Saltstack Official Apache Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

127 lines
6.1KB

  1. {# Define default values here so the template below can just focus on layout #}
  2. {% from "apache/map.jinja" import apache with context %}
  3. {% set sitename = site.get('ServerName', id) %}
  4. {% set vals = {
  5. 'interfaces': site.get('interface', '*').split(),
  6. 'port': site.get('port', '80'),
  7. 'ServerName': sitename,
  8. 'ServerAlias': site.get('ServerAlias', 'www.{0}'.format(sitename)),
  9. 'ServerAdmin': site.get('ServerAdmin', 'webmaster@{0}'.format(sitename)),
  10. 'UseCanonicalName': site.get('UseCanonicalName'),
  11. 'LogLevel': site.get('LogLevel', 'warn'),
  12. 'ErrorLog': site.get('ErrorLog', '{0}/{1}-error.log'.format(map.logdir, sitename)),
  13. 'LogFormat': site.get('LogFormat', '"%a %l %u %t \\"%r\\" %>s %O \\"%{Referer}i\\" \\"%{User-Agent}i\\""'),
  14. 'CustomLog': site.get('CustomLog', '{0}/{1}-access.log'.format(map.logdir, sitename)),
  15. 'ProxyRequests': site.get('ProxyRequests', 'Off'),
  16. 'ProxyPreserveHost': site.get('ProxyPreserveHost', 'On'),
  17. 'ProxyRoute': site.get('ProxyRoute', {}),
  18. 'Location': {
  19. 'Order': 'allow,deny',
  20. 'Allow': 'from all',
  21. 'Require': 'all granted',
  22. },
  23. 'LocationMatch': {
  24. 'Order': 'allow,deny',
  25. 'Allow': 'from all',
  26. 'Require': 'all granted',
  27. },
  28. } %}
  29. <VirtualHost {%- for intf in vals.interfaces %} {{intf}}:{{ vals.port }}{% endfor -%}>
  30. ServerName {{ vals.ServerName }}
  31. {% if site.get('ServerAlias') != False %}ServerAlias {{ vals.ServerAlias }}{% endif %}
  32. {% if site.get('ServerAdmin') != False %}ServerAdmin {{ vals.ServerAdmin }}{% endif %}
  33. {% if site.get('UseCanonicalName') %}UseCanonicalName {{ vals.UseCanonicalName }}{% endif %}
  34. {% if site.get('LogLevel') != False %}LogLevel {{ vals.LogLevel }}{% endif %}
  35. {% if site.get('ErrorLog') != False %}ErrorLog {{ vals.ErrorLog }}{% endif %}
  36. {% if site.get('CustomLog') != False %}CustomLog {{ vals.CustomLog }} {{ vals.LogFormat }}{% endif %}
  37. {% if site.get('SSLCertificateFile') %}SSLEngine on
  38. SSLCertificateFile {{ site.SSLCertificateFile }}
  39. {% if site.get('SSLCertificateKeyFile') %}SSLCertificateKeyFile {{ site.SSLCertificateKeyFile }}{% endif %}
  40. {% if site.get('SSLCertificateChainFile') %}SSLCertificateChainFile {{ site.SSLCertificateChainFile}}{% endif %}
  41. {% endif %}
  42. {% if site.get('Rewrite') %}RewriteEngine on
  43. {{ site.Rewrite }}
  44. {% endif %}
  45. {% if site.get('SSLProxyEngine') %}SSLProxyEngine {{ site.SSLProxyEngine }}{% endif %}
  46. ProxyRequests {{ vals.ProxyRequests }}
  47. ProxyPreserveHost {{ vals.ProxyPreserveHost }}
  48. {% if site.get('ProxyErrorOverride') %}ProxyErrorOverride {{ site.ProxyErrorOverride }} {% endif %}
  49. {% if site.get('ProxyErrorDir') %}ProxyPass /{{ site.ProxyErrorDir }}/ ! {% endif %}
  50. {% for proxy, proxyargs in vals.ProxyRoute|dictsort|reverse %}
  51. {% set proxyvals = {
  52. 'ProxyPassSource': proxyargs.get('ProxyPassSource', '/'),
  53. 'ProxyPassTarget': proxyargs.get('ProxyPassTarget', 'https://{0}'.format(sitename)),
