salt
/
apache-formula
форк від ExternalMirrors/apache-formula
Слідкувати 1
В обрані 0
Форк 0
Код Релізи 0 Активність
Saltstack Official Apache Formula
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
411 Коміти
1 Гілка
Дерево: 5211bdd72b
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з '5211bdd72b'
${ noResults }
apache-formula/pillar.example

pillar.example 13KB
Неформатований Normal View Історія

Added package-map.jinja
11 роки тому
Added apache.vhost formula
11 роки тому
Allow Skipping of service manipulation via pillar (+PR comments)
7 роки тому
add lookup section to pillar.example
9 роки тому
Add default user/group attributes as required by some states
8 роки тому
Added apache.vhost formula
11 роки тому
add lookup section to pillar.example
9 роки тому
fix Options in pillar.example
9 роки тому
This branch is foundational for further version-specific work to come. * Add apache version (2.2, 2.4) detection based on osfinger (defaults to 2.4). * Version can be overridden in pillar (for Apache 2.4 on RHEL 6 for example)
9 роки тому
add lookup section to pillar.example
9 роки тому
Updated README with these changes moved Pillar examples into pillar file
11 роки тому
RedHat: Made AddDefaultCharset Directive configurable (#147) * RedHat: Made AddDefaultCharset Directive configurable * Added description of apache:lookup:default_charset to pillar.example, sane default equals former hardcoded UTF-8
8 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Allow global directives to be added to apache config
9 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Allow global directives to be added to apache config
9 роки тому
Add support for NameVirtualHost on Debian
9 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Add support for NameVirtualHost on Debian
9 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Add support for NameVirtualHost on Debian
9 роки тому
Moved all Pillar examples under the same dictionary key Having multiple different examples in the same file was causing confusion.
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
add an 'enabled' attribute for a site in pillar
9 роки тому
Added minimal template (fixes #34)
7 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Adding exclude_listen_directive option (#151) * Adding exclude_listen_directive option * Updating Debian config
8 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Do not add ServerAlias unless defined
7 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
vhosts/standard: allow user/group option Support for DocumentRootUser and DocumentRootGroup
6 роки тому
Added apache.vhost formula
11 роки тому
Fix incorrect syntax in pillar example for SSLCertificateFile, SSLCertificateKeyFile Fix check for SSLCertificateFile, SSLCertificateKeyFile variables in vhosts/standard.tmpl, now using dict.get()
9 роки тому
ssl: also support the SSLCertificateChainFile required by some providers
9 роки тому
Add basic SSL functionality.
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
fix Options in pillar.example
9 роки тому
Adding support for Apache 2.4 on Ubuntu 14.04 - Adding confext to virtualhost names. - Renaming the default config file for Ubuntu (000-default.conf). - Adding ability to use "Require all granted".
10 роки тому
Added apache.vhost formula
11 роки тому
pillar exemple for RedirectMatch directive
7 роки тому
Add Reverse Proxy directives, GeoIP, Certificates management, mostly for RedHat
8 роки тому
Consolidate duplicate 'Location' stanzas in pillar.example; SLS Rendering Error fix
7 роки тому
Add Reverse Proxy directives, GeoIP, Certificates management, mostly for RedHat
8 роки тому
Add example code for new templates 'redirect.tmpl' and 'proxy.tmpl'.
10 роки тому
Added support for Alias and Locations, as well as enabling Dav
9 роки тому
Added apache.vhost formula
11 роки тому
Moved all Pillar examples under the same dictionary key Having multiple different examples in the same file was causing confusion.
10 роки тому
Updated README with these changes moved Pillar examples into pillar file
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Updated README with these changes moved Pillar examples into pillar file
11 роки тому
Add optional templating to register_site Add optional templating for the register site aspect of a pillar. User can specify keys to be included as defaults, otherwise it is treated as a normal managed file.
10 роки тому
Add ability to specify modules in pillar
10 роки тому
Added ability to manage security settings By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
9 роки тому
Added ability to configure KeepAlive option Sometimes it's necessary optimization in nginx+apache2 environment
9 роки тому
Fixed YAML parsing On/Off as True/False True and False are not correct values for apache config
9 роки тому
Added ability to configure KeepAlive option Sometimes it's necessary optimization in nginx+apache2 environment
9 роки тому
Added ability to manage security settings By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
9 роки тому
Follow-up to 8f2308b98
9 роки тому
Added newlines to recent files
9 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
add modsecurity rules state
8 роки тому
Manage TLS defaults
7 роки тому
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350 
  1. # ``apache`` formula configuration:

  2. apache:

  3. 

