ExternalMirrors
/
apache-formula
дзеркало https://github.com/saltstack-formulas/apache-formula.git
Слідкувати 1
В обрані 0
Форк 1
Код Проблеми 0 Релізи 31 Вікі Активність
Saltstack Official Apache Formula
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
316 Коміти
5 Гілки
Дерево: b003b82249
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з 'b003b82249'
${ noResults }
apache-formula/pillar.example

pillar.example 12KB
Неформатований Normal View Історія

Added package-map.jinja
11 роки тому
Added apache.vhost formula
11 роки тому
add lookup section to pillar.example
9 роки тому
Added apache.vhost formula
11 роки тому
add lookup section to pillar.example
9 роки тому
fix Options in pillar.example
8 роки тому
This branch is foundational for further version-specific work to come. * Add apache version (2.2, 2.4) detection based on osfinger (defaults to 2.4). * Version can be overridden in pillar (for Apache 2.4 on RHEL 6 for example)
9 роки тому
add lookup section to pillar.example
9 роки тому
Updated README with these changes moved Pillar examples into pillar file
11 роки тому
RedHat: Made AddDefaultCharset Directive configurable (#147) * RedHat: Made AddDefaultCharset Directive configurable * Added description of apache:lookup:default_charset to pillar.example, sane default equals former hardcoded UTF-8
8 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Allow global directives to be added to apache config
9 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Allow global directives to be added to apache config
9 роки тому
Add support for NameVirtualHost on Debian
8 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Add support for NameVirtualHost on Debian
8 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Add support for NameVirtualHost on Debian
8 роки тому
Moved all Pillar examples under the same dictionary key Having multiple different examples in the same file was causing confusion.
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
add an 'enabled' attribute for a site in pillar
9 роки тому
Add new templates 'proxy.tmpl' and 'redirect.tmpl'. Add comment pointing to new templates to pillar.example.
10 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Adding exclude_listen_directive option (#151) * Adding exclude_listen_directive option * Updating Debian config
8 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Fix incorrect syntax in pillar example for SSLCertificateFile, SSLCertificateKeyFile Fix check for SSLCertificateFile, SSLCertificateKeyFile variables in vhosts/standard.tmpl, now using dict.get()
9 роки тому
ssl: also support the SSLCertificateChainFile required by some providers
9 роки тому
Add basic SSL functionality.
9 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
fix Options in pillar.example
8 роки тому
Adding support for Apache 2.4 on Ubuntu 14.04 - Adding confext to virtualhost names. - Renaming the default config file for Ubuntu (000-default.conf). - Adding ability to use "Require all granted".
10 роки тому
Added apache.vhost formula
11 роки тому
Add Reverse Proxy directives, GeoIP, Certificates management, mostly for RedHat
7 роки тому
Add example code for new templates 'redirect.tmpl' and 'proxy.tmpl'.
10 роки тому
Added support for Alias and Locations, as well as enabling Dav
9 роки тому
Added apache.vhost formula
11 роки тому
Moved all Pillar examples under the same dictionary key Having multiple different examples in the same file was causing confusion.
10 роки тому
Updated README with these changes moved Pillar examples into pillar file
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Updated README with these changes moved Pillar examples into pillar file
11 роки тому
Add optional templating to register_site Add optional templating for the register site aspect of a pillar. User can specify keys to be included as defaults, otherwise it is treated as a normal managed file.
9 роки тому
Add ability to specify modules in pillar
10 роки тому
Added ability to manage security settings By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
9 роки тому
Added ability to configure KeepAlive option Sometimes it's necessary optimization in nginx+apache2 environment
9 роки тому
Fixed YAML parsing On/Off as True/False True and False are not correct values for apache config
9 роки тому
Added ability to configure KeepAlive option Sometimes it's necessary optimization in nginx+apache2 environment
9 роки тому
Added ability to manage security settings By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
9 роки тому
Follow-up to 8f2308b98
9 роки тому
Added newlines to recent files
9 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
add modsecurity rules state
8 роки тому
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315 
  1. # ``apache`` formula configuration:

  2. apache:

  3. 

  4.   # lookup section overrides ``map.jinja`` values

  5.   lookup:

  6.     server: apache2

  7.     service: apache2

  8. 

  9.     vhostdir: /etc/apache2/sites-available

  10.     confdir: /etc/apache2/conf.d

  11.     confext: .conf

  12.     logdir: /var/log/apache2

  13.     wwwdir: /srv/apache2

  14. 

  15.     # apache version (generally '2.2' or '2.4')

  16.     version: '2.2'

  17. 

  18.     # ``apache.mod_wsgi`` formula additional configuration:

  19.     mod_wsgi: mod_wsgi

  20. 

  21.     # Default value for AddDefaultCharset in RedHat configuration

  22.     default_charset: 'UTF-8'

  23. 

