#   verification. You must set `ssl_verify_client` for it to take effect.
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     ...
-#     ssl_verify_client => 'require',
-#     ssl_verify_depth => 1,
-#   }
-#   ```
-#
-# @param ssl_proxy_protocol
-#   Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) 
-#   directive, which controls which SSL protocol flavors `mod_ssl` should use when establishing 
-#   its server environment for proxy. It connects to servers using only one of the provided 
-#   protocols.
-#
-# @param ssl_proxy_verify
-#   Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) 
-#   directive, which configures certificate verification of the remote server when a proxy is 
-#   configured to forward requests to a remote SSL server.
-#
-# @param ssl_proxy_verify_depth
-#   Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth) 
-#   directive, which configures how deeply mod_ssl should verify before deciding that the 
-#   remote server does not have a valid certificate.<br />
-#   A depth of 0 means that only self-signed remote server certificates are accepted, 
-#   the default depth of 1 means the remote server certificate can be self-signed or 
-#   signed by a CA that is directly known to the server.
-#
-# @param ssl_proxy_cipher_suite
-#   Sets the [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite) 
-#   directive, which controls cipher suites supported for ssl proxy traffic.
-#
-# @param ssl_proxy_ca_cert
-#   Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile) 
-#   directive, which specifies an all-in-one file where you can assemble the Certificates 
-#   of Certification Authorities (CA) whose remote servers you deal with. These are used 
-#   for Remote Server Authentication. This file should be a concatenation of the PEM-encoded 
-#   certificate files in order of preference.
-#
-# @param ssl_proxy_machine_cert
-#   Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) 
-#   directive, which specifies an all-in-one file where you keep the certs and keys used 
-#   for this server to authenticate itself to remote servers. This file should be a 
-#   concatenation of the PEM-encoded certificate files in order of preference.
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     ...
-#     ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem',
-#   }
-#   ```
-# @param ssl_proxy_machine_cert_chain
-#   Sets the [SSLProxyMachineCertificateChainFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatechainfile)
-#   directive, which specifies an all-in-one file where you keep the certificate chain for
-#   all of the client certs in use. This directive will be needed if the remote server
-#   presents a list of CA certificates that are not direct signers of one of the configured
-#   client certificates. This referenced file is simply the concatenation of the various
-#   PEM-encoded certificate files. Upon startup, each client certificate configured will be
-#   examined and a chain of trust will be constructed.
-#
-# @param ssl_proxy_check_peer_cn
-#   Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) 
-#   directive, which specifies whether the remote server certificate's CN field is compared 
-#   against the hostname of the request URL.
-#
-# @param ssl_proxy_check_peer_name
-#   Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) 
-#   directive, which specifies whether the remote server certificate's CN field is compared 
-#   against the hostname of the request URL.
-#
-# @param ssl_proxy_check_peer_expire
-#   Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) 
-#   directive, which specifies whether the remote server certificate is checked for expiration 
-#   or not.
-#
-# @param ssl_options
-#   Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) 
-#   directive, which configures various SSL engine run-time options. This is the global 
-#   setting for the given virtual host and can be a string or an array.<br />
-#   A string:
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     ...
-#     ssl_options => '+ExportCertData',
-#   }
-#   ```
-#   An array:
-#   ``` puppet
-#   apache::vhost { 'sample.example.net':
-#     ...
-#     ssl_options => ['+StrictRequire', '+ExportCertData'],
-#   }
-#   ```
-#
-# @param ssl_openssl_conf_cmd
-#   Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) 
-#   directive, which provides direct configuration of OpenSSL parameters.
-#
-# @param ssl_proxyengine
-#   Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine).
-#
-# @param ssl_stapling
-#   Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). 
-#   By default, uses what is set globally.<br />
-#   This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
-#
-# @param ssl_stapling_timeout
-#   Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive.<br />
-#   This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
-#
-# @param ssl_stapling_return_errors
-#   Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.<br />
-#   This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
-#
-# @param ssl_user_name
-#   Sets the [SSLUserName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusername) directive.
-#
-# @param ssl_reload_on_change
-#   Enable reloading of apache if the content of ssl files have changed.
-#
-# @param use_canonical_name
-#   Specifies whether to use the [`UseCanonicalName directive`](https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname),
-#   which allows you to configure how the server determines it's own name and port.
-# 
-# @param define
-#   this lets you define configuration variables inside a vhost using [`Define`](https://httpd.apache.org/docs/2.4/mod/core.html#define),
-#   these can then be used to replace configuration values. All Defines are Undefined at the end of the VirtualHost.
-#
-# @param auth_oidc
-#   Enable `mod_auth_openidc` parameters for OpenID Connect authentication.
-#
-# @param oidc_settings
-#   An Apache::OIDCSettings Struct containing (mod_auth_openidc settings)[https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf].
-#
-# @param limitreqfields
-#   The `limitreqfields` parameter sets the maximum number of request header fields in
-#   an HTTP request. This directive gives the server administrator greater control over
-#   abnormal client request behavior, which may be useful for avoiding some forms of
-#   denial-of-service attacks. The value should be increased if normal clients see an error
-#   response from the server that indicates too many fields were sent in the request.
-#
-# @param limitreqfieldsize
-#   The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will
-#   be allowed within a request header.
-#
-# @param limitreqline
-#   Limit the size of the HTTP request line that will be accepted from the client
-#   This directive sets the number of bytes that will be allowed on the HTTP
-#   request-line. The LimitRequestLine directive allows the server administrator
-#   to set the limit on the allowed size of a client's HTTP request-line. Since
-#   the request-line consists of the HTTP method, URI, and protocol version, the
-#   LimitRequestLine directive places a restriction on the length of a request-URI
-#   allowed for a request on the server. A server needs this value to be large
-#   enough to hold any of its resource names, including any information that might
-#   be passed in the query part of a GET request.
-#
-# @param limitreqbody
-#   Restricts the total size of the HTTP request body sent from the client
-#   The LimitRequestBody directive allows the user to set a limit on the allowed
-#   size of an HTTP request message body within the context in which the
-#   directive is given (server, per-directory, per-file or per-location). If the
-#   client request exceeds that limit, the server will return an error response
-#   instead of servicing the request.
-#
-# @param $use_servername_for_filenames
-#   When set to true, default log / config file names will be derived from the sanitized
-#   value of the $servername parameter.
-#   When set to false (default), the existing behaviour of using the $name parameter
-#   will remain.
-#
-# @param $use_port_for_filenames
-#   When set to true and use_servername_for_filenames is also set to true, default log /
-#   config file names will be derived from the sanitized value of both the $servername and
-#   $port parameters.
-#   When set to false (default), the port is not included in the file names and may lead to
-#   duplicate declarations if two virtual hosts use the same domain.
-#
-# @param $mdomain
-#   All the names in the list are managed as one Managed Domain (MD). mod_md will request
-#   one single certificate that is valid for all these names.
-define apache::vhost (
+# See README.md for usage information
+define apache::vhost(
   Variant[Boolean,String] $docroot,
   $manage_docroot                                                                   = true,
   $virtual_docroot                                                                  = false,
-  $virtual_use_default_docroot                                                      = false,
   $port                                                                             = undef,
   $ip                                                                               = undef,
   Boolean $ip_based                                                                 = false,
   $add_listen                                                                       = true,
   $docroot_owner                                                                    = 'root',
-  $docroot_group                                                                    = $apache::params::root_group,
+  $docroot_group                                                                    = $::apache::params::root_group,
   $docroot_mode                                                                     = undef,
-  Array[Enum['h2', 'h2c', 'http/1.1']] $protocols                                   = [],
-  Optional[Boolean] $protocols_honor_order                                          = undef,
   $serveradmin                                                                      = undef,
   Boolean $ssl                                                                      = false,
-  $ssl_cert                                                                         = $apache::default_ssl_cert,
-  $ssl_key                                                                          = $apache::default_ssl_key,
-  $ssl_chain                                                                        = $apache::default_ssl_chain,
-  $ssl_ca                                                                           = $apache::default_ssl_ca,
-  $ssl_crl_path                                                                     = $apache::default_ssl_crl_path,
-  $ssl_crl                                                                          = $apache::default_ssl_crl,
-  $ssl_crl_check                                                                    = $apache::default_ssl_crl_check,
-  $ssl_certs_dir                                                                    = $apache::params::ssl_certs_dir,
-  Boolean $ssl_reload_on_change                                                     = $apache::default_ssl_reload_on_change,
+  $ssl_cert                                                                         = $::apache::default_ssl_cert,
+  $ssl_key                                                                          = $::apache::default_ssl_key,
+  $ssl_chain                                                                        = $::apache::default_ssl_chain,
+  $ssl_ca                                                                           = $::apache::default_ssl_ca,
+  $ssl_crl_path                                                                     = $::apache::default_ssl_crl_path,
+  $ssl_crl                                                                          = $::apache::default_ssl_crl,
+  $ssl_crl_check                                                                    = $::apache::default_ssl_crl_check,
+  $ssl_certs_dir                                                                    = $::apache::params::ssl_certs_dir,
   $ssl_protocol                                                                     = undef,
   $ssl_cipher                                                                       = undef,
-  Variant[Boolean, Enum['on', 'On', 'off', 'Off'], Undef] $ssl_honorcipherorder     = undef,
-  Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_verify_client = undef,
+  $ssl_honorcipherorder                                                             = undef,
+  $ssl_verify_client                                                                = undef,
   $ssl_verify_depth                                                                 = undef,
   Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_proxy_verify = undef,
-  Optional[Integer[0]] $ssl_proxy_verify_depth                                      = undef,
+  $ssl_proxy_verify_depth                                                           = undef,
   $ssl_proxy_ca_cert                                                                = undef,
   Optional[Enum['on', 'off']] $ssl_proxy_check_peer_cn                              = undef,
   Optional[Enum['on', 'off']] $ssl_proxy_check_peer_name                            = undef,
   Optional[Enum['on', 'off']] $ssl_proxy_check_peer_expire                          = undef,
   $ssl_proxy_machine_cert                                                           = undef,
-  $ssl_proxy_machine_cert_chain                                                     = undef,
-  $ssl_proxy_cipher_suite                                                           = undef,
   $ssl_proxy_protocol                                                               = undef,
   $ssl_options                                                                      = undef,
   $ssl_openssl_conf_cmd                                                             = undef,
@@ -1804,45 +39,34 @@ define apache::vhost (
   Optional[Boolean] $ssl_stapling                                                   = undef,
   $ssl_stapling_timeout                                                             = undef,
   $ssl_stapling_return_errors                                                       = undef,
-  Optional[String] $ssl_user_name                                                   = undef,
   $priority                                                                         = undef,
   Boolean $default_vhost                                                            = false,
   $servername                                                                       = $name,
   $serveraliases                                                                    = [],
   $options                                                                          = ['Indexes','FollowSymLinks','MultiViews'],
-  $override                                                                         = ['None'],
+  $override                                                                         = ['All'],
   $directoryindex                                                                   = '',
   $vhost_name                                                                       = '*',
-  $logroot                                                                          = $apache::logroot,
+  $logroot                                                                          = $::apache::logroot,
   Enum['directory', 'absent'] $logroot_ensure                                       = 'directory',
   $logroot_mode                                                                     = undef,
   $logroot_owner                                                                    = undef,
   $logroot_group                                                                    = undef,
-  Optional[Apache::LogLevel] $log_level                                             = undef,
+  $log_level                                                                        = undef,
   Boolean $access_log                                                               = true,
   $access_log_file                                                                  = false,
   $access_log_pipe                                                                  = false,
   $access_log_syslog                                                                = false,
   $access_log_format                                                                = false,
   $access_log_env_var                                                               = false,
-  Optional[Array] $access_logs                                                      = undef,
-  Optional[Boolean] $use_servername_for_filenames                                   = false,
-  Optional[Boolean] $use_port_for_filenames                                         = false,
+  $access_logs                                                                      = undef,
   $aliases                                                                          = undef,
-  Optional[Variant[Hash, Array[Variant[Array,Hash]]]] $directories                  = undef,
+  $directories                                                                      = undef,
   Boolean $error_log                                                                = true,
   $error_log_file                                                                   = undef,
   $error_log_pipe                                                                   = undef,
   $error_log_syslog                                                                 = undef,
-  Optional[
-    Array[
-      Variant[
-        String,
-        Hash[String, Enum['connection', 'request']]
-      ]
-    ]
-  ]       $error_log_format                                                         = undef,
-  Optional[Pattern[/^((Strict|Unsafe)?\s*(\b(Registered|Lenient)Methods)?\s*(\b(Allow0\.9|Require1\.0))?)$/]] $http_protocol_options = undef,
+  $http_protocol_options                                                            = undef,
   $modsec_audit_log                                                                 = undef,
   $modsec_audit_log_file                                                            = undef,
   $modsec_audit_log_pipe                                                            = undef,
@@ -1850,19 +74,14 @@ define apache::vhost (
   Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]] $fallbackresource       = undef,
   $scriptalias                                                                      = undef,
   $scriptaliases                                                                    = [],
-  Optional[Integer] $limitreqfieldsize                                              = undef,
-  Optional[Integer] $limitreqfields                                                 = undef,
-  Optional[Integer] $limitreqline                                                   = undef,
-  Optional[Integer] $limitreqbody                                                   = undef,
   $proxy_dest                                                                       = undef,
   $proxy_dest_match                                                                 = undef,
   $proxy_dest_reverse_match                                                         = undef,
   $proxy_pass                                                                       = undef,
   $proxy_pass_match                                                                 = undef,
-  Boolean $proxy_requests                                                           = false,
-  $suphp_addhandler                                                                 = $apache::params::suphp_addhandler,
-  Enum['on', 'off'] $suphp_engine                                                   = $apache::params::suphp_engine,
-  $suphp_configpath                                                                 = $apache::params::suphp_configpath,
+  $suphp_addhandler                                                                 = $::apache::params::suphp_addhandler,
+  Enum['on', 'off'] $suphp_engine                                                   = $::apache::params::suphp_engine,
+  $suphp_configpath                                                                 = $::apache::params::suphp_configpath,
   $php_flags                                                                        = {},
   $php_values                                                                       = {},
   $php_admin_flags                                                                  = {},
@@ -1878,6 +97,8 @@ define apache::vhost (
   $redirectmatch_status                                                             = undef,
   $redirectmatch_regexp                                                             = undef,
   $redirectmatch_dest                                                               = undef,
+  $rack_base_uris                                                                   = undef,
+  $passenger_base_uris                                                              = undef,
   $headers                                                                          = undef,
   $request_headers                                                                  = undef,
   $filters                                                                          = undef,
@@ -1892,7 +113,7 @@ define apache::vhost (
   $block                                                                            = [],
   Enum['absent', 'present'] $ensure                                                 = 'present',
   $wsgi_application_group                                                           = undef,
-  Optional[Variant[String,Hash]] $wsgi_daemon_process                               = undef,
+  $wsgi_daemon_process                                                              = undef,
   Optional[Hash] $wsgi_daemon_process_options                                       = undef,
   $wsgi_import_script                                                               = undef,
   Optional[Hash] $wsgi_import_script_options                                        = undef,
@@ -1909,78 +130,28 @@ define apache::vhost (
   $fastcgi_dir                                                                      = undef,
   $fastcgi_idle_timeout                                                             = undef,
   $additional_includes                                                              = [],
-  $use_optional_includes                                                            = $apache::use_optional_includes,
-  $apache_version                                                                   = $apache::apache_version,
+  $use_optional_includes                                                            = $::apache::use_optional_includes,
+  $apache_version                                                                   = $::apache::apache_version,
   Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes                    = undef,
-  Optional[Pattern[/^[\w-]+ [\w-]+$/]] $suexec_user_group                           = undef,
-
-  Optional[Boolean] $h2_copy_files                                                  = undef,
-  Optional[Boolean] $h2_direct                                                      = undef,
-  Optional[Boolean] $h2_early_hints                                                 = undef,
-  Optional[Integer] $h2_max_session_streams                                         = undef,
-  Optional[Boolean] $h2_modern_tls_only                                             = undef,
-  Optional[Boolean] $h2_push                                                        = undef,
-  Optional[Integer] $h2_push_diary_size                                             = undef,
-  Array[String]     $h2_push_priority                                               = [],
-  Array[String]     $h2_push_resource                                               = [],
-  Optional[Boolean] $h2_serialize_headers                                           = undef,
-  Optional[Integer] $h2_stream_max_mem_size                                         = undef,
-  Optional[Integer] $h2_tls_cool_down_secs                                          = undef,
-  Optional[Integer] $h2_tls_warm_up_size                                            = undef,
-  Optional[Boolean] $h2_upgrade                                                     = undef,
-  Optional[Integer] $h2_window_size                                                 = undef,
-
-  Optional[Boolean] $passenger_enabled                                              = undef,
-  Optional[String] $passenger_base_uri                                              = undef,
-  Optional[Stdlib::Absolutepath] $passenger_ruby                                    = undef,
-  Optional[Stdlib::Absolutepath] $passenger_python                                  = undef,
-  Optional[Stdlib::Absolutepath] $passenger_nodejs                                  = undef,
-  Optional[String] $passenger_meteor_app_settings                                   = undef,
-  Optional[String] $passenger_app_env                                               = undef,
-  Optional[Stdlib::Absolutepath] $passenger_app_root                                = undef,
-  Optional[String] $passenger_app_group_name                                        = undef,
-  Optional[String] $passenger_app_start_command                                     = undef,
-  Optional[Enum['meteor', 'node', 'rack', 'wsgi']] $passenger_app_type              = undef,
-  Optional[String] $passenger_startup_file                                          = undef,
-  Optional[String] $passenger_restart_dir                                           = undef,
-  Optional[Enum['direct', 'smart']] $passenger_spawn_method                         = undef,
-  Optional[Boolean] $passenger_load_shell_envvars                                   = undef,
-  Optional[Boolean] $passenger_rolling_restarts                                     = undef,
-  Optional[Boolean] $passenger_resist_deployment_errors                             = undef,
-  Optional[String] $passenger_user                                                  = undef,
-  Optional[String] $passenger_group                                                 = undef,
-  Optional[Boolean] $passenger_friendly_error_pages                                 = undef,
-  Optional[Integer] $passenger_min_instances                                        = undef,
-  Optional[Integer] $passenger_max_instances                                        = undef,
-  Optional[Integer] $passenger_max_preloader_idle_time                              = undef,
-  Optional[Integer] $passenger_force_max_concurrent_requests_per_process            = undef,
-  Optional[Integer] $passenger_start_timeout                                        = undef,
-  Optional[Enum['process', 'thread']] $passenger_concurrency_model                  = undef,
-  Optional[Integer] $passenger_thread_count                                         = undef,
-  Optional[Integer] $passenger_max_requests                                         = undef,
-  Optional[Integer] $passenger_max_request_time                                     = undef,
-  Optional[Integer] $passenger_memory_limit                                         = undef,
-  Optional[Integer] $passenger_stat_throttle_rate                                   = undef,
-  Optional[Variant[String,Array[String]]] $passenger_pre_start                      = undef,
-  Optional[Boolean] $passenger_high_performance                                     = undef,
-  Optional[Boolean] $passenger_buffer_upload                                        = undef,
-  Optional[Boolean] $passenger_buffer_response                                      = undef,
-  Optional[Boolean] $passenger_error_override                                       = undef,
-  Optional[Integer] $passenger_max_request_queue_size                               = undef,
-  Optional[Integer] $passenger_max_request_queue_time                               = undef,
+  $suexec_user_group                                                                = undef,
+  $passenger_app_root                                                               = undef,
+  $passenger_app_env                                                                = undef,
+  $passenger_ruby                                                                   = undef,
+  $passenger_min_instances                                                          = undef,
+  $passenger_max_requests                                                           = undef,
+  $passenger_start_timeout                                                          = undef,
+  $passenger_pre_start                                                              = undef,
+  $passenger_user                                                                   = undef,
+  $passenger_high_performance                                                       = undef,
+  $passenger_nodejs                                                                 = undef,
   Optional[Boolean] $passenger_sticky_sessions                                      = undef,
-  Optional[String] $passenger_sticky_sessions_cookie_name                           = undef,
-  Optional[String] $passenger_sticky_sessions_cookie_attributes                     = undef,
-  Optional[Boolean] $passenger_allow_encoded_slashes                                = undef,
-  Optional[String] $passenger_app_log_file                                          = undef,
-  Optional[Boolean] $passenger_debugger                                             = undef,
-  Optional[Integer] $passenger_lve_min_uid                                          = undef,
+  $passenger_startup_file                                                           = undef,
   $add_default_charset                                                              = undef,
   $modsec_disable_vhost                                                             = undef,
-  Optional[Variant[Hash, Array]] $modsec_disable_ids                                = undef,
+  $modsec_disable_ids                                                               = undef,
   $modsec_disable_ips                                                               = undef,
-  Optional[Variant[Hash, Array]] $modsec_disable_msgs                               = undef,
-  Optional[Variant[Hash, Array]] $modsec_disable_tags                               = undef,
+  $modsec_disable_msgs                                                              = undef,
+  $modsec_disable_tags                                                              = undef,
   $modsec_body_limit                                                                = undef,
   $jk_mounts                                                                        = undef,
   Boolean $auth_kerb                                                                = false,
@@ -1998,37 +169,45 @@ define apache::vhost (
   $max_keepalive_requests                                                           = undef,
   $cas_attribute_prefix                                                             = undef,
   $cas_attribute_delimiter                                                          = undef,
-  $cas_root_proxied_as                                                              = undef,
   $cas_scrub_request_headers                                                        = undef,
   $cas_sso_enabled                                                                  = undef,
   $cas_login_url                                                                    = undef,
   $cas_validate_url                                                                 = undef,
   $cas_validate_saml                                                                = undef,
-  $cas_cookie_path                                                                  = undef,
-  Optional[String] $shib_compat_valid_user                                          = undef,
-  Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']] $use_canonical_name        = undef,
-  Optional[Variant[String,Array[String]]] $comment                                  = undef,
-  Hash $define                                                                      = {},
-  Boolean $auth_oidc                                                                = false,
-  Optional[Apache::OIDCSettings] $oidc_settings                                     = undef,
-  Optional[Variant[Boolean,String]] $mdomain                                        = undef,
 ) {
+
   # The base class must be included first because it is used by parameter defaults
   if ! defined(Class['apache']) {
     fail('You must include the apache base class before using any apache defined resources')
   }
 
-  $apache_name = $apache::apache_name
+  $apache_name = $::apache::apache_name
 
+  if $http_protocol_options != undef {
+    validate_re($http_protocol_options, '^((Strict|Unsafe)?\s*(\b(RegisteredMethods|LenientMethods))?\s*(\b(Allow0\.9|Require1\.0))?)$',
+    "${http_protocol_options} is not supported for http_protocol_options.
+    Allowed value is any sequence of the following alternative values:
+    'Strict' or Unsafe, 'RegisteredMethods' or 'LenientMethods', and
+    'Allow0.9' or 'Require1.0'.")
+  }
   if $rewrites {
     unless empty($rewrites) {
       $rewrites_flattened = delete_undef_values(flatten([$rewrites]))
-      assert_type(Array[Hash], $rewrites_flattened)
+      validate_hash($rewrites_flattened[0])
     }
   }
 
   # Input validation begins
 
+  if $suexec_user_group {
+    validate_re($suexec_user_group, '^[\w-]+ [\w-]+$',
+    "${suexec_user_group} is not supported for suexec_user_group.  Must be 'user group'.")
+  }
+
+  if $log_level {
+    validate_apache_log_level($log_level)
+  }
+
   if $access_log_file and $access_log_pipe {
     fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time")
   }
@@ -2041,48 +220,36 @@ define apache::vhost (
     fail("Apache::Vhost[${name}]: 'modsec_audit_log_file' and 'modsec_audit_log_pipe' cannot be defined at the same time")
   }
 
+  if $ssl_proxy_verify_depth {
+    validate_integer($ssl_proxy_verify_depth)
+  }
+
   # Input validation ends
 
   if $ssl and $ensure == 'present' {
-    include apache::mod::ssl
+    include ::apache::mod::ssl
     # Required for the AddType lines.
-    include apache::mod::mime
-  }
-
-  if $ssl_honorcipherorder =~ Boolean or $ssl_honorcipherorder == undef {
-    $_ssl_honorcipherorder = $ssl_honorcipherorder
-  } else {
-    $_ssl_honorcipherorder = $ssl_honorcipherorder ? {
-      'on'    => true,
-      'On'    => true,
-      'off'   => false,
-      'Off'   => false,
-      default => true,
-    }
+    include ::apache::mod::mime
   }
 
   if $auth_kerb and $ensure == 'present' {
-    include apache::mod::auth_kerb
-  }
-
-  if $auth_oidc and $ensure == 'present' {
-    include apache::mod::auth_openidc
+    include ::apache::mod::auth_kerb
   }
 
   if $virtual_docroot {
-    include apache::mod::vhost_alias
+    include ::apache::mod::vhost_alias
   }
 
-  if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization {
-    include apache::mod::wsgi
+  if $wsgi_daemon_process {
+    include ::apache::mod::wsgi
   }
 
   if $suexec_user_group {
-    include apache::mod::suexec
+    include ::apache::mod::suexec
   }
 
-  if $passenger_enabled != undef or $passenger_start_timeout != undef or $passenger_ruby != undef or $passenger_python != undef or $passenger_nodejs != undef or $passenger_meteor_app_settings != undef or $passenger_app_env != undef or $passenger_app_root != undef or $passenger_app_group_name != undef or $passenger_app_start_command != undef or $passenger_app_type != undef or $passenger_startup_file != undef or $passenger_restart_dir != undef or $passenger_spawn_method != undef or $passenger_load_shell_envvars != undef or $passenger_rolling_restarts != undef or $passenger_resist_deployment_errors != undef or $passenger_min_instances != undef or $passenger_max_instances != undef or $passenger_max_preloader_idle_time != undef or $passenger_force_max_concurrent_requests_per_process != undef or $passenger_concurrency_model != undef or $passenger_thread_count != undef or $passenger_high_performance != undef or $passenger_max_request_queue_size != undef or $passenger_max_request_queue_time != undef or $passenger_user != undef or $passenger_group != undef or $passenger_friendly_error_pages != undef or $passenger_buffer_upload != undef or $passenger_buffer_response != undef or $passenger_allow_encoded_slashes != undef or $passenger_lve_min_uid != undef or $passenger_base_uri != undef or $passenger_error_override != undef or $passenger_sticky_sessions != undef or $passenger_sticky_sessions_cookie_name != undef or $passenger_sticky_sessions_cookie_attributes != undef or $passenger_app_log_file != undef or $passenger_debugger != undef or $passenger_max_requests != undef or $passenger_max_request_time != undef or $passenger_memory_limit != undef {
-    include apache::mod::passenger
+  if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_max_requests or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_high_performance or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file {
+    include ::apache::mod::passenger
   }
 
   # Configure the defaultness of a vhost
@@ -2096,64 +263,8 @@ define apache::vhost (
     $priority_real = '25-'
   }
 
-  # https://httpd.apache.org/docs/2.4/fr/mod/core.html#servername
-  # Syntax:	ServerName [scheme://]domain-name|ip-address[:port]
-  # Sometimes, the server runs behind a device that processes SSL, such as a reverse proxy, load balancer or SSL offload
-  # appliance.
-  # When this is the case, specify the https:// scheme and the port number to which the clients connect in the ServerName
-  # directive to make sure that the server generates the correct self-referential URLs.
-  $normalized_servername = regsubst($servername, '(https?:\/\/)?([a-z0-9\/%_+.,#?!@&=-]+)(:?\d+)?', '\2', 'G')
-
-  # IAC-1186: A number of configuration and log file names are generated using the $name parameter. It is possible for
-  # the $name parameter to contain spaces, which could then be transferred to the log / config filenames. Although
-  # POSIX compliant, this can be cumbersome.
-  #
-  # It seems more appropriate to use the $servername parameter to derive default log / config filenames from. We should
-  # also perform some sanitiation on the $servername parameter to strip spaces from it, as it defaults to the value of
-  # $name, should $servername NOT be defined.
-  #
-  # Because a single hostname may be use by multiple virtual hosts listening on different ports, the $port paramter can
-  # optionaly be used to avoid duplicate resources.
-  #
-  # We will retain the default behaviour for filenames but allow the use of a sanitized version of $servername to be
-  # used, using the new $use_servername_for_filenames and $use_port_for_filenames parameters.
-  #
-  # This will default to false until the next major release (v7.0.0), at which point, we will default this to true and
-  # warn about it's imminent deprecation in the subsequent major release (v8.0.0)
-  #
-  # In v8.0.0, we will deprecate the $use_servername_for_filenames and $use_port_for_filenames parameters altogether
-  # and use the sanitized value of $servername for default log / config filenames.
-  $filename = $use_servername_for_filenames ? {
-    true => $use_port_for_filenames ? {
-      true  => regsubst("${normalized_servername}-${port}", ' ', '_', 'G'),
-      false => regsubst($normalized_servername, ' ', '_', 'G'),
-    },
-    false => $name,
-  }
-
-  if ! $use_servername_for_filenames and $name != $normalized_servername {
-    $use_servername_for_filenames_warn_msg = '
-    It is possible for the $name parameter to be defined with spaces in it. Although supported on POSIX systems, this
-    can lead to cumbersome file names. The $servername attribute has stricter conditions from Apache (i.e. no spaces)
-    When $use_servername_for_filenames = true, the $servername parameter, sanitized, is used to construct log and config
-    file names.
-
-    From version v7.0.0 of the puppetlabs-apache module, this parameter will default to true. From version v8.0.0 of the
-    module, the $use_servername_for_filenames will be removed and log/config file names will be derived from the
-    sanitized $servername parameter when not explicitly defined.'
-    warning($use_servername_for_filenames_warn_msg)
-  } elsif ! $use_port_for_filenames {
-    $use_port_for_filenames_warn_msg = '
-    It is possible for multiple virtual hosts to be configured using the same $servername but a different port. When
-    using $use_servername_for_filenames, this can lead to duplicate resource declarations.
-    When $use_port_for_filenames = true, the $servername and $port parameters, sanitized, are used to construct log and
-    config file names.
-
-    From version v7.0.0 of the puppetlabs-apache module, this parameter will default to true. From version v8.0.0 of the
-    module, the $use_port_for_filenames will be removed and log/config file names will be derived from the
-    sanitized $servername parameter when not explicitly defined.'
-    warning($use_port_for_filenames_warn_msg)
-  }
+  ## Apache include does not always work with spaces in the filename
+  $filename = regsubst($name, ' ', '_', 'G')
 
   # This ensures that the docroot exists
   # But enables it to be specified across multiple vhost resources
@@ -2177,10 +288,13 @@ define apache::vhost (
       mode    => $logroot_mode,
       require => Package['httpd'],
       before  => Concat["${priority_real}${filename}.conf"],
-      notify  => Class['Apache::Service'],
     }
   }
 
+
+  # Is apache::mod::passenger enabled (or apache::mod['passenger'])
+  $passenger_enabled = defined(Apache::Mod['passenger'])
+
   # Is apache::mod::shib enabled (or apache::mod['shib2'])
   $shibboleth_enabled = defined(Apache::Mod['shib2'])
 
@@ -2188,14 +302,31 @@ define apache::vhost (
   $cas_enabled = defined(Apache::Mod['auth_cas'])
 
   if $access_log and !$access_logs {
+    if $access_log_file {
+      if $access_log_file =~ /^\// {
+        # Absolute path provided - don't prepend $logroot
+        $_logs_dest = $access_log_file
+      } else {
+        $_logs_dest = "${logroot}/${access_log_file}"
+      }
+    } elsif $access_log_pipe {
+      $_logs_dest = $access_log_pipe
+    } elsif $access_log_syslog {
+      $_logs_dest = $access_log_syslog
+    } else {
+      $_logs_dest = undef
+    }
     $_access_logs = [{
-        'file'        => $access_log_file,
-        'pipe'        => $access_log_pipe,
-        'syslog'      => $access_log_syslog,
-        'format'      => $access_log_format,
-        'env'         => $access_log_env_var
+      'file'        => $access_log_file,
+      'pipe'        => $access_log_pipe,
+      'syslog'      => $access_log_syslog,
+      'format'      => $access_log_format,
+      'env'         => $access_log_env_var
     }]
   } elsif $access_logs {
+    if !is_array($access_logs) {
+      fail("Apache::Vhost[${name}]: access_logs must be an array of hashes")
+    }
     $_access_logs = $access_logs
   }
 
@@ -2212,19 +343,12 @@ define apache::vhost (
     $error_log_destination = $error_log_syslog
   } else {
     if $ssl {
-      $error_log_destination = "${logroot}/${filename}_error_ssl.log"
+      $error_log_destination = "${logroot}/${name}_error_ssl.log"
     } else {
-      $error_log_destination = "${logroot}/${filename}_error.log"
+      $error_log_destination = "${logroot}/${name}_error.log"
     }
   }
 
-  if versioncmp($apache_version, '2.4') >= 0 {
-    $error_log_format24 = $error_log_format
-  }
-  else {
-    $error_log_format24 = undef
-  }
-
   if $modsec_audit_log == false {
     $modsec_audit_log_destination = undef
   } elsif $modsec_audit_log_file {
@@ -2233,14 +357,15 @@ define apache::vhost (
     $modsec_audit_log_destination = $modsec_audit_log_pipe
   } elsif $modsec_audit_log {
     if $ssl {
-      $modsec_audit_log_destination = "${logroot}/${filename}_security_ssl.log"
+      $modsec_audit_log_destination = "${logroot}/${name}_security_ssl.log"
     } else {
-      $modsec_audit_log_destination = "${logroot}/${filename}_security.log"
+      $modsec_audit_log_destination = "${logroot}/${name}_security.log"
     }
   } else {
     $modsec_audit_log_destination = undef
   }
 
+
   if $ip {
     $_ip = any2array(enclose_ipv6($ip))
     if $port {
@@ -2266,66 +391,74 @@ define apache::vhost (
       }
     }
   }
-
   if $add_listen {
-    if $ip and defined(Apache::Listen[String($port)]) {
+    if $ip and defined(Apache::Listen["${port}"]) {
       fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this")
     }
     if $listen_addr_port and $ensure == 'present' {
-      ensure_resource('apache::listen', $listen_addr_port)
+      ensure_resource('apache::listen', $listen_addr_port, {'port'=> $port})
     }
   }
   if ! $ip_based {
     if $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) {
-      ensure_resource('apache::namevirtualhost', $nvh_addr_port)
+      ensure_resource('::apache::namevirtualhost', $nvh_addr_port, {'port' => $port})
     }
   }
 
   # Load mod_rewrite if needed and not yet loaded
   if $rewrites or $rewrite_cond {
     if ! defined(Class['apache::mod::rewrite']) {
-      include apache::mod::rewrite
+      include ::apache::mod::rewrite
     }
   }
 
   # Load mod_alias if needed and not yet loaded
-  if ($scriptalias or $scriptaliases != [])
-  or ($aliases and $aliases != [])
-  or ($redirect_source and $redirect_dest)
-  or ($redirectmatch_regexp or $redirectmatch_status or $redirectmatch_dest) {
+  if ($scriptalias or $scriptaliases != []) or ($aliases and $aliases != []) or ($redirect_source and $redirect_dest) {
     if ! defined(Class['apache::mod::alias'])  and ($ensure == 'present') {
-      include apache::mod::alias
+      include ::apache::mod::alias
     }
   }
 
   # Load mod_proxy if needed and not yet loaded
   if ($proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match) {
     if ! defined(Class['apache::mod::proxy']) {
-      include apache::mod::proxy
+      include ::apache::mod::proxy
     }
     if ! defined(Class['apache::mod::proxy_http']) {
-      include apache::mod::proxy_http
+      include ::apache::mod::proxy_http
     }
   }
 
-  # Load mod_fastcgi if needed and not yet loaded
+  # Load mod_passenger if needed and not yet loaded
+  if $rack_base_uris {
+    if ! defined(Class['apache::mod::passenger']) {
+      include ::apache::mod::passenger
+    }
+  }
+
+  # Load mod_passenger if needed and not yet loaded
+  if $passenger_base_uris {
+      include ::apache::mod::passenger
+  }
+
+  # Load mod_fastci if needed and not yet loaded
   if $fastcgi_server and $fastcgi_socket {
     if ! defined(Class['apache::mod::fastcgi']) {
-      include apache::mod::fastcgi
+      include ::apache::mod::fastcgi
     }
   }
 
   # Check if mod_headers is required to process $headers/$request_headers
   if $headers or $request_headers {
     if ! defined(Class['apache::mod::headers']) {
-      include apache::mod::headers
+      include ::apache::mod::headers
     }
   }
 
   # Check if mod_filter is required to process $filters
   if $filters {
     if ! defined(Class['apache::mod::filter']) {
-      include apache::mod::filter
+      include ::apache::mod::filter
     }
   }
 
@@ -2334,7 +467,7 @@ define apache::vhost (
   $use_env_mod = $setenv and ! empty($setenv)
   if ($use_env_mod) {
     if ! defined(Class['apache::mod::env']) {
-      include apache::mod::env
+      include ::apache::mod::env
     }
   }
   # Check if mod_setenvif is required and not yet loaded.
@@ -2343,12 +476,15 @@ define apache::vhost (
 
   if ($use_setenvif_mod) {
     if ! defined(Class['apache::mod::setenvif']) {
-      include apache::mod::setenvif
+      include ::apache::mod::setenvif
     }
   }
 
   ## Create a default directory list if none defined
   if $directories {
+    if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) {
+      fail("Apache::Vhost[${name}]: 'directories' must be either a Hash or an Array of Hashes")
+    }
     $_directories = $directories
   } elsif $docroot {
     $_directory = {
@@ -2370,74 +506,76 @@ define apache::vhost (
       }
     }
 
-    $_directories = [merge($_directory, $_directory_version)]
+    $_directories = [ merge($_directory, $_directory_version) ]
   } else {
     $_directories = undef
   }
 
   ## Create a global LocationMatch if locations aren't defined
   if $modsec_disable_ids {
-    if $modsec_disable_ids =~ Array {
+    if is_hash($modsec_disable_ids) {
+      $_modsec_disable_ids = $modsec_disable_ids
+    } elsif is_array($modsec_disable_ids) {
       $_modsec_disable_ids = { '.*' => $modsec_disable_ids }
     } else {
-      $_modsec_disable_ids = $modsec_disable_ids
+      fail("Apache::Vhost[${name}]: 'modsec_disable_ids' must be either a Hash of location/IDs or an Array of IDs")
     }
   }
 
   if $modsec_disable_msgs {
-    if $modsec_disable_msgs =~ Array {
+    if is_hash($modsec_disable_msgs) {
+      $_modsec_disable_msgs = $modsec_disable_msgs
+    } elsif is_array($modsec_disable_msgs) {
       $_modsec_disable_msgs = { '.*' => $modsec_disable_msgs }
     } else {
-      $_modsec_disable_msgs = $modsec_disable_msgs
+      fail("Apache::Vhost[${name}]: 'modsec_disable_msgs' must be either a Hash of location/Msgs or an Array of Msgs")
     }
   }
 
   if $modsec_disable_tags {
-    if $modsec_disable_tags =~ Array {
+    if is_hash($modsec_disable_tags) {
+      $_modsec_disable_tags = $modsec_disable_tags
+    } elsif is_array($modsec_disable_tags) {
       $_modsec_disable_tags = { '.*' => $modsec_disable_tags }
     } else {
-      $_modsec_disable_tags = $modsec_disable_tags
+      fail("Apache::Vhost[${name}]: 'modsec_disable_tags' must be either a Hash of location/Tags or an Array of Tags")
     }
   }
 
   concat { "${priority_real}${filename}.conf":
     ensure  => $ensure,
-    path    => "${apache::vhost_dir}/${priority_real}${filename}.conf",
+    path    => "${::apache::vhost_dir}/${priority_real}${filename}.conf",
     owner   => 'root',
-    group   => $apache::params::root_group,
-    mode    => $apache::file_mode,
+    group   => $::apache::params::root_group,
+    mode    => $::apache::file_mode,
     order   => 'numeric',
     require => Package['httpd'],
     notify  => Class['apache::service'],
   }
   # NOTE(pabelanger): This code is duplicated in ::apache::vhost::custom and
   # needs to be converted into something generic.
-  if $apache::vhost_enable_dir {
-    $vhost_enable_dir = $apache::vhost_enable_dir
+  if $::apache::vhost_enable_dir {
+    $vhost_enable_dir = $::apache::vhost_enable_dir
     $vhost_symlink_ensure = $ensure ? {
-      'present' => link,
+      present => link,
       default => $ensure,
     }
-    file { "${priority_real}${filename}.conf symlink":
+    file{ "${priority_real}${filename}.conf symlink":
       ensure  => $vhost_symlink_ensure,
       path    => "${vhost_enable_dir}/${priority_real}${filename}.conf",
-      target  => "${apache::vhost_dir}/${priority_real}${filename}.conf",
+      target  => "${::apache::vhost_dir}/${priority_real}${filename}.conf",
       owner   => 'root',
-      group   => $apache::params::root_group,
-      mode    => $apache::file_mode,
+      group   => $::apache::params::root_group,
+      mode    => $::apache::file_mode,
       require => Concat["${priority_real}${filename}.conf"],
       notify  => Class['apache::service'],
     }
   }
 
   # Template uses:
-  # - $comment
   # - $nvh_addr_port
   # - $servername
   # - $serveradmin
-  # - $protocols
-  # - $protocols_honor_order
-  # - $apache_version
   concat::fragment { "${name}-apache-header":
     target  => "${priority_real}${filename}.conf",
     order   => 0,
@@ -2446,7 +584,6 @@ define apache::vhost (
 
   # Template uses:
   # - $virtual_docroot
-  # - $virtual_use_default_docroot
   # - $docroot
   if $docroot {
     concat::fragment { "${name}-docroot":
@@ -2523,7 +660,6 @@ define apache::vhost (
 
   # Template uses:
   # - $error_log
-  # - $error_log_format24
   # - $log_level
   # - $error_log_destination
   # - $log_level
@@ -2608,25 +744,6 @@ define apache::vhost (
     }
   }
 
-  # Template uses:
-  # - $ssl_proxyengine
-  # - $ssl_proxy_verify
-  # - $ssl_proxy_verify_depth
-  # - $ssl_proxy_ca_cert
-  # - $ssl_proxy_check_peer_cn
-  # - $ssl_proxy_check_peer_name
-  # - $ssl_proxy_check_peer_expire
-  # - $ssl_proxy_machine_cert
-  # - $ssl_proxy_machine_cert_chain
-  # - $ssl_proxy_protocol
-  if $ssl_proxyengine {
-    concat::fragment { "${name}-sslproxy":
-      target  => "${priority_real}${filename}.conf",
-      order   => 160,
-      content => template('apache/vhost/_sslproxy.erb'),
-    }
-  }
-
   # Template uses:
   # - $proxy_dest
   # - $proxy_pass
@@ -2637,11 +754,31 @@ define apache::vhost (
   if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match or $proxy_preserve_host {
     concat::fragment { "${name}-proxy":
       target  => "${priority_real}${filename}.conf",
-      order   => 170,
+      order   => 160,
       content => template('apache/vhost/_proxy.erb'),
     }
   }
 
+  # Template uses:
+  # - $rack_base_uris
+  if $rack_base_uris {
+    concat::fragment { "${name}-rack":
+      target  => "${priority_real}${filename}.conf",
+      order   => 170,
+      content => template('apache/vhost/_rack.erb'),
+    }
+  }
+
+  # Template uses:
+  # - $passenger_base_uris
+  if $passenger_base_uris {
+    concat::fragment { "${name}-passenger_uris":
+      target  => "${priority_real}${filename}.conf",
+      order   => 175,
+      content => template('apache/vhost/_passenger_base_uris.erb'),
+    }
+  }
+
   # Template uses:
   # - $redirect_source
   # - $redirect_dest
@@ -2680,7 +817,7 @@ define apache::vhost (
   # Template uses:
   # - $scriptaliases
   # - $scriptalias
-  if ( $scriptalias or $scriptaliases != []) {
+  if ( $scriptalias or $scriptaliases != [] ) {
     concat::fragment { "${name}-scriptalias":
       target  => "${priority_real}${filename}.conf",
       order   => 200,
@@ -2721,36 +858,36 @@ define apache::vhost (
   # - $ssl_crl_check
   # - $ssl_protocol
   # - $ssl_cipher
-  # - $_ssl_honorcipherorder
+  # - $ssl_honorcipherorder
   # - $ssl_verify_client
   # - $ssl_verify_depth
   # - $ssl_options
   # - $ssl_openssl_conf_cmd
   # - $ssl_stapling
   # - $apache_version
-  if $ssl and $ensure == 'present' {
+  if $ssl {
     concat::fragment { "${name}-ssl":
       target  => "${priority_real}${filename}.conf",
       order   => 230,
       content => template('apache/vhost/_ssl.erb'),
     }
+  }
 
-    if $ssl_reload_on_change {
-      [$ssl_cert, $ssl_key, $ssl_ca, $ssl_chain, $ssl_crl].each |$ssl_file| {
-        if $ssl_file {
-          include apache::mod::ssl::reload
-          $_ssl_file_copy = regsubst($ssl_file, '/', '_', 'G')
-          file { "${filename}${_ssl_file_copy}":
-            path    => "${apache::params::puppet_ssl_dir}/${filename}${_ssl_file_copy}",
-            source  => "file://${ssl_file}",
-            owner   => 'root',
-            group   => $apache::params::root_group,
-            mode    => '0640',
-            seltype => 'cert_t',
-            notify  => Class['apache::service'],
-          }
-        }
-      }
+  # Template uses:
+  # - $ssl_proxyengine
+  # - $ssl_proxy_verify
+  # - $ssl_proxy_verify_depth
+  # - $ssl_proxy_ca_cert
+  # - $ssl_proxy_check_peer_cn
+  # - $ssl_proxy_check_peer_name
+  # - $ssl_proxy_check_peer_expire
+  # - $ssl_proxy_machine_cert
+  # - $ssl_proxy_protocol
+  if $ssl_proxyengine {
+    concat::fragment { "${name}-sslproxy":
+      target  => "${priority_real}${filename}.conf",
+      order   => 230,
+      content => template('apache/vhost/_sslproxy.erb'),
     }
   }
 
@@ -2813,9 +950,6 @@ define apache::vhost (
   # - $wsgi_process_group
   # - $wsgi_script_aliases
   # - $wsgi_pass_authorization
-  if $wsgi_daemon_process_options {
-    deprecation('apache::vhost::wsgi_daemon_process_options', 'This parameter is deprecated. Please add values inside Hash `wsgi_daemon_process`.')
-  }
   if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization {
     concat::fragment { "${name}-wsgi":
       target  => "${priority_real}${filename}.conf",
@@ -2858,65 +992,19 @@ define apache::vhost (
     }
   }
 
-  if $h2_copy_files != undef or $h2_direct != undef or $h2_early_hints != undef or $h2_max_session_streams != undef or $h2_modern_tls_only != undef or $h2_push != undef or $h2_push_diary_size != undef or $h2_push_priority != [] or $h2_push_resource != [] or $h2_serialize_headers != undef or $h2_stream_max_mem_size != undef or $h2_tls_cool_down_secs != undef or $h2_tls_warm_up_size != undef or $h2_upgrade != undef or $h2_window_size != undef {
-    include apache::mod::http2
-
-    concat::fragment { "${name}-http2":
-      target  => "${priority_real}${filename}.conf",
-      order   => 300,
-      content => template('apache/vhost/_http2.erb'),
-    }
-  }
-
-  if $mdomain {
-    include apache::mod::md
-  }
-
   # Template uses:
-  # - $passenger_enabled
-  # - $passenger_start_timeout
-  # - $passenger_ruby
-  # - $passenger_python
-  # - $passenger_nodejs
-  # - $passenger_meteor_app_settings
-  # - $passenger_app_env
   # - $passenger_app_root
-  # - $passenger_app_group_name
-  # - $passenger_app_start_command
-  # - $passenger_app_type
-  # - $passenger_startup_file
-  # - $passenger_restart_dir
-  # - $passenger_spawn_method
-  # - $passenger_load_shell_envvars
-  # - $passenger_rolling_restarts
-  # - $passenger_resist_deployment_errors
+  # - $passenger_app_env
+  # - $passenger_ruby
   # - $passenger_min_instances
-  # - $passenger_max_instances
-  # - $passenger_max_preloader_idle_time
-  # - $passenger_force_max_concurrent_requests_per_process
-  # - $passenger_concurrency_model
-  # - $passenger_thread_count
-  # - $passenger_high_performance
-  # - $passenger_max_request_queue_size
-  # - $passenger_max_request_queue_time
-  # - $passenger_user
-  # - $passenger_group
-  # - $passenger_friendly_error_pages
-  # - $passenger_buffer_upload
-  # - $passenger_buffer_response
-  # - $passenger_allow_encoded_slashes
-  # - $passenger_lve_min_uid
-  # - $passenger_base_uri
-  # - $passenger_error_override
-  # - $passenger_sticky_sessions
-  # - $passenger_sticky_sessions_cookie_name
-  # - $passenger_sticky_sessions_cookie_attributes
-  # - $passenger_app_log_file
-  # - $passenger_debugger
   # - $passenger_max_requests
-  # - $passenger_max_request_time
-  # - $passenger_memory_limit
-  if $passenger_enabled != undef or $passenger_start_timeout != undef or $passenger_ruby != undef or $passenger_python != undef or $passenger_nodejs != undef or $passenger_meteor_app_settings != undef or $passenger_app_env != undef or $passenger_app_root != undef or $passenger_app_group_name != undef or $passenger_app_start_command != undef or $passenger_app_type != undef or $passenger_startup_file != undef or $passenger_restart_dir != undef or $passenger_spawn_method != undef or $passenger_load_shell_envvars != undef or $passenger_rolling_restarts != undef or $passenger_resist_deployment_errors != undef or $passenger_min_instances != undef or $passenger_max_instances != undef or $passenger_max_preloader_idle_time != undef or $passenger_force_max_concurrent_requests_per_process != undef or $passenger_concurrency_model != undef or $passenger_thread_count != undef or $passenger_high_performance != undef or $passenger_max_request_queue_size != undef or $passenger_max_request_queue_time != undef or $passenger_user != undef or $passenger_group != undef or $passenger_friendly_error_pages != undef or $passenger_buffer_upload != undef or $passenger_buffer_response != undef or $passenger_allow_encoded_slashes != undef or $passenger_lve_min_uid != undef or $passenger_base_uri != undef or $passenger_error_override != undef or $passenger_sticky_sessions != undef or $passenger_sticky_sessions_cookie_name != undef or $passenger_sticky_sessions_cookie_attributes != undef or $passenger_app_log_file != undef or $passenger_debugger != undef or $passenger_max_requests != undef or $passenger_max_request_time != undef or $passenger_memory_limit != undef {
+  # - $passenger_start_timeout
+  # - $passenger_pre_start
+  # - $passenger_user
+  # - $passenger_nodejs
+  # - $passenger_sticky_sessions
+  # - $passenger_startup_file
+  if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file{
     concat::fragment { "${name}-passenger":
       target  => "${priority_real}${filename}.conf",
       order   => 300,
@@ -3002,36 +1090,6 @@ define apache::vhost (
     }
   }
 
-  # Template uses:
-  # - $auth_oidc
-  # - $oidc_settings
-  if $auth_oidc {
-    concat::fragment { "${name}-auth_oidc":
-      target  => "${priority_real}${filename}.conf",
-      order   => 360,
-      content => template('apache/vhost/_auth_oidc.erb'),
-    }
-  }
-
-  # Template uses:
-  # - $shib_compat_valid_user
-  if $shibboleth_enabled {
-    concat::fragment { "${name}-shibboleth":
-      target  => "${priority_real}${filename}.conf",
-      order   => 370,
-      content => template('apache/vhost/_shib.erb'),
-    }
-  }
-
-  # - $use_canonical_name
-  if $use_canonical_name {
-    concat::fragment { "${name}-use_canonical_name":
-      target  => "${priority_real}${filename}.conf",
-      order   => 360,
-      content => template('apache/vhost/_use_canonical_name.erb'),
-    }
-  }
-
   # Template uses no variables
   concat::fragment { "${name}-file_footer":
     target  => "${priority_real}${filename}.conf",
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhost/custom.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhost/custom.pp
index 56e8b1258..cfb06c273 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhost/custom.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhost/custom.pp
@@ -1,34 +1,18 @@
-# @summary
-#   A wrapper around the `apache::custom_config` defined type.
-#  
-# The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache.
-#
-# @param content
-#   Sets the configuration file's content.
-#
-# @param ensure
-#   Specifies if the virtual host file is present or absent.
-#
-# @param priority
-#   Sets the relative load order for Apache HTTPD VirtualHost configuration files.
-#
-# @param verify_config
-#   Specifies whether to validate the configuration file before notifying the Apache service.
-#
-define apache::vhost::custom (
+# See README.md for usage information
+define apache::vhost::custom(
   $content,
   $ensure = 'present',
   $priority = '25',
   $verify_config = true,
 ) {
-  include apache
+  include ::apache
 
   ## Apache include does not always work with spaces in the filename
   $filename = regsubst($name, ' ', '_', 'G')
 
   ::apache::custom_config { $filename:
     ensure        => $ensure,
-    confdir       => $apache::vhost_dir,
+    confdir       => $::apache::vhost_dir,
     content       => $content,
     priority      => $priority,
     verify_config => $verify_config,
@@ -36,19 +20,19 @@ define apache::vhost::custom (
 
