- Added more modules and configuration options - Renamed sls files to reflect what they do. - added mpm options for Debiantags/v0.37.4
@@ -20,28 +20,73 @@ Available states | |||
Installs the Apache package and starts the service. | |||
``apache.config`` | |||
----------------- | |||
Configures apache based on os_family | |||
``apache.mod_mpm`` | |||
------------------ | |||
Configures the apache mpm modules on Debian ``mpm_prefork``, ``mpm_worker`` or ``mpm_event`` (Debian Only) | |||
``apache.modules`` | |||
------------------ | |||
Enables and disables Apache modules. | |||
``apache.mod_rewrite`` | |||
---------------------- | |||
Enabled the Apache module mod_rewrite (Debian only) | |||
``apache.mod_proxy`` | |||
------------------- | |||
Enables the Apache module mod_proxy. | |||
Enables the Apache module mod_proxy. (Debian only) | |||
``apache.mod_proxy_http`` | |||
------------------- | |||
------------------------- | |||
Enables the Apache module mod_proxy_http and requires the Apache module mod_proxy to be enabled. | |||
Enables the Apache module mod_proxy_http and requires the Apache module mod_proxy to be enabled. (Debian Only) | |||
``apache.mod_wsgi`` | |||
------------------- | |||
Installs the mod_wsgi package and enables the Apache module. | |||
``apache.mod_actions`` | |||
---------------------- | |||
Enables the Apache module mod_actions. (Debian Only) | |||
``apache.mod_headers`` | |||
---------------------- | |||
Enables the Apache module mod_headers. (Debian Only) | |||
``apache.mod_pagespeed`` | |||
------------------------ | |||
Installs and Enables the mod_pagespeed module. (Debian Only) | |||
``apache.mod_php5`` | |||
------------------- | |||
Installs and enables the mod_php5 module | |||
``apache.mod_fcgid`` | |||
-------------------- | |||
Installs and enables the mod_fcgid module | |||
``apache.mod_vhost_alias`` | |||
---------------------- | |||
Enables the Apache module vhost_alias (Debian Only) | |||
``apache.vhosts.standard`` | |||
------------------------- | |||
-------------------------- | |||
Configures Apache name-based virtual hosts and creates virtual host directories using data from Pillar. | |||
@@ -0,0 +1,26 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
include: | |||
- apache | |||
{{ apache.configfile }}: | |||
file.managed: | |||
- template: jinja | |||
- source: | |||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/apache.config.jinja | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- service: apache | |||
{% if grains['os_family']=="Debian" %} | |||
/etc/apache2/envvars: | |||
file.managed | |||
- template: jinja | |||
- source: | |||
- salt://apache/files/debian/envvars.jinja | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- service: apache | |||
{% endif %} |
@@ -0,0 +1,223 @@ | |||
# Managed by saltstack | |||
# This is the main Apache server configuration file. It contains the | |||
# configuration directives that give the server its instructions. | |||
# See http://httpd.apache.org/docs/2.4/ for detailed information about | |||
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific | |||
# hints. | |||
# | |||
# | |||
# Summary of how the Apache 2 configuration works in Debian: | |||
# The Apache 2 web server configuration in Debian is quite different to | |||
# upstream's suggested way to configure the web server. This is because Debian's | |||
# default Apache2 installation attempts to make adding and removing modules, | |||
# virtual hosts, and extra configuration directives as flexible as possible, in | |||
# order to make automating the changes and administering the server as easy as | |||
# possible. | |||
# It is split into several files forming the configuration hierarchy outlined | |||
# below, all located in the /etc/apache2/ directory: | |||
# | |||
# /etc/apache2/ | |||
# |-- apache2.conf | |||
# | `-- ports.conf | |||
# |-- mods-enabled | |||
# | |-- *.load | |||
# | `-- *.conf | |||
# |-- conf-enabled | |||
# | `-- *.conf | |||
# `-- sites-enabled | |||
# `-- *.conf | |||
# | |||
# | |||
# * apache2.conf is the main configuration file (this file). It puts the pieces | |||
# together by including all remaining configuration files when starting up the | |||
# web server. | |||
# | |||
# * ports.conf is always included from the main configuration file. It is | |||
# supposed to determine listening ports for incoming connections which can be | |||
# customized anytime. | |||
# | |||
# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ | |||
# directories contain particular configuration snippets which manage modules, | |||
# global configuration fragments, or virtual host configurations, | |||
# respectively. | |||
# | |||
# They are activated by symlinking available configuration files from their | |||
# respective *-available/ counterparts. These should be managed by using our | |||
# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See | |||
# their respective man pages for detailed information. | |||
# | |||
# * The binary is called apache2. Due to the use of environment variables, in | |||
# the default configuration, apache2 needs to be started/stopped with | |||
# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not | |||
