saltstack-formulas/apache-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: saltstack-formulas:develop-v1.0.0
Branches Tags
saltstack-formulas:libertacasa
saltstack-formulas:dependabot/bundler/activesupport-7.0.4.1
saltstack-formulas:pre-commit-ci-update-config
saltstack-formulas:master
saltstack-formulas:ixs-patch-1
saltstack-formulas:develop-v1.0.0
saltstack-formulas:v1.2.2
saltstack-formulas:v1.2.1
saltstack-formulas:v1.2.0
saltstack-formulas:v1.1.8
saltstack-formulas:v1.1.7
saltstack-formulas:v1.1.6
saltstack-formulas:v1.1.5
saltstack-formulas:v1.1.4
saltstack-formulas:v1.1.3
saltstack-formulas:v1.1.2
saltstack-formulas:v1.1.1
saltstack-formulas:v1.1.0
saltstack-formulas:v1.0.5
saltstack-formulas:v1.0.4
saltstack-formulas:v1.0.3
saltstack-formulas:v1.0.2
saltstack-formulas:v1.0.1
saltstack-formulas:v1.0.0
saltstack-formulas:v0.41.1
saltstack-formulas:v0.41.0
saltstack-formulas:v0.40.0
saltstack-formulas:v0.39.5
saltstack-formulas:v0.39.4
saltstack-formulas:v0.39.3
saltstack-formulas:v0.39.2
saltstack-formulas:v0.39.1
saltstack-formulas:v0.39.0
saltstack-formulas:v0.38.2
saltstack-formulas:v0.38.1
saltstack-formulas:v0.38.0
saltstack-formulas:v0.37.4
...
pull from: saltstack-formulas:libertacasa
Branches Tags
saltstack-formulas:libertacasa
saltstack-formulas:dependabot/bundler/activesupport-7.0.4.1
saltstack-formulas:pre-commit-ci-update-config
saltstack-formulas:master
saltstack-formulas:ixs-patch-1
saltstack-formulas:develop-v1.0.0
saltstack-formulas:v1.2.2
saltstack-formulas:v1.2.1
saltstack-formulas:v1.2.0
saltstack-formulas:v1.1.8
saltstack-formulas:v1.1.7
saltstack-formulas:v1.1.6
saltstack-formulas:v1.1.5
saltstack-formulas:v1.1.4
saltstack-formulas:v1.1.3
saltstack-formulas:v1.1.2
saltstack-formulas:v1.1.1
saltstack-formulas:v1.1.0
saltstack-formulas:v1.0.5
saltstack-formulas:v1.0.4
saltstack-formulas:v1.0.3
saltstack-formulas:v1.0.2
saltstack-formulas:v1.0.1
saltstack-formulas:v1.0.0
saltstack-formulas:v0.41.1
saltstack-formulas:v0.41.0
saltstack-formulas:v0.40.0
saltstack-formulas:v0.39.5
saltstack-formulas:v0.39.4
saltstack-formulas:v0.39.3
saltstack-formulas:v0.39.2
saltstack-formulas:v0.39.1
saltstack-formulas:v0.39.0
saltstack-formulas:v0.38.2
saltstack-formulas:v0.38.1
saltstack-formulas:v0.38.0
saltstack-formulas:v0.37.4

289 Commits
develop-v1 ... libertacas

Author SHA1 Message Date
Georg Pfuetzenreuter
9cf4951f15
Disable journal dump on fail 
Too noisy.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-05-01 00:08:59 +02:00
Georg Pfuetzenreuter
2abb801af7
Revert "style(vhost): reduce empty lines" 
This reverts commit 4157db4d292b251b9c6cdf34bf52b1772f70c2a4.
New formatting did not work out as anticipated.
 2023-04-30 17:01:49 +02:00
Georg Pfuetzenreuter
a6f1fb91d5
Disable pkg-deps 
Backend webservers do not need modsecurity installed. Comment out the
state and add comment about suggestion for making the modsecurity
installation based on a conditional in the future.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-04-29 23:34:12 +02:00
Georg Pfuetzenreuter
e1685ffbeb
Simplify service management 
In our environment a simple state ensuring the service is running and
having it reload on configuration changes should be more than
sufficient. Additionally, remove restart retries and useless log/config
dumping on failures.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-04-29 23:28:49 +02:00
Georg Pfuetzenreuter
b22a6cf1bb
Disable config.file hooks in service.running 
Follow-up to 14aa73e1ab709c11f8af57d21d93ce6129b4fff7, do not indirectly
include config file management with requirements.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-04-29 23:14:30 +02:00
Georg Pfuetzenreuter
9f2bcb52b7
Disable register_site include 
Avoid useless rendering of Debian specific state.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-04-29 22:54:13 +02:00
Georg Pfuetzenreuter
14aa73e1ab
Disable superfluous config states 
We are using the files and directories shipped with the apache2
package and do not want them to be overwritten.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-04-29 22:44:14 +02:00
Georg Pfuetzenreuter
4157db4d29
style(vhost): reduce empty lines 
Avoid lots of empty lines if options are not used.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-02-18 18:24:45 +01:00
Imran Iqbal
1553a9d5bc
chore(gemfile.lock): update to latest gem versions (2022-W28) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/454
 2022-07-17 19:40:10 +01:00
Imran Iqbal
f36c291752
chore(gemfile.lock): update to latest gem versions (2022-W26) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/453
 2022-06-30 23:02:56 +01:00
Imran Iqbal
9c9bfe9538
chore(gemfile.lock): update to latest gem versions (2022-W24) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/452
 2022-06-15 23:00:23 +01:00
Imran Iqbal
3f95ed6dc2
ci: update pre-commit configuration inc. for pre-commit.ci [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/450
 2022-06-08 23:57:55 +01:00
Imran Iqbal
60f9d3b5e5
chore(gemfile.lock): update to latest gem versions (2022-W23) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/449
 2022-06-07 23:25:21 +01:00
Imran Iqbal
d4cab05532
chore(gemfile.lock): update to latest gem versions (2022-W22) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/447
 2022-05-30 17:22:48 +01:00
Imran Iqbal
692cea45a1
chore(gemfile.lock): update to latest gem versions (2022-W20) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/444
 2022-05-17 13:14:53 +01:00
Imran Iqbal
ac62a7ae41
test(system.rb): add support for mac_os_x [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/442
 2022-05-17 08:45:20 +01:00
Imran Iqbal
6fbf2d8d2d
ci(vagrant): use linked_clone at all times (inc. CI) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/441
 2022-05-14 20:10:16 +01:00
Imran Iqbal
41d0bfbca2
chore(gemfile.lock): update to latest gem versions (2022-W19) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/439
 2022-05-10 07:28:14 +01:00
Imran Iqbal
ec3563d97f
chore(gemfile.lock): update to latest gem versions (2022-W18) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/437
 2022-05-06 23:09:56 +01:00
Imran Iqbal
5ff4c6332c
chore(gemfile.lock): update to latest gem versions (2022-W17) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/433
 2022-04-25 09:05:49 +01:00
Imran Iqbal
5aab2d72d7
chore(gemfile.lock): update to latest gem versions (2022-W16) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/431
 2022-04-18 23:32:09 +01:00
Imran Iqbal
984adc6193
chore(gemfile.lock): update to latest gem versions (2022-W15) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/428
 2022-04-11 19:14:48 +01:00
Imran Iqbal
165d8b683c
chore(gemfile.lock): update to latest gem versions (2022-W14) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/427
 2022-04-04 09:18:12 +01:00
Imran Iqbal
abb89c0ea0
ci(kitchen+gitlab): update for new pre-salted images [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/426
 2022-04-03 14:58:55 +01:00
Imran Iqbal
f7f431f799
chore(gemfile.lock): update to latest gem versions (2022-W13) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/425
 2022-04-01 15:27:56 +01:00
Imran Iqbal
932ca8bc14
chore(gemfile.lock): update to latest gem versions (2022-W12) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/424
 2022-03-22 11:56:52 +00:00
Imran Iqbal
70a74b9cb4
chore(gemfile.lock): update to latest gem versions (2022-W11) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/423
 2022-03-17 23:35:19 +00:00
Imran Iqbal
ce44363fd0
chore(gemfile.lock): update to latest gem versions (2022-W10) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/422
 2022-03-12 10:00:44 +00:00
Imran Iqbal
4e0c594f81
chore(gemfile.lock): update to latest gem versions (2022-W09) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/421
 2022-03-04 15:28:04 +00:00
Imran Iqbal
4d50ddca21
chore(gemfile.lock): update to latest gem versions (2022-W08) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/419
 2022-02-21 19:04:20 +00:00
Imran Iqbal
d8bce64d3d
chore(gemfile.lock): update to latest gem versions (2022-W07) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/416
 2022-02-15 08:57:36 +00:00
Imran Iqbal
0534c51390
test(system): add build_platform_codename [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/415
 2022-02-14 08:03:10 +00:00
Imran Iqbal
df3e7c8a21
ci: update linters to latest versions [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/414
 2022-02-12 23:17:43 +00:00
Imran Iqbal
3ebeee144d
chore(gemfile.lock): update to latest gem versions (2022-W06) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/412
 2022-02-07 17:25:10 +00:00
Imran Iqbal
7a88bb3e9b
ci(kitchen+gitlab): update for new pre-salted images [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/410
 2022-02-02 22:57:07 +00:00
Imran Iqbal
a74332c7c1
chore(gemfile.lock): update to latest gem versions (2022-W05) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/409
 2022-02-01 23:36:07 +00:00
noelmcloughlin
ebbb2d9f45
ci(gemfile): allow rubygems proxy to be provided as an env var [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/408
 2022-01-26 08:37:52 +00:00
Imran Iqbal
48e78c5894
chore(gemfile.lock): update to latest gem versions (2022-W04) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/407
 2022-01-25 14:08:40 +00:00
Imran Iqbal
c93752f869
chore(gemfile.lock): update to latest gem versions (2022-W03) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/405
 2022-01-17 19:44:50 +00:00
Imran Iqbal
2da1dc1f3c
chore(semantic-release): replace broken m2r with m2r2 [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/404
 2022-01-17 08:10:27 +00:00
Imran Iqbal
ea4b5157e6
chore(gemfile.lock): update to latest gem versions (2022-W02) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/398
 2022-01-11 09:32:46 +00:00
Imran Iqbal
c4547291ac
chore(gemfile.lock): update to latest gem versions (2022-W01) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/397
 2022-01-06 08:02:34 +00:00
Imran Iqbal
42224a2a14
chore(gemfile.lock): update to latest gem versions (2021-W52) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/396
 2021-12-28 21:01:10 +00:00
Imran Iqbal
012693a1e5
ci(vagrant): replace FreeBSD 12.2 with 12.3 [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/395
 2021-12-24 14:05:10 +00:00
Imran Iqbal
f7d2ec6e51
chore(gemfile.lock): update to latest gem versions (2021-W51) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/394
 2021-12-22 11:51:51 +00:00
Imran Iqbal
fe82ccc2be
chore(gemfile.lock): update to latest gem versions (2021-W50) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/391
 2021-12-14 15:17:06 +00:00
Imran Iqbal
b878239d27
chore(gemfile.lock): update to latest gem versions (2021-W49) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/388
 2021-12-06 08:17:09 +00:00
Imran Iqbal
b44e444fa6
chore(gemfile.lock): update to latest gem versions (2021-W47) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/386
 2021-11-23 11:39:37 +00:00
Imran Iqbal
77f47b17c3
ci(kitchen+ci): update with 3004 pre-salted images/boxes [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/385
 2021-11-23 10:28:48 +00:00
semantic-release-bot
4a46e038e5 chore(release): 1.2.2 [skip ci] 
## [1.2.2](https://github.com/saltstack-formulas/apache-formula/compare/v1.2.1...v1.2.2) (2021-10-28)

### Bug Fixes

* **redhat:** use correct vhostdir, sitesdir and logrotate script for redhat family ([#376](https://github.com/saltstack-formulas/apache-formula/issues/376)) ([c4b8538](c4b8538128))
 2021-10-28 08:47:42 +00:00
l00d3r
c4b8538128
fix(redhat): use correct vhostdir, sitesdir and logrotate script for redhat family (#376) 
* fix(redhat): use correct dirs for redhat family

Red hat family distributions do not implement sites-enabled nor vhosts.d
directories and all virtual hosts are under /etc/httpd/conf.d

Redhat based distros don't have /etc/init.d/httpd to rotate logs.
Default for them uses systemctl reload to rotate logs
 2021-10-28 09:35:24 +01:00
Imran Iqbal
ea777fd102
chore(gemfile.lock): update to latest gem versions (2021-W43) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/381
 2021-10-26 11:10:30 +01:00
Imran Iqbal
564971493d
chore(gemfile.lock): update to latest gem versions (2021-W42) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/380
 2021-10-23 21:06:07 +01:00
semantic-release-bot
86dc3b3d6f chore(release): 1.2.1 [skip ci] 
## [1.2.1](https://github.com/saltstack-formulas/apache-formula/compare/v1.2.0...v1.2.1) (2021-10-20)

### Bug Fixes

* **vhosts:** reset `cleanup` to previous and use dedicated `clean` SLS ([0c6c1d3](0c6c1d36e2))

### Continuous Integration

* **kitchen+ci:** update with latest CVE pre-salted images [skip ci] ([a3d49f1](a3d49f1852))
* test for upstream Salt regressions in `master` instances (2021-W37a) ([69dcfd9](69dcfd9c3b))

### Documentation

* **readme:** document vhosts clean/cleanup ([2d72dff](2d72dff82b)), closes [#372](https://github.com/saltstack-formulas/apache-formula/issues/372)
 2021-10-20 09:34:17 +00:00
Imran Iqbal
cde7c5b6db
Merge pull request #374 from Yoda-BZH/master 
docs(readme): document vhosts clean/cleanup
 2021-10-20 10:22:53 +01:00
Yoda-BZH
f35e7dc32c
Merge pull request #1 from Yoda-BZH/yodabzh-document-states-cleanup 
docs(readme): document vhosts clean/cleanup
 2021-10-20 11:16:43 +02:00
Yoda-BZH
2d72dff82b
docs(readme): document vhosts clean/cleanup 
Linked to #372

Properly document ``apache.config.vhosts.clean`` and ``apache.config.vhosts.cleanup``, and the differences between them.
 2021-10-20 11:15:54 +02:00
Imran Iqbal
ce4f4a72c3
Merge pull request #372 from myii/fix/reset-vhosts-cleanup-and-provide-separate-clean 
fix(vhosts): reset `cleanup` to previous and use dedicated `clean` SLS
 2021-10-20 10:14:41 +01:00
Imran Iqbal
0c6c1d36e2
fix(vhosts): reset cleanup to previous and use dedicated clean SLS 2021-10-20 09:55:32 +01:00
Imran Iqbal
35e9990a9a
chore(gemfile.lock): update to latest gem versions (2021-W41) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/378
 2021-10-15 19:04:49 +01:00
Imran Iqbal
ee77d27a4c
chore(gemfile.lock): update to latest gem versions (2021-W40) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/375
 2021-10-06 16:59:48 +01:00
Imran Iqbal
a3d49f1852
ci(kitchen+ci): update with latest CVE pre-salted images [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/374
 2021-10-05 11:05:24 +01:00
Imran Iqbal
a57d98f4fe
chore(pillar.example): reset after recent fixes [skip ci] 2021-09-30 08:10:59 +01:00
Imran Iqbal
da7cc0cead
chore(gemfile.lock): update to latest gem versions (2021-W39) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/370
 2021-09-30 07:07:31 +01:00
Imran Iqbal
16b281a5e9
chore(gemfile.lock): update to latest gem versions (2021-W38) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/369
 2021-09-21 11:54:39 +01:00
Imran Iqbal
79165a1f05
can't use clean in the same suite reliably (unless we find a proper way) 2021-09-14 20:55:29 +01:00
Imran Iqbal
86015dea62
final kitchen.yml before commenting out clean states 2021-09-14 20:55:05 +01:00
Imran Iqbal
9d3e62c3cc
all the fixes for clean states to work properly 2021-09-14 20:54:31 +01:00
Imran Iqbal
c4dce07476
got all pkg/config/service running (except those disabled in kitchen.yml) 2021-09-14 19:36:03 +01:00
Imran Iqbal
0222263c65
got basic apache state working 2021-09-14 19:19:09 +01:00
Imran Iqbal
1002efa909
second batch 2021-09-14 18:57:39 +01:00
Imran Iqbal
302db15f95
all suite in kitchen; initial "broken" states already commented out 2021-09-14 18:39:27 +01:00
Imran Iqbal
8682dff6dc
basic fixes 2021-09-14 18:31:28 +01:00
Imran Iqbal
9bbb008325
chore(gemfile.lock): update to latest gem versions (2021-W37) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/368
 2021-09-14 09:53:10 +01:00
Imran Iqbal
69dcfd9c3b
ci: test for upstream Salt regressions in master instances (2021-W37a) 
* Automated using https://github.com/myii/ssf-formula/pull/999
 2021-09-14 08:17:43 +01:00
Imran Iqbal
aff6dd2875
chore(gemfile.lock): update to latest gem versions (2021-W36) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/367
 2021-09-08 23:29:59 +01:00
Imran Iqbal
ee8c718cb7
chore(gemfile.lock): update to latest gem versions (2021-W35) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/364
 2021-08-30 18:05:21 +01:00
semantic-release-bot
0cbac9c7af chore(release): 1.2.0 [skip ci] 
# [1.2.0](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.8...v1.2.0) (2021-08-28)

### Bug Fixes

* **suse:** use correct vhostdir and sitesdir for suse family ([#369](https://github.com/saltstack-formulas/apache-formula/issues/369)) ([fe0ceb7](fe0ceb78b7)), closes [/documentation.suse.com/sles/15-SP3/html/SLES-all/cha-apache2.html#sec-apache2](https://github.com//documentation.suse.com/sles/15-SP3/html/SLES-all/cha-apache2.html/issues/sec-apache2)

### Continuous Integration

* **3003.1:** update inc. AlmaLinux, Rocky & `rst-lint` [skip ci] ([2e116ec](2e116ec412))
* **freebsd:** update with latest pre-salted Vagrant boxes [skip ci] ([d679580](d67958043d))
* **gemfile+lock:** use `ssf` customised `inspec` repo [skip ci] ([5dd7009](5dd700944b))
* **kitchen:** move `provisioner` block & update `run_command` [skip ci] ([0d1a6dc](0d1a6dc75d))
* **kitchen+ci:** update with latest `3003.2` pre-salted images [skip ci] ([d3641d7](d3641d7f0d))
* add Debian 11 Bullseye & update `yamllint` configuration [skip ci] ([7741b90](7741b90ff6))

### Features

* **alma+rocky:** add platforms (based on CentOS 8) [skip ci] ([4353e57](4353e57a1b))
 2021-08-28 23:25:45 +00:00
Fabian Niepelt
fe0ceb78b7
fix(suse): use correct vhostdir and sitesdir for suse family (#369) 
The Suse family of distributions does not implement the sites-available/sites-enabled
distinction and puts all vhosts into /etc/apache2/vhosts.d.

Sources:
- https://documentation.suse.com/sles/15-SP3/html/SLES-all/cha-apache2.html#sec-apache2-configuration-manually
- https://build.opensuse.org/package/view_file/openSUSE:Factory/apache2/apache2-httpd.conf?expand=1
 2021-08-29 00:18:10 +01:00
Imran Iqbal
e354631e4d
chore(gemfile.lock): update to latest gem versions (2021-W34) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/362
 2021-08-23 09:20:12 +01:00
Imran Iqbal
d3641d7f0d
ci(kitchen+ci): update with latest 3003.2 pre-salted images [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/360
 2021-08-19 10:07:56 +01:00
Imran Iqbal
4c2791db7a
chore(gemfile.lock): update to latest gem versions (2021-W33) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/359
 2021-08-16 18:20:12 +01:00
Imran Iqbal
b7c157288f
chore(gemfile.lock): update to latest gem versions (2021-W32) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/358
 2021-08-09 12:08:38 +01:00
Imran Iqbal
5dd700944b
ci(gemfile+lock): use ssf customised inspec repo [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/357
 2021-08-04 21:50:56 +01:00
Imran Iqbal
5cd8a05c06
chore(gemfile.lock): update to latest gem versions (2021-W31) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/356
 2021-08-04 21:33:23 +01:00
Imran Iqbal
7732095817
chore(gemfile.lock): update to latest gem versions (2021-W30) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/353
 2021-07-26 14:22:24 +01:00
Imran Iqbal
d67958043d
ci(freebsd): update with latest pre-salted Vagrant boxes [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/350
 2021-07-22 08:35:16 +01:00
Imran Iqbal
209f624405
chore(gemfile.lock): update to latest gem versions (2021-W29) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/349
 2021-07-21 18:25:48 +01:00
Imran Iqbal
7741b90ff6
ci: add Debian 11 Bullseye & update yamllint configuration [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/345
 2021-07-18 18:55:20 +01:00
Imran Iqbal
0d1a6dc75d
ci(kitchen): move provisioner block & update run_command [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/344
 2021-07-17 21:04:42 +01:00
Imran Iqbal
f51c0fd925
chore(gemfile+lock): update to latest gem versions (2021-W28) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/343
 2021-07-17 20:21:54 +01:00
Imran Iqbal
22b0e1b4cb
chore(deps): bump addressable from 2.7.0 to 2.8.0 [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/340
 2021-07-14 12:08:14 +01:00
Imran Iqbal
2e116ec412
ci(3003.1): update inc. AlmaLinux, Rocky & rst-lint [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/335
 2021-07-01 23:58:05 +01:00
Imran Iqbal
4353e57a1b
feat(alma+rocky): add platforms (based on CentOS 8) [skip ci] 2021-06-30 13:10:34 +01:00
semantic-release-bot
404f1d139c chore(release): 1.1.8 [skip ci] 
## [1.1.8](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.7...v1.1.8) (2021-06-28)

### Bug Fixes

* **register_site:** correct semicolon to colon ([4cf848d](4cf848da05))

### Continuous Integration

* **gitlab-ci:** ignore line to avoid `yamllint` violation [skip ci] ([a742f4e](a742f4ee00))
* **gitlab-ci:** use `pandoc`-enabled `semantic-release` image [skip ci] ([3bf9c6e](3bf9c6e6a9))
* **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] ([10ce382](10ce3822dd))
* **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] ([57e9873](57e9873624))
 2021-06-28 22:07:57 +00:00
Imran Iqbal
6170f318b4
Merge pull request #307 from mariusvw/hotfix/semicolon-correction 
Correct semicolon to colon
 2021-06-28 23:00:37 +01:00
Marius van Witzenburg
4cf848da05
fix(register_site): correct semicolon to colon 2021-06-28 14:01:10 +02:00
Imran Iqbal
3bf9c6e6a9
ci(gitlab-ci): use pandoc-enabled semantic-release image [skip ci] 2021-06-21 20:39:48 +01:00
Imran Iqbal
3d0438ce6c
Merge branch '20210621203551' into upstream 2021-06-21 20:35:55 +01:00
Imran Iqbal
10ce3822dd
ci(kitchen+gitlab): remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/331
 2021-06-21 20:35:54 +01:00
Imran Iqbal
57e9873624
ci(kitchen+gitlab): remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/331
 2021-06-21 20:34:39 +01:00
Imran Iqbal
2248a53ba8
chore(pre-commit): use info report level for rstcheck [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/325
 2021-05-20 14:03:13 +01:00
Imran Iqbal
a742f4ee00
ci(gitlab-ci): ignore line to avoid yamllint violation [skip ci] 2021-05-14 15:56:21 +01:00
semantic-release-bot
858abffd38 chore(release): 1.1.7 [skip ci] 
## [1.1.7](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.6...v1.1.7) (2021-05-14)

### Bug Fixes

* **mod_pagespeed:** add missing colon to `file.directory` ([a8b87a5](a8b87a583e))

### Continuous Integration

* add `arch-master` to matrix and update `.travis.yml` [skip ci] ([069388b](069388be3a))
 2021-05-14 14:47:42 +00:00
Tom Peperkamp
a8b87a583e
fix(mod_pagespeed): add missing colon to file.directory 
Fix yaml syntax error.
 2021-05-14 15:27:26 +01:00
Imran Iqbal
069388be3a
ci: add arch-master to matrix and update .travis.yml [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/323
 2021-05-09 22:23:59 +01:00
semantic-release-bot
c963688c83 chore(release): 1.1.6 [skip ci] 
## [1.1.6](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.5...v1.1.6) (2021-05-08)

### Documentation

* **changelog:** regenerate via. `semantic-release` ([de8c82c](de8c82c753))
 2021-05-08 19:55:07 +00:00
Imran Iqbal
de8c82c753
docs(changelog): regenerate via. semantic-release 2021-05-08 20:50:13 +01:00
semantic-release-bot
f69a9a6e2e chore(release): 2.0.3 [skip ci] 
## [2.0.3](https://github.com/saltstack-formulas/apache-formula/compare/v2.0.2...v2.0.3) (2021-05-08)

### Documentation

* **changelog:** regenerate via. `semantic-release` ([198d525](198d525a6a))
 2021-05-08 19:19:34 +00:00
Imran Iqbal
198d525a6a
docs(changelog): regenerate via. semantic-release 2021-05-08 20:16:01 +01:00
semantic-release-bot
250e656d03 chore(release): 2.0.2 [skip ci] 
## [2.0.2](https://github.com/saltstack-formulas/apache-formula/compare/v2.0.1...v2.0.2) (2021-05-08)

### Continuous Integration

* **gitlab-ci:** remove adjustments made during Antora test [skip ci] ([0c7082f](0c7082f8d9))

### Documentation

* **changelog:** regenerate via. `semantic-release` ([e1f1fa7](e1f1fa7d8f))
* **changelog:** regenerate via. `semantic-release` ([a1be1d2](a1be1d21dc))
* **changelog:** regenerate via. `semantic-release` ([56efd35](56efd35f85))
 2021-05-08 19:04:18 +00:00
Imran Iqbal
e1f1fa7d8f
docs(changelog): regenerate via. semantic-release 2021-05-08 20:02:02 +01:00
semantic-release-bot
eccad5788a chore(release): 2.0.2 [skip ci] 
## [2.0.2](https://github.com/saltstack-formulas/apache-formula/compare/v2.0.1...v2.0.2) (2021-05-08)

### Continuous Integration

* **gitlab-ci:** remove adjustments made during Antora test [skip ci] ([0c7082f](0c7082f8d9))

### Documentation

* **changelog:** regenerate via. `semantic-release` ([a1be1d2](a1be1d21dc))
* **changelog:** regenerate via. `semantic-release` ([56efd35](56efd35f85))
 2021-05-08 18:59:11 +00:00
Imran Iqbal
a1be1d21dc
docs(changelog): regenerate via. semantic-release 2021-05-08 19:53:47 +01:00
semantic-release-bot
7ea3b22d9d chore(release): 2.0.2 [skip ci] 
## [2.0.2](https://github.com/saltstack-formulas/apache-formula/compare/v2.0.1...v2.0.2) (2021-05-08)

### Continuous Integration

* **gitlab-ci:** remove adjustments made during Antora test [skip ci] ([0c7082f](0c7082f8d9))

### Documentation

* **changelog:** regenerate via. `semantic-release` ([56efd35](56efd35f85))
 2021-05-08 18:48:33 +00:00
Imran Iqbal
56efd35f85
docs(changelog): regenerate via. semantic-release 2021-05-08 19:45:48 +01:00
Imran Iqbal
0c7082f8d9
ci(gitlab-ci): remove adjustments made during Antora test [skip ci] 
This reverts commit 12c0a0f1b209b6666f5b0919a16149e46471b34c.
 2021-05-08 19:39:21 +01:00
semantic-release-bot
36530d71cd chore(release): 2.0.1 [skip ci] 
## [2.0.1](https://github.com/saltstack-formulas/apache-formula/compare/v2.0.0...v2.0.1) (2021-05-08)

### Continuous Integration

* **antora:** convert `.rst` files to `.adoc` during `semantic-release` ([9cf428a](9cf428ab49))
* **gitlab-ci:** make adjustments to test Antora more efficiently ([12c0a0f](12c0a0f1b2))

### Documentation

* **readme:** remove unused Sphinx `readme` anchor ([155cd69](155cd69d6b))
 2021-05-08 18:32:11 +00:00
Imran Iqbal
155cd69d6b
docs(readme): remove unused Sphinx readme anchor 2021-05-08 19:30:13 +01:00
Imran Iqbal
9cf428ab49
ci(antora): convert .rst files to .adoc during semantic-release 2021-05-08 19:30:13 +01:00
Imran Iqbal
12c0a0f1b2
ci(gitlab-ci): make adjustments to test Antora more efficiently 2021-05-08 19:30:12 +01:00
Imran Iqbal
8f7591190a
ci(gitlab-ci): use semantic-release-pandoc image 2021-05-08 18:42:52 +01:00
Imran Iqbal
c5f2caec20
docs(antora): add basic structure [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/999
 2021-05-05 19:42:12 +01:00
Imran Iqbal
0c518f9c7d
docs(readme): fix code block under Requirements section [skip ci] 2021-05-04 19:22:05 +01:00
semantic-release-bot
a94a703c95 chore(release): 1.1.3 [skip ci] 
## [1.1.3](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.2...v1.1.3) (2021-04-30)

### Bug Fixes

* **config/vhosts/standard:** remove erroneous trailing colon ([dedb9e2](dedb9e2f40)), closes [#302](https://github.com/saltstack-formulas/apache-formula/issues/302)

### Continuous Integration

* **kitchen+gitlab:** adjust matrix to add `3003` [skip ci] ([3c21740](3c21740ba5))
* **vagrant:** add FreeBSD 13.0 [skip ci] ([298fdf4](298fdf4fb5))
* **vagrant:** use pre-salted boxes & conditional local settings [skip ci] ([f354ace](f354ace8e7))
 2021-04-30 16:12:06 +00:00
Imran Iqbal
42bd3cbd00
Merge pull request #303 from myii/bug/fix-issue-302 
fix(config/vhosts/standard): remove erroneous trailing colon
 2021-04-30 17:04:22 +01:00
Imran Iqbal
dedb9e2f40
fix(config/vhosts/standard): remove erroneous trailing colon 
Fixes #302.
 2021-04-30 16:38:42 +01:00
Imran Iqbal
3c21740ba5
ci(kitchen+gitlab): adjust matrix to add 3003 [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/318
 2021-04-23 08:41:59 +01:00
Imran Iqbal
298fdf4fb5
ci(vagrant): add FreeBSD 13.0 [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/316
 2021-04-20 00:20:27 +01:00
Imran Iqbal
f354ace8e7
ci(vagrant): use pre-salted boxes & conditional local settings [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/311
 2021-04-05 18:53:39 +01:00
Imran Iqbal
c8ac6a89b9
chore: update CODEOWNERS & .yamllint re: kitchen-vagrant [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/310
 2021-04-05 18:14:32 +01:00
semantic-release-bot
18850c5f44 chore(release): 1.1.2 [skip ci] 
## [1.1.2](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.1...v1.1.2) (2021-04-03)

### Bug Fixes

* **freebsd:** fix `default` suite implementation and tests ([0a0f69e](0a0f69ee2f))
* **freebsd:** fix `modsecurity` suite implementation and tests ([bc9aa78](bc9aa78437))

### Continuous Integration

* enable Vagrant-based testing using GitHub Actions ([6e094e2](6e094e2527))
* **gemfile+lock:** use `ssf` customised `kitchen-docker` repo [skip ci] ([53ac463](53ac4638f3))
* **gitlab-ci:** reset after update hook for `rubocop` [skip ci] ([6d40ab7](6d40ab7634))
* **kitchen+ci:** use latest pre-salted images (after CVE) [skip ci] ([69e9d30](69e9d304fb))
* **kitchen+gitlab-ci:** use latest pre-salted images [skip ci] ([21cb59d](21cb59daa2))
* **pre-commit:** update hook for `rubocop` ([2c090c3](2c090c3a83))

### Documentation

* **readme:** add `Testing with Vagrant` section ([5a6b203](5a6b203bb1))

### Tests

* standardise use of `share` suite & `_mapdata` state [skip ci] ([e7c2d20](e7c2d20f06))
* **nomodsecurity:** use adjusted `modules` suite instead ([838b917](838b917221))
 2021-04-03 22:50:52 +00:00
Imran Iqbal
0df537a2da
Merge pull request #301 from myii/ci/add-freebsd-vagrant-in-github-actions 
ci: enable Vagrant-based testing using GitHub Actions
 2021-04-03 23:29:09 +01:00
Imran Iqbal
5a6b203bb1
docs(readme): add Testing with Vagrant section 2021-04-03 23:07:45 +01:00
Imran Iqbal
6e094e2527
ci: enable Vagrant-based testing using GitHub Actions 
* Semi-automated using https://github.com/myii/ssf-formula/pull/309
 2021-04-03 23:01:50 +01:00
Imran Iqbal
bc9aa78437
fix(freebsd): fix modsecurity suite implementation and tests 2021-04-03 23:01:44 +01:00
Imran Iqbal
0a0f69ee2f
fix(freebsd): fix default suite implementation and tests 2021-04-03 23:01:21 +01:00
Imran Iqbal
e7c2d20f06
test: standardise use of share suite & _mapdata state [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/302
 2021-03-23 21:23:32 +00:00
Imran Iqbal
69e9d304fb
ci(kitchen+ci): use latest pre-salted images (after CVE) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/299
 2021-03-07 22:14:18 +00:00
Imran Iqbal
955ed1fba3
chore(yamllint): add .git/ to ignores [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/297
 2021-03-05 18:28:17 +00:00
Daniel Dehennin
edb2558faa
chore(rubocop): allow use of YAML.load for _mapdata.rb [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/296
 2021-02-23 21:43:08 +00:00
Dafydd Jones
ee180fbec7
chore(shellcheck): switch hook for shellcheck [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/295
 2021-02-21 08:25:53 +00:00
Imran Iqbal
53ac4638f3
ci(gemfile+lock): use ssf customised kitchen-docker repo [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/294
 2021-02-17 13:45:51 +00:00
Imran Iqbal
21cb59daa2
ci(kitchen+gitlab-ci): use latest pre-salted images [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/293
 2021-02-13 22:25:31 +00:00
Imran Iqbal
838b917221
test(nomodsecurity): use adjusted modules suite instead 2021-02-13 16:35:56 +00:00
Imran Iqbal
f35054dd82
chore: standardise structure (.gitignore & _mapdata.rb) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/292
 2021-02-11 11:44:53 +00:00
Imran Iqbal
6d40ab7634
ci(gitlab-ci): reset after update hook for rubocop [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/290
 2021-02-01 23:56:16 +00:00
Imran Iqbal
2c090c3a83
ci(pre-commit): update hook for rubocop 
* Automated using https://github.com/myii/ssf-formula/pull/290
 2021-02-01 22:20:23 +00:00
Marius van Witzenburg
22c647eb5c
feature(trust): improved remote ip internal proxy support (#300) 
* feat(trusted_proxy): Add support for RemoteIPInternalProxy

* fix(syntax): add semicolon
 2021-01-08 11:33:46 +00:00
semantic-release-bot
6c529330e6 chore(release): 1.1.1 [skip ci] 
## [1.1.1](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.0...v1.1.1) (2021-01-04)

### Bug Fixes

* **memory:** pass variable not dict ([2830081](28300814fc))

### Continuous Integration

* **commitlint:** ensure `upstream/master` uses main repo URL [skip ci] ([0145922](0145922b52))
* **gitlab-ci:** add `rubocop` linter (with `allow_failure`) [skip ci] ([bbf012b](bbf012b82e))
* **gitlab-ci:** use GitLab CI as Travis CI replacement ([26208c4](26208c47c6))
 2021-01-04 22:57:35 +00:00
sticky-note
c792cc24d5
Merge pull request #299 from noelmcloughlin/fixit 
fix(memory): pass variable not dict
 2021-01-05 09:49:28 +11:00
Imran Iqbal
0145922b52
ci(commitlint): ensure upstream/master uses main repo URL [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/278
 2020-12-20 18:41:44 +00:00
Imran Iqbal
bbf012b82e
ci(gitlab-ci): add rubocop linter (with allow_failure) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/277
 2020-12-19 14:24:21 +00:00
Imran Iqbal
26208c47c6
ci(gitlab-ci): use GitLab CI as Travis CI replacement 
* Automated using https://github.com/myii/ssf-formula/pull/275
 2020-12-16 06:18:12 +00:00
noelmcloughlin
28300814fc fix(memory): pass variable not dict 2020-12-08 20:46:27 +00:00
N
0e93df3e1e
Merge pull request #298 from bawuenet/master 
Do not pass full apache context to vhost templates.
 2020-12-08 20:25:35 +00:00
Andreas Thienemann
1f488b6af3 Do not pass full apache context to vhost templates. 
The full apache context variable can grow quite large if using multiple
vhosts with SSL certificates.
With 200 sites the apache variable is being rendered 200 times which resuls
in observed renderer output of about 950MB...

state.apply will result with MemoryErrors in such cases.

