refactor(formula): align to template-formula & improve citags/v1.0.0
ignore: | | ignore: | | ||||
apache/files/Debian/ssl.conf.jinja | apache/files/Debian/ssl.conf.jinja | ||||
apache/files/FreeBSD/mod_ssl.conf.jinja | apache/files/FreeBSD/mod_ssl.conf.jinja | ||||
apache/files/tls-defaults.conf.jinja | |||||
apache/files/ssl/tls-defaults.conf.jinja | |||||
test/salt/pillar/modules.sls | |||||
skip_list: | skip_list: | ||||
# Using `salt-lint` for linting other files as well, such as Jinja macros/templates | # Using `salt-lint` for linting other files as well, such as Jinja macros/templates | ||||
- 205 # Use ".sls" as a Salt State file extension | - 205 # Use ".sls" as a Salt State file extension |
## Define the rest of the matrix based on Kitchen testing | ## Define the rest of the matrix based on Kitchen testing | ||||
# Make sure the instances listed below match up with | # Make sure the instances listed below match up with | ||||
# the `platforms` defined in `kitchen.yml` | # the `platforms` defined in `kitchen.yml` | ||||
- env: INSTANCE=default-debian-10-master-py3 | |||||
# - env: INSTANCE=default-ubuntu-1804-master-py3 | |||||
# - env: INSTANCE=default-centos-8-master-py3 | |||||
# - env: INSTANCE=default-fedora-31-master-py3 | |||||
# - env: INSTANCE=default-opensuse-leap-151-master-py3 | |||||
# - env: INSTANCE=default-amazonlinux-2-master-py3 | |||||
# - env: INSTANCE=default-debian-10-2019-2-py3 | |||||
# - env: INSTANCE=default-debian-9-2019-2-py3 | |||||
- env: INSTANCE=default-ubuntu-1804-2019-2-py3 | |||||
# - env: INSTANCE=default-centos-8-2019-2-py3 | |||||
# - env: INSTANCE=default-fedora-31-2019-2-py3 | |||||
# - env: INSTANCE=default-opensuse-leap-151-2019-2-py3 | |||||
# - env: INSTANCE=default-centos-7-2019-2-py2 | |||||
- env: INSTANCE=default-amazonlinux-2-2019-2-py3 | |||||
# - env: INSTANCE=default-arch-base-latest-2019-2-py2 | |||||
- env: INSTANCE=default-fedora-30-2018-3-py3 | |||||
# - env: INSTANCE=default-debian-9-2018-3-py2 | |||||
# - env: INSTANCE=default-ubuntu-1604-2018-3-py2 | |||||
# - env: INSTANCE=default-centos-7-2018-3-py2 | |||||
# - env: INSTANCE=default-opensuse-leap-151-2018-3-py2 | |||||
# - env: INSTANCE=default-amazonlinux-1-2018-3-py2 | |||||
# - env: INSTANCE=default-arch-base-latest-2018-3-py2 | |||||
# - env: INSTANCE=default-debian-8-2017-7-py2 | |||||
# - env: INSTANCE=default-ubuntu-1604-2017-7-py2 | |||||
- env: INSTANCE=default-centos-6-2017-7-py2 | |||||
# - env: INSTANCE=default-fedora-30-2017-7-py2 | |||||
# - env: INSTANCE=default-opensuse-leap-151-2017-7-py2 | |||||
# - env: INSTANCE=default-amazonlinux-1-2017-7-py2 | |||||
# - env: INSTANCE=default-arch-base-latest-2017-7-py2 | |||||
- env: INSTANCE=modules-debian-10-master-py3 | |||||
# env: INSTANCE=modules-ubuntu-1804-master-py3 | |||||
- env: INSTANCE=modules-centos-8-master-py3 | |||||
- env: INSTANCE=modules-fedora-31-master-py3 | |||||
- env: INSTANCE=modules-opensuse-leap-151-master-py3 | |||||
# https://community.letsencrypt.org/t/localhost-crt-does-not-exist-or-is-empty/103979 | |||||
- env: INSTANCE=default-amazonlinux-2-master-py3 | |||||
# - env: INSTANCE=modules-debian-10-2019-2-py3 | |||||
# - env: INSTANCE=modules-debian-9-2019-2-py3 | |||||
- env: INSTANCE=modules-ubuntu-1804-2019-2-py3 | |||||
# - env: INSTANCE=modules-centos-8-2019-2-py3 | |||||
# - env: INSTANCE=modules-fedora-31-2019-2-py3 | |||||
# - env: INSTANCE=suse-opensuse-leap-151-2019-2-py3 | |||||
- env: INSTANCE=modules-centos-7-2019-2-py2 | |||||
# env: INSTANCE=default-amazonlinux-2-2019-2-py3 | |||||
# - env: INSTANCE=modules-arch-base-latest-2019-2-py2 | |||||
# env: INSTANCE=modules-fedora-30-2018-3-py3 | |||||
# - env: INSTANCE=modules-debian-9-2018-3-py2 | |||||
# - env: INSTANCE=modules-ubuntu-1604-2018-3-py2 | |||||
# - env: INSTANCE=modules-centos-7-2018-3-py2 | |||||
# - env: INSTANCE=modules-opensuse-leap-151-2018-3-py2 | |||||
# - env: INSTANCE=modules-amazonlinux-1-2018-3-py2 | |||||
# - env: INSTANCE=modules-arch-base-latest-2018-3-py2 | |||||
# - env: INSTANCE=modules-debian-8-2017-7-py2 | |||||
# - env: INSTANCE=modules-ubuntu-1604-2017-7-py2 | |||||
# env: INSTANCE=default-centos-6-2017-7-py2 | |||||
# - env: INSTANCE=modules-fedora-30-2017-7-py2 | |||||
# - env: INSTANCE=modules-opensuse-leap-151-2017-7-py2 | |||||
# - env: INSTANCE=modules-amazonlinux-1-2017-7-py2 | |||||
- env: INSTANCE=arch-arch-base-latest-2017-7-py2 | |||||
## Define the release stage that runs `semantic-release` | ## Define the release stage that runs `semantic-release` | ||||
- stage: 'release' | - stage: 'release' |
node_modules/ | node_modules/ | ||||
test/**/states/**/*.sls | test/**/states/**/*.sls | ||||
.kitchen/ | .kitchen/ | ||||
test/salt/pillar/modules.sls | |||||
test/salt/pillar/default.sls | |||||
pillar.example | |||||
yaml-files: | yaml-files: | ||||
# Default settings | # Default settings |
config/certificates/ |
{% from "apache/map.jinja" import apache with context %} | |||||
include: | |||||
- apache | |||||
{%- for site, confcert in salt['pillar.get']('apache:sites', {}).items() %} | |||||
{% if confcert.SSLCertificateKeyFile is defined and confcert.SSLCertificateKeyFile_content is defined %} | |||||
# Deploy {{ site }} key file | |||||
apache_cert_config_{{ site }}_key_file: | |||||
file.managed: | |||||
- name: {{ confcert.SSLCertificateKeyFile }} | |||||
- contents_pillar: apache:sites:{{ site }}:SSLCertificateKeyFile_content | |||||
- makedirs: True | |||||
- mode: 600 | |||||
- user: root | |||||
- group: root | |||||
- watch_in: | |||||
- module: apache-reload | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
{% endif %} | |||||
{% if confcert.SSLCertificateFile is defined and confcert.SSLCertificateFile_content is defined %} | |||||
# Deploy {{ site }} cert file | |||||
apache_cert_config_{{ site }}_cert_file: | |||||
file.managed: | |||||
- name: {{ confcert.SSLCertificateFile }} | |||||
- contents_pillar: apache:sites:{{ site }}:SSLCertificateFile_content | |||||
- makedirs: True | |||||
- mode: 600 | |||||
- user: root | |||||
- group: root | |||||
- watch_in: | |||||
- module: apache-reload | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
{% endif %} | |||||
{% if confcert.SSLCertificateChainFile is defined and confcert.SSLCertificateChainFile_content is defined %} | |||||
# Deploy {{ site }} bundle file | |||||
apache_cert_config_{{ site }}_bundle_file: | |||||
file.managed: | |||||
- name: {{ confcert.SSLCertificateChainFile }} | |||||
- contents_pillar: apache:sites:{{ site }}:SSLCertificateChainFile_content | |||||
- makedirs: True | |||||
- mode: 600 | |||||
- user: root | |||||
- group: root | |||||
- watch_in: | |||||
- module: apache-reload | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
{% endif %} | |||||
{%- endfor %} | |||||
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
include: | |||||
- .service.clean | |||||
- .config.clean | |||||
- .package.clean |
{% from "apache/map.jinja" import apache with context %} | |||||
include: | |||||
- apache | |||||
{{ apache.logdir }}: | |||||
file.directory: | |||||
- makedirs: True | |||||
- require: | |||||
- pkg: apache | |||||
- watch_in: | |||||
- module: apache-restart | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
{{ apache.configfile }}: | |||||
file.managed: | |||||
- template: jinja | |||||
- source: | |||||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/apache-{{ apache.version }}.config.jinja | |||||
- require: | |||||
- pkg: apache | |||||
- watch_in: | |||||
- module: apache-restart | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
- context: | |||||
apache: {{ apache | json }} | |||||
{{ apache.vhostdir }}: | |||||
file.directory: | |||||
- makedirs: True | |||||
- require: | |||||
- pkg: apache | |||||
- watch_in: | |||||
- module: apache-restart | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
{% if grains['os_family']=="Debian" %} | |||||
/etc/apache2/envvars: | |||||
file.managed: | |||||
- template: jinja | |||||
- source: | |||||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/envvars-{{ apache.version }}.jinja | |||||
- require: | |||||
- pkg: apache | |||||
- watch_in: | |||||
- module: apache-restart | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
{{ apache.portsfile }}: | |||||
file.managed: | |||||
- template: jinja | |||||
- source: | |||||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/ports-{{ apache.version }}.conf.jinja | |||||
- require: | |||||
- pkg: apache | |||||
- watch_in: | |||||
- module: apache-restart | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
- context: | |||||
apache: {{ apache | json }} | |||||
{% endif %} | |||||
{% if grains['os_family']=="RedHat" %} | |||||
{{ apache.confdir }}/welcome.conf: | |||||
file.absent: | |||||
- require: | |||||
- pkg: apache | |||||
- watch_in: | |||||
- module: apache-restart | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
{% endif %} | |||||
{% if grains['os_family']=="Suse" or salt['grains.get']('os') == 'SUSE' %} | |||||
/etc/apache2/global.conf: | |||||
file.managed: | |||||
- template: jinja | |||||
- source: | |||||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/global.config.jinja | |||||
- require: | |||||
- pkg: apache | |||||
- watch_in: | |||||
- module: apache-restart | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
- context: | |||||
apache: {{ apache | json }} | |||||
{% endif %} | |||||
{% if grains['os_family']=="FreeBSD" %} | |||||
/usr/local/etc/{{ apache.service }}/envvars.d/by_salt.env: | |||||
file.managed: | |||||
- template: jinja | |||||
- source: | |||||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/envvars-{{ apache.version }}.jinja | |||||
- require: | |||||
- pkg: apache | |||||
- watch_in: | |||||
- module: apache-restart | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
{{ apache.portsfile }}: | |||||
file.managed: | |||||
- template: jinja | |||||
- source: | |||||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/ports-{{ apache.version }}.conf.jinja | |||||
- require: | |||||
- pkg: apache | |||||
- watch_in: | |||||
- module: apache-restart | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
- context: | |||||
apache: {{ apache | json }} | |||||
{% endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
{%- for site, cert in salt['pillar.get']('apache:sites', {}).items() %} | |||||
{%- if cert.SSLCertificateKeyFile is defined %} | |||||
apache_cert_config_clean_{{ site }}_key_file: | |||||
file.absent: | |||||
- name: {{ cert.SSLCertificateKeyFile }} | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} | |||||
{%- if cert.SSLCertificateFile is defined %} | |||||
apache_cert_config_clean_{{ site }}_cert_file: | |||||
file.absent: | |||||
- name: {{ cert.SSLCertificateFile }} | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} | |||||
{%- if cert.SSLCertificateChainFile is defined %} | |||||
apache_cert_config_clean_{{ site }}_bundle_file: | |||||
file.managed: | |||||
- name: {{ cert.SSLCertificateChainFile }} | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} | |||||
{%- endfor %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
include: | |||||
- .install |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
{%- for site, cert in salt['pillar.get']('apache:sites', {}).items() %} | |||||
{%- if cert.SSLCertificateKeyFile is defined and cert.SSLCertificateKeyFile_content is defined %} | |||||
apache_cert_config_install_{{ site }}_key_file: | |||||
file.managed: | |||||
- name: {{ cert.SSLCertificateKeyFile }} | |||||
- contents_pillar: apache:sites:{{ site }}:SSLCertificateKeyFile_content | |||||
- makedirs: True | |||||
- mode: 600 | |||||
- user: {{ apache.rootuser }} | |||||
- group: {{ apache.rootgroup }} | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} | |||||
{%- if cert.SSLCertificateFile is defined and cert.SSLCertificateFile_content is defined %} | |||||
apache_cert_config_install_{{ site }}_cert_file: | |||||
file.managed: | |||||
- name: {{ cert.SSLCertificateFile }} | |||||
- contents_pillar: apache:sites:{{ site }}:SSLCertificateFile_content | |||||
- makedirs: True | |||||
- mode: 600 | |||||
- user: {{ apache.rootuser }} | |||||
- group: {{ apache.rootgroup }} | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} | |||||
{%- if cert.SSLCertificateChainFile is defined and cert.SSLCertificateChainFile_content is defined %} | |||||
apache_cert_config_install_{{ site }}_bundle_file: | |||||
file.managed: | |||||
- name: {{ cert.SSLCertificateChainFile }} | |||||
- contents_pillar: apache:sites:{{ site }}:SSLCertificateChainFile_content | |||||
- makedirs: True | |||||
- mode: 600 | |||||
- user: {{ apache.rootuser }} | |||||
- group: {{ apache.rootgroup }} | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} | |||||
{%- endfor %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_clean = tplroot ~ '.service.clean' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- .modules.clean | |||||
- {{ sls_service_clean }} | |||||
apache-config-clean-file-absent: | |||||
file.absent: | |||||
- names: | |||||
- {{ apache.config }} | |||||
- {{ apache.logdir }} | |||||
- {{ apache.vhostdir }} | |||||
- /etc/apache2/envvars | |||||
# apache.portsfile | |||||
- /etc/apache2/global.conf | |||||
- /etc/httpd/conf.modules.d | |||||
- /etc/httpd/sites-enabled | |||||
- /etc/httpd/var | |||||
- {{ apache.confdir }}/server-status{{ apache.confext }} | |||||
- require: | |||||
- sls: {{ sls_service_clean }} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_config_registersite = tplroot ~ '.config.register_site' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains.os_family in ('Debian',) %} | |||||
include: | |||||
- {{ sls_package_install }} | |||||
- {{ sls_service_running }} | |||||
- {{ sls_config_registersite }} | |||||
extend: | |||||
apache-package-install-pkg-installed: | |||||
pkg: | |||||
- order: 175 | |||||
apache-service-running: | |||||
service: | |||||
- order: 455 | |||||
apache-service-running-reload: | |||||
module: | |||||
- order: 420 | |||||
apache-service-running-restart: | |||||
module: | |||||
- order: 425 | |||||
apache-config-debian-full-cmd-run: | |||||
cmd.run: | |||||
- name: a2dissite 000-default{{ apache.confext }} || true | |||||
- onlyif: test -f /etc/apache2/sites-enabled/000-default{{ apache.confext }} | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
file.absent: | |||||
- names: | |||||
- /etc/apache2/sites-available/{{ apache.default_site }} | |||||
- /etc/apache2/sites-available/{{ apache.default_site_ssl }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
{%- endif %} #END: os = debian |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-file-directory-logdir: | |||||
file.directory: | |||||
- name: {{ apache.logdir }} | |||||
- user: {{ apache.user }} | |||||
- group: {{ apache.group }} | |||||
- recurse: | |||||
- user | |||||
- group | |||||
- makedirs: True | |||||
- require: | |||||
- sls: {{ sls_package_install }} | |||||
- require_in: | |||||
- service: apache-service-running | |||||
apache-config-file-directory-vhostdir: | |||||
file.directory: | |||||
- name: {{ apache.vhostdir }} | |||||
- makedirs: True | |||||
- require: | |||||
- sls: {{ sls_package_install }} | |||||
- require_in: | |||||
- service: apache-service-running | |||||
apache-config-file-directory-moddir: | |||||
file.directory: | |||||
- name: {{ apache.moddir }} | |||||
- makedirs: True | |||||
- require: | |||||
- sls: {{ sls_package_install }} | |||||
- require_in: | |||||
- service: apache-service-running | |||||
{%- if apache.davlockdbdir %} | |||||
apache-config-file-directory-davlockdbdir: | |||||
file.directory: | |||||
- name: {{ apache.davlockdbdir }} | |||||
- makedirs: True | |||||
- user: {{ apache.user }} | |||||
- group: {{ apache.group }} | |||||
- recurse: | |||||
- user | |||||
- group | |||||
- require: | |||||
- sls: {{ sls_package_install }} | |||||
- require_in: | |||||
- service: apache-service-running | |||||
{%- endif %} | |||||
{%- if 'sitesdir' in apache and apache.sitesdir %} | |||||
apache-config-file-directory-sites-enabled: | |||||
file.directory: | |||||
- name: {{ apache.sitesdir }} | |||||
- makedirs: True | |||||
- require: | |||||
- sls: {{ sls_package_install }} | |||||
- require_in: | |||||
- service: apache-service-running | |||||
{%- endif %} | |||||
{%- if grains.os_family in ('Debian',) and 'confdir' in apache and apache.confdir %} | |||||
apache-config-file-directory-conf-enabled: | |||||
file.directory: | |||||
- name: {{ apache.confdir }} | |||||
- makedirs: True | |||||
- require: | |||||
- sls: {{ sls_package_install }} | |||||
- require_in: | |||||
- service: apache-service-running | |||||
{%- endif %} | |||||
apache-config-file-managed: | |||||
file.managed: | |||||
- name: {{ apache.config }} | |||||