   # NOTE(pabelanger): This code is duplicated in ::apache::vhost and needs to
   # converted into something generic.
-  if $apache::vhost_enable_dir {
+  if $::apache::vhost_enable_dir {
     $vhost_symlink_ensure = $ensure ? {
-      'present' => link,
+      present => link,
       default => $ensure,
     }
 
     file { "${priority}-${filename}.conf symlink":
       ensure  => $vhost_symlink_ensure,
-      path    => "${apache::vhost_enable_dir}/${priority}-${filename}.conf",
-      target  => "${apache::vhost_dir}/${priority}-${filename}.conf",
+      path    => "${::apache::vhost_enable_dir}/${priority}-${filename}.conf",
+      target  => "${::apache::vhost_dir}/${priority}-${filename}.conf",
       owner   => 'root',
-      group   => $apache::params::root_group,
-      mode    => $apache::file_mode,
+      group   => $::apache::params::root_group,
+      mode    => $::apache::file_mode,
       require => Apache::Custom_config[$filename],
       notify  => Class['apache::service'],
     }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhosts.pp b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhosts.pp
index 6d0fcf27f..cf212c4b1 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhosts.pp
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhosts.pp
@@ -1,26 +1,6 @@
-# @summary
-#   Creates `apache::vhost` defined types.
-# 
-# @note See the `apache::vhost` defined type's reference for a list of all virtual 
-# host parameters or Configuring virtual hosts in the README section.
-#
-# @example To create a [name-based virtual host](https://httpd.apache.org/docs/current/vhosts/name-based.html) `custom_vhost_1`
-#   class { 'apache::vhosts':
-#     vhosts => {
-#       'custom_vhost_1' => {
-#         'docroot' => '/var/www/custom_vhost_1',
-#         'port'    => '81',
-#       },
-#     },
-#   }
-#
-# @param vhosts
-#   A hash, where the key represents the name and the value represents a hash of 
-#   `apache::vhost` defined type's parameters.
-#
 class apache::vhosts (
   $vhosts = {},
 ) {
-  include apache
+  include ::apache
   create_resources('apache::vhost', $vhosts)
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/metadata.json b/modules/services/unix/http/apache_stretch_compatible/apache/metadata.json
index 29255598e..dffb29dd4 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/metadata.json
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/metadata.json
@@ -1,37 +1,38 @@
 {
   "name": "puppetlabs-apache",
-  "version": "7.0.0",
-  "author": "puppetlabs",
+  "version": "2.0.0",
+  "author": "puppet",
   "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.",
   "license": "Apache-2.0",
-  "source": "https://github.com/puppetlabs/puppetlabs-apache",
+  "source": "git://github.com/puppetlabs/puppetlabs-apache.git",
   "project_page": "https://github.com/puppetlabs/puppetlabs-apache",
   "issues_url": "https://tickets.puppetlabs.com/browse/MODULES",
   "dependencies": [
     {
       "name": "puppetlabs/stdlib",
-      "version_requirement": ">= 4.13.1 < 9.0.0"
+      "version_requirement": ">= 4.13.1 < 5.3.0"
     },
     {
       "name": "puppetlabs/concat",
-      "version_requirement": ">= 2.2.1 < 8.0.0"
+      "version_requirement": ">= 2.2.1 < 5.3.0"
     }
   ],
+  "data_provider": null,
   "operatingsystem_support": [
     {
       "operatingsystem": "RedHat",
       "operatingsystemrelease": [
+        "5",
         "6",
-        "7",
-        "8"
+        "7"
       ]
     },
     {
       "operatingsystem": "CentOS",
       "operatingsystemrelease": [
+        "5",
         "6",
-        "7",
-        "8"
+        "7"
       ]
     },
     {
@@ -44,6 +45,7 @@
     {
       "operatingsystem": "Scientific",
       "operatingsystemrelease": [
+        "5",
         "6",
         "7"
       ]
@@ -51,41 +53,33 @@
     {
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
-        "9",
-        "10",
-        "11"
+        "6",
+        "7",
+        "8"
       ]
     },
     {
       "operatingsystem": "SLES",
       "operatingsystemrelease": [
-        "12",
-        "15"
+        "11 SP1",
+        "12"
       ]
     },
     {
       "operatingsystem": "Ubuntu",
       "operatingsystemrelease": [
-        "16.04",
-        "18.04",
-        "20.04"
-      ]
-    },
-    {
-      "operatingsystem": "Rocky",
-      "operatingsystemrelease": [
-        "8"
+        "10.04",
+        "12.04",
+        "14.04",
+        "16.04"
       ]
     }
   ],
   "requirements": [
     {
       "name": "puppet",
-      "version_requirement": ">= 6.0.0 < 8.0.0"
+      "version_requirement": ">= 4.7.0 < 6.0.0"
     }
   ],
-  "description": "Module for Apache configuration",
-  "pdk-version": "2.1.0",
-  "template-url": "https://github.com/puppetlabs/pdk-templates.git#main",
-  "template-ref": "heads/main-0-g03daa92"
+  "description": "Module for Apache configuration"
 }
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/secgen_metadata.xml b/modules/services/unix/http/apache_stretch_compatible/apache/secgen_metadata.xml
index 253f603d6..d0cfddd2a 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/secgen_metadata.xml
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/secgen_metadata.xml
@@ -26,6 +26,9 @@
   <conflict>
     <name>.*Wheezy.*</name>
   </conflict>
+  <conflict>
+    <name>.*Kali.*</name>
+  </conflict>
   <requires>
     <type>update</type>
   </requires>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/apache_parameters_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/apache_parameters_spec.rb
new file mode 100755
index 000000000..2ba1a4452
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/apache_parameters_spec.rb
@@ -0,0 +1,536 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache parameters' do
+
+  # Currently this test only does something on FreeBSD.
+  describe 'default_confd_files => false' do
+    it 'doesnt do anything' do
+      pp = "class { 'apache': default_confd_files => false }"
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    if fact('osfamily') == 'FreeBSD'
+      describe file("#{$confd_dir}/no-accf.conf.erb") do
+        it { is_expected.not_to be_file }
+      end
+    end
+  end
+  describe 'default_confd_files => true' do
+    it 'copies conf.d files' do
+      pp = "class { 'apache': default_confd_files => true }"
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    if fact('osfamily') == 'FreeBSD'
+      describe file("#{$confd_dir}/no-accf.conf.erb") do
+        it { is_expected.to be_file }
+      end
+    end
+  end
+
+  describe 'when set adds a listen statement' do
+    it 'applys cleanly' do
+      pp = "class { 'apache': ip => '10.1.1.1', service_ensure => stopped }"
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file($ports_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'Listen 10.1.1.1' }
+    end
+  end
+
+  describe 'service tests => true' do
+    it 'starts the service' do
+      pp = <<-EOS
+        class { 'apache':
+          service_enable => true,
+          service_manage => true,
+          service_ensure => running,
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      it { is_expected.to be_running }
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { is_expected.to be_enabled }
+      end
+    end
+  end
+
+  describe 'service tests => false' do
+    it 'stops the service' do
+      pp = <<-EOS
+        class { 'apache':
+          service_enable => false,
+          service_ensure => stopped,
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      it { is_expected.not_to be_running }
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { is_expected.not_to be_enabled }
+      end
+    end
+  end
+
+  describe 'service manage => false' do
+    it 'we dont manage the service, so it shouldnt start the service' do
+      pp = <<-EOS
+        class { 'apache':
+          service_enable => true,
+          service_manage => false,
+          service_ensure => true,
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      it { is_expected.not_to be_running }
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { is_expected.not_to be_enabled }
+      end
+    end
+  end
+
+  describe 'purge parameters => false' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache':
+          purge_configs   => false,
+          purge_vhost_dir => false,
+          vhost_dir       => "#{$confd_dir}.vhosts"
+        }
+      EOS
+      shell("touch #{$confd_dir}/test.conf")
+      shell("mkdir -p #{$confd_dir}.vhosts && touch #{$confd_dir}.vhosts/test.conf")
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    # Ensure the files didn't disappear.
+    describe file("#{$confd_dir}/test.conf") do
+      it { is_expected.to be_file }
+    end
+    describe file("#{$confd_dir}.vhosts/test.conf") do
+      it { is_expected.to be_file }
+    end
+  end
+
+  if fact('osfamily') != 'Debian'
+    describe 'purge parameters => true' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          class { 'apache':
+            purge_configs   => true,
+            purge_vhost_dir => true,
+            vhost_dir       => "#{$confd_dir}.vhosts"
+          }
+        EOS
+        shell("touch #{$confd_dir}/test.conf")
+        shell("mkdir -p #{$confd_dir}.vhosts && touch #{$confd_dir}.vhosts/test.conf")
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      # File should be gone
+      describe file("#{$confd_dir}/test.conf") do
+        it { is_expected.not_to be_file }
+      end
+      describe file("#{$confd_dir}.vhosts/test.conf") do
+        it { is_expected.not_to be_file }
+      end
+    end
+  end
+
+  describe 'serveradmin' do
+    it 'applies cleanly' do
+      pp = "class { 'apache': serveradmin => 'test@example.com' }"
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file($vhost) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'ServerAdmin test@example.com' }
+    end
+  end
+
+  describe 'sendfile' do
+    describe 'setup' do
+      it 'applies cleanly' do
+        pp = "class { 'apache': sendfile => 'On' }"
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    describe file($conf_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'EnableSendfile On' }
+    end
+
+    describe 'setup' do
+      it 'applies cleanly' do
+        pp = "class { 'apache': sendfile => 'Off' }"
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    describe file($conf_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'Sendfile Off' }
+    end
+  end
+
+  describe 'error_documents' do
+    describe 'setup' do
+      it 'applies cleanly' do
+        pp = "class { 'apache': error_documents => true }"
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    describe file($conf_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'Alias /error/' }
+    end
+  end
+
+  describe 'timeout' do
+    describe 'setup' do
+      it 'applies cleanly' do
+        pp = "class { 'apache': timeout => '1234' }"
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    describe file($conf_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'Timeout 1234' }
+    end
+  end
+
+  describe 'httpd_dir' do
+    describe 'setup' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          class { 'apache': httpd_dir => '/tmp', service_ensure => stopped }
+          include 'apache::mod::mime'
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    describe file("#{$mod_dir}/mime.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'AddLanguage eo .eo' }
+    end
+  end
+
+  describe 'http_protocol_options' do
+    # Actually >= 2.4.24, but the minor version is not provided
+    # https://bugs.launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.15
+    # basically versions of the ubuntu or sles  apache package cause issue
+    if $apache_version >= '2.4' && fact('operatingsystem') !~ /Ubuntu|SLES/
+      describe 'setup' do
+        it 'applies cleanly' do
+          pp = "class { 'apache': http_protocol_options => 'Unsafe RegisteredMethods Require1.0'}"
+          apply_manifest(pp, :catch_failures => true)
+        end
+      end
+
+      describe file($conf_file) do
+        it { is_expected.to be_file }
+        it { is_expected.to contain 'HttpProtocolOptions Unsafe RegisteredMethods Require1.0' }
+      end
+    end
+  end
+
+  describe 'server_root' do
+    describe 'setup' do
+      it 'applies cleanly' do
+        pp = "class { 'apache': server_root => '/tmp/root', service_ensure => stopped }"
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    describe file($conf_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'ServerRoot "/tmp/root"' }
+    end
+  end
+
+  describe 'confd_dir' do
+    describe 'setup' do
+      it 'applies cleanly' do
+        pp = "class { 'apache': confd_dir => '/tmp/root', service_ensure => stopped, use_optional_includes => true }"
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    if $apache_version == '2.4'
+      describe file($conf_file) do
+        it { is_expected.to be_file }
+        it { is_expected.to contain 'IncludeOptional "/tmp/root/*.conf"' }
+      end
+    else
+      describe file($conf_file) do
+        it { is_expected.to be_file }
+        it { is_expected.to contain 'Include "/tmp/root/*.conf"' }
+      end
+    end
+  end
+
+  describe 'conf_template' do
+    describe 'setup' do
+      it 'applies cleanly' do
+        pp = "class { 'apache': conf_template => 'another/test.conf.erb', service_ensure => stopped }"
+        shell("mkdir -p #{default['distmoduledir']}/another/templates")
+        shell("echo 'testcontent' >> #{default['distmoduledir']}/another/templates/test.conf.erb")
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    describe file($conf_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'testcontent' }
+    end
+  end
+
+  describe 'servername' do
+    describe 'setup' do
+      it 'applies cleanly' do
+        pp = "class { 'apache': servername => 'test.server', service_ensure => stopped }"
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    describe file($conf_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'ServerName "test.server"' }
+    end
+  end
+
+  describe 'user' do
+    describe 'setup' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          class { 'apache':
+            manage_user  => true,
+            manage_group => true,
+            user         => 'testweb',
+            group        => 'testweb',
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    describe user('testweb') do
+      it { is_expected.to exist }
+      it { is_expected.to belong_to_group 'testweb' }
+    end
+
+    describe group('testweb') do
+      it { is_expected.to exist }
+    end
+  end
+
+  describe 'logformats' do
+    describe 'setup' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          class { 'apache':
+            log_formats => {
+              'vhost_common'   => '%v %h %l %u %t \\\"%r\\\" %>s %b',
+              'vhost_combined' => '%v %h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\"',
+            }
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    describe file($conf_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common' }
+      it { is_expected.to contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined' }
+    end
+  end
+
+
+  describe 'keepalive' do
+    describe 'setup' do
+      it 'applies cleanly' do
+        pp = "class { 'apache': keepalive => 'Off', keepalive_timeout => '30', max_keepalive_requests => '200' }"
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    describe file($conf_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'KeepAlive Off' }
+      it { is_expected.to contain 'KeepAliveTimeout 30' }
+      it { is_expected.to contain 'MaxKeepAliveRequests 200' }
+    end
+  end
+
+  describe 'limitrequestfieldsize' do
+    describe 'setup' do
+      it 'applies cleanly' do
+        pp = "class { 'apache': limitreqfieldsize => '16830' }"
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    describe file($conf_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'LimitRequestFieldSize 16830' }
+    end
+  end
+
+  describe 'logging' do
+    describe 'setup' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          if $::osfamily == 'RedHat' and "$::selinux" == "true" {
+            $semanage_package = $::operatingsystemmajrelease ? {
+              '5'     => 'policycoreutils',
+              default => 'policycoreutils-python',
+            }
+
+            package { $semanage_package: ensure => installed }
+            exec { 'set_apache_defaults':
+              command => 'semanage fcontext -a -t httpd_log_t "/apache_spec(/.*)?"',
+              path    => '/bin:/usr/bin/:/sbin:/usr/sbin',
+              require => Package[$semanage_package],
+            }
+            exec { 'restorecon_apache':
+              command => 'restorecon -Rv /apache_spec',
+              path    => '/bin:/usr/bin/:/sbin:/usr/sbin',
+              before  => Service['httpd'],
+              require => Class['apache'],
+            }
+          }
+          file { '/apache_spec': ensure => directory, }
+          class { 'apache': logroot => '/apache_spec' }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    describe file("/apache_spec/#{$error_log}") do
+      it { is_expected.to be_file }
+    end
+  end
+
+  describe 'ports_file' do
+    it 'applys cleanly' do
+      pp = <<-EOS
+        file { '/apache_spec': ensure => directory, }
+        class { 'apache':
+          ports_file     => '/apache_spec/ports_file',
+          ip             => '10.1.1.1',
+          service_ensure => stopped
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file('/apache_spec/ports_file') do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'Listen 10.1.1.1' }
+    end
+  end
+
+  describe 'server_tokens' do
+    it 'applys cleanly' do
+      pp = <<-EOS
+        class { 'apache':
+          server_tokens  => 'Minor',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file($conf_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'ServerTokens Minor' }
+    end
+  end
+
+  describe 'server_signature' do
+    it 'applys cleanly' do
+      pp = <<-EOS
+        class { 'apache':
+          server_signature  => 'testsig',
+          service_ensure    => stopped,
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file($conf_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'ServerSignature testsig' }
+    end
+  end
+
+  describe 'trace_enable' do
+    it 'applys cleanly' do
+      pp = <<-EOS
+        class { 'apache':
+          trace_enable  => 'Off',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file($conf_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'TraceEnable Off' }
+    end
+  end
+
+  describe 'file_e_tag' do
+    it 'applys cleanly' do
+      pp = <<-EOS
+        class { 'apache':
+          file_e_tag  => 'None',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file($conf_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'FileETag None' }
+    end
+  end
+
+  describe 'package_ensure' do
+    it 'applys cleanly' do
+      pp = <<-EOS
+        class { 'apache':
+          package_ensure  => present,
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe package($package_name) do
+      it { is_expected.to be_installed }
+    end
+  end
+
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/apache_ssl_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/apache_ssl_spec.rb
new file mode 100644
index 000000000..5df551a41
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/apache_ssl_spec.rb
@@ -0,0 +1,94 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache ssl' do
+
+  describe 'ssl parameters' do
+    it 'runs without error' do
+      pp = <<-EOS
+        class { 'apache':
+          service_ensure        => stopped,
+          default_ssl_vhost     => true,
+          default_ssl_cert      => '/tmp/ssl_cert',
+          default_ssl_key       => '/tmp/ssl_key',
+          default_ssl_chain     => '/tmp/ssl_chain',
+          default_ssl_ca        => '/tmp/ssl_ca',
+          default_ssl_crl_path  => '/tmp/ssl_crl_path',
+          default_ssl_crl       => '/tmp/ssl_crl',
+          default_ssl_crl_check => 'chain',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/15-default-ssl.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'SSLCertificateFile      "/tmp/ssl_cert"' }
+      it { is_expected.to contain 'SSLCertificateKeyFile   "/tmp/ssl_key"' }
+      it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' }
+      it { is_expected.to contain 'SSLCACertificateFile    "/tmp/ssl_ca"' }
+      it { is_expected.to contain 'SSLCARevocationPath     "/tmp/ssl_crl_path"' }
+      it { is_expected.to contain 'SSLCARevocationFile     "/tmp/ssl_crl"' }
+      if $apache_version == '2.4'
+        it { is_expected.to contain 'SSLCARevocationCheck    "chain"' }
+      else
+        it { is_expected.not_to contain 'SSLCARevocationCheck' }
+      end
+    end
+  end
+
+  describe 'vhost ssl parameters' do
+    it 'runs without error' do
+      pp = <<-EOS
+        class { 'apache':
+          service_ensure       => stopped,
+        }
+
+        apache::vhost { 'test_ssl':
+          docroot              => '/tmp/test',
+          ssl                  => true,
+          ssl_cert             => '/tmp/ssl_cert',
+          ssl_key              => '/tmp/ssl_key',
+          ssl_chain            => '/tmp/ssl_chain',
+          ssl_ca               => '/tmp/ssl_ca',
+          ssl_crl_path         => '/tmp/ssl_crl_path',
+          ssl_crl              => '/tmp/ssl_crl',
+          ssl_crl_check        => 'chain',
+          ssl_certs_dir        => '/tmp',
+          ssl_protocol         => 'test',
+          ssl_cipher           => 'test',
+          ssl_honorcipherorder => 'test',
+          ssl_verify_client    => 'test',
+          ssl_verify_depth     => 'test',
+          ssl_options          => ['test', 'test1'],
+          ssl_proxyengine      => true,
+          ssl_proxy_protocol   => 'TLSv1.2',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test_ssl.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'SSLCertificateFile      "/tmp/ssl_cert"' }
+      it { is_expected.to contain 'SSLCertificateKeyFile   "/tmp/ssl_key"' }
+      it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' }
+      it { is_expected.to contain 'SSLCACertificateFile    "/tmp/ssl_ca"' }
+      it { is_expected.to contain 'SSLCARevocationPath     "/tmp/ssl_crl_path"' }
+      it { is_expected.to contain 'SSLCARevocationFile     "/tmp/ssl_crl"' }
+      it { is_expected.to contain 'SSLProxyEngine On' }
+      it { is_expected.to contain 'SSLProtocol             test' }
+      it { is_expected.to contain 'SSLCipherSuite          test' }
+      it { is_expected.to contain 'SSLHonorCipherOrder     test' }
+      it { is_expected.to contain 'SSLVerifyClient         test' }
+      it { is_expected.to contain 'SSLVerifyDepth          test' }
+      it { is_expected.to contain 'SSLOptions test test1' }
+      if $apache_version == '2.4'
+        it { is_expected.to contain 'SSLCARevocationCheck    "chain"' }
+      else
+        it { is_expected.not_to contain 'SSLCARevocationCheck' }
+      end
+    end
+  end
+
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/class_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/class_spec.rb
new file mode 100644
index 000000000..d67b1a878
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/class_spec.rb
@@ -0,0 +1,89 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache class' do
+  context 'default parameters' do
+    let(:pp) { "class { 'apache': }" }
+
+    it_behaves_like "a idempotent resource"
+
+    describe 'apache_version fact' do
+      before :all do
+        apply_manifest("include apache", :catch_failures => true)
+        version_check_pp = <<-EOS
+        notice("apache_version = >${apache_version}<")
+        EOS
+        @result = apply_manifest(version_check_pp, :catch_failures => true)
+      end
+
+      it {
+        expect(@result.output).to match(/apache_version = >#{$apache_version}.*</)
+      }
+    end
+
+    describe package($package_name) do
+      it { is_expected.to be_installed }
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe port(80) do
+      it { should be_listening }
+    end
+  end
+
+  context 'custom site/mod dir parameters' do
+    # Using puppet_apply as a helper
+    let(:pp) do
+      <<-EOS
+        if $::osfamily == 'RedHat' and "$::selinux" == "true" {
+          $semanage_package = $::operatingsystemmajrelease ? {
+            '5'     => 'policycoreutils',
+            default => 'policycoreutils-python',
+          }
+
+          package { $semanage_package: ensure => installed }
+          exec { 'set_apache_defaults':
+            command     => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"',
+            path        => '/bin:/usr/bin/:/sbin:/usr/sbin',
+            subscribe   => Package[$semanage_package],
+            refreshonly => true,
+          }
+          exec { 'restorecon_apache':
+            command     => 'restorecon -Rv /apache_spec',
+            path        => '/bin:/usr/bin/:/sbin:/usr/sbin',
+            before      => Service['httpd'],
+            require     => Class['apache'],
+            subscribe   => Exec['set_apache_defaults'],
+            refreshonly => true,
+          }
+        }
+        file { '/apache_spec': ensure => directory, }
+        file { '/apache_spec/apache_custom': ensure => directory, }
+        class { 'apache':
+          mod_dir   => '/apache_spec/apache_custom/mods',
+          vhost_dir => '/apache_spec/apache_custom/vhosts',
+        }
+      EOS
+    end
+
+    # Run it twice and test for idempotency
+    it_behaves_like "a idempotent resource"
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/custom_config_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/custom_config_spec.rb
new file mode 100644
index 000000000..c8e254e85
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/custom_config_spec.rb
@@ -0,0 +1,94 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache::custom_config define' do
+  context 'invalid config' do
+    it 'should not add the config' do
+      pp = <<-EOS
+        class { 'apache': }
+        apache::custom_config { 'acceptance_test':
+          content => 'INVALID',
+        }
+      EOS
+
+      apply_manifest(pp, :expect_failures => true)
+    end
+
+    describe file("#{$confd_dir}/25-acceptance_test.conf") do
+      it { is_expected.not_to be_file }
+    end
+  end
+
+  context 'valid config' do
+    it 'should add the config' do
+      pp = <<-EOS
+        class { 'apache': }
+        apache::custom_config { 'acceptance_test':
+          content => '# just a comment',
+        }
+      EOS
+
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$confd_dir}/25-acceptance_test.conf") do
+      it { is_expected.to contain '# just a comment' }
+    end
+  end
+
+  context 'with a custom filename' do
+    it 'should store content in the described file' do
+      pp = <<-EOS
+        class { 'apache': }
+        apache::custom_config { 'filename_test':
+          filename => 'custom_filename',
+          content  => '# just another comment',
+        }
+      EOS
+
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$confd_dir}/custom_filename") do
+      it { is_expected.to contain '# just another comment' }
+    end
+  end
+
+  describe 'custom_config without priority prefix' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        apache::custom_config { 'prefix_test':
+          priority => false,
+          content => '# just a comment',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$confd_dir}/prefix_test.conf") do
+      it { is_expected.to be_file }
+    end
+  end
+
+  describe 'custom_config only applied after configs are written' do
+    it 'applies in the right order' do
+      pp = <<-EOS
+        class { 'apache': }
+
+        apache::custom_config { 'ordering_test':
+          content => '# just a comment',
+        }
+
+        # Try to wedge the apache::custom_config call between when httpd.conf is written and
+        # ports.conf is written. This should trigger a dependency cycle
+        File["#{$conf_file}"] -> Apache::Custom_config['ordering_test'] -> Concat["#{$ports_file}"]
+      EOS
+      expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/Found 1 dependency cycle/i)
+    end
+
+    describe file("#{$confd_dir}/25-ordering_test.conf") do
+      it { is_expected.not_to be_file }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/default_mods_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/default_mods_spec.rb
new file mode 100644
index 000000000..35706c9a2
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/default_mods_spec.rb
@@ -0,0 +1,111 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache::default_mods class' do
+  describe 'no default mods' do
+    # Using puppet_apply as a helper
+    let(:pp) do
+      <<-EOS
+        class { 'apache':
+          default_mods => false,
+        }
+      EOS
+    end
+
+    # Run it twice and test for idempotency
+    it_behaves_like "a idempotent resource"
+    describe service($service_name) do
+      it { is_expected.to be_running }
+    end
+  end
+
+  unless (fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') == '12')
+    describe 'no default mods and failing' do
+      before :all do
+        pp = <<-PP
+        include apache::params
+        class { 'apache': default_mods => false, service_ensure => stopped, }
+        PP
+        apply_manifest(pp)
+      end
+      # Using puppet_apply as a helper
+      it 'should apply with errors' do
+        pp = <<-EOS
+          class { 'apache':
+            default_mods => false,
+          }
+          apache::vhost { 'defaults.example.com':
+            docroot     => '#{$doc_root}/defaults',
+            aliases     => {
+              alias => '/css',
+              path  => '#{$doc_root}/css',
+            },
+            directories => [
+            {
+                'path'            => "#{$doc_root}/admin",
+                'auth_basic_fake' => 'demo demopass',
+              }
+            ],
+            setenv      => 'TEST1 one',
+          }
+        EOS
+
+        apply_manifest(pp, { :expect_failures => true })
+      end
+  end
+
+    describe service($service_name) do
+      it { is_expected.not_to be_running }
+    end
+  end
+
+  describe 'alternative default mods' do
+    # Using puppet_apply as a helper
+    let(:pp) do
+      <<-EOS
+        class { 'apache':
+          default_mods => [
+            'info',
+            'alias',
+            'mime',
+            'env',
+            'expires',
+          ],
+        }
+        apache::vhost { 'defaults.example.com':
+          docroot => '#{$doc_root}/defaults',
+          aliases => {
+            alias => '/css',
+            path  => '#{$doc_root}/css',
+          },
+          setenv  => 'TEST1 one',
+        }
+      EOS
+    end
+    it_behaves_like "a idempotent resource"
+
+    describe service($service_name) do
+      it { is_expected.to be_running }
+    end
+  end
+
+  describe 'change loadfile name' do
+    let(:pp) do
+      <<-EOS
+        class { 'apache': default_mods => false }
+        ::apache::mod { 'auth_basic':
+          loadfile_name => 'zz_auth_basic.load',
+        }
+      EOS
+    end
+    # Run it twice and test for idempotency
+    it_behaves_like "a idempotent resource"
+    describe service($service_name) do
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$mod_dir}/zz_auth_basic.load") do
+      it { is_expected.to be_file }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/itk_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/itk_spec.rb
new file mode 100644
index 000000000..059589a3f
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/itk_spec.rb
@@ -0,0 +1,60 @@
+require 'spec_helper_acceptance'
+
+case fact('osfamily')
+when 'Debian'
+  service_name = 'apache2'
+  majrelease = fact('operatingsystemmajrelease')
+  if ['6', '7', '10.04', '12.04'].include?(majrelease)
+    variant = :itk_only
+  else
+    variant = :prefork
+  end
+when 'RedHat'
+  unless fact('operatingsystemmajrelease') == '5'
+    service_name = 'httpd'
+    majrelease = fact('operatingsystemmajrelease')
+    if ['6'].include?(majrelease)
+      variant = :itk_only
+    else
+      variant = :prefork
+    end
+  end
+when 'FreeBSD'
+  service_name = 'apache24'
+  majrelease = fact('operatingsystemmajrelease')
+  variant = :prefork
+end
+
+describe 'apache::mod::itk class', :if => service_name do
+  describe 'running puppet code' do
+    # Using puppet_apply as a helper
+    let(:pp) do
+      case variant
+        when :prefork
+          <<-EOS
+            class { 'apache':
+              mpm_module => 'prefork',
+            }
+            class { 'apache::mod::itk': }
+          EOS
+        when :itk_only
+          <<-EOS
+            class { 'apache':
+              mpm_module => 'itk',
+            }
+          EOS
+        end
+    end
+    # Run it twice and test for idempotency
+    it_behaves_like "a idempotent resource"
+  end
+
+  describe service(service_name) do
+    it { is_expected.to be_running }
+    if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+      pending 'Should be enabled - Bug 760616 on Debian 8'
+    else
+      it { should be_enabled }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_dav_svn_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_dav_svn_spec.rb
new file mode 100644
index 000000000..2b1522509
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_dav_svn_spec.rb
@@ -0,0 +1,63 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache::mod::dav_svn class', :unless => (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7') || (fact('operatingsystem') == 'SLES' and fact('operatingsystemmajorrelease') < '11') do
+  case fact('osfamily')
+  when 'Debian'
+    if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' or fact('operatingsystemrelease') == '10.04' or fact('operatingsystemmajrelease') == '16.04'
+      authz_svn_load_file = 'dav_svn_authz_svn.load'
+    else
+      authz_svn_load_file = 'authz_svn.load'
+    end
+  else
+    authz_svn_load_file = 'dav_svn_authz_svn.load'
+  end
+
+  context "default dav_svn config" do
+    it 'succeeds in puppeting dav_svn' do
+      pp= <<-EOS
+        class { 'apache': }
+        include apache::mod::dav_svn
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$mod_dir}/dav_svn.load") do
+      it { is_expected.to contain "LoadModule dav_svn_module" }
+    end
+  end
+
+  context "dav_svn with enabled authz_svn config" do
+    it 'succeeds in puppeting dav_svn' do
+      pp= <<-EOS
+        class { 'apache': }
+        class { 'apache::mod::dav_svn':
+            authz_svn_enabled => true,
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$mod_dir}/#{authz_svn_load_file}") do
+      it { is_expected.to contain "LoadModule authz_svn_module" }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_deflate_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_deflate_spec.rb
new file mode 100644
index 000000000..1b55e087a
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_deflate_spec.rb
@@ -0,0 +1,33 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache::mod::deflate class' do
+  context "default deflate config" do
+    it 'succeeds in puppeting deflate' do
+      pp= <<-EOS
+        class { 'apache': }
+        include apache::mod::deflate
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$mod_dir}/deflate.conf") do
+      it { is_expected.to contain "AddOutputFilterByType DEFLATE text/html text/plain text/xml" }
+      it { is_expected.to contain "AddOutputFilterByType DEFLATE text/css" }
+      it { is_expected.to contain "AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript" }
+      it { is_expected.to contain "AddOutputFilterByType DEFLATE application/rss+xml" }
+      it { is_expected.to contain "DeflateFilterNote Input instream" }
+      it { is_expected.to contain "DeflateFilterNote Output outstream" }
+      it { is_expected.to contain "DeflateFilterNote Ratio ratio" }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_fcgid_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_fcgid_spec.rb
new file mode 100644
index 000000000..ce3b5b5b2
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_fcgid_spec.rb
@@ -0,0 +1,57 @@
+require 'spec_helper_acceptance'
+
+describe 'apache::mod::fcgid class', :if => ((fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') and !(fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7')) do
+  context "default fcgid config" do
+    it 'succeeds in puppeting fcgid' do
+      pp = <<-EOS
+        class { 'epel': } # mod_fcgid lives in epel
+        class { 'apache': }
+        class { 'apache::mod::php': } # For /usr/bin/php-cgi
+        class { 'apache::mod::fcgid':
+          options => {
+            'FcgidIPCDir'  => '/var/run/fcgidsock',
+          },
+        }
+        apache::vhost { 'fcgid.example.com':
+          port        => '80',
+          docroot     => '/var/www/fcgid',
+          directories => {
+            path        => '/var/www/fcgid',
+            options     => '+ExecCGI',
+            addhandlers => {
+              handler    => 'fcgid-script',
+              extensions => '.php',
+            },
+            fcgiwrapper => {
+              command => '/usr/bin/php-cgi',
+              suffix  => '.php',
+            }
+          },
+        }
+        file { '/var/www/fcgid/index.php':
+          ensure  => file,
+          owner   => 'root',
+          group   => 'root',
+          content => "<?php echo 'Hello world'; ?>\\n",
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service('httpd') do
+      it { is_expected.to be_enabled }
+      it { is_expected.to be_running }
+    end
+
+    it 'should answer to fcgid.example.com' do
+      shell("/usr/bin/curl -H 'Host: fcgid.example.com' 127.0.0.1:80") do |r|
+        expect(r.stdout).to match(/^Hello world$/)
+        expect(r.exit_code).to eq(0)
+      end
+    end
+
+    it 'should run a php-cgi process' do
+      shell("pgrep -u apache php-cgi", :acceptable_exit_codes => [0])
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_mime_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_mime_spec.rb
new file mode 100644
index 000000000..f8bc7c15c
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_mime_spec.rb
@@ -0,0 +1,30 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache::mod::mime class' do
+  context "default mime config" do
+    it 'succeeds in puppeting mime' do
+      pp= <<-EOS
+        class { 'apache': }
+        include apache::mod::mime
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$mod_dir}/mime.conf") do
+      it { is_expected.to contain "AddType application/x-compress .Z" }
+      it { is_expected.to contain "AddHandler type-map var\n" }
+      it { is_expected.to contain "AddType text/html .shtml\n" }
+      it { is_expected.to contain "AddOutputFilter INCLUDES .shtml\n" }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_negotiation_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_negotiation_spec.rb
new file mode 100644
index 000000000..56c29e318
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_negotiation_spec.rb
@@ -0,0 +1,78 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache::mod::negotiation class' do
+  context "default negotiation config" do
+    it 'succeeds in puppeting negotiation' do
+      pp= <<-EOS
+        class { '::apache': default_mods => false }
+        class { '::apache::mod::negotiation': }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$mod_dir}/negotiation.conf") do
+      it { should contain "LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
+ForceLanguagePriority Prefer Fallback" }
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { should be_running }
+    end
+  end
+
+  context "with alternative force_language_priority" do
+    it 'succeeds in puppeting negotiation' do
+      pp= <<-EOS
+        class { '::apache': default_mods => false }
+        class { '::apache::mod::negotiation':
+          force_language_priority => 'Prefer',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$mod_dir}/negotiation.conf") do
+      it { should contain "ForceLanguagePriority Prefer" }
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { should be_running }
+    end
+  end
+
+  context "with alternative language_priority" do
+    it 'succeeds in puppeting negotiation' do
+      pp= <<-EOS
+        class { '::apache': default_mods => false }
+        class { '::apache::mod::negotiation':
+          language_priority => [ 'en', 'es' ],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$mod_dir}/negotiation.conf") do
+      it { should contain "LanguagePriority en es" }
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { should be_running }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_pagespeed_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_pagespeed_spec.rb
new file mode 100644
index 000000000..1455d5630
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_pagespeed_spec.rb
@@ -0,0 +1,61 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+# Only run the test on centos 7, this is to cut down on the different types of setup
+# required. Installing the dependancies are highly prone to failure.
+describe 'apache::mod::pagespeed class', :if =>
+  ((fact('operatingsystem') == 'CentOS' ) and
+   (fact('operatingsystemmajrelease') == '7' )) do
+  context "default pagespeed config" do
+    it 'succeeds in puppeting pagespeed' do
+      pp= <<-EOS
+       yumrepo { 'mod-pagespeed':
+        baseurl  => "http://dl.google.com/linux/mod-pagespeed/rpm/stable/$::architecture",
+          enabled  => 1,
+          gpgcheck => 1,
+          gpgkey   => 'https://dl-ssl.google.com/linux/linux_signing_key.pub',
+          before   => Class['apache'],
+        }
+
+        class { 'apache':
+          mpm_module => 'prefork',
+        }
+        class { 'apache::mod::pagespeed':
+          enable_filters  => ['remove_comments'],
+          disable_filters => ['extend_cache'],
+          forbid_filters  => ['rewrite_javascript'],
+        }
+        apache::vhost { 'pagespeed.example.com':
+          port    => '80',
+          docroot => '#{$doc_root}/pagespeed',
+        }
+        host { 'pagespeed.example.com': ip => '127.0.0.1', }
+        file { '#{$doc_root}/pagespeed/index.html':
+          ensure  => file,
+          content => "<html>\n<!-- comment -->\n<body>\n<p>Hello World!</p>\n</body>\n</html>",
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      it { should be_enabled }
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$mod_dir}/pagespeed.conf") do
+      it { is_expected.to contain "AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html" }
+      it { is_expected.to contain "ModPagespeedEnableFilters remove_comments" }
+      it { is_expected.to contain "ModPagespeedDisableFilters extend_cache" }
+      it { is_expected.to contain "ModPagespeedForbidFilters rewrite_javascript" }
+    end
+
+    it 'should answer to pagespeed.example.com and include <head/> and be stripped of comments by mod_pagespeed' do
+      shell("/usr/bin/curl pagespeed.example.com:80") do |r|
+        expect(r.stdout).to match(/<head\/>/)
+        expect(r.stdout).not_to match(/<!-- comment -->/)
+        expect(r.exit_code).to eq(0)
+      end
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_passenger_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_passenger_spec.rb
new file mode 100644
index 000000000..4761d2c5b
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_passenger_spec.rb
@@ -0,0 +1,208 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache::mod::passenger class' do
+  pending 'This cannot run in the same test run as apache::vhost with passenger
+  as the passenger.conf file is not yet managed by puppet and will be wiped out
+  between tests and not replaced'
+  case fact('osfamily')
+  when 'Debian'
+    conf_file = "#{$mod_dir}/passenger.conf"
+    load_file = "#{$mod_dir}/zpassenger.load"
+
+    case fact('operatingsystem')
+    when 'Ubuntu'
+      case fact('lsbdistrelease')
+      when '10.04'
+        passenger_root = '/usr'
+        passenger_ruby = '/usr/bin/ruby'
+      when '12.04'
+        passenger_root = '/usr'
+        passenger_ruby = '/usr/bin/ruby'
+      when '14.04'
+        passenger_root         = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
+        passenger_ruby         = '/usr/bin/ruby'
+        passenger_default_ruby = '/usr/bin/ruby'
+      when '16.04'
+        passenger_root         = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
+        passenger_ruby         = '/usr/bin/ruby'
+        passenger_default_ruby = '/usr/bin/ruby'
+      else
+        # This may or may not work on Ubuntu releases other than the above
+        passenger_root = '/usr'
+        passenger_ruby = '/usr/bin/ruby'
+      end
+    when 'Debian'
+      case fact('lsbdistcodename')
+      when 'wheezy'
+        passenger_root = '/usr'
+        passenger_ruby = '/usr/bin/ruby'
+      when 'jessie'
+        passenger_root         = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
+        passenger_ruby         = '/usr/bin/ruby'
+        passenger_default_ruby = '/usr/bin/ruby'
+      else
+        # This may or may not work on Debian releases other than the above
+        passenger_root = '/usr'
+        passenger_ruby = '/usr/bin/ruby'
+      end
+    end
+
+    passenger_module_path = '/usr/lib/apache2/modules/mod_passenger.so'
+    rackapp_user = 'www-data'
+    rackapp_group = 'www-data'
+  when 'RedHat'
+    conf_file = "#{$mod_dir}/passenger.conf"
+    load_file = "#{$mod_dir}/zpassenger.load"
+    # sometimes installs as 3.0.12, sometimes as 3.0.19 - so just check for the stable part
+    passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
+    passenger_ruby = '/usr/bin/ruby'
+    passenger_module_path = 'modules/mod_passenger.so'
+    rackapp_user = 'apache'
+    rackapp_group = 'apache'
+  end
+
+  pp_rackapp = <<-EOS
+    /* a simple ruby rack 'hello world' app */
+    file { '/var/www/passenger':
+      ensure => directory,
+      owner  => '#{rackapp_user}',
+      group  => '#{rackapp_group}',
+    }
+    file { '/var/www/passenger/config.ru':
+      ensure  => file,
+      owner   => '#{rackapp_user}',
+      group   => '#{rackapp_group}',
+      content => "app = proc { |env| [200, { \\"Content-Type\\" => \\"text/html\\" }, [\\"hello <b>world</b>\\"]] }\\nrun app",
+    }
+    apache::vhost { 'passenger.example.com':
+      port          => '80',
+      docroot       => '/var/www/passenger/public',
+      docroot_group => '#{rackapp_group}',
+      docroot_owner => '#{rackapp_user}',
+      require       => File['/var/www/passenger/config.ru'],
+    }
+    host { 'passenger.example.com': ip => '127.0.0.1', }
+  EOS
+
+  case fact('osfamily')
+  when 'Debian'
+    context "default passenger config" do
+      it 'succeeds in puppeting passenger' do
+        pp = <<-EOS
+          /* stock apache and mod_passenger */
+          class { 'apache': }
+          class { 'apache::mod::passenger': }
+          #{pp_rackapp}
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      describe service($service_name) do
+        if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+          pending 'Should be enabled - Bug 760616 on Debian 8'
+        else
+          it { should be_enabled }
+        end
+        it { is_expected.to be_running }
+      end
+
+      describe file(conf_file) do
+        it { is_expected.to contain "PassengerRoot \"#{passenger_root}\"" }
+
+        case fact('operatingsystem')
+        when 'Ubuntu'
+          case fact('lsbdistrelease')
+          when '10.04'
+            it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" }
+            it { is_expected.not_to contain "/PassengerDefaultRuby/" }
+          when '12.04'
+            it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" }
+            it { is_expected.not_to contain "/PassengerDefaultRuby/" }
+          when '14.04'
+            it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" }
+            it { is_expected.not_to contain "/PassengerRuby/" }
+          when '16.04'
+            it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" }
+            it { is_expected.not_to contain "/PassengerRuby/" }
+          else
+            # This may or may not work on Ubuntu releases other than the above
+            it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" }
+            it { is_expected.not_to contain "/PassengerDefaultRuby/" }
+          end
+        when 'Debian'
+          case fact('lsbdistcodename')
+          when 'wheezy'
+            it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" }
+            it { is_expected.not_to contain "/PassengerDefaultRuby/" }
+          when 'jessie'
+            it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" }
+            it { is_expected.not_to contain "/PassengerRuby/" }
+          else
+            # This may or may not work on Debian releases other than the above
+            it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" }
+            it { is_expected.not_to contain "/PassengerDefaultRuby/" }
+          end
+        end
+      end
+
+      describe file(load_file) do
+        it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" }
+      end
+
+      it 'should output status via passenger-memory-stats' do
+        shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-memory-stats") do |r|
+          expect(r.stdout).to match(/Apache processes/)
+          expect(r.stdout).to match(/Nginx processes/)
+          expect(r.stdout).to match(/Passenger processes/)
+
+          # passenger-memory-stats output on newer Debian/Ubuntu verions do not contain
+          # these two lines
+          unless ((fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') or
+                 (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') or
+                 (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8'))
+            expect(r.stdout).to match(/### Processes: [0-9]+/)
+            expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/)
+          end
+
+          expect(r.exit_code).to eq(0)
+        end
+      end
+
+      # passenger-status fails under stock ubuntu-server-12042-x64 + mod_passenger,
+      # even when the passenger process is successfully installed and running
+      unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04'
+        it 'should output status via passenger-status' do
+          # xml output not available on ubunutu <= 10.04, so sticking with default pool output
+          shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-status") do |r|
+            # spacing may vary
+            expect(r.stdout).to match(/[\-]+ General information [\-]+/)
+            if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' or
+               (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') or
+               fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8'
+              expect(r.stdout).to match(/Max pool size[ ]+: [0-9]+/)
+              expect(r.stdout).to match(/Processes[ ]+: [0-9]+/)
+              expect(r.stdout).to match(/Requests in top-level queue[ ]+: [0-9]+/)
+            else
+              expect(r.stdout).to match(/max[ ]+= [0-9]+/)
+              expect(r.stdout).to match(/count[ ]+= [0-9]+/)
+              expect(r.stdout).to match(/active[ ]+= [0-9]+/)
+              expect(r.stdout).to match(/inactive[ ]+= [0-9]+/)
+              expect(r.stdout).to match(/Waiting on global queue: [0-9]+/)
+            end
+
+            expect(r.exit_code).to eq(0)
+          end
+        end
+      end
+
+      it 'should answer to passenger.example.com' do
+        shell("/usr/bin/curl passenger.example.com:80") do |r|
+          expect(r.stdout).to match(/^hello <b>world<\/b>$/)
+          expect(r.exit_code).to eq(0)
+        end
+      end
+
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_php_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_php_spec.rb
new file mode 100644
index 000000000..59be2baaa
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_php_spec.rb
@@ -0,0 +1,152 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+unless (fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') == '12')
+  describe 'apache::mod::php class' do
+    context "default php config" do
+      it 'succeeds in puppeting php' do
+        pp= <<-EOS
+          class { 'apache':
+            mpm_module => 'prefork',
+          }
+          class { 'apache::mod::php': }
+          apache::vhost { 'php.example.com':
+            port    => '80',
+            docroot => '#{$doc_root}/php',
+          }
+          host { 'php.example.com': ip => '127.0.0.1', }
+          file { '#{$doc_root}/php/index.php':
+            ensure  => file,
+            content => "<?php phpinfo(); ?>\\n",
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      describe service($service_name) do
+        if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+          pending 'Should be enabled - Bug 760616 on Debian 8'
+        else
+          it { should be_enabled }
+        end
+        it { is_expected.to be_running }
+      end
+
+      if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04')
+        describe file("#{$mod_dir}/php7.0.conf") do
+          it { is_expected.to contain "DirectoryIndex index.php" }
+        end
+      else
+        describe file("#{$mod_dir}/php5.conf") do
+          it { is_expected.to contain "DirectoryIndex index.php" }
+        end
+      end
+
+      it 'should answer to php.example.com' do
+        shell("/usr/bin/curl php.example.com:80") do |r|
+          expect(r.stdout).to match(/PHP Version/)
+          expect(r.exit_code).to eq(0)
+        end
+      end
+    end
+
+    context "custom extensions, php_flag, php_value, php_admin_flag, and php_admin_value" do
+      it 'succeeds in puppeting php' do
+        pp= <<-EOS
+          class { 'apache':
+            mpm_module => 'prefork',
+          }
+          class { 'apache::mod::php':
+            extensions => ['.php','.php5'],
+          }
+          apache::vhost { 'php.example.com':
+            port             => '80',
+            docroot          => '#{$doc_root}/php',
+            php_values       => { 'include_path' => '.:/usr/share/pear:/usr/bin/php', },
+            php_flags        => { 'display_errors' => 'on', },
+            php_admin_values => { 'open_basedir' => '/var/www/php/:/usr/share/pear/', },
+            php_admin_flags  => { 'engine' => 'on', },
+          }
+          host { 'php.example.com': ip => '127.0.0.1', }
+          file { '#{$doc_root}/php/index.php5':
+            ensure  => file,
+            content => "<?php phpinfo(); ?>\\n",
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      describe service($service_name) do
+        if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+          pending 'Should be enabled - Bug 760616 on Debian 8'
+        else
+          it { should be_enabled }
+        end
+        it { is_expected.to be_running }
+      end
+
+      describe file("#{$vhost_dir}/25-php.example.com.conf") do
+        it { is_expected.to contain "  php_flag display_errors on" }
+        it { is_expected.to contain "  php_value include_path \".:/usr/share/pear:/usr/bin/php\"" }
+        it { is_expected.to contain "  php_admin_flag engine on" }
+        it { is_expected.to contain "  php_admin_value open_basedir /var/www/php/:/usr/share/pear/" }
+      end
+
+      it 'should answer to php.example.com' do
+        shell("/usr/bin/curl php.example.com:80") do |r|
+          expect(r.stdout).to match(/\/usr\/share\/pear\//)
+          expect(r.exit_code).to eq(0)
+        end
+      end
+    end
+
+    context "provide custom config file" do
+      it 'succeeds in puppeting php' do
+        pp= <<-EOS
+          class {'apache':
+            mpm_module => 'prefork',
+          }
+          class {'apache::mod::php':
+            content => '# somecontent',
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+      if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04')
+        describe file("#{$mod_dir}/php7.0.conf") do
+          it { should contain "# somecontent" }
+        end
+      else
+        describe file("#{$mod_dir}/php5.conf") do
+          it { should contain "# somecontent" }
+        end
+      end
+    end
+
+    context "provide content and template config file" do
+      it 'succeeds in puppeting php' do
+        pp= <<-EOS
+          class {'apache':
+            mpm_module => 'prefork',
+          }
+          class {'apache::mod::php':
+            content  => '# somecontent',
+            template => 'apache/mod/php5.conf.erb',
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04')
+        describe file("#{$mod_dir}/php7.0.conf") do
+          it { should contain "# somecontent" }
+        end
+      else
+        describe file("#{$mod_dir}/php5.conf") do
+          it { should contain "# somecontent" }
+        end
+      end
+    end
+
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_proxy_html_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_proxy_html_spec.rb
new file mode 100644
index 000000000..ce8aad6f3
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_proxy_html_spec.rb
@@ -0,0 +1,36 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+# Don't run proxy_html tests on RHEL7 because the yum repos are missing packages required by it.
+describe 'apache::mod::proxy_html class', :unless => (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7') do
+  context "default proxy_html config" do
+    if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/
+      it 'adds epel' do
+        pp = "class { 'epel': }"
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    it 'succeeds in puppeting proxy_html' do
+      pp= <<-EOS
+        class { 'apache': }
+        class { 'apache::mod::proxy': }
+        class { 'apache::mod::proxy_http': }
+        # mod_proxy_html doesn't exist in RHEL5
+        if $::osfamily == 'RedHat' and $::operatingsystemmajrelease != '5' {
+          class { 'apache::mod::proxy_html': }
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_security_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_security_spec.rb
new file mode 100644
index 000000000..095cce9da
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_security_spec.rb
@@ -0,0 +1,386 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache::mod::security class', :unless => (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise' or fact('lsbdistcodename') == 'wheezy')) || (fact('operatingsystem') == 'SLES' and fact('operatingsystemrelease') < '11') do
+  context "default mod_security config" do
+    if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/
+      it 'adds epel' do
+        pp = "class { 'epel': }"
+        apply_manifest(pp, :catch_failures => true)
+      end
+    elsif fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7'
+      it 'changes obsoletes, per PUP-4497' do
+        pp = <<-EOS
+          ini_setting { 'obsoletes':
+            path    => '/etc/yum.conf',
+            section => 'main',
+            setting => 'obsoletes',
+            value   => '0',
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    it 'succeeds in puppeting mod_security' do
+      pp= <<-EOS
+        host { 'modsec.example.com': ip => '127.0.0.1', }
+        class { 'apache': }
+        class { 'apache::mod::security': }
+        apache::vhost { 'modsec.example.com':
+          port    => '80',
+          docroot => '#{$doc_root}/html',
+        }
+        file { '#{$doc_root}/html/index.html':
+          ensure  => file,
+          content => 'Index page',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+
+      #Need to add a short sleep here because on RHEL6 the service takes a bit longer to init
+      if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/
+        sleep 5
+      end
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe package($package_name) do
+      it { is_expected.to be_installed }
+    end
+
+    describe file("#{$mod_dir}/security.conf") do
+      it { is_expected.to contain "mod_security2.c" }
+    end
+
+    describe 'should be listening on port 80' do
+      it 'should return index page' do
+        shell('/usr/bin/curl -A beaker modsec.example.com:80') do |r|
+          expect(r.stdout).to match(/Index page/)
+          expect(r.exit_code).to eq(0)
+        end
+      end
+
+      unless fact('operatingsystem') == 'SLES'
+        it 'should block query with SQL' do
+          shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22]
+        end
+      end
+    end
+
+  end #default mod_security config
+
+  context "mod_security should allow disabling by vhost" do
+    it 'succeeds in puppeting mod_security' do
+      pp= <<-EOS
+        host { 'modsec.example.com': ip => '127.0.0.1', }
+        class { 'apache': }
+        class { 'apache::mod::security': }
+        apache::vhost { 'modsec.example.com':
+          port    => '80',
+          docroot => '#{$doc_root}/html',
+        }
+        file { '#{$doc_root}/html/index.html':
+          ensure  => file,
+          content => 'Index page',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$mod_dir}/security.conf") do
+      it { is_expected.to contain "mod_security2.c" }
+    end
+
+    unless fact('operatingsystem') == 'SLES'
+      it 'should block query with SQL' do
+        shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22]
+      end
+    end
+
+    it 'should disable mod_security per vhost' do
+      pp= <<-EOS
+        class { 'apache': }
+        class { 'apache::mod::security': }
+        apache::vhost { 'modsec.example.com':
+          port                 => '80',
+          docroot              => '#{$doc_root}/html',
+          modsec_disable_vhost => true,
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    it 'should return index page' do
+      shell('/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r|
+        expect(r.stdout).to match(/Index page/)
+        expect(r.exit_code).to eq(0)
+      end
+    end
+  end #mod_security should allow disabling by vhost
+
+  context "mod_security should allow disabling by ip" do
+    it 'succeeds in puppeting mod_security' do
+      pp= <<-EOS
+        host { 'modsec.example.com': ip => '127.0.0.1', }
+        class { 'apache': }
+        class { 'apache::mod::security': }
+        apache::vhost { 'modsec.example.com':
+          port    => '80',
+          docroot => '#{$doc_root}/html',
+        }
+        file { '#{$doc_root}/html/index.html':
+          ensure  => file,
+          content => 'Index page',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$mod_dir}/security.conf") do
+      it { is_expected.to contain "mod_security2.c" }
+    end
+
+    unless fact('operatingsystem') == 'SLES'
+      it 'should block query with SQL' do
+        shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22]
+      end
+    end
+
+    it 'should disable mod_security per vhost' do
+      pp= <<-EOS
+        class { 'apache': }
+        class { 'apache::mod::security': }
+        apache::vhost { 'modsec.example.com':
+          port               => '80',
+          docroot            => '#{$doc_root}/html',
+          modsec_disable_ips => [ '127.0.0.1' ],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    it 'should return index page' do
+      shell('/usr/bin/curl -A beaker modsec.example.com:80') do |r|
+        expect(r.stdout).to match(/Index page/)
+        expect(r.exit_code).to eq(0)
+      end
+    end
+  end #mod_security should allow disabling by ip
+
+  context "mod_security should allow disabling by id" do
+    it 'succeeds in puppeting mod_security' do
+      pp= <<-EOS
+        host { 'modsec.example.com': ip => '127.0.0.1', }
+        class { 'apache': }
+        class { 'apache::mod::security': }
+        apache::vhost { 'modsec.example.com':
+          port    => '80',
+          docroot => '#{$doc_root}/html',
+        }
+        file { '#{$doc_root}/html/index.html':
+          ensure  => file,
+          content => 'Index page',
+        }
+        file { '#{$doc_root}/html/index2.html':
+          ensure  => file,
+          content => 'Page 2',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$mod_dir}/security.conf") do
+      it { is_expected.to contain "mod_security2.c" }
+    end
+
+    unless fact('operatingsystem') == 'SLES'
+      it 'should block query with SQL' do
+        shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22]
+      end
+    end
+
+    it 'should disable mod_security per vhost' do
+      pp= <<-EOS
+        class { 'apache': }
+        class { 'apache::mod::security': }
+        apache::vhost { 'modsec.example.com':
+          port               => '80',
+          docroot            => '#{$doc_root}/html',
+          modsec_disable_ids => [ '950007' ],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    it 'should return index page' do
+      shell('/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r|
+        expect(r.stdout).to match(/Index page/)
+        expect(r.exit_code).to eq(0)
+      end
+    end
+
+  end #mod_security should allow disabling by id
+
+  context "mod_security should allow disabling by msg" do
+    it 'succeeds in puppeting mod_security' do
+      pp= <<-EOS
+        host { 'modsec.example.com': ip => '127.0.0.1', }
+        class { 'apache': }
+        class { 'apache::mod::security': }
+        apache::vhost { 'modsec.example.com':
+          port    => '80',
+          docroot => '#{$doc_root}/html',
+        }
+        file { '#{$doc_root}/html/index.html':
+          ensure  => file,
+          content => 'Index page',
+        }
+        file { '#{$doc_root}/html/index2.html':
+          ensure  => file,
+          content => 'Page 2',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$mod_dir}/security.conf") do
+      it { is_expected.to contain "mod_security2.c" }
+    end
+
+    unless fact('operatingsystem') == 'SLES'
+      it 'should block query with SQL' do
+        shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22]
+      end
+    end
+
+    it 'should disable mod_security per vhost' do
+      pp= <<-EOS
+        class { 'apache': }
+        class { 'apache::mod::security': }
+        apache::vhost { 'modsec.example.com':
+          port               => '80',
+          docroot            => '#{$doc_root}/html',
+          modsec_disable_msgs => [ 'Blind SQL Injection Attack' ],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    it 'should return index page' do
+      shell('/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r|
+        expect(r.stdout).to match(/Index page/)
+        expect(r.exit_code).to eq(0)
+      end
+    end
+
+  end #mod_security should allow disabling by msg
+
+  context "mod_security should allow disabling by tag" do
+    it 'succeeds in puppeting mod_security' do
+      pp= <<-EOS
+        host { 'modsec.example.com': ip => '127.0.0.1', }
+        class { 'apache': }
+        class { 'apache::mod::security': }
+        apache::vhost { 'modsec.example.com':
+          port    => '80',
+          docroot => '#{$doc_root}/html',
+        }
+        file { '#{$doc_root}/html/index.html':
+          ensure  => file,
+          content => 'Index page',
+        }
+        file { '#{$doc_root}/html/index2.html':
+          ensure  => file,
+          content => 'Page 2',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$mod_dir}/security.conf") do
+      it { is_expected.to contain "mod_security2.c" }
+    end
+
+    unless fact('operatingsystem') == 'SLES'
+      it 'should block query with SQL' do
+        shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22]
+      end
+    end
+
+    it 'should disable mod_security per vhost' do
+      pp= <<-EOS
+        class { 'apache': }
+        class { 'apache::mod::security': }
+        apache::vhost { 'modsec.example.com':
+          port                => '80',
+          docroot             => '#{$doc_root}/html',
+          modsec_disable_tags => [ 'WEB_ATTACK/SQL_INJECTION' ],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    it 'should return index page' do
+      shell('/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r|
+        expect(r.stdout).to match(/Index page/)
+        expect(r.exit_code).to eq(0)
+      end
+    end
+
+  end #mod_security should allow disabling by tag
+
+end #apache::mod::security class
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_suphp_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_suphp_spec.rb
new file mode 100644
index 000000000..07486677f
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/mod_suphp_spec.rb
@@ -0,0 +1,57 @@
+require 'spec_helper_acceptance'
+
+describe 'apache::mod::suphp class', :if => (fact('operatingsystem') == 'Ubuntu' and fact('operatingsystemmajrelease') != '16.04') do
+  context "default suphp config" do
+    it 'succeeds in puppeting suphp' do
+      pp = <<-EOS
+class { 'apache':
+  mpm_module => 'prefork',
+}
+host { 'suphp.example.com': ip => '127.0.0.1', }
+apache::vhost { 'suphp.example.com':
+  port    => '80',
+  docroot => '/var/www/suphp',
+}
+file { '/var/www/suphp/index.php':
+  ensure  => file,
+  owner   => 'daemon',
+  group   => 'daemon',
+  content => "<?php echo get_current_user(); ?>\\n",
+  require => File['/var/www/suphp'],
+  before  => Class['apache::mod::php'],
+}
+class { 'apache::mod::php': }
+class { 'apache::mod::suphp': }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service('apache2') do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    it 'should answer to suphp.example.com' do
+      timeout = 0
+      loop do
+        r = shell('curl suphp.example.com:80')
+        timeout += 1
+        break if r.stdout =~ /^daemon$/
+        if timeout > 40
+          expect(timeout < 40).to be true
+          break
+        end
+        sleep(1)
+      end
+      shell("/usr/bin/curl suphp.example.com:80") do |r|
+        expect(r.stdout).to match(/^daemon$/)
+        expect(r.exit_code).to eq(0)
+      end
+    end
+
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/centos-7-x64.yml b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/centos-7-x64.yml
new file mode 100644
index 000000000..5eebdefbf
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/centos-7-x64.yml
@@ -0,0 +1,10 @@
+HOSTS:
+  centos-7-x64:
+    roles:
+      - agent
+      - default
+    platform: el-7-x86_64
+    hypervisor: vagrant
+    box: puppetlabs/centos-7.2-64-nocm
+CONFIG:
+  type: foss
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/debian-8-x64.yml b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/debian-8-x64.yml
new file mode 100644
index 000000000..fef6e63ca
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/debian-8-x64.yml
@@ -0,0 +1,10 @@
+HOSTS:
+  debian-8-x64:
+    roles:
+      - agent
+      - default
+    platform: debian-8-amd64
+    hypervisor: vagrant
+    box: puppetlabs/debian-8.2-64-nocm
+CONFIG:
+  type: foss
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/default.yml b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/default.yml
new file mode 100644
index 000000000..dba339c46
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/default.yml
@@ -0,0 +1,10 @@
+HOSTS:
+  ubuntu-1404-x64:
+    roles:
+      - agent
+      - default
+    platform: ubuntu-14.04-amd64
+    hypervisor: vagrant
+    box: puppetlabs/ubuntu-14.04-64-nocm
+CONFIG:
+  type: foss
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/docker/centos-7.yml b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/docker/centos-7.yml
new file mode 100644
index 000000000..a3333aac5
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/docker/centos-7.yml
@@ -0,0 +1,12 @@
+HOSTS:
+  centos-7-x64:
+    platform: el-7-x86_64
+    hypervisor: docker
+    image: centos:7
+    docker_preserve_image: true
+    docker_cmd: '["/usr/sbin/init"]'
+    # install various tools required to get the image up to usable levels
+    docker_image_commands:
+      - 'yum install -y crontabs tar wget openssl sysvinit-tools iproute which initscripts'
+CONFIG:
+  trace_limit: 200
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/docker/debian-8.yml b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/docker/debian-8.yml
new file mode 100644
index 000000000..df5c31944
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/docker/debian-8.yml
@@ -0,0 +1,11 @@
+HOSTS:
+  debian-8-x64:
+    platform: debian-8-amd64
+    hypervisor: docker
+    image: debian:8
+    docker_preserve_image: true
+    docker_cmd: '["/sbin/init"]'
+    docker_image_commands:
+      - 'apt-get update && apt-get install -y net-tools wget locales strace lsof && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen'
+CONFIG:
+  trace_limit: 200
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/docker/ubuntu-14.04.yml b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/docker/ubuntu-14.04.yml
new file mode 100644
index 000000000..b1efa5839
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/docker/ubuntu-14.04.yml
@@ -0,0 +1,12 @@
+HOSTS:
+  ubuntu-1404-x64:
+    platform: ubuntu-14.04-amd64
+    hypervisor: docker
+    image: ubuntu:14.04
+    docker_preserve_image: true
+    docker_cmd: '["/sbin/init"]'
+    docker_image_commands:
+      # ensure that upstart is booting correctly in the container
+      - 'rm /usr/sbin/policy-rc.d && rm /sbin/initctl && dpkg-divert --rename --remove /sbin/initctl && apt-get update && apt-get install -y net-tools wget && locale-gen en_US.UTF-8'
+CONFIG:
+  trace_limit: 200
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/suse.yml b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/suse.yml
new file mode 100644
index 000000000..ac0492699
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/nodesets/suse.yml
@@ -0,0 +1,25 @@
+---
+HOSTS:
+  sles-11-x86_64-agent:
+    roles:
+    - agent
+    - default
+    platform: sles-11-x86_64
+    template: sles-11-x86_64
+    hypervisor: virtualbox
+  redhat-7-x86_64-master:
+    roles:
+    - master
+    - dashboard
+    - database
+    - agent
+    platform: el-7-x86_64
+    template: redhat-7-x86_64
+    hypervisor: virtualbox
+CONFIG:
+  nfs_server: none
+  consoleport: 443
+  datastore: instance0
+  folder: Delivery/Quality Assurance/Enterprise/Dynamic
+  resourcepool: delivery/Quality Assurance/Enterprise/Dynamic
+  pooling_api: http://vcloud.delivery.puppetlabs.net/
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/prefork_worker_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/prefork_worker_spec.rb
new file mode 100644
index 000000000..668716144
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/prefork_worker_spec.rb
@@ -0,0 +1,80 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+case fact('osfamily')
+when 'FreeBSD'
+  describe 'apache::mod::event class' do
+    describe 'running puppet code' do
+      # Using puppet_apply as a helper
+      it 'should work with no errors' do
+        pp = <<-EOS
+          class { 'apache':
+            mpm_module => 'event',
+          }
+        EOS
+
+        # Run it twice and test for idempotency
+        apply_manifest(pp, :catch_failures => true)
+        expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+      end
+    end
+
+    describe service($service_name) do
+      it { is_expected.to be_running }
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+    end
+  end
+end
+
+describe 'apache::mod::worker class' do
+  describe 'running puppet code' do
+    # Using puppet_apply as a helper
+    let(:pp) do
+      <<-EOS
+        class { 'apache':
+          mpm_module => 'worker',
+        }
+      EOS
+    end
+
+    # Run it twice and test for idempotency
+    it_behaves_like "a idempotent resource"
+  end
+
+  describe service($service_name) do
+    it { is_expected.to be_running }
+    if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+      pending 'Should be enabled - Bug 760616 on Debian 8'
+    else
+      it { should be_enabled }
+    end
+  end
+end
+
+describe 'apache::mod::prefork class' do
+  describe 'running puppet code' do
+    # Using puppet_apply as a helper
+    let(:pp) do
+      <<-EOS
+        class { 'apache':
+          mpm_module => 'prefork',
+        }
+      EOS
+    end
+    # Run it twice and test for idempotency
+    it_behaves_like "a idempotent resource"
+  end
+
+  describe service($service_name) do
+    it { is_expected.to be_running }
+    if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+      pending 'Should be enabled - Bug 760616 on Debian 8'
+    else
+      it { should be_enabled }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/service_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/service_spec.rb
new file mode 100644
index 000000000..c62a34973
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/service_spec.rb
@@ -0,0 +1,18 @@
+require 'spec_helper_acceptance'
+
+describe 'apache::service class' do
+  describe 'adding dependencies in between the base class and service class' do
+    let(:pp) do
+      <<-EOS
+        class { 'apache': }
+        file { '/tmp/test':
+          require => Class['apache'],
+          notify  => Class['apache::service'],
+        }
+      EOS
+    end
+
+    # Run it twice and test for idempotency
+    it_behaves_like "a idempotent resource"
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/version.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/version.rb
new file mode 100644
index 000000000..fac4071e6
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/version.rb
@@ -0,0 +1,96 @@
+_osfamily               = fact('osfamily')
+_operatingsystem        = fact('operatingsystem')
+_operatingsystemrelease = fact('operatingsystemrelease').to_f
+
+case _osfamily
+when 'RedHat'
+  $confd_dir        = '/etc/httpd/conf.d'
+  $conf_file        = '/etc/httpd/conf/httpd.conf'
+  $ports_file       = '/etc/httpd/conf/ports.conf'
+  $vhost_dir        = '/etc/httpd/conf.d'
+  $vhost            = '/etc/httpd/conf.d/15-default.conf'
+  $run_dir          = '/var/run/httpd'
+  $doc_root          = '/var/www'
+  $service_name     = 'httpd'
+  $package_name     = 'httpd'
+  $error_log        = 'error_log'
+  $suphp_handler    = 'php5-script'
+  $suphp_configpath = 'undef'
+
+  if (_operatingsystem == 'Fedora' and _operatingsystemrelease >= 18) or (_operatingsystem != 'Fedora' and _operatingsystemrelease >= 7)
+    $apache_version = '2.4'
+    $mod_dir        = '/etc/httpd/conf.modules.d'
+  else
+    $apache_version = '2.2'
+    $mod_dir        = '/etc/httpd/conf.d'
+  end
+when 'Debian'
+  $confd_dir        = '/etc/apache2/conf.d'
+  $mod_dir          = '/etc/apache2/mods-available'
+  $conf_file        = '/etc/apache2/apache2.conf'
+  $ports_file       = '/etc/apache2/ports.conf'
+  $vhost            = '/etc/apache2/sites-available/15-default.conf'
+  $vhost_dir        = '/etc/apache2/sites-enabled'
+  $run_dir          = '/var/run/apache2'
+  $doc_root          = '/var/www'
+  $service_name     = 'apache2'
+  $package_name     = 'apache2'
+  $error_log        = 'error.log'
+  $suphp_handler    = 'x-httpd-php'
+  $suphp_configpath = '/etc/php5/apache2'
+
+  if _operatingsystem == 'Ubuntu' and _operatingsystemrelease >= 13.10
+    $apache_version = '2.4'
+  elsif _operatingsystem == 'Debian' and _operatingsystemrelease >= 8.0
+    $apache_version = '2.4'
+  else
+    $apache_version = '2.2'
+  end
+when 'FreeBSD'
+  $confd_dir        = '/usr/local/etc/apache24/Includes'
+  $mod_dir          = '/usr/local/etc/apache24/Modules'
+  $conf_file        = '/usr/local/etc/apache24/httpd.conf'
+  $ports_file       = '/usr/local/etc/apache24/Includes/ports.conf'
+  $vhost            = '/usr/local/etc/apache24/Vhosts/15-default.conf'
+  $vhost_dir        = '/usr/local/etc/apache24/Vhosts'
+  $run_dir          = '/var/run/apache24'
+  $doc_root          = '/var/www'
+  $service_name     = 'apache24'
+  $package_name     = 'apache24'
+  $error_log        = 'http-error.log'
+
+  $apache_version = '2.2'
+when 'Gentoo'
+  $confd_dir        = '/etc/apache2/conf.d'
+  $mod_dir          = '/etc/apache2/modules.d'
+  $conf_file        = '/etc/apache2/httpd.conf'
+  $ports_file       = '/etc/apache2/ports.conf'
+  $vhost            = '/etc/apache2/vhosts.d/15-default.conf'
+  $vhost_dir        = '/etc/apache2/vhosts.d'
+  $run_dir          = '/var/run/apache2'
+  $doc_root          = '/var/www'
+  $service_name     = 'apache2'
+  $package_name     = 'www-servers/apache'
+  $error_log        = 'http-error.log'
+
+  $apache_version = '2.4'
+when 'Suse'
+  $confd_dir        = '/etc/apache2/conf.d'
+  $mod_dir          = '/etc/apache2/mods-available'
+  $conf_file        = '/etc/apache2/httpd.conf'
+  $ports_file       = '/etc/apache2/ports.conf'
+  $vhost            = '/etc/apache2/sites-available/15-default.conf'
+  $vhost_dir        = '/etc/apache2/sites-available'
+  $run_dir          = '/var/run/apache2'
+  $doc_root         = '/srv/www'
+  $service_name     = 'apache2'
+  $package_name     = 'apache2'
+  $error_log        = 'error.log'
+  if _operatingsystemrelease < 12
+    $apache_version   = '2.2'
+  else
+    $apache_version   = '2.4'
+  end
+else
+  $apache_version = '0'
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/vhost_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/vhost_spec.rb
new file mode 100644
index 000000000..dae411538
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/vhost_spec.rb
@@ -0,0 +1,1716 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache::vhost define' do
+  context 'no default vhosts' do
+    it 'should create no default vhosts' do
+      pp = <<-EOS
+        class { 'apache':
+          default_vhost => false,
+          default_ssl_vhost => false,
+          service_ensure => stopped,
+        }
+        if ($::osfamily == 'Suse') {
+          exec { '/usr/bin/gensslcert':
+            require => Class['apache'],
+          }
+         }
+      EOS
+
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/15-default.conf") do
+      it { is_expected.not_to be_file }
+    end
+
+    describe file("#{$vhost_dir}/15-default-ssl.conf") do
+      it { is_expected.not_to be_file }
+    end
+  end
+
+  context "default vhost without ssl" do
+    it 'should create a default vhost config' do
+      pp = <<-EOS
+        class { 'apache': }
+      EOS
+
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/15-default.conf") do
+      it { is_expected.to contain '<VirtualHost \*:80>' }
+    end
+
+    describe file("#{$vhost_dir}/15-default-ssl.conf") do
+      it { is_expected.not_to be_file }
+    end
+  end
+
+  context 'default vhost with ssl' do
+    it 'should create default vhost configs' do
+      pp = <<-EOS
+        file { '#{$run_dir}':
+          ensure  => 'directory',
+          recurse => true,
+        }
+
+        class { 'apache':
+          default_ssl_vhost => true,
+          require => File['#{$run_dir}'],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/15-default.conf") do
+      it { is_expected.to contain '<VirtualHost \*:80>' }
+    end
+
+    describe file("#{$vhost_dir}/15-default-ssl.conf") do
+      it { is_expected.to contain '<VirtualHost \*:443>' }
+      it { is_expected.to contain "SSLEngine on" }
+    end
+  end
+
+  context 'new vhost on port 80' do
+    it 'should configure an apache vhost' do
+      pp = <<-EOS
+        class { 'apache': }
+        file { '/var/www':
+          ensure  => 'directory',
+          recurse => true,
+        }
+
+        apache::vhost { 'first.example.com':
+          port    => '80',
+          docroot => '/var/www/first',
+          require => File['/var/www'],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-first.example.com.conf") do
+      it { is_expected.to contain '<VirtualHost \*:80>' }
+      it { is_expected.to contain "ServerName first.example.com" }
+    end
+  end
+
+  context 'new proxy vhost on port 80' do
+    it 'should configure an apache proxy vhost' do
+      pp = <<-EOS
+        class { 'apache': }
+        apache::vhost { 'proxy.example.com':
+          port    => '80',
+          docroot => '/var/www/proxy',
+          proxy_pass => [
+            { 'path' => '/foo', 'url' => 'http://backend-foo/'},
+          ],
+        proxy_preserve_host   => true,
+        proxy_error_override  => true,
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-proxy.example.com.conf") do
+      it { is_expected.to contain '<VirtualHost \*:80>' }
+      it { is_expected.to contain "ServerName proxy.example.com" }
+      it { is_expected.to contain "ProxyPass" }
+      it { is_expected.to contain "ProxyPreserveHost On" }
+      it { is_expected.to contain "ProxyErrorOverride On" }
+      it { is_expected.not_to contain "ProxyAddHeaders" }
+      it { is_expected.not_to contain "<Proxy \*>" }
+    end
+  end
+
+  unless (fact('operatingsystem') == 'SLES' and fact('operatingsystemmajorrelease') <= '10')
+    context 'new proxy vhost on port 80' do
+      it 'should configure an apache proxy vhost' do
+        pp = <<-EOS
+          class { 'apache': }
+          apache::vhost { 'proxy.example.com':
+            port    => '80',
+            docroot => '#{$docroot}/proxy',
+            proxy_pass_match => [
+              { 'path' => '/foo', 'url' => 'http://backend-foo/'},
+            ],
+          proxy_preserve_host   => true,
+          proxy_error_override  => true,
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      describe file("#{$vhost_dir}/25-proxy.example.com.conf") do
+        it { is_expected.to contain '<VirtualHost \*:80>' }
+        it { is_expected.to contain "ServerName proxy.example.com" }
+        it { is_expected.to contain "ProxyPassMatch /foo http://backend-foo/" }
+        it { is_expected.to contain "ProxyPreserveHost On" }
+        it { is_expected.to contain "ProxyErrorOverride On" }
+        it { is_expected.not_to contain "ProxyAddHeaders" }
+        it { is_expected.not_to contain "<Proxy \*>" }
+      end
+    end
+  end
+
+  context 'new vhost on port 80' do
+    it 'should configure two apache vhosts' do
+      pp = <<-EOS
+        class { 'apache': }
+        apache::vhost { 'first.example.com':
+          port    => '80',
+          docroot => '/var/www/first',
+        }
+        host { 'first.example.com': ip => '127.0.0.1', }
+        file { '/var/www/first/index.html':
+          ensure  => file,
+          content => "Hello from first\\n",
+        }
+        apache::vhost { 'second.example.com':
+          port    => '80',
+          docroot => '/var/www/second',
+        }
+        host { 'second.example.com': ip => '127.0.0.1', }
+        file { '/var/www/second/index.html':
+          ensure  => file,
+          content => "Hello from second\\n",
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    it 'should answer to first.example.com' do
+      shell("/usr/bin/curl first.example.com:80", {:acceptable_exit_codes => 0}) do |r|
+        expect(r.stdout).to eq("Hello from first\n")
+      end
+    end
+
+    it 'should answer to second.example.com' do
+      shell("/usr/bin/curl second.example.com:80", {:acceptable_exit_codes => 0}) do |r|
+        expect(r.stdout).to eq("Hello from second\n")
+      end
+    end
+  end
+
+  context 'new vhost with multiple IP addresses on port 80' do
+    it 'should configure one apache vhost with 2 ip addresses' do
+      pp = <<-EOS
+        class { 'apache':
+          default_vhost => false,
+        }
+        apache::vhost { 'example.com':
+          port     => '80',
+          ip       => ['127.0.0.1','127.0.0.2'],
+          ip_based => true,
+          docroot  => '/var/www/html',
+        }
+        host { 'host1.example.com': ip => '127.0.0.1', }
+        host { 'host2.example.com': ip => '127.0.0.2', }
+        file { '/var/www/html/index.html':
+          ensure  => file,
+          content => "Hello from vhost\\n",
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$vhost_dir}/25-example.com.conf") do
+      it { is_expected.to contain '<VirtualHost 127.0.0.1:80 127.0.0.2:80>' }
+      it { is_expected.to contain "ServerName example.com" }
+    end
+
+    describe file($ports_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'Listen 127.0.0.1:80' }
+      it { is_expected.to contain 'Listen 127.0.0.2:80' }
+      it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:80' }
+      it { is_expected.not_to contain 'NameVirtualHost 127.0.0.2:80' }
+    end
+
+    it 'should answer to host1.example.com' do
+      shell("/usr/bin/curl host1.example.com:80", {:acceptable_exit_codes => 0}) do |r|
+        expect(r.stdout).to eq("Hello from vhost\n")
+      end
+    end
+
+    it 'should answer to host2.example.com' do
+      shell("/usr/bin/curl host2.example.com:80", {:acceptable_exit_codes => 0}) do |r|
+        expect(r.stdout).to eq("Hello from vhost\n")
+      end
+    end
+  end
+
+  context 'new vhost with multiple ports on 1 IP address' do
+    it 'should configure one apache vhost with 2 ports' do
+      pp = <<-EOS
+        class { 'apache':
+          default_vhost => false,
+        }
+        apache::vhost { 'example.com':
+          port     => ['80','8080'],
+          ip       => '127.0.0.1',
+          ip_based => true,
+          docroot  => '/var/www/html',
+        }
+        host { 'host1.example.com': ip => '127.0.0.1', }
+        file { '/var/www/html/index.html':
+          ensure  => file,
+          content => "Hello from vhost\\n",
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$vhost_dir}/25-example.com.conf") do
+      it { is_expected.to contain '<VirtualHost 127.0.0.1:80 127.0.0.1:8080>' }
+      it { is_expected.to contain "ServerName example.com" }
+    end
+
+    describe file($ports_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'Listen 127.0.0.1:80' }
+      it { is_expected.to contain 'Listen 127.0.0.1:8080' }
+      it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:80' }
+      it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:8080' }
+    end
+
+    it 'should answer to host1.example.com port 80' do
+      shell("/usr/bin/curl host1.example.com:80", {:acceptable_exit_codes => 0}) do |r|
+        expect(r.stdout).to eq("Hello from vhost\n")
+      end
+    end
+
+    it 'should answer to host1.example.com port 8080' do
+      shell("/usr/bin/curl host1.example.com:8080", {:acceptable_exit_codes => 0}) do |r|
+        expect(r.stdout).to eq("Hello from vhost\n")
+      end
+    end
+  end
+
+  context 'new vhost with multiple IP addresses on multiple ports' do
+    it 'should configure one apache vhost with 2 ip addresses and 2 ports' do
+      pp = <<-EOS
+        class { 'apache':
+          default_vhost => false,
+        }
+        apache::vhost { 'example.com':
+          port     => ['80', '8080'],
+          ip       => ['127.0.0.1','127.0.0.2'],
+          ip_based => true,
+          docroot  => '/var/www/html',
+        }
+        host { 'host1.example.com': ip => '127.0.0.1', }
+        host { 'host2.example.com': ip => '127.0.0.2', }
+        file { '/var/www/html/index.html':
+          ensure  => file,
+          content => "Hello from vhost\\n",
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$vhost_dir}/25-example.com.conf") do
+      it { is_expected.to contain '<VirtualHost 127.0.0.1:80 127.0.0.1:8080 127.0.0.2:80 127.0.0.2:8080>' }
+      it { is_expected.to contain "ServerName example.com" }
+    end
+
+    describe file($ports_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'Listen 127.0.0.1:80' }
+      it { is_expected.to contain 'Listen 127.0.0.1:8080' }
+      it { is_expected.to contain 'Listen 127.0.0.2:80' }
+      it { is_expected.to contain 'Listen 127.0.0.2:8080' }
+      it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:80' }
+      it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:8080' }
+      it { is_expected.not_to contain 'NameVirtualHost 127.0.0.2:80' }
+      it { is_expected.not_to contain 'NameVirtualHost 127.0.0.2:8080' }
+    end
+
+    it 'should answer to host1.example.com port 80' do
+      shell("/usr/bin/curl host1.example.com:80", {:acceptable_exit_codes => 0}) do |r|
+        expect(r.stdout).to eq("Hello from vhost\n")
+      end
+    end
+
+    it 'should answer to host1.example.com port 8080' do
+      shell("/usr/bin/curl host1.example.com:8080", {:acceptable_exit_codes => 0}) do |r|
+        expect(r.stdout).to eq("Hello from vhost\n")
+      end
+    end
+
+    it 'should answer to host2.example.com port 80' do
+      shell("/usr/bin/curl host2.example.com:80", {:acceptable_exit_codes => 0}) do |r|
+        expect(r.stdout).to eq("Hello from vhost\n")
+      end
+    end
+
+    it 'should answer to host2.example.com port 8080' do
+      shell("/usr/bin/curl host2.example.com:8080", {:acceptable_exit_codes => 0}) do |r|
+        expect(r.stdout).to eq("Hello from vhost\n")
+      end
+    end
+  end
+
+  context 'new vhost with IPv6 address on port 80', :ipv6 do
+    it 'should configure one apache vhost with an ipv6 address' do
+      pp = <<-EOS
+        class { 'apache':
+          default_vhost  => false,
+        }
+        apache::vhost { 'example.com':
+          port           => '80',
+          ip             => '::1',
+          ip_based       => true,
+          docroot        => '/var/www/html',
+        }
+        host { 'ipv6.example.com': ip => '::1', }
+        file { '/var/www/html/index.html':
+          ensure  => file,
+          content => "Hello from vhost\\n",
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    describe file("#{$vhost_dir}/25-example.com.conf") do
+      it { is_expected.to contain '<VirtualHost [::1]:80>' }
+      it { is_expected.to contain "ServerName example.com" }
+    end
+
+    describe file($ports_file) do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'Listen [::1]:80' }
+      it { is_expected.not_to contain 'NameVirtualHost [::1]:80' }
+    end
+
+    it 'should answer to ipv6.example.com' do
+      shell("/usr/bin/curl ipv6.example.com:80", {:acceptable_exit_codes => 0}) do |r|
+        expect(r.stdout).to eq("Hello from vhost\n")
+      end
+    end
+  end
+
+  context 'apache_directories' do
+    describe 'readme example, adapted' do
+      it 'should configure a vhost with Files' do
+        pp = <<-EOS
+          class { 'apache': }
+
+          if versioncmp($apache_version, '2.4') >= 0 {
+            $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'require' => 'all denied', }
+          } else {
+            $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'deny' => 'from all', }
+          }
+
+          $_directories = [
+            { 'path' => '/var/www/files', },
+            $_files_match_directory,
+          ]
+
+          apache::vhost { 'files.example.net':
+            docroot     => '/var/www/files',
+            directories => $_directories,
+          }
+          file { '/var/www/files/index.html':
+            ensure  => file,
+            content => "Hello World\\n",
+          }
+          file { '/var/www/files/index.html.bak':
+            ensure  => file,
+            content => "Hello World\\n",
+          }
+          host { 'files.example.net': ip => '127.0.0.1', }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      describe service($service_name) do
+        if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+          pending 'Should be enabled - Bug 760616 on Debian 8'
+        else
+          it { should be_enabled }
+        end
+        it { is_expected.to be_running }
+      end
+
+      it 'should answer to files.example.net' do
+        expect(shell("/usr/bin/curl -sSf files.example.net:80/index.html").stdout).to eq("Hello World\n")
+        expect(shell("/usr/bin/curl -sSf files.example.net:80/index.html.bak", {:acceptable_exit_codes => 22}).stderr).to match(/curl: \(22\) The requested URL returned error: 403/)
+      end
+    end
+
+    describe 'other Directory options' do
+      it 'should configure a vhost with multiple Directory sections' do
+        pp = <<-EOS
+          class { 'apache': }
+
+          if versioncmp($apache_version, '2.4') >= 0 {
+            $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'require' => 'all denied' }
+          } else {
+            $_files_match_directory = [
+              { 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' },
+              { 'path' => '/bar/bar.html', 'provider' => 'location', allow => [ 'from 127.0.0.1', ] },
+            ]
+          }
+
+          $_directories = [
+            { 'path' => '/var/www/files', },
+            { 'path' => '/foo/', 'provider' => 'location', 'directoryindex' => 'notindex.html', },
+            $_files_match_directory,
+          ]
+
+          apache::vhost { 'files.example.net':
+            docroot     => '/var/www/files',
+            directories => $_directories,
+          }
+          file { '/var/www/files/foo':
+            ensure => directory,
+          }
+          file { '/var/www/files/foo/notindex.html':
+            ensure  => file,
+            content => "Hello Foo\\n",
+          }
+          file { '/var/www/files/private.html':
+            ensure  => file,
+            content => "Hello World\\n",
+          }
+          file { '/var/www/files/bar':
+            ensure => directory,
+          }
+          file { '/var/www/files/bar/bar.html':
+            ensure  => file,
+            content => "Hello Bar\\n",
+          }
+          host { 'files.example.net': ip => '127.0.0.1', }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      describe service($service_name) do
+        if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+          pending 'Should be enabled - Bug 760616 on Debian 8'
+        else
+          it { should be_enabled }
+        end
+        it { is_expected.to be_running }
+      end
+
+      it 'should answer to files.example.net' do
+        expect(shell("/usr/bin/curl -sSf files.example.net:80/").stdout).to eq("Hello World\n")
+        expect(shell("/usr/bin/curl -sSf files.example.net:80/foo/").stdout).to eq("Hello Foo\n")
+        expect(shell("/usr/bin/curl -sSf files.example.net:80/private.html", {:acceptable_exit_codes => 22}).stderr).to match(/curl: \(22\) The requested URL returned error: 403/)
+        expect(shell("/usr/bin/curl -sSf files.example.net:80/bar/bar.html").stdout).to eq("Hello Bar\n")
+      end
+    end
+
+    describe 'SetHandler directive' do
+      it 'should configure a vhost with a SetHandler directive' do
+        pp = <<-EOS
+          class { 'apache': }
+          apache::mod { 'status': }
+          host { 'files.example.net': ip => '127.0.0.1', }
+          apache::vhost { 'files.example.net':
+            docroot     => '/var/www/files',
+            directories => [
+              { path => '/var/www/files', },
+              { path => '/server-status', provider => 'location', sethandler => 'server-status', },
+            ],
+          }
+          file { '/var/www/files/index.html':
+            ensure  => file,
+            content => "Hello World\\n",
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      describe service($service_name) do
+        if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+          pending 'Should be enabled - Bug 760616 on Debian 8'
+        else
+          it { should be_enabled }
+        end
+        it { is_expected.to be_running }
+      end
+
+      it 'should answer to files.example.net' do
+        expect(shell("/usr/bin/curl -sSf files.example.net:80/index.html").stdout).to eq("Hello World\n")
+        expect(shell("/usr/bin/curl -sSf files.example.net:80/server-status?auto").stdout).to match(/Scoreboard: /)
+      end
+    end
+
+    describe 'Satisfy and Auth directive', :unless => $apache_version == '2.4' do
+      it 'should configure a vhost with Satisfy and Auth directive' do
+        pp = <<-EOS
+          class { 'apache': }
+          host { 'files.example.net': ip => '127.0.0.1', }
+          apache::vhost { 'files.example.net':
+            docroot     => '/var/www/files',
+            directories => [
+              {
+                path => '/var/www/files/foo',
+                auth_type => 'Basic',
+                auth_name => 'Basic Auth',
+                auth_user_file => '/var/www/htpasswd',
+                auth_require => "valid-user",
+              },
+              {
+                path => '/var/www/files/bar',
+                auth_type => 'Basic',
+                auth_name => 'Basic Auth',
+                auth_user_file => '/var/www/htpasswd',
+                auth_require => 'valid-user',
+                satisfy => 'Any',
+              },
+              {
+                path => '/var/www/files/baz',
+                allow => 'from 10.10.10.10',
+                auth_type => 'Basic',
+                auth_name => 'Basic Auth',
+                auth_user_file => '/var/www/htpasswd',
+                auth_require => 'valid-user',
+                satisfy => 'Any',
+              },
+            ],
+          }
+          file { '/var/www/files/foo':
+            ensure => directory,
+          }
+          file { '/var/www/files/bar':
+            ensure => directory,
+          }
+          file { '/var/www/files/baz':
+            ensure => directory,
+          }
+          file { '/var/www/files/foo/index.html':
+            ensure  => file,
+            content => "Hello World\\n",
+          }
+          file { '/var/www/files/bar/index.html':
+            ensure  => file,
+            content => "Hello World\\n",
+          }
+          file { '/var/www/files/baz/index.html':
+            ensure  => file,
+            content => "Hello World\\n",
+          }
+          file { '/var/www/htpasswd':
+            ensure  => file,
+            content => "login:IZ7jMcLSx0oQk", # "password" as password
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      describe service($service_name) do
+        if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+          pending 'Should be enabled - Bug 760616 on Debian 8'
+        else
+          it { should be_enabled }
+        end
+        it { should be_running }
+      end
+
+      it 'should answer to files.example.net' do
