Backend webservers do not need modsecurity installed. Comment out the
state and add comment about suggestion for making the modsecurity
installation based on a conditional in the future.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
In our environment a simple state ensuring the service is running and
having it reload on configuration changes should be more than
sufficient. Additionally, remove restart retries and useless log/config
dumping on failures.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Follow-up to 14aa73e1ab, do not indirectly
include config file management with requirements.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
We are using the files and directories shipped with the apache2
package and do not want them to be overwritten.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* fix(redhat): use correct dirs for redhat family
Red hat family distributions do not implement sites-enabled nor vhosts.d
directories and all virtual hosts are under /etc/httpd/conf.d
Redhat based distros don't have /etc/init.d/httpd to rotate logs.
Default for them uses systemctl reload to rotate logs
The full apache context variable can grow quite large if using multiple
vhosts with SSL certificates.
With 200 sites the apache variable is being rendered 200 times which resuls
in observed renderer output of about 950MB...
state.apply will result with MemoryErrors in such cases.
This PR modifies the templating code to _only_ use a per site context
and pass a trimmed down copy of the apache context instead of the full.
Drive-By: Correct indentation for context variables.
Drive-By: Remove duplicate map/apache functionality. Only use map.
FEATURE: Archlinux support
FEATURE: Windows support
FEATURE: Enhanced CI/CD
FEATURE: modular states
BREAKING CHANGE: 'apache.sls' converted to new style 'init.ssl'
BREAKING CHANGE: "logrotate.sls" became "config/logrotate.sls"
BREAKING CHANGE: "debian_full.sls" became "config/debian_full.sls"
BREAKING CHANGE: "flags.sls" became "config/flags.sls"
BREAKING CHANGE: "manage_security" became "config/manage_security.sls"
BREAKING CHANGE: "mod_*.sls" became "config/mod_*.sls"
BREAKING CHANGE: "no_default_host.sls" became "config/no_default_host.sls"
BREAKING CHANGE: "own_default_host.sls" became "config/own_default_host.sls"
BREAKING CHANGE: "register_site.sls" became "config/register_site.sls"
BREAKING CHANGE: "server_status.sls" became "config/server_status.sls"
BREAKING CHANGE: "vhosts/" became "config/vhosts/"
BREAKING CHANGE: "mod_security/" became "config/mod_security/"
NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls'
NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls'
The current Red Hat config allows to set DefaultCharset to a value.
In certain situations it is necessary to leave it unconfigured thouguh.
Make the content optional, if the value of apache.default_charset is None,
the item is skipped. Otherwise it defaults to UTF-8.
The mod_ssl package name could be overridden in apache:lookup:mod_ssl.
Due to the way lookup keys are merged into the main apache dictionary,
the package name clashed with the mod_ssl configuration defined under
apache:mod_ssl.
Fix that by renaming the mod_ssl package variable to mod_ssl_pkg.
Drive-By: Add mod_ssl_pkg to the pillar.example file.