- source: 'salt://apache/files/{{ grains.os_family }}/apache-{{ apache.version }}.config.jinja' | |||||
- mode: 644 | |||||
- user: {{ apache.rootuser }} | |||||
{%- if grains.kernel != 'Windows' %} | |||||
- group: {{ apache.rootgroup }} | |||||
{%- endif %} | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- require: | |||||
- sls: {{ sls_package_install }} | |||||
- context: | |||||
apache: {{ apache | json }} | |||||
{%- if grains.os_family in ('Debian', 'FreeBSD') %} | |||||
apache-config-file-managed-{{ grains.os }}-env: | |||||
file.managed: | |||||
- name: /etc/apache2/envvars | |||||
- source: 'salt://apache/files/{{ grains.os_family }}/envvars-{{ apache.version }}.jinja' | |||||
- mode: 644 | |||||
- user: {{ apache.rootuser }} | |||||
- group: {{ apache.rootgroup }} | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache | json }} | |||||
- require_in: | |||||
- file: apache-config-file-managed-{{ grains.os }}-ports | |||||
apache-config-file-managed-{{ grains.os }}-ports: | |||||
file.managed: | |||||
- name: {{ apache.portsfile }} | |||||
- source: salt://apache/files/{{ grains.os_family }}/ports-{{ apache.version }}.conf.jinja | |||||
- mode: 644 | |||||
- user: {{ apache.rootuser }} | |||||
- group: {{ apache.rootgroup }} | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache | json }} | |||||
{%- elif grains.os_family == "RedHat" %} | |||||
apache-config-file-absent-{{ grains.os }}: | |||||
file.absent: | |||||
- name: {{ apache.confdir }}/welcome.conf | |||||
{%- elif grains.os_family == "Suse" %} | |||||
apache-config-file-managed-{{ grains.os }}: | |||||
file.managed: | |||||
- name: /etc/apache2/global.conf | |||||
- source: 'salt://apache/files/Suse/global.config.jinja' | |||||
- mode: 644 | |||||
- user: {{ apache.rootuser }} | |||||
- group: {{ apache.rootgroup }} | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache | json }} | |||||
{%- else %} | |||||
apache-config-file-managed-skip: | |||||
test.show_notification: | |||||
- text: | | |||||
No configuration file to manage | |||||
{%- endif %} | |||||
- require: | |||||
- sls: {{ sls_package_install }} | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- service: apache-service-running |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %} | |||||
{%- if grains.os_family == 'Suse' %} | |||||
include: | |||||
- {{ sls_package_install }} | |||||
- {{ sls_service_running }} | |||||
{%- for flag in salt['pillar.get']('apache:flags:enabled', []) %} | |||||
apache-config-flags-{{ flag }}-cmd-a2en: | |||||
cmd.run: | |||||
- name: a2enflag {{ flag }} | |||||
- unless: egrep "^APACHE_SERVER_FLAGS=" /etc/sysconfig/apache2 |grep {{ flag }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endfor %} | |||||
{%- for flag in salt['pillar.get']('apache:flags:disabled', []) %} | |||||
apache-config-flags-{{ flag }}-a2dis: | |||||
cmd.run: | |||||
- name: a2disflag -f {{ flag }} | |||||
- onlyif: egrep "^APACHE_SERVER_FLAGS=" /etc/sysconfig/apache2 | grep {{ flag }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endfor %} | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
include: | |||||
- .file | |||||
# .modules.clean # disable (exclude from init state) | |||||
# .modules # enable by default (read pillars) | |||||
- .debian_full | |||||
- .flags | |||||
- .logrotate | |||||
- .manage_security | |||||
- .no_default_vhost | |||||
- .own_default_vhost | |||||
- .register_site | |||||
- .vhosts |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
apache-config-logrotate-file-managed: | |||||
file.managed: | |||||
- name: {{ apache.logrotatedir }} | |||||
- makedirs: True | |||||
- contents: | | |||||
{{ apache.logdir }}/*.log { | |||||
daily | |||||
missingok | |||||
rotate 14 | |||||
compress | |||||
delaycompress | |||||
notifempty | |||||
create 640 root adm | |||||
sharedscripts | |||||
postrotate | |||||
if /etc/init.d/{{ apache.service }} status >/dev/null; then \ | |||||
/etc/init.d/{{ apache.service }} reload >/dev/null; \ | |||||
fi; | |||||
endscript | |||||
prerotate | |||||
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ | |||||
run-parts /etc/logrotate.d/httpd-prerotate; \ | |||||
fi; \ | |||||
endscript | |||||
} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains.os_family in ('Debian', 'FreeBSD') %} | |||||
include: | |||||
- {{ sls_package_install }} | |||||
- {{ sls_service_running }} | |||||
apache-config-manage-security-{{ grains.os_family }}: | |||||
file.managed: | |||||
{%- if grains.os_family == "Debian" %} | |||||
- onlyif: test -f /etc/apache2/conf-available/security.conf | |||||
- name: /etc/apache2/conf-available/security.conf | |||||
{%- elif grains.os_family == "FreeBSD" %} | |||||
- name: {{ apache.confdir + '/security.conf' }} | |||||
{%- endif %} | |||||
- source: | |||||
- salt://apache/files/{{ grains.os_family }}/security.conf.jinja | |||||
- salt://apache/files/ssl/security.conf.jinja | |||||
- mode: 644 | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache | json }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_package_clean = tplroot ~ '.package.clean' %} | |||||
{%- set sls_service_dead = tplroot ~ '.service.clean' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_dead }} | |||||
{%- set existing_states = salt['cp.list_states']() %} | |||||
{%- for module in salt['pillar.get']('apache:modules:disabled', []) %} | |||||
apache-config-modules-{{ module }}-disable: | |||||
{%- if grains['os_family']=="Debian" %} | |||||
cmd.run: | |||||
- name: a2dismod -f {{ module }} | |||||
- onlyif: ls {{ apache.moddir }}/{{ module }}.load | |||||
{%- elif grains.os_family in ('Redhat', 'Arch') %} | |||||
cmd.run: | |||||
- name: find /etc/httpd/ -name '*.conf' -type f -exec sed -i -e 's/\(^\s*LoadModule.{{ module }}_module\)/#\1/g' {} \; | |||||
- onlyif: | |||||
- test -d /etc/httpd | |||||
- {{ grains.os_family in ('Arch',) and 'true' }} || (httpd -M 2> /dev/null |grep "[[:space:]]{{ module }}_module") | |||||
file.absent: | |||||
- name: /etc/httpd/conf.modules.d/*{{ module }}.conf | |||||
{%- elif salt['grains.get']('os_family') == 'Suse' %} | |||||
cmd.run: | |||||
- name: a2dismod {{ module }} | |||||
- onlyif: egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep {{ module }} | |||||
{%- else %} | |||||
test.show_notification: | |||||
- text: | | |||||
No {{ module }} module change | |||||
{%- endif %} | |||||
- order: 225 | |||||
- require: | |||||
- sls: {{ sls_service_dead }} | |||||
- require_in: | |||||
- pkg: apache-package-clean-pkg-removed | |||||
{%- endfor %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
include: | |||||
- .install | |||||
- .mod_rewrite | |||||
- .mod_proxy | |||||
- .mod_headers | |||||
{%- if 'osfinger' in grains and grains.osfinger not in ('Amazon Linux-2',) %} | |||||
- .mod_geoip | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_config_file = tplroot ~ '.config.file' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_config_file }} | |||||
{% set existing_states = salt['cp.list_states']() %} | |||||
{% for module in salt['pillar.get']('apache:modules:enabled', []) %} | |||||
apache-config-modules-{{ module }}-enable: | |||||
{% if grains['os_family']=="Debian" %} | |||||
cmd.run: | |||||
- name: a2enmod -f {{ module }} | |||||
- onlyif: ls {{ apache.moddir }}/{{ module }}.load | |||||
{% elif grains.os_family in ('RedHat', 'Arch') %} | |||||
cmd.run: | |||||
- name: find /etc/httpd/ -name '*.conf' -type f -exec sed -i -e 's/\(^#\)\(\s*LoadModule.{{ module }}_module\)/\2/g' {} \; | |||||
- onlyif: {{ grains.os_family in ('Arch',) and 'true' }} || (httpd -M 2> /dev/null |grep "[[:space:]]{{ module }}_module") | |||||
{% elif salt['grains.get']('os_family') == 'Suse' %} | |||||
cmd.run: | |||||
- name: a2enmod {{ module }} | |||||
- onlyif: egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 |grep {{ module }} | |||||
{% else %} | |||||
test.show_notification: | |||||
- text: | | |||||
No {{ module }} module change | |||||
{%- endif %} | |||||
- order: 225 | |||||
- require: | |||||
- sls: {{ sls_config_file }} | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
{%- endfor %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-modules-actions-cmd-run: | |||||
cmd.run: | |||||
- name: a2enmod actions | |||||
- unless: | |||||
- ls {{ apache.moddir }}/actions.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep actions | |||||
- order: 255 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains['os_family']=="FreeBSD" %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-modules-cgi-cmd-run: | |||||
file.managed: | |||||
- name: {{ apache.modulesdir }}/040_mod_cgi.conf | |||||
- source: salt://apache/files/FreeBSD/mod_cgi.conf.jinja | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- makedirs: True | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
- mode: 644 | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains['os_family'] == "Debian" %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-modules-dav_svn_pkg_installed: | |||||
pkg.installed: | |||||
- name: libapache2-mod-svn | |||||
apache-config-modules-dav_svn_cmd-run-a2en: | |||||
cmd.run: | |||||
- name: a2enmod dav_svn | |||||
- unless: ls {{ apache.moddir }}/dav_svn.load | |||||
- order: 255 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- pkg: apache-config-modules-dav_svn_pkg_installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
apache-config-modules-dav_svn_cmd-run-a2en-authz: | |||||
cmd.run: | |||||
- name: a2enmod authz_svn | |||||
- unless: ls {{ apache.moddir }}/authz_svn.load | |||||
- order: 255 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- pkg: apache-config-modules-dav_svn_pkg_installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains['os_family'] == "Debian" %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
- .mod_actions | |||||
apache-config-modules-fastcgi-pkg: | |||||
pkgrepo.managed: | |||||
- name: "deb http://ftp.us.debian.org/debian {{ grains['oscodename'] }}" | |||||
- file: /etc/apt/sources.list.d/non-free.list | |||||
- onlyif: grep Debian /proc/version >/dev/null 2>&1 | |||||
- comps: non-free | |||||
pkg.installed: | |||||
- name: {{ apache.mod_fastcgi }} | |||||
- order: 180 | |||||
- require: | |||||
- pkgrepo: apache-config-modules-fastcgi-pkg | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
apache-config-modules-fastcgi_cmd-run: | |||||
cmd.run: | |||||
- name: a2enmod fastcgi | |||||
- unless: ls {{ apache.moddir }}/fastcgi.load | |||||
- order: 225 | |||||
- require: | |||||
- pkg: mod-fastcgi | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-modules-fcgid-pkg: | |||||
pkg.installed: | |||||
- name: {{ apache.mod_fcgid }} | |||||
- order: 180 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
cmd.run: | |||||
- name: a2enmod fcgid | |||||
- order: 225 | |||||
- unless: ls {{ apache.moddir }}/fcgid.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' fcgid' | |||||
- require: | |||||
- pkg: apache-config-modules-fcgid-pkg | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if 'mod_geoip' in apache and 'finger' in grains and grains.osfinger not in ('Leap-42',) %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-modules-geoip-pkg: | |||||
pkg.installed: | |||||
- pkgs: | |||||
- {{ apache.mod_geoip }} | |||||
- {{ apache.mod_geoip_database }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- if grains['os_family']=="RedHat" %} | |||||
apache-config-modules-geoip-conf-file-managed: | |||||
file.managed: | |||||
- name: {{ apache.confdir }}/geoip.conf | |||||
- user: {{ apache.rootuser }} | |||||
- group: {{ apache.rootgroup }} | |||||
- makedirs: True | |||||
- mode: 644 | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- source: | |||||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/geoip.conf | |||||
apache-config-modules-geoip-db-file-managed: | |||||
file.managed: | |||||
- name: /usr/share/GeoIP/GeoIP.dat | |||||
- user: {{ apache.rootuser }} | |||||
- group: {{ apache.rootgroup }} | |||||
- makedirs: True | |||||
- mode: 644 | |||||
- source: | |||||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/GeoIP.dat | |||||
apache-config-modules-geoip-{{ grains.os_family }}-conf-file-managed: | |||||
file.managed: | |||||
- name: {{ apache.moddir }}/10-geoip.conf | |||||
- makedirs: True | |||||
- source: | |||||
- salt://apache/files/RedHat/conf.modules.d/10-geoip.conf.jinja | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- elif grains['os_family'] in ('Suse', 'Debian',) %} | |||||
apache-config-modules-geoip-cmd-run: | |||||
cmd.run: | |||||
- name: a2enmod geoip | |||||
- unless: ls {{ apache.moddir }}/geoip.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep geoip | |||||
- order: 255 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- pkg: apache-config-modules-geoip-pkg | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-modules-headers-pkg: | |||||
cmd.run: | |||||
- name: a2enmod headers | |||||
- unless: ls {{ apache.moddir }}/headers.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep headers | |||||
- order: 255 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-modules-logio-pkg: | |||||
cmd.run: | |||||
- name: a2enmod logio | |||||
- unless: ls {{ apache.moddir }}/logio.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep logio | |||||
- order: 255 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- set mpm_module = salt['pillar.get']('apache:mpm:module', 'mpm_prefork') %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
apache-config-modules-mpm-pkg: | |||||
cmd.run: | |||||
- name: a2enmod {{ mpm_module }} | |||||
- unless: ls {{ apache.moddir }}/{{ mpm_module }}.load | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
file.managed: | |||||
- name: /etc/apache2/mods-available/{{ mpm_module }}.conf | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- makedirs: True | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- source: | |||||
- salt://apache/files/Debian/mpm/{{ mpm_module }}.conf.jinja | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
# Deactivate the other mpm modules as a previous step | |||||
{%- for mod in ['mpm_prefork', 'mpm_worker', 'mpm_event'] if not mod == mpm_module %} | |||||
apache-config-modules-mpm-{{ mod }}-cmd-run: | |||||
cmd.run: | |||||
- name: a2dismod {{ mod }} | |||||
- onlyif: ls {{ apache.moddir }}/{{ mod }}.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' {{ mod }}' | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- require_in: | |||||
- cmd: a2enmod {{ mpm_module }} | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endfor %} | |||||
{%- elif grains['os_family']=="RedHat" %} | |||||
apache-config-modules-mpm-{{ grains.os_family }}-conf-file-managed: | |||||
file.managed: | |||||
- name: {{ apache.moddir }}/00-mpm.conf | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- makedirs: True | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- source: | |||||
- salt://apache/files/RedHat/conf.modules.d/00-{{ mpm_module }}.conf.jinja | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- set pagespeed_module = salt['pillar.get']('apache:pagespeed:module', 'pagespeed_prefork') %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
apache-config-modules-pagespeed-pkg: | |||||
pkg.installed: | |||||
- name: {{ apache.mod_pagespeed }} | |||||
- sources: | |||||
- mod-pagespeed-stable: {{ apache.mod_pagespeed_source }} | |||||
cmd.run: | |||||
- name: a2enmod pagespeed | |||||
- unless: ls {{ apache.moddir }}/pagespeed.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep pagespeed | |||||
- order: 255 | |||||
- require: | |||||
- pkg: apache-config-modules-pagespeed-pkg | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- for dir in ['/var/cache/mod_pagespeed', '/var/log/pagespeed'] %} | |||||
apache-config-modules-pagespeed-{{ dir }}-file-directory: | |||||
file.directory | |||||
- name: {{ dir }} | |||||
- makedirs: true | |||||
- user: {{ apache.user }} | |||||
- group: {{ apache.group }} | |||||
- require: | |||||
- pkg: apache-config-modules-pagespeed-pkg | |||||
- user: {{ apache.user }} | |||||
- group: {{ apache.group }} | |||||
{%- endfor %} | |||||
# Here we hardcode a logrotate entry to take care of the logs | |||||
apache-config-modules-pagespeed-logrotate-file-managed: | |||||
file.managed: | |||||
- name: /etc/logrotate.d/pagespeed | |||||
- contents: | | |||||
/var/log/pagespeed/*.log { | |||||
weekly | |||||
missingok | |||||
rotate 52 | |||||
compress | |||||
delaycompress | |||||
notifempty | |||||
sharedscripts | |||||
postrotate | |||||
if /etc/init.d/apache2 status > /dev/null ; then \ | |||||
/etc/init.d/apache2 reload > /dev/null; \ | |||||
fi; | |||||
endscript | |||||
} | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-modules-perl-pkg: | |||||
pkg.installed: | |||||
- name: {{ apache.mod_perl2 }} | |||||