# work with the default configuration. | |||
# Global configuration | |||
# | |||
# | |||
# ServerRoot: The top of the directory tree under which the server's | |||
# configuration, error, and log files are kept. | |||
# | |||
# NOTE! If you intend to place this on an NFS (or otherwise network) | |||
# mounted filesystem then please read the Mutex documentation (available | |||
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>); | |||
# you will save yourself a lot of trouble. | |||
# | |||
# Do NOT add a slash at the end of the directory path. | |||
# | |||
#ServerRoot "/etc/apache2" | |||
# | |||
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. | |||
# | |||
Mutex file:${APACHE_LOCK_DIR} default | |||
# | |||
# PidFile: The file in which the server should record its process | |||
# identification number when it starts. | |||
# This needs to be set in /etc/apache2/envvars | |||
# | |||
PidFile ${APACHE_PID_FILE} | |||
# | |||
# Timeout: The number of seconds before receives and sends time out. | |||
# | |||
Timeout 300 | |||
# | |||
# KeepAlive: Whether or not to allow persistent connections (more than | |||
# one request per connection). Set to "Off" to deactivate. | |||
# | |||
KeepAlive On | |||
# | |||
# MaxKeepAliveRequests: The maximum number of requests to allow | |||
# during a persistent connection. Set to 0 to allow an unlimited amount. | |||
# We recommend you leave this number high, for maximum performance. | |||
# | |||
MaxKeepAliveRequests 100 | |||
# | |||
# KeepAliveTimeout: Number of seconds to wait for the next request from the | |||
# same client on the same connection. | |||
# | |||
KeepAliveTimeout 5 | |||
# These need to be set in /etc/apache2/envvars | |||
User ${APACHE_RUN_USER} | |||
Group ${APACHE_RUN_GROUP} | |||
# | |||
# HostnameLookups: Log the names of clients or just their IP addresses | |||
# e.g., www.apache.org (on) or 204.62.129.132 (off). | |||
# The default is off because it'd be overall better for the net if people | |||
# had to knowingly turn this feature on, since enabling it means that | |||
# each client request will result in AT LEAST one lookup request to the | |||
# nameserver. | |||
# | |||
HostnameLookups Off | |||
# ErrorLog: The location of the error log file. | |||
# If you do not specify an ErrorLog directive within a <VirtualHost> | |||
# container, error messages relating to that virtual host will be | |||
# logged here. If you *do* define an error logfile for a <VirtualHost> | |||
# container, that host's errors will be logged there and not here. | |||
# | |||
ErrorLog ${APACHE_LOG_DIR}/error.log | |||
# | |||
# LogLevel: Control the severity of messages logged to the error_log. | |||
# Available values: trace8, ..., trace1, debug, info, notice, warn, | |||
# error, crit, alert, emerg. | |||
# It is also possible to configure the log level for particular modules, e.g. | |||
# "LogLevel info ssl:warn" | |||
# | |||
LogLevel warn | |||
# Include module configuration: | |||
IncludeOptional mods-enabled/*.load | |||
IncludeOptional mods-enabled/*.conf | |||
# Include list of ports to listen on | |||
Include ports.conf | |||
# Sets the default security model of the Apache2 HTTPD server. It does | |||
# not allow access to the root filesystem outside of /usr/share and /var/www. | |||
# The former is used by web applications packaged in Debian, | |||
# the latter may be used for local directories served by the web server. If | |||
# your system is serving content from a sub-directory in /srv you must allow | |||
# access here, or in any related virtual host. | |||
<Directory /> | |||
Options FollowSymLinks | |||
AllowOverride None | |||
Require all denied | |||
</Directory> | |||
<Directory /usr/share> | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
<Directory /var/www/> | |||
Options Indexes FollowSymLinks | |||
AllowOverride None | |||
Require all granted | |||
</Directory> | |||
#<Directory /srv/> | |||
# Options Indexes FollowSymLinks | |||
# AllowOverride None | |||
# Require all granted | |||
#</Directory> | |||
# AccessFileName: The name of the file to look for in each directory | |||
# for additional configuration directives. See also the AllowOverride | |||
# directive. | |||
# | |||
AccessFileName .htaccess | |||
# | |||
# The following lines prevent .htaccess and .htpasswd files from being | |||
# viewed by Web clients. | |||
# | |||
<FilesMatch "^\.ht"> | |||
Require all denied | |||
</FilesMatch> | |||
# | |||
# The following directives define some format nicknames for use with | |||
# a CustomLog directive. | |||
# | |||
# These deviate from the Common Log Format definitions in that they use %O | |||
# (the actual bytes sent including headers) instead of %b (the size of the | |||
# requested file), because the latter makes it impossible to detect partial | |||
# requests. | |||
# | |||
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. | |||
# Use mod_remoteip instead. | |||
# | |||
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined | |||
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined | |||
LogFormat "%h %l %u %t \"%r\" %>s %O" common | |||
LogFormat "%{Referer}i -> %U" referer | |||
LogFormat "%{User-agent}i" agent | |||
{%- for log_format in salt['pillar.get']('apache:log_formats', []) %} | |||
LogFormat {{ log_format }} | |||
{%- endfor %} | |||
# Include of directories ignores editors' and dpkg's backup files, | |||
# see README.Debian for details. | |||
# Include generic snippets of statements | |||
IncludeOptional conf-enabled/*.conf | |||
# Include the virtual host configurations: | |||
IncludeOptional sites-enabled/*.conf | |||
