Saltstack Official Apache Formula

11 年之前
11 年之前
10 年之前
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418
  1. apache
  2. ======
  3. |img_travis| |img_sr|
  4. .. |img_travis| image:: https://travis-ci.com/saltstack-formulas/apache-formula.svg?branch=master
  5. :alt: Travis CI Build Status
  6. :scale: 100%
  7. :target: https://travis-ci.com/saltstack-formulas/apache-formula
  8. .. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg
  9. :alt: Semantic Release
  10. :scale: 100%
  11. :target: https://github.com/semantic-release/semantic-release
  12. Formulas to set up and configure the Apache HTTP server on GNU/Linux, FreeBSD, and Windows OS.
  13. .. contents:: **Table of Contents**
  14. General notes
  15. -------------
  16. See the full `SaltStack Formulas installation and usage instructions
  17. <https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.
  18. If you are interested in writing or contributing to formulas, please pay attention to the `Writing Formula Section
  19. <https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#writing-formulas>`_.
  20. If you want to use this formula, please pay attention to the ``FORMULA`` file and/or ``git tag``,
  21. which contains the currently released version. This formula is versioned according to `Semantic Versioning <http://semver.org/>`_.
  22. See `Formula Versioning Section <https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#versioning>`_ for more details.
  23. Contributing to this repo
  24. -------------------------
  25. **Commit message formatting is significant!!**
  26. Please see `How to contribute <https://github.com/saltstack-formulas/.github/blob/master/CONTRIBUTING.rst>`_ for more details.
  27. Available states
  28. ----------------
  29. .. contents::
  30. :local:
  31. ``apache``
  32. ^^^^^^^^^^
  33. Installs the Apache package and starts the service.
  34. ``apache.config``
  35. ^^^^^^^^^^^^^^^^^
  36. Metastate to apply all apache configuration
  37. ``apache.config.file``
  38. ^^^^^^^^^^^^^^^^^^^^^^
  39. Configures apache based on os_family
  40. ``apache.config.flags``
  41. ^^^^^^^^^^^^^^^^^^^^^^^
  42. Configures apache flags on SuSE
  43. ``apache.config.certificates``
  44. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  45. Deploy SSL certificates from pillars
  46. ``apache.config.modules``
  47. ^^^^^^^^^^^^^^^^^^^^^^^^^
  48. Metastate to Enable and disable Apache modules.
  49. ``apache.config.modules.mod_mpm``
  50. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  51. Configures the apache mpm modules on Debian ``mpm_prefork``, ``mpm_worker`` or ``mpm_event`` (Debian Only)
  52. ``apache.config.modules.mod_rewrite``
  53. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  54. Enabled the Apache module mod_rewrite (Debian and FreeBSD only)
  55. ``apache.config.modules.mod_proxy``
  56. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  57. Enables the Apache module mod_proxy. (Debian and FreeBSD only)
  58. ``apache.config.modules.mod_proxy_http``
  59. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  60. Enables the Apache module mod_proxy_http and requires the Apache module mod_proxy to be enabled. (Debian Only)
  61. ``apache.config.modules.mod_proxy_fcgi``
  62. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  63. Enables the Apache module mod_proxy_fcgi and requires the Apache module mod_proxy to be enabled. (Debian Only)
  64. ``apache.config.modules.mod_wsgi``
  65. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  66. Installs the mod_wsgi package and enables the Apache module.
