- Added more modules and configuration options - Renamed sls files to reflect what they do. - added mpm options for Debian

pirms 9 gadiem · 53b995a680
--- a/README.rst
+++ b/README.rst
@@ -20,28 +20,73 @@ Available states

 Installs the Apache package and starts the service.

 ``apache.config``
 -----------------

 Configures apache based on os_family

 ``apache.mod_mpm``
 ------------------

 Configures the apache mpm modules on Debian ``mpm_prefork``, ``mpm_worker`` or ``mpm_event`` (Debian Only)

 ``apache.modules``
 ------------------

 Enables and disables Apache modules.

 ``apache.mod_rewrite``
 ----------------------

 Enabled the Apache module mod_rewrite (Debian only)

 ``apache.mod_proxy``
 -------------------

 Enables the Apache module mod_proxy.
 Enables the Apache module mod_proxy. (Debian only)

 ``apache.mod_proxy_http``
 -------------------
 -------------------------

 Enables the Apache module mod_proxy_http and requires the Apache module mod_proxy to be enabled.
 Enables the Apache module mod_proxy_http and requires the Apache module mod_proxy to be enabled. (Debian Only)

 ``apache.mod_wsgi``
 -------------------

 Installs the mod_wsgi package and enables the Apache module.

 ``apache.mod_actions``
 ----------------------

 Enables the Apache module mod_actions. (Debian Only)

 ``apache.mod_headers``
 ----------------------

 Enables the Apache module mod_headers. (Debian Only)

 ``apache.mod_pagespeed``
 ------------------------

 Installs and Enables the mod_pagespeed module. (Debian Only)

 ``apache.mod_php5``
 -------------------

 Installs and enables the mod_php5 module

 ``apache.mod_fcgid``
 --------------------

 Installs and enables the mod_fcgid module

 ``apache.mod_vhost_alias``
 ----------------------

 Enables the Apache module vhost_alias (Debian Only)

 ``apache.vhosts.standard``
 -------------------------
 --------------------------

 Configures Apache name-based virtual hosts and creates virtual host directories using data from Pillar.

--- a/apache/config.sls
+++ b/apache/config.sls
@@ -0,0 +1,26 @@
 {% from "apache/map.jinja" import apache with context %}

 include:
  - apache

 {{ apache.configfile }}:
  file.managed:
    - template: jinja
    - source:
      - salt://apache/files/{{ salt['grains.get']('os_family') }}/apache.config.jinja
    - require:
      - pkg: apache
    - watch_in:
      - service: apache

 {% if grains['os_family']=="Debian" %}
 /etc/apache2/envvars:
  file.managed
    - template: jinja
    - source:
      - salt://apache/files/debian/envvars.jinja
    - require:
      - pkg: apache
    - watch_in:
      - service: apache
 {% endif %}
--- a/apache/files/Debian/apache.config.jinja
+++ b/apache/files/Debian/apache.config.jinja
@@ -0,0 +1,223 @@
 # Managed by saltstack

 # This is the main Apache server configuration file.  It contains the
 # configuration directives that give the server its instructions.
 # See http://httpd.apache.org/docs/2.4/ for detailed information about
 # the directives and /usr/share/doc/apache2/README.Debian about Debian specific
 # hints.
 #
 #
 # Summary of how the Apache 2 configuration works in Debian:
 # The Apache 2 web server configuration in Debian is quite different to
 # upstream's suggested way to configure the web server. This is because Debian's
 # default Apache2 installation attempts to make adding and removing modules,
 # virtual hosts, and extra configuration directives as flexible as possible, in
 # order to make automating the changes and administering the server as easy as
 # possible.

 # It is split into several files forming the configuration hierarchy outlined
 # below, all located in the /etc/apache2/ directory:
 #
 #	/etc/apache2/
 #	|-- apache2.conf
 #	|	`--  ports.conf
 #	|-- mods-enabled
 #	|	|-- *.load
 #	|	`-- *.conf
 #	|-- conf-enabled
 #	|	`-- *.conf
 # 	`-- sites-enabled
 #	 	`-- *.conf
 #
 #
 # * apache2.conf is the main configuration file (this file). It puts the pieces
 #   together by including all remaining configuration files when starting up the
 #   web server.
 #
 # * ports.conf is always included from the main configuration file. It is
 #   supposed to determine listening ports for incoming connections which can be
 #   customized anytime.
 #
 # * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
 #   directories contain particular configuration snippets which manage modules,
 #   global configuration fragments, or virtual host configurations,
 #   respectively.
 #
 #   They are activated by symlinking available configuration files from their
 #   respective *-available/ counterparts. These should be managed by using our
 #   helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
 #   their respective man pages for detailed information.
 #
 # * The binary is called apache2. Due to the use of environment variables, in
 #   the default configuration, apache2 needs to be started/stopped with
 #   /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
 #   work with the default configuration.


 # Global configuration
 #

 #
 # ServerRoot: The top of the directory tree under which the server's
 # configuration, error, and log files are kept.
 #
 # NOTE!  If you intend to place this on an NFS (or otherwise network)
 # mounted filesystem then please read the Mutex documentation (available
 # at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
 # you will save yourself a lot of trouble.
 #
 # Do NOT add a slash at the end of the directory path.
 #
 #ServerRoot "/etc/apache2"

 #
 # The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
 #
 Mutex file:${APACHE_LOCK_DIR} default

 #
 # PidFile: The file in which the server should record its process
 # identification number when it starts.
 # This needs to be set in /etc/apache2/envvars
 #
 PidFile ${APACHE_PID_FILE}

 #
 # Timeout: The number of seconds before receives and sends time out.
 #
 Timeout 300

 #
 # KeepAlive: Whether or not to allow persistent connections (more than
 # one request per connection). Set to "Off" to deactivate.
 #
 KeepAlive On

 #
 # MaxKeepAliveRequests: The maximum number of requests to allow
 # during a persistent connection. Set to 0 to allow an unlimited amount.
 # We recommend you leave this number high, for maximum performance.
 #
 MaxKeepAliveRequests 100

 #
 # KeepAliveTimeout: Number of seconds to wait for the next request from the
 # same client on the same connection.
 #
 KeepAliveTimeout 5


 # These need to be set in /etc/apache2/envvars
 User ${APACHE_RUN_USER}
 Group ${APACHE_RUN_GROUP}

 #
 # HostnameLookups: Log the names of clients or just their IP addresses
 # e.g., www.apache.org (on) or 204.62.129.132 (off).
 # The default is off because it'd be overall better for the net if people
 # had to knowingly turn this feature on, since enabling it means that
 # each client request will result in AT LEAST one lookup request to the
 # nameserver.
 #
 HostnameLookups Off

 # ErrorLog: The location of the error log file.
 # If you do not specify an ErrorLog directive within a <VirtualHost>
 # container, error messages relating to that virtual host will be
 # logged here.  If you *do* define an error logfile for a <VirtualHost>
 # container, that host's errors will be logged there and not here.
 #
 ErrorLog ${APACHE_LOG_DIR}/error.log

 #
 # LogLevel: Control the severity of messages logged to the error_log.
 # Available values: trace8, ..., trace1, debug, info, notice, warn,
 # error, crit, alert, emerg.
 # It is also possible to configure the log level for particular modules, e.g.
 # "LogLevel info ssl:warn"
 #
 LogLevel warn

 # Include module configuration:
 IncludeOptional mods-enabled/*.load
 IncludeOptional mods-enabled/*.conf

 # Include list of ports to listen on
 Include ports.conf


 # Sets the default security model of the Apache2 HTTPD server. It does
 # not allow access to the root filesystem outside of /usr/share and /var/www.
 # The former is used by web applications packaged in Debian,
 # the latter may be used for local directories served by the web server. If
 # your system is serving content from a sub-directory in /srv you must allow
 # access here, or in any related virtual host.
 <Directory />
 	Options FollowSymLinks
 	AllowOverride None
 	Require all denied
 </Directory>

 <Directory /usr/share>
 	AllowOverride None
 	Require all granted
 </Directory>

 <Directory /var/www/>
 	Options Indexes FollowSymLinks
 	AllowOverride None
 	Require all granted
 </Directory>

 #<Directory /srv/>
 #	Options Indexes FollowSymLinks
 #	AllowOverride None
 #	Require all granted
 #</Directory>

 # AccessFileName: The name of the file to look for in each directory
 # for additional configuration directives.  See also the AllowOverride
 # directive.
 #
 AccessFileName .htaccess

 #
 # The following lines prevent .htaccess and .htpasswd files from being
 # viewed by Web clients.
 #
 <FilesMatch "^\.ht">
 	Require all denied
 </FilesMatch>


 #
 # The following directives define some format nicknames for use with
 # a CustomLog directive.
 #
 # These deviate from the Common Log Format definitions in that they use %O
 # (the actual bytes sent including headers) instead of %b (the size of the
 # requested file), because the latter makes it impossible to detect partial
 # requests.
 #
 # Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
 # Use mod_remoteip instead.
 #
 LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
 LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
 LogFormat "%h %l %u %t \"%r\" %>s %O" common
 LogFormat "%{Referer}i -> %U" referer
 LogFormat "%{User-agent}i" agent
 {%- for log_format in salt['pillar.get']('apache:log_formats', []) %}
 LogFormat {{ log_format }}
 {%- endfor %}

 # Include of directories ignores editors' and dpkg's backup files,
 # see README.Debian for details.

 # Include generic snippets of statements
 IncludeOptional conf-enabled/*.conf

 # Include the virtual host configurations:
 IncludeOptional sites-enabled/*.conf

 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- a/apache/files/Debian/envvars.jinja
+++ b/apache/files/Debian/envvars.jinja
@@ -0,0 +1,49 @@
 # Managed by saltstack