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet |
@@ -0,0 +1,49 @@ | |||
# Managed by saltstack | |||
# envvars - default environment variables for apache2ctl | |||
# this won't be correct after changing uid | |||
unset HOME | |||
# for supporting multiple apache2 instances | |||
if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then | |||
SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}" | |||
else | |||
SUFFIX= | |||
fi | |||
# Since there is no sane way to get the parsed apache2 config in scripts, some | |||
# settings are defined via environment variables and then used in apache2ctl, | |||
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc. | |||
export APACHE_RUN_USER={{ salt['pillar.get']('apache:user', 'www-data') }} | |||
export APACHE_RUN_GROUP={{ salt['pillar.get']('apache:group', 'www-data') }} | |||
# temporary state file location. This might be changed to /run in Wheezy+1 | |||
export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid | |||
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX | |||
export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX | |||
# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2. | |||
export APACHE_LOG_DIR=/var/log/apache2$SUFFIX | |||
## The locale used by some modules like mod_dav | |||
export LANG=C | |||
## Uncomment the following line to use the system default locale instead: | |||
#. /etc/default/locale | |||
export LANG | |||
## The command to get the status for 'apache2ctl status'. | |||
## Some packages providing 'www-browser' need '--dump' instead of '-dump'. | |||
#export APACHE_LYNX='www-browser -dump' | |||
## If you need a higher file descriptor limit, uncomment and adjust the | |||
## following line (default is 8192): | |||
#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536' | |||
## If you would like to pass arguments to the web server, add them below | |||
## to the APACHE_ARGUMENTS environment. | |||
#export APACHE_ARGUMENTS='' | |||
## Enable the debug mode for maintainer scripts. | |||
## This will produce a verbose output on package installations of web server modules and web application | |||
## installations which interact with Apache | |||
#export APACHE2_MAINTSCRIPT_DEBUG=1 |
@@ -0,0 +1,22 @@ | |||
# Managed by saltstack | |||
{%- set mpm_param = salt['pillar.get']('apache:mpm:params', {}) %} | |||
# event MPM | |||
# StartServers: initial number of server processes to start | |||
# MinSpareThreads: minimum number of worker threads which are kept spare | |||
# MaxSpareThreads: maximum number of worker threads which are kept spare | |||
# ThreadsPerChild: constant number of worker threads in each server process | |||
# MaxRequestWorkers: maximum number of worker threads | |||
# MaxConnectionsPerChild: maximum number of requests a server process serves | |||
<IfModule mpm_event_module> | |||
StartServers {{ mpm_param['start_servers'] | d('2') }} | |||
MaxRequestWorkers {{ mpm_param['max_request_workers'] | d('150') }} | |||
MinSpareThreads {{ mpm_param['min_spare_threads'] | d('25') }} | |||
MaxSpareThreads {{ mpm_param['max_spare_threads'] | d('75') }} | |||
ThreadLimit {{ mpm_param['thread_limit'] | d('64') }} | |||
ThreadsPerChild {{ mpm_param['threads_per_child'] | d('25') }} | |||
MaxConnectionsPerChild {{ mpm_param['max_connections_per_child'] | d('0') }} | |||
</IfModule> | |||
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet |
@@ -0,0 +1,20 @@ | |||
# Managed by saltstack | |||
{%- set mpm_param = salt['pillar.get']('apache:mpm:params', {}) %} | |||
# prefork MPM | |||
# StartServers: number of server processes to start | |||
# MinSpareServers: minimum number of server processes which are kept spare | |||
# MaxSpareServers: maximum number of server processes which are kept spare | |||
# MaxRequestWorkers: maximum number of server processes allowed to start | |||
# MaxConnectionsPerChild: maximum number of requests a server process serves | |||
<IfModule mpm_prefork_module> | |||
StartServers {{ mpm_param['start_servers'] | d('5') }} | |||
MaxRequestWorkers {{ mpm_param['max_request_workers'] | d('150') }} | |||
MinSpareServers {{ mpm_param['min_spare_servers'] | d('5') }} | |||
MaxSpareServers {{ mpm_param['max_spare_servers'] | d('10') }} | |||
MaxConnectionsPerChild {{ mpm_param['max_connections_per_child'] | d('0') }} | |||
</IfModule> | |||
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet |
@@ -0,0 +1,26 @@ | |||
# Managed by saltstack | |||
{%- set mpm_param = salt['pillar.get']('apache:mpm:params', {}) %} | |||
# worker MPM | |||
# StartServers: initial number of server processes to start | |||
# MinSpareThreads: minimum number of worker threads which are kept spare | |||
# MaxSpareThreads: maximum number of worker threads which are kept spare | |||
# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a | |||
# graceful restart. ThreadLimit can only be changed by stopping | |||
# and starting Apache. | |||
# ThreadsPerChild: constant number of worker threads in each server process | |||
# MaxRequestWorkers: maximum number of threads | |||
# MaxConnectionsPerChild: maximum number of requests a server process serves | |||
<IfModule mpm_worker_module> | |||
StartServers {{ mpm_param['start_servers'] | d('2') }} | |||
MaxRequestWorkers {{ mpm_param['max_request_workers'] | d('150') }} | |||
MinSpareThreads {{ mpm_param['min_spare_threads'] | d('25') }} | |||
