From 866de4d855ec38719b33b4cbb94f186fa1072bef Mon Sep 17 00:00:00 2001 From: Connor Wilson Date: Sat, 26 Mar 2016 02:49:56 +0000 Subject: [PATCH] Relates to SG-11 : Pushes code to repo for Tom to branch from --- Gemfile.lock | 21 + config/scenario.xml | 2 +- lib/helpers/bootstrap.rb | 87 +- lib/templates/vagrantbase.erb | 12 +- modules/build/ssh-keys/kali-1.0 | 27 - modules/build/ssh-keys/kali-1.0.pub | 1 - .../module/bootstrap/files}/bootstrap.sh | 0 .../build/{puppet => unix}/cleanup/cleanup.pp | 0 .../module/cleanup/manifests/config.pp | 0 .../unix/ftp/secure_ftp/secgen_metadata.xml | 5 + modules/services/unix/http/apache/apache.pp | 3 + .../http/apache/example42_apache_2_1_12.pp | 1 - .../unix/http/apache/module/apache/Gemfile | 48 + .../LICENSE | 6 +- .../unix/http/apache/module/apache/README.md | 3478 +++++++++++++++++ .../unix/http/apache/module/apache/Rakefile | 11 + .../http/apache/module/apache/checksums.json | 310 ++ .../apache/module/apache/manifests/init.pp | 413 ++ .../apache/module/apache/manifests/listen.pp | 10 + .../apache/module/apache/manifests/params.pp | 545 +++ .../apache/module/apache/manifests/ssl.pp | 18 + .../apache/module/apache/manifests/vhost.pp | 999 +++++ .../http/apache/module/apache/metadata.json | 81 + .../module/apache/spec/classes/apache_spec.rb | 884 +++++ .../apache/module/apache/spec/spec_helper.rb | 23 + .../module/example42_apache_2_1_12/Gemfile | 18 - .../module/example42_apache_2_1_12/README.md | 236 -- .../module/example42_apache_2_1_12/Rakefile | 12 - .../example42_apache_2_1_12/checksums.json | 29 - .../example42_apache_2_1_12/manifests/init.pp | 528 --- .../manifests/listen.pp | 42 - .../manifests/params.pp | 158 - .../example42_apache_2_1_12/manifests/ssl.pp | 67 - .../manifests/vhost.pp | 275 -- .../example42_apache_2_1_12/metadata.json | 56 - .../spec/classes/apache_spec.rb | 199 - .../spec/spec_helper.rb | 1 - .../unix/http/apache/secgen_metadata.xml | 5 - .../vsftpd_234_backdoor/files/copyvsftpd.sh | 0 .../vsftpd_234_backdoor/files/startvsftpd.sh | 0 .../files/vsftpd-2.3.4.tar.gz | Bin .../vsftpd_234_backdoor/manifests/install.pp | 6 +- .../distcc_exec/manifests/distcc_config.pp | 0 .../distcc_exec/templates/distcc.erb | 0 .../mountable_nfs/manifests/config.pp | 0 .../mountable_nfs/templates/exports.erb | 0 .../writeable_shadow/manifests/config.pp | 0 47 files changed, 6895 insertions(+), 1722 deletions(-) create mode 100644 Gemfile.lock delete mode 100644 modules/build/ssh-keys/kali-1.0 delete mode 100644 modules/build/ssh-keys/kali-1.0.pub rename modules/build/{scripts => unix/bootstrap/module/bootstrap/files}/bootstrap.sh (100%) rename modules/build/{puppet => unix}/cleanup/cleanup.pp (100%) rename modules/build/{puppet => unix}/cleanup/module/cleanup/manifests/config.pp (100%) create mode 100644 modules/services/unix/http/apache/apache.pp delete mode 100644 modules/services/unix/http/apache/example42_apache_2_1_12.pp create mode 100644 modules/services/unix/http/apache/module/apache/Gemfile rename modules/services/unix/http/apache/module/{example42_apache_2_1_12 => apache}/LICENSE (78%) create mode 100644 modules/services/unix/http/apache/module/apache/README.md create mode 100644 modules/services/unix/http/apache/module/apache/Rakefile create mode 100644 modules/services/unix/http/apache/module/apache/checksums.json create mode 100644 modules/services/unix/http/apache/module/apache/manifests/init.pp create mode 100644 modules/services/unix/http/apache/module/apache/manifests/listen.pp create mode 100644 modules/services/unix/http/apache/module/apache/manifests/params.pp create mode 100644 modules/services/unix/http/apache/module/apache/manifests/ssl.pp create mode 100644 modules/services/unix/http/apache/module/apache/manifests/vhost.pp create mode 100644 modules/services/unix/http/apache/module/apache/metadata.json create mode 100644 modules/services/unix/http/apache/module/apache/spec/classes/apache_spec.rb create mode 100644 modules/services/unix/http/apache/module/apache/spec/spec_helper.rb delete mode 100644 modules/services/unix/http/apache/module/example42_apache_2_1_12/Gemfile delete mode 100644 modules/services/unix/http/apache/module/example42_apache_2_1_12/README.md delete mode 100644 modules/services/unix/http/apache/module/example42_apache_2_1_12/Rakefile delete mode 100644 modules/services/unix/http/apache/module/example42_apache_2_1_12/checksums.json delete mode 100644 modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/init.pp delete mode 100644 modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/listen.pp delete mode 100644 modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/params.pp delete mode 100644 modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/ssl.pp delete mode 100644 modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/vhost.pp delete mode 100644 modules/services/unix/http/apache/module/example42_apache_2_1_12/metadata.json delete mode 100644 modules/services/unix/http/apache/module/example42_apache_2_1_12/spec/classes/apache_spec.rb delete mode 100644 modules/services/unix/http/apache/module/example42_apache_2_1_12/spec/spec_helper.rb rename modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/{module => }/vsftpd_234_backdoor/files/copyvsftpd.sh (100%) rename modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/{module => }/vsftpd_234_backdoor/files/startvsftpd.sh (100%) rename modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/{module => }/vsftpd_234_backdoor/files/vsftpd-2.3.4.tar.gz (100%) rename modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/{module => }/vsftpd_234_backdoor/manifests/install.pp (79%) rename modules/vulnerabilities/unix/misc/distcc_exec/{module => }/distcc_exec/manifests/distcc_config.pp (100%) rename modules/vulnerabilities/unix/misc/distcc_exec/{module => }/distcc_exec/templates/distcc.erb (100%) rename modules/vulnerabilities/unix/other/mountable_nfs/{module => }/mountable_nfs/manifests/config.pp (100%) rename modules/vulnerabilities/unix/other/mountable_nfs/{module => }/mountable_nfs/templates/exports.erb (100%) rename modules/vulnerabilities/unix/other/writeable_shadow/{module => }/writeable_shadow/manifests/config.pp (100%) diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 000000000..69b3eada5 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,21 @@ +GEM + remote: https://rubygems.org/ + specs: + mini_portile2 (2.0.0) + minitest (5.8.4) + nokogiri (1.6.7.2) + mini_portile2 (~> 2.0.0.rc2) + rake (10.5.0) + xml-simple (1.1.5) + +PLATFORMS + ruby + +DEPENDENCIES + minitest + nokogiri + rake + xml-simple + +BUNDLED WITH + 1.10.4 diff --git a/config/scenario.xml b/config/scenario.xml index a0dd295c2..03df98216 100644 --- a/config/scenario.xml +++ b/config/scenario.xml @@ -6,7 +6,7 @@ - + --> diff --git a/lib/helpers/bootstrap.rb b/lib/helpers/bootstrap.rb index 1a1741e60..d82a1b549 100644 --- a/lib/helpers/bootstrap.rb +++ b/lib/helpers/bootstrap.rb @@ -35,83 +35,64 @@ class Bootstrap def move_vulnerability_puppet_files puts 'Moving vulnerability manifests' - Dir.glob("#{ROOT_DIR}/modules/vulnerabilities/**/**/**/*.pp").each do |puppet_file| + Dir.glob("#{ROOT_DIR}/modules/vulnerabilities/*/*/*/*.pp").each do |puppet_file| puts "Moving #{puppet_file} to mount/puppet/manifest/" FileUtils.copy(puppet_file, "#{ROOT_DIR}/mount/puppet/manifest/") end puts 'Moving vulnerability modules' - Dir.glob("#{ROOT_DIR}/modules/vulnerabilities/**/**/**/module/**").each do |puppet_module_directory| - root_directory_length = ROOT_DIR.split('/').count - module_name = puppet_module_directory.split('/')[root_directory_length + 4] - module_path = "#{ROOT_DIR}/mount/puppet/module/#{module_name}" - - if(Dir.exists?(module_path)) - puts "Moving #{puppet_module_directory} to #{module_path}" - FileUtils.cp_r(puppet_module_directory, module_path) - else - Dir.mkdir("#{ROOT_DIR}/mount/puppet/module/#{module_name}") - puts "Moving #{puppet_module_directory} to #{module_path}" - FileUtils.cp_r(puppet_module_directory, module_path) - end - - puts 'Moving vulnerability templates' - + Dir.glob("#{ROOT_DIR}/modules/vulnerabilities/*/*/*/*/").each do |puppet_module_directory| + module_path = "#{ROOT_DIR}/mount/puppet/module/" + puts "Moving #{puppet_module_directory} to #{module_path}" + FileUtils.cp_r(puppet_module_directory, module_path) end end def move_secure_service_puppet_files puts 'Moving Service manifests' - Dir.glob("#{ROOT_DIR}/modules/services/**/**/**/*.pp").each do |puppet_file| + Dir.glob("#{ROOT_DIR}/modules/services/*/*/*/*.pp").each do |puppet_file| puts "Moving #{puppet_file} to mount/puppet/manifest/" FileUtils.copy(puppet_file, "#{ROOT_DIR}/mount/puppet/manifest/") end puts 'Moving Service modules' - Dir.glob("#{ROOT_DIR}/modules/services/**/**/**/module/**/**").each do |puppet_module_directory| - root_directory_length = ROOT_DIR.split('/').count - module_name = puppet_module_directory.split('/')[root_directory_length + 6] - module_path = "#{ROOT_DIR}/mount/puppet/module/#{module_name}" + Dir.glob("#{ROOT_DIR}/modules/services/*/*/*/module/**").each do |puppet_module_directory| + + module_path = "#{ROOT_DIR}/mount/puppet/module/" + puts "Moving #{puppet_module_directory} to #{module_path}" + FileUtils.cp_r(puppet_module_directory, module_path) - if(Dir.exists?(module_path)) - puts "Moving #{puppet_module_directory} to #{module_path}" - FileUtils.cp_r(puppet_module_directory, module_path) - else - Dir.mkdir("#{ROOT_DIR}/mount/puppet/module/#{module_name}") - puts "Moving #{puppet_module_directory} to #{module_path}" - FileUtils.cp_r(puppet_module_directory, module_path) - end puts 'Moving vulnerability templates' end end - def move_build_puppet_files - puts 'Moving build puppet module files' - Dir.glob("#{ROOT_DIR}/modules/build/puppet/**/module/*.pp").each do |puppet_file| - root_directory_length = ROOT_DIR.split('/').count - module_name = puppet_file.split('/')[root_directory_length + 3] - module_path = "#{ROOT_DIR}/mount/puppet/module/#{module_name}" - if(Dir.exists?(module_path)) - Dir.mkdir("#{module_path}/manifests") - puts "Moving #{puppet_file} to #{module_path}" - FileUtils.copy(puppet_file, "#{module_path}/manifests") - else - Dir.mkdir("#{ROOT_DIR}/mount/puppet/module/#{module_name}") - Dir.mkdir("#{ROOT_DIR}/mount/puppet/module/#{module_name}/manifests") - puts "Moving #{puppet_file} to #{module_path}" - FileUtils.copy(puppet_file, "#{module_path}/manifests") - end - end - Dir.glob("#{ROOT_DIR}/modules/build/puppet/**/manifest/*.pp").each do |puppet_file| - puts "Moving #{puppet_file} to mount/puppet/manifest." - FileUtils.copy(puppet_file, "#{ROOT_DIR}/mount/puppet/manifest") - end - end + puts 'Moving Dependency modules' + Dir.glob("#{ROOT_DIR}/modules/dependencies/**").each do |puppet_module_directory| + + module_path = "#{ROOT_DIR}/mount/puppet/module/" + puts "Moving #{puppet_module_directory} to #{module_path}" + FileUtils.cp_r(puppet_module_directory, module_path) + end + + puts 'Moving build manifests' + + Dir.glob("#{ROOT_DIR}/modules/build/*/*/*.pp").each do |puppet_file| + puts "Moving #{puppet_file} to mount/puppet/manifest/" + FileUtils.copy(puppet_file, "#{ROOT_DIR}/mount/puppet/manifest/") + end + + puts 'Moving build modules' + + Dir.glob("#{ROOT_DIR}/modules/build/*/*/module/**").each do |puppet_module_directory| + + module_path = "#{ROOT_DIR}/mount/puppet/module/" + puts "Moving #{puppet_module_directory} to #{module_path}" + FileUtils.cp_r(puppet_module_directory, module_path) + end - def move_files end diff --git a/lib/templates/vagrantbase.erb b/lib/templates/vagrantbase.erb index feb9e6ef7..4d2bd9a62 100644 --- a/lib/templates/vagrantbase.erb +++ b/lib/templates/vagrantbase.erb @@ -24,13 +24,13 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| # Add secure services <% systems.services.each do |service| %> - <% service_name = service.name.gsub!('-', '_').gsub!('.', '_') %> + <% service_name = service.name%> config.vm.provision "puppet" do | <%=service_name%> | - <%=service_name%>.module_path = "<%="#{ROOT_DIR}/mount/puppet/module/#{service_name}"%>" + <%=service_name%>.module_path = "<%="#{ROOT_DIR}/mount/puppet/module"%>" <%=service_name%>.manifests_path = "<%="#{ROOT_DIR}/mount/puppet/manifest"%>" - <%=service_name%>.manifest_file = "init.pp" + <%=service_name%>.manifest_file = "<%=service_name%>.pp" end <% end %> @@ -43,7 +43,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| <% vulnerability_name = vulnerability.name %> config.vm.provision "puppet" do | <%=vulnerability_name%> | - <%=vulnerability_name%>.module_path = "<%="#{ROOT_DIR}/mount/puppet/module/#{vulnerability_name}"%>" + <%=vulnerability_name%>.module_path = "<%="#{ROOT_DIR}/mount/puppet/module"%>" <%=vulnerability_name%>.manifests_path = "<%="#{ROOT_DIR}/mount/puppet/manifest"%>" <%=vulnerability_name%>.manifest_file = "<%=vulnerability_name%>.pp" end @@ -52,8 +52,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| # clean up script which clears history from the VMs and clobs files together config.vm.provision "puppet" do |cleanup| - cleanup.module_path = "<%="#{ROOT_DIR}/modules/build/puppet/cleanup/module"%>" - cleanup.manifests_path = "<%="#{ROOT_DIR}/modules/build/puppet/cleanup"%>" + cleanup.module_path = "<%="#{ROOT_DIR}/mount/puppet/module"%>" + cleanup.manifests_path = "<%="#{ROOT_DIR}/mount/puppet/manifest"%>" cleanup.manifest_file = "cleanup.pp" end diff --git a/modules/build/ssh-keys/kali-1.0 b/modules/build/ssh-keys/kali-1.0 deleted file mode 100644 index ac5f2b084..000000000 --- a/modules/build/ssh-keys/kali-1.0 +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEArvBoa+yz0D6dHtssTftgC6vy1TdwoBqXcGEPGHdv7BnsXAo7 -cCCTDkDk+/2yAAEd/1EDFo11fqxrbA4KhHLchAQRCHr8xNQpmNladd7ElhSsQ1bx -AQbTAzu1Hb7IcxevE0VTDFmVlThsw6GWXe5lTYI8+pZXUpyrb/K8eUi/7hykI2vU -shrkfSaCmtnjRs6xdCkWS18MJR1zeRsJiSwPMCG40DPetiGBoQw4xtcUhXxjtecY -2mwoe2x7TZN0G+VkTQQUZkxL5SRunjKJCLFuruh//drCms3psfDGHPqkvPBHmGbM -vn1vDMgE9KHdJvbLq2o3/rZmIpvUab5/4Lt0+wIDAQABAoIBAHZt/FMr8GNHMDkm -aWz1g4UDSCa+HHnW5rTGkGCg4t00g4Wfy7NR6hwZJKvPiMRl/TfOUUfgRi2Wbja9 -nrMhy1V4J0vVbu+VLf/zDUGEqRNtNV11KzzlsM6cijVz5eG8o+Jo6RsQPqrBgyhB -aTl33Y7GX5/JTZ54v7rO2ndFH+IC1Gzb8UFj5bIcAD8MAvXdazIpSuEzpMKaHVY/ -cLGli/vIGKAcc9I5gCA4iTxNEc0n736gAJYD06SSAcxaK7VHBYwld5fMpeT7pBfT -o5FmWGdiNDOFr50acOfNHmMevJAO6KhmIU7XEohweeFaNiq9K6Nf/8k+1Vn1SQL3 -0CcYodECgYEA4/LorHCJVbAaQOzf+BwXjkhrXv6R5iFO7hvlxBkYfuOVr1u2lY0s -TD/otK2S335n59ptfcmNf2n+mfLGjtDRkJGDEl/aSL6xZ3dKctXStpV6dih3AH52 -4JtZdWQSWVaPN1CVoUDcezxYlv//3wtm4bAAfQ9yFQuCWaEMg3Qt3HMCgYEAxHeH -LaYyjC/lfEqhuSoOLx+BeHv92o72vo4GJz+VX+0/k1o002mQM6H6ka6uI5Pk2Sfm -/MgbZGhtJTbXcWeoeHALB3QI3FBn9GtwZud8F71TIRge+nlLlPbp0IEphWPgxKCo -6fXc6ClYko5YtENGhzxqLenAvR/JGlp1mgoTq1kCgYAp2W7eOcr88Ffhk5uK8Z1h -geo0hohCt9rF3FlSp0jYAvB4QV5EFqcLWLBge317irmI15FChr5zpgIYQXoyviO7 -ZvupY++va1Mmq7//VUJaQxc4mjU+4fjxQ5Qo+TZlMH8aqLDP6hiQh4O8NUPEr1M0 -HBv62dsYAgTsb6TcfXfuAQKBgQC1BnWVyEdXCGLpTVMKbAe5v8vqGkVjdss/9VkS -HPIj+1TTDxERo3jtOljIly15NrJsrOmXDULAF8BJw+hrY9nFb2eaLH5lkejXO4/M -IYsjzJymJ7WTkOPllEUIi5qYf9kBFA/P020CteYY0/RD1KFNxosHVxTyrjD8iVFG -5/YLsQKBgG7G9lMbzbXsdTvlJJm5sId0Nxdc97PezpC3IAdDCiqRwushbGV00n9W -tzg8udeocVh3KeL9btxIovSFKgGC1ONKbsYULuVQVGe0LMpqGr6IVjhoOEQzGaJA -a9CvKv9Qk2UPgtNBVpP4fhEhyTaHY8sWCSYXvKRhFlL4gH47P0tl ------END RSA PRIVATE KEY----- diff --git a/modules/build/ssh-keys/kali-1.0.pub b/modules/build/ssh-keys/kali-1.0.pub deleted file mode 100644 index f6d8b2e2c..000000000 --- a/modules/build/ssh-keys/kali-1.0.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCu8Ghr7LPQPp0e2yxN+2ALq/LVN3CgGpdwYQ8Yd2/sGexcCjtwIJMOQOT7/bIAAR3/UQMWjXV+rGtsDgqEctyEBBEIevzE1CmY2Vp13sSWFKxDVvEBBtMDO7UdvshzF68TRVMMWZWVOGzDoZZd7mVNgjz6lldSnKtv8rx5SL/uHKQja9SyGuR9JoKa2eNGzrF0KRZLXwwlHXN5GwmJLA8wIbjQM962IYGhDDjG1xSFfGO15xjabCh7bHtNk3Qb5WRNBBRmTEvlJG6eMokIsW6u6H/92sKazemx8MYc+qS88EeYZsy+fW8MyAT0od0m9surajf+tmYim9Rpvn/gu3T7 sliim@S70wN diff --git a/modules/build/scripts/bootstrap.sh b/modules/build/unix/bootstrap/module/bootstrap/files/bootstrap.sh similarity index 100% rename from modules/build/scripts/bootstrap.sh rename to modules/build/unix/bootstrap/module/bootstrap/files/bootstrap.sh diff --git a/modules/build/puppet/cleanup/cleanup.pp b/modules/build/unix/cleanup/cleanup.pp similarity index 100% rename from modules/build/puppet/cleanup/cleanup.pp rename to modules/build/unix/cleanup/cleanup.pp diff --git a/modules/build/puppet/cleanup/module/cleanup/manifests/config.pp b/modules/build/unix/cleanup/module/cleanup/manifests/config.pp similarity index 100% rename from modules/build/puppet/cleanup/module/cleanup/manifests/config.pp rename to modules/build/unix/cleanup/module/cleanup/manifests/config.pp diff --git a/modules/services/unix/ftp/secure_ftp/secgen_metadata.xml b/modules/services/unix/ftp/secure_ftp/secgen_metadata.xml index e69de29bb..1ed66b0a5 100644 --- a/modules/services/unix/ftp/secure_ftp/secgen_metadata.xml +++ b/modules/services/unix/ftp/secure_ftp/secgen_metadata.xml @@ -0,0 +1,5 @@ + \ No newline at end of file diff --git a/modules/services/unix/http/apache/apache.pp b/modules/services/unix/http/apache/apache.pp new file mode 100644 index 000000000..9652701d4 --- /dev/null +++ b/modules/services/unix/http/apache/apache.pp @@ -0,0 +1,3 @@ +class { 'apache': + mpm_module => 'prefork' +} \ No newline at end of file diff --git a/modules/services/unix/http/apache/example42_apache_2_1_12.pp b/modules/services/unix/http/apache/example42_apache_2_1_12.pp deleted file mode 100644 index 34bba84eb..000000000 --- a/modules/services/unix/http/apache/example42_apache_2_1_12.pp +++ /dev/null @@ -1 +0,0 @@ -include apache \ No newline at end of file diff --git a/modules/services/unix/http/apache/module/apache/Gemfile b/modules/services/unix/http/apache/module/apache/Gemfile new file mode 100644 index 000000000..bfe64b186 --- /dev/null +++ b/modules/services/unix/http/apache/module/apache/Gemfile @@ -0,0 +1,48 @@ +source ENV['GEM_SOURCE'] || "https://rubygems.org" + +def location_for(place, fake_version = nil) + if place =~ /^(git:[^#]*)#(.*)/ + [fake_version, { :git => $1, :branch => $2, :require => false }].compact + elsif place =~ /^file:\/\/(.*)/ + ['>= 0', { :path => File.expand_path($1), :require => false }] + else + [place, { :require => false }] + end +end + +group :development, :unit_tests do + gem 'rspec-core', '3.1.7', :require => false + gem 'puppetlabs_spec_helper', :require => false + gem 'simplecov', :require => false + gem 'puppet_facts', :require => false + gem 'json', :require => false +end + +group :system_tests do + if beaker_version = ENV['BEAKER_VERSION'] + gem 'beaker', *location_for(beaker_version) + end + if beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION'] + gem 'beaker-rspec', *location_for(beaker_rspec_version) + else + gem 'beaker-rspec', :require => false + end + gem 'serverspec', :require => false + gem 'beaker-puppet_install_helper', :require => false +end + + + +if facterversion = ENV['FACTER_GEM_VERSION'] + gem 'facter', facterversion, :require => false +else + gem 'facter', :require => false +end + +if puppetversion = ENV['PUPPET_GEM_VERSION'] + gem 'puppet', puppetversion, :require => false +else + gem 'puppet', :require => false +end + +# vim:ft=ruby diff --git a/modules/services/unix/http/apache/module/example42_apache_2_1_12/LICENSE b/modules/services/unix/http/apache/module/apache/LICENSE similarity index 78% rename from modules/services/unix/http/apache/module/example42_apache_2_1_12/LICENSE rename to modules/services/unix/http/apache/module/apache/LICENSE index f41da0185..8961ce8a6 100644 --- a/modules/services/unix/http/apache/module/example42_apache_2_1_12/LICENSE +++ b/modules/services/unix/http/apache/module/apache/LICENSE @@ -1,8 +1,6 @@ -Copyright (C) 2013 Alessandro Franceschi / Lab42 +Copyright (C) 2012 Puppet Labs Inc -for the relevant commits Copyright (C) by the respective authors. - -Contact Lab42 at: info@lab42.it +Puppet Labs can be contacted at: info@puppetlabs.com Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/modules/services/unix/http/apache/module/apache/README.md b/modules/services/unix/http/apache/module/apache/README.md new file mode 100644 index 000000000..77c27e737 --- /dev/null +++ b/modules/services/unix/http/apache/module/apache/README.md @@ -0,0 +1,3478 @@ +# apache + +[Module description]: #module-description + +[Setup]: #setup +[Beginning with Apache]: #beginning-with-apache + +[Usage]: #usage +[Configuring virtual hosts]: #configuring-virtual-hosts +[Configuring virtual hosts with SSL]: #configuring-virtual-hosts-with-ssl +[Configuring virtual host port and address bindings]: #configuring-virtual-host-port-and-address-bindings +[Configuring virtual hosts for apps and processors]: #configuring-virtual-hosts-for-apps-and-processors +[Configuring IP-based virtual hosts]: #configuring-ip-based-virtual-hosts +[Installing Apache modules]: #installing-apache-modules +[Installing arbitrary modules]: #installing-arbitrary-modules +[Installing specific modules]: #installing-specific-modules +[Configuring FastCGI servers]: #configuring-fastcgi-servers-to-handle-php-files +[Load balancing examples]: #load-balancing-examples + +[Reference]: #reference +[Public classes]: #public-classes +[Private classes]: #private-classes +[Public defined types]: #public-defined-types +[Private defined types]: #private-defined-types +[Templates]: #templates + +[Limitations]: #limitations + +[Development]: #development +[Contributing]: #contributing +[Running tests]: #running-tests + +[`AddDefaultCharset`]: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset +[`add_listen`]: #add_listen +[`Alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#alias +[`AliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#aliasmatch +[aliased servers]: https://httpd.apache.org/docs/current/urlmapping.html +[`AllowEncodedSlashes`]: https://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes +[`apache`]: #class-apache +[`apache_version`]: #apache_version +[`apache::balancer`]: #defined-type-apachebalancer +[`apache::balancermember`]: #defined-type-apachebalancermember +[`apache::fastcgi::server`]: #defined-type-apachefastcgiserver +[`apache::mod`]: #defined-type-apachemod +[`apache::mod::`]: #classes-apachemodmodule-name +[`apache::mod::alias`]: #class-apachemodalias +[`apache::mod::auth_cas`]: #class-apachemodauth_cas +[`apache::mod::auth_mellon`]: #class-apachemodauth_mellon +[`apache::mod::disk_cache`]: #class-apachemoddisk_cache +[`apache::mod::event`]: #class-apachemodevent +[`apache::mod::ext_filter`]: #class-apachemodext_filter +[`apache::mod::geoip`]: #class-apachemodgeoip +[`apache::mod::itk`]: #class-apachemoditk +[`apache::mod::ldap`]: #class-apachemodldap +[`apache::mod::passenger`]: #class-apachemodpassenger +[`apache::mod::peruser`]: #class-apachemodperuser +[`apache::mod::prefork`]: #class-apachemodprefork +[`apache::mod::proxy_html`]: #class-apachemodproxy_html +[`apache::mod::security`]: #class-apachemodsecurity +[`apache::mod::shib`]: #class-apachemodshib +[`apache::mod::ssl`]: #class-apachemodssl +[`apache::mod::status`]: #class-apachemodstatus +[`apache::mod::worker`]: #class-apachemodworker +[`apache::mod::wsgi`]: #class-apachemodwsgi +[`apache::params`]: #class-apacheparams +[`apache::version`]: #class-apacheversion +[`apache::vhost`]: #defined-type-apachevhost +[`apache::vhost::custom`]: #defined-type-apachevhostcustom +[`apache::vhost::WSGIImportScript`]: #wsgiimportscript +[Apache HTTP Server]: https://httpd.apache.org +[Apache modules]: https://httpd.apache.org/docs/current/mod/ +[array]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_array.html + +[beaker-rspec]: https://github.com/puppetlabs/beaker-rspec + +[certificate revocation list]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationfile +[certificate revocation list path]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationpath +[common gateway interface]: https://httpd.apache.org/docs/current/howto/cgi.html +[`confd_dir`]: #confd_dir +[`content`]: #content +[custom error documents]: https://httpd.apache.org/docs/current/custom-error.html +[`custom_fragment`]: #custom_fragment + +[`default_mods`]: #default_mods +[`default_ssl_crl`]: #default_ssl_crl +[`default_ssl_crl_path`]: #default_ssl_crl_path +[`default_ssl_vhost`]: #default_ssl_vhost +[`dev_packages`]: #dev_packages +[`directory`]: #directory +[`directories`]: #parameter-directories-for-apachevhost +[`DirectoryIndex`]: https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex +[`docroot`]: #docroot +[`docroot_owner`]: #docroot_owner +[`docroot_group`]: #docroot_group +[`DocumentRoot`]: https://httpd.apache.org/docs/current/mod/core.html#documentroot + +[`EnableSendfile`]: https://httpd.apache.org/docs/current/mod/core.html#enablesendfile +[enforcing mode]: http://selinuxproject.org/page/Guide/Mode +[`ensure`]: https://docs.puppetlabs.com/references/latest/type.html#package-attribute-ensure +[`error_log_file`]: #error_log_file +[`error_log_syslog`]: #error_log_syslog +[`error_log_pipe`]: #error_log_pipe +[`ExpiresByType`]: https://httpd.apache.org/docs/current/mod/mod_expires.html#expiresbytype +[exported resources]: http://docs.puppetlabs.com/latest/reference/lang_exported.md +[`ExtendedStatus`]: https://httpd.apache.org/docs/current/mod/core.html#extendedstatus + +[Facter]: http://docs.puppetlabs.com/facter/ +[FastCGI]: http://www.fastcgi.com/ +[FallbackResource]: https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource +[`fallbackresource`]: #fallbackresource +[filter rules]: https://httpd.apache.org/docs/current/filter.html +[`filters`]: #filters +[`ForceType`]: https://httpd.apache.org/docs/current/mod/core.html#forcetype + +[GeoIPScanProxyHeaders]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives +[`gentoo/puppet-portage`]: https://github.com/gentoo/puppet-portage + +[Hash]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_hash.html + +[`IncludeOptional`]: https://httpd.apache.org/docs/current/mod/core.html#includeoptional +[`Include`]: https://httpd.apache.org/docs/current/mod/core.html#include +[interval syntax]: https://httpd.apache.org/docs/current/mod/mod_expires.html#AltSyn +[`ip`]: #ip +[`ip_based`]: #ip_based +[IP-based virtual hosts]: https://httpd.apache.org/docs/current/vhosts/ip-based.html + +[`KeepAlive`]: https://httpd.apache.org/docs/current/mod/core.html#keepalive +[`KeepAliveTimeout`]: https://httpd.apache.org/docs/current/mod/core.html#keepalivetimeout +[`keepalive` parameter]: #keepalive +[`keepalive_timeout`]: #keepalive_timeout +[`limitreqfieldsize`]: https://httpd.apache.org/docs/current/mod/core.html#limitrequestfieldsize + +[`lib`]: #lib +[`lib_path`]: #lib_path +[`Listen`]: https://httpd.apache.org/docs/current/bind.html +[`ListenBackLog`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#listenbacklog +[`LoadFile`]: https://httpd.apache.org/docs/current/mod/mod_so.html#loadfile +[`LogFormat`]: https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat +[`logroot`]: #logroot +[Log security]: https://httpd.apache.org/docs/current/logs.html#security + +[`manage_docroot`]: #manage_docroot +[`manage_user`]: #manage_user +[`manage_group`]: #manage_group +[`MaxConnectionsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxconnectionsperchild +[`max_keepalive_requests`]: #max_keepalive_requests +[`MaxRequestWorkers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxrequestworkers +[`MaxSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxsparethreads +[MIME `content-type`]: https://www.iana.org/assignments/media-types/media-types.xhtml +[`MinSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#minsparethreads +[`mod_alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html +[`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas +[`mod_auth_kerb`]: http://modauthkerb.sourceforge.net/configure.html +[`mod_authnz_external`]: https://github.com/phokz/mod-auth-external +[`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon +[`mod_disk_cache`]: https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html +[`mod_cache_disk`]: https://httpd.apache.org/docs/current/mod/mod_cache_disk.html +[`mod_expires`]: https://httpd.apache.org/docs/current/mod/mod_expires.html +[`mod_ext_filter`]: https://httpd.apache.org/docs/current/mod/mod_ext_filter.html +[`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html +[`mod_geoip`]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/ +[`mod_info`]: https://httpd.apache.org/docs/current/mod/mod_info.html +[`mod_ldap`]: https://httpd.apache.org/docs/2.2/mod/mod_ldap.html +[`mod_mpm_event`]: https://httpd.apache.org/docs/current/mod/event.html +[`mod_negotiation`]: https://httpd.apache.org/docs/current/mod/mod_negotiation.html +[`mod_pagespeed`]: https://developers.google.com/speed/pagespeed/module/?hl=en +[`mod_passenger`]: https://www.phusionpassenger.com/library/config/apache/reference/ +[`mod_php`]: http://php.net/manual/en/book.apache.php +[`mod_proxy`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html +[`mod_proxy_balancer`]: https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html +[`mod_reqtimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html +[`mod_rewrite`]: https://httpd.apache.org/docs/current/mod/mod_rewrite.html +[`mod_security`]: https://www.modsecurity.org/ +[`mod_ssl`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html +[`mod_status`]: https://httpd.apache.org/docs/current/mod/mod_status.html +[`mod_version`]: https://httpd.apache.org/docs/current/mod/mod_version.html +[`mod_wsgi`]: https://modwsgi.readthedocs.org/en/latest/ +[module contribution guide]: https://docs.puppetlabs.com/forge/contributing.html +[`mpm_module`]: #mpm_module +[multi-processing module]: https://httpd.apache.org/docs/current/mpm.html + +[name-based virtual hosts]: https://httpd.apache.org/docs/current/vhosts/name-based.html +[`no_proxy_uris`]: #no_proxy_uris + +[open source Puppet]: https://docs.puppetlabs.com/puppet/ +[`Options`]: https://httpd.apache.org/docs/current/mod/core.html#options + +[`path`]: #path +[`Peruser`]: https://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr +[`port`]: #port +[`priority`]: #defined-types-apachevhost +[`proxy_dest`]: #proxy_dest +[`proxy_dest_match`]: #proxy_dest_match +[`proxy_pass`]: #proxy_pass +[`ProxyPass`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass +[`ProxySet`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset +[Puppet Enterprise]: https://docs.puppetlabs.com/pe/ +[Puppet Forge]: https://forge.puppetlabs.com +[Puppet Labs]: https://puppetlabs.com +[Puppet module]: https://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html +[Puppet module's code]: https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp +[`purge_configs`]: #purge_configs +[`purge_vhost_dir`]: #purge_vhost_dir +[Python]: https://www.python.org/ + +[Rack]: http://rack.github.io/ +[`rack_base_uris`]: #rack_base_uris +[RFC 2616]: https://www.ietf.org/rfc/rfc2616.txt +[`RequestReadTimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html#requestreadtimeout +[rspec-puppet]: http://rspec-puppet.com/ + +[`ScriptAlias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptalias +[`ScriptAliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptaliasmatch +[`scriptalias`]: #scriptalias +[SELinux]: http://selinuxproject.org/ +[`ServerAdmin`]: https://httpd.apache.org/docs/current/mod/core.html#serveradmin +[`serveraliases`]: #serveraliases +[`ServerLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#serverlimit +[`ServerName`]: https://httpd.apache.org/docs/current/mod/core.html#servername +[`ServerRoot`]: https://httpd.apache.org/docs/current/mod/core.html#serverroot +[`ServerTokens`]: https://httpd.apache.org/docs/current/mod/core.html#servertokens +[`ServerSignature`]: https://httpd.apache.org/docs/current/mod/core.html#serversignature +[Service attribute restart]: http://docs.puppetlabs.com/references/latest/type.html#service-attribute-restart +[`source`]: #source +[`SSLCARevocationCheck`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck +[SSL certificate key file]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile +[SSL chain]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile +[SSL encryption]: https://httpd.apache.org/docs/current/ssl/index.html +[`ssl`]: #ssl +[`ssl_cert`]: #ssl_cert +[`ssl_compression`]: #ssl_compression +[`ssl_key`]: #ssl_key +[`StartServers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#startservers +[suPHP]: http://www.suphp.org/Home.html +[`suphp_addhandler`]: #suphp_addhandler +[`suphp_configpath`]: #suphp_configpath +[`suphp_engine`]: #suphp_engine +[supported operating system]: https://forge.puppetlabs.com/supported#puppet-supported-modules-compatibility-matrix + +[`ThreadLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadlimit +[`ThreadsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadsperchild +[`TimeOut`]: https://httpd.apache.org/docs/current/mod/core.html#timeout +[template]: http://docs.puppetlabs.com/puppet/latest/reference/lang_template.html +[`TraceEnable`]: https://httpd.apache.org/docs/current/mod/core.html#traceenable + +[`verify_config`]: #verify_config +[`vhost`]: #defined-type-apachevhost +[`vhost_dir`]: #vhost_dir +[`virtual_docroot`]: #virtual_docroot + +[Web Server Gateway Interface]: https://www.python.org/dev/peps/pep-3333/#abstract +[`WSGIPythonPath`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonPath.html +[`WSGIPythonHome`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonHome.html + +#### Table of Contents + +1. [Module description - What is the apache module, and what does it do?][Module description] +2. [Setup - The basics of getting started with apache][Setup] + - [Beginning with Apache - Installation][Beginning with Apache] +3. [Usage - The classes and defined types available for configuration][Usage] + - [Configuring virtual hosts - Examples to help get started][Configuring virtual hosts] + - [Configuring FastCGI servers to handle PHP files][Configuring FastCGI servers] + - [Load balancing with exported and non-exported resources][Load balancing examples] +4. [Reference - An under-the-hood peek at what the module is doing and how][Reference] + - [Public classes][] + - [Private classes][] + - [Public defined types][] + - [Private defined types][] + - [Templates][] +5. [Limitations - OS compatibility, etc.][Limitations] +6. [Development - Guide for contributing to the module][Development] + - [Contributing to the apache module][Contributing] + - [Running tests - A quick guide][Running tests] + +## Module description + +[Apache HTTP Server][] (also called Apache HTTPD, or simply Apache) is a widely used web server. This [Puppet module][] simplifies the task of creating configurations to manage Apache servers in your infrastructure. It can configure and manage a range of virtual host setups and provides a streamlined way to install and configure [Apache modules][]. + +## Setup + +**What the apache Puppet module affects:** + +- Configuration files and directories (created and written to) + - **WARNING**: Configurations *not* managed by Puppet will be purged. +- Package/service/configuration files for Apache +- Apache modules +- Virtual hosts +- Listened-to ports +- `/etc/make.conf` on FreeBSD and Gentoo + +On Gentoo, this module depends on the [`gentoo/puppet-portage`][] Puppet module. Note that while several options apply or enable certain features and settings for Gentoo, it is not a [supported operating system][] for this module. + +> **Note**: This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Apache configuration should be managed by Puppet, as unmanaged configuration files can cause unexpected failures. + +To temporarily disable full Puppet management, set the [`purge_configs`][] parameter in the [`apache`][] class declaration to false. We recommend using this only as a temporary means of saving and relocating customized configurations. + +### Beginning with Apache + +To have Puppet install Apache with the default parameters, declare the [`apache`][] class: + +``` puppet +class { 'apache': } +``` + +The Puppet module applies a default configuration based on your operating system; Debian, Red Hat, FreeBSD, and Gentoo systems each have unique default configurations. These defaults work in testing environments but are not suggested for production, and Puppet recommends customizing the class's parameters to suit your site. Use the [Reference](#reference) section to find information about the class's parameters and their default values. + +You can customize parameters when declaring the `apache` class. For instance, this declaration installs Apache without the apache module's [default virtual host configuration][Configuring virtual hosts], allowing you to customize all Apache virtual hosts: + +``` puppet +class { 'apache': + default_vhost => false, +} +``` + +## Usage + +### Configuring a virtual host + +The default [`apache`][] class sets up a virtual host on port 80, listening on all interfaces and serving the [`docroot`][] parameter's default directory of `/var/www`. + +> **Note**: See the [`apache::vhost`][] defined type's reference for a list of all virtual host parameters. + +To configure basic [name-based virtual hosts][], specify the [`port`][] and [`docroot`][] parameters in the [`apache::vhost`][] defined type: + +``` puppet +apache::vhost { 'vhost.example.com': + port => '80', + docroot => '/var/www/vhost', +} +``` + +> **Note**: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The [`apache::vhost`][] defined type applies a default [`priority`][] of 15, which Puppet interprets by prefixing the virtual host's file name with `15-`. This all means that if multiple sites have the same priority, or if you disable priority numbers by setting the `priority` parameter's value to false, Apache still processes virtual hosts in alphabetical order. + +To configure user and group ownership for `docroot`, use the [`docroot_owner`][] and [`docroot_group`][] parameters: + +``` puppet +apache::vhost { 'user.example.com': + port => '80', + docroot => '/var/www/user', + docroot_owner => 'www-data', + docroot_group => 'www-data', +} +``` + +#### Configuring virtual hosts with SSL + +To configure a virtual host to use [SSL encryption][] and default SSL certificates, set the [`ssl`][] parameter. You must also specify the [`port`][] parameter, typically with a value of '443', to accommodate HTTPS requests: + +``` puppet +apache::vhost { 'ssl.example.com': + port => '443', + docroot => '/var/www/ssl', + ssl => true, +} +``` + +To configure a virtual host to use SSL and specific SSL certificates, use the paths to the certificate and key in the [`ssl_cert`][] and [`ssl_key`][] parameters, respectively: + +``` puppet +apache::vhost { 'cert.example.com': + port => '443', + docroot => '/var/www/cert', + ssl => true, + ssl_cert => '/etc/ssl/fourth.example.com.cert', + ssl_key => '/etc/ssl/fourth.example.com.key', +} +``` + +To configure a mix of SSL and unencrypted virtual hosts at the same domain, declare them with separate [`apache::vhost`][] defined types: + +``` puppet +# The non-ssl virtual host +apache::vhost { 'mix.example.com non-ssl': + servername => 'mix.example.com', + port => '80', + docroot => '/var/www/mix', +} + +# The SSL virtual host at the same domain +apache::vhost { 'mix.example.com ssl': + servername => 'mix.example.com', + port => '443', + docroot => '/var/www/mix', + ssl => true, +} +``` + +To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate [`apache::vhost`][] defined types and redirect unencrypted requests to the virtual host with SSL enabled: + +``` puppet +apache::vhost { 'redirect.example.com non-ssl': + servername => 'redirect.example.com', + port => '80', + docroot => '/var/www/redirect', + redirect_status => 'permanent', + redirect_dest => 'https://redirect.example.com/' +} + +apache::vhost { 'redirect.example.com ssl': + servername => 'redirect.example.com', + port => '443', + docroot => '/var/www/redirect', + ssl => true, +} +``` + +#### Configuring virtual host port and address bindings + +Virtual hosts listen on all IP addresses ('*') by default. To configure the virtual host to listen on a specific IP address, use the [`ip`][] parameter: + +``` puppet +apache::vhost { 'ip.example.com': + ip => '127.0.0.1', + port => '80', + docroot => '/var/www/ip', +} +``` + +It is also possible to configure more than one IP address per virtual host by using an array of IP addresses for the [`ip`][] parameter: + +``` puppet +apache::vhost { 'ip.example.com': + ip => ['127.0.0.1','169.254.1.1'], + port => '80', + docroot => '/var/www/ip', +} +``` + +To configure a virtual host with [aliased servers][], refer to the aliases using the [`serveraliases`][] parameter: + +``` puppet +apache::vhost { 'aliases.example.com': + serveraliases => [ + 'aliases.example.org', + 'aliases.example.net', + ], + port => '80', + docroot => '/var/www/aliases', +} +``` + +To set up a virtual host with a wildcard alias for the subdomain mapped to a same-named directory, such as 'http://example.com.loc' mapped to `/var/www/example.com`, define the wildcard alias using the [`serveraliases`][] parameter and the document root with the [`virtual_docroot`][] parameter: + +``` puppet +apache::vhost { 'subdomain.loc': + vhost_name => '*', + port => '80', + virtual_docroot => '/var/www/%-2+', + docroot => '/var/www', + serveraliases => ['*.loc',], +} +``` + +To configure a virtual host with [filter rules][], pass the filter directives as an [array][] using the [`filters`][] parameter: + +``` puppet +apache::vhost { 'subdomain.loc': + port => '80', + filters => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], + docroot => '/var/www/html', +} +``` + +#### Configuring virtual hosts for apps and processors + +To set up a virtual host with [suPHP][], use the [`suphp_engine`][] parameter to enable the suPHP engine, [`suphp_addhandler`][] parameter to define a MIME type, [`suphp_configpath`][] to set which path suPHP passes to the PHP interpreter, and the [`directory`][] parameter to configure Directory, File, and Location directive blocks: + +``` puppet +apache::vhost { 'suphp.example.com': + port => '80', + docroot => '/home/appuser/myphpapp', + suphp_addhandler => 'x-httpd-php', + suphp_engine => 'on', + suphp_configpath => '/etc/php5/apache2', + directories => [ + { 'path' => '/home/appuser/myphpapp', + 'suphp' => { + user => 'myappuser', + group => 'myappgroup', + }, + }, + ], +} +``` + +You can use a set of parameters to configure a virtual host to use the [Web Server Gateway Interface][] (WSGI) for [Python][] applications: + +``` puppet +apache::vhost { 'wsgi.example.com': + port => '80', + docroot => '/var/www/pythonapp', + wsgi_application_group => '%{GLOBAL}', + wsgi_daemon_process => 'wsgi', + wsgi_daemon_process_options => { + processes => '2', + threads => '15', + display-name => '%{GROUP}', + }, + wsgi_import_script => '/var/www/demo.wsgi', + wsgi_import_script_options => { + process-group => 'wsgi', + application-group => '%{GLOBAL}', + }, + wsgi_process_group => 'wsgi', + wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, +} +``` + +Starting in Apache 2.2.16, Apache supports [FallbackResource][], a simple replacement for common RewriteRules. You can set a FallbackResource using the [`fallbackresource`][] parameter: + +``` puppet +apache::vhost { 'wordpress.example.com': + port => '80', + docroot => '/var/www/wordpress', + fallbackresource => '/index.php', +} +``` + +> **Note**: The `fallbackresource` parameter only supports the 'disabled' value since Apache 2.2.24. + +To configure a virtual host with a designated directory for [Common Gateway Interface][] (CGI) files, use the [`scriptalias`][] parameter to define the `cgi-bin` path: + +``` puppet +apache::vhost { 'cgi.example.com': + port => '80', + docroot => '/var/www/cgi', + scriptalias => '/usr/lib/cgi-bin', +} +``` + +To configure a virtual host for [Rack][], use the [`rack_base_uris`][] parameter: + +``` puppet +apache::vhost { 'rack.example.com': + port => '80', + docroot => '/var/www/rack', + rack_base_uris => ['/rackapp1', '/rackapp2'], +} +``` + +#### Configuring IP-based virtual hosts + +You can configure [IP-based virtual hosts][] to listen on any port and have them respond to requests on specific IP addresses. In this example, we set the server to listen on ports 80 and 81 because the example virtual hosts are _not_ declared with a [`port`][] parameter: + +``` puppet +apache::listen { '80': } + +apache::listen { '81': } +``` + +Then we configure the IP-based virtual hosts with the [`ip_based`][] parameter: + +``` puppet +apache::vhost { 'first.example.com': + ip => '10.0.0.10', + docroot => '/var/www/first', + ip_based => true, +} + +apache::vhost { 'second.example.com': + ip => '10.0.0.11', + docroot => '/var/www/second', + ip_based => true, +} +``` + +You can also configure a mix of IP- and [name-based virtual hosts][], and in any combination of [SSL][SSL encryption] and unencrypted configurations. First, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted: + +``` puppet +apache::vhost { 'The first IP-based virtual host, non-ssl': + servername => 'first.example.com', + ip => '10.0.0.10', + port => '80', + ip_based => true, + docroot => '/var/www/first', +} + +apache::vhost { 'The first IP-based vhost, ssl': + servername => 'first.example.com', + ip => '10.0.0.10', + port => '443', + ip_based => true, + docroot => '/var/www/first-ssl', + ssl => true, +} +``` + +Next, we add two name-based virtual hosts listening on a second IP address (10.0.0.20): + +``` puppet +apache::vhost { 'second.example.com': + ip => '10.0.0.20', + port => '80', + docroot => '/var/www/second', +} + +apache::vhost { 'third.example.com': + ip => '10.0.0.20', + port => '80', + docroot => '/var/www/third', +} +``` + +To add name-based virtual hosts that answer on either 10.0.0.10 or 10.0.0.20, you **must** set the [`add_listen`][] parameter to false to disable the default Apache setting of `Listen 80`, as it conflicts with the preceding IP-based virtual hosts. + +``` puppet +apache::vhost { 'fourth.example.com': + port => '80', + docroot => '/var/www/fourth', + add_listen => false, +} + +apache::vhost { 'fifth.example.com': + port => '80', + docroot => '/var/www/fifth', + add_listen => false, +} +``` + +### Installing Apache modules + +There are two ways to install [Apache modules][] using the Puppet apache module: + +- Use the [`apache::mod::`][] classes to [install specific Apache modules with parameters][Installing specific modules]. +- Use the [`apache::mod`][] defined type to [install arbitrary Apache modules][Installing arbitrary modules]. + +#### Installing specific modules + +The Puppet apache module supports installing many common [Apache modules][], often with parameterized configuration options. For a list of supported Apache modules, see the [`apache::mod::`][] class references. + +For example, you can install the `mod_ssl` Apache module with default settings by declaring the [`apache::mod::ssl`][] class: + +``` puppet +class { 'apache::mod::ssl': } +``` + +[`apache::mod::ssl`][] has several parameterized options that you can set when declaring it. For instance, to enable `mod_ssl` with compression enabled, set the [`ssl_compression`][] parameter to true: + +``` puppet +class { 'apache::mod::ssl': + ssl_compression => true, +} +``` + +Note that some modules have prerequisites, which are documented in their references under [`apache::mod::`][]. + +#### Installing arbitrary modules + +You can pass the name of any module that your operating system's package manager can install to the [`apache::mod`][] defined type to install it. Unlike the specific-module classes, the [`apache::mod`][] defined type doesn't tailor the installation based on other installed modules or with specific parameters---Puppet only grabs and installs the module's package, leaving detailed configuration up to you. + +For example, to install the [`mod_authnz_external`][] Apache module, declare the defined type with the 'mod_authnz_external' name: + +``` puppet +apache::mod { 'mod_authnz_external': } +``` + +There are several optional parameters you can specify when defining Apache modules this way. See the [defined type's reference][`apache::mod`] for details. + +### Configuring FastCGI servers to handle PHP files + +Add the [`apache::fastcgi::server`][] defined type to allow [FastCGI][] servers to handle requests for specific files. For example, the following defines a FastCGI server at 127.0.0.1 (localhost) on port 9000 to handle PHP requests: + +``` puppet +apache::fastcgi::server { 'php': + host => '127.0.0.1:9000', + timeout => 15, + flush => false, + faux_path => '/var/www/php.fcgi', + fcgi_alias => '/php.fcgi', + file_type => 'application/x-httpd-php' +} +``` + +You can then use the [`custom_fragment`][] parameter to configure the virtual host to have the FastCGI server handle the specified file type: + +``` puppet +apache::vhost { 'www': + ... + custom_fragment => 'AddType application/x-httpd-php .php' + ... +} +``` + +### Load balancing examples + +Apache supports load balancing across groups of servers through the [`mod_proxy`][] Apache module. Puppet supports configuring Apache load balancing groups (also known as balancer clusters) through the [`apache::balancer`][] and [`apache::balancermember`][] defined types. + +To enable load balancing with [exported resources][], export the [`apache::balancermember`][] defined type from the load balancer member server: + +``` puppet +@@apache::balancermember { "${::fqdn}-puppet00": + balancer_cluster => 'puppet00', + url => "ajp://${::fqdn}:8009", + options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], +} +``` + +Then, on the proxy server, create the load balancing group: + +``` puppet +apache::balancer { 'puppet00': } +``` + +To enable load balancing without exporting resources, declare the following on the proxy server: + +``` puppet +apache::balancer { 'puppet00': } + +apache::balancermember { "${::fqdn}-puppet00": + balancer_cluster => 'puppet00', + url => "ajp://${::fqdn}:8009", + options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], +} +``` + +Then declare the `apache::balancer` and `apache::balancermember` defined types on the proxy server. + +If you need to use the [ProxySet](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) directive on the balancer, use the [`proxy_set`](#proxy_set) parameter of `apache::balancer`: + +``` puppet +apache::balancer { 'puppet01': + proxy_set => { + 'stickysession' => 'JSESSIONID', + }, +} +``` + +## Reference + +- [**Public classes**](#public-classes) + - [Class: apache](#class-apache) + - [Class: apache::dev](#class-apachedev) + - [Classes: apache::mod::*](#classes-apachemodname) +- [**Private classes**](#private-classes) + - [Class: apache::confd::no_accf](#class-apacheconfdno_accf) + - [Class: apache::default_confd_files](#class-apachedefault_confd_files) + - [Class: apache::default_mods](#class-apachedefault_mods) + - [Class: apache::package](#class-apachepackage) + - [Class: apache::params](#class-apacheparams) + - [Class: apache::service](#class-apacheservice) + - [Class: apache::version](#class-apacheversion) +- [**Public defined types**](#public-defined-types) + - [Defined type: apache::balancer](#defined-type-apachebalancer) + - [Defined type: apache::balancermember](#defined-type-apachebalancermember) + - [Defined type: apache::custom_config](#defined-type-apachecustom_config) + - [Defined type: apache::fastcgi::server](#defined-type-fastcgi-server) + - [Defined type: apache::listen](#defined-type-apachelisten) + - [Defined type: apache::mod](#defined-type-apachemod) + - [Defined type: apache::namevirtualhost](#defined-type-apachenamevirtualhost) + - [Defined type: apache::vhost](#defined-type-apachevhost) + - [Defined type: apache::vhost::custom](#defined-type-apachevhostcustom) +- [**Private defined types**](#private-defined-types) + - [Defined type: apache::default_mods::load](#defined-type-default_mods-load) + - [Defined type: apache::peruser::multiplexer](#defined-type-apacheperusermultiplexer) + - [Defined type: apache::peruser::processor](#defined-type-apacheperuserprocessor) + - [Defined type: apache::security::file_link](#defined-type-apachesecurityfile_link) +- [**Templates**](#templates) + +### Public Classes + +#### Class: `apache` + +Guides the basic setup and installation of Apache on your system. + +When this class is declared with the default options, Puppet: + +- Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system. +- Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system. +- Configures the server with a default virtual host and standard port ('80') and address ('*') bindings. +- Creates a document root directory determined by your operating system, typically `/var/www`. +- Starts the Apache service. + +You can simply declare the default `apache` class: + +``` puppet +class { 'apache': } +``` + +You can establish a default virtual host in this class, by using the [`apache::vhost`][] defined type, or both. You can also configure additional specific virtual hosts with the [`apache::vhost`][] defined type. Puppet recommends customizing the `apache` class's declaration with the following parameters, as its default settings are not optimized for production. + +**Parameters within `apache`:** + +##### `allow_encoded_slashes` + +Sets the server default for the [`AllowEncodedSlashes`][] declaration, which modifies the responses to URLs containing '\' and '/' characters. Valid options: 'on', 'off', 'nodecode'. Default: undef, which omits the declaration from the server's configuration and uses Apache's default setting of 'off'. + +##### `apache_version` + +Configures module template behavior, package names, and default Apache modules by defining the version of Apache to use. Default: Determined by your operating system family and release via the [`apache::version`][] class. Puppet recommends against manually configuring this parameter without reason. + +##### `conf_dir` + +Sets the directory where the Apache server's main configuration file is located. Default: Depends on your operating system. + +- **Debian**: `/etc/apache2` +- **FreeBSD**: `/usr/local/etc/apache22` +- **Gentoo**: `/etc/apache2` +- **Red Hat**: `/etc/httpd/conf` + +##### `conf_template` + +Defines the [template][] used for the main Apache configuration file. Default: `apache/httpd.conf.erb`. Modifying this parameter is potentially risky, as the apache Puppet module is designed to use a minimal configuration file customized by `conf.d` entries. + +##### `confd_dir` + +Sets the location of the Apache server's custom configuration directory. Default: Depends on your operating system. + +- **Debian**: `/etc/apache2/conf.d` +- **FreeBSD**: `/usr/local/etc/apache22` +- **Gentoo**: `/etc/apache2/conf.d` +- **Red Hat**: `/etc/httpd/conf.d` + +##### `default_charset` + +Used as the [`AddDefaultCharset`][] directive in the main configuration file. Default: undef. + +##### `default_confd_files` + +Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the [`confd_dir`][] parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system. Valid options: Boolean. Default: true. + +##### `default_mods` + +Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system. Valid options: true, false, or an array of Apache module names. Default: true. + +If this parameter's value is false, Puppet includes only the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::`][] class or [`apache::mod`][] defined type. + +If true, Puppet installs additional modules, the list of which depends on the operating system as well as the [`apache_version`][] and [`mpm_module`][] parameters' values. As these lists of modules can change frequently, consult the [Puppet module's code][] for up-to-date lists. + +If this parameter contains an array, Puppet instead enables all passed Apache modules. + +##### `default_ssl_ca` + +Sets the default certificate authority for the Apache server. Default: undef. + +While this default value results in a functioning Apache server, you **must** update this parameter with your certificate authority information before deploying this server in a production environment. + +##### `default_ssl_cert` + +Sets the [SSL encryption][] certificate location. Default: Determined by your operating system. + +- **Debian**: `/etc/ssl/certs/ssl-cert-snakeoil.pem` +- **FreeBSD**: `/usr/local/etc/apache22/server.crt` +- **Gentoo**: `/etc/ssl/apache2/server.crt` +- **Red Hat**: `/etc/pki/tls/certs/localhost.crt` + +While the default value results in a functioning Apache server, you **must** update this parameter with your certificate location before deploying this server in a production environment. + +##### `default_ssl_chain` + +Sets the default [SSL chain][] location. Default: undef. + +While this default value results in a functioning Apache server, you **must** update this parameter with your SSL chain before deploying this server in a production environment. + +##### `default_ssl_crl` + +Sets the path of the default [certificate revocation list][] (CRL) file to use. Default: undef. + +While this default value results in a functioning Apache server, you **must** update this parameter with your CRL file's path before deploying this server in a production environment. You can use this parameter with or in place of the [`default_ssl_crl_path`][]. + +##### `default_ssl_crl_path` + +Sets the server's [certificate revocation list path][], which contains your CRLs. Default: undef. + +While this default value results in a functioning Apache server, you **must** update this parameter with the CRL path before deploying this server in a production environment. + +##### `default_ssl_crl_check` + +Sets the default certificate revocation check level via the [`SSLCARevocationCheck`][] directive. Default: undef. + +While this default value results in a functioning Apache server, you **must** specify this parameter when using certificate revocation lists in a production environment. + +This parameter only applies to Apache 2.4 or higher and is ignored on older versions. + +##### `default_ssl_key` + +Sets the [SSL certificate key file][] location. Default: Determined by your operating system. + +- **Debian**: `/etc/ssl/private/ssl-cert-snakeoil.key` +- **FreeBSD**: `/usr/local/etc/apache22/server.key` +- **Gentoo**: `/etc/ssl/apache2/server.key` +- **Red Hat**: `/etc/pki/tls/private/localhost.key` + +While these default values result in a functioning Apache server, you **must** update this parameter with your SSL key's location before deploying this server in a production environment. + +##### `default_ssl_vhost` + +Configures a default [SSL][SSL encryption] virtual host. Valid options: Boolean. Default: false. + +If true, Puppet automatically configures the following virtual host using the [`apache::vhost`][] defined type: + +``` puppet +apache::vhost { 'default-ssl': + port => 443, + ssl => true, + docroot => $docroot, + scriptalias => $scriptalias, + serveradmin => $serveradmin, + access_log_file => "ssl_${access_log_file}", + } +``` + +> **Note**: SSL virtual hosts only respond to HTTPS queries. + +##### `default_type` + +_Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer and only exists for backwards compatibility in configuration files. Default: undef. + +##### `default_vhost` + +Configures a default virtual host when the class is declared. Valid options: Boolean. Default: true. + +To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to false. + +##### `dev_packages` + +Configures a specific dev package to use. Valid options: A string or array of strings. Default: Depends on the operating system. + +- **Red Hat:** 'httpd-devel' +- **Debian 8/Ubuntu 13.10 or newer:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] +- **Older Debian/Ubuntu versions:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] +- **FreeBSD, Gentoo:** undef +- **Suse:** ['libapr-util1-devel', 'libapr1-devel'] + +Example for using httpd 2.4 from the IUS yum repo: + +``` puppet +include ::apache::dev +class { 'apache': + apache_name => 'httpd24u', + dev_packages => 'httpd24u-devel', +} +``` + +##### `docroot` + +Sets the default [`DocumentRoot`][] location. Default: Determined by your operating system. + +- **Debian**: `/var/www/html` +- **FreeBSD**: `/usr/local/www/apache22/data` +- **Gentoo**: `/var/www/localhost/htdocs` +- **Red Hat**: `/var/www/html` + +##### `error_documents` + +Determines whether to enable [custom error documents][] on the Apache server. Valid options: Boolean. Default: false. + +##### `group` + +Sets the group ID that owns any Apache processes spawned to answer requests. + +By default, Puppet attempts to manage this group as a resource under the `apache` class, determining the group based on the operating system as detected by the [`apache::params`][] class. To to prevent the group resource from being created and use a group created by another Puppet module, set the [`manage_group`][] parameter's value to false. + +> **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process. + +##### `httpd_dir` + +Sets the Apache server's base configuration directory. This is useful for specially repackaged Apache server builds but might have unintended consequences when combined with the default distribution packages. Default: Determined by your operating system. + +- **Debian**: `/etc/apache2` +- **FreeBSD**: `/usr/local/etc/apache22` +- **Gentoo**: `/etc/apache2` +- **Red Hat**: `/etc/httpd` + +##### `keepalive` + +Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive. Valid options: 'Off', 'On'. Default: 'Off'. + +If 'On', use the [`keepalive_timeout`][] and [`max_keepalive_requests`][] parameters to set relevant options. + +##### `keepalive_timeout` + +Sets the [`KeepAliveTimeout`] directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. Default: '15'. + +This parameter is only relevant if the [`keepalive` parameter][] is enabled. + +##### `max_keepalive_requests` + +Limits the number of requests allowed per connection when the [`keepalive` parameter][] is enabled. Default: '100'. + +##### `lib_path` + +Specifies the location where [Apache module][Apache modules] files are stored. Default: Depends on the operating system. + +- **Debian** and **Gentoo**: `/usr/lib/apache2/modules` +- **FreeBSD**: `/usr/local/libexec/apache24` +- **Red Hat**: `modules` + +> **Note**: Do not configure this parameter manually without special reason. + +##### `loadfile_name` + +Sets the [`LoadFile`] directive's filename. Valid options: Filenames in the format `\*.load`. + +This can be used to set the module load order. + +##### `log_level` + +Changes the error log's verbosity. Valid options: 'alert', 'crit', 'debug', 'emerg', 'error', 'info', 'notice', 'warn'. Default: 'warn'. + +##### `log_formats` + +Define additional [`LogFormat`][] directives. Valid options: A [hash][], such as: + +``` puppet +$log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } +``` + +There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates: + +``` httpd +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded +``` + +If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition. + +##### `logroot` + +Changes the directory of Apache log files for the virtual host. Default: Determined by your operating system. + +- **Debian**: `/var/log/apache2` +- **FreeBSD**: `/var/log/apache22` +- **Gentoo**: `/var/log/apache2` +- **Red Hat**: `/var/log/httpd` + +##### `logroot_mode` + +Overrides the default [`logroot`][] directory's mode. Default: undef. + +> **Note**: Do _not_ grant write access to the directory where the logs are stored without being aware of the consequences. See the [Apache documentation][Log security] for details. + +##### `manage_group` + +When false, stops Puppet from creating the group resource. Valid options: Boolean. Default: true. + +If you have a group created from another Puppet module that you want to use to run Apache, set this to false. Without this parameter, attempting to use a previously established group results in a duplicate resource error. + +##### `manage_user` + +When false, stops Puppet from creating the user resource. Valid options: Boolean. Default: true. + +This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. + +##### `mod_dir` + +Sets where Puppet places configuration files for your [Apache modules][]. Default: Determined by your operating system. + +- **Debian**: `/etc/apache2/mods-available` +- **FreeBSD**: `/usr/local/etc/apache22/Modules` +- **Gentoo**: `/etc/apache2/modules.d` +- **Red Hat**: `/etc/httpd/conf.d` + +##### `mpm_module` + +Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Valid options: 'event', 'itk', 'peruser', 'prefork', 'worker', or false. Default: Determined by your operating system. + +- **Debian**: 'worker' +- **FreeBSD, Gentoo, and Red Hat**: 'prefork' + +You must set this to false to explicitly declare the following classes with custom parameters: + +- [`apache::mod::event`][] +- [`apache::mod::itk`][] +- [`apache::mod::peruser`][] +- [`apache::mod::prefork`][] +- [`apache::mod::worker`][] + +> **Note**: Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `mpm_module`, you must uninstall all packages that depend on your installed Apache server. + +##### `package_ensure` + +Controls the `package` resource's [`ensure`][] attribute. Valid options: 'absent', 'installed' (or the equivalent 'present'), or a version string. Default: 'installed'. + +##### `pidfile` + +Allows settting a custom location for the pid file - useful if using a custom built Apache rpm. Default: Depends on operating system. + +- **Debian:** '\${APACHE_PID_FILE}' +- **FreeBSD:** '/var/run/httpd.pid' +- **Red Hat:** 'run/httpd.pid' + +##### `ports_file` + +Sets the path to the file containing Apache ports configuration. Default: '{$conf_dir}/ports.conf'. + +##### `purge_configs` + +Removes all other Apache configs and virtual hosts. Valid options: Boolean. Default: true. + +Setting this to false is a stopgap measure to allow the apache Puppet module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_dir`][]. + +##### `purge_vhost_dir` + +If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parameter's, the Boolean parameter `purge_vhost_dir` determines whether Puppet removes any configurations inside `vhost_dir` _not_ managed by Puppet. Valid options: Boolean. Default: same as [`purge_configs`][]. + +Setting `purge_vhost_dir` to false is a stopgap measure to allow the apache Puppet module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. + +##### `rewrite_lock` + +Allows setting a custom location for a rewrite lock - considered best practice if using a RewriteMap of type prg in the [`rewrites`][] parameter of your virtual host. Default: undef. + +This parameter only applies to Apache version 2.2 or lower and is ignored on newer versions. + +##### `sendfile` + +Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the [`EnableSendfile`][] directive. Valid options: 'On', 'Off'. Default: 'On'. + +##### `serveradmin` + +Sets the Apache server administrator's contact information via Apache's [`ServerAdmin`][] directive. Default: 'root@localhost'. + +##### `servername` + +Sets the Apache server name via Apache's [`ServerName`][] directive. Default: the 'fqdn' fact reported by [Facter][]. + +Setting to false will not set ServerName at all. + +##### `server_root` + +Sets the Apache server's root directory via Apache's [`ServerRoot`][] directive. Default: determined by your operating system. + +- **Debian**: `/etc/apache2` +- **FreeBSD**: `/usr/local` +- **Gentoo**: `/var/www` +- **Red Hat**: `/etc/httpd` + +##### `server_signature` + +Configures a trailing footer line to display at the bottom of server-generated documents, such as error documents and output of certain [Apache modules][], via Apache's [`ServerSignature`][] directive. Valid options: 'Off', 'On'. Default: 'On'. + +##### `server_tokens` + +Controls how much information Apache sends to the browser about itself and the operating system, via Apache's [`ServerTokens`][] directive. Default: 'OS'. + +##### `service_enable` + +Determines whether Puppet enables the Apache HTTPD service when the system is booted. Valid options: Boolean. Default: true. + +##### `service_ensure` + +Determines whether Puppet should make sure the service is running. Valid options: 'true' (equivalent to 'running'), 'false' (equivalent to 'stopped'). Default: 'running'. + +The 'false' or 'stopped' values set the 'httpd' service resource's `ensure` parameter to 'false', which is useful when you want to let the service be managed by another application, such as Pacemaker. + +##### `service_name` + +Sets the name of the Apache service. Default: determined by your operating system. + +- **Debian and Gentoo**: 'apache2' +- **FreeBSD**: 'apache22' +- **Red Hat**: 'httpd' + +##### `service_manage` + +Determines whether Puppet manages the HTTPD service's state. Valid options: Boolean. Default: true. + +##### `service_restart` + +Determines whether Puppet should use a specific command to restart the HTTPD service. Valid options: a command to restart the Apache service. Default: undef, which uses the [default Puppet behavior][Service attribute restart]. + +##### `timeout` + +Sets Apache's [`TimeOut`][] directive, which defines the number of seconds Apache waits for certain events before failing a request. Default: 120. + +##### `trace_enable` + +Controls how Apache handles `TRACE` requests (per [RFC 2616][]) via the [`TraceEnable`][] directive. Valid options: 'Off', 'On'. Default: 'On'. + +##### `use_systemd` + +Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs. Valid options: Boolean. Default: true. + +##### `file_mode` + +Sets the desired permissions mode for config files, in symbolic or numeric notation. Valid options: A string. Default: '0644'. + +##### `vhost_dir` + +Changes your virtual host configuration files' location. Default: determined by your operating system. + +- **Debian**: `/etc/apache2/sites-available` +- **FreeBSD**: `/usr/local/etc/apache22/Vhosts` +- **Gentoo**: `/etc/apache2/vhosts.d` +- **Red Hat**: `/etc/httpd/conf.d` + +##### `vhost_include_pattern` + +Defines the pattern for files included from the `vhost_dir`. Default: '*', also for BC with previous versions of this module. + +However, you might want to set this to a value like '[^.#]\*.conf[^~]' to make sure files accidentally created in this directory (such as files created by version control systems or editor backups) are *not* included in your server configuration. + +Some operating systems ship with a value of '*.conf'. Also note that this module will, by default, create configuration files ending in '.conf'. + +##### `user` + +Changes the user Apache uses to answer requests. Apache's parent process will continue to be run as root, but child processes will access resources as the user defined by this parameter. + +Default: Puppet sets the default value via the [`apache::params`][] class, which manages the user based on your operating system: + +- **Debian**: 'www-data' +- **FreeBSD**: 'www' +- **Gentoo** and **Red Hat**: 'apache' + +To prevent Puppet from managing the user, set the [`manage_user`][] parameter to false. + +##### `apache_name` + +The name of the Apache package to install. Default: Puppet sets the default value via the [`apache::params`][] class, which manages the user based on your operating system: + +The default value is determined by your operating system: + +- **Debian**: 'apache2' +- **FreeBSD**: 'apache24' +- **Gentoo**: 'www-servers/apache' +- **Red Hat**: 'httpd' + +You might need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections. + +#### Class: `apache::dev` + +Installs Apache development libraries. By default, the package name is defined by the [`dev_packages`][] parameter of the [`apache::params`][] class based on your operating system: + +The default value is determined by your operating system: + +- **Debian** : 'libaprutil1-dev', 'libapr1-dev'; 'apache2-dev' on Ubuntu 13.10 and Debian 8; 'apache2-prefork-dev' on other versions +- **FreeBSD**: 'undef'; see note below +- **Gentoo**: 'undef' +- **Red Hat**: 'httpd-devel' + +> **Note**: On FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`. + +#### Classes: `apache::mod::` + +Enables specific [Apache modules][]. You can enable and configure an Apache module by declaring its class. For example, to install and enable [`mod_alias`][] with no icons, you can declare the [`apache::mod::alias`][] class with the `icons_options` parameter set to 'None': + +``` puppet +class { 'apache::mod::alias': + icons_options => 'None', +} +``` + +The following Apache modules have supported classes, many of which allow for parameterized configuration. You can install other Apache modules with the [`apache::mod`][] defined type. + +* `actions` +* `alias` (see [`apache::mod::alias`][]) +* `auth_basic` +* `auth_cas`* (see [`apache::mod::auth_cas`][]) +* `auth_mellon`* (see [`apache::mod::auth_mellon`][]) +* `auth_kerb` +* `authn_core` +* `authn_file` +* `authnz_ldap`* +* `authz_default` +* `authz_user` +* `autoindex` +* `cache` +* `cgi` +* `cgid` +* `dav` +* `dav_fs` +* `dav_svn`* +* `deflate` +* `dev` +* `dir`* +* `disk_cache` (see [`apache::mod::disk_cache`][]) +* `event` (see [`apache::mod::event`][]) +* `expires` +* `ext_filter` (see [`apache::mod::ext_filter`][]) +* `fastcgi` +* `fcgid` +* `filter` +* `geoip` (see [`apache::mod::geoip`][]) +* `headers` +* `include` +* `info`* +* `itk` +* `ldap` +* `mime` +* `mime_magic`* +* `negotiation` +* `nss`* +* `pagespeed` (see [`apache::mod::pagespeed`][]) +* `passenger`* (see [`apache::mod::passenger`][]) +* `perl` +* `peruser` +* `php` (requires [`mpm_module`][] set to `prefork`) +* `prefork`* +* `proxy`* +* `proxy_ajp` +* `proxy_balancer` +* `proxy_html` +* `proxy_http` +* `python` +* `reqtimeout` +* `remoteip`* +* `rewrite` +* `rpaf`* +* `setenvif` +* `security` +* `shib`* (see [`apache::mod::shib`]) +* `speling` +* `ssl`* (see [`apache::mod::ssl`][]) +* `status`* (see [`apache::mod::status`][]) +* `suphp` +* `userdir`* +* `version` +* `vhost_alias` +* `worker`* +* `wsgi` (see [`apache::mod::wsgi`][]) +* `xsendfile` + +Modules noted with a * indicate that the module has settings and a template that includes parameters to configure the module. Most Apache module class parameters have default values and don't require configuration. For modules with templates, Puppet installs template files with the module; these template files are required for the module to work. + +##### Class: `apache::mod::alias` + +Installs and manages [`mod_alias`][]. + +**Parameters within `apache::mod::alias`**: + +* `icons_options`: Disables directory listings for the icons directory, via Apache [`Options`] directive. Default: 'Indexes MultiViews'. +* `icons_path`: Sets the local path for an `/icons/` Alias. Default: depends on your operating system. + +- **Debian**: `/usr/share/apache2/icons` +- **FreeBSD**: `/usr/local/www/apache24/icons` +- **Gentoo**: `/var/www/icons` +- **Red Hat**: `/var/www/icons`, except on Apache 2.4, where it's `/usr/share/httpd/icons` + +#### Class: `apache::mod::disk_cache` + +Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk`][] on Apache 2.4. The default cache root depends on the Apache version and operating system: + +- **Debian**: `/var/cache/apache2/mod_cache_disk` +- **FreeBSD**: `/var/cache/mod_cache_disk` +- **Red Hat, Apache 2.4**: `/var/cache/httpd/proxy` +- **Red Hat, Apache 2.2**: `/var/cache/mod_proxy` + +You can specify the cache root by passing a path as a string to the `cache_root` parameter. + +``` puppet +class {'::apache::mod::disk_cache': + cache_root => '/path/to/cache', +} +``` + +##### Class: `apache::mod::event` + +Installs and manages [`mod_mpm_event`][]. You can't include both `apache::mod::event` and [`apache::mod::itk`][], [`apache::mod::peruser`][], [`apache::mod::prefork`][], or [`apache::mod::worker`][] on the same server. + +**Parameters within `apache::mod::event`**: + +- `listenbacklog`: Sets the maximum length of the pending connections queue via the module's [`ListenBackLog`][] directive. Default: '511'. +- `maxclients` (_Apache 2.3.12 or older_: `maxrequestworkers`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive. Default: '150'. +- `maxconnectionsperchild` (_Apache 2.3.8 or older_: `maxrequestsperchild`): Limits the number of connections a child server handles during its life, via the module's [`MaxConnectionsPerChild`][] directive. Default: '0'. +- `maxsparethreads` and `minsparethreads`: Sets the maximum and minimum number of idle threads, via the [`MaxSpareThreads`][] and [`MinSpareThreads`][] directives. Default: '75' and '25', respectively. +- `serverlimit`: Limits the configurable number of processes via the [`ServerLimit`][] directive. Default: '25'. +- `startservers`: Sets the number of child server processes created at startup, via the module's [`StartServers`][] directive. Default: '2'. +- `threadlimit`: Limits the number of event threads via the module's [`ThreadLimit`][] directive. Default: '64'. +- `threadsperchild`: Sets the number of threads created by each child process, via the [`ThreadsPerChild`][] directive. Default: '25'. + +##### Class: `apache::mod::auth_cas` + +Installs and manages [`mod_auth_cas`][]. Its parameters share names with the Apache module's directives. + +The `cas_login_url` and `cas_validate_url` parameters are required; several other parameters have 'undef' default values. + +**Parameters within `apache::mod::auth_cas`**: + +- `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding. Default: undef. +- `cas_certificate_path`: Sets the path to the X509 certificate of the Certificate Authority for the server in `cas_login_url` and `cas_validate_url`. Default: undef. +- `cas_cache_clean_interval`: Sets the minimum number of seconds that must pass between cache cleanings. Default: undef. +- `cas_cookie_domain`: Sets the value of the `Domain=` parameter in the `Set-Cookie` HTTP header. Default: undef. +- `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers. Default: undef. +- `cas_cookie_http_only`: Sets the optional `HttpOnly` flag when `mod_auth_cas` issues cookies. Default: undef. +- `cas_debug`: Determines whether to enable the module's debugging mode. Default: 'Off'. +- `cas_idle_timeout`: Default: undef. +- `cas_login_url`: **Required**. Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session. +- `cas_root_proxied_as`: Sets the URL end users see when access to this Apache server is proxied. Default: undef. +- `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. Default: undef. +- `cas_validate_depth`: Limits the depth for chained certificate validation. Default: undef. +- `cas_validate_url`: **Required**. Sets the URL to use when validating a client-presented ticket in an HTTP query string. +- `cas_version`: The CAS protocol version to adhere to. Valid options: '1', '2'. Default: '2'. + +##### Class: `apache::mod::auth_mellon` + +Installs and manages [`mod_auth_mellon`][]. Its parameters share names with the Apache module's directives. + +``` puppet +class{ 'apache::mod::auth_mellon': + mellon_cache_size => 101, +} +``` + +**Parameters within `apache::mod::auth_mellon`**: + +- `mellon_cache_entry_size`: Maximum size for a single session. Default: undef. +- `mellon_cache_size`: Size in megabytes of the mellon cache. Default: 100. +- `mellon_lock_file`: Location of lock file. Default: '`/run/mod_auth_mellon/lock`'. +- `mellon_post_directory`: Full path where post requests are saved. Default: '`/var/cache/apache2/mod_auth_mellon/`' +- `mellon_post_ttl`: Time to keep post requests. Default: undef. +- `mellon_post_size`: Maximum size of post requests. Default: undef. +- `mellon_post_count`: Maximum number of post requests. Default: undef. + +##### Class: `apache::mod::deflate` + +Installs and configures [`mod_deflate`][]. + +**Parameters within `apache::mod::deflate`**: + +- `types`: An [array][] of [MIME types][MIME `content-type`] to be deflated. Default: [ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json' ]. +- `notes`: A [Hash][] where the key represents the type and the value represents the note name. Default: { 'Input' => 'instream', 'Output' => 'outstream', 'Ratio' => 'ratio' } + +##### Class: `apache::mod::expires` + +Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate its configuration. + +**Parameters within `apache::mod::expires`**: + +- `expires_active`: Enables generation of `Expires` headers for a document realm. Valid options: Boolean. Default: true. +- `expires_default`: Default algorithm for calculating expiration time using [`ExpiresByType`][] syntax or [interval syntax][]. Default: undef. +- `expires_by_type`: Describes a set of [MIME `content-type`][] and their expiration times. Valid options: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content-type` (i.e. 'text/json') and its value following valid [interval syntax][]. Default: undef. + +##### Class: `apache::mod::ext_filter` + +Installs and configures [`mod_ext_filter`][]. + +``` puppet +class { 'apache::mod::ext_filter': + ext_filter_define => { + 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', + 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', + }, +} +``` + +**Parameters within `apache::mod::ext_filter`**: + +- `ext_filter_define`: A hash of filter names and their parameters. Default: undef. + +##### Class: `apache::mod::fcgid` + +Installs and configures [`mod_fcgid`][]. + +The class makes no effort to individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [hash][]. For example: + +``` puppet +class { 'apache::mod::fcgid': + options => { + 'FcgidIPCDir' => '/var/run/fcgidsock', + 'SharememPath' => '/var/run/fcgid_shm', + 'AddHandler' => 'fcgid-script .fcgi', + }, +} +``` + +For a full list of options, see the [official `mod_fcgid` documentation][`mod_fcgid`]. + +If you include `apache::mod::fcgid`, you can set the [`FcgidWrapper`][] per directory, per virtual host. The module must be loaded first; Puppet will not automatically enable it if you set the `fcgiwrapper` parameter in `apache::vhost`. + +``` puppet +include apache::mod::fcgid + +apache::vhost { 'example.org': + docroot => '/var/www/html', + directories => { + path => '/var/www/html', + fcgiwrapper => { + command => '/usr/local/bin/fcgiwrapper', + } + }, +} +``` + +##### Class: `apache::mod::geoip` + +Installs and manages [`mod_geoip`][]. + +**Parameters within `apache::mod::geoip`**: + +- `db_file`: Sets the path to your GeoIP database file. Valid options: a path, or an [array][] paths for multiple GeoIP database files. Default: `/usr/share/GeoIP/GeoIP.dat`. +- `enable`: Determines whether to globally enable [`mod_geoip`][]. Valid options: Boolean. Default: false. +- `flag`: Sets the GeoIP flag. Valid options: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'. Default: 'Standard'. +- `output`: Defines which output variables to use. Valid options: 'All', 'Env', 'Request', 'Notes'. Default: 'All'. +- `enable_utf8`: Changes the output from ISO-8859-1 (Latin-1) to UTF-8. Valid options: Boolean. Default: undef. +- `scan_proxy_headers`: Enables the [GeoIPScanProxyHeaders][] option. Valid options: Boolean. Default: undef. +- `scan_proxy_header_field`: Specifies which header [`mod_geoip`][] should look at to determine the client's IP address. Default: undef. +- `use_last_xforwarededfor_ip` (sic): Determines whether to use the first or last IP address for the client's IP if a comma-separated list of IP addresses is found. Valid options: Boolean. Default: undef. + +##### Class: `apache::mod::info` + +Installs and manages [`mod_info`][], which provides a comprehensive overview of the server configuration. + +**Parameters within `apache::mod::info`**: + +- `allow_from`: Whitelist of IPv4 or IPv6 addresses or ranges that can access `/server-info`. Valid options: One or more octets of an IPv4 address, an IPv6 address or range, or an array of either. Default: ['127.0.0.1','::1']. +- `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'. Default: the value of [`$::apache::apache_version`][`apache_version`]. +- `restrict_access`: Determines whether to enable access restrictions. If false, the `allow_from` whitelist is ignored and any IP address can access `/server-info`. Valid options: Boolean. Default: true. + +##### Class: `apache::mod::passenger` + +Installs and manages [`mod_passenger`][]. + +**Parameters within `apache::mod::passenger`**: + +- `passenger_high_performance` Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance). Valid options: 'on', 'off'. Default: undef. +- `passenger_pool_idle_time` Sets the [`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpoolidletime). Default: undef. +- `passenger_max_pool_size` Sets the [`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpoolsize). Default: undef. +- `passenger_max_request_queue_size` Sets the [`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize). Default: undef. +- `passenger_max_requests` Sets the [`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests). Default: undef. + +##### Class: `apache::mod::ldap` + +Installs and configures [`mod_ldap`][], and allows you to modify the +[`LDAPTrustedGlobalCert`](https://httpd.apache.org/docs/current/mod/mod_ldap.html#ldaptrustedglobalcert) Directive: + +``` puppet +class { 'apache::mod::ldap': + ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt', + ldap_trusted_global_cert_type => 'CA_DER', +} +``` + +**Parameters within `apache::mod::ldap`:** + +- `ldap_trusted_global_cert_file`: Path and file name of the trusted CA certificates to use when establishing SSL or TLS connections to an LDAP server. +- `ldap_trusted_global_cert_type`: The global trust certificate format. Default: 'CA_BASE64'. + +##### Class: `apache::mod::negotiation` + +Installs and configures [`mod_negotiation`][]. + +**Parameters within `apache::mod::negotiation`:** + +- `force_language_priority`: Sets the `ForceLanguagePriority` option. Valid option: String. Default: `Prefer Fallback`. +- `language_priority`: An [array][] of languages to set the `LanguagePriority` option of the module. Default: [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 'zh-TW' ] + +##### Class: `apache::mod::pagespeed` + +Installs and manages [`mod_pagespeed`][], a Google module that rewrites web pages to reduce latency and bandwidth. + +While this Apache module requires the `mod-pagespeed-stable` package, Puppet **doesn't** manage the software repositories required to automatically install the package. If you declare this class when the package is either not installed or not available to your package manager, your Puppet run will fail. + +**Parameters within `apache::mod::pagespeed`**: + +- `inherit_vhost_config`: Default: 'on'. +- `filter_xhtml`: Default: false. +- `cache_path`: Default: '/var/cache/mod_pagespeed/'. +- `log_dir`: Default: '/var/log/pagespeed'. +- `memcache_servers`: Default: []. +- `rewrite_level`: Default: 'CoreFilters'. +- `disable_filters`: Default: []. +- `enable_filters`: Default: []. +- `forbid_filters`: Default: []. +- `rewrite_deadline_per_flush_ms`: Default: 10. +- `additional_domains`: Default: undef. +- `file_cache_size_kb`: Default: 102400. +- `file_cache_clean_interval_ms`: Default: 3600000. +- `lru_cache_per_process`: Default: 1024. +- `lru_cache_byte_limit`: Default: 16384. +- `css_flatten_max_bytes`: Default: 2048. +- `css_inline_max_bytes`: Default: 2048. +- `css_image_inline_max_bytes`: Default: 2048. +- `image_inline_max_bytes`: Default: 2048. +- `js_inline_max_bytes`: Default: 2048. +- `css_outline_min_bytes`: Default: 3000. +- `js_outline_min_bytes`: Default: 3000. +- `inode_limit`: Default: 500000. +- `image_max_rewrites_at_once`: Default: 8. +- `num_rewrite_threads`: Default: 4. +- `num_expensive_rewrite_threads`: Default: 4. +- `collect_statistics`: Default: 'on'. +- `statistics_logging`: Default: 'on'. +- `allow_view_stats`: Default: []. +- `allow_pagespeed_console`: Default: []. +- `allow_pagespeed_message`: Default: []. +- `message_buffer_size`: Default: 100000. +- `additional_configuration`: A hash of directive-value pairs or an array of lines to insert at the end of the pagespeed configuration. Default: '{ }'. + +The class's parameters correspond to the module's directives. See the [module's documentation][`mod_pagespeed`] for details. + +##### Class: `apache::mod::php` + +Installs and configures [`mod_php`][]. + +**Parameters within `apache::mod::php`**: + +Default values depend on your operating system. + +> **Note**: This list is incomplete. Most of this class's parameters correspond to `mod_php` directives; see the [module's documentation][`mod_php`] for details. + +- `package_name`: Names the package that installs `mod_php`. +- `path`: Defines the path to the `mod_php` shared object (`.so`) file. +- `source`: Defines the path to the default configuration. Valid options include a `puppet:///` path. +- `template`: Defines the path to the `php.conf` template Puppet uses to generate the configuration file. +- `content`: Adds arbitrary content to `php.conf`. + +##### Class: `apache::mod::reqtimeout` + +Installs and configures [`mod_reqtimeout`][]. + +**Parameters within `apache::mod::reqtimeout`**: + +- `timeouts`: A string or [array][] that sets the [`RequestReadTimeout`][] option. Default: ['header=20-40,MinRate=500', 'body=20,MinRate=500']. + +##### Class: `apache::mod::shib` + +Installs the [Shibboleth](http://shibboleth.net/) Apache module `mod_shib`, which enables SAML2 single sign-on (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. This class only installs and configures the Apache components of a web application that consumes Shibboleth SSO identities, also known as a Shibboleth Service Provider. You can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). + +Defining this class enables Shibboleth-specific parameters in `apache::vhost` instances. + +##### Class: `apache::mod::ssl` + +Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template to generate its configuration. + +**Parameters within `apache::mod::ssl`**: + +- `ssl_cipher`: Default: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4'. +- `ssl_compression`: Default: false. +- `ssl_cryptodevice`: Default: 'builtin'. +- `ssl_honorcipherorder`: Default: 'On'. +- `ssl_openssl_conf_cmd`: Default: undef. +- `ssl_options`: Default: [ 'StdEnvVars' ] +- `ssl_pass_phrase_dialog`: Default: 'builtin'. +- `ssl_protocol`: Default: [ 'all', '-SSLv2', '-SSLv3' ]. +- `ssl_random_seed_bytes`: Valid options: A string. Default: '512'. +- `ssl_sessioncachetimeout`: Valid options: A string. Default: '300'. + +To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] parameter in `::apache` to true **or** the [`ssl`][] parameter in [`apache::vhost`][] to true. + +##### Class: `apache::mod::status` + +Installs [`mod_status`][] and uses the `status.conf.erb` template to generate its configuration. + +**Parameters within `apache::mod::status`**: + +- `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/server-status`. Default: ['127.0.0.1','::1']. +- `extended_status`: Determines whether to track extended status information for each request, via the [`ExtendedStatus`][] directive. Valid options: 'Off', 'On'. Default: 'On'. +- `status_path`: The server location of the status page. Default: '/server-status'. + +##### Class: `apache::mod::version` + +Installs [`mod_version`][] on many operating systems and Apache configurations. + +If Debian and Ubuntu systems with Apache 2.4 are classified with `apache::mod::version`, Puppet warns that `mod_version` is built-in and can't be loaded. + +##### Class: `apache::mod::security` + +Installs and configures Trustwave's [`mod_security`][]. It is enabled and runs by default on all virtual hosts. + +**Parameters within `apache::mod::security`**: + +- `activated_rules`: An [array][] of rules from the `modsec_crs_path` to activate via symlinks. Default: `modsec_default_rules` in [`apache::params`][]. +- `allowed_methods`: A space-separated list of allowed HTTP methods. Default: 'GET HEAD POST OPTIONS'. +- `content_types`: A list of one or more allowed [MIME types][MIME `content-type`]. Default: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf' +- `crs_package`: Names the package that installs CRS rules. Default: `modsec_crs_package` in [`apache::params`][]. +- `modsec_dir`: Defines the path where Puppet installs the modsec configuration and activated rules links. Default: 'On', set by `modsec_dir` in [`apache::params`][]. +${modsec_dir}/activated_rules. +- `modsec_secruleengine`: Configures the modsec rules engine. Valid options: 'On', 'Off', and 'DetectionOnly'. Default: `modsec_secruleengine` in [`apache::params`][]. +- `restricted_extensions`: A space-separated list of prohibited file extensions. Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'. +- `restricted_headers`: A list of restricted headers separated by slashes and spaces. Default: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'. + +##### Class: `apache::mod::wsgi` + +Enables Python support via [`mod_wsgi`][]. + +**Parameters within `apache::mod::wsgi`**: + +- `mod_path`: Defines the path to the `mod_wsgi` shared object (`.so`) file. Default: undef. + - If the `mod_path` parameter doesn't contain `/`, Puppet prefixes it with your operating system's default module path. +Otherwise, Puppet follows it literally. +- `package_name`: Names the package that installs `mod_wsgi`. Default: undef. +- `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'. Valid options: path. Default: undef. +- `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site-packages'. Valid options: path. Default: undef. +- `wsgi_socket_prefix`: Defines the [`WSGISocketPrefix`][] directive, such as "\${APACHE_RUN_DIR}WSGI". Default: `wsgi_socket_prefix` in [`apache::params`][]. + +The class's parameters correspond to the module's directives. See the [module's documentation][`mod_wsgi`] for details. + +### Private Classes + +#### Class: `apache::confd::no_accf` + +Creates the `no-accf.conf` configuration file in `conf.d`, required by FreeBSD's Apache 2.4. + +#### Class: `apache::default_confd_files` + +Includes `conf.d` files for FreeBSD. + +#### Class: `apache::default_mods` + +Installs the Apache modules required to run the default configuration. See the `apache` class's [`default_mods`][] parameter for details. + +#### Class: `apache::package` + +Installs and configures basic Apache packages. + +#### Class: `apache::params` + +Manages Apache parameters for different operating systems. + +#### Class: `apache::service` + +Manages the Apache daemon. + +#### Class: `apache::version` + +Attempts to automatically detect the Apache version based on the operating system. + +### Public defined types + +#### Defined type: `apache::balancer` + +Creates an Apache load balancing group, also known as a balancer cluster, using [`mod_proxy`][]. Each load balancing group needs one or more balancer members, which you can declare in Puppet with the [`apache::balancermember`][] define. + +Declare one `apache::balancer` define for each Apache load balancing group. You can export `apache::balancermember` defined types for all balancer members and collect them on a single Apache load balancer server using [exported resources][]. + +**Parameters within `apache::balancer`**: + +##### `name` + +Sets the title of the balancer cluster and name of the `conf.d` file containing its configuration. + +##### `proxy_set` + +Configures key-value pairs as [`ProxySet`][] lines. Valid options: a [hash][]. Default: '{}'. + +##### `collect_exported` + +Determines whether to use [exported resources][]. Valid options: Boolean. Default: true. + +If you statically declare all of your backend servers, set this parameter to false to rely on existing, declared balancer member resources. Also, use `apache::balancermember` with [array][] arguments. + +To dynamically declare backend servers via exported resources collected on a central node, set this parameter to true to collect the balancer member resources exported by the balancer member nodes. + +If you don't use exported resources, a single Puppet run configures all balancer members. If you use exported resources, Puppet has to run on the balanced nodes first, then run on the balancer. + +#### Defined type: `apache::balancermember` + +Defines members of [`mod_proxy_balancer`][], which sets up a balancer member inside a listening service configuration block in the load balancer's `apache.cfg`. + +**Parameters within `apache::balancermember`**: + +##### `balancer_cluster` + +**Required**. Sets the Apache service's instance name, and must match the name of a declared [`apache::balancer`][] resource. + +##### `url` + +Specifies the URL used to contact the balancer member server. Default: 'http://${::fqdn}/'. + +##### `options` + +Specifies an [array][] of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the URL, and accepts any key-value pairs available to [`ProxyPass`][]. Default: an empty array. + +#### Defined type: `apache::custom_config` + +Adds a custom configuration file to the Apache server's `conf.d` directory. If the file is invalid and this defined type's [`verify_config`][] parameter's value is true, Puppet throws an error during a Puppet run. + +**Parameters within `apache::custom_config`**: + +##### `ensure` + +Specifies whether the configuration file should be present. Valid options: 'absent', 'present'. Default: 'present'. + +##### `confdir` + +Sets the directory in which Puppet places configuration files. Default: the value of [`$::apache::confd_dir`][`confd_dir`]. + +##### `content` + +Sets the configuration file's content. The `content` and [`source`][] parameters are exclusive of each other. + +##### `filename` + +Sets the name of the file under `confdir` in which Puppet stores the configuration. The default behavior is to generate the filename from the `priority` parameter and the resource name. + +##### `priority` + +Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order. Default: '25'. + +To omit the priority prefix in the configuration file's name, set this parameter to false. + +##### `source` + +Points to the configuration file's source. The [`content`][] and `source` parameters are exclusive of each other. + +##### `verify_command` + +Specifies the command Puppet uses to verify the configuration file. Use a fully qualified command. Default: `/usr/sbin/apachectl -t`. + +This parameter is only used if the [`verify_config`][] parameter's value is 'true'. If the `verify_command` fails, the Puppet run deletes the configuration file, does not notify the Apache service, and raises an error. + +##### `verify_config` + +Specifies whether to validate the configuration file before notifying the Apache service. Valid options: Boolean. Default: true. + +#### Defined type: `apache::fastcgi::server` + +Defines one or more external FastCGI servers to handle specific file types. Use this defined type with [`mod_fastcgi`][FastCGI]. + +**Parameters within `apache::fastcgi::server`:** + +##### `host` + +Determines the FastCGI's hostname or IP address and TCP port number (1-65535). + +##### `timeout` + +Sets the number of seconds a [FastCGI][] application can be inactive before aborting the request and logging the event at the error LogLevel. The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond by writing and flushing within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. + +##### `flush` + +Forces [`mod_fastcgi`][FastCGI] to write to the client as data is received from the application. By default, `mod_fastcgi` buffers data in order to free the application as quickly as possible. + +##### `faux_path` + +Apache has [FastCGI][] handle URIs that resolve to this filename. The path set in this parameter does not have to exist in the local filesystem. + +##### `alias` + +Internally links actions with the FastCGI server. This alias must be unique. + +##### `file_type` + +Sets the [MIME `content-type`][] of the file to be processed by the FastCGI server. + +#### Defined type: `apache::listen` + +Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directory that define the Apache server's or a virtual host's listening address and port. The [`apache::vhost`][] class uses this defined type, and titles take the form '', ':', or ':'. + +#### Defined type: `apache::mod` + +Installs packages for an Apache module that doesn't have a corresponding [`apache::mod::`][] class, and checks for or places the module's default configuration files in the Apache server's `module` and `enable` directories. The default locations depend on your operating system. + +**Parameters within `apache::mod`**: + +##### `package` + +**Required**. Names the package Puppet uses to install the Apache module. + +##### `package_ensure` + +Determines whether Puppet ensures the Apache module should be installed. Valid options: 'absent', 'present'. Default: 'present'. + +##### `lib` + +Defines the module's shared object name. Its default value is `mod_$name.so`, and it should not be configured manually without special reason. + +##### `lib_path` + +Specifies a path to the module's libraries. Default: the `apache` class's [`lib_path`][] parameter. + +Don't manually set this parameter without special reason. The [`path`][] parameter overrides this value. + +##### `loadfile_name` + +Sets the filename for the module's [`LoadFile`][] directive, which can also set the module load order as Apache processes them in alphanumeric order. Valid options: filenames formatted `\*.load`. Default: the resource's name followed by 'load', as in '$name.load'. + +##### `loadfiles` + +Specifies an array of [`LoadFile`][] directives. Default: undef. + +##### `path` + +Specifies a path to the module. Default: [`lib_path`][]/[`lib`][]. + +> **Note:** Don't manually set this parameter without a specific reason. + +#### Defined type: `apache::namevirtualhost` + +Enables [name-based virtual hosts][] and adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms '\*', '*:', '\_default_:, '', or ':'. + +#### Defined type: `apache::vhost` + +The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache to evaluate it multiple times with different parameters. + +The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default virtual host within the base `::apache` class, as well as set a customized virtual host as the default. Customized virtual hosts have a lower numeric [`priority`][] than the base class's, causing Apache to process the customized virtual host first. + +The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To inject custom fragments for pieces of the configuration that the defined type doesn't inherently support, add a custom fragment. + +For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples of 10, so any `order` that isn't a multiple of 10 should work. + +**Parameters within `apache::vhost`**: + +##### `access_log` + +Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). Valid options: Boolean. Default: true. + +##### `access_log_env_var` + +Specifies that only requests with particular environment variables be logged. Default: undef. + +##### `access_log_file` + +Sets the filename of the `*_access.log` placed in [`logroot`][]. Given a virtual host---for instance, example.com---it defaults to 'example.com_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com_access.log' for unencrypted virtual hosts. + +##### `access_log_format` + +Specifies the use of either a [`LogFormat`][] nickname or a custom-formatted string for the access log. Default: 'combined'. + +##### `access_log_pipe` + +Specifies a pipe where Apache sends access log messages. Default: undef. + +##### `access_log_syslog` + +Sends all access log messages to syslog. Default: undef. + +##### `add_default_charset` + +Sets a default media charset value for the [`AddDefaultCharset`][] directive, which is added to `text/plain` and `text/html` responses. + +##### `add_listen` + +Determines whether the virtual host creates a [`Listen`][] statement. Valid options: Boolean. Default: true. + +Setting `add_listen` to false prevents the virtual host from creating a `Listen` statement. This is important when combining virtual hosts that aren't passed an `ip` parameter with those that are. + +##### `use_optional_includes` + +Specifies whether Apache uses the [`IncludeOptional`][] directive instead of [`Include`][] for `additional_includes` in Apache 2.4 or newer. Valid options: Boolean. Default: false. + +##### `additional_includes` + +Specifies paths to additional static, virtual host-specific Apache configuration files. You can use this parameter to implement a unique, custom configuration not supported by this module. Valid options: a string path or [array][] of them. Default: an empty array. + +##### `aliases` + +Passes a list of [hashes][hash] to the virtual host to create [`Alias`][], [`AliasMatch`][], [`ScriptAlias`][] or [`ScriptAliasMatch`][] directives as per the [`mod_alias`][] documentation. + +For example: + +``` puppet +aliases => [ + { aliasmatch => '^/image/(.*)\.jpg$', + path => '/files/jpg.images/$1.jpg', + }, + { alias => '/image', + path => '/ftp/pub/image', + }, + { scriptaliasmatch => '^/cgi-bin(.*)', + path => '/usr/local/share/cgi-bin$1', + }, + { scriptalias => '/nagios/cgi-bin/', + path => '/usr/lib/nagios/cgi-bin/', + }, + { alias => '/nagios', + path => '/usr/share/nagios/html', + }, +], +``` + +For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs a corresponding context, such as `` or ``. Puppet creates the directives in the order specified in the `aliases` parameter. As described in the [`mod_alias`][] documentation, add more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more general ones to avoid shadowing. + +> **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because you can precisely control the various alias directives' order. Defining `ScriptAliases` using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` directives. This often causes problems, for example with Nagios. + +If [`apache::mod::passenger`][] is loaded and `PassengerHighPerformance` is 'true', the `Alias` directive might not be able to honor the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. + +##### `allow_encoded_slashes` + +Sets the [`AllowEncodedSlashes`][] declaration for the virtual host, overriding the server default. This modifies the virtual host responses to URLs with `\` and `/` characters. Valid options: 'nodecode', 'off', 'on'. Default: undef, which omits the declaration from the server configuration and selects the Apache default setting of `Off`. + +##### `block` + +Specifies the list of things to which Apache blocks access. Valid option: 'scm', which blocks web access to `.svn`, `.git`, and `.bzr` directories. Default: an empty [array][]. + +##### `custom_fragment` + +Passes a string of custom configuration directives to place at the end of the virtual host configuration. Default: undef. + +##### `default_vhost` + +Sets a given `apache::vhost` defined type as the default to serve requests that do not match any other `apache::vhost` defined types. Default: false. + +##### `directories` + +See the [`directories`](#parameter-directories-for-apachevhost) section. + +##### `directoryindex` + +Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. See the [`DirectoryIndex`][] directive documentation for details. Default: undef. + +##### `docroot` + +**Required**. Sets the [`DocumentRoot`][] location, from which Apache serves files. + +If `docroot` and [`manage_docroot`][] are both set to false, no [`DocumentRoot`][] will be set and the accompanying `` block will not be created. + +##### `docroot_group` + +Sets group access to the [`docroot`][] directory. Valid options: A string representing a system group. Default: 'root'. + +##### `docroot_owner` + +Sets individual user access to the [`docroot`][] directory. Valid options: A string representing a user account. Default: 'root'. + +##### `docroot_mode` + +Sets access permissions for the [`docroot`][] directory, in numeric notation. Valid options: A string. Default: undef. + +##### `manage_docroot` + +Determines whether Puppet manages the [`docroot`][] directory. Valid options: Boolean. Default: true. + +##### `error_log` + +Specifies whether `*_error.log` directives should be configured. Valid options: Boolean. Default: true. + +##### `error_log_file` + +Points the virtual host's error logs to a `*_error.log` file. If this parameter is undefined, Puppet checks for values in [`error_log_pipe`][], then [`error_log_syslog`][]. + +If none of these parameters is set, given a virtual host `example.com`, Puppet defaults to '$logroot/example.com_error_ssl.log' for SSL virtual hosts and '$logroot/example.com_error.log' for non-SSL virtual hosts. + +##### `error_log_pipe` + +Specifies a pipe to send error log messages to. Default: undef. + +This parameter has no effect if the [`error_log_file`][] parameter has a value. If neither this parameter nor `error_log_file` has a value, Puppet then checks [`error_log_syslog`][]. + +##### `error_log_syslog` + +Determines whether to send all error log messages to syslog. Valid options: Boolean. Default: undef. + +This parameter has no effect if either of the [`error_log_file`][] or [`error_log_pipe`][] parameters has a value. If none of these parameters has a value, given a virtual host `example.com`, Puppet defaults to '$logroot/example.com_error_ssl.log' for SSL virtual hosts and '$logroot/example.com_error.log' for non-SSL virtual hosts. + +##### `error_documents` + +A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this virtual host. Default: '[]'. + +An example: + +``` puppet +apache::vhost { 'sample.example.net': + error_documents => [ + { 'error_code' => '503', 'document' => '/service-unavail' }, + { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, + ], +} +``` + +##### `ensure` + +Specifies if the virtual host is present or absent. Valid options: 'absent', 'present'. Default: 'present'. + +##### `fallbackresource` + +Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Valid options must either begin with a '/' or be 'disabled'. Default: undef. + +##### `filters` + +[Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. + +``` puppet +apache::vhost { "$::fqdn": + filters => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], +} +``` + +##### `force_type` + +Sets the [`ForceType`][] directive, which forces Apache to serve all matching files with a [MIME `content-type`][] matching this parameter's value. + +##### `headers` + +Adds lines to replace, merge, or remove response headers. See [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Valid options: A string, an array of strings, or undef. Default: undef. + +##### `ip` + +Sets the IP address the virtual host listens on. Valid options: Strings. Default: undef, which uses Apache's default behavior of listening on all IPs. + +##### `ip_based` + +Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual host. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based virtual hosts. Default: false. + +##### `itk` + +Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys can be: + +* user + group +* `assignuseridexpr` +* `assigngroupidexpr` +* `maxclientvhost` +* `nice` +* `limituidrange` (Linux 3.5.0 or newer) +* `limitgidrange` (Linux 3.5.0 or newer) + +Usage typically looks like: + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + itk => { + user => 'someuser', + group => 'somegroup', + }, +} +``` + +##### `auth_kerb` + +Enable [`mod_auth_kerb`][] parameters for a virtual host. Valid options: Boolean. Default: false. + +Usage typically looks like: + +``` puppet +apache::vhost { 'sample.example.net': + auth_kerb => true, + krb_method_negotiate => 'on', + krb_auth_realms => ['EXAMPLE.ORG'], + krb_local_user_mapping => 'on', + directories => { + path => '/var/www/html', + auth_name => 'Kerberos Login', + auth_type => 'Kerberos', + auth_require => 'valid-user', + }, +} +``` + +Related parameters follow the names of `mod_auth_kerb` directives: + +- `krb_method_negotiate`: Determines whether to use the Negotiate method. Default: 'on'. +- `krb_method_k5passwd`: Determines whether to use password-based authentication for Kerberos v5. Default: 'on'. +- `krb_authoritative`: If set to 'off', authentication controls can be passed on to another module. Default: 'on'. +- `krb_auth_realms`: Specifies an array of Kerberos realms to use for authentication. Default: '[]'. +- `krb_5keytab`: Specifies the Kerberos v5 keytab file's location. Default: undef. +- `krb_local_user_mapping`: Strips @REALM from usernames for further use. Default: undef. + +##### `krb_verify_kdc` + +This option can be used to disable the verification tickets against local keytab to prevent KDC spoofing attacks. Default: 'on'. + +##### `krb_servicename` + +Specifies the service name that will be used by Apache for authentication. Corresponding key of this name must be stored in the keytab. Default: 'HTTP'. + +##### `krb_save_credentials` + +This option enables credential saving functionality. Default is 'off' + +##### `logroot` + +Specifies the location of the virtual host's logfiles. Default: '/var/log//'. + +##### `$logroot_ensure` + +Determines whether or not to remove the logroot directory for a virtual host. Valid options: 'directory', 'absent'. + +##### `logroot_mode` + +Overrides the mode the logroot directory is set to. Default: undef. Do *not* grant write access to the directory the logs are stored in without being aware of the consequences; for more information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security). + +##### `log_level` + +Specifies the verbosity of the error log. Valid options: 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. Default: 'warn' for the global server configuration, which can be overridden on a per-virtual host basis. + +###### `modsec_body_limit` + +Configures the maximum request body size (in bytes) ModSecurity will accept for buffering + +###### `modsec_disable_vhost` + +Disables [`mod_security`][] on a virtual host. Only valid if [`apache::mod::security`][] is included. Valid options: Boolean. Default: undef. + +###### `modsec_disable_ids` + +Array of mod_security IDs to remove from the virtual host. Also takes a hash allowing removal of an ID from a specific location. + +``` puppet +apache::vhost { 'sample.example.net': + modsec_disable_ids => [ 90015, 90016 ], +} +``` + +``` puppet +apache::vhost { 'sample.example.net': + modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, +} +``` + +###### `modsec_disable_ips` + +Specifies an array of IP addresses to exclude from [`mod_security`][] rule matching. Default: undef. + +##### `no_proxy_uris` + +Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). + +##### `no_proxy_uris_match` + +This directive is equivalent to [`no_proxy_uris`][], but takes regular expressions. + +##### `proxy_preserve_host` + +Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). Valid options: Boolean. Default: false. + +Setting this parameter to true enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. Setting it to false sets this directive to 'Off'. + +##### `proxy_error_override` + +Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether Apache should override error pages for proxied content. Default: false. + +##### `options` + +Sets the [`Options`][] for the specified virtual host. Default: ['Indexes','FollowSymLinks','MultiViews'], as demonstrated below: + +``` puppet +apache::vhost { 'site.name.fdqn': + … + options => ['Indexes','FollowSymLinks','MultiViews'], +} +``` + +> **Note**: If you use the [`directories`][] parameter of [`apache::vhost`][], 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. + +##### `override` + +Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. Default: '[none]'. + +##### `passenger_app_root` + +Sets [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot), the location of the Passenger application root if different from the DocumentRoot. + +##### `passenger_app_env` + +Sets [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv), the environment for the Passenger application. If not specifies, defaults to the global setting or 'production'. + +##### `passenger_log_file` + +By default, Passenger log messages are written to the Apache global error log. With [PassengerLogFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlogfile), you can configure those messages to be logged to a different file. This option is only available since Passenger 5.0.5. + +##### `passenger_ruby` + +Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby), the Ruby interpreter to use for the application, on this virtual host. + +##### `passenger_min_instances` + +Sets [PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances), the minimum number of application processes to run. + +##### `passenger_start_timeout` + +Sets [PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout), the timeout for the application startup. + +##### `passenger_pre_start` + +Sets [PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/reference/#passengerprestart), the URL of the application if pre-starting is required. + +##### `php_flags & values` + +Allows per-virtual host setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Default: '{}'. + +##### `php_admin_flags & values` + +Allows per-virtual host setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Default: '{}'. + +##### `port` + +Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only listens on the port set in this parameter. + +##### `priority` + +Sets the relative load-order for Apache HTTPD VirtualHost configuration files. Default: '25'. + +If nothing matches the priority, the first name-based virtual host is used. Likewise, passing a higher priority causes the alphabetically first name-based virtual host to be used if no other names match. + +> **Note:** You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'. + +To omit the priority prefix in file names, pass a priority of false. + +##### `proxy_dest` + +Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Default: undef. + +##### `proxy_pass` + +Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Default: undef. Parameters and location options can optionally be added as an array. + +``` puppet +apache::vhost { 'site.name.fdqn': + … + proxy_pass => [ + { 'path' => '/a', 'url' => 'http://backend-a/' }, + { 'path' => '/b', 'url' => 'http://backend-b/' }, + { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}}, + { 'path' => '/c', 'url' => 'http://backend-a/c', + 'options' => {'Require'=>'valid-user', 'AuthType'=>'Kerberos', 'AuthName'=>'Kerberos Login'}}, + { 'path' => '/l', 'url' => 'http://backend-xy', + 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, + { 'path' => '/d', 'url' => 'http://backend-a/d', + 'params' => { 'retry' => '0', 'timeout' => '5' }, }, + { 'path' => '/e', 'url' => 'http://backend-a/e', + 'keywords' => ['nocanon', 'interpolate'] }, + { 'path' => '/f', 'url' => 'http://backend-f/', + 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, + { 'path' => '/g', 'url' => 'http://backend-g/', + 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], }, + ], +} +``` + +* `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Valid options: an array or string. +* `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`. +* `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings. +* `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Valid options: array. + +##### `proxy_dest_match` + +This directive is equivalent to [`proxy_dest`][], but takes regular expressions, see [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. + +##### `proxy_dest_reverse_match` + +Allows you to pass a ProxyPassReverse if [`proxy_dest_match`][] is specified. See [ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) for details. + +##### `proxy_pass_match` + +This directive is equivalent to [`proxy_pass`][], but takes regular expressions, see [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. + +##### `rack_base_uris` + +Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Default: undef. + +#####`passenger_base_uris` + +Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the _passenger_base_uris.erb template. Default: undef. + +##### `redirect_dest` + +Specifies the address to redirect to. Default: undef. + +##### `redirect_source` + +Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. + +``` puppet +apache::vhost { 'site.name.fdqn': + … + redirect_source => ['/images','/downloads'], + redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], +} +``` + +##### `redirect_status` + +Specifies the status to append to the redirect. Default: undef. + +``` puppet +apache::vhost { 'site.name.fdqn': + … + redirect_status => ['temp','permanent'], +} +``` + +##### `redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` + +Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Default: undef. + +``` puppet +apache::vhost { 'site.name.fdqn': + … + redirectmatch_status => ['404','404'], + redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], + redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'], +} +``` + +##### `request_headers` + +Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, etc. Default: undef. + +``` puppet +apache::vhost { 'site.name.fdqn': + … + request_headers => [ + 'append MirrorID "mirror 12"', + 'unset MirrorID', + ], +} +``` +##### `rewrites` + +Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. Default: undef. + +For example, you can specify that anyone trying to access index.html is served welcome.html + +``` puppet +apache::vhost { 'site.name.fdqn': + … + rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] +} +``` + +The parameter allows rewrite conditions that, when true, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE + +``` puppet +apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'redirect IE', + rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + ], +} +``` + +You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2) + +``` puppet +apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'Lynx or Mozilla v1/2', + rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + ], +} +``` + +Multiple rewrites and conditions are also possible + +``` puppet +apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'Lynx or Mozilla v1/2', + rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + { + comment => 'Internet Explorer', + rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], + rewrite_rule => ['^index\.html$ /index.IE.html [L]'], + }, + { + rewrite_base => /apps/, + rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], + }, + { comment => 'Rewrite to lower case', + rewrite_cond => ['%{REQUEST_URI} [A-Z]'], + rewrite_map => ['lc int:tolower'], + rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], + }, + ], +} +``` + +Refer to the [`mod_rewrite` documentation][`mod_rewrite`] for more details on what is possible with rewrite rules and conditions. + +##### `scriptalias` + +Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as '/usr/scripts'. Default: undef. + +##### `scriptaliases` + +> **Note**: This parameter is deprecated in favor of the `aliases` parameter. + +Passes an array of hashes to the virtual host to create either ScriptAlias or ScriptAliasMatch statements per the [`mod_alias` documentation][`mod_alias`]. + +``` puppet +scriptaliases => [ + { + alias => '/myscript', + path => '/usr/share/myscript', + }, + { + aliasmatch => '^/foo(.*)', + path => '/usr/share/fooscripts$1', + }, + { + aliasmatch => '^/bar/(.*)', + path => '/usr/share/bar/wrapper.sh/$1', + }, + { + alias => '/neatscript', + path => '/usr/share/neatscript', + }, +] +``` + +The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases before more general ones to avoid shadowing. + +##### `serveradmin` + +Specifies the email address Apache displays when it renders one of its error pages. Default: undef. + +##### `serveraliases` + +Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site. Default: '[]'. + +##### `servername` + +Sets the servername corresponding to the hostname you connect to the virtual host at. Default: the title of the resource. + +##### `setenv` + +Used by HTTPD to set environment variables for virtual hosts. Default: '[]'. + +Example: + +``` puppet +apache::vhost { 'setenv.example.com': + setenv => ['SPECIAL_PATH /foo/bin'], +} +``` + +##### `setenvif` + +Used by HTTPD to conditionally set environment variables for virtual hosts. Default: '[]'. + +##### `suphp_addhandler`, `suphp_configpath`, & `suphp_engine` + +Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). + +* `suphp_addhandler`. Default: 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian and Gentoo. +* `suphp_configpath`. Default: undef on RedHat and FreeBSD, and '/etc/php5/apache2' on Debian and Gentoo. +* `suphp_engine`. Valid options: 'on' or 'off'. Default: 'off'. + +An example virtual host configuration with suPHP: + +``` puppet +apache::vhost { 'suphp.example.com': + port => '80', + docroot => '/home/appuser/myphpapp', + suphp_addhandler => 'x-httpd-php', + suphp_engine => 'on', + suphp_configpath => '/etc/php5/apache2', + directories => { path => '/home/appuser/myphpapp', + 'suphp' => { user => 'myappuser', group => 'myappgroup' }, + } +} +``` + +##### `vhost_name` + +Enables name-based virtual hosting. If no IP is passed to the virtual host, but the virtual host is assigned a port, then the virtual host name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the virtual host name is set to the title of the resource. Default: '*'. + +##### `virtual_docroot` + +Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Default: false. + +``` puppet +apache::vhost { 'subdomain.loc': + vhost_name => '*', + port => '80', + virtual_docroot => '/var/www/%-2+', + docroot => '/var/www', + serveraliases => ['*.loc',], +} +``` + +##### `wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` + +Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi). + +* `wsgi_daemon_process`: A hash that sets the name of the WSGI daemon, accepting [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html). Default: undef. +* `wsgi_daemon_process_options`. _Optional._ Default: undef. +* `wsgi_process_group`: Sets the group ID that the virtual host runs under. Default: undef. +* `wsgi_script_aliases`: Requires a hash of web paths to filesystem .wsgi paths. Default: undef. +* `wsgi_pass_authorization`: Uses the WSGI application to handle authorization instead of Apache when set to 'On'. For more information, see [mod_wsgi's WSGIPassAuthorization documentation] (https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Default: undef, leading Apache to use its default value of 'Off'. +* `wsgi_chunked_request`: Enables support for chunked requests. Default: undef. + +An example virtual host configuration with WSGI: + +``` puppet +apache::vhost { 'wsgi.example.com': + port => '80', + docroot => '/var/www/pythonapp', + wsgi_daemon_process => 'wsgi', + wsgi_daemon_process_options => + { processes => '2', + threads => '15', + display-name => '%{GROUP}', + }, + wsgi_process_group => 'wsgi', + wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, + wsgi_chunked_request => 'On', +} +``` + +#### Parameter `directories` for `apache::vhost` + +The `directories` parameter within the `apache::vhost` class passes an array of hashes to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory), [File](https://httpd.apache.org/docs/current/mod/core.html#files), and [Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'. + +The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys. + +The `provider` key is optional. If missing, this key defaults to 'directory'. Valid options: 'directory', 'files', 'proxy', 'location', 'directorymatch', 'filesmatch', 'proxymatch' or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. + +An example use of `directories`: + +``` puppet +apache::vhost { 'files.example.net': + docroot => '/var/www/files', + directories => [ + { 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from all', + }, + ], +} +``` + +> **Note:** At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter. + +Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ { path => '/path/to/directory', handler => value } ], +} +``` + +Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are: + +###### `addhandlers` + +Sets [AddHandler](https://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension'] }`. + +An example: + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], + }, + ], +} +``` + +###### `allow` + +Sets an [Allow](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + allow => 'from example.org', + }, + ], +} +``` + +###### `allow_override` + +Sets the types of directives allowed in [.htaccess](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + allow_override => ['AuthConfig', 'Indexes'], + }, + ], +} +``` + +###### `auth_basic_authoritative` + +Sets the value for [AuthBasicAuthoritative](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicauthoritative), which determines whether authorization and authentication are passed to lower level Apache modules. + +###### `auth_basic_fake` + +Sets the value for [AuthBasicFake](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block. + +###### `auth_basic_provider` + +Sets the value for [AuthBasicProvider](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location. + +###### `auth_digest_algorithm` + +Sets the value for [AuthDigestAlgorithm](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes. + +###### `auth_digest_domain` + +Sets the value for [AuthDigestDomain](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication. + +###### `auth_digest_nonce_lifetime` + +Sets the value for [AuthDigestNonceLifetime](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid. + +###### `auth_digest_provider` + +Sets the value for [AuthDigestProvider](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location. + +###### `auth_digest_qop` + +Sets the value for [AuthDigestQop](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication. + +###### `auth_digest_shmem_size` + +Sets the value for [AuthAuthDigestShmemSize](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients. + +###### `auth_group_file` + +Sets the value for [AuthGroupFile](https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html#authgroupfile), which sets the name of the text file containing the list of user groups for authorization. + +###### `auth_name` + +Sets the value for [AuthName](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname), which sets the name of the authorization realm. + +###### `auth_require` + +Sets the entity name you're requiring to allow access. Read more about [Require](https://httpd.apache.org/docs/current/mod/mod_authz_host.html#requiredirectives). + +###### `auth_type` + +Sets the value for [AuthType](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication. + +###### `auth_user_file` + +Sets the value for [AuthUserFile](https://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication. + +###### `custom_fragment` + +Pass a string of custom configuration directives to be placed at the end of the directory configuration. + +``` puppet +apache::vhost { 'monitor': + … + directories => [ + { + path => '/path/to/directory', + custom_fragment => ' + + SetHandler balancer-manager + Order allow,deny + Allow from all + + + SetHandler server-status + Order allow,deny + Allow from all + +ProxyStatus On', + }, + ] +} +``` + +###### `deny` + +Sets a [Deny](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + deny => 'from example.org', + }, + ], +} +``` + +###### `error_documents` + +An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. + +``` puppet +apache::vhost { 'sample.example.net': + directories => [ + { path => '/srv/www', + error_documents => [ + { 'error_code' => '503', + 'document' => '/service-unavail', + }, + ], + }, + ], +} +``` + +###### `ext_filter_options` + +Sets the [ExtFilterOptions](https://httpd.apache.org/docs/current/mod/mod_ext_filter.html) directive. +Note that you must declare `class { 'apache::mod::ext_filter': }` before using this directive. + +``` puppet +apache::vhost { 'filter.example.org': + docroot => '/var/www/filter', + directories => [ + { path => '/var/www/filter', + ext_filter_options => 'LogStderr Onfail=abort', + }, + ], +} +``` + +###### `geoip_enable` + +Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration) directive. +Note that you must declare `class {'apache::mod::geoip': }` before using this directive. + +``` puppet +apache::vhost { 'first.example.com': + docroot => '/var/www/first', + directories => [ + { path => '/var/www/first', + geoip_enable => true, + }, + ], +} +``` + +###### `headers` + +Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => { + path => '/path/to/directory', + headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', + }, +} +``` + +###### `index_options` + +Allows configuration settings for [directory indexing](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work + options => ['Indexes','FollowSymLinks','MultiViews'], + index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], + }, + ], +} +``` + +###### `index_order_default` + +Sets the [default ordering](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', + index_order_default => ['Descending', 'Date'], + }, + ], +} +``` + +###### `index_style_sheet` + +Sets the [IndexStyleSheet](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet), which adds a CSS stylesheet to the directory index. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], + index_options => ['FancyIndexing'], + index_style_sheet => '/styles/style.css', + }, + ], +} +``` + +###### `mellon_enable` + +Sets the [MellonEnable][`mod_auth_mellon`] directory to enable [`mod_auth_mellon`][]. You can use [`apache::mod::auth_mellon`][] to install `mod_auth_mellon`. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/', + provider => 'directory', + mellon_enable => 'info', + mellon_sp_private_key_file => '/etc/certs/${::fqdn}.key, + mellon_endpoint_path => '/mellon', + mellon_set_env_no_prefix => { 'ADFS_GROUP' => 'http://schemas.xmlsoap.org/claims/Group', + 'ADFS_EMAIL' => 'http://schemas.xmlsoap.org/claims/EmailAddress', }, + mellon_user => 'ADFS_LOGIN', + }, + { path => '/protected', + provider => 'location', + mellon_enable => 'auth', + auth_type => 'Mellon', + auth_require => 'valid-user', + mellon_cond => ['ADFS_LOGIN userA [MAP]','ADFS_LOGIN userB [MAP]'], + }, + ] +} +``` + +Related parameters follow the names of `mod_auth_mellon` directives: + +- `mellon_cond`: Takes an array of mellon conditions that must be met to grant access, and creates a [MellonCond][`mod_auth_mellon`] directive for each item in the array. +- `mellon_endpoint_path`: Sets the [MellonEndpointPath][`mod_auth_mellon`] to set the mellon endpoint path. +- `mellon_idp_metadata_file`: Sets the [MellonIDPMetadataFile][`mod_auth_mellon`] location of the IDP metadata file. +- `mellon_saml_rsponse_dump`: Sets the [MellonSamlResponseDump][`mod_auth_mellon`] directive to enable debug of SAML. +- `mellon_set_env_no_prefix`: Sets the [MellonSetEnvNoPrefix][`mod_auth_mellon`] directive to a hash of attribute names to map +to environment variables. +- `mellon_sp_private_key_file`: Sets the [MellonSPPrivateKeyFile][`mod_auth_mellon`] directive for the private key location of the service provider. +- `mellon_sp_cert_file`: Sets the [MellonSPCertFile][`mod_auth_mellon`] directive for the public key location of the service provider. +- `mellon_user`: Sets the [MellonUser][`mod_auth_mellon`] attribute to use for the username. + +###### `options` + +Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], + }, + ], +} +``` + +###### `order` + +Sets the order of processing Allow and Deny statements as per [Apache core documentation](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', + }, + ], +} +``` + +###### `passenger_enabled` + +Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directive to 'on' or 'off'. Requires `apache::mod::passenger` to be included. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + passenger_enabled => 'on', + }, + ], +} +``` + +> **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. + +###### `php_value` and `php_flag` + +`php_value` sets the value of the directory, and `php_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). + +###### `php_admin_value` and `php_admin_flag` + +`php_admin_value` sets the value of the directory, and `php_admin_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). + + +###### `require` + + +Sets a `Require` directive as per the [Apache Authz documentation](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#require). If no `require` is set, it will default to `Require all granted`. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + require => 'IP 10.17.42.23', + } + ], +} +``` + +If `require` is set to `unmanaged` it will not be set at all. This is useful for complex authentication/authorization requirements which are handled in a custom fragment. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + require => 'unmanaged', + } + ], +} +``` + +###### `satisfy` + +Sets a `Satisfy` directive per the [Apache Core documentation](https://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is deprecated due to a change in Apache and only works with Apache 2.2 and lower. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + satisfy => 'Any', + } + ], +} +``` + +###### `sethandler` + +Sets a `SetHandler` directive per the [Apache Core documentation](https://httpd.apache.org/docs/2.2/mod/core.html#sethandler). + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + sethandler => 'None', + } + ], +} +``` + +###### `set_output_filter` + +Sets a `SetOutputFilter` directive per the [Apache Core documentation](https://httpd.apache.org/docs/current/mod/core.html#setoutputfilter). + +``` puppet +apache::vhost{ 'filter.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + set_output_filter => puppetdb-strip-resource-params, + }, + ], +} +``` + +###### `rewrites` + +Creates URL [`rewrites`](#rewrites) rules in virtual host directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. + +``` puppet +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + rewrites => [ { comment => 'Permalink Rewrites', + rewrite_base => '/' + }, + { rewrite_rule => [ '^index\.php$ - [L]' ] + }, + { rewrite_cond => [ '%{REQUEST_FILENAME} !-f', + '%{REQUEST_FILENAME} !-d', + ], + rewrite_rule => [ '. /index.php [L]' ], + } + ], + }, + ], +} +``` + +> **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the virtual host's directories. + +###### `shib_request_setting` + +Allows a valid content setting to be set or altered for the application request. This command takes two parameters: the name of the content setting, and the value to set it to. Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. + +``` puppet +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + shib_request_settings => { 'requiresession' => 'On' }, + shib_use_headers => 'On', + }, + ], +} +``` + +###### `shib_use_headers` + +When set to 'On', this turns on the use of request headers to publish attributes to applications. Valid options for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. + +###### `ssl_options` + +String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the virtual host. + +``` puppet +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + ssl_options => '+ExportCertData', + }, + { path => '/path/to/different/dir', + ssl_options => [ '-StdEnvVars', '+ExportCertData'], + }, + ], +} +``` + +###### `suphp` + +A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the virtual host declaration, and can only be passed within `directories`. + +``` puppet +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + suphp => { + user => 'myappuser', + group => 'myappgroup', + }, + }, + ], +} +``` + +#### SSL parameters for `apache::vhost` + +All of the SSL parameters for `::vhost` default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific virtual hosts. + +##### `ssl` + +Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. Valid options: Boolean. Default: false. + +##### `ssl_ca` + +Specifies the SSL certificate authority. Default: undef. + +##### `ssl_cert` + +Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, '/usr/local/etc/apache22/server.crt' for FreeBSD, and '/etc/ssl/apache2/server.crt' on Gentoo. + +##### `ssl_protocol` + +Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array or space separated string of accepted protocols. Defaults: 'all', '-SSLv2', '-SSLv3'. + +##### `ssl_cipher` + +Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Default: 'HIGH:MEDIUM:!aNULL:!MD5'. + +##### `ssl_honorcipherorder` + +Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), which is used to prefer the server's cipher preference order. Default: 'On' in the base `apache` config. + +##### `ssl_certs_dir` + +Specifies the location of the SSL certification directory. Default: Depends on the operating system. + +- **Debian:** '/etc/ssl/certs' +- **Red Hat:** '/etc/pki/tls/certs' +- **FreeBSD:** '/usr/local/etc/apache22' +- **Gentoo:** '/etc/ssl/apache2' + +##### `ssl_chain` + +Specifies the SSL chain. Default: undef. This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production. + +##### `ssl_crl` + +Specifies the certificate revocation list to use. Default: undef. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) + +##### `ssl_crl_path` + +Specifies the location of the certificate revocation list. Default: undef. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) + +##### `ssl_crl_check` + +Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck). Default: undef. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. + +##### `ssl_key` + +Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, '/usr/local/etc/apache22/server.key' for FreeBSD, and '/etc/ssl/apache2/server.key' on Gentoo. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) + +##### `ssl_verify_client` + +Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Valid options are: 'none', 'optional', 'require', and 'optional_no_ca'. Default: undef. + +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_verify_client => 'optional', +} +``` + +##### `ssl_verify_depth` + +Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. Default: undef. + +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_verify_depth => 1, +} +``` + +##### `ssl_proxy_verify` + +Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) directive, which configures certificate verification of the remote server when a proxy is configured to forward requests to a remote SSL server. Default: undef. + +##### `ssl_proxy_machine_cert` + +Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Default: undef. + +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem', +} +``` + +##### `ssl_proxy_check_peer_cn` + +Sets the [SSLProxyMachinePeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: undef. + +##### `ssl_proxy_check_peer_name` + +Sets the [SSLProxyMachinePeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: undef. + +##### `ssl_options` + +Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given virtual host and can be a string or an array. Default: undef. + +A string: + +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_options => '+ExportCertData', +} +``` + +An array: + +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_options => [ '+StrictRequire', '+ExportCertData' ], +} +``` + +##### `ssl_openssl_conf_cmd` + +Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. Default: undef. + +##### `ssl_proxyengine` + +Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid options: Boolean. Default: true. + +#### Defined type: FastCGI Server + +This type is intended for use with mod_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types. + +** Note ** If using Ubuntu 10.04+, you'll need to manually enable the multiverse repository. + +Ex: + +``` puppet +apache::fastcgi::server { 'php': + host => '127.0.0.1:9000', + timeout => 15, + flush => false, + faux_path => '/var/www/php.fcgi', + fcgi_alias => '/php.fcgi', + file_type => 'application/x-httpd-php' +} +``` + +Within your virtual host, you can then configure the specified file type to be handled by the fastcgi server specified above. + +``` puppet +apache::vhost { 'www': + ... + custom_fragment => 'AddType application/x-httpd-php .php' + ... +} +``` + +##### `host` + +The hostname or IP address and TCP port number (1-65535) of the FastCGI server. + +##### `timeout` + +The number of seconds of FastCGI application inactivity allowed before the request is aborted and the event is logged (at the error LogLevel). The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond (by writing and flushing) within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. + +##### `flush` + +Force a write to the client as data is received from the application. By default, mod_fastcgi buffers data in order to free the application as quickly as possible. + +##### `faux_path` + +`faux_path` does not have to exist in the local filesystem. URIs that Apache resolves to this filename are handled by this external FastCGI application. + +##### `alias` + +A unique alias. This is used internally to link the action with the FastCGI server. + +##### `file_type` + +The MIME-type of the file to be processed by the FastCGI server. + +#### Defined type: `apache::vhost::custom` + +The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specifc to the virtual host directory in Apache. + +**Parameters within `apache::vhost::custom`**: + +##### `content` + +Sets the configuration file's content. + +##### `ensure` + +Specifies if the virtual host file is present or absent. Valid options: 'absent', 'present'. Default: 'present'. + +##### `priority` + +Sets the relative load order for Apache HTTPD VirtualHost configuration files. Default: '25'. + +### Private defined types + +#### Defined type: `apache::peruser::multiplexer` + +This defined type checks if an Apache module has a class. If it does, it includes that class. If it does not, it passes the module name to the [`apache::mod`][] defined type. + +#### Defined type: `apache::peruser::multiplexer` + +Enables the [`Peruser`][] module for FreeBSD only. + +#### Defined type: `apache::peruser::processor` + +Enables the [`Peruser`][] module for FreeBSD only. + +#### Defined type: `apache::security::file_link` + +Links the `activated_rules` from [`apache::mod::security`][] to the respective CRS rules on disk. + +### Templates + +The Apache module relies heavily on templates to enable the [`apache::vhost`][] and [`apache::mod`][] defined types. These templates are built based on [Facter][] facts specific to your operating system. Unless explicitly called out, most templates are not meant for configuration. + +## Limitations + +### Ubuntu 10.04 + +The [`apache::vhost::WSGIImportScript`][] parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring. + +### RHEL/CentOS 5 + +The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested since repositories are missing compatible packages. + +### RHEL/CentOS 6 + +The [`apache::mod::passenger`][] class is not installing as the the EL6 repository is missing compatible packages. + +### RHEL/CentOS 7 + +The [`apache::mod::passenger`][] class is untested as the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] defined type's [`rack_base_uris`][] parameter. + +### General + +This module is CI tested against both [open source Puppet][] and [Puppet Enterprise][] on: + +- CentOS 5 and 6 +- Ubuntu 12.04 and 14.04 +- Debian 7 +- RHEL 5, 6, and 7 + +This module also provides functions for other distributions and operating systems, such as FreeBSD, Gentoo, and Amazon Linux, but is not formally tested on them and are subject to regressions. + +### SELinux and custom paths + +If [SELinux][] is in [enforcing mode][] and you want to use custom paths for `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you need to manage the files' context yourself. + +You can do this with Puppet: + +``` puppet +exec { 'set_apache_defaults': + command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + require => Package['policycoreutils-python'], +} + +package { 'policycoreutils-python': + ensure => installed, +} + +exec { 'restorecon_apache': + command => 'restorecon -Rv /apache_spec', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + before => Class['Apache::Service'], + require => Class['apache'], +} + +class { 'apache': } + +host { 'test.server': + ip => '127.0.0.1', +} + +file { '/custom/path': + ensure => directory, +} + +file { '/custom/path/include': + ensure => present, + content => '#additional_includes', +} + +apache::vhost { 'test.server': + docroot => '/custom/path', + additional_includes => '/custom/path/include', +} +``` + +You need to set the contexts using `semanage fcontext` instead of `chcon` because Puppet's `file` resources reset the values' context in the database if the resource doesn't specify it. + +### FreeBSD + +In order to use this module on FreeBSD, you _must_ use apache24-2.4.12 (www/apache24) or newer. + +## Development + +### Contributing + +[Puppet Labs][] modules on the [Puppet Forge][] are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. + +We want to make it as easy as possible to contribute changes so our modules work in your environment, but we also need contributors to follow a few guidelines to help us maintain and improve the modules' quality. + +For more information, please read the complete [module contribution guide][]. + +### Running tests + +This project contains tests for both [rspec-puppet][] and [beaker-rspec][] to verify functionality. For detailed information on using these tools, please see their respective documentation. + +#### Testing quickstart: Ruby > 1.8.7 + +``` +gem install bundler +bundle install +bundle exec rake spec +bundle exec rspec spec/acceptance +RS_DEBUG=yes bundle exec rspec spec/acceptance +``` + +#### Testing quickstart: Ruby = 1.8.7 + +``` +gem install bundler +bundle install --without system_tests +bundle exec rake spec +``` diff --git a/modules/services/unix/http/apache/module/apache/Rakefile b/modules/services/unix/http/apache/module/apache/Rakefile new file mode 100644 index 000000000..416807dad --- /dev/null +++ b/modules/services/unix/http/apache/module/apache/Rakefile @@ -0,0 +1,11 @@ +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' + +PuppetLint.configuration.fail_on_warnings = true +PuppetLint.configuration.send('relative') +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.send('disable_class_inherits_from_params_class') +PuppetLint.configuration.send('disable_documentation') +PuppetLint.configuration.send('disable_single_quote_string_with_variables') +PuppetLint.configuration.send('disable_only_variable_string') +PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] diff --git a/modules/services/unix/http/apache/module/apache/checksums.json b/modules/services/unix/http/apache/module/apache/checksums.json new file mode 100644 index 000000000..e8c716b81 --- /dev/null +++ b/modules/services/unix/http/apache/module/apache/checksums.json @@ -0,0 +1,310 @@ +{ + "CHANGELOG.md": "b430057266b6271f5fb6d43d655b8039", + "CONTRIBUTING.md": "e2b8e8e433fc76b3798b7fe435f49375", + "Gemfile": "e6e6eb07f0bfc9bb1e328895ca49b3f5", + "LICENSE": "b3f8a01d8699078d82e8c3c992307517", + "README.md": "0c47aec304ff374bceed885f7a7cb164", + "Rakefile": "ed3db0e49f5fcb381a19542c08ec473f", + "examples/apache.pp": "819cf9116ffd349e6757e1926d11ca2f", + "examples/dev.pp": "9f5727f69f536538f8d840fad0852308", + "examples/init.pp": "4eac4a7ef68499854c54a78879e25535", + "examples/mod_load_params.pp": "5981af4d625a906fce1cedeb3f70cb90", + "examples/mods.pp": "0085911ba562b7e56ad8d793099c9240", + "examples/mods_custom.pp": "9afd068edce0538b5c55a3bc19f9c24a", + "examples/php.pp": "60e7939034d531dd6b95af35338bcbe7", + "examples/vhost.pp": "bd91438534d12511b01f31fe8d10cd35", + "examples/vhost_directories.pp": "b4e6b5a596e5bae122233652b9a33e32", + "examples/vhost_filter.pp": "cd8ec7303f3bb508c88a473c43d31f0a", + "examples/vhost_ip_based.pp": "7d9f7b6976de7488ab6ff0a6e647fc73", + "examples/vhost_proxypass.pp": "59b87f88943aa809578288e26b41aade", + "examples/vhost_ssl.pp": "9f3716bc15a9a6760f1d6cc3bf8ce8ac", + "examples/vhosts_without_listen.pp": "a6692104056a56517b4365bcc816e7f4", + "files/httpd": "295f5e924afe6f752d29327e73fe6d0a", + "lib/puppet/parser/functions/bool2httpd.rb": "05d5deeb6e0c31acee7c55b249ec8e06", + "lib/puppet/parser/functions/enclose_ipv6.rb": "581bc163291824909d1700909db96512", + "lib/puppet/parser/functions/validate_apache_log_level.rb": "d75bc4ef17ff5c9a1f94dd3948e733d1", + "lib/puppet/provider/a2mod/a2mod.rb": "d986d8e8373f3f31c97359381c180628", + "lib/puppet/provider/a2mod/gentoo.rb": "2492d446adbb68f678e86a75eb7ff3bd", + "lib/puppet/provider/a2mod/modfix.rb": "b689a1c83c9ccd8590399c67f3e588e5", + "lib/puppet/provider/a2mod/redhat.rb": "c39b80e75e7d0666def31c2a6cdedb0b", + "lib/puppet/provider/a2mod.rb": "03ed73d680787dd126ea37a03be0b236", + "lib/puppet/type/a2mod.rb": "9042ccc045bfeecca28bebb834114f05", + "manifests/balancer.pp": "5c20fa17545bd49375ee6687deb6b6fd", + "manifests/balancermember.pp": "8f44f65124330b7e9b49a7100f86fe6d", + "manifests/confd/no_accf.pp": "406d0ca41c3b90f83740ca218dc3f484", + "manifests/custom_config.pp": "9c27b865b50e815352acbc286cd255fd", + "manifests/default_confd_files.pp": "86fdbe5773abb7c2da26db096973865c", + "manifests/default_mods/load.pp": "bc0b3b65edd1ba6178c09672352f9bce", + "manifests/default_mods.pp": "f6f6ecfaaca79a7eec50335daa9eaf40", + "manifests/dev.pp": "9285af7f4e3b343a8695af3897dfdb07", + "manifests/fastcgi/server.pp": "47549cf3028f78281bcbee5d8492c8ea", + "manifests/init.pp": "9bc0834ae827f8bdb62192926adda0d9", + "manifests/listen.pp": "f7e224cba3b8021f90511af4f43d8b1f", + "manifests/mod/actions.pp": "ec2a5d1cf54790204750f9b67938d230", + "manifests/mod/alias.pp": "b920887e67857a09252c10e30949c85c", + "manifests/mod/auth_basic.pp": "dffef6ff10145393cb78fcaa27220c53", + "manifests/mod/auth_cas.pp": "a20c718cc3ffab32f7c72f42160a5602", + "manifests/mod/auth_kerb.pp": "08d536cb13281db3b9ed9a966ad431fd", + "manifests/mod/auth_mellon.pp": "85e7085a44b3039e4a2c7b463ca8bdb2", + "manifests/mod/authn_core.pp": "4db773ddbc0d875230085782d4521951", + "manifests/mod/authn_file.pp": "eeb11513490beee901574746faaeabdf", + "manifests/mod/authnz_ldap.pp": "e3f91908be35306a488b44c55608b2a0", + "manifests/mod/authz_default.pp": "b7c94cfa4e008155fffd241d35834064", + "manifests/mod/authz_user.pp": "d446c90c44304594206bd2a0112be625", + "manifests/mod/autoindex.pp": "05112ccb06dc218f9a7b937767a6ea2d", + "manifests/mod/cache.pp": "b56d68b9401ba3e02a1f2fe55cdfbcca", + "manifests/mod/cgi.pp": "558a0350d1e8634a706543e0c6e28687", + "manifests/mod/cgid.pp": "f9cea0ad9269bf134637c7c667469842", + "manifests/mod/dav.pp": "9df80d36dd609be9032a8260aa9d10c1", + "manifests/mod/dav_fs.pp": "4528673b6e8d0af6935d9d630028b9f0", + "manifests/mod/dav_svn.pp": "f021fe8048deaa06759cd0b96b450363", + "manifests/mod/deflate.pp": "324c867212f6d9e4593cc4aba392f590", + "manifests/mod/dev.pp": "42673bab60b6fc0f3aa6e2357ec0a27c", + "manifests/mod/dir.pp": "8e577c570ba5e835c4f82232a1c01a4e", + "manifests/mod/disk_cache.pp": "e5b39902f6198d9e0851e551b7a5bf40", + "manifests/mod/event.pp": "d0d35e0fb01aa64c211cbc4afbda7c49", + "manifests/mod/expires.pp": "069783635a7a4f97af535cc149da6589", + "manifests/mod/ext_filter.pp": "ba8f2bb429a0ed12880b80294430ae7e", + "manifests/mod/fastcgi.pp": "237ff6ebc17c35ee2e3c82d2e19cd442", + "manifests/mod/fcgid.pp": "1e57a267408ca82fc258a244299ee15f", + "manifests/mod/filter.pp": "b0039f3ae932b1204994ef2180dd76d2", + "manifests/mod/geoip.pp": "2a963d07231897e8d6928df6dc913676", + "manifests/mod/headers.pp": "ef3de538a0a4c9406236faf43eb89710", + "manifests/mod/include.pp": "a3b66eda88e38d90825c16b834bacd8d", + "manifests/mod/info.pp": "bad325232ff8038449dcafc11ff37ca1", + "manifests/mod/itk.pp": "d1039a503a112a1636659e474070e1f3", + "manifests/mod/ldap.pp": "5b1c9afe7b7048a479f780f57e2f8cd2", + "manifests/mod/mime.pp": "7177378907202b89c88b81f7783e791e", + "manifests/mod/mime_magic.pp": "481e016b74b0649bfdcbb32104a62054", + "manifests/mod/negotiation.pp": "6860ed514001b9f3f6945c78d250fd32", + "manifests/mod/nss.pp": "2ac2830eef417bcd5248dd7553d2fef6", + "manifests/mod/pagespeed.pp": "2638c14081f8065bc8940b8d47782cc3", + "manifests/mod/passenger.pp": "d094fc200d72c46ba11b583eda530a44", + "manifests/mod/perl.pp": "0bc488e1ac33e4e8987e0b07aa909682", + "manifests/mod/peruser.pp": "4bb5f57d14382016f8b7f086046ad8f1", + "manifests/mod/php.pp": "71812033b362bc749be00beaca5f3d5f", + "manifests/mod/prefork.pp": "2a32998b2ecea3a272c9a31631885d0b", + "manifests/mod/proxy.pp": "39e224390d43ffe082ff60fba2b97fc4", + "manifests/mod/proxy_ajp.pp": "073e2406aea7822750d4c21f02d8ac80", + "manifests/mod/proxy_balancer.pp": "6d16440ba6bed5427b331b6c6abf4063", + "manifests/mod/proxy_connect.pp": "574df18a67e478a3be903238ade3d334", + "manifests/mod/proxy_html.pp": "1a8ef7d17e65954aab303e3547e02f22", + "manifests/mod/proxy_http.pp": "0db1b26f8b4036b0d46ba86b7eaac561", + "manifests/mod/python.pp": "15f03d79e45737fdf0afca9665706b88", + "manifests/mod/remoteip.pp": "7fa5b92322df550f58421b24a53dbb01", + "manifests/mod/reqtimeout.pp": "aee3d869e6ca6eed18071c8d2aa97aff", + "manifests/mod/rewrite.pp": "292f2d6ce2078fa9df7f686105ea7b95", + "manifests/mod/rpaf.pp": "4844d717d6577aee8a788a7fbdc5e8dd", + "manifests/mod/security.pp": "10125c8c07389f75a4e5e22bf8c2e7aa", + "manifests/mod/setenvif.pp": "b2ae43541bf1df5374187339e50a081f", + "manifests/mod/shib.pp": "3e2d3b5bf864fd292fa30f7c98d449f6", + "manifests/mod/speling.pp": "fa89a82933d30d2ebfe11e3ad9966bd1", + "manifests/mod/ssl.pp": "3d733329e9f568f68229617cf806b0c1", + "manifests/mod/status.pp": "0b24de931fd8d54b2db0e3d16f0d0d8c", + "manifests/mod/suexec.pp": "2a8671856a0ece597e9b57867dc35e76", + "manifests/mod/suphp.pp": "6905059571fa21b7de957fd90540acff", + "manifests/mod/userdir.pp": "bbe716e8ff38815a51cc4eaaa0c1e4df", + "manifests/mod/version.pp": "6cb31057ebffa796f95642cc95f9499d", + "manifests/mod/vhost_alias.pp": "ee1225a748daaf50aca39a6d93fb8470", + "manifests/mod/worker.pp": "f6ec99efec5fcdf49bf22f98351884a5", + "manifests/mod/wsgi.pp": "0377fe287e51f4a396bd15b47f2628cc", + "manifests/mod/xsendfile.pp": "fba06f05a19c466654aca5ecaa705bf0", + "manifests/mod.pp": "aa769aad02f4af7cdfbbf9e356111a4d", + "manifests/mpm.pp": "a68ddf7dd7ba745c0497bd755d971a4f", + "manifests/namevirtualhost.pp": "67618d40112e4ddc1b46f64af2a5e875", + "manifests/package.pp": "90f8e969c4f920a1e898ae2f6420e438", + "manifests/params.pp": "920b932a31d65f05d71825fd0877461f", + "manifests/peruser/multiplexer.pp": "0ea75341b7a93e55bcfb431a93b1a6c9", + "manifests/peruser/processor.pp": "62f0ad5ed2ec36dadc7f40ad2a9e1bb9", + "manifests/php.pp": "9c9d07e12bf5d112b0b54f5bd69046fc", + "manifests/proxy.pp": "7c8515b88406922e148322ee15044b29", + "manifests/python.pp": "ddef4cd73850fdc2dc126d4579c30adf", + "manifests/security/rule_link.pp": "4635131018b0c5cd5f57ecea9f708b65", + "manifests/service.pp": "e0821dac17ef2bc00068ceae06bc17d9", + "manifests/ssl.pp": "173f3d6a7fd2b5f4100c4ff03d84e13b", + "manifests/version.pp": "bcc947740e4357cbdc9a1d54f44305c7", + "manifests/vhost/custom.pp": "cd51ccfa746809b18324a129d141ae39", + "manifests/vhost.pp": "f8af2035fdd86328cf9026962a12589c", + "metadata.json": "f3990d6a47bb183d80cb1bd86e063ba7", + "spec/acceptance/apache_parameters_spec.rb": "5b95e67d474cc8a132c45f6e91714037", + "spec/acceptance/apache_ssl_spec.rb": "d336538c230a6791746895e6624289c3", + "spec/acceptance/class_spec.rb": "4c66cb0d877d636db1c362fb71982ca6", + "spec/acceptance/custom_config_spec.rb": "61e03d814d0671d194dd40e6b1ad5c9b", + "spec/acceptance/default_mods_spec.rb": "371aae3d37d8cce04e60a4c2534532b1", + "spec/acceptance/itk_spec.rb": "812c855013c08ebb13e642dc5199b41a", + "spec/acceptance/mod_dav_svn_spec.rb": "c70f239472813adcd5710c9b60ebc24c", + "spec/acceptance/mod_deflate_spec.rb": "dd39bfb069e0233bf134caaeb1dc6fe6", + "spec/acceptance/mod_fcgid_spec.rb": "ef0e3368ea14247c05ff43217b5856ee", + "spec/acceptance/mod_mime_spec.rb": "0869792d98c1b2577f02d97c92f1765e", + "spec/acceptance/mod_negotiation_spec.rb": "017f6b0cc1496c25aa9b8a33ef8dbbb3", + "spec/acceptance/mod_pagespeed_spec.rb": "03a32f1018d01e8816f73f237c02cc08", + "spec/acceptance/mod_passenger_spec.rb": "82092218b8346033b3e0c74d88213c43", + "spec/acceptance/mod_php_spec.rb": "65d047d50bba4c17ab9dbdfa0dc4932b", + "spec/acceptance/mod_proxy_html_spec.rb": "3b34027b521dcd06ddffdba7da1cd25d", + "spec/acceptance/mod_security_spec.rb": "ea746c9837c1454a0c50005a989452c0", + "spec/acceptance/mod_suphp_spec.rb": "390a6bcb3cfd120a69c0c1f4fbb78b4f", + "spec/acceptance/nodesets/centos-70-x64.yml": "0ae796256280ca157abc98f7cb492ea4", + "spec/acceptance/nodesets/debian-607-x64.yml": "52f42f3b8fc507a5fc825977d62665a3", + "spec/acceptance/nodesets/debian-70rc1-x64.yml": "717aa92150ebe3fca718807c7c93126f", + "spec/acceptance/nodesets/debian-73-i386.yml": "40aeb7ceab29148bb98a1e2bd51aba86", + "spec/acceptance/nodesets/debian-73-x64.yml": "df78f357e1bd0f7f9818d552eeb35026", + "spec/acceptance/nodesets/debian-82-x64.yml": "05b593024541be6972914aa2e84678f6", + "spec/acceptance/nodesets/default.yml": "40a4f108ab83030fdfdcc230ecaaed9a", + "spec/acceptance/nodesets/fedora-18-x64.yml": "9c907e4416a5fd487ff30a672a6b1c9e", + "spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "75e86400b7889888dc0781c0ae1a1297", + "spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "d30d73e34cd50b043c7d14e305955269", + "spec/acceptance/nodesets/ubuntu-server-1310-x64.yml": "9deb39279e104d765179b471c6ebb3a2", + "spec/acceptance/nodesets/ubuntu-server-1404-x64.yml": "5f0aed10098ac5b78e4217bb27c7aaf0", + "spec/acceptance/prefork_worker_spec.rb": "1570eefe61d667a1b43824adc0b2bb78", + "spec/acceptance/service_spec.rb": "341f157cb33fa48d5166d2274ad3bc65", + "spec/acceptance/version.rb": "5a739645e123c5d10351ec5de4e68921", + "spec/acceptance/vhost_spec.rb": "3a31e855eb237f6ad55415d711ef1bb2", + "spec/classes/apache_spec.rb": "53c6ab619681fe83e39b985e27d8b8c9", + "spec/classes/dev_spec.rb": "6bc9ff7cffb77aac52c5bd3acc157d2d", + "spec/classes/mod/alias_spec.rb": "cb7fa1744b0624ec6d04d6dba80bccda", + "spec/classes/mod/auth_cas_spec.rb": "34af1e2489fe7f805c760c40b2bc3f5b", + "spec/classes/mod/auth_kerb_spec.rb": "56066a4060352f76efdad26fe51b2e20", + "spec/classes/mod/auth_mellon_spec.rb": "7f2cfeb9221fc8eac02a2c18a9986bb0", + "spec/classes/mod/authnz_ldap_spec.rb": "ce2f5fb517d4cc760c913fe131b1550f", + "spec/classes/mod/dav_svn_spec.rb": "6cf5fbd5e73c455f0f5afa01561cc704", + "spec/classes/mod/deflate_spec.rb": "a5b6afd416cbad17f21d5c86c83c3485", + "spec/classes/mod/dev_spec.rb": "78d215d7ef3a8e2df3e8789eb75fc4ca", + "spec/classes/mod/dir_spec.rb": "555e4b21a18422034b8b16560a1034a1", + "spec/classes/mod/disk_cache.rb": "50f464d34fda0d1e07248b3f7ff0cfef", + "spec/classes/mod/event_spec.rb": "d8d0bd5dee8a4bf2dcd709326dfdd4e2", + "spec/classes/mod/expires_spec.rb": "a9ff97bcca20bb17102efd88ea0462e6", + "spec/classes/mod/ext_filter_spec.rb": "00ca122b3f697a73f57f81ad9c67de7d", + "spec/classes/mod/fastcgi_spec.rb": "76ac8328da6c2fe1e126d8dcdcdb5519", + "spec/classes/mod/fcgid_spec.rb": "5baa913ba69842771fab4b58c8677544", + "spec/classes/mod/info_spec.rb": "39a67732875c7e43bf1e45b3603d782c", + "spec/classes/mod/itk_spec.rb": "622f23a1346383846cbc98e38388034d", + "spec/classes/mod/ldap_spec.rb": "4c3546f9976ac25b63888fd62b136d5f", + "spec/classes/mod/mime_magic_spec.rb": "8291c37b89f9d50f58fa94ab9cbb1bfe", + "spec/classes/mod/mime_spec.rb": "5e527739b595f9b0638ce384648c3187", + "spec/classes/mod/negotiation_spec.rb": "f1b10fe931b96f72f5d0eaf86354fce9", + "spec/classes/mod/pagespeed_spec.rb": "afd7639e9acfaf1c22ba1149cf7dc763", + "spec/classes/mod/passenger_spec.rb": "d24e6c252592a50ef4eb15a2092481cb", + "spec/classes/mod/perl_spec.rb": "11fb2ae842e64d467ccf70813ef3de7d", + "spec/classes/mod/peruser_spec.rb": "c379ce85a997789856b12c27957bf994", + "spec/classes/mod/php_spec.rb": "4c02498c30a0f7fc77ef126288930acf", + "spec/classes/mod/prefork_spec.rb": "d82f0f25691ba019b912cd000dbb845f", + "spec/classes/mod/proxy_connect_spec.rb": "bc0d0d6328288cd91d84ac9de66e9019", + "spec/classes/mod/proxy_html_spec.rb": "893bfa8dba37e63a24229e28cc74d073", + "spec/classes/mod/python_spec.rb": "45736e6305ca541ba29f997b8e7dd0ef", + "spec/classes/mod/remoteip_spec.rb": "e8840c791f3561c6d466040b888551ed", + "spec/classes/mod/reqtimeout_spec.rb": "cee7de04531d3fb49d75f8f8a7c2b493", + "spec/classes/mod/rpaf_spec.rb": "1845e640c44f8daeeffb13b29a26da84", + "spec/classes/mod/security_spec.rb": "f5a8dcdd5057bc58fc4c2b5120428761", + "spec/classes/mod/shib_spec.rb": "f80ed9a256a9b8f9cb3beaba4b93e32b", + "spec/classes/mod/speling_spec.rb": "4727fbb92f074e0cf3911e6cffe3322f", + "spec/classes/mod/ssl_spec.rb": "ce2114982774840242ab652f5fa985c3", + "spec/classes/mod/status_spec.rb": "1c7520050c8bed47492acd51588be52d", + "spec/classes/mod/suphp_spec.rb": "0c4d625a64124e7c9c14ea2b68dc7ebe", + "spec/classes/mod/worker_spec.rb": "c326e36fbcfe9f0c59dc1db389a33926", + "spec/classes/mod/wsgi_spec.rb": "532da8779e878372ff29b51dfaefceea", + "spec/classes/params_spec.rb": "7bb6270f0338de41e1c34bd77cd844b7", + "spec/classes/service_spec.rb": "d23f6cd3eac018e368e0ba32cbf95f11", + "spec/defines/balancermember_spec.rb": "6071ddc9a56be6ecccfade6e233fb34b", + "spec/defines/custom_config_spec.rb": "a7e3392933cabc8ed6bb57deaebb36d9", + "spec/defines/fastcgi_server_spec.rb": "5798af8e6380d05f3ab38f4788b5c47c", + "spec/defines/mod_spec.rb": "a10e5b2570419737c03cd0f6347cc985", + "spec/defines/modsec_link_spec.rb": "3421b21f8234637dd1c32ebcf89e44c3", + "spec/defines/vhost_custom_spec.rb": "d5596a7a0c239d4c0ed8bebbb6a124ab", + "spec/defines/vhost_spec.rb": "b9b90663d227f504a6eefe4fed1399d9", + "spec/spec.opts": "a600ded995d948e393fbe2320ba8e51c", + "spec/spec_helper.rb": "86e537c02437cf6b6875ee65a10f5f98", + "spec/spec_helper_acceptance.rb": "9f1a9850e558b22d4d2f8fa555cf582a", + "spec/unit/provider/a2mod/gentoo_spec.rb": "4d46c6755d98216aacf8b5d0b8021140", + "spec/unit/puppet/parser/functions/bool2httpd_spec.rb": "0c9bca53eb43b5fc888126514b2a174c", + "spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb": "0145a78254ea716e5e7600d9464318a8", + "spec/unit/puppet/parser/functions/validate_apache_log_level.rb": "8f558fd81d1655e9ab20896152eca512", + "templates/confd/no-accf.conf.erb": "a614f28c4b54370e4fa88403dfe93eb0", + "templates/fastcgi/server.erb": "482ce7a72a08f21e3592e584178d5917", + "templates/httpd.conf.erb": "93bd1cbfae5a922dc8dcb1ffc7c266ee", + "templates/listen.erb": "6286aa08f9e28caee54b1e1ee031b9d6", + "templates/mod/alias.conf.erb": "71028c659b7d1784c0e9f373846c8457", + "templates/mod/auth_cas.conf.erb": "74595985c3b0f9df1aaa0ad5dd7a7906", + "templates/mod/auth_mellon.conf.erb": "4e17d22a8f1bc312e976e8513199c945", + "templates/mod/authnz_ldap.conf.erb": "12c9a1482694ddad3143e5eef03fb531", + "templates/mod/autoindex.conf.erb": "2421a3c6df32c7e38c2a7a22afdf5728", + "templates/mod/cgid.conf.erb": "f8ce27d60bc495bab16de2696ebb2fd0", + "templates/mod/dav_fs.conf.erb": "10c1131168e35319e22b3fbfe51aebfd", + "templates/mod/deflate.conf.erb": "e866ecf2bfe8e42ea984267f569723db", + "templates/mod/dir.conf.erb": "2485da78a2506c14bf51dde38dd03360", + "templates/mod/disk_cache.conf.erb": "48d1b54ec1dedea7f68451bc0774790e", + "templates/mod/event.conf.erb": "469ef574b0ae1728203002a52f3d5a3b", + "templates/mod/expires.conf.erb": "7a77f8b1d50c53ee77a6cb798c51a2b9", + "templates/mod/ext_filter.conf.erb": "4e4e4143ab402a9f9d51301b1a192202", + "templates/mod/fastcgi.conf.erb": "2404caa7d91dea083fc4f8b6f18acd24", + "templates/mod/geoip.conf.erb": "93b95f44ec733ee8231be82381e02782", + "templates/mod/info.conf.erb": "dd434aca2b3693c425a2c252a2c39f46", + "templates/mod/itk.conf.erb": "eff84b78e4f2f8c5c3a2e9fc4b8aad16", + "templates/mod/ldap.conf.erb": "72701fa36054b1d3c5333feb804fd2ba", + "templates/mod/load.erb": "01132434e6101080c41548b0ba7e57d8", + "templates/mod/mime.conf.erb": "785632ed912d7206098c10765c980858", + "templates/mod/mime_magic.conf.erb": "db7ac6bbf365d016852744d339c12d16", + "templates/mod/mpm_event.conf.erb": "80097a19d063a4f973465d9ef5c0c0bf", + "templates/mod/negotiation.conf.erb": "a2f0fb40cd038cb17bedc2b84d9f48ea", + "templates/mod/nss.conf.erb": "1470720436c1f1d3dddb79cb90355b2c", + "templates/mod/pagespeed.conf.erb": "da52f6012cd513d2f9c1e410005187fb", + "templates/mod/passenger.conf.erb": "e6d25300be83bd7658c4a100ecc493b5", + "templates/mod/peruser.conf.erb": "c4f4054aee899249ea6fef5a9e5c14ff", + "templates/mod/php5.conf.erb": "38abd949e9df2c4961cf400fd5ad928b", + "templates/mod/prefork.conf.erb": "f9ec5a7eaea78a19b04fa69f8acd8a84", + "templates/mod/proxy.conf.erb": "7eef34af57278ea572b267cff9fb6631", + "templates/mod/proxy_html.conf.erb": "69c9ce9b7f24e1337065f1ce26b057a0", + "templates/mod/remoteip.conf.erb": "5e3fae3bb4532d351d3860652215af92", + "templates/mod/reqtimeout.conf.erb": "314ef068b786ae5afded290a8b6eab15", + "templates/mod/rpaf.conf.erb": "5447539c083ae54f3a9e93c1ac8c988b", + "templates/mod/security.conf.erb": "e708c110f4bfe2fe6fdb9fc61e8498e4", + "templates/mod/security_crs.conf.erb": "0533f947d1d418774213bc9eb0444358", + "templates/mod/setenvif.conf.erb": "c7ede4173da1915b7ec088201f030c28", + "templates/mod/ssl.conf.erb": "5009e83ef1b9c626e04fe6e469f35a05", + "templates/mod/status.conf.erb": "9e959900ac58c8de34783886efeebce7", + "templates/mod/suphp.conf.erb": "05bb7b3ea23976b032ce405bfd4edd18", + "templates/mod/unixd_fcgid.conf.erb": "1780c7808bb3811deaf0007c890df4dc", + "templates/mod/userdir.conf.erb": "efd4cb18056690f2bddc4332c88bdd94", + "templates/mod/worker.conf.erb": "923ce06f97c04e548a438025b81abf50", + "templates/mod/wsgi.conf.erb": "9a416fa3b71be0795679069809686300", + "templates/namevirtualhost.erb": "fbfca19a639e18e6c477e191344ac8ae", + "templates/ports_header.erb": "afe35cb5747574b700ebaa0f0b3a626e", + "templates/vhost/_access_log.erb": "a0c804cb6fc03e5c573f9bfbcf73d9c6", + "templates/vhost/_action.erb": "a004dfcac2e63cef65cf8aa0e270b636", + "templates/vhost/_additional_includes.erb": "10e9c0056e962c49459839a1576b082e", + "templates/vhost/_aliases.erb": "6412f695e911feac18986da38f290dae", + "templates/vhost/_allow_encoded_slashes.erb": "37dee0b6fe9287342a10b533955dff81", + "templates/vhost/_auth_kerb.erb": "3d0de0c3066440dffcbc75215174705b", + "templates/vhost/_block.erb": "cab4365316621b4e06cd1258abeb1d23", + "templates/vhost/_charsets.erb": "d152b6a7815e9edc0fe9bf9acbe2f1ec", + "templates/vhost/_custom_fragment.erb": "325ff48cefc06db035daa3491c391a88", + "templates/vhost/_directories.erb": "36d90f161866bbdfde942c69279dafbc", + "templates/vhost/_docroot.erb": "65d882a3c9d6b6bdd2f9b771f378035a", + "templates/vhost/_error_document.erb": "81d3007c1301a5c5f244c082cfee9de2", + "templates/vhost/_fallbackresource.erb": "e6c103bee7f6f76b10f244fc9fd1cd3b", + "templates/vhost/_fastcgi.erb": "d07c41eae32671b38b5dba14724c14cc", + "templates/vhost/_file_footer.erb": "e27b2525783e590ca1820f1e2118285d", + "templates/vhost/_file_header.erb": "6bf5dd9f0cdf4e436ba4379d0ff246c9", + "templates/vhost/_filters.erb": "597b9de5ae210af9182a1c95172115e7", + "templates/vhost/_header.erb": "9eb9d4075f288183d8224ddec5b2f126", + "templates/vhost/_itk.erb": "8bf90b9855a9277f7a665b10f6c57fe9", + "templates/vhost/_logging.erb": "5bc4cbb1bc8a292acc0ba0420f96ca4e", + "templates/vhost/_passenger.erb": "6b8f937fffe27e65f9aa72e950c4dbfc", + "templates/vhost/_passenger_base_uris.erb": "c8d7f4da1434078e856c72671942dcd8", + "templates/vhost/_php.erb": "0be13b20951791db0f09c328e13b7eaf", + "templates/vhost/_php_admin.erb": "107a57e9e7b3f86d1abcf743f672a292", + "templates/vhost/_proxy.erb": "5832dab1efcad5421a0cd4fe9a7f4f49", + "templates/vhost/_rack.erb": "ebe187c1bdc81eec9c8e0d9026120b18", + "templates/vhost/_redirect.erb": "639e170cafa9e703ab38797c8fc3030b", + "templates/vhost/_requestheader.erb": "db1b0cdda069ae809b5b83b0871ef991", + "templates/vhost/_rewrite.erb": "63a86545cd1c1a8e9e8518dd270deb3e", + "templates/vhost/_scriptalias.erb": "98713f33cca15b22c749bd35ea9a7b41", + "templates/vhost/_security.erb": "58cd0f606e104be456dea0b5d52212e8", + "templates/vhost/_serveralias.erb": "95fed45853629924467aefc271d5b396", + "templates/vhost/_serversignature.erb": "9bf5a458783ab459e5043e1cdf671fa7", + "templates/vhost/_setenv.erb": "818f65d2936be12a24e59079e28f8f47", + "templates/vhost/_ssl.erb": "cd872142f50ffd80a242346ee75111a3", + "templates/vhost/_sslproxy.erb": "00843c237dcbc359b7c78512905baed5", + "templates/vhost/_suexec.erb": "f2b3f9b9ff8fbac4e468e02cd824675a", + "templates/vhost/_suphp.erb": "a1c4a5e4461adbfce870df0abd158b59", + "templates/vhost/_wsgi.erb": "c4ea9a97580489edc6b589ac46816462" +} \ No newline at end of file diff --git a/modules/services/unix/http/apache/module/apache/manifests/init.pp b/modules/services/unix/http/apache/module/apache/manifests/init.pp new file mode 100644 index 000000000..13eb5f717 --- /dev/null +++ b/modules/services/unix/http/apache/module/apache/manifests/init.pp @@ -0,0 +1,413 @@ +# Class: apache +# +# This class installs Apache +# +# Parameters: +# +# Actions: +# - Install Apache +# - Manage Apache service +# +# Requires: +# +# Sample Usage: +# +class apache ( + $apache_name = $::apache::params::apache_name, + $service_name = $::apache::params::service_name, + $default_mods = true, + $default_vhost = true, + $default_charset = undef, + $default_confd_files = true, + $default_ssl_vhost = false, + $default_ssl_cert = $::apache::params::default_ssl_cert, + $default_ssl_key = $::apache::params::default_ssl_key, + $default_ssl_chain = undef, + $default_ssl_ca = undef, + $default_ssl_crl_path = undef, + $default_ssl_crl = undef, + $default_ssl_crl_check = undef, + $default_type = 'none', + $dev_packages = $::apache::params::dev_packages, + $ip = undef, + $service_enable = true, + $service_manage = true, + $service_ensure = 'running', + $service_restart = undef, + $purge_configs = true, + $purge_vhost_dir = undef, + $purge_vdir = false, + $serveradmin = 'root@localhost', + $sendfile = 'On', + $error_documents = false, + $timeout = '120', + $httpd_dir = $::apache::params::httpd_dir, + $server_root = $::apache::params::server_root, + $conf_dir = $::apache::params::conf_dir, + $confd_dir = $::apache::params::confd_dir, + $vhost_dir = $::apache::params::vhost_dir, + $vhost_enable_dir = $::apache::params::vhost_enable_dir, + $vhost_include_pattern = $::apache::params::vhost_include_pattern, + $mod_dir = $::apache::params::mod_dir, + $mod_enable_dir = $::apache::params::mod_enable_dir, + $mpm_module = $::apache::params::mpm_module, + $lib_path = $::apache::params::lib_path, + $conf_template = $::apache::params::conf_template, + $servername = $::apache::params::servername, + $pidfile = $::apache::params::pidfile, + $rewrite_lock = undef, + $manage_user = true, + $manage_group = true, + $user = $::apache::params::user, + $group = $::apache::params::group, + $keepalive = $::apache::params::keepalive, + $keepalive_timeout = $::apache::params::keepalive_timeout, + $max_keepalive_requests = $::apache::params::max_keepalive_requests, + $limitreqfieldsize = '8190', + $logroot = $::apache::params::logroot, + $logroot_mode = $::apache::params::logroot_mode, + $log_level = $::apache::params::log_level, + $log_formats = {}, + $ports_file = $::apache::params::ports_file, + $docroot = $::apache::params::docroot, + $apache_version = $::apache::version::default, + $server_tokens = 'OS', + $server_signature = 'On', + $trace_enable = 'On', + $allow_encoded_slashes = undef, + $package_ensure = 'installed', + $use_optional_includes = $::apache::params::use_optional_includes, + $use_systemd = $::apache::params::use_systemd, + $mime_types_additional = $::apache::params::mime_types_additional, + $file_mode = $::apache::params::file_mode, +) inherits ::apache::params { + validate_bool($default_vhost) + validate_bool($default_ssl_vhost) + validate_bool($default_confd_files) + # true/false is sufficient for both ensure and enable + validate_bool($service_enable) + validate_bool($service_manage) + validate_bool($use_optional_includes) + + $valid_mpms_re = $apache_version ? { + '2.4' => '(event|itk|peruser|prefork|worker)', + default => '(event|itk|prefork|worker)' + } + + if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans + validate_re($mpm_module, $valid_mpms_re) + } + + if $allow_encoded_slashes { + validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") + } + + # NOTE: on FreeBSD it's mpm module's responsibility to install httpd package. + # NOTE: the same strategy may be introduced for other OSes. For this, you + # should delete the 'if' block below and modify all MPM modules' manifests + # such that they include apache::package class (currently event.pp, itk.pp, + # peruser.pp, prefork.pp, worker.pp). + if $::osfamily != 'FreeBSD' { + package { 'httpd': + ensure => $package_ensure, + name => $apache_name, + notify => Class['Apache::Service'], + } + } + validate_re($sendfile, [ '^[oO]n$' , '^[oO]ff$' ]) + + # declare the web server user and group + # Note: requiring the package means the package ought to create them and not puppet + validate_bool($manage_user) + if $manage_user { + user { $user: + ensure => present, + gid => $group, + require => Package['httpd'], + } + } + validate_bool($manage_group) + if $manage_group { + group { $group: + ensure => present, + require => Package['httpd'] + } + } + + validate_apache_log_level($log_level) + + class { '::apache::service': + service_name => $service_name, + service_enable => $service_enable, + service_manage => $service_manage, + service_ensure => $service_ensure, + service_restart => $service_restart, + } + + # Deprecated backwards-compatibility + if $purge_vdir { + warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs') + $purge_confd = $purge_vdir + } else { + $purge_confd = $purge_configs + } + + # Set purge vhostd appropriately + if $purge_vhost_dir == undef { + $purge_vhostd = $purge_confd + } else { + $purge_vhostd = $purge_vhost_dir + } + + Exec { + path => '/bin:/sbin:/usr/bin:/usr/sbin', + } + + exec { "mkdir ${confd_dir}": + creates => $confd_dir, + require => Package['httpd'], + } + file { $confd_dir: + ensure => directory, + recurse => true, + purge => $purge_confd, + notify => Class['Apache::Service'], + require => Package['httpd'], + } + + if ! defined(File[$mod_dir]) { + exec { "mkdir ${mod_dir}": + creates => $mod_dir, + require => Package['httpd'], + } + # Don't purge available modules if an enable dir is used + $purge_mod_dir = $purge_configs and !$mod_enable_dir + file { $mod_dir: + ensure => directory, + recurse => true, + purge => $purge_mod_dir, + notify => Class['Apache::Service'], + require => Package['httpd'], + } + } + + if $mod_enable_dir and ! defined(File[$mod_enable_dir]) { + $mod_load_dir = $mod_enable_dir + exec { "mkdir ${mod_enable_dir}": + creates => $mod_enable_dir, + require => Package['httpd'], + } + file { $mod_enable_dir: + ensure => directory, + recurse => true, + purge => $purge_configs, + notify => Class['Apache::Service'], + require => Package['httpd'], + } + } else { + $mod_load_dir = $mod_dir + } + + if ! defined(File[$vhost_dir]) { + exec { "mkdir ${vhost_dir}": + creates => $vhost_dir, + require => Package['httpd'], + } + file { $vhost_dir: + ensure => directory, + recurse => true, + purge => $purge_vhostd, + notify => Class['Apache::Service'], + require => Package['httpd'], + } + } + + if $vhost_enable_dir and ! defined(File[$vhost_enable_dir]) { + $vhost_load_dir = $vhost_enable_dir + exec { "mkdir ${vhost_load_dir}": + creates => $vhost_load_dir, + require => Package['httpd'], + } + file { $vhost_enable_dir: + ensure => directory, + recurse => true, + purge => $purge_vhostd, + notify => Class['Apache::Service'], + require => Package['httpd'], + } + } else { + $vhost_load_dir = $vhost_dir + } + + concat { $ports_file: + owner => 'root', + group => $::apache::params::root_group, + mode => $::apache::file_mode, + notify => Class['Apache::Service'], + require => Package['httpd'], + } + concat::fragment { 'Apache ports header': + ensure => present, + target => $ports_file, + content => template('apache/ports_header.erb') + } + + if $::apache::conf_dir and $::apache::params::conf_file { + case $::osfamily { + 'debian': { + $error_log = 'error.log' + $scriptalias = '/usr/lib/cgi-bin' + $access_log_file = 'access.log' + } + 'redhat': { + $error_log = 'error_log' + $scriptalias = '/var/www/cgi-bin' + $access_log_file = 'access_log' + } + 'freebsd': { + $error_log = 'httpd-error.log' + $scriptalias = '/usr/local/www/apache24/cgi-bin' + $access_log_file = 'httpd-access.log' + } 'gentoo': { + $error_log = 'error.log' + $error_documents_path = '/usr/share/apache2/error' + $scriptalias = '/var/www/localhost/cgi-bin' + $access_log_file = 'access.log' + + if is_array($default_mods) { + if versioncmp($apache_version, '2.4') >= 0 { + if defined('apache::mod::ssl') { + ::portage::makeconf { 'apache2_modules': + content => concat($default_mods, [ 'authz_core', 'socache_shmcb' ]), + } + } else { + ::portage::makeconf { 'apache2_modules': + content => concat($default_mods, 'authz_core'), + } + } + } else { + ::portage::makeconf { 'apache2_modules': + content => $default_mods, + } + } + } + + file { [ + '/etc/apache2/modules.d/.keep_www-servers_apache-2', + '/etc/apache2/vhosts.d/.keep_www-servers_apache-2' + ]: + ensure => absent, + require => Package['httpd'], + } + } + 'Suse': { + $error_log = 'error.log' + $scriptalias = '/usr/lib/cgi-bin' + $access_log_file = 'access.log' + } + default: { + fail("Unsupported osfamily ${::osfamily}") + } + } + + $apxs_workaround = $::osfamily ? { + 'freebsd' => true, + default => false + } + + if $rewrite_lock { + validate_absolute_path($rewrite_lock) + } + + # Template uses: + # - $pidfile + # - $user + # - $group + # - $logroot + # - $error_log + # - $sendfile + # - $mod_dir + # - $ports_file + # - $confd_dir + # - $vhost_dir + # - $error_documents + # - $error_documents_path + # - $apxs_workaround + # - $keepalive + # - $keepalive_timeout + # - $max_keepalive_requests + # - $server_root + # - $server_tokens + # - $server_signature + # - $trace_enable + # - $rewrite_lock + file { "${::apache::conf_dir}/${::apache::params::conf_file}": + ensure => file, + content => template($conf_template), + notify => Class['Apache::Service'], + require => [Package['httpd'], Concat[$ports_file]], + } + + # preserve back-wards compatibility to the times when default_mods was + # only a boolean value. Now it can be an array (too) + if is_array($default_mods) { + class { '::apache::default_mods': + all => false, + mods => $default_mods, + } + } else { + class { '::apache::default_mods': + all => $default_mods, + } + } + class { '::apache::default_confd_files': + all => $default_confd_files + } + if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans + class { "::apache::mod::${mpm_module}": } + } + + $default_vhost_ensure = $default_vhost ? { + true => 'present', + false => 'absent' + } + $default_ssl_vhost_ensure = $default_ssl_vhost ? { + true => 'present', + false => 'absent' + } + + ::apache::vhost { 'default': + ensure => $default_vhost_ensure, + port => 80, + docroot => $docroot, + scriptalias => $scriptalias, + serveradmin => $serveradmin, + access_log_file => $access_log_file, + priority => '15', + ip => $ip, + logroot_mode => $logroot_mode, + manage_docroot => $default_vhost, + } + $ssl_access_log_file = $::osfamily ? { + 'freebsd' => $access_log_file, + default => "ssl_${access_log_file}", + } + ::apache::vhost { 'default-ssl': + ensure => $default_ssl_vhost_ensure, + port => 443, + ssl => true, + docroot => $docroot, + scriptalias => $scriptalias, + serveradmin => $serveradmin, + access_log_file => $ssl_access_log_file, + priority => '15', + ip => $ip, + logroot_mode => $logroot_mode, + manage_docroot => $default_ssl_vhost, + } + } + + # This anchor can be used as a reference point for things that need to happen *after* + # all modules have been put in place. + anchor { '::apache::modules_set_up': } +} diff --git a/modules/services/unix/http/apache/module/apache/manifests/listen.pp b/modules/services/unix/http/apache/module/apache/manifests/listen.pp new file mode 100644 index 000000000..e6a8a3c76 --- /dev/null +++ b/modules/services/unix/http/apache/module/apache/manifests/listen.pp @@ -0,0 +1,10 @@ +define apache::listen { + $listen_addr_port = $name + + # Template uses: $listen_addr_port + concat::fragment { "Listen ${listen_addr_port}": + ensure => present, + target => $::apache::ports_file, + content => template('apache/listen.erb'), + } +} diff --git a/modules/services/unix/http/apache/module/apache/manifests/params.pp b/modules/services/unix/http/apache/module/apache/manifests/params.pp new file mode 100644 index 000000000..99f1a72e8 --- /dev/null +++ b/modules/services/unix/http/apache/module/apache/manifests/params.pp @@ -0,0 +1,545 @@ +# Class: apache::params +# +# This class manages Apache parameters +# +# Parameters: +# - The $user that Apache runs as +# - The $group that Apache runs as +# - The $apache_name is the name of the package and service on the relevant +# distribution +# - The $php_package is the name of the package that provided PHP +# - The $ssl_package is the name of the Apache SSL package +# - The $apache_dev is the name of the Apache development libraries package +# - The $conf_contents is the contents of the Apache configuration file +# +# Actions: +# +# Requires: +# +# Sample Usage: +# +class apache::params inherits ::apache::version { + if($::fqdn) { + $servername = $::fqdn + } else { + $servername = $::hostname + } + + # The default error log level + $log_level = 'warn' + $use_optional_includes = false + + # Default mime types settings + $mime_types_additional = { + 'AddHandler' => { + 'type-map' => 'var' + }, + 'AddType' => { + 'text/html' => '.shtml' + }, + 'AddOutputFilter' => { + 'INCLUDES' => '.shtml' + }, + } + + # should we use systemd module? + $use_systemd = true + + # Default mode for files + $file_mode = '0644' + + $vhost_include_pattern = '*' + + if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { + $verify_command = '/usr/sbin/apache2ctl -t' + } else { + $verify_command = '/usr/sbin/apachectl -t' + } + if $::osfamily == 'RedHat' or $::operatingsystem =~ /^[Aa]mazon$/ { + $user = 'apache' + $group = 'apache' + $root_group = 'root' + $apache_name = 'httpd' + $service_name = 'httpd' + $httpd_dir = '/etc/httpd' + $server_root = '/etc/httpd' + $conf_dir = "${httpd_dir}/conf" + $confd_dir = "${httpd_dir}/conf.d" + $mod_dir = $::apache::version::distrelease ? { + '7' => "${httpd_dir}/conf.modules.d", + default => "${httpd_dir}/conf.d", + } + $mod_enable_dir = undef + $vhost_dir = "${httpd_dir}/conf.d" + $vhost_enable_dir = undef + $conf_file = 'httpd.conf' + $ports_file = "${conf_dir}/ports.conf" + $pidfile = 'run/httpd.pid' + $logroot = '/var/log/httpd' + $logroot_mode = undef + $lib_path = 'modules' + $mpm_module = 'prefork' + $dev_packages = 'httpd-devel' + $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt' + $default_ssl_key = '/etc/pki/tls/private/localhost.key' + $ssl_certs_dir = '/etc/pki/tls/certs' + $passenger_conf_file = 'passenger_extra.conf' + $passenger_conf_package_file = 'passenger.conf' + $passenger_root = undef + $passenger_ruby = undef + $passenger_default_ruby = undef + $suphp_addhandler = 'php5-script' + $suphp_engine = 'off' + $suphp_configpath = undef + # NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide + # NOTE: The auth_cas module isn't available to RH/CentOS without enabling EPEL. + $mod_packages = { + 'auth_cas' => 'mod_auth_cas', + 'auth_kerb' => 'mod_auth_kerb', + 'auth_mellon' => 'mod_auth_mellon', + 'authnz_ldap' => $::apache::version::distrelease ? { + '7' => 'mod_ldap', + default => 'mod_authz_ldap', + }, + 'fastcgi' => 'mod_fastcgi', + 'fcgid' => 'mod_fcgid', + 'geoip' => 'mod_geoip', + 'ldap' => $::apache::version::distrelease ? { + '7' => 'mod_ldap', + default => undef, + }, + 'pagespeed' => 'mod-pagespeed-stable', + 'passenger' => 'mod_passenger', + 'perl' => 'mod_perl', + 'php5' => $::apache::version::distrelease ? { + '5' => 'php53', + default => 'php', + }, + 'proxy_html' => 'mod_proxy_html', + 'python' => 'mod_python', + 'security' => 'mod_security', + 'shibboleth' => 'shibboleth', + 'ssl' => 'mod_ssl', + 'wsgi' => 'mod_wsgi', + 'dav_svn' => 'mod_dav_svn', + 'suphp' => 'mod_suphp', + 'xsendfile' => 'mod_xsendfile', + 'nss' => 'mod_nss', + 'shib2' => 'shibboleth', + } + $mod_libs = { + 'php5' => 'libphp5.so', + 'nss' => 'libmodnss.so', + } + $conf_template = 'apache/httpd.conf.erb' + $keepalive = 'Off' + $keepalive_timeout = 15 + $max_keepalive_requests = 100 + $fastcgi_lib_path = undef + $mime_support_package = 'mailcap' + $mime_types_config = '/etc/mime.types' + $docroot = '/var/www/html' + $alias_icons_path = $::apache::version::distrelease ? { + '7' => '/usr/share/httpd/icons', + default => '/var/www/icons', + } + $error_documents_path = $::apache::version::distrelease ? { + '7' => '/usr/share/httpd/error', + default => '/var/www/error' + } + if $::osfamily == 'RedHat' { + $wsgi_socket_prefix = '/var/run/wsgi' + } else { + $wsgi_socket_prefix = undef + } + $cas_cookie_path = '/var/cache/mod_auth_cas/' + $mellon_lock_file = '/run/mod_auth_mellon/lock' + $mellon_cache_size = 100 + $mellon_post_directory = undef + $modsec_crs_package = 'mod_security_crs' + $modsec_crs_path = '/usr/lib/modsecurity.d' + $modsec_dir = '/etc/httpd/modsecurity.d' + $modsec_secruleengine = 'On' + $modsec_default_rules = [ + 'base_rules/modsecurity_35_bad_robots.data', + 'base_rules/modsecurity_35_scanners.data', + 'base_rules/modsecurity_40_generic_attacks.data', + 'base_rules/modsecurity_41_sql_injection_attacks.data', + 'base_rules/modsecurity_50_outbound.data', + 'base_rules/modsecurity_50_outbound_malware.data', + 'base_rules/modsecurity_crs_20_protocol_violations.conf', + 'base_rules/modsecurity_crs_21_protocol_anomalies.conf', + 'base_rules/modsecurity_crs_23_request_limits.conf', + 'base_rules/modsecurity_crs_30_http_policy.conf', + 'base_rules/modsecurity_crs_35_bad_robots.conf', + 'base_rules/modsecurity_crs_40_generic_attacks.conf', + 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf', + 'base_rules/modsecurity_crs_41_xss_attacks.conf', + 'base_rules/modsecurity_crs_42_tight_security.conf', + 'base_rules/modsecurity_crs_45_trojans.conf', + 'base_rules/modsecurity_crs_47_common_exceptions.conf', + 'base_rules/modsecurity_crs_49_inbound_blocking.conf', + 'base_rules/modsecurity_crs_50_outbound.conf', + 'base_rules/modsecurity_crs_59_outbound_blocking.conf', + 'base_rules/modsecurity_crs_60_correlation.conf' + ] + } elsif $::osfamily == 'Debian' { + $user = 'www-data' + $group = 'www-data' + $root_group = 'root' + $apache_name = 'apache2' + $service_name = 'apache2' + $httpd_dir = '/etc/apache2' + $server_root = '/etc/apache2' + $conf_dir = $httpd_dir + $confd_dir = "${httpd_dir}/conf.d" + $mod_dir = "${httpd_dir}/mods-available" + $mod_enable_dir = "${httpd_dir}/mods-enabled" + $vhost_dir = "${httpd_dir}/sites-available" + $vhost_enable_dir = "${httpd_dir}/sites-enabled" + $conf_file = 'apache2.conf' + $ports_file = "${conf_dir}/ports.conf" + $pidfile = "\${APACHE_PID_FILE}" + $logroot = '/var/log/apache2' + $logroot_mode = undef + $lib_path = '/usr/lib/apache2/modules' + $mpm_module = 'worker' + $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' + $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' + $ssl_certs_dir = '/etc/ssl/certs' + $suphp_addhandler = 'x-httpd-php' + $suphp_engine = 'off' + $suphp_configpath = '/etc/php5/apache2' + $mod_packages = { + 'auth_cas' => 'libapache2-mod-auth-cas', + 'auth_kerb' => 'libapache2-mod-auth-kerb', + 'auth_mellon' => 'libapache2-mod-auth-mellon', + 'dav_svn' => 'libapache2-svn', + 'fastcgi' => 'libapache2-mod-fastcgi', + 'fcgid' => 'libapache2-mod-fcgid', + 'geoip' => 'libapache2-mod-geoip', + 'nss' => 'libapache2-mod-nss', + 'pagespeed' => 'mod-pagespeed-stable', + 'passenger' => 'libapache2-mod-passenger', + 'perl' => 'libapache2-mod-perl2', + 'php5' => 'libapache2-mod-php5', + 'proxy_html' => 'libapache2-mod-proxy-html', + 'python' => 'libapache2-mod-python', + 'rpaf' => 'libapache2-mod-rpaf', + 'security' => 'libapache2-modsecurity', + 'shib2' => 'libapache2-mod-shib2', + 'suphp' => 'libapache2-mod-suphp', + 'wsgi' => 'libapache2-mod-wsgi', + 'xsendfile' => 'libapache2-mod-xsendfile', + 'shib2' => 'libapache2-mod-shib2', + } + if $::osfamily == 'Debian' and versioncmp($::operatingsystemrelease, '8') < 0 { + $shib2_lib = 'mod_shib_22.so' + } else { + $shib2_lib = 'mod_shib2.so' + } + $mod_libs = { + 'php5' => 'libphp5.so', + 'shib2' => $shib2_lib + } + $conf_template = 'apache/httpd.conf.erb' + $keepalive = 'Off' + $keepalive_timeout = 15 + $max_keepalive_requests = 100 + $fastcgi_lib_path = '/var/lib/apache2/fastcgi' + $mime_support_package = 'mime-support' + $mime_types_config = '/etc/mime.types' + if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) { + $docroot = '/var/www/html' + } else { + $docroot = '/var/www' + } + $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' + $mellon_lock_file = undef + $mellon_cache_size = undef + $mellon_post_directory = '/var/cache/apache2/mod_auth_mellon/' + $modsec_crs_package = 'modsecurity-crs' + $modsec_crs_path = '/usr/share/modsecurity-crs' + $modsec_dir = '/etc/modsecurity' + $modsec_secruleengine = 'On' + $modsec_default_rules = [ + 'base_rules/modsecurity_35_bad_robots.data', + 'base_rules/modsecurity_35_scanners.data', + 