This PR modifies the templating code to _only_ use a per site context
and pass a trimmed down copy of the apache context instead of the full.

Drive-By: Correct indentation for context variables.
Drive-By: Remove duplicate map/apache functionality. Only use map.
 2020-12-08 21:13:07 +01:00
Imran Iqbal
e2e1be18e0
chore(gemfile+lock): update to latest gem versions (2020-W44) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/274
 2020-10-26 22:44:39 +00:00
Imran Iqbal
a9509bd56b
chore(gemfile+lock): update to latest gem versions (2020-W43) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/273
 2020-10-20 10:13:26 +01:00
semantic-release-bot
b3a7e0b0e6 chore(release): 1.1.0 [skip ci] 
# [1.1.0](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.5...v1.1.0) (2020-10-14)

### Bug Fixes

* **ssl.conf:** fix pillar keys for SSLStapling in ssl.conf on debian ([65043f8](65043f8a61))

### Code Refactoring

* **ssl.conf:** reduce newlines in ssl.conf on debian ([b99b7b7](b99b7b71ad))
* **vhosts:** reduce empty lines in standard.tmpl and proxy.tmpl ([4b79c1d](4b79c1dddb))

### Features

* **ssl.conf:** add SSLSessionTickets to ssl.conf on debian ([41a7a83](41a7a83af0))
 2020-10-14 23:55:22 +00:00
N
eef745c232
Merge pull request #292 from SuperTux88/fix-ssl-conf 
Refactor ssl.conf for debian
 2020-10-15 00:29:56 +01:00
N
c2c3b7c848
Merge pull request #293 from SuperTux88/refactor-vhosts-template 
refactor(vhosts): reduce empty lines in standard.tmpl and proxy.tmpl
 2020-10-15 00:22:37 +01:00
Benjamin Neff
4b79c1dddb
refactor(vhosts): reduce empty lines in standard.tmpl and proxy.tmpl 2020-10-15 00:29:27 +02:00
Benjamin Neff
41a7a83af0
feat(ssl.conf): add SSLSessionTickets to ssl.conf on debian 2020-10-14 22:09:37 +02:00
Benjamin Neff
65043f8a61
fix(ssl.conf): fix pillar keys for SSLStapling in ssl.conf on debian 2020-10-14 22:05:41 +02:00
Benjamin Neff
b99b7b71ad
refactor(ssl.conf): reduce newlines in ssl.conf on debian 2020-10-14 22:04:01 +02:00
semantic-release-bot
50fe24d9f0 chore(release): 1.0.5 [skip ci] 
## [1.0.5](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.4...v1.0.5) (2020-10-14)

### Bug Fixes

* **clean:** remove entire apache config directory ([cac5f35](cac5f357a4))

### Code Refactoring

* **package:** remove unnecessary state ([fb81d8e](fb81d8e694))

### Documentation

* **readme:** add mod watchdog to pillar example ([e0043dd](e0043dd7ba))
 2020-10-14 19:54:53 +00:00
N
ef06f5c518
Merge pull request #286 from noelmcloughlin/clean 
fix(clean): remove entire apache config directory
 2020-10-14 20:42:27 +01:00
N
2e10c8a11b
Merge pull request #287 from noelmcloughlin/nochange 
fix(package): avoid unnecessary state change
 2020-10-14 20:41:50 +01:00
noelmcloughlin
cac5f357a4 fix(clean): remove entire apache config directory 2020-10-14 20:08:53 +01:00
noelmcloughlin
fb81d8e694 refactor(package): remove unnecessary state 2020-10-14 20:04:19 +01:00
semantic-release-bot
91f1460ded chore(release): 1.0.4 [skip ci] 
## [1.0.4](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.3...v1.0.4) (2020-10-14)

### Bug Fixes

* **debian:** don't execute a2enmod on every run ([5844322](5844322de4))
* **debian:** fix default moddir on debian ([c17601e](c17601ee42))
* **logs:** don't change owners of logfiles with salt ([382e053](382e053c58))
* **vhosts:** replace %O with %b in default LogFormat ([2b52e11](2b52e11a8a))

### Tests

* **pillar:** remove modules that aren't installed from being enabled ([47ec5fc](47ec5fcc34))
 2020-10-14 10:59:27 +00:00
N
9a385b4fcd
Merge pull request #290 from SuperTux88/fix-modules-enable 
Fix modules enable
 2020-10-14 11:44:05 +01:00
N
335f7282a9
Merge pull request #291 from SuperTux88/dont-change-logs 
fix(logs): don't change owners of logfiles with salt
 2020-10-14 11:42:45 +01:00
Benjamin Neff
382e053c58
fix(logs): don't change owners of logfiles with salt 
The logs are created by apache or logrotate, but salt shouldn't change
permissions of existing logfiles everytime it runs.
 2020-10-14 03:43:06 +02:00
Benjamin Neff
2b52e11a8a
fix(vhosts): replace %O with %b in default LogFormat 
%O needs mod_logio, which isn't enabled by default everywhere, so it
also shouldn't be used as default fallback LogFormat.
 2020-10-14 02:57:00 +02:00
Benjamin Neff
47ec5fcc34
test(pillar): remove modules that aren't installed from being enabled 2020-10-14 02:03:32 +02:00
Benjamin Neff
5844322de4
fix(debian): don't execute a2enmod on every run 2020-10-14 00:49:20 +02:00
Benjamin Neff
c17601ee42
fix(debian): fix default moddir on debian 2020-10-13 23:56:20 +02:00
semantic-release-bot
22b09abb4b chore(release): 1.0.3 [skip ci] 
## [1.0.3](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.2...v1.0.3) (2020-10-13)

### Bug Fixes

* **config:** fix old apache.service usage ([32f05e5](32f05e5a66))
 2020-10-13 07:52:01 +00:00
N
b200780d4c
Merge pull request #289 from SuperTux88/fix-service-name 
fix(config): fix old apache.service usage
 2020-10-13 08:41:40 +01:00
Benjamin Neff
32f05e5a66
fix(config): fix old apache.service usage 2020-10-13 02:42:52 +02:00
semantic-release-bot
c5fffd2c78 chore(release): 1.0.2 [skip ci] 
## [1.0.2](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.1...v1.0.2) (2020-10-12)

### Bug Fixes

* **package:** remove own_default_vhost and debian_full from config.init ([7691b58](7691b589d7))
* **package:** remove own_default_vhost and debian_full from config.init ([441459e](441459e56f))
 2020-10-12 08:07:54 +00:00
N
45308ffbf8
Merge pull request #288 from gaetanars/master 
Remove own_default_vhost and debian_full from config.init.
 2020-10-12 08:57:26 +01:00
Gaëtan Ars
7691b589d7 fix(package): remove own_default_vhost and debian_full from config.init 2020-10-12 08:58:59 +02:00
Gaëtan Ars
441459e56f fix(package): remove own_default_vhost and debian_full from config.init 2020-10-12 08:57:48 +02:00
Gaëtan
f465b85d67 Remove own_default_vhost and debian_full from config.init. 2020-10-12 08:31:29 +02:00
semantic-release-bot
8c93110a60 chore(release): 1.0.1 [skip ci] 
## [1.0.1](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.0...v1.0.1) (2020-10-10)

### Continuous Integration

* **pre-commit:** finalise `rstcheck` configuration [skip ci] ([1c2125c](1c2125c251))

### Documentation

* **example:** document redirect 80->443 fix [#226](https://github.com/saltstack-formulas/apache-formula/issues/226) ([e15803b](e15803b4b1))
* **readme:** fix `rstcheck` violation [skip ci] ([2747e35](2747e35ce1)), closes [/travis-ci.org/github/myii/apache-formula/builds/731605038#L255](https://github.com//travis-ci.org/github/myii/apache-formula/builds/731605038/issues/L255)
 2020-10-10 16:06:06 +00:00
N
3830ba436f
Merge pull request #284 from noelmcloughlin/docs 
docs(example): document redirect 80->443 fix #226
 2020-10-10 16:54:46 +01:00
noelmcloughlin
e0043dd7ba docs(readme): add mod watchdog to pillar example 2020-10-10 16:32:09 +01:00
Imran Iqbal
1c2125c251
ci(pre-commit): finalise rstcheck configuration [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/267
 2020-10-10 06:42:53 +01:00
Imran Iqbal
2747e35ce1
docs(readme): fix rstcheck violation [skip ci] 
https://travis-ci.org/github/myii/apache-formula/builds/731605038#L255

```
docs/README.rst:151: (ERROR/3) Unknown target name: "apache mod_security2 waf`<http://modsecurity.org/>".
```
 2020-10-10 00:41:02 +01:00
Dafydd Jones
602dd57896
chore(commitlint): add {body,footer,header}-max(-line)-length [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/265
 2020-10-07 09:01:00 +01:00
Imran Iqbal
cecf1d9810
chore(gemfile+lock): update to latest gem versions (2020-W41) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/263
 2020-10-06 23:58:32 +01:00
Imran Iqbal
7dc0ece4f5
chore: standardise structure [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/264
 2020-10-06 23:26:09 +01:00
noelmcloughlin
e15803b4b1 docs(example): document redirect 80->443 fix #226 2020-10-05 19:30:26 +01:00
semantic-release-bot
5ef7662176 chore(release): 1.0.0 [skip ci] 
# [1.0.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.41.1...v1.0.0) (2020-10-05)

### Code Refactoring

* **formula:** align to template-formula & improve ci features ([47818fc](47818fc360))

### Continuous Integration

* **pre-commit:** add to formula [skip ci] ([5532ed7](5532ed7a5b))
* **pre-commit:** enable/disable `rstcheck` as relevant [skip ci] ([233111a](233111af11))

### BREAKING CHANGES

* **formula:** 'apache.sls' converted to new style 'init.ssl'
* **formula:** "logrotate.sls" became "config/logrotate.sls"
* **formula:** "debian_full.sls" became "config/debian_full.sls"
* **formula:** "flags.sls" became "config/flags.sls"
* **formula:** "manage_security" became "config/manage_security.sls"
* **formula:** "mod_*.sls" became "config/mod_*.sls"
* **formula:** "no_default_host.sls" became "config/no_default_host.sls"
* **formula:** "own_default_host.sls" became "config/own_default_host.sls"
* **formula:** "register_site.sls" became "config/register_site.sls"
* **formula:** "server_status.sls" became "config/server_status.sls"
* **formula:** "vhosts/" became "config/vhosts/"
* **formula:** "mod_security/" became "config/mod_security/"

NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls'
NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls'
 2020-10-05 14:15:41 +00:00
N
90432892d3
Merge pull request #283 from noelmcloughlin/refactor 
refactor(formula): align to template-formula & improve ci
 2020-10-05 15:04:15 +01:00
noelmcloughlin
47818fc360 refactor(formula): align to template-formula & improve ci features 
FEATURE: Archlinux support
FEATURE: Windows support
FEATURE: Enhanced CI/CD
FEATURE: modular states

BREAKING CHANGE: 'apache.sls' converted to new style 'init.ssl'
BREAKING CHANGE: "logrotate.sls" became "config/logrotate.sls"
BREAKING CHANGE: "debian_full.sls" became "config/debian_full.sls"
BREAKING CHANGE: "flags.sls" became "config/flags.sls"
BREAKING CHANGE: "manage_security" became "config/manage_security.sls"
BREAKING CHANGE: "mod_*.sls" became "config/mod_*.sls"
BREAKING CHANGE: "no_default_host.sls" became "config/no_default_host.sls"
BREAKING CHANGE: "own_default_host.sls" became "config/own_default_host.sls"
BREAKING CHANGE: "register_site.sls" became "config/register_site.sls"
BREAKING CHANGE: "server_status.sls" became "config/server_status.sls"
BREAKING CHANGE: "vhosts/" became "config/vhosts/"
BREAKING CHANGE: "mod_security/" became "config/mod_security/"

NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls'
NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls'
 2020-10-05 14:24:15 +01:00
Imran Iqbal
233111af11
ci(pre-commit): enable/disable rstcheck as relevant [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/262
 2020-10-05 00:13:55 +01:00
Dafydd Jones
5532ed7a5b
ci(pre-commit): add to formula [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/259
 2020-10-03 10:17:10 +01:00
semantic-release-bot
fa93df9f4b chore(release): 0.41.1 [skip ci] 
## [0.41.1](https://github.com/saltstack-formulas/apache-formula/compare/v0.41.0...v0.41.1) (2020-07-20)

### Bug Fixes

* **server-status:** enable module in Debian family ([632802a](632802a5a9))
* **server-status:** manage module in debian ([eafa419](eafa4196d9))

### Tests

* **default+modules:** add modules' tests suite ([b253625](b25362535a))
 2020-07-20 09:06:07 +00:00
Imran Iqbal
cb47ee30bf
Merge pull request #280 from netmanagers/master 
fix(server-status): enable module in debian if `server_status_require…
 2020-07-20 09:59:04 +01:00
Javier Bértoli
632802a5a9 fix(server-status): enable module in Debian family 2020-07-19 09:26:39 -03:00
Javier Bértoli
b25362535a test(default+modules): add modules' tests suite 2020-07-18 13:23:58 -03:00
Javier Bértoli
eafa4196d9 fix(server-status): manage module in debian 2020-07-18 07:28:58 -03:00
semantic-release-bot
3adbbcbe0c chore(release): 0.41.0 [skip ci] 
# [0.41.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.40.0...v0.41.0) (2020-07-16)

### Features

* **vhosts/standard:** add support for ScriptAlias in standard vhost ([b88b437](b88b437308))
 2020-07-16 19:09:25 +00:00
Imran Iqbal
5a186de875
Merge pull request #282 from bawuenet/script_alias 
feat: Add support for ScriptAlias in standard vhost
 2020-07-16 20:01:05 +01:00
semantic-release-bot
0b61124520 chore(release): 0.40.0 [skip ci] 
# [0.40.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.5...v0.40.0) (2020-07-16)

### Features

* **redhat/apache-2.x.config.jinja:** allow override of default_charset ([648f589](648f589cc3))
 2020-07-16 18:52:51 +00:00
Andreas Thienemann
b88b437308 feat(vhosts/standard): add support for ScriptAlias in standard vhost 
The standard vhost currently handles a regular Alias configuration
statement, but not the related ScriptAlias.
Add this.
 2020-07-16 20:52:22 +02:00
Andreas Thienemann
648f589cc3
feat(redhat/apache-2.x.config.jinja): allow override of default_charset 
The current Red Hat config allows to set DefaultCharset to a value.
In certain situations it is necessary to leave it unconfigured thouguh.

Make the content optional, if the value of apache.default_charset is None,
the item is skipped. Otherwise it defaults to UTF-8.
 2020-07-16 19:43:54 +01:00
Imran Iqbal
78bd21ad62 chore(gemfile.lock): update to latest gem versions (2020-W27) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/235
 2020-07-06 14:22:14 +01:00
Imran Iqbal
a61e818af2 chore(gemfile.lock): update to latest gem versions (2020-W26) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/233
 2020-06-26 12:39:07 +01:00
semantic-release-bot
6cd65b4523 chore(release): 0.39.5 [skip ci] 
## [0.39.5](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.4...v0.39.5) (2020-06-21)

### Bug Fixes

* **vhosts/cleanup:** check `sites-enabled` dir exists before listing it ([88373e3](88373e38f5)), closes [#278](https://github.com/saltstack-formulas/apache-formula/issues/278)

### Continuous Integration

* **gemfile.lock:** add to repo with updated `Gemfile` [skip ci] ([61b903e](61b903e780))
* **kitchen:** use `saltimages` Docker Hub where available [skip ci] ([6895fb9](6895fb9764))
* **kitchen+travis:** remove `master-py2-arch-base-latest` [skip ci] ([16bb1b0](16bb1b06e3))
* **travis:** add notifications => zulip [skip ci] ([2417a75](2417a75fe2))
* **workflows/commitlint:** add to repo [skip ci] ([2ce966d](2ce966d031))
 2020-06-21 22:45:16 +00:00
Yoda-BZH
88373e38f5
fix(vhosts/cleanup): check sites-enabled dir exists before listing it 
Co-authored-by: Tristan Charbonneau <tcharbonneau@oceanet-technology.com>

Fix #278
 2020-06-21 23:37:12 +01:00
Imran Iqbal
7dacabcd67 chore(gemfile.lock): update to latest gem versions (2020-W25) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/229
 2020-06-21 12:51:09 +01:00
Imran Iqbal
6895fb9764 ci(kitchen): use saltimages Docker Hub where available [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/223
 2020-06-15 16:47:27 +01:00
Imran Iqbal
9736121f3b chore(gemfile.lock): update to latest gem versions [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/222
 2020-06-15 14:58:02 +01:00
Imran Iqbal
aeacb11a2e chore(gemfile.lock): update to latest gem versions [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/221
 2020-06-05 22:08:40 +01:00
Imran Iqbal
587e2cc315 chore(gemfile.lock): update to latest gem versions 
* Automated using https://github.com/myii/ssf-formula/pull/202
 2020-05-28 00:13:30 +01:00
Imran Iqbal
2417a75fe2 ci(travis): add notifications => zulip [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/191
 2020-05-21 19:59:27 +01:00
Imran Iqbal
6e630d145a chore(codeowners): update semantic-release related files [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/174
 2020-05-04 23:11:25 +01:00
Imran Iqbal
38952f09a3 chore(codeowners): add to repo [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/173
 2020-05-04 22:39:08 +01:00
Imran Iqbal
2ce966d031 ci(workflows/commitlint): add to repo [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/172
 2020-05-04 09:25:20 +01:00
Imran Iqbal
16bb1b06e3 ci(kitchen+travis): remove master-py2-arch-base-latest [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/167
 2020-05-02 04:23:10 +01:00
Imran Iqbal
61b903e780 ci(gemfile.lock): add to repo with updated Gemfile [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/163
 2020-04-21 21:35:31 +01:00
Imran Iqbal
54e3bd95af chore(rubocop): use org-wide standard settings for Metrics/BlockLength [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/158
 2020-04-18 13:27:32 +01:00
semantic-release-bot
c5a1b56714 chore(release): 0.39.4 [skip ci] 
## [0.39.4](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.3...v0.39.4) (2020-04-02)

### Bug Fixes

* **mod_ssl:** update mod_ssl package variable to prevent clashes ([5591be2](5591be26fd))
 2020-04-02 16:36:33 +00:00
Andreas Thienemann
5591be26fd
fix(mod_ssl): update mod_ssl package variable to prevent clashes 
The mod_ssl package name could be overridden in apache:lookup:mod_ssl.
Due to the way lookup keys are merged into the main apache dictionary,
the package name clashed with the mod_ssl configuration defined under
apache:mod_ssl.

Fix that by renaming the mod_ssl package variable to mod_ssl_pkg.

Drive-By: Add mod_ssl_pkg to the pillar.example file.
 2020-04-02 17:29:06 +01:00
semantic-release-bot
01d7f656bc chore(release): 0.39.3 [skip ci] 
## [0.39.3](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.2...v0.39.3) (2020-04-02)

### Bug Fixes

* **debian:** generate remoteip conf before a2enconf ([1ed69f6](1ed69f6c6f))

### Continuous Integration

* **kitchen:** avoid using bootstrap for `master` instances [skip ci] ([275b5d5](275b5d5e69))
* **travis:** use `major.minor` for `semantic-release` version [skip ci] ([08cced2](08cced2913))
 2020-04-02 16:22:18 +00:00
Imran Iqbal
e7f90a6c8c
Merge pull request #276 from scambra/patch-1 
generate remoteip conf before a2enconf
 2020-04-02 17:14:23 +01:00
Imran Iqbal
72eadc7da1 chore(gitignore): update from the template-formula [skip ci] 
* Checked using https://github.com/myii/ssf-formula/pull/132
 2020-02-14 22:24:29 +00:00
Imran Iqbal
9e5b575318 chore(rubocop): move LineLength cop from Metrics to Layout [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/129
 2020-02-14 12:47:25 +00:00
Imran Iqbal
275b5d5e69 ci(kitchen): avoid using bootstrap for master instances [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/124
 2020-02-05 13:57:56 +00:00
Sergio Cambra
1ed69f6c6f fix(debian): generate remoteip conf before a2enconf 2020-01-27 22:43:05 +01:00
Imran Iqbal
08cced2913 ci(travis): use major.minor for semantic-release version [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/112
 2019-12-22 00:47:33 +00:00
semantic-release-bot
18ac07b36d chore(release): 0.39.2 [skip ci] 
## [0.39.2](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.1...v0.39.2) (2019-12-20)

### Bug Fixes

* **redhat:** add user & group lookup to configs ([36ad2b2](36ad2b2442))
 2019-12-20 17:46:25 +00:00
Chris Horne
36ad2b2442 fix(redhat): add user & group lookup to configs 2019-12-20 17:38:01 +00:00
semantic-release-bot
ada208f9bc chore(release): 0.39.1 [skip ci] 
## [0.39.1](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.0...v0.39.1) (2019-12-20)

### Bug Fixes

* **mod_mpm:** cast to int to avoid Jinja type mismatch error ([21045c7](21045c7a7b))
 2019-12-20 16:59:57 +00:00
Imran Iqbal
e5579930e7
Merge pull request #272 from dimitry-unified-streaming/fix-mpm_prefork-jinja 
fix(mod_mpm): cast to int to avoid Jinja type mismatch error
 2019-12-20 16:52:13 +00:00
semantic-release-bot
76bfb1b2d2 chore(release): 0.39.0 [skip ci] 
# [0.39.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.38.2...v0.39.0) (2019-12-20)

### Continuous Integration

* **gemfile:** restrict `train` gem version until upstream fix [skip ci] ([13be6f9](13be6f9fac))
* **travis:** apply changes from build config validation [skip ci] ([0aac479](0aac479c25))
* **travis:** opt-in to `dpl v2` to complete build config validation ([19e90ea](19e90ea2d6))
* **travis:** quote pathspecs used with `git ls-files` [skip ci] ([6608ddf](6608ddf8c5))
* **travis:** run `shellcheck` during lint job [skip ci] ([2ff6b2f](2ff6b2f17e))
* **travis:** use build config validation (beta) [skip ci] ([73160b2](73160b2491))

### Features

* **server-status:** allow remote servers to reach server-status page ([a3c0022](a3c0022d79))
 2019-12-20 16:51:40 +00:00
Imran Iqbal
d78d0cc166
Merge pull request #273 from mcarlton00/server-status-sources 
Allow remote servers to access server status page
 2019-12-20 16:43:11 +00:00
mcarlton00
a3c0022d79 feat(server-status): allow remote servers to reach server-status page 2019-12-20 11:20:26 -05:00
Dimitry Andric
21045c7a7b fix(mod_mpm): cast to int to avoid Jinja type mismatch error 
This fixes the following error when Jinja tries to process
`mpm_prefork.conf.jinja` or `00-mpm.conf.jinja`, when it processes the
`max_request_workers` comparison:

```
Unable to manage file: Jinja error: '>=' not supported between instances of 'str' and 'int'
[...]
<IfModule mpm_prefork_module>
  StartServers {{ mpm_param['start_servers'] | d('5') }}
  MaxRequestWorkers {{ mpm_param['max_request_workers'] | d('150') }}
{%- if mpm_param['max_request_workers'] | d('150') >= 256 %}    <======================
  ServerLimit {{ mpm_param['max_request_workers'] | d('150') }}
{%- endif %}
  MinSpareServers {{ mpm_param['min_spare_servers'] | d('5') }}
  MaxSpareServers {{ mpm_param['max_spare_servers'] | d('10') }}
  MaxConnectionsPerChild {{ mpm_param['max_connections_per_child'] | d('0') }}
```

Add filters that convert the values to an int first.
 2019-12-20 13:24:37 +01:00
Imran Iqbal
13be6f9fac ci(gemfile): restrict train gem version until upstream fix [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/110
 2019-12-16 13:35:22 +00:00
Imran Iqbal
6608ddf8c5 ci(travis): quote pathspecs used with git ls-files [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/107
 2019-11-27 21:48:33 +00:00
Imran Iqbal
2ff6b2f17e ci(travis): run shellcheck during lint job [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/106
 2019-11-27 21:01:16 +00:00
Imran Iqbal
19e90ea2d6 ci(travis): opt-in to dpl v2 to complete build config validation 
* Automated using https://github.com/myii/ssf-formula/pull/100
 2019-11-18 13:42:18 +00:00
Imran Iqbal
0aac479c25 ci(travis): apply changes from build config validation [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/98
 2019-11-16 20:08:52 +00:00
Imran Iqbal
73160b2491 ci(travis): use build config validation (beta) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/97
 2019-11-13 16:42:36 +00:00
semantic-release-bot
c763e1edce chore(release): 0.38.2 [skip ci] 
## [0.38.2](https://github.com/saltstack-formulas/apache-formula/compare/v0.38.1...v0.38.2) (2019-11-07)

### Bug Fixes

* **apache/modules.sls:** fix duplicated ID ([57afd71](57afd71627))
 2019-11-07 17:00:14 +00:00
Niels Abspoel
505ce0332b
Merge pull request #269 from scambra/patch-modules 
fix duplicated ID
 2019-11-07 17:49:43 +01:00
semantic-release-bot
24a4a24cdc chore(release): 0.38.1 [skip ci] 
## [0.38.1](https://github.com/saltstack-formulas/apache-formula/compare/v0.38.0...v0.38.1) (2019-11-05)

### Bug Fixes

* **mod_perl2.sls:** fix a2enmod perl2 error ([fba8d21](fba8d21794))
* **release.config.js:** use full commit hash in commit link [skip ci] ([dc5593c](dc5593cfdf))

### Continuous Integration

* **kitchen:** use `debian-10-master-py3` instead of `develop` [skip ci] ([09d82a5](09d82a581c))
* **kitchen:** use `develop` image until `master` is ready (`amazonlinux`) [skip ci] ([d0bf6f3](d0bf6f3796))
* **kitchen+travis:** upgrade matrix after `2019.2.2` release [skip ci] ([fc0f869](fc0f869b78))
* **travis:** update `salt-lint` config for `v0.0.10` [skip ci] ([2622d48](2622d48b4c))

### Performance Improvements

* **travis:** improve `salt-lint` invocation [skip ci] ([bf75770](bf75770220))
 2019-11-05 08:20:16 +00:00
Imran Iqbal
3a7e89024c
Merge pull request #271 from SynPrime/perl2-fix 
fix(mod_perl2.sls): fix a2enmod perl2 error
 2019-11-05 08:09:32 +00:00
Gino Naumann
fba8d21794 fix(mod_perl2.sls): fix a2enmod perl2 error 2019-11-04 17:23:25 +01:00
Imran Iqbal
d0bf6f3796 ci(kitchen): use develop image until master is ready (amazonlinux) [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/93
 2019-11-03 11:39:29 +00:00
Imran Iqbal
bf75770220 perf(travis): improve salt-lint invocation [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/90
 2019-11-02 08:29:44 +00:00
Imran Iqbal
dc5593cfdf fix(release.config.js): use full commit hash in commit link [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/89
 2019-10-31 10:24:01 +00:00
Sergio Cambra
57afd71627 fix(apache/modules.sls): fix duplicated ID 2019-10-30 12:53:39 +01:00
Imran Iqbal
fc0f869b78 ci(kitchen+travis): upgrade matrix after 2019.2.2 release [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/86
 2019-10-30 04:50:25 +00:00
Imran Iqbal
09d82a581c ci(kitchen): use debian-10-master-py3 instead of develop [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/84
 2019-10-24 18:02:17 +01:00
Imran Iqbal
2622d48b4c ci(travis): update salt-lint config for v0.0.10 [skip ci] 
* Automated using https://github.com/myii/ssf-formula/pull/82
 2019-10-23 17:22:41 +01:00
semantic-release-bot
f9dcbdd659 chore(release): 0.38.0 [skip ci] 
# [0.38.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.37.4...v0.38.0) (2019-10-20)

### Bug Fixes

* **apache-2.2.config.jinja:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/f4045ef))
* **apache-2.4.config.jinja:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/e2c1c2e))
* **flags.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/a146c59))
* **init.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/8465eb4))
* **map.jinja:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/d011324))
* **mod_geoip.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/e55ef9b))
* **modsecurity.conf.jinja:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/2a79d05))
* **modules.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/55d11f8))
* **server_status.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/da9a592))
* **uninstall.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/ed7dc7b))
* **vhosts/cleanup.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/b0bbd0b))
* **vhosts/minimal.tmpl:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/146dc67))
* **vhosts/proxy.tmpl:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/e7c9fbb))
* **vhosts/redirect.tmpl:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/0a41b19))
* **vhosts/standard.tmpl:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/1bad58d))
* **yamllint:** fix all errors ([](https://github.com/saltstack-formulas/apache-formula/commit/97f6ead))

### Documentation

* **formula:** use standard structure ([](https://github.com/saltstack-formulas/apache-formula/commit/701929d))
* **readme:** move to `docs/` directory and modify accordingly ([](https://github.com/saltstack-formulas/apache-formula/commit/6933f0e))