- order: 180 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
cmd.run: | |||||
- name: a2enmod perl | |||||
- unless: ls {{ apache.moddir }}/perl.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' perl' | |||||
- order: 225 | |||||
- require: | |||||
- pkg: apache-config-modules-perl-pkg | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- elif grains['os_family']=="FreeBSD" %} | |||||
file.managed: | |||||
- name: {{ apache.modulesdir }}/260_mod_perl.conf | |||||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_perl.conf.jinja | |||||
- mode: 644 | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-modules-php5-pkg: | |||||
pkg.installed: | |||||
- name: {{ apache.mod_php5 }} | |||||
- order: 180 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
cmd.run: | |||||
- name: a2enmod php5 | |||||
- unless: ls {{ apache.moddir }}/php5.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' php5' | |||||
- order: 225 | |||||
- require: | |||||
- pkg: mod-php5 | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- if 'apache' in pillar and 'php-ini' in pillar['apache'] %} | |||||
file.managed: | |||||
- name: /etc/php5/apache2/php.ini | |||||
- source: {{ pillar['apache']['php-ini'] }} | |||||
- order: 225 | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- pkg: apache-config-modules-php5-pkg | |||||
{%- endif %} | |||||
{%- elif grains['os_family']=="FreeBSD" %} | |||||
file.managed: | |||||
- name: {{ apache.modulesdir }}/050_mod_php5.conf | |||||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_php5.conf.jinja | |||||
- mode: 644 | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- elif grains['os_family']=="Suse" %} | |||||
file.replace: | |||||
- name: /etc/sysconfig/apache2 | |||||
- unless: grep '^APACHE_MODULES=.*php5' /etc/sysconfig/apache2 | |||||
- pattern: '^APACHE_MODULES=(.*)"' | |||||
- repl: 'APACHE_MODULES=\1 php5"' | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
apache-config-modules-proxy-pkg: | |||||
cmd.run: | |||||
- name: a2enmod proxy | |||||
- unless: ls {{ apache.moddir }}/proxy.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' proxy' | |||||
- order: 225 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- elif grains['os_family']=="FreeBSD" %} | |||||
apache-config-modules-proxy-file-managed: | |||||
file.managed: | |||||
- name: {{ apache.modulesdir }}/040_mod_proxy.conf | |||||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_proxy.conf.jinja | |||||
- mode: 644 | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
- .mod_proxy | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
apache-config-modules-proxy_ajp-pkg: | |||||
cmd.run: | |||||
- name: a2enmod proxy_ajp | |||||
- unless: ls {{ apache.moddir }}/proxy_ajp.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep proxy_ajp | |||||
- order: 225 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
# cmd: a2enmod proxy | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- elif grains['os_family']=="FreeBSD" %} | |||||
apache-config-modules-proxy_ajp-file-managed: | |||||
file.managed: | |||||
- name: {{ apache.modulesdir }}/040_mod_proxy_ajp.conf | |||||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_proxy_ajp.conf.jinja | |||||
- mode: 644 | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
- .mod_proxy | |||||
apache-config-modules-proxy_fcgi-pkg: | |||||
cmd.run: | |||||
- name: a2enmod proxy_fcgi | |||||
- unless: ls {{ apache.moddir }}/proxy_fcgi.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep proxy_fcgi | |||||
- order: 225 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
# cmd: a2enmod proxy | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
- .mod_proxy | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
apache-config-modules-proxy_http-pkg: | |||||
cmd.run: | |||||
- name: a2enmod proxy_http | |||||
- unless: ls {{ apache.moddir }}/proxy_http.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep proxy_http | |||||
- order: 225 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
# cmd: a2enmod proxy | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- elif grains['os_family']=="FreeBSD" %} | |||||
apache-config-modules-proxy_http-file-managed: | |||||
file.managed: | |||||
- name: {{ apache.modulesdir }}/040_mod_proxy_http.conf | |||||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_proxy_http.conf.jinja | |||||
- mode: 644 | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
apache-config-modules-remoteip-cmd-run-mod-a2en: | |||||
cmd.run: | |||||
- name: a2enmod remoteip | |||||
- unless: ls {{ apache.moddir }}/remoteip.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep remoteip | |||||
- order: 255 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
apache-config-modules-remoteip-cmd-run-conf: | |||||
cmd.run: | |||||
- name: a2enconf remoteip | |||||
- unless: ls /etc/apache2/conf-enabled/remoteip.conf | |||||
- order: 255 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
file.managed: | |||||
- name: /etc/apache2/conf-available/remoteip.conf | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- makedirs: True | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- source: | |||||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/conf-available/remoteip.conf.jinja | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
- cmd: apache-config-modules-remoteip-cmd-run-conf | |||||
{%- elif grains['os_family']=="RedHat" %} | |||||
apache-config-modules-remoteip-file-managed-conf: | |||||
file.managed: | |||||
- name: /etc/httpd/conf.d/remoteip.conf | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- makedirs: True | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- source: | |||||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/conf.modules.d/remoteip.conf.jinja | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
{%- if grains['os_family'] in ('Debian', 'Suse') %} | |||||
apache-config-modules-rewrite-cmd-run-mod: | |||||
cmd.run: | |||||
- name: a2enmod rewrite | |||||
- unless: ls {{ apache.moddir }}/rewrite.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep rewrite | |||||
- order: 225 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- elif grains['os_family']=="FreeBSD" %} | |||||
apache-config-modules-rewrite-file-managed-conf: | |||||
file.managed: | |||||
- name: {{ apache.modulesdir }}/040_mod_rewrite.conf | |||||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_rewrite.conf.jinja | |||||
- mode: 644 | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
{%- if grains.os_family not in ('Arch',) %} | |||||
apache-config-modules-security-pkg: | |||||
pkg.installed: | |||||
- name: {{ apache.mod_security.package }} | |||||
- order: 180 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- if apache.mod_security.crs_install and 'crs_package' in apache.mod_security %} | |||||
apache-config-modules-security-crs-pkg: | |||||
pkg.installed: | |||||
- name: {{ apache.mod_security.crs_package }} | |||||
- order: 180 | |||||
- require: | |||||
- pkg: apache-config-modules-security-pkg | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} | |||||
{%- if apache.mod_security.manage_config and 'config_file' in apache.mod_security %} | |||||
apache-config-modules-security-main-config-file-managed: | |||||
file.managed: | |||||
- name: {{ apache.mod_security.config_file }} | |||||
- order: 220 | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- source: | |||||
- {{ 'salt://apache/files/' ~ salt['grains.get']('os_family') ~ '/modsecurity.conf.jinja' }} | |||||
- context: {{ apache.mod_security|json }} | |||||
- require: | |||||
- pkg: apache-config-modules-security-pkg | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
apache-config-modules-security-cmd-run-a2en-security2: | |||||
cmd.run: | |||||
- name: a2enmod security2 | |||||
- unless: ls {{ apache.moddir }}/security2.load && ls {{ apache.moddir }}/security2.conf | |||||
- order: 225 | |||||
{%- elif grains.os_family in ('Redhat',) %} | |||||
apache-config-modules-security-file-directory-modsecurity: | |||||
file.directory: | |||||
- name: /etc/httpd/modsecurity.d | |||||
{%- endif %} | |||||
- require: | |||||
- pkg: apache-config-modules-security-pkg | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
- apache.mod_security | - apache.mod_security | ||||
{%- for rule_name, rule_details in mod_security.get('rules', {}).items() %} | {%- for rule_name, rule_details in mod_security.get('rules', {}).items() %} | ||||
{% set rule_set = rule_details.get('rule_set', '') %} | |||||
{% set enabled = rule_details.get('enabled', False ) %} | |||||
{%- set rule_set = rule_details.get('rule_set', '') %} | |||||
{%- set enabled = rule_details.get('enabled', False ) %} | |||||
{%- if enabled %} | {%- if enabled %} | ||||
/etc/modsecurity/{{ rule_name }}: | /etc/modsecurity/{{ rule_name }}: | ||||
file.symlink: | file.symlink: | ||||
- target: /usr/share/modsecurity-crs/{{ rule_set }}/{{ rule_name }} | - target: /usr/share/modsecurity-crs/{{ rule_set }}/{{ rule_name }} | ||||
- user: root | |||||
- group: root | |||||
- user: {{ apache.rootuser }} | |||||
- group: {{ apache.rootgroup }} | |||||
- mode: 755 | - mode: 755 | ||||
{%- else %} | {%- else %} | ||||
/etc/modsecurity/{{ rule_name }}: | /etc/modsecurity/{{ rule_name }}: | ||||
{%- endfor %} | {%- endfor %} | ||||
{%- for custom_rule, custom_rule_details in mod_security.get('custom_rule_files', {}).items() %} | {%- for custom_rule, custom_rule_details in mod_security.get('custom_rule_files', {}).items() %} | ||||
{% set file = custom_rule_details.get('file', None) %} | |||||
{% set path = custom_rule_details.get('path', None) %} | |||||
{% set enabled = custom_rule_details.get('enabled', False ) %} | |||||
{%- set file = custom_rule_details.get('file', None) %} | |||||
{%- set path = custom_rule_details.get('path', None) %} | |||||
{%- set enabled = custom_rule_details.get('enabled', False ) %} | |||||
{%- if enabled %} | {%- if enabled %} | ||||
/etc/modsecurity/{{ file }}: | /etc/modsecurity/{{ file }}: | ||||
file.managed: | file.managed: | ||||
- source: {{ path }} | - source: {{ path }} | ||||
- user: root | |||||
- group: root | |||||
- user: {{ apache.rootuser }} | |||||
- group: {{ apache.rootgroup }} | |||||
- mode: 755 | - mode: 755 | ||||
- makedirs: True | |||||
{%- else %} | {%- else %} | ||||
/etc/modsecurity/{{ file }}: | /etc/modsecurity/{{ file }}: | ||||
file.absent: | file.absent: | ||||
{%- endif %} | {%- endif %} | ||||
{%- endfor %} | {%- endfor %} | ||||
{% endif %} | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains['os_family']=="FreeBSD" %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-modules-socache_shmcb-file-managed: | |||||
file.managed: | |||||
- name: {{ apache.modulesdir }}/009_mod_socache_shmcb.conf | |||||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/generic_module.conf.jinja | |||||
- mode: 644 | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
- context: | |||||
module_name: socache_shmcb | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
{%- if grains['os_family'] in ('Debian', 'Suse') %} | |||||
apache-config-modules-ssl-cmd-run: | |||||
cmd.run: | |||||
- name: a2enmod ssl | |||||
- unless: ls {{ apache.moddir }}/ssl.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' ssl' | |||||
- order: 225 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
file.managed: | |||||
- name: /etc/apache2/mods-available/ssl.conf | |||||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/ssl.conf.jinja | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- mode: 644 | |||||
- makedirs: True | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
{%- elif grains['os_family']=="RedHat" %} | |||||
apache-config-modules-ssl-pkg: | |||||
pkg.installed: | |||||
- name: {{ apache.pkg.mod_ssl }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
file.absent: | |||||
- name: {{ apache.confdir }}/ssl.conf | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- elif grains['os_family']=="FreeBSD" %} | |||||
- .mod_ssl | |||||
apache-config-modules-ssl-file-managed: | |||||
file.managed: | |||||
- name: {{ apache.modulesdir }}/010_mod_ssl.conf | |||||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_ssl.conf.jinja | |||||
- mode: 644 | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} | |||||
apache-config-modules-ssl-file-managed-tls-defaults: | |||||
{%- if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %} | |||||
file.managed: | |||||
- name: {{ apache.confdir }}/tls-defaults.conf | |||||
- source: salt://apache/files/ssl/tls-defaults.conf.jinja | |||||
- mode: 644 | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
{%- else %} | |||||
file.absent: | |||||
- name: {{ apache.confdir }}/tls-defaults.conf | |||||
{%- endif %} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- if grains['os_family'] in ('Debian',) %} | |||||
apache-config-modules-ssl-cmd-run-debian-tls-defaults: | |||||
cmd.run: | |||||
{%- if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %} | |||||
- name: a2enconf tls-defaults | |||||
- unless: test -L /etc/apache2/conf-enabled/tls-defaults.conf | |||||
{%- else %} | |||||
- name: a2disconf tls-defaults | |||||
- onlyif: test -L /etc/apache2/conf-enabled/tls-defaults.conf | |||||
{%- endif %} | |||||
- order: 225 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- file: {{ apache.confdir }}/tls-defaults.conf | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_package_install }} | |||||
apache-config-server-status: | |||||
file.managed: | |||||
- name: {{ apache.confdir }}/server-status{{ apache.confext }} | |||||
- source: 'salt://apache/files/server-status.conf.jinja' | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- makedirs: True | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- if grains['os_family'] == "Debian" %} | |||||
apache-config-server-status-file-directory: | |||||
file.directory: | |||||
- name: /etc/apache2/conf-enabled | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
apache-config-server-status-cmd-run: | |||||
cmd.run: | |||||
- name: a2enconf server-status | |||||
- unless: 'test -L /etc/apache2/conf-enabled/server-status.conf' | |||||
- order: 225 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- file: apache-config-server-status | |||||
- file: apache-config-server-status-file-directory | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains['os_family']=="FreeBSD" %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-modules-suexec-file-managed: | |||||
file.managed: | |||||
- name: {{ apache.modulesdir }}/040_mod_suexec.conf | |||||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_suexec.conf.jinja | |||||
- mode: 644 | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-modules-upload_progress-pkg: | |||||
pkg.installed | |||||
- name: {{ apache.mod_upload_progress }} | |||||
cmd.run: | |||||
- name: a2enmod upload_progress | |||||
- unless: ls {{ apache.moddir }}/upload_progress.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep upload_progress | |||||
- order: 255 | |||||
- require: | |||||
- pkg: apache-config-modules-upload_progress-pkg | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-modules-vhost_alias-cmd-run: | |||||
cmd.run: | |||||
- name: a2enmod vhost_alias | |||||
- unless: ls {{ apache.moddir }}/vhost_alias.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep vhost_alias | |||||
- order: 225 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-modules-wsgi-pkg: | |||||
pkg.installed: | |||||
- name: {{ apache.pkg.mod_wsgi }} | |||||
- require: | |||||
- pkg: apache | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- if 'conf_mod_wsgi' in apache %} | |||||
file.uncomment: | |||||
- name: {{ apache.conf_mod_wsgi }} | |||||
- regex: LoadModule | |||||
- onlyif: test -f {{ apache.conf_mod_wsgi }} | |||||
- require: | |||||
- pkg: apache-config-modules-wsgi-pkg | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
- {{ sls_package_install }} | |||||
apache-config-xsendfile-pkg: | |||||
pkg.installed: | |||||
- name: {{ apache.mod_xsendfile }} | |||||
- order: 180 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||||
cmd.run: | |||||
- name: a2enmod xsendfile | |||||
- order: 225 | |||||
- unless: ls {{ apache.moddir }}/xsendfile.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep xsendfile | |||||
- require: | |||||
- pkg: apache-config-xsendfile-pkg | |||||
- watch_in: | |||||
- module: apache-service-running-restart | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
mod_status.sls |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains.os_family == "Debian" %} | |||||
include: | |||||
- {{ sls_package_install }} | |||||
- {{ sls_service_running }} | |||||
apache-config-default-vhost: | |||||
cmd.run: | |||||
- name: a2dissite 000-default.conf || true | |||||