  67. ``apache.config.modules.mod_actions``
  68. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  69. Enables the Apache module mod_actions. (Debian Only)
  70. ``apache.config.modules.mod_headers``
  71. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  72. Enables the Apache module mod_headers. (Debian Only)
  73. ``apache.config.modules.mod_pagespeed``
  74. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  75. Installs and Enables the mod_pagespeed module. (Debian and RedHat Only)
  76. ``apache.config.modules.mod_perl2``
  77. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  78. Installs and enables the mod_perl2 module (Debian and FreeBSD only)
  79. ``apache.config.modules.mod_geoip``
  80. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  81. Installs and enables the mod_geoIP (RedHat only)
  82. ``apache.config.modules.mod_php5``
  83. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  84. Installs and enables the mod_php5 module
  85. ``apache.config.modules.mod_cgi``
  86. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  87. Enables mod_cgi. (FreeBSD only)
  88. ``apache.config.modules.mod_fcgid``
  89. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  90. Installs and enables the mod_fcgid module (Debian only)
  91. ``apache.config.modules.mod_fastcgi``
  92. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  93. Installs and enables the mod_fastcgi module
  94. ``apache.config.modules.mod_dav_svn``
  95. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  96. Installs and enables the mod_dav_svn module (Debian only)
  97. ``apache.config.modules.mod_security``
  98. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  99. Installs an enables the `Apache mod_security2 WAF <http://modsecurity.org/>`_
  100. using data from Pillar. (Debian and RedHat Only)
  101. Allows you to install the basic Core Rules (CRS) and some basic configuration for mod_security2
  102. ``apache.config.modules.mod_security.rules``
  103. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  104. This state can create symlinks based on basic Core Rules package. (Debian only)
  105. Or it can distribute a mod_security rule file and place it /etc/modsecurity/
  106. ``apache.config.modules.mod_socache_shmcb``
  107. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  108. Enables mod_socache_shmcb. (FreeBSD only)
  109. ``apache.config.modules.mod_ssl``
  110. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  111. Installs and enables the mod_ssl module (Debian, RedHat and FreeBSD only)
  112. ``apache.config.modules.mod_suexec``
  113. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  114. Enables mod_suexec. (FreeBSD only)
  115. ``apache.config.modules.mod_vhost_alias``
  116. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  117. Enables the Apache module vhost_alias (Debian Only)
  118. ``apache.config.modules.mod_remoteip``
  119. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  120. Enables and configures the Apache module mod_remoteip using data from Pillar. (Debian Only)
  121. ``apache.config.modules.mod_xsendfile``
  122. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  123. Installs and enables mod_xsendfile module. (Debian Only)
  124. ``apache.config.own_default_vhost``
  125. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  126. Replace default vhost with own version. By default, it's 503 code. (Debian Only)
  127. ``apache.config.no_default_vhost``
  128. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  129. Remove the default vhost. (Debian Only)
  130. ``apache.config.vhosts.standard``
  131. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  132. Configures Apache name-based virtual hosts and creates virtual host directories using data from Pillar.
  133. Example Pillar:
  134. .. code:: yaml
  135. apache:
  136. sites:
  137. example.com: # must be unique; used as an ID declaration in Salt; also passed to the template context as {{ id }}
  138. template_file: salt://apache/vhosts/standard.tmpl
  139. When using the provided templates, one can use a space separated list
  140. of interfaces to bind to. For example, to bind both IPv4 and IPv6:
  141. .. code:: yaml
  142. apache:
  143. sites:
  144. example.com:
  145. interface: '1.2.3.4 [2001:abc:def:100::3]'
  146. ``apache.config.manage_security``
  147. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  148. Configures Apache's security.conf options by reassinging them using data from Pillar.
  149. ``apache.config.modules.mod_status``
  150. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  151. Configures Apache's server_status handler for localhost
  152. ``apache.config.debian_full``
  153. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  154. Installs and configures Apache on Debian and Ubuntu systems.