+        shell("/usr/bin/curl -sSf files.example.net:80/foo/index.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: \(22\) The requested URL returned error: 401/)
+        shell("/usr/bin/curl -sSf -u login:password files.example.net:80/foo/index.html").stdout.should eq("Hello World\n")
+        shell("/usr/bin/curl -sSf files.example.net:80/bar/index.html").stdout.should eq("Hello World\n")
+        shell("/usr/bin/curl -sSf -u login:password files.example.net:80/bar/index.html").stdout.should eq("Hello World\n")
+        shell("/usr/bin/curl -sSf files.example.net:80/baz/index.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: \(22\) The requested URL returned error: 401/)
+        shell("/usr/bin/curl -sSf -u login:password files.example.net:80/baz/index.html").stdout.should eq("Hello World\n")
+      end
+    end
+  end
+
+  case fact('lsbdistcodename')
+  when 'precise', 'wheezy'
+    context 'vhost FallbackResource example' do
+      it 'should configure a vhost with FallbackResource' do
+        pp = <<-EOS
+        class { 'apache': }
+        apache::vhost { 'fallback.example.net':
+          docroot         => '/var/www/fallback',
+          fallbackresource => '/index.html'
+        }
+        file { '/var/www/fallback/index.html':
+          ensure  => file,
+          content => "Hello World\\n",
+        }
+        host { 'fallback.example.net': ip => '127.0.0.1', }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      describe service($service_name) do
+        if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+          pending 'Should be enabled - Bug 760616 on Debian 8'
+        else
+          it { should be_enabled }
+        end
+        it { is_expected.to be_running }
+      end
+
+      it 'should answer to fallback.example.net' do
+        shell("/usr/bin/curl fallback.example.net:80/Does/Not/Exist") do |r|
+          expect(r.stdout).to eq("Hello World\n")
+        end
+      end
+
+    end
+  else
+    # The current stable RHEL release (6.4) comes with Apache httpd 2.2.15
+    # That was released March 6, 2010.
+    # FallbackResource was backported to 2.2.16, and released July 25, 2010.
+    # Ubuntu Lucid (10.04) comes with apache2 2.2.14, released October 3, 2009.
+    # https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS
+  end
+
+  context 'virtual_docroot hosting separate sites' do
+    it 'should configure a vhost with VirtualDocumentRoot' do
+      pp = <<-EOS
+        class { 'apache': }
+        apache::vhost { 'virt.example.com':
+          vhost_name      => '*',
+          serveraliases   => '*virt.example.com',
+          port            => '80',
+          docroot         => '/var/www/virt',
+          virtual_docroot => '/var/www/virt/%1',
+        }
+        host { 'virt.example.com': ip => '127.0.0.1', }
+        host { 'a.virt.example.com': ip => '127.0.0.1', }
+        host { 'b.virt.example.com': ip => '127.0.0.1', }
+        file { [ '/var/www/virt/a', '/var/www/virt/b', ]: ensure => directory, }
+        file { '/var/www/virt/a/index.html': ensure  => file, content => "Hello from a.virt\\n", }
+        file { '/var/www/virt/b/index.html': ensure  => file, content => "Hello from b.virt\\n", }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    it 'should answer to a.virt.example.com' do
+      shell("/usr/bin/curl a.virt.example.com:80", {:acceptable_exit_codes => 0}) do |r|
+        expect(r.stdout).to eq("Hello from a.virt\n")
+      end
+    end
+
+    it 'should answer to b.virt.example.com' do
+      shell("/usr/bin/curl b.virt.example.com:80", {:acceptable_exit_codes => 0}) do |r|
+        expect(r.stdout).to eq("Hello from b.virt\n")
+      end
+    end
+  end
+
+  context 'proxy_pass for alternative vhost' do
+    it 'should configure a local vhost and a proxy vhost' do
+      apply_manifest(%{
+        class { 'apache': default_vhost => false, }
+        apache::vhost { 'localhost':
+          docroot => '/var/www/local',
+          ip      => '127.0.0.1',
+          port    => '8888',
+        }
+        apache::listen { '*:80': }
+        apache::vhost { 'proxy.example.com':
+          docroot    => '/var/www',
+          port       => '80',
+          add_listen => false,
+          proxy_pass => {
+            'path' => '/',
+            'url'  => 'http://localhost:8888/subdir/',
+          },
+        }
+        host { 'proxy.example.com': ip => '127.0.0.1', }
+        file { ['/var/www/local', '/var/www/local/subdir']: ensure => directory, }
+        file { '/var/www/local/subdir/index.html':
+          ensure  => file,
+          content => "Hello from localhost\\n",
+        }
+                     }, :catch_failures => true)
+    end
+
+    describe service($service_name) do
+      if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+        pending 'Should be enabled - Bug 760616 on Debian 8'
+      else
+        it { should be_enabled }
+      end
+      it { is_expected.to be_running }
+    end
+
+    it 'should get a response from the back end' do
+      shell("/usr/bin/curl --max-redirs 0 proxy.example.com:80") do |r|
+        expect(r.stdout).to eq("Hello from localhost\n")
+        expect(r.exit_code).to eq(0)
+      end
+    end
+  end
+
+  unless (fact('operatingsystem') == 'SLES' and fact('operatingsystemmajorrelease') <= '10')
+    context 'proxy_pass_match for alternative vhost' do
+      it 'should configure a local vhost and a proxy vhost' do
+        apply_manifest(%{
+          class { 'apache': default_vhost => false, }
+          apache::vhost { 'localhost':
+            docroot => '/var/www/local',
+            ip      => '127.0.0.1',
+            port    => '8888',
+          }
+          apache::listen { '*:80': }
+          apache::vhost { 'proxy.example.com':
+            docroot    => '/var/www',
+            port       => '80',
+            add_listen => false,
+            proxy_pass_match => {
+              'path' => '/',
+              'url'  => 'http://localhost:8888/subdir/',
+            },
+          }
+          host { 'proxy.example.com': ip => '127.0.0.1', }
+          file { ['/var/www/local', '/var/www/local/subdir']: ensure => directory, }
+          file { '/var/www/local/subdir/index.html':
+            ensure  => file,
+            content => "Hello from localhost\\n",
+          }
+                      }, :catch_failures => true)
+      end
+
+      describe service($service_name) do
+        if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
+          pending 'Should be enabled - Bug 760616 on Debian 8'
+        else
+          it { should be_enabled }
+        end
+        it { is_expected.to be_running }
+      end
+
+      it 'should get a response from the back end' do
+        shell("/usr/bin/curl --max-redirs 0 proxy.example.com:80") do |r|
+          expect(r.stdout).to eq("Hello from localhost\n")
+          expect(r.exit_code).to eq(0)
+        end
+      end
+    end
+  end
+
+  describe 'ip_based' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot    => '/tmp',
+          ip_based   => true,
+          servername => 'test.server',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file($ports_file) do
+      it { is_expected.to be_file }
+      it { is_expected.not_to contain 'NameVirtualHost test.server' }
+    end
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain "ServerName test.server" }
+    end
+  end
+
+  describe 'ip_based and no servername' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot    => '/tmp',
+          ip_based   => true,
+          servername => '',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file($ports_file) do
+      it { is_expected.to be_file }
+      it { is_expected.not_to contain 'NameVirtualHost test.server' }
+    end
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.not_to contain "ServerName" }
+    end
+  end
+
+  describe 'add_listen' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': default_vhost => false }
+        host { 'testlisten.server': ip => '127.0.0.1' }
+        apache::listen { '81': }
+        apache::vhost { 'testlisten.server':
+          docroot    => '/tmp',
+          port       => '80',
+          add_listen => false,
+          servername => 'testlisten.server',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file($ports_file) do
+      it { is_expected.to be_file }
+      it { is_expected.not_to contain 'Listen 80' }
+      it { is_expected.to contain 'Listen 81' }
+    end
+  end
+
+  describe 'docroot' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        user { 'test_owner': ensure => present, }
+        group { 'test_group': ensure => present, }
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot       => '/tmp/test',
+          docroot_owner => 'test_owner',
+          docroot_group => 'test_group',
+          docroot_mode  => '0750',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file('/tmp/test') do
+      it { is_expected.to be_directory }
+      it { is_expected.to be_owned_by 'test_owner' }
+      it { is_expected.to be_grouped_into 'test_group' }
+      it { is_expected.to be_mode 750 }
+    end
+  end
+
+  describe 'default_vhost' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot    => '/tmp',
+          default_vhost => true,
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file($ports_file) do
+      it { is_expected.to be_file }
+      if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7'
+        it { is_expected.not_to contain 'NameVirtualHost test.server' }
+      elsif fact('operatingsystem') == 'Ubuntu' and fact('operatingsystemrelease') =~ /(14\.04|13\.10|16\.04)/
+        it { is_expected.not_to contain 'NameVirtualHost test.server' }
+      elsif fact('operatingsystem') == 'Debian' and fact('operatingsystemmajrelease') == '8'
+        it { is_expected.not_to contain 'NameVirtualHost test.server' }
+      elsif fact('operatingsystem') == 'SLES' and fact('operatingsystemrelease') >= '12'
+        it { is_expected.not_to contain 'NameVirtualHost test.server' }
+      else
+        it { is_expected.to contain 'NameVirtualHost test.server' }
+      end
+    end
+
+    describe file("#{$vhost_dir}/10-test.server.conf") do
+      it { is_expected.to be_file }
+    end
+  end
+
+  describe 'options' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot    => '/tmp',
+          options    => ['Indexes','FollowSymLinks', 'ExecCGI'],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'Options Indexes FollowSymLinks ExecCGI' }
+    end
+  end
+
+  describe 'override' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot    => '/tmp',
+          override   => ['All'],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'AllowOverride All' }
+    end
+  end
+
+  describe 'logroot' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot    => '/tmp',
+          logroot    => '/tmp',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain '  CustomLog "/tmp' }
+    end
+  end
+
+  ['access', 'error'].each do |logtype|
+    case logtype
+    when 'access'
+      logname = 'CustomLog'
+    when 'error'
+      logname = 'ErrorLog'
+    end
+
+    describe "#{logtype}_log" do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          class { 'apache': }
+          host { 'test.server': ip => '127.0.0.1' }
+          apache::vhost { 'test.server':
+            docroot    => '/tmp',
+            logroot    => '/tmp',
+        #{logtype}_log => false,
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      describe file("#{$vhost_dir}/25-test.server.conf") do
+        it { is_expected.to be_file }
+        it { is_expected.not_to contain "  #{logname} \"/tmp" }
+      end
+    end
+
+    describe "#{logtype}_log_pipe" do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          class { 'apache': }
+          host { 'test.server': ip => '127.0.0.1' }
+          apache::vhost { 'test.server':
+            docroot    => '/tmp',
+            logroot    => '/tmp',
+        #{logtype}_log_pipe => '|/bin/sh',
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      describe file("#{$vhost_dir}/25-test.server.conf") do
+        it { is_expected.to be_file }
+        it { is_expected.to contain "  #{logname} \"|/bin/sh" }
+      end
+    end
+
+    describe "#{logtype}_log_syslog" do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          class { 'apache': }
+          host { 'test.server': ip => '127.0.0.1' }
+          apache::vhost { 'test.server':
+            docroot    => '/tmp',
+            logroot    => '/tmp',
+        #{logtype}_log_syslog => 'syslog',
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      describe file("#{$vhost_dir}/25-test.server.conf") do
+        it { is_expected.to be_file }
+        it { is_expected.to contain "  #{logname} \"syslog\"" }
+      end
+    end
+  end
+
+  describe 'access_log_format' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot    => '/tmp',
+          logroot    => '/tmp',
+          access_log_syslog => 'syslog',
+          access_log_format => '%h %l',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'CustomLog "syslog" "%h %l"' }
+    end
+  end
+
+  describe 'access_log_env_var' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot            => '/tmp',
+          logroot            => '/tmp',
+          access_log_syslog  => 'syslog',
+          access_log_env_var => 'admin',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'CustomLog "syslog" combined env=admin' }
+    end
+  end
+
+  describe 'multiple access_logs' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot            => '/tmp',
+          logroot            => '/tmp',
+          access_logs => [
+            {'file' => 'log1'},
+            {'file' => 'log2', 'env' => 'admin' },
+            {'file' => '/var/tmp/log3', 'format' => '%h %l'},
+            {'syslog' => 'syslog' }
+          ]
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'CustomLog "/tmp/log1" combined' }
+      it { is_expected.to contain 'CustomLog "/tmp/log2" combined env=admin' }
+      it { is_expected.to contain 'CustomLog "/var/tmp/log3" "%h %l"' }
+      it { is_expected.to contain 'CustomLog "syslog" combined' }
+    end
+  end
+
+  describe 'aliases' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot    => '/tmp',
+          aliases => [
+            { alias       => '/image'    , path => '/ftp/pub/image' }   ,
+            { scriptalias => '/myscript' , path => '/usr/share/myscript' }
+          ],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'Alias /image "/ftp/pub/image"' }
+      it { is_expected.to contain 'ScriptAlias /myscript "/usr/share/myscript"' }
+    end
+  end
+
+  describe 'scriptaliases' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot    => '/tmp',
+          scriptaliases => [{ alias => '/myscript', path  => '/usr/share/myscript', }],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'ScriptAlias /myscript "/usr/share/myscript"' }
+    end
+  end
+
+  describe 'proxy' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': service_ensure => stopped, }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot    => '/tmp',
+          proxy_dest => 'test2',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'ProxyPass        / test2/' }
+    end
+  end
+
+  describe 'actions' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot => '/tmp',
+          action  => 'php-fastcgi',
+        }
+      EOS
+      pp = pp + "\nclass { 'apache::mod::actions': }" if fact('osfamily') == 'Debian' || fact('osfamily') == 'Suse'
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'Action php-fastcgi /cgi-bin virtual' }
+    end
+  end
+
+  describe 'suphp' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': service_ensure => stopped, }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot          => '/tmp',
+          suphp_addhandler => '#{$suphp_handler}',
+          suphp_engine     => 'on',
+          suphp_configpath => '#{$suphp_configpath}',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain "suPHP_AddHandler #{$suphp_handler}" }
+      it { is_expected.to contain 'suPHP_Engine on' }
+      it { is_expected.to contain "suPHP_ConfigPath \"#{$suphp_configpath}\"" }
+    end
+  end
+
+  describe 'rack_base_uris' do
+    unless fact('osfamily') == 'RedHat' or fact('operatingsystem') == 'SLES'
+      it 'applies cleanly' do
+        test = lambda do
+          pp = <<-EOS
+            class { 'apache': }
+            host { 'test.server': ip => '127.0.0.1' }
+            apache::vhost { 'test.server':
+              docroot          => '/tmp',
+              rack_base_uris  => ['/test'],
+            }
+          EOS
+          apply_manifest(pp, :catch_failures => true)
+        end
+        test.call
+      end
+    end
+  end
+
+  describe 'no_proxy_uris' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': service_ensure => stopped, }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot          => '/tmp',
+          proxy_dest       => 'http://test2',
+          no_proxy_uris    => [ 'http://test2/test' ],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'ProxyPass        http://test2/test !' }
+      it { is_expected.to contain 'ProxyPass        / http://test2/' }
+    end
+  end
+
+  describe 'redirect' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot          => '/tmp',
+          redirect_source  => ['/images'],
+          redirect_dest    => ['http://test.server/'],
+          redirect_status  => ['permanent'],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'Redirect permanent /images http://test.server/' }
+    end
+  end
+
+  describe 'request_headers' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot          => '/tmp',
+          request_headers  => ['append MirrorID "mirror 12"'],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'append MirrorID "mirror 12"' }
+    end
+  end
+
+  describe 'rewrite rules' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot          => '/tmp',
+          rewrites => [
+            { comment => 'test',
+              rewrite_cond => '%{HTTP_USER_AGENT} ^Lynx/ [OR]',
+              rewrite_rule => ['^index\.html$ welcome.html'],
+              rewrite_map  => ['lc int:tolower'],
+            }
+          ],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain '#test' }
+      it { is_expected.to contain 'RewriteCond %{HTTP_USER_AGENT} ^Lynx/ [OR]' }
+      it { is_expected.to contain 'RewriteRule ^index.html$ welcome.html' }
+      it { is_expected.to contain 'RewriteMap lc int:tolower' }
+    end
+  end
+
+  describe 'directory rewrite rules' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        if ! defined(Class['apache::mod::rewrite']) {
+          include ::apache::mod::rewrite
+        }
+        apache::vhost { 'test.server':
+          docroot      => '/tmp',
+          directories  => [
+            {
+            path => '/tmp',
+            rewrites => [
+              {
+              comment => 'Permalink Rewrites',
+              rewrite_base => '/',
+              },
+              { rewrite_rule => [ '^index\\.php$ - [L]' ] },
+              { rewrite_cond => [
+                '%{REQUEST_FILENAME} !-f',
+                '%{REQUEST_FILENAME} !-d',                                                                                             ],                                                                                                                     rewrite_rule => [ '. /index.php [L]' ],                                                                              }
+              ],
+            },
+            ],
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { should be_file }
+      it { should contain '#Permalink Rewrites' }
+      it { should contain 'RewriteEngine On' }
+      it { should contain 'RewriteBase /' }
+      it { should contain 'RewriteRule ^index\.php$ - [L]' }
+      it { should contain 'RewriteCond %{REQUEST_FILENAME} !-f' }
+      it { should contain 'RewriteCond %{REQUEST_FILENAME} !-d' }
+      it { should contain 'RewriteRule . /index.php [L]' }
+    end
+  end
+
+  describe 'setenv/setenvif' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot  => '/tmp',
+          setenv   => ['TEST /test'],
+          setenvif => ['Request_URI "\.gif$" object_is_image=gif']
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'SetEnv TEST /test' }
+      it { is_expected.to contain 'SetEnvIf Request_URI "\.gif$" object_is_image=gif' }
+    end
+  end
+
+  describe 'block' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot  => '/tmp',
+          block    => 'scm',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain '<DirectoryMatch .*\.(svn|git|bzr|hg|ht)/.*>' }
+    end
+  end
+
+  describe 'wsgi' do
+    context 'on lucid', :if => fact('lsbdistcodename') == 'lucid' do
+      it 'import_script applies cleanly' do
+        pp = <<-EOS
+          class { 'apache': }
+          class { 'apache::mod::wsgi': }
+          host { 'test.server': ip => '127.0.0.1' }
+          apache::vhost { 'test.server':
+            docroot                     => '/tmp',
+            wsgi_application_group      => '%{GLOBAL}',
+            wsgi_daemon_process         => 'wsgi',
+            wsgi_daemon_process_options => {processes => '2'},
+            wsgi_process_group          => 'nobody',
+            wsgi_script_aliases         => { '/test' => '/test1' },
+            wsgi_script_aliases_match   => { '/test/([^/*])' => '/test1' },
+            wsgi_pass_authorization     => 'On',
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+    end
+
+    context 'on everything but lucid', :unless => (fact('lsbdistcodename') == 'lucid' or fact('operatingsystem') == 'SLES') do
+      it 'import_script applies cleanly' do
+        pp = <<-EOS
+          class { 'apache': }
+          class { 'apache::mod::wsgi': }
+          host { 'test.server': ip => '127.0.0.1' }
+          apache::vhost { 'test.server':
+            docroot                     => '/tmp',
+            wsgi_application_group      => '%{GLOBAL}',
+            wsgi_daemon_process         => 'wsgi',
+            wsgi_daemon_process_options => {processes => '2'},
+            wsgi_import_script          => '/test1',
+            wsgi_import_script_options  => { application-group => '%{GLOBAL}', process-group => 'wsgi' },
+            wsgi_process_group          => 'nobody',
+            wsgi_script_aliases         => { '/test' => '/test1' },
+            wsgi_script_aliases_match   => { '/test/([^/*])' => '/test1' },
+            wsgi_pass_authorization     => 'On',
+            wsgi_chunked_request        => 'On',
+          }
+        EOS
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      describe file("#{$vhost_dir}/25-test.server.conf") do
+        it { is_expected.to be_file }
+        it { is_expected.to contain 'WSGIApplicationGroup %{GLOBAL}' }
+        it { is_expected.to contain 'WSGIDaemonProcess wsgi processes=2' }
+        it { is_expected.to contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' }
+        it { is_expected.to contain 'WSGIProcessGroup nobody' }
+        it { is_expected.to contain 'WSGIScriptAlias /test "/test1"' }
+        it { is_expected.to contain 'WSGIPassAuthorization On' }
+        it { is_expected.to contain 'WSGIChunkedRequest On' }
+      end
+    end
+  end
+
+  describe 'custom_fragment' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot  => '/tmp',
+          custom_fragment => inline_template('#weird test string'),
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain '#weird test string' }
+    end
+  end
+
+  describe 'itk' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        apache::vhost { 'test.server':
+          docroot  => '/tmp',
+          itk      => { user => 'nobody', group => 'nobody' }
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'AssignUserId nobody nobody' }
+    end
+  end
+
+  # Limit testing to Debian, since Centos does not have fastcgi package.
+  case fact('osfamily')
+  when 'Debian'
+    describe 'fastcgi' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          $_os = $::operatingsystem
+
+          if $_os == 'Ubuntu' {
+            $_location = "http://archive.ubuntu.com/ubuntu/"
+            $_security_location = "http://archive.ubuntu.com/ubuntu/"
+            $_release = $::lsbdistcodename
+            $_release_security = "${_release}-security"
+            $_repos = "main universe multiverse"
+          } else {
+            $_location = "http://httpredir.debian.org/debian/"
+            $_security_location = "http://security.debian.org/"
+            $_release = $::lsbdistcodename
+            $_release_security = "${_release}/updates"
+            $_repos = "main contrib non-free"
+          }
+
+          include ::apt
+          apt::source { "${_os}_${_release}":
+            location    => $_location,
+            release     => $_release,
+            repos       => $_repos,
+          }
+
+          apt::source { "${_os}_${_release}-updates":
+            location    => $_location,
+            release     => "${_release}-updates",
+            repos       => $_repos,
+          }
+
+          apt::source { "${_os}_${_release}-security":
+            location    => $_security_location,
+            release     => $_release_security,
+            repos       => $_repos,
+          }
+        EOS
+
+        #apt-get update may not run clean here. Should be OK.
+        apply_manifest(pp, :catch_failures => false)
+
+        pp2 = <<-EOS
+          class { 'apache': }
+          class { 'apache::mod::fastcgi': }
+          host { 'test.server': ip => '127.0.0.1' }
+          apache::vhost { 'test.server':
+            docroot        => '/tmp',
+            fastcgi_server => 'localhost',
+            fastcgi_socket => '/tmp/fast/1234',
+            fastcgi_dir    => '/tmp/fast',
+          }
+        EOS
+        apply_manifest(pp2, :catch_failures => true, :acceptable_exit_codes => [0, 2])
+      end
+
+      describe file("#{$vhost_dir}/25-test.server.conf") do
+        it { is_expected.to be_file }
+        it { is_expected.to contain 'FastCgiExternalServer localhost -socket /tmp/fast/1234' }
+        it { is_expected.to contain '<Directory "/tmp/fast">' }
+      end
+    end
+  end
+
+  describe 'additional_includes' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        if $::osfamily == 'RedHat' and "$::selinux" == "true" {
+          $semanage_package = $::operatingsystemmajrelease ? {
+            '5'     => 'policycoreutils',
+            default => 'policycoreutils-python',
+          }
+          exec { 'set_apache_defaults':
+            command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"',
+            path    => '/bin:/usr/bin/:/sbin:/usr/sbin',
+            require => Package[$semanage_package],
+          }
+          package { $semanage_package: ensure => installed }
+          exec { 'restorecon_apache':
+            command => 'restorecon -Rv /apache_spec',
+            path    => '/bin:/usr/bin/:/sbin:/usr/sbin',
+            before  => Service['httpd'],
+            require => Class['apache'],
+          }
+        }
+        class { 'apache': }
+        host { 'test.server': ip => '127.0.0.1' }
+        file { '/apache_spec': ensure => directory, }
+        file { '/apache_spec/include': ensure => present, content => '#additional_includes' }
+        apache::vhost { 'test.server':
+          docroot             => '/apache_spec',
+          additional_includes => '/apache_spec/include',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'Include "/apache_spec/include"' }
+    end
+  end
+
+  describe 'virtualhost without priority prefix' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        apache::vhost { 'test.server':
+          priority => false,
+          docroot => '/tmp'
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/test.server.conf") do
+      it { is_expected.to be_file }
+    end
+  end
+
+  describe 'SSLProtocol directive' do
+    it 'applies cleanly' do
+      pp = <<-EOS
+        class { 'apache': }
+        apache::vhost { 'test.server':
+          docroot      => '/tmp',
+          ssl          => true,
+          ssl_protocol => ['All', '-SSLv2'],
+        }
+        apache::vhost { 'test2.server':
+          docroot      => '/tmp',
+          ssl          => true,
+          ssl_protocol => 'All -SSLv2',
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-test.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'SSLProtocol  *All -SSLv2' }
+    end
+
+    describe file("#{$vhost_dir}/25-test2.server.conf") do
+      it { is_expected.to be_file }
+      it { is_expected.to contain 'SSLProtocol  *All -SSLv2' }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/vhosts_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/vhosts_spec.rb
new file mode 100644
index 000000000..d8fb062f9
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/acceptance/vhosts_spec.rb
@@ -0,0 +1,32 @@
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache::vhosts class' do
+  context 'custom vhosts defined via class apache::vhosts' do
+    it 'should create custom vhost config files' do
+      pp = <<-EOS
+        class { 'apache::vhosts':
+          vhosts => {
+            'custom_vhost_1' => {
+                'docroot' => '/var/www/custom_vhost_1',
+                'port' => '81',
+            },
+            'custom_vhost_2' => {
+                'docroot' => '/var/www/custom_vhost_2',
+                'port' => '82',
+            },
+          },
+        }
+      EOS
+      apply_manifest(pp, :catch_failures => true)
+    end
+
+    describe file("#{$vhost_dir}/25-custom_vhost_1.conf") do
+      it { is_expected.to contain '<VirtualHost \*:81>' }
+    end
+
+    describe file("#{$vhost_dir}/25-custom_vhost_2.conf") do
+      it { is_expected.to contain '<VirtualHost \*:82>' }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/apache_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/apache_spec.rb
new file mode 100644
index 000000000..715ed4124
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/apache_spec.rb
@@ -0,0 +1,910 @@
+require 'spec_helper'
+
+describe 'apache', :type => :class do
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :lsbdistcodename        => 'squeeze',
+        :osfamily               => 'Debian',
+        :operatingsystem        => 'Debian',
+        :operatingsystemrelease => '6',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :concat_basedir         => '/dne',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_package("httpd").with(
+      'notify' => 'Class[Apache::Service]',
+      'ensure' => 'installed'
+      )
+    }
+    it { is_expected.to contain_user("www-data") }
+    it { is_expected.to contain_group("www-data") }
+    it { is_expected.to contain_class("apache::service") }
+    it { is_expected.to contain_file("/var/www").with(
+      'ensure'  => 'directory'
+      )
+    }
+    it { is_expected.to contain_file("/etc/apache2/sites-enabled").with(
+      'ensure'  => 'directory',
+      'recurse' => 'true',
+      'purge'   => 'true',
+      'notify'  => 'Class[Apache::Service]',
+      'require' => 'Package[httpd]'
+      )
+    }
+    it { is_expected.to contain_file("/etc/apache2/mods-enabled").with(
+      'ensure'  => 'directory',
+      'recurse' => 'true',
+      'purge'   => 'true',
+      'notify'  => 'Class[Apache::Service]',
+      'require' => 'Package[httpd]'
+      )
+    }
+    it { is_expected.to contain_file("/etc/apache2/mods-available").with(
+      'ensure'  => 'directory',
+      'recurse' => 'true',
+      'purge'   => 'false',
+      'notify'  => 'Class[Apache::Service]',
+      'require' => 'Package[httpd]'
+      )
+    }
+    it { is_expected.to contain_concat("/etc/apache2/ports.conf").with(
+      'owner'   => 'root',
+      'group'   => 'root',
+      'mode'    => '0644',
+      'notify'  => 'Class[Apache::Service]'
+      )
+    }
+    # Assert that load files are placed and symlinked for these mods, but no conf file.
+    [
+      'auth_basic',
+      'authn_file',
+      'authz_default',
+      'authz_groupfile',
+      'authz_host',
+      'authz_user',
+      'dav',
+      'env'
+    ].each do |modname|
+      it { is_expected.to contain_file("#{modname}.load").with(
+        'path'   => "/etc/apache2/mods-available/#{modname}.load",
+        'ensure' => 'file'
+      ) }
+      it { is_expected.to contain_file("#{modname}.load symlink").with(
+        'path'   => "/etc/apache2/mods-enabled/#{modname}.load",
+        'ensure' => 'link',
+        'target' => "/etc/apache2/mods-available/#{modname}.load"
+      ) }
+      it { is_expected.not_to contain_file("#{modname}.conf") }
+      it { is_expected.not_to contain_file("#{modname}.conf symlink") }
+    end
+
+    context "with Apache version < 2.4" do
+      let :params do
+        { :apache_version => '2.2' }
+      end
+
+      it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^Include "/etc/apache2/conf\.d/\*\.conf"$} }
+    end
+
+    context "with Apache version >= 2.4" do
+      let :params do
+        {
+          :apache_version => '2.4',
+          :use_optional_includes => true
+        }
+      end
+
+      it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} }
+    end
+
+    context "when specifying slash encoding behaviour" do
+      let :params do
+        { :allow_encoded_slashes => 'nodecode' }
+      end
+
+      it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AllowEncodedSlashes nodecode$} }
+    end
+
+    context "when specifying fileETag behaviour" do
+      let :params do
+        { :file_e_tag => 'None' }
+      end
+
+      it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^FileETag None$} }
+    end
+
+    context "when specifying default character set" do
+      let :params do
+        { :default_charset => 'none' }
+      end
+
+      it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AddDefaultCharset none$} }
+    end
+
+    # Assert that both load files and conf files are placed and symlinked for these mods
+    [
+      'alias',
+      'autoindex',
+      'dav_fs',
+      'deflate',
+      'dir',
+      'mime',
+      'negotiation',
+      'setenvif',
+    ].each do |modname|
+      it { is_expected.to contain_file("#{modname}.load").with(
+        'path'   => "/etc/apache2/mods-available/#{modname}.load",
+        'ensure' => 'file'
+      ) }
+      it { is_expected.to contain_file("#{modname}.load symlink").with(
+        'path'   => "/etc/apache2/mods-enabled/#{modname}.load",
+        'ensure' => 'link',
+        'target' => "/etc/apache2/mods-available/#{modname}.load"
+      ) }
+      it { is_expected.to contain_file("#{modname}.conf").with(
+        'path'   => "/etc/apache2/mods-available/#{modname}.conf",
+        'ensure' => 'file'
+      ) }
+      it { is_expected.to contain_file("#{modname}.conf symlink").with(
+        'path'   => "/etc/apache2/mods-enabled/#{modname}.conf",
+        'ensure' => 'link',
+        'target' => "/etc/apache2/mods-available/#{modname}.conf"
+      ) }
+    end
+
+    describe "Check default type" do
+      context "with Apache version < 2.4" do
+        let :params do
+          {
+            :apache_version => '2.2',
+          }
+        end
+
+       context "when default_type => 'none'" do
+          let :params do
+            { :default_type => 'none' }
+          end
+
+          it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^DefaultType none$} }
+        end
+        context "when default_type => 'text/plain'" do
+          let :params do
+            { :default_type => 'text/plain' }
+          end
+
+          it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^DefaultType text/plain$} }
+        end
+      end
+
+      context "with Apache version >= 2.4" do
+        let :params do
+          {
+            :apache_version => '2.4',
+          }
+        end
+        it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^DefaultType [.]*$} }
+      end
+    end
+
+    describe "Don't create user resource" do
+      context "when parameter manage_user is false" do
+        let :params do
+          { :manage_user => false }
+        end
+
+        it { is_expected.not_to contain_user('www-data') }
+        it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^User www-data\n} }
+      end
+    end
+    describe "Don't create group resource" do
+      context "when parameter manage_group is false" do
+        let :params do
+          { :manage_group => false }
+        end
+
+        it { is_expected.not_to contain_group('www-data') }
+        it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^Group www-data\n} }
+      end
+    end
+
+    describe "Add extra LogFormats" do
+      context "When parameter log_formats is a hash" do
+        let :params do
+          { :log_formats => {
+            'vhost_common'   => "%v %h %l %u %t \"%r\" %>s %b",
+            'vhost_combined' => "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
+          } }
+        end
+
+        it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} }
+        it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" vhost_combined\n} }
+      end
+    end
+
+    describe "Override existing LogFormats" do
+      context "When parameter log_formats is a hash" do
+        let :params do
+          { :log_formats => {
+            'common'   => "%v %h %l %u %t \"%r\" %>s %b",
+            'combined' => "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
+          } }
+        end
+
+        it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" common\n} }
+        it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^LogFormat "%h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} }
+        it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" common\n} }
+        it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} }
+        it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^LogFormat "%h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} }
+      end
+    end
+
+    context "8" do
+      let :facts do
+        super().merge({
+          :lsbdistcodename        => 'jessie',
+          :operatingsystemrelease => '8'
+        })
+      end
+      it { is_expected.to contain_file("/var/www/html").with(
+        'ensure'  => 'directory'
+         )
+        }
+      end
+    context "on Ubuntu" do
+      let :facts do
+        super().merge({
+          :operatingsystem => 'Ubuntu'
+        })
+      end
+
+      context "14.04" do
+        let :facts do
+          super().merge({
+            :lsbdistrelease         => '14.04',
+            :operatingsystemrelease => '14.04'
+          })
+        end
+        it { is_expected.to contain_file("/var/www/html").with(
+          'ensure'  => 'directory'
+          )
+        }
+      end
+      context "13.10" do
+        let :facts do
+          super().merge({
+            :lsbdistrelease         => '13.10',
+            :operatingsystemrelease => '13.10'
+          })
+        end
+        it { is_expected.to contain_class('apache').with_apache_version('2.4') }
+      end
+      context "12.04" do
+        let :facts do
+          super().merge({
+            :lsbdistrelease         => '12.04',
+            :operatingsystemrelease => '12.04'
+          })
+        end
+        it { is_expected.to contain_class('apache').with_apache_version('2.2') }
+      end
+      context "13.04" do
+        let :facts do
+          super().merge({
+            :lsbdistrelease         => '13.04',
+            :operatingsystemrelease => '13.04'
+          })
+        end
+        it { is_expected.to contain_class('apache').with_apache_version('2.2') }
+      end
+    end
+  end
+  context "on a RedHat 5 OS" do
+    let :facts do
+      {
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :osfamily               => 'RedHat',
+        :operatingsystem        => 'RedHat',
+        :operatingsystemrelease => '5',
+        :concat_basedir         => '/dne',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_package("httpd").with(
+      'notify' => 'Class[Apache::Service]',
+      'ensure' => 'installed'
+      )
+    }
+    it { is_expected.to contain_user("apache") }
+    it { is_expected.to contain_group("apache") }
+    it { is_expected.to contain_class("apache::service") }
+    it { is_expected.to contain_file("/var/www/html").with(
+      'ensure'  => 'directory'
+      )
+    }
+    it { is_expected.to contain_file("/etc/httpd/conf.d").with(
+      'ensure'  => 'directory',
+      'recurse' => 'true',
+      'purge'   => 'true',
+      'notify'  => 'Class[Apache::Service]',
+      'require' => 'Package[httpd]'
+      )
+    }
+    it { is_expected.to contain_concat("/etc/httpd/conf/ports.conf").with(
+      'owner'   => 'root',
+      'group'   => 'root',
+      'mode'    => '0644',
+      'notify'  => 'Class[Apache::Service]'
+      )
+    }
+    describe "Alternate confd/mod/vhosts directory" do
+      let :params do
+        {
+          :vhost_dir => '/etc/httpd/site.d',
+          :confd_dir => '/etc/httpd/conf.d',
+          :mod_dir   => '/etc/httpd/mod.d',
+        }
+      end
+
+      ['mod.d','site.d','conf.d'].each do |dir|
+        it { is_expected.to contain_file("/etc/httpd/#{dir}").with(
+          'ensure'  => 'directory',
+          'recurse' => 'true',
+          'purge'   => 'true',
+          'notify'  => 'Class[Apache::Service]',
+          'require' => 'Package[httpd]'
+        ) }
+      end
+
+      # Assert that load files are placed for these mods, but no conf file.
+      [
+        'auth_basic',
+        'authn_file',
+        'authz_default',
+        'authz_groupfile',
+        'authz_host',
+        'authz_user',
+        'dav',
+        'env',
+      ].each do |modname|
+        it { is_expected.to contain_file("#{modname}.load").with_path(
+          "/etc/httpd/mod.d/#{modname}.load"
+        ) }
+        it { is_expected.not_to contain_file("#{modname}.conf").with_path(
+          "/etc/httpd/mod.d/#{modname}.conf"
+        ) }
+      end
+
+      # Assert that both load files and conf files are placed for these mods
+      [
+        'alias',
+        'autoindex',
+        'dav_fs',
+        'deflate',
+        'dir',
+        'mime',
+        'negotiation',
+        'setenvif',
+      ].each do |modname|
+        it { is_expected.to contain_file("#{modname}.load").with_path(
+          "/etc/httpd/mod.d/#{modname}.load"
+        ) }
+        it { is_expected.to contain_file("#{modname}.conf").with_path(
+          "/etc/httpd/mod.d/#{modname}.conf"
+        ) }
+      end
+
+      context "with Apache version < 2.4" do
+        let :params do
+          { :apache_version => '2.2' }
+        end
+
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/conf\.d/\*\.conf"$} }
+      end
+
+      context "with Apache version >= 2.4" do
+        let :params do
+          {
+            :apache_version => '2.4',
+            :use_optional_includes => true
+          }
+        end
+
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} }
+      end
+
+      context "with Apache version < 2.4" do
+        let :params do
+          {
+            :apache_version => '2.2',
+            :rewrite_lock => '/var/lock/subsys/rewrite-lock'
+          }
+        end
+
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^RewriteLock /var/lock/subsys/rewrite-lock$} }
+      end
+
+      context "with Apache version < 2.4" do
+        let :params do
+          {
+            :apache_version => '2.2'
+          }
+        end
+
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^RewriteLock [.]*$} }
+      end
+
+      context "with Apache version >= 2.4" do
+        let :params do
+          {
+            :apache_version => '2.4',
+            :rewrite_lock => '/var/lock/subsys/rewrite-lock'
+          }
+        end
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^RewriteLock [.]*$} }
+      end
+
+      context "when specifying slash encoding behaviour" do
+        let :params do
+          { :allow_encoded_slashes => 'nodecode' }
+        end
+
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AllowEncodedSlashes nodecode$} }
+      end
+
+      context "when specifying default character set" do
+        let :params do
+          { :default_charset => 'none' }
+        end
+
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AddDefaultCharset none$} }
+      end
+
+      context "with Apache version < 2.4" do
+        let :params do
+          {
+            :apache_version => '2.2',
+          }
+        end
+
+       context "when default_type => 'none'" do
+          let :params do
+            { :default_type => 'none' }
+          end
+
+          it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^DefaultType none$} }
+        end
+        context "when default_type => 'text/plain'" do
+          let :params do
+            { :default_type => 'text/plain' }
+          end
+
+          it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^DefaultType text/plain$} }
+        end
+      end
+
+      context "with Apache version >= 2.4" do
+        let :params do
+          {
+            :apache_version => '2.4',
+          }
+        end
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^DefaultType [.]*$} }
+      end
+
+      it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*"$} }
+      it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} }
+      it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} }
+    end
+
+    describe "Alternate conf directory" do
+      let :params do
+        { :conf_dir => '/opt/rh/root/etc/httpd/conf' }
+      end
+
+      it { is_expected.to contain_file("/opt/rh/root/etc/httpd/conf/httpd.conf").with(
+        'ensure'  => 'file',
+        'notify'  => 'Class[Apache::Service]',
+        'require' => ['Package[httpd]', 'Concat[/etc/httpd/conf/ports.conf]'],
+      ) }
+    end
+
+    describe "Alternate conf.d directory" do
+      let :params do
+        { :confd_dir => '/etc/httpd/special_conf.d' }
+      end
+
+      it { is_expected.to contain_file("/etc/httpd/special_conf.d").with(
+        'ensure'  => 'directory',
+        'recurse' => 'true',
+        'purge'   => 'true',
+        'notify'  => 'Class[Apache::Service]',
+        'require' => 'Package[httpd]'
+      ) }
+    end
+
+    describe "Alternate mpm_modules" do
+      context "when declaring mpm_module is false" do
+        let :params do
+          { :mpm_module => false }
+        end
+        it 'should not declare mpm modules' do
+          is_expected.not_to contain_class('apache::mod::event')
+          is_expected.not_to contain_class('apache::mod::itk')
+          is_expected.not_to contain_class('apache::mod::peruser')
+          is_expected.not_to contain_class('apache::mod::prefork')
+          is_expected.not_to contain_class('apache::mod::worker')
+        end
+      end
+      context "when declaring mpm_module => prefork" do
+        let :params do
+          { :mpm_module => 'prefork' }
+        end
+        it { is_expected.to contain_class('apache::mod::prefork') }
+        it { is_expected.not_to contain_class('apache::mod::event') }
+        it { is_expected.not_to contain_class('apache::mod::itk') }
+        it { is_expected.not_to contain_class('apache::mod::peruser') }
+        it { is_expected.not_to contain_class('apache::mod::worker') }
+      end
+      context "when declaring mpm_module => worker" do
+        let :params do
+          { :mpm_module => 'worker' }
+        end
+        it { is_expected.to contain_class('apache::mod::worker') }
+        it { is_expected.not_to contain_class('apache::mod::event') }
+        it { is_expected.not_to contain_class('apache::mod::itk') }
+        it { is_expected.not_to contain_class('apache::mod::peruser') }
+        it { is_expected.not_to contain_class('apache::mod::prefork') }
+      end
+    end
+
+    describe "different templates for httpd.conf" do
+      context "with default" do
+        let :params do
+          { :conf_template => 'apache/httpd.conf.erb' }
+        end
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^# Security\n} }
+      end
+      context "with non-default" do
+        let :params do
+          { :conf_template => 'site_apache/fake.conf.erb' }
+        end
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Fake template for rspec.$} }
+      end
+    end
+
+    describe "default mods" do
+      context "without" do
+        let :params do
+          { :default_mods => false }
+        end
+
+        it { is_expected.to contain_apache__mod('authz_host') }
+        it { is_expected.not_to contain_apache__mod('env') }
+      end
+      context "custom" do
+        let :params do
+          { :default_mods => [
+            'info',
+            'alias',
+            'mime',
+            'env',
+            'setenv',
+            'expires',
+          ]}
+        end
+
+        it { is_expected.to contain_apache__mod('authz_host') }
+        it { is_expected.to contain_apache__mod('env') }
+        it { is_expected.to contain_class('apache::mod::info') }
+        it { is_expected.to contain_class('apache::mod::mime') }
+      end
+    end
+    describe "Don't create user resource" do
+      context "when parameter manage_user is false" do
+        let :params do
+          { :manage_user => false }
+        end
+
+        it { is_expected.not_to contain_user('apache') }
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^User apache\n} }
+      end
+    end
+    describe "Don't create group resource" do
+      context "when parameter manage_group is false" do
+        let :params do
+          { :manage_group => false }
+        end
+
+        it { is_expected.not_to contain_group('apache') }
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Group apache\n} }
+
+      end
+    end
+    describe "sendfile" do
+      context "with invalid value" do
+        let :params do
+          { :sendfile => 'foo' }
+        end
+        it "should fail" do
+          expect do
+            catalogue
+          end.to raise_error(Puppet::Error, /"foo" does not match/)
+        end
+      end
+      context "On" do
+        let :params do
+          { :sendfile => 'On' }
+        end
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile On\n} }
+      end
+      context "Off" do
+        let :params do
+          { :sendfile => 'Off' }
+        end
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile Off\n} }
+      end
+    end
+    context "on Fedora" do
+      let :facts do
+        super().merge({
+          :operatingsystem => 'Fedora'
+        })
+      end
+
+      context "21" do
+        let :facts do
+          super().merge({
+            :lsbdistrelease         => '21',
+            :operatingsystemrelease => '21'
+          })
+        end
+        it { is_expected.to contain_class('apache').with_apache_version('2.4') }
+      end
+      context "Rawhide" do
+        let :facts do
+          super().merge({
+            :lsbdistrelease         => 'Rawhide',
+            :operatingsystemrelease => 'Rawhide'
+          })
+        end
+        it { is_expected.to contain_class('apache').with_apache_version('2.4') }
+      end
+      # kinda obsolete
+      context "17" do
+        let :facts do
+          super().merge({
+            :lsbdistrelease         => '17',
+            :operatingsystemrelease => '17'
+          })
+        end
+        it { is_expected.to contain_class('apache').with_apache_version('2.2') }
+      end
+    end
+  end
+  context "on a FreeBSD OS" do
+    let :facts do
+      {
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :osfamily               => 'FreeBSD',
+        :operatingsystem        => 'FreeBSD',
+        :operatingsystemrelease => '10',
+        :concat_basedir         => '/dne',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_class("apache::package").with({'ensure' => 'present'}) }
+    it { is_expected.to contain_user("www") }
+    it { is_expected.to contain_group("www") }
+    it { is_expected.to contain_class("apache::service") }
+    it { is_expected.to contain_file("/usr/local/www/apache24/data").with(
+      'ensure'  => 'directory'
+      )
+    }
+    it { is_expected.to contain_file("/usr/local/etc/apache24/Vhosts").with(
+      'ensure'  => 'directory',
+      'recurse' => 'true',
+      'purge'   => 'true',
+      'notify'  => 'Class[Apache::Service]',
+      'require' => 'Package[httpd]'
+    ) }
+    it { is_expected.to contain_file("/usr/local/etc/apache24/Modules").with(
+      'ensure'  => 'directory',
+      'recurse' => 'true',
+      'purge'   => 'true',
+      'notify'  => 'Class[Apache::Service]',
+      'require' => 'Package[httpd]'
+    ) }
+    it { is_expected.to contain_concat("/usr/local/etc/apache24/ports.conf").with(
+      'owner'   => 'root',
+      'group'   => 'wheel',
+      'mode'    => '0644',
+      'notify'  => 'Class[Apache::Service]'
+    ) }
+    # Assert that load files are placed for these mods, but no conf file.
+    [
+      'auth_basic',
+      'authn_core',
+      'authn_file',
+      'authz_groupfile',
+      'authz_host',
+      'authz_user',
+      'dav',
+      'env'
+    ].each do |modname|
+      it { is_expected.to contain_file("#{modname}.load").with(
+        'path'   => "/usr/local/etc/apache24/Modules/#{modname}.load",
+        'ensure' => 'file'
+      ) }
+      it { is_expected.not_to contain_file("#{modname}.conf") }
+    end
+
+    # Assert that both load files and conf files are placed for these mods
+    [
+      'alias',
+      'autoindex',
+      'dav_fs',
+      'deflate',
+      'dir',
+      'mime',
+      'negotiation',
+      'setenvif',
+    ].each do |modname|
+      it { is_expected.to contain_file("#{modname}.load").with(
+        'path'   => "/usr/local/etc/apache24/Modules/#{modname}.load",
+        'ensure' => 'file'
+      ) }
+      it { is_expected.to contain_file("#{modname}.conf").with(
+        'path'   => "/usr/local/etc/apache24/Modules/#{modname}.conf",
+        'ensure' => 'file'
+      ) }
+    end
+  end
+  context "on a Gentoo OS" do
+    let :facts do
+      {
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_user("apache") }
+    it { is_expected.to contain_group("apache") }
+    it { is_expected.to contain_class("apache::service") }
+    it { is_expected.to contain_file("/var/www/localhost/htdocs").with(
+      'ensure'  => 'directory'
+      )
+    }
+    it { is_expected.to contain_file("/etc/apache2/vhosts.d").with(
+      'ensure'  => 'directory',
+      'recurse' => 'true',
+      'purge'   => 'true',
+      'notify'  => 'Class[Apache::Service]',
+      'require' => 'Package[httpd]'
+    ) }
+    it { is_expected.to contain_file("/etc/apache2/modules.d").with(
+      'ensure'  => 'directory',
+      'recurse' => 'true',
+      'purge'   => 'true',
+      'notify'  => 'Class[Apache::Service]',
+      'require' => 'Package[httpd]'
+    ) }
+    it { is_expected.to contain_concat("/etc/apache2/ports.conf").with(
+      'owner'   => 'root',
+      'group'   => 'wheel',
+      'mode'    => '0644',
+      'notify'  => 'Class[Apache::Service]'
+    ) }
+  end
+  context 'on all OSes' do
+    let :facts do
+      {
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :osfamily               => 'RedHat',
+        :operatingsystem        => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    context 'with a custom apache_name parameter' do
+      let :params do {
+        :apache_name => 'httpd24-httpd'
+      }
+      end
+      it { is_expected.to contain_package("httpd").with(
+        'notify' => 'Class[Apache::Service]',
+        'ensure' => 'installed',
+        'name'   => 'httpd24-httpd'
+        )
+      }
+    end
+    context 'with a custom file_mode parameter' do
+      let :params do {
+        :file_mode => '0640'
+      }
+      end
+      it { is_expected.to contain_concat("/etc/httpd/conf/ports.conf").with(
+        'mode' => '0640',
+      )
+      }
+    end
+    context 'with a custom root_directory_options parameter' do
+      let :params do {
+        :root_directory_options => ['-Indexes', '-FollowSymLinks']
+      }
+      end
+      it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{Options -Indexes -FollowSymLinks} }
+    end
+    context 'with a custom root_directory_secured parameter and Apache < 2.4' do
+      let :params do {
+        :apache_version => '2.2',
+        :root_directory_secured => true
+      }
+      end
+      it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{Options FollowSymLinks\n\s+AllowOverride None\n\s+Order deny,allow\n\s+Deny from all} }
+    end
+    context 'with a custom root_directory_secured parameter and Apache >= 2.4' do
+      let :params do {
+        :apache_version => '2.4',
+        :root_directory_secured => true
+      }
+      end
+      it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{Options FollowSymLinks\n\s+AllowOverride None\n\s+Require all denied} }
+    end
+    context 'default vhost defaults' do
+      it { is_expected.to contain_apache__vhost('default').with_ensure('present') }
+      it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('absent') }
+      it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{Options FollowSymLinks} }
+    end
+    context 'without default non-ssl vhost' do
+      let :params do {
+        :default_vhost  => false
+      }
+      end
+      it { is_expected.to contain_apache__vhost('default').with_ensure('absent') }
+      it { is_expected.not_to contain_file('/var/www/html') }
+    end
+    context 'with default ssl vhost' do
+      let :params do {
+          :default_ssl_vhost  => true
+        }
+      end
+      it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('present') }
+      it { is_expected.to contain_file('/var/www/html') }
+    end
+  end
+  context 'with unsupported osfamily' do
+    let :facts do
+      { :osfamily        => 'Darwin',
+        :operatingsystemrelease => '13.1.0',
+        :concat_basedir         => '/dne',
+        :is_pe                  => false,
+      }
+    end
+
+    it do
+      expect {
+       catalogue
+      }.to raise_error(Puppet::Error, /Unsupported osfamily/)
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/dev_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/dev_spec.rb
new file mode 100644
index 000000000..933d67703
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/dev_spec.rb
@@ -0,0 +1,89 @@
+require 'spec_helper'
+
+describe 'apache::dev', :type => :class do
+  let(:pre_condition) {[
+    'include apache'
+  ]}
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :lsbdistcodename        => 'squeeze',
+        :osfamily               => 'Debian',
+        :operatingsystem        => 'Debian',
+        :operatingsystemrelease => '6',
+        :is_pe                  => false,
+        :concat_basedir         => '/foo',
+        :id                     => 'root',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin',
+        :kernel                 => 'Linux'
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_package("libaprutil1-dev") }
+    it { is_expected.to contain_package("libapr1-dev") }
+    it { is_expected.to contain_package("apache2-prefork-dev") }
+  end
+  context "on an Ubuntu 14 OS" do
+    let :facts do
+      {
+        :lsbdistrelease         => '14.04',
+        :lsbdistcodename        => 'trusty',
+        :osfamily               => 'Debian',
+        :operatingsystem        => 'Ubuntu',
+        :operatingsystemrelease => '14.04',
+        :is_pe                  => false,
+        :concat_basedir         => '/foo',
+        :id                     => 'root',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin',
+        :kernel                 => 'Linux'
+      }
+    end
+    it { is_expected.to contain_package("apache2-dev") }
+  end
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystem        => 'RedHat',
+        :operatingsystemrelease => '6',
+        :is_pe                  => false,
+        :concat_basedir         => '/foo',
+        :id                     => 'root',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin',
+        :kernel                 => 'Linux'
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_package("httpd-devel") }
+  end
+  context "on a FreeBSD OS" do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystem        => 'FreeBSD',
+        :operatingsystemrelease => '9',
+        :is_pe                  => false,
+        :concat_basedir         => '/foo',
+        :id                     => 'root',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin',
+        :kernel                 => 'FreeBSD'
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+  end
+  context "on a Gentoo OS" do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :is_pe                  => false,
+        :concat_basedir         => '/foo',
+        :id                     => 'root',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin',
+        :kernel                 => 'Linux'
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/alias_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/alias_spec.rb
new file mode 100644
index 000000000..99854e818
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/alias_spec.rb
@@ -0,0 +1,97 @@
+require 'spec_helper'
+
+describe 'apache::mod::alias', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "default configuration with parameters" do
+    context "on a Debian OS", :compile do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :lsbdistcodename        => 'squeeze',
+          :osfamily               => 'Debian',
+          :operatingsystem        => 'Debian',
+          :operatingsystemrelease => '6',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_apache__mod("alias") }
+      it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/apache2\/icons\/"/) }
+    end
+    context "on a RedHat 6-based OS", :compile do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :osfamily               => 'RedHat',
+          :operatingsystem        => 'RedHat',
+          :operatingsystemrelease => '6',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_apache__mod("alias") }
+      it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/var\/www\/icons\/"/) }
+    end
+    context "on a RedHat 7-based OS", :compile do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :osfamily               => 'RedHat',
+          :operatingsystem        => 'RedHat',
+          :operatingsystemrelease => '7',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_apache__mod("alias") }
+      it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/httpd\/icons\/"/) }
+    end
+    context "with icons options", :compile do
+      let :pre_condition do
+        'class { apache: default_mods => false }'
+      end
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :osfamily               => 'RedHat',
+          :operatingsystem        => 'RedHat',
+          :operatingsystemrelease => '7',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+      let :params do
+        {
+          'icons_options' => 'foo'
+        }
+      end
+      it { is_expected.to contain_apache__mod("alias") }
+      it { is_expected.to contain_file("alias.conf").with(:content => /Options foo/) }
+    end
+    context "on a FreeBSD OS", :compile do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'FreeBSD',
+          :osfamily               => 'FreeBSD',
+          :operatingsystem        => 'FreeBSD',
+          :operatingsystemrelease => '10',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_apache__mod("alias") }
+      it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/local\/www\/apache24\/icons\/"/) }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/auth_cas_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/auth_cas_spec.rb
new file mode 100644
index 000000000..aee3f8c29
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/auth_cas_spec.rb
@@ -0,0 +1,64 @@
+require 'spec_helper'
+
+describe 'apache::mod::auth_cas', :type => :class do
+  context "default params" do
+    let :params do
+      {
+        :cas_login_url    => 'https://cas.example.com/login',
+        :cas_validate_url => 'https://cas.example.com/validate',
+        :cas_cookie_path  => '/var/cache/apache2/mod_auth_cas/'
+      }
+    end
+
+    it_behaves_like "a mod class, without including apache"
+  end
+
+  context "default configuration with parameters" do
+    let :params do
+      {
+        :cas_login_url    => 'https://cas.example.com/login',
+        :cas_validate_url => 'https://cas.example.com/validate',
+      }
+    end
+
+    context "on a Debian OS", :compile do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :lsbdistcodename        => 'squeeze',
+          :osfamily               => 'Debian',
+          :operatingsystem        => 'Debian',
+          :operatingsystemrelease => '6',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod("auth_cas") }
+      it { is_expected.to contain_package("libapache2-mod-auth-cas") }
+      it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/apache2/mods-available/auth_cas.conf') }
+      it { is_expected.to contain_file("/var/cache/apache2/mod_auth_cas/").with_owner('www-data') }
+    end
+    context "on a RedHat OS", :compile do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :osfamily               => 'RedHat',
+          :operatingsystem        => 'RedHat',
+          :operatingsystemrelease => '6',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod("auth_cas") }
+      it { is_expected.to contain_package("mod_auth_cas") }
+      it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/httpd/conf.d/auth_cas.conf') }
+      it { is_expected.to contain_file("/var/cache/mod_auth_cas/").with_owner('apache') }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/auth_kerb_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/auth_kerb_spec.rb
new file mode 100644
index 000000000..0f77a627e
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/auth_kerb_spec.rb
@@ -0,0 +1,106 @@
+require 'spec_helper'
+
+describe 'apache::mod::auth_kerb', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "default configuration with parameters" do
+    context "on a Debian OS", :compile do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :lsbdistcodename        => 'squeeze',
+          :osfamily               => 'Debian',
+          :operatingsystem        => 'Debian',
+          :operatingsystemrelease => '6',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod("auth_kerb") }
+      it { is_expected.to contain_package("libapache2-mod-auth-kerb") }
+    end
+    context "on a RedHat OS", :compile do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :osfamily               => 'RedHat',
+          :operatingsystem        => 'RedHat',
+          :operatingsystemrelease => '6',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod("auth_kerb") }
+      it { is_expected.to contain_package("mod_auth_kerb") }
+    end
+    context "on a FreeBSD OS", :compile do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'FreeBSD',
+          :osfamily               => 'FreeBSD',
+          :operatingsystem        => 'FreeBSD',
+          :operatingsystemrelease => '9',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod("auth_kerb") }
+      it { is_expected.to contain_package("www/mod_auth_kerb2") }
+    end
+    context "on a Gentoo OS", :compile do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :osfamily               => 'Gentoo',
+          :operatingsystem        => 'Gentoo',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+          :operatingsystemrelease => '3.16.1-gentoo',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod("auth_kerb") }
+      it { is_expected.to contain_package("www-apache/mod_auth_kerb") }
+    end
+  end
+  context "overriding mod_packages" do
+    context "on a RedHat OS", :compile do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :osfamily               => 'RedHat',
+          :operatingsystem        => 'RedHat',
+          :operatingsystemrelease => '6',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+      let :pre_condition do
+        <<-EOS
+        include apache::params
+        class { 'apache':
+          mod_packages => merge($::apache::params::mod_packages, {
+            'auth_kerb' => 'httpd24-mod_auth_kerb',
+          })
+        }
+        EOS
+      end
+      it { is_expected.to contain_apache__mod("auth_kerb") }
+      it { is_expected.to contain_package("httpd24-mod_auth_kerb") }
+      it { is_expected.to_not contain_package("mod_auth_kerb") }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/auth_mellon_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/auth_mellon_spec.rb
new file mode 100644
index 000000000..7d0826ff7
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/auth_mellon_spec.rb
@@ -0,0 +1,90 @@
+require 'spec_helper'
+
+describe 'apache::mod::auth_mellon', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "default configuration with parameters" do
+    context "on a Debian OS" do
+      let :facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :lsbdistcodename        => 'squeeze',
+          :operatingsystem        => 'Debian',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :fqdn                   => 'test.example.com',
+          :is_pe                  => false,
+        }
+      end
+      describe 'with no parameters' do
+        it { should contain_apache__mod('auth_mellon') }
+        it { should contain_package('libapache2-mod-auth-mellon') }
+        it { should contain_file('auth_mellon.conf').with_path('/etc/apache2/mods-available/auth_mellon.conf') }
+        it { should contain_file('auth_mellon.conf').with_content("MellonPostDirectory \"\/var\/cache\/apache2\/mod_auth_mellon\/\"\n") }
+      end
+      describe 'with parameters' do
+        let :params do
+          { :mellon_cache_size => '200',
+            :mellon_cache_entry_size => '2010',
+            :mellon_lock_file => '/tmp/junk',
+            :mellon_post_directory => '/tmp/post',
+            :mellon_post_ttl => '5',
+            :mellon_post_size => '8',
+            :mellon_post_count => '10'
+          }
+        end
+        it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheSize\s+200$/) }
+        it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheEntrySize\s+2010$/) }
+        it { should contain_file('auth_mellon.conf').with_content(/^MellonLockFile\s+"\/tmp\/junk"$/) }
+        it { should contain_file('auth_mellon.conf').with_content(/^MellonPostDirectory\s+"\/tmp\/post"$/) }
+        it { should contain_file('auth_mellon.conf').with_content(/^MellonPostTTL\s+5$/) }
+        it { should contain_file('auth_mellon.conf').with_content(/^MellonPostSize\s+8$/) }
+        it { should contain_file('auth_mellon.conf').with_content(/^MellonPostCount\s+10$/) }
+      end
+
+    end
+    context "on a RedHat OS" do
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :fqdn                   => 'test.example.com',
+          :is_pe                  => false,
+        }
+      end
+      describe 'with no parameters' do
+        it { should contain_apache__mod('auth_mellon') }
+        it { should contain_package('mod_auth_mellon') }
+        it { should contain_file('auth_mellon.conf').with_path('/etc/httpd/conf.d/auth_mellon.conf') }
+        it { should contain_file('auth_mellon.conf').with_content("MellonCacheSize 100\nMellonLockFile \"/run/mod_auth_mellon/lock\"\n") }
+      end
+      describe 'with parameters' do
+        let :params do
+          { :mellon_cache_size => '200',
+            :mellon_cache_entry_size => '2010',
+            :mellon_lock_file => '/tmp/junk',
+            :mellon_post_directory => '/tmp/post',
+            :mellon_post_ttl => '5',
+            :mellon_post_size => '8',
+            :mellon_post_count => '10'
+          }
+        end
+        it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheSize\s+200$/) }
+        it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheEntrySize\s+2010$/) }
+        it { should contain_file('auth_mellon.conf').with_content(/^MellonLockFile\s+"\/tmp\/junk"$/) }
+        it { should contain_file('auth_mellon.conf').with_content(/^MellonPostDirectory\s+"\/tmp\/post"$/) }
+        it { should contain_file('auth_mellon.conf').with_content(/^MellonPostTTL\s+5$/) }
+        it { should contain_file('auth_mellon.conf').with_content(/^MellonPostSize\s+8$/) }
+        it { should contain_file('auth_mellon.conf').with_content(/^MellonPostCount\s+10$/) }
+      end
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/authn_dbd_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/authn_dbd_spec.rb
new file mode 100644
index 000000000..4e101d1b5
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/authn_dbd_spec.rb
@@ -0,0 +1,62 @@
+require 'spec_helper'
+
+describe 'apache::mod::authn_dbd', :type => :class do
+  context "default params" do
+    let :params do
+      {
+        :authn_dbd_params => 'host=db_host port=3306 user=apache password=###### dbname=apache_auth',
+      }
+    end
+
+    it_behaves_like "a mod class, without including apache"
+  end
+
+  context "default configuration with parameters" do
+    let :params do
+      {
+        :authn_dbd_params => 'host=db_host port=3306 user=apache password=###### dbname=apache_auth',
+        :authn_dbd_alias  => 'db_authn',
+        :authn_dbd_query  => 'SELECT password FROM authn WHERE username = %s'
+      }
+    end
+
+    context "on a Debian OS", :compile do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :lsbdistcodename        => 'squeeze',
+          :osfamily               => 'Debian',
+          :operatingsystem        => 'Debian',
+          :operatingsystemrelease => '6',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod("authn_dbd") }
+      it { is_expected.to contain_apache__mod("dbd") }
+      it { is_expected.to contain_file("authn_dbd.conf").with_path('/etc/apache2/mods-available/authn_dbd.conf') }
+    end
+
+    context "on a RedHat OS", :compile do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :osfamily               => 'RedHat',
+          :operatingsystem        => 'RedHat',
+          :operatingsystemrelease => '6',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod("authn_dbd") }
+      it { is_expected.to contain_apache__mod("dbd") }
+      it { is_expected.to contain_file("authn_dbd.conf").with_path('/etc/httpd/conf.d/authn_dbd.conf') }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/authnz_ldap_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/authnz_ldap_spec.rb
new file mode 100644
index 000000000..7469d165e
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/authnz_ldap_spec.rb
@@ -0,0 +1,76 @@
+require 'spec_helper'
+
+describe 'apache::mod::authnz_ldap', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "default configuration with parameters" do
+    context "on a Debian OS" do
+      let :facts do
+        {
+          :lsbdistcodename        => 'squeeze',
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :operatingsystem        => 'Debian',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_class("apache::mod::ldap") }
+      it { is_expected.to contain_apache__mod('authnz_ldap') }
+
+      context 'default verify_server_cert' do
+        it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) }
+      end
+
+      context 'verify_server_cert = false' do
+        let(:params) { { :verify_server_cert => false } }
+        it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) }
+      end
+
+      context 'verify_server_cert = wrong' do
+        let(:params) { { :verify_server_cert => 'wrong' } }
+        it 'should raise an error' do
+          expect { is_expected.to raise_error Puppet::Error }
+        end
+      end
+    end #Debian
+
+    context "on a RedHat OS" do
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :operatingsystem        => 'RedHat',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_class("apache::mod::ldap") }
+      it { is_expected.to contain_apache__mod('authnz_ldap') }
+
+      context 'default verify_server_cert' do
+        it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) }
+      end
+
+      context 'verify_server_cert = false' do
+        let(:params) { { :verify_server_cert => false } }
+        it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) }
+      end
+
+      context 'verify_server_cert = wrong' do
+        let(:params) { { :verify_server_cert => 'wrong' } }
+        it 'should raise an error' do
+          expect { is_expected.to raise_error Puppet::Error }
+        end
+      end
+    end # Redhat
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/authnz_pam_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/authnz_pam_spec.rb
new file mode 100644
index 000000000..4bceeab85
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/authnz_pam_spec.rb
@@ -0,0 +1,44 @@
+require 'spec_helper'
+
+describe 'apache::mod::authnz_pam', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "default configuration with parameters" do
+    context "on a Debian OS" do
+      let :facts do
+        {
+          :lsbdistcodename        => 'squeeze',
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :operatingsystem        => 'Debian',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache") }
+      it { is_expected.to contain_package("libapache2-mod-authnz-pam") }
+      it { is_expected.to contain_apache__mod('authnz_pam') }
+    end #Debian
+
+    context "on a RedHat OS" do
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :operatingsystem        => 'RedHat',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache") }
+      it { is_expected.to contain_package("mod_authnz_pam") }
+      it { is_expected.to contain_apache__mod('authnz_pam') }
+    end # Redhat
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/cluster_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/cluster_spec.rb
new file mode 100644
index 000000000..b5f74bac7
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/cluster_spec.rb
@@ -0,0 +1,105 @@
+require 'spec_helper'
+
+describe 'apache::mod::cluster', :type => :class do
+  context 'on a RedHat OS Release 7 with mod version = 1.3.0' do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '7',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    let(:params) {
+      {
+        :allowed_network         => '172.17.0',
+        :balancer_name           => 'mycluster',
+        :ip                      => '172.17.0.1',
+        :version                 => '1.3.0'
+      }
+    }
+
+    it { is_expected.to contain_class("apache") }
+    it { is_expected.to contain_apache__mod('proxy') }
+    it { is_expected.to contain_apache__mod('proxy_ajp') }
+    it { is_expected.to contain_apache__mod('manager') }
+    it { is_expected.to contain_apache__mod('proxy_cluster') }
+    it { is_expected.to contain_apache__mod('advertise') }
+    it { is_expected.to contain_apache__mod('cluster_slotmem') }
+
+    it { is_expected.to contain_file('cluster.conf') }
+  end
+
+  context 'on a RedHat OS Release 7 with mod version > 1.3.0' do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '7',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    let(:params) {
+      {
+        :allowed_network         => '172.17.0',
+        :balancer_name           => 'mycluster',
+        :ip                      => '172.17.0.1',
+        :version                 => '1.3.1'
+      }
+    }
+
+    it { is_expected.to contain_class('apache') }
+    it { is_expected.to contain_apache__mod('proxy') }
+    it { is_expected.to contain_apache__mod('proxy_ajp') }
+    it { is_expected.to contain_apache__mod('manager') }
+    it { is_expected.to contain_apache__mod('proxy_cluster') }
+    it { is_expected.to contain_apache__mod('advertise') }
+    it { is_expected.to contain_apache__mod('cluster_slotmem') }
+
+    it { is_expected.to contain_file('cluster.conf') }
+  end
+
+  context 'on a RedHat OS Release 6 with mod version < 1.3.0' do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    let(:params) {
+      {
+        :allowed_network         => '172.17.0',
+        :balancer_name           => 'mycluster',
+        :ip                      => '172.17.0.1',
+        :version                 => '1.2.0'
+      }
+    }
+
+    it { is_expected.to contain_class('apache') }
+    it { is_expected.to contain_apache__mod('proxy') }
+    it { is_expected.to contain_apache__mod('proxy_ajp') }
+    it { is_expected.to contain_apache__mod('manager') }
+    it { is_expected.to contain_apache__mod('proxy_cluster') }
+    it { is_expected.to contain_apache__mod('advertise') }
+    it { is_expected.to contain_apache__mod('slotmem') }
+
+    it { is_expected.to contain_file('cluster.conf') }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/dav_svn_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/dav_svn_spec.rb
new file mode 100644
index 000000000..426b547f2
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/dav_svn_spec.rb
@@ -0,0 +1,80 @@
+require 'spec_helper'
+
+describe 'apache::mod::dav_svn', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "default configuration with parameters" do
+    context "on a Debian OS" do
+      let :facts do
+        {
+          :lsbdistcodename           => 'squeeze',
+          :osfamily                  => 'Debian',
+          :operatingsystemrelease    => '6',
+          :operatingsystemmajrelease => '6',
+          :concat_basedir            => '/dne',
+          :operatingsystem           => 'Debian',
+          :id                        => 'root',
+          :kernel                    => 'Linux',
+          :path                      => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                     => false,
+        }
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('dav_svn') }
+      it { is_expected.to contain_package("libapache2-svn") }
+    end
+    context "on a RedHat OS" do
+      let :facts do
+        {
+          :osfamily                  => 'RedHat',
+          :operatingsystemrelease    => '6',
+          :operatingsystemmajrelease => '6',
+          :concat_basedir            => '/dne',
+          :operatingsystem           => 'RedHat',
+          :id                        => 'root',
+          :kernel                    => 'Linux',
+          :path                      => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                     => false,
+        }
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('dav_svn') }
+      it { is_expected.to contain_package("mod_dav_svn") }
+    end
+    context "on a FreeBSD OS" do
+      let :facts do
+        {
+          :osfamily                  => 'FreeBSD',
+          :operatingsystemrelease    => '9',
+          :operatingsystemmajrelease => '9',
+          :concat_basedir            => '/dne',
+          :operatingsystem           => 'FreeBSD',
+          :id                        => 'root',
+          :kernel                    => 'Linux',
+          :path                      => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                     => false,
+        }
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('dav_svn') }
+      it { is_expected.to contain_package("devel/subversion") }
+    end
+    context "on a Gentoo OS", :compile do
+      let :facts do
+        {
+          :id                     => 'root',
+          :operatingsystemrelease => '3.16.1-gentoo',
+          :concat_basedir         => '/dne',
+          :kernel                 => 'Linux',
+          :osfamily               => 'Gentoo',
+          :operatingsystem        => 'Gentoo',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('dav_svn') }
+      it { is_expected.to contain_package("dev-vcs/subversion") }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/deflate_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/deflate_spec.rb
new file mode 100644
index 000000000..264c70f36
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/deflate_spec.rb
@@ -0,0 +1,127 @@
+require 'spec_helper'
+
+# This function is called inside the OS specific contexts
+def general_deflate_specs
+  it { is_expected.to contain_apache__mod("deflate") }
+
+  it do
+    is_expected.to contain_file("deflate.conf").with_content(
+      "AddOutputFilterByType DEFLATE text/css\n"\
+      "AddOutputFilterByType DEFLATE text/html\n"\
+      "\n"\
+      "DeflateFilterNote Input instream\n"\
+      "DeflateFilterNote Ratio ratio\n"
+    )
+  end
+end
+
+describe 'apache::mod::deflate', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "default configuration with parameters" do
+    let :pre_condition do
+      'class { "apache::mod::deflate":
+        types => [ "text/html", "text/css" ],
+        notes => {
+          "Input" => "instream",
+          "Ratio" => "ratio",
+        }
+      }
+      '
+    end
+
+    context "On a Debian OS with default params" do
+      let :facts do
+        {
+          :id                     => 'root',
+          :lsbdistcodename        => 'squeeze',
+          :kernel                 => 'Linux',
+          :osfamily               => 'Debian',
+          :operatingsystem        => 'Debian',
+          :operatingsystemrelease => '6',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+
+      # Load the more generic tests for this context
+      general_deflate_specs()
+
+      it { is_expected.to contain_file("deflate.conf").with({
+        :ensure => 'file',
+        :path   => '/etc/apache2/mods-available/deflate.conf',
+      } ) }
+      it { is_expected.to contain_file("deflate.conf symlink").with({
+        :ensure => 'link',
+        :path   => '/etc/apache2/mods-enabled/deflate.conf',
+      } ) }
+    end
+
+    context "on a RedHat OS with default params" do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :osfamily               => 'RedHat',
+          :operatingsystem        => 'RedHat',
+          :operatingsystemrelease => '6',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+
+      # Load the more generic tests for this context
+      general_deflate_specs()
+
+      it { is_expected.to contain_file("deflate.conf").with_path("/etc/httpd/conf.d/deflate.conf") }
+    end
+
+    context "On a FreeBSD OS with default params" do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'FreeBSD',
+          :osfamily               => 'FreeBSD',
+          :operatingsystem        => 'FreeBSD',
+          :operatingsystemrelease => '9',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+
+      # Load the more generic tests for this context
+      general_deflate_specs()
+
+      it { is_expected.to contain_file("deflate.conf").with({
+        :ensure => 'file',
+        :path   => '/usr/local/etc/apache24/Modules/deflate.conf',
+      } ) }
+    end
+
+    context "On a Gentoo OS with default params" do
+      let :facts do
+        {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :osfamily               => 'Gentoo',
+          :operatingsystem        => 'Gentoo',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+          :operatingsystemrelease => '3.16.1-gentoo',
+          :concat_basedir         => '/dne',
+          :is_pe                  => false,
+        }
+      end
+
+      # Load the more generic tests for this context
+      general_deflate_specs()
+
+      it { is_expected.to contain_file("deflate.conf").with({
+        :ensure => 'file',
+        :path   => '/etc/apache2/modules.d/deflate.conf',
+      } ) }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/dev_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/dev_spec.rb
new file mode 100644
index 000000000..4c9f324b3
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/dev_spec.rb
@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe 'apache::mod::dev', :type => :class do
+  let(:pre_condition) {[
+    'include apache'
+  ]}
+
+  it_behaves_like "a mod class, without including apache"
+
+  [
+    ['RedHat',  '6', 'Santiago', 'Linux'],
+    ['Debian',  '6', 'squeeze', 'Linux'],
+    ['FreeBSD', '9', 'FreeBSD', 'FreeBSD'],
+  ].each do |osfamily, operatingsystemrelease, lsbdistcodename, kernel|
+    context "on a #{osfamily} OS" do
+      let :facts do
+        {
+          :lsbdistcodename        => lsbdistcodename,
+          :osfamily               => osfamily,
+          :operatingsystem        => osfamily,
+          :operatingsystemrelease => operatingsystemrelease,
+          :is_pe                  => false,
+          :concat_basedir         => '/foo',
+          :id                     => 'root',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin',
+          :kernel                 => kernel
+        }
+      end
+      it { is_expected.to contain_class('apache::dev') }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/dir_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/dir_spec.rb
new file mode 100644
index 000000000..9aad0d3ff
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/dir_spec.rb
@@ -0,0 +1,137 @@
+require 'spec_helper'
+
+describe 'apache::mod::dir', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "default configuration with parameters" do
+    context "on a Debian OS" do
+      let :facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'Debian',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :lsbdistcodename        => 'squeeze',
+          :is_pe                  => false,
+        }
+      end
+      context "passing no parameters" do
+        it { is_expected.to contain_class("apache::params") }
+        it { is_expected.to contain_apache__mod('dir') }
+        it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) }
+      end
+      context "passing indexes => ['example.txt','fearsome.aspx']" do
+        let :params do
+          {:indexes => ['example.txt','fearsome.aspx']}
+        end
+        it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) }
+      end
+    end
+    context "on a RedHat OS" do
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'Redhat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      context "passing no parameters" do
+        it { is_expected.to contain_class("apache::params") }
+        it { is_expected.to contain_apache__mod('dir') }
+        it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) }
+      end
+      context "passing indexes => ['example.txt','fearsome.aspx']" do
+        let :params do
+          {:indexes => ['example.txt','fearsome.aspx']}
+        end
+        it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) }
+      end
+    end
+    context "on a FreeBSD OS" do
+      let :facts do
+        {
+          :osfamily               => 'FreeBSD',
+          :operatingsystemrelease => '9',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'FreeBSD',
+          :id                     => 'root',
+          :kernel                 => 'FreeBSD',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      context "passing no parameters" do
+        it { is_expected.to contain_class("apache::params") }
+        it { is_expected.to contain_apache__mod('dir') }
+        it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) }
+      end
+      context "passing indexes => ['example.txt','fearsome.aspx']" do
+        let :params do
+          {:indexes => ['example.txt','fearsome.aspx']}
+        end
+        it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) }
+      end
+    end
+    context "on a Gentoo OS" do
+      let :facts do
+        {
+          :osfamily               => 'Gentoo',
+          :operatingsystem        => 'Gentoo',
+          :operatingsystemrelease => '3.16.1-gentoo',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+          :is_pe                  => false,
+        }
+      end
+      context "passing no parameters" do
+        it { is_expected.to contain_class("apache::params") }
+        it { is_expected.to contain_apache__mod('dir') }
+        it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) }
+      end
+      context "passing indexes => ['example.txt','fearsome.aspx']" do
+        let :params do
+          {:indexes => ['example.txt','fearsome.aspx']}
+        end
+        it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) }
+        it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) }
+      end
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/disk_cache_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/disk_cache_spec.rb
new file mode 100644
index 000000000..ebb5ef6a9
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/disk_cache_spec.rb
@@ -0,0 +1,125 @@
+require 'spec_helper'
+
+describe 'apache::mod::disk_cache', :type => :class do
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :lsbdistcodename        => 'squeeze',
+        :osfamily               => 'Debian',
+        :operatingsystem        => 'Debian',
+        :operatingsystemrelease => '6',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :concat_basedir         => '/dne',
+        :is_pe                  => false,
+      }
+    end
+    context "with Apache version < 2.4" do
+      let :pre_condition do
+        'class{ "apache":
+          apache_version => "2.2",
+          default_mods   => ["cache"],
+          mod_dir        => "/tmp/junk",
+         }'
+      end
+      it { should compile }
+      it { should contain_class('apache::mod::disk_cache') }
+      it { is_expected.to contain_apache__mod("disk_cache") }
+      it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/apache2\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1/) }
+    end
+    context "with Apache version >= 2.4" do
+      let :pre_condition do
+        'class{ "apache":
+          apache_version => "2.4",
+          default_mods   => ["cache"],
+          mod_dir        => "/tmp/junk",
+         }'
+      end
+      it { should compile }
+      it { should contain_class('apache::mod::disk_cache') }
+      it { should contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]')  }
+      it { is_expected.to contain_apache__mod("cache_disk") }
+      it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/apache2\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) }
+    end
+  end
+
+  context "on a RedHat 6-based OS" do
+    let :facts do
+      {
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :osfamily               => 'RedHat',
+        :operatingsystem        => 'RedHat',
+        :operatingsystemrelease => '6',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :concat_basedir         => '/dne',
+        :is_pe                  => false,
+      }
+    end
+    context "with Apache version < 2.4" do
+      let :pre_condition do
+        'class{ "apache":
+          apache_version => "2.2",
+          default_mods   => ["cache"],
+          mod_dir        => "/tmp/junk",
+         }'
+      end
+      it { is_expected.to contain_apache__mod("disk_cache") }
+      it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_proxy\"\nCacheDirLevels 2\nCacheDirLength 1/) }
+    end
+    context "with Apache version >= 2.4" do
+      let :pre_condition do
+        'class{ "apache":
+          apache_version => "2.4",
+          default_mods   => ["cache"],
+          mod_dir        => "/tmp/junk",
+         }'
+      end
+      it { is_expected.to contain_apache__mod("cache_disk") }
+      it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/httpd\/proxy\"\nCacheDirLevels 2\nCacheDirLength 1/) }
+    end
+  end
+  context "on a FreeBSD OS" do
+    let :facts do
+      {
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :osfamily               => 'FreeBSD',
+        :operatingsystem        => 'FreeBSD',
+        :operatingsystemrelease => '10',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :concat_basedir         => '/dne',
+        :is_pe                  => false,
+      }
+    end
+    context "with Apache version < 2.4" do
+      let :pre_condition do
+        'class{ "apache":
+          apache_version => "2.2",
+          default_mods   => ["cache"],
+          mod_dir        => "/tmp/junk",
+         }'
+      end
+      it { should compile }
+      it { should contain_class('apache::mod::disk_cache') }
+      it { should contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]')  }
+      it { is_expected.to contain_apache__mod("disk_cache") }
+      it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1/) }
+    end
+    context "with Apache version >= 2.4" do
+      let :pre_condition do
+        'class{ "apache":
+          apache_version => "2.4",
+          default_mods   => ["cache"],
+          mod_dir        => "/tmp/junk",
+         }'
+      end
+      it { should compile }
+      it { should contain_class('apache::mod::disk_cache') }
+      it { should contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]')  }
+      it { is_expected.to contain_apache__mod("cache_disk") }
+      it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/dumpio_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/dumpio_spec.rb
new file mode 100644
index 000000000..106b23af0
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/dumpio_spec.rb
@@ -0,0 +1,51 @@
+require 'spec_helper'
+
+describe 'apache::mod::dumpio', :type => :class do
+  context "on a Debian OS" do
+    let :pre_condition do
+      'class{"apache":
+         default_mods => false,
+         mod_dir    => "/tmp/junk",
+       }'
+    end
+    let :facts do
+      {
+        :lsbdistcodename           => 'squeeze',
+        :osfamily                  => 'Debian',
+        :operatingsystemrelease    => '6',
+        :operatingsystemmajrelease => '6',
+        :concat_basedir            => '/dne',
+        :operatingsystem           => 'Debian',
+        :id                        => 'root',
+        :kernel                    => 'Linux',
+        :path                      => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    context "default configuration fore parameters" do
+      it { should compile }
+      it { should contain_class('apache::mod::dumpio') }
+      it { should contain_file("dumpio.conf").with_path("/tmp/junk/dumpio.conf") }
+      it { should contain_file("dumpio.conf").with_content(/^\s*DumpIOInput\s+"Off"$/)}
+      it { should contain_file("dumpio.conf").with_content(/^\s*DumpIOOutput\s+"Off"$/)}
+    end
+    context "with dumpio_input set to On" do
+      let :params do
+        {
+          :dump_io_input => 'On',
+        }
+      end
+      it { should contain_file("dumpio.conf").with_content(/^\s*DumpIOInput\s+"On"$/)}
+      it { should contain_file("dumpio.conf").with_content(/^\s*DumpIOOutput\s+"Off"$/)}
+    end
+    context "with dumpio_ouput set to On" do
+      let :params do
+        {
+          :dump_io_output => 'On',
+        }
+      end
+      it { should contain_file("dumpio.conf").with_content(/^\s*DumpIOInput\s+"Off"$/)}
+      it { should contain_file("dumpio.conf").with_content(/^\s*DumpIOOutput\s+"On"$/)}
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/event_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/event_spec.rb
new file mode 100644
index 000000000..b010d4c02
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/event_spec.rb
@@ -0,0 +1,214 @@
+require 'spec_helper'
+
+describe 'apache::mod::event', :type => :class do
+  let :pre_condition do
+    'class { "apache": mpm_module => false, }'
+  end
+  context "on a FreeBSD OS" do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '9',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('event') }
+    it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/event.conf").with_ensure('file') }
+  end
+  context "on a Gentoo OS" do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('event') }
+    it { is_expected.to contain_file("/etc/apache2/modules.d/event.conf").with_ensure('file') }
+  end
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :lsbdistcodename        => 'squeeze',
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('event') }
+    it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file') }
+    it { is_expected.to contain_file("/etc/apache2/mods-enabled/event.conf").with_ensure('link') }
+
+    context "Test mpm_event new params" do
+      let :params do
+        {
+          :serverlimit            => '0',
+          :startservers           => '1',
+          :maxclients             => '2',
+          :minsparethreads        => '3',
+          :maxsparethreads        => '4',
+          :threadsperchild        => '5',
+          :maxrequestsperchild    => '6',
+          :threadlimit            => '7',
+          :listenbacklog          => '8',
+          :maxrequestworkers      => '9',
+          :maxconnectionsperchild => '10',
+        }
+      end
+
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ServerLimit\s*0/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*StartServers\s*1/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxClients/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MinSpareThreads\s*3/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxSpareThreads\s*4/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadsPerChild\s*5/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxRequestsPerChild/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadLimit\s*7/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ListenBacklog\s*8/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestWorkers\s*9/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxConnectionsPerChild\s*10/) }
+    end
+
+    context "Test mpm_event old style params" do
+      let :params do
+        {
+          :serverlimit            => '0',
+          :startservers           => '1',
+          :maxclients             => '2',
+          :minsparethreads        => '3',
+          :maxsparethreads        => '4',
+          :threadsperchild        => '5',
+          :maxrequestsperchild    => '6',
+          :threadlimit            => '7',
+          :listenbacklog          => '8',
+          :maxrequestworkers      => :undef,
+          :maxconnectionsperchild => :undef,
+        }
+      end
+
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ServerLimit\s*0/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*StartServers\s*1/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxClients\s*2/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MinSpareThreads\s*3/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxSpareThreads\s*4/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadsPerChild\s*5/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestsPerChild\s*6/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadLimit\s*7/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ListenBacklog\s*8/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxRequestWorkers/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxConnectionsPerChild/) }
