ExternalMirrors
/
apache-formula
spegling av https://github.com/saltstack-formulas/apache-formula.git
Bevaka 1
Stjärnmärk 0
Förgrening 1
Kod Ärenden 0 Släpp 31 Wiki Aktiviteter
Saltstack Official Apache Formula
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
541 Incheckningar
5 Grenar
Träd: 47818fc360
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från '47818fc360'
${ noResults }
apache-formula/pillar.example

527 lines
21KB
Blame Historik 

  1. # -*- coding: utf-8 -*-

  2. # vim: ft=yaml

  3. ---

  4. apache:

  5.   lookup:

  6.     master: template-master

  7. 

  8.     # apache version (generally '2.2' or '2.4')

  9.     # version: '2.2'

  10. 

  11.     # Default value for AddDefaultCharset in RedHat configuration

  12.     default_charset: 'UTF-8'

  13. 

  14.     # Should we enforce DocumentRoot user/group?

  15.     document_root_user: null   # Defaults to: apache.user

  16.     document_root_group: null  # Defaults to: apache.group

  17. 

  18.     # Just for testing purposes

  19.     winner: lookup

  20.     added_in_lookup: lookup_value

  21. 

  22.   # Using bash package and udev service as an example. This allows us to

  23.   # test the template formula itself. You should set these parameters to

  24.   # examples that make sense in the contexto of the formula you're writing.

  25.   # pkg:

  26.   #   deps:

  27.   #     mod_ssl   # redhat

  28.   #     mod_security  # redhat

  29.   #     mod_geoip     # redhat

  30.   #     GeoIP  # redhat

  31.   #     libapache2-mod-security2  # Debian

  32. 

  33.   global:

  34.     # global apache directives

  35.     AllowEncodedSlashes: 'On'

  36. 

  37.   name_virtual_hosts:

  38.     - interface: '*'

  39.       port: 80

  40.     - interface: '*'

  41.       port: 443

  42. 

  43.   # ``apache.vhosts`` formula additional configuration:

  44.   # fqdn should be added to /etc/hosts i.e. ##

  45.   # $ tail -3 /etc/hosts

  46.   # 127.0.0.1   example.com

  47.   # 127.0.0.1   www.redirectmatch.com

  48.   # 127.0.0.1   www.proxyexample.com

  49. 

  50.   sites:

  51.     example.net:

  52.       template_file: salt://apache/config/vhosts/minimal.tmpl

  53.       port: '8081'

  54. 

  55.     example.com:  # must be unique; used as an ID declaration in Salt.

  56.       enabled: true

  57.       # or minimal.tmpl or redirect.tmpl or proxy.tmpl

  58.       template_file: salt://apache/config/vhosts/standard.tmpl

  59. 

  60.       ####################### DEFAULT VALUES BELOW ############################

  61.       # NOTE: the values below are simply default settings that *can* be

  62.       # overridden and are not required in order to use this formula to create

  63.       # vhost entries.

  64.       #

  65.       # Do not copy the values below into your Pillar unless you intend to

  66.       # modify these vaules.

  67.       ####################### DEFAULT VALUES BELOW ############################

  68.       template_engine: jinja

  69. 

  70.       interface: '*'

  71.       port: '443'

  72. 

  73.       exclude_listen_directive: true  # Do not add a Listen directive in httpd.conf

  74. 

  75.       ServerName: example.com  # uses the unique ID above unless specified

  76.       # ServerAlias: www.example.com  # Do not add ServerAlias unless defined

  77. 

  78.       ServerAdmin: webmaster@example.com

  79. 

  80.       LogLevel: warn

  81.       # E.g.: /var/log/apache2/example.com-error.log

  82.       # ErrorLog: /path/to/logs/example.com-error.log

  83.       # E.g.: /var/log/apache2/example.com-access.log

  84.       # CustomLog: /path/to/logs/example.com-access.log

  85. 