### Features

* **semantic-release:** implement for this formula ([](https://github.com/saltstack-formulas/apache-formula/commit/34d1f7c))

### Tests

* **mod_security_spec:** convert from Serverspec to InSpec ([](https://github.com/saltstack-formulas/apache-formula/commit/68b971b))
 2019-10-20 12:05:29 +00:00
Niels Abspoel
34324bd2c6
Merge pull request #270 from myii/feat/implement-semantic-release 
feat(semantic-release): implement for this formula
 2019-10-20 13:55:10 +02:00
Imran Iqbal
6933f0e427
docs(readme): move to docs/ directory and modify accordingly 2019-10-17 09:12:49 +01:00
Imran Iqbal
701929d616
docs(formula): use standard structure 2019-10-17 09:12:48 +01:00
Imran Iqbal
1bad58d899
fix(vhosts/standard.tmpl): fix salt-lint errors 
```bash
Examining apache/vhosts/standard.tmpl of type state
[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/vhosts/standard.tmpl:46
<VirtualHost {% for intf in vals.interfaces %} {{intf}}:{{ vals.port }}{% endfor -%}>

[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/vhosts/standard.tmpl:70
    {% if site.get('SSLCertificateChainFile') %}SSLCertificateChainFile {{ site.SSLCertificateChainFile}}{% endif %}

[201] Trailing whitespace
apache/vhosts/standard.tmpl:72

[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/vhosts/standard.tmpl:96
        {% if dvals.get('Require') != False %}Require {{dvals.Require}}{% endif %}

[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/vhosts/standard.tmpl:120
        {%- if lvals.get('Require') != False %}Require {{lvals.Require}}{% endif %}
```
 2019-10-17 08:32:32 +01:00
Imran Iqbal
0a41b193da
fix(vhosts/redirect.tmpl): fix salt-lint errors 
```bash
Examining apache/vhosts/redirect.tmpl of type state
[201] Trailing whitespace
apache/vhosts/redirect.tmpl:23

[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/vhosts/redirect.tmpl:28
<VirtualHost {%- for intf in vals.interfaces %} {{intf}}:{{ vals.port }}{% endfor -%}>

[201] Trailing whitespace
apache/vhosts/redirect.tmpl:47
```
 2019-10-17 08:32:32 +01:00
Imran Iqbal
e7c9fbb152
fix(vhosts/proxy.tmpl): fix salt-lint errors 
```bash
Examining apache/vhosts/proxy.tmpl of type state
[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/vhosts/proxy.tmpl:38
<VirtualHost {%- for intf in vals.interfaces %} {{intf}}:{{ vals.port }}{% endfor -%}>

[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/vhosts/proxy.tmpl:53
    {% if site.get('SSLCertificateChainFile') %}SSLCertificateChainFile {{ site.SSLCertificateChainFile}}{% endif %}

[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/vhosts/proxy.tmpl:85
      {%- if lvals.get('Require') != False %}Require {{lvals.Require}}{% endif %}

[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/vhosts/proxy.tmpl:102
      {%- if lmvals.get('Require') != False %}Require {{lmvals.Require}}{% endif %}
```
 2019-10-17 08:32:31 +01:00
Imran Iqbal
146dc6702a
fix(vhosts/minimal.tmpl): fix salt-lint errors 
```bash
Examining apache/vhosts/minimal.tmpl of type state
[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/vhosts/minimal.tmpl:25
<VirtualHost {% for intf in vals.interfaces %} {{intf}}:{{ vals.port }}{% endfor -%}>
```
 2019-10-17 08:32:31 +01:00
Imran Iqbal
b0bbd0b91d
fix(vhosts/cleanup.sls): fix salt-lint errors 
```bash
Examining apache/vhosts/cleanup.sls of type state
[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/vhosts/cleanup.sls:29
    - onlyif: "test -L {{ dirpath}}/{{ filename }} || test -f {{ dirpath}}/{{ filename }}"
```
 2019-10-17 08:32:31 +01:00
Imran Iqbal
ed7dc7b411
fix(uninstall.sls): fix salt-lint errors 
```bash
Examining apache/uninstall.sls of type state
[201] Trailing whitespace
apache/uninstall.sls:2
```
 2019-10-17 08:32:31 +01:00
Imran Iqbal
da9a59225a
fix(server_status.sls): fix salt-lint errors 
```bash
Examining apache/server_status.sls of type state
[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/server_status.sls:7
{{apache.confdir}}/server-status{{apache.confext}}:
```
 2019-10-17 08:32:31 +01:00
Imran Iqbal
55d11f8293
fix(modules.sls): fix salt-lint errors 
```bash
Examining apache/modules.sls of type state
[201] Trailing whitespace
apache/modules.sls:49

[201] Trailing whitespace
apache/modules.sls:84
```
 2019-10-17 08:32:31 +01:00
Imran Iqbal
e55ef9b3ee
fix(mod_geoip.sls): fix salt-lint errors 
```bash
Examining apache/mod_geoip.sls of type state
[201] Trailing whitespace
apache/mod_geoip.sls:30
    - source:
```
 2019-10-17 08:32:30 +01:00
Imran Iqbal
d011324bd2
fix(map.jinja): fix salt-lint errors 
```bash
Examining apache/map.jinja of type state
[209] Jinja comment should have spaces before and after: {# comment #}
apache/map.jinja:22
{## Merge the apache pillar ##}
```
 2019-10-17 08:32:30 +01:00
Imran Iqbal
8465eb47e0
fix(init.sls): fix salt-lint errors 
```bash
Examining apache/init.sls of type state
[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/init.sls:15
  service.{{apache.service_state}}:

[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/init.sls:30
    - cmd: {{apache.custom_reload_command|default('apachectl graceful')}}

[206] Jinja variables should have spaces before and after: {{ var_name }}
apache/init.sls:41
    - cmd: {{apache.custom_reload_command|default('apachectl graceful')}}
```
 2019-10-17 08:32:30 +01:00
Imran Iqbal
a146c59763
fix(flags.sls): fix salt-lint errors 
```bash
Examining apache/flags.sls of type state
[201] Trailing whitespace
apache/flags.sls:7
```
 2019-10-17 08:32:30 +01:00
Imran Iqbal
2a79d05945
fix(modsecurity.conf.jinja): fix salt-lint errors 
```bash
Examining apache/files/RedHat/modsecurity.conf.jinja of type state
[201] Trailing whitespace
apache/files/RedHat/modsecurity.conf.jinja:26
```
 2019-10-17 08:32:30 +01:00
Imran Iqbal
e2c1c2e66f
fix(apache-2.4.config.jinja): fix salt-lint errors 
```bash
Examining apache/files/FreeBSD/apache-2.4.config.jinja of type state
[201] Trailing whitespace
apache/files/FreeBSD/apache-2.4.config.jinja:171
```
 2019-10-17 08:32:30 +01:00
Imran Iqbal
f4045efeff
fix(apache-2.2.config.jinja): fix salt-lint errors 
```bash
Examining apache/files/Debian/apache-2.2.config.jinja of type state
[201] Trailing whitespace
apache/files/Debian/apache-2.2.config.jinja:119
    MaxSpareThreads      75

[201] Trailing whitespace
apache/files/Debian/apache-2.2.config.jinja:136
    MaxSpareThreads      75
```
 2019-10-17 08:32:30 +01:00
Imran Iqbal
97f6ead9f4
fix(yamllint): fix all errors 
```bash
apache-formula$ yamllint -s .
./pillar.example
  2:1       warning  missing document start "---"  (document-start)
  5:26      warning  truthy value should be one of [false, true]  (truthy)
  50:18     warning  too few spaces before comment  (comments)
  51:16     warning  truthy value should be one of [false, true]  (truthy)
  52:57     warning  too few spaces before comment  (comments)
  52:89     error    line too long (104 > 88 characters)  (line-length)
  67:33     warning  truthy value should be one of [false, true]  (truthy)
  67:38     warning  too few spaces before comment  (comments)
  69:31     warning  too few spaces before comment  (comments)
  70:8      warning  missing starting space in comment  (comments)
  75:53     warning  too few spaces before comment  (comments)
  75:89     error    line too long (98 > 88 characters)  (line-length)
  76:55     warning  too few spaces before comment  (comments)
  76:89     error    line too long (101 > 88 characters)  (line-length)
  78:50     warning  too few spaces before comment  (comments)
  79:89     error    line too long (95 > 88 characters)  (line-length)
  82:47     warning  too few spaces before comment  (comments)
  83:54     warning  too few spaces before comment  (comments)
  83:89     error    line too long (100 > 88 characters)  (line-length)
  84:58     warning  too few spaces before comment  (comments)
  84:89     error    line too long (109 > 88 characters)  (line-length)
  93:32     warning  too few spaces before comment  (comments)
  100:89    error    line too long (105 > 88 characters)  (line-length)
  101:33    error    trailing spaces  (trailing-spaces)
  102:16    warning  truthy value should be one of [false, true]  (truthy)
  231:20    warning  truthy value should be one of [false, true]  (truthy)
  242:32    warning  too few spaces before comment  (comments)
  249:20    warning  truthy value should be one of [false, true]  (truthy)
  254:20    warning  truthy value should be one of [false, true]  (truthy)
  260:21    warning  truthy value should be one of [false, true]  (truthy)
  283:8     warning  missing starting space in comment  (comments)
  284:8     warning  missing starting space in comment  (comments)
  297:15    warning  too few spaces before comment  (comments)
  328:18    warning  truthy value should be one of [false, true]  (truthy)
  330:20    warning  truthy value should be one of [false, true]  (truthy)
  342:15    error    empty value in block mapping  (empty-values)
  345:18    warning  truthy value should be one of [false, true]  (truthy)
  348:18    warning  truthy value should be one of [false, true]  (truthy)
  355:18    warning  truthy value should be one of [false, true]  (truthy)
  358:89    error    line too long (91 > 88 characters)  (line-length)
  359:26    warning  truthy value should be one of [false, true]  (truthy)
  362:89    error    line too long (99 > 88 characters)  (line-length)
  365:89    error    line too long (267 > 88 characters)  (line-length)
  367:21    warning  truthy value should be one of [false, true]  (truthy)
  369:26    warning  truthy value should be one of [false, true]  (truthy)
  371:1     error    too many blank lines (1 > 0)  (empty-lines)

./apache/osfingermap.yaml
  3:1       warning  missing document start "---"  (document-start)

./apache/modsecurity.yaml
  4:1       warning  missing document start "---"  (document-start)
  6:18      warning  truthy value should be one of [false, true]  (truthy)
  7:20      warning  truthy value should be one of [false, true]  (truthy)
  14:18     warning  truthy value should be one of [false, true]  (truthy)
  15:20     warning  truthy value should be one of [false, true]  (truthy)
  22:18     warning  truthy value should be one of [false, true]  (truthy)
  23:20     warning  truthy value should be one of [false, true]  (truthy)

./apache/defaults.yaml
  4:1       warning  missing document start "---"  (document-start)
  5:26      warning  truthy value should be one of [false, true]  (truthy)
  7:19      warning  truthy value should be one of [false, true]  (truthy)
  10:18     warning  truthy value should be one of [false, true]  (truthy)
  11:20     warning  truthy value should be one of [false, true]  (truthy)

./apache/oscodenamemap.yaml
  4:1       warning  missing document start "---"  (document-start)
  4:8       error    trailing spaces  (trailing-spaces)
  9:8       error    trailing spaces  (trailing-spaces)
  14:7      error    trailing spaces  (trailing-spaces)
  19:6      error    trailing spaces  (trailing-spaces)
  24:8      error    trailing spaces  (trailing-spaces)
  29:9      error    trailing spaces  (trailing-spaces)
  34:7      error    trailing spaces  (trailing-spaces)
  39:8      error    trailing spaces  (trailing-spaces)
  44:8      error    trailing spaces  (trailing-spaces)
  50:9      error    trailing spaces  (trailing-spaces)
  61:1      error    too many blank lines (1 > 0)  (empty-lines)

./apache/osfamilymap.yaml
  4:1       warning  missing document start "---"  (document-start)
  16:89     error    line too long (104 > 88 characters)  (line-length)
  43:89     error    line too long (105 > 88 characters)  (line-length)
  56:16     warning  truthy value should be one of [false, true]  (truthy)
  114:11    error    empty value in block mapping  (empty-values)
  114:11    error    trailing spaces  (trailing-spaces)

./test/salt/pillar/default.sls
  5:26      warning  truthy value should be one of [false, true]  (truthy)
  7:18      warning  truthy value should be one of [false, true]  (truthy)
  8:20      warning  truthy value should be one of [false, true]  (truthy)
```
 2019-10-17 08:32:30 +01:00
Imran Iqbal
68b971bd77
test(mod_security_spec): convert from Serverspec to InSpec 2019-10-17 08:32:29 +01:00
Imran Iqbal
34d1f7cf15
feat(semantic-release): implement for this formula 
* Automated using https://github.com/myii/ssf-formula/pull/79
 2019-10-17 08:18:11 +01:00
Imran Iqbal
93c8d1ffe7
docs(pr): remove PR template to use org-wide template instead [skip ci] 2019-10-17 03:55:18 +01:00
Sergio Cambra
9a1b1d9b26 Patch upload progress (#267) 
* Include the mod_* states in apache.modules for Debian hosts

* upload progress module for debian
 2019-09-26 17:57:24 +02:00
Sergio Cambra
d660abfe70 fix server_status state (#268) 2019-09-25 20:03:49 +02:00
Andreas Thienemann
0c1423f8f1 Fix mod_remoteip for Red Hat family OS (#260) 
The source template was missing for RH based systems, only the Debian
file was packaged.

Fix this.
 2019-04-20 09:32:44 +02:00
N
58d2a33898 Resolve #256 - fix Suse group value (#257) 2019-03-06 17:37:36 +01:00
213 changed files with 11922 additions and 2445 deletions
Show Stats Expand all files Collapse all files

8
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -1,8 +0,0 @@
**Summary of Changes**
* Issue summary
- Indented line 1
- Indented line 2
**Testing**
- Ran `make`
- Tested in Vagrant
- Tested on OS

16
.github/workflows/commitlint.yml vendored Normal file
View File

@ -0,0 +1,16 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
name: Commitlint
'on': [pull_request]
jobs:
lint:
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: wagoid/commitlint-github-action@v1

40
.github/workflows/kitchen.vagrant.yml vendored Normal file
View File

@ -0,0 +1,40 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
name: 'Kitchen Vagrant (FreeBSD)'
'on': ['push', 'pull_request']
env:
KITCHEN_LOCAL_YAML: 'kitchen.vagrant.yml'
jobs:
test:
runs-on: 'macos-10.15'
strategy:
fail-fast: false
matrix:
instance:
# - default-freebsd-130-master-py3
# - modules-freebsd-130-master-py3
- freebsd-130-master-py3
# - default-freebsd-123-master-py3
# - modules-freebsd-123-master-py3
- freebsd-123-master-py3
# - default-freebsd-130-3004-0-py3
# - default-freebsd-123-3004-0-py3
steps:
- name: 'Check out code'
uses: 'actions/checkout@v2'
- name: 'Set up Bundler cache'
uses: 'actions/cache@v1'
with:
path: 'vendor/bundle'
key: "${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}"
restore-keys: "${{ runner.os }}-gems-"
- name: 'Run Bundler'
run: |
ruby --version
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
- name: 'Run Test Kitchen'
run: 'bundle exec kitchen verify ${{ matrix.instance }}'

134
.gitignore vendored
View File

@ -1,2 +1,134 @@
*.swp
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
env/
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
*.egg-info/
.installed.cfg
*.egg
# PyInstaller
# Usually these files are written by a python script from a packager
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
.hypothesis/
.kitchen
.kitchen.local.yml
kitchen.local.yml
junit-*.xml
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
target/
# Jupyter Notebook
.ipynb_checkpoints
# pyenv
.python-version
# celery beat schedule file
celerybeat-schedule
# SageMath parsed files
*.sage.py
# dotenv
.env
# virtualenv
.venv
venv/
ENV/
# visual studio
.vs/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
# Bundler
.bundle/
# copied `.md` files used for conversion to `.rst` using `m2r`
docs/*.md
# Vim
*.sw?
## Collected when centralising formulas (check and sort)
# `collectd-formula`
.pytest_cache/
/.idea/
Dockerfile.*_*
ignore/
tmp/
# `salt-formula` -- Vagrant Specific files
.vagrant
top.sls
!test/salt/pillar/top.sls
# `suricata-formula` -- Platform binaries
*.rpm
*.deb

254
.gitlab-ci.yml Normal file
View File

@ -0,0 +1,254 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
###############################################################################
# Define all YAML node anchors
###############################################################################
.node_anchors:
# `only` (also used for `except` where applicable)
only_branch_master_parent_repo: &only_branch_master_parent_repo
- 'master@saltstack-formulas/apache-formula'
# `stage`
stage_lint: &stage_lint 'lint'
stage_release: &stage_release 'release'
stage_test: &stage_test 'test'
# `image`
image_commitlint: &image_commitlint 'myii/ssf-commitlint:11'
image_dindruby: &image_dindruby 'myii/ssf-dind-ruby:2.7.1-r3'
image_precommit: &image_precommit
name: 'myii/ssf-pre-commit:2.9.2'
entrypoint: ['/bin/bash', '-c']
image_rubocop: &image_rubocop 'pipelinecomponents/rubocop:latest'
# yamllint disable-line rule:line-length
image_semantic-release: &image_semanticrelease 'myii/ssf-semantic-release-pandoc:15.14'
# `services`
services_docker_dind: &services_docker_dind
- 'docker:dind'
# `variables`
# https://forum.gitlab.com/t/gitlab-com-ci-caching-rubygems/5627/3
# https://bundler.io/v1.16/bundle_config.html
variables_bundler: &variables_bundler
BUNDLE_CACHE_PATH: '${CI_PROJECT_DIR}/.cache/bundler'
BUNDLE_WITHOUT: 'production'
# `cache`
cache_bundler: &cache_bundler
key: '${CI_JOB_STAGE}'
paths:
- '${BUNDLE_CACHE_PATH}'
###############################################################################
# Define stages and global variables
###############################################################################
stages:
- *stage_lint
- *stage_test
- *stage_release
variables:
DOCKER_DRIVER: 'overlay2'
###############################################################################
# `lint` stage: `commitlint`, `pre-commit` & `rubocop` (latest, failure allowed)
###############################################################################
commitlint:
stage: *stage_lint
image: *image_commitlint
script:
# Add `upstream` remote to get access to `upstream/master`
- 'git remote add upstream
https://gitlab.com/saltstack-formulas/apache-formula.git'
- 'git fetch --all'
# Set default commit hashes for `--from` and `--to`
- 'export COMMITLINT_FROM="$(git merge-base upstream/master HEAD)"'
- 'export COMMITLINT_TO="${CI_COMMIT_SHA}"'
# `coqbot` adds a merge commit to test PRs on top of the latest commit in
# the repo; amend this merge commit message to avoid failure
- |
if [ "${GITLAB_USER_LOGIN}" = "coqbot" ] \
&& [ "${CI_COMMIT_BRANCH}" != "master" ]; then
git commit --amend -m \
'chore: reword coqbot merge commit message for commitlint'
export COMMITLINT_TO=HEAD
fi
# Run `commitlint`
- 'commitlint --from "${COMMITLINT_FROM}"
--to "${COMMITLINT_TO}"
--verbose'
pre-commit:
stage: *stage_lint
image: *image_precommit
# https://pre-commit.com/#gitlab-ci-example
variables:
PRE_COMMIT_HOME: '${CI_PROJECT_DIR}/.cache/pre-commit'
cache:
key: '${CI_JOB_NAME}'
paths:
- '${PRE_COMMIT_HOME}'
script:
- 'pre-commit run --all-files --color always --verbose'
# Use a separate job for `rubocop` other than the one potentially run by `pre-commit`
# - The `pre-commit` check will only be available for formulas that pass the default
# `rubocop` check -- and must continue to do so
# - This job is allowed to fail, so can be used for all formulas
# - Furthermore, this job uses all of the latest `rubocop` features & cops,
# which will help when upgrading the `rubocop` linter used in `pre-commit`
rubocop:
allow_failure: true
stage: *stage_lint
image: *image_rubocop
script:
- 'rubocop -d -P -S --enable-pending-cops'
###############################################################################
# Define `test` template
###############################################################################
.test_instance: &test_instance
stage: *stage_test
image: *image_dindruby
services: *services_docker_dind
variables: *variables_bundler
cache: *cache_bundler
before_script:
# TODO: This should work from the env vars above automatically
- 'bundle config set path "${BUNDLE_CACHE_PATH}"'
- 'bundle config set without "${BUNDLE_WITHOUT}"'
- 'bundle install'
script:
# Alternative value to consider: `${CI_JOB_NAME}`
- 'bin/kitchen verify "${DOCKER_ENV_CI_JOB_NAME}"'
###############################################################################
# Define `test` template (`allow_failure: true`)
###############################################################################
.test_instance_failure_permitted:
<<: *test_instance
allow_failure: true
###############################################################################
# `test` stage: each instance below uses the `test` template above
###############################################################################
## Define the rest of the matrix based on Kitchen testing
# Make sure the instances listed below match up with
# the `platforms` defined in `kitchen.yml`
# yamllint disable rule:line-length
# default-debian-11-tiamat-py3: {extends: '.test_instance'}
# default-debian-10-tiamat-py3: {extends: '.test_instance'}
# default-debian-9-tiamat-py3: {extends: '.test_instance'}
# default-ubuntu-2204-tiamat-py3: {extends: '.test_instance_failure_permitted'}
# default-ubuntu-2004-tiamat-py3: {extends: '.test_instance'}
# default-ubuntu-1804-tiamat-py3: {extends: '.test_instance'}
# default-centos-stream8-tiamat-py3: {extends: '.test_instance_failure_permitted'}
# default-centos-7-tiamat-py3: {extends: '.test_instance'}
# default-amazonlinux-2-tiamat-py3: {extends: '.test_instance'}
# default-oraclelinux-8-tiamat-py3: {extends: '.test_instance'}
# default-oraclelinux-7-tiamat-py3: {extends: '.test_instance'}
# default-almalinux-8-tiamat-py3: {extends: '.test_instance'}
# default-rockylinux-8-tiamat-py3: {extends: '.test_instance'}
# default-debian-11-master-py3: {extends: '.test_instance'}
# modules-debian-11-master-py3: {extends: '.test_instance'}
debian-11-master-py3: {extends: '.test_instance'}
# default-debian-10-master-py3: {extends: '.test_instance'}
# modules-debian-10-master-py3: {extends: '.test_instance'}
debian-10-master-py3: {extends: '.test_instance'}
# default-debian-9-master-py3: {extends: '.test_instance'}
# modules-debian-9-master-py3: {extends: '.test_instance'}
# debian-9-master-py3: {extends: '.test_instance'}
# default-ubuntu-2204-master-py3: {extends: '.test_instance_failure_permitted'}
# modules-ubuntu-2204-master-py3: {extends: '.test_instance_failure_permitted'}
ubuntu-2204-master-py3: {extends: '.test_instance_failure_permitted'}
# default-ubuntu-2004-master-py3: {extends: '.test_instance'}
# modules-ubuntu-2004-master-py3: {extends: '.test_instance'}
ubuntu-2004-master-py3: {extends: '.test_instance'}
# default-ubuntu-1804-master-py3: {extends: '.test_instance'}
# modules-ubuntu-1804-master-py3: {extends: '.test_instance'}
ubuntu-1804-master-py3: {extends: '.test_instance'}
# default-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
# modules-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
# default-centos-7-master-py3: {extends: '.test_instance'}
# modules-centos-7-master-py3: {extends: '.test_instance'}
centos-7-master-py3: {extends: '.test_instance'}
# default-fedora-36-master-py3: {extends: '.test_instance_failure_permitted'}
# modules-fedora-36-master-py3: {extends: '.test_instance_failure_permitted'}
fedora-36-master-py3: {extends: '.test_instance_failure_permitted'}
# default-fedora-35-master-py3: {extends: '.test_instance'}
# modules-fedora-35-master-py3: {extends: '.test_instance'}
fedora-35-master-py3: {extends: '.test_instance'}
# default-opensuse-leap-153-master-py3: {extends: '.test_instance'}
# modules-opensuse-leap-153-master-py3: {extends: '.test_instance'}
opensuse-leap-153-master-py3: {extends: '.test_instance'}
default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
# modules-opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
# opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
# https://community.letsencrypt.org/t/localhost-crt-does-not-exist-or-is-empty/103979
default-amazonlinux-2-master-py3: {extends: '.test_instance'}
# modules-amazonlinux-2-master-py3: {extends: '.test_instance'}
# amazonlinux-2-master-py3: {extends: '.test_instance'}
# default-oraclelinux-8-master-py3: {extends: '.test_instance'}
# modules-oraclelinux-8-master-py3: {extends: '.test_instance'}
# oraclelinux-8-master-py3: {extends: '.test_instance'}
# default-oraclelinux-7-master-py3: {extends: '.test_instance'}
# modules-oraclelinux-7-master-py3: {extends: '.test_instance'}
oraclelinux-7-master-py3: {extends: '.test_instance'}
# default-arch-base-latest-master-py3: {extends: '.test_instance'}
modules-arch-base-latest-master-py3: {extends: '.test_instance'}
# arch-base-latest-master-py3: {extends: '.test_instance'}
# default-gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
# modules-gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
# gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
# default-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}
# modules-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}
# gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}
# default-almalinux-8-master-py3: {extends: '.test_instance'}
# modules-almalinux-8-master-py3: {extends: '.test_instance'}
almalinux-8-master-py3: {extends: '.test_instance'}
# default-rockylinux-8-master-py3: {extends: '.test_instance'}
# modules-rockylinux-8-master-py3: {extends: '.test_instance'}
rockylinux-8-master-py3: {extends: '.test_instance'}
# default-debian-11-3004-1-py3: {extends: '.test_instance'}
# default-debian-10-3004-1-py3: {extends: '.test_instance'}
# default-debian-9-3004-1-py3: {extends: '.test_instance'}
# default-ubuntu-2204-3004-1-py3: {extends: '.test_instance_failure_permitted'}
# default-ubuntu-2004-3004-1-py3: {extends: '.test_instance'}
# default-ubuntu-1804-3004-1-py3: {extends: '.test_instance'}
# default-centos-stream8-3004-1-py3: {extends: '.test_instance_failure_permitted'}
# default-centos-7-3004-1-py3: {extends: '.test_instance'}
# default-fedora-36-3004-1-py3: {extends: '.test_instance_failure_permitted'}
# default-fedora-35-3004-1-py3: {extends: '.test_instance'}
# default-amazonlinux-2-3004-1-py3: {extends: '.test_instance'}
# default-oraclelinux-8-3004-1-py3: {extends: '.test_instance'}
# default-oraclelinux-7-3004-1-py3: {extends: '.test_instance'}
# default-arch-base-latest-3004-1-py3: {extends: '.test_instance'}
# default-gentoo-stage3-latest-3004-1-py3: {extends: '.test_instance'}
# default-gentoo-stage3-systemd-3004-1-py3: {extends: '.test_instance'}
# default-almalinux-8-3004-1-py3: {extends: '.test_instance'}
# default-rockylinux-8-3004-1-py3: {extends: '.test_instance'}
# default-opensuse-leap-153-3004-0-py3: {extends: '.test_instance'}
# default-opensuse-tmbl-latest-3004-0-py3: {extends: '.test_instance_failure_permitted'}
# default-debian-10-3003-4-py3: {extends: '.test_instance'}
# default-debian-9-3003-4-py3: {extends: '.test_instance'}
# default-ubuntu-2004-3003-4-py3: {extends: '.test_instance'}
# default-ubuntu-1804-3003-4-py3: {extends: '.test_instance'}
# default-centos-stream8-3003-4-py3: {extends: '.test_instance_failure_permitted'}
# default-centos-7-3003-4-py3: {extends: '.test_instance'}
# default-amazonlinux-2-3003-4-py3: {extends: '.test_instance'}
# default-oraclelinux-8-3003-4-py3: {extends: '.test_instance'}
# default-oraclelinux-7-3003-4-py3: {extends: '.test_instance'}
# default-almalinux-8-3003-4-py3: {extends: '.test_instance'}
# yamllint enable rule:line-length
###############################################################################
# `release` stage: `semantic-release`
###############################################################################
semantic-release:
only: *only_branch_master_parent_repo
stage: *stage_release
image: *image_semanticrelease
variables:
MAINTAINER_TOKEN: '${GH_TOKEN}'
script:
# Update `AUTHORS.md`
- '${HOME}/go/bin/maintainer contributor'
# Run `semantic-release`
- 'semantic-release'

56
.kitchen.yml
View File

@ -1,56 +0,0 @@
---
driver:
name: docker
use_sudo: false
privileged: true
require_chef_omnibus: false
platforms:
- name: centos-7
- name: ubuntu-16.04
- name: debian-9
provisioner:
name: salt_solo
formula: apache
require_chef: false
data_path: test/shared
pillars:
top.sls:
base:
'*':
- apache
apache.sls:
apache:
manage_service_states: False
mod_security:
crs_install: True
manage_config: True
sec_rule_engine: 'On'
sec_request_body_access: 'On'
sec_request_body_limit: '14000000'
sec_request_body_no_files_limit: '114002'
sec_request_body_in_memory_limit: '114002'
sec_request_body_limit_action: 'Reject'
sec_pcre_match_limit: '15000'
sec_pcre_match_limit_recursion: '15000'
sec_debug_log_level: '3'
suites:
- name: default
provisioner:
state_top:
base:
'*':
- apache
- apache.mod_security
- name: apache_norestart
provisioner:
state_top:
base:
'*':
- apache
pillars:
apache.sls:
apache:
manage_service_states: False

77
.pre-commit-config.yaml Normal file
View File

@ -0,0 +1,77 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
ci:
autofix_commit_msg: |
ci(pre-commit.ci): apply auto fixes from pre-commit.com hooks
For more information, see https://pre-commit.ci
autofix_prs: true
autoupdate_branch: ''
autoupdate_commit_msg: |
ci(pre-commit.ci): perform `pre-commit` autoupdate
autoupdate_schedule: quarterly
skip: []
submodules: false
default_stages: [commit]
repos:
- repo: https://github.com/dafyddj/commitlint-pre-commit-hook
rev: v2.3.0
hooks:
- id: commitlint
name: Check commit message using commitlint
description: Lint commit message against @commitlint/config-conventional rules
stages: [commit-msg]
additional_dependencies: ['@commitlint/config-conventional@8.3.4']
- id: commitlint-travis
stages: [manual]
additional_dependencies: ['@commitlint/config-conventional@8.3.4']
always_run: true
- repo: https://github.com/rubocop-hq/rubocop
rev: v1.30.1
hooks:
- id: rubocop
name: Check Ruby files with rubocop
args: [--debug]
always_run: true
pass_filenames: false
- repo: https://github.com/shellcheck-py/shellcheck-py
rev: v0.8.0.4
hooks:
- id: shellcheck
name: Check shell scripts with shellcheck
files: ^.*\.(sh|bash|ksh)$
types: []
- repo: https://github.com/adrienverge/yamllint
rev: v1.26.3
hooks:
- id: yamllint
name: Check YAML syntax with yamllint
args: [--strict, '.']
always_run: true
pass_filenames: false
- repo: https://github.com/warpnet/salt-lint
rev: v0.8.0
hooks:
- id: salt-lint
name: Check Salt files using salt-lint
files: ^.*\.(sls|jinja|j2|tmpl|tst)$
- repo: https://github.com/myint/rstcheck
rev: 3f929574
hooks:
- id: rstcheck
name: Check reST files using rstcheck
exclude: 'docs/CHANGELOG.rst'
- repo: https://github.com/saltstack-formulas/mirrors-rst-lint
rev: v1.3.2
hooks:
- id: rst-lint
name: Check reST files using rst-lint
exclude: |
(?x)^(
docs/CHANGELOG.rst|
docs/TOFS_pattern.rst|
)$
additional_dependencies: [pygments==2.9.0]

4
.rstcheck.cfg Normal file
View File

@ -0,0 +1,4 @@
[rstcheck]
report=info
ignore_language=rst
ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$)

23
.rubocop.yml Normal file
View File

@ -0,0 +1,23 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# General overrides used across formulas in the org
Layout/LineLength:
# Increase from default of `80`
# Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
Max: 88
Metrics/BlockLength:
IgnoredMethods:
- control
- describe
# Increase from default of `25`
Max: 30
Security/YAMLLoad:
Exclude:
- test/integration/**/_mapdata.rb
# General settings across all cops in this formula
AllCops:
NewCops: enable
# Any offenses that should be fixed, e.g. collected via. `rubocop --auto-gen-config`

