salt
/
apache-formula
форкнуто от ExternalMirrors/apache-formula
Следить 1
В избранное 0
Форкнуть 0
Код Релизы 0 Активность
Saltstack Official Apache Formula
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
414 коммитов
1 ветка
Дерево: 00b437aa27
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из '00b437aa27'
${ noResults }
apache-formula/pillar.example

pillar.example 13KB
Исходник Normal View История

Added package-map.jinja
11 лет назад
Added apache.vhost formula
11 лет назад
Allow Skipping of service manipulation via pillar (+PR comments)
7 лет назад
add lookup section to pillar.example
9 лет назад
Add default user/group attributes as required by some states
7 лет назад
Added apache.vhost formula
11 лет назад
add lookup section to pillar.example
9 лет назад
fix Options in pillar.example
8 лет назад
This branch is foundational for further version-specific work to come. * Add apache version (2.2, 2.4) detection based on osfinger (defaults to 2.4). * Version can be overridden in pillar (for Apache 2.4 on RHEL 6 for example)
9 лет назад
add lookup section to pillar.example
9 лет назад
Updated README with these changes moved Pillar examples into pillar file
11 лет назад
RedHat: Made AddDefaultCharset Directive configurable (#147) * RedHat: Made AddDefaultCharset Directive configurable * Added description of apache:lookup:default_charset to pillar.example, sane default equals former hardcoded UTF-8
8 лет назад
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 лет назад
Allow global directives to be added to apache config
9 лет назад
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 лет назад
Allow global directives to be added to apache config
9 лет назад
Add support for NameVirtualHost on Debian
8 лет назад
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 лет назад
Add support for NameVirtualHost on Debian
8 лет назад
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 лет назад
Add support for NameVirtualHost on Debian
8 лет назад
Moved all Pillar examples under the same dictionary key Having multiple different examples in the same file was causing confusion.
10 лет назад
Added apache.vhost formula
11 лет назад
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 лет назад
add an 'enabled' attribute for a site in pillar
9 лет назад
Added minimal template (fixes #34)
7 лет назад
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 лет назад
Added apache.vhost formula
11 лет назад
Adding exclude_listen_directive option (#151) * Adding exclude_listen_directive option * Updating Debian config
8 лет назад
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 лет назад
Do not add ServerAlias unless defined
7 лет назад
Added apache.vhost formula
11 лет назад
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 лет назад
Added apache.vhost formula
11 лет назад
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 лет назад
Added apache.vhost formula
11 лет назад
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 лет назад
Added apache.vhost formula
11 лет назад
Fix incorrect syntax in pillar example for SSLCertificateFile, SSLCertificateKeyFile Fix check for SSLCertificateFile, SSLCertificateKeyFile variables in vhosts/standard.tmpl, now using dict.get()
9 лет назад
ssl: also support the SSLCertificateChainFile required by some providers
9 лет назад
Add basic SSL functionality.
9 лет назад
Added apache.vhost formula
11 лет назад
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 лет назад
fix Options in pillar.example
8 лет назад
Adding support for Apache 2.4 on Ubuntu 14.04 - Adding confext to virtualhost names. - Renaming the default config file for Ubuntu (000-default.conf). - Adding ability to use "Require all granted".
10 лет назад
Added apache.vhost formula
11 лет назад
pillar exemple for RedirectMatch directive
7 лет назад
Add Reverse Proxy directives, GeoIP, Certificates management, mostly for RedHat
7 лет назад
Consolidate duplicate 'Location' stanzas in pillar.example; SLS Rendering Error fix
7 лет назад
Add Reverse Proxy directives, GeoIP, Certificates management, mostly for RedHat
7 лет назад
Add example code for new templates 'redirect.tmpl' and 'proxy.tmpl'.
10 лет назад
Added support for Alias and Locations, as well as enabling Dav
9 лет назад
Added apache.vhost formula
11 лет назад
Moved all Pillar examples under the same dictionary key Having multiple different examples in the same file was causing confusion.
10 лет назад
Updated README with these changes moved Pillar examples into pillar file
11 лет назад
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 лет назад
Updated README with these changes moved Pillar examples into pillar file
11 лет назад
Add optional templating to register_site Add optional templating for the register site aspect of a pillar. User can specify keys to be included as defaults, otherwise it is treated as a normal managed file.
9 лет назад
Add ability to specify modules in pillar
10 лет назад
Added ability to manage security settings By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
9 лет назад
Added ability to configure KeepAlive option Sometimes it's necessary optimization in nginx+apache2 environment
9 лет назад
Fixed YAML parsing On/Off as True/False True and False are not correct values for apache config
9 лет назад
Added ability to configure KeepAlive option Sometimes it's necessary optimization in nginx+apache2 environment
9 лет назад
Added ability to manage security settings By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
9 лет назад
Follow-up to 8f2308b98
9 лет назад
Added newlines to recent files
9 лет назад
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 лет назад
add modsecurity rules state
8 лет назад
Manage TLS defaults
7 лет назад
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348 
  1. # ``apache`` formula configuration:

