Commit Graph

87 Commits

Author SHA1 Message Date
karim Hamza
9662e8b4ab Feature (rhel7/httpd 2.4) : hardening apache and code refactoring (#251)
* Feature (rhel7/httpd 2.4) : hardening apache and code refactoring

* remove hard returns

* Add default Listen 80 in httpd.conf

In case there no vhosts defined in pillar httpd will listen on port 80.
 Without this default it will not start

* empty file autoindex.conf instead of deleting it

* explicit hardening items and references from CIS

* add #3.5 hardening rule

* explain CIS recommendations categories

* add dependencies before start service

* add recommendation #7.1 Install mod_ssl

* link in readme to hardening doc
2019-02-22 10:10:30 +01:00
Niels Abspoel
9490c868e0 use watch module: apache-[restart|reload] consequently 2018-11-09 00:25:52 +01:00
Arthur Lutz
feadd58f85
[standard/vhost] unique id renamed 2018-09-11 12:52:30 +02:00
Arthur Lutz
c07e5846a4
[vhosts/standard] improve uniqueness of section id 2018-09-11 09:43:15 +02:00
Adrien "ze" Urban
70ae79b991 vhosts/standard: Directory_default to DocumentRoot 2018-08-29 12:16:15 +02:00
Niels Abspoel
ac7e71bf56
Merge pull request #228 from ze42/docroot_sitename
DocumentRoot: fallback to SiteName like templates
2018-08-17 19:39:51 +02:00
Niels Abspoel
03de980860
Merge pull request #230 from ze42/docroot_owner
vhosts/standard: allow to set docroot ownership
2018-08-17 19:38:18 +02:00
Adrien "ze" Urban
fdaa62d7a9 vhosts/cleanup: clean non-salted sites
Makes it easier to clean any unwanted sites
2018-07-03 11:44:24 +02:00
Adrien "ze" Urban
37f8af4b3a vhosts/standard: rewrite, simplify code
* No more if.
* Allow lookup to set default value for all docroot
* updated pillar.example
2018-06-28 15:28:03 +02:00
Adrien "ze" Urban
2bae6fea10 vhosts/standard: fix set user/group
unless test -d on file.directory seems useless.
2018-06-28 10:20:33 +02:00
Adrien "ze" Urban
5211bdd72b vhosts/standard: allow user/group option
Support for DocumentRootUser and DocumentRootGroup
2018-06-28 10:20:33 +02:00
Adrien "ze" Urban
0ed8f9a94b DocumentRoot: fallback to SiteName like templates
Templates already fallback to SiteName before site id.

This attemps to be consistent with them, and avoid having to explicitly specify
the DocumentRoot, when the template already does the proper inference.
2018-05-22 15:23:11 +02:00
N
7e66b260e4
Merge pull request #220 from noelmcloughlin/issue122
Do not add ServerAlias unless defined
2018-03-15 10:46:55 +00:00
N
f1514dab84
Merge pull request #205 from emeygret/patch-1
Add RedirectMatch option
2018-02-05 12:06:51 +00:00
Javier Bértoli
fcb434e248 Added "Managed by Salt..." headers in template and made them unifom across the formula 2018-02-04 10:26:40 -03:00
Noel McLoughin
147aa71551 Do not add ServerAlias unless defined 2018-01-30 23:20:25 +00:00
Arthur Lutz
fd23f29cf8
Merge branch 'master' into 217-customlog 2018-01-30 14:24:16 +01:00
Arthur Lutz
1ebee8bc07 [apache/vhosts] fix CustomLog on standard template 2018-01-30 14:13:12 +01:00
Alexander Weidinger
08a21edb73 Actually fix CustomLog default values in templates 2018-01-05 01:30:42 +01:00
Alexander Weidinger
e20189e94a Revert "Fix CustomLog default values in templates"
This reverts commit 429039819d.
2018-01-05 00:59:57 +01:00
Alexander Weidinger
429039819d Fix CustomLog default values in templates 2018-01-03 02:12:54 +01:00
emeygret
2142ab99f1
Add RedirectMatch option
in pillar add 
RedirectMatch: true
2017-12-12 11:35:14 +01:00
thomas Senay
5fea96a6a2 Split Logformat and CustomLog Directive to avoid syntax error on RedHat 2017-11-13 10:41:25 +01:00
alexfrosa
dca6c1b4a3
Update minimal.tmpl
Adapted log format to Apache's new default
2017-11-05 10:44:24 -02:00
Alex Rosa
0475eef4ad fixed: missing LogFormat 2017-11-04 16:38:31 -02:00
Louis Haddrell
2360d722b6 Replaced use_require with Apache version check (fixes #188) 2017-08-02 00:05:18 +01:00
Javier Bértoli
ffac9b2381 Added minimal template (fixes #34) 2017-04-23 14:38:17 -03:00
alxwr
0e670f47df Merge pull request #170 from bmwiedemann/fix2
fix standard.tmpl
2017-03-28 16:36:14 +02:00
alxwr
b003b82249 Merge pull request #169 from bmwiedemann/fix1
drop %O from default LogFormat
2017-03-28 16:24:06 +02:00
Bernhard M. Wiedemann
f25d7707cf fix standard.tmpl
with salt-ssh-2016.11.3 it errored out with
TemplateNotFound: apache/map.jinja

