Commit Graph

71 Commits

Author SHA1 Message Date
Marius van Witzenburg
22c647eb5c
feature(trust): improved remote ip internal proxy support (#300)
* feat(trusted_proxy): Add support for RemoteIPInternalProxy

* fix(syntax): add semicolon
2021-01-08 11:33:46 +00:00
noelmcloughlin
28300814fc fix(memory): pass variable not dict 2020-12-08 20:46:27 +00:00
Benjamin Neff
41a7a83af0
feat(ssl.conf): add SSLSessionTickets to ssl.conf on debian 2020-10-14 22:09:37 +02:00
Benjamin Neff
65043f8a61
fix(ssl.conf): fix pillar keys for SSLStapling in ssl.conf on debian 2020-10-14 22:05:41 +02:00
Benjamin Neff
b99b7b71ad
refactor(ssl.conf): reduce newlines in ssl.conf on debian 2020-10-14 22:04:01 +02:00
Benjamin Neff
32f05e5a66
fix(config): fix old apache.service usage 2020-10-13 02:42:52 +02:00
noelmcloughlin
47818fc360 refactor(formula): align to template-formula & improve ci features
FEATURE: Archlinux support
FEATURE: Windows support
FEATURE: Enhanced CI/CD
FEATURE: modular states

BREAKING CHANGE: 'apache.sls' converted to new style 'init.ssl'
BREAKING CHANGE: "logrotate.sls" became "config/logrotate.sls"
BREAKING CHANGE: "debian_full.sls" became "config/debian_full.sls"
BREAKING CHANGE: "flags.sls" became "config/flags.sls"
BREAKING CHANGE: "manage_security" became "config/manage_security.sls"
BREAKING CHANGE: "mod_*.sls" became "config/mod_*.sls"
BREAKING CHANGE: "no_default_host.sls" became "config/no_default_host.sls"
BREAKING CHANGE: "own_default_host.sls" became "config/own_default_host.sls"
BREAKING CHANGE: "register_site.sls" became "config/register_site.sls"
BREAKING CHANGE: "server_status.sls" became "config/server_status.sls"
BREAKING CHANGE: "vhosts/" became "config/vhosts/"
BREAKING CHANGE: "mod_security/" became "config/mod_security/"

NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls'
NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls'
2020-10-05 14:24:15 +01:00
Javier Bértoli
632802a5a9 fix(server-status): enable module in Debian family 2020-07-19 09:26:39 -03:00
Andreas Thienemann
648f589cc3
feat(redhat/apache-2.x.config.jinja): allow override of default_charset
The current Red Hat config allows to set DefaultCharset to a value.
In certain situations it is necessary to leave it unconfigured thouguh.

Make the content optional, if the value of apache.default_charset is None,
the item is skipped. Otherwise it defaults to UTF-8.
2020-07-16 19:43:54 +01:00
Chris Horne
36ad2b2442 fix(redhat): add user & group lookup to configs 2019-12-20 17:38:01 +00:00
Imran Iqbal
e5579930e7
Merge pull request #272 from dimitry-unified-streaming/fix-mpm_prefork-jinja
fix(mod_mpm): cast to int to avoid Jinja type mismatch error
2019-12-20 16:52:13 +00:00
mcarlton00
a3c0022d79 feat(server-status): allow remote servers to reach server-status page 2019-12-20 11:20:26 -05:00
Dimitry Andric
21045c7a7b fix(mod_mpm): cast to int to avoid Jinja type mismatch error
This fixes the following error when Jinja tries to process
`mpm_prefork.conf.jinja` or `00-mpm.conf.jinja`, when it processes the
`max_request_workers` comparison:

```
Unable to manage file: Jinja error: '>=' not supported between instances of 'str' and 'int'
[...]
<IfModule mpm_prefork_module>
  StartServers {{ mpm_param['start_servers'] | d('5') }}
  MaxRequestWorkers {{ mpm_param['max_request_workers'] | d('150') }}
{%- if mpm_param['max_request_workers'] | d('150') >= 256 %}    <======================
  ServerLimit {{ mpm_param['max_request_workers'] | d('150') }}
{%- endif %}
  MinSpareServers {{ mpm_param['min_spare_servers'] | d('5') }}
  MaxSpareServers {{ mpm_param['max_spare_servers'] | d('10') }}
  MaxConnectionsPerChild {{ mpm_param['max_connections_per_child'] | d('0') }}
```

Add filters that convert the values to an int first.
2019-12-20 13:24:37 +01:00
Imran Iqbal
2a79d05945
fix(modsecurity.conf.jinja): fix salt-lint errors
```bash
Examining apache/files/RedHat/modsecurity.conf.jinja of type state
[201] Trailing whitespace
apache/files/RedHat/modsecurity.conf.jinja:26
```
2019-10-17 08:32:30 +01:00
Imran Iqbal
e2c1c2e66f
fix(apache-2.4.config.jinja): fix salt-lint errors
```bash
Examining apache/files/FreeBSD/apache-2.4.config.jinja of type state
[201] Trailing whitespace
apache/files/FreeBSD/apache-2.4.config.jinja:171
```
2019-10-17 08:32:30 +01:00
Imran Iqbal
f4045efeff
fix(apache-2.2.config.jinja): fix salt-lint errors
```bash
Examining apache/files/Debian/apache-2.2.config.jinja of type state
[201] Trailing whitespace
apache/files/Debian/apache-2.2.config.jinja:119
    MaxSpareThreads      75

[201] Trailing whitespace
apache/files/Debian/apache-2.2.config.jinja:136
    MaxSpareThreads      75
```
2019-10-17 08:32:30 +01:00
Andreas Thienemann
0c1423f8f1 Fix mod_remoteip for Red Hat family OS (#260)
The source template was missing for RH based systems, only the Debian
file was packaged.

