2019-10-17 09:58:44 +02:00
|
|
|
.. _readme:
|
|
|
|
|
2013-06-13 00:05:04 +02:00
|
|
|
apache
|
2013-07-29 23:34:54 +02:00
|
|
|
======
|
2013-07-27 20:12:01 +02:00
|
|
|
|
2019-10-17 09:58:44 +02:00
|
|
|
|img_travis| |img_sr|
|
|
|
|
|
|
|
|
.. |img_travis| image:: https://travis-ci.com/saltstack-formulas/apache-formula.svg?branch=master
|
|
|
|
:alt: Travis CI Build Status
|
|
|
|
:scale: 100%
|
|
|
|
:target: https://travis-ci.com/saltstack-formulas/apache-formula
|
|
|
|
.. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg
|
|
|
|
:alt: Semantic Release
|
|
|
|
:scale: 100%
|
|
|
|
:target: https://github.com/semantic-release/semantic-release
|
|
|
|
|
2013-08-28 00:27:53 +02:00
|
|
|
Formulas to set up and configure the Apache HTTP server.
|
2013-07-29 23:34:54 +02:00
|
|
|
|
2019-10-17 09:58:44 +02:00
|
|
|
.. contents:: **Table of Contents**
|
|
|
|
|
|
|
|
General notes
|
|
|
|
-------------
|
|
|
|
|
|
|
|
See the full `SaltStack Formulas installation and usage instructions
|
|
|
|
<https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.
|
|
|
|
|
|
|
|
If you are interested in writing or contributing to formulas, please pay attention to the `Writing Formula Section
|
|
|
|
<https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#writing-formulas>`_.
|
|
|
|
|
|
|
|
If you want to use this formula, please pay attention to the ``FORMULA`` file and/or ``git tag``,
|
|
|
|
which contains the currently released version. This formula is versioned according to `Semantic Versioning <http://semver.org/>`_.
|
2013-07-29 23:34:54 +02:00
|
|
|
|
2019-10-17 09:58:44 +02:00
|
|
|
See `Formula Versioning Section <https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#versioning>`_ for more details.
|
|
|
|
|
|
|
|
Contributing to this repo
|
|
|
|
-------------------------
|
|
|
|
|
|
|
|
**Commit message formatting is significant!!**
|
|
|
|
|
|
|
|
Please see `How to contribute <https://github.com/saltstack-formulas/.github/blob/master/CONTRIBUTING.rst>`_ for more details.
|
2013-07-29 23:34:54 +02:00
|
|
|
|
2013-08-13 23:12:57 +02:00
|
|
|
Available states
|
2019-10-17 09:58:44 +02:00
|
|
|
----------------
|
2013-08-28 00:27:53 +02:00
|
|
|
|
|
|
|
.. contents::
|
2019-10-17 09:58:44 +02:00
|
|
|
:local:
|
2013-07-29 23:34:54 +02:00
|
|
|
|
2013-08-13 23:12:57 +02:00
|
|
|
``apache``
|
2019-10-17 09:58:44 +02:00
|
|
|
^^^^^^^^^^
|
2013-08-28 00:27:53 +02:00
|
|
|
|
|
|
|
Installs the Apache package and starts the service.
|
|
|
|
|
2015-06-19 20:44:53 +02:00
|
|
|
``apache.config``
|
2019-10-17 09:58:44 +02:00
|
|
|
^^^^^^^^^^^^^^^^^
|
2015-06-19 20:44:53 +02:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
Metastate to apply all apache configuration
|
|
|
|
|
|
|
|
|
|
|
|
``apache.config.file``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
2015-06-19 20:44:53 +02:00
|
|
|
Configures apache based on os_family
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.flags``
|
2019-10-17 09:58:44 +02:00
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^
|
2017-03-09 12:44:32 +01:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
Configures apache flags on SuSE
|
|
|
|
|
|
|
|
``apache.config.certificates``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
2017-03-09 12:44:32 +01:00
|
|
|
Deploy SSL certificates from pillars
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^
|
2015-06-19 20:44:53 +02:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
Metastate to Enable and disable Apache modules.
|
2015-06-19 20:44:53 +02:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_mpm``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2014-11-21 00:37:14 +01:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
Configures the apache mpm modules on Debian ``mpm_prefork``, ``mpm_worker`` or ``mpm_event`` (Debian Only)
|
2014-11-21 00:37:14 +01:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_rewrite``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2015-06-19 20:44:53 +02:00
|
|
|
|
2017-01-08 12:48:42 +01:00
|
|
|
Enabled the Apache module mod_rewrite (Debian and FreeBSD only)
|
2015-06-19 20:44:53 +02:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_proxy``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2014-01-04 19:29:22 +01:00
|
|
|
|
2017-01-08 12:03:48 +01:00
|
|
|
Enables the Apache module mod_proxy. (Debian and FreeBSD only)
|
2014-01-04 19:29:22 +01:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_proxy_http``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2014-01-04 19:29:22 +01:00
|
|
|
|
2015-06-19 20:44:53 +02:00
|
|
|
Enables the Apache module mod_proxy_http and requires the Apache module mod_proxy to be enabled. (Debian Only)
|
2014-01-04 19:29:22 +01:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_proxy_fcgi``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2017-02-07 16:03:30 +01:00
|
|
|
|
|
|
|
Enables the Apache module mod_proxy_fcgi and requires the Apache module mod_proxy to be enabled. (Debian Only)
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_wsgi``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2013-08-28 00:27:53 +02:00
|
|
|
|
|
|
|
Installs the mod_wsgi package and enables the Apache module.
