Saltstack Official Apache Formula

pillar.example 4.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
  1. # ``apache`` formula configuration:
  2. apache:
  3. # lookup section overrides ``map.jinja`` values
  4. lookup:
  5. server: apache2
  6. service: apache2
  7. vhostdir: /etc/apache2/sites-available
  8. confdir: /etc/apache2/conf.d
  9. confext: .conf
  10. logdir: /var/log/apache2
  11. wwwdir: /srv/apache2
  12. # apache version (generally '2.2' or '2.4')
  13. version: '2.2'
  14. # ``apache.mod_wsgi`` formula additional configuration:
  15. mod_wsgi: mod_wsgi
  16. global:
  17. # global apache directives
  18. AllowEncodedSlashes: 'On'
  19. name_virtual_hosts:
  20. - interface: '*'
  21. port: 80
  22. - interface: '*'
  23. port: 443
  24. # ``apache.vhosts`` formula additional configuration:
  25. sites:
  26. example.net:
  27. template_file: salt://apache/vhosts/minimal.tmpl
  28. example.com: # must be unique; used as an ID declaration in Salt.
  29. enabled: True
  30. template_file: salt://apache/vhosts/standard.tmpl # or redirect.tmpl or proxy.tmpl
  31. ####################### DEFAULT VALUES BELOW ############################
  32. # NOTE: the values below are simply default settings that *can* be
  33. # overridden and are not required in order to use this formula to create
  34. # vhost entries.
  35. #
  36. # Do not copy the values below into your Pillar unless you intend to
  37. # modify these vaules.
  38. ####################### DEFAULT VALUES BELOW ############################
  39. template_engine: jinja
  40. interface: '*'
  41. port: '80'
  42. ServerName: example.com # uses the unique ID above unless specified
  43. ServerAlias: www.example.com
  44. ServerAdmin: webmaster@example.com
  45. LogLevel: warn
  46. ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log
  47. CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log
  48. DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com
  49. SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired
  50. SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file
  51. SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file
  52. Directory:
  53. # "default" is a special case; Adds ``/path/to/www/dir/example.com``
  54. # E.g.: /var/www/example.com
  55. default:
  56. Options: -Indexes +FollowSymLinks
  57. Order: allow,deny # For Apache < 2.4
  58. Allow: from all # For apache < 2.4
  59. Require: all granted # For apache > 2.4.
  60. AllowOverride: None
  61. Formula_Append: |
  62. Additional config as a
  63. multi-line string here
  64. # if template is 'redirect.tmpl'
  65. # RedirectSource: '/'
  66. # RedirectTarget: 'http://www.example.net'
  67. # if template is 'proxy.tmpl'
  68. # ProxyPreserveHost: 'On'
  69. # ProxyRoute:
  70. # my sample route:
  71. # ProxyPassSource: '/'
  72. # ProxyPassTarget: 'http://www.example.net'
  73. # ProxyPassReverseSource: '/'
  74. # ProxyPassReverseTarget: 'http://www.example.net'
  75. Alias:
  76. /docs: /usr/share/docs
  77. Location:
  78. /docs:
  79. Order: allow,deny # For Apache < 2.4
  80. Allow: from all # For apache < 2.4
  81. Require: all granted # For apache > 2.4.
  82. Formula_Append: |
  83. Additional config as a
  84. multi-line string here
  85. Formula_Append: |
  86. Additional config as a
  87. multi-line string here
  88. # ``apache.debian_full`` formula additional configuration:
  89. register-site:
  90. # any name as an array index, and you can duplicate this section
  91. UNIQUE_VALUE_HERE:
  92. name: 'my name'
  93. path: 'salt://path/to/sites-available/conf/file'
  94. state: 'enabled'
  95. # Optional - use managed file as Jinja Template
  96. #template: true
  97. #defaults:
  98. # custom_var: "default value"
  99. modules:
  100. enabled: # List modules to enable
  101. - ldap
  102. - ssl
  103. disabled: # List modules to disable
  104. - rewrite
  105. # KeepAlive: Whether or not to allow persistent connections (more than
  106. # one request per connection). Set to "Off" to deactivate.
  107. keepalive: 'On'
  108. security:
  109. # can be Full | OS | Minimal | Minor | Major | Prod
  110. # where Full conveys the most information, and Prod the least.
  111. ServerTokens: Prod
  112. # ``apache.mod_remoteip`` formula additional configuration:
  113. mod_remoteip:
  114. RemoteIPHeader: X-Forwarded-For
  115. RemoteIPTrustedProxy:
  116. - 10.0.8.0/24
  117. - 127.0.0.1
  118. # ``apache.mod_security`` formula additional configuration:
  119. mod_security:
  120. crs_install: True
  121. # If not set, default distro's configuration is installed as is
  122. manage_config: True
  123. sec_rule_engine: 'On'
  124. sec_request_body_access: 'On'
  125. sec_request_body_limit: '14000000'
  126. sec_request_body_no_files_limit: '114002'
  127. sec_request_body_in_memory_limit: '114002'
  128. sec_request_body_limit_action: 'Reject'
  129. sec_pcre_match_limit: '15000'
  130. sec_pcre_match_limit_recursion: '15000'
  131. sec_debug_log_level: '3'