Merge pull request #101 from michaelforge/feature-mod_remoteip

Added ability to configure mod_remoteip
This commit is contained in:
Forrest 2015-12-15 16:33:30 -08:00
commit 7860992728
4 changed files with 41 additions and 0 deletions

View File

@ -85,6 +85,11 @@ Installs and enables the mod_fcgid module
Enables the Apache module vhost_alias (Debian Only) Enables the Apache module vhost_alias (Debian Only)
``apache.mod_remoteip``
----------------------
Enables and configures the Apache module mod_remoteip using data from Pillar. (Debian Only)
``apache.vhosts.standard`` ``apache.vhosts.standard``
-------------------------- --------------------------

View File

@ -0,0 +1,4 @@
RemoteIPHeader {{ salt['pillar.get']('apache:mod_remoteip:RemoteIPHeader', 'X-Forwarded-For') }}
{%- for trusted_proxy in salt['pillar.get']('apache:mod_remoteip:RemoteIPTrustedProxy', []) %}
RemoteIPTrustedProxy {{ trusted_proxy }}
{%- endfor %}

25
apache/mod_remoteip.sls Normal file
View File

@ -0,0 +1,25 @@
{% if grains['os_family']=="Debian" %}
include:
- apache
a2enmod remoteip:
cmd.run:
- unless: ls /etc/apache2/mods-enabled/remoteip.load
- order: 255
- require:
- pkg: apache
- watch_in:
- module: apache-restart
/etc/apache2/conf-available/remoteip.conf:
file.managed:
- template: jinja
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/conf-available/remoteip.conf.jinja
- require:
- pkg: apache
- watch_in:
- service: apache
{% endif %}

View File

@ -120,3 +120,10 @@ apache:
# can be Full | OS | Minimal | Minor | Major | Prod # can be Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least. # where Full conveys the most information, and Prod the least.
ServerTokens: Prod ServerTokens: Prod
# ``apache.mod_remoteip`` formula additional configuration:
mod_remoteip:
RemoteIPHeader: X-Forwarded-For
RemoteIPTrustedProxy:
- 10.0.8.0/24
- 127.0.0.1