+    end
+
+    context "Test mpm_event false params" do
+      let :params do
+        {
+          :serverlimit            => false,
+          :startservers           => false,
+          :maxclients             => false,
+          :minsparethreads        => false,
+          :maxsparethreads        => false,
+          :threadsperchild        => false,
+          :maxrequestsperchild    => false,
+          :threadlimit            => false,
+          :listenbacklog          => false,
+          :maxrequestworkers      => false,
+          :maxconnectionsperchild => false,
+        }
+      end
+
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*ServerLimit/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*StartServers/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxClients/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MinSpareThreads/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxSpareThreads/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*ThreadsPerChild/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxRequestsPerChild/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*ThreadLimit/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*ListenBacklog/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxRequestWorkers/) }
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxConnectionsPerChild/) }
+    end
+
+    context "with Apache version < 2.4" do
+      let :params do
+        {
+          :apache_version => '2.2',
+        }
+      end
+
+      it { is_expected.not_to contain_file("/etc/apache2/mods-available/event.load") }
+      it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/event.load") }
+
+      it { is_expected.to contain_package("apache2-mpm-event") }
+    end
+
+    context "with Apache version >= 2.4" do
+      let :params do
+        {
+          :apache_version => '2.4',
+        }
+      end
+
+      it { is_expected.to contain_file("/etc/apache2/mods-available/event.load").with({
+        'ensure'  => 'file',
+        'content' => "LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so\n"
+        })
+      }
+      it { is_expected.to contain_file("/etc/apache2/mods-enabled/event.load").with_ensure('link') }
+    end
+  end
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    context "with Apache version >= 2.4" do
+      let :params do
+        {
+          :apache_version => '2.4',
+        }
+      end
+
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.not_to contain_apache__mod('worker') }
+      it { is_expected.not_to contain_apache__mod('prefork') }
+
+      it { is_expected.to contain_file("/etc/httpd/conf.d/event.conf").with_ensure('file') }
+
+      it { is_expected.to contain_file("/etc/httpd/conf.d/event.load").with({
+        'ensure'  => 'file',
+        'content' => "LoadModule mpm_event_module modules/mod_mpm_event.so\n",
+        })
+      }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/expires_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/expires_spec.rb
new file mode 100644
index 000000000..397fee024
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/expires_spec.rb
@@ -0,0 +1,83 @@
+require 'spec_helper'
+
+describe 'apache::mod::expires', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "with expires active", :compile do
+    let :facts do
+      {
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :lsbdistcodename        => 'squeeze',
+        :osfamily               => 'Debian',
+        :operatingsystem        => 'Debian',
+        :operatingsystemrelease => '6',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :concat_basedir         => '/dne',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_apache__mod("expires") }
+    it { is_expected.to contain_file("expires.conf").with(:content => /ExpiresActive On\n/) }
+  end
+  context "with expires default", :compile do
+    let :pre_condition do
+      'class { apache: default_mods => false }'
+    end
+    let :facts do
+      {
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :osfamily               => 'RedHat',
+        :operatingsystem        => 'RedHat',
+        :operatingsystemrelease => '7',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :concat_basedir         => '/dne',
+        :is_pe                  => false,
+      }
+    end
+    let :params do
+      {
+        'expires_default' => 'access plus 1 month'
+      }
+    end
+    it { is_expected.to contain_apache__mod("expires") }
+    it { is_expected.to contain_file("expires.conf").with_content(
+        "ExpiresActive On\n" \
+        "ExpiresDefault \"access plus 1 month\"\n"
+      )
+    }
+  end
+  context "with expires by type", :compile do
+    let :pre_condition do
+      'class { apache: default_mods => false }'
+    end
+    let :facts do
+      {
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :osfamily               => 'RedHat',
+        :operatingsystem        => 'RedHat',
+        :operatingsystemrelease => '7',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :concat_basedir         => '/dne',
+        :is_pe                  => false,
+      }
+    end
+    let :params do
+      {
+        'expires_by_type' => [
+          { 'text/json' => 'mod plus 1 day' },
+          { 'text/html' => 'access plus 1 year' },
+        ]
+      }
+    end
+    it { is_expected.to contain_apache__mod("expires") }
+    it { is_expected.to contain_file("expires.conf").with_content(
+        "ExpiresActive On\n" \
+        "ExpiresByType text/json \"mod plus 1 day\"\n" \
+        "ExpiresByType text/html \"access plus 1 year\"\n"
+      )
+    }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/ext_filter_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/ext_filter_spec.rb
new file mode 100644
index 000000000..a0cf37cec
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/ext_filter_spec.rb
@@ -0,0 +1,64 @@
+require 'spec_helper'
+
+describe 'apache::mod::ext_filter', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :fqdn                   => 'test.example.com',
+        :is_pe                  => false,
+      }
+    end
+    describe 'with no parameters' do
+      it { is_expected.to contain_apache__mod('ext_filter') }
+      it { is_expected.not_to contain_file('ext_filter.conf') }
+    end
+    describe 'with parameters' do
+      let :params do
+        { :ext_filter_define =>  {'filtA' => 'input=A output=B',
+                                  'filtB' => 'input=C cmd="C"' },
+        }
+      end
+      it { is_expected.to contain_file('ext_filter.conf').with_content(/^ExtFilterDefine\s+filtA\s+input=A output=B$/) }
+      it { is_expected.to contain_file('ext_filter.conf').with_content(/^ExtFilterDefine\s+filtB\s+input=C cmd="C"$/) }
+    end
+
+  end
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :fqdn                   => 'test.example.com',
+        :is_pe                  => false,
+      }
+    end
+    describe 'with no parameters' do
+      it { is_expected.to contain_apache__mod('ext_filter') }
+      it { is_expected.not_to contain_file('ext_filter.conf') }
+    end
+    describe 'with parameters' do
+      let :params do
+        { :ext_filter_define =>  {'filtA' => 'input=A output=B',
+                                  'filtB' => 'input=C cmd="C"' },
+        }
+      end
+      it { is_expected.to contain_file('ext_filter.conf').with_path('/etc/httpd/conf.d/ext_filter.conf') }
+      it { is_expected.to contain_file('ext_filter.conf').with_content(/^ExtFilterDefine\s+filtA\s+input=A output=B$/) }
+      it { is_expected.to contain_file('ext_filter.conf').with_content(/^ExtFilterDefine\s+filtB\s+input=C cmd="C"$/) }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/fastcgi_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/fastcgi_spec.rb
new file mode 100644
index 000000000..778d27cff
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/fastcgi_spec.rb
@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+describe 'apache::mod::fastcgi', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('fastcgi') }
+    it { is_expected.to contain_package("libapache2-mod-fastcgi") }
+    it { is_expected.to contain_file('fastcgi.conf') }
+  end
+
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('fastcgi') }
+    it { is_expected.to contain_package("mod_fastcgi") }
+    it { is_expected.not_to contain_file('fastcgi.conf') }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/fcgid_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/fcgid_spec.rb
new file mode 100644
index 000000000..f08596be6
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/fcgid_spec.rb
@@ -0,0 +1,141 @@
+require 'spec_helper'
+
+describe 'apache::mod::fcgid', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily                  => 'Debian',
+        :operatingsystemrelease    => '6',
+        :operatingsystemmajrelease => '6',
+        :concat_basedir            => '/dne',
+        :lsbdistcodename           => 'squeeze',
+        :operatingsystem           => 'Debian',
+        :id                        => 'root',
+        :kernel                    => 'Linux',
+        :path                      => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                     => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('fcgid').with({
+      'loadfile_name' => nil
+    }) }
+    it { is_expected.to contain_package("libapache2-mod-fcgid") }
+  end
+
+  context "on a RHEL6" do
+    let :facts do
+      {
+        :osfamily                  => 'RedHat',
+        :operatingsystemrelease    => '6',
+        :operatingsystemmajrelease => '6',
+        :concat_basedir            => '/dne',
+        :operatingsystem           => 'RedHat',
+        :id                        => 'root',
+        :kernel                    => 'Linux',
+        :path                      => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                     => false,
+      }
+    end
+
+    describe 'without parameters' do
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('fcgid').with({
+        'loadfile_name' => nil
+      }) }
+      it { is_expected.to contain_package("mod_fcgid") }
+    end
+
+    describe 'with parameters' do
+      let :params do {
+        :options                     => {
+          'FcgidIPCDir'               => '/var/run/fcgidsock',
+          'SharememPath'              => '/var/run/fcgid_shm',
+          'FcgidMinProcessesPerClass' => '0',
+          'AddHandler'                => 'fcgid-script .fcgi',
+        }
+      } end
+
+      it 'should contain the correct config' do
+        content = catalogue.resource('file', 'fcgid.conf').send(:parameters)[:content]
+        expect(content.split("\n").reject { |c| c =~ /(^#|^$)/ }).to eq([
+          '<IfModule mod_fcgid.c>',
+          '  AddHandler fcgid-script .fcgi',
+          '  FcgidIPCDir /var/run/fcgidsock',
+          '  FcgidMinProcessesPerClass 0',
+          '  SharememPath /var/run/fcgid_shm',
+          '</IfModule>',
+        ])
+      end
+    end
+  end
+
+  context "on RHEL7" do
+    let :facts do
+      {
+        :osfamily                  => 'RedHat',
+        :operatingsystemrelease    => '7',
+        :operatingsystemmajrelease => '7',
+        :concat_basedir            => '/dne',
+        :operatingsystem           => 'RedHat',
+        :id                        => 'root',
+        :kernel                    => 'Linux',
+        :path                      => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                     => false,
+      }
+    end
+
+    describe 'without parameters' do
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('fcgid').with({
+        'loadfile_name' => 'unixd_fcgid.load'
+      }) }
+      it { is_expected.to contain_package("mod_fcgid") }
+    end
+  end
+
+  context "on a FreeBSD OS" do
+    let :facts do
+      {
+        :osfamily                  => 'FreeBSD',
+        :operatingsystemrelease    => '10',
+        :operatingsystemmajrelease => '10',
+        :concat_basedir            => '/dne',
+        :operatingsystem           => 'FreeBSD',
+        :id                        => 'root',
+        :kernel                    => 'FreeBSD',
+        :path                      => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                     => false,
+      }
+    end
+
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('fcgid').with({
+      'loadfile_name' => 'unixd_fcgid.load'
+    }) }
+    it { is_expected.to contain_package("www/mod_fcgid") }
+  end
+
+  context "on a Gentoo OS" do
+    let :facts do
+      {
+        :osfamily                  => 'Gentoo',
+        :operatingsystem           => 'Gentoo',
+        :operatingsystemrelease    => '3.16.1-gentoo',
+        :concat_basedir            => '/dne',
+        :id                        => 'root',
+        :kernel                    => 'Linux',
+        :path                      => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                     => false,
+      }
+    end
+
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('fcgid').with({
+      'loadfile_name' => nil,
+    }) }
+    it { is_expected.to contain_package("www-apache/mod_fcgid") }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/info_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/info_spec.rb
new file mode 100644
index 000000000..766a9e4fd
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/info_spec.rb
@@ -0,0 +1,222 @@
+require 'spec_helper'
+
+# This function is called inside the OS specific contexts
+def general_info_specs_22
+  it { is_expected.to contain_apache__mod('info') }
+
+  context 'passing no parameters' do
+    it {
+      is_expected.to contain_file('info.conf').with_content(
+        "<Location /server-info>\n"\
+        "    SetHandler server-info\n"\
+        "    Order deny,allow\n"\
+        "    Deny from all\n"\
+        "    Allow from 127.0.0.1\n"\
+        "    Allow from ::1\n"\
+        "</Location>\n"
+      )
+    }
+  end
+  context 'passing restrict_access => false' do
+    let :params do {
+      :restrict_access => false
+    }
+    end
+    it {
+      is_expected.to contain_file('info.conf').with_content(
+        "<Location /server-info>\n"\
+        "    SetHandler server-info\n"\
+        "</Location>\n"
+      )
+    }
+  end
+  context "passing allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']" do
+    let :params do
+      {:allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']}
+    end
+    it {
+      is_expected.to contain_file('info.conf').with_content(
+        "<Location /server-info>\n"\
+        "    SetHandler server-info\n"\
+        "    Order deny,allow\n"\
+        "    Deny from all\n"\
+        "    Allow from 10.10.1.2\n"\
+        "    Allow from 192.168.1.2\n"\
+        "    Allow from 127.0.0.1\n"\
+        "</Location>\n"
+      )
+    }
+  end
+  context 'passing both restrict_access and allow_from' do
+    let :params do
+      {
+        :restrict_access => false,
+        :allow_from      => ['10.10.1.2', '192.168.1.2', '127.0.0.1']
+      }
+    end
+    it {
+      is_expected.to contain_file('info.conf').with_content(
+        "<Location /server-info>\n"\
+        "    SetHandler server-info\n"\
+        "</Location>\n"
+      )
+    }
+  end
+end
+
+def general_info_specs_24
+  it { is_expected.to contain_apache__mod('info') }
+
+  context 'passing no parameters' do
+    it {
+      is_expected.to contain_file('info.conf').with_content(
+        "<Location /server-info>\n"\
+        "    SetHandler server-info\n"\
+        "    Require ip 127.0.0.1 ::1\n"\
+        "</Location>\n"
+      )
+    }
+  end
+  context 'passing restrict_access => false' do
+    let :params do {
+      :restrict_access => false
+    }
+    end
+    it {
+      is_expected.to contain_file('info.conf').with_content(
+        "<Location /server-info>\n"\
+        "    SetHandler server-info\n"\
+        "</Location>\n"
+      )
+    }
+  end
+  context "passing allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']" do
+    let :params do
+      {:allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']}
+    end
+    it {
+      is_expected.to contain_file('info.conf').with_content(
+        "<Location /server-info>\n"\
+        "    SetHandler server-info\n"\
+        "    Require ip 10.10.1.2 192.168.1.2 127.0.0.1\n"\
+        "</Location>\n"
+      )
+    }
+  end
+  context 'passing both restrict_access and allow_from' do
+    let :params do
+      {
+        :restrict_access => false,
+        :allow_from      => ['10.10.1.2', '192.168.1.2', '127.0.0.1']
+      }
+    end
+    it {
+      is_expected.to contain_file('info.conf').with_content(
+        "<Location /server-info>\n"\
+        "    SetHandler server-info\n"\
+        "</Location>\n"
+      )
+    }
+  end
+end
+
+describe 'apache::mod::info', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context 'On a Debian OS' do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    # Load the more generic tests for this context
+    general_info_specs_22()
+
+    it { is_expected.to contain_file('info.conf').with({
+      :ensure => 'file',
+      :path   => '/etc/apache2/mods-available/info.conf',
+    } ) }
+    it { is_expected.to contain_file('info.conf symlink').with({
+      :ensure => 'link',
+      :path   => '/etc/apache2/mods-enabled/info.conf',
+    } ) }
+  end
+
+  context 'on a RedHat OS' do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    # Load the more generic tests for this context
+    general_info_specs_22()
+
+    it { is_expected.to contain_file('info.conf').with({
+      :ensure => 'file',
+      :path   => '/etc/httpd/conf.d/info.conf',
+      } ) }
+  end
+
+  context 'on a FreeBSD OS' do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '10',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    # Load the more generic tests for this context
+    general_info_specs_24()
+
+    it { is_expected.to contain_file('info.conf').with({
+      :ensure => 'file',
+      :path   => '/usr/local/etc/apache24/Modules/info.conf',
+    } ) }
+  end
+
+  context 'on a Gentoo OS' do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    # Load the more generic tests for this context
+    general_info_specs_24()
+
+    it { is_expected.to contain_file('info.conf').with({
+      :ensure => 'file',
+      :path   => '/etc/apache2/modules.d/info.conf',
+    } ) }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/intercept_form_submit_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/intercept_form_submit_spec.rb
new file mode 100644
index 000000000..14a91fcee
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/intercept_form_submit_spec.rb
@@ -0,0 +1,44 @@
+require 'spec_helper'
+
+describe 'apache::mod::intercept_form_submit', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "default configuration with parameters" do
+    context "on a Debian OS" do
+      let :facts do
+        {
+          :lsbdistcodename        => 'squeeze',
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :operatingsystem        => 'Debian',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache") }
+      it { is_expected.to contain_package("libapache2-mod-intercept-form-submit") }
+      it { is_expected.to contain_apache__mod('intercept_form_submit') }
+    end #Debian
+
+    context "on a RedHat OS" do
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :operatingsystem        => 'RedHat',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache") }
+      it { is_expected.to contain_package("mod_intercept_form_submit") }
+      it { is_expected.to contain_apache__mod('intercept_form_submit') }
+    end # Redhat
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/itk_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/itk_spec.rb
new file mode 100644
index 000000000..27369f144
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/itk_spec.rb
@@ -0,0 +1,130 @@
+require 'spec_helper'
+
+describe 'apache::mod::itk', :type => :class do
+  let :pre_condition do
+    'class { "apache": mpm_module => false, }'
+  end
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('itk') }
+    it { is_expected.to contain_file("/etc/apache2/mods-available/itk.conf").with_ensure('file') }
+    it { is_expected.to contain_file("/etc/apache2/mods-enabled/itk.conf").with_ensure('link') }
+
+    context "with Apache version < 2.4" do
+      let :params do
+        {
+          :apache_version => '2.2',
+        }
+      end
+
+      it { is_expected.not_to contain_file("/etc/apache2/mods-available/itk.load") }
+      it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/itk.load") }
+
+      it { is_expected.to contain_package("apache2-mpm-itk") }
+    end
+
+    context "with Apache version >= 2.4" do
+      let :pre_condition do
+        'class { "apache": mpm_module => prefork, }'
+      end
+
+      let :params do
+        {
+          :apache_version => '2.4',
+        }
+      end
+
+      it { is_expected.to contain_file("/etc/apache2/mods-available/itk.load").with({
+        'ensure'  => 'file',
+        'content' => "LoadModule mpm_itk_module /usr/lib/apache2/modules/mod_mpm_itk.so\n"
+        })
+      }
+      it { is_expected.to contain_file("/etc/apache2/mods-enabled/itk.load").with_ensure('link') }
+    end
+  end
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('itk') }
+    it { is_expected.to contain_file("/etc/httpd/conf.d/itk.conf").with_ensure('file') }
+    it { is_expected.to contain_package("httpd-itk") }
+
+    context "with Apache version < 2.4" do
+      let :params do
+        {
+          :apache_version => '2.2',
+        }
+      end
+
+      it { is_expected.to contain_file_line("/etc/sysconfig/httpd itk enable").with({
+        'require' => 'Package[httpd]',
+        })
+      }
+    end
+
+    context "with Apache version >= 2.4" do
+      let :pre_condition do
+        'class { "apache": mpm_module => prefork, }'
+      end
+
+      let :params do
+        {
+          :apache_version => '2.4',
+        }
+      end
+
+      it { is_expected.to contain_file("/etc/httpd/conf.d/itk.load").with({
+        'ensure'  => 'file',
+        'content' => "LoadModule mpm_itk_module modules/mod_mpm_itk.so\n"
+        })
+      }
+    end
+  end
+  context "on a FreeBSD OS" do
+    let :pre_condition do
+      'class { "apache": mpm_module => false, }'
+    end
+
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '10',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+        :mpm_module             => 'itk',
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('itk') }
+    it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/itk.conf").with_ensure('file') }
+    it { is_expected.to contain_package("www/mod_mpm_itk") }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/ldap_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/ldap_spec.rb
new file mode 100644
index 000000000..73c51adf2
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/ldap_spec.rb
@@ -0,0 +1,86 @@
+require 'spec_helper'
+
+describe 'apache::mod::ldap', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :lsbdistcodename        => 'squeeze',
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :operatingsystem        => 'Debian',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_class("apache::mod::ldap") }
+    it { is_expected.to contain_apache__mod('ldap') }
+
+    context 'default ldap_trusted_global_cert_file' do
+      it { is_expected.to contain_file('ldap.conf').without_content(/^LDAPTrustedGlobalCert/) }
+    end
+
+    context 'ldap_trusted_global_cert_file param' do
+      let(:params) { { :ldap_trusted_global_cert_file => 'ca.pem' } }
+      it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_BASE64 ca\.pem$/) }
+    end
+
+    context 'set multiple ldap params' do
+      let(:params) {{
+        :ldap_trusted_global_cert_file => 'ca.pem',
+        :ldap_trusted_global_cert_type => 'CA_DER',
+        :ldap_shared_cache_size        => '500000',
+        :ldap_cache_entries            => '1024',
+        :ldap_cache_ttl                => '600',
+        :ldap_opcache_entries          => '1024',
+        :ldap_opcache_ttl              => '600'
+      }}
+      it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_DER ca\.pem$/) }
+      it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPSharedCacheSize 500000$/) }
+      it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPCacheEntries 1024$/) }
+      it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPCacheTTL 600$/) }
+      it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPOpCacheEntries 1024$/) }
+      it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPOpCacheTTL 600$/) }
+    end
+  end #Debian
+
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :operatingsystem        => 'RedHat',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_class("apache::mod::ldap") }
+    it { is_expected.to contain_apache__mod('ldap') }
+
+    context 'default ldap_trusted_global_cert_file' do
+      it { is_expected.to contain_file('ldap.conf').without_content(/^LDAPTrustedGlobalCert/) }
+    end
+
+    context 'ldap_trusted_global_cert_file param' do
+      let(:params) { { :ldap_trusted_global_cert_file => 'ca.pem' } }
+      it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_BASE64 ca\.pem$/) }
+    end
+
+    context 'ldap_trusted_global_cert_file and ldap_trusted_global_cert_type params' do
+      let(:params) {{
+        :ldap_trusted_global_cert_file => 'ca.pem',
+        :ldap_trusted_global_cert_type => 'CA_DER'
+      }}
+      it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_DER ca\.pem$/) }
+    end
+  end # Redhat
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/lookup_identity.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/lookup_identity.rb
new file mode 100644
index 000000000..a04e2e88e
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/lookup_identity.rb
@@ -0,0 +1,44 @@
+require 'spec_helper'
+
+describe 'apache::mod::lookup_identity', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "default configuration with parameters" do
+    context "on a Debian OS" do
+      let :facts do
+        {
+          :lsbdistcodename        => 'squeeze',
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :operatingsystem        => 'Debian',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache") }
+      it { is_expected.to contain_package("libapache2-mod-lookup-identity") }
+      it { is_expected.to contain_apache__mod('lookup_identity') }
+    end #Debian
+
+    context "on a RedHat OS" do
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :operatingsystem        => 'RedHat',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class("apache") }
+      it { is_expected.to contain_package("mod_lookup_identity") }
+      it { is_expected.to contain_apache__mod('lookup_identity') }
+    end # Redhat
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/mime_magic_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/mime_magic_spec.rb
new file mode 100644
index 000000000..cf8f898aa
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/mime_magic_spec.rb
@@ -0,0 +1,110 @@
+require 'spec_helper'
+
+# This function is called inside the OS specific contexts
+def general_mime_magic_specs
+  it { is_expected.to contain_apache__mod("mime_magic") }
+end
+
+describe 'apache::mod::mime_magic', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "On a Debian OS with default params" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    general_mime_magic_specs()
+
+    it do
+      is_expected.to contain_file("mime_magic.conf").with_content(
+        "MIMEMagicFile \"/etc/apache2/magic\"\n"
+      )
+    end
+
+    it { is_expected.to contain_file("mime_magic.conf").with({
+      :ensure => 'file',
+      :path   => '/etc/apache2/mods-available/mime_magic.conf',
+    } ) }
+    it { is_expected.to contain_file("mime_magic.conf symlink").with({
+      :ensure => 'link',
+      :path   => '/etc/apache2/mods-enabled/mime_magic.conf',
+    } ) }
+
+    context "with magic_file => /tmp/Debian_magic" do
+      let :params do
+        { :magic_file => "/tmp/Debian_magic" }
+      end
+
+      it do
+        is_expected.to contain_file("mime_magic.conf").with_content(
+          "MIMEMagicFile \"/tmp/Debian_magic\"\n"
+        )
+      end
+    end
+
+  end
+
+  context "on a RedHat OS with default params" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    general_mime_magic_specs()
+
+    it do
+      is_expected.to contain_file("mime_magic.conf").with_content(
+        "MIMEMagicFile \"/etc/httpd/conf/magic\"\n"
+      )
+    end
+
+    it { is_expected.to contain_file("mime_magic.conf").with_path("/etc/httpd/conf.d/mime_magic.conf") }
+
+  end
+
+  context "with magic_file => /tmp/magic" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    let :params do
+      { :magic_file => "/tmp/magic" }
+    end
+
+    it do
+      is_expected.to contain_file("mime_magic.conf").with_content(
+        "MIMEMagicFile \"/tmp/magic\"\n"
+      )
+    end
+  end
+
+
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/mime_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/mime_spec.rb
new file mode 100644
index 000000000..b0675a3c0
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/mime_spec.rb
@@ -0,0 +1,52 @@
+require 'spec_helper'
+
+# This function is called inside the OS specific conte, :compilexts
+def general_mime_specs
+  it { is_expected.to contain_apache__mod("mime") }
+end
+
+describe 'apache::mod::mime', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "On a Debian OS with default params", :compile do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    general_mime_specs()
+
+    it { is_expected.to contain_file("mime.conf").with_path('/etc/apache2/mods-available/mime.conf') }
+
+  end
+
+  context "on a RedHat OS with default params", :compile do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    general_mime_specs()
+
+    it { is_expected.to contain_file("mime.conf").with_path("/etc/httpd/conf.d/mime.conf") }
+
+  end
+
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/negotiation_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/negotiation_spec.rb
new file mode 100644
index 000000000..9dadb7651
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/negotiation_spec.rb
@@ -0,0 +1,56 @@
+require 'spec_helper'
+
+describe 'apache::mod::negotiation', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+  describe "OS independent tests" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystem        => 'Debian',
+        :kernel                 => 'Linux',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    context "default params" do
+      it { should contain_class("apache") }
+      it do
+        should contain_file('negotiation.conf').with( {
+          :ensure  => 'file',
+          :content => 'LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
+ForceLanguagePriority Prefer Fallback
+',
+        } )
+      end
+    end
+
+    context 'with force_language_priority parameter' do
+      let :params do
+        { :force_language_priority => 'Prefer' }
+      end
+      it do
+        should contain_file('negotiation.conf').with( {
+          :ensure  => 'file',
+          :content => /^ForceLanguagePriority Prefer$/,
+        } )
+      end
+    end
+
+    context 'with language_priority parameter' do
+      let :params do
+        { :language_priority => [ 'en', 'es' ] }
+      end
+      it do
+        should contain_file('negotiation.conf').with( {
+          :ensure  => 'file',
+          :content => /^LanguagePriority en es$/,
+        } )
+      end
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/pagespeed_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/pagespeed_spec.rb
new file mode 100644
index 000000000..2cbc3d170
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/pagespeed_spec.rb
@@ -0,0 +1,51 @@
+require 'spec_helper'
+
+describe 'apache::mod::pagespeed', :type => :class do
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('pagespeed') }
+    it { is_expected.to contain_package("mod-pagespeed-stable") }
+
+    context "when setting additional_configuration to a Hash" do
+      let :params do { :additional_configuration => { 'Key' => 'Value' } } end
+      it { is_expected.to contain_file('pagespeed.conf').with_content /Key Value/ }
+    end
+
+    context "when setting additional_configuration to an Array" do
+      let :params do { :additional_configuration => [ 'Key Value' ] } end
+      it { is_expected.to contain_file('pagespeed.conf').with_content /Key Value/ }
+    end
+  end
+
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('pagespeed') }
+    it { is_expected.to contain_package("mod-pagespeed-stable") }
+    it { is_expected.to contain_file('pagespeed.conf') }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/passenger_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/passenger_spec.rb
new file mode 100644
index 000000000..200d45706
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/passenger_spec.rb
@@ -0,0 +1,331 @@
+require 'spec_helper'
+
+describe 'apache::mod::passenger', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :kernel                 => 'Linux',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('passenger') }
+    it { is_expected.to contain_package("libapache2-mod-passenger") }
+    it { is_expected.to contain_file('zpassenger.load').with({
+      'path' => '/etc/apache2/mods-available/zpassenger.load',
+    }) }
+    it { is_expected.to contain_file('passenger.conf').with({
+      'path' => '/etc/apache2/mods-available/passenger.conf',
+    }) }
+    describe "with passenger_root => '/usr/lib/example'" do
+      let :params do
+        { :passenger_root => '/usr/lib/example' }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/example"}) }
+    end
+    describe "with passenger_ruby => /usr/lib/example/ruby" do
+      let :params do
+        { :passenger_ruby => '/usr/lib/example/ruby' }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby"}) }
+    end
+    describe "with passenger_default_ruby => /usr/lib/example/ruby1.9.3" do
+      let :params do
+        { :passenger_ruby => '/usr/lib/example/ruby1.9.3' }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby1.9.3"}) }
+    end
+    describe "with passenger_high_performance => on" do
+      let :params do
+        { :passenger_high_performance => 'on' }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(/^  PassengerHighPerformance on$/) }
+    end
+    describe "with passenger_pool_idle_time => 1200" do
+      let :params do
+        { :passenger_pool_idle_time => 1200 }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(/^  PassengerPoolIdleTime 1200$/) }
+    end
+    describe "with passenger_max_request_queue_size => 100" do
+      let :params do
+        { :passenger_max_request_queue_size => 100 }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(/^  PassengerMaxRequestQueueSize 100$/) }
+    end
+
+    describe "with passenger_max_requests => 20" do
+      let :params do
+        { :passenger_max_requests => 20 }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(/^  PassengerMaxRequests 20$/) }
+    end
+    describe "with passenger_spawn_method => direct" do
+      let :params do
+        { :passenger_spawn_method => 'direct' }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(/^  PassengerSpawnMethod direct$/) }
+    end
+    describe "with passenger_stat_throttle_rate => 10" do
+      let :params do
+        { :passenger_stat_throttle_rate => 10 }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(/^  PassengerStatThrottleRate 10$/) }
+    end
+    describe "with passenger_max_pool_size => 16" do
+      let :params do
+        { :passenger_max_pool_size => 16 }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(/^  PassengerMaxPoolSize 16$/) }
+    end
+    describe "with passenger_min_instances => 5" do
+      let :params do
+        { :passenger_min_instances => 5 }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(/^  PassengerMinInstances 5$/) }
+    end
+    describe "with passenger_max_instances_per_app => 8" do
+      let :params do
+        { :passenger_max_instances_per_app => 8 }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(/^  PassengerMaxInstancesPerApp 8$/) }
+    end
+    describe "with rack_autodetect => on" do
+      let :params do
+        { :rack_autodetect => 'on' }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(/^  RackAutoDetect on$/) }
+    end
+    describe "with rails_autodetect => on" do
+      let :params do
+        { :rails_autodetect => 'on' }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(/^  RailsAutoDetect on$/) }
+    end
+    describe "with passenger_use_global_queue => on" do
+      let :params do
+        { :passenger_use_global_queue => 'on' }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(/^  PassengerUseGlobalQueue on$/) }
+    end
+    describe "with passenger_app_env => 'foo'" do
+      let :params do
+        { :passenger_app_env => 'foo' }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(/^  PassengerAppEnv foo$/) }
+    end
+    describe "with passenger_log_file => '/var/log/apache2/passenger.log'" do
+      let :params do
+        { :passenger_log_file => '/var/log/apache2/passenger.log' }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(%r{^  PassengerLogFile /var/log/apache2/passenger.log$}) }
+    end
+    describe "with passenger_log_level => 3" do
+      let :params do
+        { :passenger_log_level => 3 }
+      end
+      it { is_expected.to contain_file('passenger.conf').with_content(%r{^  PassengerLogLevel 3$}) }
+    end
+    describe "with mod_path => '/usr/lib/foo/mod_foo.so'" do
+      let :params do
+        { :mod_path => '/usr/lib/foo/mod_foo.so' }
+      end
+      it { is_expected.to contain_file('zpassenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_foo\.so$/) }
+    end
+    describe "with mod_lib_path => '/usr/lib/foo'" do
+      let :params do
+        { :mod_lib_path => '/usr/lib/foo' }
+      end
+      it { is_expected.to contain_file('zpassenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_passenger\.so$/) }
+    end
+    describe "with mod_lib => 'mod_foo.so'" do
+      let :params do
+        { :mod_lib => 'mod_foo.so' }
+      end
+      it { is_expected.to contain_file('zpassenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/apache2\/modules\/mod_foo\.so$/) }
+    end
+    describe "with mod_id => 'mod_foo'" do
+      let :params do
+        { :mod_id => 'mod_foo' }
+      end
+      it { is_expected.to contain_file('zpassenger.load').with_content(/^LoadModule mod_foo \/usr\/lib\/apache2\/modules\/mod_passenger\.so$/) }
+    end
+
+    context "with Ubuntu 12.04 defaults" do
+      let :facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '12.04',
+          :kernel                 => 'Linux',
+          :operatingsystem        => 'Ubuntu',
+          :lsbdistrelease         => '12.04',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr"}) }
+      it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/bin/ruby"}) }
+      it { is_expected.to contain_file('passenger.conf').without_content(/PassengerDefaultRuby/) }
+    end
+
+    context "with Ubuntu 14.04 defaults" do
+      let :facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '14.04',
+          :operatingsystem        => 'Ubuntu',
+          :kernel                 => 'Linux',
+          :lsbdistrelease         => '14.04',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) }
+      it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) }
+      it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) }
+    end
+
+    context "with Debian 7 defaults" do
+      let :facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '7.3',
+          :operatingsystem        => 'Debian',
+          :kernel                 => 'Linux',
+          :lsbdistcodename        => 'wheezy',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr"}) }
+      it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/bin/ruby"}) }
+      it { is_expected.to contain_file('passenger.conf').without_content(/PassengerDefaultRuby/) }
+    end
+
+    context "with Debian 8 defaults" do
+      let :facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '8.0',
+          :operatingsystem        => 'Debian',
+          :kernel                 => 'Linux',
+          :lsbdistcodename        => 'jessie',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) }
+      it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) }
+      it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) }
+    end
+  end
+
+  context "on a RedHat OS" do
+    let :rh_facts do
+      {
+        :osfamily               => 'RedHat',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    context "on EL6" do
+      let(:facts) { rh_facts.merge(:operatingsystemrelease => '6') }
+
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('passenger') }
+      it { is_expected.to contain_package("mod_passenger") }
+      it { is_expected.to contain_file('passenger_package.conf').with({
+        'path' => '/etc/httpd/conf.d/passenger.conf',
+      }) }
+      it { is_expected.to contain_file('passenger_package.conf').without_content }
+      it { is_expected.to contain_file('passenger_package.conf').without_source }
+      it { is_expected.to contain_file('zpassenger.load').with({
+        'path' => '/etc/httpd/conf.d/zpassenger.load',
+      }) }
+      it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRoot/) }
+      it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) }
+      describe "with passenger_root => '/usr/lib/example'" do
+        let :params do
+          { :passenger_root => '/usr/lib/example' }
+        end
+        it { is_expected.to contain_file('passenger.conf').with_content(/^  PassengerRoot "\/usr\/lib\/example"$/) }
+      end
+      describe "with passenger_ruby => /usr/lib/example/ruby" do
+        let :params do
+          { :passenger_ruby => '/usr/lib/example/ruby' }
+        end
+        it { is_expected.to contain_file('passenger.conf').with_content(/^  PassengerRuby "\/usr\/lib\/example\/ruby"$/) }
+      end
+    end
+
+    context "on EL7" do
+      let(:facts) { rh_facts.merge(:operatingsystemrelease => '7') }
+
+      it { is_expected.to contain_file('passenger_package.conf').with({
+        'path' => '/etc/httpd/conf.d/passenger.conf',
+      }) }
+      it { is_expected.to contain_file('zpassenger.load').with({
+        'path' => '/etc/httpd/conf.modules.d/zpassenger.load',
+      }) }
+    end
+  end
+  context "on a FreeBSD OS" do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '9',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('passenger') }
+    it { is_expected.to contain_package("www/rubygem-passenger") }
+  end
+  context "on a Gentoo OS" do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('passenger') }
+    it { is_expected.to contain_package("www-apache/passenger") }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/perl_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/perl_spec.rb
new file mode 100644
index 000000000..f5b61fe0c
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/perl_spec.rb
@@ -0,0 +1,74 @@
+require 'spec_helper'
+
+describe 'apache::mod::perl', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('perl') }
+    it { is_expected.to contain_package("libapache2-mod-perl2") }
+  end
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('perl') }
+    it { is_expected.to contain_package("mod_perl") }
+  end
+  context "on a FreeBSD OS" do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '9',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('perl') }
+    it { is_expected.to contain_package("www/mod_perl2") }
+  end
+  context "on a Gentoo OS" do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'Gentoo',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('perl') }
+    it { is_expected.to contain_package("www-apache/mod_perl") }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/peruser_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/peruser_spec.rb
new file mode 100644
index 000000000..097a36fff
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/peruser_spec.rb
@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+describe 'apache::mod::peruser', :type => :class do
+  let :pre_condition do
+    'class { "apache": mpm_module => false, }'
+  end
+  context "on a FreeBSD OS" do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '10',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it do
+      expect {
+        catalogue
+      }.to raise_error(Puppet::Error, /Unsupported osfamily FreeBSD/)
+    end
+  end
+  context "on a Gentoo OS" do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('peruser') }
+    it { is_expected.to contain_file("/etc/apache2/modules.d/peruser.conf").with_ensure('file') }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/php_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/php_spec.rb
new file mode 100644
index 000000000..ad61e897b
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/php_spec.rb
@@ -0,0 +1,319 @@
+require 'spec_helper'
+
+describe 'apache::mod::php', :type => :class do
+  describe "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    context "with mpm_module => prefork" do
+      let :pre_condition do
+        'class { "apache": mpm_module => prefork, }'
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_class("apache::mod::prefork") }
+      it { is_expected.to contain_apache__mod('php5') }
+      it { is_expected.to contain_package("libapache2-mod-php5") }
+      it { is_expected.to contain_file("php5.load").with(
+        :content => "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n"
+      ) }
+    end
+    context "with mpm_module => itk" do
+      let :pre_condition do
+        'class { "apache": mpm_module => itk, }'
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_class("apache::mod::itk") }
+      it { is_expected.to contain_apache__mod('php5') }
+      it { is_expected.to contain_package("libapache2-mod-php5") }
+      it { is_expected.to contain_file("php5.load").with(
+        :content => "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n"
+      ) }
+    end
+    context "on jessie" do
+      let :pre_condition do
+        'class { "apache": mpm_module => prefork, }'
+      end
+      let(:facts) { super().merge({
+        :operatingsystemrelease => '8',
+        :lsbdistcodename        => 'jessie',
+      }) }
+      it { is_expected.to contain_file("php5.load").with(
+        :content => "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n"
+      ) }
+    end
+    context "on stretch" do
+      let :pre_condition do
+        'class { "apache": mpm_module => prefork, }'
+      end
+      let(:facts) { super().merge({
+        :operatingsystemrelease => '9',
+        :lsbdistcodename        => 'stretch',
+      }) }
+      it { is_expected.to contain_apache__mod('php7.0') }
+      it { is_expected.to contain_package("libapache2-mod-php7.0") }
+      it { is_expected.to contain_file("php7.0.load").with(
+        :content => "LoadModule php7_module /usr/lib/apache2/modules/libphp7.0.so\n"
+      ) }
+    end
+  end
+  describe "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    context "with default params" do
+      let :pre_condition do
+        'class { "apache": }'
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('php5') }
+      it { is_expected.to contain_package("php") }
+      it { is_expected.to contain_file("php5.load").with(
+        :content => "LoadModule php5_module modules/libphp5.so\n"
+      ) }
+    end
+    context "with alternative package name" do let :pre_condition do
+        'class { "apache": }'
+      end
+      let :params do
+        { :package_name => 'php54'}
+      end
+      it { is_expected.to contain_package("php54") }
+    end
+    context "with alternative path" do let :pre_condition do
+        'class { "apache": }'
+      end
+      let :params do
+        { :path => 'alternative-path'}
+      end
+      it { is_expected.to contain_file("php5.load").with(
+        :content => "LoadModule php5_module alternative-path\n"
+      ) }
+    end
+    context "with alternative extensions" do let :pre_condition do
+        'class { "apache": }'
+      end
+      let :params do
+        { :extensions => ['.php','.php5']}
+      end
+      it { is_expected.to contain_file("php5.conf").with_content(Regexp.new(Regexp.escape('<FilesMatch ".+(\.php|\.php5)$">'))) }
+    end
+    context "with specific version" do
+      let :pre_condition do
+        'class { "apache": }'
+      end
+      let :params do
+        { :package_ensure => '5.3.13'}
+      end
+      it { is_expected.to contain_package("php").with(
+        :ensure => '5.3.13'
+      ) }
+    end
+    context "with mpm_module => prefork" do
+      let :pre_condition do
+        'class { "apache": mpm_module => prefork, }'
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_class("apache::mod::prefork") }
+      it { is_expected.to contain_apache__mod('php5') }
+      it { is_expected.to contain_package("php") }
+      it { is_expected.to contain_file("php5.load").with(
+        :content => "LoadModule php5_module modules/libphp5.so\n"
+      ) }
+    end
+    context "with mpm_module => itk" do
+      let :pre_condition do
+        'class { "apache": mpm_module => itk, }'
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_class("apache::mod::itk") }
+      it { is_expected.to contain_apache__mod('php5') }
+      it { is_expected.to contain_package("php") }
+      it { is_expected.to contain_file("php5.load").with(
+        :content => "LoadModule php5_module modules/libphp5.so\n"
+      ) }
+    end
+  end
+  describe "on a FreeBSD OS" do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '10',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    context "with mpm_module => prefork" do
+      let :pre_condition do
+        'class { "apache": mpm_module => prefork, }'
+      end
+      it { is_expected.to contain_class('apache::params') }
+      it { is_expected.to contain_apache__mod('php5') }
+      it { is_expected.to contain_package("www/mod_php5") }
+      it { is_expected.to contain_file('php5.load') }
+    end
+    context "with mpm_module => itk" do
+      let :pre_condition do
+        'class { "apache": mpm_module => itk, }'
+      end
+      it { is_expected.to contain_class('apache::params') }
+      it { is_expected.to contain_class('apache::mod::itk') }
+      it { is_expected.to contain_apache__mod('php5') }
+      it { is_expected.to contain_package("www/mod_php5") }
+      it { is_expected.to contain_file('php5.load') }
+    end
+  end
+  describe "on a Gentoo OS" do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    context "with mpm_module => prefork" do
+      let :pre_condition do
+        'class { "apache": mpm_module => prefork, }'
+      end
+      it { is_expected.to contain_class('apache::params') }
+      it { is_expected.to contain_apache__mod('php5') }
+      it { is_expected.to contain_package("dev-lang/php") }
+      it { is_expected.to contain_file('php5.load') }
+    end
+    context "with mpm_module => itk" do
+      let :pre_condition do
+        'class { "apache": mpm_module => itk, }'
+      end
+      it { is_expected.to contain_class('apache::params') }
+      it { is_expected.to contain_class('apache::mod::itk') }
+      it { is_expected.to contain_apache__mod('php5') }
+      it { is_expected.to contain_package("dev-lang/php") }
+      it { is_expected.to contain_file('php5.load') }
+    end
+  end
+  describe "OS independent tests" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystem        => 'Debian',
+        :operatingsystemrelease => '6',
+        :kernel                 => 'Linux',
+        :lsbdistcodename        => 'squeeze',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    context 'with content param' do
+      let :pre_condition do
+        'class { "apache": mpm_module => prefork, }'
+      end
+      let :params do
+        { :content => 'somecontent' }
+      end
+      it { should contain_file('php5.conf').with(
+        :content => 'somecontent'
+      ) }
+    end
+    context 'with template param' do
+      let :pre_condition do
+        'class { "apache": mpm_module => prefork, }'
+      end
+      let :params do
+        { :template => 'apache/mod/php.conf.erb' }
+      end
+      it { should contain_file('php5.conf').with(
+        :content => /^# PHP is an HTML-embedded scripting language which attempts to make it/
+      ) }
+    end
+    context 'with source param' do
+      let :pre_condition do
+        'class { "apache": mpm_module => prefork, }'
+      end
+      let :params do
+        { :source => 'some-path' }
+      end
+      it { should contain_file('php5.conf').with(
+        :source => 'some-path'
+      ) }
+    end
+    context 'content has priority over template' do
+      let :pre_condition do
+        'class { "apache": mpm_module => prefork, }'
+      end
+      let :params do
+        {
+          :template => 'apache/mod/php5.conf.erb',
+          :content  => 'somecontent'
+        }
+      end
+      it { should contain_file('php5.conf').with(
+        :content => 'somecontent'
+      ) }
+    end
+    context 'source has priority over template' do
+      let :pre_condition do
+        'class { "apache": mpm_module => prefork, }'
+      end
+      let :params do
+        {
+          :template => 'apache/mod/php5.conf.erb',
+          :source   => 'some-path'
+        }
+      end
+      it { should contain_file('php5.conf').with(
+        :source => 'some-path'
+      ) }
+    end
+    context 'source has priority over content' do
+      let :pre_condition do
+        'class { "apache": mpm_module => prefork, }'
+      end
+      let :params do
+        {
+          :content => 'somecontent',
+          :source  => 'some-path'
+        }
+      end
+      it { should contain_file('php5.conf').with(
+        :source => 'some-path'
+      ) }
+    end
+    context 'with mpm_module => worker' do
+      let :pre_condition do
+        'class { "apache": mpm_module => worker, }'
+      end
+      it 'should raise an error' do
+        expect { expect(subject).to contain_apache__mod('php5') }.to raise_error Puppet::Error, /mpm_module => 'prefork' or mpm_module => 'itk'/
+      end
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/prefork_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/prefork_spec.rb
new file mode 100644
index 000000000..3e2954fc7
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/prefork_spec.rb
@@ -0,0 +1,134 @@
+require 'spec_helper'
+
+describe 'apache::mod::prefork', :type => :class do
+  let :pre_condition do
+    'class { "apache": mpm_module => false, }'
+  end
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('prefork') }
+    it { is_expected.to contain_file("/etc/apache2/mods-available/prefork.conf").with_ensure('file') }
+    it { is_expected.to contain_file("/etc/apache2/mods-enabled/prefork.conf").with_ensure('link') }
+
+    context "with Apache version < 2.4" do
+      let :params do
+        {
+          :apache_version => '2.2',
+        }
+      end
+
+      it { is_expected.not_to contain_file("/etc/apache2/mods-available/prefork.load") }
+      it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/prefork.load") }
+
+      it { is_expected.to contain_package("apache2-mpm-prefork") }
+    end
+
+    context "with Apache version >= 2.4" do
+      let :params do
+        {
+          :apache_version => '2.4',
+        }
+      end
+
+      it { is_expected.to contain_file("/etc/apache2/mods-available/prefork.load").with({
+        'ensure'  => 'file',
+        'content' => "LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so\n"
+        })
+      }
+      it { is_expected.to contain_file("/etc/apache2/mods-enabled/prefork.load").with_ensure('link') }
+    end
+  end
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('prefork') }
+    it { is_expected.to contain_file("/etc/httpd/conf.d/prefork.conf").with_ensure('file') }
+
+    context "with Apache version < 2.4" do
+      let :params do
+        {
+          :apache_version => '2.2',
+        }
+      end
+
+      it { is_expected.to contain_file_line("/etc/sysconfig/httpd prefork enable").with({
+        'require' => 'Package[httpd]',
+        })
+      }
+    end
+
+    context "with Apache version >= 2.4" do
+      let :params do
+        {
+          :apache_version => '2.4',
+        }
+      end
+
+      it { is_expected.not_to contain_apache__mod('event') }
+
+      it { is_expected.to contain_file("/etc/httpd/conf.d/prefork.load").with({
+        'ensure'  => 'file',
+        'content' => "LoadModule mpm_prefork_module modules/mod_mpm_prefork.so\n",
+        })
+      }
+    end
+  end
+  context "on a FreeBSD OS" do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '9',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('prefork') }
+    it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/prefork.conf").with_ensure('file') }
+  end
+  context "on a Gentoo OS" do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('prefork') }
+    it { is_expected.to contain_file("/etc/apache2/modules.d/prefork.conf").with_ensure('file') }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/proxy_balancer_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/proxy_balancer_spec.rb
new file mode 100644
index 000000000..d646ba750
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/proxy_balancer_spec.rb
@@ -0,0 +1,95 @@
+require 'spec_helper'
+
+# Helper function for testing the contents of `proxy_balancer.conf`
+def balancer_manager_conf_spec(allow_from, manager_path)
+  it do
+    is_expected.to contain_file("proxy_balancer.conf").with_content(
+      "<Location #{manager_path}>\n"\
+      "    SetHandler balancer-manager\n"\
+      "    Require ip #{Array(allow_from).join(' ')}\n"\
+      "</Location>\n"
+    )
+  end
+end
+
+describe 'apache::mod::proxy_balancer', :type => :class do
+  let :pre_condition do
+    [
+      'include apache::mod::proxy',
+    ]
+  end
+  it_behaves_like "a mod class, without including apache"
+
+  context "default configuration with default parameters" do
+    context "on a Debian OS" do
+      let :facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '8',
+          :concat_basedir         => '/dne',
+          :lsbdistcodename        => 'jessie',
+          :operatingsystem        => 'Debian',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to contain_apache__mod("proxy_balancer") }
+
+      it { is_expected.to_not contain_file("proxy_balancer.conf") }
+      it { is_expected.to_not contain_file("proxy_balancer.conf symlink") }
+
+    end
+
+    context "on a RedHat OS" do
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to contain_apache__mod("proxy_balancer") }
+
+      it { is_expected.to_not contain_file("proxy_balancer.conf") }
+      it { is_expected.to_not contain_file("proxy_balancer.conf symlink") }
+
+    end
+  end
+
+  context "default configuration with custom parameters $manager => true, $allow_from => ['10.10.10.10','11.11.11.11'], $status_path => '/custom-manager'" do
+    context "on a Debian OS" do
+      let :facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '8',
+          :concat_basedir         => '/dne',
+          :lsbdistcodename        => 'jessie',
+          :operatingsystem        => 'Debian',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :params do
+        {
+          :manager      => true,
+          :allow_from   => ['10.10.10.10','11.11.11.11'],
+          :manager_path => '/custom-manager',
+        }
+      end
+
+      balancer_manager_conf_spec(["10.10.10.10", "11.11.11.11"], "/custom-manager")
+
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/proxy_connect_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/proxy_connect_spec.rb
new file mode 100644
index 000000000..33059c07b
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/proxy_connect_spec.rb
@@ -0,0 +1,65 @@
+require 'spec_helper'
+
+describe 'apache::mod::proxy_connect', :type => :class do
+  let :pre_condition do
+    [
+      'include apache::mod::proxy',
+    ]
+  end
+  it_behaves_like "a mod class, without including apache"
+  context 'on a Debian OS' do
+    let :facts do
+      {
+        :osfamily        => 'Debian',
+        :concat_basedir  => '/dne',
+        :operatingsystem => 'Debian',
+        :id              => 'root',
+        :kernel          => 'Linux',
+        :path            => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    context 'with Apache version < 2.2' do
+      let :facts do
+        super().merge({
+          :operatingsystemrelease => '7.0',
+          :lsbdistcodename        => 'wheezy',
+        })
+      end
+      let :params do
+        {
+          :apache_version => '2.1',
+        }
+      end
+      it { is_expected.not_to contain_apache__mod('proxy_connect') }
+    end
+    context 'with Apache version = 2.2' do
+      let :facts do
+        super().merge({
+          :operatingsystemrelease => '7.0',
+          :lsbdistcodename        => 'wheezy',
+        })
+      end
+      let :params do
+        {
+          :apache_version => '2.2',
+        }
+      end
+      it { is_expected.to contain_apache__mod('proxy_connect') }
+    end
+    context 'with Apache version >= 2.4' do
+      let :facts do
+        super().merge({
+          :operatingsystemrelease => '8.0',
+          :lsbdistcodename        => 'jessie',
+        })
+      end
+      let :params do
+        {
+          :apache_version => '2.4',
+        }
+      end
+      it { is_expected.to contain_apache__mod('proxy_connect') }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/proxy_html_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/proxy_html_spec.rb
new file mode 100644
index 000000000..0d70276c2
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/proxy_html_spec.rb
@@ -0,0 +1,128 @@
+require 'spec_helper'
+
+describe 'apache::mod::proxy_html', :type => :class do
+  let :pre_condition do
+    [
+      'include apache::mod::proxy',
+      'include apache::mod::proxy_http',
+    ]
+  end
+  it_behaves_like "a mod class, without including apache"
+  context "on a Debian OS" do
+    shared_examples "debian" do |loadfiles|
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => loadfiles) }
+      it { is_expected.to contain_package("libapache2-mod-proxy-html") }
+    end
+    let :facts do
+      {
+        :osfamily        => 'Debian',
+        :concat_basedir  => '/dne',
+        :architecture    => 'i386',
+        :lsbdistcodename => 'squeeze',
+        :operatingsystem => 'Debian',
+        :id              => 'root',
+        :kernel          => 'Linux',
+        :path            => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :hardwaremodel   => 'i386',
+        :is_pe           => false,
+      }
+    end
+
+    context "on squeeze" do
+      let(:facts) { super().merge({ :operatingsystemrelease => '6' }) }
+      it_behaves_like "debian", ['/usr/lib/libxml2.so.2']
+      it { is_expected.to_not contain_apache__mod('xml2enc') }
+    end
+    context "on wheezy" do
+      let(:facts) { super().merge({ :operatingsystemrelease => '7' }) }
+      it { is_expected.to_not contain_apache__mod('xml2enc') }
+      context "i386" do
+        let(:facts) { super().merge({
+          :hardwaremodel => 'i686',
+          :architecture  => 'i386'
+        })}
+        it_behaves_like "debian", ["/usr/lib/i386-linux-gnu/libxml2.so.2"]
+      end
+      context "x64" do
+        let(:facts) { super().merge({
+          :hardwaremodel => 'x86_64',
+          :architecture  => 'amd64'
+        })}
+        it_behaves_like "debian", ["/usr/lib/x86_64-linux-gnu/libxml2.so.2"]
+      end
+    end
+    context "on jessie" do
+      let(:facts) { super().merge({ :operatingsystemrelease => '8' }) }
+      it { is_expected.to contain_apache__mod('xml2enc').with(:loadfiles => nil) }
+      context "i386" do
+        let(:facts) { super().merge({
+          :hardwaremodel => 'i686',
+          :architecture  => 'i386'
+        })}
+        it_behaves_like "debian", ["/usr/lib/i386-linux-gnu/libxml2.so.2"]
+      end
+      context "x64" do
+        let(:facts) { super().merge({
+          :hardwaremodel => 'x86_64',
+          :architecture  => 'amd64'
+        })}
+        it_behaves_like "debian", ["/usr/lib/x86_64-linux-gnu/libxml2.so.2"]
+      end
+    end
+  end
+  context "on a RedHat OS", :compile do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) }
+    it { is_expected.to contain_package("mod_proxy_html") }
+    it { is_expected.to contain_apache__mod('xml2enc').with(:loadfiles => nil) }
+  end
+  context "on a FreeBSD OS", :compile do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '9',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) }
+    it { is_expected.to contain_apache__mod('xml2enc').with(:loadfiles => nil) }
+    it { is_expected.to contain_package("www/mod_proxy_html") }
+  end
+  context "on a Gentoo OS", :compile do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) }
+    it { is_expected.to contain_apache__mod('xml2enc').with(:loadfiles => nil) }
+    it { is_expected.to contain_package("www-apache/mod_proxy_html") }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/proxy_wstunnel.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/proxy_wstunnel.rb
new file mode 100644
index 000000000..5af217a05
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/proxy_wstunnel.rb
@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe 'apache::mod::proxy_wstunnel', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/python_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/python_spec.rb
new file mode 100644
index 000000000..1393293a9
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/python_spec.rb
@@ -0,0 +1,75 @@
+require 'spec_helper'
+
+describe 'apache::mod::python', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod("python") }
+    it { is_expected.to contain_package("libapache2-mod-python") }
+  end
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod("python") }
+    it { is_expected.to contain_package("mod_python") }
+  end
+  context "on a FreeBSD OS" do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '9',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod("python") }
+    it { is_expected.to contain_package("www/mod_python3") }
+  end
+  context "on a Gentoo OS" do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod("python") }
+    it { is_expected.to contain_package("www-apache/mod_python") }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/remoteip_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/remoteip_spec.rb
new file mode 100644
index 000000000..d75ea5603
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/remoteip_spec.rb
@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+describe 'apache::mod::remoteip', :type => :class do
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '8',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'jessie',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+      }
+    end
+    let :params do
+      { :apache_version => '2.4' }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('remoteip') }
+    it { is_expected.to contain_file('remoteip.conf').with({
+      'path' => '/etc/apache2/mods-available/remoteip.conf',
+    }) }
+
+    describe "with header X-Forwarded-For" do
+      let :params do
+        { :header => 'X-Forwarded-For' }
+      end
+      it { is_expected.to contain_file('remoteip.conf').with_content(/^RemoteIPHeader X-Forwarded-For$/) }
+    end
+    describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do
+      let :params do
+        { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] }
+      end
+      it { is_expected.to contain_file('remoteip.conf').with_content(/^RemoteIPInternalProxy 10.42.17.8$/) }
+      it { is_expected.to contain_file('remoteip.conf').with_content(/^RemoteIPInternalProxy 10.42.18.99$/) }
+    end
+    describe "with Apache version < 2.4" do
+      let :params do
+        { :apache_version => '2.2' }
+      end
+      it 'should fail' do
+        expect { catalogue }.to raise_error(Puppet::Error, /mod_remoteip is only available in Apache 2.4/)
+      end
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/reqtimeout_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/reqtimeout_spec.rb
new file mode 100644
index 000000000..c3a09777c
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/reqtimeout_spec.rb
@@ -0,0 +1,146 @@
+require 'spec_helper'
+
+describe 'apache::mod::reqtimeout', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :lsbdistcodename        => 'squeeze',
+        :is_pe                  => false,
+      }
+    end
+    context "passing no parameters" do
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('reqtimeout') }
+      it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) }
+    end
+    context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do
+      let :params do
+        {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']}
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('reqtimeout') }
+      it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) }
+    end
+    context "passing timeouts => 'header=20-60,minrate=600'" do
+      let :params do
+        {:timeouts => 'header=20-60,minrate=600'}
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('reqtimeout') }
+      it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) }
+    end
+  end
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'Redhat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    context "passing no parameters" do
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('reqtimeout') }
+      it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) }
+    end
+    context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do
+      let :params do
+        {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']}
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('reqtimeout') }
+      it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) }
+    end
+    context "passing timeouts => 'header=20-60,minrate=600'" do
+      let :params do
+        {:timeouts => 'header=20-60,minrate=600'}
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('reqtimeout') }
+      it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) }
+    end
+  end
+  context "on a FreeBSD OS" do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '9',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    context "passing no parameters" do
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('reqtimeout') }
+      it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) }
+    end
+    context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do
+      let :params do
+        {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']}
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('reqtimeout') }
+      it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) }
+    end
+    context "passing timeouts => 'header=20-60,minrate=600'" do
+      let :params do
+        {:timeouts => 'header=20-60,minrate=600'}
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('reqtimeout') }
+      it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) }
+    end
+  end
+  context "on a Gentoo OS" do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    context "passing no parameters" do
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('reqtimeout') }
+      it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) }
+    end
+    context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do
+      let :params do
+        {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']}
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('reqtimeout') }
+      it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) }
+    end
+    context "passing timeouts => 'header=20-60,minrate=600'" do
+      let :params do
+        {:timeouts => 'header=20-60,minrate=600'}
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__mod('reqtimeout') }
+      it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/rpaf_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/rpaf_spec.rb
new file mode 100644
index 000000000..13f0e6c8c
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/rpaf_spec.rb
@@ -0,0 +1,126 @@
+require 'spec_helper'
+
+describe 'apache::mod::rpaf', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('rpaf') }
+    it { is_expected.to contain_package("libapache2-mod-rpaf") }
+    it { is_expected.to contain_file('rpaf.conf').with({
+      'path' => '/etc/apache2/mods-available/rpaf.conf',
+    }) }
+    it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) }
+
+    describe "with sethostname => true" do
+      let :params do
+        { :sethostname => 'true' }
+      end
+      it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) }
+    end
+    describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do
+      let :params do
+        { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] }
+      end
+      it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) }
+    end
+    describe "with header => X-Real-IP" do
+      let :params do
+        { :header => 'X-Real-IP' }
+      end
+      it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) }
+    end
+  end
+  context "on a FreeBSD OS" do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '9',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('rpaf') }
+    it { is_expected.to contain_package("www/mod_rpaf2") }
+    it { is_expected.to contain_file('rpaf.conf').with({
+      'path' => '/usr/local/etc/apache24/Modules/rpaf.conf',
+    }) }
+    it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) }
+
+    describe "with sethostname => true" do
+      let :params do
+        { :sethostname => 'true' }
+      end
+      it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) }
+    end
+    describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do
+      let :params do
+        { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] }
+      end
+      it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) }
+    end
+    describe "with header => X-Real-IP" do
+      let :params do
+        { :header => 'X-Real-IP' }
+      end
+      it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) }
+    end
+  end
+  context "on a Gentoo OS" do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_apache__mod('rpaf') }
+    it { is_expected.to contain_package("www-apache/mod_rpaf") }
+    it { is_expected.to contain_file('rpaf.conf').with({
+      'path' => '/etc/apache2/modules.d/rpaf.conf',
+    }) }
+    it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) }
+
+    describe "with sethostname => true" do
+      let :params do
+        { :sethostname => 'true' }
+      end
+      it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) }
+    end
+    describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do
+      let :params do
+        { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] }
+      end
+      it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) }
+    end
+    describe "with header => X-Real-IP" do
+      let :params do
+        { :header => 'X-Real-IP' }
+      end
+      it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/security_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/security_spec.rb
new file mode 100644
index 000000000..e30f7214f
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/security_spec.rb
@@ -0,0 +1,162 @@
+
+require 'spec_helper'
+
+describe 'apache::mod::security', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+  context "on RedHat based systems" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystem        => 'CentOS',
+        :operatingsystemrelease => '7',
+        :kernel                 => 'Linux',
+        :id                     => 'root',
+        :concat_basedir         => '/',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { should contain_apache__mod('security').with(
+      :id => 'security2_module',
+      :lib => 'mod_security2.so'
+    ) }
+    it { should contain_apache__mod('unique_id_module').with(
+      :id => 'unique_id_module',
+      :lib => 'mod_unique_id.so'
+    ) }
+    it { should contain_package('mod_security_crs') }
+    it { should contain_file('security.conf').with(
+      :path => '/etc/httpd/conf.modules.d/security.conf'
+    ) }
+    it { should contain_file('security.conf')
+      .with_content(%r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!04\)\)"$})
+      .with_content(%r{^\s+SecAuditLogParts ABIJDEFHZ$})
+      .with_content(%r{^\s+SecDebugLog /var/log/httpd/modsec_debug.log$})
+      .with_content(%r{^\s+SecAuditLog /var/log/httpd/modsec_audit.log$})
+    }
+    it { should contain_file('/etc/httpd/modsecurity.d').with(
+      :ensure => 'directory',
+      :path   => '/etc/httpd/modsecurity.d',
+      :owner  => 'root',
+      :group  => 'root',
+      :mode   => '0755',
+    ) }
+    it { should contain_file('/etc/httpd/modsecurity.d/activated_rules').with(
+      :ensure => 'directory',
+      :path => '/etc/httpd/modsecurity.d/activated_rules',
+      :owner => 'apache',
+      :group => 'apache'
+    ) }
+    it { should contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with(
+      :path => '/etc/httpd/modsecurity.d/security_crs.conf'
+    ) }
+    it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') }
+    it { should contain_file('modsecurity_35_bad_robots.data').with(
+      :path   => '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data',
+      :target => '/usr/lib/modsecurity.d/base_rules/modsecurity_35_bad_robots.data',
+    ) }
+
+    describe 'with parameters' do
+      let :params do
+        {
+          :activated_rules           => [
+            '/tmp/foo/bar.conf',
+          ],
+          :audit_log_relevant_status => "^(?:5|4(?!01|04))",
+          :audit_log_parts           => "ABCDZ",
+          :secdefaultaction          => "deny,status:406,nolog,auditlog",
+        }
+      end
+      it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!01\|04\)\)"$} }
+      it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} }
+      it { should contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with_content %r{^\s*SecDefaultAction "phase:2,deny,status:406,nolog,auditlog"$} }
+      it { should contain_file('bar.conf').with(
+        :path   => '/etc/httpd/modsecurity.d/activated_rules/bar.conf',
+        :target => '/tmp/foo/bar.conf',
+      ) }
+    end
+    describe 'with other modsec parameters' do
+      let :params do
+        {
+          :manage_security_crs => false
+        }
+      end
+      it { should_not contain_file('/etc/httpd/modsecurity.d/security_crs.conf') }
+    end
+  end
+  context "on Debian based systems" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystem        => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/',
+        :lsbdistcodename        => 'squeeze',
+        :id                     => 'root',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :kernel                 => 'Linux',
+        :is_pe                  => false,
+      }
+    end
+    it { should contain_apache__mod('security').with(
+      :id => 'security2_module',
+      :lib => 'mod_security2.so'
+    ) }
+    it { should contain_apache__mod('unique_id_module').with(
+      :id => 'unique_id_module',
+      :lib => 'mod_unique_id.so'
+    ) }
+    it { should contain_package('modsecurity-crs') }
+    it { should contain_file('security.conf').with(
+      :path => '/etc/apache2/mods-available/security.conf'
+    ) }
+    it { should contain_file('security.conf')
+      .with_content(%r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!04\)\)"$})
+      .with_content(%r{^\s+SecAuditLogParts ABIJDEFHZ$})
+      .with_content(%r{^\s+SecDebugLog /var/log/apache2/modsec_debug.log$})
+      .with_content(%r{^\s+SecAuditLog /var/log/apache2/modsec_audit.log$})
+    }
+    it { should contain_file('/etc/modsecurity').with(
+      :ensure => 'directory',
+      :path   => '/etc/modsecurity',
+      :owner  => 'root',
+      :group  => 'root',
+      :mode   => '0755',
+    ) }
+    it { should contain_file('/etc/modsecurity/activated_rules').with(
+      :ensure => 'directory',
+      :path => '/etc/modsecurity/activated_rules',
+      :owner => 'www-data',
+      :group => 'www-data'
+    ) }
+    it { should contain_file('/etc/modsecurity/security_crs.conf').with(
+      :path => '/etc/modsecurity/security_crs.conf'
+    ) }
+    it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') }
+    it { should contain_file('modsecurity_35_bad_robots.data').with(
+      :path   => '/etc/modsecurity/activated_rules/modsecurity_35_bad_robots.data',
+      :target => '/usr/share/modsecurity-crs/base_rules/modsecurity_35_bad_robots.data',
+    ) }
+
+    describe 'with parameters' do
+      let :params do
+        {
+          :activated_rules           => [
+            '/tmp/foo/bar.conf',
+          ],
+          :audit_log_relevant_status => "^(?:5|4(?!01|04))",
+          :audit_log_parts           => "ABCDZ",
+          :secdefaultaction          => "deny,status:406,nolog,auditlog",
+        }
+      end
+      it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!01\|04\)\)"$} }
+      it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} }
+      it { should contain_file('/etc/modsecurity/security_crs.conf').with_content %r{^\s*SecDefaultAction "phase:2,deny,status:406,nolog,auditlog"$} }
+      it { should contain_file('bar.conf').with(
+        :path   => '/etc/modsecurity/activated_rules/bar.conf',
+        :target => '/tmp/foo/bar.conf',
+      ) }
+    end
+  end
+
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/shib_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/shib_spec.rb
new file mode 100644
index 000000000..a651c280a
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/shib_spec.rb
@@ -0,0 +1,42 @@
+require 'spec_helper'
+
+describe 'apache::mod::shib', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :fqdn                   => 'test.example.com',
+        :is_pe                  => false,
+      }
+    end
+    describe 'with no parameters' do
+      it { should contain_apache__mod('shib2').with_id('mod_shib') }
+    end
+  end
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :fqdn                   => 'test.example.com',
+        :is_pe                  => false,
+      }
+    end
+    describe 'with no parameters' do
+      it { should contain_apache__mod('shib2').with_id('mod_shib') }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/speling_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/speling_spec.rb
new file mode 100644
index 000000000..b4844ec74
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/speling_spec.rb
@@ -0,0 +1,37 @@
+require 'spec_helper'
+
+describe 'apache::mod::speling', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_apache__mod('speling') }
+  end
+
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_apache__mod('speling') }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/ssl_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/ssl_spec.rb
new file mode 100644
index 000000000..18816bbd9
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/ssl_spec.rb
@@ -0,0 +1,293 @@
+require 'spec_helper'
+
+describe 'apache::mod::ssl', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+  context 'on an unsupported OS' do
+    let :facts do
+      {
+        :osfamily               => 'Magic',
+        :operatingsystemrelease => '0',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'Magic',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { expect { catalogue }.to raise_error(Puppet::Error, /Unsupported osfamily:/) }
+  end
+
+  context 'on a RedHat' do
+    context '6 OS' do
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      it { is_expected.to contain_class('apache::params') }
+      it { is_expected.to contain_apache__mod('ssl') }
+      it { is_expected.to contain_package('mod_ssl') }
+      it { is_expected.to contain_file('ssl.conf').with_path('/etc/httpd/conf.d/ssl.conf') }
+      context 'with a custom package_name parameter' do
+        let :params do
+          { :package_name => 'httpd24-mod_ssl' }
+        end
+        it { is_expected.to contain_class('apache::params') }
+        it { is_expected.to contain_apache__mod('ssl') }
+        it { is_expected.to contain_package('httpd24-mod_ssl') }
+        it { is_expected.not_to contain_package('mod_ssl') }
+        it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLSessionCache "shmcb:/var/cache/mod_ssl/scache\(512000\)"$})}
+      end
+    end
+    context '7 OS with custom directories for PR#1635' do
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '7',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :pre_condition do
+        "class { 'apache':
+          confd_dir           => '/etc/httpd/conf.puppet.d',
+          default_mods        => false,
+          default_vhost       => false,
+          mod_dir             => '/etc/httpd/conf.modules.puppet.d',
+          vhost_dir           => '/etc/httpd/conf.puppet.d',
+        }"
+      end
+      it { is_expected.to contain_package('mod_ssl') }
+      it { is_expected.to contain_file('ssl.conf').with_path('/etc/httpd/conf.puppet.d/ssl.conf') }
+    end
+  end
+
+  context 'on a Debian OS' do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class('apache::params') }
+    it { is_expected.to contain_apache__mod('ssl') }
+    it { is_expected.not_to contain_package('libapache2-mod-ssl') }
+  end
+
+  context 'on a FreeBSD OS' do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '9',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class('apache::params') }
+    it { is_expected.to contain_apache__mod('ssl') }
+  end
+
+  context 'on a Gentoo OS' do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class('apache::params') }
+    it { is_expected.to contain_apache__mod('ssl') }
+    it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLSessionCache "shmcb:/var/run/ssl_scache\(512000\)"$})}
+  end
+
+  context 'on a Suse OS' do
+    let :facts do
+      {
+        :osfamily               => 'Suse',
+        :operatingsystem        => 'SLES',
+        :operatingsystemrelease => '12',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class('apache::params') }
+    it { is_expected.to contain_apache__mod('ssl') }
+    it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLSessionCache "shmcb:/var/lib/apache2/ssl_scache\(512000\)"$})}
+  end
+  # Template config doesn't vary by distro
+  context "on all distros" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystem        => 'CentOS',
+        :operatingsystemrelease => '6',
+        :kernel                 => 'Linux',
+        :id                     => 'root',
+        :concat_basedir         => '/dne',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    context 'not setting ssl_pass_phrase_dialog' do
+      it { is_expected.to contain_file('ssl.conf').with_content(/^  SSLPassPhraseDialog builtin$/)}
+    end
+
+    context 'setting ssl_ca to a path' do
+      let :params do
+        {
+            :ssl_ca => '/etc/pki/some/path/ca.crt',
+        }
+      end
+      it { is_expected.to contain_file('ssl.conf').with_content(/^  SSLCACertificateFile/)}
+    end
+    context "with Apache version < 2.4" do
+      let :params do
+        {
+          :apache_version => '2.2',
+        }
+      end
+      context 'ssl_compression with default value' do
+        it { is_expected.not_to contain_file('ssl.conf').with_content(/^  SSLCompression Off$/)}
+      end
+
+      context 'setting ssl_compression to true' do
+        let :params do
+          {
+            :ssl_compression => true,
+          }
+        end
+        it { is_expected.not_to contain_file('ssl.conf').with_content(/^  SSLCompression On$/)}
+      end
+      context 'setting ssl_stapling to true' do
+        let :params do
+          {
+            :ssl_stapling => true,
+          }
+        end
+        it { is_expected.not_to contain_file('ssl.conf').with_content(/^  SSLUseStapling/)}
+      end
+    end
+    context "with Apache version >= 2.4" do
+      let :params do
+        {
+          :apache_version => '2.4',
+        }
+      end
+      context 'ssl_compression with default value' do
+        it { is_expected.not_to contain_file('ssl.conf').with_content(/^  SSLCompression Off$/)}
+      end
+
+      context 'setting ssl_compression to true' do
+        let :params do
+          {
+            :apache_version => '2.4',
+            :ssl_compression => true,
+          }
+        end
+        it { is_expected.to contain_file('ssl.conf').with_content(/^  SSLCompression On$/)}
+      end
+      context 'setting ssl_stapling to true' do
+        let :params do
+          {
+            :apache_version => '2.4',
+            :ssl_stapling => true,
+          }
+        end
+        it { is_expected.to contain_file('ssl.conf').with_content(/^  SSLUseStapling On$/)}
+      end
+      context 'setting ssl_stapling_return_errors to true' do
+        let :params do
+          {
+            :apache_version => '2.4',
+            :ssl_stapling_return_errors => true,
+          }
+        end
+        it { is_expected.to contain_file('ssl.conf').with_content(/^  SSLStaplingReturnResponderErrors On$/)}
+      end
+    end
+
+    context 'setting ssl_pass_phrase_dialog' do
+      let :params do
+        {
+          :ssl_pass_phrase_dialog => 'exec:/path/to/program',
+        }
+      end
+      it { is_expected.to contain_file('ssl.conf').with_content(/^  SSLPassPhraseDialog exec:\/path\/to\/program$/)}
+    end
+
+    context 'setting ssl_random_seed_bytes' do
+      let :params do
+        {
+          :ssl_random_seed_bytes => '1024',
+        }
+      end
+      it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLRandomSeed startup file:/dev/urandom 1024$})}
+    end
+
+    context 'setting ssl_openssl_conf_cmd' do
+      let :params do
+        {
+          :ssl_openssl_conf_cmd => 'DHParameters "foo.pem"',
+        }
+      end
+      it { is_expected.to contain_file('ssl.conf').with_content(/^\s+SSLOpenSSLConfCmd DHParameters "foo.pem"$/)}
+    end
+
+    context 'setting ssl_mutex' do
+      let :params do
+        {
+          :ssl_mutex => 'posixsem',
+        }
+      end
+      it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLMutex posixsem$})}
+    end
+    context 'setting ssl_sessioncache' do
+      let :params do
+        {
+          :ssl_sessioncache => '/tmp/customsessioncache(51200)',
+        }
+      end
+      it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLSessionCache "shmcb:/tmp/customsessioncache\(51200\)"$})}
+    end
+    context 'setting ssl_proxy_protocol' do
+      let :params do
+        {
+          :ssl_proxy_protocol => [ '-ALL', '+TLSv1'],
+        }
+      end
+      it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLProxyProtocol -ALL \+TLSv1$})}
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/status_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/status_spec.rb
new file mode 100644
index 000000000..7bc7831fb
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/status_spec.rb
@@ -0,0 +1,205 @@
+require 'spec_helper'
+
+# Helper function for testing the contents of `status.conf`
+def status_conf_spec(allow_from, extended_status, status_path)
+  it do
+    is_expected.to contain_file("status.conf").with_content(
+      "<Location #{status_path}>\n"\
+      "    SetHandler server-status\n"\
+      "    Order deny,allow\n"\
+      "    Deny from all\n"\
+      "    Allow from #{Array(allow_from).join(' ')}\n"\
+      "</Location>\n"\
+      "ExtendedStatus #{extended_status}\n"\
+      "\n"\
+      "<IfModule mod_proxy.c>\n"\
+      "    # Show Proxy LoadBalancer status in mod_status\n"\
+      "    ProxyStatus On\n"\
+      "</IfModule>\n"
+    )
+  end
+end
+
+describe 'apache::mod::status', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+  
+  context "default configuration with parameters" do
+    context "on a Debian OS with default params" do
+      let :facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :lsbdistcodename        => 'squeeze',
+          :operatingsystem        => 'Debian',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to contain_apache__mod("status") }
+
+      status_conf_spec(["127.0.0.1", "::1"], "On", "/server-status")
+
+      it { is_expected.to contain_file("status.conf").with({
+        :ensure => 'file',
+        :path   => '/etc/apache2/mods-available/status.conf',
+      } ) }
+
+      it { is_expected.to contain_file("status.conf symlink").with({
+        :ensure => 'link',
+        :path   => '/etc/apache2/mods-enabled/status.conf',
+      } ) }
+
+    end
+
+    context "on a RedHat OS with default params" do
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to contain_apache__mod("status") }
+
+      status_conf_spec(["127.0.0.1", "::1"], "On", "/server-status")
+
+      it { is_expected.to contain_file("status.conf").with_path("/etc/httpd/conf.d/status.conf") }
+
+    end
+
+    context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off', $status_path => '/custom-status'" do
+      let :facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :lsbdistcodename        => 'squeeze',
+          :operatingsystem        => 'Debian',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :params do
+        {
+          :allow_from => ['10.10.10.10','11.11.11.11'],
+          :extended_status => 'Off',
+          :status_path => '/custom-status',
+        }
+      end
+
+      status_conf_spec(["10.10.10.10", "11.11.11.11"], "Off", "/custom-status")
+
+    end
+
+    context "with valid parameter type $allow_from => ['10.10.10.10']" do
+      let :facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :lsbdistcodename        => 'squeeze',
+          :operatingsystem        => 'Debian',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :params do
+        { :allow_from => ['10.10.10.10'] }
+      end
+      it 'should expect to succeed array validation' do
+        expect {
+          is_expected.to contain_file("status.conf")
+        }.not_to raise_error()
+      end
+    end
+
+    context "with invalid parameter type $allow_from => '10.10.10.10'" do
+      let :facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'Debian',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :params do
+        { :allow_from => '10.10.10.10' }
+      end
+      it 'should expect to fail array validation' do
+        expect {
+          is_expected.to contain_file("status.conf")
+        }.to raise_error(Puppet::Error)
+      end
+    end
+
+    # Only On or Off are valid options
+    ['On', 'Off'].each do |valid_param|
+      context "with valid value $extended_status => '#{valid_param}'" do
+        let :facts do
+          {
+            :osfamily               => 'Debian',
+            :operatingsystemrelease => '6',
+            :concat_basedir         => '/dne',
+            :lsbdistcodename        => 'squeeze',
+            :operatingsystem        => 'Debian',
+            :id                     => 'root',
+            :kernel                 => 'Linux',
+            :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+            :is_pe                  => false,
+          }
+        end
+        let :params do
+          { :extended_status => valid_param }
+        end
+        it 'should expect to succeed regular expression validation' do
+          expect {
+            is_expected.to contain_file("status.conf")
+          }.not_to raise_error()
+        end
+      end
+    end
+
+    ['Yes', 'No'].each do |invalid_param|
+      context "with invalid value $extended_status => '#{invalid_param}'" do
+        let :facts do
+          {
+            :osfamily               => 'Debian',
+            :operatingsystemrelease => '6',
+            :concat_basedir         => '/dne',
+            :operatingsystem        => 'Debian',
+            :id                     => 'root',
+            :kernel                 => 'Linux',
+            :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+            :is_pe                  => false,
+          }
+        end
+        let :params do
+          { :extended_status => invalid_param }
+        end
+        it 'should expect to fail regular expression validation' do
+          expect {
+            is_expected.to contain_file("status.conf")
+          }.to raise_error(Puppet::Error)
+        end
+      end
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/suphp_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/suphp_spec.rb
new file mode 100644
index 000000000..71dbab30e
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/suphp_spec.rb
@@ -0,0 +1,38 @@
+require 'spec_helper'
+
+describe 'apache::mod::suphp', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_package("libapache2-mod-suphp") }
+  end
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_package("mod_suphp") }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/userdir_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/userdir_spec.rb
new file mode 100644
index 000000000..9f23ba274
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/userdir_spec.rb
@@ -0,0 +1,53 @@
+require 'spec_helper'
+
+describe 'apache::mod::userdir', :type => :class do
+  context "on a Debian OS" do
+    let :pre_condition do
+      'class { "apache":
+         default_mods => false,
+         mod_dir      => "/tmp/junk",
+       }'
+    end
+    let :facts do
+      {
+        :lsbdistcodename           => 'squeeze',
+        :osfamily                  => 'Debian',
+        :operatingsystemrelease    => '6',
+        :operatingsystemmajrelease => '6',
+        :concat_basedir            => '/dne',
+        :operatingsystem           => 'Debian',
+        :id                        => 'root',
+        :kernel                    => 'Linux',
+        :path                      => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    context "default parameters" do
+      it { should compile }
+    end
+    context "with dir set to something" do
+      let :params do
+        {
+          :dir => 'hi',
+        }
+      end
+      it { should contain_file("userdir.conf").with_content(%r{^\s*UserDir\s+/home/\*/hi$})}
+    end
+    context "with home set to something" do
+      let :params do
+        {
+          :home => '/u',
+        }
+      end
+      it { should contain_file("userdir.conf").with_content(%r{^\s*UserDir\s+/u/\*/public_html$})}
+    end
+    context "with path set to something" do
+      let :params do
+        {
+          :path => 'public_html /usr/web http://www.example.com/',
+        }
+      end
+      it { should contain_file("userdir.conf").with_content(%r{^\s*UserDir\s+public_html /usr/web http://www\.example\.com/$})}
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/worker_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/worker_spec.rb
new file mode 100644
index 000000000..9d0d8e5e0
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/worker_spec.rb
@@ -0,0 +1,189 @@
+require 'spec_helper'
+
+describe 'apache::mod::worker', :type => :class do
+  let :pre_condition do
+    'class { "apache": mpm_module => false, }'
+  end
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('worker') }
+    it { is_expected.to contain_file("/etc/apache2/mods-available/worker.conf").with_ensure('file') }
+    it { is_expected.to contain_file("/etc/apache2/mods-enabled/worker.conf").with_ensure('link') }
+
+    context "with Apache version < 2.4" do
+      let :params do
+        {
+          :apache_version => '2.2',
+        }
+      end
+
+      it { is_expected.not_to contain_file("/etc/apache2/mods-available/worker.load") }
+      it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/worker.load") }
+
+      it { is_expected.to contain_package("apache2-mpm-worker") }
+    end
+
+    context "with Apache version >= 2.4" do
+      let :params do
+        {
+          :apache_version => '2.4',
+        }
+      end
+
+      it { is_expected.to contain_file("/etc/apache2/mods-available/worker.load").with({
+        'ensure'  => 'file',
+        'content' => "LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so\n"
+        })
+      }
+      it { is_expected.to contain_file("/etc/apache2/mods-enabled/worker.load").with_ensure('link') }
+    end
+  end
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('worker') }
+    it { is_expected.to contain_file("/etc/httpd/conf.d/worker.conf").with_ensure('file') }
+
+    context "with Apache version < 2.4" do
+      let :params do
+        {
+          :apache_version => '2.2',
+        }
+      end
+
+      it { is_expected.to contain_file_line("/etc/sysconfig/httpd worker enable").with({
+        'require' => 'Package[httpd]',
+        })
+      }
+    end
+
+    context "with Apache version >= 2.4" do
+      let :params do
+        {
+          :apache_version => '2.4',
+        }
+      end
+
+      it { is_expected.not_to contain_apache__mod('event') }
+
+      it { is_expected.to contain_file("/etc/httpd/conf.d/worker.load").with({
+        'ensure'  => 'file',
+        'content' => "LoadModule mpm_worker_module modules/mod_mpm_worker.so\n",
+        })
+      }
+    end
+  end
+  context "on a FreeBSD OS" do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '9',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('worker') }
+    it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/worker.conf").with_ensure('file') }
+  end
+  context "on a Gentoo OS" do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.not_to contain_apache__mod('worker') }
+    it { is_expected.to contain_file("/etc/apache2/modules.d/worker.conf").with_ensure('file') }
+  end
+
+  # Template config doesn't vary by distro
+  context "on all distros" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystem        => 'CentOS',
+        :operatingsystemrelease => '6',
+        :kernel                 => 'Linux',
+        :id                     => 'root',
+        :concat_basedir         => '/dne',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    context 'defaults' do
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^<IfModule mpm_worker_module>$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ServerLimit\s+25$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+StartServers\s+2$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxClients\s+150$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MinSpareThreads\s+25$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxSpareThreads\s+75$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadsPerChild\s+25$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxRequestsPerChild\s+0$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadLimit\s+64$/) }
+      it { should contain_file("/etc/httpd/conf.d/worker.conf").with(:content => /^\s*ListenBacklog\s*511/) }
+    end
+
+    context 'setting params' do
+      let :params do
+        {
+          :serverlimit          => 10,
+          :startservers         => 11,
+          :maxclients           => 12,
+          :minsparethreads      => 13,
+          :maxsparethreads      => 14,
+          :threadsperchild      => 15,
+          :maxrequestsperchild  => 16,
+          :threadlimit          => 17,
+          :listenbacklog        => 8,
+        }
+      end
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^<IfModule mpm_worker_module>$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ServerLimit\s+10$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+StartServers\s+11$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxClients\s+12$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MinSpareThreads\s+13$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxSpareThreads\s+14$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadsPerChild\s+15$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxRequestsPerChild\s+16$/) }
+      it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadLimit\s+17$/) }
+      it { should contain_file("/etc/httpd/conf.d/worker.conf").with(:content => /^\s*ListenBacklog\s*8/) }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/wsgi_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/wsgi_spec.rb
new file mode 100644
index 000000000..6261a9590
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/mod/wsgi_spec.rb
@@ -0,0 +1,151 @@
+require 'spec_helper'
+
+describe 'apache::mod::wsgi', :type => :class do
+  it_behaves_like "a mod class, without including apache"
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_class('apache::mod::wsgi').with(
+        'wsgi_socket_prefix' => nil
+      )
+    }
+    it { is_expected.to contain_package("libapache2-mod-wsgi") }
+  end
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_class('apache::mod::wsgi').with(
+        'wsgi_socket_prefix' => '/var/run/wsgi'
+      )
+    }
+    it { is_expected.to contain_package("mod_wsgi") }
+
+    describe "with WSGIRestrictEmbedded enabled" do
+      let :params do
+        { :wsgi_restrict_embedded => 'On' }
+      end
+      it {is_expected.to contain_file('wsgi.conf').with_content(/^  WSGIRestrictEmbedded On$/)}
+    end
+    describe "with custom WSGISocketPrefix" do
+      let :params do
+        { :wsgi_socket_prefix => 'run/wsgi' }
+      end
+      it {is_expected.to contain_file('wsgi.conf').with_content(/^  WSGISocketPrefix run\/wsgi$/)}
+    end
+    describe "with custom WSGIPythonHome" do
+      let :params do
+        { :wsgi_python_home => '/path/to/virtenv' }
+      end
+      it {is_expected.to contain_file('wsgi.conf').with_content(/^  WSGIPythonHome "\/path\/to\/virtenv"$/)}
+    end
+    describe "with custom package_name and mod_path" do
+      let :params do
+        {
+          :package_name => 'mod_wsgi_package',
+          :mod_path     => '/foo/bar/baz',
+        }
+      end
+      it { is_expected.to contain_apache__mod('wsgi').with({
+          'package' => 'mod_wsgi_package',
+          'path'    => '/foo/bar/baz',
+        })
+      }
+      it { is_expected.to contain_package("mod_wsgi_package") }
+      it { is_expected.to contain_file('wsgi.load').with_content(%r"LoadModule wsgi_module /foo/bar/baz") }
+    end
+    describe "with custom mod_path not containing /" do
+      let :params do
+        {
+          :package_name => 'mod_wsgi_package',
+          :mod_path     => 'wsgi_mod_name.so',
+        }
+      end
+      it { is_expected.to contain_apache__mod('wsgi').with({
+          'path'     => 'modules/wsgi_mod_name.so',
+          'package'  => 'mod_wsgi_package',
+        })
+      }
+      it { is_expected.to contain_file('wsgi.load').with_content(%r"LoadModule wsgi_module modules/wsgi_mod_name.so") }
+
+    end
+    describe "with package_name but no mod_path" do
+      let :params do
+        {
+          :mod_path => '/foo/bar/baz',
+        }
+      end
+      it { expect { catalogue }.to raise_error Puppet::Error, /apache::mod::wsgi - both package_name and mod_path must be specified!/ }
+    end
+    describe "with mod_path but no package_name" do
+      let :params do
+        {
+          :package_name => '/foo/bar/baz',
+        }
+      end
+      it { expect { catalogue }.to raise_error Puppet::Error, /apache::mod::wsgi - both package_name and mod_path must be specified!/ }
+    end
+  end
+  context "on a FreeBSD OS" do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '9',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_class('apache::mod::wsgi').with(
+        'wsgi_socket_prefix' => nil
+      )
+    }
+    it { is_expected.to contain_package("www/mod_wsgi") }
+  end
+  context "on a Gentoo OS" do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_class("apache::params") }
+    it { is_expected.to contain_class('apache::mod::wsgi').with(
+        'wsgi_socket_prefix' => nil
+      )
+    }
+    it { is_expected.to contain_package("www-apache/mod_wsgi") }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/params_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/params_spec.rb
new file mode 100644
index 000000000..32ccd313c
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/params_spec.rb
@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+describe 'apache::params', :type => :class do
+  context "On a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    it { is_expected.to compile.with_all_deps }
+    it { is_expected.to have_resource_count(0) }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/service_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/service_spec.rb
new file mode 100644
index 000000000..a065abc2f
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/service_spec.rb
@@ -0,0 +1,157 @@
+require 'spec_helper'
+
+describe 'apache::service', :type => :class do
+  let :pre_condition do
+    'include apache::params'
+  end
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_service("httpd").with(
+      'name'      => 'apache2',
+      'ensure'    => 'running',
+      'enable'    => 'true'
+      )
+    }
+
+    context "with $service_name => 'foo'" do
+      let (:params) {{ :service_name => 'foo' }}
+      it { is_expected.to contain_service("httpd").with(
+        'name'      => 'foo'
+        )
+      }
+    end
+
+    context "with $service_enable => true" do
+      let (:params) {{ :service_enable => true }}
+      it { is_expected.to contain_service("httpd").with(
+        'name'      => 'apache2',
+        'ensure'    => 'running',
+        'enable'    => 'true'
+        )
+      }
+    end
+
+    context "with $service_enable => false" do
+      let (:params) {{ :service_enable => false }}
+      it { is_expected.to contain_service("httpd").with(
+        'name'      => 'apache2',
+        'ensure'    => 'running',
+        'enable'    => 'false'
+        )
+      }
+    end
+
+    context "with $service_ensure => 'running'" do
+      let (:params) {{ :service_ensure => 'running', }}
+      it { is_expected.to contain_service("httpd").with(
+        'ensure'    => 'running',
+        'enable'    => 'true'
+        )
+      }
+    end
+
+    context "with $service_ensure => 'stopped'" do
+      let (:params) {{ :service_ensure => 'stopped', }}
+      it { is_expected.to contain_service("httpd").with(
+        'ensure'    => 'stopped',
+        'enable'    => 'true'
+        )
+      }
+    end
+
+    context "with $service_ensure => 'UNDEF'" do
+      let (:params) {{ :service_ensure => 'UNDEF' }}
+      it { is_expected.to contain_service("httpd").without_ensure }
+    end
+
+    context "with $service_restart unset" do
+      it { is_expected.to contain_service("httpd").without_restart }
+    end
+
+    context "with $service_restart => '/usr/sbin/apachectl graceful'" do
+     let (:params) {{ :service_restart => '/usr/sbin/apachectl graceful' }}
+     it { is_expected.to contain_service("httpd").with(
+        'restart' => '/usr/sbin/apachectl graceful'
+      )
+     }
+    end
+  end
+
+
+  context "on a RedHat 5 OS, do not manage service" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '5',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    let(:params) do
+      {
+        'service_ensure' => 'running',
+        'service_name'   => 'httpd',
+        'service_manage' => false
+      }
+    end
+    it { is_expected.not_to contain_service('httpd') }
+  end
+
+  context "on a FreeBSD 5 OS" do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '9',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_service("httpd").with(
+      'name'      => 'apache24',
+      'ensure'    => 'running',
+      'enable'    => 'true'
+      )
+    }
+  end
+
+  context "on a Gentoo OS" do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { is_expected.to contain_service("httpd").with(
+      'name'      => 'apache2',
+      'ensure'    => 'running',
+      'enable'    => 'true'
+      )
+    }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/vhosts_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/vhosts_spec.rb
new file mode 100644
index 000000000..322007940
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/classes/vhosts_spec.rb
@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+describe 'apache::vhosts', :type => :class do
+  context 'on all OSes' do
+    let :facts do
+      {
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :osfamily               => 'RedHat',
+          :operatingsystem        => 'RedHat',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+      }
+    end
+    context 'with custom vhosts parameter' do
+      let :params do {
+          :vhosts => {
+              'custom_vhost_1' => {
+                  'docroot' => '/var/www/custom_vhost_1',
+                  'port' => '81',
+              },
+              'custom_vhost_2' => {
+                  'docroot' => '/var/www/custom_vhost_2',
+                  'port' => '82',
+              },
+          },
+      }
+      end
+      it { is_expected.to contain_apache__vhost('custom_vhost_1') }
+      it { is_expected.to contain_apache__vhost('custom_vhost_2') }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/balancer_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/balancer_spec.rb
new file mode 100644
index 000000000..3b43e3fd7
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/balancer_spec.rb
@@ -0,0 +1,72 @@
+require 'spec_helper'
+
+describe 'apache::balancer', :type => :define do
+  let :title do
+    'myapp'
+  end
+  let :facts do
+    {
+      :osfamily               => 'Debian',
+      :operatingsystem        => 'Debian',
+      :operatingsystemrelease => '6',
+      :lsbdistcodename        => 'squeeze',
+      :id                     => 'root',
+      :concat_basedir         => '/dne',
+      :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+      :kernel                 => 'Linux',
+      :is_pe                  => false,
+    }
+  end
+  describe 'apache pre_condition with defaults' do
+    let :pre_condition do
+      'include apache'
+    end
+    describe "accept a target parameter and use it" do
+      let :params do
+        {
+          :target => '/tmp/myapp.conf'
+        }
+      end
+      it { should contain_concat('apache_balancer_myapp').with({
+        :path => "/tmp/myapp.conf",
+      })}
+      it { should_not contain_apache__mod('slotmem_shm') }
+      it { should_not contain_apache__mod('lbmethod_byrequests') }
+    end
+    context "on jessie" do
+      let(:facts) { super().merge({
+        :operatingsystemrelease => '8',
+        :lsbdistcodename        => 'jessie',
+      }) }
+      it { should contain_apache__mod('slotmem_shm') }
+      it { should contain_apache__mod('lbmethod_byrequests') }
+    end
+  end
+  describe 'apache pre_condition with conf_dir set' do 
+    let :pre_condition do
+      'class{"apache":
+          confd_dir => "/junk/path"
+       }'
+    end
+    it { should contain_concat('apache_balancer_myapp').with({
+      :path => "/junk/path/balancer_myapp.conf",
+    })}
+  end
+
+  describe 'with lbmethod and with apache::mod::proxy_balancer::apache_version set' do
+    let :pre_condition do
+      'class{"apache::mod::proxy_balancer":
+          apache_version => "2.4"
+       }'
+    end
+    let :params do
+      {
+        :proxy_set => {
+          'lbmethod' => 'bytraffic',
+        },
+      }
+    end
+    it { should contain_apache__mod('slotmem_shm') }
+    it { should contain_apache__mod('lbmethod_bytraffic') }
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/balancermember_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/balancermember_spec.rb
new file mode 100644
index 000000000..6221290a2
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/balancermember_spec.rb
@@ -0,0 +1,61 @@
+require 'spec_helper'
+
+describe 'apache::balancermember', :type => :define do
+  let :pre_condition do
+    'include apache'
+  end
+  let :facts do
+    {
+      :osfamily               => 'Debian',
+      :operatingsystem        => 'Debian',
+      :operatingsystemrelease => '6',
+      :lsbdistcodename        => 'squeeze',
+      :id                     => 'root',
+      :concat_basedir         => '/dne',
+      :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+      :kernel                 => 'Linux',
+      :is_pe                  => false,
+    }
+  end
+  describe "allows multiple balancermembers with the same url" do
+    let :pre_condition do
+      'include apache
+      apache::balancer {"balancer":}
+      apache::balancer {"balancer-external":}
+      apache::balancermember {"http://127.0.0.1:8080-external": url => "http://127.0.0.1:8080/", balancer_cluster => "balancer-external"}
+      '
+    end
+    let :title do
+      'http://127.0.0.1:8080/'
+    end
+    let :params do
+      {
+        :options          => [],
+        :url              => 'http://127.0.0.1:8080/',
+        :balancer_cluster => 'balancer-internal'
+      }
+    end
+    it { should contain_concat__fragment('BalancerMember http://127.0.0.1:8080/') }
+  end
+  describe "allows balancermember with a different target" do
+    let :pre_condition do
+      'include apache
+      apache::balancer {"balancername": target => "/etc/apache/balancer.conf"}
+      apache::balancermember {"http://127.0.0.1:8080-external": url => "http://127.0.0.1:8080/", balancer_cluster => "balancername"}
+      '
+    end
+    let :title do
+      'http://127.0.0.1:8080/'
+    end
+    let :params do
+      {
+        :options          => [],
+        :url              => 'http://127.0.0.1:8080/',
+        :balancer_cluster => 'balancername'
+      }
+    end
+    it { should contain_concat__fragment('BalancerMember http://127.0.0.1:8080/').with({
+      :target => "apache_balancer_balancername",
+    })}
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/custom_config_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/custom_config_spec.rb
new file mode 100644
index 000000000..5f996fd6d
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/custom_config_spec.rb
@@ -0,0 +1,125 @@
+require 'spec_helper'
+
+describe 'apache::custom_config', :type => :define do
+  let :pre_condition do
+    'class { "apache": }'
+  end
+  let :title do
+    'rspec'
+  end
+  let :facts do
+    {
+      :osfamily               => 'Debian',
+      :operatingsystemrelease => '6',
+      :concat_basedir         => '/',
+      :lsbdistcodename        => 'squeeze',
+      :operatingsystem        => 'Debian',
+      :id                     => 'root',
+      :kernel                 => 'Linux',
+      :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+      :is_pe                  => false,
+    }
+  end
+  context 'defaults with content' do
+    let :params do
+      {
+        'content' => '# Test',
+      }
+    end
+    it { is_expected.to contain_exec("syntax verification for rspec").with({
+      'refreshonly' => 'true',
+      'subscribe'   => 'File[apache_rspec]',
+      'command'     => '/usr/sbin/apachectl -t',
+      'notify'      => 'Class[Apache::Service]',
+      'before'      => 'Exec[remove rspec if invalid]',
+    })
+    }
+    it { is_expected.to contain_exec("remove rspec if invalid").with({
+      'unless'      => '/usr/sbin/apachectl -t',
+      'subscribe'   => 'File[apache_rspec]',
+      'refreshonly' => 'true',
+    })
+    }
+    it { is_expected.to contain_file("apache_rspec").with({
+      'ensure'  => 'present',
+      'content' => '# Test',
+      'require' => 'Package[httpd]',
+    })
+    }
+  end
+  context 'set everything with source' do
+    let :params do
+      {
+        'confdir'        => '/dne',
+        'priority'       => '30',
+        'source'         => 'puppet:///modules/apache/test',
+        'verify_command' => '/bin/true',
+      }
+    end
+    it { is_expected.to contain_exec("syntax verification for rspec").with({
+      'command'     => '/bin/true',
+    })
+    }
+    it { is_expected.to contain_exec("remove rspec if invalid").with({
+      'command'     => '/bin/rm /dne/30-rspec.conf',
+      'unless'      => '/bin/true',
+    })
+    }
+    it { is_expected.to contain_file("apache_rspec").with({
+      'path'   => '/dne/30-rspec.conf',
+      'ensure'  => 'present',
+      'source' => 'puppet:///modules/apache/test',
+      'require' => 'Package[httpd]',
+    })
+    }
+  end
+  context 'verify_config => false' do
+    let :params do
+      {
+        'content'       => '# test',
+        'verify_config' => false,
+      }
+    end
+    it { is_expected.to_not contain_exec('syntax verification for rspec') }
+    it { is_expected.to_not contain_exec('remove rspec if invalid') }
+    it { is_expected.to contain_file('apache_rspec').with({
+      'notify' => 'Class[Apache::Service]'
+    })
+    }
+  end
+  context 'ensure => absent' do
+    let :params do
+      {
+        'ensure' => 'absent'
+      }
+    end
+    it { is_expected.to_not contain_exec('syntax verification for rspec') }
+    it { is_expected.to_not contain_exec('remove rspec if invalid') }
+    it { is_expected.to contain_file('apache_rspec').with({
+      'ensure' => 'absent',
+    })
+    }
+  end
+  describe 'validation' do
+    context 'both content and source' do
+      let :params do
+        {
+          'content' => 'foo',
+          'source'  => 'bar',
+        }
+      end
+      it do
+        expect {
+          catalogue
+        }.to raise_error(Puppet::Error, /Only one of \$content and \$source can be specified\./)
+      end
+    end
+    context 'neither content nor source' do
+      it do
+        expect {
+          catalogue
+        }.to raise_error(Puppet::Error, /One of \$content and \$source must be specified\./)
+      end
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/fastcgi_server_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/fastcgi_server_spec.rb
new file mode 100644
index 000000000..e415461cc
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/fastcgi_server_spec.rb
@@ -0,0 +1,156 @@
+require 'spec_helper'
+
+describe 'apache::fastcgi::server', :type => :define do
+  let :pre_condition do
+    'include apache'
+  end
+  let :title do
+    'www'
+  end
+  describe 'os-dependent items' do
+    context "on RedHat based systems" do
+      let :default_facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystem        => 'CentOS',
+          :operatingsystemrelease => '6',
+          :kernel                 => 'Linux',
+          :id                     => 'root',
+          :concat_basedir         => '/dne',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :facts do default_facts end
+      it { should contain_class("apache") }
+      it { should contain_class("apache::mod::fastcgi") }
+      it { should contain_file("fastcgi-pool-#{title}.conf").with(
+        :ensure => 'present',
+        :path => "/etc/httpd/conf.d/fastcgi-pool-#{title}.conf"
+      ) }
+    end
+    context "on Debian based systems" do
+      let :default_facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystem        => 'Debian',
+          :operatingsystemrelease => '6',
+          :lsbdistcodename        => 'squeeze',
+          :kernel                 => 'Linux',
+          :id                     => 'root',
+          :concat_basedir         => '/dne',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :facts do default_facts end
+      it { should contain_class("apache") }
+      it { should contain_class("apache::mod::fastcgi") }
+      it { should contain_file("fastcgi-pool-#{title}.conf").with(
+        :ensure => 'present',
+        :path   => "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf"
+      ) }
+    end
+    context "on FreeBSD systems" do
+      let :default_facts do
+        {
+          :osfamily               => 'FreeBSD',
+          :operatingsystem        => 'FreeBSD',
+          :operatingsystemrelease => '9',
+          :kernel                 => 'FreeBSD',
+          :id                     => 'root',
+          :concat_basedir         => '/dne',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :facts do default_facts end
+      it { should contain_class("apache") }
+      it { should contain_class("apache::mod::fastcgi") }
+      it { should contain_file("fastcgi-pool-#{title}.conf").with(
+        :ensure => 'present',
+        :path   => "/usr/local/etc/apache24/Includes/fastcgi-pool-#{title}.conf"
+      ) }
+    end
+    context "on Gentoo systems" do
+      let :default_facts do
+        {
+          :osfamily               => 'Gentoo',
+          :operatingsystem        => 'Gentoo',
+          :operatingsystemrelease => '3.16.1-gentoo',
+          :concat_basedir         => '/dne',
+          :kernel                 => 'Linux',
+          :id                     => 'root',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :facts do default_facts end
+      it { should contain_class("apache") }
+      it { should contain_class("apache::mod::fastcgi") }
+      it { should contain_file("fastcgi-pool-#{title}.conf").with(
+        :ensure => 'present',
+        :path   => "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf"
+      ) }
+    end
+  end
+  describe 'os-independent items' do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystem        => 'Debian',
+        :operatingsystemrelease => '6',
+        :lsbdistcodename        => 'squeeze',
+        :kernel                 => 'Linux',
+        :id                     => 'root',
+        :concat_basedir         => '/dne',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    describe ".conf content using TCP communication" do
+      let :params do
+        {
+          :host       => '127.0.0.1:9001',
+          :timeout    => 30,
+          :flush      => true,
+          :faux_path  => '/var/www/php-www.fcgi',
+          :fcgi_alias => '/php-www.fcgi',
+          :file_type  => 'application/x-httpd-php',
+          :pass_header => 'Authorization'
+        }
+      end
+      let :expected do
+'FastCGIExternalServer /var/www/php-www.fcgi -idle-timeout 30 -flush -host 127.0.0.1:9001 -pass-header Authorization
+Alias /php-www.fcgi /var/www/php-www.fcgi
+Action application/x-httpd-php /php-www.fcgi
+'
+      end
+      it do
+        should contain_file("fastcgi-pool-www.conf").with_content(expected)
+      end
+    end
+    describe ".conf content using socket communication" do
+      let :params do
+        {
+          :host       => '/var/run/fcgi.sock',
+          :timeout    => 30,
+          :flush      => true,
+          :faux_path  => '/var/www/php-www.fcgi',
+          :fcgi_alias => '/php-www.fcgi',
+          :file_type  => 'application/x-httpd-php'
+        }
+      end
+      let :expected do
+'FastCGIExternalServer /var/www/php-www.fcgi -idle-timeout 30 -flush -socket /var/run/fcgi.sock
+Alias /php-www.fcgi /var/www/php-www.fcgi
+Action application/x-httpd-php /php-www.fcgi
+'
+      end
+      it do
+        should contain_file("fastcgi-pool-www.conf").with_content(expected)
+      end
+    end
+
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/mod_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/mod_spec.rb
new file mode 100644
index 000000000..1697190a3
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/mod_spec.rb
@@ -0,0 +1,166 @@
+require 'spec_helper'
+
+describe 'apache::mod', :type => :define do
+  let :pre_condition do
+    'include apache'
+  end
+  context "on a RedHat osfamily" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    describe "for non-special modules" do
+      let :title do
+        'spec_m'
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it "should manage the module load file" do
+        is_expected.to contain_file('spec_m.load').with({
+          :path    => '/etc/httpd/conf.d/spec_m.load',
+          :content => "LoadModule spec_m_module modules/mod_spec_m.so\n",
+          :owner   => 'root',
+          :group   => 'root',
+          :mode    => '0644',
+        } )
+      end
+    end
+
+    describe "with file_mode set" do
+      let :pre_condition do
+        "class {'::apache': file_mode => '0640'}"
+      end
+      let :title do
+        'spec_m'
+      end
+      it "should manage the module load file" do
+        is_expected.to contain_file('spec_m.load').with({
+          :mode    => '0640',
+        } )
+      end
+    end
+
+    describe "with shibboleth module and package param passed" do
+      # name/title for the apache::mod define
+      let :title do
+        'xsendfile'
+      end
+      # parameters
+      let(:params) { {:package => 'mod_xsendfile'} }
+
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_package('mod_xsendfile') }
+    end
+  end
+
+  context "on a Debian osfamily" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    describe "for non-special modules" do
+      let :title do
+        'spec_m'
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it "should manage the module load file" do
+        is_expected.to contain_file('spec_m.load').with({
+          :path    => '/etc/apache2/mods-available/spec_m.load',
+          :content => "LoadModule spec_m_module /usr/lib/apache2/modules/mod_spec_m.so\n",
+          :owner   => 'root',
+          :group   => 'root',
+          :mode    => '0644',
+        } )
+      end
+      it "should link the module load file" do
+        is_expected.to contain_file('spec_m.load symlink').with({
+          :path   => '/etc/apache2/mods-enabled/spec_m.load',
+          :target => '/etc/apache2/mods-available/spec_m.load',
+          :owner   => 'root',
+          :group   => 'root',
+          :mode    => '0644',
+        } )
+      end
+    end
+  end
+
+  context "on a FreeBSD osfamily" do
+    let :facts do
+      {
+        :osfamily               => 'FreeBSD',
+        :operatingsystemrelease => '9',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'FreeBSD',
+        :id                     => 'root',
+        :kernel                 => 'FreeBSD',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    describe "for non-special modules" do
+      let :title do
+        'spec_m'
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it "should manage the module load file" do
+        is_expected.to contain_file('spec_m.load').with({
+          :path    => '/usr/local/etc/apache24/Modules/spec_m.load',
+          :content => "LoadModule spec_m_module /usr/local/libexec/apache24/mod_spec_m.so\n",
+          :owner   => 'root',
+          :group   => 'wheel',
+          :mode    => '0644',
+        } )
+      end
+    end
+  end
+
+  context "on a Gentoo osfamily" do
+    let :facts do
+      {
+        :osfamily               => 'Gentoo',
+        :operatingsystem        => 'Gentoo',
+        :operatingsystemrelease => '3.16.1-gentoo',
+        :concat_basedir         => '/dne',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+        :is_pe                  => false,
+      }
+    end
+
+    describe "for non-special modules" do
+      let :title do
+        'spec_m'
+      end
+      it { is_expected.to contain_class("apache::params") }
+      it "should manage the module load file" do
+        is_expected.to contain_file('spec_m.load').with({
+          :path    => '/etc/apache2/modules.d/spec_m.load',
+          :content => "LoadModule spec_m_module /usr/lib/apache2/modules/mod_spec_m.so\n",
+          :owner   => 'root',
+          :group   => 'wheel',
+          :mode    => '0644',
+        } )
+      end
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/modsec_link_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/modsec_link_spec.rb
new file mode 100644
index 000000000..a5b4c5390
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/modsec_link_spec.rb
@@ -0,0 +1,53 @@
+require 'spec_helper'
+
+describe 'apache::security::rule_link', :type => :define do
+  let :pre_condition do
+    'class { "apache": }
+    class { "apache::mod::security": activated_rules => [] }
+    '
+  end
+
+  let :title do
+    'base_rules/modsecurity_35_bad_robots.data'
+  end
+
+  context "on RedHat based systems" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystem        => 'CentOS',
+        :operatingsystemrelease => '7',
+        :kernel                 => 'Linux',
+        :id                     => 'root',
+        :concat_basedir         => '/',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    it { should contain_file('modsecurity_35_bad_robots.data').with(
+      :path => '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data',
+      :target => '/usr/lib/modsecurity.d/base_rules/modsecurity_35_bad_robots.data'
+    ) }
+  end
+
+  context "on Debian based systems" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystem        => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/',
+        :lsbdistcodename        => 'squeeze',
+        :id                     => 'root',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :kernel                 => 'Linux',
+        :is_pe                  => false,
+      }
+    end
+    it { should contain_file('modsecurity_35_bad_robots.data').with(
+      :path => '/etc/modsecurity/activated_rules/modsecurity_35_bad_robots.data',
+      :target => '/usr/share/modsecurity-crs/base_rules/modsecurity_35_bad_robots.data'
+    ) }
+  end
+
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/vhost_custom_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/vhost_custom_spec.rb
new file mode 100644
index 000000000..804be86b8
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/vhost_custom_spec.rb
@@ -0,0 +1,99 @@
+require 'spec_helper'
+
+describe 'apache::vhost::custom', :type => :define do
+  let :title do
+    'rspec.example.com'
+  end
+  let :default_params do
+    {
+      :content => 'foobar'
+    }
+  end
+  describe 'os-dependent items' do
+    context "on RedHat based systems" do
+      let :default_facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '6',
+          :operatingsystem        => 'RedHat',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :params do default_params end
+      let :facts do default_facts end
+    end
+    context "on Debian based systems" do
+      let :default_facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '6',
+          :lsbdistcodename        => 'squeeze',
+          :operatingsystem        => 'Debian',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :params do default_params end
+      let :facts do default_facts end
+      it { is_expected.to contain_file("apache_rspec.example.com").with(
+        :ensure  => 'present',
+        :content => 'foobar',
+        :path    => '/etc/apache2/sites-available/25-rspec.example.com.conf',
+      ) }
+      it { is_expected.to contain_file("25-rspec.example.com.conf symlink").with(
+        :ensure => 'link',
+        :path   => '/etc/apache2/sites-enabled/25-rspec.example.com.conf',
+        :target => '/etc/apache2/sites-available/25-rspec.example.com.conf'
+      ) }
+    end
+    context "on FreeBSD systems" do
+      let :default_facts do
+        {
+          :osfamily               => 'FreeBSD',
+          :operatingsystemrelease => '9',
+          :operatingsystem        => 'FreeBSD',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :kernel                 => 'FreeBSD',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :params do default_params end
+      let :facts do default_facts end
+      it { is_expected.to contain_file("apache_rspec.example.com").with(
+        :ensure  => 'present',
+        :content => 'foobar',
+        :path    => '/usr/local/etc/apache24/Vhosts/25-rspec.example.com.conf',
+      ) }
+    end
+    context "on Gentoo systems" do
+      let :default_facts do
+        {
+          :osfamily               => 'Gentoo',
+          :operatingsystem        => 'Gentoo',
+          :operatingsystemrelease => '3.16.1-gentoo',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :params do default_params end
+      let :facts do default_facts end
+      it { is_expected.to contain_file("apache_rspec.example.com").with(
+        :ensure  => 'present',
+        :content => 'foobar',
+        :path    => '/etc/apache2/vhosts.d/25-rspec.example.com.conf',
+      ) }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/vhost_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/vhost_spec.rb
new file mode 100644
index 000000000..bb447247b
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/defines/vhost_spec.rb
@@ -0,0 +1,1401 @@
+require 'spec_helper'
+
+describe 'apache::vhost', :type => :define do
+  let :pre_condition do
+    'class { "apache": default_vhost => false, default_mods => false, vhost_enable_dir => "/etc/apache2/sites-enabled"}'
+  end
+  let :title do
+    'rspec.example.com'
+  end
+  let :default_params do
+    {
+      :docroot => '/rspec/docroot',
+      :port    => '84',
+    }
+  end
+  describe 'os-dependent items' do
+    context "on RedHat based systems" do
+      let :default_facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :params do default_params end
+      let :facts do default_facts end
+      it { is_expected.to contain_class("apache") }
+      it { is_expected.to contain_class("apache::params") }
+    end
+    context "on Debian based systems" do
+      let :default_facts do
+        {
+          :osfamily               => 'Debian',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :lsbdistcodename        => 'squeeze',
+          :operatingsystem        => 'Debian',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :params do default_params end
+      let :facts do default_facts end
+      it { is_expected.to contain_class("apache") }
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_concat("25-rspec.example.com.conf").with(
+        :ensure => 'present',
+        :path   => '/etc/apache2/sites-available/25-rspec.example.com.conf'
+      ) }
+      it { is_expected.to contain_file("25-rspec.example.com.conf symlink").with(
+        :ensure => 'link',
+        :path   => '/etc/apache2/sites-enabled/25-rspec.example.com.conf',
+        :target => '/etc/apache2/sites-available/25-rspec.example.com.conf'
+      ) }
+    end
+    context "on FreeBSD systems" do
+      let :default_facts do
+        {
+          :osfamily               => 'FreeBSD',
+          :operatingsystemrelease => '9',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'FreeBSD',
+          :id                     => 'root',
+          :kernel                 => 'FreeBSD',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :params do default_params end
+      let :facts do default_facts end
+      it { is_expected.to contain_class("apache") }
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_concat("25-rspec.example.com.conf").with(
+        :ensure => 'present',
+        :path   => '/usr/local/etc/apache24/Vhosts/25-rspec.example.com.conf'
+      ) }
+    end
+    context "on Gentoo systems" do
+      let :default_facts do
+        {
+          :osfamily               => 'Gentoo',
+          :operatingsystem        => 'Gentoo',
+          :operatingsystemrelease => '3.16.1-gentoo',
+          :concat_basedir         => '/dne',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+          :is_pe                  => false,
+        }
+      end
+      let :params do default_params end
+      let :facts do default_facts end
+      it { is_expected.to contain_class("apache") }
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_concat("25-rspec.example.com.conf").with(
+        :ensure => 'present',
+        :path   => '/etc/apache2/vhosts.d/25-rspec.example.com.conf'
+      ) }
+    end
+  end
+  describe 'os-independent items' do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    describe 'basic assumptions' do
+      let :params do default_params end
+      it { is_expected.to contain_class("apache") }
+      it { is_expected.to contain_class("apache::params") }
+      it { is_expected.to contain_apache__listen(params[:port]) }
+      it { is_expected.to contain_apache__namevirtualhost("*:#{params[:port]}") }
+    end
+    context 'set everything!' do
+      let :params do
+        {
+          'docroot'                     => '/var/www/foo',
+          'manage_docroot'              => false,
+          'virtual_docroot'             => true,
+          'port'                        => '8080',
+          'ip'                          => '127.0.0.1',
+          'ip_based'                    => true,
+          'add_listen'                  => false,
+          'docroot_owner'               => 'user',
+          'docroot_group'               => 'wheel',
+          'docroot_mode'                => '0664',
+          'serveradmin'                 => 'foo@localhost',
+          'ssl'                         => true,
+          'ssl_cert'                    => '/ssl/cert',
+          'ssl_key'                     => '/ssl/key',
+          'ssl_chain'                   => '/ssl/chain',
+          'ssl_crl_path'                => '/ssl/crl',
+          'ssl_crl'                     => 'foo.crl',
+          'ssl_certs_dir'               => '/ssl/certs',
+          'ssl_protocol'                => 'SSLv2',
+          'ssl_cipher'                  => 'HIGH',
+          'ssl_honorcipherorder'        => 'Off',
+          'ssl_verify_client'           => 'optional',
+          'ssl_verify_depth'            => '3',
+          'ssl_options'                 => '+ExportCertData',
+          'ssl_openssl_conf_cmd'        => 'DHParameters "foo.pem"',
+          'ssl_proxy_verify'            => 'require',
+          'ssl_proxy_check_peer_cn'     => 'on',
+          'ssl_proxy_check_peer_name'   => 'on',
+          'ssl_proxy_check_peer_expire' => 'on',
+          'ssl_proxyengine'             => true,
+          'ssl_proxy_protocol'          => 'TLSv1.2',
+
+          'priority'                    => '30',
+          'default_vhost'               => true,
+          'servername'                  => 'example.com',
+          'serveraliases'               => ['test-example.com'],
+          'options'                     => ['MultiView'],
+          'override'                    => ['All'],
+          'directoryindex'              => 'index.html',
+          'vhost_name'                  => 'test',
+          'logroot'                     => '/var/www/logs',
+          'logroot_ensure'              => 'directory',
+          'logroot_mode'                => '0600',
+          'logroot_owner'               => 'root',
+          'logroot_group'               => 'root',
+          'log_level'                   => 'crit',
+          'access_log'                  => false,
+          'access_log_file'             => 'httpd_access_log',
+          'access_log_syslog'           => true,
+          'access_log_format'           => '%h %l %u %t \"%r\" %>s %b',
+          'access_log_env_var'          => '',
+          'aliases'                     => '/image',
+          'directories'                 => [
+            {
+              'path'     => '/var/www/files',
+              'provider' => 'files',
+              'require'  => [ 'valid-user', 'all denied', ],
+            },
+            {
+                'path'     => '/var/www/files',
+                'provider' => 'files',
+                'additional_includes'  => [ '/custom/path/includes', '/custom/path/another_includes', ],
+            },
+            {
+              'path'     => '/var/www/files',
+              'provider' => 'files',
+              'require'  => 'all granted',
+            },
+            {
+              'path'     => '/var/www/files',
+              'provider' => 'files',
+              'require'  =>
+              {
+                'enforce'  => 'all',
+                'requires' => ['all-valid1', 'all-valid2'],
+              },
+            },
+            {
+              'path'     => '/var/www/files',
+              'provider' => 'files',
+              'require'  =>
+              {
+                'enforce'  => 'none',
+                'requires' => ['none-valid1', 'none-valid2'],
+              },
+            },
+            {
+              'path'     => '/var/www/files',
+              'provider' => 'files',
+              'require'  =>
+              {
+                'enforce'  => 'any',
+                'requires' => ['any-valid1', 'any-valid2'],
+              },
+            },
+            {
+              'path'     => '*',
+              'provider' => 'proxy',
+            },
+            { 'path'              => '/var/www/files/indexed_directory',
+              'directoryindex'    => 'disabled',
+              'options'           => ['Indexes','FollowSymLinks','MultiViews'],
+              'index_options'     => ['FancyIndexing'],
+              'index_style_sheet' => '/styles/style.css',
+            },
+            { 'path'              => '/var/www/files/output_filtered',
+              'set_output_filter' => 'output_filter',
+            },
+            { 'path'     => '/var/www/files',
+              'provider' => 'location',
+              'limit'    => [
+                { 'methods' => 'GET HEAD',
+                  'require' => ['valid-user']
+                },
+              ],
+            },
+            { 'path'         => '/var/www/files',
+              'provider'     => 'location',
+              'limit_except' => [
+                { 'methods' => 'GET HEAD',
+                  'require' => ['valid-user']
+                },
+              ],
+            },
+            { 'path'               => '/var/www/dav',
+              'dav'                => 'filesystem',
+              'dav_depth_infinity' => true,
+              'dav_min_timeout'    => '600',
+            },
+          ],
+          'error_log'                   => false,
+          'error_log_file'              => 'httpd_error_log',
+          'error_log_syslog'            => true,
+          'error_documents'             => 'true',
+          'fallbackresource'            => '/index.php',
+          'scriptalias'                 => '/usr/lib/cgi-bin',
+          'scriptaliases'               => [
+            {
+              'alias' => '/myscript',
+              'path'  => '/usr/share/myscript',
+            },
+            {
+              'aliasmatch' => '^/foo(.*)',
+              'path'       => '/usr/share/fooscripts$1',
+            },
+          ],
+          'proxy_dest'                  => '/',
+          'proxy_pass'                  => [
+            {
+              'path'            => '/a',
+              'url'             => 'http://backend-a/',
+              'keywords'        => ['noquery', 'interpolate'],
+              'no_proxy_uris'       => ['/a/foo', '/a/bar'],
+              'no_proxy_uris_match' => ['/a/foomatch'],
+              'reverse_cookies' => [
+								{
+                  'path'          => '/a',
+                  'url'           => 'http://backend-a/',
+                },
+                {
+                  'domain' => 'foo',
+                  'url'    => 'http://foo',
+                }
+              ],
+              'params'          => {
+                      'retry'   => '0',
+                      'timeout' => '5'
+              },
+              'setenv'   => ['proxy-nokeepalive 1','force-proxy-request-1.0 1'],
+            }
+          ],
+          'proxy_pass_match'            => [
+            {
+              'path'     => '/a',
+              'url'      => 'http://backend-a/',
+              'keywords' => ['noquery', 'interpolate'],
+              'no_proxy_uris'       => ['/a/foo', '/a/bar'],
+              'no_proxy_uris_match' => ['/a/foomatch'],
+              'params'   => {
+                      'retry'   => '0',
+                      'timeout' => '5'
+              },
+              'setenv'   => ['proxy-nokeepalive 1','force-proxy-request-1.0 1'],
+            }
+          ],
+          'suphp_addhandler'            => 'foo',
+          'suphp_engine'                => 'on',
+          'suphp_configpath'            => '/var/www/html',
+          'php_admin_flags'             => ['foo', 'bar'],
+          'php_admin_values'            => ['true', 'false'],
+          'no_proxy_uris'               => '/foo',
+          'no_proxy_uris_match'         => '/foomatch',
+          'proxy_preserve_host'         => true,
+          'proxy_add_headers'           => true,
+          'proxy_error_override'        => true,
+          'redirect_source'             => '/bar',
+          'redirect_dest'               => '/',
+          'redirect_status'             => 'temp',
+          'redirectmatch_status'        => ['404'],
+          'redirectmatch_regexp'        => ['\.git$'],
+          'redirectmatch_dest'          => ['http://www.example.com'],
+          'rack_base_uris'              => ['/rackapp1'],
+          'passenger_base_uris'         => ['/passengerapp1'],
+          'headers'                     => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
+          'request_headers'             => ['append MirrorID "mirror 12"'],
+          'rewrites'                    => [
+            {
+              'rewrite_rule' => ['^index\.html$ welcome.html']
+            }
+          ],
+          'filters'                     => [
+            'FilterDeclare COMPRESS',
+            'FilterProvider COMPRESS  DEFLATE resp=Content-Type $text/html',
+            'FilterProvider COMPRESS  DEFLATE resp=Content-Type $text/css',
+            'FilterProvider COMPRESS  DEFLATE resp=Content-Type $text/plain',
+            'FilterProvider COMPRESS  DEFLATE resp=Content-Type $text/xml',
+            'FilterChain COMPRESS',
+            'FilterProtocol COMPRESS  DEFLATE change=yes;byteranges=no',
+          ],
+          'rewrite_base'                => '/',
+          'rewrite_rule'                => '^index\.html$ welcome.html',
+          'rewrite_cond'                => '%{HTTP_USER_AGENT} ^MSIE',
+          'rewrite_inherit'             => true,
+          'setenv'                      => ['FOO=/bin/true'],
+          'setenvif'                    => 'Request_URI "\.gif$" object_is_image=gif',
+          'setenvifnocase'              => 'REMOTE_ADDR ^127.0.0.1 localhost=true',
+          'block'                       => 'scm',
+          'wsgi_application_group'      => '%{GLOBAL}',
+          'wsgi_daemon_process'         => 'wsgi',
+          'wsgi_daemon_process_options' => {
+            'processes'    => '2',
+            'threads'      => '15',
+            'display-name' => '%{GROUP}',
+          },
+          'wsgi_import_script'          => '/var/www/demo.wsgi',
+          'wsgi_import_script_options'  => {
+            'process-group'     => 'wsgi',
+            'application-group' => '%{GLOBAL}'
+          },
+          'wsgi_process_group'          => 'wsgi',
+          'wsgi_script_aliases'         => {
+            '/' => '/var/www/demo.wsgi'
+          },
+          'wsgi_script_aliases_match'   => {
+            '^/test/(^[/*)' => '/var/www/demo.wsgi'
+          },
+          'wsgi_pass_authorization'     => 'On',
+          'custom_fragment'             => '#custom string',
+          'itk'                         => {
+            'user'  => 'someuser',
+            'group' => 'somegroup'
+          },
+          'wsgi_chunked_request'        => 'On',
+          'action'                      => 'foo',
+          'fastcgi_server'              => 'localhost',
+          'fastcgi_socket'              => '/tmp/fastcgi.socket',
+          'fastcgi_dir'                 => '/tmp',
+          'fastcgi_idle_timeout'        => '120',
+          'additional_includes'         => '/custom/path/includes',
+          'apache_version'              => '2.4',
+          'use_optional_includes'       => true,
+          'suexec_user_group'           => 'root root',
+          'allow_encoded_slashes'       => 'nodecode',
+          'passenger_app_root'          => '/usr/share/myapp',
+          'passenger_app_env'           => 'test',
+          'passenger_ruby'              => '/usr/bin/ruby1.9.1',
+          'passenger_min_instances'     => '1',
+          'passenger_max_requests'      => '1000',
+          'passenger_start_timeout'     => '600',
+          'passenger_pre_start'         => 'http://localhost/myapp',
+          'passenger_high_performance'  => true,
+          'passenger_user'              => 'sandbox',
+          'passenger_nodejs'            => '/usr/bin/node',
+          'passenger_sticky_sessions'   => true,
+          'passenger_startup_file'      => 'bin/www',
+          'add_default_charset'         => 'UTF-8',
+          'jk_mounts'                   => [
+            { 'mount'   => '/*',     'worker' => 'tcnode1', },
+            { 'unmount' => '/*.jpg', 'worker' => 'tcnode1', },
+          ],
+          'auth_kerb'                   => true,
+          'krb_method_negotiate'        => 'off',
+          'krb_method_k5passwd'         => 'off',
+          'krb_authoritative'           => 'off',
+          'krb_auth_realms'             => ['EXAMPLE.ORG','EXAMPLE.NET'],
+          'krb_5keytab'                 => '/tmp/keytab5',
+          'krb_local_user_mapping'      => 'off',
+	  'http_protocol_options'       => 'Strict LenientMethods Allow0.9',
+          'keepalive'                   => 'on',
+          'keepalive_timeout'           => '100',
+          'max_keepalive_requests'      => '1000',
+        }
+      end
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '7',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :kernelversion          => '3.6.2',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to compile }
+      it { is_expected.to_not contain_file('/var/www/foo') }
+      it { is_expected.to contain_class('apache::mod::ssl') }
+      it { is_expected.to contain_file('ssl.conf').with(
+        :content => /^\s+SSLHonorCipherOrder On$/ ) }
+      it { is_expected.to contain_file('ssl.conf').with(
+        :content => /^\s+SSLPassPhraseDialog builtin$/ ) }
+      it { is_expected.to contain_file('ssl.conf').with(
+        :content => /^\s+SSLSessionCacheTimeout 300$/ ) }
+      it { is_expected.to contain_class('apache::mod::mime') }
+      it { is_expected.to contain_class('apache::mod::vhost_alias') }
+      it { is_expected.to contain_class('apache::mod::wsgi') }
+      it { is_expected.to contain_class('apache::mod::suexec') }
+      it { is_expected.to contain_class('apache::mod::passenger') }
+      it { is_expected.to contain_file('/var/www/logs').with({
+        'ensure' => 'directory',
+        'mode'   => '0600',
+      })
+      }
+      it { is_expected.to contain_class('apache::mod::rewrite') }
+      it { is_expected.to contain_class('apache::mod::alias') }
+      it { is_expected.to contain_class('apache::mod::proxy') }
+      it { is_expected.to contain_class('apache::mod::proxy_http') }
+      it { is_expected.to contain_class('apache::mod::passenger') }
+      it { is_expected.to contain_class('apache::mod::passenger') }
+      it { is_expected.to contain_class('apache::mod::fastcgi') }
+      it { is_expected.to contain_class('apache::mod::headers') }
+      it { is_expected.to contain_class('apache::mod::filter') }
+      it { is_expected.to contain_class('apache::mod::env') }
+      it { is_expected.to contain_class('apache::mod::setenvif') }
+      it { is_expected.to contain_concat('30-rspec.example.com.conf').with({
+        'owner'   => 'root',
+        'mode'    => '0644',
+        'require' => 'Package[httpd]',
+        'notify'  => 'Class[Apache::Service]',
+      })
+      }
+      it { is_expected.to contain_file('30-rspec.example.com.conf symlink').with({
+        'ensure' => 'link',
+        'path'   => '/etc/apache2/sites-enabled/30-rspec.example.com.conf',
+      })
+      }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-aliases') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-itk') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-fallbackresource') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+<Proxy "\*">$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Include\s'\/custom\/path\/includes'$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+          :content => /^\s+Include\s'\/custom\/path\/another_includes'$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Require valid-user$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Require all denied$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Require all granted$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+<RequireAll>$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+<\/RequireAll>$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Require all-valid1$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Require all-valid2$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+<RequireNone>$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+<\/RequireNone>$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Require none-valid1$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Require none-valid2$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+<RequireAny>$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+<\/RequireAny>$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Require any-valid1$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Require any-valid2$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Options\sIndexes\sFollowSymLinks\sMultiViews$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+IndexOptions\sFancyIndexing$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+IndexStyleSheet\s'\/styles\/style\.css'$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+DirectoryIndex\sdisabled$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+SetOutputFilter\soutput_filter$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+<Limit GET HEAD>$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /\s+<Limit GET HEAD>\s*Require valid-user\s*<\/Limit>/m ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+<LimitExcept GET HEAD>$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /\s+<LimitExcept GET HEAD>\s*Require valid-user\s*<\/LimitExcept>/m ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Dav\sfilesystem$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+DavDepthInfinity\sOn$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+DavMinTimeout\s600$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-logging') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-access_log') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-action') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-block') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+              /retry=0/) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+              /timeout=5/) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+              /SetEnv force-proxy-request-1.0 1/) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+              /SetEnv proxy-nokeepalive 1/) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+              /noquery interpolate/) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+              /ProxyPreserveHost On/) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+              /ProxyAddHeaders On/) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+              /ProxyPassReverseCookiePath\s+\/a\s+http:\/\//) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+              /ProxyPassReverseCookieDomain\s+foo\s+http:\/\/foo/) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-rack') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite').with(
+        :content => /^\s+RewriteOptions Inherit$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-scriptalias') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content(
+              %r{SetEnv FOO=/bin/true}) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content(
+              %r{SetEnvIf Request_URI "\\.gif\$" object_is_image=gif}) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content(
+              %r{SetEnvIfNoCase REMOTE_ADDR \^127.0.0.1 localhost=true}) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-ssl').with(
+        :content => /^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with(
+        :content => /^\s+SSLProxyEngine On$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with(
+        :content => /^\s+SSLProxyCheckPeerCN\s+on$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with(
+        :content => /^\s+SSLProxyCheckPeerName\s+on$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with(
+        :content => /^\s+SSLProxyCheckPeerExpire\s+on$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with(
+        :content => /^\s+SSLProxyProtocol\s+TLSv1.2$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-header') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-filters').with(
+        :content => /^\s+FilterDeclare COMPRESS$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-requestheader') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-wsgi') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-fastcgi') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-suexec') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-allow_encoded_slashes') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-security') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-jk_mounts').with(
+        :content => /^\s+JkMount\s+\/\*\s+tcnode1$/)}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-jk_mounts').with(
+        :content => /^\s+JkUnMount\s+\/\*\.jpg\s+tcnode1$/)}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
+        :content => /^\s+KrbMethodNegotiate\soff$/)}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
+        :content => /^\s+KrbAuthoritative\soff$/)}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
+        :content => /^\s+KrbAuthRealms\sEXAMPLE.ORG\sEXAMPLE.NET$/)}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
+        :content => /^\s+Krb5Keytab\s\/tmp\/keytab5$/)}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
+        :content => /^\s+KrbLocalUserMapping\soff$/)}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
+        :content => /^\s+KrbServiceName\sHTTP$/)}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
+        :content => /^\s+KrbSaveCredentials\soff$/)}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
+        :content => /^\s+KrbVerifyKDC\son$/)}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-http_protocol_options').with(
+        :content => /^\s*HttpProtocolOptions\s+Strict\s+LenientMethods\s+Allow0\.9$/)}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with(
+        :content => /^\s+KeepAlive\son$/)}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with(
+        :content => /^\s+KeepAliveTimeout\s100$/)}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with(
+        :content => /^\s+MaxKeepAliveRequests\s1000$/)}
+    end
+    context 'vhost with multiple ip addresses' do
+      let :params do
+        {
+          'port'                        => '80',
+          'ip'                          => ['127.0.0.1','::1'],
+          'ip_based'                    => true,
+          'servername'                  => 'example.com',
+          'docroot'                     => '/var/www/html',
+          'add_listen'                  => true,
+          'ensure'                      => 'present'
+        }
+      end
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '7',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :kernelversion          => '3.6.2',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to compile }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with(
+        :content => /[.\/m]*<VirtualHost 127.0.0.1:80 \[::1\]:80>[.\/m]*$/ ) }
+      it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') }
+      it { is_expected.to contain_concat__fragment('Listen [::1]:80') }
+      it { is_expected.to_not contain_concat__fragment('NameVirtualHost 127.0.0.1:80') }
+      it { is_expected.to_not contain_concat__fragment('NameVirtualHost [::1]:80') }
+    end
+
+    context 'vhost with multiple ports' do
+      let :params do
+        {
+          'port'                        => ['80', '8080'],
+          'ip'                          => '127.0.0.1',
+          'ip_based'                    => true,
+          'servername'                  => 'example.com',
+          'docroot'                     => '/var/www/html',
+          'add_listen'                  => true,
+          'ensure'                      => 'present'
+        }
+      end
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '7',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :kernelversion          => '3.6.2',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to compile }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with(
+        :content => /[.\/m]*<VirtualHost 127.0.0.1:80 127.0.0.1:8080>[.\/m]*$/ ) }
+      it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') }
+      it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:8080') }
+      it { is_expected.to_not contain_concat__fragment('NameVirtualHost 127.0.0.1:80') }
+      it { is_expected.to_not contain_concat__fragment('NameVirtualHost 127.0.0.1:8080') }
+    end
+
+    context 'vhost with multiple ip addresses, multiple ports' do
+      let :params do
+        {
+          'port'                        => ['80', '8080'],
+          'ip'                          => ['127.0.0.1','::1'],
+          'ip_based'                    => true,
+          'servername'                  => 'example.com',
+          'docroot'                     => '/var/www/html',
+          'add_listen'                  => true,
+          'ensure'                      => 'present'
+        }
+      end
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '7',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :kernelversion          => '3.6.2',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to compile }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with(
+        :content => /[.\/m]*<VirtualHost 127.0.0.1:80 127.0.0.1:8080 \[::1\]:80 \[::1\]:8080>[.\/m]*$/ ) }
+      it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') }
+      it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:8080') }
+      it { is_expected.to contain_concat__fragment('Listen [::1]:80') }
+      it { is_expected.to contain_concat__fragment('Listen [::1]:8080') }
+      it { is_expected.to_not contain_concat__fragment('NameVirtualHost 127.0.0.1:80') }
+      it { is_expected.to_not contain_concat__fragment('NameVirtualHost 127.0.0.1:8080') }
+      it { is_expected.to_not contain_concat__fragment('NameVirtualHost [::1]:80') }
+      it { is_expected.to_not contain_concat__fragment('NameVirtualHost [::1]:8080') }
+    end
+
+    context 'vhost with ipv6 address' do
+      let :params do
+        {
+          'port'                        => '80',
+          'ip'                          => '::1',
+          'ip_based'                    => true,
+          'servername'                  => 'example.com',
+          'docroot'                     => '/var/www/html',
+          'add_listen'                  => true,
+          'ensure'                      => 'present'
+        }
+      end
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '7',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :kernelversion          => '3.6.2',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to compile }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with(
+        :content => /[.\/m]*<VirtualHost \[::1\]:80>[.\/m]*$/ ) }
+      it { is_expected.to contain_concat__fragment('Listen [::1]:80') }
+      it { is_expected.to_not contain_concat__fragment('NameVirtualHost [::1]:80') }
+    end
+
+    context 'vhost with wildcard ip address' do
+      let :params do
+        {
+          'port'                        => '80',
+          'ip'                          => '*',
+          'ip_based'                    => true,
+          'servername'                  => 'example.com',
+          'docroot'                     => '/var/www/html',
+          'add_listen'                  => true,
+          'ensure'                      => 'present'
+        }
+      end
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '7',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :kernelversion          => '3.6.2',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to compile }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with(
+        :content => /[.\/m]*<VirtualHost \*:80>[.\/m]*$/ ) }
+      it { is_expected.to contain_concat__fragment('Listen *:80') }
+      it { is_expected.to_not contain_concat__fragment('NameVirtualHost *:80') }
+    end
+
+    context 'modsec_audit_log' do
+      let :params do
+        {
+          'docroot'          => '/rspec/docroot',
+          'modsec_audit_log' => true,
+        }
+      end
+      it { is_expected.to compile }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-security').with(
+        :content => /^\s*SecAuditLog "\/var\/log\/apache2\/rspec\.example\.com_security\.log"$/ ) }
+    end
+    context 'modsec_audit_log_file' do
+      let :params do
+        {
+          'docroot'               => '/rspec/docroot',
+          'modsec_audit_log_file' => 'foo.log',
+        }
+      end
+      it { is_expected.to compile }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-security').with(
+        :content => /\s*SecAuditLog "\/var\/log\/apache2\/foo.log"$/ ) }
+    end
+    context 'set only aliases' do
+      let :params do
+        {
+          'docroot' => '/rspec/docroot',
+          'aliases' => [
+            {
+              'alias' => '/alias',
+              'path'  => '/rspec/docroot',
+            },
+          ]
+        }
+      end
+      it { is_expected.to contain_class('apache::mod::alias')}
+    end
+    context 'proxy_pass_match' do
+      let :params do
+        {
+          'docroot'          => '/rspec/docroot',
+          'proxy_pass_match'            => [
+            {
+              'path'     => '.*',
+              'url'      => 'http://backend-a/',
+              'params'   => { 'timeout' => 300 },
+            }
+          ],
+        }
+      end
+      it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+              /ProxyPassMatch .* http:\/\/backend-a\/ timeout=300/).with_content(/## Proxy rules/) }
+    end
+    context 'proxy_dest_match' do
+      let :params do
+        {
+          'docroot'          => '/rspec/docroot',
+          'proxy_dest_match' => '/'
+        }
+      end
+      it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(/## Proxy rules/) }
+    end
+    context 'not everything can be set together...' do
+      let :params do
+        {
+          'access_log_pipe' => '/dev/null',
+          'error_log_pipe'  => '/dev/null',
+          'docroot'         => '/var/www/foo',
+          'ensure'          => 'absent',
+          'manage_docroot'  => true,
+          'logroot'         => '/tmp/logroot',
+          'logroot_ensure'  => 'absent',
+          'directories'     => [
+            {
+              'path'     => '/var/www/files',
+              'provider' => 'files',
+              'allow'    => [ 'from 127.0.0.1', 'from 127.0.0.2', ],
+              'deny'     => [ 'from 127.0.0.3', 'from 127.0.0.4', ],
+              'satisfy'  => 'any',
+            },
+            {
+              'path'     => '/var/www/foo',
+              'provider' => 'files',
+              'allow'    => 'from 127.0.0.5',
+              'deny'     => 'from all',
+              'order'    => 'deny,allow',
+            },
+          ],
+
+        }
+      end
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '6',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :kernelversion          => '3.6.2',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to compile }
+      it { is_expected.to_not contain_class('apache::mod::ssl') }
+      it { is_expected.to_not contain_class('apache::mod::mime') }
+      it { is_expected.to_not contain_class('apache::mod::vhost_alias') }
+      it { is_expected.to_not contain_class('apache::mod::wsgi') }
+      it { is_expected.to_not contain_class('apache::mod::passenger') }
+      it { is_expected.to_not contain_class('apache::mod::suexec') }
+      it { is_expected.to_not contain_class('apache::mod::rewrite') }
+      it { is_expected.to_not contain_class('apache::mod::alias') }
+      it { is_expected.to_not contain_class('apache::mod::proxy') }
+      it { is_expected.to_not contain_class('apache::mod::proxy_http') }
+      it { is_expected.to_not contain_class('apache::mod::passenger') }
+      it { is_expected.to_not contain_class('apache::mod::headers') }
+      it { is_expected.to contain_file('/var/www/foo') }
+      it { is_expected.to contain_file('/tmp/logroot').with({
+        'ensure' => 'absent',
+      })
+      }
+      it { is_expected.to contain_concat('25-rspec.example.com.conf').with({
+        'ensure' => 'absent',
+      })
+      }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-aliases') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-itk') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-fallbackresource') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Allow from 127\.0\.0\.1$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Allow from 127\.0\.0\.2$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Allow from 127\.0\.0\.5$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Deny from 127\.0\.0\.3$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Deny from 127\.0\.0\.4$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Deny from all$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Satisfy any$/ ) }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Order deny,allow$/ ) }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-additional_includes') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-logging') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-access_log') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-action') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-block') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-error_document') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-proxy') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-rack') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-redirect') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-rewrite') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-scriptalias') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-serveralias') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-setenv') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-ssl') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-sslproxy') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-suphp') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-php_admin') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-header') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-requestheader') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-wsgi') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-custom_fragment') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-fastcgi') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-suexec') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-charsets') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-limits') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') }
+    end
+    context 'when not setting nor managing the docroot' do
+      let :params do
+        {
+          'docroot'                     => false,
+          'manage_docroot'              => false,
+        }
+      end
+      it { is_expected.to compile }
+      it { is_expected.not_to contain_concat__fragment('rspec.example.com-docroot') }
+    end
+    context 'ssl_proxyengine without ssl' do
+      let :params do
+        {
+          'docroot'         => '/rspec/docroot',
+          'ssl'             => false,
+          'ssl_proxyengine' => true,
+        }
+      end
+      it { is_expected.to compile }
+      it { is_expected.not_to contain_concat__fragment('rspec.example.com-ssl') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy') }
+    end
+    context 'ssl_proxy_protocol without ssl_proxyengine' do
+      let :params do
+        {
+          'docroot'            => '/rspec/docroot',
+          'ssl'                => true,
+          'ssl_proxyengine'    => false,
+          'ssl_proxy_protocol' => 'TLSv1.2',
+        }
+      end
+      it { is_expected.to compile }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') }
+      it { is_expected.not_to contain_concat__fragment('rspec.example.com-sslproxy') }
+    end
+  end
+  describe 'access logs' do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    context 'single log file' do
+      let(:params) do
+        {
+          'docroot'         => '/rspec/docroot',
+          'access_log_file' => 'my_log_file',
+        }
+      end
+      it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with(
+        :content => /^\s+CustomLog.*my_log_file" combined\s*$/
+      )}
+    end
+    context 'single log file with environment' do
+      let(:params) do
+        {
+          'docroot'            => '/rspec/docroot',
+          'access_log_file'    => 'my_log_file',
+          'access_log_env_var' => 'prod'
+        }
+      end
+      it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with(
+        :content => /^\s+CustomLog.*my_log_file" combined\s+env=prod$/
+      )}
+    end
+    context 'multiple log files' do
+      let(:params) do
+        {
+          'docroot'     => '/rspec/docroot',
+          'access_logs' => [
+            { 'file' => '/tmp/log1', 'env' => 'dev' },
+            { 'file' => 'log2' },
+            { 'syslog' => 'syslog', 'format' => '%h %l' }
+          ],
+        }
+      end
+      it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with(
+        :content => /^\s+CustomLog "\/tmp\/log1"\s+combined\s+env=dev$/
+      )}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with(
+        :content => /^\s+CustomLog "\/var\/log\/httpd\/log2"\s+combined\s*$/
+      )}
+      it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with(
+        :content => /^\s+CustomLog "syslog" "%h %l"\s*$/
+      )}
+    end
+  end # access logs
+  describe 'validation' do
+    let :default_facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :is_pe                  => false,
+      }
+    end
+    context 'bad ensure' do
+      let :params do
+        {
+          'docroot' => '/rspec/docroot',
+          'ensure'  => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad suphp_engine' do
+      let :params do
+        {
+          'docroot'      => '/rspec/docroot',
+          'suphp_engine' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad ip_based' do
+      let :params do
+        {
+          'docroot'  => '/rspec/docroot',
+          'ip_based' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad access_log' do
+      let :params do
+        {
+          'docroot'    => '/rspec/docroot',
+          'access_log' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad error_log' do
+      let :params do
+        {
+          'docroot'   => '/rspec/docroot',
+          'error_log' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad_ssl' do
+      let :params do
+        {
+          'docroot' => '/rspec/docroot',
+          'ssl'     => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad default_vhost' do
+      let :params do
+        {
+          'docroot'       => '/rspec/docroot',
+          'default_vhost' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad ssl_proxyengine' do
+      let :params do
+        {
+          'docroot'         => '/rspec/docroot',
+          'ssl_proxyengine' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad rewrites' do
+      let :params do
+        {
+          'docroot'  => '/rspec/docroot',
+          'rewrites' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad rewrites 2' do
+      let :params do
+        {
+          'docroot'  => '/rspec/docroot',
+          'rewrites' => ['bogus'],
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'empty rewrites' do
+      let :params do
+        {
+          'docroot'  => '/rspec/docroot',
+          'rewrites' => [],
+        }
+      end
+      let :facts do default_facts end
+      it { is_expected.to compile }
+    end
+    context 'bad suexec_user_group' do
+      let :params do
+        {
+          'docroot'           => '/rspec/docroot',
+          'suexec_user_group' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad wsgi_script_alias' do
+      let :params do
+        {
+          'docroot'           => '/rspec/docroot',
+          'wsgi_script_alias' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad wsgi_daemon_process_options' do
+      let :params do
+        {
+          'docroot'                     => '/rspec/docroot',
+          'wsgi_daemon_process_options' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad wsgi_import_script_alias' do
+      let :params do
+        {
+          'docroot'                  => '/rspec/docroot',
+          'wsgi_import_script_alias' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad itk' do
+      let :params do
+        {
+          'docroot' => '/rspec/docroot',
+          'itk'     => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad logroot_ensure' do
+      let :params do
+        {
+          'docroot'   => '/rspec/docroot',
+          'log_level' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad log_level' do
+      let :params do
+        {
+          'docroot'   => '/rspec/docroot',
+          'log_level' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'access_log_file and access_log_pipe' do
+      let :params do
+        {
+          'docroot'         => '/rspec/docroot',
+          'access_log_file' => 'bogus',
+          'access_log_pipe' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'error_log_file and error_log_pipe' do
+      let :params do
+        {
+          'docroot'        => '/rspec/docroot',
+          'error_log_file' => 'bogus',
+          'error_log_pipe' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad fallbackresource' do
+      let :params do
+        {
+          'docroot'          => '/rspec/docroot',
+          'fallbackresource' => 'bogus',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad custom_fragment' do
+      let :params do
+        {
+          'docroot'         => '/rspec/docroot',
+          'custom_fragment' => true,
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'bad access_logs' do
+      let :params do
+        {
+          'docroot'     => '/rspec/docroot',
+          'access_logs' => '/var/log/somewhere',
+        }
+      end
+      let :facts do default_facts end
+      it { expect { is_expected.to compile }.to raise_error }
+    end
+    context 'default of require all granted' do
+      let :params do
+        {
+          'docroot'         => '/var/www/foo',
+          'directories'     => [
+            {
+              'path'     => '/var/www/foo/files',
+              'provider' => 'files',
+            },
+          ],
+
+        }
+      end
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '7',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :kernelversion          => '3.19.2',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to compile }
+      it { is_expected.to contain_concat('25-rspec.example.com.conf') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Require all granted$/ ) }
+    end
+    context 'require unmanaged' do
+      let :params do
+        {
+          'docroot'         => '/var/www/foo',
+          'directories'     => [
+            {
+              'path'     => '/var/www/foo',
+              'require'  => 'unmanaged',
+            },
+          ],
+
+        }
+      end
+      let :facts do
+        {
+          :osfamily               => 'RedHat',
+          :operatingsystemrelease => '7',
+          :concat_basedir         => '/dne',
+          :operatingsystem        => 'RedHat',
+          :id                     => 'root',
+          :kernel                 => 'Linux',
+          :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+          :kernelversion          => '3.19.2',
+          :is_pe                  => false,
+        }
+      end
+
+      it { is_expected.to compile }
+      it { is_expected.to contain_concat('25-rspec.example.com.conf') }
+      it { is_expected.to contain_concat__fragment('rspec.example.com-directories') }
+      it { is_expected.to_not contain_concat__fragment('rspec.example.com-directories').with(
+        :content => /^\s+Require all granted$/ )
+      }
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/fixtures/files/negotiation.conf b/modules/services/unix/http/apache_stretch_compatible/apache/spec/fixtures/files/negotiation.conf
new file mode 100644
index 000000000..c0bb8b9fd
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/fixtures/files/negotiation.conf
@@ -0,0 +1,4 @@
+# This is a file only for spec testing
+
+LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
+ForceLanguagePriority Prefer Fallback
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/fixtures/files/spec b/modules/services/unix/http/apache_stretch_compatible/apache/spec/fixtures/files/spec
new file mode 100644
index 000000000..76e9a1446
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/fixtures/files/spec
@@ -0,0 +1 @@
+# This is a file only for spec testing
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/fixtures/site_apache/templates/fake.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/fixtures/site_apache/templates/fake.conf.erb
new file mode 100644
index 000000000..019debfe4
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/fixtures/site_apache/templates/fake.conf.erb
@@ -0,0 +1 @@
+Fake template for rspec.
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/fixtures/templates/negotiation.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/fixtures/templates/negotiation.conf.erb
new file mode 100644
index 000000000..557502246
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/fixtures/templates/negotiation.conf.erb
@@ -0,0 +1,4 @@
+# This is a template only for spec testing
+
+LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
+ForceLanguagePriority Prefer Fallback
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/spec_helper.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/spec_helper.rb
new file mode 100644
index 000000000..22d5d689f
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/spec_helper.rb
@@ -0,0 +1,8 @@
+#This file is generated by ModuleSync, do not edit.
+require 'puppetlabs_spec_helper/module_spec_helper'
+
+# put local configuration and setup into spec_helper_local
+begin
+  require 'spec_helper_local'
+rescue LoadError
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/spec_helper_acceptance.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/spec_helper_acceptance.rb
new file mode 100644
index 000000000..c652104c2
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/spec_helper_acceptance.rb
@@ -0,0 +1,77 @@
+require 'beaker-rspec/spec_helper'
+require 'beaker-rspec/helpers/serverspec'
+require 'beaker/puppet_install_helper'
+require 'beaker/module_install_helper'
+
+run_puppet_install_helper
+install_module_on(hosts)
+install_module_dependencies_on(hosts)
+
+RSpec.configure do |c|
+  c.filter_run :focus => true
+  c.run_all_when_everything_filtered = true
+  # apache on Ubuntu 10.04 and 12.04 doesn't like IPv6 VirtualHosts, so we skip ipv6 tests on those systems
+  if fact('operatingsystem') == 'Ubuntu' and (fact('operatingsystemrelease') == '10.04' or fact('operatingsystemrelease') == '12.04')
+    c.filter_run_excluding :ipv6 => true
+  end
+
+  # Readable test descriptions
+  c.formatter = :documentation
+
+  # detect the situation where PUP-5016 is triggered and skip the idempotency tests in that case
+  # also note how fact('puppetversion') is not available because of PUP-4359
+  if fact('osfamily') == 'Debian' && fact('operatingsystemmajrelease') == '8' && shell('puppet --version').stdout =~ /^4\.2/
+    c.filter_run_excluding :skip_pup_5016 => true
+  end
+
+  # Configure all nodes in nodeset
+  c.before :suite do
+    # net-tools required for netstat utility being used by be_listening
+    if fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') == '7'
+      pp = <<-EOS
+        package { 'net-tools': ensure => installed }
+      EOS
+
+      apply_manifest_on(agents, pp, :catch_failures => false)
+    end
+
+    if fact('osfamily') == 'Debian'
+      # Make sure snake-oil certs are installed.
+      shell 'apt-get install -y ssl-cert'
+    end
+
+    # Install module and dependencies
+    hosts.each do |host|
+      # Required for mod_passenger tests.
+      if fact('osfamily') == 'RedHat'
+        on host, puppet('module','install','stahnma/epel')
+        on host, puppet('module','install','puppetlabs/inifile')
+        #we need epel installed, so we can get plugins, wsgi, mime ...
+        pp = <<-EOS
+          class { 'epel': }
+        EOS
+
+        apply_manifest_on(host, pp, :catch_failures => true)
+      end
+
+      # Required for manifest to make mod_pagespeed repository available
+      if fact('osfamily') == 'Debian'
+        on host, puppet('module','install','puppetlabs-apt')
+      end
+
+      # Make sure selinux is disabled so the tests work.
+      on host, puppet('apply', '-e',
+                        %{"exec { 'setenforce 0': path   => '/bin:/sbin:/usr/bin:/usr/sbin', onlyif => 'which setenforce && getenforce | grep Enforcing', }"})
+    end
+  end
+end
+
+shared_examples "a idempotent resource" do
+  it 'should apply with no errors' do
+    apply_manifest(pp, :catch_failures => true)
+  end
+
+  it 'should apply a second time without changes', :skip_pup_5016 do
+    apply_manifest(pp, :catch_changes => true)
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/spec_helper_local.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/spec_helper_local.rb
new file mode 100644
index 000000000..d861a1c49
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/spec_helper_local.rb
@@ -0,0 +1,39 @@
+RSpec.configure do |c|
+  c.before :each do
+    # Ensure that we don't accidentally cache facts and environment
+    # between test cases.
+    Facter::Util::Loader.any_instance.stubs(:load_all)
+    Facter.clear
+    Facter.clear_messages
+  end
+end
+
+RSpec.configure do |config|
+  config.filter_run focus: true
+  config.run_all_when_everything_filtered = true
+  #as soon as psh is updated, the following line can be removed
+  config.mock_with :rspec
+end
+
+shared_examples :compile, :compile => true do
+  it { should compile.with_all_deps }
+end
+
+shared_examples 'a mod class, without including apache' do
+   let :facts do
+    {
+      :id                        => 'root',
+      :lsbdistcodename           => 'squeeze',
+      :kernel                    => 'Linux',
+      :osfamily                  => 'Debian',
+      :operatingsystem           => 'Debian',
+      :operatingsystemrelease    => '6',
+      :operatingsystemmajrelease => nil,
+      :path                      => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+      :concat_basedir            => '/dne',
+      :is_pe                     => false,
+      :hardwaremodel             => 'x86_64',
+    }
+  end
+  it { should compile.with_all_deps }
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/unit/apache_version_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/unit/apache_version_spec.rb
new file mode 100644
index 000000000..2036449fd
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/unit/apache_version_spec.rb
@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+describe Facter::Util::Fact do
+  before do
+    Facter.clear
+  end
+
+  describe 'apache_version' do
+    context 'with value' do
+      before :each do
+        expect(Facter::Util::Resolution).to receive(:which).with('apachectl') { true }
+        expect(Facter::Util::Resolution).to receive(:exec).with('apachectl -v 2>&1') {'Server version: Apache/2.4.16 (Unix)
+                                                                                  Server built:   Jul 31 2015 15:53:26'}
+      end
+      it do
+        expect(Facter.fact(:apache_version).value).to eq('2.4.16')
+      end
+    end
+  end
+
+  describe 'apache_version with empty OS' do
+    context 'with value' do
+      before :each do
+        expect(Facter::Util::Resolution).to receive(:which).with('apachectl') { true }
+        expect(Facter::Util::Resolution).to receive(:exec).with('apachectl -v 2>&1') {'Server version: Apache/2.4.6 ()
+                                                                                  Server built:   Nov 21 2015 05:34:59' }
+      end
+      it do
+        expect(Facter.fact(:apache_version).value).to eq('2.4.6')
+      end
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/unit/provider/a2mod/gentoo_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/unit/provider/a2mod/gentoo_spec.rb
new file mode 100644
index 000000000..1bccc94d1
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/unit/provider/a2mod/gentoo_spec.rb
@@ -0,0 +1,182 @@
+require 'spec_helper'
+
+provider_class = Puppet::Type.type(:a2mod).provider(:gentoo)
+
+describe provider_class do
+  before :each do
+    provider_class.clear
+  end
+
+  [:conf_file, :instances, :modules, :initvars, :conf_file, :clear].each do |method|
+    it "should respond to the class method #{method}" do
+      expect(provider_class).to respond_to(method)
+    end
+  end
+
+  describe "when fetching modules" do
+    before do
+      @filetype = double()
+    end
+
+    it "should return a sorted array of the defined parameters" do
+      expect(@filetype).to receive(:read) { %Q{APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n} }
+      expect(provider_class).to receive(:filetype) { @filetype }
+
+      expect(provider_class.modules).to eq(%w{bar baz foo})
+    end
+
+    it "should cache the module list" do
+      expect(@filetype).to receive(:read).once { %Q{APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n} }
+      expect(provider_class).to receive(:filetype).once { @filetype }
+
+      2.times { expect(provider_class.modules).to eq(%w{bar baz foo}) }
+    end
+
+    it "should normalize parameters" do
+      @filetype.expects(:read).returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAR"\n})
+      provider_class.expects(:filetype).returns(@filetype)
+
+      expect(provider_class.modules).to eq(%w{bar foo})
+    end
+  end
+
+  describe "when prefetching" do
+    it "should match providers to resources" do
+      provider = double("ssl_provider", :name => "ssl")
+      resource = double("ssl_resource")
+      resource.expects(:provider=).with(provider)
+
+      expect(provider_class).to receive(:instances) { [provider] }
+      provider_class.prefetch("ssl" => resource)
+    end
+  end
+
+  describe "when flushing" do
+    before :each do
+      @filetype = double()
+      allow(@filetype).to receive(:backup)
+      allow(provider_class).to receive(:filetype).at_least(:once) { @filetype }
+
+      @info = double()
+      allow(@info).to receive(:[]).with(:name) { "info" }
+      allow(@info).to receive(:provider=)
+
+      @mpm = double()
+      allow(@mpm).to receive(:[]).with(:name) { "mpm" }
+      allow(@mpm).to receive(:provider=)
+
+      @ssl = double()
+      allow(@ssl).to receive(:[]).with(:name) { "ssl" }
+      allow(@ssl).to receive(:provider=)
+    end
+
+    it "should add modules whose ensure is present" do
+      expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS=""} }
+      expect(@filetype).to receive(:write).with(%Q{APACHE2_OPTS="-D INFO"})
+
+      allow(@info).to receive(:should).with(:ensure) { :present }
+      provider_class.prefetch("info" => @info)
+
+      provider_class.flush
+    end
+
+    it "should remove modules whose ensure is present" do
+      expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS="-D INFO"} }
+      expect(@filetype).to receive(:write).with(%Q{APACHE2_OPTS=""})
+
+      allow(@info).to receive(:should).with(:ensure) { :absent }
+      allow(@info).to receive(:provider=)
+      provider_class.prefetch("info" => @info)
+
+      provider_class.flush
+    end
+
+    it "should not modify providers without resources" do
+      expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS="-D INFO -D MPM"} }
+      expect(@filetype).to receive(:write).with(%Q{APACHE2_OPTS="-D MPM -D SSL"})
+
+      allow(@info).to receive(:should).with(:ensure) { :absent }
+      provider_class.prefetch("info" => @info)
+
+      allow(@ssl).to receive(:should).with(:ensure) { :present }
+      provider_class.prefetch("ssl" => @ssl)
+
+      provider_class.flush
+    end
+
+    it "should write the modules in sorted order" do
+      expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS=""} }
+      expect(@filetype).to receive(:write).with(%Q{APACHE2_OPTS="-D INFO -D MPM -D SSL"})
+
+      allow(@mpm).to receive(:should).with(:ensure) { :present }
+      provider_class.prefetch("mpm" => @mpm)
+      allow(@info).to receive(:should).with(:ensure) { :present }
+      provider_class.prefetch("info" => @info)
+      allow(@ssl).to receive(:should).with(:ensure) { :present }
+      provider_class.prefetch("ssl" => @ssl)
+
+      provider_class.flush
+    end
+
+    it "should write the records back once" do
+      expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS=""} }
+      expect(@filetype).to receive(:write).once.with(%Q{APACHE2_OPTS="-D INFO -D SSL"})
+
+      allow(@info).to receive(:should).with(:ensure) { :present }
+      provider_class.prefetch("info" => @info)
+
+      allow(@ssl).to receive(:should).with(:ensure) { :present }
+      provider_class.prefetch("ssl" => @ssl)
+
+      provider_class.flush
+    end
+
+    it "should only modify the line containing APACHE2_OPTS" do
+      expect(@filetype).to receive(:read).at_least(:once) { %Q{# Comment\nAPACHE2_OPTS=""\n# Another comment} }
+      expect(@filetype).to receive(:write).once.with(%Q{# Comment\nAPACHE2_OPTS="-D INFO"\n# Another comment})
+
+      allow(@info).to receive(:should).with(:ensure) { :present }
+      provider_class.prefetch("info" => @info)
+      provider_class.flush
+    end
+
+    it "should restore any arbitrary arguments" do
+      expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS="-Y -D MPM -X"} }
+      expect(@filetype).to receive(:write).once.with(%Q{APACHE2_OPTS="-Y -X -D INFO -D MPM"})
+
+      allow(@info).to receive(:should).with(:ensure) { :present }
+      provider_class.prefetch("info" => @info)
+      provider_class.flush
+    end
+
+    it "should backup the file once if changes were made" do
+      expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS=""} }
+      expect(@filetype).to receive(:write).once.with(%Q{APACHE2_OPTS="-D INFO -D SSL"})
+
+      allow(@info).to receive(:should).with(:ensure) { :present }
+      provider_class.prefetch("info" => @info)
+
+      allow(@ssl).to receive(:should).with(:ensure) { :present }
+      provider_class.prefetch("ssl" => @ssl)
+
+      @filetype.unstub(:backup)
+      @filetype.expects(:backup)
+      provider_class.flush
+    end
+
+    it "should not write the file or run backups if no changes were made" do
+      expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS="-X -D INFO -D SSL -Y"} }
+      expect(@filetype).to receive(:write).never
+
+      allow(@info).to receive(:should).with(:ensure) { :present }
+      provider_class.prefetch("info" => @info)
+
+      allow(@ssl).to receive(:should).with(:ensure) { :present }
+      provider_class.prefetch("ssl" => @ssl)
+
+      @filetype.unstub(:backup)
+      @filetype.expects(:backup).never
+      provider_class.flush
+    end
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/unit/puppet/parser/functions/bool2httpd_spec.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/unit/puppet/parser/functions/bool2httpd_spec.rb
new file mode 100644
index 000000000..19d35e592
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/unit/puppet/parser/functions/bool2httpd_spec.rb
@@ -0,0 +1,53 @@
+require 'spec_helper'
+
+describe "the bool2httpd function" do
+  let(:scope) { PuppetlabsSpec::PuppetInternals.scope }
+
+  it "should exist" do
+    expect(Puppet::Parser::Functions.function("bool2httpd")).to eq("function_bool2httpd")
+  end
+
+  it "should raise a ParseError if there is less than 1 arguments" do
+    expect { scope.function_bool2httpd([]) }.to( raise_error(Puppet::ParseError))
+  end
+
+  it "should convert true to 'On'" do
+    result = scope.function_bool2httpd([true])
+    expect(result).to(eq('On'))
+  end
+
+  it "should convert true to a string" do
+    result = scope.function_bool2httpd([true])
+    expect(result.class).to(eq(String))
+  end
+
+  it "should convert false to 'Off'" do
+    result = scope.function_bool2httpd([false])
+    expect(result).to(eq('Off'))
+  end
+
+  it "should convert false to a string" do
+    result = scope.function_bool2httpd([false])
+    expect(result.class).to(eq(String))
+  end
+
+  it "should accept (and return) any string" do
+    result = scope.function_bool2httpd(["mail"])
+    expect(result).to(eq('mail'))
+  end
+
+  it "should accept a nil value (and return Off)" do
+    result = scope.function_bool2httpd([nil])
+    expect(result).to(eq('Off'))
+  end
+
+  it "should accept an undef value (and return 'Off')" do
+    result = scope.function_bool2httpd([:undef])
+    expect(result).to(eq('Off'))
+  end
+
+  it "should return a default value on non-matches" do
+    result = scope.function_bool2httpd(['foo'])
+    expect(result).to(eq('foo'))
+  end
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/spec/unit/puppet/parser/functions/validate_apache_log_level.rb b/modules/services/unix/http/apache_stretch_compatible/apache/spec/unit/puppet/parser/functions/validate_apache_log_level.rb
new file mode 100644
index 000000000..dfef66eea
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/spec/unit/puppet/parser/functions/validate_apache_log_level.rb
@@ -0,0 +1,39 @@
+#! /usr/bin/env ruby -S rspec
+require 'spec_helper'
+
+describe "the validate_apache_log_level function" do
+  let(:scope) { PuppetlabsSpec::PuppetInternals.scope }
+
+  it "should exist" do
+    expect(Puppet::Parser::Functions.function("validate_apache_log_level")).to eq("function_validate_apache_log_level")
+  end
+
+  it "should raise a ParseError if there is less than 1 arguments" do
+    expect { scope.function_validate_apache_log_level([]) }.to( raise_error(Puppet::ParseError) )
+  end
+
+  it "should raise a ParseError when given garbage" do
+    expect { scope.function_validate_apache_log_level(['garbage']) }.to( raise_error(Puppet::ParseError) )
+  end
+
+  it "should not raise a ParseError when given a plain log level" do
+    expect { scope.function_validate_apache_log_level(['info']) }.to_not raise_error 
+  end
+
+  it "should not raise a ParseError when given a log level and module log level" do
+    expect { scope.function_validate_apache_log_level(['warn ssl:info']) }.to_not raise_error 
+  end
+
+  it "should not raise a ParseError when given a log level and module log level" do
+    expect { scope.function_validate_apache_log_level(['warn mod_ssl.c:info']) }.to_not raise_error 
+  end
+
+  it "should not raise a ParseError when given a log level and module log level" do
+    expect { scope.function_validate_apache_log_level(['warn ssl_module:info']) }.to_not raise_error 
+  end
+
+  it "should not raise a ParseError when given a trace level" do
+    expect { scope.function_validate_apache_log_level(['trace4']) }.to_not raise_error 
+  end
+
+end
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/httpd.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/httpd.conf.erb
index b19d8da81..d5b31c738 100755
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/httpd.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/httpd.conf.erb
@@ -1,7 +1,7 @@
 # Security
 ServerTokens <%= @server_tokens %>
-ServerSignature <%= scope.call_function('apache::bool2httpd', [@server_signature]) %>
-TraceEnable <%= scope.call_function('apache::bool2httpd', [@trace_enable]) %>
+ServerSignature <%= scope.function_bool2httpd([@server_signature]) %>
+TraceEnable <%= scope.function_bool2httpd([@trace_enable]) %>
 