  86.       # E.g., /var/www/example.com

  87.       DocumentRoot: /path/to/www/dir/example.com

  88.       # do not enforce user, defaults to lookup:document_root_user or apache.user

  89.       DocumentRootUser: null

  90.       # Force group, defaults to lookup:document_root_group or apache.user

  91.       DocumentRootGroup: null

  92. 

  93.       {%- if grains.os_family in ('Debian', 'Suse', 'Gentoo') %}

  94.       SSLCertificateFile: /etc/apache2/conf/server.crt

  95.       SSLCertificateKeyFile: /etc/apache2/conf/server.key

  96.       {%- else %}

  97.       SSLCertificateFile: /etc/httpd/conf/server.crt

  98.       SSLCertificateKeyFile: /etc/httpd/conf/server.key

  99.       {%- endif %}

  100.       # SSLCertificateChainFile: /etc/httpd/ssl/example.com.cer

  101. 

  102.       SSLCertificateFile_content: |

  103.         -----BEGIN CERTIFICATE-----

  104.         MIIDYTCCAkkCFCKCcuwB/Ze9bI5/75oRChNH8RzHMA0GCSqGSIb3DQEBCwUAMG0x

  105.         CzAJBgNVBAYTAklFMREwDwYDVQQIDAhDb25uYWNodDESMBAGA1UEBwwJQ29ubWFp

  106.         Y25lMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFDASBgNVBAMM

  107.         C2V4YW1wbGUuY29tMB4XDTIwMTAwMzEzMzI1N1oXDTIxMTAwMzEzMzI1N1owbTEL

  108.         MAkGA1UEBhMCSUUxETAPBgNVBAgMCENvbm5hY2h0MRIwEAYDVQQHDAlDb25tYWlj

  109.         bmUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIGA1UEAwwL

  110.         ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSl0qL

  111.         ol+/b3R9VccpOLe5Cg1Tf1zstAzV5TvjcjSdytdwMDGy9J8Yi2EcMZ1wNdMkvf4D

  112.         mr+72Za+qeHHc0ZA+fIJoV+tTcbLbV/mhv0i0i7Zldi3QuvIVBpLR2Z5s5mXZ7C8

  113.         yz8VpF9enQkS3uNnbNuZNT3ElGHmlAj1yHsh0K+TbvZrygFkG0wvYwivhlt1Zcbo

  114.         th4LJ+gBwNIdSJUiAa58VO5ZNeenM9DquJfZVcFc1bDFqzU0T9KY4PsxmzO1A2+m

  115.         TDHoGR4nCz7B+5Ec4USyBUuKo2FhALBEtYz2hlwaf9XasSSvmzO5hhPCQ3nJ4qeY

  116.         i+BLCSpiq2lApPVZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD9/78A4ygQWbO27

  117.         jQPm+2Zg0f9Sn1tcD4tOVao0MlAfWrALjbmj82hg+givEQKAuN7ptthYoaJcOxHl

  118.         aUe++y3bQiCznN73yKSJZFgG5fYR8tyMslsYRBcKSay0nvPhN/3Jry0nNehDREQ+

  119.         2H0vB595bymGNTmux13sNwOZH1i8KEgxdLcFbje87+CbhCGbFhS3lHPY2FeXnHpO

  120.         W60Zchwsy06xMjo4rzbQatdJj/HAh6lIx0YmNDX/d3dCLpZlkvUBT6ENVhipi5bb

  121.         2pF/Awob8AYWbIn4N7gmIP5Sb0tugpEgrSgSyDdZNWoFDChvfHXcNUP8lblIftAl

  122.         ylssbnQ=

  123.         -----END CERTIFICATE-----

  124. 