  155. ``apache.config.clean``
  156. ^^^^^^^^^^^^^^^^^^^^^^^
  157. Metastate to cleanup all apache configuration.
  158. ``apache.clean``
  159. ^^^^^^^^^^^^^^^^
  160. Stops the Apache service and uninstalls the package.
  161. These states are ordered using the ``order`` declaration. Different stages
  162. are divided into the following number ranges:
  163. 1) apache will use 1-500 for ordering
  164. 2) apache will reserve 1 -100 as unused
  165. 3) apache will reserve 101-150 for pre pkg install
  166. 4) apache will reserve 151-200 for pkg install
  167. 5) apache will reserve 201-250 for pkg configure
  168. 6) apache will reserve 251-300 for downloads, git stuff, load data
  169. 7) apache will reserve 301-400 for unknown purposes
  170. 8) apache will reserve 401-450 for service restart-reloads
  171. 9) apache WILL reserve 451-460 for service.running
  172. 10) apache will reserve 461-500 for cmd requiring operational services
  173. Example Pillar:
  174. .. code:: yaml
  175. apache:
  176. register-site:
  177. # any name as an array index, and you can duplicate this section
  178. {{UNIQUE}}:
  179. name: 'my name'
  180. path: 'salt://path/to/sites-available/conf/file'
  181. state: 'enabled'
  182. sites:
  183. # Force SSL: Redirect from 80 to 443
  184. example.com:
  185. port: 80
  186. template_file: salt://apache/vhosts/redirect.tmpl
  187. RedirectSource: 'permanent /'
  188. # Trailing slash is important
  189. RedirectTarget: 'https://example.com/'
  190. example.com_ssl:
  191. port: 443
  192. ServerName: example.com
  193. SSLCertificateFile: /path/to/ssl.crt
  194. SSLCertificateKeyFile: /path/to/ssl.key
  195. SSLCertificateChainFile: /path/to/ssl.ca.crt
  196. ``apache.config.vhosts.clean``
  197. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  198. Remove non-declared virtual hosts, and deactivates the service.
  199. ``apache.config.vhosts.cleanup``
  200. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  201. Remove non-declared virtual hosts, but keeps the service running.
  202. Testing
  203. -------
  204. Linux testing is done with ``kitchen-salt``.
  205. Requirements
  206. ^^^^^^^^^^^^
  207. * Ruby
  208. * Docker
  209. .. code-block:: bash
  210. $ gem install bundler
  211. $ bundle install
  212. $ bin/kitchen test [platform]
  213. Where ``[platform]`` is the platform name defined in ``kitchen.yml``,
  214. e.g. ``debian-9-2019-2-py3``.
  215. ``bin/kitchen converge``
  216. ^^^^^^^^^^^^^^^^^^^^^^^^
  217. Creates the docker instance and runs the ``apache`` main states, ready for testing.
  218. ``bin/kitchen verify``
  219. ^^^^^^^^^^^^^^^^^^^^^^
  220. Runs the ``inspec`` tests on the actual instance.
  221. ``bin/kitchen destroy``
  222. ^^^^^^^^^^^^^^^^^^^^^^^
  223. Removes the docker instance.
  224. ``bin/kitchen test``
  225. ^^^^^^^^^^^^^^^^^^^^
  226. Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``.
  227. ``bin/kitchen login``
  228. ^^^^^^^^^^^^^^^^^^^^^
  229. Gives you SSH access to the instance for manual testing.
  230. Testing with Vagrant
  231. --------------------
  232. Windows/FreeBSD/OpenBSD testing is done with ``kitchen-salt``.
  233. Requirements
  234. ^^^^^^^^^^^^
  235. * Ruby
  236. * Virtualbox
  237. * Vagrant
  238. Setup
  239. ^^^^^
  240. .. code-block:: bash
  241. $ gem install bundler
  242. $ bundle install --with=vagrant
  243. $ bin/kitchen test [platform]
  244. Where ``[platform]`` is the platform name defined in ``kitchen.vagrant.yml``,
  245. e.g. ``windows-81-latest-py3``.
  246. Note
  247. ^^^^
  248. When testing using Vagrant you must set the environment variable ``KITCHEN_LOCAL_YAML`` to ``kitchen.vagrant.yml``. For example:
  249. .. code-block:: bash
  250. $ KITCHEN_LOCAL_YAML=kitchen.vagrant.yml bin/kitchen test # Alternatively,
  251. $ export KITCHEN_LOCAL_YAML=kitchen.vagrant.yml
  252. $ bin/kitchen test
  253. Then run the following commands as needed.
  254. ``bin/kitchen converge``
  255. ^^^^^^^^^^^^^^^^^^^^^^^^
  256. Creates the Vagrant instance and runs the ``apache`` main states, ready for testing.
  257. ``bin/kitchen verify``
  258. ^^^^^^^^^^^^^^^^^^^^^^
  259. Runs the ``inspec`` tests on the actual instance.
  260. ``bin/kitchen destroy``
  261. ^^^^^^^^^^^^^^^^^^^^^^^
  262. Removes the Vagrant instance.
  263. ``bin/kitchen test``
  264. ^^^^^^^^^^^^^^^^^^^^
  265. Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``.
  266. ``bin/kitchen login``
  267. ^^^^^^^^^^^^^^^^^^^^^
  268. Gives you RDP/SSH access to the instance for manual testing.