ExternalMirrors
/
apache-formula
дзеркало https://github.com/saltstack-formulas/apache-formula.git
Слідкувати 1
В обрані 0
Форк 1
Код Проблеми 0 Релізи 31 Вікі Активність
Saltstack Official Apache Formula
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
389 Коміти
5 Гілки
Дерево: 7d46830814
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з '7d46830814'
${ noResults }
apache-formula/pillar.example

pillar.example 13KB
Неформатований Normal View Історія

Added package-map.jinja
11 роки тому
Added apache.vhost formula
11 роки тому
add lookup section to pillar.example
9 роки тому
Add default user/group attributes as required by some states
8 роки тому
Added apache.vhost formula
11 роки тому
add lookup section to pillar.example
9 роки тому
fix Options in pillar.example
8 роки тому
This branch is foundational for further version-specific work to come. * Add apache version (2.2, 2.4) detection based on osfinger (defaults to 2.4). * Version can be overridden in pillar (for Apache 2.4 on RHEL 6 for example)
9 роки тому
add lookup section to pillar.example
9 роки тому
Updated README with these changes moved Pillar examples into pillar file
11 роки тому
RedHat: Made AddDefaultCharset Directive configurable (#147) * RedHat: Made AddDefaultCharset Directive configurable * Added description of apache:lookup:default_charset to pillar.example, sane default equals former hardcoded UTF-8
8 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Allow global directives to be added to apache config
9 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Allow global directives to be added to apache config
9 роки тому
Add support for NameVirtualHost on Debian
8 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Add support for NameVirtualHost on Debian
8 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Add support for NameVirtualHost on Debian
8 роки тому
Moved all Pillar examples under the same dictionary key Having multiple different examples in the same file was causing confusion.
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
add an 'enabled' attribute for a site in pillar
9 роки тому
Added minimal template (fixes #34)
7 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Adding exclude_listen_directive option (#151) * Adding exclude_listen_directive option * Updating Debian config
8 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Fix incorrect syntax in pillar example for SSLCertificateFile, SSLCertificateKeyFile Fix check for SSLCertificateFile, SSLCertificateKeyFile variables in vhosts/standard.tmpl, now using dict.get()
9 роки тому
ssl: also support the SSLCertificateChainFile required by some providers
9 роки тому
Add basic SSL functionality.
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
fix Options in pillar.example
8 роки тому
Adding support for Apache 2.4 on Ubuntu 14.04 - Adding confext to virtualhost names. - Renaming the default config file for Ubuntu (000-default.conf). - Adding ability to use "Require all granted".
10 роки тому
Added apache.vhost formula
11 роки тому
pillar exemple for RedirectMatch directive
7 роки тому
Add Reverse Proxy directives, GeoIP, Certificates management, mostly for RedHat
8 роки тому
Consolidate duplicate 'Location' stanzas in pillar.example; SLS Rendering Error fix
7 роки тому
Add Reverse Proxy directives, GeoIP, Certificates management, mostly for RedHat
8 роки тому
Add example code for new templates 'redirect.tmpl' and 'proxy.tmpl'.
10 роки тому
Added support for Alias and Locations, as well as enabling Dav
9 роки тому
Added apache.vhost formula
11 роки тому
Moved all Pillar examples under the same dictionary key Having multiple different examples in the same file was causing confusion.
10 роки тому
Updated README with these changes moved Pillar examples into pillar file
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Updated README with these changes moved Pillar examples into pillar file
11 роки тому
Add optional templating to register_site Add optional templating for the register site aspect of a pillar. User can specify keys to be included as defaults, otherwise it is treated as a normal managed file.
10 роки тому
Add ability to specify modules in pillar
10 роки тому
Added ability to manage security settings By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
9 роки тому
Added ability to configure KeepAlive option Sometimes it's necessary optimization in nginx+apache2 environment
9 роки тому
Fixed YAML parsing On/Off as True/False True and False are not correct values for apache config
9 роки тому
Added ability to configure KeepAlive option Sometimes it's necessary optimization in nginx+apache2 environment
9 роки тому
Added ability to manage security settings By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
9 роки тому
Follow-up to 8f2308b98
9 роки тому
Added newlines to recent files
9 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
add modsecurity rules state
8 роки тому
Manage TLS defaults
7 роки тому
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345 
  1. # ``apache`` formula configuration:

  2. apache:

  3. 