32
.salt-lint Normal file
View File

@ -0,0 +1,32 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
exclude_paths: []
rules:
203: # Most files should not contain tabs
ignore: |
apache/files/Debian/apache-2.4.config.jinja
apache/files/Debian/mpm/mpm_event.conf.jinja
apache/files/Debian/mpm/mpm_prefork.conf.jinja
apache/files/Debian/mpm/mpm_worker.conf.jinja
apache/files/Debian/ssl.conf.jinja
apache/files/FreeBSD/mod_cgi.conf.jinja
apache/files/FreeBSD/mod_ssl.conf.jinja
apache/files/RedHat/conf.modules.d/00-mpm.conf.jinja
apache/files/RedHat/modsecurity.conf.jinja
apache/logrotate.sls
204: # Lines should be no longer that 160 chars
ignore: |
apache/files/Debian/ssl.conf.jinja
apache/files/FreeBSD/mod_ssl.conf.jinja
apache/files/ssl/tls-defaults.conf.jinja
test/salt/pillar/modules.sls
skip_list:
# Using `salt-lint` for linting other files as well, such as Jinja macros/templates
- 205 # Use ".sls" as a Salt State file extension
# Skipping `207` and `208` because `210` is sufficient, at least for the time-being
# I.e. Allows 3-digit unquoted codes to still be used, such as `644` and `755`
- 207 # File modes should always be encapsulated in quotation marks
- 208 # File modes should always contain a leading zero
tags: []
verbosity: 1

237
.travis.yml
View File

@ -1,16 +1,227 @@
sudo: required
language: python
services:
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
################################################################################
# NOTE: This file is UNMAINTAINED; it is provided for references purposes only.
# No guarantees are tendered that this structure will work after 2020.
################################################################################
# * https://en.wikipedia.org/wiki/Travis_CI:
# - "... free open-source plans were removed in [sic] the end of 2020"
# - https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing
# - https://ropensci.org/technotes/2020/11/19/moving-away-travis/
################################################################################
## Machine config
os: 'linux'
arch: 'amd64'
dist: 'bionic'
version: '~> 1.0'
## Language and cache config
language: 'ruby'
cache: 'bundler'
## Services config
services:
- docker
before_install:
- bundle install
env:
matrix:
- INSTANCE: default-centos-7
- INSTANCE: default-ubuntu-1604
- INSTANCE: default-debian-9
## Script to run for the test stage
script:
- bundle exec kitchen verify ${INSTANCE}
- bin/kitchen verify "${INSTANCE}"
## Stages and jobs matrix
stages:
- test
# # As part of the switch away from Travis CI, ensure that the `release` stage
# # is not run inadvertently
# - name: 'release'
# if: 'branch = master AND type != pull_request'
jobs:
include:
## Define the test stage that runs the linters (and testing matrix, if applicable)
# Run all of the linters in a single job
- language: 'node_js'
node_js: 'lts/*'
env: 'Lint'
name: 'Lint: salt-lint, yamllint, rubocop, shellcheck & commitlint'
before_install: 'skip'
script:
# Install and run `salt-lint`
- pip install --user salt-lint
- git ls-files -- '*.sls' '*.jinja' '*.j2' '*.tmpl' '*.tst'
| xargs salt-lint
# Install and run `yamllint`
# Need at least `v1.17.0` for the `yaml-files` setting
- pip install --user yamllint>=1.17.0
- yamllint -s .
# Install and run `rubocop`
- gem install rubocop
- rubocop -d
# Run `shellcheck` (already pre-installed in Travis)
- shellcheck --version
- git ls-files -- '*.sh' '*.bash' '*.ksh'
| xargs shellcheck
# Install and run `commitlint`
- npm i -D @commitlint/config-conventional
@commitlint/travis-cli
- commitlint-travis
# Run `pre-commit` linters in a single job
- language: 'python'
env: 'Lint_pre-commit'
name: 'Lint: pre-commit'
before_install: 'skip'
cache:
directories:
- $HOME/.cache/pre-commit
script:
# Install and run `pre-commit`
- pip install pre-commit==2.7.1
- pre-commit run --all-files --color always --verbose
- pre-commit run --color always --hook-stage manual --verbose commitlint-travis
## Define the rest of the matrix based on Kitchen testing
# Make sure the instances listed below match up with
# the `platforms` defined in `kitchen.yml`
# - env: INSTANCE=default-debian-11-tiamat-py3
# - env: INSTANCE=default-debian-10-tiamat-py3
# - env: INSTANCE=default-debian-9-tiamat-py3
# - env: INSTANCE=default-ubuntu-2204-tiamat-py3
# - env: INSTANCE=default-ubuntu-2004-tiamat-py3
# - env: INSTANCE=default-ubuntu-1804-tiamat-py3
# - env: INSTANCE=default-centos-stream8-tiamat-py3
# - env: INSTANCE=default-centos-7-tiamat-py3
# - env: INSTANCE=default-amazonlinux-2-tiamat-py3
# - env: INSTANCE=default-oraclelinux-8-tiamat-py3
# - env: INSTANCE=default-oraclelinux-7-tiamat-py3
# - env: INSTANCE=default-almalinux-8-tiamat-py3
# - env: INSTANCE=default-rockylinux-8-tiamat-py3
# - env: INSTANCE=default-debian-11-master-py3
# - env: INSTANCE=modules-debian-11-master-py3
- env: INSTANCE=debian-11-master-py3
# - env: INSTANCE=default-debian-10-master-py3
# - env: INSTANCE=modules-debian-10-master-py3
- env: INSTANCE=debian-10-master-py3
# - env: INSTANCE=default-debian-9-master-py3
# - env: INSTANCE=modules-debian-9-master-py3
# - env: INSTANCE=debian-9-master-py3
# - env: INSTANCE=default-ubuntu-2204-master-py3
# - env: INSTANCE=modules-ubuntu-2204-master-py3
- env: INSTANCE=ubuntu-2204-master-py3
# - env: INSTANCE=default-ubuntu-2004-master-py3
# - env: INSTANCE=modules-ubuntu-2004-master-py3
- env: INSTANCE=ubuntu-2004-master-py3
# - env: INSTANCE=default-ubuntu-1804-master-py3
# - env: INSTANCE=modules-ubuntu-1804-master-py3
- env: INSTANCE=ubuntu-1804-master-py3
# - env: INSTANCE=default-centos-stream8-master-py3
# - env: INSTANCE=modules-centos-stream8-master-py3
- env: INSTANCE=centos-stream8-master-py3
# - env: INSTANCE=default-centos-7-master-py3
# - env: INSTANCE=modules-centos-7-master-py3
- env: INSTANCE=centos-7-master-py3
# - env: INSTANCE=default-fedora-36-master-py3
# - env: INSTANCE=modules-fedora-36-master-py3
- env: INSTANCE=fedora-36-master-py3
# - env: INSTANCE=default-fedora-35-master-py3
# - env: INSTANCE=modules-fedora-35-master-py3
- env: INSTANCE=fedora-35-master-py3
# - env: INSTANCE=default-opensuse-leap-153-master-py3
# - env: INSTANCE=modules-opensuse-leap-153-master-py3
- env: INSTANCE=opensuse-leap-153-master-py3
- env: INSTANCE=default-opensuse-tmbl-latest-master-py3
# - env: INSTANCE=modules-opensuse-tmbl-latest-master-py3
# - env: INSTANCE=opensuse-tmbl-latest-master-py3
# https://community.letsencrypt.org/t/localhost-crt-does-not-exist-or-is-empty/103979
- env: INSTANCE=default-amazonlinux-2-master-py3
# - env: INSTANCE=modules-amazonlinux-2-master-py3
# - env: INSTANCE=amazonlinux-2-master-py3
# - env: INSTANCE=default-oraclelinux-8-master-py3
# - env: INSTANCE=modules-oraclelinux-8-master-py3
# - env: INSTANCE=oraclelinux-8-master-py3
# - env: INSTANCE=default-oraclelinux-7-master-py3
# - env: INSTANCE=modules-oraclelinux-7-master-py3
- env: INSTANCE=oraclelinux-7-master-py3
# - env: INSTANCE=default-arch-base-latest-master-py3
- env: INSTANCE=modules-arch-base-latest-master-py3
# - env: INSTANCE=arch-base-latest-master-py3
# - env: INSTANCE=default-gentoo-stage3-latest-master-py3
# - env: INSTANCE=modules-gentoo-stage3-latest-master-py3
# - env: INSTANCE=gentoo-stage3-latest-master-py3
# - env: INSTANCE=default-gentoo-stage3-systemd-master-py3
# - env: INSTANCE=modules-gentoo-stage3-systemd-master-py3
# - env: INSTANCE=gentoo-stage3-systemd-master-py3
# - env: INSTANCE=default-almalinux-8-master-py3
# - env: INSTANCE=modules-almalinux-8-master-py3
- env: INSTANCE=almalinux-8-master-py3
# - env: INSTANCE=default-rockylinux-8-master-py3
# - env: INSTANCE=modules-rockylinux-8-master-py3
- env: INSTANCE=rockylinux-8-master-py3
# - env: INSTANCE=default-debian-11-3004-1-py3
# - env: INSTANCE=default-debian-10-3004-1-py3
# - env: INSTANCE=default-debian-9-3004-1-py3
# - env: INSTANCE=default-ubuntu-2204-3004-1-py3
# - env: INSTANCE=default-ubuntu-2004-3004-1-py3
# - env: INSTANCE=default-ubuntu-1804-3004-1-py3
# - env: INSTANCE=default-centos-stream8-3004-1-py3
# - env: INSTANCE=default-centos-7-3004-1-py3
# - env: INSTANCE=default-fedora-36-3004-1-py3
# - env: INSTANCE=default-fedora-35-3004-1-py3
# - env: INSTANCE=default-amazonlinux-2-3004-1-py3
# - env: INSTANCE=default-oraclelinux-8-3004-1-py3
# - env: INSTANCE=default-oraclelinux-7-3004-1-py3
# - env: INSTANCE=default-arch-base-latest-3004-1-py3
# - env: INSTANCE=default-gentoo-stage3-latest-3004-1-py3
# - env: INSTANCE=default-gentoo-stage3-systemd-3004-1-py3
# - env: INSTANCE=default-almalinux-8-3004-1-py3
# - env: INSTANCE=default-rockylinux-8-3004-1-py3
# - env: INSTANCE=default-opensuse-leap-153-3004-0-py3
# - env: INSTANCE=default-opensuse-tmbl-latest-3004-0-py3
# - env: INSTANCE=default-debian-10-3003-4-py3
# - env: INSTANCE=default-debian-9-3003-4-py3
# - env: INSTANCE=default-ubuntu-2004-3003-4-py3
# - env: INSTANCE=default-ubuntu-1804-3003-4-py3
# - env: INSTANCE=default-centos-stream8-3003-4-py3
# - env: INSTANCE=default-centos-7-3003-4-py3
# - env: INSTANCE=default-amazonlinux-2-3003-4-py3
# - env: INSTANCE=default-oraclelinux-8-3003-4-py3
# - env: INSTANCE=default-oraclelinux-7-3003-4-py3
# - env: INSTANCE=default-almalinux-8-3003-4-py3
## Define the release stage that runs `semantic-release`
- stage: 'release'
language: 'node_js'
node_js: 'lts/*'
env: 'Release'
name: 'Run semantic-release inc. file updates to AUTHORS, CHANGELOG & FORMULA'
before_install: 'skip'
script:
# Update `AUTHORS.md`
- export MAINTAINER_TOKEN=${GH_TOKEN}
- go get github.com/myii/maintainer
- maintainer contributor
# Install all dependencies required for `semantic-release`
- npm i -D @semantic-release/changelog@3
@semantic-release/exec@3
@semantic-release/git@7
deploy:
provider: 'script'
# Opt-in to `dpl v2` to complete the Travis build config validation (beta)
# * https://docs.travis-ci.com/user/build-config-validation
# Deprecated `skip_cleanup` can now be avoided, `cleanup: false` is by default
edge: true
# Run `semantic-release`
script: 'npx semantic-release@15.14'
# Notification options: `always`, `never` or `change`
notifications:
webhooks:
if: 'repo = saltstack-formulas/apache-formula'
urls:
- https://saltstack-formulas.zulipchat.com/api/v1/external/travis?api_key=HsIq3o5QmLxdnVCKF9is0FUIpkpAY79P&stream=CI&topic=saltstack-formulas%2Fapache-formula&ignore_pull_requests=true
on_success: always # default: always
on_failure: always # default: always
on_start: always # default: never
on_cancel: always # default: always
on_error: always # default: always

46
.yamllint Normal file
View File

@ -0,0 +1,46 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# Extend the `default` configuration provided by `yamllint`
extends: 'default'
# Files to ignore completely
# 1. All YAML files under directory `.bundle/`, introduced if gems are installed locally
# 2. All YAML files under directory `.cache/`, introduced during the CI run
# 3. All YAML files under directory `.git/`
# 4. All YAML files under directory `node_modules/`, introduced during the CI run
# 5. Any SLS files under directory `test/`, which are actually state files
# 6. Any YAML files under directory `.kitchen/`, introduced during local testing
# 7. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax
ignore: |
.bundle/
.cache/
.git/
node_modules/
test/**/states/**/*.sls
.kitchen/
kitchen.vagrant.yml
test/salt/pillar/modules.sls
pillar.example
yaml-files:
# Default settings
- '*.yaml'
- '*.yml'
- .salt-lint
- .yamllint
# SaltStack Formulas additional settings
- '*.example'
- test/**/*.sls
rules:
empty-values:
forbid-in-block-mappings: true
forbid-in-flow-mappings: true
line-length:
# Increase from default of `80`
# Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
max: 88
octal-values:
forbid-implicit-octal: true
forbid-explicit-octal: true

101
AUTHORS.md Normal file
View File

@ -0,0 +1,101 @@
# Authors
This list is sorted by the number of commits per contributor in _descending_ order.
Avatar|Contributor|Contributions
:-:|---|:-:
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10231489?v=4' width='36' height='36' alt='@myii'>|[@myii](https://github.com/myii)|147
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1920805?v=4' width='36' height='36' alt='@alxwr'>|[@alxwr](https://github.com/alxwr)|40
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1396878?v=4' width='36' height='36' alt='@gravyboat'>|[@gravyboat](https://github.com/gravyboat)|36
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1800660?v=4' width='36' height='36' alt='@aboe76'>|[@aboe76](https://github.com/aboe76)|32
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/91293?v=4' width='36' height='36' alt='@whiteinge'>|[@whiteinge](https://github.com/whiteinge)|31
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/13322818?v=4' width='36' height='36' alt='@noelmcloughlin'>|[@noelmcloughlin](https://github.com/noelmcloughlin)|29
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/242396?v=4' width='36' height='36' alt='@javierbertoli'>|[@javierbertoli](https://github.com/javierbertoli)|27
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3374962?v=4' width='36' height='36' alt='@nmadhok'>|[@nmadhok](https://github.com/nmadhok)|20
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/528061?v=4' width='36' height='36' alt='@puneetk'>|[@puneetk](https://github.com/puneetk)|20
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/214768?v=4' width='36' height='36' alt='@ixs'>|[@ixs](https://github.com/ixs)|10
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/458548?v=4' width='36' height='36' alt='@SuperTux88'>|[@SuperTux88](https://github.com/SuperTux88)|10
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/287147?v=4' width='36' height='36' alt='@techhat'>|[@techhat](https://github.com/techhat)|10
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/904839?v=4' width='36' height='36' alt='@landergate'>|[@landergate](https://github.com/landergate)|9
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3045456?v=4' width='36' height='36' alt='@bradthurber'>|[@bradthurber](https://github.com/bradthurber)|8
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/117961?v=4' width='36' height='36' alt='@babilen'>|[@babilen](https://github.com/babilen)|8
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/445200?v=4' width='36' height='36' alt='@arthurlogilab'>|[@arthurlogilab](https://github.com/arthurlogilab)|7
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3768412?v=4' width='36' height='36' alt='@stp-ip'>|[@stp-ip](https://github.com/stp-ip)|7
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/17673243?v=4' width='36' height='36' alt='@porunov'>|[@porunov](https://github.com/porunov)|7
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3119969?v=4' width='36' height='36' alt='@genuss'>|[@genuss](https://github.com/genuss)|6
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/5759396?v=4' width='36' height='36' alt='@kadogo'>|[@kadogo](https://github.com/kadogo)|6
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/637990?v=4' width='36' height='36' alt='@bmwiedemann'>|[@bmwiedemann](https://github.com/bmwiedemann)|5
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/48491?v=4' width='36' height='36' alt='@eliasp'>|[@eliasp](https://github.com/eliasp)|5
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/65311?v=4' width='36' height='36' alt='@multani'>|[@multani](https://github.com/multani)|5
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1013915?v=4' width='36' height='36' alt='@rhertzog'>|[@rhertzog](https://github.com/rhertzog)|4
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/20515?v=4' width='36' height='36' alt='@scambra'>|[@scambra](https://github.com/scambra)|4
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2094680?v=4' width='36' height='36' alt='@daschatten'>|[@daschatten](https://github.com/daschatten)|4
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1744181?v=4' width='36' height='36' alt='@adherzog'>|[@adherzog](https://github.com/adherzog)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2192630?v=4' width='36' height='36' alt='@abrefort'>|[@abrefort](https://github.com/abrefort)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1507504?v=4' width='36' height='36' alt='@arnisoph'>|[@arnisoph](https://github.com/arnisoph)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/4195158?v=4' width='36' height='36' alt='@dafyddj'>|[@dafyddj](https://github.com/dafyddj)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/312493?v=4' width='36' height='36' alt='@opdude'>|[@opdude](https://github.com/opdude)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10925856?v=4' width='36' height='36' alt='@louis-haddrell'>|[@louis-haddrell](https://github.com/louis-haddrell)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/964610?v=4' width='36' height='36' alt='@Wenzel'>|[@Wenzel](https://github.com/Wenzel)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/228723?v=4' width='36' height='36' alt='@abednarik'>|[@abednarik](https://github.com/abednarik)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/12513495?v=4' width='36' height='36' alt='@dexbleeker'>|[@dexbleeker](https://github.com/dexbleeker)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/112249?v=4' width='36' height='36' alt='@vincentfretin'>|[@vincentfretin](https://github.com/vincentfretin)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/751889?v=4' width='36' height='36' alt='@Yoda-BZH'>|[@Yoda-BZH](https://github.com/Yoda-BZH)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1079875?v=4' width='36' height='36' alt='@bogdanr'>|[@bogdanr](https://github.com/bogdanr)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/11229682?v=4' width='36' height='36' alt='@carlovollebregt'>|[@carlovollebregt](https://github.com/carlovollebregt)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/4313010?v=4' width='36' height='36' alt='@thornycrackers'>|[@thornycrackers](https://github.com/thornycrackers)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/29622411?v=4' width='36' height='36' alt='@gaetanars'>|[@gaetanars](https://github.com/gaetanars)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/7060082?v=4' width='36' height='36' alt='@msciciel'>|[@msciciel](https://github.com/msciciel)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/201711?v=4' width='36' height='36' alt='@mariusvw'>|[@mariusvw](https://github.com/mariusvw)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/485400?v=4' width='36' height='36' alt='@actionjack'>|[@actionjack](https://github.com/actionjack)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/316108?v=4' width='36' height='36' alt='@mosen'>|[@mosen](https://github.com/mosen)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1244954?v=4' width='36' height='36' alt='@RyPeck'>|[@RyPeck](https://github.com/RyPeck)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/507599?v=4' width='36' height='36' alt='@thatch45'>|[@thatch45](https://github.com/thatch45)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/19413421?v=4' width='36' height='36' alt='@tibberg'>|[@tibberg](https://github.com/tibberg)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/15383526?v=4' width='36' height='36' alt='@emeygret'>|[@emeygret](https://github.com/emeygret)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3609179?v=4' width='36' height='36' alt='@artmoni'>|[@artmoni](https://github.com/artmoni)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/5512529?v=4' width='36' height='36' alt='@alexfrosa'>|[@alexfrosa](https://github.com/alexfrosa)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/20859482?v=4' width='36' height='36' alt='@jhops-ab'>|[@jhops-ab](https://github.com/jhops-ab)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/7612102?v=4' width='36' height='36' alt='@isntall'>|[@isntall](https://github.com/isntall)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/863137?v=4' width='36' height='36' alt='@benjy'>|[@benjy](https://github.com/benjy)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/20441?v=4' width='36' height='36' alt='@iggy'>|[@iggy](https://github.com/iggy)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/47893434?v=4' width='36' height='36' alt='@chorne-togetherwork'>|[@chorne-togetherwork](https://github.com/chorne-togetherwork)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/130219?v=4' width='36' height='36' alt='@corywright'>|[@corywright](https://github.com/corywright)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1233212?v=4' width='36' height='36' alt='@baby-gnu'>|[@baby-gnu](https://github.com/baby-gnu)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1640672?v=4' width='36' height='36' alt='@ev0rtex'>|[@ev0rtex](https://github.com/ev0rtex)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/42472863?v=4' width='36' height='36' alt='@dimitry-unified-streaming'>|[@dimitry-unified-streaming](https://github.com/dimitry-unified-streaming)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/89458395?v=4' width='36' height='36' alt='@fniepelt'>|[@fniepelt](https://github.com/fniepelt)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1194646?v=4' width='36' height='36' alt='@fintanmm'>|[@fintanmm](https://github.com/fintanmm)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/215487?v=4' width='36' height='36' alt='@fcrozat'>|[@fcrozat](https://github.com/fcrozat)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/38090329?v=4' width='36' height='36' alt='@genaumann'>|[@genaumann](https://github.com/genaumann)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/41886?v=4' width='36' height='36' alt='@jbouse'>|[@jbouse](https://github.com/jbouse)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/377632?v=4' width='36' height='36' alt='@jerrykan'>|[@jerrykan](https://github.com/jerrykan)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3703806?v=4' width='36' height='36' alt='@jcristau'>|[@jcristau](https://github.com/jcristau)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/5655231?v=4' width='36' height='36' alt='@kpostrup'>|[@kpostrup](https://github.com/kpostrup)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/783794?v=4' width='36' height='36' alt='@morsik'>|[@morsik](https://github.com/morsik)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/22311?v=4' width='36' height='36' alt='@madssj'>|[@madssj](https://github.com/madssj)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1106959?v=4' width='36' height='36' alt='@mpeeters'>|[@mpeeters](https://github.com/mpeeters)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/7139195?v=4' width='36' height='36' alt='@xenophonf'>|[@xenophonf](https://github.com/xenophonf)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/393545?v=4' width='36' height='36' alt='@mshade'>|[@mshade](https://github.com/mshade)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1829924?v=4' width='36' height='36' alt='@fujexo'>|[@fujexo](https://github.com/fujexo)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/219695?v=4' width='36' height='36' alt='@rmoorman'>|[@rmoorman](https://github.com/rmoorman)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1647923?v=4' width='36' height='36' alt='@robruma'>|[@robruma](https://github.com/robruma)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1554646?v=4' width='36' height='36' alt='@doublerr'>|[@doublerr](https://github.com/doublerr)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3667731?v=4' width='36' height='36' alt='@netzvieh'>|[@netzvieh](https://github.com/netzvieh)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/4156131?v=4' width='36' height='36' alt='@skylerberg'>|[@skylerberg](https://github.com/skylerberg)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/7967223?v=4' width='36' height='36' alt='@TiepiNL'>|[@TiepiNL](https://github.com/TiepiNL)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/326786?v=4' width='36' height='36' alt='@wido'>|[@wido](https://github.com/wido)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/9978732?v=4' width='36' height='36' alt='@abehling'>|[@abehling](https://github.com/abehling)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1021809?v=4' width='36' height='36' alt='@ardin'>|[@ardin](https://github.com/ardin)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/45118187?v=4' width='36' height='36' alt='@l00d3r'>|[@l00d3r](https://github.com/l00d3r)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/17029228?v=4' width='36' height='36' alt='@mcarlton00'>|[@mcarlton00](https://github.com/mcarlton00)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/924183?v=4' width='36' height='36' alt='@mschiff'>|[@mschiff](https://github.com/mschiff)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2869?v=4' width='36' height='36' alt='@nigelsim'>|[@nigelsim](https://github.com/nigelsim)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/55587680?v=4' width='36' height='36' alt='@srse'>|[@srse](https://github.com/srse)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/46799934?v=4' width='36' height='36' alt='@sticky-note'>|[@sticky-note](https://github.com/sticky-note)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/18380701?v=4' width='36' height='36' alt='@tsenay'>|[@tsenay](https://github.com/tsenay)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2089076?v=4' width='36' height='36' alt='@ze42'>|[@ze42](https://github.com/ze42)|1
---
Auto-generated by a [forked version](https://github.com/myii/maintainer) of [gaocegege/maintainer](https://github.com/gaocegege/maintainer) on 2021-10-28.

