salt
/
apache-formula
форк від ExternalMirrors/apache-formula
Слідкувати 1
В обрані 0
Форк 0
Код Релізи 0 Активність
Saltstack Official Apache Formula
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
423 Коміти
1 Гілка
Дерево: a5debf58b3
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з 'a5debf58b3'
${ noResults }
apache-formula/pillar.example

pillar.example 14KB
Неформатований Normal View Історія

Added package-map.jinja
11 роки тому
Added apache.vhost formula
11 роки тому
Allow Skipping of service manipulation via pillar (+PR comments)
7 роки тому
add lookup section to pillar.example
9 роки тому
Add default user/group attributes as required by some states
7 роки тому
Added apache.vhost formula
11 роки тому
add lookup section to pillar.example
9 роки тому
fix Options in pillar.example
8 роки тому
This branch is foundational for further version-specific work to come. * Add apache version (2.2, 2.4) detection based on osfinger (defaults to 2.4). * Version can be overridden in pillar (for Apache 2.4 on RHEL 6 for example)
9 роки тому
add lookup section to pillar.example
9 роки тому
Updated README with these changes moved Pillar examples into pillar file
11 роки тому
RedHat: Made AddDefaultCharset Directive configurable (#147) * RedHat: Made AddDefaultCharset Directive configurable * Added description of apache:lookup:default_charset to pillar.example, sane default equals former hardcoded UTF-8
8 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
vhosts/standard: rewrite, simplify code * No more if. * Allow lookup to set default value for all docroot * updated pillar.example
6 роки тому
Allow global directives to be added to apache config
9 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Allow global directives to be added to apache config
9 роки тому
Add support for NameVirtualHost on Debian
8 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Add support for NameVirtualHost on Debian
8 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
Add support for NameVirtualHost on Debian
8 роки тому
Moved all Pillar examples under the same dictionary key Having multiple different examples in the same file was causing confusion.
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
add an 'enabled' attribute for a site in pillar
9 роки тому
Added minimal template (fixes #34)
7 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Adding exclude_listen_directive option (#151) * Adding exclude_listen_directive option * Updating Debian config
8 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Do not add ServerAlias unless defined
7 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
vhosts/standard: rewrite, simplify code * No more if. * Allow lookup to set default value for all docroot * updated pillar.example
6 роки тому
Added apache.vhost formula
11 роки тому
Fix incorrect syntax in pillar example for SSLCertificateFile, SSLCertificateKeyFile Fix check for SSLCertificateFile, SSLCertificateKeyFile variables in vhosts/standard.tmpl, now using dict.get()
9 роки тому
ssl: also support the SSLCertificateChainFile required by some providers
9 роки тому
Add basic SSL functionality.
9 роки тому
Added apache.vhost formula
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
fix Options in pillar.example
8 роки тому
Adding support for Apache 2.4 on Ubuntu 14.04 - Adding confext to virtualhost names. - Renaming the default config file for Ubuntu (000-default.conf). - Adding ability to use "Require all granted".
10 роки тому
Added apache.vhost formula
11 роки тому
pillar exemple for RedirectMatch directive
7 роки тому
Add Reverse Proxy directives, GeoIP, Certificates management, mostly for RedHat
7 роки тому
Consolidate duplicate 'Location' stanzas in pillar.example; SLS Rendering Error fix
7 роки тому
Add Reverse Proxy directives, GeoIP, Certificates management, mostly for RedHat
7 роки тому
Add example code for new templates 'redirect.tmpl' and 'proxy.tmpl'.
10 роки тому
Added support for Alias and Locations, as well as enabling Dav
9 роки тому
Added apache.vhost formula
11 роки тому
Moved all Pillar examples under the same dictionary key Having multiple different examples in the same file was causing confusion.
10 роки тому
Updated README with these changes moved Pillar examples into pillar file
11 роки тому
Removed Jinja-esque placeholders from example Pillar; added instructions The structure of this example file was quite confusing. Most of these values are not required and should be denoted as such. Jinja notiation to denote re-used Pillar values was also a bad and confusing choice. Closes #8
10 роки тому
Updated README with these changes moved Pillar examples into pillar file
11 роки тому
Add optional templating to register_site Add optional templating for the register site aspect of a pillar. User can specify keys to be included as defaults, otherwise it is treated as a normal managed file.
9 роки тому
Add ability to specify modules in pillar
10 роки тому
Added ability to manage security settings By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
9 роки тому
Added ability to configure KeepAlive option Sometimes it's necessary optimization in nginx+apache2 environment
9 роки тому
Fixed YAML parsing On/Off as True/False True and False are not correct values for apache config
9 роки тому
Added ability to configure KeepAlive option Sometimes it's necessary optimization in nginx+apache2 environment
9 роки тому
Added ability to manage security settings By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
9 роки тому
Follow-up to 8f2308b98
9 роки тому
207 configure ssl (#218) * [ssl] [debian] manage ssl.conf with pillars * [apache] make cyphersuite a list * [apache/ssl] switch back to strings, lists merge is not good
6 роки тому
Follow-up to 8f2308b98
9 роки тому
Added newlines to recent files
9 роки тому
Add mod_security management Add gitignore, kitchen-ci files Add some tests and documentation
8 роки тому
add modsecurity rules state
8 роки тому
Manage TLS defaults
7 роки тому
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361 
  1. # ``apache`` formula configuration:

  2. apache:

  3. 

  4.   # By default apache restart/reload states run (false skips)

  5.   manage_service_states: True

  6. 

  7.   # lookup section overrides ``map.jinja`` values

  8.   lookup:

  9.     server: apache2

  10.     service: apache2

  11.     user: some_system_user

  12.     group: some_system_group

  13. 

  14.     vhostdir: /etc/apache2/sites-available

  15.     confdir: /etc/apache2/conf.d

  16.     confext: .conf

  17.     logdir: /var/log/apache2

  18.     wwwdir: /srv/apache2

  19. 

  20.     # apache version (generally '2.2' or '2.4')

  21.     version: '2.2'

  22. 

  23.     # ``apache.mod_wsgi`` formula additional configuration:

  24.     mod_wsgi: mod_wsgi

  25. 

  26.     # Default value for AddDefaultCharset in RedHat configuration

  27.     default_charset: 'UTF-8'

  28. 

  29.     # Should we enforce DocumentRoot user/group?

  30.     # Default: do not enforce

  31.     document_root_user: www-data   # Force user if specified, leave it default if not

  32.     document_root_group: null      # Do not enforce group

  33. 

  34.   global:

  35.     # global apache directives

  36.     AllowEncodedSlashes: 'On'

  37. 

  38. 

  39.   name_virtual_hosts:

  40.     - interface: '*'

  41.       port: 80

  42.     - interface: '*'

  43.       port: 443

  44. 

  45.   # ``apache.vhosts`` formula additional configuration:

  46.   sites:

  47.     example.net:

  48.       template_file: salt://apache/vhosts/minimal.tmpl

  49. 

  50.     example.com: # must be unique; used as an ID declaration in Salt.

  51.       enabled: True

  52.       template_file: salt://apache/vhosts/standard.tmpl # or minimal.tmpl or redirect.tmpl or proxy.tmpl

  53. 

  54.       ####################### DEFAULT VALUES BELOW ############################

  55.       # NOTE: the values below are simply default settings that *can* be

  56.       # overridden and are not required in order to use this formula to create

  57.       # vhost entries.

  58.       #

  59.       # Do not copy the values below into your Pillar unless you intend to

  60.       # modify these vaules.

  61.       ####################### DEFAULT VALUES BELOW ############################

  62.       template_engine: jinja

  63. 

  64.       interface: '*'

  65.       port: '80'

  66. 

  67.       exclude_listen_directive: True # Do not add a Listen directive in httpd.conf

  68. 

  69.       ServerName: example.com # uses the unique ID above unless specified

  70.       #ServerAlias: www.example.com # Do not add ServerAlias unless defined

  71. 

  72.       ServerAdmin: webmaster@example.com

  73. 

  74.       LogLevel: warn

  75.       ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log

  76.       CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log

  77. 

  78.       DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com

  79.       DocumentRootUser: null       # do not enforce user, defaults to lookup:document_root_user

  80.       DocumentRootGroup: www-data  # Force group, defaults to lookup:document_root_group

  81. 

  82.       SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired

  83.       SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file

  84.       SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file

  85. 

  86.       Directory:

  87.         # "default" is a special case; Adds ``/path/to/www/dir/example.com``

  88.         # E.g.: /var/www/example.com

  89.         default:

  90.           Options: -Indexes +FollowSymLinks

  91.           Order: allow,deny    # For Apache < 2.4

  92.           Allow: from all      # For apache < 2.4

  93.           Require: all granted # For apache > 2.4.

  94.           AllowOverride: None

  95.           Formula_Append: |

  96.             Additional config as a

  97.             multi-line string here

  98. 