 ServerName "<%= @servername %>"
 ServerRoot "<%= @server_root %>"
@@ -11,22 +11,11 @@ KeepAlive <%= @keepalive %>
 MaxKeepAliveRequests <%= @max_keepalive_requests %>
 KeepAliveTimeout <%= @keepalive_timeout %>
 LimitRequestFieldSize <%= @limitreqfieldsize %>
-LimitRequestFields <%= @limitreqfields %>
-<%# Actually >= 2.4.24, but the minor version is not provided -%>
+# Actually >= 2.4.24, but the minor version is not provided
 <%- if @http_protocol_options and scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
 HttpProtocolOptions <%= @http_protocol_options %>
 <%- end -%>
 
-<%# Actually >= 2.4.17, but the minor version is not provided -%>
-<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
-  <%- unless @protocols.empty? -%>
-Protocols <%= @protocols.join(' ') %>
-  <%- end -%>
-  <%- unless @protocols_honor_order.nil? -%>
-ProtocolsHonorOrder <%= scope.call_function('apache::bool2httpd', [@protocols_honor_order]) %>
-  <%- end -%>
-<%- end -%>
-
 <%- if @rewrite_lock and scope.function_versioncmp([@apache_version, '2.2']) <= 0 -%>
 RewriteLock <%= @rewrite_lock %>
 <%- end -%>
@@ -35,7 +24,7 @@ User <%= @user %>
 Group <%= @group %>
 