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_actions``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2015-06-19 20:44:53 +02:00
|
|
|
|
|
|
|
Enables the Apache module mod_actions. (Debian Only)
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_headers``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2015-06-19 20:44:53 +02:00
|
|
|
|
|
|
|
Enables the Apache module mod_headers. (Debian Only)
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_pagespeed``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2015-06-19 20:44:53 +02:00
|
|
|
|
2015-11-19 22:04:03 +01:00
|
|
|
Installs and Enables the mod_pagespeed module. (Debian and RedHat Only)
|
2015-06-19 20:44:53 +02:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_perl2``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2017-01-08 12:30:33 +01:00
|
|
|
|
|
|
|
Installs and enables the mod_perl2 module (Debian and FreeBSD only)
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_geoip``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2017-03-09 12:44:32 +01:00
|
|
|
|
|
|
|
Installs and enables the mod_geoIP (RedHat only)
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_php5``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2015-06-19 20:44:53 +02:00
|
|
|
|
|
|
|
Installs and enables the mod_php5 module
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_cgi``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2017-01-16 14:02:23 +01:00
|
|
|
|
|
|
|
Enables mod_cgi. (FreeBSD only)
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_fcgid``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2015-06-19 20:44:53 +02:00
|
|
|
|
2018-02-14 22:01:43 +01:00
|
|
|
Installs and enables the mod_fcgid module (Debian only)
|
2015-06-19 20:44:53 +02:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_fastcgi``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2017-02-07 16:03:30 +01:00
|
|
|
|
|
|
|
Installs and enables the mod_fastcgi module
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_dav_svn``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2015-12-24 10:53:33 +01:00
|
|
|
|
|
|
|
Installs and enables the mod_dav_svn module (Debian only)
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_security``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2016-05-11 03:48:26 +02:00
|
|
|
|
2020-10-08 22:48:15 +02:00
|
|
|
Installs an enables the `Apache mod_security2 WAF <http://modsecurity.org/>`_
|
2016-05-11 03:48:26 +02:00
|
|
|
using data from Pillar. (Debian and RedHat Only)
|
|
|
|
|
|
|
|
Allows you to install the basic Core Rules (CRS) and some basic configuration for mod_security2
|
2015-12-24 10:53:33 +01:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_security.rules``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2016-09-23 11:12:37 +02:00
|
|
|
|
|
|
|
This state can create symlinks based on basic Core Rules package. (Debian only)
|
|
|
|
Or it can distribute a mod_security rule file and place it /etc/modsecurity/
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_socache_shmcb``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2016-09-27 00:56:52 +02:00
|
|
|
|
|
|
|
Enables mod_socache_shmcb. (FreeBSD only)
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_ssl``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2016-05-18 10:07:24 +02:00
|
|
|
|
2016-09-27 00:56:52 +02:00
|
|
|
Installs and enables the mod_ssl module (Debian, RedHat and FreeBSD only)
|
2016-05-18 10:07:24 +02:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_suexec``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2017-01-08 12:13:38 +01:00
|
|
|
|
|
|
|
Enables mod_suexec. (FreeBSD only)
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_vhost_alias``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2015-06-19 20:44:53 +02:00
|
|
|
|
|
|
|
Enables the Apache module vhost_alias (Debian Only)
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_remoteip``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2015-12-16 00:54:14 +01:00
|
|
|
|
|
|
|
Enables and configures the Apache module mod_remoteip using data from Pillar. (Debian Only)
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_xsendfile``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2017-02-07 16:03:30 +01:00
|
|
|
|
|
|
|
Installs and enables mod_xsendfile module. (Debian Only)
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.own_default_vhost``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2013-08-28 00:27:53 +02:00
|
|
|
|
2015-12-29 18:08:39 +01:00
|
|
|
Replace default vhost with own version. By default, it's 503 code. (Debian Only)
|
2013-08-28 00:27:53 +02:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.no_default_vhost``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2016-02-16 13:09:52 +01:00
|
|
|
|
|
|
|
Remove the default vhost. (Debian Only)
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.vhosts.standard``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2015-12-14 15:44:59 +01:00
|
|
|
|
2015-12-29 18:08:39 +01:00
|
|
|
Configures Apache name-based virtual hosts and creates virtual host directories using data from Pillar.