  125.       SSLCertificateKeyFile_content: |

  126.         -----BEGIN RSA PRIVATE KEY-----

  127.         MIIEowIBAAKCAQEA0pdKi6Jfv290fVXHKTi3uQoNU39c7LQM1eU743I0ncrXcDAx

  128.         svSfGIthHDGdcDXTJL3+A5q/u9mWvqnhx3NGQPnyCaFfrU3Gy21f5ob9ItIu2ZXY

  129.         t0LryFQaS0dmebOZl2ewvMs/FaRfXp0JEt7jZ2zbmTU9xJRh5pQI9ch7IdCvk272

  130.         a8oBZBtML2MIr4ZbdWXG6LYeCyfoAcDSHUiVIgGufFTuWTXnpzPQ6riX2VXBXNWw

  131.         xas1NE/SmOD7MZsztQNvpkwx6BkeJws+wfuRHOFEsgVLiqNhYQCwRLWM9oZcGn/V

  132.         2rEkr5szuYYTwkN5yeKnmIvgSwkqYqtpQKT1WQIDAQABAoIBAQCI39SP1UWuQ17P

  133.         Z8U+waKIHkRzFMDtCEmfbJL0TfJs7L4CKRDkY6JUbaL8lDLkD9fgdax340jja5VS

  134.         70/UNtRevxXVtJFfLsIazkgaqXo1+65/talZ06E0X5WHgCzWxSj7A2YYD3I9OszR

  135.         zfdr0Hq1akeA2N4AuwC2wVjhhyCg5Lg4xY0l+kRFLrPU4RctsjCAaveVIm3wmJVd

  136.         vmHO9hKcR3nxuIx0/cPYe20WgGSqbYJQburE1uXp26uz/Jek/u8FNFIEjWCWB+vj

  137.         eRQOcxngebyWCh0dyoxb3nL28Yty9O1MlLP2b0YMmep1ZfEFtwn4M2d8FdW1WCmJ

  138.         viOGFx4BAoGBAPTYSIpyxea1qaeNmT97e4YgPwV3rajhdPRYSQKyCsjKHk7Q/uxk

  139.         Phddo0ymiGKLCRAUwg9py900slY8mZKbdrVxXV4EEhngrWrr2gpfzxkEF1i0d4bS

  140.         2OuRCbkfE23glxqtVjvnTlrRANaXgk5mUQCL1YDUf+hrpEvF0pTbDRYpAoGBANwv

  141.         ffy+Sk+e0v+NlthhNHUDcXisIoW7b/DoT0H8DtbJV/QVexaGln7Ts6EgaH2NdpC+

  142.         dyLKa+l7oIeKgXeHm2Tgm879di/ChQCkoAHIUu5Nm0c5D2Vst26JrfCA7vZb9ddI

  143.         FMFt5bsDgRqFzTXFe0k9TEIBiF0Pp5xfHVwNWeuxAoGAGNY3xZOO77BN3WlHumDU

  144.         Tu7Gdc+GFjOIoaCzB0r4PRYDrQsWUPR6N/SPtB7Qhu6DpNX2OYoJ3A6UaJsNGQoc

  145.         KJuvVPIkw+s+rDHwlEzTvT3lAGKOHWcWCg9UZSr51ZOKwHIE5V65XA0HgL0twrYu

  146.         UVfd+IuVzgXdTLJsgh0WXsECgYApcgcU+/yg4BR3Zf9u2100aWGChWQ6J/36KsBA

  147.         e2GPrHaRyzlQFCVf2hmFysPgXjBjLnbeZZvKZyrgWIHmLfBiHKU3YR5N/x9p75Lu

  148.         wvZZROJllagAP2aHuAK1so9IcCbmTvsZLcaAXTh/9Y+a/4ElWBRymDdCzR+Pn5e3

  149.         LAwxAQKBgBHH42ri6pHbRptINzJ9sw3PhwewQZtGu3sfvrOknBs3togptCrjBWDF

  150.         eOGuFmjHO9vnhWs2yWQYETL1jt+CWgzRc4o4akB3qH5sXar5F7h06y16RFV9u6UJ

  151.         qaGqPFcy/l/5H6uNPLZt4Ufg3T0Mz0Az+Dti99KqVLKeqWQvXVc4

  152.         -----END RSA PRIVATE KEY-----

  153. 

