Improved apache-formula

- Added more modules and configuration options
 - Renamed sls files to reflect what they do.
 - added mpm options for Debian
This commit is contained in:
Niels Abspoel 2015-06-19 20:44:53 +02:00
parent f6a0c84544
commit 53b995a680
18 changed files with 1119 additions and 8 deletions

View File

@ -20,28 +20,73 @@ Available states
Installs the Apache package and starts the service. Installs the Apache package and starts the service.
``apache.config``
-----------------
Configures apache based on os_family
``apache.mod_mpm``
------------------
Configures the apache mpm modules on Debian ``mpm_prefork``, ``mpm_worker`` or ``mpm_event`` (Debian Only)
``apache.modules`` ``apache.modules``
------------------ ------------------
Enables and disables Apache modules. Enables and disables Apache modules.
``apache.mod_rewrite``
----------------------
Enabled the Apache module mod_rewrite (Debian only)
``apache.mod_proxy`` ``apache.mod_proxy``
------------------- -------------------
Enables the Apache module mod_proxy. Enables the Apache module mod_proxy. (Debian only)
``apache.mod_proxy_http`` ``apache.mod_proxy_http``
------------------- -------------------------
Enables the Apache module mod_proxy_http and requires the Apache module mod_proxy to be enabled. Enables the Apache module mod_proxy_http and requires the Apache module mod_proxy to be enabled. (Debian Only)
``apache.mod_wsgi`` ``apache.mod_wsgi``
------------------- -------------------
Installs the mod_wsgi package and enables the Apache module. Installs the mod_wsgi package and enables the Apache module.
``apache.mod_actions``
----------------------
Enables the Apache module mod_actions. (Debian Only)
``apache.mod_headers``
----------------------
Enables the Apache module mod_headers. (Debian Only)
``apache.mod_pagespeed``
------------------------
Installs and Enables the mod_pagespeed module. (Debian Only)
``apache.mod_php5``
-------------------
Installs and enables the mod_php5 module
``apache.mod_fcgid``
--------------------
Installs and enables the mod_fcgid module
``apache.mod_vhost_alias``
----------------------
Enables the Apache module vhost_alias (Debian Only)
``apache.vhosts.standard`` ``apache.vhosts.standard``
------------------------- --------------------------
Configures Apache name-based virtual hosts and creates virtual host directories using data from Pillar. Configures Apache name-based virtual hosts and creates virtual host directories using data from Pillar.

26
apache/config.sls Normal file
View File

@ -0,0 +1,26 @@
{% from "apache/map.jinja" import apache with context %}
include:
- apache
{{ apache.configfile }}:
file.managed:
- template: jinja
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/apache.config.jinja
- require:
- pkg: apache
- watch_in:
- service: apache
{% if grains['os_family']=="Debian" %}
/etc/apache2/envvars:
file.managed
- template: jinja
- source:
- salt://apache/files/debian/envvars.jinja
- require:
- pkg: apache
- watch_in:
- service: apache
{% endif %}

View File

@ -0,0 +1,223 @@
# Managed by saltstack
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.
# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
# /etc/apache2/
# |-- apache2.conf
# | `-- ports.conf
# |-- mods-enabled
# | |-- *.load
# | `-- *.conf
# |-- conf-enabled
# | `-- *.conf
# `-- sites-enabled
# `-- *.conf
#
#
# * apache2.conf is the main configuration file (this file). It puts the pieces
# together by including all remaining configuration files when starting up the
# web server.
#
# * ports.conf is always included from the main configuration file. It is
# supposed to determine listening ports for incoming connections which can be
# customized anytime.
#
# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
# directories contain particular configuration snippets which manage modules,
# global configuration fragments, or virtual host configurations,
# respectively.
#
# They are activated by symlinking available configuration files from their
# respective *-available/ counterparts. These should be managed by using our
# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
# their respective man pages for detailed information.
#
# * The binary is called apache2. Due to the use of environment variables, in
# the default configuration, apache2 needs to be started/stopped with
# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
# work with the default configuration.
# Global configuration
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:${APACHE_LOCK_DIR} default
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log
#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
{%- for log_format in salt['pillar.get']('apache:log_formats', []) %}
LogFormat {{ log_format }}
{%- endfor %}
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

