Commit Graph

62 Commits

Author SHA1 Message Date
Imran Iqbal
1002efa909
second batch 2021-09-14 18:57:39 +01:00
Imran Iqbal
8682dff6dc
basic fixes 2021-09-14 18:31:28 +01:00
Marius van Witzenburg
22c647eb5c
feature(trust): improved remote ip internal proxy support (#300)
* feat(trusted_proxy): Add support for RemoteIPInternalProxy

* fix(syntax): add semicolon
2021-01-08 11:33:46 +00:00
N
2e10c8a11b
Merge pull request #287 from noelmcloughlin/nochange
fix(package): avoid unnecessary state change
2020-10-14 20:41:50 +01:00
noelmcloughlin
e0043dd7ba docs(readme): add mod watchdog to pillar example 2020-10-10 16:32:09 +01:00
noelmcloughlin
e15803b4b1 docs(example): document redirect 80->443 fix #226 2020-10-05 19:30:26 +01:00
noelmcloughlin
47818fc360 refactor(formula): align to template-formula & improve ci features
FEATURE: Archlinux support
FEATURE: Windows support
FEATURE: Enhanced CI/CD
FEATURE: modular states

BREAKING CHANGE: 'apache.sls' converted to new style 'init.ssl'
BREAKING CHANGE: "logrotate.sls" became "config/logrotate.sls"
BREAKING CHANGE: "debian_full.sls" became "config/debian_full.sls"
BREAKING CHANGE: "flags.sls" became "config/flags.sls"
BREAKING CHANGE: "manage_security" became "config/manage_security.sls"
BREAKING CHANGE: "mod_*.sls" became "config/mod_*.sls"
BREAKING CHANGE: "no_default_host.sls" became "config/no_default_host.sls"
BREAKING CHANGE: "own_default_host.sls" became "config/own_default_host.sls"
BREAKING CHANGE: "register_site.sls" became "config/register_site.sls"
BREAKING CHANGE: "server_status.sls" became "config/server_status.sls"
BREAKING CHANGE: "vhosts/" became "config/vhosts/"
BREAKING CHANGE: "mod_security/" became "config/mod_security/"

NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls'
NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls'
2020-10-05 14:24:15 +01:00
Andreas Thienemann
b88b437308 feat(vhosts/standard): add support for ScriptAlias in standard vhost
The standard vhost currently handles a regular Alias configuration
statement, but not the related ScriptAlias.
Add this.
2020-07-16 20:52:22 +02:00
Andreas Thienemann
5591be26fd
fix(mod_ssl): update mod_ssl package variable to prevent clashes
The mod_ssl package name could be overridden in apache:lookup:mod_ssl.
Due to the way lookup keys are merged into the main apache dictionary,
the package name clashed with the mod_ssl configuration defined under
apache:mod_ssl.

Fix that by renaming the mod_ssl package variable to mod_ssl_pkg.