  154. 

  155.       Directory:

  156.         # "default" is a special case; uses DocumentRoot value

  157.         # E.g.: /var/www/example.com

  158.         default:

  159.           Options: -Indexes +FollowSymLinks

  160.           Order: allow,deny     # For Apache < 2.4

  161.           Allow: from all       # For apache < 2.4

  162.           Require: all granted  # For apache > 2.4.

  163.           AllowOverride: None

  164.           # Formula_Append: |

  165.           #   Additional config as a

  166.           #   multi-line string here

  167. 

  168.     redirectmatch.com:

  169.       # Use RedirectMatch Directive

  170.       # - https://httpd.apache.org/docs/2.4/fr/mod/mod_alias.html#redirectmatch

  171.       # Require module mod_alias

  172.       enabled: true

  173.       template_file: salt://apache/config/vhosts/redirect.tmpl

  174.       ServerName: www.redirectmatch.com

  175.       ServerAlias: www.redirectmatch.com

  176.       RedirectMatch: true

  177.       RedirectSource: '^/$'

  178.       RedirectTarget: '/subdirectory'

  179.       DocumentRoot: /var/www/html/

  180.       port: '8083'

  181. 

  182.     8084-proxyexample.com:

  183.       template_file: salt://apache/config/vhosts/redirect.tmpl

  184.       ServerName: www.proxyexample.com

  185.       ServerAlias: www.proxyexample.com

  186.       RedirectSource: '/'

  187.       RedirectTarget: 'https://www.proxyexample.com/'

  188.       DocumentRoot: /var/www/proxy

  189.       port: '8084'

  190. 

  191.     8443-proxyexample.com:

  192.       template_file: salt://apache/config/vhosts/proxy.tmpl

  193.       ServerName: www.proxyexample.com

  194.       ServerAlias: www.proxyexample.com

  195.       interface: '*'

  196.       port: '8443'

  197.       DocumentRoot: /var/www/proxy

  198. 

  199.       Rewrite: |

  200.         RewriteRule ^/webmail$ /webmail/ [R]

  201.         RewriteRule ^/webmail(.*) http://mail.example.com$1 [P,L]

  202.         RewriteRule ^/vicescws(.*) http://svc.example.com:92$1 [P,L]

  203. 

  204.       SSLCertificateFile: /etc/httpd/conf/server.crt

  205.       SSLCertificateKeyFile: /etc/httpd/conf/server.key

  206.       # SSLCertificateChainFile: /etc/httpd/ssl/example.com.cer

  207. 