  99.     redirectmatch.com:

  100.       # Use RedirectMatch Directive https://httpd.apache.org/docs/2.4/fr/mod/mod_alias.html#redirectmatch

  101.       # Require module mod_alias 

  102.       enabled: True

  103.       template_file: salt://apache/vhosts/redirect.tmpl

  104.       ServerName: www.redirectmatch.com

  105.       ServerAlias: www.redirectmatch.com

  106.       RedirectMatch: true

  107.       RedirectSource: '^/$'

  108.       RedirectTarget: '/subdirectory'

  109.       DocumentRoot: /var/www/html/

  110.       ErrorLog: ${APACHE_LOG_DIR}/error.log

  111.       CustomLog: ${APACHE_LOG_DIR}/access.log

  112. 

  113.     80-proxyexample.com:

  114.       template_file: salt://apache/vhosts/redirect.tmpl

  115.       ServerName: www.proxyexample.com

  116.       ServerAlias: www.proxyexample.com

  117.       RedirectSource: '/'

  118.       RedirectTarget: 'https://www.proxyexample.com/'

  119.       DocumentRoot: /var/www/proxy

  120. 

  121.     443-proxyexample.com:

  122.       template_file: salt://apache/vhosts/proxy.tmpl

  123.       ServerName: www.proxyexample.com

  124.       ServerAlias: www.proxyexample.com

  125.       interface: '*'

  126.       port: '443'

  127.       DocumentRoot: /var/www/proxy

  128. 

  129.       Rewrite: |

  130.         RewriteRule ^/webmail$ /webmail/ [R]

  131.         RewriteRule ^/webmail(.*) http://mail.example.com$1 [P,L]

  132.         RewriteRule ^/vicescws(.*) http://svc.example.com:92$1 [P,L]

  133. 

  134.       SSLCertificateFile: /etc/httpd/ssl/example.com.crt

  135.       SSLCertificateKeyFile: /etc/httpd/ssl/example.com.key

  136.       SSLCertificateChainFile: /etc/httpd/ssl/example.com.cer

  137. 

  138.       SSLCertificateFile_content: |

  139.         -----BEGIN CERTIFICATE-----

  140.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  141.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  142.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  143.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  144.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  145.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  146.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  147.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  148.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  149.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  150.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  151.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  152.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  153.         -----END CERTIFICATE-----

  154. 

  155.       SSLCertificateKeyFile_content: |

  156.         -----BEGIN PRIVATE KEY-----

  157.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  158.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  159.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  160.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  161.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  162.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  163.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  164.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  165.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  166.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  167.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  168.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  169.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  170.         -----END PRIVATE KEY-----

  171. 

  172.       SSLCertificateChainFile_content: |

  173.         -----BEGIN CERTIFICATE-----

  174.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  175.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  176.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  177.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  178.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  179.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  180.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  181.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  182.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  183.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  184.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  185.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  186.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  187.         -----END CERTIFICATE-----

  188.         -----BEGIN CERTIFICATE-----

  189.         MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

  190.         MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

  191.         VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

  192.         NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

  193.         TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

  194.         ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

  195.         V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

  196.         gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

  197.         FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

  198.         CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

  199.         BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

  200.         BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

  201.         Wm7DCfrPNGVwFWUQOmsPue9rZBgO

  202.         -----END CERTIFICATE-----

  203. 

  204.       ProxyRequests: 'Off'

  205.       ProxyPreserveHost: 'On'

  206. 

  207.       ProxyRoute:

  208.         example prod proxy route:

  209.           ProxyPassSource: '/'

  210.           ProxyPassTarget: 'http://prod.example.com:85/'

  211.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  212.           ProxyPassReverseSource: '/'

  213.           ProxyPassReverseTarget: 'http://prod.example.com:85/'

  214. 

  215.         example webmail proxy route:

  216.           ProxyPassSource: '/webmail/'

  217.           ProxyPassTarget: 'http://mail.example.com/'

  218.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  219.           ProxyPassReverseSource: '/webmail/'

  220.           ProxyPassReverseTarget: 'http://mail.example.com/'

  221. 

  222.         example service proxy route:

  223.           ProxyPassSource: '/svc/'

  224.           ProxyPassTarget: 'http://svc.example.com:92/'

  225.           ProxyPassTargetOptions: 'connectiontimeout=10 timeout=90'

  226.           ProxyPassReverseSource: '/svc/'

  227.           ProxyPassReverseTarget: 'http://svc.example.com:92/'

  228. 

  229.       Location:

  230.         /:

  231.           Require: False

  232.           Formula_Append: |

  233.             SecRuleRemoveById 981231

  234.             SecRuleRemoveById 981173

  235. 

  236.         /error:

  237.           Require: 'all granted'

  238. 

  239.         /docs:

  240.           Order: allow,deny    # For Apache < 2.4

  241.           Allow: from all      # For apache < 2.4

  242.           Require: all granted # For apache > 2.4.

  243.           Formula_Append: |

  244.             Additional config as a

  245.             multi-line string here

  246. 