Drive-By: Add mod_ssl_pkg to the pillar.example file.
2020-04-02 17:29:06 +01:00
mcarlton00
a3c0022d79 feat(server-status): allow remote servers to reach server-status page 2019-12-20 11:20:26 -05:00
Imran Iqbal
97f6ead9f4
fix(yamllint): fix all errors
```bash
apache-formula$ yamllint -s .
./pillar.example
  2:1       warning  missing document start "---"  (document-start)
  5:26      warning  truthy value should be one of [false, true]  (truthy)
  50:18     warning  too few spaces before comment  (comments)
  51:16     warning  truthy value should be one of [false, true]  (truthy)
  52:57     warning  too few spaces before comment  (comments)
  52:89     error    line too long (104 > 88 characters)  (line-length)
  67:33     warning  truthy value should be one of [false, true]  (truthy)
  67:38     warning  too few spaces before comment  (comments)
  69:31     warning  too few spaces before comment  (comments)
  70:8      warning  missing starting space in comment  (comments)
  75:53     warning  too few spaces before comment  (comments)
  75:89     error    line too long (98 > 88 characters)  (line-length)
  76:55     warning  too few spaces before comment  (comments)
  76:89     error    line too long (101 > 88 characters)  (line-length)
  78:50     warning  too few spaces before comment  (comments)
  79:89     error    line too long (95 > 88 characters)  (line-length)
  82:47     warning  too few spaces before comment  (comments)
  83:54     warning  too few spaces before comment  (comments)
  83:89     error    line too long (100 > 88 characters)  (line-length)
  84:58     warning  too few spaces before comment  (comments)
  84:89     error    line too long (109 > 88 characters)  (line-length)
  93:32     warning  too few spaces before comment  (comments)
  100:89    error    line too long (105 > 88 characters)  (line-length)
  101:33    error    trailing spaces  (trailing-spaces)
  102:16    warning  truthy value should be one of [false, true]  (truthy)
  231:20    warning  truthy value should be one of [false, true]  (truthy)
  242:32    warning  too few spaces before comment  (comments)
  249:20    warning  truthy value should be one of [false, true]  (truthy)
  254:20    warning  truthy value should be one of [false, true]  (truthy)
  260:21    warning  truthy value should be one of [false, true]  (truthy)
  283:8     warning  missing starting space in comment  (comments)
  284:8     warning  missing starting space in comment  (comments)
  297:15    warning  too few spaces before comment  (comments)
  328:18    warning  truthy value should be one of [false, true]  (truthy)
  330:20    warning  truthy value should be one of [false, true]  (truthy)
  342:15    error    empty value in block mapping  (empty-values)
  345:18    warning  truthy value should be one of [false, true]  (truthy)
  348:18    warning  truthy value should be one of [false, true]  (truthy)
  355:18    warning  truthy value should be one of [false, true]  (truthy)
  358:89    error    line too long (91 > 88 characters)  (line-length)
  359:26    warning  truthy value should be one of [false, true]  (truthy)
  362:89    error    line too long (99 > 88 characters)  (line-length)
  365:89    error    line too long (267 > 88 characters)  (line-length)
  367:21    warning  truthy value should be one of [false, true]  (truthy)
  369:26    warning  truthy value should be one of [false, true]  (truthy)
  371:1     error    too many blank lines (1 > 0)  (empty-lines)

./apache/osfingermap.yaml
  3:1       warning  missing document start "---"  (document-start)

./apache/modsecurity.yaml
  4:1       warning  missing document start "---"  (document-start)
  6:18      warning  truthy value should be one of [false, true]  (truthy)
  7:20      warning  truthy value should be one of [false, true]  (truthy)
  14:18     warning  truthy value should be one of [false, true]  (truthy)
  15:20     warning  truthy value should be one of [false, true]  (truthy)
  22:18     warning  truthy value should be one of [false, true]  (truthy)
  23:20     warning  truthy value should be one of [false, true]  (truthy)

./apache/defaults.yaml
  4:1       warning  missing document start "---"  (document-start)
  5:26      warning  truthy value should be one of [false, true]  (truthy)
  7:19      warning  truthy value should be one of [false, true]  (truthy)
  10:18     warning  truthy value should be one of [false, true]  (truthy)
  11:20     warning  truthy value should be one of [false, true]  (truthy)

./apache/oscodenamemap.yaml
  4:1       warning  missing document start "---"  (document-start)
  4:8       error    trailing spaces  (trailing-spaces)
  9:8       error    trailing spaces  (trailing-spaces)
  14:7      error    trailing spaces  (trailing-spaces)
  19:6      error    trailing spaces  (trailing-spaces)
  24:8      error    trailing spaces  (trailing-spaces)
  29:9      error    trailing spaces  (trailing-spaces)
  34:7      error    trailing spaces  (trailing-spaces)
  39:8      error    trailing spaces  (trailing-spaces)
  44:8      error    trailing spaces  (trailing-spaces)
  50:9      error    trailing spaces  (trailing-spaces)
  61:1      error    too many blank lines (1 > 0)  (empty-lines)

./apache/osfamilymap.yaml
  4:1       warning  missing document start "---"  (document-start)
  16:89     error    line too long (104 > 88 characters)  (line-length)
  43:89     error    line too long (105 > 88 characters)  (line-length)
  56:16     warning  truthy value should be one of [false, true]  (truthy)
  114:11    error    empty value in block mapping  (empty-values)
  114:11    error    trailing spaces  (trailing-spaces)

./test/salt/pillar/default.sls
  5:26      warning  truthy value should be one of [false, true]  (truthy)
  7:18      warning  truthy value should be one of [false, true]  (truthy)
  8:20      warning  truthy value should be one of [false, true]  (truthy)
```
2019-10-17 08:32:30 +01:00
Javier Bértoli
06b1606f33 Add OCSP Stapling configuration capabilities to Debian
Document Stapling options in pillar.example
2018-11-04 15:39:34 -03:00
Sebastian Meyer
6f3ab21d62 Allow setting APACHE_SERVER_FLAGS on Suse (#234)
SUSE reads additional FLAGS that are used on the server start. They are
read from the APACHE_SERVER_FLAGS key, so we use a2enflag/a2disflag to
set those as we do with modules.
2018-08-30 22:22:55 +02:00
Adrien "ze" Urban
49dedb64dc directory.default: update pillar.example
New behavior properly explained in pillar.example