|
2015-12-14 15:44:59 +01:00
|
|
|
|
2013-08-28 00:27:53 +02:00
|
|
|
Example Pillar:
|
|
|
|
|
|
|
|
.. code:: yaml
|
|
|
|
|
|
|
|
apache:
|
|
|
|
sites:
|
|
|
|
example.com: # must be unique; used as an ID declaration in Salt; also passed to the template context as {{ id }}
|
|
|
|
template_file: salt://apache/vhosts/standard.tmpl
|
|
|
|
|
2016-01-25 12:19:55 +01:00
|
|
|
When using the provided templates, one can use a space separated list
|
|
|
|
of interfaces to bind to. For example, to bind both IPv4 and IPv6:
|
|
|
|
|
|
|
|
.. code:: yaml
|
|
|
|
|
|
|
|
apache:
|
|
|
|
sites:
|
|
|
|
example.com:
|
|
|
|
interface: '1.2.3.4 [2001:abc:def:100::3]'
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.manage_security``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2015-12-14 15:14:32 +01:00
|
|
|
|
|
|
|
Configures Apache's security.conf options by reassinging them using data from Pillar.
|
2013-08-28 00:27:53 +02:00
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.modules.mod_status``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2018-11-27 19:53:15 +01:00
|
|
|
|
|
|
|
Configures Apache's server_status handler for localhost
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.debian_full``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
2013-08-28 00:27:53 +02:00
|
|
|
|
|
|
|
Installs and configures Apache on Debian and Ubuntu systems.
|
|
|
|
|
2020-09-13 06:07:20 +02:00
|
|
|
``apache.config.clean``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
|
|
|
Metastate to cleanup all apache configuration.
|
|
|
|
|
|
|
|
|
|
|
|
``apache.clean``
|
|
|
|
^^^^^^^^^^^^^^^^
|
2017-04-05 11:00:50 +02:00
|
|
|
|
|
|
|
Stops the Apache service and uninstalls the package.
|
|
|
|
|
2013-08-28 00:27:53 +02:00
|
|
|
These states are ordered using the ``order`` declaration. Different stages
|
|
|
|
are divided into the following number ranges:
|
|
|
|
|
|
|
|
1) apache will use 1-500 for ordering
|
|
|
|
2) apache will reserve 1 -100 as unused
|
|
|
|
3) apache will reserve 101-150 for pre pkg install
|
|
|
|
4) apache will reserve 151-200 for pkg install
|
|
|
|
5) apache will reserve 201-250 for pkg configure
|
|
|
|
6) apache will reserve 251-300 for downloads, git stuff, load data
|
|
|
|
7) apache will reserve 301-400 for unknown purposes
|
|
|
|
8) apache will reserve 401-450 for service restart-reloads
|
|
|
|
9) apache WILL reserve 451-460 for service.running
|
|
|
|
10) apache will reserve 461-500 for cmd requiring operational services
|
2013-07-29 23:34:54 +02:00
|
|
|
|
2013-08-28 00:27:53 +02:00
|
|
|
Example Pillar:
|
2013-08-13 23:12:57 +02:00
|
|
|
|
2013-08-28 00:27:53 +02:00
|
|
|
.. code:: yaml
|
2013-07-29 23:34:54 +02:00
|
|
|
|
2013-08-28 00:27:53 +02:00
|
|
|
apache:
|
|
|
|
register-site:
|
|
|
|
# any name as an array index, and you can duplicate this section
|
2014-06-01 12:13:54 +02:00
|
|
|
{{UNIQUE}}:
|
2013-08-28 00:27:53 +02:00
|
|
|
name: 'my name'
|
|
|
|
path: 'salt://path/to/sites-available/conf/file'
|
|
|
|
state: 'enabled'
|
2019-10-17 09:58:44 +02:00
|
|
|
|
|
|
|
Testing
|
|
|
|
-------
|
|
|
|
|
|
|
|
Linux testing is done with ``kitchen-salt``.
|
|
|
|
|
|
|
|
Requirements
|
|
|
|
^^^^^^^^^^^^
|
|
|
|
|
|
|
|
* Ruby
|
|
|
|
* Docker
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
$ gem install bundler
|
|
|
|
$ bundle install
|
2020-09-13 06:07:20 +02:00
|
|
|
:1
|
|
|
|
$ bin/kitchen test [platform]
|
2019-10-17 09:58:44 +02:00
|
|
|
|
|
|
|
Where ``[platform]`` is the platform name defined in ``kitchen.yml``,
|
|
|
|
e.g. ``debian-9-2019-2-py3``.
|
|
|
|
|
|
|
|
``bin/kitchen converge``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
|
|
|
Creates the docker instance and runs the ``template`` main state, ready for testing.
|
|
|
|
|
|
|
|
``bin/kitchen verify``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
|
|
|
Runs the ``inspec`` tests on the actual instance.
|
|
|
|
|
|
|
|
``bin/kitchen destroy``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
|
|
|
Removes the docker instance.
|
|
|
|
|
|
|
|
``bin/kitchen test``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
|
|
|
Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``.
|
|
|
|
|
|
|
|
``bin/kitchen login``
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
|
|
|
Gives you SSH access to the instance for manual testing.
|