 # envvars - default environment variables for apache2ctl

 # this won't be correct after changing uid
 unset HOME

 # for supporting multiple apache2 instances
 if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
  SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
 else
  SUFFIX=
 fi

 # Since there is no sane way to get the parsed apache2 config in scripts, some
 # settings are defined via environment variables and then used in apache2ctl,
 # /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
 export APACHE_RUN_USER={{ salt['pillar.get']('apache:user', 'www-data') }}
 export APACHE_RUN_GROUP={{ salt['pillar.get']('apache:group', 'www-data') }}
 # temporary state file location. This might be changed to /run in Wheezy+1
 export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
 export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
 export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
 # Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
 export APACHE_LOG_DIR=/var/log/apache2$SUFFIX

 ## The locale used by some modules like mod_dav
 export LANG=C
 ## Uncomment the following line to use the system default locale instead:
 #. /etc/default/locale

 export LANG

 ## The command to get the status for 'apache2ctl status'.
 ## Some packages providing 'www-browser' need '--dump' instead of '-dump'.
 #export APACHE_LYNX='www-browser -dump'

 ## If you need a higher file descriptor limit, uncomment and adjust the
 ## following line (default is 8192):
 #APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'

 ## If you would like to pass arguments to the web server, add them below
 ## to the APACHE_ARGUMENTS environment.
 #export APACHE_ARGUMENTS=''

 ## Enable the debug mode for maintainer scripts.
 ## This will produce a verbose output on package installations of web server modules and web application
 ## installations which interact with Apache
 #export APACHE2_MAINTSCRIPT_DEBUG=1
--- a/apache/files/Debian/mpm/mpm_event.conf.jinja
+++ b/apache/files/Debian/mpm/mpm_event.conf.jinja
@@ -0,0 +1,22 @@
 # Managed by saltstack

 {%- set mpm_param = salt['pillar.get']('apache:mpm:params', {}) %}

 # event MPM
 # StartServers: initial number of server processes to start
 # MinSpareThreads: minimum number of worker threads which are kept spare
 # MaxSpareThreads: maximum number of worker threads which are kept spare
 # ThreadsPerChild: constant number of worker threads in each server process
 # MaxRequestWorkers: maximum number of worker threads
 # MaxConnectionsPerChild: maximum number of requests a server process serves
 <IfModule mpm_event_module>
 	StartServers {{ mpm_param['start_servers'] | d('2') }}
        MaxRequestWorkers {{ mpm_param['max_request_workers'] | d('150') }}
 	MinSpareThreads {{ mpm_param['min_spare_threads'] | d('25') }}
 	MaxSpareThreads	{{ mpm_param['max_spare_threads'] | d('75') }}
 	ThreadLimit {{ mpm_param['thread_limit'] | d('64') }}
 	ThreadsPerChild	{{ mpm_param['threads_per_child'] | d('25') }}
 	MaxConnectionsPerChild {{ mpm_param['max_connections_per_child'] | d('0') }}
 </IfModule>

 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- a/apache/files/Debian/mpm/mpm_prefork.conf.jinja
+++ b/apache/files/Debian/mpm/mpm_prefork.conf.jinja
@@ -0,0 +1,20 @@
 # Managed by saltstack

 {%- set mpm_param = salt['pillar.get']('apache:mpm:params', {}) %}

 # prefork MPM
 # StartServers: number of server processes to start
 # MinSpareServers: minimum number of server processes which are kept spare
 # MaxSpareServers: maximum number of server processes which are kept spare
 # MaxRequestWorkers: maximum number of server processes allowed to start
 # MaxConnectionsPerChild: maximum number of requests a server process serves

 <IfModule mpm_prefork_module>
 	StartServers {{ mpm_param['start_servers'] | d('5') }}
 	MaxRequestWorkers {{ mpm_param['max_request_workers'] | d('150') }}
 	MinSpareServers {{ mpm_param['min_spare_servers'] | d('5') }}
 	MaxSpareServers {{ mpm_param['max_spare_servers'] | d('10') }}
 	MaxConnectionsPerChild {{ mpm_param['max_connections_per_child'] | d('0') }}
 </IfModule>

 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- a/apache/files/Debian/mpm/mpm_worker.conf.jinja
+++ b/apache/files/Debian/mpm/mpm_worker.conf.jinja
@@ -0,0 +1,26 @@
 # Managed by saltstack

 {%- set mpm_param = salt['pillar.get']('apache:mpm:params', {}) %}

 # worker MPM
 # StartServers: initial number of server processes to start
 # MinSpareThreads: minimum number of worker threads which are kept spare
 # MaxSpareThreads: maximum number of worker threads which are kept spare
 # ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
 #			  graceful restart. ThreadLimit can only be changed by stopping
 #			  and starting Apache.
 # ThreadsPerChild: constant number of worker threads in each server process
 # MaxRequestWorkers: maximum number of threads
 # MaxConnectionsPerChild: maximum number of requests a server process serves

 <IfModule mpm_worker_module>
 	StartServers {{ mpm_param['start_servers'] | d('2') }}
 	MaxRequestWorkers {{ mpm_param['max_request_workers'] | d('150') }}
 	MinSpareThreads {{ mpm_param['min_spare_threads'] | d('25') }}
 	MaxSpareThreads {{ mpm_param['max_spare_threads'] | d('75') }}
 	ThreadLimit {{ mpm_param['thread_limit'] | d('64') }}
 	ThreadsPerChild {{ mpm_param['threads_per_child'] | d('25') }}
 	MaxConnectionsPerChild {{ mpm_param['max_connections_per_child'] | d('0') }}
 </IfModule>

 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- a/apache/files/RedHat/apache.config.jinja
+++ b/apache/files/RedHat/apache.config.jinja
@@ -0,0 +1,356 @@
 #
 # This is the main Apache HTTP server configuration file.  It contains the
 # configuration directives that give the server its instructions.
 # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
 # In particular, see 
 # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
 # for a discussion of each configuration directive.
 #
 # Do NOT simply read the instructions in here without understanding
 # what they do.  They're here only as hints or reminders.  If you are unsure
 # consult the online docs. You have been warned.  
 #
 # Configuration and logfile names: If the filenames you specify for many
 # of the server's control files begin with "/" (or "drive:/" for Win32), the
 # server will use that explicit path.  If the filenames do *not* begin
 # with "/", the value of ServerRoot is prepended -- so 'log/access_log'
 # with ServerRoot set to '/www' will be interpreted by the
 # server as '/www/log/access_log', where as '/log/access_log' will be
 # interpreted as '/log/access_log'.

 #
 # ServerRoot: The top of the directory tree under which the server's
 # configuration, error, and log files are kept.
 #
 # Do not add a slash at the end of the directory path.  If you point
 # ServerRoot at a non-local disk, be sure to specify a local disk on the
 # Mutex directive, if file-based mutexes are used.  If you wish to share the
 # same ServerRoot for multiple httpd daemons, you will need to change at
 # least PidFile.
 #
 ServerRoot "/etc/httpd"

 #
 # Listen: Allows you to bind Apache to specific IP addresses and/or
 # ports, instead of the default. See also the <VirtualHost>
 # directive.
 #
 # Change this to Listen on specific IP addresses as shown below to 
 # prevent Apache from glomming onto all bound IP addresses.
 #
 #Listen 12.34.56.78:80
 Listen 80

 #
 # Dynamic Shared Object (DSO) Support
 #
 # To be able to use the functionality of a module which was built as a DSO you
 # have to place corresponding `LoadModule' lines at this location so the
 # directives contained in it are actually available _before_ they are used.
 # Statically compiled modules (those listed by `httpd -l') do not need
 # to be loaded here.
 #
 # Example:
 # LoadModule foo_module modules/mod_foo.so
 #
 Include conf.modules.d/*.conf

 #
 # If you wish httpd to run as a different user or group, you must run
 # httpd as root initially and it will switch.  
 #
 # User/Group: The name (or #number) of the user/group to run httpd as.
 # It is usually good practice to create a dedicated user and group for
 # running httpd, as with most system services.
 #
 User apache
 Group apache

 # 'Main' server configuration
 #
 # The directives in this section set up the values used by the 'main'
 # server, which responds to any requests that aren't handled by a
 # <VirtualHost> definition.  These values also provide defaults for
 # any <VirtualHost> containers you may define later in the file.
 #
 # All of these directives may appear inside <VirtualHost> containers,
 # in which case these default settings will be overridden for the
 # virtual host being defined.
 #

 #
 # ServerAdmin: Your address, where problems with the server should be
 # e-mailed.  This address appears on some server-generated pages, such
 # as error documents.  e.g. admin@your-domain.com
 #
 ServerAdmin root@localhost

 #
 # ServerName gives the name and port that the server uses to identify itself.
 # This can often be determined automatically, but we recommend you specify
 # it explicitly to prevent problems during startup.
 #
 # If your host doesn't have a registered DNS name, enter its IP address here.
 #
 #ServerName www.example.com:80

 #
 # Deny access to the entirety of your server's filesystem. You must
 # explicitly permit access to web content directories in other 
 # <Directory> blocks below.
 #
 <Directory />
    AllowOverride none
    Require all denied
 </Directory>

 #
 # Note that from this point forward you must specifically allow
 # particular features to be enabled - so if something's not working as
 # you might expect, make sure that you have specifically enabled it
 # below.
 #

 #
 # DocumentRoot: The directory out of which you will serve your
 # documents. By default, all requests are taken from this directory, but
 # symbolic links and aliases may be used to point to other locations.
 #
 DocumentRoot "/var/www/html"

 #
 # Relax access to content within /var/www.
 #
 <Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
 </Directory>

 # Further relax access to the default document root:
 <Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
 </Directory>

 #
 # DirectoryIndex: sets the file that Apache will serve if a directory
 # is requested.
 #
 <IfModule dir_module>
    DirectoryIndex index.html
 </IfModule>