MaxSpareThreads {{ mpm_param['max_spare_threads'] | d('75') }} | |||
ThreadLimit {{ mpm_param['thread_limit'] | d('64') }} | |||
ThreadsPerChild {{ mpm_param['threads_per_child'] | d('25') }} | |||
MaxConnectionsPerChild {{ mpm_param['max_connections_per_child'] | d('0') }} | |||
</IfModule> | |||
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet |
@@ -0,0 +1,356 @@ | |||
# | |||
# This is the main Apache HTTP server configuration file. It contains the | |||
# configuration directives that give the server its instructions. | |||
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information. | |||
# In particular, see | |||
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html> | |||
# for a discussion of each configuration directive. | |||
# | |||
# Do NOT simply read the instructions in here without understanding | |||
# what they do. They're here only as hints or reminders. If you are unsure | |||
# consult the online docs. You have been warned. | |||
# | |||
# Configuration and logfile names: If the filenames you specify for many | |||
# of the server's control files begin with "/" (or "drive:/" for Win32), the | |||
# server will use that explicit path. If the filenames do *not* begin | |||
# with "/", the value of ServerRoot is prepended -- so 'log/access_log' | |||
# with ServerRoot set to '/www' will be interpreted by the | |||
# server as '/www/log/access_log', where as '/log/access_log' will be | |||
# interpreted as '/log/access_log'. | |||
# | |||
# ServerRoot: The top of the directory tree under which the server's | |||
# configuration, error, and log files are kept. | |||
# | |||
# Do not add a slash at the end of the directory path. If you point | |||
# ServerRoot at a non-local disk, be sure to specify a local disk on the | |||
# Mutex directive, if file-based mutexes are used. If you wish to share the | |||
# same ServerRoot for multiple httpd daemons, you will need to change at | |||
# least PidFile. | |||
# | |||
ServerRoot "/etc/httpd" | |||
# | |||
# Listen: Allows you to bind Apache to specific IP addresses and/or | |||
# ports, instead of the default. See also the <VirtualHost> | |||
# directive. | |||
# | |||
# Change this to Listen on specific IP addresses as shown below to | |||
# prevent Apache from glomming onto all bound IP addresses. | |||
# | |||
#Listen 12.34.56.78:80 | |||
Listen 80 | |||
# | |||
# Dynamic Shared Object (DSO) Support | |||
# | |||
# To be able to use the functionality of a module which was built as a DSO you | |||
# have to place corresponding `LoadModule' lines at this location so the | |||
# directives contained in it are actually available _before_ they are used. | |||
# Statically compiled modules (those listed by `httpd -l') do not need | |||
# to be loaded here. | |||
# | |||
# Example: | |||
# LoadModule foo_module modules/mod_foo.so | |||
# | |||
Include conf.modules.d/*.conf | |||
# | |||
# If you wish httpd to run as a different user or group, you must run | |||
# httpd as root initially and it will switch. | |||
# | |||
# User/Group: The name (or #number) of the user/group to run httpd as. | |||
# It is usually good practice to create a dedicated user and group for | |||
# running httpd, as with most system services. | |||
# | |||
User apache | |||
Group apache | |||
# 'Main' server configuration | |||
# | |||
# The directives in this section set up the values used by the 'main' | |||
# server, which responds to any requests that aren't handled by a | |||
# <VirtualHost> definition. These values also provide defaults for | |||
# any <VirtualHost> containers you may define later in the file. | |||
# | |||
# All of these directives may appear inside <VirtualHost> containers, | |||
# in which case these default settings will be overridden for the | |||
# virtual host being defined. | |||
# | |||
# | |||
# ServerAdmin: Your address, where problems with the server should be | |||
# e-mailed. This address appears on some server-generated pages, such | |||
# as error documents. e.g. admin@your-domain.com | |||
# | |||
ServerAdmin root@localhost | |||
# | |||
# ServerName gives the name and port that the server uses to identify itself. | |||
# This can often be determined automatically, but we recommend you specify | |||
# it explicitly to prevent problems during startup. | |||
# | |||
# If your host doesn't have a registered DNS name, enter its IP address here. | |||
# | |||
#ServerName www.example.com:80 | |||
# | |||
# Deny access to the entirety of your server's filesystem. You must | |||
# explicitly permit access to web content directories in other | |||
# <Directory> blocks below. | |||
# | |||
<Directory /> | |||
AllowOverride none | |||
Require all denied | |||
</Directory> | |||
# | |||
# Note that from this point forward you must specifically allow | |||
# particular features to be enabled - so if something's not working as | |||
# you might expect, make sure that you have specifically enabled it | |||
# below. | |||
# | |||
# | |||
# DocumentRoot: The directory out of which you will serve your | |||
# documents. By default, all requests are taken from this directory, but | |||
# symbolic links and aliases may be used to point to other locations. | |||
# | |||
DocumentRoot "/var/www/html" | |||
# | |||
# Relax access to content within /var/www. | |||
# | |||
<Directory "/var/www"> | |||
AllowOverride None | |||
# Allow open access: | |||
Require all granted | |||
</Directory> | |||