  54. 'ProxyPassTargetOptions': proxyargs.get('ProxyPassTargetOptions', ''),
  55. 'ProxyPassReverseSource': proxyargs.get('ProxyPassReverseSource', '/'),
  56. 'ProxyPassReverseTarget': proxyargs.get('ProxyPassReverseTarget', proxyargs.get('ProxyPassTarget', 'https://{0}'.format(sitename))),
  57. } %}
  58. ######### {{proxy}} #########
  59. ProxyPass {{ proxyvals.ProxyPassSource }} {{ proxyvals.ProxyPassTarget }} {{ proxyvals.ProxyPassTargetOptions }}
  60. ProxyPassReverse {{ proxyvals.ProxyPassReverseSource }} {{ proxyvals.ProxyPassReverseTarget }}
  61. {% endfor %}
  62. {%- for path, loc in site.get('Location', {}).items() %}
  63. {%- set lvals = {
  64. 'Order': loc.get('Order', vals.Location.Order),
  65. 'Allow': loc.get('Allow', vals.Location.Allow),
  66. 'Require': loc.get('Require', vals.Location.Require),
  67. 'Dav': loc.get('Dav', False),
  68. } %}
  69. <Location "{{ path }}">
  70. {% if apache.version == '2.4' %}
  71. {%- if lvals.get('Require') != False %}Require {{lvals.Require}}{% endif %}
  72. {% else %}
  73. {%- if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %}
  74. {%- if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %}
  75. {% endif %}
  76. {%- if loc.get('Formula_Append') %} {{ loc.Formula_Append|indent(8) }} {% endif %}
  77. </Location>
  78. {% endfor %}
  79. {%- for regpath, locmat in site.get('LocationMatch', {}).items() %}
  80. {%- set lmvals = {
  81. 'Order': locmat.get('Order', vals.LocationMatch.Order),
  82. 'Allow': locmat.get('Allow', vals.LocationMatch.Allow),
  83. 'Require': locmat.get('Require', vals.LocationMatch.Require),
  84. 'Dav': locmat.get('Dav', False),
  85. } %}
  86. <LocationMatch "{{ regpath }}">
  87. {% if apache.version == '2.4' %}
  88. {%- if lmvals.get('Require') != False %}Require {{lmvals.Require}}{% endif %}
  89. {% else %}
  90. {%- if lmvals.get('Order') != False %}Order {{ lmvals.Order }}{% endif %}
  91. {%- if lmvals.get('Allow') != False %}Allow {{ lmvals.Allow }}{% endif %}
  92. {% endif %}
  93. {%- if locmat.get('Formula_Append') %} {{ locmat.Formula_Append|indent(8) }} {% endif %}
  94. </LocationMatch>
  95. {% endfor %}
  96. {%- for proxypath, prox in site.get('Proxy_control', {}).items() %}
  97. {%- set proxvals = {
  98. 'AllowAll': prox.get('AllowAll', vals.AllowAll),
  99. 'AllowCountry': prox.get('AllowCountry', vals.AllowCountry),
  100. 'AllowIP': prox.get('AllowIP', vals.AllowIP),
  101. } %}
  102. <Proxy "{{ proxypath }}">
  103. {%- if proxvals.get('AllowAll') != False %}
  104. Require all granted
  105. {%- else %}
  106. {% if proxvals.get('AllowCountry') != False %}{% set country_list = proxvals.get('AllowCountry', {}) %}GeoIPEnable On
  107. {% for every_country in country_list %}SetEnvIf GEOIP_COUNTRY_CODE {{ every_country }} AllowCountry
  108. {% endfor %}Require env AllowCountry {% endif %}
  109. {% if proxvals.get('AllowIP') is defined %} {% set ip_list = proxvals.get('AllowIP', {}) %}
  110. Require ip {% for every_ip in ip_list %}{{ every_ip }} {% endfor %} {% endif %}
  111. {%- endif %}
  112. </Proxy>
  113. {%- endfor %}
  114. {% if site.get('Formula_Append') %}
  115. {{ site.Formula_Append|indent(4) }}
  116. {% endif %}
  117. </VirtualHost>