  208.       SSLCertificateFile_content: |

  209.         -----BEGIN CERTIFICATE-----

  210.         MIIDYTCCAkkCFCKCcuwB/Ze9bI5/75oRChNH8RzHMA0GCSqGSIb3DQEBCwUAMG0x

  211.         CzAJBgNVBAYTAklFMREwDwYDVQQIDAhDb25uYWNodDESMBAGA1UEBwwJQ29ubWFp

  212.         Y25lMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFDASBgNVBAMM

  213.         C2V4YW1wbGUuY29tMB4XDTIwMTAwMzEzMzI1N1oXDTIxMTAwMzEzMzI1N1owbTEL

  214.         MAkGA1UEBhMCSUUxETAPBgNVBAgMCENvbm5hY2h0MRIwEAYDVQQHDAlDb25tYWlj

  215.         bmUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIGA1UEAwwL

  216.         ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSl0qL

  217.         ol+/b3R9VccpOLe5Cg1Tf1zstAzV5TvjcjSdytdwMDGy9J8Yi2EcMZ1wNdMkvf4D

  218.         mr+72Za+qeHHc0ZA+fIJoV+tTcbLbV/mhv0i0i7Zldi3QuvIVBpLR2Z5s5mXZ7C8

  219.         yz8VpF9enQkS3uNnbNuZNT3ElGHmlAj1yHsh0K+TbvZrygFkG0wvYwivhlt1Zcbo

  220.         th4LJ+gBwNIdSJUiAa58VO5ZNeenM9DquJfZVcFc1bDFqzU0T9KY4PsxmzO1A2+m

  221.         TDHoGR4nCz7B+5Ec4USyBUuKo2FhALBEtYz2hlwaf9XasSSvmzO5hhPCQ3nJ4qeY

  222.         i+BLCSpiq2lApPVZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD9/78A4ygQWbO27

  223.         jQPm+2Zg0f9Sn1tcD4tOVao0MlAfWrALjbmj82hg+givEQKAuN7ptthYoaJcOxHl

  224.         aUe++y3bQiCznN73yKSJZFgG5fYR8tyMslsYRBcKSay0nvPhN/3Jry0nNehDREQ+

  225.         2H0vB595bymGNTmux13sNwOZH1i8KEgxdLcFbje87+CbhCGbFhS3lHPY2FeXnHpO

  226.         W60Zchwsy06xMjo4rzbQatdJj/HAh6lIx0YmNDX/d3dCLpZlkvUBT6ENVhipi5bb

  227.         2pF/Awob8AYWbIn4N7gmIP5Sb0tugpEgrSgSyDdZNWoFDChvfHXcNUP8lblIftAl

  228.         ylssbnQ=

  229.         -----END CERTIFICATE-----

  230. 

