ExternalMirrors
/
apache-formula
zrcadlo https://github.com/saltstack-formulas/apache-formula.git
Sledovat 1
Oblíbit 0
Rozštěpit 1
Zdrojový kód Úkoly 0 Vydání 31 Wiki Aktivita
Saltstack Official Apache Formula
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
734 Revize
5 Větve
Strom: f2ea864ace
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „f2ea864ace“
${ noResults }
apache-formula/apache/files/RedHat/apache-2.4.config.jinja

404 lines
13KB
Surový Blame Historie 

  1. #

  2. # This file is managed by Salt! Do not edit by hand!

  3. #

  4. #

  5. # This is the main Apache HTTP server configuration file.  It contains the

  6. # configuration directives that give the server its instructions.

  7. # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.

  8. # In particular, see 

  9. # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>

  10. # for a discussion of each configuration directive.

  11. #

  12. # Do NOT simply read the instructions in here without understanding

  13. # what they do.  They're here only as hints or reminders.  If you are unsure

  14. # consult the online docs. You have been warned.  

  15. #

  16. # Configuration and logfile names: If the filenames you specify for many

  17. # of the server's control files begin with "/" (or "drive:/" for Win32), the

  18. # server will use that explicit path.  If the filenames do *not* begin

  19. # with "/", the value of ServerRoot is prepended -- so 'log/access_log'

  20. # with ServerRoot set to '/www' will be interpreted by the

  21. # server as '/www/log/access_log', where as '/log/access_log' will be

  22. # interpreted as '/log/access_log'.

  23. 

  24. #

  25. # ServerRoot: The top of the directory tree under which the server's

  26. # configuration, error, and log files are kept.

  27. #

  28. # Do not add a slash at the end of the directory path.  If you point

  29. # ServerRoot at a non-local disk, be sure to specify a local disk on the

  30. # Mutex directive, if file-based mutexes are used.  If you wish to share the

  31. # same ServerRoot for multiple httpd daemons, you will need to change at

  32. # least PidFile.

  33. #

  34. ServerRoot "{{ apache.get('serverroot', '/etc/httpd') }}"

  35. 

  36. #

  37. # Listen: Allows you to bind Apache to specific IP addresses and/or

  38. # ports, instead of the default. See also the <VirtualHost>

  39. # directive.

  40. #

  41. # Change this to Listen on specific IP addresses as shown below to 

  42. # prevent Apache from glomming onto all bound IP addresses.

  43. #

  44. #Listen 12.34.56.78:80

  45. 

  46. {% if salt['pillar.get']('apache:sites') is mapping %}

  47.     {%- set listen_directives = [] %}

  48.     {%- for id, site in salt['pillar.get']('apache:sites').items() %}

  49.         {%- set interfaces = site.get('interface', '*').split() %}

  50.         {%- set port = site.get('port', 80) %}

  51.         {%- for interface in interfaces %}

  52.             {%- if not site.get('exclude_listen_directive', False) and not port == '*' %}

  53.                 {%- set listen_directive = interface ~ ':' ~ port %}

  54.                 {%- if listen_directive not in listen_directives %}

  55.                     {%- do listen_directives.append(listen_directive) %}

  56.                 {%- endif %}

  57.             {%- endif %}

  58.         {%- endfor %}

  59.     {%- endfor %}

  60.     {%- for listen in listen_directives %}

  61. Listen  {{ listen }}

  62.     {%- endfor %}

  63. {%- else %}

  64. Listen 80

  65. 

  66. <IfModule mod_ssl.c>

  67.     Listen 443

  68. </IfModule>

  69. 

  70. <IfModule mod_gnutls.c>

  71.     Listen 443

  72. </IfModule>

  73. {%- endif %}

  74. 

  75. #

  76. # Dynamic Shared Object (DSO) Support

  77. #

  78. # To be able to use the functionality of a module which was built as a DSO you

  79. # have to place corresponding `LoadModule' lines at this location so the

  80. # directives contained in it are actually available _before_ they are used.

  81. # Statically compiled modules (those listed by `httpd -l') do not need

  82. # to be loaded here.