 #
 # The following lines prevent .htaccess and .htpasswd files from being 
 # viewed by Web clients. 
 #
 <Files ".ht*">
    Require all denied
 </Files>

 #
 # ErrorLog: The location of the error log file.
 # If you do not specify an ErrorLog directive within a <VirtualHost>
 # container, error messages relating to that virtual host will be
 # logged here.  If you *do* define an error logfile for a <VirtualHost>
 # container, that host's errors will be logged there and not here.
 #
 ErrorLog "logs/error_log"

 #
 # LogLevel: Control the number of messages logged to the error_log.
 # Possible values include: debug, info, notice, warn, error, crit,
 # alert, emerg.
 #
 LogLevel warn

 <IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    {%- for log_format in salt['pillar.get']('apache:log_formats', []) %}
    LogFormat {{ log_format }}
    {%- endfor %}

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    #CustomLog "logs/access_log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    CustomLog "logs/access_log" combined
 </IfModule>

 <IfModule alias_module>
    #
    # Redirect: Allows you to tell clients about documents that used to 
    # exist in your server's namespace, but do not anymore. The client 
    # will make a new request for the document at its new location.
    # Example:
    # Redirect permanent /foo http://www.example.com/bar

    #
    # Alias: Maps web paths into filesystem paths and is used to
    # access content that does not live under the DocumentRoot.
    # Example:
    # Alias /webpath /full/filesystem/path
    #
    # If you include a trailing / on /webpath then the server will
    # require it to be present in the URL.  You will also likely
    # need to provide a <Directory> section to allow access to
    # the filesystem path.

    #
    # ScriptAlias: This controls which directories contain server scripts. 
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the target directory are treated as applications and
    # run by the server when requested rather than as documents sent to the
    # client.  The same rules about trailing "/" apply to ScriptAlias
    # directives as to Alias.
    #
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

 </IfModule>

 #
 # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
 # CGI directory exists, if you have that configured.
 #
 <Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
 </Directory>

 <IfModule mime_module>
    #
    # TypesConfig points to the file containing the list of mappings from
    # filename extension to MIME-type.
    #
    TypesConfig /etc/mime.types

    #
    # AddType allows you to add to or override the MIME configuration
    # file specified in TypesConfig for specific file types.
    #
    #AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    #
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    #AddHandler cgi-script .cgi

    # For type maps (negotiated resources):
    #AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
 </IfModule>

 #
 # Specify a default charset for all content served; this enables
 # interpretation of all content as UTF-8 by default.  To use the 
 # default browser choice (ISO-8859-1), or to allow the META tags
 # in HTML content to override this choice, comment out this
 # directive:
 #
 AddDefaultCharset UTF-8

 <IfModule mime_magic_module>
    #
    # The mod_mime_magic module allows the server to use various hints from the
    # contents of the file itself to determine its type.  The MIMEMagicFile
    # directive tells the module where the hint definitions are located.
    #
    MIMEMagicFile conf/magic
 </IfModule>

 #
 # Customizable error responses come in three flavors:
 # 1) plain text 2) local redirects 3) external redirects
 #
 # Some examples:
 #ErrorDocument 500 "The server made a boo boo."
 #ErrorDocument 404 /missing.html
 #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
 #ErrorDocument 402 http://www.example.com/subscription_info.html
 #

 #
 # EnableMMAP and EnableSendfile: On systems that support it, 
 # memory-mapping or the sendfile syscall may be used to deliver
 # files.  This usually improves server performance, but must
 # be turned off when serving from networked-mounted 
 # filesystems or if support for these functions is otherwise
 # broken on your system.
 # Defaults if commented: EnableMMAP On, EnableSendfile Off
 #
 #EnableMMAP off
 EnableSendfile on

 # Supplemental configuration
 #
 # Load config files in the "/etc/httpd/conf.d" directory, if any.
 IncludeOptional conf.d/*.conf
--- a/apache/files/Suse/apache.config.jinja
+++ b/apache/files/Suse/apache.config.jinja
@@ -0,0 +1,209 @@
 #
 # /etc/apache2/httpd.conf 
 #
 # This is the main Apache server configuration file.  It contains the
 # configuration directives that give the server its instructions.
 # See <URL:http:///httpd.apache.org/docs/2.4/> for detailed information about
 # the directives.

 # Based upon the default apache configuration file that ships with apache,
 # which is based upon the NCSA server configuration files originally by Rob
 # McCool. This file was knocked together by Peter Poeml <poeml+apache@suse.de>.

 # If possible, avoid changes to this file. It does mainly contain Include
 # statements and global settings that can/should be overridden in the
 # configuration of your virtual hosts.