  4.   # By default apache restart/reload states run (false skips)

  5.   manage_service_states: True

  6. 

  7.   # lookup section overrides ``map.jinja`` values

  8.   lookup:

  9.     server: apache2

  10.     service: apache2

  11.     user: some_system_user

  12.     group: some_system_group

  13. 

  14.     vhostdir: /etc/apache2/sites-available

  15.     confdir: /etc/apache2/conf.d

  16.     confext: .conf

  17.     logdir: /var/log/apache2

  18.     wwwdir: /srv/apache2

  19. 

  20.     # apache version (generally '2.2' or '2.4')

  21.     version: '2.2'

  22. 

  23.     # ``apache.mod_wsgi`` formula additional configuration:

  24.     mod_wsgi: mod_wsgi

  25. 

  26.     # Default value for AddDefaultCharset in RedHat configuration

  27.     default_charset: 'UTF-8'

  28. 

  29.   global:

  30.     # global apache directives

  31.     AllowEncodedSlashes: 'On'

  32. 

  33. 

  34.   name_virtual_hosts:

  35.     - interface: '*'

  36.       port: 80

  37.     - interface: '*'

  38.       port: 443

  39. 

  40.   # ``apache.vhosts`` formula additional configuration:

  41.   sites:

  42.     example.net:

  43.       template_file: salt://apache/vhosts/minimal.tmpl

  44. 

  45.     example.com: # must be unique; used as an ID declaration in Salt.

  46.       enabled: True

  47.       template_file: salt://apache/vhosts/standard.tmpl # or minimal.tmpl or redirect.tmpl or proxy.tmpl

  48. 

  49.       ####################### DEFAULT VALUES BELOW ############################

  50.       # NOTE: the values below are simply default settings that *can* be

  51.       # overridden and are not required in order to use this formula to create

  52.       # vhost entries.

  53.       #

  54.       # Do not copy the values below into your Pillar unless you intend to

  55.       # modify these vaules.

  56.       ####################### DEFAULT VALUES BELOW ############################

  57.       template_engine: jinja

  58. 

  59.       interface: '*'

  60.       port: '80'

  61. 

  62.       exclude_listen_directive: True # Do not add a Listen directive in httpd.conf

  63. 

  64.       ServerName: example.com # uses the unique ID above unless specified

  65.       #ServerAlias: www.example.com # Do not add ServerAlias unless defined

  66. 

  67.       ServerAdmin: webmaster@example.com

  68. 

  69.       LogLevel: warn

  70.       ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log

  71.       CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log

  72. 

  73.       DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com

  74.       DocumentRootUser: www-data   # Force user if specified, leave it default if not

  75.       DocumentRootGroup: www-data  # Force group if specified, leave it default if not

  76. 

  77.       SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired

  78.       SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file

  79.       SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file

  80. 

  81.       Directory:

  82.         # "default" is a special case; Adds ``/path/to/www/dir/example.com``

  83.         # E.g.: /var/www/example.com

  84.         default:

  85.           Options: -Indexes +FollowSymLinks

  86.           Order: allow,deny    # For Apache < 2.4

  87.           Allow: from all      # For apache < 2.4

  88.           Require: all granted # For apache > 2.4.

  89.           AllowOverride: None

  90.           Formula_Append: |

  91.             Additional config as a

  92.             multi-line string here

  93. 

  94.     redirectmatch.com:

  95.       # Use RedirectMatch Directive https://httpd.apache.org/docs/2.4/fr/mod/mod_alias.html#redirectmatch

  96.       # Require module mod_alias 

  97.       enabled: True

  98.       template_file: salt://apache/vhosts/redirect.tmpl

  99.       ServerName: www.redirectmatch.com

  100.       ServerAlias: www.redirectmatch.com

  101.       RedirectMatch: true

  102.       RedirectSource: '^/$'

  103.       RedirectTarget: '/subdirectory'

  104.       DocumentRoot: /var/www/html/

  105.       ErrorLog: ${APACHE_LOG_DIR}/error.log

  106.       CustomLog: ${APACHE_LOG_DIR}/access.log

  107. 