  83. #

  84. # Example:

  85. # LoadModule foo_module modules/mod_foo.so

  86. #

  87. Include conf.modules.d/*.conf

  88. 

  89. #

  90. # If you wish httpd to run as a different user or group, you must run

  91. # httpd as root initially and it will switch.  

  92. #

  93. # User/Group: The name (or #number) of the user/group to run httpd as.

  94. # It is usually good practice to create a dedicated user and group for

  95. # running httpd, as with most system services.

  96. #

  97. User {{ apache.user }}

  98. Group {{ apache.group }}

  99. 

  100. # 'Main' server configuration

  101. #

  102. # The directives in this section set up the values used by the 'main'

  103. # server, which responds to any requests that aren't handled by a

  104. # <VirtualHost> definition.  These values also provide defaults for

  105. # any <VirtualHost> containers you may define later in the file.

  106. #

  107. # All of these directives may appear inside <VirtualHost> containers,

  108. # in which case these default settings will be overridden for the

  109. # virtual host being defined.

  110. #

  111. 

  112. #

  113. # ServerAdmin: Your address, where problems with the server should be

  114. # e-mailed.  This address appears on some server-generated pages, such

  115. # as error documents.  e.g. admin@your-domain.com

  116. #

  117. ServerAdmin root@localhost

  118. 

  119. #

  120. # ServerName gives the name and port that the server uses to identify itself.

  121. # This can often be determined automatically, but we recommend you specify

  122. # it explicitly to prevent problems during startup.

  123. #

  124. # If your host doesn't have a registered DNS name, enter its IP address here.

  125. #

  126. #ServerName www.example.com:80

  127. 

  128. #

  129. # Deny access to the entirety of your server's filesystem. You must

  130. # explicitly permit access to web content directories in other 

  131. # <Directory> blocks below.

  132. #

  133. <Directory />

  134.     AllowOverride none

  135.     Require all denied

  136. </Directory>

  137. 

  138. #

  139. # Note that from this point forward you must specifically allow

  140. # particular features to be enabled - so if something's not working as

  141. # you might expect, make sure that you have specifically enabled it

  142. # below.

  143. #

  144. 

  145. #

  146. # DocumentRoot: The directory out of which you will serve your

  147. # documents. By default, all requests are taken from this directory, but

  148. # symbolic links and aliases may be used to point to other locations.

  149. #

  150. DocumentRoot "{{ apache.get('docroot', apache.wwwdir + '/html') }}"

  151. 

  152. #

  153. # Relax access to content within {{ apache.wwwdir }}.

  154. #

  155. <Directory "{{ apache.wwwdir }}">

  156.     AllowOverride None

  157.     # Allow open access:

  158.     Require all granted

  159. </Directory>

  160. 

  161. # Further relax access to the default document root:

  162. <Directory "{{ apache.get('docroot', apache.wwwdir + '/html') }}">

  163.     #

  164.     # Possible values for the Options directive are "None", "All",

  165.     # or any combination of:

  166.     #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews

  167.     #

  168.     # Note that "MultiViews" must be named *explicitly* --- "Options All"

  169.     # doesn't give it to you.

  170.     #

  171.     # The Options directive is both complicated and important.  Please see

  172.     # http://httpd.apache.org/docs/2.4/mod/core.html#options

  173.     # for more information.

  174.     #

  175.     Options Indexes FollowSymLinks

  176. 

  177.     #

  178.     # AllowOverride controls what directives may be placed in .htaccess files.

  179.     # It can be "All", "None", or any combination of the keywords:

  180.     #   Options FileInfo AuthConfig Limit

  181.     #

  182.     AllowOverride None

  183. 

  184.     #

  185.     # Controls who can get stuff from this server.

  186.     #

  187.     Require all granted

  188. </Directory>

  189. 

  190. #

  191. # DirectoryIndex: sets the file that Apache will serve if a directory

  192. # is requested.

  193. #

  194. <IfModule dir_module>

  195.     DirectoryIndex index.html

  196. </IfModule>

  197. 