  231.       SSLCertificateKeyFile_content: |

  232.         -----BEGIN RSA PRIVATE KEY-----

  233.         MIIEowIBAAKCAQEA0pdKi6Jfv290fVXHKTi3uQoNU39c7LQM1eU743I0ncrXcDAx

  234.         svSfGIthHDGdcDXTJL3+A5q/u9mWvqnhx3NGQPnyCaFfrU3Gy21f5ob9ItIu2ZXY

  235.         t0LryFQaS0dmebOZl2ewvMs/FaRfXp0JEt7jZ2zbmTU9xJRh5pQI9ch7IdCvk272

  236.         a8oBZBtML2MIr4ZbdWXG6LYeCyfoAcDSHUiVIgGufFTuWTXnpzPQ6riX2VXBXNWw

  237.         xas1NE/SmOD7MZsztQNvpkwx6BkeJws+wfuRHOFEsgVLiqNhYQCwRLWM9oZcGn/V

  238.         2rEkr5szuYYTwkN5yeKnmIvgSwkqYqtpQKT1WQIDAQABAoIBAQCI39SP1UWuQ17P

  239.         Z8U+waKIHkRzFMDtCEmfbJL0TfJs7L4CKRDkY6JUbaL8lDLkD9fgdax340jja5VS

  240.         70/UNtRevxXVtJFfLsIazkgaqXo1+65/talZ06E0X5WHgCzWxSj7A2YYD3I9OszR

  241.         zfdr0Hq1akeA2N4AuwC2wVjhhyCg5Lg4xY0l+kRFLrPU4RctsjCAaveVIm3wmJVd

  242.         vmHO9hKcR3nxuIx0/cPYe20WgGSqbYJQburE1uXp26uz/Jek/u8FNFIEjWCWB+vj

  243.         eRQOcxngebyWCh0dyoxb3nL28Yty9O1MlLP2b0YMmep1ZfEFtwn4M2d8FdW1WCmJ

  244.         viOGFx4BAoGBAPTYSIpyxea1qaeNmT97e4YgPwV3rajhdPRYSQKyCsjKHk7Q/uxk

  245.         Phddo0ymiGKLCRAUwg9py900slY8mZKbdrVxXV4EEhngrWrr2gpfzxkEF1i0d4bS

  246.         2OuRCbkfE23glxqtVjvnTlrRANaXgk5mUQCL1YDUf+hrpEvF0pTbDRYpAoGBANwv

  247.         ffy+Sk+e0v+NlthhNHUDcXisIoW7b/DoT0H8DtbJV/QVexaGln7Ts6EgaH2NdpC+

  248.         dyLKa+l7oIeKgXeHm2Tgm879di/ChQCkoAHIUu5Nm0c5D2Vst26JrfCA7vZb9ddI

  249.         FMFt5bsDgRqFzTXFe0k9TEIBiF0Pp5xfHVwNWeuxAoGAGNY3xZOO77BN3WlHumDU

  250.         Tu7Gdc+GFjOIoaCzB0r4PRYDrQsWUPR6N/SPtB7Qhu6DpNX2OYoJ3A6UaJsNGQoc

  251.         KJuvVPIkw+s+rDHwlEzTvT3lAGKOHWcWCg9UZSr51ZOKwHIE5V65XA0HgL0twrYu

  252.         UVfd+IuVzgXdTLJsgh0WXsECgYApcgcU+/yg4BR3Zf9u2100aWGChWQ6J/36KsBA

  253.         e2GPrHaRyzlQFCVf2hmFysPgXjBjLnbeZZvKZyrgWIHmLfBiHKU3YR5N/x9p75Lu

  254.         wvZZROJllagAP2aHuAK1so9IcCbmTvsZLcaAXTh/9Y+a/4ElWBRymDdCzR+Pn5e3

  255.         LAwxAQKBgBHH42ri6pHbRptINzJ9sw3PhwewQZtGu3sfvrOknBs3togptCrjBWDF

  256.         eOGuFmjHO9vnhWs2yWQYETL1jt+CWgzRc4o4akB3qH5sXar5F7h06y16RFV9u6UJ

  257.         qaGqPFcy/l/5H6uNPLZt4Ufg3T0Mz0Az+Dti99KqVLKeqWQvXVc4

  258.         -----END RSA PRIVATE KEY-----

  259. 

  260.       SSLCertificateChainFile_content: |

  261.         -----BEGIN CERTIFICATE-----

  262.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  263.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  264.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  265.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  266.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  267.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  268.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  269.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  270.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  271.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  272.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  273.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  274.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  275.         -----END CERTIFICATE-----

  276.         -----BEGIN CERTIFICATE-----

  277.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  278.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  279.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  280.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  281.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  282.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  283.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  284.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  285.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  286.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  287.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  288.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  289.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  290.         -----END CERTIFICATE-----

  291. 

  292.       ProxyRequests: 'Off'

  293.       ProxyPreserveHost: 'On'

  294. 

  295.       ProxyRoute:

  296.         example prod proxy route:

  297.           ProxyPassSource: '/'

  298.           ProxyPassTarget: 'http://prod.example.com:85/'

  299.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  300.           ProxyPassReverseSource: '/'

  301.           ProxyPassReverseTarget: 'http://prod.example.com:85/'

  302. 

  303.         example webmail proxy route:

  304.           ProxyPassSource: '/webmail/'

  305.           ProxyPassTarget: 'http://mail.example.com/'

  306.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  307.           ProxyPassReverseSource: '/webmail/'

  308.           ProxyPassReverseTarget: 'http://mail.example.com/'

  309. 

  310.         example service proxy route:

  311.           ProxyPassSource: '/svc/'

  312.           ProxyPassTarget: 'http://svc.example.com:92/'

  313.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  314.           ProxyPassReverseSource: '/svc/'

  315.           ProxyPassReverseTarget: 'http://svc.example.com:92/'

  316. 

  317.       Location:

  318.         /:

  319.           Require: false

  320.           # Formula_Append: |

  321.           #   SecRuleRemoveById 981231

  322.           #   SecRuleRemoveById 981173

  323. 

  324.         /error:

  325.           Require: 'all granted'

  326. 