'base_rules/modsecurity_40_generic_attacks.data', + 'base_rules/modsecurity_41_sql_injection_attacks.data', + 'base_rules/modsecurity_50_outbound.data', + 'base_rules/modsecurity_50_outbound_malware.data', + 'base_rules/modsecurity_crs_20_protocol_violations.conf', + 'base_rules/modsecurity_crs_21_protocol_anomalies.conf', + 'base_rules/modsecurity_crs_23_request_limits.conf', + 'base_rules/modsecurity_crs_30_http_policy.conf', + 'base_rules/modsecurity_crs_35_bad_robots.conf', + 'base_rules/modsecurity_crs_40_generic_attacks.conf', + 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf', + 'base_rules/modsecurity_crs_41_xss_attacks.conf', + 'base_rules/modsecurity_crs_42_tight_security.conf', + 'base_rules/modsecurity_crs_45_trojans.conf', + 'base_rules/modsecurity_crs_47_common_exceptions.conf', + 'base_rules/modsecurity_crs_49_inbound_blocking.conf', + 'base_rules/modsecurity_crs_50_outbound.conf', + 'base_rules/modsecurity_crs_59_outbound_blocking.conf', + 'base_rules/modsecurity_crs_60_correlation.conf' + ] + $alias_icons_path = '/usr/share/apache2/icons' + $error_documents_path = '/usr/share/apache2/error' + if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) { + $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] + } else { + $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] + } + + # + # Passenger-specific settings + # + + $passenger_conf_file = 'passenger.conf' + $passenger_conf_package_file = undef + + case $::operatingsystem { + 'Ubuntu': { + case $::lsbdistrelease { + '12.04': { + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + } + '14.04': { + $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + $passenger_ruby = undef + $passenger_default_ruby = '/usr/bin/ruby' + } + default: { + # The following settings may or may not work on Ubuntu releases not + # supported by this module. + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + } + } + } + 'Debian': { + case $::lsbdistcodename { + 'wheezy': { + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + } + 'jessie': { + $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + $passenger_ruby = undef + $passenger_default_ruby = '/usr/bin/ruby' + } + default: { + # The following settings may or may not work on Debian releases not + # supported by this module. + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + } + } + } + } + $wsgi_socket_prefix = undef + } elsif $::osfamily == 'FreeBSD' { + $user = 'www' + $group = 'www' + $root_group = 'wheel' + $apache_name = 'apache24' + $service_name = 'apache24' + $httpd_dir = '/usr/local/etc/apache24' + $server_root = '/usr/local' + $conf_dir = $httpd_dir + $confd_dir = "${httpd_dir}/Includes" + $mod_dir = "${httpd_dir}/Modules" + $mod_enable_dir = undef + $vhost_dir = "${httpd_dir}/Vhosts" + $vhost_enable_dir = undef + $conf_file = 'httpd.conf' + $ports_file = "${conf_dir}/ports.conf" + $pidfile = '/var/run/httpd.pid' + $logroot = '/var/log/apache24' + $logroot_mode = undef + $lib_path = '/usr/local/libexec/apache24' + $mpm_module = 'prefork' + $dev_packages = undef + $default_ssl_cert = '/usr/local/etc/apache24/server.crt' + $default_ssl_key = '/usr/local/etc/apache24/server.key' + $ssl_certs_dir = '/usr/local/etc/apache24' + $passenger_conf_file = 'passenger.conf' + $passenger_conf_package_file = undef + $passenger_root = '/usr/local/lib/ruby/gems/2.0/gems/passenger-4.0.58' + $passenger_ruby = '/usr/local/bin/ruby' + $passenger_default_ruby = undef + $suphp_addhandler = 'php5-script' + $suphp_engine = 'off' + $suphp_configpath = undef + $mod_packages = { + # NOTE: I list here only modules that are not included in www/apache24 + # NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config + # NOTE: 'php' needs to enable APACHE option in make config + # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config + # NOTE: not sure where the shibboleth should come from + 'auth_kerb' => 'www/mod_auth_kerb2', + 'fcgid' => 'www/mod_fcgid', + 'passenger' => 'www/rubygem-passenger', + 'perl' => 'www/mod_perl2', + 'php5' => 'www/mod_php5', + 'proxy_html' => 'www/mod_proxy_html', + 'python' => 'www/mod_python3', + 'wsgi' => 'www/mod_wsgi', + 'dav_svn' => 'devel/subversion', + 'xsendfile' => 'www/mod_xsendfile', + 'rpaf' => 'www/mod_rpaf2', + 'shib2' => 'security/shibboleth2-sp', + } + $mod_libs = { + 'php5' => 'libphp5.so', + } + $conf_template = 'apache/httpd.conf.erb' + $keepalive = 'Off' + $keepalive_timeout = 15 + $max_keepalive_requests = 100 + $fastcgi_lib_path = undef # TODO: revisit + $mime_support_package = 'misc/mime-support' + $mime_types_config = '/usr/local/etc/mime.types' + $wsgi_socket_prefix = undef + $docroot = '/usr/local/www/apache24/data' + $alias_icons_path = '/usr/local/www/apache24/icons' + $error_documents_path = '/usr/local/www/apache24/error' + } elsif $::osfamily == 'Gentoo' { + $user = 'apache' + $group = 'apache' + $root_group = 'wheel' + $apache_name = 'www-servers/apache' + $service_name = 'apache2' + $httpd_dir = '/etc/apache2' + $server_root = '/var/www' + $conf_dir = $httpd_dir + $confd_dir = "${httpd_dir}/conf.d" + $mod_dir = "${httpd_dir}/modules.d" + $mod_enable_dir = undef + $vhost_dir = "${httpd_dir}/vhosts.d" + $vhost_enable_dir = undef + $conf_file = 'httpd.conf' + $ports_file = "${conf_dir}/ports.conf" + $logroot = '/var/log/apache2' + $logroot_mode = undef + $lib_path = '/usr/lib/apache2/modules' + $mpm_module = 'prefork' + $dev_packages = undef + $default_ssl_cert = '/etc/ssl/apache2/server.crt' + $default_ssl_key = '/etc/ssl/apache2/server.key' + $ssl_certs_dir = '/etc/ssl/apache2' + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_conf_file = 'passenger.conf' + $passenger_conf_package_file = undef + $passenger_default_ruby = undef + $suphp_addhandler = 'x-httpd-php' + $suphp_engine = 'off' + $suphp_configpath = '/etc/php5/apache2' + $mod_packages = { + # NOTE: I list here only modules that are not included in www-servers/apache + 'auth_kerb' => 'www-apache/mod_auth_kerb', + 'authnz_external' => 'www-apache/mod_authnz_external', + 'fcgid' => 'www-apache/mod_fcgid', + 'passenger' => 'www-apache/passenger', + 'perl' => 'www-apache/mod_perl', + 'php5' => 'dev-lang/php', + 'proxy_html' => 'www-apache/mod_proxy_html', + 'proxy_fcgi' => 'www-apache/mod_proxy_fcgi', + 'python' => 'www-apache/mod_python', + 'wsgi' => 'www-apache/mod_wsgi', + 'dav_svn' => 'dev-vcs/subversion', + 'xsendfile' => 'www-apache/mod_xsendfile', + 'rpaf' => 'www-apache/mod_rpaf', + 'xml2enc' => 'www-apache/mod_xml2enc', + } + $mod_libs = { + 'php5' => 'libphp5.so', + } + $conf_template = 'apache/httpd.conf.erb' + $keepalive = 'Off' + $keepalive_timeout = 15 + $max_keepalive_requests = 100 + $fastcgi_lib_path = undef # TODO: revisit + $mime_support_package = 'app-misc/mime-types' + $mime_types_config = '/etc/mime.types' + $wsgi_socket_prefix = undef + $docroot = '/var/www/localhost/htdocs' + $alias_icons_path = '/usr/share/apache2/icons' + $error_documents_path = '/usr/share/apache2/error' + } elsif $::osfamily == 'Suse' { + $user = 'wwwrun' + $group = 'wwwrun' + $root_group = 'root' + $apache_name = 'apache2' + $service_name = 'apache2' + $httpd_dir = '/etc/apache2' + $server_root = '/etc/apache2' + $conf_dir = $httpd_dir + $confd_dir = "${httpd_dir}/conf.d" + $mod_dir = "${httpd_dir}/mods-available" + $mod_enable_dir = "${httpd_dir}/mods-enabled" + $vhost_dir = "${httpd_dir}/sites-available" + $vhost_enable_dir = "${httpd_dir}/sites-enabled" + $conf_file = 'httpd.conf' + $ports_file = "${conf_dir}/ports.conf" + $pidfile = '/var/run/httpd2.pid' + $logroot = '/var/log/apache2' + $logroot_mode = undef + $lib_path = '/usr/lib64/apache2-prefork/' + $mpm_module = 'prefork' + $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' + $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' + $ssl_certs_dir = '/etc/ssl/certs' + $suphp_addhandler = 'x-httpd-php' + $suphp_engine = 'off' + $suphp_configpath = '/etc/php5/apache2' + $mod_packages = { + 'auth_kerb' => 'apache2-mod_auth_kerb', + 'fcgid' => 'apache2-mod_fcgid', + 'perl' => 'apache2-mod_perl', + 'php5' => 'apache2-mod_php53', + 'python' => 'apache2-mod_python', + } + $mod_libs = { + 'php5' => 'libphp5.so', + } + $conf_template = 'apache/httpd.conf.erb' + $keepalive = 'Off' + $keepalive_timeout = 15 + $max_keepalive_requests = 100 + $fastcgi_lib_path = '/var/lib/apache2/fastcgi' + $mime_support_package = 'aaa_base' + $mime_types_config = '/etc/mime.types' + $docroot = '/srv/www' + $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' + $mellon_lock_file = undef + $mellon_cache_size = undef + $mellon_post_directory = undef + $alias_icons_path = '/usr/share/apache2/icons' + $error_documents_path = '/usr/share/apache2/error' + $dev_packages = ['libapr-util1-devel', 'libapr1-devel'] + + # + # Passenger-specific settings + # + + $passenger_conf_file = 'passenger.conf' + $passenger_conf_package_file = undef + + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + $wsgi_socket_prefix = undef + + } else { + fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") + } +} diff --git a/modules/services/unix/http/apache/module/apache/manifests/ssl.pp b/modules/services/unix/http/apache/module/apache/manifests/ssl.pp new file mode 100644 index 000000000..d0b36593d --- /dev/null +++ b/modules/services/unix/http/apache/module/apache/manifests/ssl.pp @@ -0,0 +1,18 @@ +# Class: apache::ssl +# +# This class installs Apache SSL capabilities +# +# Parameters: +# - The $ssl_package name from the apache::params class +# +# Actions: +# - Install Apache SSL capabilities +# +# Requires: +# +# Sample Usage: +# +class apache::ssl { + warning('apache::ssl is deprecated; please use apache::mod::ssl') + include ::apache::mod::ssl +} diff --git a/modules/services/unix/http/apache/module/apache/manifests/vhost.pp b/modules/services/unix/http/apache/module/apache/manifests/vhost.pp new file mode 100644 index 000000000..8b5422e5a --- /dev/null +++ b/modules/services/unix/http/apache/module/apache/manifests/vhost.pp @@ -0,0 +1,999 @@ +# See README.md for usage information +define apache::vhost( + $docroot, + $manage_docroot = true, + $virtual_docroot = false, + $port = undef, + $ip = undef, + $ip_based = false, + $add_listen = true, + $docroot_owner = 'root', + $docroot_group = $::apache::params::root_group, + $docroot_mode = undef, + $serveradmin = undef, + $ssl = false, + $ssl_cert = $::apache::default_ssl_cert, + $ssl_key = $::apache::default_ssl_key, + $ssl_chain = $::apache::default_ssl_chain, + $ssl_ca = $::apache::default_ssl_ca, + $ssl_crl_path = $::apache::default_ssl_crl_path, + $ssl_crl = $::apache::default_ssl_crl, + $ssl_crl_check = $::apache::default_ssl_crl_check, + $ssl_certs_dir = $::apache::params::ssl_certs_dir, + $ssl_protocol = undef, + $ssl_cipher = undef, + $ssl_honorcipherorder = undef, + $ssl_verify_client = undef, + $ssl_verify_depth = undef, + $ssl_proxy_verify = undef, + $ssl_proxy_check_peer_cn = undef, + $ssl_proxy_check_peer_name = undef, + $ssl_proxy_machine_cert = undef, + $ssl_options = undef, + $ssl_openssl_conf_cmd = undef, + $ssl_proxyengine = false, + $priority = undef, + $default_vhost = false, + $servername = $name, + $serveraliases = [], + $options = ['Indexes','FollowSymLinks','MultiViews'], + $override = ['None'], + $directoryindex = '', + $vhost_name = '*', + $logroot = $::apache::logroot, + $logroot_ensure = 'directory', + $logroot_mode = undef, + $log_level = undef, + $access_log = true, + $access_log_file = false, + $access_log_pipe = false, + $access_log_syslog = false, + $access_log_format = false, + $access_log_env_var = false, + $access_logs = undef, + $aliases = undef, + $directories = undef, + $error_log = true, + $error_log_file = undef, + $error_log_pipe = undef, + $error_log_syslog = undef, + $error_documents = [], + $fallbackresource = undef, + $scriptalias = undef, + $scriptaliases = [], + $proxy_dest = undef, + $proxy_dest_match = undef, + $proxy_dest_reverse_match = undef, + $proxy_pass = undef, + $proxy_pass_match = undef, + $suphp_addhandler = $::apache::params::suphp_addhandler, + $suphp_engine = $::apache::params::suphp_engine, + $suphp_configpath = $::apache::params::suphp_configpath, + $php_flags = {}, + $php_values = {}, + $php_admin_flags = {}, + $php_admin_values = {}, + $no_proxy_uris = [], + $no_proxy_uris_match = [], + $proxy_preserve_host = false, + $proxy_error_override = false, + $redirect_source = '/', + $redirect_dest = undef, + $redirect_status = undef, + $redirectmatch_status = undef, + $redirectmatch_regexp = undef, + $redirectmatch_dest = undef, + $rack_base_uris = undef, + $passenger_base_uris = undef, + $headers = undef, + $request_headers = undef, + $filters = undef, + $rewrites = undef, + $rewrite_base = undef, + $rewrite_rule = undef, + $rewrite_cond = undef, + $setenv = [], + $setenvif = [], + $block = [], + $ensure = 'present', + $wsgi_application_group = undef, + $wsgi_daemon_process = undef, + $wsgi_daemon_process_options = undef, + $wsgi_import_script = undef, + $wsgi_import_script_options = undef, + $wsgi_process_group = undef, + $wsgi_script_aliases = undef, + $wsgi_pass_authorization = undef, + $wsgi_chunked_request = undef, + $custom_fragment = undef, + $itk = undef, + $action = undef, + $fastcgi_server = undef, + $fastcgi_socket = undef, + $fastcgi_dir = undef, + $additional_includes = [], + $use_optional_includes = $::apache::use_optional_includes, + $apache_version = $::apache::apache_version, + $allow_encoded_slashes = undef, + $suexec_user_group = undef, + $passenger_app_root = undef, + $passenger_app_env = undef, + $passenger_ruby = undef, + $passenger_min_instances = undef, + $passenger_start_timeout = undef, + $passenger_pre_start = undef, + $add_default_charset = undef, + $modsec_disable_vhost = undef, + $modsec_disable_ids = undef, + $modsec_disable_ips = undef, + $modsec_body_limit = undef, + $auth_kerb = false, + $krb_method_negotiate = 'on', + $krb_method_k5passwd = 'on', + $krb_authoritative = 'on', + $krb_auth_realms = [], + $krb_5keytab = undef, + $krb_local_user_mapping = undef, + $krb_verify_kdc = 'on', + $krb_servicename = 'HTTP', + $krb_save_credentials = 'off', +) { + # The base class must be included first because it is used by parameter defaults + if ! defined(Class['apache']) { + fail('You must include the apache base class before using any apache defined resources') + } + + $apache_name = $::apache::apache_name + + validate_re($ensure, '^(present|absent)$', + "${ensure} is not supported for ensure. + Allowed values are 'present' and 'absent'.") + validate_re($suphp_engine, '^(on|off)$', + "${suphp_engine} is not supported for suphp_engine. + Allowed values are 'on' and 'off'.") + validate_bool($ip_based) + validate_bool($access_log) + validate_bool($error_log) + validate_bool($ssl) + validate_bool($default_vhost) + validate_bool($ssl_proxyengine) + if $rewrites { + validate_array($rewrites) + unless empty($rewrites) { + validate_hash($rewrites[0]) + } + } + + # Input validation begins + + if $suexec_user_group { + validate_re($suexec_user_group, '^[\w-]+ [\w-]+$', + "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") + } + + if $wsgi_pass_authorization { + validate_re(downcase($wsgi_pass_authorization), '^(on|off)$', + "${wsgi_pass_authorization} is not supported for wsgi_pass_authorization. + Allowed values are 'on' and 'off'.") + } + + # Deprecated backwards-compatibility + if $rewrite_base { + warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites') + } + if $rewrite_rule { + warning('Apache::Vhost: parameter rewrite_rule is deprecated in favor of rewrites') + } + if $rewrite_cond { + warning('Apache::Vhost parameter rewrite_cond is deprecated in favor of rewrites') + } + + if $wsgi_script_aliases { + validate_hash($wsgi_script_aliases) + } + if $wsgi_daemon_process_options { + validate_hash($wsgi_daemon_process_options) + } + if $wsgi_import_script_options { + validate_hash($wsgi_import_script_options) + } + if $itk { + validate_hash($itk) + } + + validate_re($logroot_ensure, '^(directory|absent)$', + "${logroot_ensure} is not supported for logroot_ensure. + Allowed values are 'directory' and 'absent'.") + + if $log_level { + validate_apache_log_level($log_level) + } + + if $access_log_file and $access_log_pipe { + fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time") + } + + if $error_log_file and $error_log_pipe { + fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time") + } + + if $fallbackresource { + validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")') + } + + if $custom_fragment { + validate_string($custom_fragment) + } + + if $allow_encoded_slashes { + validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") + } + + validate_bool($auth_kerb) + + # Validate the docroot as a string if: + # - $manage_docroot is true + if $manage_docroot { + validate_string($docroot) + } + + if $ssl_proxy_verify { + validate_re($ssl_proxy_verify,'^(none|optional|require|optional_no_ca)$',"${ssl_proxy_verify} is not permitted for ssl_proxy_verify. Allowed values are 'none', 'optional', 'require' or 'optional_no_ca'.") + } + + if $ssl_proxy_check_peer_cn { + validate_re($ssl_proxy_check_peer_cn,'(^on$|^off$)',"${ssl_proxy_check_peer_cn} is not permitted for ssl_proxy_check_peer_cn. Allowed values are 'on' or 'off'.") + } + if $ssl_proxy_check_peer_name { + validate_re($ssl_proxy_check_peer_name,'(^on$|^off$)',"${ssl_proxy_check_peer_name} is not permitted for ssl_proxy_check_peer_name. Allowed values are 'on' or 'off'.") + } + + # Input validation ends + + if $ssl and $ensure == 'present' { + include ::apache::mod::ssl + # Required for the AddType lines. + include ::apache::mod::mime + } + + if $auth_kerb and $ensure == 'present' { + include ::apache::mod::auth_kerb + } + + if $virtual_docroot { + include ::apache::mod::vhost_alias + } + + if $wsgi_daemon_process { + include ::apache::mod::wsgi + } + + if $suexec_user_group { + include ::apache::mod::suexec + } + + if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + include ::apache::mod::passenger + } + + # Configure the defaultness of a vhost + if $priority { + $priority_real = "${priority}-" + } elsif $priority == false { + $priority_real = '' + } elsif $default_vhost { + $priority_real = '10-' + } else { + $priority_real = '25-' + } + + ## Apache include does not always work with spaces in the filename + $filename = regsubst($name, ' ', '_', 'G') + + # This ensures that the docroot exists + # But enables it to be specified across multiple vhost resources + if $manage_docroot and $docroot and ! defined(File[$docroot]) { + file { $docroot: + ensure => directory, + owner => $docroot_owner, + group => $docroot_group, + mode => $docroot_mode, + require => Package['httpd'], + before => Concat["${priority_real}${filename}.conf"], + } + } + + # Same as above, but for logroot + if ! defined(File[$logroot]) { + file { $logroot: + ensure => $logroot_ensure, + mode => $logroot_mode, + require => Package['httpd'], + before => Concat["${priority_real}${filename}.conf"], + } + } + + + # Is apache::mod::passenger enabled (or apache::mod['passenger']) + $passenger_enabled = defined(Apache::Mod['passenger']) + + # Is apache::mod::shib enabled (or apache::mod['shib2']) + $shibboleth_enabled = defined(Apache::Mod['shib2']) + + if $access_log and !$access_logs { + if $access_log_file { + $_logs_dest = "${logroot}/${access_log_file}" + } elsif $access_log_pipe { + $_logs_dest = $access_log_pipe + } elsif $access_log_syslog { + $_logs_dest = $access_log_syslog + } else { + $_logs_dest = undef + } + $_access_logs = [{ + 'file' => $access_log_file, + 'pipe' => $access_log_pipe, + 'syslog' => $access_log_syslog, + 'format' => $access_log_format, + 'env' => $access_log_env_var + }] + } elsif $access_logs { + if !is_array($access_logs) { + fail("Apache::Vhost[${name}]: access_logs must be an array of hashes") + } + $_access_logs = $access_logs + } + + if $error_log_file { + $error_log_destination = "${logroot}/${error_log_file}" + } elsif $error_log_pipe { + $error_log_destination = $error_log_pipe + } elsif $error_log_syslog { + $error_log_destination = $error_log_syslog + } else { + if $ssl { + $error_log_destination = "${logroot}/${name}_error_ssl.log" + } else { + $error_log_destination = "${logroot}/${name}_error.log" + } + } + + if $ip { + $_ip = enclose_ipv6($ip) + if $port { + $listen_addr_port = suffix(any2array($_ip),":${port}") + $nvh_addr_port = suffix(any2array($_ip),":${port}") + } else { + $listen_addr_port = undef + $nvh_addr_port = $_ip + if ! $servername and ! $ip_based { + fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts") + } + } + } else { + if $port { + $listen_addr_port = $port + $nvh_addr_port = "${vhost_name}:${port}" + } else { + $listen_addr_port = undef + $nvh_addr_port = $name + if ! $servername { + fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter") + } + } + } + if $add_listen { + if $ip and defined(Apache::Listen["${port}"]) { + fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") + } + if $listen_addr_port and $ensure == 'present' { + ensure_resource('apache::listen', $listen_addr_port) + } + } + if ! $ip_based { + if $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) { + ensure_resource('apache::namevirtualhost', $nvh_addr_port) + } + } + + # Load mod_rewrite if needed and not yet loaded + if $rewrites or $rewrite_cond { + if ! defined(Class['apache::mod::rewrite']) { + include ::apache::mod::rewrite + } + } + + # Load mod_alias if needed and not yet loaded + if ($scriptalias or $scriptaliases != []) or ($aliases and $aliases != []) or ($redirect_source and $redirect_dest) { + if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') { + include ::apache::mod::alias + } + } + + # Load mod_proxy if needed and not yet loaded + if ($proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match) { + if ! defined(Class['apache::mod::proxy']) { + include ::apache::mod::proxy + } + if ! defined(Class['apache::mod::proxy_http']) { + include ::apache::mod::proxy_http + } + } + + # Load mod_passenger if needed and not yet loaded + if $rack_base_uris { + if ! defined(Class['apache::mod::passenger']) { + include ::apache::mod::passenger + } + } + + # Load mod_passenger if needed and not yet loaded + if $passenger_base_uris { + include ::apache::mod::passenger + } + + # Load mod_fastci if needed and not yet loaded + if $fastcgi_server and $fastcgi_socket { + if ! defined(Class['apache::mod::fastcgi']) { + include ::apache::mod::fastcgi + } + } + + # Check if mod_headers is required to process $headers/$request_headers + if $headers or $request_headers { + if ! defined(Class['apache::mod::headers']) { + include ::apache::mod::headers + } + } + + # Check if mod_filter is required to process $filters + if $filters { + if ! defined(Class['apache::mod::filter']) { + include ::apache::mod::filter + } + } + + if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { + if ! defined(Class['apache::mod::setenvif']) { + include ::apache::mod::setenvif + } + } + + ## Create a default directory list if none defined + if $directories { + if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) { + fail("Apache::Vhost[${name}]: 'directories' must be either a Hash or an Array of Hashes") + } + $_directories = $directories + } elsif $docroot { + $_directory = { + provider => 'directory', + path => $docroot, + options => $options, + allow_override => $override, + directoryindex => $directoryindex, + } + + if versioncmp($apache_version, '2.4') >= 0 { + $_directory_version = { + require => 'all granted', + } + } else { + $_directory_version = { + order => 'allow,deny', + allow => 'from all', + } + } + + $_directories = [ merge($_directory, $_directory_version) ] + } + + ## Create a global LocationMatch if locations aren't defined + if $modsec_disable_ids { + if is_hash($modsec_disable_ids) { + $_modsec_disable_ids = $modsec_disable_ids + } elsif is_array($modsec_disable_ids) { + $_modsec_disable_ids = { '.*' => $modsec_disable_ids } + } else { + fail("Apache::Vhost[${name}]: 'modsec_disable_ids' must be either a Hash of location/IDs or an Array of IDs") + } + } + + concat { "${priority_real}${filename}.conf": + ensure => $ensure, + path => "${::apache::vhost_dir}/${priority_real}${filename}.conf", + owner => 'root', + group => $::apache::params::root_group, + mode => $::apache::file_mode, + order => 'numeric', + require => Package['httpd'], + notify => Class['apache::service'], + } + # NOTE(pabelanger): This code is duplicated in ::apache::vhost::custom and + # needs to be converted into something generic. + if $::apache::vhost_enable_dir { + $vhost_enable_dir = $::apache::vhost_enable_dir + $vhost_symlink_ensure = $ensure ? { + present => link, + default => $ensure, + } + file{ "${priority_real}${filename}.conf symlink": + ensure => $vhost_symlink_ensure, + path => "${vhost_enable_dir}/${priority_real}${filename}.conf", + target => "${::apache::vhost_dir}/${priority_real}${filename}.conf", + owner => 'root', + group => $::apache::params::root_group, + mode => $::apache::file_mode, + require => Concat["${priority_real}${filename}.conf"], + notify => Class['apache::service'], + } + } + + # Template uses: + # - $nvh_addr_port + # - $servername + # - $serveradmin + concat::fragment { "${name}-apache-header": + target => "${priority_real}${filename}.conf", + order => 0, + content => template('apache/vhost/_file_header.erb'), + } + + # Template uses: + # - $virtual_docroot + # - $docroot + if $docroot { + concat::fragment { "${name}-docroot": + target => "${priority_real}${filename}.conf", + order => 10, + content => template('apache/vhost/_docroot.erb'), + } + } + + # Template uses: + # - $aliases + if $aliases and ! empty($aliases) { + concat::fragment { "${name}-aliases": + target => "${priority_real}${filename}.conf", + order => 20, + content => template('apache/vhost/_aliases.erb'), + } + } + + # Template uses: + # - $itk + # - $::kernelversion + if $itk and ! empty($itk) { + concat::fragment { "${name}-itk": + target => "${priority_real}${filename}.conf", + order => 30, + content => template('apache/vhost/_itk.erb'), + } + } + + # Template uses: + # - $fallbackresource + if $fallbackresource { + concat::fragment { "${name}-fallbackresource": + target => "${priority_real}${filename}.conf", + order => 40, + content => template('apache/vhost/_fallbackresource.erb'), + } + } + + # Template uses: + # - $allow_encoded_slashes + if $allow_encoded_slashes { + concat::fragment { "${name}-allow_encoded_slashes": + target => "${priority_real}${filename}.conf", + order => 50, + content => template('apache/vhost/_allow_encoded_slashes.erb'), + } + } + + # Template uses: + # - $_directories + # - $docroot + # - $apache_version + # - $suphp_engine + # - $shibboleth_enabled + if $_directories and ! empty($_directories) { + concat::fragment { "${name}-directories": + target => "${priority_real}${filename}.conf", + order => 60, + content => template('apache/vhost/_directories.erb'), + } + } + + # Template uses: + # - $additional_includes + if $additional_includes and ! empty($additional_includes) { + concat::fragment { "${name}-additional_includes": + target => "${priority_real}${filename}.conf", + order => 70, + content => template('apache/vhost/_additional_includes.erb'), + } + } + + # Template uses: + # - $error_log + # - $log_level + # - $error_log_destination + # - $log_level + if $error_log or $log_level { + concat::fragment { "${name}-logging": + target => "${priority_real}${filename}.conf", + order => 80, + content => template('apache/vhost/_logging.erb'), + } + } + + # Template uses no variables + concat::fragment { "${name}-serversignature": + target => "${priority_real}${filename}.conf", + order => 90, + content => template('apache/vhost/_serversignature.erb'), + } + + # Template uses: + # - $access_log + # - $_access_log_env_var + # - $access_log_destination + # - $_access_log_format + # - $_access_log_env_var + # - $access_logs + if $access_log or $access_logs { + concat::fragment { "${name}-access_log": + target => "${priority_real}${filename}.conf", + order => 100, + content => template('apache/vhost/_access_log.erb'), + } + } + + # Template uses: + # - $action + if $action { + concat::fragment { "${name}-action": + target => "${priority_real}${filename}.conf", + order => 110, + content => template('apache/vhost/_action.erb'), + } + } + + # Template uses: + # - $block + # - $apache_version + if $block and ! empty($block) { + concat::fragment { "${name}-block": + target => "${priority_real}${filename}.conf", + order => 120, + content => template('apache/vhost/_block.erb'), + } + } + + # Template uses: + # - $error_documents + if $error_documents and ! empty($error_documents) { + concat::fragment { "${name}-error_document": + target => "${priority_real}${filename}.conf", + order => 130, + content => template('apache/vhost/_error_document.erb'), + } + } + + # Template uses: + # - $headers + if $headers and ! empty($headers) { + concat::fragment { "${name}-header": + target => "${priority_real}${filename}.conf", + order => 140, + content => template('apache/vhost/_header.erb'), + } + } + + # Template uses: + # - $request_headers + if $request_headers and ! empty($request_headers) { + concat::fragment { "${name}-requestheader": + target => "${priority_real}${filename}.conf", + order => 150, + content => template('apache/vhost/_requestheader.erb'), + } + } + + # Template uses: + # - $proxy_dest + # - $proxy_pass + # - $proxy_pass_match + # - $proxy_preserve_host + # - $no_proxy_uris + if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match { + concat::fragment { "${name}-proxy": + target => "${priority_real}${filename}.conf", + order => 160, + content => template('apache/vhost/_proxy.erb'), + } + } + + # Template uses: + # - $rack_base_uris + if $rack_base_uris { + concat::fragment { "${name}-rack": + target => "${priority_real}${filename}.conf", + order => 170, + content => template('apache/vhost/_rack.erb'), + } + } + + # Template uses: + # - $passenger_base_uris + if $passenger_base_uris { + concat::fragment { "${name}-passenger_uris": + target => "${priority_real}${filename}.conf", + order => 175, + content => template('apache/vhost/_passenger_base_uris.erb'), + } + } + + # Template uses: + # - $redirect_source + # - $redirect_dest + # - $redirect_status + # - $redirect_dest_a + # - $redirect_source_a + # - $redirect_status_a + # - $redirectmatch_status + # - $redirectmatch_regexp + # - $redirectmatch_dest + # - $redirectmatch_status_a + # - $redirectmatch_regexp_a + # - $redirectmatch_dest + if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { + concat::fragment { "${name}-redirect": + target => "${priority_real}${filename}.conf", + order => 180, + content => template('apache/vhost/_redirect.erb'), + } + } + + # Template uses: + # - $rewrites + # - $rewrite_base + # - $rewrite_rule + # - $rewrite_cond + # - $rewrite_map + if $rewrites or $rewrite_rule { + concat::fragment { "${name}-rewrite": + target => "${priority_real}${filename}.conf", + order => 190, + content => template('apache/vhost/_rewrite.erb'), + } + } + + # Template uses: + # - $scriptaliases + # - $scriptalias + if ( $scriptalias or $scriptaliases != [] ) { + concat::fragment { "${name}-scriptalias": + target => "${priority_real}${filename}.conf", + order => 200, + content => template('apache/vhost/_scriptalias.erb'), + } + } + + # Template uses: + # - $serveraliases + if $serveraliases and ! empty($serveraliases) { + concat::fragment { "${name}-serveralias": + target => "${priority_real}${filename}.conf", + order => 210, + content => template('apache/vhost/_serveralias.erb'), + } + } + + # Template uses: + # - $setenv + # - $setenvif + if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { + concat::fragment { "${name}-setenv": + target => "${priority_real}${filename}.conf", + order => 220, + content => template('apache/vhost/_setenv.erb'), + } + } + + # Template uses: + # - $ssl + # - $ssl_cert + # - $ssl_key + # - $ssl_chain + # - $ssl_certs_dir + # - $ssl_ca + # - $ssl_crl_path + # - $ssl_crl + # - $ssl_crl_check + # - $ssl_protocol + # - $ssl_cipher + # - $ssl_honorcipherorder + # - $ssl_verify_client + # - $ssl_verify_depth + # - $ssl_options + # - $ssl_openssl_conf_cmd + # - $apache_version + if $ssl { + concat::fragment { "${name}-ssl": + target => "${priority_real}${filename}.conf", + order => 230, + content => template('apache/vhost/_ssl.erb'), + } + } + + # Template uses: + # - $ssl_proxyengine + # - $ssl_proxy_verify + # - $ssl_proxy_check_peer_cn + # - $ssl_proxy_check_peer_name + # - $ssl_proxy_machine_cert + if $ssl_proxyengine { + concat::fragment { "${name}-sslproxy": + target => "${priority_real}${filename}.conf", + order => 230, + content => template('apache/vhost/_sslproxy.erb'), + } + } + + # Template uses: + # - $auth_kerb + # - $krb_method_negotiate + # - $krb_method_k5passwd + # - $krb_authoritative + # - $krb_auth_realms + # - $krb_5keytab + # - $krb_local_user_mapping + if $auth_kerb { + concat::fragment { "${name}-auth_kerb": + target => "${priority_real}${filename}.conf", + order => 230, + content => template('apache/vhost/_auth_kerb.erb'), + } + } + + # Template uses: + # - $suphp_engine + # - $suphp_addhandler + # - $suphp_configpath + if $suphp_engine == 'on' { + concat::fragment { "${name}-suphp": + target => "${priority_real}${filename}.conf", + order => 240, + content => template('apache/vhost/_suphp.erb'), + } + } + + # Template uses: + # - $php_values + # - $php_flags + if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) { + concat::fragment { "${name}-php": + target => "${priority_real}${filename}.conf", + order => 240, + content => template('apache/vhost/_php.erb'), + } + } + + # Template uses: + # - $php_admin_values + # - $php_admin_flags + if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { + concat::fragment { "${name}-php_admin": + target => "${priority_real}${filename}.conf", + order => 250, + content => template('apache/vhost/_php_admin.erb'), + } + } + + # Template uses: + # - $wsgi_application_group + # - $wsgi_daemon_process + # - $wsgi_daemon_process_options + # - $wsgi_import_script + # - $wsgi_import_script_options + # - $wsgi_process_group + # - $wsgi_script_aliases + # - $wsgi_pass_authorization + if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { + concat::fragment { "${name}-wsgi": + target => "${priority_real}${filename}.conf", + order => 260, + content => template('apache/vhost/_wsgi.erb'), + } + } + + # Template uses: + # - $custom_fragment + if $custom_fragment { + concat::fragment { "${name}-custom_fragment": + target => "${priority_real}${filename}.conf", + order => 270, + content => template('apache/vhost/_custom_fragment.erb'), + } + } + + # Template uses: + # - $fastcgi_server + # - $fastcgi_socket + # - $fastcgi_dir + # - $apache_version + if $fastcgi_server or $fastcgi_dir { + concat::fragment { "${name}-fastcgi": + target => "${priority_real}${filename}.conf", + order => 280, + content => template('apache/vhost/_fastcgi.erb'), + } + } + + # Template uses: + # - $suexec_user_group + if $suexec_user_group { + concat::fragment { "${name}-suexec": + target => "${priority_real}${filename}.conf", + order => 290, + content => template('apache/vhost/_suexec.erb'), + } + } + + # Template uses: + # - $passenger_app_root + # - $passenger_app_env + # - $passenger_ruby + # - $passenger_min_instances + # - $passenger_start_timeout + # - $passenger_pre_start + if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + concat::fragment { "${name}-passenger": + target => "${priority_real}${filename}.conf", + order => 300, + content => template('apache/vhost/_passenger.erb'), + } + } + + # Template uses: + # - $add_default_charset + if $add_default_charset { + concat::fragment { "${name}-charsets": + target => "${priority_real}${filename}.conf", + order => 310, + content => template('apache/vhost/_charsets.erb'), + } + } + + # Template uses: + # - $modsec_disable_vhost + # - $modsec_disable_ids + # - $modsec_disable_ips + # - $modsec_body_limit + if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips { + concat::fragment { "${name}-security": + target => "${priority_real}${filename}.conf", + order => 320, + content => template('apache/vhost/_security.erb') + } + } + + # Template uses: + # - $filters + if $filters and ! empty($filters) { + concat::fragment { "${name}-filters": + target => "${priority_real}${filename}.conf", + order => 330, + content => template('apache/vhost/_filters.erb'), + } + } + + # Template uses no variables + concat::fragment { "${name}-file_footer": + target => "${priority_real}${filename}.conf", + order => 999, + content => template('apache/vhost/_file_footer.erb'), + } +} diff --git a/modules/services/unix/http/apache/module/apache/metadata.json b/modules/services/unix/http/apache/module/apache/metadata.json new file mode 100644 index 000000000..9ef58c8c9 --- /dev/null +++ b/modules/services/unix/http/apache/module/apache/metadata.json @@ -0,0 +1,81 @@ +{ + "name": "puppetlabs-apache", + "version": "1.8.1", + "author": "puppetlabs", + "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", + "license": "Apache-2.0", + "source": "git://github.com/puppetlabs/puppetlabs-apache.git", + "project_page": "https://github.com/puppetlabs/puppetlabs-apache", + "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", + "dependencies": [ + {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"}, + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 3.0.0"} + ], + "data_provider": null, + "operatingsystem_support": [ + { + "operatingsystem": "RedHat", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, + { + "operatingsystem": "CentOS", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, + { + "operatingsystem": "OracleLinux", + "operatingsystemrelease": [ + "6", + "7" + ] + }, + { + "operatingsystem": "Scientific", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "6", + "7", + "8" + ] + }, + { + "operatingsystem": "SLES", + "operatingsystemrelease": [ + "11 SP1" + ] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": [ + "10.04", + "12.04", + "14.04" + ] + } + ], + "requirements": [ + { + "name": "pe", + "version_requirement": ">= 3.7.0 < 2015.4.0" + }, + { + "name": "puppet", + "version_requirement": ">= 3.0.0 < 5.0.0" + } + ], + "description": "Module for Apache configuration" +} diff --git a/modules/services/unix/http/apache/module/apache/spec/classes/apache_spec.rb b/modules/services/unix/http/apache/module/apache/spec/classes/apache_spec.rb new file mode 100644 index 000000000..34d56ba4f --- /dev/null +++ b/modules/services/unix/http/apache/module/apache/spec/classes/apache_spec.rb @@ -0,0 +1,884 @@ +require 'spec_helper' + +describe 'apache', :type => :class do + context "on a Debian OS" do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package("httpd").with( + 'notify' => 'Class[Apache::Service]', + 'ensure' => 'installed' + ) + } + it { is_expected.to contain_user("www-data") } + it { is_expected.to contain_group("www-data") } + it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www").with( + 'ensure' => 'directory' + ) + } + it { is_expected.to contain_file("/etc/apache2/sites-enabled").