 AccessFileName .htaccess
-<FilesMatch "^\.ht">
+<FilesMatch <%= "\"^\.ht\"" %>>
 <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
     Require all denied
 <%- else -%>
@@ -65,7 +54,7 @@ AddDefaultCharset <%= @default_charset %>
 <%- if scope.function_versioncmp([@apache_version, '2.4']) < 0 -%>
 DefaultType <%= @default_type %>
 <%- end -%>
-HostnameLookups <%= @hostname_lookups %>
+HostnameLookups Off
 <%- if /^[|\/]/.match(@error_log) || /^syslog:/.match(@error_log) -%>
 ErrorLog "<%= @error_log %>"
 <%- else -%>
@@ -79,9 +68,6 @@ AllowEncodedSlashes <%= @allow_encoded_slashes %>
 <%- if @file_e_tag -%>
 FileETag <%= @file_e_tag %>
 <%- end -%>
-<%- if @use_canonical_name -%>
-UseCanonicalName <%= @use_canonical_name %>
-<%- end -%>
 
 #Listen 80
 
@@ -99,10 +85,10 @@ Include "<%= @mod_load_dir %>/*.conf"
 Include "<%= @ports_file %>"
 
 <% unless @log_formats.has_key?('combined') -%>
-LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
 <% end -%>
 <% unless @log_formats.has_key?('common') -%>
-LogFormat "%a %l %u %t \"%r\" %>s %b" common
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
 <% end -%>
 <% unless @log_formats.has_key?('referer') -%>
 LogFormat "%{Referer}i -> %U" referer
@@ -119,9 +105,6 @@ LogFormat "<%= format -%>" <%= nickname %>
   <%- end -%>
 <% end -%>
 
-<%- if @conf_enabled and scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
-IncludeOptional "<%= @conf_enabled %>/*.conf"
-<%- end -%>
 <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
 IncludeOptional "<%= @confd_dir %>/*.conf"
 <%- else -%>
@@ -134,18 +117,12 @@ IncludeOptional "<%= @vhost_load_dir %>/<%= @vhost_include_pattern %>"
 Include "<%= @vhost_load_dir %>/<%= @vhost_include_pattern %>"
 <%- end -%>
 <% end -%>
-<% if @ldap_verify_server_cert -%>
-LDAPVerifyServerCert <%= @ldap_verify_server_cert %>
-<% end -%>
-<% if @ldap_trusted_mode -%>
-LDAPTrustedMode <%= @ldap_trusted_mode %>
-<% end -%>
 
 <% if @error_documents -%>
 # /usr/share/apache2/error on debian
 Alias /error/ "<%= @error_documents_path %>/"
 
-<Directory "<%= @error_documents_path %>">
+<Directory <%= "\"#{@error_documents_path}\"" %>>
   AllowOverride None
   Options IncludesNoExec
   AddOutputFilter Includes html
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/alias.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/alias.conf.erb
index 313fdf9d1..8580f707c 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/alias.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/alias.conf.erb
@@ -1,5 +1,5 @@
 <IfModule alias_module>
-Alias /<%= @icons_prefix %>/ "<%= @icons_path %>/"
+Alias /icons/ "<%= @icons_path %>/"
 <Directory "<%= @icons_path %>">
     Options <%= @icons_options %>
     AllowOverride None
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/autoindex.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/autoindex.conf.erb
index e097f9c9b..ef6bbebea 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/autoindex.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/autoindex.conf.erb
@@ -1,56 +1,56 @@
 IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
-AddIconByEncoding (CMP,/<%= @icons_prefix %>/compressed.gif) x-compress x-gzip x-bzip2
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
 
-AddIconByType (TXT,/<%= @icons_prefix %>/text.gif) text/*
-AddIconByType (IMG,/<%= @icons_prefix %>/image2.gif) image/*
-AddIconByType (SND,/<%= @icons_prefix %>/sound2.gif) audio/*
-AddIconByType (VID,/<%= @icons_prefix %>/movie.gif) video/*
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
 
-AddIcon /<%= @icons_prefix %>/binary.gif .bin .exe
-AddIcon /<%= @icons_prefix %>/binhex.gif .hqx
-AddIcon /<%= @icons_prefix %>/tar.gif .tar
-AddIcon /<%= @icons_prefix %>/world2.gif .wrl .wrl.gz .vrml .vrm .iv
-AddIcon /<%= @icons_prefix %>/compressed.gif .Z .z .tgz .gz .zip
-AddIcon /<%= @icons_prefix %>/a.gif .ps .ai .eps
-AddIcon /<%= @icons_prefix %>/layout.gif .html .shtml .htm .pdf
-AddIcon /<%= @icons_prefix %>/text.gif .txt
-AddIcon /<%= @icons_prefix %>/c.gif .c
-AddIcon /<%= @icons_prefix %>/p.gif .pl .py
-AddIcon /<%= @icons_prefix %>/f.gif .for
-AddIcon /<%= @icons_prefix %>/dvi.gif .dvi
-AddIcon /<%= @icons_prefix %>/uuencoded.gif .uu
-AddIcon /<%= @icons_prefix %>/script.gif .conf .sh .shar .csh .ksh .tcl
-AddIcon /<%= @icons_prefix %>/tex.gif .tex
-AddIcon /<%= @icons_prefix %>/bomb.gif /core
-AddIcon (SND,/<%= @icons_prefix %>/sound2.gif) .ogg
-AddIcon (VID,/<%= @icons_prefix %>/movie.gif) .ogm
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif /core
+AddIcon (SND,/icons/sound2.gif) .ogg
+AddIcon (VID,/icons/movie.gif) .ogm
 
-AddIcon /<%= @icons_prefix %>/back.gif ..
-AddIcon /<%= @icons_prefix %>/hand.right.gif README
-AddIcon /<%= @icons_prefix %>/folder.gif ^^DIRECTORY^^
-AddIcon /<%= @icons_prefix %>/blank.gif ^^BLANKICON^^
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
 
-AddIcon /<%= @icons_prefix %>/odf6odt<%= @icon_suffix %>.png .odt
-AddIcon /<%= @icons_prefix %>/odf6ods<%= @icon_suffix %>.png .ods
-AddIcon /<%= @icons_prefix %>/odf6odp<%= @icon_suffix %>.png .odp
-AddIcon /<%= @icons_prefix %>/odf6odg<%= @icon_suffix %>.png .odg
-AddIcon /<%= @icons_prefix %>/odf6odc<%= @icon_suffix %>.png .odc
-AddIcon /<%= @icons_prefix %>/odf6odf<%= @icon_suffix %>.png .odf
-AddIcon /<%= @icons_prefix %>/odf6odb<%= @icon_suffix %>.png .odb
-AddIcon /<%= @icons_prefix %>/odf6odi<%= @icon_suffix %>.png .odi
-AddIcon /<%= @icons_prefix %>/odf6odm<%= @icon_suffix %>.png .odm
+AddIcon /icons/odf6odt-20x22.png .odt
+AddIcon /icons/odf6ods-20x22.png .ods
+AddIcon /icons/odf6odp-20x22.png .odp
+AddIcon /icons/odf6odg-20x22.png .odg
+AddIcon /icons/odf6odc-20x22.png .odc
+AddIcon /icons/odf6odf-20x22.png .odf
+AddIcon /icons/odf6odb-20x22.png .odb
+AddIcon /icons/odf6odi-20x22.png .odi
+AddIcon /icons/odf6odm-20x22.png .odm
 
-AddIcon /<%= @icons_prefix %>/odf6ott<%= @icon_suffix %>.png .ott
-AddIcon /<%= @icons_prefix %>/odf6ots<%= @icon_suffix %>.png .ots
-AddIcon /<%= @icons_prefix %>/odf6otp<%= @icon_suffix %>.png .otp
-AddIcon /<%= @icons_prefix %>/odf6otg<%= @icon_suffix %>.png .otg
-AddIcon /<%= @icons_prefix %>/odf6otc<%= @icon_suffix %>.png .otc
-AddIcon /<%= @icons_prefix %>/odf6otf<%= @icon_suffix %>.png .otf
-AddIcon /<%= @icons_prefix %>/odf6oti<%= @icon_suffix %>.png .oti
-AddIcon /<%= @icons_prefix %>/odf6oth<%= @icon_suffix %>.png .oth
+AddIcon /icons/odf6ott-20x22.png .ott
+AddIcon /icons/odf6ots-20x22.png .ots
+AddIcon /icons/odf6otp-20x22.png .otp
+AddIcon /icons/odf6otg-20x22.png .otg
+AddIcon /icons/odf6otc-20x22.png .otc
+AddIcon /icons/odf6otf-20x22.png .otf
+AddIcon /icons/odf6oti-20x22.png .oti
+AddIcon /icons/odf6oth-20x22.png .oth
 
-DefaultIcon /<%= @icons_prefix %>/unknown.gif
+DefaultIcon /icons/unknown.gif
 ReadmeName README.html
 HeaderName HEADER.html
 
-IndexIgnore .??* *~ *# HEADER.html README.html RCS CVS *,v *,t
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/cluster.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/cluster.conf.erb
index d2f9d52e4..58229a88a 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/cluster.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/cluster.conf.erb
@@ -8,10 +8,10 @@ Listen <%= @ip %>:<%= @port %>
 
   KeepAliveTimeout <%= @keep_alive_timeout %>
   MaxKeepAliveRequests <%= @max_keep_alive_requests %>
-  EnableMCPMReceive <%= scope.call_function('apache::bool2httpd', [@enable_mcpm_receive]) %>
+  EnableMCPMReceive <%= scope.function_bool2httpd([@enable_mcpm_receive]) %>
 
   ManagerBalancerName <%= @balancer_name %>
-  ServerAdvertise <%= scope.call_function('apache::bool2httpd', [@server_advertise]) %>
+  ServerAdvertise <%= scope.function_bool2httpd([@server_advertise]) %>
   <%- if @server_advertise == true and @advertise_frequency != nil -%>
   AdvertiseFrequency <%= @advertise_frequency %>
   <%- end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/disk_cache.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/disk_cache.conf.erb
index c97ee7662..b1b460e52 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/disk_cache.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/disk_cache.conf.erb
@@ -1,9 +1,4 @@
-<% if @default_cache_enable -%>
 CacheEnable disk /
-<% end -%>
 CacheRoot "<%= @_cache_root %>"
 CacheDirLevels 2
 CacheDirLength 1
-<% if @cache_ignore_headers -%>
-CacheIgnoreHeaders <%= @cache_ignore_headers -%>
-<% end -%>
\ No newline at end of file
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/expires.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/expires.conf.erb
index a864c6ca1..7660cfcd0 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/expires.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/expires.conf.erb
@@ -1,4 +1,4 @@
-ExpiresActive <%= scope.call_function('apache::bool2httpd', [@expires_active]) %>
+ExpiresActive <%= scope.function_bool2httpd([@expires_active]) %>
 <%- if ! @expires_default.nil? and ! @expires_default.empty? -%>
 ExpiresDefault "<%= @expires_default %>"
 <%- end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/geoip.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/geoip.conf.erb
index a99bee048..00e61d98b 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/geoip.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/geoip.conf.erb
@@ -1,4 +1,4 @@
-GeoIPEnable <%= scope.call_function('apache::bool2httpd', [@enable]) %>
+GeoIPEnable <%= scope.function_bool2httpd([@enable]) %>
 
 <%- if @db_file and ! [ false, 'false', '' ].include?(@db_file) -%>
     <%- if @db_file.kind_of?(Array) -%>
@@ -11,15 +11,15 @@ GeoIPDBFile <%= @db_file %> <%= @flag %>
 <%- end -%>
 GeoIPOutput <%= @output %>
 <% if ! @enable_utf8.nil? -%>
-GeoIPEnableUTF8 <%= scope.call_function('apache::bool2httpd', [@enable_utf8]) %>
+GeoIPEnableUTF8 <%= scope.function_bool2httpd([@enable_utf8]) %>
 <% end -%>
 <% if ! @scan_proxy_headers.nil? -%>
-GeoIPScanProxyHeaders <%= scope.call_function('apache::bool2httpd', [@scan_proxy_headers]) %>
+GeoIPScanProxyHeaders <%= scope.function_bool2httpd([@scan_proxy_headers]) %>
 <% end -%>
 <% if ! @scan_proxy_header_field.nil? -%>
 GeoIPScanProxyHeaderField <%= @scan_proxy_header_field %>
 <% end -%>
 <% if ! @use_last_xforwarededfor_ip.nil? -%>
-GeoIPUseLastXForwardedForIP <%= scope.call_function('apache::bool2httpd', [@use_last_xforwarededfor_ip]) %>
+GeoIPUseLastXForwardedForIP <%= scope.function_bool2httpd([@use_last_xforwarededfor_ip]) %>
 <% end -%>
 
