salt
/
apache-formula
forked from ExternalMirrors/apache-formula
Watch 1
Star 0
Fork 0
Code Releases 0 Activity
Saltstack Official Apache Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
429 Commits
1 Branch
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
apache-formula/pillar.example

pillar.example 14KB
Raw Permalink Normal View History

Added package-map.jinja
11 years ago
Added apache.vhost formula
11 years ago
Allow Skipping of service manipulation via pillar (+PR comments)
7 years ago
add lookup section to pillar.example
9 years ago
Add default user/group attributes as required by some states
7 years ago
Added apache.vhost formula
11 years ago
add lookup section to pillar.example
9 years ago
fix Options in pillar.example
8 years ago
This branch is foundational for further version-specific work to come. * Add apache version (2.2, 2.4) detection based on osfinger (defaults to 2.4). * Version can be overridden in pillar (for Apache 2.4 on RHEL 6 for example)
9 years ago
add lookup section to pillar.example
9 years ago
Updated README with these changes moved Pillar examples into pillar file
11 years ago
RedHat: Made AddDefaultCharset Directive configurable (#147) * RedHat: Made AddDefaultCharset Directive configurable * Added description of apache:lookup:default_charset to pillar.example, sane default equals former hardcoded UTF-8
8 years ago
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 years ago
vhosts/standard: rewrite, simplify code * No more if. * Allow lookup to set default value for all docroot * updated pillar.example
6 years ago
Allow global directives to be added to apache config
9 years ago
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 years ago
Allow global directives to be added to apache config
9 years ago
Add support for NameVirtualHost on Debian
8 years ago
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 years ago
Add support for NameVirtualHost on Debian
8 years ago
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 years ago
Add support for NameVirtualHost on Debian
8 years ago
Moved all Pillar examples under the same dictionary key Having multiple different examples in the same file was causing confusion.
10 years ago
Added apache.vhost formula
11 years ago
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 years ago
add an 'enabled' attribute for a site in pillar
9 years ago
Added minimal template (fixes #34)
7 years ago
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 years ago
Added apache.vhost formula
11 years ago
Adding exclude_listen_directive option (#151) * Adding exclude_listen_directive option * Updating Debian config
8 years ago
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 years ago
Do not add ServerAlias unless defined
7 years ago
Added apache.vhost formula
11 years ago
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 years ago
Added apache.vhost formula
11 years ago
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 years ago
Added apache.vhost formula
11 years ago
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 years ago
vhosts/standard: rewrite, simplify code * No more if. * Allow lookup to set default value for all docroot * updated pillar.example
6 years ago
Added apache.vhost formula
11 years ago
Fix incorrect syntax in pillar example for SSLCertificateFile, SSLCertificateKeyFile Fix check for SSLCertificateFile, SSLCertificateKeyFile variables in vhosts/standard.tmpl, now using dict.get()
9 years ago
ssl: also support the SSLCertificateChainFile required by some providers
9 years ago
Add basic SSL functionality.
9 years ago
Added apache.vhost formula
11 years ago
directory.default: update pillar.example New behavior properly explained in pillar.example Warning: changes directory.default when used with non-standard documentroot. Now uses documentroot, instead of previously "default" documentroot path.
6 years ago
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 years ago
fix Options in pillar.example
8 years ago
Adding support for Apache 2.4 on Ubuntu 14.04 - Adding confext to virtualhost names. - Renaming the default config file for Ubuntu (000-default.conf). - Adding ability to use "Require all granted".
10 years ago
Added apache.vhost formula
11 years ago
pillar exemple for RedirectMatch directive
7 years ago
Add Reverse Proxy directives, GeoIP, Certificates management, mostly for RedHat
7 years ago
Consolidate duplicate 'Location' stanzas in pillar.example; SLS Rendering Error fix
7 years ago
Add Reverse Proxy directives, GeoIP, Certificates management, mostly for RedHat
7 years ago
Add example code for new templates 'redirect.tmpl' and 'proxy.tmpl'.
10 years ago
Added support for Alias and Locations, as well as enabling Dav
9 years ago
Added apache.vhost formula
11 years ago
Moved all Pillar examples under the same dictionary key Having multiple different examples in the same file was causing confusion.
10 years ago
Updated README with these changes moved Pillar examples into pillar file
11 years ago
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 years ago
Updated README with these changes moved Pillar examples into pillar file
11 years ago
Add optional templating to register_site Add optional templating for the register site aspect of a pillar. User can specify keys to be included as defaults, otherwise it is treated as a normal managed file.
9 years ago
Add ability to specify modules in pillar
10 years ago
Added ability to manage security settings By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
9 years ago
Allow setting APACHE_SERVER_FLAGS on Suse (#234) SUSE reads additional FLAGS that are used on the server start. They are read from the APACHE_SERVER_FLAGS key, so we use a2enflag/a2disflag to set those as we do with modules.
6 years ago
Added ability to configure KeepAlive option Sometimes it's necessary optimization in nginx+apache2 environment
9 years ago
Fixed YAML parsing On/Off as True/False True and False are not correct values for apache config
9 years ago
Added ability to configure KeepAlive option Sometimes it's necessary optimization in nginx+apache2 environment
9 years ago
Added ability to manage security settings By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
9 years ago
Follow-up to 8f2308b98
9 years ago
207 configure ssl (#218) * [ssl] [debian] manage ssl.conf with pillars * [apache] make cyphersuite a list * [apache/ssl] switch back to strings, lists merge is not good
6 years ago
Follow-up to 8f2308b98
9 years ago
Added newlines to recent files
9 years ago
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 years ago
add modsecurity rules state
8 years ago
Manage TLS defaults
7 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367 
  1. # ``apache`` formula configuration:

  2. apache:

  3. 

  4.   # By default apache restart/reload states run (false skips)

  5.   manage_service_states: True

  6. 

  7.   # lookup section overrides ``map.jinja`` values

  8.   lookup:

  9.     server: apache2

  10.     service: apache2

  11.     user: some_system_user

  12.     group: some_system_group

  13. 

  14.     vhostdir: /etc/apache2/sites-available

  15.     confdir: /etc/apache2/conf.d

  16.     confext: .conf

  17.     logdir: /var/log/apache2

  18.     wwwdir: /srv/apache2

  19. 

  20.     # apache version (generally '2.2' or '2.4')

  21.     version: '2.2'

  22. 

  23.     # ``apache.mod_wsgi`` formula additional configuration:

  24.     mod_wsgi: mod_wsgi

  25. 

  26.     # Default value for AddDefaultCharset in RedHat configuration

  27.     default_charset: 'UTF-8'

  28. 

  29.     # Should we enforce DocumentRoot user/group?

  30.     # Default: do not enforce

  31.     document_root_user: www-data   # Force user if specified, leave it default if not

  32.     document_root_group: null      # Do not enforce group

  33. 

  34.   global:

  35.     # global apache directives

  36.     AllowEncodedSlashes: 'On'

  37. 

  38. 

  39.   name_virtual_hosts:

  40.     - interface: '*'

  41.       port: 80

  42.     - interface: '*'

  43.       port: 443

  44. 

  45.   # ``apache.vhosts`` formula additional configuration:

  46.   sites:

  47.     example.net:

  48.       template_file: salt://apache/vhosts/minimal.tmpl

  49. 

  50.     example.com: # must be unique; used as an ID declaration in Salt.

  51.       enabled: True

  52.       template_file: salt://apache/vhosts/standard.tmpl # or minimal.tmpl or redirect.tmpl or proxy.tmpl

  53. 

  54.       ####################### DEFAULT VALUES BELOW ############################

  55.       # NOTE: the values below are simply default settings that *can* be

  56.       # overridden and are not required in order to use this formula to create

  57.       # vhost entries.

  58.       #

  59.       # Do not copy the values below into your Pillar unless you intend to

  60.       # modify these vaules.

  61.       ####################### DEFAULT VALUES BELOW ############################

  62.       template_engine: jinja

  63. 

  64.       interface: '*'

  65.       port: '80'

  66. 

  67.       exclude_listen_directive: True # Do not add a Listen directive in httpd.conf

  68. 

  69.       ServerName: example.com # uses the unique ID above unless specified

  70.       #ServerAlias: www.example.com # Do not add ServerAlias unless defined

  71. 

  72.       ServerAdmin: webmaster@example.com

  73. 

  74.       LogLevel: warn

  75.       ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log

  76.       CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log

  77. 

  78.       DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com

  79.       DocumentRootUser: null       # do not enforce user, defaults to lookup:document_root_user

  80.       DocumentRootGroup: www-data  # Force group, defaults to lookup:document_root_group

  81. 

  82.       SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired

  83.       SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file

  84.       SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file

  85. 

  86.       Directory:

  87.         # "default" is a special case; uses DocumentRoot value

  88.         # E.g.: /var/www/example.com

  89.         default:

  90.           Options: -Indexes +FollowSymLinks

  91.           Order: allow,deny    # For Apache < 2.4

  92.           Allow: from all      # For apache < 2.4

  93.           Require: all granted # For apache > 2.4.

  94.           AllowOverride: None

  95.           Formula_Append: |

  96.             Additional config as a

  97.             multi-line string here

  98. 