  247.       LocationMatch:

  248.         '^[.\\/]+([Ww][Ee][Bb][Mm][Aa][Ii][Ll])[.\\/]':

  249.           Require: False

  250.           Formula_Append: |

  251.             RequestHeader  set  Host  mail.example.com

  252. 

  253.         '^[.\\/]+([Ss][Vv][Cc])[.\\/]':

  254.           Require: False

  255.           Formula_Append: |

  256.             Require ip 123.123.13.6 84.24.25.74

  257. 

  258.       Proxy_control:

  259.         '*':

  260.           AllowAll: False

  261.           AllowCountry:

  262.             - DE

  263.           AllowIP:

  264.             - 12.5.25.32

  265.             - 12.5.25.33

  266. 

  267. 

  268.       Alias:

  269.         /docs: /usr/share/docs

  270. 

  271.       Formula_Append: |

  272.         Additional config as a

  273.         multi-line string here

  274. 

  275.   # ``apache.debian_full`` formula additional configuration:

  276.   register-site:

  277.     # any name as an array index, and you can duplicate this section

  278.     UNIQUE_VALUE_HERE:

  279.       name: 'my name'

  280.       path: 'salt://path/to/sites-available/conf/file'

  281.       state: 'enabled'

  282.       # Optional - use managed file as Jinja Template

  283.       #template: true

  284.       #defaults:

  285.       #  custom_var: "default value"

  286. 

  287.   modules:

  288.     enabled:  # List modules to enable

  289.       - ldap

  290.       - ssl

  291.     disabled:  # List modules to disable

  292.       - rewrite

  293. 

  294.   # KeepAlive: Whether or not to allow persistent connections (more than

  295.   # one request per connection). Set to "Off" to deactivate.

  296.   keepalive: 'On'

  297. 

  298.   security:

  299.     # can be Full | OS | Minimal | Minor | Major | Prod

  300.     # where Full conveys the most information, and Prod the least.

  301.     ServerTokens: Prod

  302. 

  303.   # [debian only] configure mod_ssl

  304.   ssl:

  305.     SSLCipherSuite: 'HIGH:!aNULL'

  306.     SSLHonorCipherOrder: 'Off'

  307.     SSLProtocol: 'all -SSLv3'

  308. 

  309.   # ``apache.mod_remoteip`` formula additional configuration:

  310.   mod_remoteip:

  311.     RemoteIPHeader: X-Forwarded-For

  312.     RemoteIPTrustedProxy:

  313.       - 10.0.8.0/24

  314.       - 127.0.0.1

  315. 

  316.   # ``apache.mod_security`` formula additional configuration:

  317.   mod_security:

  318.     crs_install: True

  319.     # If not set, default distro's configuration is installed as is

  320.     manage_config: True

  321.     sec_rule_engine: 'On'

  322.     sec_request_body_access: 'On'

  323.     sec_request_body_limit: '14000000'

  324.     sec_request_body_no_files_limit: '114002'

  325.     sec_request_body_in_memory_limit: '114002'

  326.     sec_request_body_limit_action: 'Reject'

  327.     sec_pcre_match_limit: '15000'

  328.     sec_pcre_match_limit_recursion: '15000'

  329.     sec_debug_log_level: '3'

  330. 

  331.     rules:

  332.       enabled:

  333.       modsecurity_crs_10_setup.conf:

  334.         rule_set: ''

  335.         enabled: True

  336.       modsecurity_crs_20_protocol_violations.conf:

  337.         rule_set: 'base_rules'

  338.         enabled: False

  339. 

  340.     custom_rule_files:

  341.       # any name as an array index, and you can duplicate this section

  342.       UNIQUE_VALUE_HERE:

  343.         file: 'my name'

  344.         path: 'salt://path/to/modsecurity/custom/file'

  345.         enabled: True

  346. 

  347.   mod_ssl:

  348.     # set this to True if you want to override your distributions default TLS configuration

  349.     manage_tls_defaults: False

  350.     # This stuff is deliberately not configured via map.jinja resp. apache:lookup.

  351.     # We're unable to know sane defaults for each release of every distribution.

  352.     # See https://github.com/saltstack-formulas/openssh-formula/issues/102 for a related discussion

  353.     # Have a look at bettercrypto.org for up-to-date settings.

  354.     # These are default values:

  355.     SSLCipherSuite: EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

  356.     # Mitigate the CRIME attack

  357.     SSLCompression: Off

  358.     SSLProtocol: all -SSLv2 -SSLv3 -TLSv1

  359.     SSLHonorCipherOrder: On

  360.     SSLOptions: "+StrictRequire"

  361.