  327.         /docs:

  328.           Order: allow,deny     # For Apache < 2.4

  329.           Allow: from all       # For apache < 2.4

  330.           Require: all granted  # For apache > 2.4.

  331.           # Formula_Append: |

  332.           #   Additional config as a

  333.           #   multi-line string here

  334. 

  335.       LocationMatch:

  336.         '^[.\\/]+([Ww][Ee][Bb][Mm][Aa][Ii][Ll])[.\\/]':

  337.           Require: false

  338.           Formula_Append: |

  339.             RequestHeader  set  Host  mail.example.com

  340. 

  341.         '^[.\\/]+([Ss][Vv][Cc])[.\\/]':

  342.           Require: false

  343.           Formula_Append: |

  344.             Require ip 123.123.13.6 84.24.25.74

  345. 

  346.       Proxy_control:

  347.         '*':

  348.           AllowAll: false

  349.           AllowCountry: false

  350.           #   - DE

  351.           AllowIP:

  352.             - 12.5.25.32

  353.             - 12.5.25.33

  354. 

  355.       Alias:

  356.         /docs: /usr/share/docs

  357. 

  358.       ScriptAlias:

  359.         /cgi-bin/: /var/www/cgi-bin/

  360. 

  361.         # Formula_Append: |

  362.         #   \#Additional config as a

  363.         #   \#multi-line string here

  364. 

  365.   # ``apache.debian_full`` formula additional configuration:

  366.   register-site:

  367.     # any name as an array index, and you can duplicate this section

  368.     unique_value_here:

  369.       name: 'myname'

  370.       path: 'salt://apache/files/myname.conf'

  371.       state: 'enabled'

  372.       # Optional - use managed file as Jinja Template

  373.       # template: true

  374.       # defaults:

  375.       #   custom_var: "default value"

  376. 

  377.   modules:

  378.     enabled:   # List modules to enable

  379.       - ssl

  380.       - prefork

  381.       - rewrite

  382.       - proxy

  383.       - proxy_ajp

  384.       - proxy_html

  385.       - headers

  386.       # geoip

  387.       - status

  388.       - logio

  389.       - dav

  390.       - dav_fs

  391.       - dav_lock

  392.       - auth_digest

  393.       - socache_shmcb

  394.       - xml2enc

  395.       - ldap

  396.     disabled:  # List modules to disable

  397.       - geoip

  398. 

  399.   flags:

  400.     enabled:   # List server flags to enable

  401.       - SSL

  402.     disabled:  # List server flags to disable

  403.       - status

  404. 

  405.   # KeepAlive: Whether or not to allow persistent connections (more than

  406.   # one request per connection). Set to "Off" to deactivate.

  407.   keepalive: 'On'

  408. 

  409.   TimeOut: 60  # software default is 60 seconds

  410. 

  411.   security:

  412.     # can be Full | OS | Minimal | Minor | Major | Prod

  413.     # where Full conveys the most information, and Prod the least.

  414.     ServerTokens: Prod

  415. 

  416.   # [debian only] configure mod_ssl

  417.   ssl:

  418.     SSLCipherSuite: 'HIGH:!aNULL'

  419.     SSLHonorCipherOrder: 'Off'

  420.     SSLProtocol: 'all -SSLv3'

  421.     SSLUseStapling: 'Off'

  422.     SSLStaplingResponderTimeout: '5'

  423.     SSLStaplingReturnResponderErrors: 'Off'

  424.     SSLStaplingCache: 'shmcb:/var/run/ocsp(128000)'

  425. 

  426.   # ``apache.mod_remoteip`` formula additional configuration:

  427.   mod_remoteip:

  428.     RemoteIPHeader: X-Forwarded-For

  429.     RemoteIPTrustedProxy:

  430.       - 10.0.8.0/24

  431.       - 127.0.0.1

  432. 