  2. apache:

  3. 

  4.   # By default apache restart/reload states run (false skips)

  5.   manage_service_states: True

  6. 

  7.   # lookup section overrides ``map.jinja`` values

  8.   lookup:

  9.     server: apache2

  10.     service: apache2

  11.     user: some_system_user

  12.     group: some_system_group

  13. 

  14.     vhostdir: /etc/apache2/sites-available

  15.     confdir: /etc/apache2/conf.d

  16.     confext: .conf

  17.     logdir: /var/log/apache2

  18.     wwwdir: /srv/apache2

  19. 

  20.     # apache version (generally '2.2' or '2.4')

  21.     version: '2.2'

  22. 

  23.     # ``apache.mod_wsgi`` formula additional configuration:

  24.     mod_wsgi: mod_wsgi

  25. 

  26.     # Default value for AddDefaultCharset in RedHat configuration

  27.     default_charset: 'UTF-8'

  28. 

  29.   global:

  30.     # global apache directives

  31.     AllowEncodedSlashes: 'On'

  32. 

  33. 

  34.   name_virtual_hosts:

  35.     - interface: '*'

  36.       port: 80

  37.     - interface: '*'

  38.       port: 443

  39. 

  40.   # ``apache.vhosts`` formula additional configuration:

  41.   sites:

  42.     example.net:

  43.       template_file: salt://apache/vhosts/minimal.tmpl

  44. 

  45.     example.com: # must be unique; used as an ID declaration in Salt.

  46.       enabled: True

  47.       template_file: salt://apache/vhosts/standard.tmpl # or minimal.tmpl or redirect.tmpl or proxy.tmpl

  48. 

  49.       ####################### DEFAULT VALUES BELOW ############################

  50.       # NOTE: the values below are simply default settings that *can* be

  51.       # overridden and are not required in order to use this formula to create

  52.       # vhost entries.

  53.       #

  54.       # Do not copy the values below into your Pillar unless you intend to

  55.       # modify these vaules.

  56.       ####################### DEFAULT VALUES BELOW ############################

  57.       template_engine: jinja

  58. 

  59.       interface: '*'

  60.       port: '80'

  61. 

  62.       exclude_listen_directive: True # Do not add a Listen directive in httpd.conf

  63. 

  64.       ServerName: example.com # uses the unique ID above unless specified

  65.       #ServerAlias: www.example.com # Do not add ServerAlias unless defined

  66. 

  67.       ServerAdmin: webmaster@example.com

  68. 

  69.       LogLevel: warn

  70.       ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log

  71.       CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log

  72. 

  73.       DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com

  74. 

  75.       SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired

  76.       SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file

  77.       SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file

  78. 

  79.       Directory:

  80.         # "default" is a special case; Adds ``/path/to/www/dir/example.com``

  81.         # E.g.: /var/www/example.com

  82.         default:

  83.           Options: -Indexes +FollowSymLinks

  84.           Order: allow,deny    # For Apache < 2.4

  85.           Allow: from all      # For apache < 2.4

  86.           Require: all granted # For apache > 2.4.

  87.           AllowOverride: None

  88.           Formula_Append: |

  89.             Additional config as a

  90.             multi-line string here

  91. 

  92.     redirectmatch.com:

  93.       # Use RedirectMatch Directive https://httpd.apache.org/docs/2.4/fr/mod/mod_alias.html#redirectmatch

  94.       # Require module mod_alias 

  95.       enabled: True

  96.       template_file: salt://apache/vhosts/redirect.tmpl

  97.       ServerName: www.redirectmatch.com

  98.       ServerAlias: www.redirectmatch.com

  99.       RedirectMatch: true

  100.       RedirectSource: '^/$'

  101.       RedirectTarget: '/subdirectory'

  102.       DocumentRoot: /var/www/html/

  103.       ErrorLog: ${APACHE_LOG_DIR}/error.log

  104.       CustomLog: ${APACHE_LOG_DIR}/access.log

  105. 