Warning: changes directory.default when used with non-standard documentroot.
Now uses documentroot, instead of previously "default" documentroot path.
2018-08-29 12:19:43 +02:00
Arthur Lutz
a5debf58b3 207 configure ssl (#218)
* [ssl] [debian] manage ssl.conf with pillars
* [apache] make cyphersuite a list
* [apache/ssl] switch back to strings, lists merge is not good
2018-08-17 19:41:40 +02:00
Adrien "ze" Urban
37f8af4b3a vhosts/standard: rewrite, simplify code
* No more if.
* Allow lookup to set default value for all docroot
* updated pillar.example
2018-06-28 15:28:03 +02:00
Adrien "ze" Urban
5211bdd72b vhosts/standard: allow user/group option
Support for DocumentRootUser and DocumentRootGroup
2018-06-28 10:20:33 +02:00
Noel McLoughin
147aa71551 Do not add ServerAlias unless defined 2018-01-30 23:20:25 +00:00
Noel McLoughin
853ec8e118 Allow Skipping of service manipulation via pillar (+PR comments) 2018-01-30 14:10:01 +01:00
emeygret
55c6010bde
pillar exemple for RedirectMatch directive 2018-01-17 08:36:03 +01:00
Alexander Weidinger
d3110f93f6 Manage TLS defaults 2018-01-10 01:24:17 +01:00
Noel McLoughlin
a07560a7ea Consolidate duplicate 'Location' stanzas in pillar.example; SLS Rendering Error fix 2017-08-24 20:58:37 +01:00
Javier Bértoli
ffac9b2381 Added minimal template (fixes #34) 2017-04-23 14:38:17 -03:00
Javier Bértoli
475fb8347e Add default user/group attributes as required by some states 2017-03-29 07:42:27 -03:00
Patrick Chevalley
780bf3158d Add Reverse Proxy directives, GeoIP, Certificates management, mostly for RedHat 2017-03-09 12:44:32 +01:00
Niels Abspoel
1c20ce5f70 add modsecurity rules state 2016-09-23 11:12:37 +02:00
Rob Ruma
d5337836b2 Adding exclude_listen_directive option (#151)
* Adding exclude_listen_directive option

* Updating Debian config
2016-07-20 19:19:39 -07:00
abehling
9aca4c35b7 RedHat: Made AddDefaultCharset Directive configurable (#147)
* RedHat: Made AddDefaultCharset Directive configurable

* Added description of apache:lookup:default_charset to pillar.example, sane default equals former hardcoded UTF-8
2016-06-29 09:18:30 -07:00
Martin Jackson
6382785cc9 Add proxyrequests directive (#144)
* Add ProxyRequests directive

This allows or prevents Apache httpd from functioning as a forward proxy server.
[See](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyrequests).
The default action is off so I've set this a the default for this formula so it does not change the default behaviour.

