|
-
- apache:
-
-
- lookup:
- server: apache2
- service: apache2
-
- vhostdir: /etc/apache2/sites-available
- confdir: /etc/apache2/conf.d
- confext: .conf
- logdir: /var/log/apache2
- wwwdir: /srv/apache2
-
-
- version: '2.2'
-
-
- mod_wsgi: mod_wsgi
-
-
- global:
-
- AllowEncodedSlashes: 'On'
-
-
- name_virtual_hosts:
- - interface: '*'
- port: 80
- - interface: '*'
- port: 443
-
-
- sites:
- example.net:
- template_file: salt://apache/vhosts/minimal.tmpl
-
- example.com:
- enabled: True
- template_file: salt://apache/vhosts/standard.tmpl
-
-
-
-
-
-
-
-
-
- template_engine: jinja
-
- interface: '*'
- port: '80'
-
- ServerName: example.com
- ServerAlias: www.example.com
-
- ServerAdmin: webmaster@example.com
-
- LogLevel: warn
- ErrorLog: /path/to/logs/example.com-error.log
- CustomLog: /path/to/logs/example.com-access.log
-
- DocumentRoot: /path/to/www/dir/example.com
-
- SSLCertificateFile: /etc/ssl/mycert.pem
- SSLCertificateKeyFile: /etc/ssl/mycert.pem.key
- SSLCertificateChainFile: /etc/ssl/mycert.chain.pem
-
- Directory:
-
-
- default:
- Options: -Indexes +FollowSymLinks
- Order: allow,deny
- Allow: from all
- Require: all granted
- AllowOverride: None
- Formula_Append: |
- Additional config as a
- multi-line string here
-
- # if template is 'redirect.tmpl'
- # RedirectSource: '/'
- # RedirectTarget: 'http://www.example.net'
-
- # if template is 'proxy.tmpl'
- # ProxyPreserveHost: 'On'
- # ProxyRoute:
- # my sample route:
- # ProxyPassSource: '/'
- # ProxyPassTarget: 'http://www.example.net'
- # ProxyPassReverseSource: '/'
- # ProxyPassReverseTarget: 'http://www.example.net'
-
- Alias:
- /docs: /usr/share/docs
-
- Location:
- /docs:
- Order: allow,deny
- Allow: from all
- Require: all granted
- Formula_Append: |
- Additional config as a
- multi-line string here
-
- Formula_Append: |
- Additional config as a
- multi-line string here
-
- # ``apache.debian_full`` formula additional configuration:
- register-site:
-
- UNIQUE_VALUE_HERE:
- name: 'my name'
- path: 'salt://path/to/sites-available/conf/file'
- state: 'enabled'
-
-
-
-
-
- modules:
- enabled:
- - ldap
- - ssl
- disabled:
- - rewrite
-
-
-
- keepalive: 'On'
-
- security:
-
-
- ServerTokens: Prod
-
-
- mod_remoteip:
- RemoteIPHeader: X-Forwarded-For
- RemoteIPTrustedProxy:
- - 10.0.8.0/24
- - 127.0.0.1
-
-
- mod_security:
- crs_install: True
-
- manage_config: True
- sec_rule_engine: 'On'
- sec_request_body_access: 'On'
- sec_request_body_limit: '14000000'
- sec_request_body_no_files_limit: '114002'
- sec_request_body_in_memory_limit: '114002'
- sec_request_body_limit_action: 'Reject'
- sec_pcre_match_limit: '15000'
- sec_pcre_match_limit_recursion: '15000'
- sec_debug_log_level: '3'
|