Saltstack Official Apache Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

pillar.example 5.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
  1. # ``apache`` formula configuration:
  2. apache:
  3. # lookup section overrides ``map.jinja`` values
  4. lookup:
  5. server: apache2
  6. service: apache2
  7. vhostdir: /etc/apache2/sites-available
  8. confdir: /etc/apache2/conf.d
  9. confext: .conf
  10. logdir: /var/log/apache2
  11. wwwdir: /srv/apache2
  12. # apache version (generally '2.2' or '2.4')
  13. version: '2.2'
  14. # ``apache.mod_wsgi`` formula additional configuration:
  15. mod_wsgi: mod_wsgi
  16. # Default value for AddDefaultCharset in RedHat configuration
  17. default_charset: 'UTF-8'
  18. global:
  19. # global apache directives
  20. AllowEncodedSlashes: 'On'
  21. name_virtual_hosts:
  22. - interface: '*'
  23. port: 80
  24. - interface: '*'
  25. port: 443
  26. # ``apache.vhosts`` formula additional configuration:
  27. sites:
  28. example.net:
  29. template_file: salt://apache/vhosts/minimal.tmpl
  30. example.com: # must be unique; used as an ID declaration in Salt.
  31. enabled: True
  32. template_file: salt://apache/vhosts/standard.tmpl # or redirect.tmpl or proxy.tmpl
  33. ####################### DEFAULT VALUES BELOW ############################
  34. # NOTE: the values below are simply default settings that *can* be
  35. # overridden and are not required in order to use this formula to create
  36. # vhost entries.
  37. #
  38. # Do not copy the values below into your Pillar unless you intend to
  39. # modify these vaules.
  40. ####################### DEFAULT VALUES BELOW ############################
  41. template_engine: jinja
  42. interface: '*'
  43. port: '80'
  44. exclude_listen_directive: True # Do not add a Listen directive in httpd.conf
  45. ServerName: example.com # uses the unique ID above unless specified
  46. ServerAlias: www.example.com
  47. ServerAdmin: webmaster@example.com
  48. LogLevel: warn
  49. ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log
  50. CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log
  51. DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com
  52. SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired
  53. SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file
  54. SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file
  55. Directory:
  56. # "default" is a special case; Adds ``/path/to/www/dir/example.com``
  57. # E.g.: /var/www/example.com
  58. default:
  59. Options: -Indexes +FollowSymLinks
  60. Order: allow,deny # For Apache < 2.4
  61. Allow: from all # For apache < 2.4
  62. Require: all granted # For apache > 2.4.
  63. AllowOverride: None
  64. Formula_Append: |
  65. Additional config as a
  66. multi-line string here
  67. # if template is 'redirect.tmpl'
  68. # RedirectSource: '/'
  69. # RedirectTarget: 'http://www.example.net'
  70. # if template is 'proxy.tmpl'
  71. # ProxyRequests: 'On'
  72. # ProxyPreserveHost: 'On'
  73. # ProxyRoute:
  74. # my sample route:
  75. # ProxyPassSource: '/'
  76. # ProxyPassTarget: 'http://www.example.net'
  77. # ProxyPassTargetOptions: 'connectiontimeout=5 timeout=30'
  78. # ProxyPassReverseSource: '/'
  79. # ProxyPassReverseTarget: 'http://www.example.net'
  80. Alias:
  81. /docs: /usr/share/docs
  82. Location:
  83. /docs:
  84. Order: allow,deny # For Apache < 2.4
  85. Allow: from all # For apache < 2.4
  86. Require: all granted # For apache > 2.4.
  87. Formula_Append: |
  88. Additional config as a
  89. multi-line string here
  90. Formula_Append: |
  91. Additional config as a
  92. multi-line string here
  93. # ``apache.debian_full`` formula additional configuration:
  94. register-site:
  95. # any name as an array index, and you can duplicate this section
  96. UNIQUE_VALUE_HERE:
  97. name: 'my name'
  98. path: 'salt://path/to/sites-available/conf/file'
  99. state: 'enabled'
  100. # Optional - use managed file as Jinja Template
  101. #template: true
  102. #defaults:
  103. # custom_var: "default value"
  104. modules:
  105. enabled: # List modules to enable
  106. - ldap
  107. - ssl
  108. disabled: # List modules to disable
  109. - rewrite
  110. # KeepAlive: Whether or not to allow persistent connections (more than
  111. # one request per connection). Set to "Off" to deactivate.
  112. keepalive: 'On'
  113. security:
  114. # can be Full | OS | Minimal | Minor | Major | Prod
  115. # where Full conveys the most information, and Prod the least.
  116. ServerTokens: Prod
  117. # ``apache.mod_remoteip`` formula additional configuration:
  118. mod_remoteip:
  119. RemoteIPHeader: X-Forwarded-For
  120. RemoteIPTrustedProxy:
  121. - 10.0.8.0/24
  122. - 127.0.0.1
  123. # ``apache.mod_security`` formula additional configuration:
  124. mod_security:
  125. crs_install: True
  126. # If not set, default distro's configuration is installed as is
  127. manage_config: True
  128. sec_rule_engine: 'On'
  129. sec_request_body_access: 'On'
  130. sec_request_body_limit: '14000000'
  131. sec_request_body_no_files_limit: '114002'
  132. sec_request_body_in_memory_limit: '114002'
  133. sec_request_body_limit_action: 'Reject'
  134. sec_pcre_match_limit: '15000'
  135. sec_pcre_match_limit_recursion: '15000'
  136. sec_debug_log_level: '3'
  137. rules:
  138. enabled:
  139. modsecurity_crs_10_setup.conf:
  140. rule_set: ''
  141. enabled: True
  142. modsecurity_crs_20_protocol_violations.conf:
  143. rule_set: 'base_rules'
  144. enabled: False
  145. custom_rule_files:
  146. # any name as an array index, and you can duplicate this section
  147. UNIQUE_VALUE_HERE:
  148. file: 'my name'
  149. path: 'salt://path/to/modsecurity/custom/file'
  150. enabled: True