  108.     80-proxyexample.com:

  109.       template_file: salt://apache/vhosts/redirect.tmpl

  110.       ServerName: www.proxyexample.com

  111.       ServerAlias: www.proxyexample.com

  112.       RedirectSource: '/'

  113.       RedirectTarget: 'https://www.proxyexample.com/'

  114.       DocumentRoot: /var/www/proxy

  115. 

  116.     443-proxyexample.com:

  117.       template_file: salt://apache/vhosts/proxy.tmpl

  118.       ServerName: www.proxyexample.com

  119.       ServerAlias: www.proxyexample.com

  120.       interface: '*'

  121.       port: '443'

  122.       DocumentRoot: /var/www/proxy

  123. 

  124.       Rewrite: |

  125.         RewriteRule ^/webmail$ /webmail/ [R]

  126.         RewriteRule ^/webmail(.*) http://mail.example.com$1 [P,L]

  127.         RewriteRule ^/vicescws(.*) http://svc.example.com:92$1 [P,L]

  128. 

  129.       SSLCertificateFile: /etc/httpd/ssl/example.com.crt

  130.       SSLCertificateKeyFile: /etc/httpd/ssl/example.com.key

  131.       SSLCertificateChainFile: /etc/httpd/ssl/example.com.cer

  132. 

  133.       SSLCertificateFile_content: |

  134.         -----BEGIN CERTIFICATE-----

  135.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  136.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  137.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  138.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  139.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  140.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  141.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  142.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  143.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  144.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  145.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  146.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  147.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  148.         -----END CERTIFICATE-----

  149. 

  150.       SSLCertificateKeyFile_content: |

  151.         -----BEGIN PRIVATE KEY-----

  152.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  153.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  154.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  155.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  156.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  157.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  158.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  159.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  160.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  161.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  162.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  163.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  164.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  165.         -----END PRIVATE KEY-----

  166. 

  167.       SSLCertificateChainFile_content: |

  168.         -----BEGIN CERTIFICATE-----

  169.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  170.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  171.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  172.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  173.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  174.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  175.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  176.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  177.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  178.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  179.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  180.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  181.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  182.         -----END CERTIFICATE-----

  183.         -----BEGIN CERTIFICATE-----

  184.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  185.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  186.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  187.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  188.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  189.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  190.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  191.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  192.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  193.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  194.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  195.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  196.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  197.         -----END CERTIFICATE-----

  198. 

  199.       ProxyRequests: 'Off'

  200.       ProxyPreserveHost: 'On'

  201. 

  202.       ProxyRoute:

  203.         example prod proxy route:

  204.           ProxyPassSource: '/'

  205.           ProxyPassTarget: 'http://prod.example.com:85/'

  206.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  207.           ProxyPassReverseSource: '/'

  208.           ProxyPassReverseTarget: 'http://prod.example.com:85/'

  209. 

  210.         example webmail proxy route:

  211.           ProxyPassSource: '/webmail/'

  212.           ProxyPassTarget: 'http://mail.example.com/'

  213.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  214.           ProxyPassReverseSource: '/webmail/'

  215.           ProxyPassReverseTarget: 'http://mail.example.com/'

  216. 

  217.         example service proxy route:

  218.           ProxyPassSource: '/svc/'

  219.           ProxyPassTarget: 'http://svc.example.com:92/'

  220.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  221.           ProxyPassReverseSource: '/svc/'

  222.           ProxyPassReverseTarget: 'http://svc.example.com:92/'

  223. 

  224.       Location:

  225.         /:

  226.           Require: False

  227.           Formula_Append: |

  228.             SecRuleRemoveById 981231

  229.             SecRuleRemoveById 981173

  230. 

  231.         /error:

  232.           Require: 'all granted'

  233. 

  234.         /docs:

  235.           Order: allow,deny    # For Apache < 2.4

  236.           Allow: from all      # For apache < 2.4

  237.           Require: all granted # For apache > 2.4.

  238.           Formula_Append: |

  239.             Additional config as a

  240.             multi-line string here

  241. 

