From 8f2308b985010b0ec3fef1739822434d091aaa25 Mon Sep 17 00:00:00 2001
From: Alexander Kozlov <landergate@landergate.com>
Date: Wed, 16 Dec 2015 02:54:14 +0300
Subject: [PATCH] Added ability to configure mod_remoteip

---
 README.rst                                    |  5 ++++
 .../Debian/conf-available/remoteip.conf.jinja |  4 +++
 apache/mod_remoteip.sls                       | 25 +++++++++++++++++++
 pillar.example                                |  7 ++++++
 4 files changed, 41 insertions(+)
 create mode 100644 apache/files/Debian/conf-available/remoteip.conf.jinja
 create mode 100644 apache/mod_remoteip.sls

diff --git a/README.rst b/README.rst
index a4f454a..f9e4447 100644
--- a/README.rst
+++ b/README.rst
@@ -85,6 +85,11 @@ Installs and enables the mod_fcgid module
 
 Enables the Apache module vhost_alias (Debian Only)
 
+``apache.mod_remoteip``
+----------------------
+
+Enables and configures the Apache module mod_remoteip using data from Pillar. (Debian Only)
+
 ``apache.vhosts.standard``
 --------------------------
 
diff --git a/apache/files/Debian/conf-available/remoteip.conf.jinja b/apache/files/Debian/conf-available/remoteip.conf.jinja
new file mode 100644
index 0000000..4a0e45a
--- /dev/null
+++ b/apache/files/Debian/conf-available/remoteip.conf.jinja
@@ -0,0 +1,4 @@
+RemoteIPHeader {{ salt['pillar.get']('apache:mod_remoteip:RemoteIPHeader', 'X-Forwarded-For') }}
+{%- for trusted_proxy in salt['pillar.get']('apache:mod_remoteip:RemoteIPTrustedProxy', []) %}
+RemoteIPTrustedProxy {{ trusted_proxy }}
+{%- endfor %}
diff --git a/apache/mod_remoteip.sls b/apache/mod_remoteip.sls
new file mode 100644
index 0000000..87fae3e
--- /dev/null
+++ b/apache/mod_remoteip.sls
@@ -0,0 +1,25 @@
+{% if grains['os_family']=="Debian" %}
+
+include:
+  - apache
+
+a2enmod remoteip:
+  cmd.run:
+    - unless: ls /etc/apache2/mods-enabled/remoteip.load
+    - order: 255
+    - require:
+      - pkg: apache
+    - watch_in:
+      - module: apache-restart
+
+/etc/apache2/conf-available/remoteip.conf:
+  file.managed:
+    - template: jinja
+    - source:
+      - salt://apache/files/{{ salt['grains.get']('os_family') }}/conf-available/remoteip.conf.jinja
+    - require:
+      - pkg: apache
+    - watch_in:
+      - service: apache
+
+{% endif %}
diff --git a/pillar.example b/pillar.example
index 0ddc9a0..4af0d4f 100644
--- a/pillar.example
+++ b/pillar.example
@@ -18,6 +18,13 @@ apache:
     # ``apache.mod_wsgi`` formula additional configuration:
     mod_wsgi: mod_wsgi
 
+    # ``apache.mod_remoteip`` formula additional configuration:
+    mod_remoteip:
+      RemoteIPHeader: X-Forwarded-For
+      RemoteIPTrustedProxy:
+        - 10.0.8.0/24
+        - 127.0.0.1
+
   # ``apache.vhosts`` formula additional configuration:
   sites:
     example.net: