Commit Graph

290 Commits

Author SHA1 Message Date
karim Hamza
ba2368907d remove ng stuff (#255)
* remove -ng stuff

* remove ng from template

* remove -ng from readme

* manage listen directive with disabled vhosts

* add json filter

* remove hardcoded path
2019-04-20 09:38:32 +02:00
karim Hamza
9662e8b4ab Feature (rhel7/httpd 2.4) : hardening apache and code refactoring (#251)
* Feature (rhel7/httpd 2.4) : hardening apache and code refactoring

* remove hard returns

* Add default Listen 80 in httpd.conf

In case there no vhosts defined in pillar httpd will listen on port 80.
 Without this default it will not start

* empty file autoindex.conf instead of deleting it

* explicit hardening items and references from CIS

* add #3.5 hardening rule

* explain CIS recommendations categories

* add dependencies before start service

* add recommendation #7.1 Install mod_ssl

* link in readme to hardening doc
2019-02-22 10:10:30 +01:00
Alexander Weidinger
05ff4e163c map.jinja: use grains.filter_by instead of defaults.merge
defaults.merge does not work with salt-ssh.
https://github.com/saltstack/salt/issues/51605
2019-02-13 13:41:54 +01:00
Javier Bértoli
64434daecb Fix wrong yaml parsing (#253) 2019-02-10 19:35:25 +01:00
Imran Iqbal
6852f87b7f Fix apache:lookup regression (#252) 2019-01-29 20:28:46 +01:00
Niels Abspoel
dccfdf7962
add server_status state (#250)
Add server_status state to create a default server_status handler for localhost
2018-11-27 19:53:15 +01:00
Niels Abspoel
9490c868e0 use watch module: apache-[restart|reload] consequently 2018-11-09 00:25:52 +01:00
Niels Abspoel
dcce3f6129 Fix osfinger map.jinja
made a copy paste error in map.jinja

this fixes #247
2018-11-08 21:32:32 +01:00
Javier Bértoli
c4154ba404
Merge pull request #246 from aboe76/add_defaults.yaml
refactor map.jinja with defaults and import_yaml files
2018-11-07 19:39:25 -03:00
Niels Abspoel
094b149262 refactor map.jinja with defaults and import_yaml files 2018-11-07 22:46:30 +01:00
alxwr
e2462b2c3b
Merge pull request #245 from netmanagers/master
Add OCSP Stapling configuration capabilities to Debian
2018-11-07 21:20:12 +01:00
alxwr
4af4ff5970 Restart (if needed) before reload (#244)
Some configuration changes only take effect after a restart of the service.
When the module 'apache-reload' is triggered too early, it fails which results
in a false-negative result of the Salt run.
In order to fix that 'apache-restart' and the service definition itself are
put before 'apache-reload'. Reload should always succeed if restart did.
2018-11-07 20:06:30 +01:00
Javier Bértoli
06b1606f33 Add OCSP Stapling configuration capabilities to Debian
Document Stapling options in pillar.example
2018-11-04 15:39:34 -03:00
Andreas Thienemann
79673343a5 No automatic listener for port *
The formula currently adds a Listen directive for the port '*' if
any configured vhost is configured to listen on :* which does not
work and instead prevents apache from starting.

It is possible to prevent this by setting the
exclude_listen_directive pillar to True but this is a manual
workaround.

Instead, this commit excludes :* Listeners automatically.
2018-11-04 03:18:56 +01:00
Andreas Thienemann
4bba8862ab Delete Red Hat provided ssl.conf (#243)
When using the mod_ssl state on Red Hat family systems the httpd
server will currently not start.

This is due to duplicate Listen directives provided in the
ssl.conf file shipped with the mod_ssl rpm package and the directives
configured by saltstack.

The easy solution is to just ensure the rpm shipped mod_ssl is removed.
2018-10-27 23:27:27 +02:00
Andreas Thienemann
894e970549 Fix hardcoded path (#242)
The config.sls state uses a hardcoded file path for the welcome
config.
Use the confdir variable to build the path instead to allow for
overrides.
2018-10-27 22:13:49 +02:00
Andreas Thienemann
4ed6e228f5 Improve document root fix for Red Hat (#241)
The docroot fix from PR#240 worked fine for default servers.
But as soon as one uses vhosts this broke as the vhosts were
created under the docroot in /var/www/html rather than the better
/var/www.

