ExternalMirrors
/
apache-formula
mirror of https://github.com/saltstack-formulas/apache-formula.git
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 31 Wiki Activity
Saltstack Official Apache Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
274 Commits
5 Branches
Tree: 61439a60a8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '61439a60a8'
${ noResults }
apache-formula/pillar.example

164 lines
5.0KB
Raw Blame History 

  1. # ``apache`` formula configuration:

  2. apache:

  3. 

  4.   # lookup section overrides ``map.jinja`` values

  5.   lookup:

  6.     server: apache2

  7.     service: apache2

  8. 

  9.     vhostdir: /etc/apache2/sites-available

  10.     confdir: /etc/apache2/conf.d

  11.     confext: .conf

  12.     logdir: /var/log/apache2

  13.     wwwdir: /srv/apache2

  14. 

  15.     # apache version (generally '2.2' or '2.4')

  16.     version: '2.2'

  17. 

  18.     # ``apache.mod_wsgi`` formula additional configuration:

  19.     mod_wsgi: mod_wsgi

  20. 

  21. 

  22.   global:

  23.     # global apache directives

  24.     AllowEncodedSlashes: 'On'

  25. 

  26. 

  27.   name_virtual_hosts:

  28.     - interface: '*'

  29.       port: 80

  30.     - interface: '*'

  31.       port: 443

  32. 

  33.   # ``apache.vhosts`` formula additional configuration:

  34.   sites:

  35.     example.net:

  36.       template_file: salt://apache/vhosts/minimal.tmpl

  37. 

  38.     example.com: # must be unique; used as an ID declaration in Salt.

  39.       enabled: True

  40.       template_file: salt://apache/vhosts/standard.tmpl # or redirect.tmpl or proxy.tmpl

  41. 

  42.       ####################### DEFAULT VALUES BELOW ############################

  43.       # NOTE: the values below are simply default settings that *can* be

  44.       # overridden and are not required in order to use this formula to create

  45.       # vhost entries.

  46.       #

  47.       # Do not copy the values below into your Pillar unless you intend to

  48.       # modify these vaules.

  49.       ####################### DEFAULT VALUES BELOW ############################

  50.       template_engine: jinja

  51. 

  52.       interface: '*'

  53.       port: '80'

  54. 

  55.       ServerName: example.com # uses the unique ID above unless specified

  56.       ServerAlias: www.example.com

  57. 

  58.       ServerAdmin: webmaster@example.com

  59. 

  60.       LogLevel: warn

  61.       ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log

  62.       CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log

  63. 

  64.       DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com

  65. 

  66.       SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired

  67.       SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file

  68.       SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file

  69. 

  70.       Directory:

  71.         # "default" is a special case; Adds ``/path/to/www/dir/example.com``

  72.         # E.g.: /var/www/example.com

  73.         default:

  74.           Options: -Indexes +FollowSymLinks

  75.           Order: allow,deny    # For Apache < 2.4

  76.           Allow: from all      # For apache < 2.4

  77.           Require: all granted # For apache > 2.4.

  78.           AllowOverride: None

  79.           Formula_Append: |

  80.             Additional config as a

  81.             multi-line string here

  82. 

  83.       # if template is 'redirect.tmpl'

  84.       # RedirectSource: '/'

  85.       # RedirectTarget: 'http://www.example.net'

  86. 

  87.       # if template is 'proxy.tmpl'

  88.       # ProxyRequests: 'On'

  89.       # ProxyPreserveHost: 'On'

  90.       # ProxyRoute:

  91.       #   my sample route:

  92.       #      ProxyPassSource: '/'

  93.       #      ProxyPassTarget: 'http://www.example.net'

  94.       #      ProxyPassTargetOptions: 'connectiontimeout=5 timeout=30'

  95.       #      ProxyPassReverseSource: '/'

  96.       #      ProxyPassReverseTarget: 'http://www.example.net'

  97. 

  98.       Alias:

  99.         /docs: /usr/share/docs

  100. 

  101.       Location:

  102.         /docs:

  103.           Order: allow,deny    # For Apache < 2.4

  104.           Allow: from all      # For apache < 2.4

  105.           Require: all granted # For apache > 2.4.

  106.           Formula_Append: |

  107.             Additional config as a

  108.             multi-line string here

  109. 

  110.       Formula_Append: |

  111.         Additional config as a

  112.         multi-line string here

  113. 

  114.   # ``apache.debian_full`` formula additional configuration:

  115.   register-site:

  116.     # any name as an array index, and you can duplicate this section

  117.     UNIQUE_VALUE_HERE:

  118.       name: 'my name'

  119.       path: 'salt://path/to/sites-available/conf/file'

  120.       state: 'enabled'

  121.       # Optional - use managed file as Jinja Template

  122.       #template: true

  123.       #defaults:

  124.       #  custom_var: "default value"

  125. 

  126.   modules:

  127.     enabled:  # List modules to enable

  128.       - ldap

  129.       - ssl

  130.     disabled:  # List modules to disable

  131.       - rewrite

  132. 

  133.   # KeepAlive: Whether or not to allow persistent connections (more than

  134.   # one request per connection). Set to "Off" to deactivate.

  135.   keepalive: 'On'

  136. 

  137.   security:

  138.     # can be Full | OS | Minimal | Minor | Major | Prod

  139.     # where Full conveys the most information, and Prod the least.

  140.     ServerTokens: Prod

  141. 

  142.   # ``apache.mod_remoteip`` formula additional configuration:

  143.   mod_remoteip:

  144.     RemoteIPHeader: X-Forwarded-For

  145.     RemoteIPTrustedProxy:

  146.       - 10.0.8.0/24

  147.       - 127.0.0.1

  148. 

  149.   # ``apache.mod_security`` formula additional configuration:

  150.   mod_security:

  151.     crs_install: True

  152.     # If not set, default distro's configuration is installed as is

  153.     manage_config: True

  154.     sec_rule_engine: 'On'

  155.     sec_request_body_access: 'On'

  156.     sec_request_body_limit: '14000000'

  157.     sec_request_body_no_files_limit: '114002'

  158.     sec_request_body_in_memory_limit: '114002'

  159.     sec_request_body_limit_action: 'Reject'

  160.     sec_pcre_match_limit: '15000'

  161.     sec_pcre_match_limit_recursion: '15000'

  162.     sec_debug_log_level: '3'