View File

@ -0,0 +1,49 @@
# Managed by saltstack
# envvars - default environment variables for apache2ctl
# this won't be correct after changing uid
unset HOME
# for supporting multiple apache2 instances
if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
else
SUFFIX=
fi
# Since there is no sane way to get the parsed apache2 config in scripts, some
# settings are defined via environment variables and then used in apache2ctl,
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
export APACHE_RUN_USER={{ salt['pillar.get']('apache:user', 'www-data') }}
export APACHE_RUN_GROUP={{ salt['pillar.get']('apache:group', 'www-data') }}
# temporary state file location. This might be changed to /run in Wheezy+1
export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
## The locale used by some modules like mod_dav
export LANG=C
## Uncomment the following line to use the system default locale instead:
#. /etc/default/locale
export LANG
## The command to get the status for 'apache2ctl status'.
## Some packages providing 'www-browser' need '--dump' instead of '-dump'.
#export APACHE_LYNX='www-browser -dump'
## If you need a higher file descriptor limit, uncomment and adjust the
## following line (default is 8192):
#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'
## If you would like to pass arguments to the web server, add them below
## to the APACHE_ARGUMENTS environment.
#export APACHE_ARGUMENTS=''
## Enable the debug mode for maintainer scripts.
## This will produce a verbose output on package installations of web server modules and web application
## installations which interact with Apache
#export APACHE2_MAINTSCRIPT_DEBUG=1

View File

@ -0,0 +1,22 @@
# Managed by saltstack
{%- set mpm_param = salt['pillar.get']('apache:mpm:params', {}) %}
# event MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestWorkers: maximum number of worker threads
# MaxConnectionsPerChild: maximum number of requests a server process serves
<IfModule mpm_event_module>
StartServers {{ mpm_param['start_servers'] | d('2') }}
MaxRequestWorkers {{ mpm_param['max_request_workers'] | d('150') }}
MinSpareThreads {{ mpm_param['min_spare_threads'] | d('25') }}
MaxSpareThreads {{ mpm_param['max_spare_threads'] | d('75') }}
ThreadLimit {{ mpm_param['thread_limit'] | d('64') }}
ThreadsPerChild {{ mpm_param['threads_per_child'] | d('25') }}
MaxConnectionsPerChild {{ mpm_param['max_connections_per_child'] | d('0') }}
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

View File

@ -0,0 +1,20 @@
# Managed by saltstack
{%- set mpm_param = salt['pillar.get']('apache:mpm:params', {}) %}
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxRequestWorkers: maximum number of server processes allowed to start
# MaxConnectionsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
StartServers {{ mpm_param['start_servers'] | d('5') }}
MaxRequestWorkers {{ mpm_param['max_request_workers'] | d('150') }}
MinSpareServers {{ mpm_param['min_spare_servers'] | d('5') }}
MaxSpareServers {{ mpm_param['max_spare_servers'] | d('10') }}
MaxConnectionsPerChild {{ mpm_param['max_connections_per_child'] | d('0') }}
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

View File

@ -0,0 +1,26 @@
# Managed by saltstack
{%- set mpm_param = salt['pillar.get']('apache:mpm:params', {}) %}
# worker MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
# graceful restart. ThreadLimit can only be changed by stopping
# and starting Apache.
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestWorkers: maximum number of threads
# MaxConnectionsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers {{ mpm_param['start_servers'] | d('2') }}
MaxRequestWorkers {{ mpm_param['max_request_workers'] | d('150') }}
MinSpareThreads {{ mpm_param['min_spare_threads'] | d('25') }}
MaxSpareThreads {{ mpm_param['max_spare_threads'] | d('75') }}
ThreadLimit {{ mpm_param['thread_limit'] | d('64') }}
ThreadsPerChild {{ mpm_param['threads_per_child'] | d('25') }}
MaxConnectionsPerChild {{ mpm_param['max_connections_per_child'] | d('0') }}
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

