Saltstack Official Apache Formula

README.rst 9.5KB

11 years ago
11 years ago
10 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348
  1. .. _readme:
  2. apache
  3. ======
  4. |img_travis| |img_sr|
  5. .. |img_travis| image:: https://travis-ci.com/saltstack-formulas/apache-formula.svg?branch=master
  6. :alt: Travis CI Build Status
  7. :scale: 100%
  8. :target: https://travis-ci.com/saltstack-formulas/apache-formula
  9. .. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg
  10. :alt: Semantic Release
  11. :scale: 100%
  12. :target: https://github.com/semantic-release/semantic-release
  13. Formulas to set up and configure the Apache HTTP server on GNU/Linux, FreeBSD, and Windows OS.
  14. .. contents:: **Table of Contents**
  15. General notes
  16. -------------
  17. See the full `SaltStack Formulas installation and usage instructions
  18. <https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.
  19. If you are interested in writing or contributing to formulas, please pay attention to the `Writing Formula Section
  20. <https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#writing-formulas>`_.
  21. If you want to use this formula, please pay attention to the ``FORMULA`` file and/or ``git tag``,
  22. which contains the currently released version. This formula is versioned according to `Semantic Versioning <http://semver.org/>`_.
  23. See `Formula Versioning Section <https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#versioning>`_ for more details.
  24. Contributing to this repo
  25. -------------------------
  26. **Commit message formatting is significant!!**
  27. Please see `How to contribute <https://github.com/saltstack-formulas/.github/blob/master/CONTRIBUTING.rst>`_ for more details.
  28. Available states
  29. ----------------
  30. .. contents::
  31. :local:
  32. ``apache``
  33. ^^^^^^^^^^
  34. Installs the Apache package and starts the service.
  35. ``apache.config``
  36. ^^^^^^^^^^^^^^^^^
  37. Metastate to apply all apache configuration
  38. ``apache.config.file``
  39. ^^^^^^^^^^^^^^^^^^^^^^
  40. Configures apache based on os_family
  41. ``apache.config.flags``
  42. ^^^^^^^^^^^^^^^^^^^^^^^
  43. Configures apache flags on SuSE
  44. ``apache.config.certificates``
  45. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  46. Deploy SSL certificates from pillars
  47. ``apache.config.modules``
  48. ^^^^^^^^^^^^^^^^^^^^^^^^^
  49. Metastate to Enable and disable Apache modules.
  50. ``apache.config.modules.mod_mpm``
  51. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  52. Configures the apache mpm modules on Debian ``mpm_prefork``, ``mpm_worker`` or ``mpm_event`` (Debian Only)
  53. ``apache.config.modules.mod_rewrite``
  54. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  55. Enabled the Apache module mod_rewrite (Debian and FreeBSD only)
  56. ``apache.config.modules.mod_proxy``
  57. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  58. Enables the Apache module mod_proxy. (Debian and FreeBSD only)
  59. ``apache.config.modules.mod_proxy_http``
  60. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  61. Enables the Apache module mod_proxy_http and requires the Apache module mod_proxy to be enabled. (Debian Only)
  62. ``apache.config.modules.mod_proxy_fcgi``
  63. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  64. Enables the Apache module mod_proxy_fcgi and requires the Apache module mod_proxy to be enabled. (Debian Only)
  65. ``apache.config.modules.mod_wsgi``
  66. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  67. Installs the mod_wsgi package and enables the Apache module.
  68. ``apache.config.modules.mod_actions``
  69. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  70. Enables the Apache module mod_actions. (Debian Only)
  71. ``apache.config.modules.mod_headers``
  72. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  73. Enables the Apache module mod_headers. (Debian Only)
  74. ``apache.config.modules.mod_pagespeed``
  75. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  76. Installs and Enables the mod_pagespeed module. (Debian and RedHat Only)
  77. ``apache.config.modules.mod_perl2``
  78. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  79. Installs and enables the mod_perl2 module (Debian and FreeBSD only)
  80. ``apache.config.modules.mod_geoip``
  81. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  82. Installs and enables the mod_geoIP (RedHat only)
  83. ``apache.config.modules.mod_php5``
  84. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  85. Installs and enables the mod_php5 module
  86. ``apache.config.modules.mod_cgi``
  87. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  88. Enables mod_cgi. (FreeBSD only)
  89. ``apache.config.modules.mod_fcgid``
  90. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  91. Installs and enables the mod_fcgid module (Debian only)
  92. ``apache.config.modules.mod_fastcgi``
  93. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  94. Installs and enables the mod_fastcgi module
  95. ``apache.config.modules.mod_dav_svn``
  96. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  97. Installs and enables the mod_dav_svn module (Debian only)
  98. ``apache.config.modules.mod_security``
  99. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  100. Installs an enables the `Apache mod_security2 WAF <http://modsecurity.org/>`_
  101. using data from Pillar. (Debian and RedHat Only)
  102. Allows you to install the basic Core Rules (CRS) and some basic configuration for mod_security2
  103. ``apache.config.modules.mod_security.rules``
  104. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  105. This state can create symlinks based on basic Core Rules package. (Debian only)
  106. Or it can distribute a mod_security rule file and place it /etc/modsecurity/
  107. ``apache.config.modules.mod_socache_shmcb``
  108. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  109. Enables mod_socache_shmcb. (FreeBSD only)
  110. ``apache.config.modules.mod_ssl``
  111. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  112. Installs and enables the mod_ssl module (Debian, RedHat and FreeBSD only)
  113. ``apache.config.modules.mod_suexec``
  114. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  115. Enables mod_suexec. (FreeBSD only)
  116. ``apache.config.modules.mod_vhost_alias``
  117. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  118. Enables the Apache module vhost_alias (Debian Only)
  119. ``apache.config.modules.mod_remoteip``
  120. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  121. Enables and configures the Apache module mod_remoteip using data from Pillar. (Debian Only)
  122. ``apache.config.modules.mod_xsendfile``
  123. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  124. Installs and enables mod_xsendfile module. (Debian Only)
  125. ``apache.config.own_default_vhost``
  126. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  127. Replace default vhost with own version. By default, it's 503 code. (Debian Only)
  128. ``apache.config.no_default_vhost``
  129. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  130. Remove the default vhost. (Debian Only)
  131. ``apache.config.vhosts.standard``
  132. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  133. Configures Apache name-based virtual hosts and creates virtual host directories using data from Pillar.