- unless: test ! -f /etc/apache2/sites-enabled/000-default.conf | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains.os_family == "Debian" %} | |||||
include: | |||||
- {{ sls_package_install }} | |||||
- {{ sls_service_running }} | |||||
apache-config-own-default-vhost: | |||||
file.managed: | |||||
- name: {{ apache.vhostdir }}/000-default.conf | |||||
- source: salt://apache/files/Debian/sites-available/000-default.conf | |||||
- makedirs: True | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains.os_family == "Debian" %} | |||||
include: | |||||
- {{ sls_package_install }} | |||||
- {{ sls_service_running }} | |||||
apache-config-register-site-file-directory: | |||||
file.directory: | |||||
- name: {{ apache.sitesdir }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
{%- if 'apache' in pillar and 'register-site' in pillar['apache'] %} | |||||
{%- for site in pillar['apache']['register-site'] %} | |||||
{%- if 'name' in pillar['apache']['register-site'][site] and 'state' in pillar['apache']['register-site'][site] %} | |||||
{%- if 'path' in pillar['apache']['register-site'][site] %} | |||||
{%- if pillar['apache']['register-site'][site]['state'] == 'enabled' %} | |||||
{%- set a2modid = "a2ensite " ~ pillar['apache']['register-site'][site]['name'] ~ apache.confext %} | |||||
{%- else %} | |||||
{%- set a2modid = "a2dissite " ~ pillar['apache']['register-site'][site]['name'] ~ apache.confext %} | |||||
{%- endif %} | |||||
apache-config-register-site-{{ a2modid }}: | |||||
cmd.run: | |||||
- name: {{ a2modid }} | |||||
{%- if pillar['apache']['register-site'][site]['state'] == 'enabled' %} | |||||
- unless: test -f /etc/apache2/sites-enabled/{{ pillar['apache']['register-site'][site]['name'] }}{{ apache.confext }} | |||||
{%- else %} | |||||
- onlyif: test -f /etc/apache2/sites-enabled/{{ pillar['apache']['register-site'][site]['name'] }}{{ apache.confext }} | |||||
{%- endif %} | |||||
- order: 230 | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- file: apache-config-register-site-file-managed | |||||
- file: apache-config-register-site-file-directory | |||||
- watch: | |||||
- file: apache-config-register-site-file-managed | |||||
apache-config-register-site-file-managed: | |||||
file.managed: | |||||
- name: /etc/apache2/sites-available/{{ pillar['apache']['register-site'][site]['name'] }}{{ apache.confext }} | |||||
- source: {{ pillar['apache']['register-site'][site]['path'] }} | |||||
- order: 225 | |||||
- makedirs: True | |||||
- user: {{ apache.rootuser }} | |||||
- group: {{ apache.rootgroup }} | |||||
- mode: 775 | |||||
{%- if 'template' in pillar['apache']['register-site'][site] and 'defaults' in pillar['apache']['register-site'][site] %} | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- defaults: | |||||
{%- for key, value in pillar['apache']['register-site'][site]['defaults'].items() %} | |||||
{{ key }}: {{ value }} | |||||
{%- endfor %} | |||||
{%- endif %} | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module; apache-service-running-reload | |||||
cmd.run: | |||||
- name: echo dummy state to workaround requisite issue >/dev/null 2>&1 | |||||
- require_in: | |||||
- file: apache-config-register-site-file-managed | |||||
{%- endif %} | |||||
{%- endif %} | |||||
{%- endfor %} | |||||
{%- endif %} #END: apache-service-running-register-site | |||||
{%- endif %} #END: grains['os_family'] == debian |
cleanup.sls |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
{%- if grains.os_family == 'Debian' %} | |||||
include: | |||||
- {{ sls_service_running }} | |||||
{%- set dirpath = '/etc/apache2/sites-enabled' %} | |||||
{# Add . and .. to make it easier to not clean those #} | |||||
{%- set valid_sites = ['.', '..', ] %} | |||||
{# Take sites from apache.vhosts.standard #} | |||||
{%- for id, site in salt['pillar.get']('apache:sites', {}).items() %} | |||||
{%- do valid_sites.append('{}{}'.format(id, apache.confext)) %} | |||||
{%- endfor %} | |||||
{# Take sites from apache.register_site #} | |||||
{%- for id, site in salt['pillar.get']('apache:register-site', {}).items() %} | |||||
{%- do valid_sites.append('{}{}'.format(site.name, apache.confext)) %} | |||||
{%- endfor %} | |||||
{%- if salt['file.directory_exists'](dirpath) %} | |||||
{%- for filename in salt['file.readdir'](dirpath) %} | |||||
{%- if filename not in valid_sites %} | |||||
apache-config-vhosts-cleanup-{{ filename }}-cmd-run: | |||||
cmd.run: | |||||
- name: a2dissite {{ filename }} || true | |||||
- onlyif: "test -L {{ dirpath }}/{{ filename }} || test -f {{ dirpath }}/{{ filename }}" | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
{%- endif %} | |||||
{%- endfor %} | |||||
{%- endif %} | |||||
{%- endif %}{# Debian #} |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
include: | |||||
- .standard |
# This file is managed by Salt! Do not edit by hand! | # This file is managed by Salt! Do not edit by hand! | ||||
# | # | ||||
{# Define default values here so the template below can just focus on layout #} | {# Define default values here so the template below can just focus on layout #} | ||||
{% from "apache/map.jinja" import apache with context %} | |||||
{% set sitename = site.get('ServerName', id) %} | {% set sitename = site.get('ServerName', id) %} | ||||
{% set vals = { | {% set vals = { | ||||
'interfaces': site.get('interface', '*').split(), | 'interfaces': site.get('interface', '*').split(), | ||||
'Require': 'all granted', | 'Require': 'all granted', | ||||
}, | }, | ||||
} %} | } %} | ||||
<VirtualHost {%- for intf in vals.interfaces %} {{ intf }}:{{ vals.port }}{% endfor -%}> | |||||
<VirtualHost {% for intf in vals.interfaces %} {{ intf }}:{{ vals.port }}{% endfor -%}> | |||||
ServerName {{ vals.ServerName }} | ServerName {{ vals.ServerName }} | ||||
{% if site.get('ServerAlias') != False %}ServerAlias {{ vals.ServerAlias }}{% endif %} | {% if site.get('ServerAlias') != False %}ServerAlias {{ vals.ServerAlias }}{% endif %} | ||||
{% if site.get('ServerAdmin') != False %}ServerAdmin {{ vals.ServerAdmin }}{% endif %} | {% if site.get('ServerAdmin') != False %}ServerAdmin {{ vals.ServerAdmin }}{% endif %} | ||||
ProxyPassReverse {{ proxyvals.ProxyPassReverseSource }} {{ proxyvals.ProxyPassReverseTarget }} | ProxyPassReverse {{ proxyvals.ProxyPassReverseSource }} {{ proxyvals.ProxyPassReverseTarget }} | ||||
{% endfor %} | {% endfor %} | ||||
{%- for path, loc in site.get('Location', {}).items() %} | |||||
{%- set lvals = { | |||||
{% for path, loc in site.get('Location', {}).items() %} | |||||
{% set lvals = { | |||||
'Order': loc.get('Order', vals.Location.Order), | 'Order': loc.get('Order', vals.Location.Order), | ||||
'Allow': loc.get('Allow', vals.Location.Allow), | 'Allow': loc.get('Allow', vals.Location.Allow), | ||||
'Require': loc.get('Require', vals.Location.Require), | 'Require': loc.get('Require', vals.Location.Require), | ||||
} %} | } %} | ||||
<Location "{{ path }}"> | <Location "{{ path }}"> | ||||
{% if apache.version == '2.4' %} | {% if apache.version == '2.4' %} | ||||
{%- if lvals.get('Require') != False %}Require {{ lvals.Require }}{% endif %} | |||||
{% if lvals.get('Require') != False %}Require {{ lvals.Require }}{% endif %} | |||||
{% else %} | {% else %} | ||||
{%- if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %} | |||||
{%- if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %} | |||||
{% if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %} | |||||
{% if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %} | |||||
{% endif %} | {% endif %} | ||||
{%- if loc.get('Formula_Append') %} {{ loc.Formula_Append|indent(8) }} {% endif %} | |||||
{% if loc.get('Formula_Append') %} {{ loc.Formula_Append|indent(8) }} {% endif %} | |||||
</Location> | </Location> | ||||
{% endfor %} | {% endfor %} | ||||
{%- for regpath, locmat in site.get('LocationMatch', {}).items() %} | |||||
{%- set lmvals = { | |||||
{% for regpath, locmat in site.get('LocationMatch', {}).items() %} | |||||
{% set lmvals = { | |||||
'Order': locmat.get('Order', vals.LocationMatch.Order), | 'Order': locmat.get('Order', vals.LocationMatch.Order), | ||||
'Allow': locmat.get('Allow', vals.LocationMatch.Allow), | 'Allow': locmat.get('Allow', vals.LocationMatch.Allow), | ||||
'Require': locmat.get('Require', vals.LocationMatch.Require), | 'Require': locmat.get('Require', vals.LocationMatch.Require), | ||||
} %} | } %} | ||||
<LocationMatch "{{ regpath }}"> | <LocationMatch "{{ regpath }}"> | ||||
{% if apache.version == '2.4' %} | {% if apache.version == '2.4' %} | ||||
{%- if lmvals.get('Require') != False %}Require {{ lmvals.Require }}{% endif %} | |||||
{% if lmvals.get('Require') != False %}Require {{ lmvals.Require }}{% endif %} | |||||
{% else %} | {% else %} | ||||
{%- if lmvals.get('Order') != False %}Order {{ lmvals.Order }}{% endif %} | |||||
{%- if lmvals.get('Allow') != False %}Allow {{ lmvals.Allow }}{% endif %} | |||||
{% if lmvals.get('Order') != False %}Order {{ lmvals.Order }}{% endif %} | |||||
{% if lmvals.get('Allow') != False %}Allow {{ lmvals.Allow }}{% endif %} | |||||
{% endif %} | {% endif %} | ||||
{%- if locmat.get('Formula_Append') %} {{ locmat.Formula_Append|indent(8) }} {% endif %} | |||||
{% if locmat.get('Formula_Append') %} {{ locmat.Formula_Append|indent(8) }} {% endif %} | |||||
</LocationMatch> | </LocationMatch> | ||||
{% endfor %} | {% endfor %} | ||||
{%- for proxypath, prox in site.get('Proxy_control', {}).items() %} | |||||
{%- set proxvals = { | |||||
{% for proxypath, prox in site.get('Proxy_control', {}).items() %} | |||||
{% set proxvals = { | |||||
'AllowAll': prox.get('AllowAll', vals.AllowAll), | 'AllowAll': prox.get('AllowAll', vals.AllowAll), | ||||
'AllowCountry': prox.get('AllowCountry', vals.AllowCountry), | 'AllowCountry': prox.get('AllowCountry', vals.AllowCountry), | ||||
'AllowIP': prox.get('AllowIP', vals.AllowIP), | 'AllowIP': prox.get('AllowIP', vals.AllowIP), | ||||
} %} | } %} | ||||
<Proxy "{{ proxypath }}"> | <Proxy "{{ proxypath }}"> | ||||
{%- if proxvals.get('AllowAll') != False %} | |||||
{% if proxvals.get('AllowAll') != False %} | |||||
Require all granted | Require all granted | ||||
{%- else %} | |||||
{% else %} | |||||
{% if proxvals.get('AllowCountry') != False %}{% set country_list = proxvals.get('AllowCountry', {}) %}GeoIPEnable On | {% if proxvals.get('AllowCountry') != False %}{% set country_list = proxvals.get('AllowCountry', {}) %}GeoIPEnable On | ||||
{% for every_country in country_list %}SetEnvIf GEOIP_COUNTRY_CODE {{ every_country }} AllowCountry | {% for every_country in country_list %}SetEnvIf GEOIP_COUNTRY_CODE {{ every_country }} AllowCountry | ||||
{% endfor %}Require env AllowCountry {% endif %} | {% endfor %}Require env AllowCountry {% endif %} | ||||
{% if proxvals.get('AllowIP') is defined %} {% set ip_list = proxvals.get('AllowIP', {}) %} | {% if proxvals.get('AllowIP') is defined %} {% set ip_list = proxvals.get('AllowIP', {}) %} | ||||
Require ip {% for every_ip in ip_list %}{{ every_ip }} {% endfor %} {% endif %} | Require ip {% for every_ip in ip_list %}{{ every_ip }} {% endfor %} {% endif %} | ||||
{%- endif %} | |||||
{% endif %} | |||||
</Proxy> | </Proxy> | ||||
{%- endfor %} | |||||
{% endfor %} | |||||
{% if site.get('Formula_Append') %} | {% if site.get('Formula_Append') %} | ||||
{{ site.Formula_Append|indent(4) }} | {{ site.Formula_Append|indent(4) }} | ||||
{% endif %} | {% endif %} |
# This file is managed by Salt! Do not edit by hand! | # This file is managed by Salt! Do not edit by hand! | ||||
# | # | ||||
{# Define default values here so the template below can just focus on layout #} | {# Define default values here so the template below can just focus on layout #} | ||||
{%- from "apache/map.jinja" import apache with context %} | |||||
{%- set sitename = site.get('ServerName', id) %} | {%- set sitename = site.get('ServerName', id) %} | ||||
{%- set vals = { | {%- set vals = { |
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||||
include: | |||||
- {{ sls_package_install }} | |||||
- {{ sls_service_running }} | |||||
{%- for id, site in salt['pillar.get']('apache:sites', {}).items() %} | |||||
{%- set documentroot = site.get('DocumentRoot', '{0}/{1}'.format(apache.wwwdir, site.get('ServerName', id))) %} | |||||
apache-config-vhosts-standard-{{ id }}: | |||||
file.managed: | |||||
- name: {{ apache.vhostdir }}/{{ id }}{{ apache.confext }} | |||||
- source: {{ site.get('template_file', 'salt://apache/config/vhosts/standard.tmpl') }} | |||||
- template: {{ apache.get('template_engine', 'jinja') }} | |||||
- makedirs: True | |||||
- context: | |||||
apache: {{ apache|json }} | |||||
id: {{ id|json }} | |||||
site: {{ site|json }} | |||||
map: {{ apache|json }} | |||||
- require: | |||||
- pkg: apache-package-install-pkg-installed | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- if site.get('DocumentRoot') != False %} | |||||
apache-config-vhosts-standard-{{ id }}-docroot: | |||||
file.directory: | |||||
- name: {{ documentroot }} | |||||
- makedirs: True | |||||
- user: {{ site.get('DocumentRootUser', apache.get('document_root_user'))|json or apache.user }} | |||||
- group: {{ site.get('DocumentRootGroup', apache.get('document_root_group'))|json or apache.group }} | |||||
- allow_symlink: True | |||||
{%- endif %} | |||||
{%- if grains.os_family == 'Debian' %} | |||||
{%- if site.get('enabled', True) %} | |||||
apache-config-vhosts-standard-{{ id }}-cmd-run-a2en: | |||||
cmd.run: | |||||
- name: a2ensite {{ id }}{{ apache.confext }} | |||||
- unless: test -f /etc/apache2/sites-enabled/{{ id }}{{ apache.confext }} | |||||
- require: | |||||
- file: apache-config-vhosts-standard-{{ id }} | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- else %} | |||||
apache-config-vhosts-standard-{{ id }}-cmd-run-a2dis: | |||||
cmd.run: | |||||
- name: a2dissite {{ id }}{{ apache.confext }}: | |||||
- onlyif: test -f /etc/apache2/sites-enabled/{{ id }}{{ apache.confext }} | |||||
- require: | |||||
- file: apache-config-vhosts-standard-{{ id }} | |||||
- watch_in: | |||||
- module: apache-service-running-reload | |||||
- require_in: | |||||
- module: apache-service-running-restart | |||||
- module: apache-service-running-reload | |||||
- service: apache-service-running | |||||
{%- endif %} | |||||
{%- endif %} {# Debian #} | |||||
{%- endfor %} |
# This file is managed by Salt! Do not edit by hand! | # This file is managed by Salt! Do not edit by hand! | ||||
# | # | ||||
{# Define default values here so the template below can just focus on layout #} | {# Define default values here so the template below can just focus on layout #} | ||||
{%- set sitename = site.get('ServerName', id) -%} | |||||
{% set sitename = site.get('ServerName', id) -%} | |||||
{%- set vals = { | |||||
{% set vals = { | |||||
'interfaces': site.get('interface', '*').split(), | 'interfaces': site.get('interface', '*').split(), | ||||
'port': site.get('port', '80'), | 'port': site.get('port', '80'), | ||||
{{ site.Rewrite }} | {{ site.Rewrite }} | ||||
{% endif %} | {% endif %} | ||||
{%- for loc, path in site.get('Alias', {}).items() %} | |||||
{% for loc, path in site.get('Alias', {}).items() %} | |||||
Alias {{ loc }} {{ path }} | Alias {{ loc }} {{ path }} | ||||
{%- endfor %} | |||||
{% endfor %} | |||||
{%- for loc, path in site.get('ScriptAlias', {}).items() %} | |||||
{% for loc, path in site.get('ScriptAlias', {}).items() %} | |||||
ScriptAlias {{ loc }} {{ path }} | ScriptAlias {{ loc }} {{ path }} | ||||
{%- endfor %} | |||||
{% endfor %} | |||||
{%- for path, dir in site.get('Directory', {}).items() -%} | |||||
{%- set dvals = { | |||||
{% for path, dir in site.get('Directory', {}).items() -%} | |||||
{% set dvals = { | |||||
'Options': dir.get('Options', vals.Directory.Options), | 'Options': dir.get('Options', vals.Directory.Options), | ||||
'Order': dir.get('Order', vals.Directory.Order), | 'Order': dir.get('Order', vals.Directory.Order), | ||||
'Allow': dir.get('Allow', vals.Directory.Allow), | 'Allow': dir.get('Allow', vals.Directory.Allow), | ||||
'Dav': dir.get('Dav', False), | 'Dav': dir.get('Dav', False), | ||||
} %} | } %} | ||||
{%- if path == 'default' %}{% set path = vals.Directory_default %}{% endif %} | |||||
{% if path == 'default' %}{% set path = vals.Directory_default %}{% endif %} | |||||
<Directory "{{ path }}"> | <Directory "{{ path }}"> | ||||
{% if dvals.get('Options') != False %}Options {{ dvals.Options }}{% endif %} | {% if dvals.get('Options') != False %}Options {{ dvals.Options }}{% endif %} | ||||
{% if dvals.get('Require') != False %}Require {{ dvals.Require }}{% endif %} | {% if dvals.get('Require') != False %}Require {{ dvals.Require }}{% endif %} | ||||
{% else %} | {% else %} | ||||