# Further relax access to the default document root: | |||
<Directory "/var/www/html"> | |||
# | |||
# Possible values for the Options directive are "None", "All", | |||
# or any combination of: | |||
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews | |||
# | |||
# Note that "MultiViews" must be named *explicitly* --- "Options All" | |||
# doesn't give it to you. | |||
# | |||
# The Options directive is both complicated and important. Please see | |||
# http://httpd.apache.org/docs/2.4/mod/core.html#options | |||
# for more information. | |||
# | |||
Options Indexes FollowSymLinks | |||
# | |||
# AllowOverride controls what directives may be placed in .htaccess files. | |||
# It can be "All", "None", or any combination of the keywords: | |||
# Options FileInfo AuthConfig Limit | |||
# | |||
AllowOverride None | |||
# | |||
# Controls who can get stuff from this server. | |||
# | |||
Require all granted | |||
</Directory> | |||
# | |||
# DirectoryIndex: sets the file that Apache will serve if a directory | |||
# is requested. | |||
# | |||
<IfModule dir_module> | |||
DirectoryIndex index.html | |||
</IfModule> | |||
# | |||
# The following lines prevent .htaccess and .htpasswd files from being | |||
# viewed by Web clients. | |||
# | |||
<Files ".ht*"> | |||
Require all denied | |||
</Files> | |||
# | |||
# ErrorLog: The location of the error log file. | |||
# If you do not specify an ErrorLog directive within a <VirtualHost> | |||
# container, error messages relating to that virtual host will be | |||
# logged here. If you *do* define an error logfile for a <VirtualHost> | |||
# container, that host's errors will be logged there and not here. | |||
# | |||
ErrorLog "logs/error_log" | |||
# | |||
# LogLevel: Control the number of messages logged to the error_log. | |||
# Possible values include: debug, info, notice, warn, error, crit, | |||
# alert, emerg. | |||
# | |||
LogLevel warn | |||
<IfModule log_config_module> | |||
# | |||
# The following directives define some format nicknames for use with | |||
# a CustomLog directive (see below). | |||
# | |||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined | |||
LogFormat "%h %l %u %t \"%r\" %>s %b" common | |||
{%- for log_format in salt['pillar.get']('apache:log_formats', []) %} | |||
LogFormat {{ log_format }} | |||
{%- endfor %} | |||
<IfModule logio_module> | |||
# You need to enable mod_logio.c to use %I and %O | |||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio | |||
</IfModule> | |||
# | |||
# The location and format of the access logfile (Common Logfile Format). | |||
# If you do not define any access logfiles within a <VirtualHost> | |||
# container, they will be logged here. Contrariwise, if you *do* | |||
# define per-<VirtualHost> access logfiles, transactions will be | |||
# logged therein and *not* in this file. | |||
# | |||
#CustomLog "logs/access_log" common | |||
# | |||
# If you prefer a logfile with access, agent, and referer information | |||
# (Combined Logfile Format) you can use the following directive. | |||
# | |||
CustomLog "logs/access_log" combined | |||
</IfModule> | |||
<IfModule alias_module> | |||
# | |||
# Redirect: Allows you to tell clients about documents that used to | |||
# exist in your server's namespace, but do not anymore. The client | |||
# will make a new request for the document at its new location. | |||
# Example: | |||
# Redirect permanent /foo http://www.example.com/bar | |||
# | |||
# Alias: Maps web paths into filesystem paths and is used to | |||
# access content that does not live under the DocumentRoot. | |||
# Example: | |||
# Alias /webpath /full/filesystem/path | |||
# | |||
# If you include a trailing / on /webpath then the server will | |||
# require it to be present in the URL. You will also likely | |||
# need to provide a <Directory> section to allow access to | |||
# the filesystem path. | |||
# | |||
# ScriptAlias: This controls which directories contain server scripts. | |||
# ScriptAliases are essentially the same as Aliases, except that | |||
# documents in the target directory are treated as applications and | |||
# run by the server when requested rather than as documents sent to the | |||
# client. The same rules about trailing "/" apply to ScriptAlias | |||
# directives as to Alias. | |||
# | |||
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" | |||
</IfModule> | |||
# | |||
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased | |||
# CGI directory exists, if you have that configured. | |||
# | |||
<Directory "/var/www/cgi-bin"> | |||
AllowOverride None | |||
Options None | |||
Require all granted | |||
</Directory> | |||
<IfModule mime_module> | |||
# | |||
# TypesConfig points to the file containing the list of mappings from | |||
# filename extension to MIME-type. | |||
# | |||
TypesConfig /etc/mime.types | |||
# | |||
# AddType allows you to add to or override the MIME configuration | |||
# file specified in TypesConfig for specific file types. | |||
# | |||
#AddType application/x-gzip .tgz | |||
# | |||
# AddEncoding allows you to have certain browsers uncompress | |||
# information on the fly. Note: Not all browsers support this. | |||
# | |||
#AddEncoding x-compress .Z | |||
#AddEncoding x-gzip .gz .tgz | |||
# | |||
# If the AddEncoding directives above are commented-out, then you | |||
# probably should define those extensions to indicate media types: | |||
# | |||
AddType application/x-compress .Z | |||
