Merge pull request #101 from michaelforge/feature-mod_remoteip

Added ability to configure mod_remoteip

README.rst

@@ -85,6 +85,11 @@ Installs and enables the mod_fcgid module
 
 Enables the Apache module vhost_alias (Debian Only)
 
+``apache.mod_remoteip``
+----------------------
+
+Enables and configures the Apache module mod_remoteip using data from Pillar. (Debian Only)
+
 ``apache.vhosts.standard``
 --------------------------
 

apache/files/Debian/conf-available/remoteip.conf.jinja

@@ -0,0 +1,4 @@
+RemoteIPHeader {{ salt['pillar.get']('apache:mod_remoteip:RemoteIPHeader', 'X-Forwarded-For') }}
+{%- for trusted_proxy in salt['pillar.get']('apache:mod_remoteip:RemoteIPTrustedProxy', []) %}
+RemoteIPTrustedProxy {{ trusted_proxy }}
+{%- endfor %}

apache/mod_remoteip.sls

@@ -0,0 +1,25 @@
+{% if grains['os_family']=="Debian" %}
+
+include:
+  - apache
+
+a2enmod remoteip:
+  cmd.run:
+    - unless: ls /etc/apache2/mods-enabled/remoteip.load
+    - order: 255
+    - require:
+      - pkg: apache
+    - watch_in:
+      - module: apache-restart
+
+/etc/apache2/conf-available/remoteip.conf:
+  file.managed:
+    - template: jinja
+    - source:
+      - salt://apache/files/{{ salt['grains.get']('os_family') }}/conf-available/remoteip.conf.jinja
+    - require:
+      - pkg: apache
+    - watch_in:
+      - service: apache
+
+{% endif %}

pillar.example

@@ -120,3 +120,10 @@ apache:
     # can be Full | OS | Minimal | Minor | Major | Prod
     # where Full conveys the most information, and Prod the least.
     ServerTokens: Prod
+
+  # ``apache.mod_remoteip`` formula additional configuration:
+  mod_remoteip:
+    RemoteIPHeader: X-Forwarded-For
+    RemoteIPTrustedProxy:
+      - 10.0.8.0/24
+      - 127.0.0.1