View File

@ -0,0 +1,356 @@
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
# with ServerRoot set to '/www' will be interpreted by the
# server as '/www/log/access_log', where as '/log/access_log' will be
# interpreted as '/log/access_log'.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/etc/httpd"
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
Include conf.modules.d/*.conf
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin root@localhost
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"
#
# Relax access to content within /var/www.
#
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
# Further relax access to the default document root:
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "logs/error_log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
{%- for log_format in salt['pillar.get']('apache:log_formats', []) %}
LogFormat {{ log_format }}
{%- endfor %}
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog "logs/access_log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig /etc/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
#
# Specify a default charset for all content served; this enables
# interpretation of all content as UTF-8 by default. To use the
# default browser choice (ISO-8859-1), or to allow the META tags
# in HTML content to override this choice, comment out this
# directive:
#
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
MIMEMagicFile conf/magic
</IfModule>
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults if commented: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
EnableSendfile on
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf

View File

@ -0,0 +1,209 @@
#
# /etc/apache2/httpd.conf
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http:///httpd.apache.org/docs/2.4/> for detailed information about
# the directives.
# Based upon the default apache configuration file that ships with apache,
# which is based upon the NCSA server configuration files originally by Rob
# McCool. This file was knocked together by Peter Poeml <poeml+apache@suse.de>.
# If possible, avoid changes to this file. It does mainly contain Include
# statements and global settings that can/should be overridden in the
# configuration of your virtual hosts.
# Quickstart guide:
# http://en.opensuse.org/SDB:Apache_installation
# Overview of include files, chronologically:
#
# httpd.conf
# |
# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under
# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...)
# |-- sysconfig.d/loadmodule.conf . . . . . [*] load these modules
# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on
# |-- mod_log_config.conf . . . . . . . . . define logging formats
# |-- sysconfig.d/global.conf . . . . . . . [*] server-wide general settings
# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring)
# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info
# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking
# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings
# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration
# |-- errors.conf . . . . . . . . . . . . . customize error responses
# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts
# |
# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests
# | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded)
# | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed)
# |
# |-- sysconfig.d/include.conf . . . . . . [*] your include files
# | (for each file to be included here, put its name
# | into APACHE_INCLUDE_* in /etc/sysconfig/apache2)
# |
# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here
# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included)
#
#
# Files marked [*] are created from sysconfig upon server restart: instead of
# these files, you edit /etc/sysconfig/apache2
# Filesystem layout:
#
# /etc/apache2/
# |-- charset.conv . . . . . . . . . . . . for mod_auth_ldap
# |-- conf.d/
# | |-- apache2-manual.conf . . . . . . . conf that comes with apache2-doc
# | |-- mod_php4.conf . . . . . . . . . . (example) conf that comes with apache2-mod_php4
# | `-- ... . . . . . . . . . . . . . . . other configuration added by packages
# |-- default-server.conf
# |-- errors.conf
# |-- httpd.conf . . . . . . . . . . . . . top level configuration file
# |-- listen.conf
# |-- magic
# |-- mime.types -> ../mime.types
# |-- mod_autoindex-defaults.conf
# |-- mod_info.conf
# |-- mod_log_config.conf
# |-- mod_mime-defaults.conf
# |-- mod_perl-startup.pl
# |-- mod_status.conf
# |-- mod_userdir.conf
# |-- mod_usertrack.conf
# |-- server-tuning.conf
# |-- ssl-global.conf
# |-- ssl.crl/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Revocation Lists (CRL)
# |-- ssl.crt/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificates
# |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests
# |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys
# |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files
# |-- sysconfig.d/ . . . . . . . . . . . . files that are created from /etc/sysconfig/apache2
# | |-- global.conf
# | |-- include.conf
# | `-- loadmodule.conf
# |-- uid.conf
# `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here
# |-- vhost-ssl.template
# `-- vhost.template
### Global Environment ######################################################
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests.
# run under this user/group id
Include /etc/apache2/uid.conf
# - how many server processes to start (server pool regulation)
# - usage of KeepAlive
Include /etc/apache2/server-tuning.conf
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog /var/log/apache2/error_log
# generated from APACHE_MODULES in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/loadmodule.conf
# IP addresses / ports to listen on
Include /etc/apache2/listen.conf
# predefined logging formats
Include /etc/apache2/mod_log_config.conf
# generated from global settings in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/global.conf
# optional mod_status, mod_info
Include /etc/apache2/mod_status.conf
Include /etc/apache2/mod_info.conf
# optional cookie-based user tracking
# read the documentation before using it!!
Include /etc/apache2/mod_usertrack.conf
# configuration of server-generated directory listings
Include /etc/apache2/mod_autoindex-defaults.conf
# associate MIME types with filename extensions
TypesConfig /etc/apache2/mime.types
Include /etc/apache2/mod_mime-defaults.conf
# set up (customizable) error responses
Include /etc/apache2/errors.conf
# global (server-wide) SSL configuration, that is not specific to
# any virtual host
Include /etc/apache2/ssl-global.conf
# forbid access to the entire filesystem by default
<Directory />
Options None
AllowOverride None
Require all denied
</Directory>
# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
Require all denied
</Files>
# List of resources to look for when the client requests a directory
DirectoryIndex index.html index.html.var
### 'Main' server configuration #############################################
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
Include /etc/apache2/default-server.conf
# Another way to include your own files
#
# The file below is generated from /etc/sysconfig/apache2,
# include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and
# APACHE_CONF_INCLUDE_DIRS
Include /etc/apache2/sysconfig.d/include.conf
### Virtual server configuration ############################################
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http:///httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
IncludeOptional /etc/apache2/vhosts.d/*.conf
# Note: instead of adding your own configuration here, consider
# adding it in your own file (/etc/apache2/httpd.conf.local)
# putting its name into APACHE_CONF_INCLUDE_FILES in
# /etc/sysconfig/apache2 -- this will make system updates
# easier :)