  99.     redirectmatch.com:

  100.       # Use RedirectMatch Directive https://httpd.apache.org/docs/2.4/fr/mod/mod_alias.html#redirectmatch

  101.       # Require module mod_alias 

  102.       enabled: True

  103.       template_file: salt://apache/vhosts/redirect.tmpl

  104.       ServerName: www.redirectmatch.com

  105.       ServerAlias: www.redirectmatch.com

  106.       RedirectMatch: true

  107.       RedirectSource: '^/$'

  108.       RedirectTarget: '/subdirectory'

  109.       DocumentRoot: /var/www/html/

  110.       ErrorLog: ${APACHE_LOG_DIR}/error.log

  111.       CustomLog: ${APACHE_LOG_DIR}/access.log

  112. 

  113.     80-proxyexample.com:

  114.       template_file: salt://apache/vhosts/redirect.tmpl

  115.       ServerName: www.proxyexample.com

  116.       ServerAlias: www.proxyexample.com

  117.       RedirectSource: '/'

  118.       RedirectTarget: 'https://www.proxyexample.com/'

  119.       DocumentRoot: /var/www/proxy

  120. 

  121.     443-proxyexample.com:

  122.       template_file: salt://apache/vhosts/proxy.tmpl

  123.       ServerName: www.proxyexample.com

  124.       ServerAlias: www.proxyexample.com

  125.       interface: '*'

  126.       port: '443'

  127.       DocumentRoot: /var/www/proxy

  128. 

  129.       Rewrite: |

  130.         RewriteRule ^/webmail$ /webmail/ [R]

  131.         RewriteRule ^/webmail(.*) http://mail.example.com$1 [P,L]

  132.         RewriteRule ^/vicescws(.*) http://svc.example.com:92$1 [P,L]

  133. 

  134.       SSLCertificateFile: /etc/httpd/ssl/example.com.crt

  135.       SSLCertificateKeyFile: /etc/httpd/ssl/example.com.key

  136.       SSLCertificateChainFile: /etc/httpd/ssl/example.com.cer

  137. 

  138.       SSLCertificateFile_content: |

  139.         -----BEGIN CERTIFICATE-----

  140.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  141.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  142.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  143.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  144.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  145.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  146.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  147.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  148.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  149.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  150.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  151.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  152.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  153.         -----END CERTIFICATE-----

  154. 

  155.       SSLCertificateKeyFile_content: |

  156.         -----BEGIN PRIVATE KEY-----

  157.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  158.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  159.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  160.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  161.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  162.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  163.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  164.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  165.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  166.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  167.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  168.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  169.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  170.         -----END PRIVATE KEY-----

  171. 

  172.       SSLCertificateChainFile_content: |

  173.         -----BEGIN CERTIFICATE-----

  174.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  175.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  176.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  177.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  178.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  179.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  180.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  181.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  182.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  183.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  184.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  185.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  186.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  187.         -----END CERTIFICATE-----

  188.         -----BEGIN CERTIFICATE-----

  189.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  190.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  191.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  192.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  193.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  194.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  195.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  196.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  197.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  198.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  199.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  200.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  201.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  202.         -----END CERTIFICATE-----

  203. 

  204.       ProxyRequests: 'Off'

  205.       ProxyPreserveHost: 'On'

  206. 

  207.       ProxyRoute:

  208.         example prod proxy route:

  209.           ProxyPassSource: '/'

  210.           ProxyPassTarget: 'http://prod.example.com:85/'

  211.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  212.           ProxyPassReverseSource: '/'

  213.           ProxyPassReverseTarget: 'http://prod.example.com:85/'

  214. 

  215.         example webmail proxy route:

  216.           ProxyPassSource: '/webmail/'

  217.           ProxyPassTarget: 'http://mail.example.com/'

  218.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  219.           ProxyPassReverseSource: '/webmail/'

  220.           ProxyPassReverseTarget: 'http://mail.example.com/'

  221. 

  222.         example service proxy route:

  223.           ProxyPassSource: '/svc/'

  224.           ProxyPassTarget: 'http://svc.example.com:92/'

  225.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  226.           ProxyPassReverseSource: '/svc/'

  227.           ProxyPassReverseTarget: 'http://svc.example.com:92/'

  228. 

  229.       Location:

  230.         /:

  231.           Require: False

  232.           Formula_Append: |

  233.             SecRuleRemoveById 981231

  234.             SecRuleRemoveById 981173

  235. 

  236.         /error:

  237.           Require: 'all granted'

  238. 

  239.         /docs:

  240.           Order: allow,deny    # For Apache < 2.4

  241.           Allow: from all      # For apache < 2.4

  242.           Require: all granted # For apache > 2.4.

  243.           Formula_Append: |

  244.             Additional config as a

  245.             multi-line string here

  246. 

