ExternalMirrors
/
apache-formula
mirror of https://github.com/saltstack-formulas/apache-formula.git
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 31 Wiki Activity
Saltstack Official Apache Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
277 Commits
5 Branches
Tree: adc80edd39
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'adc80edd39'
${ noResults }
apache-formula/pillar.example

166 lines
5.1KB
Raw Blame History 

  1. # ``apache`` formula configuration:

  2. apache:

  3. 

  4.   # lookup section overrides ``map.jinja`` values

  5.   lookup:

  6.     server: apache2

  7.     service: apache2

  8. 

  9.     vhostdir: /etc/apache2/sites-available

  10.     confdir: /etc/apache2/conf.d

  11.     confext: .conf

  12.     logdir: /var/log/apache2

  13.     wwwdir: /srv/apache2

  14. 

  15.     # apache version (generally '2.2' or '2.4')

  16.     version: '2.2'

  17. 

  18.     # ``apache.mod_wsgi`` formula additional configuration:

  19.     mod_wsgi: mod_wsgi

  20. 

  21.     # Default value for AddDefaultCharset in RedHat configuration

  22.     default_charset: 'UTF-8'

  23. 

  24.   global:

  25.     # global apache directives

  26.     AllowEncodedSlashes: 'On'

  27. 

  28. 

  29.   name_virtual_hosts:

  30.     - interface: '*'

  31.       port: 80

  32.     - interface: '*'

  33.       port: 443

  34. 

  35.   # ``apache.vhosts`` formula additional configuration:

  36.   sites:

  37.     example.net:

  38.       template_file: salt://apache/vhosts/minimal.tmpl

  39. 

  40.     example.com: # must be unique; used as an ID declaration in Salt.

  41.       enabled: True

  42.       template_file: salt://apache/vhosts/standard.tmpl # or redirect.tmpl or proxy.tmpl

  43. 

  44.       ####################### DEFAULT VALUES BELOW ############################

  45.       # NOTE: the values below are simply default settings that *can* be

  46.       # overridden and are not required in order to use this formula to create

  47.       # vhost entries.

  48.       #

  49.       # Do not copy the values below into your Pillar unless you intend to

  50.       # modify these vaules.

  51.       ####################### DEFAULT VALUES BELOW ############################

  52.       template_engine: jinja

  53. 

  54.       interface: '*'

  55.       port: '80'

  56. 

  57.       ServerName: example.com # uses the unique ID above unless specified

  58.       ServerAlias: www.example.com

  59. 

  60.       ServerAdmin: webmaster@example.com

  61. 

  62.       LogLevel: warn

  63.       ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log

  64.       CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log

  65. 

  66.       DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com

  67. 

  68.       SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired

  69.       SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file

  70.       SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file

  71. 

  72.       Directory:

  73.         # "default" is a special case; Adds ``/path/to/www/dir/example.com``

  74.         # E.g.: /var/www/example.com

  75.         default:

  76.           Options: -Indexes +FollowSymLinks

  77.           Order: allow,deny    # For Apache < 2.4

  78.           Allow: from all      # For apache < 2.4

  79.           Require: all granted # For apache > 2.4.

  80.           AllowOverride: None

  81.           Formula_Append: |

  82.             Additional config as a

  83.             multi-line string here

  84. 

  85.       # if template is 'redirect.tmpl'

  86.       # RedirectSource: '/'

  87.       # RedirectTarget: 'http://www.example.net'

  88. 

  89.       # if template is 'proxy.tmpl'

  90.       # ProxyRequests: 'On'

  91.       # ProxyPreserveHost: 'On'

  92.       # ProxyRoute:

  93.       #   my sample route:

  94.       #      ProxyPassSource: '/'

  95.       #      ProxyPassTarget: 'http://www.example.net'

  96.       #      ProxyPassTargetOptions: 'connectiontimeout=5 timeout=30'

  97.       #      ProxyPassReverseSource: '/'

  98.       #      ProxyPassReverseTarget: 'http://www.example.net'

  99. 

  100.       Alias:

  101.         /docs: /usr/share/docs

  102. 

  103.       Location:

  104.         /docs:

  105.           Order: allow,deny    # For Apache < 2.4

  106.           Allow: from all      # For apache < 2.4

  107.           Require: all granted # For apache > 2.4.

  108.           Formula_Append: |

  109.             Additional config as a

  110.             multi-line string here

  111. 

  112.       Formula_Append: |

  113.         Additional config as a

  114.         multi-line string here

  115. 

  116.   # ``apache.debian_full`` formula additional configuration:

  117.   register-site:

  118.     # any name as an array index, and you can duplicate this section

  119.     UNIQUE_VALUE_HERE:

  120.       name: 'my name'

  121.       path: 'salt://path/to/sites-available/conf/file'

  122.       state: 'enabled'

  123.       # Optional - use managed file as Jinja Template

  124.       #template: true

  125.       #defaults:

  126.       #  custom_var: "default value"

  127. 

  128.   modules:

  129.     enabled:  # List modules to enable

  130.       - ldap

  131.       - ssl

  132.     disabled:  # List modules to disable

  133.       - rewrite

  134. 

  135.   # KeepAlive: Whether or not to allow persistent connections (more than

  136.   # one request per connection). Set to "Off" to deactivate.

  137.   keepalive: 'On'

  138. 

  139.   security:

  140.     # can be Full | OS | Minimal | Minor | Major | Prod

  141.     # where Full conveys the most information, and Prod the least.

  142.     ServerTokens: Prod

  143. 

  144.   # ``apache.mod_remoteip`` formula additional configuration:

  145.   mod_remoteip:

  146.     RemoteIPHeader: X-Forwarded-For

  147.     RemoteIPTrustedProxy:

  148.       - 10.0.8.0/24

  149.       - 127.0.0.1

  150. 

  151.   # ``apache.mod_security`` formula additional configuration:

  152.   mod_security:

  153.     crs_install: True

  154.     # If not set, default distro's configuration is installed as is

  155.     manage_config: True

  156.     sec_rule_engine: 'On'

  157.     sec_request_body_access: 'On'

  158.     sec_request_body_limit: '14000000'

  159.     sec_request_body_no_files_limit: '114002'

  160.     sec_request_body_in_memory_limit: '114002'

  161.     sec_request_body_limit_action: 'Reject'

  162.     sec_pcre_match_limit: '15000'

  163.     sec_pcre_match_limit_recursion: '15000'

  164.     sec_debug_log_level: '3'