* Add example pillar usage
2016-05-24 10:10:01 -07:00
Martin Jackson
b1640f4f3d [#141] Support additional options for Proxypass (#142)
* Add support for proxy pass target options

* Add example usage
2016-05-23 10:32:12 -07:00
Javier Bértoli
2be52db8b8 Add mod_security management
Add gitignore, kitchen-ci files
Add some tests and documentation
2016-05-11 15:41:07 -03:00
Dominik Menzi
d1c3463154 Add support for NameVirtualHost on Debian 2016-04-15 09:08:14 +02:00
Bert Pattyn
5fc1dc710b fix Options in pillar.example 2016-04-12 15:01:07 +02:00
Rowcliffe Browne
2557d3d1c8 Allow global directives to be added to apache config 2016-01-19 17:02:31 +08:00
Alexander Kozlov
57d11a1cf0 Fixed YAML parsing On/Off as True/False
True and False are not correct values for apache config
2015-12-17 02:50:37 +03:00
Alexander Kozlov
3e650f5c48 Added ability to configure KeepAlive option
Sometimes it's necessary optimization in nginx+apache2 environment
2015-12-17 02:40:48 +03:00
Alexander Kozlov
03d97659d0 Added newlines to recent files 2015-12-16 16:43:16 +03:00
Alexander Kozlov
58aae42324 Follow-up to 8f2308b98 2015-12-16 03:09:48 +03:00
Alexander Kozlov
8f2308b985 Added ability to configure mod_remoteip 2015-12-16 02:54:14 +03:00
Alexander Kozlov
8584dbf2a1 Added ability to manage security settings
By reassigning options with `blockreplace` at `/etc/apache2/conf-available/security.conf`, which is linked as conf-enabled by default on Debian packages
2015-12-14 17:12:20 +03:00
root
3742b40f86 Added support for Alias and Locations, as well as enabling Dav 2015-12-10 06:59:32 +10:00
Brad Thurber
e5c1209433 This branch is foundational for further version-specific work to come.
* Add apache version (2.2, 2.4) detection based on osfinger (defaults to 2.4).
* Version can be overridden in pillar (for Apache 2.4 on RHEL 6 for example)
2015-08-26 08:49:43 -04:00
Brad Thurber
13fb82c470 add lookup section to pillar.example 2015-08-26 08:05:25 -04:00
Mathieu Tarral
c195dce07c add an 'enabled' attribute for a site in pillar 2015-08-25 01:50:58 -04:00
Jonathan Ballet
a8f2d89995 ssl: also support the SSLCertificateChainFile required by some providers 2015-06-09 11:54:07 +02:00
Mosen
f135e2e0d5 Fix incorrect syntax in pillar example for SSLCertificateFile, SSLCertificateKeyFile
Fix check for SSLCertificateFile, SSLCertificateKeyFile variables in vhosts/standard.tmpl, now using dict.get()
2015-05-14 12:38:27 +10:00
Forrest
99ea682cfb Merge pull request #52 from daschatten/master
Add basic SSL functionality.
2015-04-02 08:52:42 -07:00
Florian Bittner
dbb86f2bc4 Add basic SSL functionality. 2015-04-02 14:23:21 +02:00
Ryan Peck
a83f74c18e Add optional templating to register_site
Add optional templating for the register site aspect of a pillar.

User can specify keys to be included as defaults, otherwise it is
treated as a normal managed file.
2015-03-18 13:36:19 -04:00
sebastien.fleury
fce8d72c12 Issue#41 configure multi proxypass configuration in vhost 2015-03-11 18:35:41 +01:00