  4.   # lookup section overrides ``map.jinja`` values

  5.   lookup:

  6.     server: apache2

  7.     service: apache2

  8.     user: some_system_user

  9.     group: some_system_group

  10. 

  11.     vhostdir: /etc/apache2/sites-available

  12.     confdir: /etc/apache2/conf.d

  13.     confext: .conf

  14.     logdir: /var/log/apache2

  15.     wwwdir: /srv/apache2

  16. 

  17.     # apache version (generally '2.2' or '2.4')

  18.     version: '2.2'

  19. 

  20.     # ``apache.mod_wsgi`` formula additional configuration:

  21.     mod_wsgi: mod_wsgi

  22. 

  23.     # Default value for AddDefaultCharset in RedHat configuration

  24.     default_charset: 'UTF-8'

  25. 

  26.   global:

  27.     # global apache directives

  28.     AllowEncodedSlashes: 'On'

  29. 

  30. 

  31.   name_virtual_hosts:

  32.     - interface: '*'

  33.       port: 80

  34.     - interface: '*'

  35.       port: 443

  36. 

  37.   # ``apache.vhosts`` formula additional configuration:

  38.   sites:

  39.     example.net:

  40.       template_file: salt://apache/vhosts/minimal.tmpl

  41. 

  42.     example.com: # must be unique; used as an ID declaration in Salt.

  43.       enabled: True

  44.       template_file: salt://apache/vhosts/standard.tmpl # or minimal.tmpl or redirect.tmpl or proxy.tmpl

  45. 

  46.       ####################### DEFAULT VALUES BELOW ############################

  47.       # NOTE: the values below are simply default settings that *can* be

  48.       # overridden and are not required in order to use this formula to create

  49.       # vhost entries.

  50.       #

  51.       # Do not copy the values below into your Pillar unless you intend to

  52.       # modify these vaules.

  53.       ####################### DEFAULT VALUES BELOW ############################

  54.       template_engine: jinja

  55. 

  56.       interface: '*'

  57.       port: '80'

  58. 

  59.       exclude_listen_directive: True # Do not add a Listen directive in httpd.conf

  60. 

  61.       ServerName: example.com # uses the unique ID above unless specified

  62.       ServerAlias: www.example.com

  63. 

  64.       ServerAdmin: webmaster@example.com

  65. 

  66.       LogLevel: warn

  67.       ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log

  68.       CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log

  69. 

  70.       DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com

  71. 

  72.       SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired

  73.       SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file

  74.       SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file

  75. 

  76.       Directory:

  77.         # "default" is a special case; Adds ``/path/to/www/dir/example.com``

  78.         # E.g.: /var/www/example.com

  79.         default:

  80.           Options: -Indexes +FollowSymLinks

  81.           Order: allow,deny    # For Apache < 2.4

  82.           Allow: from all      # For apache < 2.4

  83.           Require: all granted # For apache > 2.4.

  84.           AllowOverride: None

  85.           Formula_Append: |

  86.             Additional config as a

  87.             multi-line string here

  88. 

  89.     redirectmatch.com:

  90.       # Use RedirectMatch Directive https://httpd.apache.org/docs/2.4/fr/mod/mod_alias.html#redirectmatch

  91.       # Require module mod_alias 

  92.       enabled: True

  93.       template_file: salt://apache/vhosts/redirect.tmpl

  94.       ServerName: www.redirectmatch.com

  95.       ServerAlias: www.redirectmatch.com

  96.       RedirectMatch: true

  97.       RedirectSource: '^/$'

  98.       RedirectTarget: '/subdirectory'

  99.       DocumentRoot: /var/www/html/

  100.       ErrorLog: ${APACHE_LOG_DIR}/error.log

  101.       CustomLog: ${APACHE_LOG_DIR}/access.log

  102. 