  242.       LocationMatch:

  243.         '^[.\\/]+([Ww][Ee][Bb][Mm][Aa][Ii][Ll])[.\\/]':

  244.           Require: False

  245.           Formula_Append: |

  246.             RequestHeader  set  Host  mail.example.com

  247. 

  248.         '^[.\\/]+([Ss][Vv][Cc])[.\\/]':

  249.           Require: False

  250.           Formula_Append: |

  251.             Require ip 123.123.13.6 84.24.25.74

  252. 

  253.       Proxy_control:

  254.         '*':

  255.           AllowAll: False

  256.           AllowCountry:

  257.             - DE

  258.           AllowIP:

  259.             - 12.5.25.32

  260.             - 12.5.25.33

  261. 

  262. 

  263.       Alias:

  264.         /docs: /usr/share/docs

  265. 

  266.       Formula_Append: |

  267.         Additional config as a

  268.         multi-line string here

  269. 

  270.   # ``apache.debian_full`` formula additional configuration:

  271.   register-site:

  272.     # any name as an array index, and you can duplicate this section

  273.     UNIQUE_VALUE_HERE:

  274.       name: 'my name'

  275.       path: 'salt://path/to/sites-available/conf/file'

  276.       state: 'enabled'

  277.       # Optional - use managed file as Jinja Template

  278.       #template: true

  279.       #defaults:

  280.       #  custom_var: "default value"

  281. 

  282.   modules:

  283.     enabled:  # List modules to enable

  284.       - ldap

  285.       - ssl

  286.     disabled:  # List modules to disable

  287.       - rewrite

  288. 

  289.   # KeepAlive: Whether or not to allow persistent connections (more than

  290.   # one request per connection). Set to "Off" to deactivate.

  291.   keepalive: 'On'

  292. 

  293.   security:

  294.     # can be Full | OS | Minimal | Minor | Major | Prod

  295.     # where Full conveys the most information, and Prod the least.

  296.     ServerTokens: Prod

  297. 

  298.   # ``apache.mod_remoteip`` formula additional configuration:

  299.   mod_remoteip:

  300.     RemoteIPHeader: X-Forwarded-For

  301.     RemoteIPTrustedProxy:

  302.       - 10.0.8.0/24

  303.       - 127.0.0.1

  304. 

  305.   # ``apache.mod_security`` formula additional configuration:

  306.   mod_security:

  307.     crs_install: True

  308.     # If not set, default distro's configuration is installed as is

  309.     manage_config: True

  310.     sec_rule_engine: 'On'

  311.     sec_request_body_access: 'On'

  312.     sec_request_body_limit: '14000000'

  313.     sec_request_body_no_files_limit: '114002'

  314.     sec_request_body_in_memory_limit: '114002'

  315.     sec_request_body_limit_action: 'Reject'

  316.     sec_pcre_match_limit: '15000'

  317.     sec_pcre_match_limit_recursion: '15000'

  318.     sec_debug_log_level: '3'

  319. 

  320.     rules:

  321.       enabled:

  322.       modsecurity_crs_10_setup.conf:

  323.         rule_set: ''

  324.         enabled: True

  325.       modsecurity_crs_20_protocol_violations.conf:

  326.         rule_set: 'base_rules'

  327.         enabled: False

  328. 

  329.     custom_rule_files:

  330.       # any name as an array index, and you can duplicate this section

  331.       UNIQUE_VALUE_HERE:

  332.         file: 'my name'

  333.         path: 'salt://path/to/modsecurity/custom/file'

  334.         enabled: True

  335. 

  336.   mod_ssl:

  337.     # set this to True if you want to override your distributions default TLS configuration

  338.     manage_tls_defaults: False

  339.     # This stuff is deliberately not configured via map.jinja resp. apache:lookup.

  340.     # We're unable to know sane defaults for each release of every distribution.

  341.     # See https://github.com/saltstack-formulas/openssh-formula/issues/102 for a related discussion

  342.     # Have a look at bettercrypto.org for up-to-date settings.

  343.     # These are default values:

  344.     SSLCipherSuite: EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

  345.     # Mitigate the CRIME attack

  346.     SSLCompression: Off

  347.     SSLProtocol: all -SSLv2 -SSLv3 -TLSv1

  348.     SSLHonorCipherOrder: On

  349.     SSLOptions: "+StrictRequire"

  350.