Fix this by differentiating between docroot and wwwdir.
Further allow to override both in Red Hat-style configs.
The override allows to reuse this formula for the softwarecollections
rpms.
2018-10-27 15:21:51 +02:00
Andreas Thienemann
eca4daf767 Fix DocumentRoot on Red Hat
The current docroot ist set to /var/www. This is incorrect.
Fix with correct value /var/www/html.
2018-10-10 19:01:49 +02:00
Arthur Lutz
feadd58f85
[standard/vhost] unique id renamed 2018-09-11 12:52:30 +02:00
Arthur Lutz
c07e5846a4
[vhosts/standard] improve uniqueness of section id 2018-09-11 09:43:15 +02:00
Sebastian Meyer
6f3ab21d62 Allow setting APACHE_SERVER_FLAGS on Suse (#234)
SUSE reads additional FLAGS that are used on the server start. They are
read from the APACHE_SERVER_FLAGS key, so we use a2enflag/a2disflag to
set those as we do with modules.
2018-08-30 22:22:55 +02:00
ze42
1982f1ecc8 mod_remoteip: enable conf independantly (#236) 2018-08-30 22:22:28 +02:00
Adrien "ze" Urban
70ae79b991 vhosts/standard: Directory_default to DocumentRoot 2018-08-29 12:16:15 +02:00
ardin
7bac5c7c30 mod_mpm for RedHat (#160) 2018-08-17 19:42:45 +02:00
Arthur Lutz
a5debf58b3 207 configure ssl (#218)
* [ssl] [debian] manage ssl.conf with pillars
* [apache] make cyphersuite a list
* [apache/ssl] switch back to strings, lists merge is not good
2018-08-17 19:41:40 +02:00
Niels Abspoel
ac7e71bf56
Merge pull request #228 from ze42/docroot_sitename
DocumentRoot: fallback to SiteName like templates
2018-08-17 19:39:51 +02:00
Niels Abspoel
32f92e8acd
Merge pull request #227 from ze42/geoip_debian
geoip: Debian support
2018-08-17 19:39:16 +02:00
Niels Abspoel
03de980860
Merge pull request #230 from ze42/docroot_owner
vhosts/standard: allow to set docroot ownership
2018-08-17 19:38:18 +02:00
Niels Abspoel
00b437aa27
Merge pull request #232 from ze42/vhosts_cleanup
vhosts/cleanup: clean non-salted sites
2018-08-17 19:36:30 +02:00
Alexander Weidinger
33e1302a12 Create Apache's logdir if necessary 2018-08-15 02:01:40 +02:00
Adrien "ze" Urban
fdaa62d7a9 vhosts/cleanup: clean non-salted sites
Makes it easier to clean any unwanted sites
2018-07-03 11:44:24 +02:00
Adrien "ze" Urban
37f8af4b3a vhosts/standard: rewrite, simplify code
* No more if.
* Allow lookup to set default value for all docroot
* updated pillar.example
2018-06-28 15:28:03 +02:00
Adrien "ze" Urban
2bae6fea10 vhosts/standard: fix set user/group
unless test -d on file.directory seems useless.
2018-06-28 10:20:33 +02:00
Adrien "ze" Urban
5211bdd72b vhosts/standard: allow user/group option
Support for DocumentRootUser and DocumentRootGroup
2018-06-28 10:20:33 +02:00
Javier Bértoli
dc46bc8340
Merge pull request #224 from arthurlogilab/fix-fcgid-redhat
Fix fcgid redhat
2018-06-27 14:32:40 -03:00
Adrien "ze" Urban
76f05dda8e manage_security: fix file presence detection
Detect runtime, rather than before starting/installing anything.
2018-06-07 14:52:57 +02:00
Adrien "ze" Urban
0ed8f9a94b DocumentRoot: fallback to SiteName like templates
Templates already fallback to SiteName before site id.

This attemps to be consistent with them, and avoid having to explicitly specify
the DocumentRoot, when the template already does the proper inference.
2018-05-22 15:23:11 +02:00
Adrien "ze" Urban
4e15435ef4 geoip: Debian support 2018-05-22 15:20:50 +02:00
Arthur Lutz
d7e212d904 [apache/map.jinja] add RedHat fcgid package name 2018-03-23 13:39:02 +01:00
N
da543013f4
Merge pull request #222 from noelmcloughlin/FixFastCgi
Fix mod_fastcgi, mod_php5, and pkgrepo states
2018-03-15 10:47:14 +00:00
N
7e66b260e4
Merge pull request #220 from noelmcloughlin/issue122
Do not add ServerAlias unless defined
2018-03-15 10:46:55 +00:00
Niels Abspoel
fe9407df47 replace iteritems with items 2018-03-07 21:05:22 +01:00
noelmcloughlin
2c21dc0df6 Fix mod_fastcgi state/repo 2018-02-14 21:01:43 +00:00
N
f1514dab84
Merge pull request #205 from emeygret/patch-1
Add RedirectMatch option
2018-02-05 12:06:51 +00:00
Javier Bértoli
fcb434e248 Added "Managed by Salt..." headers in template and made them unifom across the formula 2018-02-04 10:26:40 -03:00
Noel McLoughin
147aa71551 Do not add ServerAlias unless defined 2018-01-30 23:20:25 +00:00
Arthur Lutz
fd23f29cf8
Merge branch 'master' into 217-customlog 2018-01-30 14:24:16 +01:00
Arthur Lutz
1ebee8bc07 [apache/vhosts] fix CustomLog on standard template 2018-01-30 14:13:12 +01:00
Noel McLoughin
853ec8e118 Allow Skipping of service manipulation via pillar (+PR comments) 2018-01-30 14:10:01 +01:00
Arthur Lutz
1b5e13a36c
Fix conflict ID #214 2018-01-16 10:04:16 +01:00