  106.     80-proxyexample.com:

  107.       template_file: salt://apache/vhosts/redirect.tmpl

  108.       ServerName: www.proxyexample.com

  109.       ServerAlias: www.proxyexample.com

  110.       RedirectSource: '/'

  111.       RedirectTarget: 'https://www.proxyexample.com/'

  112.       DocumentRoot: /var/www/proxy

  113. 

  114.     443-proxyexample.com:

  115.       template_file: salt://apache/vhosts/proxy.tmpl

  116.       ServerName: www.proxyexample.com

  117.       ServerAlias: www.proxyexample.com

  118.       interface: '*'

  119.       port: '443'

  120.       DocumentRoot: /var/www/proxy

  121. 

  122.       Rewrite: |

  123.         RewriteRule ^/webmail$ /webmail/ [R]

  124.         RewriteRule ^/webmail(.*) http://mail.example.com$1 [P,L]

  125.         RewriteRule ^/vicescws(.*) http://svc.example.com:92$1 [P,L]

  126. 

  127.       SSLCertificateFile: /etc/httpd/ssl/example.com.crt

  128.       SSLCertificateKeyFile: /etc/httpd/ssl/example.com.key

  129.       SSLCertificateChainFile: /etc/httpd/ssl/example.com.cer

  130. 

  131.       SSLCertificateFile_content: |

  132.         -----BEGIN CERTIFICATE-----

  133.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  134.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  135.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  136.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  137.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  138.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  139.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  140.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  141.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  142.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  143.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  144.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  145.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  146.         -----END CERTIFICATE-----

  147. 

  148.       SSLCertificateKeyFile_content: |

  149.         -----BEGIN PRIVATE KEY-----

  150.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  151.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  152.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  153.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  154.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  155.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  156.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  157.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  158.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  159.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  160.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  161.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  162.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  163.         -----END PRIVATE KEY-----

  164. 

  165.       SSLCertificateChainFile_content: |

  166.         -----BEGIN CERTIFICATE-----

  167.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  168.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  169.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  170.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  171.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  172.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  173.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  174.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  175.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  176.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  177.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  178.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  179.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  180.         -----END CERTIFICATE-----

  181.         -----BEGIN CERTIFICATE-----

  182.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  183.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  184.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  185.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  186.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  187.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  188.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  189.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  190.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  191.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  192.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  193.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  194.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  195.         -----END CERTIFICATE-----

  196. 

  197.       ProxyRequests: 'Off'

  198.       ProxyPreserveHost: 'On'

  199. 

  200.       ProxyRoute:

  201.         example prod proxy route:

  202.           ProxyPassSource: '/'

  203.           ProxyPassTarget: 'http://prod.example.com:85/'

  204.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  205.           ProxyPassReverseSource: '/'

  206.           ProxyPassReverseTarget: 'http://prod.example.com:85/'

  207. 

  208.         example webmail proxy route:

  209.           ProxyPassSource: '/webmail/'

  210.           ProxyPassTarget: 'http://mail.example.com/'

  211.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  212.           ProxyPassReverseSource: '/webmail/'

  213.           ProxyPassReverseTarget: 'http://mail.example.com/'

  214. 

  215.         example service proxy route:

  216.           ProxyPassSource: '/svc/'

  217.           ProxyPassTarget: 'http://svc.example.com:92/'

  218.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  219.           ProxyPassReverseSource: '/svc/'

  220.           ProxyPassReverseTarget: 'http://svc.example.com:92/'

  221. 

  222.       Location:

  223.         /:

  224.           Require: False

  225.           Formula_Append: |

  226.             SecRuleRemoveById 981231

  227.             SecRuleRemoveById 981173

  228. 

  229.         /error:

  230.           Require: 'all granted'

  231. 

  232.         /docs:

  233.           Order: allow,deny    # For Apache < 2.4

  234.           Allow: from all      # For apache < 2.4

  235.           Require: all granted # For apache > 2.4.

  236.           Formula_Append: |

  237.             Additional config as a

  238.             multi-line string here

  239. 