Fix this.
2019-04-20 09:32:44 +02:00
Niels Abspoel
dccfdf7962
add server_status state (#250)
Add server_status state to create a default server_status handler for localhost
2018-11-27 19:53:15 +01:00
Javier Bértoli
06b1606f33 Add OCSP Stapling configuration capabilities to Debian
Document Stapling options in pillar.example
2018-11-04 15:39:34 -03:00
Andreas Thienemann
79673343a5 No automatic listener for port *
The formula currently adds a Listen directive for the port '*' if
any configured vhost is configured to listen on :* which does not
work and instead prevents apache from starting.

It is possible to prevent this by setting the
exclude_listen_directive pillar to True but this is a manual
workaround.

Instead, this commit excludes :* Listeners automatically.
2018-11-04 03:18:56 +01:00
Andreas Thienemann
4ed6e228f5 Improve document root fix for Red Hat (#241)
The docroot fix from PR#240 worked fine for default servers.
But as soon as one uses vhosts this broke as the vhosts were
created under the docroot in /var/www/html rather than the better
/var/www.

Fix this by differentiating between docroot and wwwdir.
Further allow to override both in Red Hat-style configs.
The override allows to reuse this formula for the softwarecollections
rpms.
2018-10-27 15:21:51 +02:00
ardin
7bac5c7c30 mod_mpm for RedHat (#160) 2018-08-17 19:42:45 +02:00
Arthur Lutz
a5debf58b3 207 configure ssl (#218)
* [ssl] [debian] manage ssl.conf with pillars
* [apache] make cyphersuite a list
* [apache/ssl] switch back to strings, lists merge is not good
2018-08-17 19:41:40 +02:00
Javier Bértoli
fcb434e248 Added "Managed by Salt..." headers in template and made them unifom across the formula 2018-02-04 10:26:40 -03:00
Alexander Weidinger
d3110f93f6 Manage TLS defaults 2018-01-10 01:24:17 +01:00
Wolodja Wentland
147fc0581f
Merge pull request #184 from alxwr/template-security
Template security.conf in Debian
2017-12-19 10:24:14 +00:00
Javier Bértoli
a61504f900 Merge pull request #185 from aboe76/update_suse_config
update suse config file with latest changes
2017-08-02 07:53:14 -03:00
Louis Haddrell
7e96ce8d3e Replaced Apache 2.4 syntax in RedHat Apache 2.2 config (fixes #115) 2017-08-01 15:34:06 +01:00
Niels Abspoel
adea6485ea update suse config file with latest changes 2017-05-21 23:31:24 +02:00
Alexander Weidinger
5fa91b7b91 Template security.conf in Debian
Including optional per-OS templates

(Solves https://github.com/saltstack-formulas/apache-formula/issues/153)
2017-05-17 07:54:02 +02:00
Javier Bértoli
475fb8347e Add default user/group attributes as required by some states 2017-03-29 07:42:27 -03:00
alxwr
7d5e588b6e Merge pull request #168 from bmwiedemann/suse
fixes in SUSE support
2017-03-28 17:01:46 +02:00
Bernhard M. Wiedemann
cc95c7579e SUSE: typo fixes 2017-03-17 13:16:07 +01:00
Bernhard M. Wiedemann
57690acd77 SUSE: use different global.conf
sysconfig.d/global.conf is re-written by sysconfig on openSUSE
2017-03-17 13:16:01 +01:00
Patrick Chevalley
780bf3158d Add Reverse Proxy directives, GeoIP, Certificates management, mostly for RedHat 2017-03-09 12:44:32 +01:00
Alexander Weidinger
6e880d0827 FreeBSD: mod_cgi 2017-02-01 23:50:03 +01:00
Alexander Weidinger
e1c55b9475 FreeBSD: apache.mod_proxy_http 2017-02-01 23:50:03 +01:00
Alexander Weidinger
0590e43973 FreeBSD: apache.manage_security 2017-02-01 23:50:03 +01:00
Alexander Weidinger
9f796f0b6a apache.global for Debian and FreeBSD 2017-02-01 23:50:03 +01:00
Alexander Weidinger
f03df6e2fb FreeBSD: mod_rewrite 2017-02-01 23:50:03 +01:00
Alexander Weidinger
5dbe687cda FreeBSD: mod_perl2 2017-02-01 23:50:03 +01:00
Alexander Weidinger
4e12b404a4 FreeBSD: mod_suexec 2017-02-01 23:50:03 +01:00
Alexander Weidinger
bc81c6ab43 FreeBSD: mod_proxy 2017-02-01 23:50:03 +01:00
Alexander Weidinger
9e3645c53c FreeBSD: made default SSL key configurable 2017-02-01 23:50:03 +01:00
Alexander Weidinger
4d94109534 FreeBSD: set correct env vars 2017-02-01 23:50:03 +01:00
Alexander Weidinger
385a120590 FreeBSD: envvars 2017-02-01 23:50:03 +01:00
Alexander Weidinger
9a1fb054d6 mod_php5: FreeBSD 2017-02-01 23:50:03 +01:00
Alexander Weidinger
5d27226001 FreeBSD: global DocumentRoot 2017-02-01 23:50:03 +01:00
Alexander Weidinger
c7e533d7e5 mod_ssl: FreeBSD support 2017-02-01 23:50:03 +01:00
Alexander Weidinger
a64ee209cb FreeBSD support 2017-02-01 23:48:25 +01:00