  24.   global:

  25.     # global apache directives

  26.     AllowEncodedSlashes: 'On'

  27. 

  28. 

  29.   name_virtual_hosts:

  30.     - interface: '*'

  31.       port: 80

  32.     - interface: '*'

  33.       port: 443

  34. 

  35.   # ``apache.vhosts`` formula additional configuration:

  36.   sites:

  37.     example.net:

  38.       template_file: salt://apache/vhosts/minimal.tmpl

  39. 

  40.     example.com: # must be unique; used as an ID declaration in Salt.

  41.       enabled: True

  42.       template_file: salt://apache/vhosts/standard.tmpl # or redirect.tmpl or proxy.tmpl

  43. 

  44.       ####################### DEFAULT VALUES BELOW ############################

  45.       # NOTE: the values below are simply default settings that *can* be

  46.       # overridden and are not required in order to use this formula to create

  47.       # vhost entries.

  48.       #

  49.       # Do not copy the values below into your Pillar unless you intend to

  50.       # modify these vaules.

  51.       ####################### DEFAULT VALUES BELOW ############################

  52.       template_engine: jinja

  53. 

  54.       interface: '*'

  55.       port: '80'

  56. 

  57.       exclude_listen_directive: True # Do not add a Listen directive in httpd.conf

  58. 

  59.       ServerName: example.com # uses the unique ID above unless specified

  60.       ServerAlias: www.example.com

  61. 

  62.       ServerAdmin: webmaster@example.com

  63. 

  64.       LogLevel: warn

  65.       ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log

  66.       CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log

  67. 

  68.       DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com

  69. 

  70.       SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired

  71.       SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file

  72.       SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file

  73. 

  74.       Directory:

  75.         # "default" is a special case; Adds ``/path/to/www/dir/example.com``

  76.         # E.g.: /var/www/example.com

  77.         default:

  78.           Options: -Indexes +FollowSymLinks

  79.           Order: allow,deny    # For Apache < 2.4

  80.           Allow: from all      # For apache < 2.4

  81.           Require: all granted # For apache > 2.4.

  82.           AllowOverride: None

  83.           Formula_Append: |

  84.             Additional config as a

  85.             multi-line string here

  86. 

  87.     80-proxyexample.com:

  88.       template_file: salt://apache/vhosts/redirect.tmpl

  89.       ServerName: www.proxyexample.com

  90.       ServerAlias: www.proxyexample.com

  91.       RedirectSource: '/'

  92.       RedirectTarget: 'https://www.proxyexample.com/'

  93.       DocumentRoot: /var/www/proxy

  94. 

  95.     443-proxyexample.com:

  96.       template_file: salt://apache/vhosts/proxy.tmpl

  97.       ServerName: www.proxyexample.com

  98.       ServerAlias: www.proxyexample.com

  99.       interface: '*'

  100.       port: '443'

  101.       DocumentRoot: /var/www/proxy

  102. 

  103.       Rewrite: |

  104.         RewriteRule ^/webmail$ /webmail/ [R]

  105.         RewriteRule ^/webmail(.*) http://mail.example.com$1 [P,L]

  106.         RewriteRule ^/vicescws(.*) http://svc.example.com:92$1 [P,L]

  107. 

  108.       SSLCertificateFile: /etc/httpd/ssl/example.com.crt

  109.       SSLCertificateKeyFile: /etc/httpd/ssl/example.com.key

  110.       SSLCertificateChainFile: /etc/httpd/ssl/example.com.cer

  111. 

  112.       SSLCertificateFile_content: |

  113.         -----BEGIN CERTIFICATE-----

  114.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  115.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  116.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  117.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  118.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  119.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  120.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  121.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  122.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  123.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  124.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  125.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  126.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  127.         -----END CERTIFICATE-----

  128. 

  129.       SSLCertificateKeyFile_content: |

  130.         -----BEGIN PRIVATE KEY-----

  131.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  132.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  133.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  134.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  135.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  136.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  137.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  138.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  139.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  140.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  141.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  142.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  143.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  144.         -----END PRIVATE KEY-----

  145. 

  146.       SSLCertificateChainFile_content: |

  147.         -----BEGIN CERTIFICATE-----

  148.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  149.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  150.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  151.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  152.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  153.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  154.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  155.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  156.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  157.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  158.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  159.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  160.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  161.         -----END CERTIFICATE-----

  162.         -----BEGIN CERTIFICATE-----

  163.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  164.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  165.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  166.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  167.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  168.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  169.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  170.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  171.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  172.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  173.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  174.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  175.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  176.         -----END CERTIFICATE-----

  177. 

  178.       ProxyRequests: 'Off'

  179.       ProxyPreserveHost: 'On'

  180. 

  181.       ProxyRoute:

  182.         example prod proxy route:

  183.           ProxyPassSource: '/'

  184.           ProxyPassTarget: 'http://prod.example.com:85/'

  185.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  186.           ProxyPassReverseSource: '/'

  187.           ProxyPassReverseTarget: 'http://prod.example.com:85/'

  188. 