  198. #

  199. # The following lines prevent .htaccess and .htpasswd files from being 

  200. # viewed by Web clients. 

  201. #

  202. <Files ".ht*">

  203.     Require all denied

  204. </Files>

  205. 

  206. #

  207. # ErrorLog: The location of the error log file.

  208. # If you do not specify an ErrorLog directive within a <VirtualHost>

  209. # container, error messages relating to that virtual host will be

  210. # logged here.  If you *do* define an error logfile for a <VirtualHost>

  211. # container, that host's errors will be logged there and not here.

  212. #

  213. ErrorLog "{{ apache.logdir }}/error_log"

  214. 

  215. #

  216. # LogLevel: Control the number of messages logged to the error_log.

  217. # Possible values include: debug, info, notice, warn, error, crit,

  218. # alert, emerg.

  219. #

  220. LogLevel warn

  221. 

  222. <IfModule log_config_module>

  223.     #

  224.     # The following directives define some format nicknames for use with

  225.     # a CustomLog directive (see below).

  226.     #

  227.     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

  228.     LogFormat "%h %l %u %t \"%r\" %>s %b" common

  229.     {%- for log_format in salt['pillar.get']('apache:log_formats', []) %}

  230.     LogFormat {{ log_format }}

  231.     {%- endfor %}

  232. 

  233.     <IfModule logio_module>

  234.       # You need to enable mod_logio.c to use %I and %O

  235.       LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

  236.     </IfModule>

  237. 

  238.     #

  239.     # The location and format of the access logfile (Common Logfile Format).

  240.     # If you do not define any access logfiles within a <VirtualHost>

  241.     # container, they will be logged here.  Contrariwise, if you *do*

  242.     # define per-<VirtualHost> access logfiles, transactions will be

  243.     # logged therein and *not* in this file.

  244.     #

  245.     #CustomLog "logs/access_log" common

  246. 

  247.     #

  248.     # If you prefer a logfile with access, agent, and referer information

  249.     # (Combined Logfile Format) you can use the following directive.

  250.     #

  251.     CustomLog "{{ apache.logdir }}/access_log" combined

  252. </IfModule>

  253. 

  254. <IfModule alias_module>

  255.     #

  256.     # Redirect: Allows you to tell clients about documents that used to 

  257.     # exist in your server's namespace, but do not anymore. The client 

  258.     # will make a new request for the document at its new location.

  259.     # Example:

  260.     # Redirect permanent /foo http://www.example.com/bar

  261. 

  262.     #

  263.     # Alias: Maps web paths into filesystem paths and is used to

  264.     # access content that does not live under the DocumentRoot.

  265.     # Example:

  266.     # Alias /webpath /full/filesystem/path

  267.     #

  268.     # If you include a trailing / on /webpath then the server will

  269.     # require it to be present in the URL.  You will also likely

  270.     # need to provide a <Directory> section to allow access to

  271.     # the filesystem path.

  272. 

  273.     #

  274.     # ScriptAlias: This controls which directories contain server scripts. 

  275.     # ScriptAliases are essentially the same as Aliases, except that

  276.     # documents in the target directory are treated as applications and

  277.     # run by the server when requested rather than as documents sent to the

  278.     # client.  The same rules about trailing "/" apply to ScriptAlias

  279.     # directives as to Alias.

  280.     #

  281.     ScriptAlias /cgi-bin/ "{{ apache.wwwdir }}/cgi-bin/"

  282. 

  283. </IfModule>

  284. 

  285. #

  286. # "{{ apache.wwwdir }}/cgi-bin/" should be changed to whatever your ScriptAliased

  287. # CGI directory exists, if you have that configured.

  288. #

  289. <Directory "{{ apache.wwwdir }}/cgi-bin/">

  290.     AllowOverride None

  291.     Options None

  292.     Require all granted

  293. </Directory>

  294. 

  295. <IfModule mime_module>

  296.     #

  297.     # TypesConfig points to the file containing the list of mappings from

  298.     # filename extension to MIME-type.

  299.     #

  300.     TypesConfig /etc/mime.types

  301. 

  302.     #

  303.     # AddType allows you to add to or override the MIME configuration

  304.     # file specified in TypesConfig for specific file types.