 # Quickstart guide:
 # http://en.opensuse.org/SDB:Apache_installation


 # Overview of include files, chronologically:
 #
 # httpd.conf
 #  | 
 #  |-- uid.conf  . . . . . . . . . . . . . .  UserID/GroupID to run under
 #  |-- server-tuning.conf  . . . . . . . . .  sizing of the server (how many processes to start, ...)
 #  |-- sysconfig.d/loadmodule.conf . . . . .  [*] load these modules
 #  |-- listen.conf . . . . . . . . . . . . .  IP adresses / ports to listen on
 #  |-- mod_log_config.conf . . . . . . . . .  define logging formats
 #  |-- sysconfig.d/global.conf . . . . . . .  [*] server-wide general settings
 #  |-- mod_status.conf . . . . . . . . . . .  restrict access to mod_status (server monitoring)
 #  |-- mod_info.conf . . . . . . . . . . . .  restrict access to mod_info
 #  |-- mod_usertrack.conf  . . . . . . . . .  defaults for cookie-based user tracking
 #  |-- mod_autoindex-defaults.conf . . . . .  defaults for displaying of server-generated directory listings
 #  |-- mod_mime-defaults.conf  . . . . . . .  defaults for mod_mime configuration
 #  |-- errors.conf . . . . . . . . . . . . .  customize error responses
 #  |-- ssl-global.conf . . . . . . . . . . .  SSL conf that applies to default server _and all_ virtual hosts
 #  |
 #  |-- default-server.conf . . . . . . . . .  set up the default server that replies to non-virtual-host requests
 #  |    |--mod_userdir.conf  . . . . . . . .  enable UserDir (if mod_userdir is loaded)
 #  |    `--conf.d/apache2-manual?conf  . . .  add the docs ('?' = if installed)
 #  |
 #  |-- sysconfig.d/include.conf  . . . . . .  [*] your include files 
 #  |                                             (for each file to be included here, put its name 
 #  |                                              into APACHE_INCLUDE_* in /etc/sysconfig/apache2)
 #  |
 #  `-- vhosts.d/ . . . . . . . . . . . . . .  for each virtual host, place one file here
 #       `-- *.conf . . . . . . . . . . . . .     (*.conf is automatically included)
 #
 #
 # Files marked [*] are created from sysconfig upon server restart: instead of
 # these files, you edit /etc/sysconfig/apache2



 #  Filesystem layout:
 #
 # /etc/apache2/
 #  |-- charset.conv  . . . . . . . . . . . .  for mod_auth_ldap
 #  |-- conf.d/
 #  |   |-- apache2-manual.conf . . . . . . .  conf that comes with apache2-doc
 #  |   |-- mod_php4.conf . . . . . . . . . .  (example) conf that comes with apache2-mod_php4
 #  |   `-- ... . . . . . . . . . . . . . . .  other configuration added by packages
 #  |-- default-server.conf
 #  |-- errors.conf
 #  |-- httpd.conf  . . . . . . . . . . . . .  top level configuration file
 #  |-- listen.conf
 #  |-- magic
 #  |-- mime.types -> ../mime.types
 #  |-- mod_autoindex-defaults.conf
 #  |-- mod_info.conf
 #  |-- mod_log_config.conf
 #  |-- mod_mime-defaults.conf
 #  |-- mod_perl-startup.pl
 #  |-- mod_status.conf
 #  |-- mod_userdir.conf
 #  |-- mod_usertrack.conf
 #  |-- server-tuning.conf
 #  |-- ssl-global.conf
 #  |-- ssl.crl/  . . . . . . . . . . . . . .  PEM-encoded X.509 Certificate Revocation Lists (CRL)
 #  |-- ssl.crt/  . . . . . . . . . . . . . .  PEM-encoded X.509 Certificates
 #  |-- ssl.csr/  . . . . . . . . . . . . . .  PEM-encoded X.509 Certificate Signing Requests
 #  |-- ssl.key/  . . . . . . . . . . . . . .  PEM-encoded RSA Private Keys
 #  |-- ssl.prm/  . . . . . . . . . . . . . .  public DSA Parameter Files
 #  |-- sysconfig.d/  . . . . . . . . . . . .  files that are created from /etc/sysconfig/apache2
 #  |   |-- global.conf
 #  |   |-- include.conf
 #  |   `-- loadmodule.conf
 #  |-- uid.conf
 #  `-- vhosts.d/ . . . . . . . . . . . . . .  put your virtual host configuration (*.conf) here
 #      |-- vhost-ssl.template
 #      `-- vhost.template



 ### Global Environment ######################################################
 #
 # The directives in this section affect the overall operation of Apache,
 # such as the number of concurrent requests.