  103.     80-proxyexample.com:

  104.       template_file: salt://apache/vhosts/redirect.tmpl

  105.       ServerName: www.proxyexample.com

  106.       ServerAlias: www.proxyexample.com

  107.       RedirectSource: '/'

  108.       RedirectTarget: 'https://www.proxyexample.com/'

  109.       DocumentRoot: /var/www/proxy

  110. 

  111.     443-proxyexample.com:

  112.       template_file: salt://apache/vhosts/proxy.tmpl

  113.       ServerName: www.proxyexample.com

  114.       ServerAlias: www.proxyexample.com

  115.       interface: '*'

  116.       port: '443'

  117.       DocumentRoot: /var/www/proxy

  118. 

  119.       Rewrite: |

  120.         RewriteRule ^/webmail$ /webmail/ [R]

  121.         RewriteRule ^/webmail(.*) http://mail.example.com$1 [P,L]

  122.         RewriteRule ^/vicescws(.*) http://svc.example.com:92$1 [P,L]

  123. 

  124.       SSLCertificateFile: /etc/httpd/ssl/example.com.crt

  125.       SSLCertificateKeyFile: /etc/httpd/ssl/example.com.key

  126.       SSLCertificateChainFile: /etc/httpd/ssl/example.com.cer

  127. 

  128.       SSLCertificateFile_content: |

  129.         -----BEGIN CERTIFICATE-----

  130.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  131.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  132.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  133.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  134.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  135.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  136.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  137.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  138.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  139.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  140.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  141.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  142.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  143.         -----END CERTIFICATE-----

  144. 

  145.       SSLCertificateKeyFile_content: |

  146.         -----BEGIN PRIVATE KEY-----

  147.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  148.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  149.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  150.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  151.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  152.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  153.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  154.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  155.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  156.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  157.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  158.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  159.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  160.         -----END PRIVATE KEY-----

  161. 

  162.       SSLCertificateChainFile_content: |

  163.         -----BEGIN CERTIFICATE-----

  164.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  165.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  166.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  167.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  168.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  169.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  170.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  171.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  172.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  173.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  174.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  175.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  176.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  177.         -----END CERTIFICATE-----

  178.         -----BEGIN CERTIFICATE-----

  179.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  180.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  181.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  182.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  183.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  184.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  185.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  186.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  187.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  188.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  189.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  190.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  191.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  192.         -----END CERTIFICATE-----

  193. 

  194.       ProxyRequests: 'Off'

  195.       ProxyPreserveHost: 'On'

  196. 

  197.       ProxyRoute:

  198.         example prod proxy route:

  199.           ProxyPassSource: '/'

  200.           ProxyPassTarget: 'http://prod.example.com:85/'

  201.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  202.           ProxyPassReverseSource: '/'

  203.           ProxyPassReverseTarget: 'http://prod.example.com:85/'

  204. 

  205.         example webmail proxy route:

  206.           ProxyPassSource: '/webmail/'

  207.           ProxyPassTarget: 'http://mail.example.com/'

  208.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  209.           ProxyPassReverseSource: '/webmail/'

  210.           ProxyPassReverseTarget: 'http://mail.example.com/'

  211. 

  212.         example service proxy route:

  213.           ProxyPassSource: '/svc/'

  214.           ProxyPassTarget: 'http://svc.example.com:92/'

  215.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  216.           ProxyPassReverseSource: '/svc/'

  217.           ProxyPassReverseTarget: 'http://svc.example.com:92/'

  218. 

  219.       Location:

  220.         /:

  221.           Require: False

  222.           Formula_Append: |

  223.             SecRuleRemoveById 981231

  224.             SecRuleRemoveById 981173

  225. 

  226.         /error:

  227.           Require: 'all granted'

  228. 

  229.         /docs:

  230.           Order: allow,deny    # For Apache < 2.4

  231.           Allow: from all      # For apache < 2.4

  232.           Require: all granted # For apache > 2.4.

  233.           Formula_Append: |

  234.             Additional config as a

  235.             multi-line string here

  236. 

  237.       LocationMatch:

  238.         '^[.\\/]+([Ww][Ee][Bb][Mm][Aa][Ii][Ll])[.\\/]':

  239.           Require: False

  240.           Formula_Append: |

  241.             RequestHeader  set  Host  mail.example.com

  242. 