{% if dvals.get('Order') != False %}Order {{ dvals.Order }}{% endif %} | {% if dvals.get('Order') != False %}Order {{ dvals.Order }}{% endif %} | ||||
{% if dvals.get('Allow') != False %}Allow {{ dvals.Allow }}{% endif %} | {% if dvals.get('Allow') != False %}Allow {{ dvals.Allow }}{% endif %} | ||||
{% endif %} | {% endif %} | ||||
{% if dvals.get('AllowOverride') != False %}AllowOverride {{ dvals.AllowOverride }}{% endif %} | {% if dvals.get('AllowOverride') != False %}AllowOverride {{ dvals.AllowOverride }}{% endif %} | ||||
{{ dir.Formula_Append|indent(8) }} | {{ dir.Formula_Append|indent(8) }} | ||||
{% endif %} | {% endif %} | ||||
</Directory> | </Directory> | ||||
{%- endfor %} | |||||
{% endfor %} | |||||
{%- for path, loc in site.get('Location', {}).items() %} | |||||
{%- set lvals = { | |||||
{% for path, loc in site.get('Location', {}).items() %} | |||||
{% set lvals = { | |||||
'Order': loc.get('Order', vals.Location.Order), | 'Order': loc.get('Order', vals.Location.Order), | ||||
'Allow': loc.get('Allow', vals.Location.Allow), | 'Allow': loc.get('Allow', vals.Location.Allow), | ||||
'Require': loc.get('Require', vals.Location.Require), | 'Require': loc.get('Require', vals.Location.Require), | ||||
<Location "{{ path }}"> | <Location "{{ path }}"> | ||||
{% if map.version == '2.4' %} | {% if map.version == '2.4' %} | ||||
{%- if lvals.get('Require') != False %}Require {{ lvals.Require }}{% endif %} | |||||
{% if lvals.get('Require') != False %}Require {{ lvals.Require }}{% endif %} | |||||
{% else %} | {% else %} | ||||
{%- if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %} | |||||
{%- if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %} | |||||
{% if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %} | |||||
{% if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %} | |||||
{% endif %} | {% endif %} | ||||
{%- if lvals.get('Dav') != False %}Dav On{% endif %} | |||||
{% if lvals.get('Dav') != False %}Dav On{% endif %} | |||||
{%- if loc.get('Formula_Append') %} | |||||
{% if loc.get('Formula_Append') %} | |||||
{{ loc.Formula_Append|indent(8) }} | {{ loc.Formula_Append|indent(8) }} | ||||
{% endif %} | {% endif %} | ||||
</Location> | </Location> | ||||
{% endfor %} | {% endfor %} | ||||
{%- if site.get('Formula_Append') %} | |||||
{% if site.get('Formula_Append') %} | |||||
{{ site.Formula_Append|indent(4) }} | {{ site.Formula_Append|indent(4) }} | ||||
{% endif %} | {% endif %} | ||||
</VirtualHost> | </VirtualHost> |
{% from "apache/map.jinja" import apache with context %} | |||||
{% if grains['os_family']=="Debian" %} | |||||
include: | |||||
- apache | |||||
- apache.register_site | |||||
extend: | |||||
apache: | |||||
pkg: | |||||
- order: 175 | |||||
service: | |||||
- order: 455 | |||||
apache-reload: | |||||
module: | |||||
- order: 420 | |||||
apache-restart: | |||||
module: | |||||
- order: 425 | |||||
a2dissite 000-default{{ apache.confext }}: | |||||
cmd.run: | |||||
- onlyif: test -f /etc/apache2/sites-enabled/000-default{{ apache.confext }} | |||||
- watch_in: | |||||
- module: apache-reload | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
- require: | |||||
- pkg: apache | |||||
/etc/apache2/sites-available/{{ apache.default_site }}: | |||||
file.absent: | |||||
- require: | |||||
- pkg: apache | |||||
/etc/apache2/sites-available/{{ apache.default_site_ssl }}: | |||||
file.absent: | |||||
- require: | |||||
- pkg: apache | |||||
{% endif %} #END: os = debian |
# vim: ft=yaml | # vim: ft=yaml | ||||
--- | --- | ||||
apache: | apache: | ||||
lookup: {} | |||||
pkg: | |||||
name: apache2 | |||||
mod_ssl: mod_ssl | |||||
mod_wsgi: mod_wsgi | |||||
deps: [] | |||||
rootuser: root | |||||
rootgroup: root | |||||
template_engine: jinja | |||||
config: '/etc/apache' | |||||
service: | |||||
name: apache | |||||
user: www-data | |||||
group: www-data | |||||
vhostdir: /etc/apache2/sites-available | |||||
confdir: /etc/apache2/conf.d | |||||
davlockdbdir: null | |||||
logdir: /var/log/apache2 | |||||
wwwdir: /srv/apache2 | |||||
document_root_user: null # Do not enforce group | |||||
document_root_group: null # Do not enforce group | |||||
manage_service_states: true | manage_service_states: true | ||||
service_state: running | service_state: running | ||||
service_enable: true | service_enable: true | ||||
flags: {} | |||||
global: {} | |||||
modules: {} | |||||
mod_remoteip: {} | |||||
mod_security: | mod_security: | ||||
crs_install: false | crs_install: false | ||||
manage_config: false | |||||
manage_config: false # use software defaults | |||||
mod_ssl: | |||||
manage_tls_defaults: false # use software defaults | |||||
# Just here for testing | |||||
added_in_defaults: defaults_value | |||||
winner: defaults | |||||
retry_option: | |||||
# https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states | |||||
attempts: 2 | |||||
until: true | |||||
interval: 10 | |||||
splay: 10 |
# | |||||
# This file is managed by Salt! Do not edit by hand! | |||||
# | |||||
# This is the main Apache HTTP server configuration file. It contains the | |||||
# configuration directives that give the server its instructions. | |||||
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information. | |||||
# In particular, see | |||||
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html> | |||||
# for a discussion of each configuration directive. | |||||
# | |||||
# Do NOT simply read the instructions in here without understanding | |||||
# what they do. They're here only as hints or reminders. If you are unsure | |||||
# consult the online docs. You have been warned. | |||||
# | |||||
# Configuration and logfile names: If the filenames you specify for many | |||||
# of the server's control files begin with "/" (or "drive:/" for Win32), the | |||||
# server will use that explicit path. If the filenames do *not* begin | |||||
# with "/", the value of ServerRoot is prepended -- so "logs/access_log" | |||||
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the | |||||
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" | |||||
# will be interpreted as '/logs/access_log'. | |||||
# | |||||
# ServerRoot: The top of the directory tree under which the server's | |||||
# configuration, error, and log files are kept. | |||||
# | |||||
# Do not add a slash at the end of the directory path. If you point | |||||
# ServerRoot at a non-local disk, be sure to specify a local disk on the | |||||
# Mutex directive, if file-based mutexes are used. If you wish to share the | |||||
# same ServerRoot for multiple httpd daemons, you will need to change at | |||||
# least PidFile. | |||||
# | |||||
ServerRoot "{{ apache.get('serverroot', '/etc/httpd') }}" | |||||
# | |||||
# Mutex: Allows you to set the mutex mechanism and mutex file directory | |||||
# for individual mutexes, or change the global defaults | |||||
# | |||||
# Uncomment and change the directory if mutexes are file-based and the default | |||||
# mutex file directory is not on a local disk or is not appropriate for some | |||||
# other reason. | |||||
# | |||||
# Mutex default:/run/httpd | |||||
# | |||||
# Listen: Allows you to bind Apache to specific IP addresses and/or | |||||
# ports, instead of the default. See also the <VirtualHost> | |||||
# directive. | |||||
# | |||||
# Change this to Listen on specific IP addresses as shown below to | |||||
# prevent Apache from glomming onto all bound IP addresses. | |||||
# | |||||
#Listen 12.34.56.78:80 | |||||
{% if salt['pillar.get']('apache:sites') is mapping %} | |||||
{%- set listen_directives = [] %} | |||||
{%- for id, site in salt['pillar.get']('apache:sites').items() %} | |||||
{%- set interfaces = site.get('interface', '*').split() %} | |||||
{%- set port = site.get('port', 80) %} | |||||
{%- for interface in interfaces %} | |||||
{%- if not site.get('exclude_listen_directive', False) and not port == '*' %} | |||||
{%- set listen_directive = interface ~ ':' ~ port %} | |||||
{%- if listen_directive not in listen_directives %} | |||||
{%- do listen_directives.append(listen_directive) %} | |||||
{%- endif %} | |||||
{%- endif %} | |||||
{%- endfor %} | |||||
{%- endfor %} | |||||
{%- for listen in listen_directives %} | |||||
Listen {{ listen }} | |||||
{%- endfor %} | |||||
{%- else %} | |||||
Listen 80 | |||||
<IfModule mod_ssl.c> | |||||
Listen 443 | |||||
</IfModule> | |||||
{%- endif %} | |||||
# | |||||
# Dynamic Shared Object (DSO) Support | |||||
# | |||||
# To be able to use the functionality of a module which was built as a DSO you | |||||
# have to place corresponding `LoadModule' lines at this location so the | |||||
# directives contained in it are actually available _before_ they are used. | |||||
# Statically compiled modules (those listed by `httpd -l') do not need | |||||
# to be loaded here. | |||||
# | |||||
# Example: | |||||
# LoadModule foo_module modules/mod_foo.so | |||||
# | |||||
LoadModule mpm_event_module modules/mod_mpm_event.so | |||||
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so | |||||
#LoadModule mpm_worker_module modules/mod_mpm_worker.so | |||||
LoadModule authn_file_module modules/mod_authn_file.so | |||||
#LoadModule authn_dbm_module modules/mod_authn_dbm.so | |||||
#LoadModule authn_anon_module modules/mod_authn_anon.so | |||||
#LoadModule authn_dbd_module modules/mod_authn_dbd.so | |||||
#LoadModule authn_socache_module modules/mod_authn_socache.so | |||||
LoadModule authn_core_module modules/mod_authn_core.so | |||||
LoadModule authz_host_module modules/mod_authz_host.so | |||||
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so | |||||
LoadModule authz_user_module modules/mod_authz_user.so | |||||
#LoadModule authz_dbm_module modules/mod_authz_dbm.so | |||||
#LoadModule authz_owner_module modules/mod_authz_owner.so | |||||
#LoadModule authz_dbd_module modules/mod_authz_dbd.so | |||||
LoadModule authz_core_module modules/mod_authz_core.so | |||||
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so | |||||
#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so | |||||
LoadModule access_compat_module modules/mod_access_compat.so | |||||
LoadModule auth_basic_module modules/mod_auth_basic.so | |||||
#LoadModule auth_form_module modules/mod_auth_form.so | |||||
#LoadModule auth_digest_module modules/mod_auth_digest.so | |||||
#LoadModule allowmethods_module modules/mod_allowmethods.so | |||||
#LoadModule file_cache_module modules/mod_file_cache.so | |||||
#LoadModule cache_module modules/mod_cache.so | |||||
#LoadModule cache_disk_module modules/mod_cache_disk.so | |||||
#LoadModule cache_socache_module modules/mod_cache_socache.so | |||||
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so | |||||
#LoadModule socache_dbm_module modules/mod_socache_dbm.so | |||||
#LoadModule socache_memcache_module modules/mod_socache_memcache.so | |||||
#LoadModule socache_redis_module modules/mod_socache_redis.so | |||||
#LoadModule watchdog_module modules/mod_watchdog.so | |||||
#LoadModule macro_module modules/mod_macro.so | |||||
#LoadModule dbd_module modules/mod_dbd.so | |||||
#LoadModule dumpio_module modules/mod_dumpio.so | |||||
#LoadModule echo_module modules/mod_echo.so | |||||
#LoadModule buffer_module modules/mod_buffer.so | |||||
#LoadModule data_module modules/mod_data.so | |||||
#LoadModule ratelimit_module modules/mod_ratelimit.so | |||||
LoadModule reqtimeout_module modules/mod_reqtimeout.so | |||||
#LoadModule ext_filter_module modules/mod_ext_filter.so | |||||
#LoadModule request_module modules/mod_request.so | |||||
LoadModule include_module modules/mod_include.so | |||||
LoadModule filter_module modules/mod_filter.so | |||||
#LoadModule reflector_module modules/mod_reflector.so | |||||
#LoadModule substitute_module modules/mod_substitute.so | |||||
#LoadModule sed_module modules/mod_sed.so | |||||
#LoadModule charset_lite_module modules/mod_charset_lite.so | |||||
#LoadModule deflate_module modules/mod_deflate.so | |||||
#LoadModule xml2enc_module modules/mod_xml2enc.so | |||||
#LoadModule proxy_html_module modules/mod_proxy_html.so | |||||
#LoadModule brotli_module modules/mod_brotli.so | |||||
LoadModule mime_module modules/mod_mime.so | |||||
#LoadModule ldap_module modules/mod_ldap.so | |||||
LoadModule log_config_module modules/mod_log_config.so | |||||
#LoadModule log_debug_module modules/mod_log_debug.so | |||||
#LoadModule log_forensic_module modules/mod_log_forensic.so | |||||
#LoadModule logio_module modules/mod_logio.so | |||||
#LoadModule lua_module modules/mod_lua.so | |||||
LoadModule env_module modules/mod_env.so | |||||
#LoadModule mime_magic_module modules/mod_mime_magic.so | |||||
#LoadModule cern_meta_module modules/mod_cern_meta.so | |||||
#LoadModule expires_module modules/mod_expires.so | |||||
LoadModule headers_module modules/mod_headers.so | |||||
#LoadModule ident_module modules/mod_ident.so | |||||
#LoadModule usertrack_module modules/mod_usertrack.so | |||||
#LoadModule unique_id_module modules/mod_unique_id.so | |||||
LoadModule setenvif_module modules/mod_setenvif.so | |||||
LoadModule version_module modules/mod_version.so | |||||
#LoadModule remoteip_module modules/mod_remoteip.so | |||||
#LoadModule proxy_module modules/mod_proxy.so | |||||
#LoadModule proxy_connect_module modules/mod_proxy_connect.so | |||||
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so | |||||
#LoadModule proxy_http_module modules/mod_proxy_http.so | |||||
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so | |||||
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so | |||||
#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so | |||||
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so | |||||
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so | |||||
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so | |||||
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so | |||||
#LoadModule proxy_express_module modules/mod_proxy_express.so | |||||
#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so | |||||
#LoadModule session_module modules/mod_session.so | |||||
#LoadModule session_cookie_module modules/mod_session_cookie.so | |||||
#LoadModule session_crypto_module modules/mod_session_crypto.so | |||||
#LoadModule session_dbd_module modules/mod_session_dbd.so | |||||
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so | |||||
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so | |||||
#LoadModule ssl_module modules/mod_ssl.so | |||||
#LoadModule dialup_module modules/mod_dialup.so | |||||
#LoadModule http2_module modules/mod_http2.so | |||||
#LoadModule proxy_http2_module modules/mod_proxy_http2.so | |||||
#LoadModule md_module modules/mod_md.so | |||||
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so | |||||
#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so | |||||
#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so | |||||
#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so | |||||
LoadModule unixd_module modules/mod_unixd.so | |||||
#LoadModule heartbeat_module modules/mod_heartbeat.so | |||||
#LoadModule heartmonitor_module modules/mod_heartmonitor.so | |||||
#LoadModule dav_module modules/mod_dav.so | |||||
LoadModule status_module modules/mod_status.so | |||||
LoadModule autoindex_module modules/mod_autoindex.so | |||||
#LoadModule asis_module modules/mod_asis.so | |||||
#LoadModule info_module modules/mod_info.so | |||||
#LoadModule suexec_module modules/mod_suexec.so | |||||
<IfModule !mpm_prefork_module> | |||||
#LoadModule cgid_module modules/mod_cgid.so | |||||
</IfModule> | |||||
<IfModule mpm_prefork_module> | |||||
#LoadModule cgi_module modules/mod_cgi.so | |||||
</IfModule> | |||||
#LoadModule dav_fs_module modules/mod_dav_fs.so | |||||
#LoadModule dav_lock_module modules/mod_dav_lock.so | |||||
#LoadModule vhost_alias_module modules/mod_vhost_alias.so | |||||
LoadModule negotiation_module modules/mod_negotiation.so | |||||
LoadModule dir_module modules/mod_dir.so | |||||
#LoadModule imagemap_module modules/mod_imagemap.so | |||||
#LoadModule actions_module modules/mod_actions.so | |||||
#LoadModule speling_module modules/mod_speling.so | |||||
LoadModule userdir_module modules/mod_userdir.so | |||||
LoadModule alias_module modules/mod_alias.so | |||||
#LoadModule rewrite_module modules/mod_rewrite.so | |||||
<IfModule unixd_module> | |||||
# | |||||
# If you wish httpd to run as a different user or group, you must run | |||||
# httpd as root initially and it will switch. | |||||
# | |||||
# User/Group: The name (or #number) of the user/group to run httpd as. | |||||
# It is usually good practice to create a dedicated user and group for | |||||
# running httpd, as with most system services. | |||||
# | |||||
User {{ apache.user or 'http' }} | |||||
Group {{ apache.group or 'http' }} | |||||
</IfModule> | |||||