  433.   # ``apache.mod_security`` formula additional configuration:

  434.   mod_security:

  435.     crs_install: false

  436.     # If not set, default distro's configuration is installed as is

  437.     manage_config: true

  438.     sec_rule_engine: 'On'

  439.     sec_request_body_access: 'On'

  440.     sec_request_body_limit: '14000000'

  441.     sec_request_body_no_files_limit: '114002'

  442.     sec_request_body_in_memory_limit: '114002'

  443.     sec_request_body_limit_action: 'Reject'

  444.     sec_pcre_match_limit: '15000'

  445.     sec_pcre_match_limit_recursion: '15000'

  446.     sec_debug_log_level: '3'

  447. 

  448.     rules:

  449.       enabled: ~

  450.       modsecurity_crs_10_setup.conf:

  451.         rule_set: ''

  452.         enabled: true

  453.       modsecurity_crs_20_protocol_violations.conf:

  454.         rule_set: 'base_rules'

  455.         enabled: false

  456. 

  457.     custom_rule_files:

  458.       # any name as an array index, and you can duplicate this section

  459.       UNIQUE_VALUE_HERE:

  460.         file: 'myname'

  461.         # path/to/modsecurity/custom/file

  462.         path: 'salt://apache/files/dummy.conf'

  463.         enabled: false

  464. 

  465.   mod_ssl:

  466.     # set this to true if you want to override your distributions default TLS

  467.     # configuration

  468.     manage_tls_defaults: false

  469.     # This stuff is deliberately not configured via map.jinja resp.

  470.     # apache:lookup.  We're unable to know sane defaults for each release of

  471.     # every distribution.

  472.     # See https://github.com/saltstack-formulas/openssh-formula/issues/102 for

  473.     # a related discussion Have a look at bettercrypto.org for up-to-date

  474.     # settings.

  475.     # These are default values:

  476.     # yamllint disable-line rule:line-length

  477.     SSLCipherSuite: EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

  478.     # Mitigate the CRIME attack

  479.     SSLCompression: 'Off'

  480.     SSLProtocol: all -SSLv2 -SSLv3 -TLSv1

  481.     SSLHonorCipherOrder: 'On'

  482.     SSLOptions: "+StrictRequire"

  483.   server_status_require:

  484.     ip:

  485.       - 10.8.8.0/24

  486.     host:

  487.       - foo.example.com

  488. 

  489.   tofs:

  490.     # The files_switch key serves as a selector for alternative

  491.     # directories under the formula files directory. See TOFS pattern

  492.     # doc for more info.

  493.     # Note: Any value not evaluated by `config.get` will be used literally.

  494.     # This can be used to set custom paths, as many levels deep as required.

  495.     files_switch:

  496.       - any/path/can/be/used/here

  497.       - id

  498.       - roles

  499.       - osfinger

  500.       - os

  501.       - os_family

  502.     # All aspects of path/file resolution are customisable using the options below.

  503.     # This is unnecessary in most cases; there are sensible defaults.

  504.     # Default path: salt://< path_prefix >/< dirs.files >/< dirs.default >

  505.     #         I.e.: salt://apache/files/default

  506.     # path_prefix: template_alt

  507.     # dirs:

  508.     #   files: files_alt

  509.     #   default: default_alt

  510.     # The entries under `source_files` are prepended to the default source files

  511.     # given for the state

  512.     # source_files:

  513.     #   apache-config-file-file-managed:

  514.     #     - 'example_alt.tmpl'

  515.     #     - 'example_alt.tmpl.jinja'

  516. 

  517.     # For testing purposes

  518.     source_files:

  519.       apache-config-file-file-managed:

  520.         - 'example.tmpl.jinja'

  521.       apache-subcomponent-config-file-file-managed:

  522.         - 'subcomponent-example.tmpl.jinja'

  523. 

  524.   # Just for testing purposes

  525.   winner: pillar

  526.   added_in_pillar: pillar_value