 # run under this user/group id
 Include /etc/apache2/uid.conf

 # - how many server processes to start (server pool regulation)
 # - usage of KeepAlive
 Include /etc/apache2/server-tuning.conf

 # ErrorLog: The location of the error log file.
 # If you do not specify an ErrorLog directive within a <VirtualHost>
 # container, error messages relating to that virtual host will be
 # logged here.  If you *do* define an error logfile for a <VirtualHost>
 # container, that host's errors will be logged there and not here.
 ErrorLog /var/log/apache2/error_log

 # generated from APACHE_MODULES in /etc/sysconfig/apache2
 Include /etc/apache2/sysconfig.d/loadmodule.conf

 # IP addresses / ports to listen on
 Include /etc/apache2/listen.conf

 # predefined logging formats
 Include /etc/apache2/mod_log_config.conf

 # generated from global settings in /etc/sysconfig/apache2
 Include /etc/apache2/sysconfig.d/global.conf

 # optional mod_status, mod_info
 Include /etc/apache2/mod_status.conf
 Include /etc/apache2/mod_info.conf

 # optional cookie-based user tracking
 # read the documentation before using it!!
 Include /etc/apache2/mod_usertrack.conf

 # configuration of server-generated directory listings
 Include /etc/apache2/mod_autoindex-defaults.conf

 # associate MIME types with filename extensions
 TypesConfig /etc/apache2/mime.types
 Include /etc/apache2/mod_mime-defaults.conf

 # set up (customizable) error responses
 Include /etc/apache2/errors.conf

 # global (server-wide) SSL configuration, that is not specific to 
 # any virtual host
 Include /etc/apache2/ssl-global.conf

 # forbid access to the entire filesystem by default
 <Directory />
    Options None
    AllowOverride None
    Require all denied
 </Directory>

 # use .htaccess files for overriding,
 AccessFileName .htaccess
 # and never show them
 <Files ~ "^\.ht">
    Require all denied
 </Files>

 # List of resources to look for when the client requests a directory
 DirectoryIndex index.html index.html.var

 ### 'Main' server configuration #############################################
 #
 # The directives in this section set up the values used by the 'main'
 # server, which responds to any requests that aren't handled by a
 # <VirtualHost> definition.  These values also provide defaults for
 # any <VirtualHost> containers you may define later in the file.
 #
 # All of these directives may appear inside <VirtualHost> containers,
 # in which case these default settings will be overridden for the
 # virtual host being defined.
 #
 Include /etc/apache2/default-server.conf


 # Another way to include your own files
 #
 # The file below is generated from /etc/sysconfig/apache2,
 # include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and
 # APACHE_CONF_INCLUDE_DIRS
 Include /etc/apache2/sysconfig.d/include.conf


 ### Virtual server configuration ############################################
 #
 # VirtualHost: If you want to maintain multiple domains/hostnames on your
 # machine you can setup VirtualHost containers for them. Most configurations
 # use only name-based virtual hosts so the server doesn't need to worry about
 # IP addresses. This is indicated by the asterisks in the directives below.
 #
 # Please see the documentation at
 # <URL:http:///httpd.apache.org/docs/2.4/vhosts/>
 # for further details before you try to setup virtual hosts.
 #
 # You may use the command line option '-S' to verify your virtual host
 # configuration.
 #
 IncludeOptional /etc/apache2/vhosts.d/*.conf


 # Note: instead of adding your own configuration here, consider 
 #       adding it in your own file (/etc/apache2/httpd.conf.local)
 #       putting its name into APACHE_CONF_INCLUDE_FILES in 
 #       /etc/sysconfig/apache2 -- this will make system updates 
 #       easier :) 
--- a/apache/map.jinja
+++ b/apache/map.jinja
@@ -2,8 +2,11 @@
    'Debian': {
        'server': 'apache2',
        'service': 'apache2',
        'configfile': '/etc/apache2/apache2.conf',

        'mod_wsgi': 'libapache2-mod-wsgi',
        'mod_php5': 'libapache2-mod-php5',
        'mod_fcgid': 'libapache2-mod-fcgid',

        'vhostdir': '/etc/apache2/sites-available',
        'confdir': '/etc/apache2/conf.d',
@@ -17,6 +20,7 @@
    'RedHat': {
        'server': 'httpd',
        'service': 'httpd',
        'configfile': '/etc/httpd/conf/httpd.conf',

        'mod_wsgi': 'mod_wsgi',

@@ -32,8 +36,11 @@
    'Suse': {
        'server': 'apache2',
        'service': 'apache2',
        'configfile': '/etc/apache2/httpd.conf',

        'mod_wsgi': 'apache2-mod_wsgi',
        'mod_php5': 'apache2-mod_php5',
        'mod_fcgid': 'apache2-mod_fcgid',

        'vhostdir': '/etc/apache2/vhosts.d',
        'confdir': '/etc/httpd/conf.d',
@@ -47,6 +54,7 @@
    'FreeBSD': {
        'server': 'apache22',
        'service': 'apache22',
        'configfile': '/usr/local/etc/apache22/httpd.conf',

        'mod_wsgi': 'ap22-mod_wsgi3',

--- a/apache/mod_actions.sls
+++ b/apache/mod_actions.sls
@@ -0,0 +1,15 @@
 {% if grains['os_family']=="Debian" %}

 include:
  - apache

 a2enmod actions:
  cmd.run:
    - unless: ls /etc/apache2/mods-enabled/actions.load
    - order: 255
    - require:
      - pkg: apache
    - watch_in:
      - module: apache-restart