AddType application/x-gzip .gz .tgz | |||
# | |||
# AddHandler allows you to map certain file extensions to "handlers": | |||
# actions unrelated to filetype. These can be either built into the server | |||
# or added with the Action directive (see below) | |||
# | |||
# To use CGI scripts outside of ScriptAliased directories: | |||
# (You will also need to add "ExecCGI" to the "Options" directive.) | |||
# | |||
#AddHandler cgi-script .cgi | |||
# For type maps (negotiated resources): | |||
#AddHandler type-map var | |||
# | |||
# Filters allow you to process content before it is sent to the client. | |||
# | |||
# To parse .shtml files for server-side includes (SSI): | |||
# (You will also need to add "Includes" to the "Options" directive.) | |||
# | |||
AddType text/html .shtml | |||
AddOutputFilter INCLUDES .shtml | |||
</IfModule> | |||
# | |||
# Specify a default charset for all content served; this enables | |||
# interpretation of all content as UTF-8 by default. To use the | |||
# default browser choice (ISO-8859-1), or to allow the META tags | |||
# in HTML content to override this choice, comment out this | |||
# directive: | |||
# | |||
AddDefaultCharset UTF-8 | |||
<IfModule mime_magic_module> | |||
# | |||
# The mod_mime_magic module allows the server to use various hints from the | |||
# contents of the file itself to determine its type. The MIMEMagicFile | |||
# directive tells the module where the hint definitions are located. | |||
# | |||
MIMEMagicFile conf/magic | |||
</IfModule> | |||
# | |||
# Customizable error responses come in three flavors: | |||
# 1) plain text 2) local redirects 3) external redirects | |||
# | |||
# Some examples: | |||
#ErrorDocument 500 "The server made a boo boo." | |||
#ErrorDocument 404 /missing.html | |||
#ErrorDocument 404 "/cgi-bin/missing_handler.pl" | |||
#ErrorDocument 402 http://www.example.com/subscription_info.html | |||
# | |||
# | |||
# EnableMMAP and EnableSendfile: On systems that support it, | |||
# memory-mapping or the sendfile syscall may be used to deliver | |||
# files. This usually improves server performance, but must | |||
# be turned off when serving from networked-mounted | |||
# filesystems or if support for these functions is otherwise | |||
# broken on your system. | |||
# Defaults if commented: EnableMMAP On, EnableSendfile Off | |||
# | |||
#EnableMMAP off | |||
EnableSendfile on | |||
# Supplemental configuration | |||
# | |||
# Load config files in the "/etc/httpd/conf.d" directory, if any. | |||
IncludeOptional conf.d/*.conf |
@@ -0,0 +1,209 @@ | |||
# | |||
# /etc/apache2/httpd.conf | |||
# | |||
# This is the main Apache server configuration file. It contains the | |||
# configuration directives that give the server its instructions. | |||
# See <URL:http:///httpd.apache.org/docs/2.4/> for detailed information about | |||
# the directives. | |||
# Based upon the default apache configuration file that ships with apache, | |||
# which is based upon the NCSA server configuration files originally by Rob | |||
# McCool. This file was knocked together by Peter Poeml <poeml+apache@suse.de>. | |||
# If possible, avoid changes to this file. It does mainly contain Include | |||
# statements and global settings that can/should be overridden in the | |||
# configuration of your virtual hosts. | |||
# Quickstart guide: | |||
# http://en.opensuse.org/SDB:Apache_installation | |||
# Overview of include files, chronologically: | |||
# | |||
# httpd.conf | |||
# | | |||
# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under | |||
# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...) | |||
# |-- sysconfig.d/loadmodule.conf . . . . . [*] load these modules | |||
# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on | |||
# |-- mod_log_config.conf . . . . . . . . . define logging formats | |||
# |-- sysconfig.d/global.conf . . . . . . . [*] server-wide general settings | |||
# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring) | |||
# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info | |||
# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking | |||
# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings | |||
# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration | |||
# |-- errors.conf . . . . . . . . . . . . . customize error responses | |||
# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts | |||
# | | |||
# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests | |||
# | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded) | |||
# | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed) | |||
# | | |||
# |-- sysconfig.d/include.conf . . . . . . [*] your include files | |||
# | (for each file to be included here, put its name | |||
# | into APACHE_INCLUDE_* in /etc/sysconfig/apache2) | |||
# | | |||
# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here | |||
# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included) | |||