  240.       LocationMatch:

  241.         '^[.\\/]+([Ww][Ee][Bb][Mm][Aa][Ii][Ll])[.\\/]':

  242.           Require: False

  243.           Formula_Append: |

  244.             RequestHeader  set  Host  mail.example.com

  245. 

  246.         '^[.\\/]+([Ss][Vv][Cc])[.\\/]':

  247.           Require: False

  248.           Formula_Append: |

  249.             Require ip 123.123.13.6 84.24.25.74

  250. 

  251.       Proxy_control:

  252.         '*':

  253.           AllowAll: False

  254.           AllowCountry:

  255.             - DE

  256.           AllowIP:

  257.             - 12.5.25.32

  258.             - 12.5.25.33

  259. 

  260. 

  261.       Alias:

  262.         /docs: /usr/share/docs

  263. 

  264.       Formula_Append: |

  265.         Additional config as a

  266.         multi-line string here

  267. 

  268.   # ``apache.debian_full`` formula additional configuration:

  269.   register-site:

  270.     # any name as an array index, and you can duplicate this section

  271.     UNIQUE_VALUE_HERE:

  272.       name: 'my name'

  273.       path: 'salt://path/to/sites-available/conf/file'

  274.       state: 'enabled'

  275.       # Optional - use managed file as Jinja Template

  276.       #template: true

  277.       #defaults:

  278.       #  custom_var: "default value"

  279. 

  280.   modules:

  281.     enabled:  # List modules to enable

  282.       - ldap

  283.       - ssl

  284.     disabled:  # List modules to disable

  285.       - rewrite

  286. 

  287.   # KeepAlive: Whether or not to allow persistent connections (more than

  288.   # one request per connection). Set to "Off" to deactivate.

  289.   keepalive: 'On'

  290. 

  291.   security:

  292.     # can be Full | OS | Minimal | Minor | Major | Prod

  293.     # where Full conveys the most information, and Prod the least.

  294.     ServerTokens: Prod

  295. 

  296.   # ``apache.mod_remoteip`` formula additional configuration:

  297.   mod_remoteip:

  298.     RemoteIPHeader: X-Forwarded-For

  299.     RemoteIPTrustedProxy:

  300.       - 10.0.8.0/24

  301.       - 127.0.0.1

  302. 

  303.   # ``apache.mod_security`` formula additional configuration:

  304.   mod_security:

  305.     crs_install: True

  306.     # If not set, default distro's configuration is installed as is

  307.     manage_config: True

  308.     sec_rule_engine: 'On'

  309.     sec_request_body_access: 'On'

  310.     sec_request_body_limit: '14000000'

  311.     sec_request_body_no_files_limit: '114002'

  312.     sec_request_body_in_memory_limit: '114002'

  313.     sec_request_body_limit_action: 'Reject'

  314.     sec_pcre_match_limit: '15000'

  315.     sec_pcre_match_limit_recursion: '15000'

  316.     sec_debug_log_level: '3'

  317. 

  318.     rules:

  319.       enabled:

  320.       modsecurity_crs_10_setup.conf:

  321.         rule_set: ''

  322.         enabled: True

  323.       modsecurity_crs_20_protocol_violations.conf:

  324.         rule_set: 'base_rules'

  325.         enabled: False

  326. 

  327.     custom_rule_files:

  328.       # any name as an array index, and you can duplicate this section

  329.       UNIQUE_VALUE_HERE:

  330.         file: 'my name'

  331.         path: 'salt://path/to/modsecurity/custom/file'

  332.         enabled: True

  333. 

  334.   mod_ssl:

  335.     # set this to True if you want to override your distributions default TLS configuration

  336.     manage_tls_defaults: False

  337.     # This stuff is deliberately not configured via map.jinja resp. apache:lookup.

  338.     # We're unable to know sane defaults for each release of every distribution.

  339.     # See https://github.com/saltstack-formulas/openssh-formula/issues/102 for a related discussion

  340.     # Have a look at bettercrypto.org for up-to-date settings.

  341.     # These are default values:

  342.     SSLCipherSuite: EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

  343.     # Mitigate the CRIME attack

  344.     SSLCompression: Off

  345.     SSLProtocol: all -SSLv2 -SSLv3 -TLSv1

  346.     SSLHonorCipherOrder: On

  347.     SSLOptions: "+StrictRequire"

  348.