and we were already passing in the 'apache' data as 'map'
from standard.sls
2017-03-20 17:10:22 +01:00
Bernhard M. Wiedemann
81a25d9467 drop %O from default LogFormat
because it requires mod_logio to be enabled
2017-03-20 17:09:58 +01:00
Patrick Chevalley
780bf3158d Add Reverse Proxy directives, GeoIP, Certificates management, mostly for RedHat 2017-03-09 12:44:32 +01:00
Alexander Weidinger
cc9d81c3b1 Made Timeout optional 2017-02-01 23:39:29 +01:00
alxwr
217b6caa64 Merge pull request #118 from opdude/feature/add-fields
Added Timeout and LimitRequestsFields to vhosts
2017-02-01 23:12:13 +01:00
dexbleeker
bf66e749d1 Append slash to RedirectTarget (#161) 2016-10-18 12:48:59 -07:00
John Kristensen
10ae336f12 Correct ProxyPassTarget default for ProxyPassReverseTarget (#154)
According to the pillar.example file there is no site.ProxyPassTarget,
so ProxyPassReverseTarget should default to proxyargs.ProxyPassTarget
(ie. site.ProxyRoute.ProxyPassTarget)
2016-08-02 21:29:53 -07:00
Raphaël Hertzog
4fa9d57d2b Do not force usage of apache.config in apache.vhosts.standard
In 4d04d95b02 (#113)
apache/vhosts/standard.sls has been modified by @genuss to include
apache.config on the basis that apache.config was now able to retrieve the
interfaces/ports from pillar data in apache:sites.

I use apache:sites to register virtual hosts with non-standard
"template_file" (they contain the desired configuration directly)
and the "interface/port" keys are thus not meaningful.

apache:
  sites:
    example.com:
      template_file: salt://vm/example/apache-vhost.conf
      DocumentRoot: False

The generated ports.conf ends up containing only "*:80" while
my virtual host configuration files need ports 80 and 443. The
situation was perfectly fine up to now because the default configuration
file handles both of those ports if you have mod_ssl installed.

People who want to use apache.config should just explicitly include
that state, we should not force its usage to all apache.vhosts.standard
users.
2016-06-21 17:39:35 +02:00
Martin Jackson
6382785cc9 Add proxyrequests directive (#144)
* Add ProxyRequests directive

This allows or prevents Apache httpd from functioning as a forward proxy server.
[See](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyrequests).
The default action is off so I've set this a the default for this formula so it does not change the default behaviour.

* Add example pillar usage
2016-05-24 10:10:01 -07:00
Martin Jackson
b1640f4f3d [#141] Support additional options for Proxypass (#142)
* Add support for proxy pass target options

* Add example usage
2016-05-23 10:32:12 -07:00
Philipp Marmet
01c9ca4a56 use default style for cmd.run: instead of cmd: - run 2016-05-18 17:08:22 +02:00
Nils Kalchhauser
fa291e289a fix line feed suppression in standard.tmpl 2016-04-10 22:17:44 +02:00
Daniel Hobley
9b8932b267 Fixed a bug where the Require parameter would be on the same line as location
- This is then ignored by Apache
2016-02-18 16:24:35 +01:00
Daniel Hobley
e281a7ba82 Added Timeout and LimitRequestsFields to vhosts 2016-02-18 16:22:22 +01:00
a.genus
4d04d95b02 Manage ports.conf file on Debian 2016-02-01 19:03:47 +03:00
a.genus
ba6679ef66 Remove breaking changes 2016-02-01 19:01:02 +03:00
Christian McHugh
f8d90931f8 Cleanup whitespace in generated vhosts
Correct handling of allow encoded slashes
2016-01-31 16:35:29 -06:00
David Douard
f01c72c637 Allow to configure several interfaces for a vhost.
This is done by split the interface pillar value instead of using a proper
list so it behaves exactly the same as before for simple 1 interface cases
(no need to refactor one's pillar files).

The resulting is something like:

  Listen 1.2.3.4:80
  Listen [2001🔤def💯:3]:80

  <VirtualHost 1.2.3.4:80 [2001🔤def💯:3]:80>
  ...
2016-01-25 12:25:29 +01:00
Rowcliffe Browne
4987f3d556 allow AllowEncodedSlashes directive in vhosts.
Apache2 docs state this is global, but vhost overrides it even when not specified.

additionally, this directive is defaulted differently across distributions (eg. CentOS is default 'On')

this change allows control of the directive.
2016-01-20 12:17:41 +08:00
a.genus
cac7545070 Add listen directive to vhosts templates and remove ports.conf 2015-12-24 16:01:32 +03:00
root
3742b40f86 Added support for Alias and Locations, as well as enabling Dav 2015-12-10 06:59:32 +10:00