  243.         '^[.\\/]+([Ss][Vv][Cc])[.\\/]':

  244.           Require: False

  245.           Formula_Append: |

  246.             Require ip 123.123.13.6 84.24.25.74

  247. 

  248.       Proxy_control:

  249.         '*':

  250.           AllowAll: False

  251.           AllowCountry:

  252.             - DE

  253.           AllowIP:

  254.             - 12.5.25.32

  255.             - 12.5.25.33

  256. 

  257. 

  258.       Alias:

  259.         /docs: /usr/share/docs

  260. 

  261.       Formula_Append: |

  262.         Additional config as a

  263.         multi-line string here

  264. 

  265.   # ``apache.debian_full`` formula additional configuration:

  266.   register-site:

  267.     # any name as an array index, and you can duplicate this section

  268.     UNIQUE_VALUE_HERE:

  269.       name: 'my name'

  270.       path: 'salt://path/to/sites-available/conf/file'

  271.       state: 'enabled'

  272.       # Optional - use managed file as Jinja Template

  273.       #template: true

  274.       #defaults:

  275.       #  custom_var: "default value"

  276. 

  277.   modules:

  278.     enabled:  # List modules to enable

  279.       - ldap

  280.       - ssl

  281.     disabled:  # List modules to disable

  282.       - rewrite

  283. 

  284.   # KeepAlive: Whether or not to allow persistent connections (more than

  285.   # one request per connection). Set to "Off" to deactivate.

  286.   keepalive: 'On'

  287. 

  288.   security:

  289.     # can be Full | OS | Minimal | Minor | Major | Prod

  290.     # where Full conveys the most information, and Prod the least.

  291.     ServerTokens: Prod

  292. 

  293.   # ``apache.mod_remoteip`` formula additional configuration:

  294.   mod_remoteip:

  295.     RemoteIPHeader: X-Forwarded-For

  296.     RemoteIPTrustedProxy:

  297.       - 10.0.8.0/24

  298.       - 127.0.0.1

  299. 

  300.   # ``apache.mod_security`` formula additional configuration:

  301.   mod_security:

  302.     crs_install: True

  303.     # If not set, default distro's configuration is installed as is

  304.     manage_config: True

  305.     sec_rule_engine: 'On'

  306.     sec_request_body_access: 'On'

  307.     sec_request_body_limit: '14000000'

  308.     sec_request_body_no_files_limit: '114002'

  309.     sec_request_body_in_memory_limit: '114002'

  310.     sec_request_body_limit_action: 'Reject'

  311.     sec_pcre_match_limit: '15000'

  312.     sec_pcre_match_limit_recursion: '15000'

  313.     sec_debug_log_level: '3'

  314. 

  315.     rules:

  316.       enabled:

  317.       modsecurity_crs_10_setup.conf:

  318.         rule_set: ''

  319.         enabled: True

  320.       modsecurity_crs_20_protocol_violations.conf:

  321.         rule_set: 'base_rules'

  322.         enabled: False

  323. 

  324.     custom_rule_files:

  325.       # any name as an array index, and you can duplicate this section

  326.       UNIQUE_VALUE_HERE:

  327.         file: 'my name'

  328.         path: 'salt://path/to/modsecurity/custom/file'

  329.         enabled: True

  330. 

  331.   mod_ssl:

  332.     # set this to True if you want to override your distributions default TLS configuration

  333.     manage_tls_defaults: False

  334.     # This stuff is deliberately not configured via map.jinja resp. apache:lookup.

  335.     # We're unable to know sane defaults for each release of every distribution.

  336.     # See https://github.com/saltstack-formulas/openssh-formula/issues/102 for a related discussion

  337.     # Have a look at bettercrypto.org for up-to-date settings.

  338.     # These are default values:

  339.     SSLCipherSuite: EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

  340.     # Mitigate the CRIME attack

  341.     SSLCompression: Off

  342.     SSLProtocol: all -SSLv2 -SSLv3 -TLSv1

  343.     SSLHonorCipherOrder: On

  344.     SSLOptions: "+StrictRequire"

  345.