430
CHANGELOG.md Normal file
View File

@ -0,0 +1,430 @@
# Changelog
## [1.2.2](https://github.com/saltstack-formulas/apache-formula/compare/v1.2.1...v1.2.2) (2021-10-28)
### Bug Fixes
* **redhat:** use correct vhostdir, sitesdir and logrotate script for redhat family ([#376](https://github.com/saltstack-formulas/apache-formula/issues/376)) ([c4b8538](https://github.com/saltstack-formulas/apache-formula/commit/c4b85381288ae878207ffa5d2cc36cabc916e8f1))
## [1.2.1](https://github.com/saltstack-formulas/apache-formula/compare/v1.2.0...v1.2.1) (2021-10-20)
### Bug Fixes
* **vhosts:** reset `cleanup` to previous and use dedicated `clean` SLS ([0c6c1d3](https://github.com/saltstack-formulas/apache-formula/commit/0c6c1d36e261ae6f851cb9b6ed2d1319af460a73))
### Continuous Integration
* **kitchen+ci:** update with latest CVE pre-salted images [skip ci] ([a3d49f1](https://github.com/saltstack-formulas/apache-formula/commit/a3d49f185274efc6d1530580daf03b1ad2be0e2d))
* test for upstream Salt regressions in `master` instances (2021-W37a) ([69dcfd9](https://github.com/saltstack-formulas/apache-formula/commit/69dcfd9c3bf49416e6c77d8e982446d99af3b95c))
### Documentation
* **readme:** document vhosts clean/cleanup ([2d72dff](https://github.com/saltstack-formulas/apache-formula/commit/2d72dff82bdcf9c0d30f6735c315a655ebea483d)), closes [#372](https://github.com/saltstack-formulas/apache-formula/issues/372)
# [1.2.0](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.8...v1.2.0) (2021-08-28)
### Bug Fixes
* **suse:** use correct vhostdir and sitesdir for suse family ([#369](https://github.com/saltstack-formulas/apache-formula/issues/369)) ([fe0ceb7](https://github.com/saltstack-formulas/apache-formula/commit/fe0ceb78b7d4e9f67bc4d5b684b847bdcc604b20)), closes [/documentation.suse.com/sles/15-SP3/html/SLES-all/cha-apache2.html#sec-apache2](https://github.com//documentation.suse.com/sles/15-SP3/html/SLES-all/cha-apache2.html/issues/sec-apache2)
### Continuous Integration
* **3003.1:** update inc. AlmaLinux, Rocky & `rst-lint` [skip ci] ([2e116ec](https://github.com/saltstack-formulas/apache-formula/commit/2e116ec4123b846edd85b651c9634e03cb102abf))
* **freebsd:** update with latest pre-salted Vagrant boxes [skip ci] ([d679580](https://github.com/saltstack-formulas/apache-formula/commit/d67958043df41515350a4b02c5de81e0d83eb813))
* **gemfile+lock:** use `ssf` customised `inspec` repo [skip ci] ([5dd7009](https://github.com/saltstack-formulas/apache-formula/commit/5dd700944b413411fc3557063125f22c1eb6f62a))
* **kitchen:** move `provisioner` block & update `run_command` [skip ci] ([0d1a6dc](https://github.com/saltstack-formulas/apache-formula/commit/0d1a6dc75d1a781518bf4d7262dbfb4cfbc2c0b9))
* **kitchen+ci:** update with latest `3003.2` pre-salted images [skip ci] ([d3641d7](https://github.com/saltstack-formulas/apache-formula/commit/d3641d7f0d427d9e8be9d20bd03f84977d1cba22))
* add Debian 11 Bullseye & update `yamllint` configuration [skip ci] ([7741b90](https://github.com/saltstack-formulas/apache-formula/commit/7741b90ff66719c1abfca3fb306d07ee47cbd4c8))
### Features
* **alma+rocky:** add platforms (based on CentOS 8) [skip ci] ([4353e57](https://github.com/saltstack-formulas/apache-formula/commit/4353e57a1b652186f552472f16f1b06f8fb4f0a1))
## [1.1.8](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.7...v1.1.8) (2021-06-28)
### Bug Fixes
* **register_site:** correct semicolon to colon ([4cf848d](https://github.com/saltstack-formulas/apache-formula/commit/4cf848da05eb558012a465bd6996749982908667))
### Continuous Integration
* **gitlab-ci:** ignore line to avoid `yamllint` violation [skip ci] ([a742f4e](https://github.com/saltstack-formulas/apache-formula/commit/a742f4ee00c08e7db34c2f3adcb8c90a58c851aa))
* **gitlab-ci:** use `pandoc`-enabled `semantic-release` image [skip ci] ([3bf9c6e](https://github.com/saltstack-formulas/apache-formula/commit/3bf9c6e6a942b86fd16ca4b222bb6a1781f4e09d))
* **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] ([10ce382](https://github.com/saltstack-formulas/apache-formula/commit/10ce3822dd7ea9868ee986a08e2ccd48bd0026ee))
* **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] ([57e9873](https://github.com/saltstack-formulas/apache-formula/commit/57e98736247b196ad650528b705379fecf58c835))
## [1.1.7](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.6...v1.1.7) (2021-05-14)
### Bug Fixes
* **mod_pagespeed:** add missing colon to `file.directory` ([a8b87a5](https://github.com/saltstack-formulas/apache-formula/commit/a8b87a583e91b7f69cff8485cb56249c3707ce74))
### Continuous Integration
* add `arch-master` to matrix and update `.travis.yml` [skip ci] ([069388b](https://github.com/saltstack-formulas/apache-formula/commit/069388be3a624a91b955227188ddee7c3650045e))
## [1.1.6](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.5...v1.1.6) (2021-05-08)
### Documentation
* **changelog:** regenerate via. `semantic-release` ([de8c82c](https://github.com/saltstack-formulas/apache-formula/commit/de8c82c7533e36e720cf2e44c46154cd8cd3f540))
## [1.1.5](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.4...v1.1.5) (2021-05-08)
### Documentation
* **changelog:** regenerate via. `semantic-release` ([198d525](https://github.com/saltstack-formulas/apache-formula/commit/198d525a6a552c8c83842c26f6c74a43ffcd4b79))
## [1.1.4](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.3...v1.1.4) (2021-05-08)
### Continuous Integration
* **gitlab-ci:** remove adjustments made during Antora test [skip ci] ([0c7082f](https://github.com/saltstack-formulas/apache-formula/commit/0c7082f8d911185390e8ab03077f61c6027461f7))
### Documentation
* **changelog:** regenerate via. `semantic-release` ([e1f1fa7](https://github.com/saltstack-formulas/apache-formula/commit/e1f1fa7d8f3ea5a8c307badcfe890f96f57c580f))
* **changelog:** regenerate via. `semantic-release` ([a1be1d2](https://github.com/saltstack-formulas/apache-formula/commit/a1be1d21dceb304278e680a5ade56c51882e4a0b))
* **changelog:** regenerate via. `semantic-release` ([56efd35](https://github.com/saltstack-formulas/apache-formula/commit/56efd35f85fe049b4cdcbd082e38d547bd306a39))
## [1.1.3](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.2...v1.1.3) (2021-04-30)
### Bug Fixes
* **config/vhosts/standard:** remove erroneous trailing colon ([dedb9e2](https://github.com/saltstack-formulas/apache-formula/commit/dedb9e2f400aa9d391ae39c22f8a4fec1e7bc220)), closes [#302](https://github.com/saltstack-formulas/apache-formula/issues/302)
### Continuous Integration
* **kitchen+gitlab:** adjust matrix to add `3003` [skip ci] ([3c21740](https://github.com/saltstack-formulas/apache-formula/commit/3c21740ba52fa5c2b5cf39cddce6a42d13d17988))
* **vagrant:** add FreeBSD 13.0 [skip ci] ([298fdf4](https://github.com/saltstack-formulas/apache-formula/commit/298fdf4fb569a3d1d4a9dadedb4c3924bcb8cc9a))
* **vagrant:** use pre-salted boxes & conditional local settings [skip ci] ([f354ace](https://github.com/saltstack-formulas/apache-formula/commit/f354ace8e7d328580a60dbc09703ddc54a6af0a0))
## [1.1.2](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.1...v1.1.2) (2021-04-03)
### Bug Fixes
* **freebsd:** fix `default` suite implementation and tests ([0a0f69e](https://github.com/saltstack-formulas/apache-formula/commit/0a0f69ee2fc8168696f9f9c4ae786389ff894615))
* **freebsd:** fix `modsecurity` suite implementation and tests ([bc9aa78](https://github.com/saltstack-formulas/apache-formula/commit/bc9aa78437d14cf26605f58a3c1e17caed8f05bc))
### Continuous Integration
* enable Vagrant-based testing using GitHub Actions ([6e094e2](https://github.com/saltstack-formulas/apache-formula/commit/6e094e2527748cd4d72690b9289836b17f9289c7))
* **gemfile+lock:** use `ssf` customised `kitchen-docker` repo [skip ci] ([53ac463](https://github.com/saltstack-formulas/apache-formula/commit/53ac4638f3b902c1fd65a64d4344387e26c466c1))
* **gitlab-ci:** reset after update hook for `rubocop` [skip ci] ([6d40ab7](https://github.com/saltstack-formulas/apache-formula/commit/6d40ab7634a42048a0f2b3f2e1173cf2da2a8716))
* **kitchen+ci:** use latest pre-salted images (after CVE) [skip ci] ([69e9d30](https://github.com/saltstack-formulas/apache-formula/commit/69e9d304fb7d637df1856e0d8ab66be7ddce86c4))
* **kitchen+gitlab-ci:** use latest pre-salted images [skip ci] ([21cb59d](https://github.com/saltstack-formulas/apache-formula/commit/21cb59daa2f70ce6cc46f8d241fb6032c932746c))
* **pre-commit:** update hook for `rubocop` ([2c090c3](https://github.com/saltstack-formulas/apache-formula/commit/2c090c3a835e42bd07f0788f4b0965f1c3405662))
### Documentation
* **readme:** add `Testing with Vagrant` section ([5a6b203](https://github.com/saltstack-formulas/apache-formula/commit/5a6b203bb18f9f28146f33af8175fc3b8c059077))
### Tests
* standardise use of `share` suite & `_mapdata` state [skip ci] ([e7c2d20](https://github.com/saltstack-formulas/apache-formula/commit/e7c2d20f06f23a5ce8a5edaae513775aca0914ab))
* **nomodsecurity:** use adjusted `modules` suite instead ([838b917](https://github.com/saltstack-formulas/apache-formula/commit/838b9172217c5e067ea0e4a6d2f155ecd1a4b053))
## [1.1.1](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.0...v1.1.1) (2021-01-04)
### Bug Fixes
* **memory:** pass variable not dict ([2830081](https://github.com/saltstack-formulas/apache-formula/commit/28300814fc0a83244ab64a4a87f104d67de4ac53))
### Continuous Integration
* **commitlint:** ensure `upstream/master` uses main repo URL [skip ci] ([0145922](https://github.com/saltstack-formulas/apache-formula/commit/0145922b52f21469c00c85bf46503411ffd11c56))
* **gitlab-ci:** add `rubocop` linter (with `allow_failure`) [skip ci] ([bbf012b](https://github.com/saltstack-formulas/apache-formula/commit/bbf012b82eed50db3c35cb25a10d9ca36e40487b))
* **gitlab-ci:** use GitLab CI as Travis CI replacement ([26208c4](https://github.com/saltstack-formulas/apache-formula/commit/26208c47c644608b00adfa8474616305e7a55e36))
# [1.1.0](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.5...v1.1.0) (2020-10-14)
### Bug Fixes
* **ssl.conf:** fix pillar keys for SSLStapling in ssl.conf on debian ([65043f8](https://github.com/saltstack-formulas/apache-formula/commit/65043f8a6142f7b9988cd406988b524aa9f0a1f2))
### Code Refactoring
* **ssl.conf:** reduce newlines in ssl.conf on debian ([b99b7b7](https://github.com/saltstack-formulas/apache-formula/commit/b99b7b71add9fc1102d1b62eafada8358dfd5e68))
* **vhosts:** reduce empty lines in standard.tmpl and proxy.tmpl ([4b79c1d](https://github.com/saltstack-formulas/apache-formula/commit/4b79c1dddb1999452b618153792a8710bedbb76e))
### Features
* **ssl.conf:** add SSLSessionTickets to ssl.conf on debian ([41a7a83](https://github.com/saltstack-formulas/apache-formula/commit/41a7a83af0bf1bf4d4dde0f8ea522135dd721738))
## [1.0.5](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.4...v1.0.5) (2020-10-14)
### Bug Fixes
* **clean:** remove entire apache config directory ([cac5f35](https://github.com/saltstack-formulas/apache-formula/commit/cac5f357a47d1bdd40371aca97181b490430c158))
### Code Refactoring
* **package:** remove unnecessary state ([fb81d8e](https://github.com/saltstack-formulas/apache-formula/commit/fb81d8e69450702bcd3eaa6e5243fce02715c819))
### Documentation
* **readme:** add mod watchdog to pillar example ([e0043dd](https://github.com/saltstack-formulas/apache-formula/commit/e0043dd7bafcab1b87822d0c831b91e10936b291))
## [1.0.4](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.3...v1.0.4) (2020-10-14)
### Bug Fixes
* **debian:** don't execute a2enmod on every run ([5844322](https://github.com/saltstack-formulas/apache-formula/commit/5844322de46b82cad6beedd2b99c8808df8f2485))
* **debian:** fix default moddir on debian ([c17601e](https://github.com/saltstack-formulas/apache-formula/commit/c17601ee42cc4aa0222ec60e8ec3176d902b32f1))
* **logs:** don't change owners of logfiles with salt ([382e053](https://github.com/saltstack-formulas/apache-formula/commit/382e053c58c1b4e4f3ceb1af8fd75e2f56f6d153))
* **vhosts:** replace %O with %b in default LogFormat ([2b52e11](https://github.com/saltstack-formulas/apache-formula/commit/2b52e11a8a91b0837a442bac816e7383dbe6fb13))
### Tests
* **pillar:** remove modules that aren't installed from being enabled ([47ec5fc](https://github.com/saltstack-formulas/apache-formula/commit/47ec5fcc343ea889898e2418cd7c03a4a75c8f87))
## [1.0.3](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.2...v1.0.3) (2020-10-13)
### Bug Fixes
* **config:** fix old apache.service usage ([32f05e5](https://github.com/saltstack-formulas/apache-formula/commit/32f05e5a66940ad86ce21831598c478b7099ed3a))
## [1.0.2](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.1...v1.0.2) (2020-10-12)
### Bug Fixes
* **package:** remove own_default_vhost and debian_full from config.init ([7691b58](https://github.com/saltstack-formulas/apache-formula/commit/7691b589d7a1b0a87aaf9b13282e6ca154c5787c))
* **package:** remove own_default_vhost and debian_full from config.init ([441459e](https://github.com/saltstack-formulas/apache-formula/commit/441459e56f3a8b091671839042efae2d7020380d))
## [1.0.1](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.0...v1.0.1) (2020-10-10)
### Continuous Integration
* **pre-commit:** finalise `rstcheck` configuration [skip ci] ([1c2125c](https://github.com/saltstack-formulas/apache-formula/commit/1c2125c251016097e7d2c0694bf0245a3644605e))
### Documentation
* **example:** document redirect 80->443 fix [#226](https://github.com/saltstack-formulas/apache-formula/issues/226) ([e15803b](https://github.com/saltstack-formulas/apache-formula/commit/e15803b4b12df2b6e625673409bc854b1d1dd751))
* **readme:** fix `rstcheck` violation [skip ci] ([2747e35](https://github.com/saltstack-formulas/apache-formula/commit/2747e35ce1e49d46a1fd5f8613ce73517aaed095)), closes [/travis-ci.org/github/myii/apache-formula/builds/731605038#L255](https://github.com//travis-ci.org/github/myii/apache-formula/builds/731605038/issues/L255)
# [1.0.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.41.1...v1.0.0) (2020-10-05)
### Code Refactoring
* **formula:** align to template-formula & improve ci features ([47818fc](https://github.com/saltstack-formulas/apache-formula/commit/47818fc360fc87c94f51f2c2c7ff9317d4ecf875))
### Continuous Integration
* **pre-commit:** add to formula [skip ci] ([5532ed7](https://github.com/saltstack-formulas/apache-formula/commit/5532ed7a5b1c9afb5ca4348d3984c5ff357bacad))
* **pre-commit:** enable/disable `rstcheck` as relevant [skip ci] ([233111a](https://github.com/saltstack-formulas/apache-formula/commit/233111af11dd25b573928e746f19b06bcdbf19b9))
### BREAKING CHANGES
* **formula:** 'apache.sls' converted to new style 'init.ssl'
* **formula:** "logrotate.sls" became "config/logrotate.sls"
* **formula:** "debian_full.sls" became "config/debian_full.sls"
* **formula:** "flags.sls" became "config/flags.sls"
* **formula:** "manage_security" became "config/manage_security.sls"
* **formula:** "mod_*.sls" became "config/mod_*.sls"
* **formula:** "no_default_host.sls" became "config/no_default_host.sls"
* **formula:** "own_default_host.sls" became "config/own_default_host.sls"
* **formula:** "register_site.sls" became "config/register_site.sls"
* **formula:** "server_status.sls" became "config/server_status.sls"
* **formula:** "vhosts/" became "config/vhosts/"
* **formula:** "mod_security/" became "config/mod_security/"
NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls'
NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls'
## [0.41.1](https://github.com/saltstack-formulas/apache-formula/compare/v0.41.0...v0.41.1) (2020-07-20)
### Bug Fixes
* **server-status:** enable module in Debian family ([632802a](https://github.com/saltstack-formulas/apache-formula/commit/632802a5a946d2f05c40d9038d6f2ad596fafc58))
* **server-status:** manage module in debian ([eafa419](https://github.com/saltstack-formulas/apache-formula/commit/eafa4196d9495bc975c7e1e7036969bdaba1441d))
### Tests
* **default+modules:** add modules' tests suite ([b253625](https://github.com/saltstack-formulas/apache-formula/commit/b25362535ae01dd140218b131a8e991d3a10cbe5))
# [0.41.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.40.0...v0.41.0) (2020-07-16)
### Features
* **vhosts/standard:** add support for ScriptAlias in standard vhost ([b88b437](https://github.com/saltstack-formulas/apache-formula/commit/b88b437308ff5d6bc504dabf9b69153db89f5b10))
# [0.40.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.5...v0.40.0) (2020-07-16)
### Features
* **redhat/apache-2.x.config.jinja:** allow override of default_charset ([648f589](https://github.com/saltstack-formulas/apache-formula/commit/648f589cc30684550c972d9cc4087e9e8b3fdc80))
## [0.39.5](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.4...v0.39.5) (2020-06-21)
### Bug Fixes
* **vhosts/cleanup:** check `sites-enabled` dir exists before listing it ([88373e3](https://github.com/saltstack-formulas/apache-formula/commit/88373e38f55eab61cf1c4edc68324f3da48f7646)), closes [#278](https://github.com/saltstack-formulas/apache-formula/issues/278)
### Continuous Integration
* **gemfile.lock:** add to repo with updated `Gemfile` [skip ci] ([61b903e](https://github.com/saltstack-formulas/apache-formula/commit/61b903e7803eb80b50130834b90ca86d26b9d6c8))
* **kitchen:** use `saltimages` Docker Hub where available [skip ci] ([6895fb9](https://github.com/saltstack-formulas/apache-formula/commit/6895fb9764e9cebcbbff05763e367401d6cad959))
* **kitchen+travis:** remove `master-py2-arch-base-latest` [skip ci] ([16bb1b0](https://github.com/saltstack-formulas/apache-formula/commit/16bb1b06e351efdf9994676de38dec7b0ecd639d))
* **travis:** add notifications => zulip [skip ci] ([2417a75](https://github.com/saltstack-formulas/apache-formula/commit/2417a75fe218bd04c719f8eb2e2a7e402a20928e))
* **workflows/commitlint:** add to repo [skip ci] ([2ce966d](https://github.com/saltstack-formulas/apache-formula/commit/2ce966d031e9044e8794dc93f605ce780fd99f12))
## [0.39.4](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.3...v0.39.4) (2020-04-02)
### Bug Fixes
* **mod_ssl:** update mod_ssl package variable to prevent clashes ([5591be2](https://github.com/saltstack-formulas/apache-formula/commit/5591be26fddd234ebaed0e024969c45b6536ba82))
## [0.39.3](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.2...v0.39.3) (2020-04-02)
### Bug Fixes
* **debian:** generate remoteip conf before a2enconf ([1ed69f6](https://github.com/saltstack-formulas/apache-formula/commit/1ed69f6c6fab0eb583949105e9e29e58b6ba32a3))
### Continuous Integration
* **kitchen:** avoid using bootstrap for `master` instances [skip ci] ([275b5d5](https://github.com/saltstack-formulas/apache-formula/commit/275b5d5e69fa79f1010852d65f0fcb65cadf735d))
* **travis:** use `major.minor` for `semantic-release` version [skip ci] ([08cced2](https://github.com/saltstack-formulas/apache-formula/commit/08cced29134ca47824e82ee6afa794233cdb5faa))
## [0.39.2](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.1...v0.39.2) (2019-12-20)
### Bug Fixes
* **redhat:** add user & group lookup to configs ([36ad2b2](https://github.com/saltstack-formulas/apache-formula/commit/36ad2b24424936a4badeb7b4b2b26ee0d39e55f2))
## [0.39.1](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.0...v0.39.1) (2019-12-20)
### Bug Fixes
* **mod_mpm:** cast to int to avoid Jinja type mismatch error ([21045c7](https://github.com/saltstack-formulas/apache-formula/commit/21045c7a7b46d639c2d81c5793ad6e6d9d34b66b))
# [0.39.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.38.2...v0.39.0) (2019-12-20)
### Continuous Integration
* **gemfile:** restrict `train` gem version until upstream fix [skip ci] ([13be6f9](https://github.com/saltstack-formulas/apache-formula/commit/13be6f9fac5aae55c48f74c784335c61d7fbaaf2))
* **travis:** apply changes from build config validation [skip ci] ([0aac479](https://github.com/saltstack-formulas/apache-formula/commit/0aac479c253f95b7fdcb1505476638c2d703bc77))
* **travis:** opt-in to `dpl v2` to complete build config validation ([19e90ea](https://github.com/saltstack-formulas/apache-formula/commit/19e90ea2d6ef91118ebf59817ef4c91ad876af54))
* **travis:** quote pathspecs used with `git ls-files` [skip ci] ([6608ddf](https://github.com/saltstack-formulas/apache-formula/commit/6608ddf8c5a361b93e6a44658ab1e306953566bf))
* **travis:** run `shellcheck` during lint job [skip ci] ([2ff6b2f](https://github.com/saltstack-formulas/apache-formula/commit/2ff6b2f17e1fd48b5f0a4156c2dbd90f07f27025))
* **travis:** use build config validation (beta) [skip ci] ([73160b2](https://github.com/saltstack-formulas/apache-formula/commit/73160b249124df6bbd36b113df71724c019a118f))
### Features
* **server-status:** allow remote servers to reach server-status page ([a3c0022](https://github.com/saltstack-formulas/apache-formula/commit/a3c0022d7988eee0ec43d939bced91dee9fec0e1))
## [0.38.2](https://github.com/saltstack-formulas/apache-formula/compare/v0.38.1...v0.38.2) (2019-11-07)
### Bug Fixes
* **apache/modules.sls:** fix duplicated ID ([57afd71](https://github.com/saltstack-formulas/apache-formula/commit/57afd71627eb554138c8d5ec9cc790d899ed80ff))
## [0.38.1](https://github.com/saltstack-formulas/apache-formula/compare/v0.38.0...v0.38.1) (2019-11-05)
### Bug Fixes
* **mod_perl2.sls:** fix a2enmod perl2 error ([fba8d21](https://github.com/saltstack-formulas/apache-formula/commit/fba8d217944c8b5a0abf19cdbae7d41d1ec5bf2e))
* **release.config.js:** use full commit hash in commit link [skip ci] ([dc5593c](https://github.com/saltstack-formulas/apache-formula/commit/dc5593cfdf775e065ea5f680f2ed2b6b7c80d8ed))
### Continuous Integration
* **kitchen:** use `debian-10-master-py3` instead of `develop` [skip ci] ([09d82a5](https://github.com/saltstack-formulas/apache-formula/commit/09d82a581caa09298d3d99ded215c5e45c5b619f))
* **kitchen:** use `develop` image until `master` is ready (`amazonlinux`) [skip ci] ([d0bf6f3](https://github.com/saltstack-formulas/apache-formula/commit/d0bf6f37969a9a97a6e368278e0f9eb40431f2f1))
* **kitchen+travis:** upgrade matrix after `2019.2.2` release [skip ci] ([fc0f869](https://github.com/saltstack-formulas/apache-formula/commit/fc0f869b78ef56369e1cfb6ff3d62179f703efa0))
* **travis:** update `salt-lint` config for `v0.0.10` [skip ci] ([2622d48](https://github.com/saltstack-formulas/apache-formula/commit/2622d48b4ccb01cd70555d46759d79d82d1db7bf))
### Performance Improvements
* **travis:** improve `salt-lint` invocation [skip ci] ([bf75770](https://github.com/saltstack-formulas/apache-formula/commit/bf7577022040a155de8b3ab4f557dd05484d278c))
# [0.38.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.37.4...v0.38.0) (2019-10-20)
### Bug Fixes
* **apache-2.2.config.jinja:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/f4045ef))
* **apache-2.4.config.jinja:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/e2c1c2e))
* **flags.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/a146c59))
* **init.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/8465eb4))
* **map.jinja:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/d011324))
* **mod_geoip.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/e55ef9b))
* **modsecurity.conf.jinja:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/2a79d05))
* **modules.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/55d11f8))
* **server_status.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/da9a592))
* **uninstall.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/ed7dc7b))
* **vhosts/cleanup.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/b0bbd0b))
* **vhosts/minimal.tmpl:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/146dc67))
* **vhosts/proxy.tmpl:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/e7c9fbb))
* **vhosts/redirect.tmpl:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/0a41b19))
* **vhosts/standard.tmpl:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/1bad58d))
* **yamllint:** fix all errors ([](https://github.com/saltstack-formulas/apache-formula/commit/97f6ead))
### Documentation
* **formula:** use standard structure ([](https://github.com/saltstack-formulas/apache-formula/commit/701929d))
* **readme:** move to `docs/` directory and modify accordingly ([](https://github.com/saltstack-formulas/apache-formula/commit/6933f0e))
### Features
* **semantic-release:** implement for this formula ([](https://github.com/saltstack-formulas/apache-formula/commit/34d1f7c))
### Tests
* **mod_security_spec:** convert from Serverspec to InSpec ([](https://github.com/saltstack-formulas/apache-formula/commit/68b971b))

50
CODEOWNERS Normal file
View File

@ -0,0 +1,50 @@
# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
# SECTION: Owner(s) for everything in the repo, unless a later match takes precedence
# FILE PATTERN OWNER(S)
* @noelmcloughlin
# SECTION: Owner(s) for specific directories
# FILE PATTERN OWNER(S)
# SECTION: Owner(s) for files/directories related to `semantic-release`
# FILE PATTERN OWNER(S)
/.github/workflows/ @saltstack-formulas/ssf
/bin/install-hooks @saltstack-formulas/ssf
/bin/kitchen @saltstack-formulas/ssf
/docs/AUTHORS.rst @saltstack-formulas/ssf
/docs/CHANGELOG.rst @saltstack-formulas/ssf
/docs/TOFS_pattern.rst @saltstack-formulas/ssf
/*/_mapdata/ @saltstack-formulas/ssf
/*/libsaltcli.jinja @saltstack-formulas/ssf
/*/libtofs.jinja @saltstack-formulas/ssf
/test/integration/**/_mapdata.rb @saltstack-formulas/ssf
/test/integration/**/libraries/system.rb @saltstack-formulas/ssf
/test/integration/**/inspec.yml @saltstack-formulas/ssf
/test/integration/**/README.md @saltstack-formulas/ssf
/test/salt/pillar/top.sls @saltstack-formulas/ssf
/.gitignore @saltstack-formulas/ssf
/.cirrus.yml @saltstack-formulas/ssf
/.gitlab-ci.yml @saltstack-formulas/ssf
/.pre-commit-config.yaml @saltstack-formulas/ssf
/.rstcheck.cfg @saltstack-formulas/ssf
/.rubocop.yml @saltstack-formulas/ssf
/.salt-lint @saltstack-formulas/ssf
/.travis.yml @saltstack-formulas/ssf
/.yamllint @saltstack-formulas/ssf
/AUTHORS.md @saltstack-formulas/ssf
/CHANGELOG.md @saltstack-formulas/ssf
/CODEOWNERS @saltstack-formulas/ssf
/commitlint.config.js @saltstack-formulas/ssf
/FORMULA @saltstack-formulas/ssf
/Gemfile @saltstack-formulas/ssf
/Gemfile.lock @saltstack-formulas/ssf
/kitchen.yml @saltstack-formulas/ssf
/kitchen.vagrant.yml @saltstack-formulas/ssf
/kitchen.windows.yml @saltstack-formulas/ssf
/pre-commit_semantic-release.sh @saltstack-formulas/ssf
/release-rules.js @saltstack-formulas/ssf
/release.config.js @saltstack-formulas/ssf
# SECTION: Owner(s) for specific files
# FILE PATTERN OWNER(S)

5
FORMULA
View File

@ -1,8 +1,9 @@
name: apache
os: RedHat, Debian, Ubuntu, Suse, FreeBSD
os: RedHat, Fedora, CentOS, Debian, Ubuntu, Suse, FreeBSD
os_family: RedHat, Debian, Suse, FreeBSD
version: 201507
version: 1.2.2
release: 1
minimum_version: 2015.8
summary: Formula for installing Apache
description: Formula for installing Apache web server
top_level_dir: apache

27
Gemfile
View File

@ -1,6 +1,23 @@
source "https://rubygems.org"
# frozen_string_literal: true
gem "test-kitchen", '>=1.2.1'
gem "kitchen-docker"
gem "kitchen-salt", ">=0.0.11"
gem "kitchen-inspec"
source ENV.fetch('PROXY_RUBYGEMSORG', 'https://rubygems.org')
# Install the `inspec` gem using `git` because versions after `4.22.22`
# suppress diff output; this version fixes this for our uses.
# rubocop:disable Layout/LineLength
gem 'inspec', git: 'https://gitlab.com/saltstack-formulas/infrastructure/inspec', branch: 'ssf'
# rubocop:enable Layout/LineLength
# Install the `kitchen-docker` gem using `git` in order to gain a performance
# improvement: avoid package installations which are already covered by the
# `salt-image-builder` (i.e. the pre-salted images that we're using)
# rubocop:disable Layout/LineLength
gem 'kitchen-docker', git: 'https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker', branch: 'ssf'
# rubocop:enable Layout/LineLength
gem 'kitchen-inspec', '>= 2.5.0'
gem 'kitchen-salt', '>= 0.7.2'
group :vagrant do
gem 'kitchen-vagrant'
end

678
Gemfile.lock Normal file
View File

@ -0,0 +1,678 @@
GIT
remote: https://gitlab.com/saltstack-formulas/infrastructure/inspec
revision: aaef842906a5666f0fc0b4f186b4dd3498f5b28c
branch: ssf
specs:
inspec (5.18.15)
cookstyle
faraday_middleware (>= 0.12.2, < 1.1)
inspec-core (= 5.18.15)
mongo (= 2.13.2)
progress_bar (~> 1.3.3)
rake
train (~> 3.10)
train-aws (~> 0.2)
train-habitat (~> 0.1)
train-winrm (~> 0.2)
inspec-core (5.18.15)
addressable (~> 2.4)
chef-telemetry (~> 1.0, >= 1.0.8)
faraday (>= 0.9.0, < 1.5)
faraday_middleware (~> 1.0)
hashie (>= 3.4, < 5.0)
license-acceptance (>= 0.2.13, < 3.0)
method_source (>= 0.8, < 2.0)
mixlib-log (~> 3.0)
multipart-post (~> 2.0)
parallel (~> 1.9)
parslet (>= 1.5, < 2.0)
pry (~> 0.13)
rspec (>= 3.9, <= 3.11)
rspec-its (~> 1.2)
rubyzip (>= 1.2.2, < 3.0)
semverse (~> 3.0)
sslshake (~> 1.2)
thor (>= 0.20, < 2.0)
tomlrb (>= 1.2, < 2.1)
train-core (~> 3.10)
tty-prompt (~> 0.17)
tty-table (~> 0.10)
GIT
remote: https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker
revision: 9a09bc1e571e25f3ccabf4725ca2048d970fff82
branch: ssf
specs:
kitchen-docker (2.12.0)
test-kitchen (>= 1.0.0)
GEM
remote: https://rubygems.org/
specs:
activesupport (7.0.3.1)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
addressable (2.8.0)
public_suffix (>= 2.0.2, < 5.0)
ast (2.4.2)
aws-eventstream (1.2.0)
aws-partitions (1.607.0)
aws-sdk-alexaforbusiness (1.56.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-amplify (1.32.0)
aws-sdk-core (~> 3, >= 3.120.0)
aws-sigv4 (~> 1.1)
aws-sdk-apigateway (1.78.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-apigatewayv2 (1.42.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-applicationautoscaling (1.51.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-athena (1.55.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-autoscaling (1.63.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-batch (1.47.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-budgets (1.50.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudformation (1.70.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudfront (1.65.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudhsm (1.39.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudhsmv2 (1.42.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudtrail (1.49.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudwatch (1.64.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudwatchevents (1.46.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudwatchlogs (1.53.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-codecommit (1.51.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-codedeploy (1.49.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-codepipeline (1.53.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cognitoidentity (1.31.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-cognitoidentityprovider (1.53.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-configservice (1.79.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-core (3.131.2)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.525.0)
aws-sigv4 (~> 1.1)
jmespath (~> 1, >= 1.6.1)
aws-sdk-costandusagereportservice (1.40.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-databasemigrationservice (1.53.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-dynamodb (1.75.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-ec2 (1.322.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-ecr (1.56.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-ecrpublic (1.12.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-ecs (1.100.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-efs (1.54.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-eks (1.75.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-elasticache (1.78.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-elasticbeanstalk (1.51.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-elasticloadbalancing (1.40.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-elasticloadbalancingv2 (1.78.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-elasticsearchservice (1.65.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-emr (1.53.0)
aws-sdk-core (~> 3, >= 3.121.2)
aws-sigv4 (~> 1.1)
aws-sdk-eventbridge (1.24.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-firehose (1.48.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-glue (1.88.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-guardduty (1.58.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-iam (1.69.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-kafka (1.50.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-kinesis (1.41.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-kms (1.57.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-lambda (1.84.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-mq (1.40.0)
aws-sdk-core (~> 3, >= 3.120.0)
aws-sigv4 (~> 1.1)
aws-sdk-networkfirewall (1.17.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-networkmanager (1.24.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-organizations (1.59.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-ram (1.26.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-rds (1.148.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-redshift (1.84.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-route53 (1.63.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-route53domains (1.40.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-route53resolver (1.37.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-s3 (1.114.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.4)
aws-sdk-s3control (1.43.0)
aws-sdk-core (~> 3, >= 3.122.0)
aws-sigv4 (~> 1.1)
aws-sdk-secretsmanager (1.46.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-securityhub (1.67.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-servicecatalog (1.60.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-ses (1.41.0)
aws-sdk-core (~> 3, >= 3.120.0)
aws-sigv4 (~> 1.1)
aws-sdk-shield (1.48.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-signer (1.32.0)
aws-sdk-core (~> 3, >= 3.120.0)
aws-sigv4 (~> 1.1)
aws-sdk-simpledb (1.29.0)
aws-sdk-core (~> 3, >= 3.120.0)
aws-sigv2 (~> 1.0)
aws-sdk-sms (1.40.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-sns (1.53.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-sqs (1.51.1)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-ssm (1.137.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-states (1.39.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-synthetics (1.19.0)
aws-sdk-core (~> 3, >= 3.121.2)
aws-sigv4 (~> 1.1)
aws-sdk-transfer (1.34.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-waf (1.43.0)
aws-sdk-core (~> 3, >= 3.122.0)
aws-sigv4 (~> 1.1)
aws-sigv2 (1.1.0)
aws-sigv4 (1.5.0)
aws-eventstream (~> 1, >= 1.0.2)
azure_graph_rbac (0.17.2)
ms_rest_azure (~> 0.12.0)
azure_mgmt_key_vault (0.17.7)
ms_rest_azure (~> 0.12.0)
azure_mgmt_resources (0.18.2)
ms_rest_azure (~> 0.12.0)
azure_mgmt_security (0.19.0)
ms_rest_azure (~> 0.12.0)
azure_mgmt_storage (0.23.0)
ms_rest_azure (~> 0.12.0)
bcrypt_pbkdf (1.1.0)
bson (4.15.0)
builder (3.2.4)
chef-config (17.10.0)
addressable
chef-utils (= 17.10.0)
fuzzyurl
mixlib-config (>= 2.2.12, < 4.0)
mixlib-shellout (>= 2.0, < 4.0)
tomlrb (~> 1.2)
chef-telemetry (1.1.1)
chef-config
concurrent-ruby (~> 1.0)
chef-utils (17.10.0)
concurrent-ruby
coderay (1.1.3)
concurrent-ruby (1.1.10)
cookstyle (7.32.1)
rubocop (= 1.25.1)
declarative (0.0.20)
diff-lcs (1.5.0)
docker-api (2.2.0)
excon (>= 0.47.0)
multi_json
domain_name (0.5.20190701)
unf (>= 0.0.5, < 1.0.0)
ed25519 (1.3.0)
erubi (1.10.0)
excon (0.92.3)
faraday (1.4.3)
faraday-em_http (~> 1.0)
faraday-em_synchrony (~> 1.0)
faraday-excon (~> 1.1)
faraday-net_http (~> 1.0)
faraday-net_http_persistent (~> 1.1)
multipart-post (>= 1.2, < 3)
ruby2_keywords (>= 0.0.4)
faraday-cookie_jar (0.0.7)
faraday (>= 0.8.0)
http-cookie (~> 1.0.0)
faraday-em_http (1.0.0)
faraday-em_synchrony (1.0.0)
faraday-excon (1.1.0)
faraday-net_http (1.0.1)
faraday-net_http_persistent (1.2.0)
faraday_middleware (1.0.0)
faraday (~> 1.0)
ffi (1.15.5)
fuzzyurl (0.9.0)
google-api-client (0.52.0)
addressable (~> 2.5, >= 2.5.1)
googleauth (~> 0.9)
httpclient (>= 2.8.1, < 3.0)
mini_mime (~> 1.0)
representable (~> 3.0)
retriable (>= 2.0, < 4.0)
rexml
signet (~> 0.12)
googleauth (0.14.0)
faraday (>= 0.17.3, < 2.0)
jwt (>= 1.4, < 3.0)
memoist (~> 0.16)
multi_json (~> 1.11)
os (>= 0.9, < 2.0)
signet (~> 0.14)
gssapi (1.3.1)
ffi (>= 1.0.1)
gyoku (1.4.0)
builder (>= 2.1.2)
rexml (~> 3.0)
hashie (4.1.0)
highline (2.0.3)
http-cookie (1.0.5)
domain_name (~> 0.5)
httpclient (2.8.3)
i18n (1.12.0)
concurrent-ruby (~> 1.0)
inifile (3.0.0)
jmespath (1.6.1)
json (2.6.2)
jwt (2.4.1)
kitchen-inspec (2.6.1)
hashie (>= 3.4, <= 5.0)
inspec (>= 2.2.64, < 7.0)
test-kitchen (>= 2.7, < 4)
kitchen-salt (0.7.2)
hashie (>= 3.5)
test-kitchen (>= 1.4)
kitchen-vagrant (1.12.0)
test-kitchen (>= 1.4, < 4)
license-acceptance (2.1.13)
pastel (~> 0.7)
tomlrb (>= 1.2, < 3.0)
tty-box (~> 0.6)
tty-prompt (~> 0.20)
little-plugger (1.1.4)
logging (2.3.1)
little-plugger (~> 1.1)
multi_json (~> 1.14)
memoist (0.16.2)
method_source (1.0.0)
mini_mime (1.1.2)
minitest (5.16.2)
mixlib-config (3.0.27)
tomlrb
mixlib-install (3.12.19)
mixlib-shellout
mixlib-versioning
thor
mixlib-log (3.0.9)
mixlib-shellout (3.2.7)
chef-utils
mixlib-versioning (1.2.12)
mongo (2.13.2)
bson (>= 4.8.2, < 5.0.0)
ms_rest (0.7.6)
concurrent-ruby (~> 1.0)
faraday (>= 0.9, < 2.0.0)
timeliness (~> 0.3.10)
ms_rest_azure (0.12.0)
concurrent-ruby (~> 1.0)
faraday (>= 0.9, < 2.0.0)
faraday-cookie_jar (~> 0.0.6)
ms_rest (~> 0.7.6)
multi_json (1.15.0)
multipart-post (2.2.3)
net-scp (3.0.0)
net-ssh (>= 2.6.5, < 7.0.0)
net-ssh (6.1.0)
net-ssh-gateway (2.0.0)
net-ssh (>= 4.0.0)
nori (2.6.0)
options (2.3.2)
os (1.1.4)
parallel (1.22.1)
parser (3.1.2.0)
ast (~> 2.4.1)
parslet (1.8.2)
pastel (0.8.0)
tty-color (~> 0.5)
progress_bar (1.3.3)
highline (>= 1.6, < 3)
options (~> 2.3.0)
pry (0.14.1)
coderay (~> 1.1)
method_source (~> 1.0)
public_suffix (4.0.7)
rainbow (3.1.1)
rake (13.0.6)
regexp_parser (2.5.0)
representable (3.2.0)
declarative (< 0.1.0)
trailblazer-option (>= 0.1.1, < 0.2.0)
uber (< 0.2.0)
retriable (3.1.2)
rexml (3.2.5)
rspec (3.11.0)
rspec-core (~> 3.11.0)
rspec-expectations (~> 3.11.0)
rspec-mocks (~> 3.11.0)
rspec-core (3.11.0)
rspec-support (~> 3.11.0)
rspec-expectations (3.11.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.11.0)
rspec-its (1.3.0)
rspec-core (>= 3.0.0)
rspec-expectations (>= 3.0.0)
rspec-mocks (3.11.1)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.11.0)
rspec-support (3.11.0)
rubocop (1.25.1)
parallel (~> 1.10)
parser (>= 3.1.0.0)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml
rubocop-ast (>= 1.15.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 3.0)
rubocop-ast (1.19.1)
parser (>= 3.1.1.0)
ruby-progressbar (1.11.0)
ruby2_keywords (0.0.5)
rubyntlm (0.6.3)
rubyzip (2.3.2)
semverse (3.0.2)
signet (0.17.0)
addressable (~> 2.8)
faraday (>= 0.17.5, < 3.a)
jwt (>= 1.5, < 3.0)
multi_json (~> 1.10)
sslshake (1.3.1)
strings (0.2.1)
strings-ansi (~> 0.2)
unicode-display_width (>= 1.5, < 3.0)
unicode_utils (~> 1.4)
strings-ansi (0.2.0)
test-kitchen (3.3.1)
bcrypt_pbkdf (~> 1.0)
chef-utils (>= 16.4.35)
ed25519 (~> 1.2)
license-acceptance (>= 1.0.11, < 3.0)
mixlib-install (~> 3.6)
mixlib-shellout (>= 1.2, < 4.0)
net-scp (>= 1.1, < 4.0)
net-ssh (>= 2.9, < 7.0)
net-ssh-gateway (>= 1.2, < 3.0)
thor (>= 0.19, < 2.0)
winrm (~> 2.0)
winrm-elevated (~> 1.0)
winrm-fs (~> 1.1)
thor (1.2.1)
timeliness (0.3.10)
tomlrb (1.3.0)
trailblazer-option (0.1.2)
train (3.10.1)
activesupport (>= 6.0.3.1)
azure_graph_rbac (~> 0.16)
azure_mgmt_key_vault (~> 0.17)
azure_mgmt_resources (~> 0.15)
azure_mgmt_security (~> 0.18)
azure_mgmt_storage (~> 0.18)
docker-api (>= 1.26, < 3.0)
google-api-client (>= 0.23.9, <= 0.52.0)
googleauth (>= 0.6.6, <= 0.14.0)
inifile (~> 3.0)
train-core (= 3.10.1)
train-winrm (~> 0.2)
train-aws (0.2.24)
aws-sdk-alexaforbusiness (~> 1.0)
aws-sdk-amplify (~> 1.32.0)
aws-sdk-apigateway (~> 1.0)
aws-sdk-apigatewayv2 (~> 1.0)
aws-sdk-applicationautoscaling (>= 1.46, < 1.52)
aws-sdk-athena (~> 1.0)
aws-sdk-autoscaling (>= 1.22, < 1.64)
aws-sdk-batch (>= 1.36, < 1.48)
aws-sdk-budgets (~> 1.0)
aws-sdk-cloudformation (~> 1.0)
aws-sdk-cloudfront (~> 1.0)
aws-sdk-cloudhsm (~> 1.0)
aws-sdk-cloudhsmv2 (~> 1.0)
aws-sdk-cloudtrail (~> 1.8)
aws-sdk-cloudwatch (~> 1.13)
aws-sdk-cloudwatchevents (>= 1.36, < 1.47)
aws-sdk-cloudwatchlogs (~> 1.13)
aws-sdk-codecommit (~> 1.0)
aws-sdk-codedeploy (~> 1.0)
aws-sdk-codepipeline (~> 1.0)
aws-sdk-cognitoidentity (>= 1.26, < 1.32)
aws-sdk-cognitoidentityprovider (>= 1.46, < 1.54)
aws-sdk-configservice (~> 1.21)
aws-sdk-core (~> 3.0)
aws-sdk-costandusagereportservice (~> 1.6)
aws-sdk-databasemigrationservice (>= 1.42, < 1.54)
aws-sdk-dynamodb (~> 1.31)
aws-sdk-ec2 (~> 1.70)
aws-sdk-ecr (~> 1.18)
aws-sdk-ecrpublic (~> 1.3)
aws-sdk-ecs (~> 1.30)
aws-sdk-efs (~> 1.0)
aws-sdk-eks (~> 1.9)
aws-sdk-elasticache (~> 1.0)
aws-sdk-elasticbeanstalk (~> 1.0)
aws-sdk-elasticloadbalancing (~> 1.8)
aws-sdk-elasticloadbalancingv2 (~> 1.0)
aws-sdk-elasticsearchservice (~> 1.0)
aws-sdk-emr (~> 1.53.0)
aws-sdk-eventbridge (~> 1.24.0)
aws-sdk-firehose (~> 1.0)
aws-sdk-glue (>= 1.71, < 1.89)
aws-sdk-guardduty (~> 1.31)
aws-sdk-iam (~> 1.13)
aws-sdk-kafka (~> 1.0)
aws-sdk-kinesis (~> 1.0)
aws-sdk-kms (~> 1.13)
aws-sdk-lambda (~> 1.0)
aws-sdk-mq (~> 1.40.0)
aws-sdk-networkfirewall (>= 1.6.0)
aws-sdk-networkmanager (>= 1.13.0)
aws-sdk-organizations (>= 1.17, < 1.60)
aws-sdk-ram (>= 1.21, < 1.27)
aws-sdk-rds (~> 1.43)
aws-sdk-redshift (~> 1.0)
aws-sdk-route53 (~> 1.0)
aws-sdk-route53domains (~> 1.0)
aws-sdk-route53resolver (~> 1.0)
aws-sdk-s3 (~> 1.30)
aws-sdk-s3control (~> 1.43.0)
aws-sdk-secretsmanager (>= 1.42, < 1.47)
aws-sdk-securityhub (~> 1.0)
aws-sdk-servicecatalog (>= 1.48, < 1.61)
aws-sdk-ses (~> 1.41.0)
aws-sdk-shield (~> 1.30)
aws-sdk-signer (~> 1.32.0)
aws-sdk-simpledb (~> 1.29.0)
aws-sdk-sms (~> 1.0)
aws-sdk-sns (~> 1.9)
aws-sdk-sqs (~> 1.10)
aws-sdk-ssm (~> 1.0)
aws-sdk-states (>= 1.35, < 1.40)
aws-sdk-synthetics (~> 1.19.0)
aws-sdk-transfer (>= 1.26, < 1.35)
aws-sdk-waf (~> 1.43.0)
train-core (3.10.1)
addressable (~> 2.5)
ffi (!= 1.13.0)
json (>= 1.8, < 3.0)
mixlib-shellout (>= 2.0, < 4.0)
net-scp (>= 1.2, < 4.0)
net-ssh (>= 2.9, < 7.0)
train-habitat (0.2.22)
train-winrm (0.2.13)
winrm (>= 2.3.6, < 3.0)
winrm-elevated (~> 1.2.2)
winrm-fs (~> 1.0)
tty-box (0.7.0)
pastel (~> 0.8)
strings (~> 0.2.0)
tty-cursor (~> 0.7)
tty-color (0.6.0)
tty-cursor (0.7.1)
tty-prompt (0.23.1)
pastel (~> 0.8)
tty-reader (~> 0.8)
tty-reader (0.9.0)
tty-cursor (~> 0.7)
tty-screen (~> 0.8)
wisper (~> 2.0)
tty-screen (0.8.1)
tty-table (0.12.0)
pastel (~> 0.8)
strings (~> 0.2.0)
tty-screen (~> 0.8)
tzinfo (2.0.4)
concurrent-ruby (~> 1.0)
uber (0.1.0)
unf (0.1.4)
unf_ext
unf_ext (0.0.8.2)
unicode-display_width (2.2.0)
unicode_utils (1.4.0)
winrm (2.3.6)
builder (>= 2.1.2)
erubi (~> 1.8)
gssapi (~> 1.2)
gyoku (~> 1.0)
httpclient (~> 2.2, >= 2.2.0.2)
logging (>= 1.6.1, < 3.0)
nori (~> 2.0)
rubyntlm (~> 0.6.0, >= 0.6.3)
winrm-elevated (1.2.3)
erubi (~> 1.8)
winrm (~> 2.0)
winrm-fs (~> 1.0)
winrm-fs (1.3.5)
erubi (~> 1.8)
logging (>= 1.6.1, < 3.0)
rubyzip (~> 2.0)
winrm (~> 2.0)
wisper (2.0.1)
PLATFORMS
ruby
DEPENDENCIES
inspec!
kitchen-docker!
kitchen-inspec (>= 2.5.0)
kitchen-salt (>= 0.7.2)
kitchen-vagrant
BUNDLED WITH
2.1.2

240
README.rst
View File

@ -1,240 +0,0 @@
======
apache
======
Formulas to set up and configure the Apache HTTP server.
.. note::
See the full `Salt Formulas installation and usage instructions
<http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.
Available states
================
.. contents::
:local:
``apache``
----------
Installs the Apache package and starts the service.
``apache.config``
-----------------
Configures apache based on os_family
``apache.certificates``
-----------------
Deploy SSL certificates from pillars
``apache.mod_mpm``
------------------
Configures the apache mpm modules on Debian ``mpm_prefork``, ``mpm_worker`` or ``mpm_event`` (Debian Only)
``apache.modules``
------------------
Enables and disables Apache modules.
``apache.mod_rewrite``
----------------------
Enabled the Apache module mod_rewrite (Debian and FreeBSD only)
``apache.mod_proxy``
-------------------
Enables the Apache module mod_proxy. (Debian and FreeBSD only)
``apache.mod_proxy_http``
-------------------------
Enables the Apache module mod_proxy_http and requires the Apache module mod_proxy to be enabled. (Debian Only)
``apache.mod_proxy_fcgi``
-------------------------
Enables the Apache module mod_proxy_fcgi and requires the Apache module mod_proxy to be enabled. (Debian Only)
``apache.mod_wsgi``
-------------------
Installs the mod_wsgi package and enables the Apache module.
``apache.mod_actions``
----------------------
Enables the Apache module mod_actions. (Debian Only)
``apache.mod_headers``
----------------------
Enables the Apache module mod_headers. (Debian Only)
``apache.mod_pagespeed``
------------------------
Installs and Enables the mod_pagespeed module. (Debian and RedHat Only)
``apache.mod_perl2``
-------------------
Installs and enables the mod_perl2 module (Debian and FreeBSD only)
``apache.mod_geoip``
-------------------
Installs and enables the mod_geoIP (RedHat only)
``apache.mod_php5``
-------------------
Installs and enables the mod_php5 module
``apache.mod_cgi``
---------------------
Enables mod_cgi. (FreeBSD only)
``apache.mod_fcgid``
--------------------
Installs and enables the mod_fcgid module (Debian only)
``apache.mod_fastcgi``
--------------------
Installs and enables the mod_fastcgi module
``apache.mod_dav_svn``
--------------------
Installs and enables the mod_dav_svn module (Debian only)
``apache.mod_security``
----------------------
Installs an enables the `Apache mod_security2 WAF`<http://modsecurity.org/>`_
using data from Pillar. (Debian and RedHat Only)
Allows you to install the basic Core Rules (CRS) and some basic configuration for mod_security2
``apache.mod_security.rules``
-----------------------------
This state can create symlinks based on basic Core Rules package. (Debian only)
Or it can distribute a mod_security rule file and place it /etc/modsecurity/
``apache.mod_socache_shmcb``
---------------------
Enables mod_socache_shmcb. (FreeBSD only)
``apache.mod_ssl``
----------------------
Installs and enables the mod_ssl module (Debian, RedHat and FreeBSD only)
``apache.mod_suexec``
---------------------
Enables mod_suexec. (FreeBSD only)
``apache.mod_vhost_alias``
----------------------
Enables the Apache module vhost_alias (Debian Only)
``apache.mod_remoteip``
----------------------
Enables and configures the Apache module mod_remoteip using data from Pillar. (Debian Only)
``apache.mod_xsendfile``
----------------------
Installs and enables mod_xsendfile module. (Debian Only)
``apache.own_default_vhost``
--------------------------
Replace default vhost with own version. By default, it's 503 code. (Debian Only)
``apache.no_default_vhost``
--------------------------
Remove the default vhost. (Debian Only)
``apache.vhosts.standard``
--------------------------
Configures Apache name-based virtual hosts and creates virtual host directories using data from Pillar.
Example Pillar:
.. code:: yaml
apache:
sites:
example.com: # must be unique; used as an ID declaration in Salt; also passed to the template context as {{ id }}
template_file: salt://apache/vhosts/standard.tmpl
When using the provided templates, one can use a space separated list
of interfaces to bind to. For example, to bind both IPv4 and IPv6:
.. code:: yaml
apache:
sites:
example.com:
interface: '1.2.3.4 [2001:abc:def:100::3]'
``apache.manage_security``
--------------------------
Configures Apache's security.conf options by reassinging them using data from Pillar.
``apache.server_status``
--------------------------
Configures Apache's server_status handler for localhost
``apache.debian_full``
----------------------
Installs and configures Apache on Debian and Ubuntu systems.
``apache.uninstall``
----------
Stops the Apache service and uninstalls the package.
These states are ordered using the ``order`` declaration. Different stages
are divided into the following number ranges:
1) apache will use 1-500 for ordering
2) apache will reserve 1 -100 as unused
3) apache will reserve 101-150 for pre pkg install
4) apache will reserve 151-200 for pkg install
5) apache will reserve 201-250 for pkg configure
6) apache will reserve 251-300 for downloads, git stuff, load data
7) apache will reserve 301-400 for unknown purposes
8) apache will reserve 401-450 for service restart-reloads
9) apache WILL reserve 451-460 for service.running
10) apache will reserve 461-500 for cmd requiring operational services
Example Pillar:
.. code:: yaml
apache:
register-site:
# any name as an array index, and you can duplicate this section
{{UNIQUE}}:
name: 'my name'
path: 'salt://path/to/sites-available/conf/file'
state: 'enabled'

13
apache/_mapdata/_mapdata.jinja Normal file
View File

@ -0,0 +1,13 @@
# yamllint disable rule:indentation rule:line-length
# {{ grains.get("osfinger", grains.os) }}
---
{#- use salt.slsutil.serialize to avoid encoding errors on some platforms #}
{{ salt["slsutil.serialize"](
"yaml",
map,
default_flow_style=False,
allow_unicode=True,
)
| regex_replace("^\s+'$", "'", multiline=True)
| trim
}}

22
apache/_mapdata/init.sls Normal file
View File

@ -0,0 +1,22 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
---
{#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split("/")[0] %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- set _mapdata = {
"values": apache,
} %}
{%- do salt["log.debug"]("### MAP.JINJA DUMP ###\n" ~ _mapdata | yaml(False)) %}
{%- set output_dir = "/temp" if grains.os_family == "Windows" else "/tmp" %}
{%- set output_file = output_dir ~ "/salt_mapdata_dump.yaml" %}
{{ tplroot }}-mapdata-dump:
file.managed:
- name: {{ output_file }}
- source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja
- template: jinja
- context:
map: {{ _mapdata | yaml }}

1
apache/certificates Symbolic link
View File

@ -0,0 +1 @@
config/certificates/

63
apache/certificates.sls
View File

@ -1,63 +0,0 @@
{% from "apache/map.jinja" import apache with context %}
include:
- apache
{%- for site, confcert in salt['pillar.get']('apache:sites', {}).items() %}
{% if confcert.SSLCertificateKeyFile is defined and confcert.SSLCertificateKeyFile_content is defined %}
# Deploy {{ site }} key file
apache_cert_config_{{ site }}_key_file:
file.managed:
- name: {{ confcert.SSLCertificateKeyFile }}
- contents_pillar: apache:sites:{{ site }}:SSLCertificateKeyFile_content
- makedirs: True
- mode: 600
- user: root
- group: root
- watch_in:
- module: apache-reload
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
{% endif %}
{% if confcert.SSLCertificateFile is defined and confcert.SSLCertificateFile_content is defined %}
# Deploy {{ site }} cert file
apache_cert_config_{{ site }}_cert_file:
file.managed:
- name: {{ confcert.SSLCertificateFile }}
- contents_pillar: apache:sites:{{ site }}:SSLCertificateFile_content
- makedirs: True
- mode: 600
- user: root
- group: root
- watch_in:
- module: apache-reload
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
{% endif %}
{% if confcert.SSLCertificateChainFile is defined and confcert.SSLCertificateChainFile_content is defined %}
# Deploy {{ site }} bundle file
apache_cert_config_{{ site }}_bundle_file:
file.managed:
- name: {{ confcert.SSLCertificateChainFile }}
- contents_pillar: apache:sites:{{ site }}:SSLCertificateChainFile_content
- makedirs: True
- mode: 600
- user: root
- group: root
- watch_in:
- module: apache-reload
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
{% endif %}
{%- endfor %}

7
apache/clean.sls Normal file
View File

@ -0,0 +1,7 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
include:
- .service.clean
- .config.clean
- .package.clean

140
apache/config.sls
View File

@ -1,140 +0,0 @@
{% from "apache/map.jinja" import apache with context %}
include:
- apache
{{ apache.logdir }}:
file.directory:
- makedirs: True
- require:
- pkg: apache
- watch_in:
- module: apache-restart
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
{{ apache.configfile }}:
file.managed:
- template: jinja
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/apache-{{ apache.version }}.config.jinja
- require:
- pkg: apache
- watch_in:
- module: apache-restart
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
- context:
apache: {{ apache | json }}
{{ apache.vhostdir }}:
file.directory:
- makedirs: True
- require:
- pkg: apache
- watch_in:
- module: apache-restart
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
{% if grains['os_family']=="Debian" %}
/etc/apache2/envvars:
file.managed:
- template: jinja
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/envvars-{{ apache.version }}.jinja
- require:
- pkg: apache
- watch_in:
- module: apache-restart
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
{{ apache.portsfile }}:
file.managed:
- template: jinja
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/ports-{{ apache.version }}.conf.jinja
- require:
- pkg: apache
- watch_in:
- module: apache-restart
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
- context:
apache: {{ apache | json }}
{% endif %}
{% if grains['os_family']=="RedHat" %}
{{ apache.confdir }}/welcome.conf:
file.absent:
- require:
- pkg: apache
- watch_in:
- module: apache-restart
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
{% endif %}
{% if grains['os_family']=="Suse" or salt['grains.get']('os') == 'SUSE' %}
/etc/apache2/global.conf:
file.managed:
- template: jinja
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/global.config.jinja
- require:
- pkg: apache
- watch_in:
- module: apache-restart
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
- context:
apache: {{ apache | json }}
{% endif %}
{% if grains['os_family']=="FreeBSD" %}
/usr/local/etc/{{ apache.service }}/envvars.d/by_salt.env:
file.managed:
- template: jinja
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/envvars-{{ apache.version }}.jinja
- require:
- pkg: apache
- watch_in:
- module: apache-restart
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
{{ apache.portsfile }}:
file.managed:
- template: jinja
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/ports-{{ apache.version }}.conf.jinja
- require:
- pkg: apache
- watch_in:
- module: apache-restart
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
- context:
apache: {{ apache | json }}
{% endif %}

40
apache/config/certificates/clean.sls Normal file
View File

@ -0,0 +1,40 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_clean = tplroot ~ '.service.clean' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_clean }}
{%- for site, cert in salt['pillar.get']('apache:sites', {}).items() %}
{%- if cert.SSLCertificateKeyFile is defined %}
apache_cert_config_clean_{{ site }}_key_file:
file.absent:
- name: {{ cert.SSLCertificateKeyFile }}
- require:
- sls: {{ sls_service_clean }}
{%- endif %}
{%- if cert.SSLCertificateFile is defined %}
apache_cert_config_clean_{{ site }}_cert_file:
file.absent:
- name: {{ cert.SSLCertificateFile }}
- require:
- sls: {{ sls_service_clean }}
{%- endif %}
{%- if cert.SSLCertificateChainFile is defined %}
apache_cert_config_clean_{{ site }}_bundle_file:
file.absent:
- name: {{ cert.SSLCertificateChainFile }}
- require:
- sls: {{ sls_service_clean }}
{%- endif %}
{%- endfor %}

5
apache/config/certificates/init.sls Normal file
View File

@ -0,0 +1,5 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
include:
- .install

67
apache/config/certificates/install.sls Normal file
View File

@ -0,0 +1,67 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
{%- for site, cert in salt['pillar.get']('apache:sites', {}).items() %}
{%- if cert.SSLCertificateKeyFile is defined and cert.SSLCertificateKeyFile_content is defined %}
apache_cert_config_install_{{ site }}_key_file:
file.managed:
- name: {{ cert.SSLCertificateKeyFile }}
- contents_pillar: apache:sites:{{ site }}:SSLCertificateKeyFile_content
- makedirs: True
- mode: 600
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
{%- if cert.SSLCertificateFile is defined and cert.SSLCertificateFile_content is defined %}
apache_cert_config_install_{{ site }}_cert_file:
file.managed:
- name: {{ cert.SSLCertificateFile }}
- contents_pillar: apache:sites:{{ site }}:SSLCertificateFile_content
- makedirs: True
- mode: 600
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
{%- if cert.SSLCertificateChainFile is defined and cert.SSLCertificateChainFile_content is defined %}
apache_cert_config_install_{{ site }}_bundle_file:
file.managed:
- name: {{ cert.SSLCertificateChainFile }}
- contents_pillar: apache:sites:{{ site }}:SSLCertificateChainFile_content
- makedirs: True
- mode: 600
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
{%- endfor %}

25
apache/config/clean.sls Normal file
View File

@ -0,0 +1,25 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_clean = tplroot ~ '.service.clean' %}
{%- set sls_modules_clean = tplroot ~ '.config.modules.clean' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- .modules.clean
- {{ sls_service_clean }}
apache-config-clean-file-absent:
file.absent:
- names:
- {{ apache.config }}
- {{ apache.logdir }}
- {{ apache.vhostdir }}
# apache.portsfile
- /etc/apache2
- /etc/httpd
- {{ apache.confdir }}/server-status{{ apache.confext }}
- require:
- sls: {{ sls_service_clean }}
- sls: {{ sls_modules_clean }}

50
apache/config/debian_full.sls Normal file
View File

@ -0,0 +1,50 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_config_registersite = tplroot ~ '.config.register_site' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains.os_family in ('Debian',) %}
include:
- {{ sls_package_install }}
- {{ sls_service_running }}
- {{ sls_config_registersite }}
extend:
apache-package-install-pkg-installed:
pkg:
- order: 175
apache-service-running:
service:
- order: 455
apache-service-running-reload:
module:
- order: 420
apache-service-running-restart:
module:
- order: 425
apache-config-debian-full-cmd-run:
cmd.run:
- name: a2dissite 000-default{{ apache.confext }} || true
- onlyif: test -f /etc/apache2/sites-enabled/000-default{{ apache.confext }}
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
- require:
- pkg: apache-package-install-pkg-installed
file.absent:
- names:
- /etc/apache2/sites-available/{{ apache.default_site }}
- /etc/apache2/sites-available/{{ apache.default_site_ssl }}
- require:
- pkg: apache-package-install-pkg-installed
{%- endif %} #END: os = debian

163
apache/config/file.sls Normal file
View File

@ -0,0 +1,163 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-file-directory-logdir:
file.directory:
- name: {{ apache.logdir }}
- user: {{ apache.user }}
- group: {{ apache.group }}
- makedirs: True
- require:
- sls: {{ sls_package_install }}
- require_in:
- service: apache-service-running
apache-config-file-directory-vhostdir:
file.directory:
- name: {{ apache.vhostdir }}
- makedirs: True
- require:
- sls: {{ sls_package_install }}
- require_in:
- service: apache-service-running
apache-config-file-directory-moddir:
file.directory:
- name: {{ apache.moddir }}
- makedirs: True
- require:
- sls: {{ sls_package_install }}
- require_in:
- service: apache-service-running
{%- if apache.davlockdbdir %}
apache-config-file-directory-davlockdbdir:
file.directory:
- name: {{ apache.davlockdbdir }}
- makedirs: True
- user: {{ apache.user }}
- group: {{ apache.group }}
- recurse:
- user
- group
- require:
- sls: {{ sls_package_install }}
- require_in:
- service: apache-service-running
{%- endif %}
{%- if 'sitesdir' in apache and apache.sitesdir %}
apache-config-file-directory-sites-enabled:
file.directory:
- name: {{ apache.sitesdir }}
- makedirs: True
- require:
- sls: {{ sls_package_install }}
- require_in:
- service: apache-service-running
{%- endif %}
{%- if grains.os_family in ('Debian',) and 'confdir' in apache and apache.confdir %}
apache-config-file-directory-conf-enabled:
file.directory:
- name: {{ apache.confdir }}
- makedirs: True
- require:
- sls: {{ sls_package_install }}
- require_in:
- service: apache-service-running
{%- endif %}
apache-config-file-managed:
file.managed:
- name: {{ apache.config }}
- source: 'salt://apache/files/{{ grains.os_family }}/apache-{{ apache.version }}.config.jinja'
- mode: 644
- user: {{ apache.rootuser }}
{%- if grains.kernel != 'Windows' %}
- group: {{ apache.rootgroup }}
{%- endif %}
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- require:
- sls: {{ sls_package_install }}
- context:
apache: {{ apache | json }}
{%- if grains.os_family in ('Debian', 'FreeBSD') %}
apache-config-file-managed-{{ grains.os }}-env:
file.managed:
- name: /etc/apache2/envvars
- source: 'salt://apache/files/{{ grains.os_family }}/envvars-{{ apache.version }}.jinja'
- mode: 644
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache | json }}
- require_in:
- file: apache-config-file-managed-{{ grains.os }}-ports
apache-config-file-managed-{{ grains.os }}-ports:
file.managed:
- name: {{ apache.portsfile }}
- source: salt://apache/files/{{ grains.os_family }}/ports-{{ apache.version }}.conf.jinja
- mode: 644
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache | json }}
{%- elif grains.os_family == "RedHat" %}
apache-config-file-absent-{{ grains.os }}:
file.absent:
- name: {{ apache.confdir }}/welcome.conf
{%- elif grains.os_family == "Suse" %}
apache-config-file-managed-{{ grains.os }}:
file.managed:
- name: /etc/apache2/global.conf
- source: 'salt://apache/files/Suse/global.config.jinja'
- mode: 644
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache | json }}
{%- else %}
apache-config-file-managed-skip:
test.show_notification:
- text: |
No configuration file to manage
{%- endif %}
- require:
- sls: {{ sls_package_install }}
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- service: apache-service-running

48
apache/config/flags.sls Normal file
View File

@ -0,0 +1,48 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
{%- if grains.os_family == 'Suse' %}
include:
- {{ sls_package_install }}
- {{ sls_service_running }}
{%- for flag in salt['pillar.get']('apache:flags:enabled', []) %}
apache-config-flags-{{ flag }}-cmd-a2en:
cmd.run:
- name: a2enflag {{ flag }}
- unless: egrep "^APACHE_SERVER_FLAGS=" /etc/sysconfig/apache2 |grep {{ flag }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endfor %}
{%- for flag in salt['pillar.get']('apache:flags:disabled', []) %}
apache-config-flags-{{ flag }}-a2dis:
cmd.run:
- name: a2disflag -f {{ flag }}
- onlyif: egrep "^APACHE_SERVER_FLAGS=" /etc/sysconfig/apache2 | grep {{ flag }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endfor %}
{%- endif %}

5
apache/config/init.sls Normal file
View File

@ -0,0 +1,5 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
include:
- .vhosts

44
apache/config/logrotate.sls Normal file
View File

@ -0,0 +1,44 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
apache-config-logrotate-file-managed:
file.managed:
- name: {{ apache.logrotatedir }}
- makedirs: True
{%- if grains.os_family == "RedHat" %}
- contents: |
{{ apache.logdir }}/*log {
missingok
notifempty
sharedscripts
delaycompress
postrotate
/bin/systemctl reload {{ apache.service.name }}.service > /dev/null 2>/dev/null || true
endscript
}
{% else %}
- contents: |
{{ apache.logdir }}/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
if /etc/init.d/{{ apache.service.name }} status >/dev/null; then \
/etc/init.d/{{ apache.service.name }} reload >/dev/null; \
fi;
endscript
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi; \
endscript
}
{% endif %}

44
apache/config/manage_security.sls Normal file
View File

@ -0,0 +1,44 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains.os_family in ('Debian', 'FreeBSD') %}
include:
- {{ sls_package_install }}
- {{ sls_service_running }}
apache-config-manage-security-{{ grains.os_family }}:
file.managed:
{%- if grains.os_family == "Debian" %}
- onlyif: test -f /etc/apache2/conf-available/security.conf
- name: /etc/apache2/conf-available/security.conf
{%- elif grains.os_family == "FreeBSD" %}
- name: {{ apache.confdir + '/security.conf' }}
{%- endif %}
- source:
- salt://apache/files/{{ grains.os_family }}/security.conf.jinja
- salt://apache/files/ssl/security.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache | json }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

50
apache/config/modules/clean.sls Normal file
View File

@ -0,0 +1,50 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_clean = tplroot ~ '.package.clean' %}
{%- set sls_service_clean = tplroot ~ '.service.clean' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_clean }}
{%- set existing_states = salt['cp.list_states']() %}
{%- for module in salt['pillar.get']('apache:modules:disabled', []) %}
apache-config-modules-{{ module }}-disable:
{%- if grains['os_family']=="Debian" %}
cmd.run:
- name: a2dismod -f {{ module }}
- onlyif: ls {{ apache.moddir }}/{{ module }}.load
{%- elif grains.os_family in ('Redhat', 'Arch') %}
cmd.run:
- name: find /etc/httpd/ -name '*.conf' -type f -exec sed -i -e 's/\(^\s*LoadModule.{{ module }}_module\)/#\1/g' {} \;
- onlyif:
- test -d /etc/httpd
- {{ grains.os_family in ('Arch',) and 'true' }} || (httpd -M 2> /dev/null |grep "[[:space:]]{{ module }}_module")
file.absent:
- name: /etc/httpd/conf.modules.d/*{{ module }}.conf
{%- elif salt['grains.get']('os_family') == 'Suse' %}
cmd.run:
- name: a2dismod {{ module }}
- onlyif: egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep {{ module }}
{%- else %}
test.show_notification:
- text: |
No {{ module }} module change
{%- endif %}
- order: 225
- require:
- sls: {{ sls_service_clean }}
{%- endfor %}

11
apache/config/modules/init.sls Normal file
View File

@ -0,0 +1,11 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
include:
- .install
- .mod_rewrite
- .mod_proxy
- .mod_headers
{%- if 'osfinger' in grains and grains.osfinger not in ('Amazon Linux-2',) %}
- .mod_geoip
{%- endif %}

51
apache/config/modules/install.sls Normal file
View File

@ -0,0 +1,51 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_config_file = tplroot ~ '.config.file' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_config_file }}
{% set existing_states = salt['cp.list_states']() %}
{% for module in salt['pillar.get']('apache:modules:enabled', []) %}
apache-config-modules-{{ module }}-enable:
{% if grains['os_family']=="Debian" %}
cmd.run:
- name: a2enmod -f {{ module }}
- unless: ls {{ apache.moddir }}/{{ module }}.load
{% elif grains.os_family in ('RedHat', 'Arch') %}
cmd.run:
- name: find /etc/httpd/ -name '*.conf' -type f -exec sed -i -e 's/\(^#\)\(\s*LoadModule.{{ module }}_module\)/\2/g' {} \;
- onlyif: {{ grains.os_family in ('Arch',) and 'true' }} || (httpd -M 2> /dev/null |grep "[[:space:]]{{ module }}_module")
{% elif salt['grains.get']('os_family') == 'Suse' %}
cmd.run:
- name: a2enmod {{ module }}
- onlyif: egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 |grep {{ module }}
{% else %}
test.show_notification:
- text: |
No {{ module }} module change
{%- endif %}
- order: 225
- require:
- sls: {{ sls_config_file }}
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
{%- endfor %}