  305.     #

  306.     #AddType application/x-gzip .tgz

  307.     #

  308.     # AddEncoding allows you to have certain browsers uncompress

  309.     # information on the fly. Note: Not all browsers support this.

  310.     #

  311.     #AddEncoding x-compress .Z

  312.     #AddEncoding x-gzip .gz .tgz

  313.     #

  314.     # If the AddEncoding directives above are commented-out, then you

  315.     # probably should define those extensions to indicate media types:

  316.     #

  317.     AddType application/x-compress .Z

  318.     AddType application/x-gzip .gz .tgz

  319. 

  320.     #

  321.     # AddHandler allows you to map certain file extensions to "handlers":

  322.     # actions unrelated to filetype. These can be either built into the server

  323.     # or added with the Action directive (see below)

  324.     #

  325.     # To use CGI scripts outside of ScriptAliased directories:

  326.     # (You will also need to add "ExecCGI" to the "Options" directive.)

  327.     #

  328.     #AddHandler cgi-script .cgi

  329. 

  330.     # For type maps (negotiated resources):

  331.     #AddHandler type-map var

  332. 

  333.     #

  334.     # Filters allow you to process content before it is sent to the client.

  335.     #

  336.     # To parse .shtml files for server-side includes (SSI):

  337.     # (You will also need to add "Includes" to the "Options" directive.)

  338.     #

  339.     AddType text/html .shtml

  340.     AddOutputFilter INCLUDES .shtml

  341. </IfModule>

  342. 

  343. #

  344. # Specify a default charset for all content served; this enables

  345. # interpretation of all content as UTF-8 by default.  To use the 

  346. # default browser choice (ISO-8859-1), or to allow the META tags

  347. # in HTML content to override this choice, comment out this

  348. # directive:

  349. #

  350. {%- if apache.get('default_charset', False) is none %}

  351. # AddDefaultCharset UTF-8

  352. {%- else %}

  353. AddDefaultCharset {{ apache.get('default_charset', 'UTF-8') }}

  354. {%- endif %}

  355. 

  356. <IfModule mime_magic_module>

  357.     #

  358.     # The mod_mime_magic module allows the server to use various hints from the

  359.     # contents of the file itself to determine its type.  The MIMEMagicFile

  360.     # directive tells the module where the hint definitions are located.

  361.     #

  362.     MIMEMagicFile conf/magic

  363. </IfModule>

  364. 

  365. #

  366. # Customizable error responses come in three flavors:

  367. # 1) plain text 2) local redirects 3) external redirects

  368. #

  369. # Some examples:

  370. #ErrorDocument 500 "The server made a boo boo."

  371. #ErrorDocument 404 /missing.html

  372. #ErrorDocument 404 "/cgi-bin/missing_handler.pl"

  373. #ErrorDocument 402 http://www.example.com/subscription_info.html

  374. #

  375. 

  376. #

  377. # EnableMMAP and EnableSendfile: On systems that support it, 

  378. # memory-mapping or the sendfile syscall may be used to deliver

  379. # files.  This usually improves server performance, but must

  380. # be turned off when serving from networked-mounted 

  381. # filesystems or if support for these functions is otherwise

  382. # broken on your system.

  383. # Defaults if commented: EnableMMAP On, EnableSendfile Off

  384. #

  385. #EnableMMAP off

  386. EnableSendfile on

  387. 

  388. {%- for directive, dvalue in salt['pillar.get']('apache:global', {}).items() %}

  389. {{ directive }} {{ dvalue }}

  390. {%- endfor %}

  391. 

  392. # Supplemental configuration

  393. #

  394. # Load config files in the "/etc/httpd/conf.d" directory, if any.

  395. IncludeOptional {{ apache.confdir }}/*.conf

  396. {% if apache.vhostdir != apache.confdir %}

  397. IncludeOptional {{ apache.vhostdir }}/*.conf

  398. {% endif %}

  399. 

  400. # Added for security enhancements

  401. TraceEnable off

  402. ServerSignature off

  403. ServerTokens Prod