  247.       LocationMatch:

  248.         '^[.\\/]+([Ww][Ee][Bb][Mm][Aa][Ii][Ll])[.\\/]':

  249.           Require: False

  250.           Formula_Append: |

  251.             RequestHeader  set  Host  mail.example.com

  252. 

  253.         '^[.\\/]+([Ss][Vv][Cc])[.\\/]':

  254.           Require: False

  255.           Formula_Append: |

  256.             Require ip 123.123.13.6 84.24.25.74

  257. 

  258.       Proxy_control:

  259.         '*':

  260.           AllowAll: False

  261.           AllowCountry:

  262.             - DE

  263.           AllowIP:

  264.             - 12.5.25.32

  265.             - 12.5.25.33

  266. 

  267. 

  268.       Alias:

  269.         /docs: /usr/share/docs

  270. 

  271.       Formula_Append: |

  272.         Additional config as a

  273.         multi-line string here

  274. 

  275.   # ``apache.debian_full`` formula additional configuration:

  276.   register-site:

  277.     # any name as an array index, and you can duplicate this section

  278.     UNIQUE_VALUE_HERE:

  279.       name: 'my name'

  280.       path: 'salt://path/to/sites-available/conf/file'

  281.       state: 'enabled'

  282.       # Optional - use managed file as Jinja Template

  283.       #template: true

  284.       #defaults:

  285.       #  custom_var: "default value"

  286. 

  287.   modules:

  288.     enabled:  # List modules to enable

  289.       - ldap

  290.       - ssl

  291.     disabled:  # List modules to disable

  292.       - rewrite

  293. 

  294.   flags:

  295.     enabled:  # List server flags to enable

  296.       - SSL

  297.     disabled: # List server flags to disable

  298.       - status

  299. 

  300.   # KeepAlive: Whether or not to allow persistent connections (more than

  301.   # one request per connection). Set to "Off" to deactivate.

  302.   keepalive: 'On'

  303. 

  304.   security:

  305.     # can be Full | OS | Minimal | Minor | Major | Prod

  306.     # where Full conveys the most information, and Prod the least.

  307.     ServerTokens: Prod

  308. 

  309.   # [debian only] configure mod_ssl

  310.   ssl:

  311.     SSLCipherSuite: 'HIGH:!aNULL'

  312.     SSLHonorCipherOrder: 'Off'

  313.     SSLProtocol: 'all -SSLv3'

  314. 

  315.   # ``apache.mod_remoteip`` formula additional configuration:

  316.   mod_remoteip:

  317.     RemoteIPHeader: X-Forwarded-For

  318.     RemoteIPTrustedProxy:

  319.       - 10.0.8.0/24

  320.       - 127.0.0.1

  321. 

  322.   # ``apache.mod_security`` formula additional configuration:

  323.   mod_security:

  324.     crs_install: True

  325.     # If not set, default distro's configuration is installed as is

  326.     manage_config: True

  327.     sec_rule_engine: 'On'

  328.     sec_request_body_access: 'On'

  329.     sec_request_body_limit: '14000000'

  330.     sec_request_body_no_files_limit: '114002'

  331.     sec_request_body_in_memory_limit: '114002'

  332.     sec_request_body_limit_action: 'Reject'

  333.     sec_pcre_match_limit: '15000'

  334.     sec_pcre_match_limit_recursion: '15000'

  335.     sec_debug_log_level: '3'

  336. 

  337.     rules:

  338.       enabled:

  339.       modsecurity_crs_10_setup.conf:

  340.         rule_set: ''

  341.         enabled: True

  342.       modsecurity_crs_20_protocol_violations.conf:

  343.         rule_set: 'base_rules'

  344.         enabled: False

  345. 

  346.     custom_rule_files:

  347.       # any name as an array index, and you can duplicate this section

  348.       UNIQUE_VALUE_HERE:

  349.         file: 'my name'

  350.         path: 'salt://path/to/modsecurity/custom/file'

  351.         enabled: True

  352. 

  353.   mod_ssl:

  354.     # set this to True if you want to override your distributions default TLS configuration

  355.     manage_tls_defaults: False

  356.     # This stuff is deliberately not configured via map.jinja resp. apache:lookup.

  357.     # We're unable to know sane defaults for each release of every distribution.

  358.     # See https://github.com/saltstack-formulas/openssh-formula/issues/102 for a related discussion

  359.     # Have a look at bettercrypto.org for up-to-date settings.

  360.     # These are default values:

  361.     SSLCipherSuite: EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

  362.     # Mitigate the CRIME attack

  363.     SSLCompression: Off

  364.     SSLProtocol: all -SSLv2 -SSLv3 -TLSv1

  365.     SSLHonorCipherOrder: On

  366.     SSLOptions: "+StrictRequire"

  367.