View File

@ -2,8 +2,11 @@
'Debian': { 'Debian': {
'server': 'apache2', 'server': 'apache2',
'service': 'apache2', 'service': 'apache2',
'configfile': '/etc/apache2/apache2.conf',
'mod_wsgi': 'libapache2-mod-wsgi', 'mod_wsgi': 'libapache2-mod-wsgi',
'mod_php5': 'libapache2-mod-php5',
'mod_fcgid': 'libapache2-mod-fcgid',
'vhostdir': '/etc/apache2/sites-available', 'vhostdir': '/etc/apache2/sites-available',
'confdir': '/etc/apache2/conf.d', 'confdir': '/etc/apache2/conf.d',
@ -17,6 +20,7 @@
'RedHat': { 'RedHat': {
'server': 'httpd', 'server': 'httpd',
'service': 'httpd', 'service': 'httpd',
'configfile': '/etc/httpd/conf/httpd.conf',
'mod_wsgi': 'mod_wsgi', 'mod_wsgi': 'mod_wsgi',
@ -32,8 +36,11 @@
'Suse': { 'Suse': {
'server': 'apache2', 'server': 'apache2',
'service': 'apache2', 'service': 'apache2',
'configfile': '/etc/apache2/httpd.conf',
'mod_wsgi': 'apache2-mod_wsgi', 'mod_wsgi': 'apache2-mod_wsgi',
'mod_php5': 'apache2-mod_php5',
'mod_fcgid': 'apache2-mod_fcgid',
'vhostdir': '/etc/apache2/vhosts.d', 'vhostdir': '/etc/apache2/vhosts.d',
'confdir': '/etc/httpd/conf.d', 'confdir': '/etc/httpd/conf.d',
@ -47,6 +54,7 @@
'FreeBSD': { 'FreeBSD': {
'server': 'apache22', 'server': 'apache22',
'service': 'apache22', 'service': 'apache22',
'configfile': '/usr/local/etc/apache22/httpd.conf',
'mod_wsgi': 'ap22-mod_wsgi3', 'mod_wsgi': 'ap22-mod_wsgi3',

15
apache/mod_actions.sls Normal file
View File

@ -0,0 +1,15 @@
{% if grains['os_family']=="Debian" %}
include:
- apache
a2enmod actions:
cmd.run:
- unless: ls /etc/apache2/mods-enabled/actions.load
- order: 255
- require:
- pkg: apache
- watch_in:
- module: apache-restart
{% endif %}

