apache-formula/apache/mod_ssl.sls

{% from "apache/map.jinja" import apache with context %}

{% if grains['os_family']=="Debian" %}

include:
  - apache

a2enmod mod_ssl:
  cmd.run:
    - name: a2enmod ssl
    - unless: ls /etc/apache2/mods-enabled/ssl.load
    - order: 225
    - require:
      - pkg: apache
    - watch_in:
      - module: apache-restart
    - require_in:
      - module: apache-restart
      - module: apache-reload
      - service: apache

/etc/apache2/mods-available/ssl.conf:
  file.managed:
    - source: salt://apache/files/{{ salt['grains.get']('os_family') }}/ssl.conf.jinja
    - template: jinja
    - mode: 644
    - watch_in:
      - module: apache-restart

{% elif grains['os_family']=="RedHat" %}

mod_ssl:
  pkg.installed:
    - name: {{ apache.mod_ssl_pkg }}
    - require:
      - pkg: apache
    - watch_in:
      - module: apache-restart
    - require_in:
      - module: apache-restart
      - module: apache-reload
      - service: apache

{{ apache.confdir }}/ssl.conf:
  file.absent:
    - require:
      - pkg: apache
    - watch_in:
      - module: apache-restart
    - require_in:
      - module: apache-restart
      - module: apache-reload
      - service: apache

{% elif grains['os_family']=="FreeBSD" %}

include:
  - apache
  - apache.mod_socache_shmcb

{{ apache.modulesdir }}/010_mod_ssl.conf:
  file.managed:
    - source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_ssl.conf.jinja
    - mode: 644
    - template: jinja
    - require:
      - pkg: apache
    - watch_in:
      - module: apache-restart
    - require_in:
      - module: apache-restart
      - module: apache-reload
      - service: apache

{% endif %}

{{ apache.confdir }}/tls-defaults.conf:
{% if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}
  file.managed:
    - source: salt://apache/files/tls-defaults.conf.jinja
    - mode: 644
    - template: jinja
{% else %}
  file.absent:
{% endif %}
    - require:
      - pkg: apache
    - watch_in:
      - module: apache-restart
    - require_in:
      - module: apache-restart
      - module: apache-reload
      - service: apache

{% if grains['os_family']=="Debian" %}
a2endisconf tls-defaults:
  cmd.run:
{%   if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}
    - name: a2enconf tls-defaults
    - unless: test -L /etc/apache2/conf-enabled/tls-defaults.conf
{%   else %}
    - name: a2disconf tls-defaults
    - onlyif: test -L /etc/apache2/conf-enabled/tls-defaults.conf
{%   endif %}
    - order: 225
    - require:
      - pkg: apache
      - file: {{ apache.confdir }}/tls-defaults.conf
    - watch_in:
      - module: apache-restart
    - require_in:
      - module: apache-restart
      - module: apache-reload
      - service: apache
{% endif %}
mod_ssl: FreeBSD support 2016-09-27 00:56:52 +02:00			`{% from "apache/map.jinja" import apache with context %}`

#125 activate ssl module 2016-04-07 11:58:42 +02:00			`{% if grains['os_family']=="Debian" %}`

			`include:`
			`- apache`

			`a2enmod mod_ssl:`
			`cmd.run:`
			`- name: a2enmod ssl`
			`- unless: ls /etc/apache2/mods-enabled/ssl.load`
			`- order: 225`
			`- require:`
			`- pkg: apache`
			`- watch_in:`
			`- module: apache-restart`
use watch module: apache-[restart\|reload] consequently 2018-11-09 00:25:52 +01:00			`- require_in:`
			`- module: apache-restart`
			`- module: apache-reload`
			`- service: apache`
#125 activate ssl module 2016-04-07 11:58:42 +02:00
207 configure ssl (#218) * [ssl] [debian] manage ssl.conf with pillars * [apache] make cyphersuite a list * [apache/ssl] switch back to strings, lists merge is not good 2018-08-17 19:41:40 +02:00			`/etc/apache2/mods-available/ssl.conf:`
			`file.managed:`
			`- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/ssl.conf.jinja`
			`- template: jinja`
			`- mode: 644`
			`- watch_in:`
			`- module: apache-restart`

enable mod_ssl on Redhat 2016-05-18 10:07:24 +02:00			`{% elif grains['os_family']=="RedHat" %}`