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) + } + it { is_expected.to contain_file("/etc/apache2/mods-enabled").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) + } + it { is_expected.to contain_file("/etc/apache2/mods-available").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'false', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) + } + it { is_expected.to contain_concat("/etc/apache2/ports.conf").with( + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + 'notify' => 'Class[Apache::Service]' + ) + } + # Assert that load files are placed and symlinked for these mods, but no conf file. + [ + 'auth_basic', + 'authn_file', + 'authz_default', + 'authz_groupfile', + 'authz_host', + 'authz_user', + 'dav', + 'env' + ].each do |modname| + it { is_expected.to contain_file("#{modname}.load").with( + 'path' => "/etc/apache2/mods-available/#{modname}.load", + 'ensure' => 'file' + ) } + it { is_expected.to contain_file("#{modname}.load symlink").with( + 'path' => "/etc/apache2/mods-enabled/#{modname}.load", + 'ensure' => 'link', + 'target' => "/etc/apache2/mods-available/#{modname}.load" + ) } + it { is_expected.not_to contain_file("#{modname}.conf") } + it { is_expected.not_to contain_file("#{modname}.conf symlink") } + end + + context "with Apache version < 2.4" do + let :params do + { :apache_version => '2.2' } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^Include "/etc/apache2/conf\.d/\*\.conf"$} } + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + :use_optional_includes => true + } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} } + end + + context "when specifying slash encoding behaviour" do + let :params do + { :allow_encoded_slashes => 'nodecode' } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AllowEncodedSlashes nodecode$} } + end + + context "when specifying default character set" do + let :params do + { :default_charset => 'none' } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AddDefaultCharset none$} } + end + + # Assert that both load files and conf files are placed and symlinked for these mods + [ + 'alias', + 'autoindex', + 'dav_fs', + 'deflate', + 'dir', + 'mime', + 'negotiation', + 'setenvif', + ].each do |modname| + it { is_expected.to contain_file("#{modname}.load").with( + 'path' => "/etc/apache2/mods-available/#{modname}.load", + 'ensure' => 'file' + ) } + it { is_expected.to contain_file("#{modname}.load symlink").with( + 'path' => "/etc/apache2/mods-enabled/#{modname}.load", + 'ensure' => 'link', + 'target' => "/etc/apache2/mods-available/#{modname}.load" + ) } + it { is_expected.to contain_file("#{modname}.conf").with( + 'path' => "/etc/apache2/mods-available/#{modname}.conf", + 'ensure' => 'file' + ) } + it { is_expected.to contain_file("#{modname}.conf symlink").with( + 'path' => "/etc/apache2/mods-enabled/#{modname}.conf", + 'ensure' => 'link', + 'target' => "/etc/apache2/mods-available/#{modname}.conf" + ) } + end + + describe "Check default type" do + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + } + end + + context "when default_type => 'none'" do + let :params do + { :default_type => 'none' } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^DefaultType none$} } + end + context "when default_type => 'text/plain'" do + let :params do + { :default_type => 'text/plain' } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^DefaultType text/plain$} } + end + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + } + end + it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^DefaultType [.]*$} } + end + end + + describe "Don't create user resource" do + context "when parameter manage_user is false" do + let :params do + { :manage_user => false } + end + + it { is_expected.not_to contain_user('www-data') } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^User www-data\n} } + end + end + describe "Don't create group resource" do + context "when parameter manage_group is false" do + let :params do + { :manage_group => false } + end + + it { is_expected.not_to contain_group('www-data') } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^Group www-data\n} } + end + end + + describe "Add extra LogFormats" do + context "When parameter log_formats is a hash" do + let :params do + { :log_formats => { + 'vhost_common' => "%v %h %l %u %t \"%r\" %>s %b", + 'vhost_combined' => "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" + } } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" vhost_combined\n} } + end + end + + describe "Override existing LogFormats" do + context "When parameter log_formats is a hash" do + let :params do + { :log_formats => { + 'common' => "%v %h %l %u %t \"%r\" %>s %b", + 'combined' => "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" + } } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" common\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^LogFormat "%h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" common\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^LogFormat "%h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} } + end + end + + context "8" do + let :facts do + super().merge({ + :lsbdistcodename => 'jessie', + :operatingsystemrelease => '8' + }) + end + it { is_expected.to contain_file("/var/www/html").with( + 'ensure' => 'directory' + ) + } + end + context "on Ubuntu" do + let :facts do + super().merge({ + :operatingsystem => 'Ubuntu' + }) + end + + context "14.04" do + let :facts do + super().merge({ + :lsbdistrelease => '14.04', + :operatingsystemrelease => '14.04' + }) + end + it { is_expected.to contain_file("/var/www/html").with( + 'ensure' => 'directory' + ) + } + end + context "13.10" do + let :facts do + super().merge({ + :lsbdistrelease => '13.10', + :operatingsystemrelease => '13.10' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.4') } + end + context "12.04" do + let :facts do + super().merge({ + :lsbdistrelease => '12.04', + :operatingsystemrelease => '12.04' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.2') } + end + context "13.04" do + let :facts do + super().merge({ + :lsbdistrelease => '13.04', + :operatingsystemrelease => '13.04' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.2') } + end + end + end + context "on a RedHat 5 OS" do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '5', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package("httpd").with( + 'notify' => 'Class[Apache::Service]', + 'ensure' => 'installed' + ) + } + it { is_expected.to contain_user("apache") } + it { is_expected.to contain_group("apache") } + it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www/html").with( + 'ensure' => 'directory' + ) + } + it { is_expected.to contain_file("/etc/httpd/conf.d").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) + } + it { is_expected.to contain_concat("/etc/httpd/conf/ports.conf").with( + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + 'notify' => 'Class[Apache::Service]' + ) + } + describe "Alternate confd/mod/vhosts directory" do + let :params do + { + :vhost_dir => '/etc/httpd/site.d', + :confd_dir => '/etc/httpd/conf.d', + :mod_dir => '/etc/httpd/mod.d', + } + end + + ['mod.d','site.d','conf.d'].each do |dir| + it { is_expected.to contain_file("/etc/httpd/#{dir}").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) } + end + + # Assert that load files are placed for these mods, but no conf file. + [ + 'auth_basic', + 'authn_file', + 'authz_default', + 'authz_groupfile', + 'authz_host', + 'authz_user', + 'dav', + 'env', + ].each do |modname| + it { is_expected.to contain_file("#{modname}.load").with_path( + "/etc/httpd/mod.d/#{modname}.load" + ) } + it { is_expected.not_to contain_file("#{modname}.conf").with_path( + "/etc/httpd/mod.d/#{modname}.conf" + ) } + end + + # Assert that both load files and conf files are placed for these mods + [ + 'alias', + 'autoindex', + 'dav_fs', + 'deflate', + 'dir', + 'mime', + 'negotiation', + 'setenvif', + ].each do |modname| + it { is_expected.to contain_file("#{modname}.load").with_path( + "/etc/httpd/mod.d/#{modname}.load" + ) } + it { is_expected.to contain_file("#{modname}.conf").with_path( + "/etc/httpd/mod.d/#{modname}.conf" + ) } + end + + context "with Apache version < 2.4" do + let :params do + { :apache_version => '2.2' } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/conf\.d/\*\.conf"$} } + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + :use_optional_includes => true + } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} } + end + + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + :rewrite_lock => '/var/lock/subsys/rewrite-lock' + } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^RewriteLock /var/lock/subsys/rewrite-lock$} } + end + + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2' + } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^RewriteLock [.]*$} } + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + :rewrite_lock => '/var/lock/subsys/rewrite-lock' + } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^RewriteLock [.]*$} } + end + + context "when specifying slash encoding behaviour" do + let :params do + { :allow_encoded_slashes => 'nodecode' } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AllowEncodedSlashes nodecode$} } + end + + context "when specifying default character set" do + let :params do + { :default_charset => 'none' } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AddDefaultCharset none$} } + end + + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + } + end + + context "when default_type => 'none'" do + let :params do + { :default_type => 'none' } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^DefaultType none$} } + end + context "when default_type => 'text/plain'" do + let :params do + { :default_type => 'text/plain' } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^DefaultType text/plain$} } + end + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^DefaultType [.]*$} } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*"$} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} } + end + + describe "Alternate conf directory" do + let :params do + { :conf_dir => '/opt/rh/root/etc/httpd/conf' } + end + + it { is_expected.to contain_file("/opt/rh/root/etc/httpd/conf/httpd.conf").with( + 'ensure' => 'file', + 'notify' => 'Class[Apache::Service]', + 'require' => ['Package[httpd]', 'Concat[/etc/httpd/conf/ports.conf]'], + ) } + end + + describe "Alternate conf.d directory" do + let :params do + { :confd_dir => '/etc/httpd/special_conf.d' } + end + + it { is_expected.to contain_file("/etc/httpd/special_conf.d").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) } + end + + describe "Alternate mpm_modules" do + context "when declaring mpm_module is false" do + let :params do + { :mpm_module => false } + end + it 'should not declare mpm modules' do + is_expected.not_to contain_class('apache::mod::event') + is_expected.not_to contain_class('apache::mod::itk') + is_expected.not_to contain_class('apache::mod::peruser') + is_expected.not_to contain_class('apache::mod::prefork') + is_expected.not_to contain_class('apache::mod::worker') + end + end + context "when declaring mpm_module => prefork" do + let :params do + { :mpm_module => 'prefork' } + end + it { is_expected.to contain_class('apache::mod::prefork') } + it { is_expected.not_to contain_class('apache::mod::event') } + it { is_expected.not_to contain_class('apache::mod::itk') } + it { is_expected.not_to contain_class('apache::mod::peruser') } + it { is_expected.not_to contain_class('apache::mod::worker') } + end + context "when declaring mpm_module => worker" do + let :params do + { :mpm_module => 'worker' } + end + it { is_expected.to contain_class('apache::mod::worker') } + it { is_expected.not_to contain_class('apache::mod::event') } + it { is_expected.not_to contain_class('apache::mod::itk') } + it { is_expected.not_to contain_class('apache::mod::peruser') } + it { is_expected.not_to contain_class('apache::mod::prefork') } + end + context "when declaring mpm_module => breakme" do + let :params do + { :mpm_module => 'breakme' } + end + it { expect { catalogue }.to raise_error Puppet::Error, /does not match/ } + end + end + + describe "different templates for httpd.conf" do + context "with default" do + let :params do + { :conf_template => 'apache/httpd.conf.erb' } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^# Security\n} } + end + context "with non-default" do + let :params do + { :conf_template => 'site_apache/fake.conf.erb' } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Fake template for rspec.$} } + end + end + + describe "default mods" do + context "without" do + let :params do + { :default_mods => false } + end + + it { is_expected.to contain_apache__mod('authz_host') } + it { is_expected.not_to contain_apache__mod('env') } + end + context "custom" do + let :params do + { :default_mods => [ + 'info', + 'alias', + 'mime', + 'env', + 'setenv', + 'expires', + ]} + end + + it { is_expected.to contain_apache__mod('authz_host') } + it { is_expected.to contain_apache__mod('env') } + it { is_expected.to contain_class('apache::mod::info') } + it { is_expected.to contain_class('apache::mod::mime') } + end + end + describe "Don't create user resource" do + context "when parameter manage_user is false" do + let :params do + { :manage_user => false } + end + + it { is_expected.not_to contain_user('apache') } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^User apache\n} } + end + end + describe "Don't create group resource" do + context "when parameter manage_group is false" do + let :params do + { :manage_group => false } + end + + it { is_expected.not_to contain_group('apache') } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Group apache\n} } + + end + end + describe "sendfile" do + context "with invalid value" do + let :params do + { :sendfile => 'foo' } + end + it "should fail" do + expect do + catalogue + end.to raise_error(Puppet::Error, /"foo" does not match/) + end + end + context "On" do + let :params do + { :sendfile => 'On' } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile On\n} } + end + context "Off" do + let :params do + { :sendfile => 'Off' } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile Off\n} } + end + end + context "on Fedora" do + let :facts do + super().merge({ + :operatingsystem => 'Fedora' + }) + end + + context "21" do + let :facts do + super().merge({ + :lsbdistrelease => '21', + :operatingsystemrelease => '21' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.4') } + end + context "Rawhide" do + let :facts do + super().merge({ + :lsbdistrelease => 'Rawhide', + :operatingsystemrelease => 'Rawhide' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.4') } + end + # kinda obsolete + context "17" do + let :facts do + super().merge({ + :lsbdistrelease => '17', + :operatingsystemrelease => '17' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.2') } + end + end + end + context "on a FreeBSD OS" do + let :facts do + { + :id => 'root', + :kernel => 'FreeBSD', + :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', + :operatingsystemrelease => '10', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::package").with({'ensure' => 'present'}) } + it { is_expected.to contain_user("www") } + it { is_expected.to contain_group("www") } + it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/usr/local/www/apache24/data").with( + 'ensure' => 'directory' + ) + } + it { is_expected.to contain_file("/usr/local/etc/apache24/Vhosts").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) } + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) } + it { is_expected.to contain_concat("/usr/local/etc/apache24/ports.conf").with( + 'owner' => 'root', + 'group' => 'wheel', + 'mode' => '0644', + 'notify' => 'Class[Apache::Service]' + ) } + # Assert that load files are placed for these mods, but no conf file. + [ + 'auth_basic', + 'authn_core', + 'authn_file', + 'authz_groupfile', + 'authz_host', + 'authz_user', + 'dav', + 'env' + ].each do |modname| + it { is_expected.to contain_file("#{modname}.load").with( + 'path' => "/usr/local/etc/apache24/Modules/#{modname}.load", + 'ensure' => 'file' + ) } + it { is_expected.not_to contain_file("#{modname}.conf") } + end + + # Assert that both load files and conf files are placed for these mods + [ + 'alias', + 'autoindex', + 'dav_fs', + 'deflate', + 'dir', + 'mime', + 'negotiation', + 'setenvif', + ].each do |modname| + it { is_expected.to contain_file("#{modname}.load").with( + 'path' => "/usr/local/etc/apache24/Modules/#{modname}.load", + 'ensure' => 'file' + ) } + it { is_expected.to contain_file("#{modname}.conf").with( + 'path' => "/usr/local/etc/apache24/Modules/#{modname}.conf", + 'ensure' => 'file' + ) } + end + end + context "on a Gentoo OS" do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_user("apache") } + it { is_expected.to contain_group("apache") } + it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www/localhost/htdocs").with( + 'ensure' => 'directory' + ) + } + it { is_expected.to contain_file("/etc/apache2/vhosts.d").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) } + it { is_expected.to contain_file("/etc/apache2/modules.d").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) } + it { is_expected.to contain_concat("/etc/apache2/ports.conf").with( + 'owner' => 'root', + 'group' => 'wheel', + 'mode' => '0644', + 'notify' => 'Class[Apache::Service]' + ) } + end + context 'on all OSes' do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + context 'with a custom apache_name parameter' do + let :params do { + :apache_name => 'httpd24-httpd' + } + end + it { is_expected.to contain_package("httpd").with( + 'notify' => 'Class[Apache::Service]', + 'ensure' => 'installed', + 'name' => 'httpd24-httpd' + ) + } + end + context 'with a custom file_mode parameter' do + let :params do { + :file_mode => '0640' + } + end + it { is_expected.to contain_concat("/etc/httpd/conf/ports.conf").with( + 'mode' => '0640', + ) + } + end + context 'default vhost defaults' do + it { is_expected.to contain_apache__vhost('default').with_ensure('present') } + it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('absent') } + end + context 'without default non-ssl vhost' do + let :params do { + :default_vhost => false + } + end + it { is_expected.to contain_apache__vhost('default').with_ensure('absent') } + it { is_expected.not_to contain_file('/var/www/html') } + end + context 'with default ssl vhost' do + let :params do { + :default_ssl_vhost => true + } + end + it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('present') } + it { is_expected.to contain_file('/var/www/html') } + end + end + context 'with unsupported osfamily' do + let :facts do + { :osfamily => 'Darwin', + :operatingsystemrelease => '13.1.0', + :concat_basedir => '/dne', + :is_pe => false, + } + end + + it do + expect { + catalogue + }.to raise_error(Puppet::Error, /Unsupported osfamily/) + end + end +end diff --git a/modules/services/unix/http/apache/module/apache/spec/spec_helper.rb b/modules/services/unix/http/apache/module/apache/spec/spec_helper.rb new file mode 100644 index 000000000..475b72c07 --- /dev/null +++ b/modules/services/unix/http/apache/module/apache/spec/spec_helper.rb @@ -0,0 +1,23 @@ +require 'puppetlabs_spec_helper/module_spec_helper' + +RSpec.configure do |c| + c.before :each do + # Ensure that we don't accidentally cache facts and environment + # between test cases. + Facter::Util::Loader.any_instance.stubs(:load_all) + Facter.clear + Facter.clear_messages + + # Store any environment variables away to be restored later + @old_env = {} + ENV.each_key {|k| @old_env[k] = ENV[k]} + + if ENV['STRICT_VARIABLES'] == 'yes' + Puppet.settings[:strict_variables]=true + end + end +end + +shared_examples :compile, :compile => true do + it { should compile.with_all_deps } +end diff --git a/modules/services/unix/http/apache/module/example42_apache_2_1_12/Gemfile b/modules/services/unix/http/apache/module/example42_apache_2_1_12/Gemfile deleted file mode 100644 index f8ddad569..000000000 --- a/modules/services/unix/http/apache/module/example42_apache_2_1_12/Gemfile +++ /dev/null @@ -1,18 +0,0 @@ -source 'https://rubygems.org' - -puppetversion = ENV['PUPPET_VERSION'] - -is_ruby18 = RUBY_VERSION.start_with? '1.8' - -if is_ruby18 - gem 'rspec', "~> 3.1.0", :require => false -end -gem 'puppet', puppetversion, :require => false -gem 'puppet-lint' -gem 'puppetlabs_spec_helper', '>= 0.1.0' -gem 'rspec-puppet' -gem 'metadata-json-lint' - -group :development do - gem 'puppet-blacksmith' -end diff --git a/modules/services/unix/http/apache/module/example42_apache_2_1_12/README.md b/modules/services/unix/http/apache/module/example42_apache_2_1_12/README.md deleted file mode 100644 index 5ee018ea6..000000000 --- a/modules/services/unix/http/apache/module/example42_apache_2_1_12/README.md +++ /dev/null @@ -1,236 +0,0 @@ -# Puppet module: apache - -This is a Puppet apache module from the second generation of Example42 Puppet Modules. - -Made by Alessandro Franceschi / Lab42 - -Official site: http://www.example42.com - -Official git repository: http://github.com/example42/puppet-apache - -Released under the terms of Apache 2 License. - -This module requires functions provided by the Example42 Puppi module. - -For detailed info about the logic and usage patterns of Example42 modules read README.usage on Example42 main modules set. - -## USAGE - Module specific usage - -* Install apache with a custom httpd.conf template and some virtual hosts - - class { 'apache': - template => 'example42/apache/httpd.conf.erb', - } - - apache::vhost { 'mysite': - docroot => '/path/to/docroot', - template => 'example42/apache/vhost/mysite.com.erb', - } - - -* Install mod ssl - - include apache::ssl - - -* Manage basic auth users (Here user joe is created with the $crypt_password on the defined htpasswd_file - - apache::htpasswd { 'joe': - crypt_password => 'B5dPQYYjf.jjA', - htpasswd_file => '/etc/httpd/users.passwd', - } - - -* Manage custom configuration files (created in conf.d, source or content can be defined) - - apache::dotconf { 'trac': - content => template("site/trac/apache.conf.erb") - } - - -* Add other listening ports (a relevant NameVirtualHost directive is automatically created) - - apache::listen { '8080': } - - -* Add other listening ports without creating a relevant NameVirtualHost directive - - apache::listen { '8080': - $namevirtualhost = false, - } - - -* Add an apache module and manage its configuraton - - apache::module { 'proxy': - templatefile => 'site/apache/module/proxy.conf.erb', - } - - -* Install mod passenger - - include apache::passenger - - -## USAGE - Basic management - -* Install apache with default settings - - class { "apache": } - -* Disable apache service. - - class { "apache": - disable => true - } - -* Disable apache service at boot time, but don't stop if is running. - - class { "apache": - disableboot => true - } - -* Remove apache package - - class { "apache": - absent => true - } - -* Enable auditing without making changes on existing apache configuration files - - class { "apache": - audit_only => true - } - -* Install apache with a specific version - - class { "apache": - version => '2.2.22' - } - - -## USAGE - Default server management - -* Simple way to manage default apache configuration - - apache::vhost { 'default': - docroot => '/var/www/document_root', - server_name => false, - priority => '', - template => 'apache/virtualhost/vhost.conf.erb', - } - -* Using a source file to create the vhost - - apache::vhost { 'default': - source => 'puppet:///files/web/default.conf', - template => '', - } - - -## USAGE - Overrides and Customizations - -* Use custom sources for main config file - - class { "apache": - source => [ "puppet:///modules/lab42/apache/apache.conf-${hostname}" , "puppet:///modules/lab42/apache/apache.conf" ], - } - - -* Use custom source directory for the whole configuration dir - - class { "apache": - source_dir => "puppet:///modules/lab42/apache/conf/", - source_dir_purge => false, # Set to true to purge any existing file not present in $source_dir - } - -* Use custom template for main config file - - class { "apache": - template => "example42/apache/apache.conf.erb", - } - -* Define custom options that can be used in a custom template without the - need to add parameters to the apache class - - class { "apache": - template => "example42/apache/apache.conf.erb", - options => { - 'LogLevel' => 'INFO', - 'UsePAM' => 'yes', - }, - } - -* Automaticallly include a custom subclass - - class { "apache:" - my_class => 'apache::example42', - } - -## USAGE - Hiera Support -* Manage apache configuration using Hiera - -```yaml -apache::template: 'modules/apache/apache2.conf.erb' -apache::options: - timeout: '300' - keepalive: 'On' - maxkeepaliverequests: '100' - keepalivetimeout: '5' -``` - -* Defining Apache resources using Hiera - -```yaml -apache::virtualhost_hash: - 'mysite.com': - documentroot: '/var/www/mysite.com' - aliases: 'www.mysite.com' -apache::htpasswd_hash: - 'myuser': - crypt_password: 'password1' - htpasswd_file: '/etc/apache2/users.passwd' -apache::listen_hash: - '8080': - namevirtualhost: '*' -apache::module_hash: - 'status': - ensure: present -``` - -## USAGE - Example42 extensions management -* Activate puppi (recommended, but disabled by default) - Note that this option requires the usage of Example42 puppi module - - class { "apache": - puppi => true, - } - -* Activate puppi and use a custom puppi_helper template (to be provided separately with - a puppi::helper define ) to customize the output of puppi commands - - class { "apache": - puppi => true, - puppi_helper => "myhelper", - } - -* Activate automatic monitoring (recommended, but disabled by default) - This option requires the usage of Example42 monitor and relevant monitor tools modules - - class { "apache": - monitor => true, - monitor_tool => [ "nagios" , "monit" , "munin" ], - } - -* Activate automatic firewalling - This option requires the usage of Example42 firewall and relevant firewall tools modules - - class { "apache": - firewall => true, - firewall_tool => "iptables", - firewall_src => "10.42.0.0/24", - firewall_dst => "$ipaddress_eth0", - } - - -[![Build Status](https://travis-ci.org/example42/puppet-apache.png?branch=master)](https://travis-ci.org/example42/puppet-apache) diff --git a/modules/services/unix/http/apache/module/example42_apache_2_1_12/Rakefile b/modules/services/unix/http/apache/module/example42_apache_2_1_12/Rakefile deleted file mode 100644 index d7a2a69fd..000000000 --- a/modules/services/unix/http/apache/module/example42_apache_2_1_12/Rakefile +++ /dev/null @@ -1,12 +0,0 @@ -require 'rubygems' -require 'puppetlabs_spec_helper/rake_tasks' -require 'puppet-lint' -PuppetLint.configuration.send("disable_80chars") -PuppetLint.configuration.send('disable_class_parameter_defaults') - -# Blacksmith -begin - require 'puppet_blacksmith/rake_tasks' -rescue LoadError - puts "Blacksmith needed only to push to the Forge" -end diff --git a/modules/services/unix/http/apache/module/example42_apache_2_1_12/checksums.json b/modules/services/unix/http/apache/module/example42_apache_2_1_12/checksums.json deleted file mode 100644 index 7672aee84..000000000 --- a/modules/services/unix/http/apache/module/example42_apache_2_1_12/checksums.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "Gemfile": "08b4b449407602e452a4d939c92d8fd2", - "LICENSE": "a300b604c66de62cf6e923cca89c9d83", - "README.md": "eda04faa84f9fdd551768ae1653ffb94", - "Rakefile": "beb946c8ed36b603d578cc9ca17ca85d", - "manifests/dotconf.pp": "575cab47757dcf509f1e1e8ac11b644b", - "manifests/htpasswd.pp": "b61c60bf0ff48b8fae5ae74370eec18e", - "manifests/init.pp": "3f856f760da332ae66429de7b2e3ac1c", - "manifests/listen.pp": "b2e74f8aa59829c0644b836a8d0e4c2d", - "manifests/module.pp": "8cd0fcdb5495ac1df21d8d4bf14f2782", - "manifests/params.pp": "b708a3a8faa792f25fa36232982c091d", - "manifests/passenger.pp": "471b18ed8769eb16b1fbeb955e3d28c9", - "manifests/redhat.pp": "7bf95178474b51eb75a37931e4ec4d2f", - "manifests/spec.pp": "27b6dcd653caef771ac053e2df3260e9", - "manifests/ssl.pp": "7a2feb658749e0cb8414893da77565f1", - "manifests/vhost.pp": "cead2da83f4059f8236c9acbfc6b97ec", - "manifests/virtualhost.pp": "caba8b56341d8a765f5ad136ddaa45fe", - "metadata.json": "b3fa4d5d439ae3641593797312250da0", - "spec/classes/apache_spec.rb": "8b9164190257524c21ffe86c08678dfd", - "spec/defines/apache_virtualhost_spec.rb": "ae7bd850a64d89233675385c1f605ab8", - "spec/spec_helper.rb": "0db89c9a486df193c0e40095422e19dc", - "templates/00-NameVirtualHost.conf.erb": "a410a82e9c65d36c7537bfb36a7a3041", - "templates/listen.conf.erb": "47fe4e9a45f066ac5bd9cbbfe1fd0bd2", - "templates/module/proxy.conf.erb": "2eccd5a67ff4070bdd6ed8cd98b4bbda", - "templates/spec.erb": "055d4f22a02a677753cf922108b6e50c", - "templates/virtualhost/vhost.conf.erb": "4e6d66668b21c1cf28c11f6fcf536f18", - "templates/virtualhost/virtualhost.conf.erb": "a6f72c70e83bec34a85071b9bbef3b3d", - "tests/vhost.pp": "a2ee77862630ba4f7e0fdfb10a8dca79" -} \ No newline at end of file diff --git a/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/init.pp b/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/init.pp deleted file mode 100644 index accb8be78..000000000 --- a/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/init.pp +++ /dev/null @@ -1,528 +0,0 @@ - -# = Class: apache -# -# This is the main apache class -# -# -# == Parameters -# -# Standard class parameters -# Define the general class behaviour and customizations -# -# [*my_class*] -# Name of a custom class to autoload to manage module's customizations -# If defined, apache class will automatically "include $my_class" -# Can be defined also by the (top scope) variable $apache_myclass -# -# [*source*] -# Sets the content of source parameter for main configuration file -# If defined, apache main config file will have the param: source => $source -# Can be defined also by the (top scope) variable $apache_source -# -# [*source_dir*] -# If defined, the whole apache configuration directory content is retrieved -# recursively from the specified source -# (source => $source_dir , recurse => true) -# Can be defined also by the (top scope) variable $apache_source_dir -# -# [*source_dir_purge*] -# If set to true (default false) the existing configuration directory is -# mirrored with the content retrieved from source_dir -# (source => $source_dir , recurse => true , purge => true) -# Can be defined also by the (top scope) variable $apache_source_dir_purge -# -# [*template*] -# Sets the path to the template to use as content for main configuration file -# If defined, apache main config file has: content => content("$template") -# Note source and template parameters are mutually exclusive: don't use both -# Can be defined also by the (top scope) variable $apache_template -# -# [*options*] -# An hash of custom options to be used in templates for arbitrary settings. -# Can be defined also by the (top scope) variable $apache_options -# -# [*service_autorestart*] -# Automatically restarts the apache service when there is a change in -# configuration files. Default: true, Set to false if you don't want to -# automatically restart the service. -# -# [*service_requires*] -# Overwrites the service dependencies, which are by default: Package['apache']. -# Set this parameter to a custom set of requirements, if you want to let the -# Apache service depend on more than just the package dependency. -# -# [*absent*] -# Set to 'true' to remove package(s) installed by module -# Can be defined also by the (top scope) variable $apache_absent -# -# [*disable*] -# Set to 'true' to disable service(s) managed by module -# Can be defined also by the (top scope) variable $apache_disable -# -# [*disableboot*] -# Set to 'true' to disable service(s) at boot, without checks if it's running -# Use this when the service is managed by a tool like a cluster software -# Can be defined also by the (top scope) variable $apache_disableboot -# -# [*monitor*] -# Set to 'true' to enable monitoring of the services provided by the module -# Can be defined also by the (top scope) variables $apache_monitor -# and $monitor -# -# [*monitor_tool*] -# Define which monitor tools (ad defined in Example42 monitor module) -# you want to use for apache checks -# Can be defined also by the (top scope) variables $apache_monitor_tool -# and $monitor_tool -# -# [*monitor_target*] -# The Ip address or hostname to use as a target for monitoring tools. -# Default is the fact $ipaddress -# Can be defined also by the (top scope) variables $apache_monitor_target -# and $monitor_target -# -# [*puppi*] -# Set to 'true' to enable creation of module data files that are used by puppi -# Can be defined also by the (top scope) variables $apache_puppi and $puppi -# -# [*puppi_helper*] -# Specify the helper to use for puppi commands. The default for this module -# is specified in params.pp and is generally a good choice. -# You can customize the output of puppi commands for this module using another -# puppi helper. Use the define puppi::helper to create a new custom helper -# Can be defined also by the (top scope) variables $apache_puppi_helper -# and $puppi_helper -# -# [*firewall*] -# Set to 'true' to enable firewalling of the services provided by the module -# Can be defined also by the (top scope) variables $apache_firewall -# and $firewall -# -# [*firewall_tool*] -# Define which firewall tool(s) (ad defined in Example42 firewall module) -# you want to use to open firewall for apache port(s) -# Can be defined also by the (top scope) variables $apache_firewall_tool -# and $firewall_tool -# -# [*firewall_src*] -# Define which source ip/net allow for firewalling apache. Default: 0.0.0.0/0 -# Can be defined also by the (top scope) variables $apache_firewall_src -# and $firewall_src -# -# [*firewall_dst*] -# Define which destination ip to use for firewalling. Default: $ipaddress -# Can be defined also by the (top scope) variables $apache_firewall_dst -# and $firewall_dst -# -# [*debug*] -# Set to 'true' to enable modules debugging -# Can be defined also by the (top scope) variables $apache_debug and $debug -# -# [*audit_only*] -# Set to 'true' if you don't intend to override existing configuration files -# and want to audit the difference between existing files and the ones -# managed by Puppet. -# Can be defined also by the (top scope) variables $apache_audit_only -# and $audit_only -# -# Default class params - As defined in apache::params. -# Note that these variables are mostly defined and used in the module itself, -# overriding the default values might not affected all the involved components. -# Set and override them only if you know what you're doing. -# Note also that you can't override/set them via top scope variables. -# -# [*package*] -# The name of apache package -# -# [*service*] -# The name of apache service -# -# [*service_status*] -# If the apache service init script supports status argument -# -# [*process*] -# The name of apache process -# -# [*process_args*] -# The name of apache arguments. Used by puppi and monitor. -# Used only in case the apache process name is generic (java, ruby...) -# -# [*process_user*] -# The name of the user apache runs with. Used by puppi and monitor. -# -# [*config_dir*] -# Main configuration directory. Used by puppi -# -# [*config_file*] -# Main configuration file path -# -# [*config_file_mode*] -# Main configuration file path mode -# -# [*config_file_owner*] -# Main configuration file path owner -# -# [*config_file_group*] -# Main configuration file path group -# -# [*config_file_init*] -# Path of configuration file sourced by init script -# -# [*config_file_default_purge*] -# Set to 'true' to purge the default configuration file -# -# [*pid_file*] -# Path of pid file. Used by monitor -# -# [*data_dir*] -# Path of application data directory. Used by puppi -# -# [*log_dir*] -# Base logs directory. Used by puppi -# -# [*log_file*] -# Log file(s). Used by puppi -# -# [*port*] -# The listening port, if any, of the service. -# This is used by monitor, firewall and puppi (optional) components -# Note: This doesn't necessarily affect the service configuration file -# Can be defined also by the (top scope) variable $apache_port -# -# [*ssl_port*] -# The ssl port, used if apache::ssl is included and monitor/firewall -# are enabled -# -# [*protocol*] -# The protocol used by the the service. -# This is used by monitor, firewall and puppi (optional) components -# Can be defined also by the (top scope) variable $apache_protocol -# -# [*version*] -# The version of apache package to be installed -# -# -# == Examples -# -# You can use this class in 2 ways: -# - Set variables (at top scope level on in a ENC) and "include apache" -# - Call apache as a parametrized class -# -# See README for details. -# -# -# == Author -# Alessandro Franceschi -# -class apache ( - $my_class = params_lookup( 'my_class' ), - $source = params_lookup( 'source' ), - $source_dir = params_lookup( 'source_dir' ), - $source_dir_purge = params_lookup( 'source_dir_purge' ), - $template = params_lookup( 'template' ), - $service_autorestart = params_lookup( 'service_autorestart' , 'global' ), - $options = params_lookup( 'options' ), - $absent = params_lookup( 'absent' ), - $disable = params_lookup( 'disable' ), - $disableboot = params_lookup( 'disableboot' ), - $monitor = params_lookup( 'monitor' , 'global' ), - $monitor_tool = params_lookup( 'monitor_tool' , 'global' ), - $monitor_target = params_lookup( 'monitor_target' , 'global' ), - $puppi = params_lookup( 'puppi' , 'global' ), - $puppi_helper = params_lookup( 'puppi_helper' , 'global' ), - $firewall = params_lookup( 'firewall' , 'global' ), - $firewall_tool = params_lookup( 'firewall_tool' , 'global' ), - $firewall_src = params_lookup( 'firewall_src' , 'global' ), - $firewall_dst = params_lookup( 'firewall_dst' , 'global' ), - $debug = params_lookup( 'debug' , 'global' ), - $audit_only = params_lookup( 'audit_only' , 'global' ), - $package = params_lookup( 'package' ), - $service = params_lookup( 'service' ), - $service_status = params_lookup( 'service_status' ), - $service_requires = params_lookup( 'service_requires' ), - $process = params_lookup( 'process' ), - $process_args = params_lookup( 'process_args' ), - $process_user = params_lookup( 'process_user' ), - $config_dir = params_lookup( 'config_dir' ), - $config_file = params_lookup( 'config_file' ), - $config_file_mode = params_lookup( 'config_file_mode' ), - $config_file_owner = params_lookup( 'config_file_owner' ), - $config_file_group = params_lookup( 'config_file_group' ), - $config_file_init = params_lookup( 'config_file_init' ), - $config_file_default_purge = params_lookup( 'config_file_default_purge'), - $pid_file = params_lookup( 'pid_file' ), - $data_dir = params_lookup( 'data_dir' ), - $log_dir = params_lookup( 'log_dir' ), - $log_file = params_lookup( 'log_file' ), - $port = params_lookup( 'port' ), - $ssl_port = params_lookup( 'ssl_port' ), - $protocol = params_lookup( 'protocol' ), - $version = params_lookup( 'version' ), - $dotconf_hash = params_lookup( 'dotconf_hash'), - $htpasswd_hash = params_lookup( 'htpasswd_hash'), - $listen_hash = params_lookup( 'listen_hash'), - $module_hash = params_lookup( 'module_hash'), - $vhost_hash = params_lookup( 'vhost_hash'), - $virtualhost_hash = params_lookup( 'virtualhost_hash'), - ) inherits apache::params { - - $bool_source_dir_purge=any2bool($source_dir_purge) - $bool_service_autorestart=any2bool($service_autorestart) - $bool_absent=any2bool($absent) - $bool_disable=any2bool($disable) - $bool_disableboot=any2bool($disableboot) - $bool_monitor=any2bool($monitor) - $bool_puppi=any2bool($puppi) - $bool_firewall=any2bool($firewall) - $bool_debug=any2bool($debug) - $bool_audit_only=any2bool($audit_only) - - ## Integration with Hiera - if $dotconf_hash != {} { - validate_hash($dotconf_hash) - create_resources('apache::dotconf', $dotconf_hash) - } - if $htpasswd_hash != {} { - validate_hash($htpasswd_hash) - create_resources('apache::htpasswd', $htpasswd_hash) - } - if $listen_hash != {} { - validate_hash($listen_hash) - create_resources('apache::listen', $listen_hash) - } - if $module_hash != {} { - validate_hash($module_hash) - create_resources('apache::module', $module_hash) - } - if $vhost_hash != {} { - validate_hash($vhost_hash) - create_resources('apache::vhost', $vhost_hash) - } - if $virtualhost_hash != {} { - validate_hash($virtualhost_hash) - create_resources('apache::virtualhost', $virtualhost_hash) - } - - ### Calculation of variables that dependes on arguments - $vdir = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => "${apache::config_dir}/sites-available", - SLES => "${apache::config_dir}/vhosts.d", - default => "${apache::config_dir}/conf.d", - } - - case $::operatingsystem { - /(?i:Ubuntu)/ : { - case $::lsbmajdistrelease { - /14/ : { - $dotconf_dir = "${apache::config_dir}/conf-available" - } - default: { - $dotconf_dir = "${apache::config_dir}/conf.d" - } - } - } - /(?i:Debian)/ : { - case $::lsbmajdistrelease { - /8/ : { - $dotconf_dir = "${apache::config_dir}/conf-available" - } - default: { - $dotconf_dir = "${apache::config_dir}/conf.d" - } - } - } - default: { - $dotconf_dir = "${apache::config_dir}/conf.d" - } - } - - ### Definition of some variables used in the module - $manage_package = $apache::bool_absent ? { - true => 'absent', - false => $apache::version ? { - '' => 'present', - default => $apache::version, - }, - } - - $manage_service_enable = $apache::bool_disableboot ? { - true => false, - default => $apache::bool_disable ? { - true => false, - default => $apache::bool_absent ? { - true => false, - false => true, - }, - }, - } - - $manage_service_ensure = $apache::bool_disable ? { - true => 'stopped', - default => $apache::bool_absent ? { - true => 'stopped', - default => 'running', - }, - } - - $manage_service_autorestart = $apache::bool_service_autorestart ? { - true => 'Service[apache]', - false => undef, - } - - $manage_file = $apache::bool_absent ? { - true => 'absent', - default => 'present', - } - - if $apache::bool_absent == true - or $apache::bool_disable == true - or $apache::bool_monitor == false - or $apache::bool_disableboot == true { - $manage_monitor = false - } else { - $manage_monitor = true - } - - if $apache::bool_absent == true or $apache::bool_disable == true { - $manage_firewall = false - } else { - $manage_firewall = true - } - - $manage_audit = $apache::bool_audit_only ? { - true => 'all', - false => undef, - } - - $manage_file_replace = $apache::bool_audit_only ? { - true => false, - false => true, - } - - $manage_file_source = $apache::source ? { - '' => undef, - default => $apache::source, - } - - $manage_file_content = $apache::template ? { - '' => undef, - default => template($apache::template), - } - - ### Managed resources - package { 'apache': - ensure => $apache::manage_package, - name => $apache::package, - } - - service { 'apache': - ensure => $apache::manage_service_ensure, - name => $apache::service, - enable => $apache::manage_service_enable, - hasstatus => $apache::service_status, - pattern => $apache::process, - require => $service_requires, - } - - file { 'apache.conf': - ensure => $apache::manage_file, - path => $apache::config_file, - mode => $apache::config_file_mode, - owner => $apache::config_file_owner, - group => $apache::config_file_group, - require => Package['apache'], - notify => $apache::manage_service_autorestart, - source => $apache::manage_file_source, - content => $apache::manage_file_content, - replace => $apache::manage_file_replace, - audit => $apache::manage_audit, - } - - # The whole apache configuration directory can be recursively overriden - if $apache::source_dir and $apache::source_dir != '' { - file { 'apache.dir': - ensure => directory, - path => $apache::config_dir, - require => Package['apache'], - notify => $apache::manage_service_autorestart, - source => $apache::source_dir, - recurse => true, - purge => $apache::bool_source_dir_purge, - force => $apache::bool_source_dir_purge, - replace => $apache::manage_file_replace, - audit => $apache::manage_audit, - } - } - - if $apache::config_file_default_purge { - apache::vhost { 'default': - enable => false, - priority => '', - } - } - - ### Include custom class if $my_class is set - if $apache::my_class and $apache::my_class != '' { - include $apache::my_class - } - - - ### Provide puppi data, if enabled ( puppi => true ) - if $apache::bool_puppi == true { - $classvars=get_class_args() - puppi::ze { 'apache': - ensure => $apache::manage_file, - variables => $classvars, - helper => $apache::puppi_helper, - } - } - - - ### Service monitoring, if enabled ( monitor => true ) - if $apache::monitor_tool { - monitor::port { "apache_${apache::protocol}_${apache::port}": - protocol => $apache::protocol, - port => $apache::port, - target => $apache::monitor_target, - tool => $apache::monitor_tool, - enable => $apache::manage_monitor, - } - monitor::process { 'apache_process': - process => $apache::process, - service => $apache::service, - pidfile => $apache::pid_file, - user => $apache::process_user, - argument => $apache::process_args, - tool => $apache::monitor_tool, - enable => $apache::manage_monitor, - } - } - - - ### Firewall management, if enabled ( firewall => true ) - if $apache::bool_firewall == true { - firewall { "apache_${apache::protocol}_${apache::port}": - source => $apache::firewall_src, - destination => $apache::firewall_dst, - protocol => $apache::protocol, - port => $apache::port, - action => 'allow', - direction => 'input', - tool => $apache::firewall_tool, - enable => $apache::manage_firewall, - } - } - - - ### Debugging, if enabled ( debug => true ) - if $apache::bool_debug == true { - file { 'debug_apache': - ensure => $apache::manage_file, - path => "${settings::vardir}/debug-apache", - mode => '0640', - owner => 'root', - group => 'root', - content => inline_template('<%= scope.to_hash.reject { |k,v| k.to_s =~ /(uptime.*|path|timestamp|free|.*password.*|.*psk.*|.*key)/ }.to_yaml %>'), - } - } -} \ No newline at end of file diff --git a/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/listen.pp b/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/listen.pp deleted file mode 100644 index 093d37142..000000000 --- a/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/listen.pp +++ /dev/null @@ -1,42 +0,0 @@ -# = Define: apache::listen -# -# This define creates a Listen statement in Apache configuration -# It adds a single configuration file to Apache conf.d with the Listen -# statement -# -# == Parameters -# -# [*namevirtualhost*] -# If to add a NameVirtualHost for this port. Default: * -# (it creates a NameVirtualHost <%= @namevirtualhost %>:<%= @port %> entry) -# Set to false to listen to the port without a NameVirtualHost -# -# == Examples -# apache::listen { '8080':} -# -define apache::listen ( - $namevirtualhost = '*', - $ensure = 'present', - $template = 'apache/listen.conf.erb', - $notify_service = true ) { - - include apache - - $manage_service_autorestart = $notify_service ? { - true => 'Service[apache]', - false => undef, - } - - file { "Apache_Listen_${name}.conf": - ensure => $ensure, - path => "${apache::config_dir}/conf.d/0000_listen_${name}.conf", - mode => $apache::config_file_mode, - owner => $apache::config_file_owner, - group => $apache::config_file_group, - require => Package['apache'], - notify => $manage_service_autorestart, - content => template($template), - audit => $apache::manage_audit, - } - -} diff --git a/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/params.pp b/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/params.pp deleted file mode 100644 index e7496949f..000000000 --- a/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/params.pp +++ /dev/null @@ -1,158 +0,0 @@ -# Class: apache::params -# -# This class defines default parameters used by the main module class apache -# Operating Systems differences in names and paths are addressed here -# -# == Variables -# -# Refer to apache class for the variables defined here. -# -# == Usage -# -# This class is not intended to be used directly. -# It may be imported or inherited by other classes -# -class apache::params { - - ### Application specific parameters - $package_modssl = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => 'libapache-mod-ssl', - /(?i:SLES|OpenSuSE)/ => undef, - default => 'mod_ssl', - } - - ### Application related parameters - - $package = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => 'apache2', - /(?i:SLES|OpenSuSE)/ => 'apache2', - default => 'httpd', - } - - $service = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => 'apache2', - /(?i:SLES|OpenSuSE)/ => 'apache2', - default => 'httpd', - } - - $service_status = $::operatingsystem ? { - default => true, - } - - $process = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => 'apache2', - /(?i:SLES|OpenSuSE)/ => 'httpd2-prefork', - default => 'httpd', - } - - $process_args = $::operatingsystem ? { - default => '', - } - - $process_user = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => 'www-data', - /(?i:SLES|OpenSuSE)/ => 'wwwrun', - default => 'apache', - } - - $config_dir = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => '/etc/apache2', - /(?i:SLES|OpenSuSE)/ => '/etc/apache2', - freebsd => '/usr/local/etc/apache20', - default => '/etc/httpd', - } - - $config_file = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => '/etc/apache2/apache2.conf', - /(?i:SLES|OpenSuSE)/ => '/etc/apache2/httpd.conf', - freebsd => '/usr/local/etc/apache20/httpd.conf', - default => '/etc/httpd/conf/httpd.conf', - } - - $config_file_mode = $::operatingsystem ? { - default => '0644', - } - - $config_file_owner = $::operatingsystem ? { - default => 'root', - } - - $config_file_group = $::operatingsystem ? { - freebsd => 'wheel', - default => 'root', - } - - $config_file_init = $::operatingsystem ? { - /(?i:Debian|Ubuntu|Mint)/ => '/etc/default/apache2', - /(?i:SLES|OpenSuSE)/ => '/etc/sysconfig/apache2', - default => '/etc/sysconfig/httpd', - } - - $pid_file = $::operatingsystem ? { - /(?i:Debian|Ubuntu|Mint)/ => '/var/run/apache2.pid', - /(?i:SLES|OpenSuSE)/ => '/var/run/httpd2.pid', - default => '/var/run/httpd.pid', - } - - $log_dir = $::operatingsystem ? { - /(?i:Debian|Ubuntu|Mint)/ => '/var/log/apache2', - /(?i:SLES|OpenSuSE)/ => '/var/log/apache2', - default => '/var/log/httpd', - } - - $log_file = $::operatingsystem ? { - /(?i:Debian|Ubuntu|Mint)/ => ['/var/log/apache2/access.log','/var/log/apache2/error.log'], - /(?i:SLES|OpenSuSE)/ => ['/var/log/apache2/access.log','/var/log/apache2/error.log'], - default => ['/var/log/httpd/access.log','/var/log/httpd/error.log'], - } - - $data_dir = $::operatingsystem ? { - /(?i:Debian|Ubuntu|Mint)/ => '/var/www', - /(?i:Suse|OpenSuse)/ => '/srv/www/htdocs', - default => '/var/www/html', - } - - $ports_conf_path = $::operatingsystem ? { - /(?i:Debian|Ubuntu|Mint)/ => '/etc/apache2/ports.conf', - default => '', - } - - $port = '80' - $ssl_port = '443' - $protocol = 'tcp' - - # General Settings - $my_class = '' - $source = '' - $source_dir = '' - $source_dir_purge = false - $config_file_default_purge = false - $template = '' - $options = '' - $service_autorestart = true - $service_requires = Package['apache'] - $absent = false - $version = '' - $disable = false - $disableboot = false - - ### General module variables that can have a site or per module default - $monitor = false - $monitor_tool = '' - $monitor_target = $::ipaddress - $firewall = false - $firewall_tool = '' - $firewall_src = '0.0.0.0/0' - $firewall_dst = $::ipaddress - $puppi = false - $puppi_helper = 'standard' - $debug = false - $audit_only = false - $dotconf_hash = {} - $htpasswd_hash = {} - $listen_hash = {} - $module_hash = {} - $vhost_hash = {} - $virtualhost_hash = {} - -} diff --git a/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/ssl.pp b/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/ssl.pp deleted file mode 100644 index 6d0f6d70b..000000000 --- a/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/ssl.pp +++ /dev/null @@ -1,67 +0,0 @@ -# Class apache::ssl -# -# Apache resources specific for SSL -# -class apache::ssl { - - include apache - - case $::operatingsystem { - ubuntu,debian,mint: { - exec { 'enable-ssl': - command => '/usr/sbin/a2enmod ssl', - creates => '/etc/apache2/mods-enabled/ssl.load', - notify => Service['apache'], - require => Package['apache'], - } - } - - default: { - package { 'mod_ssl': - ensure => present, - require => Package['apache'], - notify => Service['apache'], - } - file { "${apache::config_dir}/ssl.conf": - mode => '0644', - owner => 'root', - group => 'root', - notify => Service['apache'], - } - file {['/var/cache/mod_ssl', '/var/cache/mod_ssl/scache']: - ensure => directory, - owner => 'apache', - group => 'root', - mode => '0700', - require => Package['mod_ssl'], - notify => Service['apache'], - } - } - } - - ### Port monitoring, if enabled ( monitor => true ) - if $apache::bool_monitor == true { - monitor::port { "apache_${apache::protocol}_${apache::ssl_port}": - protocol => $apache::protocol, - port => $apache::ssl_port, - target => $apache::monitor_target, - tool => $apache::monitor_tool, - enable => $apache::manage_monitor, - } - } - - ### Firewall management, if enabled ( firewall => true ) - if $apache::bool_firewall == true { - firewall { "apache_${apache::protocol}_${apache::ssl_port}": - source => $apache::firewall_src, - destination => $apache::firewall_dst, - protocol => $apache::protocol, - port => $apache::ssl_port, - action => 'allow', - direction => 'input', - tool => $apache::firewall_tool, - enable => $apache::manage_firewall, - } - } - -} diff --git a/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/vhost.pp b/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/vhost.pp deleted file mode 100644 index 8c1d89dac..000000000 --- a/modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/vhost.pp +++ /dev/null @@ -1,275 +0,0 @@ -# = Define: apache::vhost -# -# This class manages Apache Virtual Hosts configuration files -# -# == Parameters: -# [*port*] -# The port to configure the host on - -# [*ip_addr*] -# The ip to configure the host on. Default: * (all IPs) -# -# [*docroot*] -# The VirtualHost DocumentRoot -# -# [*docroot_create*] -# If the specified directory has to be created. Default: false -# -# [*ssl*] -# Set to true to enable SSL for this Virtual Host -# -# [*template*] -# Specify a custom template to use instead of the default one -# The value will be used in content => template($template) -# -# [*source*] -# Source file for vhost. Alternative to template. -# Note that if you decide to source a static file most of the other -# parameters of this define won't be used. -# Note also that if you set a source file, you've to explicitly set -# the template parameter to undef. -# -# [*priority*] -# The priority of the VirtualHost, lower values are evaluated first -# Set to '' to edit default apache value -# -# [*serveraliases*] -# An optional list of space separated ServerAliases -# -# [*env_variables*] -# An optional list of space separated environment variables (e.g ['APP_ENV dev']) -# -# [*server_admin*] -# Server admin email address -# -# [*server_name*] -# An optional way to directly set server name -# False mean, that servername is not present in generated config file -# -# [*passenger*] -# If Passenger should be enabled -# -# [*passenger_high_performance*] -# Set the PassengerHighPerformance directive -# -# [*passenger_pool_max_pool_size*] -# Set the PassengerMaxPoolSize directive -# -# [*passenger_pool_idle_time*] -# Set the PassengerPoolIdleTime directive -# -# [*passenger_max_requests*] -# Set the PassengerMaxRequests directive -# -# [*passenger_stat_throttle_rate*] -# Set the PassengerStatThrottleRate directive -# -# [*passenger_rack_auto_detect*] -# Set the RackAutoDetect directive -# -# [*passenger_rails_auto_detect*] -# Set the RailsAutoDetect directive -# -# [*passenger_rails_env*] -# Set the RailsEnv directive -# -# [*passenger_rails_base_uri*] -# Set the RackBaseURI directive -# -# [*passenger_rack_env*] -# Set the RackEnv directive -# -# [*passenger_rack_base_uri*] -# Set the RackBaseURI directive -# -# [*directory*] -# Set the VHost directory used for the directive -# -# [*directory_options*] -# Set the directory's Options -# -# [*directory_allow_override*] -# Set the directory's override configuration -# -# [*directory_require*] -# Set the Require attribute for Apache 2.4 -# -# [*aliases*] -# Set one or more Alias directives (e.g '/phpmyadmin /usr/share/phpMyAdmin' -# or ['/alias1 /path/to/alias', '/alias2 /path/to/secondalias']) -# -# [*proxy_aliases*] -# Set one or more proxy and reverse proxy directives. (e.g. '/manager http://localhost:8080/manager' -# or ['/manager http://localhost:8080/manager', '/alias3 http://remote.server.com/alias']) -# -# == Examples: -# apache::vhost { 'site.name.fqdn': -# docroot => '/path/to/docroot', -# } -# -# apache::vhost { 'mysite': -# docroot => '/path/to/docroot', -# template => 'myproject/apache/mysite.conf', -# } -# -# apache::vhost { 'my.other.site': -# docroot => '/path/to/docroot', -# directory => '/path/to', -# directory_allow_override => 'All', -# } -# -# apache::vhost { 'sitewithalias': -# docroot => '/path/to/docroot', -# aliases => '/phpmyadmin /usr/share/phpMyAdmin', -# } -# -define apache::vhost ( - $server_admin = '', - $server_name = '', - $docroot = '', - $docroot_create = false, - $docroot_owner = 'root', - $docroot_group = 'root', - $port = '80', - $ip_addr = '*', - $ssl = false, - $template = 'apache/virtualhost/vhost.conf.erb', - $source = '', - $priority = '50', - $serveraliases = '', - $env_variables = '', - $passenger = false, - $passenger_high_performance = true, - $passenger_max_pool_size = 12, - $passenger_pool_idle_time = 1200, - $passenger_max_requests = 0, - $passenger_stat_throttle_rate = 30, - $passenger_rack_auto_detect = true, - $passenger_rails_auto_detect = false, - $passenger_rails_env = '', - $passenger_rails_base_uri = '', - $passenger_rack_env = '', - $passenger_rack_base_uri = '', - $enable = true, - $directory = '', - $directory_options = '', - $directory_allow_override = 'None', - $directory_require = '', - $aliases = '', - $proxy_aliases = '' -) { - - $ensure = $enable ? { - true => present, - false => present, - absent => absent, - } - $bool_docroot_create = any2bool($docroot_create) - $bool_passenger = any2bool($passenger) - $bool_passenger_high_performance = any2bool($passenger_high_performance) - $bool_passenger_rack_auto_detect = any2bool($passenger_rack_auto_detect) - $bool_passenger_rails_auto_detect = any2bool($passenger_rails_auto_detect) - - $real_docroot = $docroot ? { - '' => "${apache::data_dir}/${name}", - default => $docroot, - } - - $real_directory = $directory ? { - '' => $apache::data_dir, - default => $directory, - } - - $server_name_value = $server_name ? { - '' => $name, - default => $server_name, - } - - $manage_file_source = $source ? { - '' => undef, - default => $source, - } - - # Server admin email - if $server_admin != '' { - $server_admin_email = $server_admin - } elsif ($name != 'default') and ($name != 'default-ssl') { - $server_admin_email = "webmaster@${name}" - } else { - $server_admin_email = 'webmaster@localhost' - } - - # Config file path - if $priority != '' { - $config_file_path = "${apache::vdir}/${priority}-${name}.conf" - } elsif ($name != 'default') and ($name != 'default-ssl') { - $config_file_path = "${apache::vdir}/${name}.conf" - } else { - $config_file_path = "${apache::vdir}/${name}" - } - - # Config file enable path - if $priority != '' { - $config_file_enable_path = "${apache::config_dir}/sites-enabled/${priority}-${name}.conf" - } elsif ($name != 'default') and ($name != 'default-ssl') { - $config_file_enable_path = "${apache::config_dir}/sites-enabled/${name}.conf" - } else { - $config_file_enable_path = "${apache::config_dir}/sites-enabled/000-${name}" - } - - $manage_file_content = $template ? { - '' => undef, - undef => undef, - default => template($template), - } - - include apache - - file { $config_file_path: - ensure => $ensure, - source => $manage_file_source, - content => $manage_file_content, - mode => $apache::config_file_mode, - owner => $apache::config_file_owner, - group => $apache::config_file_group, - require => Package['apache'], - notify => $apache::manage_service_autorestart, - } - - # Some OS specific settings: - # On Debian/Ubuntu manages sites-enabled - case $::operatingsystem { - ubuntu,debian,mint: { - $file_vhost_link_ensure = $enable ? { - true => $config_file_path, - false => absent, - absent => absent, - } - file { "ApacheVHostEnabled_${name}": - ensure => $file_vhost_link_ensure, - path => $config_file_enable_path, - require => Package['apache'], - notify => $apache::manage_service_autorestart, - } - } - redhat,centos,scientific,fedora: { - include apache::redhat - } - default: { } - } - - if $bool_docroot_create == true { - file { $real_docroot: - ensure => directory, - owner => $docroot_owner, - group => $docroot_group, - mode => '0775', - require => Package['apache'], - } - } - - if $bool_passenger == true { - include apache::passenger - } -} - diff --git a/modules/services/unix/http/apache/module/example42_apache_2_1_12/metadata.json b/modules/services/unix/http/apache/module/example42_apache_2_1_12/metadata.json deleted file mode 100644 index a246d196a..000000000 --- a/modules/services/unix/http/apache/module/example42_apache_2_1_12/metadata.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "name": "example42-apache", - "version": "2.1.12", - "author": "Alessandro Franceschi, Martin Alfke", - "summary": "Puppet module for apache", - "license": "Apache-2.0", - "source": "https://github.com/example42/puppet-apache", - "project_page": "https://github.com/example42/puppet-apache", - "issues_url": "https://github.com/example42/puppet-apache/issues", - "dependencies": [ - {"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0 < 5.0.0"}, - {"name":"example42/puppi","version_requirement":">= 2.0.0"}, - {"name":"example42/monitor","version_requirement":">= 2.0.0"}, - {"name":"example42/iptables","version_requirement":">= 2.0.0"}, - {"name":"example42/firewall","version_requirement":">= 2.0.0"}, - {"name":"puppetlabs/concat","version_requirement":">= 1.0.0"} - ], - "checksums": { - }, - "operatingsystem_support": [ - { - "operatingsystem": "RedHat", - "operatingsystemrelease": [ - "7" - ] - }, - { - "operatingsystem": "Centos", - "operatingsystemrelease": [ - "7" - ] - }, - { - "operatingsystem": "Debian", - "operatingsystemrelease": [ - "7" - ] - }, - { - "operatingsystem": "Ubuntu", - "operatingsystemrelease": [ - "14.04" - ] - } - ], - "requirements": [ - { - "name": "pe", - "version_requirement": ">= 3.0.0 < 5.0.0" - }, - { - "name": "puppet", - "version_requirement": ">= 3.0.0 < 5.0.0" - } - ] -} diff --git a/modules/services/unix/http/apache/module/example42_apache_2_1_12/spec/classes/apache_spec.rb b/modules/services/unix/http/apache/module/example42_apache_2_1_12/spec/classes/apache_spec.rb deleted file mode 100644 index 23169fbbf..000000000 --- a/modules/services/unix/http/apache/module/example42_apache_2_1_12/spec/classes/apache_spec.rb +++ /dev/null @@ -1,199 +0,0 @@ -require "#{File.join(File.dirname(__FILE__),'..','spec_helper.rb')}" - -describe 'apache' do - - let(:title) { 'apache' } - let(:node) { 'rspec.example42.com' } - let(:facts) { { :ipaddress => '10.42.42.42' , :monitor_tool => 'puppi', :operatingsystemrelease => '6.6' } } - - describe 'Test standard installation' do - it { should contain_package('apache').with_ensure('present') } - it { should contain_service('apache').with_ensure('running') } - it { should contain_service('apache').with_enable('true') } - it { should contain_file('apache.conf').with_ensure('present') } - end - - describe 'Test standard installation with monitoring and firewalling' do - let(:params) { {:monitor => true , :firewall => true, :port => '42' } } - - it { should contain_package('apache').with_ensure('present') } - it { should contain_service('apache').with_ensure('running') } - it { should contain_service('apache').with_enable('true') } - it { should contain_file('apache.conf').with_ensure('present') } - it 'should monitor the process' do - should contain_monitor__process('apache_process').with_enable(true) - end - it 'should place a firewall rule' do - should contain_firewall('apache_tcp_42').with_enable(true) - end - end - - describe 'Test decommissioning - absent' do - let(:params) { {:absent => true, :monitor => true , :firewall => true, :port => '42'} } - - it 'should remove Package[apache]' do should contain_package('apache').with_ensure('absent') end - it 'should stop Service[apache]' do should contain_service('apache').with_ensure('stopped') end - it 'should not enable at boot Service[apache]' do should contain_service('apache').with_enable('false') end - it 'should remove apache configuration file' do should contain_file('apache.conf').with_ensure('absent') end - it 'should not monitor the process' do - should contain_monitor__process('apache_process').with_enable(false) - end - it 'should remove a firewall rule' do - should contain_firewall('apache_tcp_42').with_enable(false) - end - end - - describe 'Test decommissioning - disable' do - let(:params) { {:disable => true, :monitor => true , :firewall => true, :port => '42'} } - - it { should contain_package('apache').with_ensure('present') } - it 'should stop Service[apache]' do should contain_service('apache').with_ensure('stopped') end - it 'should not enable at boot Service[apache]' do should contain_service('apache').with_enable('false') end - it { should contain_file('apache.conf').with_ensure('present') } - it 'should not monitor the process' do - should contain_monitor__process('apache_process').with_enable(false) - end - it 'should remove a firewall rule' do - should contain_firewall('apache_tcp_42').with_enable(false) - end - end - - describe 'Test decommissioning - disableboot' do - let(:params) { {:disableboot => true, :monitor => true , :firewall => true, :port => '42'} } - - it { should contain_package('apache').with_ensure('present') } - it { should_not contain_service('apache').with_ensure('present') } - it { should_not contain_service('apache').with_ensure('absent') } - it 'should not enable at boot Service[apache]' do should contain_service('apache').with_enable('false') end - it { should contain_file('apache.conf').with_ensure('present') } - it 'should not monitor the process locally' do - should contain_monitor__process('apache_process').with_enable(false) - end - it 'should keep a firewall rule' do - should contain_firewall('apache_tcp_42').with_enable(true) - end - end - - describe 'Test customizations - template' do - let(:params) { {:template => "apache/spec.erb" , :options => { 'opt_a' => 'value_a' } } } - - it 'should generate a valid template' do - should contain_file('apache.conf').with_content(/fqdn: rspec.example42.com/) - end - it 'should generate a template that uses custom options' do - should contain_file('apache.conf').with_content(/value_a/) - end - - end - - describe 'Test customizations - source' do - let(:params) { {:source => "puppet://modules/apache/spec" , :source_dir => "puppet://modules/apache/dir/spec" , :source_dir_purge => true } } - - it 'should request a valid source ' do - should contain_file('apache.conf').with_source("puppet://modules/apache/spec") - end - it 'should request a valid source dir' do - should contain_file('apache.dir').with_source("puppet://modules/apache/dir/spec") - end - it 'should purge source dir if source_dir_purge is true' do - should contain_file('apache.dir').with_purge(true) - end - end - - describe 'Test customizations - custom class' do - let(:params) { {:my_class => "apache::spec" } } - it 'should automatically include a custom class' do - should contain_file('apache.conf').with_content(/fqdn: rspec.example42.com/) - end - end - - describe 'Test service autorestart' do - it 'should automatically restart the service, by default' do - should contain_file('apache.conf').with_notify("Service[apache]") - end - end - - describe 'Test service autorestart' do - let(:params) { {:service_autorestart => "no" } } - - it 'should not automatically restart the service, when service_autorestart => false' do - should contain_file('apache.conf').with_notify(nil) - end - end - - describe 'Test Puppi Integration' do - let(:params) { {:puppi => true, :puppi_helper => "myhelper"} } - - it 'should generate a puppi::ze define' do - should contain_puppi__ze('apache').with_helper("myhelper") - end - end - - describe 'Test Monitoring Tools Integration' do - let(:params) { {:monitor => true, :monitor_tool => "puppi" } } - - it 'should generate monitor defines' do - should contain_monitor__process('apache_process').with_tool("puppi") - end - end - - describe 'Test Firewall Tools Integration' do - let(:params) { {:firewall => true, :firewall_tool => "iptables" , :protocol => "tcp" , :port => "42" } } - - it 'should generate correct firewall define' do - should contain_firewall('apache_tcp_42').with_tool("iptables") - end - end - - describe 'Test OldGen Module Set Integration' do - let(:params) { {:monitor => "yes" , :monitor_tool => "puppi" , :firewall => "yes" , :firewall_tool => "iptables" , :puppi => "yes" , :port => "42" } } - - it 'should generate monitor resources' do - should contain_monitor__process('apache_process').with_tool("puppi") - end - it 'should generate firewall resources' do - should contain_firewall('apache_tcp_42').with_tool("iptables") - end - it 'should generate puppi resources ' do - should contain_puppi__ze('apache').with_ensure("present") - end - end - - describe 'Test params lookup' do - let(:facts) { { :monitor => true , :ipaddress => '10.42.42.42', :operatingsystemrelease => '6.6' } } - let(:params) { { :port => '42' , :monitor_tool => 'puppi' } } - - it 'should honour top scope global vars' do - should contain_monitor__process('apache_process').with_enable(true) - end - end - - describe 'Test params lookup' do - let(:facts) { { :apache_monitor => true , :ipaddress => '10.42.42.42', :operatingsystemrelease => '6.6' } } - let(:params) { { :port => '42' , :monitor_tool => 'puppi' } } - - it 'should honour module specific vars' do - should contain_monitor__process('apache_process').with_enable(true) - end - end - - describe 'Test params lookup' do - let(:facts) { { :monitor => false , :apache_monitor => true , :ipaddress => '10.42.42.42', :operatingsystemrelease => '6.6' } } - let(:params) { { :port => '42' , :monitor_tool => 'puppi' } } - - it 'should honour top scope module specific over global vars' do - should contain_monitor__process('apache_process').with_enable(true) - end - end - - describe 'Test params lookup' do - let(:facts) { { :monitor => false , :ipaddress => '10.42.42.42', :operatingsystemrelease => '6.6' } } - let(:params) { { :monitor => true , :monitor_tool => 'puppi' , :firewall => true, :port => '42' } } - - it 'should honour passed params over global vars' do - should contain_monitor__process('apache_process').with_enable(true) - end - end - -end - diff --git a/modules/services/unix/http/apache/module/example42_apache_2_1_12/spec/spec_helper.rb b/modules/services/unix/http/apache/module/example42_apache_2_1_12/spec/spec_helper.rb deleted file mode 100644 index 2c6f56649..000000000 --- a/modules/services/unix/http/apache/module/example42_apache_2_1_12/spec/spec_helper.rb +++ /dev/null @@ -1 +0,0 @@ -require 'puppetlabs_spec_helper/module_spec_helper' diff --git a/modules/services/unix/http/apache/secgen_metadata.xml b/modules/services/unix/http/apache/secgen_metadata.xml index 285e1576d..e69de29bb 100644 --- a/modules/services/unix/http/apache/secgen_metadata.xml +++ b/modules/services/unix/http/apache/secgen_metadata.xml @@ -1,5 +0,0 @@ - - \ No newline at end of file diff --git a/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/module/vsftpd_234_backdoor/files/copyvsftpd.sh b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/vsftpd_234_backdoor/files/copyvsftpd.sh similarity index 100% rename from modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/module/vsftpd_234_backdoor/files/copyvsftpd.sh rename to modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/vsftpd_234_backdoor/files/copyvsftpd.sh diff --git a/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/module/vsftpd_234_backdoor/files/startvsftpd.sh b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/vsftpd_234_backdoor/files/startvsftpd.sh similarity index 100% rename from modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/module/vsftpd_234_backdoor/files/startvsftpd.sh rename to modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/vsftpd_234_backdoor/files/startvsftpd.sh diff --git a/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/module/vsftpd_234_backdoor/files/vsftpd-2.3.4.tar.gz b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/vsftpd_234_backdoor/files/vsftpd-2.3.4.tar.gz similarity index 100% rename from modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/module/vsftpd_234_backdoor/files/vsftpd-2.3.4.tar.gz rename to modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/vsftpd_234_backdoor/files/vsftpd-2.3.4.tar.gz diff --git a/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/module/vsftpd_234_backdoor/manifests/install.pp b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/vsftpd_234_backdoor/manifests/install.pp similarity index 79% rename from modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/module/vsftpd_234_backdoor/manifests/install.pp rename to modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/vsftpd_234_backdoor/manifests/install.pp index de9806850..551be2ced 100644 --- a/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/module/vsftpd_234_backdoor/manifests/install.pp +++ b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/vsftpd_234_backdoor/manifests/install.pp @@ -4,7 +4,7 @@ exec { 'unzip-vsftpd': command => 'tar xzf vsftpd-2.3.4.tar.gz && mv vsftpd-2.3.4 /home/vagrant/vsftpd-2.3.4', path => '/bin', - cwd => '/mount/puppet/module/vsftpd_234_backdoor/vsftpd_234_backdoor/files', + cwd => '/mount/puppet/module/vsftpd_234_backdoor/files', creates => "/home/vagrant/vsftpd-2.3.4/vsftpd", notify => Exec['make-vsftpd'] } @@ -18,7 +18,7 @@ } exec { 'copy-vsftpd': - command => '/mount/puppet/module/vsftpd_234_backdoor/vsftpd_234_backdoor/files/copyvsftpd.sh', + command => '/mount/puppet/module/vsftpd_234_backdoor/files/copyvsftpd.sh', cwd => "/home/vagrant/vsftpd-2.3.4", creates => "/usr/local/sbin/vsftpd", notify => User['ftp'], @@ -37,7 +37,7 @@ } exec { 'start-vsftpd': - command => '/mount/puppet/module/vsftpd_234_backdoor/vsftpd_234_backdoor/files/startvsftpd.sh', + command => '/mount/puppet/module/vsftpd_234_backdoor/files/startvsftpd.sh', require => User["ftp"], } } diff --git a/modules/vulnerabilities/unix/misc/distcc_exec/module/distcc_exec/manifests/distcc_config.pp b/modules/vulnerabilities/unix/misc/distcc_exec/distcc_exec/manifests/distcc_config.pp similarity index 100% rename from modules/vulnerabilities/unix/misc/distcc_exec/module/distcc_exec/manifests/distcc_config.pp rename to modules/vulnerabilities/unix/misc/distcc_exec/distcc_exec/manifests/distcc_config.pp diff --git a/modules/vulnerabilities/unix/misc/distcc_exec/module/distcc_exec/templates/distcc.erb b/modules/vulnerabilities/unix/misc/distcc_exec/distcc_exec/templates/distcc.erb similarity index 100% rename from modules/vulnerabilities/unix/misc/distcc_exec/module/distcc_exec/templates/distcc.erb rename to modules/vulnerabilities/unix/misc/distcc_exec/distcc_exec/templates/distcc.erb diff --git a/modules/vulnerabilities/unix/other/mountable_nfs/module/mountable_nfs/manifests/config.pp b/modules/vulnerabilities/unix/other/mountable_nfs/mountable_nfs/manifests/config.pp similarity index 100% rename from modules/vulnerabilities/unix/other/mountable_nfs/module/mountable_nfs/manifests/config.pp rename to modules/vulnerabilities/unix/other/mountable_nfs/mountable_nfs/manifests/config.pp diff --git a/modules/vulnerabilities/unix/other/mountable_nfs/module/mountable_nfs/templates/exports.erb b/modules/vulnerabilities/unix/other/mountable_nfs/mountable_nfs/templates/exports.erb similarity index 100% rename from modules/vulnerabilities/unix/other/mountable_nfs/module/mountable_nfs/templates/exports.erb rename to modules/vulnerabilities/unix/other/mountable_nfs/mountable_nfs/templates/exports.erb diff --git a/modules/vulnerabilities/unix/other/writeable_shadow/module/writeable_shadow/manifests/config.pp b/modules/vulnerabilities/unix/other/writeable_shadow/writeable_shadow/manifests/config.pp similarity index 100% rename from modules/vulnerabilities/unix/other/writeable_shadow/module/writeable_shadow/manifests/config.pp rename to modules/vulnerabilities/unix/other/writeable_shadow/writeable_shadow/manifests/config.pp