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/itk.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/itk.conf.erb
index 4abade8fb..f45f2b35d 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/itk.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/itk.conf.erb
@@ -5,7 +5,4 @@
   ServerLimit         <%= @serverlimit %>
   MaxClients          <%= @maxclients %>
   MaxRequestsPerChild <%= @maxrequestsperchild %>
-  <%- if (not @enablecapabilities.nil?) && (scope.function_versioncmp([@_apache_version, '2.4']) >= 0) -%>
-  EnableCapabilities  <%= scope.call_function('apache::bool2httpd', [@enablecapabilities]) %>
-  <%- end -%>
 </IfModule>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/ldap.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/ldap.conf.erb
index 7c2dac5e9..5ac0c1c54 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/ldap.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/ldap.conf.erb
@@ -1,4 +1,4 @@
-<Location <%= @ldap_path %>>
+<Location /ldap-status>
     SetHandler ldap-status
     <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
     Require ip 127.0.0.1 ::1
@@ -12,9 +12,6 @@
 <% if @ldap_trusted_global_cert_file -%>
 LDAPTrustedGlobalCert <%= @ldap_trusted_global_cert_type %> <%= @ldap_trusted_global_cert_file %>
 <% end -%>
-<% if @ldap_trusted_mode -%>
-LDAPTrustedMode <%= @ldap_trusted_mode %>
-<% end -%>
 <%- if @ldap_shared_cache_size -%>
 LDAPSharedCacheSize <%= @ldap_shared_cache_size %>
 <%- end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/passenger.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/passenger.conf.erb
index f7078db92..03ff534d2 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/passenger.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/passenger.conf.erb
@@ -1,259 +1,61 @@
 # The Passenger Apache module configuration file is being
 # managed by Puppet and changes will be overwritten.
 <IfModule mod_passenger.c>
-  <%- if @passenger_allow_encoded_slashes -%>
-  PassengerAllowEncodedSlashes <%= @passenger_allow_encoded_slashes %>
-  <%- end -%>
-  <%- if @passenger_anonymous_telemetry_proxy -%>
-  PassengerAnonymousTelemetryProxy <%= @passenger_anonymous_telemetry_proxy %>
-  <%- end -%>
-  <%- if @passenger_app_env -%>
-  PassengerAppEnv <%= @passenger_app_env %>
-  <%- end -%>
-  <%- if @passenger_app_group_name -%>
-  PassengerAppGroupName <%= @passenger_app_group_name %>
-  <%- end -%>
-  <%- if @passenger_app_root -%>
-  PassengerAppRoot "<%= @passenger_app_root %>"
-  <%- end -%>
-  <%- if @passenger_app_type -%>
-  PassengerAppType <%= @passenger_app_type %>
-  <%- end -%>
-  <%- if @passenger_base_uri -%>
-  PassengerBaseURI <%= @passenger_base_uri %>
-  <%- end -%>
-  <%- if @passenger_buffer_response -%>
-  PassengerBufferResponse <%= @passenger_buffer_response %>
-  <%- end -%>
-  <%- if @passenger_buffer_upload -%>
-  PassengerBufferUpload <%= @passenger_buffer_upload %>
-  <%- end -%>
-  <%- if @passenger_concurrency_model -%>
-  PassengerConcurrencyModel <%= @passenger_concurrency_model %>
-  <%- end -%>
-  <%- if @passenger_data_buffer_dir -%>
-  PassengerDataBufferDir "<%= @passenger_data_buffer_dir %>"
-  <%- end -%>
-  <%- if @passenger_debug_log_file -%>
-  PassengerDebugLogFile <%= @passenger_debug_log_file %>
-  <%- end -%>
-  <%- if @passenger_debugger -%>
-  PassengerDebugger <%= @passenger_debugger %>
-  <%- end -%>
-  <%- if @passenger_default_group -%>
-  PassengerDefaultGroup <%= @passenger_default_group %>
-  <%- end -%>
-  <%- if @passenger_default_ruby -%>
-  PassengerDefaultRuby "<%= @passenger_default_ruby %>"
-  <%- end -%>
-  <%- if @passenger_default_user -%>
-  PassengerDefaultUser <%= @passenger_default_user %>
-  <%- end -%>
-  <%- unless @passenger_disable_anonymous_telemetry.nil? -%>
-  PassengerDisableAnonymousTelemetry <%= scope.call_function('apache::bool2httpd', [@passenger_disable_anonymous_telemetry]) %>
-  <%- end -%>
-  <%- unless @passenger_disable_log_prefix.nil? -%>
-  PassengerDisableLogPrefix <%= scope.call_function('apache::bool2httpd', [@passenger_disable_log_prefix]) %>
-  <%- end -%>
-  <%- if @passenger_disable_security_update_check -%>
-  PassengerDisableSecurityUpdateCheck <%= @passenger_disable_security_update_check %>
-  <%- end -%>
-  <%- if @passenger_enabled -%>
-  PassengerEnabled <%= @passenger_enabled %>
-  <%- end -%>
-  <%- if @passenger_error_override -%>
-  PassengerErrorOverride <%= @passenger_error_override %>
-  <%- end -%>
-  <%- if @passenger_file_descriptor_log_file -%>
-  PassengerFileDescriptorLogFile "<%= @passenger_file_descriptor_log_file %>"
-  <%- end -%>
-  <%- if @passenger_fly_with -%>
-  PassengerFlyWith "<%= @passenger_fly_with %>"
-  <%- end -%>
-  <%- if @passenger_force_max_concurrent_requests_per_process -%>
-  PassengerForceMaxConcurrentRequestsPerProcess <%= @passenger_force_max_concurrent_requests_per_process %>
-  <%- end -%>
-  <%- if @passenger_friendly_error_pages -%>
-  PassengerFriendlyErrorPages <%= @passenger_friendly_error_pages %>
-  <%- end -%>
-  <%- if @passenger_group -%>
-  PassengerGroup <%= @passenger_group %>
-  <%- end -%>
-  <%- if @passenger_high_performance -%>
-  PassengerHighPerformance <%= @passenger_high_performance %>
-  <%- end -%>
-  <%- if @passenger_instance_registry_dir -%>
-  PassengerInstanceRegistryDir "<%= @passenger_instance_registry_dir %>"
-  <%- end -%>
-  <%- if @passenger_load_shell_envvars -%>
-  PassengerLoadShellEnvvars <%= @passenger_load_shell_envvars %>
-  <%- end -%>
-  <%- if @passenger_log_file -%>
-  PassengerLogFile "<%= @passenger_log_file %>"
-  <%- end -%>
-  <%- if @passenger_log_level -%>
-  PassengerLogLevel <%= @passenger_log_level %>
-  <%- end -%>
-  <%- if @passenger_lve_min_uid -%>
-  PassengerLveMinUid <%= @passenger_lve_min_uid %>
-  <%- end -%>
-  <%- if @passenger_max_instances -%>
-  PassengerMaxInstances <%= @passenger_max_instances %>
-  <%- end -%>
-  <%- if @passenger_max_instances_per_app -%>
-  PassengerMaxInstancesPerApp <%= @passenger_max_instances_per_app %>
-  <%- end -%>
-  <%- if @passenger_max_pool_size -%>
-  PassengerMaxPoolSize <%= @passenger_max_pool_size %>
-  <%- end -%>
-  <%- if @passenger_max_preloader_idle_time -%>
-  PassengerMaxPreloaderIdleTime <%= @passenger_max_preloader_idle_time %>
-  <%- end -%>
-  <%- if @passenger_max_request_queue_size -%>
-  PassengerMaxRequestQueueSize <%= @passenger_max_request_queue_size %>
-  <%- end -%>
-  <%- if @passenger_max_request_time -%>
-  PassengerMaxRequestTime <%= @passenger_max_request_time %>
-  <%- end -%>
-  <%- if @passenger_max_requests -%>
-  PassengerMaxRequests <%= @passenger_max_requests %>
-  <%- end -%>
-  <%- if @passenger_memory_limit -%>
-  PassengerMemoryLimit <%= @passenger_memory_limit %>
-  <%- end -%>
-  <%- if @passenger_meteor_app_settings -%>
-  PassengerMeteorAppSettings "<%= @passenger_meteor_app_settings %>"
-  <%- end -%>
-  <%- if @passenger_min_instances -%>
-  PassengerMinInstances <%= @passenger_min_instances %>
-  <%- end -%>
-  <%- if @passenger_nodejs -%>
-  PassengerNodejs "<%= @passenger_nodejs %>"
-  <%- end -%>
-  <%- if @passenger_pool_idle_time -%>
-  PassengerPoolIdleTime <%= @passenger_pool_idle_time %>
-  <%- end -%>
-  <%- if @passenger_pre_start -%>
-    <%- [@passenger_pre_start].flatten.compact.each do |passenger_pre_start| -%>
-  PassengerPreStart <%= passenger_pre_start %>
-    <%- end -%>
-  <%- end -%>
-  <%- if @passenger_python -%>
-  PassengerPython "<%= @passenger_python %>"
-  <%- end -%>
-  <%- if @passenger_resist_deployment_errors -%>
-  PassengerResistDeploymentErrors <%= @passenger_resist_deployment_errors %>
-  <%- end -%>
-  <%- if @passenger_resolve_symlinks_in_document_root -%>
-  PassengerResolveSymlinksInDocumentRoot <%= @passenger_resolve_symlinks_in_document_root %>
-  <%- end -%>
-  <%- if @passenger_response_buffer_high_watermark -%>
-  PassengerResponseBufferHighWatermark <%= @passenger_response_buffer_high_watermark %>
-  <%- end -%>
-  <%- if @passenger_restart_dir -%>
-  PassengerRestartDir "<%= @passenger_restart_dir %>"
-  <%- end -%>
-  <%- if @passenger_rolling_restarts -%>
-  PassengerRollingRestarts <%= @passenger_rolling_restarts %>
-  <%- end -%>
   <%- if @passenger_root -%>
   PassengerRoot "<%= @passenger_root %>"
   <%- end -%>
   <%- if @passenger_ruby -%>
   PassengerRuby "<%= @passenger_ruby %>"
   <%- end -%>
-  <%- if @passenger_security_update_check_proxy -%>
-  PassengerSecurityUpdateCheckProxy <%= @passenger_security_update_check_proxy %>
+  <%- if @passenger_default_ruby -%>
+  PassengerDefaultRuby "<%= @passenger_default_ruby %>"
   <%- end -%>
-  <%- if @passenger_show_version_in_header -%>
-  PassengerShowVersionInHeader <%= @passenger_show_version_in_header %>
+  <%- if @passenger_high_performance -%>
+  PassengerHighPerformance <%= @passenger_high_performance %>
   <%- end -%>
-  <%- if @passenger_socket_backlog -%>
-  PassengerSocketBacklog <%= @passenger_socket_backlog %>
+  <%- if @passenger_max_pool_size -%>
+  PassengerMaxPoolSize <%= @passenger_max_pool_size %>
   <%- end -%>
-  <%- if @passenger_spawn_dir -%>
-  PassengerSpawnDir "<%= @passenger_spawn_dir %>"
+  <%- if @passenger_min_instances -%>
+  PassengerMinInstances <%= @passenger_min_instances %>
+  <%- end -%>
+  <%- if @passenger_max_instances_per_app -%>
+  PassengerMaxInstancesPerApp <%= @passenger_max_instances_per_app %>
+  <%- end -%>
+  <%- if @passenger_pool_idle_time -%>
+  PassengerPoolIdleTime <%= @passenger_pool_idle_time %>
+  <%- end -%>
+  <%- if @passenger_max_request_queue_size -%>
+  PassengerMaxRequestQueueSize <%= @passenger_max_request_queue_size %>
+  <%- end -%>
+  <%- if @passenger_max_requests -%>
+  PassengerMaxRequests <%= @passenger_max_requests %>
   <%- end -%>
   <%- if @passenger_spawn_method -%>
   PassengerSpawnMethod <%= @passenger_spawn_method %>
   <%- end -%>
-  <%- if @passenger_start_timeout -%>
-  PassengerStartTimeout <%= @passenger_start_timeout %>
-  <%- end -%>
-  <%- if @passenger_startup_file -%>
-  PassengerStartupFile "<%= @passenger_startup_file %>"
-  <%- end -%>
   <%- if @passenger_stat_throttle_rate -%>
   PassengerStatThrottleRate <%= @passenger_stat_throttle_rate %>
   <%- end -%>
-  <%- if @passenger_sticky_sessions -%>
-  PassengerStickySessions <%= @passenger_sticky_sessions %>
-  <%- end -%>
-  <%- if @passenger_sticky_sessions_cookie_name -%>
-  PassengerStickySessionsCookieName <%= @passenger_sticky_sessions_cookie_name %>
-  <%- end -%>
-  <%- if @passenger_sticky_sessions_cookie_attributes -%>
-  PassengerStickySessionsCookieAttributes "<%= @passenger_sticky_sessions_cookie_attributes %>"
-  <%- end -%>
-  <%- if @passenger_thread_count -%>
-  PassengerThreadCount <%= @passenger_thread_count %>
-  <%- end -%>
-  <%- if @passenger_use_global_queue -%>
-  PassengerUseGlobalQueue <%= @passenger_use_global_queue %>
-  <%- end -%>
-  <%- if @passenger_user -%>
-  PassengerUser <%= @passenger_user %>
-  <%- end -%>
-  <%- if @passenger_user_switching -%>
-  PassengerUserSwitching <%= @passenger_user_switching %>
-  <%- end -%>
-  <%- if @rack_auto_detect -%>
-  RackAutoDetect <%= @rack_auto_detect %>
-  <%- end -%>
-  <%- if @rack_base_uri -%>
-  RackBaseURI <%= @rack_base_uri %>
-  <%- end -%>
-  <%- if @rack_env -%>
-  RackEnv <%= @rack_env %>
-  <%- end -%>
-  <%- if @rails_allow_mod_rewrite -%>
-  RailsAllowModRewrite <%= @rails_allow_mod_rewrite %>
-  <%- end -%>
-  <%- if @rails_app_spawner_idle_time -%>
-  RailsAppSpawnerIdleTime <%= @rails_app_spawner_idle_time %>
-  <%- end -%>
-  <%- if @rails_auto_detect -%>
-  RailsAutoDetect <%= @rails_auto_detect %>
-  <%- end -%>
-  <%- if @rails_base_uri -%>
-  RailsBaseURI <%= @rails_base_uri %>
-  <%- end -%>
-  <%- if @rails_default_user -%>
-  RailsDefaultUser <%= @rails_default_user %>
-  <%- end -%>
-  <%- if @rails_env -%>
-  RailsEnv <%= @rails_env %>
-  <%- end -%>
-  <%- if @rails_framework_spawner_idle_time -%>
-  RailsFrameworkSpawnerIdleTime <%= @rails_framework_spawner_idle_time %>
-  <%- end -%>
-  <%- if @rails_ruby -%>
-  RailsRuby <%= @rails_ruby %>
-  <%- end -%>
-  <%- if @rails_spawn_method -%>
-  RailsSpawnMethod <%= @rails_spawn_method %>
-  <%- end -%>
-  <%- if @rails_user_switching -%>
-  RailsUserSwitching <%= @rails_user_switching %>
-  <%- end -%>
-  <%- if @wsgi_auto_detect -%>
-  WsgiAutoDetect <%= @wsgi_auto_detect %>
-  <%- end -%>
-  <%- if @rails_autodetect -%>
-  RailsAutoDetect <%= @rails_autodetect %>
-  <%- end -%>
   <%- if @rack_autodetect -%>
   RackAutoDetect <%= @rack_autodetect %>
   <%- end -%>
-
+  <%- if @rails_autodetect -%>
+  RailsAutoDetect <%= @rails_autodetect %>
+  <%- end -%>
+  <%- if @passenger_use_global_queue -%>
+  PassengerUseGlobalQueue <%= @passenger_use_global_queue %>
+  <%- end -%>
+  <%- if @passenger_app_env -%>
+  PassengerAppEnv <%= @passenger_app_env %>
+  <%- end -%>
+  <%- if @passenger_log_file -%>
+  PassengerLogFile <%= @passenger_log_file %>
+  <%- end -%>
+  <%- if @passenger_log_level -%>
+  PassengerLogLevel <%= @passenger_log_level %>
+  <%- end -%>
+  <%- if @passenger_data_buffer_dir -%>
+  PassengerDataBufferDir <%= @passenger_data_buffer_dir %>
+  <%- end -%>
 </IfModule>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/prefork.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/prefork.conf.erb
index 01f0b84f8..aabfdf7b2 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/prefork.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/prefork.conf.erb
@@ -3,15 +3,6 @@
   MinSpareServers     <%= @minspareservers %>
   MaxSpareServers     <%= @maxspareservers %>
   ServerLimit         <%= @serverlimit %>
-  <%- if @maxrequestworkers -%>
-  MaxRequestWorkers      <%= @maxrequestworkers %>
-  <%- elsif @maxclients -%>
-  MaxClients             <%= @maxclients %>
-  <%- end -%>
-  <%- if @maxconnectionsperchild -%>
-  MaxConnectionsPerChild <%= @maxconnectionsperchild %>
-  <%- elsif @maxrequestsperchild -%>
-  MaxRequestsPerChild    <%= @maxrequestsperchild %>
-  <%- end -%>
-  ListenBacklog       <%= @listenbacklog %>
+  MaxClients          <%= @maxclients %>
+  MaxRequestsPerChild <%= @maxrequestsperchild %>
 </IfModule>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/proxy.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/proxy.conf.erb
index 76968cb6f..d023c14e5 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/proxy.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/proxy.conf.erb
@@ -24,11 +24,4 @@
   # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
   # Set to one of: Off | On | Full | Block
   ProxyVia <%= @proxy_via %>
-
-  <%- if @proxy_timeout -%>
-  ProxyTimeout <%= @proxy_timeout %>
-  <%- end -%>
-  <%- if @proxy_iobuffersize -%>
-  ProxyIOBufferSize <%= @proxy_iobuffersize %>
-  <%- end -%>
 </IfModule>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/proxy_html.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/proxy_html.conf.erb
index 3cb8eca62..f2f0bc0ce 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/proxy_html.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/proxy_html.conf.erb
@@ -9,10 +9,9 @@ ProxyHTMLLinks  ins             cite
 ProxyHTMLLinks  del             cite
 ProxyHTMLLinks  form            action
 ProxyHTMLLinks  input           src usemap
-ProxyHTMLLinks  head            profile
-ProxyHTMLLinks  base            href
+ProxyHTMLLinks  head            profileProxyHTMLLinks  base            href
 ProxyHTMLLinks  script          src for
-ProxyHTMLLinks  meta            content
+ProxyHTMLLinks  base            href
 
 ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \
                 onmouseover onmousemove onmouseout onkeypress \
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/remoteip.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/remoteip.conf.erb
new file mode 100644
index 000000000..e10ebb51c
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/remoteip.conf.erb
@@ -0,0 +1,23 @@
+# Declare the header field which should be parsed for useragent IP addresses
+RemoteIPHeader <%= @header %>
+
+<%- if @proxy_ips -%>
+# Declare client intranet IP addresses trusted to present
+# the RemoteIPHeader value
+<%-   [@proxy_ips].flatten.each do |proxy| -%>
+RemoteIPInternalProxy <%= proxy %>
+<%-   end -%>
+<%- end -%>
+
+<%- if @proxies_header -%>
+# Declare the header field which will record all intermediate IP addresses
+RemoteIPProxiesHeader <%= @proxies_header %>
+<%- end -%>
+
+<%- if @trusted_proxy_ips -%>
+# Declare client intranet IP addresses trusted to present
+# the RemoteIPHeader value
+  <%- [@trusted_proxy_ips].flatten.each do |proxy| -%>
+RemoteIPTrustedProxy <%= proxy %>
+  <%- end -%>
+<%- end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/security.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/security.conf.erb
index 0302cebf3..638332e52 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/security.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/security.conf.erb
@@ -2,9 +2,6 @@
     # Default recommended configuration
     SecRuleEngine <%= @modsec_secruleengine %>
     SecRequestBodyAccess On
-  <%- if @custom_rules -%>
-    Include <%= @modsec_dir %>/custom_rules/*.conf
-  <%- end -%>
     SecRule REQUEST_HEADERS:Content-Type "text/xml" \
       "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
     SecRequestBodyLimit <%= @secrequestbodylimit %>
@@ -48,10 +45,7 @@
     SecAuditEngine RelevantOnly
     SecAuditLogRelevantStatus "<%= @audit_log_relevant_status %>"
     SecAuditLogParts <%= @audit_log_parts %>
-    SecAuditLogType <%= @audit_log_type %>
-    <%- if @audit_log_storage_dir -%>
-    SecAuditLogStorageDir <%= @audit_log_storage_dir %>
-    <%- end -%>
+    SecAuditLogType Serial
     SecArgumentSeparator &
     SecCookieFormat 0
 <%- if scope.lookupvar('::osfamily') == 'Debian' -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/ssl.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/ssl.conf.erb
index 94dc7bb82..5fa7bb9ba 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/ssl.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/ssl.conf.erb
@@ -13,31 +13,22 @@
   <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
   Mutex <%= @_ssl_mutex %>
     <%- if @ssl_compression -%>
-  SSLCompression <%= scope.call_function('apache::bool2httpd', [@ssl_compression]) %>
-    <%- end -%>
-    <%- unless @ssl_sessiontickets.nil? -%>
-  SSLSessionTickets <%= scope.call_function('apache::bool2httpd', [@ssl_sessiontickets]) %>
+  SSLCompression <%= scope.function_bool2httpd([@ssl_compression]) %>
     <%- end -%>
   <%- else -%>
   SSLMutex <%= @_ssl_mutex %>
   <%- end -%>
   SSLCryptoDevice <%= @ssl_cryptodevice %>
-  SSLHonorCipherOrder <%= scope.call_function('apache::bool2httpd', [@_ssl_honorcipherorder]) %>
-  <%- if @ssl_cert -%>
-  SSLCertificateFile      "<%= @ssl_cert %>"
-  <%- end -%>
-  <%- if @ssl_key -%>
-  SSLCertificateKeyFile   "<%= @ssl_key %>"
-  <%- end -%>
+  SSLHonorCipherOrder <%= scope.function_bool2httpd([@_ssl_honorcipherorder]) %>
   <%- if @ssl_ca -%>
   SSLCACertificateFile    "<%= @ssl_ca %>"
   <%- end -%>
 <% if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
-  SSLUseStapling <%= scope.call_function('apache::bool2httpd', [@ssl_stapling]) %>
+  SSLUseStapling <%= scope.function_bool2httpd([@ssl_stapling]) %>
   <%- if not @ssl_stapling_return_errors.nil? -%>
-  SSLStaplingReturnResponderErrors <%= scope.call_function('apache::bool2httpd', [@ssl_stapling_return_errors]) %>
+  SSLStaplingReturnResponderErrors <%= scope.function_bool2httpd([@ssl_stapling_return_errors]) %>
   <%- end -%>
-  SSLStaplingCache "shmcb:<%= @_stapling_cache %>"
+  SSLStaplingCache "shmcb:<%= @stapling_cache %>"
 <% end -%>
   SSLCipherSuite <%= @ssl_cipher %>
   SSLProtocol <%= @ssl_protocol.compact.join(' ') %>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/status.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/status.conf.erb
index 28cc55b4f..6a6b3daa2 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/status.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/status.conf.erb
@@ -1,13 +1,11 @@
 <Location <%= @status_path %>>
     SetHandler server-status
-    <%-# From Puppet 4.2 up, replace: -%>
-    <%-# "scope.function_template(["apache/mod/<Template>"])" -%>
-    <%-# with: -%>
-    <%-# "scope.call_function('template', ["apache/mod/<Template>"])" -%>
     <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%>
-<%= scope.function_template(["apache/mod/_require.erb"]) -%>
+    Require ip <%= Array(@allow_from).join(" ") %>
     <%- else -%>
-<%= scope.function_template(["apache/mod/_allow.erb"]) -%>
+    Order deny,allow
+    Deny from all
+    Allow from <%= Array(@allow_from).join(" ") %>
     <%- end -%>
 </Location>
 ExtendedStatus <%= @extended_status %>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/userdir.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/userdir.conf.erb
index 1ef99f69f..323a1af1d 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/userdir.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/userdir.conf.erb
@@ -2,10 +2,9 @@
 <% if @disable_root -%>
   UserDir disabled root
 <% end -%>
-  UserDir <%= @_userdir %>
+  UserDir <%= @_path %>
 
-<%- if ! @unmanaged_path -%>
-  <Directory "<%= @_path %>">
+  <Directory "<%= @home %>/*/<%= @dir %>">
     AllowOverride <%= @overrides.join(' ') %>
     Options <%= @options.join(' ') %>
     <Limit GET POST OPTIONS>
@@ -25,8 +24,4 @@
       <%- end -%>
     </LimitExcept>
   </Directory>
-<%- end -%>
-<%- if @custom_fragment -%>
-<%= @custom_fragment %>
-<%- end -%>
 </IfModule>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/wsgi.conf.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/wsgi.conf.erb
index 490f8b616..1d83e5a84 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/wsgi.conf.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/mod/wsgi.conf.erb
@@ -2,7 +2,7 @@
 # managed by Puppet an changes will be overwritten.
 <IfModule mod_wsgi.c>
   <%- if @wsgi_restrict_embedded -%>
-  WSGIRestrictEmbedded <%= scope.call_function('apache::bool2httpd', [@wsgi_restrict_embedded]) %>
+  WSGIRestrictEmbedded <%= scope.function_bool2httpd([@wsgi_restrict_embedded]) %>
   <%- end -%>
   <%- if @wsgi_socket_prefix -%>
   WSGISocketPrefix <%= @wsgi_socket_prefix %>
@@ -13,10 +13,4 @@
   <%- if @wsgi_python_path -%>
   WSGIPythonPath "<%= @wsgi_python_path %>"
   <%- end -%>
-  <%- if @wsgi_application_group -%>
-  WSGIApplicationGroup "<%= @wsgi_application_group %>"
-  <%- end -%>
-  <%- if @wsgi_python_optimize -%>
-  WSGIPythonOptimize <%= @wsgi_python_optimize %>
-  <%- end -%>
 </IfModule>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_access_log.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_access_log.erb
index 6aa7815ad..894daa7ce 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_access_log.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_access_log.erb
@@ -14,8 +14,8 @@
 <%   elsif log['pipe'] -%>
 <%     destination = log['pipe'] -%>
 <%   else -%>
-<%     destination ||= "#{@logroot}/#{@filename}_access_ssl.log" if @ssl -%>
-<%     destination ||= "#{@logroot}/#{@filename}_access.log" -%>
+<%     destination ||= "#{@logroot}/#{@name}_access_ssl.log" if @ssl -%>
+<%     destination ||= "#{@logroot}/#{@name}_access.log" -%>
 <%   end -%>
   CustomLog "<%= destination %>" <%= format %> <%= env %>
 <% end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_auth_cas.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_auth_cas.erb
index 39912a80c..2f4787b73 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_auth_cas.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_auth_cas.erb
@@ -60,6 +60,6 @@
   CASAttributeDelimiter <%= @cas_attribute_delimiter %>
   <%- end -%>
   <%- if @cas_scrub_request_headers -%>
-  CASScrubRequestHeaders On
+  CASAttributeDelimiter On
   <%- end -%>
 <%- end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_directories.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_directories.erb
index 2f43e0129..8a1706432 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_directories.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_directories.erb
@@ -36,7 +36,7 @@
       <%- end -%>
     <%- end -%>
     <%- if ! directory['geoip_enable'].nil? -%>
-    GeoIPEnable <%= scope.call_function('apache::bool2httpd', [directory['geoip_enable']]) %>
+    GeoIPEnable <%= scope.function_bool2httpd([directory['geoip_enable']]) %>
     <%- end -%>
     <%- if directory['options'] -%>
     Options <%= Array(directory['options']).join(' ') %>
@@ -85,124 +85,8 @@
     <%- if directory['sethandler'] and directory['sethandler'] != '' -%>
     SetHandler <%= directory['sethandler'] %>
     <%- end -%>
-    <%- unless directory['h2_copy_files'].nil? -%>
-    H2CopyFiles <%= scope.call_function('apache::bool2httpd', [directory['h2_copy_files']]) %>
-    <%- end -%>
-    <%- if directory['h2_push_resource'] && ! directory['h2_push_resource'].empty? -%>
-      <%- [directory['h2_push_resource']].flatten.compact.each do |h2_push_resource| -%>
-    H2PushResource <%= h2_push_resource %>
-      <%- end -%>
-    <%- end -%>
-    <%- unless directory['passenger_enabled'].nil? -%>
-    PassengerEnabled <%= scope.call_function('apache::bool2httpd', [directory['passenger_enabled']]) %>
-    <%- end -%>
-    <%- if directory['passenger_base_uri'] and ! directory['passenger_base_uri'].empty? -%>
-    PassengerBaseURI <%= directory['passenger_base_uri'] %>
-    <%- end -%>
-    <%- if directory['passenger_ruby'] and ! directory['passenger_ruby'].empty? -%>
-    PassengerRuby <%= directory['passenger_ruby'] %>
-    <%- end -%>
-    <%- if directory['passenger_python'] and ! directory['passenger_python'].empty? -%>
-    PassengerPython <%= directory['passenger_python'] %>
-    <%- end -%>
-    <%- if directory['passenger_nodejs'] and ! directory['passenger_nodejs'].empty? -%>
-    PassengerNodejs <%= directory['passenger_nodejs'] %>
-    <%- end -%>
-    <%- if directory['passenger_meteor_app_settings'] and ! directory['passenger_meteor_app_settings'].empty? -%>
-    PassengerMeteorAppSettings <%= directory['passenger_meteor_app_settings'] %>
-    <%- end -%>
-    <%- if directory['passenger_app_env'] and ! directory['passenger_app_env'].empty? -%>
-    PassengerAppEnv <%= directory['passenger_app_env'] %>
-    <%- end -%>
-    <%- if directory['passenger_app_root'] and ! directory['passenger_app_root'].empty? -%>
-    PassengerAppRoot <%= directory['passenger_app_root'] %>
-    <%- end -%>
-    <%- if directory['passenger_app_group_name'] and ! directory['passenger_app_group_name'].empty? -%>
-    PassengerAppGroupName <%= directory['passenger_app_group_name'] %>
-    <%- end -%>
-    <%- if directory['passenger_app_type'] and ! directory['passenger_app_type'].empty? -%>
-    PassengerAppType <%= directory['passenger_app_type'] %>
-    <%- end -%>
-    <%- if directory['passenger_startup_file'] and ! directory['passenger_startup_file'].empty? -%>
-    PassengerStartupFile <%= directory['passenger_startup_file'] %>
-    <%- end -%>
-    <%- if directory['passenger_restart_dir'] and ! directory['passenger_restart_dir'].empty? -%>
-    PassengerRestartDir <%= directory['passenger_restart_dir'] %>
-    <%- end -%>
-    <%- unless directory['passenger_load_shell_envvars'].nil? -%>
-    PassengerLoadShellEnvvars <%= scope.call_function('apache::bool2httpd', [directory['passenger_load_shell_envvars']]) %>
-    <%- end -%>
-    <%- unless directory['passenger_rolling_restarts'].nil? -%>
-    PassengerRollingRestarts <%= scope.call_function('apache::bool2httpd', [directory['passenger_rolling_restarts']]) %>
-    <%- end -%>
-    <%- unless directory['passenger_resist_deployment_errors'].nil? -%>
-    PassengerResistDeploymentErrors <%= scope.call_function('apache::bool2httpd', [directory['passenger_resist_deployment_errors']]) %>
-    <%- end -%>
-    <%- if directory['passenger_user'] and ! directory['passenger_user'].empty? -%>
-    PassengerUser <%= directory['passenger_user'] %>
-    <%- end -%>
-    <%- if directory['passenger_group'] and ! directory['passenger_group'].empty? -%>
-    PassengerGroup <%= directory['passenger_group'] %>
-    <%- end -%>
-    <%- unless directory['passenger_friendly_error_pages'].nil? -%>
-    PassengerFriendlyErrorPages <%= scope.call_function('apache::bool2httpd', [directory['passenger_friendly_error_pages']]) %>
-    <%- end -%>
-    <%- unless directory['passenger_min_instances'].nil? -%>
-    PassengerMinInstances <%= directory['passenger_min_instances'] %>
-    <%- end -%>
-    <%- unless directory['passenger_max_instances'].nil? -%>
-    PassengerMaxInstances <%= directory['passenger_max_instances'] %>
-    <%- end -%>
-    <%- unless directory['passenger_force_max_concurrent_requests_per_process'].nil? -%>
-    PassengerForceMaxConcurrentRequestsPerProcess <%= directory['passenger_force_max_concurrent_requests_per_process'] %>
-    <%- end -%>
-    <%- unless directory['passenger_start_timeout'].nil? -%>
-    PassengerStartTimeout <%= directory['passenger_start_timeout'] %>
-    <%- end -%>
-    <%- if directory['passenger_concurrency_model'] and ! directory['passenger_concurrency_model'].empty? -%>
-    PassengerConcurrencyModel <%= directory['passenger_concurrency_model'] %>
-    <%- end -%>
-    <%- unless directory['passenger_thread_count'].nil? -%>
-    PassengerThreadCount <%= directory['passenger_thread_count'] %>
-    <%- end -%>
-    <%- unless directory['passenger_max_requests'].nil? -%>
-    PassengerMaxRequests <%= directory['passenger_max_requests'] %>
-    <%- end -%>
-    <%- unless directory['passenger_max_request_time'].nil? -%>
-    PassengerMaxRequestTime <%= directory['passenger_max_request_time'] %>
-    <%- end -%>
-    <%- unless directory['passenger_memory_limit'].nil? -%>
-    PassengerMemoryLimit <%= directory['passenger_memory_limit'] %>
-    <%- end -%>
-    <%- unless directory['passenger_high_performance'].nil? -%>
-    PassengerHighPerformance <%= scope.call_function('apache::bool2httpd', [directory['passenger_high_performance']]) %>
-    <%- end -%>
-    <%- unless directory['passenger_buffer_upload'].nil? -%>
-    PassengerBufferUpload <%= scope.call_function('apache::bool2httpd', [directory['passenger_buffer_upload']]) %>
-    <%- end -%>
-    <%- unless directory['passenger_buffer_response'].nil? -%>
-    PassengerBufferResponse <%= scope.call_function('apache::bool2httpd', [directory['passenger_buffer_response']]) %>
-    <%- end -%>
-    <%- unless directory['passenger_error_override'].nil? -%>
-    PassengerErrorOverride <%= scope.call_function('apache::bool2httpd', [directory['passenger_error_override']]) %>
-    <%- end -%>
-    <%- unless directory['passenger_max_request_queue_size'].nil? -%>
-    PassengerMaxRequestQueueSize <%= directory['passenger_max_request_queue_size'] %>
-    <%- end -%>
-    <%- unless directory['passenger_max_request_queue_time'].nil? -%>
-    PassengerMaxRequestQueueTime <%= directory['passenger_max_request_queue_time'] %>
-    <%- end -%>
-    <%- unless directory['passenger_sticky_sessions'].nil? -%>
-    PassengerStickySessions <%= scope.call_function('apache::bool2httpd', [directory['passenger_sticky_sessions']]) %>
-    <%- end -%>
-    <%- if directory['passenger_sticky_sessions_cookie_name'] and ! directory['passenger_sticky_sessions_cookie_name'].empty? -%>
-    PassengerStickySessionsCookieName <%= directory['passenger_sticky_sessions_cookie_name'] %>
-    <%- end -%>
-    <%- unless directory['passenger_allow_encoded_slashes'].nil? -%>
-    PassengerAllowEncodedSlashes <%= scope.call_function('apache::bool2httpd', [directory['passenger_allow_encoded_slashes']]) %>
-    <%- end -%>
-    <%- unless directory['passenger_debugger'].nil? -%>
-    PassengerDebugger <%= scope.call_function('apache::bool2httpd', [directory['passenger_debugger']]) %>
+    <%- if directory['passenger_enabled'] and directory['passenger_enabled'] != '' -%>
+    PassengerEnabled <%= directory['passenger_enabled'] %>
     <%- end -%>
     <%- if directory['php_flags'] and ! directory['php_flags'].empty? -%>
       <%- directory['php_flags'].sort.each do |flag,value| -%>
@@ -242,7 +126,7 @@
     <%- if directory['dav'] -%>
     Dav <%= directory['dav'] %>
     <%- if directory['dav_depth_infinity'] -%>
-    DavDepthInfinity <%= scope.call_function('apache::bool2httpd', [directory['dav_depth_infinity']]) %>
+    DavDepthInfinity <%= scope.function_bool2httpd([directory['dav_depth_infinity']]) %>
     <%- end -%>
     <%- if directory['dav_min_timeout'] -%>
     DavMinTimeout <%= directory['dav_min_timeout'] %>
@@ -290,9 +174,6 @@
     <%- if directory['auth_merging'] -%>
     AuthMerging <%= directory['auth_merging'] %>
     <%- end -%>
-    <%- if directory['auth_ldap_referrals'] -%>
-    LDAPReferrals <%= directory['auth_ldap_referrals'] %>
-    <%- end -%>
     <%- if directory['auth_ldap_url'] -%>
     AuthLDAPURL <%= directory['auth_ldap_url'] %>
     <%- end -%>
@@ -320,7 +201,7 @@
     ExpiresActive <%= directory['expires_active'] %>
     <%- end -%>
     <%- if directory['expires_default'] -%>
-    ExpiresDefault "<%= directory['expires_default'] %>"
+    ExpiresDefault <%= directory['expires_default'] %>
     <%- end -%>
     <%- if directory['expires_by_type'] -%>
     <%- Array(directory['expires_by_type']).each do |rule| -%>
@@ -339,12 +220,6 @@
     <%- if directory['ssl_options'] -%>
     SSLOptions <%= Array(directory['ssl_options']).join(' ') %>
     <%- end -%>
-    <%- if directory['ssl_verify_client'] and directory['ssl_verify_client'].match('(none|optional|require|optional_no_ca)') -%>
-    SSLVerifyClient <%= directory['ssl_verify_client'] %>
-    <%- if directory['ssl_verify_depth'] -%>
-    SSLVerifyDepth <%= directory['ssl_verify_depth'] %>
-    <%- end -%>
-    <%- end -%>
     <%- if directory['suphp'] and @suphp_engine == 'on' -%>
     suPHP_UserGroup <%= directory['suphp']['user'] %> <%= directory['suphp']['group'] %>
     <%- end -%>
@@ -383,9 +258,6 @@
     <%- if directory['set_output_filter'] -%>
     SetOutputFilter <%= directory['set_output_filter'] %>
     <%- end -%>
-    <%- if directory['set_input_filter'] -%>
-    SetInputFilter <%= directory['set_input_filter'] %>
-    <%- end -%>
     <%- if @shibboleth_enabled -%>
       <%- if directory['shib_require_session'] and ! directory['shib_require_session'].empty? -%>
     ShibRequireSession <%= directory['shib_require_session'] %>
@@ -455,9 +327,6 @@
     MellonCond <%= cond %>
          <%- end -%>
       <%- end -%>
-      <%- if directory['mellon_session_length'] -%>
-    MellonSessionLength "<%= directory['mellon_session_length'] %>"
-      <%- end -%>
     <%- end -%>
     <%- if directory['request_headers'] and ! directory['request_headers'].empty? -%>
       ## Request Header rules
@@ -467,45 +336,9 @@
         <%- end -%>
       <%- end -%>
     <%- end -%>
-    <%- if directory['proxy_pass'] and directory['provider'] and directory['provider'].match('location') -%>
-      <%- directory['proxy_pass'].flatten.compact.each do |proxy| -%>
-    ProxyPass <%= proxy['url'] -%>
-        <%- if proxy['params'] -%>
-          <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%>
-          <%- end -%>
-        <%- end -%>
-        <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%>
-        <%- end %>
-        <%- if not proxy['reverse_cookies'].nil? -%>
-          <%- Array(proxy['reverse_cookies']).each do |reverse_cookies| -%>
-            <%- if reverse_cookies['path'] -%>
-    ProxyPassReverseCookiePath <%= reverse_cookies['path'] %> <%= reverse_cookies['url'] %>
-            <%- end -%>
-            <%- if reverse_cookies['domain'] -%>
-    ProxyPassReverseCookieDomain <%= reverse_cookies['domain'] %> <%= reverse_cookies['url'] %>
-            <%- end -%>
-          <%- end -%>
-        <%- end -%>
-        <%- if proxy['reverse_urls'].nil? -%>
-    ProxyPassReverse <%= proxy['url'] %>
-        <%- else -%>
-          <%- Array(proxy['reverse_urls']).each do |reverse_url| -%>
-    ProxyPassReverse <%= reverse_url %>
-          <%- end -%>
-        <%- end -%>
-        <%- if proxy['setenv'] -%>
-          <%- Array(proxy['setenv']).each do |setenv_var| -%>
-    SetEnv <%= setenv_var %>
-          <%- end -%>
-        <%- end -%>
-      <% end -%>
-    <%- end -%>
     <%- if directory['custom_fragment'] -%>
     <%= directory['custom_fragment'] %>
     <%- end -%>
-    <%- if directory['gssapi'] -%>
-      <%= scope.call_function('epp',["apache/vhost/_gssapi.epp", directory['gssapi']]) -%>
-    <%- end -%>
   </<%= provider %>>
     <%- end -%>
   <%- end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_docroot.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_docroot.erb
index 1ec495fe2..b67998b4b 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_docroot.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_docroot.erb
@@ -2,7 +2,6 @@
   ## Vhost docroot
 <% if @virtual_docroot -%>
   VirtualDocumentRoot "<%= @virtual_docroot %>"
-<% end -%>
-<% if @docroot and ((not @virtual_docroot) or @virtual_use_default_docroot) -%>
+<% elsif @docroot -%>
   DocumentRoot "<%= @docroot %>"
 <% end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_file_footer.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_file_footer.erb
index d42a1bdbe..84035efa4 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_file_footer.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_file_footer.erb
@@ -1,9 +1 @@
-<% @define.each do | k, v| -%>
-  Undefine <%= k %>
-<% end -%>
 </VirtualHost>
-<% if @passenger_pre_start -%>
-  <%- [@passenger_pre_start].flatten.compact.each do |passenger_pre_start| -%>
-PassengerPreStart <%= passenger_pre_start %>
-  <%- end -%>
-<% end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_file_header.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_file_header.erb
index 6920f3e92..4cf7629eb 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_file_header.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_file_header.erb
@@ -2,44 +2,11 @@
 # Vhost template in module puppetlabs-apache
 # Managed by Puppet
 # ************************************
-<%= [@comment].flatten.collect{|c| "# #{c}"}.join("\n") -%>
-<% if @mdomain -%>
-
-  <%- if @mdomain.is_a?(String) -%>
-MDomain <%= @mdomain %>
-  <%- else -%>
-MDomain <%= @servername %>
-  <%- end -%>
-<% end -%>
 
 <VirtualHost <%= [@nvh_addr_port].flatten.compact.join(' ') %>>
-<% @define.each do | k, v| -%>
-  Define <%= k %> <%= v %>
-<% end -%>
 <% if @servername and not @servername.empty? -%>
   ServerName <%= @servername %>
 <% end -%>
 <% if @serveradmin -%>
   ServerAdmin <%= @serveradmin %>
 <% end -%>
-<%# Actually >= 2.4.17, but the minor version is not provided -%>
-<% if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
-  <%- unless @protocols.empty? -%>
-  Protocols <%= @protocols.join(' ') %>
-  <%- end -%>
-  <%- unless @protocols_honor_order.nil? -%>
-  ProtocolsHonorOrder <%= scope.call_function('apache::bool2httpd', [@protocols_honor_order]) %>
-  <%- end -%>
-<% end -%>
-<% if @limitreqfieldsize -%>
-  LimitRequestFieldSize <%= @limitreqfieldsize %>
-<% end -%>
-<% if @limitreqfields -%>
-  LimitRequestFields <%= @limitreqfields %>
-<% end -%>
-<% if @limitreqline -%>
-  LimitRequestLine <%= @limitreqline %>
-<% end -%>
-<% if @limitreqbody -%>
-  LimitRequestBody <%= @limitreqbody %>
-<% end -%>
\ No newline at end of file
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_logging.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_logging.erb
index b41c85cc5..35a924d29 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_logging.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_logging.erb
@@ -8,14 +8,3 @@
 <% if @log_level -%>
   LogLevel <%= @log_level %>
 <% end -%>
-<% if @error_log_format24 -%>
-  <%- @error_log_format24.each do |lfmt| -%>
-    <%- if lfmt.is_a?(Hash) -%>
-      <%- lfmt.each do |fmt, flag| -%>
-  ErrorLogFormat <%= flag %> "<%= fmt %>"
-      <%- end -%>
-    <%- else -%>
-  ErrorLogFormat "<%= lfmt %>"
-    <%- end -%>
-  <%- end -%>
-<% end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_passenger.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_passenger.erb
index 6e6d6d4e5..f0401a949 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_passenger.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_passenger.erb
@@ -1,141 +1,36 @@
-<%# 1 - Essentials -%>
-<%# 2 - Deployment options -%>
-<% unless @passenger_enabled.nil? -%>
-  PassengerEnabled <%= scope.call_function('apache::bool2httpd', [@passenger_enabled]) %>
-<% end -%>
-<% if @passenger_base_uri -%>
-  PassengerBaseURI <%= @passenger_base_uri %>
-<% end -%>
-<%# 3 - Application loading options -%>
-<% if @passenger_ruby -%>
-  PassengerRuby <%= @passenger_ruby %>
-<% end -%>
-<% if @passenger_python -%>
-  PassengerPython <%= @passenger_python %>
-<% end -%>
-<% if @passenger_nodejs -%>
-  PassengerNodejs <%= @passenger_nodejs %>
-<% end -%>
-<% if @passenger_meteor_app_settings -%>
-  PassengerMeteorAppSettings <%= @passenger_meteor_app_settings %>
+<% if @passenger_app_root -%>
+  PassengerAppRoot <%= @passenger_app_root %>
 <% end -%>
 <% if @passenger_app_env -%>
   PassengerAppEnv <%= @passenger_app_env %>
 <% end -%>
-<% if @passenger_app_root -%>
-  PassengerAppRoot <%= @passenger_app_root %>
+<% if @passenger_ruby -%>
+  PassengerRuby <%= @passenger_ruby %>
 <% end -%>
-<% if @passenger_app_group_name -%>
-  PassengerAppGroupName <%= @passenger_app_group_name %>
-<% end -%>
-<% if @passenger_app_start_command -%>
-  PassengerAppStartCommand <%= @passenger_app_start_command %>
-<% end -%>
-<% if @passenger_app_type -%>
-  PassengerAppType <%= @passenger_app_type %>
-<% end -%>
-<% if @passenger_startup_file -%>
-  PassengerStartupFile <%= @passenger_startup_file %>
-<% end -%>
-<% if @passenger_restart_dir -%>
-  PassengerRestartDir <%= @passenger_restart_dir %>
-<% end -%>
-<% if @passenger_spawn_method -%>
-  PassengerSpawnMethod <%= @passenger_spawn_method %>
-<% end -%>
-<% unless @passenger_load_shell_envvars.nil? -%>
-  PassengerLoadShellEnvvars <%= scope.call_function('apache::bool2httpd', [@passenger_load_shell_envvars]) %>
-<% end -%>
-<% unless @passenger_rolling_restarts.nil? -%>
-  PassengerRollingRestarts <%= scope.call_function('apache::bool2httpd', [@passenger_rolling_restarts]) %>
-<% end -%>
-<% unless @passenger_resist_deployment_errors.nil? -%>
-  PassengerResistDeploymentErrors <%= scope.call_function('apache::bool2httpd', [@passenger_resist_deployment_errors]) %>
-<% end -%>
-<%# 4 - Security options -%>
-<% if @passenger_user -%>
-  PassengerUser <%= @passenger_user %>
-<% end -%>
-<% if @passenger_group -%>
-  PassengerGroup <%= @passenger_group %>
-<% end -%>
-<% unless @passenger_friendly_error_pages.nil? -%>
-  PassengerFriendlyErrorPages <%= scope.call_function('apache::bool2httpd', [@passenger_friendly_error_pages]) %>
-<% end -%>
-<%# 5 - Resource control and optimization options -%>
 <% if @passenger_min_instances -%>
   PassengerMinInstances <%= @passenger_min_instances %>
 <% end -%>
-<% if @passenger_max_instances -%>
-  PassengerMaxInstances <%= @passenger_max_instances %>
-<% end -%>
-<% if @passenger_max_preloader_idle_time -%>
-  PassengerMaxPreloaderIdleTime <%= @passenger_max_preloader_idle_time %>
-<% end -%>
-<% if @passenger_force_max_concurrent_requests_per_process -%>
-  PassengerForceMaxConcurrentRequestsPerProcess <%= @passenger_force_max_concurrent_requests_per_process %>
-<% end -%>
-<% if @passenger_start_timeout -%>
-  PassengerStartTimeout <%= @passenger_start_timeout %>
-<% end -%>
-<% if @passenger_concurrency_model -%>
-  PassengerConcurrencyModel <%= @passenger_concurrency_model %>
-<% end -%>
-<% if @passenger_thread_count -%>
-  PassengerThreadCount <%= @passenger_thread_count %>
-<% end -%>
 <% if @passenger_max_requests -%>
   PassengerMaxRequests <%= @passenger_max_requests %>
 <% end -%>
-<% if @passenger_max_request_time -%>
-  PassengerMaxRequestTime <%= @passenger_max_request_time %>
+<% if @passenger_start_timeout -%>
+  PassengerStartTimeout <%= @passenger_start_timeout %>
 <% end -%>
-<% if @passenger_memory_limit -%>
-  PassengerMemoryLimit <%= @passenger_memory_limit %>
+<% if @passenger_pre_start -%>
+  PassengerPreStart <%= @passenger_pre_start %>
 <% end -%>
-<% if @passenger_stat_throttle_rate -%>
-  PassengerStatThrottleRate <%= @passenger_stat_throttle_rate %>
+<% if @passenger_user -%>
+  PassengerUser <%= @passenger_user %>
 <% end -%>
-<% unless @passenger_high_performance.nil? -%>
-  PassengerHighPerformance <%= scope.call_function('apache::bool2httpd', [@passenger_high_performance]) %>
+<% if @passenger_high_performance -%>
+  PassengerHighPerformance <%= scope.function_bool2httpd([@passenger_high_performance]) %>
 <% end -%>
-<%# 6 - Connection handling options -%>
-<% unless @passenger_buffer_upload.nil? -%>
-  PassengerBufferUpload <%= scope.call_function('apache::bool2httpd', [@passenger_buffer_upload]) %>
+<% if @passenger_nodejs -%>
+  PassengerNodejs <%= @passenger_nodejs -%>
 <% end -%>
-<% unless @passenger_buffer_response.nil? -%>
-  PassengerBufferResponse <%= scope.call_function('apache::bool2httpd', [@passenger_buffer_response]) %>
+<% if @passenger_sticky_sessions -%>
+  PassengerStickySessions <%= scope.function_bool2httpd([@passenger_sticky_sessions]) %>
 <% end -%>
-<% unless @passenger_error_override.nil? -%>
-  PassengerErrorOverride <%= scope.call_function('apache::bool2httpd', [@passenger_error_override]) %>
-<% end -%>
-<% if @passenger_max_request_queue_size -%>
-  PassengerMaxRequestQueueSize <%= @passenger_max_request_queue_size %>
-<% end -%>
-<% if @passenger_max_request_queue_time -%>
-  PassengerMaxRequestQueueTime <%= @passenger_max_request_queue_time %>
-<% end -%>
-<% unless @passenger_sticky_sessions.nil? -%>
-  PassengerStickySessions <%= scope.call_function('apache::bool2httpd', [@passenger_sticky_sessions]) %>
-<% end -%>
-<% if @passenger_sticky_sessions_cookie_name -%>
-  PassengerStickySessionsCookieName <%= @passenger_sticky_sessions_cookie_name %>
-<% end -%>
-<% if @passenger_sticky_sessions_cookie_attributes -%>
-  PassengerStickySessionsCookieAttributes <%= @passenger_sticky_sessions_cookie_attributes %>
-<% end -%>
-<%# 7 - Compatibility options -%>
-<% unless @passenger_allow_encoded_slashes.nil? -%>
-  PassengerAllowEncodedSlashes <%= scope.call_function('apache::bool2httpd', [@passenger_allow_encoded_slashes]) %>
-<% end -%>
-<% if @passenger_app_log_file -%>
-  PassengerAppLogFile <%= @passenger_app_log_file %>
-<% end -%>
-<%# 8 - Logging and debugging options -%>
-<% unless @passenger_debugger.nil? -%>
-  PassengerDebugger <%= scope.call_function('apache::bool2httpd', [@passenger_debugger]) %>
-<% end -%>
-<%# 9 - Advanced options -%>
-<% if @passenger_lve_min_uid -%>
-  PassengerLveMinUid <%= @passenger_lve_min_uid %>
+<% if @passenger_startup_file -%>
+  PassengerStartupFile <%= @passenger_startup_file -%>
 <% end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_passenger_base_uris.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_passenger_base_uris.erb
new file mode 100644
index 000000000..f3ef5aa0a
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_passenger_base_uris.erb
@@ -0,0 +1,7 @@
+<% if @passenger_base_uris -%>
+
+  ## Enable passenger base uris
+<% Array(@passenger_base_uris).each do |uri| -%>
+  PassengerBaseURI <%= uri %>
+<% end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_proxy.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_proxy.erb
index feee7d8e1..79f36cf04 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_proxy.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_proxy.erb
@@ -1,12 +1,8 @@
 <% if @proxy_dest or @proxy_pass or @proxy_pass_match or @proxy_dest_match -%>
 
   ## Proxy rules
-<% if @proxy_requests -%>
-  ProxyRequests On
-<% else -%>
   ProxyRequests Off
 <%- end -%>
-<%- end -%>
 <% if @proxy_preserve_host -%>
   ProxyPreserveHost On
 <% else -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_rack.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_rack.erb
new file mode 100644
index 000000000..4a5b5f1cd
--- /dev/null
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_rack.erb
@@ -0,0 +1,7 @@
+<% if @rack_base_uris -%>
+
+  ## Enable rack
+<% Array(@rack_base_uris).each do |uri| -%>
+  RackBaseURI <%= uri %>
+<% end -%>
+<% end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_ssl.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_ssl.erb
index 7cab18de8..e70efebda 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_ssl.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_ssl.erb
@@ -2,28 +2,11 @@
 
   ## SSL directives
   SSLEngine on
-  <%- unless @mdomain -%>
   SSLCertificateFile      "<%= @ssl_cert %>"
   SSLCertificateKeyFile   "<%= @ssl_key %>"
-  <%- end -%>
   <%- if @ssl_chain -%>
   SSLCertificateChainFile "<%= @ssl_chain %>"
   <%- end -%>
-  <%- if @ssl_protocol -%>
-  SSLProtocol             <%= [@ssl_protocol].flatten.compact.join(' ') %>
-  <%- end -%>
-  <%- if @ssl_cipher -%>
-  SSLCipherSuite          <%= @ssl_cipher %>
-  <%- end -%>
-  <%- if not @ssl_honorcipherorder.nil? -%>
-  SSLHonorCipherOrder     <%= scope.call_function('apache::bool2httpd', [@_ssl_honorcipherorder]) %>
-  <%- end -%>
-  <%- if @ssl_verify_client -%>
-  SSLVerifyClient         <%= @ssl_verify_client %>
-  <%- if @ssl_verify_depth -%>
-  SSLVerifyDepth          <%= @ssl_verify_depth %>
-  <%- end -%>
-  <%- end -%>
   <%- if @ssl_certs_dir && @ssl_certs_dir != '' -%>
   SSLCACertificatePath    "<%= @ssl_certs_dir %>"
   <%- end -%>
@@ -37,7 +20,22 @@
   SSLCARevocationFile     "<%= @ssl_crl %>"
   <%- end -%>
   <%- if @ssl_crl_check && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
-  SSLCARevocationCheck    <%= @ssl_crl_check %>
+  SSLCARevocationCheck    "<%= @ssl_crl_check %>"
+  <%- end -%>
+  <%- if @ssl_protocol -%>
+  SSLProtocol             <%= [@ssl_protocol].flatten.compact.join(' ') %>
+  <%- end -%>
+  <%- if @ssl_cipher -%>
+  SSLCipherSuite          <%= @ssl_cipher %>
+  <%- end -%>
+  <%- if @ssl_honorcipherorder -%>
+  SSLHonorCipherOrder     <%= @ssl_honorcipherorder %>
+  <%- end -%>
+  <%- if @ssl_verify_client -%>
+  SSLVerifyClient         <%= @ssl_verify_client %>
+  <%- end -%>
+  <%- if @ssl_verify_depth -%>
+  SSLVerifyDepth          <%= @ssl_verify_depth %>
   <%- end -%>
   <%- if @ssl_options -%>
   SSLOptions <%= Array(@ssl_options).join(' ') %>
@@ -46,15 +44,12 @@
   SSLOpenSSLConfCmd       <%= @ssl_openssl_conf_cmd %>
   <%- end -%>
   <%- if (not @ssl_stapling.nil?) && (scope.function_versioncmp([@apache_version, '2.4']) >= 0) -%>
-  SSLUseStapling <%= scope.call_function('apache::bool2httpd', [@ssl_stapling]) %>
+  SSLUseStapling <%= scope.function_bool2httpd([@ssl_stapling]) %>
   <%- end -%>
   <%- if @ssl_stapling_timeout && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
   SSLStaplingResponderTimeout <%= @ssl_stapling_timeout %>
   <%- end -%>
   <%- if (not @ssl_stapling_return_errors.nil?) && (scope.function_versioncmp([@apache_version, '2.4']) >= 0) -%>
-  SSLStaplingReturnResponderErrors <%= scope.call_function('apache::bool2httpd', [@ssl_stapling_return_errors]) %>
-  <%- end -%>
-  <%- if @ssl_user_name -%>
-  SSLUserName             <%= @ssl_user_name %>
+  SSLStaplingReturnResponderErrors <%= scope.function_bool2httpd([@ssl_stapling_return_errors]) %>
   <%- end -%>
 <% end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_sslproxy.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_sslproxy.erb
index ff6b61e3c..6cb9216d4 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_sslproxy.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_sslproxy.erb
@@ -23,12 +23,6 @@
   <%- if @ssl_proxy_machine_cert -%>
   SSLProxyMachineCertificateFile "<%= @ssl_proxy_machine_cert %>"
   <%- end -%>
-  <%- if @ssl_proxy_machine_cert_chain -%>
-  SSLProxyMachineCertificateChainFile "<%= @ssl_proxy_machine_cert_chain %>"
-  <%- end -%>
-  <%- if @ssl_proxy_cipher_suite -%>
-  SSLProxyCipherSuite <%= @ssl_proxy_cipher_suite %>
-  <%- end -%>
   <%- if @ssl_proxy_protocol -%>
   SSLProxyProtocol  <%= [@ssl_proxy_protocol].flatten.compact.join(' ') %>
   <%- end -%>
diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_wsgi.erb b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_wsgi.erb
index fdc814170..12c782637 100644
--- a/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_wsgi.erb
+++ b/modules/services/unix/http/apache_stretch_compatible/apache/templates/vhost/_wsgi.erb
@@ -1,22 +1,10 @@
-<% if @wsgi_application_group or @wsgi_daemon_process or @wsgi_import_script or @wsgi_process_group -%>
-
-  ## WSGI configuration
-<% end -%>
 <% if @wsgi_application_group -%>
   WSGIApplicationGroup <%= @wsgi_application_group %>
 <% end -%>
-<% if @wsgi_daemon_process.is_a? String and @wsgi_daemon_process_options -%>
+<% if @wsgi_daemon_process and @wsgi_daemon_process_options -%>
   WSGIDaemonProcess <%= @wsgi_daemon_process %> <%= @wsgi_daemon_process_options.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %>
-<% elsif @wsgi_daemon_process.is_a? String and !@wsgi_daemon_process_options -%>
+<% elsif @wsgi_daemon_process and !@wsgi_daemon_process_options -%>
   WSGIDaemonProcess <%= @wsgi_daemon_process %>
-<% elsif @wsgi_daemon_process.is_a? Hash -%>
-  <%- @wsgi_daemon_process.each do |key, val| -%>
-    <%- if val.empty? -%>
-  WSGIDaemonProcess <%= key %>
-    <%- else -%>
-  WSGIDaemonProcess <%= key %> <%= val.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %>
-<% end -%>
-<% end -%>
 <% end -%>
 <% if @wsgi_import_script and @wsgi_import_script_options -%>
   WSGIImportScript <%= @wsgi_import_script %> <%= @wsgi_import_script_options.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %>
@@ -25,14 +13,14 @@
   WSGIProcessGroup <%= @wsgi_process_group %>
 <% end -%>
 <% if @wsgi_script_aliases_match and ! @wsgi_script_aliases_match.empty? -%>
-  <%- @wsgi_script_aliases_match.keys.sort.reverse.each do |key| -%>
+  <%- @wsgi_script_aliases_match.keys.sort.each do |key| -%>
     <%- if key != '' and @wsgi_script_aliases_match[key] != ''-%>
   WSGIScriptAliasMatch <%= key %> "<%= @wsgi_script_aliases_match[key] %>"
     <%- end -%>
   <%- end -%>
 <% end -%>
 <% if @wsgi_script_aliases and ! @wsgi_script_aliases.empty? -%>
-  <%- @wsgi_script_aliases.keys.sort.reverse.each do |key| -%>
+  <%- @wsgi_script_aliases.keys.sort.each do |key| -%>
     <%- if key != '' and @wsgi_script_aliases[key] != ''-%>
       <%- if @wsgi_script_aliases[key].is_a? Array -%>
   WSGIScriptAlias <%= key %> <%= @wsgi_script_aliases[key].join(' ') %>