  134. Example Pillar:
  135. .. code:: yaml
  136. apache:
  137. sites:
  138. example.com: # must be unique; used as an ID declaration in Salt; also passed to the template context as {{ id }}
  139. template_file: salt://apache/vhosts/standard.tmpl
  140. When using the provided templates, one can use a space separated list
  141. of interfaces to bind to. For example, to bind both IPv4 and IPv6:
  142. .. code:: yaml
  143. apache:
  144. sites:
  145. example.com:
  146. interface: '1.2.3.4 [2001:abc:def:100::3]'
  147. ``apache.config.manage_security``
  148. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  149. Configures Apache's security.conf options by reassinging them using data from Pillar.
  150. ``apache.config.modules.mod_status``
  151. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  152. Configures Apache's server_status handler for localhost
  153. ``apache.config.debian_full``
  154. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  155. Installs and configures Apache on Debian and Ubuntu systems.
  156. ``apache.config.clean``
  157. ^^^^^^^^^^^^^^^^^^^^^^^
  158. Metastate to cleanup all apache configuration.
  159. ``apache.clean``
  160. ^^^^^^^^^^^^^^^^
  161. Stops the Apache service and uninstalls the package.
  162. These states are ordered using the ``order`` declaration. Different stages
  163. are divided into the following number ranges:
  164. 1) apache will use 1-500 for ordering
  165. 2) apache will reserve 1 -100 as unused
  166. 3) apache will reserve 101-150 for pre pkg install
  167. 4) apache will reserve 151-200 for pkg install
  168. 5) apache will reserve 201-250 for pkg configure
  169. 6) apache will reserve 251-300 for downloads, git stuff, load data
  170. 7) apache will reserve 301-400 for unknown purposes
  171. 8) apache will reserve 401-450 for service restart-reloads
  172. 9) apache WILL reserve 451-460 for service.running
  173. 10) apache will reserve 461-500 for cmd requiring operational services
  174. Example Pillar:
  175. .. code:: yaml
  176. apache:
  177. register-site:
  178. # any name as an array index, and you can duplicate this section
  179. {{UNIQUE}}:
  180. name: 'my name'
  181. path: 'salt://path/to/sites-available/conf/file'
  182. state: 'enabled'
  183. sites:
  184. # Force SSL: Redirect from 80 to 443
  185. example.com:
  186. port: 80
  187. template_file: salt://apache/vhosts/redirect.tmpl
  188. RedirectSource: 'permanent /'
  189. # Trailing slash is important
  190. RedirectTarget: 'https://example.com/'
  191. example.com_ssl:
  192. port: 443
  193. ServerName: example.com
  194. SSLCertificateFile: /path/to/ssl.crt
  195. SSLCertificateKeyFile: /path/to/ssl.key
  196. SSLCertificateChainFile: /path/to/ssl.ca.crt
  197. Testing
  198. -------
  199. Linux testing is done with ``kitchen-salt``.
  200. Requirements
  201. ^^^^^^^^^^^^
  202. * Ruby
  203. * Docker
  204. .. code-block:: bash
  205. $ gem install bundler
  206. $ bundle install
  207. :1
  208. $ bin/kitchen test [platform]
  209. Where ``[platform]`` is the platform name defined in ``kitchen.yml``,
  210. e.g. ``debian-9-2019-2-py3``.
  211. ``bin/kitchen converge``
  212. ^^^^^^^^^^^^^^^^^^^^^^^^
  213. Creates the docker instance and runs the ``template`` main state, ready for testing.
  214. ``bin/kitchen verify``
  215. ^^^^^^^^^^^^^^^^^^^^^^
  216. Runs the ``inspec`` tests on the actual instance.
  217. ``bin/kitchen destroy``
  218. ^^^^^^^^^^^^^^^^^^^^^^^
  219. Removes the docker instance.
  220. ``bin/kitchen test``
  221. ^^^^^^^^^^^^^^^^^^^^
  222. Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``.
  223. ``bin/kitchen login``
  224. ^^^^^^^^^^^^^^^^^^^^^
  225. Gives you SSH access to the instance for manual testing.