 {% endif %}
--- a/apache/mod_fcgid.sls
+++ b/apache/mod_fcgid.sls
@@ -1,15 +1,16 @@
 {% if grains['os_family']=="Debian" %}
 {% from "apache/map.jinja" import apache with context %}

 include:
  - apache

 mod-fcgid:
  pkg.installed:
    - name: libapache2-mod-fcgid
    - name: {{ apache.mod_fcgid }}
    - order: 180
    - require:
      - pkg: apache

 {% if grains['os_family']=="Debian" %}
 a2enmod fcgid:
  cmd.run:
    - order: 225
--- a/apache/mod_headers.sls
+++ b/apache/mod_headers.sls
@@ -0,0 +1,15 @@
 {% if grains['os_family']=="Debian" %}

 include:
  - apache

 a2enmod headers:
  cmd.run:
    - unless: ls /etc/apache2/mods-enabled/headers.load
    - order: 255
    - require:
      - pkg: apache
    - watch_in:
      - module: apache-restart

 {% endif %}
--- a/apache/mod_mpm.sls
+++ b/apache/mod_mpm.sls
@@ -0,0 +1,38 @@
 {% if grains['os_family']=="Debian" %}
 {% from "apache/map.jinja" import apache with context %}
 {% set mpm_module = salt['pillar.get']('apache:mpm:module', 'mpm_prefork') %}

 include:
  - apache

 a2enmod {{ mpm_module }}:
  cmd.run:
    - unless: ls /etc/apache2/mods-enabled/{{ mpm_module }}.load
    - require:
      - pkg: apache
    - watch_in:
      - module: apache_restart
  file.managed:
    - name: /etc/apache2/mods-available/{{ mpm_module }}.conf
    - template: jinja
    - source:
      - salt://apache/files/Debian/mpm/{{ mpm_module }}.conf.jinja
    - require:
      - pkg: apache
    - watch_in:
      - module: apache_restart

 # Deactivate the other mpm modules as a previous step
 {% for mod in ['mpm_prefork', 'mpm_worker', 'mpm_event'] if not mod == mpm_module %}
 a2dismod {{ mod }}:
  cmd.run:
    - onlyif: test -e /etc/apache2/mods-enabled/{{ mod }}.load
    - require:
      - pkg: apache
    - require_in:
      - cmd: a2enmod {{ mpm_module }}
    - watch_in:
      - module: apache_restart
 {% endfor %}

 {% endif %}
--- a/apache/mod_pagespeed.sls
+++ b/apache/mod_pagespeed.sls
@@ -0,0 +1,57 @@
 {% if grains['os_family']=="Debian" %}
 {% from "apache/map.jinja" import apache with context %}

 include:
  - apache

 libapache2-mod-pagespeed:
  pkg:
    - installed
    - sources:
      - mod-pagespeed-stable: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb


 a2enmod pagespeed:
  cmd.run:
    - unless: ls /etc/apache2/mods-enabled/pagespeed.load
    - order: 255
    - require:
      - pkg: libapache2-mod-pagespeed
    - watch_in:
      - service: apache


 {% for dir in ['/var/cache/mod_pagespeed', '/var/log/pagespeed'] %}
 {{ dir }}:
  file:
    - directory
    - makedirs: true
    - user: {{ salt['pillar.get']('apache:user', 'www-data') }}
    - group: {{ salt['pillar.get']('apache:group', 'www-data') }}
    - require:
      - pkg: libapache2-mod-pagespeed
      - user: {{ salt['pillar.get']('apache:user', 'www-data') }}
      - group: {{ salt['pillar.get']('apache:group', 'www-data') }}
 {% endfor %}

 # Here we hardcode a logrotate entry to take care of the logs
 /etc/logrorate.d/pagespeed:
  file:
    - managed
    - contents: |
        /var/log/pagespeed/*.log {
          weekly
          missingok
          rotate 52
          compress
          delaycompress
          notifempty
          sharedscripts
          postrotate
            if /etc/init.d/apache2 status > /dev/null ; then \
              /etc/init.d/apache2 reload > /dev/null; \
            fi;
          endscript
        }

 {% endif %}
--- a/apache/mod_php5.sls
+++ b/apache/mod_php5.sls
@@ -1,15 +1,16 @@
 {% if grains['os_family']=="Debian" %}
 {% from "apache/map.jinja" import apache with context %}

 include:
  - apache

 mod-php5:
  pkg.installed:
    - name: libapache2-mod-php5
    - name: {{ apache.mod_php5 }}
    - order: 180
    - require:
      - pkg: apache

 {% if grains['os_family']=="Debian" %}
 a2enmod php5:
  cmd.run:
    - unless: ls /etc/apache2/mods-enabled/php5.load
--- a/apache/mod_rewrite.sls
+++ b/apache/mod_rewrite.sls
--- a/apache/mod_vhost_alias.sls
+++ b/apache/mod_vhost_alias.sls