# | |||
# | |||
# Files marked [*] are created from sysconfig upon server restart: instead of | |||
# these files, you edit /etc/sysconfig/apache2 | |||
# Filesystem layout: | |||
# | |||
# /etc/apache2/ | |||
# |-- charset.conv . . . . . . . . . . . . for mod_auth_ldap | |||
# |-- conf.d/ | |||
# | |-- apache2-manual.conf . . . . . . . conf that comes with apache2-doc | |||
# | |-- mod_php4.conf . . . . . . . . . . (example) conf that comes with apache2-mod_php4 | |||
# | `-- ... . . . . . . . . . . . . . . . other configuration added by packages | |||
# |-- default-server.conf | |||
# |-- errors.conf | |||
# |-- httpd.conf . . . . . . . . . . . . . top level configuration file | |||
# |-- listen.conf | |||
# |-- magic | |||
# |-- mime.types -> ../mime.types | |||
# |-- mod_autoindex-defaults.conf | |||
# |-- mod_info.conf | |||
# |-- mod_log_config.conf | |||
# |-- mod_mime-defaults.conf | |||
# |-- mod_perl-startup.pl | |||
# |-- mod_status.conf | |||
# |-- mod_userdir.conf | |||
# |-- mod_usertrack.conf | |||
# |-- server-tuning.conf | |||
# |-- ssl-global.conf | |||
# |-- ssl.crl/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Revocation Lists (CRL) | |||
# |-- ssl.crt/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificates | |||
# |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests | |||
# |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys | |||
# |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files | |||
# |-- sysconfig.d/ . . . . . . . . . . . . files that are created from /etc/sysconfig/apache2 | |||
# | |-- global.conf | |||
# | |-- include.conf | |||
# | `-- loadmodule.conf | |||
# |-- uid.conf | |||
# `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here | |||
# |-- vhost-ssl.template | |||
# `-- vhost.template | |||
### Global Environment ###################################################### | |||
# | |||
# The directives in this section affect the overall operation of Apache, | |||
# such as the number of concurrent requests. | |||
# run under this user/group id | |||
Include /etc/apache2/uid.conf | |||
# - how many server processes to start (server pool regulation) | |||
# - usage of KeepAlive | |||
Include /etc/apache2/server-tuning.conf | |||
# ErrorLog: The location of the error log file. | |||
# If you do not specify an ErrorLog directive within a <VirtualHost> | |||
# container, error messages relating to that virtual host will be | |||
# logged here. If you *do* define an error logfile for a <VirtualHost> | |||
# container, that host's errors will be logged there and not here. | |||
ErrorLog /var/log/apache2/error_log | |||
# generated from APACHE_MODULES in /etc/sysconfig/apache2 | |||
Include /etc/apache2/sysconfig.d/loadmodule.conf | |||
# IP addresses / ports to listen on | |||
Include /etc/apache2/listen.conf | |||
# predefined logging formats | |||
Include /etc/apache2/mod_log_config.conf | |||
# generated from global settings in /etc/sysconfig/apache2 | |||
Include /etc/apache2/sysconfig.d/global.conf | |||
# optional mod_status, mod_info | |||
Include /etc/apache2/mod_status.conf | |||
Include /etc/apache2/mod_info.conf | |||
# optional cookie-based user tracking | |||
# read the documentation before using it!! | |||
Include /etc/apache2/mod_usertrack.conf | |||
# configuration of server-generated directory listings | |||
Include /etc/apache2/mod_autoindex-defaults.conf | |||
# associate MIME types with filename extensions | |||
TypesConfig /etc/apache2/mime.types | |||
Include /etc/apache2/mod_mime-defaults.conf | |||
# set up (customizable) error responses | |||
Include /etc/apache2/errors.conf | |||
# global (server-wide) SSL configuration, that is not specific to | |||
# any virtual host | |||
Include /etc/apache2/ssl-global.conf | |||
# forbid access to the entire filesystem by default | |||
<Directory /> | |||
Options None | |||
AllowOverride None | |||
Require all denied | |||
</Directory> | |||
# use .htaccess files for overriding, | |||
AccessFileName .htaccess | |||
# and never show them | |||
<Files ~ "^\.ht"> | |||
Require all denied | |||
</Files> | |||
# List of resources to look for when the client requests a directory | |||
DirectoryIndex index.html index.html.var | |||
### 'Main' server configuration ############################################# | |||
# | |||
# The directives in this section set up the values used by the 'main' | |||
# server, which responds to any requests that aren't handled by a | |||
# <VirtualHost> definition. These values also provide defaults for | |||
# any <VirtualHost> containers you may define later in the file. | |||
# | |||
# All of these directives may appear inside <VirtualHost> containers, | |||
# in which case these default settings will be overridden for the | |||
# virtual host being defined. | |||
# | |||
Include /etc/apache2/default-server.conf | |||
# Another way to include your own files | |||
# | |||
# The file below is generated from /etc/sysconfig/apache2, | |||
# include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and | |||
# APACHE_CONF_INCLUDE_DIRS | |||
Include /etc/apache2/sysconfig.d/include.conf | |||
### Virtual server configuration ############################################ | |||
# | |||
# VirtualHost: If you want to maintain multiple domains/hostnames on your | |||
# machine you can setup VirtualHost containers for them. Most configurations | |||
# use only name-based virtual hosts so the server doesn't need to worry about | |||
# IP addresses. This is indicated by the asterisks in the directives below. | |||
# | |||
# Please see the documentation at | |||
# <URL:http:///httpd.apache.org/docs/2.4/vhosts/> | |||
# for further details before you try to setup virtual hosts. | |||
# | |||
# You may use the command line option '-S' to verify your virtual host | |||
# configuration. | |||
# | |||
IncludeOptional /etc/apache2/vhosts.d/*.conf | |||