# 'Main' server configuration | |||||
# | |||||
# The directives in this section set up the values used by the 'main' | |||||
# server, which responds to any requests that aren't handled by a | |||||
# <VirtualHost> definition. These values also provide defaults for | |||||
# any <VirtualHost> containers you may define later in the file. | |||||
# | |||||
# All of these directives may appear inside <VirtualHost> containers, | |||||
# in which case these default settings will be overridden for the | |||||
# virtual host being defined. | |||||
# | |||||
# | |||||
# ServerAdmin: Your address, where problems with the server should be | |||||
# e-mailed. This address appears on some server-generated pages, such | |||||
# as error documents. e.g. admin@your-domain.com | |||||
# | |||||
ServerAdmin you@example.com | |||||
# | |||||
# ServerName gives the name and port that the server uses to identify itself. | |||||
# This can often be determined automatically, but we recommend you specify | |||||
# it explicitly to prevent problems during startup. | |||||
# | |||||
# If your host doesn't have a registered DNS name, enter its IP address here. | |||||
# | |||||
#ServerName www.example.com:80 | |||||
# | |||||
# Deny access to the entirety of your server's filesystem. You must | |||||
# explicitly permit access to web content directories in other | |||||
# <Directory> blocks below. | |||||
# | |||||
<Directory /> | |||||
AllowOverride none | |||||
Require all denied | |||||
</Directory> | |||||
# | |||||
# Note that from this point forward you must specifically allow | |||||
# particular features to be enabled - so if something's not working as | |||||
# you might expect, make sure that you have specifically enabled it | |||||
# below. | |||||
# | |||||
# | |||||
# DocumentRoot: The directory out of which you will serve your | |||||
# documents. By default, all requests are taken from this directory, but | |||||
# symbolic links and aliases may be used to point to other locations. | |||||
# | |||||
DocumentRoot "{{ apache.get('docroot', apache.wwwdir or '/srv/http') }}" | |||||
# | |||||
# Relax access to content within {{ apache.wwwdir }}. | |||||
# | |||||
<Directory "{{ apache.wwwdir }}"> | |||||
AllowOverride None | |||||
# Allow open access: | |||||
Require all granted | |||||
</Directory> | |||||
# Further relax access to the default document root: | |||||
<Directory "{{ apache.get('docroot', apache.wwwdir + '/srv/http') }}"> | |||||
# | |||||
# Possible values for the Options directive are "None", "All", | |||||
# or any combination of: | |||||
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews | |||||
# | |||||
# Note that "MultiViews" must be named *explicitly* --- "Options All" | |||||
# doesn't give it to you. | |||||
# | |||||
# The Options directive is both complicated and important. Please see | |||||
# http://httpd.apache.org/docs/2.4/mod/core.html#options | |||||
# for more information. | |||||
# | |||||
Options Indexes FollowSymLinks | |||||
# | |||||
# AllowOverride controls what directives may be placed in .htaccess files. | |||||
# It can be "All", "None", or any combination of the keywords: | |||||
# AllowOverride FileInfo AuthConfig Limit | |||||
# | |||||
AllowOverride None | |||||
# | |||||
# Controls who can get stuff from this server. | |||||
# | |||||
Require all granted | |||||
</Directory> | |||||
# | |||||
# DirectoryIndex: sets the file that Apache will serve if a directory | |||||
# is requested. | |||||
# | |||||
<IfModule dir_module> | |||||
DirectoryIndex index.html | |||||
</IfModule> | |||||
# | |||||
# The following lines prevent .htaccess and .htpasswd files from being | |||||
# viewed by Web clients. | |||||
# | |||||
<Files ".ht*"> | |||||
Require all denied | |||||
</Files> | |||||
# | |||||
# ErrorLog: The location of the error log file. | |||||
# If you do not specify an ErrorLog directive within a <VirtualHost> | |||||
# container, error messages relating to that virtual host will be | |||||
# logged here. If you *do* define an error logfile for a <VirtualHost> | |||||
# container, that host's errors will be logged there and not here. | |||||
# | |||||
ErrorLog "{{ apache.logdir }}/error_log" | |||||
# | |||||
# LogLevel: Control the number of messages logged to the error_log. | |||||
# Possible values include: debug, info, notice, warn, error, crit, | |||||
# alert, emerg. | |||||
# | |||||
LogLevel warn | |||||
<IfModule log_config_module> | |||||
# | |||||
# The following directives define some format nicknames for use with | |||||
# a CustomLog directive (see below). | |||||
# | |||||
{%- for log_format in salt['pillar.get']('apache:log_formats', []) %} | |||||
LogFormat {{ log_format }} | |||||
{%- endfor %} | |||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined | |||||
LogFormat "%h %l %u %t \"%r\" %>s %b" common | |||||
<IfModule logio_module> | |||||
# You need to enable mod_logio.c to use %I and %O | |||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio | |||||
</IfModule> | |||||
# | |||||
# The location and format of the access logfile (Common Logfile Format). | |||||
# If you do not define any access logfiles within a <VirtualHost> | |||||
# container, they will be logged here. Contrariwise, if you *do* | |||||
# define per-<VirtualHost> access logfiles, transactions will be | |||||
# logged therein and *not* in this file. | |||||
# | |||||
#CustomLog "/var/log/httpd/access_log" common | |||||
# | |||||
# If you prefer a logfile with access, agent, and referer information | |||||
# (Combined Logfile Format) you can use the following directive. | |||||
# | |||||
#CustomLog "/var/log/httpd/access_log" combined | |||||
CustomLog "{{ apache.logdir }}/access_log" combined | |||||
</IfModule> | |||||
<IfModule alias_module> | |||||
# | |||||
# Redirect: Allows you to tell clients about documents that used to | |||||
# exist in your server's namespace, but do not anymore. The client | |||||
# will make a new request for the document at its new location. | |||||
# Example: | |||||
# Redirect permanent /foo http://www.example.com/bar | |||||
# | |||||
# Alias: Maps web paths into filesystem paths and is used to | |||||
# access content that does not live under the DocumentRoot. | |||||
# Example: | |||||
# Alias /webpath /full/filesystem/path | |||||
# | |||||
# If you include a trailing / on /webpath then the server will | |||||
# require it to be present in the URL. You will also likely | |||||
# need to provide a <Directory> section to allow access to | |||||
# the filesystem path. | |||||
# | |||||
# ScriptAlias: This controls which directories contain server scripts. | |||||
# ScriptAliases are essentially the same as Aliases, except that | |||||
# documents in the target directory are treated as applications and | |||||
# run by the server when requested rather than as documents sent to the | |||||
# client. The same rules about trailing "/" apply to ScriptAlias | |||||
# directives as to Alias. | |||||
# | |||||
ScriptAlias /cgi-bin/ "{{ apache.wwwdir }}/cgi-bin/" | |||||
</IfModule> | |||||
<IfModule cgid_module> | |||||
# | |||||
# ScriptSock: On threaded servers, designate the path to the UNIX | |||||
# socket used to communicate with the CGI daemon of mod_cgid. | |||||
# | |||||
#Scriptsock cgisock | |||||
</IfModule> | |||||
# | |||||
# "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased | |||||
# CGI directory exists, if you have that configured. | |||||
# | |||||
<Directory "{{ apache.wwwdir }}/cgi-bin/"> | |||||
AllowOverride None | |||||
Options None | |||||
Require all granted | |||||
</Directory> | |||||
<IfModule headers_module> | |||||
# | |||||
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied | |||||
# backend servers which have lingering "httpoxy" defects. | |||||
# 'Proxy' request header is undefined by the IETF, not listed by IANA | |||||
# | |||||
RequestHeader unset Proxy early | |||||
</IfModule> | |||||
<IfModule mime_module> | |||||
# | |||||
# TypesConfig points to the file containing the list of mappings from | |||||
# filename extension to MIME-type. | |||||
# | |||||
TypesConfig conf/mime.types | |||||
# | |||||
# AddType allows you to add to or override the MIME configuration | |||||
# file specified in TypesConfig for specific file types. | |||||
# | |||||
#AddType application/x-gzip .tgz | |||||
# | |||||
# AddEncoding allows you to have certain browsers uncompress | |||||
# information on the fly. Note: Not all browsers support this. | |||||
# | |||||
#AddEncoding x-compress .Z | |||||
#AddEncoding x-gzip .gz .tgz | |||||
# | |||||
# If the AddEncoding directives above are commented-out, then you | |||||
# probably should define those extensions to indicate media types: | |||||
# | |||||
AddType application/x-compress .Z | |||||
AddType application/x-gzip .gz .tgz | |||||
# | |||||
# AddHandler allows you to map certain file extensions to "handlers": | |||||
# actions unrelated to filetype. These can be either built into the server | |||||
# or added with the Action directive (see below) | |||||
# | |||||
# To use CGI scripts outside of ScriptAliased directories: | |||||
# (You will also need to add "ExecCGI" to the "Options" directive.) | |||||
# | |||||
#AddHandler cgi-script .cgi | |||||
# For type maps (negotiated resources): | |||||
#AddHandler type-map var | |||||
# | |||||
# Filters allow you to process content before it is sent to the client. | |||||
# | |||||
# To parse .shtml files for server-side includes (SSI): | |||||
# (You will also need to add "Includes" to the "Options" directive.) | |||||
# | |||||
#AddType text/html .shtml | |||||
#AddOutputFilter INCLUDES .shtml | |||||
</IfModule> | |||||
# | |||||
# Specify a default charset for all content served; this enables | |||||
# interpretation of all content as UTF-8 by default. To use the | |||||
# default browser choice (ISO-8859-1), or to allow the META tags | |||||
# in HTML content to override this choice, comment out this | |||||
# directive: | |||||
# | |||||
{%- if apache.get('default_charset', False) is none %} | |||||
# AddDefaultCharset UTF-8 | |||||
{%- else %} | |||||
AddDefaultCharset {{ apache.get('default_charset', 'UTF-8') }} | |||||
{%- endif %} | |||||
# | |||||
# The mod_mime_magic module allows the server to use various hints from the | |||||
# contents of the file itself to determine its type. The MIMEMagicFile | |||||
# directive tells the module where the hint definitions are located. | |||||
# | |||||
#MIMEMagicFile conf/magic | |||||
# | |||||
# Customizable error responses come in three flavors: | |||||
# 1) plain text 2) local redirects 3) external redirects | |||||
# | |||||
# Some examples: | |||||
#ErrorDocument 500 "The server made a boo boo." | |||||
#ErrorDocument 404 /missing.html | |||||
#ErrorDocument 404 "/cgi-bin/missing_handler.pl" | |||||
#ErrorDocument 402 http://www.example.com/subscription_info.html | |||||
# | |||||
# | |||||
# MaxRanges: Maximum number of Ranges in a request before | |||||
# returning the entire resource, or one of the special | |||||
# values 'default', 'none' or 'unlimited'. | |||||
# Default setting is to accept 200 Ranges. | |||||
#MaxRanges unlimited | |||||
# | |||||
# EnableMMAP and EnableSendfile: On systems that support it, | |||||
# memory-mapping or the sendfile syscall may be used to deliver | |||||
# files. This usually improves server performance, but must | |||||
# be turned off when serving from networked-mounted | |||||
# filesystems or if support for these functions is otherwise | |||||
# broken on your system. | |||||
# Defaults: EnableMMAP On, EnableSendfile Off | |||||
# | |||||
#EnableMMAP off | |||||
#EnableSendfile on | |||||
{%- for directive, dvalue in salt['pillar.get']('apache:global', {}).items() %} | |||||
{{ directive }} {{ dvalue }} | |||||
{%- endfor %} | |||||
# Supplemental configuration | |||||
# | |||||
# The configuration files in the conf/extra/ directory can be | |||||
# included to add extra features or to modify the default configuration of | |||||
# the server, or you may simply copy their contents here and change as | |||||
# necessary. | |||||
# Load config files in the "/etc/httpd/conf.d" directory, if any. | |||||
IncludeOptional {{ apache.confdir }}/*.conf | |||||
{% if apache.vhostdir != apache.confdir %} | |||||
IncludeOptional {{ apache.vhostdir }}/*.conf | |||||
{% endif %} | |||||
# Server-pool management (MPM specific) | |||||
Include conf/extra/httpd-mpm.conf | |||||
# Multi-language error messages | |||||
Include conf/extra/httpd-multilang-errordoc.conf | |||||
# Fancy directory listings | |||||
Include conf/extra/httpd-autoindex.conf | |||||
# Language settings | |||||
Include conf/extra/httpd-languages.conf | |||||
# User home directories | |||||
Include conf/extra/httpd-userdir.conf | |||||
# Real-time info on requests and configuration | |||||
#Include conf/extra/httpd-info.conf | |||||
# Virtual hosts | |||||
#Include conf/extra/httpd-vhosts.conf | |||||
# Local access to the Apache HTTP Server Manual | |||||
#Include conf/extra/httpd-manual.conf | |||||
# Distributed authoring and versioning (WebDAV) | |||||
<IfModule mod_dav.c> | |||||
Include conf/extra/httpd-dav.conf | |||||
</IfModule> | |||||
# Various default settings | |||||
Include conf/extra/httpd-default.conf | |||||
# Configure mod_proxy_html to understand HTML4/XHTML1 | |||||
<IfModule proxy_html_module> | |||||
Include conf/extra/proxy-html.conf | |||||
</IfModule> | |||||
# Secure (SSL/TLS) connections | |||||
#Include conf/extra/httpd-ssl.conf | |||||
# | |||||
# Note: The following must must be present to support | |||||
# starting without SSL on platforms with no /dev/random equivalent | |||||
# but a statically compiled-in mod_ssl. | |||||
# | |||||
<IfModule ssl_module> | |||||
SSLRandomSeed startup builtin | |||||
SSLRandomSeed connect builtin | |||||
</IfModule> | |||||
# | |||||
# This file is managed by Salt! Do not edit by hand! | |||||
# | # | ||||
# Based upon the NCSA server configuration files originally by Rob McCool. | # Based upon the NCSA server configuration files originally by Rob McCool. | ||||
# | # |
# | # | ||||
# This file is managed by Salt! Do not edit by hand! | # This file is managed by Salt! Do not edit by hand! | ||||
# | # | ||||
{% from "apache/map.jinja" import apache with context -%} | |||||
# envvars - default environment variables for apache2ctl | # envvars - default environment variables for apache2ctl | ||||
# | # | ||||
# This file is managed by Salt! Do not edit by hand! | # This file is managed by Salt! Do not edit by hand! | ||||
# | # | ||||
{% from "apache/map.jinja" import apache with context -%} | |||||
# envvars - default environment variables for apache2ctl | # envvars - default environment variables for apache2ctl | ||||
{%- set sec_pcre_match_limit_recursion = modsec.get('sec_pcre_match_limit_recursion', 1000 ) -%} | {%- set sec_pcre_match_limit_recursion = modsec.get('sec_pcre_match_limit_recursion', 1000 ) -%} | ||||
{%- set sec_debug_log_level = modsec.get('sec_debug_log_level', 0 ) -%} | {%- set sec_debug_log_level = modsec.get('sec_debug_log_level', 0 ) -%} | ||||
# | # | ||||
# This file is managed/autogenerated by salt. | |||||
# This file is managed by Salt! Do not edit by hand! | |||||
# Modify the salt pillar that generates this file instead | # Modify the salt pillar that generates this file instead | ||||
# | # | ||||
# -- Rule engine initialization ---------------------------------------------- | # -- Rule engine initialization ---------------------------------------------- |
# | # | ||||
# This file is managed by Salt! Do not edit by hand! | # This file is managed by Salt! Do not edit by hand! | ||||
# | # | ||||
{%- from "apache/map.jinja" import apache with context -%} | |||||
{% if salt['pillar.get']('apache:sites') is mapping %} | {% if salt['pillar.get']('apache:sites') is mapping %} | ||||
{%- set listen_directives = [] %} | {%- set listen_directives = [] %} |
# | # | ||||
# This file is managed by Salt! Do not edit by hand! | # This file is managed by Salt! Do not edit by hand! | ||||
# | # | ||||
{%- from "apache/map.jinja" import apache with context -%} | |||||
{% if salt['pillar.get']('apache:sites') is mapping %} | {% if salt['pillar.get']('apache:sites') is mapping %} | ||||
{%- set listen_directives = [] %} | {%- set listen_directives = [] %} |
# | # | ||||
# This file is managed by Salt! Do not edit by hand! | # This file is managed by Salt! Do not edit by hand! | ||||
# | # | ||||
{%- from "apache/map.jinja" import apache with context -%} | |||||
# envvars - default environment variables for apache2ctl | # envvars - default environment variables for apache2ctl | ||||
{% from "apache/map.jinja" import apache with context %} | |||||
<IfModule !mpm_prefork_module> | <IfModule !mpm_prefork_module> | ||||