View File

@ -1,15 +1,16 @@
{% if grains['os_family']=="Debian" %} {% from "apache/map.jinja" import apache with context %}
include: include:
- apache - apache
mod-fcgid: mod-fcgid:
pkg.installed: pkg.installed:
- name: libapache2-mod-fcgid - name: {{ apache.mod_fcgid }}
- order: 180 - order: 180
- require: - require:
- pkg: apache - pkg: apache
{% if grains['os_family']=="Debian" %}
a2enmod fcgid: a2enmod fcgid:
cmd.run: cmd.run:
- order: 225 - order: 225

15
apache/mod_headers.sls Normal file
View File

@ -0,0 +1,15 @@
{% if grains['os_family']=="Debian" %}
include:
- apache
a2enmod headers:
cmd.run:
- unless: ls /etc/apache2/mods-enabled/headers.load
- order: 255
- require:
- pkg: apache
- watch_in:
- module: apache-restart
{% endif %}

38
apache/mod_mpm.sls Normal file
View File

@ -0,0 +1,38 @@
{% if grains['os_family']=="Debian" %}
{% from "apache/map.jinja" import apache with context %}
{% set mpm_module = salt['pillar.get']('apache:mpm:module', 'mpm_prefork') %}
include:
- apache
a2enmod {{ mpm_module }}:
cmd.run:
- unless: ls /etc/apache2/mods-enabled/{{ mpm_module }}.load
- require:
- pkg: apache
- watch_in:
- module: apache_restart
file.managed:
- name: /etc/apache2/mods-available/{{ mpm_module }}.conf
- template: jinja
- source:
- salt://apache/files/Debian/mpm/{{ mpm_module }}.conf.jinja
- require:
- pkg: apache
- watch_in:
- module: apache_restart
# Deactivate the other mpm modules as a previous step
{% for mod in ['mpm_prefork', 'mpm_worker', 'mpm_event'] if not mod == mpm_module %}
a2dismod {{ mod }}:
cmd.run:
- onlyif: test -e /etc/apache2/mods-enabled/{{ mod }}.load
- require:
- pkg: apache
- require_in:
- cmd: a2enmod {{ mpm_module }}
- watch_in:
- module: apache_restart
{% endfor %}
{% endif %}

57
apache/mod_pagespeed.sls Normal file
View File

@ -0,0 +1,57 @@
{% if grains['os_family']=="Debian" %}
{% from "apache/map.jinja" import apache with context %}
include:
- apache
libapache2-mod-pagespeed:
pkg:
- installed
- sources:
- mod-pagespeed-stable: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
a2enmod pagespeed:
cmd.run:
- unless: ls /etc/apache2/mods-enabled/pagespeed.load
- order: 255
- require:
- pkg: libapache2-mod-pagespeed
- watch_in:
- service: apache
{% for dir in ['/var/cache/mod_pagespeed', '/var/log/pagespeed'] %}
{{ dir }}:
file:
- directory
- makedirs: true
- user: {{ salt['pillar.get']('apache:user', 'www-data') }}
- group: {{ salt['pillar.get']('apache:group', 'www-data') }}
- require:
- pkg: libapache2-mod-pagespeed
- user: {{ salt['pillar.get']('apache:user', 'www-data') }}
- group: {{ salt['pillar.get']('apache:group', 'www-data') }}
{% endfor %}
# Here we hardcode a logrotate entry to take care of the logs
/etc/logrorate.d/pagespeed:
file:
- managed
- contents: |
/var/log/pagespeed/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
sharedscripts
postrotate
if /etc/init.d/apache2 status > /dev/null ; then \
/etc/init.d/apache2 reload > /dev/null; \
fi;
endscript
}
{% endif %}

View File

@ -1,15 +1,16 @@
{% if grains['os_family']=="Debian" %} {% from "apache/map.jinja" import apache with context %}
include: include:
- apache - apache
mod-php5: mod-php5:
pkg.installed: pkg.installed:
- name: libapache2-mod-php5 - name: {{ apache.mod_php5 }}
- order: 180 - order: 180
- require: - require:
- pkg: apache - pkg: apache
{% if grains['os_family']=="Debian" %}
a2enmod php5: a2enmod php5:
cmd.run: cmd.run:
- unless: ls /etc/apache2/mods-enabled/php5.load - unless: ls /etc/apache2/mods-enabled/php5.load