30
apache/config/modules/mod_actions.sls Normal file
View File

@ -0,0 +1,30 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-actions-cmd-run:
cmd.run:
- name: a2enmod actions
- unless:
- ls {{ apache.moddir }}/actions.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep actions
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

33
apache/config/modules/mod_cgi.sls Normal file
View File

@ -0,0 +1,33 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family']=="FreeBSD" %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-cgi-cmd-run:
file.managed:
- name: {{ apache.modulesdir }}/040_mod_cgi.conf
- source: salt://apache/files/FreeBSD/mod_cgi.conf.jinja
- template: {{ apache.get('template_engine', 'jinja') }}
- makedirs: True
- context:
svcname: {{ apache.service.name }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
- mode: 644
{%- endif %}

49
apache/config/modules/mod_dav_svn.sls Normal file
View File

@ -0,0 +1,49 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] == "Debian" %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-dav_svn_pkg_installed:
pkg.installed:
- name: libapache2-mod-svn
apache-config-modules-dav_svn_cmd-run-a2en:
cmd.run:
- name: a2enmod dav_svn
- unless: ls {{ apache.moddir }}/dav_svn.load
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- pkg: apache-config-modules-dav_svn_pkg_installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
apache-config-modules-dav_svn_cmd-run-a2en-authz:
cmd.run:
- name: a2enmod authz_svn
- unless: ls {{ apache.moddir }}/authz_svn.load
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- pkg: apache-config-modules-dav_svn_pkg_installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

49
apache/config/modules/mod_fastcgi.sls Normal file
View File

@ -0,0 +1,49 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] == "Debian" %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
- .mod_actions
apache-config-modules-fastcgi-pkg:
pkgrepo.managed:
- name: "deb http://ftp.us.debian.org/debian {{ grains['oscodename'] }}"
- file: /etc/apt/sources.list.d/non-free.list
- onlyif: grep Debian /proc/version >/dev/null 2>&1
- comps: non-free
pkg.installed:
- name: {{ apache.mod_fastcgi }}
- order: 180
- require:
- pkgrepo: apache-config-modules-fastcgi-pkg
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
apache-config-modules-fastcgi_cmd-run:
cmd.run:
- name: a2enmod fastcgi
- unless: ls {{ apache.moddir }}/fastcgi.load
- order: 225
- require:
- pkg: apache-config-modules-fastcgi-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

35
apache/config/modules/mod_fcgid.sls Normal file
View File

@ -0,0 +1,35 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-fcgid-pkg:
pkg.installed:
- name: {{ apache.mod_fcgid }}
- order: 180
- require:
- pkg: apache-package-install-pkg-installed
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
cmd.run:
- name: a2enmod fcgid
- order: 225
- unless: ls {{ apache.moddir }}/fcgid.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' fcgid'
- require:
- pkg: apache-config-modules-fcgid-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

87
apache/config/modules/mod_geoip.sls Normal file
View File

@ -0,0 +1,87 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if 'mod_geoip' in apache and 'finger' in grains and grains.osfinger not in ('Leap-42',) %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-geoip-pkg:
pkg.installed:
- pkgs:
- {{ apache.mod_geoip }}
- {{ apache.mod_geoip_database }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if grains['os_family']=="RedHat" %}
apache-config-modules-geoip-conf-file-managed:
file.managed:
- name: {{ apache.confdir }}/geoip.conf
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- makedirs: True
- mode: 644
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/geoip.conf
apache-config-modules-geoip-db-file-managed:
file.managed:
- name: /usr/share/GeoIP/GeoIP.dat
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- makedirs: True
- mode: 644
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/GeoIP.dat
apache-config-modules-geoip-{{ grains.os_family }}-conf-file-managed:
file.managed:
- name: {{ apache.moddir }}/10-geoip.conf
- makedirs: True
- source:
- salt://apache/files/RedHat/conf.modules.d/10-geoip.conf.jinja
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-geoip-cmd-run:
cmd.run:
- name: a2enmod geoip
- unless: ls {{ apache.moddir }}/geoip.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep geoip
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- pkg: apache-config-modules-geoip-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
{%- endif %}

29
apache/config/modules/mod_headers.sls Normal file
View File

@ -0,0 +1,29 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-headers-pkg:
cmd.run:
- name: a2enmod headers
- unless: ls {{ apache.moddir }}/headers.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep headers
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

29
apache/config/modules/mod_logio.sls Normal file
View File

@ -0,0 +1,29 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-logio-pkg:
cmd.run:
- name: a2enmod logio
- unless: ls {{ apache.moddir }}/logio.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep logio
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

84
apache/config/modules/mod_mpm.sls Normal file
View File

@ -0,0 +1,84 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- set mpm_module = salt['pillar.get']('apache:mpm:module', 'mpm_prefork') %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-mpm-pkg:
cmd.run:
- name: a2enmod {{ mpm_module }}
- unless: ls {{ apache.moddir }}/{{ mpm_module }}.load
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
file.managed:
- name: /etc/apache2/mods-available/{{ mpm_module }}.conf
- template: {{ apache.get('template_engine', 'jinja') }}
- makedirs: True
- context:
apache: {{ apache|json }}
- source:
- salt://apache/files/Debian/mpm/{{ mpm_module }}.conf.jinja
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
# Deactivate the other mpm modules as a previous step
{%- for mod in ['mpm_prefork', 'mpm_worker', 'mpm_event'] if not mod == mpm_module %}
apache-config-modules-mpm-{{ mod }}-cmd-run:
cmd.run:
- name: a2dismod {{ mod }}
- onlyif: ls {{ apache.moddir }}/{{ mod }}.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' {{ mod }}'
- require:
- pkg: apache-package-install-pkg-installed
- require_in:
- cmd: a2enmod {{ mpm_module }}
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endfor %}
{%- elif grains['os_family']=="RedHat" %}
apache-config-modules-mpm-{{ grains.os_family }}-conf-file-managed:
file.managed:
- name: {{ apache.moddir }}/00-mpm.conf
- template: {{ apache.get('template_engine', 'jinja') }}
- makedirs: True
- context:
apache: {{ apache|json }}
- source:
- salt://apache/files/RedHat/conf.modules.d/00-{{ mpm_module }}.conf.jinja
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

68
apache/config/modules/mod_pagespeed.sls Normal file
View File

@ -0,0 +1,68 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- set pagespeed_module = salt['pillar.get']('apache:pagespeed:module', 'pagespeed_prefork') %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-pagespeed-pkg:
pkg.installed:
- name: {{ apache.mod_pagespeed }}
- sources:
- mod-pagespeed-stable: {{ apache.mod_pagespeed_source }}
cmd.run:
- name: a2enmod pagespeed
- unless: ls {{ apache.moddir }}/pagespeed.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep pagespeed
- order: 255
- require:
- pkg: apache-config-modules-pagespeed-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- for dir in ['/var/cache/mod_pagespeed', '/var/log/pagespeed'] %}
apache-config-modules-pagespeed-{{ dir }}-file-directory:
file.directory:
- name: {{ dir }}
- makedirs: true
- user: {{ apache.user }}
- group: {{ apache.group }}
- require:
- pkg: apache-config-modules-pagespeed-pkg
- user: {{ apache.user }}
- group: {{ apache.group }}
{%- endfor %}
# Here we hardcode a logrotate entry to take care of the logs
apache-config-modules-pagespeed-logrotate-file-managed:
file.managed:
- name: /etc/logrotate.d/pagespeed
- contents: |
/var/log/pagespeed/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
sharedscripts
postrotate
if /etc/init.d/apache2 status > /dev/null ; then \
/etc/init.d/apache2 reload > /dev/null; \
fi;
endscript
}
{%- endif %}

60
apache/config/modules/mod_perl2.sls Normal file
View File

@ -0,0 +1,60 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-perl-pkg:
pkg.installed:
- name: {{ apache.mod_perl2 }}
- order: 180
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
cmd.run:
- name: a2enmod perl
- unless: ls {{ apache.moddir }}/perl.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' perl'
- order: 225
- require:
- pkg: apache-config-modules-perl-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family']=="FreeBSD" %}
file.managed:
- name: {{ apache.modulesdir }}/260_mod_perl.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_perl.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
svcname: {{ apache.service.name }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

84
apache/config/modules/mod_php5.sls Normal file
View File

@ -0,0 +1,84 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-php5-pkg:
pkg.installed:
- name: {{ apache.mod_php5 }}
- order: 180
- require:
- pkg: apache-package-install-pkg-installed
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
cmd.run:
- name: a2enmod php5
- unless: ls {{ apache.moddir }}/php5.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' php5'
- order: 225
- require:
- pkg: apache-config-modules-php5-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if 'apache' in pillar and 'php-ini' in pillar['apache'] %}
file.managed:
- name: /etc/php5/apache2/php.ini
- source: {{ pillar['apache']['php-ini'] }}
- order: 225
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
svcname: {{ apache.service.name }}
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
- require:
- pkg: apache-package-install-pkg-installed
- pkg: apache-config-modules-php5-pkg
{%- endif %}
{%- elif grains['os_family']=="FreeBSD" %}
file.managed:
- name: {{ apache.modulesdir }}/050_mod_php5.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_php5.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
svcname: {{ apache.service.name }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family']=="Suse" %}
file.replace:
- name: /etc/sysconfig/apache2
- unless: grep '^APACHE_MODULES=.*php5' /etc/sysconfig/apache2
- pattern: '^APACHE_MODULES=(.*)"'
- repl: 'APACHE_MODULES=\1 php5"'
{%- endif %}

49
apache/config/modules/mod_proxy.sls Normal file
View File

@ -0,0 +1,49 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-proxy-pkg:
cmd.run:
- name: a2enmod proxy
- unless: ls {{ apache.moddir }}/proxy.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' proxy'
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family']=="FreeBSD" %}
apache-config-modules-proxy-file-managed:
file.managed:
- name: {{ apache.modulesdir }}/040_mod_proxy.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_proxy.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
svcname: {{ apache.service.name }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

51
apache/config/modules/mod_proxy_ajp.sls Normal file
View File

@ -0,0 +1,51 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
- .mod_proxy
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-proxy_ajp-pkg:
cmd.run:
- name: a2enmod proxy_ajp
- unless: ls {{ apache.moddir }}/proxy_ajp.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep proxy_ajp
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
# cmd: a2enmod proxy
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family']=="FreeBSD" %}
apache-config-modules-proxy_ajp-file-managed:
file.managed:
- name: {{ apache.modulesdir }}/040_mod_proxy_ajp.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_proxy_ajp.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

31
apache/config/modules/mod_proxy_fcgi.sls Normal file
View File

@ -0,0 +1,31 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
- .mod_proxy
apache-config-modules-proxy_fcgi-pkg:
cmd.run:
- name: a2enmod proxy_fcgi
- unless: ls {{ apache.moddir }}/proxy_fcgi.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep proxy_fcgi
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
# cmd: a2enmod proxy
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

51
apache/config/modules/mod_proxy_http.sls Normal file
View File

@ -0,0 +1,51 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
- .mod_proxy
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-proxy_http-pkg:
cmd.run:
- name: a2enmod proxy_http
- unless: ls {{ apache.moddir }}/proxy_http.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep proxy_http
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
# cmd: a2enmod proxy
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family']=="FreeBSD" %}
apache-config-modules-proxy_http-file-managed:
file.managed:
- name: {{ apache.modulesdir }}/040_mod_proxy_http.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_proxy_http.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
svcname: {{ apache.service.name }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

80
apache/config/modules/mod_remoteip.sls Normal file
View File

@ -0,0 +1,80 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-remoteip-cmd-run-mod-a2en:
cmd.run:
- name: a2enmod remoteip
- unless: ls {{ apache.moddir }}/remoteip.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep remoteip
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
apache-config-modules-remoteip-cmd-run-conf:
cmd.run:
- name: a2enconf remoteip
- unless: ls /etc/apache2/conf-enabled/remoteip.conf
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
file.managed:
- name: /etc/apache2/conf-available/remoteip.conf
- template: {{ apache.get('template_engine', 'jinja') }}
- makedirs: True
- context:
apache: {{ apache|json }}
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/conf-available/remoteip.conf.jinja
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
- cmd: apache-config-modules-remoteip-cmd-run-conf
{%- elif grains['os_family']=="RedHat" %}
apache-config-modules-remoteip-file-managed-conf:
file.managed:
- name: /etc/httpd/conf.d/remoteip.conf
- template: {{ apache.get('template_engine', 'jinja') }}
- makedirs: True
- context:
apache: {{ apache|json }}
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/conf.modules.d/remoteip.conf.jinja
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

49
apache/config/modules/mod_rewrite.sls Normal file
View File

@ -0,0 +1,49 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains['os_family'] in ('Debian', 'Suse') %}
apache-config-modules-rewrite-cmd-run-mod:
cmd.run:
- name: a2enmod rewrite
- unless: ls {{ apache.moddir }}/rewrite.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep rewrite
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family']=="FreeBSD" %}
apache-config-modules-rewrite-file-managed-conf:
file.managed:
- name: {{ apache.modulesdir }}/040_mod_rewrite.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_rewrite.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
svcname: {{ apache.service.name }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

89
apache/config/modules/mod_security/init.sls Normal file
View File

@ -0,0 +1,89 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains.os_family not in ('Arch',) %}
apache-config-modules-security-pkg:
pkg.installed:
- name: {{ apache.mod_security.package }}
- order: 180
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if apache.mod_security.crs_install and 'crs_package' in apache.mod_security %}
apache-config-modules-security-crs-pkg:
pkg.installed:
- name: {{ apache.mod_security.crs_package }}
- order: 180
- require:
- pkg: apache-config-modules-security-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
{%- if apache.mod_security.manage_config and 'config_file' in apache.mod_security %}
apache-config-modules-security-main-config-file-managed:
file.managed:
- name: {{ apache.mod_security.config_file }}
- order: 220
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- source:
- {{ 'salt://apache/files/' ~ salt['grains.get']('os_family') ~ '/modsecurity.conf.jinja' }}
- context: {{ apache.mod_security|json }}
- require:
- pkg: apache-config-modules-security-pkg
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-security-cmd-run-a2en-security2:
cmd.run:
- name: a2enmod security2
- unless: ls {{ apache.moddir }}/security2.load && ls {{ apache.moddir }}/security2.conf
- order: 225
{%- elif grains.os_family in ('Redhat',) %}
apache-config-modules-security-file-directory-modsecurity:
file.directory:
- name: /etc/httpd/modsecurity.d
{%- endif %}
- require:
- pkg: apache-config-modules-security-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

27
apache/mod_security/rules.sls → apache/config/modules/mod_security/rules.sls
View File

@ -1,19 +1,21 @@
{%- set apache = pillar.get('apache', {}) %}
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{#- set apache = pillar.get('apache', {}) #}
{%- set mod_security = apache.get('mod_security', {}) %}
{%- if mod_security.get('manage_config', False) %}
include:
- apache.mod_security
- apache.config.modules.mod_security
{%- for rule_name, rule_details in mod_security.get('rules', {}).items() %}
{% set rule_set = rule_details.get('rule_set', '') %}
{% set enabled = rule_details.get('enabled', False ) %}
{%- set rule_set = rule_details.get('rule_set', '') %}
{%- set enabled = rule_details.get('enabled', False ) %}
{%- if enabled %}
/etc/modsecurity/{{ rule_name }}:
file.symlink:
- target: /usr/share/modsecurity-crs/{{ rule_set }}/{{ rule_name }}
- user: root
- group: root
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- mode: 755
{%- else %}
/etc/modsecurity/{{ rule_name }}:
@ -24,17 +26,18 @@ include:
{%- endfor %}
{%- for custom_rule, custom_rule_details in mod_security.get('custom_rule_files', {}).items() %}
{% set file = custom_rule_details.get('file', None) %}
{% set path = custom_rule_details.get('path', None) %}
{% set enabled = custom_rule_details.get('enabled', False ) %}
{%- set file = custom_rule_details.get('file', None) %}
{%- set path = custom_rule_details.get('path', None) %}
{%- set enabled = custom_rule_details.get('enabled', False ) %}
{%- if enabled %}
/etc/modsecurity/{{ file }}:
file.managed:
- source: {{ path }}
- user: root
- group: root
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- mode: 755
- makedirs: True
{%- else %}
/etc/modsecurity/{{ file }}:
file.absent:
@ -42,4 +45,4 @@ include:
{%- endif %}
{%- endfor %}
{% endif %}
{%- endif %}

35
apache/config/modules/mod_socache_shmcb.sls Normal file
View File

@ -0,0 +1,35 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family']=="FreeBSD" %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-socache_shmcb-file-managed:
file.managed:
- name: {{ apache.modulesdir }}/009_mod_socache_shmcb.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/generic_module.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
- context:
module_name: socache_shmcb
{%- endif %}

129
apache/config/modules/mod_ssl.sls Normal file
View File

@ -0,0 +1,129 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains['os_family'] in ('Debian', 'Suse') %}
apache-config-modules-ssl-cmd-run:
cmd.run:
- name: a2enmod ssl
- unless: ls {{ apache.moddir }}/ssl.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' ssl'
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
file.managed:
- name: /etc/apache2/mods-available/ssl.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/ssl.conf.jinja
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- mode: 644
- makedirs: True
- watch_in:
- module: apache-service-running-restart
{%- elif grains['os_family']=="RedHat" %}
apache-config-modules-ssl-pkg:
pkg.installed:
- name: {{ apache.pkg.mod_ssl }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
file.absent:
- name: {{ apache.confdir }}/ssl.conf
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family']=="FreeBSD" %}
- .mod_ssl
apache-config-modules-ssl-file-managed:
file.managed:
- name: {{ apache.modulesdir }}/010_mod_ssl.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_ssl.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
apache-config-modules-ssl-file-managed-tls-defaults:
{%- if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}
file.managed:
- name: {{ apache.confdir }}/tls-defaults.conf
- source: salt://apache/files/ssl/tls-defaults.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
{%- else %}
file.absent:
- name: {{ apache.confdir }}/tls-defaults.conf
{%- endif %}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if grains['os_family'] in ('Debian',) %}
apache-config-modules-ssl-cmd-run-debian-tls-defaults:
cmd.run:
{%- if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}
- name: a2enconf tls-defaults
- unless: test -L /etc/apache2/conf-enabled/tls-defaults.conf
{%- else %}
- name: a2disconf tls-defaults
- onlyif: test -L /etc/apache2/conf-enabled/tls-defaults.conf
{%- endif %}
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
- file: {{ apache.confdir }}/tls-defaults.conf
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

52
apache/config/modules/mod_status.sls Normal file
View File

@ -0,0 +1,52 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_package_install }}
apache-config-server-status:
file.managed:
- name: {{ apache.confdir }}/server-status{{ apache.confext }}
- source: 'salt://apache/files/server-status.conf.jinja'
- template: {{ apache.get('template_engine', 'jinja') }}
- makedirs: True
- context:
apache: {{ apache|json }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if grains['os_family'] == "Debian" %}
apache-config-server-status-file-directory:
file.directory:
- name: /etc/apache2/conf-enabled
- require:
- pkg: apache-package-install-pkg-installed
apache-config-server-status-cmd-run:
cmd.run:
- name: a2enconf server-status
- unless: 'test -L /etc/apache2/conf-enabled/server-status.conf'
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
- file: apache-config-server-status
- file: apache-config-server-status-file-directory
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

33
apache/config/modules/mod_suexec.sls Normal file
View File

@ -0,0 +1,33 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family']=="FreeBSD" %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-suexec-file-managed:
file.managed:
- name: {{ apache.modulesdir }}/040_mod_suexec.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_suexec.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
svcname: {{ apache.service.name }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

31
apache/config/modules/mod_upload_progress.sls Normal file
View File

@ -0,0 +1,31 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-upload_progress-pkg:
pkg.installed:
- name: {{ apache.mod_upload_progress }}
cmd.run:
- name: a2enmod upload_progress
- unless: ls {{ apache.moddir }}/upload_progress.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep upload_progress
- order: 255
- require:
- pkg: apache-config-modules-upload_progress-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

29
apache/config/modules/mod_vhost_alias.sls Normal file
View File

@ -0,0 +1,29 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-vhost_alias-cmd-run:
cmd.run:
- name: a2enmod vhost_alias
- unless: ls {{ apache.moddir }}/vhost_alias.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep vhost_alias
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

40
apache/config/modules/mod_wsgi.sls Normal file
View File

@ -0,0 +1,40 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-wsgi-pkg:
pkg.installed:
- name: {{ apache.mod_wsgi }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if 'conf_mod_wsgi' in apache %}
file.uncomment:
- name: {{ apache.conf_mod_wsgi }}
- regex: LoadModule
- onlyif: test -f {{ apache.conf_mod_wsgi }}
- require:
- pkg: apache-config-modules-wsgi-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

41
apache/config/modules/mod_xsendfile.sls Normal file
View File

@ -0,0 +1,41 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-xsendfile-pkg:
pkg.installed:
- name: {{ apache.mod_xsendfile }}
- order: 180
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
cmd.run:
- name: a2enmod xsendfile
- order: 225
- unless: ls {{ apache.moddir }}/xsendfile.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep xsendfile
- require:
- pkg: apache-config-xsendfile-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

1
apache/config/modules/server_status.sls Symbolic link
View File

@ -0,0 +1 @@
mod_status.sls

28
apache/config/no_default_vhost.sls Normal file
View File

@ -0,0 +1,28 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains.os_family == "Debian" %}
include:
- {{ sls_package_install }}
- {{ sls_service_running }}
apache-config-default-vhost:
cmd.run:
- name: a2dissite 000-default.conf || true
- unless: test ! -f /etc/apache2/sites-enabled/000-default.conf
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

32
apache/config/own_default_vhost.sls Normal file
View File

@ -0,0 +1,32 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains.os_family == "Debian" %}
include:
- {{ sls_package_install }}
- {{ sls_service_running }}
apache-config-own-default-vhost:
file.managed:
- name: {{ apache.vhostdir }}/000-default.conf
- source: salt://apache/files/Debian/sites-available/000-default.conf
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

76
apache/config/register_site.sls Normal file
View File

@ -0,0 +1,76 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains.os_family == "Debian" %}
include:
- {{ sls_package_install }}
- {{ sls_service_running }}
apache-config-register-site-file-directory:
file.directory:
- name: {{ apache.sitesdir }}
- require:
- pkg: apache-package-install-pkg-installed
{%- if 'apache' in pillar and 'register-site' in pillar['apache'] %}
{%- for site in pillar['apache']['register-site'] %}
{%- if 'name' in pillar['apache']['register-site'][site] and 'state' in pillar['apache']['register-site'][site] %}
{%- if 'path' in pillar['apache']['register-site'][site] %}
{%- if pillar['apache']['register-site'][site]['state'] == 'enabled' %}
{%- set a2modid = "a2ensite " ~ pillar['apache']['register-site'][site]['name'] ~ apache.confext %}
{%- else %}
{%- set a2modid = "a2dissite " ~ pillar['apache']['register-site'][site]['name'] ~ apache.confext %}
{%- endif %}
apache-config-register-site-{{ a2modid }}:
cmd.run:
- name: {{ a2modid }}
{%- if pillar['apache']['register-site'][site]['state'] == 'enabled' %}
- unless: test -f /etc/apache2/sites-enabled/{{ pillar['apache']['register-site'][site]['name'] }}{{ apache.confext }}
{%- else %}
- onlyif: test -f /etc/apache2/sites-enabled/{{ pillar['apache']['register-site'][site]['name'] }}{{ apache.confext }}
{%- endif %}
- order: 230
- require:
- pkg: apache-package-install-pkg-installed
- file: apache-config-register-site-file-managed
- file: apache-config-register-site-file-directory
- watch:
- file: apache-config-register-site-file-managed
apache-config-register-site-file-managed:
file.managed:
- name: /etc/apache2/sites-available/{{ pillar['apache']['register-site'][site]['name'] }}{{ apache.confext }}
- source: {{ pillar['apache']['register-site'][site]['path'] }}
- order: 225
- makedirs: True
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- mode: 775
{%- if 'template' in pillar['apache']['register-site'][site] and 'defaults' in pillar['apache']['register-site'][site] %}
- template: {{ apache.get('template_engine', 'jinja') }}
- defaults:
{%- for key, value in pillar['apache']['register-site'][site]['defaults'].items() %}
{{ key }}: {{ value }}
{%- endfor %}
{%- endif %}
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-reload
cmd.run:
- name: echo dummy state to workaround requisite issue >/dev/null 2>&1
- require_in:
- file: apache-config-register-site-file-managed
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endif %} #END: apache-service-running-register-site
{%- endif %} #END: grains['os_family'] == debian

41
apache/config/vhosts/clean.sls Normal file
View File

@ -0,0 +1,41 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_clean = tplroot ~ '.service.clean' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains.os_family == 'Debian' %}
include:
- {{ sls_service_clean }}
{%- set dirpath = '/etc/apache2/sites-enabled' %}
{# Add . and .. to make it easier to not clean those #}
{%- set valid_sites = ['.', '..', ] %}
{# Take sites from apache.vhosts.standard #}
{%- for id, site in salt['pillar.get']('apache:sites', {}).items() %}
{%- do valid_sites.append('{}{}'.format(id, apache.confext)) %}
{%- endfor %}
{# Take sites from apache.register_site #}
{%- for id, site in salt['pillar.get']('apache:register-site', {}).items() %}
{%- do valid_sites.append('{}{}'.format(site.name, apache.confext)) %}
{%- endfor %}
{%- if salt['file.directory_exists'](dirpath) %}
{%- for filename in salt['file.readdir'](dirpath) %}
{%- if filename not in valid_sites %}
apache-config-vhosts-clean-{{ filename }}-cmd-run:
cmd.run:
- name: a2dissite {{ filename }} || true
- onlyif: "test -L {{ dirpath }}/{{ filename }} || test -f {{ dirpath }}/{{ filename }}"
- require:
- sls: {{ sls_service_clean }}
{%- endif %}
{%- endfor %}
{%- endif %}
{%- endif %}{# Debian #}

42
apache/config/vhosts/cleanup.sls Normal file
View File

@ -0,0 +1,42 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains.os_family == 'Debian' %}
include:
- {{ sls_service_running }}
{%- set dirpath = '/etc/apache2/sites-enabled' %}
{# Add . and .. to make it easier to not clean those #}
{%- set valid_sites = ['.', '..', ] %}
{# Take sites from apache.vhosts.standard #}
{%- for id, site in salt['pillar.get']('apache:sites', {}).items() %}
{%- do valid_sites.append('{}{}'.format(id, apache.confext)) %}
{%- endfor %}
{# Take sites from apache.register_site #}
{%- for id, site in salt['pillar.get']('apache:register-site', {}).items() %}
{%- do valid_sites.append('{}{}'.format(site.name, apache.confext)) %}
{%- endfor %}
{%- if salt['file.directory_exists'](dirpath) %}
{%- for filename in salt['file.readdir'](dirpath) %}
{%- if filename not in valid_sites %}
apache-config-vhosts-cleanup-{{ filename }}-cmd-run:
cmd.run:
- name: a2dissite {{ filename }} || true
- onlyif: "test -L {{ dirpath }}/{{ filename }} || test -f {{ dirpath }}/{{ filename }}"
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
{%- endif %}
{%- endfor %}
{%- endif %}
{%- endif %}{# Debian #}

5
apache/config/vhosts/init.sls Normal file
View File

@ -0,0 +1,5 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
include:
- .standard

2
apache/vhosts/minimal.tmpl → apache/config/vhosts/minimal.tmpl
View File

@ -22,7 +22,7 @@
'DocumentRoot': site.get('DocumentRoot', '{0}/{1}'.format(map.wwwdir, sitename))
} -%}
<VirtualHost {% for intf in vals.interfaces %} {{intf}}:{{ vals.port }}{% endfor -%}>
<VirtualHost {% for intf in vals.interfaces %} {{ intf }}:{{ vals.port }}{% endfor -%}>
ServerName {{ vals.ServerName }}
{% if site.get('ServerAlias') != False %}ServerAlias {{ vals.ServerAlias }}{% endif %}
{% if site.get('ServerAdmin') != False %}ServerAdmin {{ vals.ServerAdmin }}{% endif %}

60
apache/vhosts/proxy.tmpl → apache/config/vhosts/proxy.tmpl
View File

@ -2,8 +2,7 @@
# This file is managed by Salt! Do not edit by hand!
#
{# Define default values here so the template below can just focus on layout #}
{% from "apache/map.jinja" import apache with context %}
{% set sitename = site.get('ServerName', id) %}
{% set sitename = site.get('ServerName', id) -%}
{% set vals = {
'interfaces': site.get('interface', '*').split(),
'port': site.get('port', '80'),
@ -17,7 +16,7 @@
'LogLevel': site.get('LogLevel', 'warn'),
'ErrorLog': site.get('ErrorLog', '{0}/{1}-error.log'.format(map.logdir, sitename)),
'LogFormat': site.get('LogFormat', '"%a %l %u %t \\"%r\\" %>s %O \\"%{Referer}i\\" \\"%{User-Agent}i\\""'),
'LogFormat': site.get('LogFormat', '"%a %l %u %t \\"%r\\" %>s %b \\"%{Referer}i\\" \\"%{User-Agent}i\\""'),
'CustomLog': site.get('CustomLog', '{0}/{1}-access.log'.format(map.logdir, sitename)),
'ProxyRequests': site.get('ProxyRequests', 'Off'),
@ -34,8 +33,9 @@
'Allow': 'from all',
'Require': 'all granted',
},
} %}
<VirtualHost {%- for intf in vals.interfaces %} {{intf}}:{{ vals.port }}{% endfor -%}>
} -%}
<VirtualHost {%- for intf in vals.interfaces %} {{ intf }}:{{ vals.port }}{% endfor -%}>
ServerName {{ vals.ServerName }}
{% if site.get('ServerAlias') != False %}ServerAlias {{ vals.ServerAlias }}{% endif %}
{% if site.get('ServerAdmin') != False %}ServerAdmin {{ vals.ServerAdmin }}{% endif %}
@ -50,18 +50,18 @@
{% if site.get('SSLCertificateFile') %}SSLEngine on
SSLCertificateFile {{ site.SSLCertificateFile }}
{% if site.get('SSLCertificateKeyFile') %}SSLCertificateKeyFile {{ site.SSLCertificateKeyFile }}{% endif %}
{% if site.get('SSLCertificateChainFile') %}SSLCertificateChainFile {{ site.SSLCertificateChainFile}}{% endif %}
{% endif %}
{% if site.get('SSLCertificateChainFile') %}SSLCertificateChainFile {{ site.SSLCertificateChainFile }}{% endif %}
{%- endif %}
{% if site.get('Rewrite') %}RewriteEngine on
{{ site.Rewrite }}
{% endif %}
{% if site.get('SSLProxyEngine') %}SSLProxyEngine {{ site.SSLProxyEngine }}{% endif %}
{{ site.Rewrite|indent(4) }}
{%- endif %}
{% if site.get('SSLProxyEngine') %}SSLProxyEngine {{ site.SSLProxyEngine }}{% endif %}
ProxyRequests {{ vals.ProxyRequests }}
ProxyPreserveHost {{ vals.ProxyPreserveHost }}
{% if site.get('ProxyErrorOverride') %}ProxyErrorOverride {{ site.ProxyErrorOverride }} {% endif %}
{% if site.get('ProxyErrorDir') %}ProxyPass /{{ site.ProxyErrorDir }}/ ! {% endif %}
{% for proxy, proxyargs in vals.ProxyRoute|dictsort|reverse %}
{% set proxyvals = {
{%- for proxy, proxyargs in vals.ProxyRoute|dictsort|reverse %}
{%- set proxyvals = {
'ProxyPassSource': proxyargs.get('ProxyPassSource', '/'),
'ProxyPassTarget': proxyargs.get('ProxyPassTarget', 'https://{0}'.format(sitename)),
'ProxyPassTargetOptions': proxyargs.get('ProxyPassTargetOptions', ''),
@ -81,13 +81,13 @@
'Dav': loc.get('Dav', False),
} %}
<Location "{{ path }}">
{% if apache.version == '2.4' %}
{%- if lvals.get('Require') != False %}Require {{lvals.Require}}{% endif %}
{% else %}
{%- if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %}
{%- if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %}
{% endif %}
{%- if loc.get('Formula_Append') %} {{ loc.Formula_Append|indent(8) }} {% endif %}
{%- if map.version == '2.4' %}
{% if lvals.get('Require') != False %}Require {{ lvals.Require }}{% endif %}
{%- else %}
{% if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %}
{% if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %}
{%- endif %}
{% if loc.get('Formula_Append') %} {{ loc.Formula_Append|indent(8) }} {% endif %}
</Location>
{% endfor %}
{%- for regpath, locmat in site.get('LocationMatch', {}).items() %}
@ -98,13 +98,13 @@
'Dav': locmat.get('Dav', False),
} %}
<LocationMatch "{{ regpath }}">
{% if apache.version == '2.4' %}
{%- if lmvals.get('Require') != False %}Require {{lmvals.Require}}{% endif %}
{% else %}
{%- if lmvals.get('Order') != False %}Order {{ lmvals.Order }}{% endif %}
{%- if lmvals.get('Allow') != False %}Allow {{ lmvals.Allow }}{% endif %}
{% endif %}
{%- if locmat.get('Formula_Append') %} {{ locmat.Formula_Append|indent(8) }} {% endif %}
{%- if map.version == '2.4' %}
{% if lmvals.get('Require') != False %}Require {{ lmvals.Require }}{% endif %}
{%- else %}
{% if lmvals.get('Order') != False %}Order {{ lmvals.Order }}{% endif %}
{% if lmvals.get('Allow') != False %}Allow {{ lmvals.Allow }}{% endif %}
{%- endif %}
{% if locmat.get('Formula_Append') %} {{ locmat.Formula_Append|indent(8) }} {% endif %}
</LocationMatch>
{% endfor %}
{%- for proxypath, prox in site.get('Proxy_control', {}).items() %}
@ -120,12 +120,12 @@
{% if proxvals.get('AllowCountry') != False %}{% set country_list = proxvals.get('AllowCountry', {}) %}GeoIPEnable On
{% for every_country in country_list %}SetEnvIf GEOIP_COUNTRY_CODE {{ every_country }} AllowCountry
{% endfor %}Require env AllowCountry {% endif %}
{% if proxvals.get('AllowIP') is defined %} {% set ip_list = proxvals.get('AllowIP', {}) %}
{% if proxvals.get('AllowIP') is defined %}{% set ip_list = proxvals.get('AllowIP', {}) %}
Require ip {% for every_ip in ip_list %}{{ every_ip }} {% endfor %} {% endif %}
{%- endif %}
{%- endif %}
</Proxy>
{%- endfor %}
{% if site.get('Formula_Append') %}
{%- if site.get('Formula_Append') %}
{{ site.Formula_Append|indent(4) }}
{% endif %}
{%- endif %}
</VirtualHost>