# Note: instead of adding your own configuration here, consider | |||
# adding it in your own file (/etc/apache2/httpd.conf.local) | |||
# putting its name into APACHE_CONF_INCLUDE_FILES in | |||
# /etc/sysconfig/apache2 -- this will make system updates | |||
# easier :) |
@@ -2,8 +2,11 @@ | |||
'Debian': { | |||
'server': 'apache2', | |||
'service': 'apache2', | |||
'configfile': '/etc/apache2/apache2.conf', | |||
'mod_wsgi': 'libapache2-mod-wsgi', | |||
'mod_php5': 'libapache2-mod-php5', | |||
'mod_fcgid': 'libapache2-mod-fcgid', | |||
'vhostdir': '/etc/apache2/sites-available', | |||
'confdir': '/etc/apache2/conf.d', | |||
@@ -17,6 +20,7 @@ | |||
'RedHat': { | |||
'server': 'httpd', | |||
'service': 'httpd', | |||
'configfile': '/etc/httpd/conf/httpd.conf', | |||
'mod_wsgi': 'mod_wsgi', | |||
@@ -32,8 +36,11 @@ | |||
'Suse': { | |||
'server': 'apache2', | |||
'service': 'apache2', | |||
'configfile': '/etc/apache2/httpd.conf', | |||
'mod_wsgi': 'apache2-mod_wsgi', | |||
'mod_php5': 'apache2-mod_php5', | |||
'mod_fcgid': 'apache2-mod_fcgid', | |||
'vhostdir': '/etc/apache2/vhosts.d', | |||
'confdir': '/etc/httpd/conf.d', | |||
@@ -47,6 +54,7 @@ | |||
'FreeBSD': { | |||
'server': 'apache22', | |||
'service': 'apache22', | |||
'configfile': '/usr/local/etc/apache22/httpd.conf', | |||
'mod_wsgi': 'ap22-mod_wsgi3', | |||
@@ -0,0 +1,15 @@ | |||
{% if grains['os_family']=="Debian" %} | |||
include: | |||
- apache | |||
a2enmod actions: | |||
cmd.run: | |||
- unless: ls /etc/apache2/mods-enabled/actions.load | |||
- order: 255 | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-restart | |||
{% endif %} |
@@ -1,15 +1,16 @@ | |||
{% if grains['os_family']=="Debian" %} | |||
{% from "apache/map.jinja" import apache with context %} | |||
include: | |||
- apache | |||
mod-fcgid: | |||
pkg.installed: | |||
- name: libapache2-mod-fcgid | |||
- name: {{ apache.mod_fcgid }} | |||
- order: 180 | |||
- require: | |||
- pkg: apache | |||
{% if grains['os_family']=="Debian" %} | |||
a2enmod fcgid: | |||
cmd.run: | |||
- order: 225 |
@@ -0,0 +1,15 @@ | |||
{% if grains['os_family']=="Debian" %} | |||
include: | |||
- apache | |||
a2enmod headers: | |||
cmd.run: | |||
- unless: ls /etc/apache2/mods-enabled/headers.load | |||
- order: 255 | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-restart | |||
{% endif %} |
@@ -0,0 +1,38 @@ | |||
{% if grains['os_family']=="Debian" %} | |||
{% from "apache/map.jinja" import apache with context %} | |||
{% set mpm_module = salt['pillar.get']('apache:mpm:module', 'mpm_prefork') %} | |||
include: | |||
- apache | |||
a2enmod {{ mpm_module }}: | |||
cmd.run: | |||
- unless: ls /etc/apache2/mods-enabled/{{ mpm_module }}.load | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache_restart | |||
file.managed: | |||
- name: /etc/apache2/mods-available/{{ mpm_module }}.conf | |||
- template: jinja | |||
- source: | |||
- salt://apache/files/Debian/mpm/{{ mpm_module }}.conf.jinja | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache_restart | |||
# Deactivate the other mpm modules as a previous step | |||
{% for mod in ['mpm_prefork', 'mpm_worker', 'mpm_event'] if not mod == mpm_module %} | |||
a2dismod {{ mod }}: | |||
cmd.run: | |||
- onlyif: test -e /etc/apache2/mods-enabled/{{ mod }}.load | |||
- require: | |||
- pkg: apache | |||
- require_in: | |||
- cmd: a2enmod {{ mpm_module }} | |||
- watch_in: | |||
- module: apache_restart | |||
{% endfor %} | |||
{% endif %} |
@@ -0,0 +1,57 @@ | |||
{% if grains['os_family']=="Debian" %} | |||
{% from "apache/map.jinja" import apache with context %} | |||
include: | |||
- apache | |||
libapache2-mod-pagespeed: | |||
pkg: | |||
- installed | |||
- sources: | |||
- mod-pagespeed-stable: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb | |||
a2enmod pagespeed: | |||
cmd.run: | |||
- unless: ls /etc/apache2/mods-enabled/pagespeed.load | |||
- order: 255 | |||
- require: | |||
- pkg: libapache2-mod-pagespeed | |||
- watch_in: | |||
- service: apache | |||
{% for dir in ['/var/cache/mod_pagespeed', '/var/log/pagespeed'] %} | |||
{{ dir }}: | |||
file: | |||
- directory | |||
- makedirs: true | |||
- user: {{ salt['pillar.get']('apache:user', 'www-data') }} | |||
- group: {{ salt['pillar.get']('apache:group', 'www-data') }} | |||
- require: | |||
- pkg: libapache2-mod-pagespeed | |||
- user: {{ salt['pillar.get']('apache:user', 'www-data') }} | |||
- group: {{ salt['pillar.get']('apache:group', 'www-data') }} | |||
{% endfor %} | |||
# Here we hardcode a logrotate entry to take care of the logs | |||
/etc/logrorate.d/pagespeed: | |||
file: | |||
- managed | |||
- contents: | | |||
/var/log/pagespeed/*.log { | |||
weekly | |||
missingok | |||
rotate 52 | |||
compress | |||
delaycompress | |||
notifempty | |||
sharedscripts | |||
postrotate | |||
if /etc/init.d/apache2 status > /dev/null ; then \ | |||
/etc/init.d/apache2 reload > /dev/null; \ | |||
fi; | |||
endscript | |||
} | |||
{% endif %} |
@@ -1,15 +1,16 @@ | |||
{% if grains['os_family']=="Debian" %} | |||
{% from "apache/map.jinja" import apache with context %} | |||
include: | |||
- apache | |||
mod-php5: | |||
pkg.installed: | |||
- name: libapache2-mod-php5 | |||
- name: {{ apache.mod_php5 }} | |||
- order: 180 | |||
- require: | |||
- pkg: apache | |||
{% if grains['os_family']=="Debian" %} | |||
a2enmod php5: | |||
cmd.run: | |||
- unless: ls /etc/apache2/mods-enabled/php5.load |