LoadModule cgid_module libexec/{{ apache.service }}/mod_cgid.so | LoadModule cgid_module libexec/{{ apache.service }}/mod_cgid.so | ||||
</IfModule> | </IfModule> |
{% from "apache/map.jinja" import apache with context %} | |||||
LoadModule perl_module libexec/{{ apache.service }}/mod_perl.so | LoadModule perl_module libexec/{{ apache.service }}/mod_perl.so |
{% from "apache/map.jinja" import apache with context %} | |||||
LoadModule php5_module /usr/local/libexec/{{ apache.service }}/libphp5.so | LoadModule php5_module /usr/local/libexec/{{ apache.service }}/libphp5.so | ||||
DirectoryIndex index.html index.php | DirectoryIndex index.html index.php |
{% from "apache/map.jinja" import apache with context %} | |||||
LoadModule proxy_module libexec/{{ apache.service }}/mod_proxy.so | LoadModule proxy_module libexec/{{ apache.service }}/mod_proxy.so |
{% from "apache/map.jinja" import apache with context %} | |||||
LoadModule proxy_http_module libexec/{{ apache.service }}/mod_proxy_http.so | LoadModule proxy_http_module libexec/{{ apache.service }}/mod_proxy_http.so |
{% from "apache/map.jinja" import apache with context %} | |||||
LoadModule rewrite_module libexec/{{ apache.service }}/mod_rewrite.so | LoadModule rewrite_module libexec/{{ apache.service }}/mod_rewrite.so |
{% from "apache/map.jinja" import apache with context %} | |||||
LoadModule suexec_module libexec/{{ apache.service }}/mod_suexec.so | LoadModule suexec_module libexec/{{ apache.service }}/mod_suexec.so |
# | # | ||||
# This file is managed by Salt! Do not edit by hand! | # This file is managed by Salt! Do not edit by hand! | ||||
# | # | ||||
{%- from "apache/map.jinja" import apache with context -%} | |||||
{% if salt['pillar.get']('apache:sites') is mapping %} | {% if salt['pillar.get']('apache:sites') is mapping %} | ||||
{%- set listen_directives = [] %} | {%- set listen_directives = [] %} |
# | # | ||||
# This file is managed by Salt! Do not edit by hand! | |||||
# | |||||
# This is the main Apache HTTP server configuration file. It contains the | # This is the main Apache HTTP server configuration file. It contains the | ||||
# configuration directives that give the server its instructions. | # configuration directives that give the server its instructions. | ||||
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information. | # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information. |
# | # | ||||
# This file is managed by Salt! Do not edit by hand! | # This file is managed by Salt! Do not edit by hand! | ||||
# | # | ||||
{% from "apache/map.jinja" import apache with context %} | |||||
# | # | ||||
# This is the main Apache HTTP server configuration file. It contains the | # This is the main Apache HTTP server configuration file. It contains the | ||||
# configuration directives that give the server its instructions. | # configuration directives that give the server its instructions. |
# | |||||
# This file is managed by Salt! Do not edit by hand! | |||||
# | |||||
# | |||||
# This file configures all the logging modules: | |||||
LoadModule log_config_module modules/mod_log_config.so | |||||
LoadModule log_debug_module modules/mod_log_debug.so | |||||
LoadModule log_forensic_module modules/mod_log_forensic.so | |||||
LoadModule logio_module modules/mod_logio.so |
# managed by saltstack | |||||
# | |||||
# This file is managed by Salt! Do not edit by hand! | |||||
# | |||||
{% set mpm_module = 'mpm_prefork' -%} | {% set mpm_module = 'mpm_prefork' -%} | ||||
{% set mpm_param = salt['pillar.get']('apache:mod_mpm_prefork', {}) -%} | {% set mpm_param = salt['pillar.get']('apache:mod_mpm_prefork', {}) -%} |
# | |||||
# This file is managed by Salt! Do not edit by hand! | |||||
# | |||||
LoadModule geoip_module /usr/lib64/httpd/modules/mod_geoip.so |
# managed by saltstack | |||||
# | |||||
# This file is managed by Salt! Do not edit by hand! | |||||
# | |||||
RemoteIPHeader {{ salt['pillar.get']('apache:mod_remoteip:RemoteIPHeader', 'X-Forwarded-For') }} | RemoteIPHeader {{ salt['pillar.get']('apache:mod_remoteip:RemoteIPHeader', 'X-Forwarded-For') }} | ||||
{%- for trusted_proxy in salt['pillar.get']('apache:mod_remoteip:RemoteIPTrustedProxy', []) %} | {%- for trusted_proxy in salt['pillar.get']('apache:mod_remoteip:RemoteIPTrustedProxy', []) %} |
{%- set sec_pcre_match_limit_recursion = modsec.get('sec_pcre_match_limit_recursion', 1000 ) -%} | {%- set sec_pcre_match_limit_recursion = modsec.get('sec_pcre_match_limit_recursion', 1000 ) -%} | ||||
{%- set sec_debug_log_level = modsec.get('sec_debug_log_level', 0 ) -%} | {%- set sec_debug_log_level = modsec.get('sec_debug_log_level', 0 ) -%} | ||||
# | # | ||||
# This file is managed/autogenerated by salt. | |||||
# This file is managed by Salt! Do not edit by hand! | |||||
# Modify the salt pillar that generates this file instead | # Modify the salt pillar that generates this file instead | ||||
# | # | ||||
</IfModule> | </IfModule> | ||||
<IfModule mod_security2.c> | <IfModule mod_security2.c> | ||||
# ModSecurity Core Rules Set configuration | # ModSecurity Core Rules Set configuration | ||||
Include modsecurity.d/*.conf | |||||
Include modsecurity.d/activated_rules/*.conf | |||||
{%- if 'osfinger' in grains and grains.osfinger in ('Red Hat Enterprise Linux Server-6', 'CentOS-6') %} | |||||
Include modsecurity.d/*.conf | |||||
Include modsecurity.d/activated_rules/*.conf | |||||
{%- else %} | |||||
IncludeOptional modsecurity.d/*.conf | |||||
IncludeOptional modsecurity.d/activated_rules/*.conf | |||||
{%- endif %} | |||||
# Default recommended configuration | # Default recommended configuration | ||||
SecRuleEngine {{ sec_rule_engine }} | SecRuleEngine {{ sec_rule_engine }} |
## | |||||
# | |||||
# This file is managed by Salt! Do not edit by hand! | |||||
# | |||||
## SSL Global Context | ## SSL Global Context | ||||
## | ## | ||||
## All SSL configuration in this context applies both to | ## All SSL configuration in this context applies both to |
# | |||||
# This file is managed by Salt! Do not edit by hand | |||||
# | |||||
# | |||||
# /etc/apache2/httpd.conf | |||||
# | |||||
# This is the main Apache server configuration file. It contains the | |||||
# configuration directives that give the server its instructions. | |||||
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information about | |||||
# the directives. | |||||
# Based upon the default apache configuration file that ships with apache, | |||||
# which is based upon the NCSA server configuration files originally by Rob | |||||
# McCool. This file was knocked together by Peter Poeml <poeml+apache@suse.de>. | |||||
# If possible, avoid changes to this file. It does mainly contain Include | |||||
# statements and global settings that can/should be overridden in the | |||||
# configuration of your virtual hosts. | |||||
# Quickstart guide: | |||||
# http://en.opensuse.org/SDB:Apache_installation | |||||
# Overview of include files, chronologically: | |||||
# | |||||
# httpd.conf | |||||
# | | |||||
# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under | |||||
# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...) | |||||
# |-- loadmodule.conf . . . . . . . . . . . [*] load these modules | |||||
# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on | |||||
# |-- mod_log_config.conf . . . . . . . . . define logging formats | |||||
# |-- global.conf . . . . . . . . . . . . . [*] server-wide general settings | |||||
# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring) | |||||
# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info | |||||
# |-- mod_reqtimeout.conf . . . . . . . . . set timeout and minimum data rate for receiving requests | |||||
# |-- mod_cgid-timeout.conf . . . . . . . . set CGIDScriptTimeout if mod_cgid is loaded/active | |||||
# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking | |||||
# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings | |||||
# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration | |||||
# |-- errors.conf . . . . . . . . . . . . . customize error responses | |||||
# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts | |||||
# | | |||||
# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests | |||||
# | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded) | |||||
# | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed) | |||||
# | | |||||
# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here | |||||
# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included) | |||||
# | |||||
# | |||||
# Files marked [*] are NOT read when server is started via systemd service. When server | |||||
# is started via service, defaults from /etc/sysconfig/apache2 are taken into account. | |||||
# | |||||
# Filesystem layout: | |||||
# | |||||
# /etc/apache2/ | |||||
# |-- charset.conv . . . . . . . . . . . . for mod_auth_ldap | |||||
# |-- conf.d/ | |||||
# | |-- apache2-manual.conf . . . . . . . conf that comes with apache2-doc | |||||
# | |-- mod_php4.conf . . . . . . . . . . (example) conf that comes with apache2-mod_php4 | |||||
# | `-- ... . . . . . . . . . . . . . . . other configuration added by packages | |||||
# |-- default-server.conf | |||||
# |-- errors.conf | |||||
# |-- httpd.conf . . . . . . . . . . . . . top level configuration file | |||||
# |-- listen.conf | |||||
# |-- magic | |||||
# |-- mime.types -> ../mime.types | |||||
# |-- mod_autoindex-defaults.conf | |||||
# |-- mod_info.conf | |||||
# |-- mod_log_config.conf | |||||
# |-- mod_mime-defaults.conf | |||||
# |-- mod_perl-startup.pl | |||||
# |-- mod_status.conf | |||||
# |-- mod_userdir.conf | |||||
# |-- mod_usertrack.conf | |||||
# |-- server-tuning.conf | |||||
# |-- ssl-global.conf | |||||
# |-- ssl.crl/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Revocation Lists (CRL) | |||||
# |-- ssl.crt/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificates | |||||
# |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests | |||||
# |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys | |||||
# |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files | |||||
# |-- global.conf | |||||
# |-- loadmodule.conf | |||||
# |-- uid.conf | |||||
# `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here | |||||
# |-- vhost-ssl.template | |||||
# `-- vhost.template | |||||
### Global Environment ###################################################### | |||||
# | |||||
# The directives in this section affect the overall operation of Apache, | |||||
# such as the number of concurrent requests. | |||||
# run under this user/group id | |||||
Include /etc/apache2/uid.conf | |||||
# - how many server processes to start (server pool regulation) | |||||
# - usage of KeepAlive | |||||
Include /etc/apache2/server-tuning.conf | |||||
# ErrorLog: The location of the error log file. | |||||
# If you do not specify an ErrorLog directive within a <VirtualHost> | |||||
# container, error messages relating to that virtual host will be | |||||
# logged here. If you *do* define an error logfile for a <VirtualHost> | |||||
# container, that host's errors will be logged there and not here. | |||||
ErrorLog /var/log/apache2/error_log | |||||
# generated from default value of APACHE_MODULES in /etc/sysconfig/apache2 | |||||
<IfDefine !SYSCONFIG> | |||||
Include /etc/apache2/loadmodule.conf | |||||
</IfDefine> | |||||
# IP addresses / ports to listen on | |||||
Include /etc/apache2/listen.conf | |||||
# predefined logging formats | |||||
Include /etc/apache2/mod_log_config.conf | |||||
# generated from default values of global settings in /etc/sysconfig/apache2 | |||||
<IfDefine !SYSCONFIG> | |||||
Include /etc/apache2/global.conf | |||||
</IfDefine> | |||||
# optional mod_status, mod_info | |||||
Include /etc/apache2/mod_status.conf | |||||
Include /etc/apache2/mod_info.conf | |||||
# mod_reqtimeout protects the server from the so-called "slowloris" | |||||
# attack: The server is not swamped with requests in fast succession, | |||||
# but with slowly transmitted request headers and body, thereby filling up | |||||
# the request slots until the server runs out of them. | |||||
# mod_reqtimeout is lightweight and should deliver good results | |||||
# with the configured default values. You shouldn't notice it at all. | |||||
Include /etc/apache2/mod_reqtimeout.conf | |||||
# Fix for CVE-2014-0231 introduces new configuration parameter | |||||
# CGIDScriptTimeout. This directive and its effect prevent request | |||||
# workers to be eaten until starvation if cgi programs do not send | |||||
# output back to the server within the timout set by CGIDScriptTimeout. | |||||
Include /etc/apache2/mod_cgid-timeout.conf | |||||
# optional cookie-based user tracking | |||||
# read the documentation before using it!! | |||||
Include /etc/apache2/mod_usertrack.conf | |||||
# configuration of server-generated directory listings | |||||
Include /etc/apache2/mod_autoindex-defaults.conf | |||||
# associate MIME types with filename extensions | |||||
TypesConfig /etc/apache2/mime.types | |||||
Include /etc/apache2/mod_mime-defaults.conf | |||||
# set up (customizable) error responses | |||||
Include /etc/apache2/errors.conf | |||||
# global (server-wide) SSL configuration, that is not specific to | |||||
# any virtual host | |||||
Include /etc/apache2/ssl-global.conf | |||||
{% if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) -%} | |||||
Include /etc/apache24/conf.d/tls-defaults.conf | |||||
{%- endif %} | |||||
# forbid access to the entire filesystem by default | |||||
<Directory /> | |||||
Options None | |||||
AllowOverride None | |||||
<IfModule !mod_access_compat.c> | |||||
Require all denied | |||||
</IfModule> | |||||
<IfModule mod_access_compat.c> | |||||
Order deny,allow | |||||
Deny from all | |||||
</IfModule> | |||||
</Directory> | |||||
# use .htaccess files for overriding, | |||||
AccessFileName .htaccess | |||||
# and never show them | |||||
<Files ~ "^\.ht"> | |||||
<IfModule !mod_access_compat.c> | |||||
Require all denied | |||||
</IfModule> | |||||
<IfModule mod_access_compat.c> | |||||
Order allow,deny | |||||
Deny from all | |||||
</IfModule> | |||||
</Files> | |||||
# List of resources to look for when the client requests a directory | |||||
DirectoryIndex index.html index.html.var | |||||
### 'Main' server configuration ############################################# | |||||
# | |||||
# The directives in this section set up the values used by the 'main' | |||||
# server, which responds to any requests that aren't handled by a | |||||
# <VirtualHost> definition. These values also provide defaults for | |||||
# any <VirtualHost> containers you may define later in the file. | |||||
# | |||||
# All of these directives may appear inside <VirtualHost> containers, | |||||
# in which case these default settings will be overridden for the | |||||
# virtual host being defined. | |||||
# | |||||
Include /etc/apache2/default-server.conf | |||||
### Virtual server configuration ############################################ | |||||
# | |||||
# VirtualHost: If you want to maintain multiple domains/hostnames on your | |||||
# machine you can setup VirtualHost containers for them. Most configurations | |||||
# use only name-based virtual hosts so the server doesn't need to worry about | |||||
# IP addresses. This is indicated by the asterisks in the directives below. | |||||
# | |||||
# Please see the documentation at | |||||
# <URL:http://httpd.apache.org/docs/2.4/vhosts/> | |||||
# for further details before you try to setup virtual hosts. | |||||
# | |||||
# You may use the command line option '-S' to verify your virtual host | |||||
# configuration. | |||||
# | |||||
IncludeOptional /etc/apache2/vhosts.d/*.conf | |||||
# Note: instead of adding your own configuration here, consider | |||||
# adding it in your own file (/etc/apache2/httpd.conf.local) | |||||
# putting its name into APACHE_CONF_INCLUDE_FILES in | |||||
# /etc/sysconfig/apache2 -- this will make system updates | |||||
# easier :) |
# | # | ||||
# This file is managed by Salt! Do not edit by hand! | |||||
# | |||||
# /etc/apache2/httpd.conf | # /etc/apache2/httpd.conf | ||||
# | # | ||||
# This is the main Apache server configuration file. It contains the | # This is the main Apache server configuration file. It contains the |
{%- set apache = pillar.get('apache', {}) %} | |||||
{%- set modsec = apache.get('mod_security', {}) %} | |||||
{%- set sec_rule_engine = modsec.get('sec_rule_engine', 'DetectionOnly' ) -%} | |||||
{%- set sec_request_body_access = modsec.get('sec_request_body_access', 'On' ) -%} | |||||
{%- set sec_request_body_limit = modsec.get('sec_request_body_limit', 13107200 ) -%} | |||||
{%- set sec_request_body_no_files_limit = modsec.get('sec_request_body_no_files_limit', 131072 ) -%} | |||||