  189.         example webmail proxy route:

  190.           ProxyPassSource: '/webmail/'

  191.           ProxyPassTarget: 'http://mail.example.com/'

  192.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  193.           ProxyPassReverseSource: '/webmail/'

  194.           ProxyPassReverseTarget: 'http://mail.example.com/'

  195. 

  196.         example service proxy route:

  197.           ProxyPassSource: '/svc/'

  198.           ProxyPassTarget: 'http://svc.example.com:92/'

  199.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  200.           ProxyPassReverseSource: '/svc/'

  201.           ProxyPassReverseTarget: 'http://svc.example.com:92/'

  202. 

  203.       Location:

  204.         /:

  205.           Require: False

  206.           Formula_Append: |

  207.             SecRuleRemoveById 981231

  208.             SecRuleRemoveById 981173

  209. 

  210.         /error:

  211.           Require: 'all granted'

  212. 

  213.       LocationMatch:

  214.         '^[.\\/]+([Ww][Ee][Bb][Mm][Aa][Ii][Ll])[.\\/]':

  215.           Require: False

  216.           Formula_Append: |

  217.             RequestHeader  set  Host  mail.example.com

  218. 

  219.         '^[.\\/]+([Ss][Vv][Cc])[.\\/]':

  220.           Require: False

  221.           Formula_Append: |

  222.             Require ip 123.123.13.6 84.24.25.74

  223. 

  224.       Proxy_control:

  225.         '*':

  226.           AllowAll: False

  227.           AllowCountry:

  228.             - DE

  229.           AllowIP:

  230.             - 12.5.25.32

  231.             - 12.5.25.33

  232. 

  233. 

  234.       Alias:

  235.         /docs: /usr/share/docs

  236. 

  237.       Location:

  238.         /docs:

  239.           Order: allow,deny    # For Apache < 2.4

  240.           Allow: from all      # For apache < 2.4

  241.           Require: all granted # For apache > 2.4.

  242.           Formula_Append: |

  243.             Additional config as a

  244.             multi-line string here

  245. 

  246.       Formula_Append: |

  247.         Additional config as a

  248.         multi-line string here

  249. 

  250.   # ``apache.debian_full`` formula additional configuration:

  251.   register-site:

  252.     # any name as an array index, and you can duplicate this section

  253.     UNIQUE_VALUE_HERE:

  254.       name: 'my name'

  255.       path: 'salt://path/to/sites-available/conf/file'

  256.       state: 'enabled'

  257.       # Optional - use managed file as Jinja Template

  258.       #template: true

  259.       #defaults:

  260.       #  custom_var: "default value"

  261. 

  262.   modules:

  263.     enabled:  # List modules to enable

  264.       - ldap

  265.       - ssl

  266.     disabled:  # List modules to disable

  267.       - rewrite

  268. 

  269.   # KeepAlive: Whether or not to allow persistent connections (more than

  270.   # one request per connection). Set to "Off" to deactivate.

  271.   keepalive: 'On'

  272. 

  273.   security:

  274.     # can be Full | OS | Minimal | Minor | Major | Prod

  275.     # where Full conveys the most information, and Prod the least.

  276.     ServerTokens: Prod

  277. 

  278.   # ``apache.mod_remoteip`` formula additional configuration:

  279.   mod_remoteip:

  280.     RemoteIPHeader: X-Forwarded-For

  281.     RemoteIPTrustedProxy:

  282.       - 10.0.8.0/24

  283.       - 127.0.0.1

  284. 

  285.   # ``apache.mod_security`` formula additional configuration:

  286.   mod_security:

  287.     crs_install: True

  288.     # If not set, default distro's configuration is installed as is

  289.     manage_config: True

  290.     sec_rule_engine: 'On'

  291.     sec_request_body_access: 'On'

  292.     sec_request_body_limit: '14000000'

  293.     sec_request_body_no_files_limit: '114002'

  294.     sec_request_body_in_memory_limit: '114002'

  295.     sec_request_body_limit_action: 'Reject'

  296.     sec_pcre_match_limit: '15000'

  297.     sec_pcre_match_limit_recursion: '15000'

  298.     sec_debug_log_level: '3'

  299. 

  300.     rules:

  301.       enabled:

  302.       modsecurity_crs_10_setup.conf:

  303.         rule_set: ''

  304.         enabled: True

  305.       modsecurity_crs_20_protocol_violations.conf:

  306.         rule_set: 'base_rules'

  307.         enabled: False

  308. 

  309.     custom_rule_files:

  310.       # any name as an array index, and you can duplicate this section

  311.       UNIQUE_VALUE_HERE:

  312.         file: 'my name'

  313.         path: 'salt://path/to/modsecurity/custom/file'

  314.         enabled: True

  315.