			`mod_ssl:`
			`pkg.installed:`
fix(mod_ssl): update mod_ssl package variable to prevent clashes The mod_ssl package name could be overridden in apache:lookup:mod_ssl. Due to the way lookup keys are merged into the main apache dictionary, the package name clashed with the mod_ssl configuration defined under apache:mod_ssl. Fix that by renaming the mod_ssl package variable to mod_ssl_pkg. Drive-By: Add mod_ssl_pkg to the pillar.example file. 2020-04-02 18:29:06 +02:00			`- name: {{ apache.mod_ssl_pkg }}`
enable mod_ssl on Redhat 2016-05-18 10:07:24 +02:00			`- require:`
			`- pkg: apache`
			`- watch_in:`
			`- module: apache-restart`
use watch module: apache-[restart\|reload] consequently 2018-11-09 00:25:52 +01:00			`- require_in:`
			`- module: apache-restart`
			`- module: apache-reload`
			`- service: apache`
enable mod_ssl on Redhat 2016-05-18 10:07:24 +02:00
Delete Red Hat provided ssl.conf (#243) When using the mod_ssl state on Red Hat family systems the httpd server will currently not start. This is due to duplicate Listen directives provided in the ssl.conf file shipped with the mod_ssl rpm package and the directives configured by saltstack. The easy solution is to just ensure the rpm shipped mod_ssl is removed. 2018-10-27 23:27:27 +02:00			`{{ apache.confdir }}/ssl.conf:`
			`file.absent:`
			`- require:`
			`- pkg: apache`
			`- watch_in:`
use watch module: apache-[restart\|reload] consequently 2018-11-09 00:25:52 +01:00			`- module: apache-restart`
			`- require_in:`
			`- module: apache-restart`
			`- module: apache-reload`
Delete Red Hat provided ssl.conf (#243) When using the mod_ssl state on Red Hat family systems the httpd server will currently not start. This is due to duplicate Listen directives provided in the ssl.conf file shipped with the mod_ssl rpm package and the directives configured by saltstack. The easy solution is to just ensure the rpm shipped mod_ssl is removed. 2018-10-27 23:27:27 +02:00			`- service: apache`

mod_ssl: FreeBSD support 2016-09-27 00:56:52 +02:00			`{% elif grains['os_family']=="FreeBSD" %}`

			`include:`
			`- apache`
			`- apache.mod_socache_shmcb`

			`{{ apache.modulesdir }}/010_mod_ssl.conf:`
			`file.managed:`
			`- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_ssl.conf.jinja`
			`- mode: 644`
			`- template: jinja`
			`- require:`
			`- pkg: apache`
			`- watch_in:`
			`- module: apache-restart`
use watch module: apache-[restart\|reload] consequently 2018-11-09 00:25:52 +01:00			`- require_in:`
			`- module: apache-restart`
			`- module: apache-reload`
			`- service: apache`
mod_ssl: FreeBSD support 2016-09-27 00:56:52 +02:00
#125 activate ssl module 2016-04-07 11:58:42 +02:00			`{% endif %}`
Manage TLS defaults 2018-01-10 01:24:17 +01:00
			`{{ apache.confdir }}/tls-defaults.conf:`
			`{% if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}`
			`file.managed:`
			`- source: salt://apache/files/tls-defaults.conf.jinja`
			`- mode: 644`
			`- template: jinja`
			`{% else %}`
			`file.absent:`
			`{% endif %}`
			`- require:`
			`- pkg: apache`
			`- watch_in:`
			`- module: apache-restart`
use watch module: apache-[restart\|reload] consequently 2018-11-09 00:25:52 +01:00			`- require_in:`
			`- module: apache-restart`
			`- module: apache-reload`
			`- service: apache`
Manage TLS defaults 2018-01-10 01:24:17 +01:00
			`{% if grains['os_family']=="Debian" %}`
			`a2endisconf tls-defaults:`
			`cmd.run:`
			`{% if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}`
			`- name: a2enconf tls-defaults`
			`- unless: test -L /etc/apache2/conf-enabled/tls-defaults.conf`
			`{% else %}`
			`- name: a2disconf tls-defaults`
			`- onlyif: test -L /etc/apache2/conf-enabled/tls-defaults.conf`
			`{% endif %}`
			`- order: 225`
			`- require:`
			`- pkg: apache`
			`- file: {{ apache.confdir }}/tls-defaults.conf`
			`- watch_in:`
			`- module: apache-restart`
use watch module: apache-[restart\|reload] consequently 2018-11-09 00:25:52 +01:00			`- require_in:`
			`- module: apache-restart`
			`- module: apache-reload`
			`- service: apache`
Manage TLS defaults 2018-01-10 01:24:17 +01:00			`{% endif %}`