{%- set sec_request_body_in_memory_limit = modsec.get('sec_request_body_in_memory_limit', 131072 ) -%} | |||||
{%- set sec_request_body_limit_action = modsec.get('sec_request_body_limit_action', 'Reject' ) -%} | |||||
{%- set sec_pcre_match_limit = modsec.get('sec_pcre_match_limit', 1000 ) -%} | |||||
{%- set sec_pcre_match_limit_recursion = modsec.get('sec_pcre_match_limit_recursion', 1000 ) -%} | |||||
{%- set sec_debug_log_level = modsec.get('sec_debug_log_level', 0 ) -%} | |||||
# | |||||
# This file is managed by Salt! Do not edit by hand! | |||||
# Modify the salt pillar that generates this file instead | |||||
# | |||||
LoadModule security2_module modules/mod_security2.so | |||||
<IfModule mod_security2.c> | |||||
# ModSecurity Core Rules Set configuration | |||||
IncludeOptional modsecurity.d/*.conf | |||||
IncludeOptional modsecurity.d/activated_rules/*.conf | |||||
# Default recommended configuration | |||||
SecRuleEngine {{ sec_rule_engine }} | |||||
SecRequestBodyAccess {{ sec_request_body_access }} | |||||
SecRule REQUEST_HEADERS:Content-Type "text/xml" \ | |||||
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" | |||||
SecRequestBodyLimit {{ sec_request_body_limit }} | |||||
SecRequestBodyNoFilesLimit {{ sec_request_body_no_files_limit }} | |||||
SecRequestBodyInMemoryLimit {{ sec_request_body_in_memory_limit }} | |||||
SecRequestBodyLimitAction {{ sec_request_body_limit_action }} | |||||
SecRule REQBODY_ERROR "!@eq 0" \ | |||||
"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" | |||||
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ | |||||
"id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \ | |||||
failed strict validation: \ | |||||
PE %{REQBODY_PROCESSOR_ERROR}, \ | |||||
BQ %{MULTIPART_BOUNDARY_QUOTED}, \ | |||||
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ | |||||
DB %{MULTIPART_DATA_BEFORE}, \ | |||||
DA %{MULTIPART_DATA_AFTER}, \ | |||||
HF %{MULTIPART_HEADER_FOLDING}, \ | |||||
LF %{MULTIPART_LF_LINE}, \ | |||||
SM %{MULTIPART_MISSING_SEMICOLON}, \ | |||||
IQ %{MULTIPART_INVALID_QUOTING}, \ | |||||
IP %{MULTIPART_INVALID_PART}, \ | |||||
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ | |||||
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" | |||||
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ | |||||
"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" | |||||
SecPcreMatchLimit {{ sec_pcre_match_limit }} | |||||
SecPcreMatchLimitRecursion {{ sec_pcre_match_limit_recursion }} | |||||
SecRule TX:/^MSC_/ "!@streq 0" \ | |||||
"id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" | |||||
SecResponseBodyAccess Off | |||||
SecDebugLog /var/log/apache2/modsec_debug.log | |||||
SecDebugLogLevel {{ sec_debug_log_level }} | |||||
SecAuditEngine RelevantOnly | |||||
SecAuditLogRelevantStatus "^(?:5|4(?!04))" | |||||
SecAuditLogParts ABIJDEFHZ | |||||
SecAuditLogType Serial | |||||
SecAuditLog /var/log/apache2/modsec_audit.log | |||||
SecArgumentSeparator & | |||||
SecCookieFormat 0 | |||||
SecTmpDir /var/lib/mod_security | |||||
SecDataDir /var/lib/mod_security | |||||
</IfModule> |
<VirtualHost *:8088> | |||||
</VirtualHost> |
{% from "apache/map.jinja" import apache with context %} | |||||
{% if salt['grains.get']('os_family') == 'Suse' or salt['grains.get']('os') == 'SUSE' %} | |||||
include: | |||||
- apache | |||||
{% for flag in salt['pillar.get']('apache:flags:enabled', []) %} | |||||
a2enflag {{ flag }}: | |||||
cmd.run: | |||||
- unless: egrep "^APACHE_SERVER_FLAGS=" /etc/sysconfig/apache2 | grep {{ flag }} | |||||
- require: | |||||
- pkg: apache | |||||
- watch_in: | |||||
- module: apache-restart | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
{% endfor %} | |||||
{% for module in salt['pillar.get']('apache:flags:disabled', []) %} | |||||
a2disflag -f {{ flag }}: | |||||
cmd.run: | |||||
- onlyif: egrep "^APACHE_SERVER_FLAGS=" /etc/sysconfig/apache2 | grep {{ flag }} | |||||
- require: | |||||
- pkg: apache | |||||
- watch_in: | |||||
- module: apache-restart | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
{% endfor %} | |||||
{% endif %} |
{% from "apache/map.jinja" import apache with context %} | |||||
# -*- coding: utf-8 -*- | |||||
# vim: ft=sls | |||||
apache: | |||||
pkg.installed: | |||||
- name: {{ apache.server }} | |||||
group.present: | |||||
- name: {{ apache.group }} | |||||
- system: True | |||||
user.present: | |||||
- name: {{ apache.user }} | |||||
- gid: {{ apache.group }} | |||||
- system: True | |||||
{# By default run apache service states (unless pillar is false) #} | |||||
{% if salt['pillar.get']('apache:manage_service_states', True) %} | |||||
service.{{ apache.service_state }}: | |||||
- name: {{ apache.service }} | |||||
{% if apache.service_state in [ 'running', 'dead' ] %} | |||||
- enable: True | |||||
{% endif %} | |||||
# The following states are inert by default and can be used by other states to | |||||
# trigger a restart or reload as needed. | |||||
apache-reload: | |||||
module.wait: | |||||
{% if apache.service_state in ['running'] %} | |||||
- name: service.reload | |||||
- m_name: {{ apache.service }} | |||||
{% else %} | |||||
- name: cmd.run | |||||
- cmd: {{ apache.custom_reload_command|default('apachectl graceful') }} | |||||
- python_shell: True | |||||
{% endif %} | |||||
apache-restart: | |||||
module.wait: | |||||
{% if apache.service_state in ['running'] %} | |||||
- name: service.restart | |||||
- m_name: {{ apache.service }} | |||||
{% else %} | |||||
- name: cmd.run | |||||
- cmd: {{ apache.custom_reload_command|default('apachectl graceful') }} | |||||
- python_shell: True | |||||
{% endif %} | |||||
{% else %} | |||||
apache-reload: | |||||
test.show_notification: | |||||
- name: Skipping reload per user request | |||||
- text: Pillar manage_service_states is False | |||||
apache-restart: | |||||
test.show_notification: | |||||
- name: Skipping restart per user request | |||||
- text: Pillar manage_service_states is False | |||||
{% endif %} | |||||
include: | |||||
- .package | |||||
- .config | |||||
- .service |
# -*- coding: utf-8 -*- | |||||
# vim: ft=jinja | |||||
{#- Get the relevant values from the `opts` dict #} | |||||
{%- set opts_cli = opts.get('__cli', '') %} | |||||
{%- set opts_masteropts_cli = opts | traverse('__master_opts__:__cli', '') %} | |||||
{#- Determine the type of salt command being run #} | |||||
{%- if opts_cli == 'salt-minion' %} | |||||
{%- set cli = 'minion' %} | |||||
{%- elif opts_cli == 'salt-call' %} | |||||
{%- set cli = 'ssh' if opts_masteropts_cli in ('salt-ssh', 'salt-master') else 'local' %} | |||||
{%- else %} | |||||
{%- set cli = 'unknown' %} | |||||
{%- endif %} | |||||
{%- do salt['log.debug']('[libsaltcli] the salt command type has been identified to be: ' ~ cli) %} |
{%- macro files_switch(source_files, | |||||
lookup=None, | |||||
default_files_switch=['id', 'os_family'], | |||||
indent_width=6, | |||||
use_subpath=False) %} | |||||
{#- | |||||
Returns a valid value for the "source" parameter of a "file.managed" | |||||
state function. This makes easier the usage of the Template Override and | |||||
Files Switch (TOFS) pattern. | |||||
Params: | |||||
* source_files: ordered list of files to look for | |||||
* lookup: key under '<tplroot>:tofs:source_files' to prepend to the | |||||
list of source files | |||||
* default_files_switch: if there's no config (e.g. pillar) | |||||
'<tplroot>:tofs:files_switch' this is the ordered list of grains to | |||||
use as selector switch of the directories under | |||||
"<path_prefix>/files" | |||||
* indent_width: indentation of the result value to conform to YAML | |||||
* use_subpath: defaults to `False` but if set, lookup the source file | |||||
recursively from the current state directory up to `tplroot` | |||||
Example (based on a `tplroot` of `xxx`): | |||||
If we have a state: | |||||
Deploy configuration: | |||||
file.managed: | |||||
- name: /etc/yyy/zzz.conf | |||||
- source: {{ files_switch(['/etc/yyy/zzz.conf', '/etc/yyy/zzz.conf.jinja'], | |||||
lookup='Deploy configuration' | |||||
) }} | |||||
- template: jinja | |||||
In a minion with id=theminion and os_family=RedHat, it's going to be | |||||
rendered as: | |||||
Deploy configuration: | |||||
file.managed: | |||||
- name: /etc/yyy/zzz.conf | |||||
- source: | |||||
- salt://xxx/files/theminion/etc/yyy/zzz.conf | |||||
- salt://xxx/files/theminion/etc/yyy/zzz.conf.jinja | |||||
- salt://xxx/files/RedHat/etc/yyy/zzz.conf | |||||
- salt://xxx/files/RedHat/etc/yyy/zzz.conf.jinja | |||||
- salt://xxx/files/default/etc/yyy/zzz.conf | |||||
- salt://xxx/files/default/etc/yyy/zzz.conf.jinja | |||||
- template: jinja | |||||
#} | |||||
{#- Get the `tplroot` from `tpldir` #} | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- set path_prefix = salt['config.get'](tplroot ~ ':tofs:path_prefix', tplroot) %} | |||||
{%- set files_dir = salt['config.get'](tplroot ~ ':tofs:dirs:files', 'files') %} | |||||
{%- set files_switch_list = salt['config.get']( | |||||
tplroot ~ ':tofs:files_switch', | |||||
default_files_switch | |||||
) %} | |||||
{#- Lookup source_files (v2), files (v1), or fallback to an empty list #} | |||||
{%- set src_files = salt['config.get']( | |||||
tplroot ~ ':tofs:source_files:' ~ lookup, | |||||
salt['config.get'](tplroot ~ ':tofs:files:' ~ lookup, []) | |||||
) %} | |||||
{#- Append the default source_files #} | |||||
{%- set src_files = src_files + source_files %} | |||||
{#- Only add to [''] when supporting older TOFS implementations #} | |||||
{%- set path_prefix_exts = [''] %} | |||||
{%- if use_subpath and tplroot != tpldir %} | |||||
{#- Walk directory tree to find {{ files_dir }} #} | |||||
{%- set subpath_parts = tpldir.lstrip(tplroot).lstrip('/').split('/') %} | |||||
{%- for path in subpath_parts %} | |||||
{%- set subpath = subpath_parts[0:loop.index] | join('/') %} | |||||
{%- do path_prefix_exts.append('/' ~ subpath) %} | |||||
{%- endfor %} | |||||
{%- endif %} | |||||
{%- for path_prefix_ext in path_prefix_exts|reverse %} | |||||
{%- set path_prefix_inc_ext = path_prefix ~ path_prefix_ext %} | |||||
{#- For older TOFS implementation, use `files_switch` from the config #} | |||||
{#- Use the default, new method otherwise #} | |||||
{%- set fsl = salt['config.get']( | |||||
tplroot ~ path_prefix_ext|replace('/', ':') ~ ':files_switch', | |||||
files_switch_list | |||||
) %} | |||||
{#- Append an empty value to evaluate as `default` in the loop below #} | |||||
{%- if '' not in fsl %} | |||||
{%- set fsl = fsl + [''] %} | |||||
{%- endif %} | |||||
{%- for fs in fsl %} | |||||
{%- for src_file in src_files %} | |||||
{%- if fs %} | |||||
{%- set fs_dirs = salt['config.get'](fs, fs) %} | |||||
{%- else %} | |||||
{%- set fs_dirs = salt['config.get'](tplroot ~ ':tofs:dirs:default', 'default') %} | |||||
{%- endif %} | |||||
{#- Force the `config.get` lookup result as a list where necessary #} | |||||
{#- since we need to also handle grains that are lists #} | |||||
{%- if fs_dirs is string %} | |||||
{%- set fs_dirs = [fs_dirs] %} | |||||
{%- endif %} | |||||
{%- for fs_dir in fs_dirs %} | |||||
{%- set url = [ | |||||
'- salt:/', | |||||
path_prefix_inc_ext.strip('/'), | |||||
files_dir.strip('/'), | |||||
fs_dir.strip('/'), | |||||
src_file.strip('/'), | |||||
] | select | join('/') %} | |||||
{{ url | indent(indent_width, true) }} | |||||
{%- endfor %} | |||||
{%- endfor %} | |||||
{%- endfor %} | |||||
{%- endfor %} | |||||
{%- endmacro %} |
{% from "apache/map.jinja" import apache with context %} | |||||
{{ apache.logrotatedir }}: | |||||
file: | |||||
- managed | |||||
- contents: | | |||||
{{ apache.logdir }}/*.log { | |||||
daily | |||||
missingok | |||||
rotate 14 | |||||
compress | |||||
delaycompress | |||||
notifempty | |||||
create 640 root adm | |||||
sharedscripts | |||||
postrotate | |||||
if /etc/init.d/{{ apache.service }} status > /dev/null ; then \ | |||||
/etc/init.d/{{ apache.service }} reload > /dev/null; \ | |||||
fi; | |||||
endscript | |||||
prerotate | |||||
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ | |||||
run-parts /etc/logrotate.d/httpd-prerotate; \ | |||||
fi; \ | |||||
endscript | |||||
} |
{% from "apache/map.jinja" import apache with context %} | |||||
{%- macro security_config(name) %} | |||||
{{ name }}: | |||||
file.managed: | |||||
- source: | |||||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/security.conf.jinja | |||||
- salt://apache/files/security.conf.jinja | |||||
- mode: 644 | |||||
- template: jinja | |||||
- require: | |||||
- pkg: apache | |||||
- watch_in: | |||||
- module: apache-restart | |||||
- require_in: | |||||
- module: apache-restart | |||||
- module: apache-reload | |||||
- service: apache | |||||
{%- endmacro %} | |||||
include: | |||||
- apache | |||||
{% if grains['os_family']=="Debian" %} | |||||
{{ security_config('/etc/apache2/conf-available/security.conf') }} | |||||
- onlyif: test -f '/etc/apache2/conf-available/security.conf' | |||||
{% elif grains['os_family']=="FreeBSD" %} | |||||
{{ security_config(apache.confdir+'/security.conf') }} | |||||
{% endif %} |
{#- vi: set ft=jinja: #} | |||||
# -*- coding: utf-8 -*- | |||||
# vim: ft=jinja | |||||
{%- import_yaml "apache/defaults.yaml" as default_settings %} | |||||
{%- import_yaml "apache/osfamilymap.yaml" as osfamilymap %} | |||||
{%- import_yaml "apache/oscodenamemap.yaml" as oscodenamemap %} | |||||
{%- import_yaml "apache/osfingermap.yaml" as osfingermap %} | |||||
{%- import_yaml "apache/modsecurity.yaml" as modsec %} | |||||
{%- set tplroot = tpldir.split('/')[0] %} | |||||
{%- import_yaml tplroot ~ "/defaults.yaml" as default_settings %} | |||||
{%- import_yaml tplroot ~ "/osarchmap.yaml" as osarchmap %} | |||||
{%- import_yaml tplroot ~ "/osfamilymap.yaml" as osfamilymap %} | |||||
{%- import_yaml tplroot ~ "/osmap.yaml" as osmap %} | |||||
{%- import_yaml tplroot ~ "/osfingermap.yaml" as osfingermap %} | |||||
{%- import_yaml tplroot ~ "/oscodenamemap.yaml" as oscodename %} | |||||
{%- import_yaml tplroot ~ "/modsecurity.yaml" as modsec %} | |||||
{%- set defaults = salt['grains.filter_by'](default_settings, | |||||
default='apache', | |||||
merge=salt['grains.filter_by'](modsec, grain='os_family', | |||||
merge=salt['grains.filter_by'](osfamilymap, grain='os_family', | |||||
merge=salt['grains.filter_by'](oscodenamemap, grain='oscodename', | |||||
merge=salt['grains.filter_by'](osfingermap, grain='osfinger', | |||||
merge=salt['pillar.get']('apache:lookup', default={}) | |||||
{#- Retrieve the config dict only once #} | |||||
{%- set _config = salt['config.get'](tplroot, default={}) %} | |||||
{%- set defaults = salt['grains.filter_by']( | |||||
default_settings, | |||||
default=tplroot, | |||||
merge=salt['grains.filter_by']( | |||||
osarchmap, | |||||
grain='osarch', | |||||
merge=salt['grains.filter_by']( | |||||
osfamilymap, | |||||
grain='os_family', | |||||
merge=salt['grains.filter_by']( | |||||
osmap, | |||||
grain='os', | |||||
merge=salt['grains.filter_by']( | |||||
oscodename, | |||||
grain='oscodename', | |||||
merge=salt['grains.filter_by']( | |||||
osfingermap, | |||||
grain='osfinger', | |||||
merge=salt['grains.filter_by']( | |||||
modsec, | |||||
grain='os_family', | |||||
merge=salt['grains.filter_by']( | |||||
_config, | |||||
default='lookup' | |||||
) | |||||
) | |||||
) | |||||
) | |||||
) | ) | ||||
) | ) | ||||
) | ) | ||||
) | ) | ||||
) %} | |||||
%} | |||||
{%- set config = salt['grains.filter_by']( | |||||
{'defaults': defaults}, | |||||
default='defaults', | |||||
merge=_config | |||||
) | |||||
%} | |||||
{%- set apache = config %} | |||||
{#- Post-processing for specific non-YAML customisations #} | |||||
{%- if grains.os_family == 'MacOS' %} | |||||
{%- set rootuser = salt['cmd.run']("stat -f '%Su' /dev/console") %} | |||||
{%- set rootgroup = salt['cmd.run']("stat -f '%Sg' /dev/console") %} | |||||
{%- do apache.update({'rootuser': rootgroup}) %} | |||||
{%- do apache.update({'rootgroup': rootgroup}) %} | |||||
{%- elif grains.os_family == 'Windows' %} | |||||
{%- set rootuser = salt['cmd.run']("id -un") %} | |||||
{%- do apache.update({'rootuser': rootuser}) %} | |||||
{%- endif %} | |||||
{#- Merge the apache pillar #} | |||||
{%- set apache = salt['pillar.get']('apache', default=defaults, merge=True) %} | |||||
{# legacy pillar support #} | |||||
{%- if 'server' in apache.lookup and apache.lookup.server is string %} | |||||
{%- do apache.pkg.update({'name': apache.server}) %} | |||||
{%- endif %} | |||||
{%- if 'service' in apache.lookup and apache.lookup.service is string %} | |||||
{%- do apache.service.update({'name': apache.service}) %} | |||||
{%- endif %} | |||||
{%- if 'configfile' in apache and apache.configfile is string %} | |||||
{%- do apache.update({'config': apache.configfile}) %} | |||||
{%- endif %} |