9
apache/vhosts/redirect.tmpl → apache/config/vhosts/redirect.tmpl
View File

@ -2,7 +2,6 @@
# This file is managed by Salt! Do not edit by hand!
#
{# Define default values here so the template below can just focus on layout #}
{%- from "apache/map.jinja" import apache with context %}
{%- set sitename = site.get('ServerName', id) %}
{%- set vals = {
@ -18,14 +17,14 @@
'LogLevel': site.get('LogLevel', 'warn'),
'ErrorLog': site.get('ErrorLog', '{0}/{1}-error.log'.format(map.logdir, sitename)),
'LogFormat': site.get('LogFormat', '"%h %l %u %t \\\"%r\\\" %>s %O"'),
'LogFormat': site.get('LogFormat', '"%h %l %u %t \\\"%r\\\" %>s %b"'),
'CustomLog': site.get('CustomLog', '{0}/{1}-access.log'.format(map.logdir, sitename)),
'RedirectSource': site.get('RedirectSource', '/'),
'RedirectTarget': site.get('RedirectTarget', 'https://{0}/'.format(sitename)),
} %}
<VirtualHost {%- for intf in vals.interfaces %} {{intf}}:{{ vals.port }}{% endfor -%}>
<VirtualHost {%- for intf in vals.interfaces %} {{ intf }}:{{ vals.port }}{% endfor -%}>
ServerName {{ vals.ServerName }}
{% if site.get('ServerAlias') != False %}ServerAlias {{ vals.ServerAlias }}{% endif %}
@ -44,7 +43,7 @@
{% else %}
Redirect {{ vals.RedirectSource }} {{ vals.RedirectTarget }}
{% endif %}
{% if site.get('Formula_Append') %}
{{ site.Formula_Append|indent(4) }}
{% endif %}

71
apache/config/vhosts/standard.sls Normal file
View File

@ -0,0 +1,71 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{#- The apache variable can grow _very_ large, especially the sites subkey.
Create a trimmed copy with config variables. #}
{%- set map = apache %}
{%- do map.pop('sites', None) %}
include:
- {{ sls_package_install }}
- {{ sls_service_running }}
{%- for id, site in salt['pillar.get']('apache:sites', {}).items() %}
{%- set documentroot = site.get('DocumentRoot', '{0}/{1}'.format(apache.wwwdir, site.get('ServerName', id))) %}
apache-config-vhosts-standard-{{ id }}:
file.managed:
- name: {{ apache.vhostdir }}/{{ id }}{{ apache.confext }}
- source: {{ site.get('template_file', 'salt://apache/config/vhosts/standard.tmpl') }}
- template: {{ apache.get('template_engine', 'jinja') }}
- makedirs: True
- context:
id: {{ id|json }}
site: {{ site|json }}
map: {{ map|json }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- service: apache-service-running
{%- if site.get('DocumentRoot') != False %}
apache-config-vhosts-standard-{{ id }}-docroot:
file.directory:
- name: {{ documentroot }}
- makedirs: True
- user: {{ site.get('DocumentRootUser', apache.get('document_root_user'))|json or apache.user }}
- group: {{ site.get('DocumentRootGroup', apache.get('document_root_group'))|json or apache.group }}
- allow_symlink: True
{%- endif %}
{%- if grains.os_family == 'Debian' %}
{%- if site.get('enabled', True) %}
apache-config-vhosts-standard-{{ id }}-cmd-run-a2en:
cmd.run:
- name: a2ensite {{ id }}{{ apache.confext }}
- unless: test -f /etc/apache2/sites-enabled/{{ id }}{{ apache.confext }}
- require:
- file: apache-config-vhosts-standard-{{ id }}
- watch_in:
- service: apache-service-running
{%- else %}
apache-config-vhosts-standard-{{ id }}-cmd-run-a2dis:
cmd.run:
- name: a2dissite {{ id }}{{ apache.confext }}
- onlyif: test -f /etc/apache2/sites-enabled/{{ id }}{{ apache.confext }}
- require:
- file: apache-config-vhosts-standard-{{ id }}
- watch_in:
- service: apache-service-running
{%- endif %}
{%- endif %} {# Debian #}
{%- endfor %}

54
apache/vhosts/standard.tmpl → apache/config/vhosts/standard.tmpl
View File

@ -2,9 +2,9 @@
# This file is managed by Salt! Do not edit by hand!
#
{# Define default values here so the template below can just focus on layout #}
{%- set sitename = site.get('ServerName', id) -%}
{% set sitename = site.get('ServerName', id) -%}
{%- set vals = {
{% set vals = {
'interfaces': site.get('interface', '*').split(),
'port': site.get('port', '80'),
@ -43,7 +43,7 @@
},
} -%}
<VirtualHost {% for intf in vals.interfaces %} {{intf}}:{{ vals.port }}{% endfor -%}>
<VirtualHost {%- for intf in vals.interfaces %} {{ intf }}:{{ vals.port }}{% endfor -%}>
ServerName {{ vals.ServerName }}
{% if site.get('ServerAlias') != False %}ServerAlias {{ vals.ServerAlias }}{% endif %}
@ -67,18 +67,22 @@
{% if site.get('SSLCertificateFile') %}SSLEngine on
SSLCertificateFile {{ site.SSLCertificateFile }}
{% if site.get('SSLCertificateKeyFile') %}SSLCertificateKeyFile {{ site.SSLCertificateKeyFile }}{% endif %}
{% if site.get('SSLCertificateChainFile') %}SSLCertificateChainFile {{ site.SSLCertificateChainFile}}{% endif %}
{% endif %}
{% if site.get('SSLCertificateChainFile') %}SSLCertificateChainFile {{ site.SSLCertificateChainFile }}{% endif %}
{%- endif %}
{% if site.get('Rewrite') %}RewriteEngine on
{{ site.Rewrite }}
{% endif %}
{{ site.Rewrite|indent(4) }}
{%- endif %}
{%- for loc, path in site.get('Alias', {}).items() %}
Alias {{ loc }} {{ path }}
{%- endfor %}
{%- for path, dir in site.get('Directory', {}).items() -%}
{%- for loc, path in site.get('ScriptAlias', {}).items() %}
ScriptAlias {{ loc }} {{ path }}
{%- endfor %}
{%- for path, dir in site.get('Directory', {}).items() %}
{%- set dvals = {
'Options': dir.get('Options', vals.Directory.Options),
'Order': dir.get('Order', vals.Directory.Order),
@ -92,18 +96,18 @@
<Directory "{{ path }}">
{% if dvals.get('Options') != False %}Options {{ dvals.Options }}{% endif %}
{% if map.version == '2.4' %}
{% if dvals.get('Require') != False %}Require {{dvals.Require}}{% endif %}
{% else %}
{%- if map.version == '2.4' %}
{% if dvals.get('Require') != False %}Require {{ dvals.Require }}{% endif %}
{%- else %}
{% if dvals.get('Order') != False %}Order {{ dvals.Order }}{% endif %}
{% if dvals.get('Allow') != False %}Allow {{ dvals.Allow }}{% endif %}
{% endif %}
{%- endif %}
{% if dvals.get('AllowOverride') != False %}AllowOverride {{ dvals.AllowOverride }}{% endif %}
{% if dvals.get('Dav') != False %}Dav On{% endif %}
{% if dir.get('Formula_Append') %}
{%- if dir.get('Formula_Append') %}
{{ dir.Formula_Append|indent(8) }}
{% endif %}
{%- endif %}
</Directory>
{%- endfor %}
@ -116,21 +120,21 @@
} %}
<Location "{{ path }}">
{% if map.version == '2.4' %}
{%- if lvals.get('Require') != False %}Require {{lvals.Require}}{% endif %}
{% else %}
{%- if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %}
{%- if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %}
{% endif %}
{%- if lvals.get('Dav') != False %}Dav On{% endif %}
{%- if map.version == '2.4' %}
{% if lvals.get('Require') != False %}Require {{ lvals.Require }}{% endif %}
{%- else %}
{% if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %}
{% if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %}
{%- endif %}
{% if lvals.get('Dav') != False %}Dav On{% endif %}
{%- if loc.get('Formula_Append') %}
{{ loc.Formula_Append|indent(8) }}
{% endif %}
{%- endif %}
</Location>
{% endfor %}
{%- endfor %}
{%- if site.get('Formula_Append') %}
{{ site.Formula_Append|indent(4) }}
{% endif %}
{%- endif %}
</VirtualHost>

44
apache/debian_full.sls
View File

@ -1,44 +0,0 @@
{% from "apache/map.jinja" import apache with context %}
{% if grains['os_family']=="Debian" %}
include:
- apache
- apache.register_site
extend:
apache:
pkg:
- order: 175
service:
- order: 455
apache-reload:
module:
- order: 420
apache-restart:
module:
- order: 425
a2dissite 000-default{{ apache.confext }}:
cmd.run:
- onlyif: test -f /etc/apache2/sites-enabled/000-default{{ apache.confext }}
- watch_in:
- module: apache-reload
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
- require:
- pkg: apache
/etc/apache2/sites-available/{{ apache.default_site }}:
file.absent:
- require:
- pkg: apache
/etc/apache2/sites-available/{{ apache.default_site_ssl }}:
file.absent:
- require:
- pkg: apache
{% endif %} #END: os = debian

53
apache/defaults.yaml
View File

@ -1,11 +1,54 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
apache:
manage_service_states: True
lookup: {}
pkg:
name: apache2
mod_ssl: mod_ssl
mod_wsgi: mod_wsgi
deps: []
rootuser: root
rootgroup: root
template_engine: jinja
config: '/etc/apache'
service:
name: apache
user: www-data
group: www-data
vhostdir: /etc/apache2/sites-available
confdir: /etc/apache2/conf.d
davlockdbdir: null
logdir: /var/log/apache2
wwwdir: /srv/apache2
document_root_user: null # Do not enforce group
document_root_group: null # Do not enforce group
manage_service_states: true
service_state: running
service_enable: True
service_enable: true
flags: {}
global: {}
modules: {}
mod_remoteip: {}
mod_security:
crs_install: False
manage_config: False
crs_install: false
manage_config: false # use software defaults
mod_ssl:
manage_tls_defaults: false # use software defaults
# Just here for testing
added_in_defaults: defaults_value
winner: defaults
retry_option:
# https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states
attempts: 2
until: true
interval: 10
splay: 10

611
apache/files/Arch/apache-2.4.config.jinja Normal file
View File

@ -0,0 +1,611 @@
#
# This file is managed by Salt! Do not edit by hand!
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "{{ apache.get('serverroot', '/etc/httpd') }}"
#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
# Mutex default:/run/httpd
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
{% if salt['pillar.get']('apache:sites') is mapping %}
{%- set listen_directives = [] %}
{%- for id, site in salt['pillar.get']('apache:sites').items() %}
{%- set interfaces = site.get('interface', '*').split() %}
{%- set port = site.get('port', 80) %}
{%- for interface in interfaces %}
{%- if not site.get('exclude_listen_directive', False) and not port == '*' %}
{%- set listen_directive = interface ~ ':' ~ port %}
{%- if listen_directive not in listen_directives %}
{%- do listen_directives.append(listen_directive) %}
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
{%- for listen in listen_directives %}
Listen {{ listen }}
{%- endfor %}
{%- else %}
Listen 80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
{%- endif %}
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule mpm_event_module modules/mod_mpm_event.so
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule cache_socache_module modules/mod_cache_socache.so
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule socache_redis_module modules/mod_socache_redis.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule echo_module modules/mod_echo.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule data_module modules/mod_data.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule request_module modules/mod_request.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule xml2enc_module modules/mod_xml2enc.so
#LoadModule proxy_html_module modules/mod_proxy_html.so
#LoadModule brotli_module modules/mod_brotli.so
LoadModule mime_module modules/mod_mime.so
#LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule logio_module modules/mod_logio.so
#LoadModule lua_module modules/mod_lua.so
LoadModule env_module modules/mod_env.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
#LoadModule remoteip_module modules/mod_remoteip.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_express_module modules/mod_proxy_express.so
#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
#LoadModule session_module modules/mod_session.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_crypto_module modules/mod_session_crypto.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
#LoadModule ssl_module modules/mod_ssl.so
#LoadModule dialup_module modules/mod_dialup.so
#LoadModule http2_module modules/mod_http2.so
#LoadModule proxy_http2_module modules/mod_proxy_http2.so
#LoadModule md_module modules/mod_md.so
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
#LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule info_module modules/mod_info.so
#LoadModule suexec_module modules/mod_suexec.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
#LoadModule cgi_module modules/mod_cgi.so
</IfModule>
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_lock_module modules/mod_dav_lock.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule imagemap_module modules/mod_imagemap.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User {{ apache.user or 'http' }}
Group {{ apache.group or 'http' }}
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin you@example.com
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "{{ apache.get('docroot', apache.wwwdir or '/srv/http') }}"
#
# Relax access to content within {{ apache.wwwdir }}.
#
<Directory "{{ apache.wwwdir }}">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
# Further relax access to the default document root:
<Directory "{{ apache.get('docroot', apache.wwwdir + '/srv/http') }}">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "{{ apache.logdir }}/error_log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
{%- for log_format in salt['pillar.get']('apache:log_formats', []) %}
LogFormat {{ log_format }}
{%- endfor %}
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog "/var/log/httpd/access_log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog "/var/log/httpd/access_log" combined
CustomLog "{{ apache.logdir }}/access_log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "{{ apache.wwwdir }}/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock cgisock
</IfModule>
#
# "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "{{ apache.wwwdir }}/cgi-bin/">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig conf/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
#
# Specify a default charset for all content served; this enables
# interpretation of all content as UTF-8 by default. To use the
# default browser choice (ISO-8859-1), or to allow the META tags
# in HTML content to override this choice, comment out this
# directive:
#
{%- if apache.get('default_charset', False) is none %}
# AddDefaultCharset UTF-8
{%- else %}
AddDefaultCharset {{ apache.get('default_charset', 'UTF-8') }}
{%- endif %}
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile conf/magic
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on
{%- for directive, dvalue in salt['pillar.get']('apache:global', {}).items() %}
{{ directive }} {{ dvalue }}
{%- endfor %}
# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional {{ apache.confdir }}/*.conf
{% if apache.vhostdir != apache.confdir %}
IncludeOptional {{ apache.vhostdir }}/*.conf
{% endif %}
# Server-pool management (MPM specific)
Include conf/extra/httpd-mpm.conf
# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
Include conf/extra/httpd-autoindex.conf
# Language settings
Include conf/extra/httpd-languages.conf
# User home directories
Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
<IfModule mod_dav.c>
Include conf/extra/httpd-dav.conf
</IfModule>
# Various default settings
Include conf/extra/httpd-default.conf
# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

15
apache/files/Debian/apache-2.2.config.jinja
View File

@ -1,3 +1,6 @@
#
# This file is managed by Salt! Do not edit by hand!
#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
@ -8,7 +11,7 @@
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# consult the online docs. You have been warned.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
@ -87,7 +90,7 @@ KeepAliveTimeout 5
##
## Server-Pool Size Regulation (MPM specific)
##
##
# prefork MPM
# StartServers: number of server processes to start
@ -116,7 +119,7 @@ KeepAliveTimeout 5
<IfModule mpm_worker_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
@ -133,7 +136,7 @@ KeepAliveTimeout 5
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
@ -153,8 +156,8 @@ Group ${APACHE_RUN_GROUP}
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny

3
apache/files/Debian/conf-available/remoteip.conf.jinja
View File

@ -2,3 +2,6 @@ RemoteIPHeader {{ salt['pillar.get']('apache:mod_remoteip:RemoteIPHeader', 'X-Fo
{%- for trusted_proxy in salt['pillar.get']('apache:mod_remoteip:RemoteIPTrustedProxy', []) %}
RemoteIPTrustedProxy {{ trusted_proxy }}
{%- endfor %}
{%- for trusted_proxy in salt['pillar.get']('apache:mod_remoteip:RemoteIPInternalProxy', []) %}
RemoteIPInternalProxy {{ trusted_proxy }}
{%- endfor %}

1
apache/files/Debian/envvars-2.2.jinja
View File

@ -1,7 +1,6 @@
#
# This file is managed by Salt! Do not edit by hand!
#
{% from "apache/map.jinja" import apache with context -%}
# envvars - default environment variables for apache2ctl

1
apache/files/Debian/envvars-2.4.jinja
View File

@ -1,7 +1,6 @@
#
# This file is managed by Salt! Do not edit by hand!
#
{% from "apache/map.jinja" import apache with context -%}
# envvars - default environment variables for apache2ctl

2
apache/files/Debian/modsecurity.conf.jinja
View File

@ -10,7 +10,7 @@
{%- set sec_pcre_match_limit_recursion = modsec.get('sec_pcre_match_limit_recursion', 1000 ) -%}
{%- set sec_debug_log_level = modsec.get('sec_debug_log_level', 0 ) -%}
#
# This file is managed/autogenerated by salt.
# This file is managed by Salt! Do not edit by hand!
# Modify the salt pillar that generates this file instead
#
# -- Rule engine initialization ----------------------------------------------

2
apache/files/Debian/mpm/mpm_prefork.conf.jinja
View File

@ -14,7 +14,7 @@
<IfModule mpm_prefork_module>
StartServers {{ mpm_param['start_servers'] | d('5') }}
MaxRequestWorkers {{ mpm_param['max_request_workers'] | d('150') }}
{%- if mpm_param['max_request_workers'] | d('150') >= 256 %}
{%- if mpm_param['max_request_workers'] | d('150') | int >= 256 %}
ServerLimit {{ mpm_param['max_request_workers'] | d('150') }}
{%- endif %}
MinSpareServers {{ mpm_param['min_spare_servers'] | d('5') }}

1
apache/files/Debian/ports-2.2.conf.jinja
View File

@ -1,7 +1,6 @@
#
# This file is managed by Salt! Do not edit by hand!
#
{%- from "apache/map.jinja" import apache with context -%}
{% if salt['pillar.get']('apache:sites') is mapping %}
{%- set listen_directives = [] %}

1
apache/files/Debian/ports-2.4.conf.jinja
View File

@ -1,7 +1,6 @@
#
# This file is managed by Salt! Do not edit by hand!
#
{%- from "apache/map.jinja" import apache with context -%}
{% if salt['pillar.get']('apache:sites') is mapping %}
{%- set listen_directives = [] %}

25
apache/files/Debian/ssl.conf.jinja
View File

@ -39,7 +39,7 @@
SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
# (The mechanism dbm has known memory leaks and should not be used).
#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
@ -48,7 +48,7 @@
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
# SSL engine uses internally for inter-process synchronization.
# (Disabled by default, the global Mutex directive consolidates by default
# this)
#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
@ -59,7 +59,7 @@
# ciphers(1) man page from the openssl package for list of all available
# options.
# Enable only secure ciphers:
{# default from https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 #}
{#- default from https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 #}
SSLCipherSuite {{ salt['pillar.get']('apache:ssl:SSLCipherSuite', 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS') }}
# SSL server cipher order preference:
@ -84,18 +84,25 @@
# Default: Off
#SSLStrictSNIVHostCheck On
{% set use_stapling = salt['pillar.get']('apache:ssl:SSLUseStapling', 'Off') %}
{% if use_stapling == 'On' %}
{% set use_stapling = salt['pillar.get']('apache:ssl:SSLUseStapling', 'Off') -%}
{% if use_stapling == 'On' -%}
# Stapling configuration
# Default: Off
#
# See https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html for more details
# Defaults values taken from https://mozilla.github.io/server-side-tls/ssl-config-generator/
SSLUseStapling {{ use_stapling }}
SSLStaplingResponderTimeout {{ salt['pillar.get']('SSLStaplingResponderTimeout', '5') }}
SSLStaplingReturnResponderErrors {{ salt['pillar.get']('SSLStaplingReturnResponderErrors', 'Off') }}
SSLStaplingCache {{ salt['pillar.get']('SSLStaplingCache', 'shmcb:/var/run/ocsp(128000)') }}
{% endif %}
SSLStaplingResponderTimeout {{ salt['pillar.get']('apache:ssl:SSLStaplingResponderTimeout', '5') }}
SSLStaplingReturnResponderErrors {{ salt['pillar.get']('apache:ssl:SSLStaplingReturnResponderErrors', 'Off') }}
SSLStaplingCache {{ salt['pillar.get']('apache:ssl:SSLStaplingCache', 'shmcb:/var/run/ocsp(128000)') }}
{%- endif %}
{% set ssl_session_ticket = salt['pillar.get']('apache:ssl:SSLSessionTickets') -%}
{% if ssl_session_ticket -%}
# Enable or disable use of TLS session tickets
# Default: On
SSLSessionTickets {{ ssl_session_ticket }}
{%- endif %}
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

36
apache/files/FreeBSD/apache-2.4.config.jinja
View File

@ -1,21 +1,25 @@
#
# This file is managed by Salt! Do not edit by hand!
#
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.
#
@ -168,13 +172,13 @@ LoadModule alias_module libexec/apache24/mod_alias.so
# Third party modules
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
Include {{ apache.portsfile }}
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
@ -215,7 +219,7 @@ ServerAdmin root@localhost
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
@ -279,8 +283,8 @@ DocumentRoot "{{ apache.global_document_root }}"
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
@ -333,8 +337,8 @@ LogLevel warn
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
@ -351,7 +355,7 @@ LogLevel warn
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
@ -454,10 +458,10 @@ LogLevel warn
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
@ -467,9 +471,9 @@ LogLevel warn
# Supplemental configuration
#
# The configuration files in the etc/apache24/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# The configuration files in the etc/apache24/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)

1
apache/files/FreeBSD/envvars-2.4.jinja
View File

@ -1,7 +1,6 @@
#
# This file is managed by Salt! Do not edit by hand!
#
{%- from "apache/map.jinja" import apache with context -%}
# envvars - default environment variables for apache2ctl

6
apache/files/FreeBSD/mod_cgi.conf.jinja
View File

@ -1,8 +1,6 @@
{% from "apache/map.jinja" import apache with context %}
<IfModule !mpm_prefork_module>
LoadModule cgid_module libexec/{{ apache.service }}/mod_cgid.so
LoadModule cgid_module libexec/{{ svcname }}/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
LoadModule cgi_module libexec/{{ apache.service }}/mod_cgi.so
LoadModule cgi_module libexec/{{ svcname }}/mod_cgi.so
</IfModule>

4
apache/files/FreeBSD/mod_perl.conf.jinja
View File

@ -1,3 +1 @@
{% from "apache/map.jinja" import apache with context %}
LoadModule perl_module libexec/{{ apache.service }}/mod_perl.so
LoadModule perl_module libexec/{{ svcname }}/mod_perl.so

4
apache/files/FreeBSD/mod_php5.conf.jinja
View File

@ -1,6 +1,4 @@
{% from "apache/map.jinja" import apache with context %}
LoadModule php5_module /usr/local/libexec/{{ apache.service }}/libphp5.so
LoadModule php5_module /usr/local/libexec/{{ svcname }}/libphp5.so
DirectoryIndex index.html index.php

4
apache/files/FreeBSD/mod_proxy.conf.jinja
View File

@ -1,3 +1 @@
{% from "apache/map.jinja" import apache with context %}
LoadModule proxy_module libexec/{{ apache.service }}/mod_proxy.so
LoadModule proxy_module libexec/{{ svcname }}/mod_proxy.so

4
apache/files/FreeBSD/mod_proxy_http.conf.jinja
View File

@ -1,3 +1 @@
{% from "apache/map.jinja" import apache with context %}
LoadModule proxy_http_module libexec/{{ apache.service }}/mod_proxy_http.so
LoadModule proxy_http_module libexec/{{ svcname }}/mod_proxy_http.so

4
apache/files/FreeBSD/mod_rewrite.conf.jinja
View File

@ -1,3 +1 @@
{% from "apache/map.jinja" import apache with context %}
LoadModule rewrite_module libexec/{{ apache.service }}/mod_rewrite.so
LoadModule rewrite_module libexec/{{ svcname }}/mod_rewrite.so

4
apache/files/FreeBSD/mod_suexec.conf.jinja
View File

@ -1,3 +1 @@
{% from "apache/map.jinja" import apache with context %}
LoadModule suexec_module libexec/{{ apache.service }}/mod_suexec.so
LoadModule suexec_module libexec/{{ svcname }}/mod_suexec.so

241
apache/files/FreeBSD/modsecurity.conf.jinja Normal file
View File

@ -0,0 +1,241 @@
{%- set apache = pillar.get('apache', {}) %}
{%- set modsec = apache.get('mod_security', {}) %}
{%- set sec_rule_engine = modsec.get('sec_rule_engine', 'DetectionOnly' ) -%}
{%- set sec_request_body_access = modsec.get('sec_request_body_access', 'On' ) -%}
{%- set sec_request_body_limit = modsec.get('sec_request_body_limit', 13107200 ) -%}
{%- set sec_request_body_no_files_limit = modsec.get('sec_request_body_no_files_limit', 131072 ) -%}
{%- set sec_request_body_in_memory_limit = modsec.get('sec_request_body_in_memory_limit', 131072 ) -%}
{%- set sec_request_body_limit_action = modsec.get('sec_request_body_limit_action', 'Reject' ) -%}
{%- set sec_pcre_match_limit = modsec.get('sec_pcre_match_limit', 1000 ) -%}
{%- set sec_pcre_match_limit_recursion = modsec.get('sec_pcre_match_limit_recursion', 1000 ) -%}
{%- set sec_debug_log_level = modsec.get('sec_debug_log_level', 0 ) -%}
#
# This file is managed by Salt! Do not edit by hand!
# Modify the salt pillar that generates this file instead
#
# -- Rule engine initialization ----------------------------------------------
# Enable ModSecurity, attaching it to every transaction. Use detection
# only to start with, because that minimises the chances of post-installation
# disruption.
#
SecRuleEngine {{ sec_rule_engine }}
# -- Request body handling ---------------------------------------------------
# Allow ModSecurity to access request bodies. If you don't, ModSecurity
# won't be able to see any POST parameters, which opens a large security
# hole for attackers to exploit.
#
SecRequestBodyAccess {{ sec_request_body_access }}
# Enable XML request body parser.
# Initiate XML Processor in case of xml content-type
#
SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
# Enable JSON request body parser.
# Initiate JSON Processor in case of JSON content-type; change accordingly
# if your application does not use 'application/json'
#
SecRule REQUEST_HEADERS:Content-Type "application/json" \
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
# Maximum request body size we will accept for buffering. If you support
# file uploads then the value given on the first line has to be as large
# as the largest file you are willing to accept. The second value refers
# to the size of data, with files excluded. You want to keep that value as
# low as practical.
#
SecRequestBodyLimit {{ sec_request_body_limit }}
SecRequestBodyNoFilesLimit {{ sec_request_body_no_files_limit }}
# Store up to 128 KB of request body data in memory. When the multipart
# parser reaches this limit, it will start using your hard disk for
# storage. That is slow, but unavoidable.
#
SecRequestBodyInMemoryLimit {{ sec_request_body_in_memory_limit }}
# What do do if the request body size is above our configured limit.
# Keep in mind that this setting will automatically be set to ProcessPartial
# when SecRuleEngine is set to DetectionOnly mode in order to minimize
# disruptions when initially deploying ModSecurity.
#
SecRequestBodyLimitAction {{ sec_request_body_limit_action }}
# Verify that we've correctly processed the request body.
# As a rule of thumb, when failing to process a request body
# you should reject the request (when deployed in blocking mode)
# or log a high-severity alert (when deployed in detection-only mode).
#
SecRule REQBODY_ERROR "!@eq 0" \
"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
# By default be strict with what we accept in the multipart/form-data
# request body. If the rule below proves to be too strict for your
# environment consider changing it to detection-only. You are encouraged
# _not_ to remove it altogether.
#
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"id:'200003',phase:2,t:none,log,deny,status:400, \
msg:'Multipart request body failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_MISSING_SEMICOLON}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IP %{MULTIPART_INVALID_PART}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
# Did we see anything that might be a boundary?
#
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
"id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
# PCRE Tuning
# We want to avoid a potential RegEx DoS condition
#
SecPcreMatchLimit {{ sec_pcre_match_limit }}
SecPcreMatchLimitRecursion {{ sec_pcre_match_limit_recursion }}
# Some internal errors will set flags in TX and we will need to look for these.
# All of these are prefixed with "MSC_". The following flags currently exist:
#
# MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded.
#
SecRule TX:/^MSC_/ "!@streq 0" \
"id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
# -- Response body handling --------------------------------------------------
# Allow ModSecurity to access response bodies.
# You should have this directive enabled in order to identify errors
# and data leakage issues.
#
# Do keep in mind that enabling this directive does increases both
# memory consumption and response latency.
#
SecResponseBodyAccess On
# Which response MIME types do you want to inspect? You should adjust the
# configuration below to catch documents but avoid static files
# (e.g., images and archives).
#
SecResponseBodyMimeType text/plain text/html text/xml
# Buffer response bodies of up to 512 KB in length.
SecResponseBodyLimit 524288
# What happens when we encounter a response body larger than the configured
# limit? By default, we process what we have and let the rest through.
# That's somewhat less secure, but does not break any legitimate pages.
#
SecResponseBodyLimitAction ProcessPartial
# -- Filesystem configuration ------------------------------------------------
# The location where ModSecurity stores temporary files (for example, when
# it needs to handle a file upload that is larger than the configured limit).
#
# This default setting is chosen due to all systems have /tmp available however,
# this is less than ideal. It is recommended that you specify a location that's private.
#
SecTmpDir /tmp/
# The location where ModSecurity will keep its persistent data. This default setting
# is chosen due to all systems have /tmp available however, it
# too should be updated to a place that other users can't access.
#
SecDataDir /tmp/
# -- File uploads handling configuration -------------------------------------
# The location where ModSecurity stores intercepted uploaded files. This
# location must be private to ModSecurity. You don't want other users on
# the server to access the files, do you?
#
#SecUploadDir /opt/modsecurity/var/upload/
# By default, only keep the files that were determined to be unusual
# in some way (by an external inspection script). For this to work you
# will also need at least one file inspection rule.
#
#SecUploadKeepFiles RelevantOnly
# Uploaded files are by default created with permissions that do not allow
# any other user to access them. You may need to relax that if you want to
# interface ModSecurity to an external program (e.g., an anti-virus).
#
#SecUploadFileMode 0600
# -- Debug log configuration -------------------------------------------------
# The default debug log configuration is to duplicate the error, warning
# and notice messages from the error log.
#
#SecDebugLog /opt/modsecurity/var/log/debug.log
SecDebugLogLevel {{ sec_debug_log_level }}
# -- Audit log configuration -------------------------------------------------
# Log the transactions that are marked by a rule, as well as those that
# trigger a server error (determined by a 5xx or 4xx, excluding 404,
# level response status codes).
#
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
# Log everything we know about a transaction.
SecAuditLogParts ABIJDEFHZ
# Use a single file for logging. This is much easier to look at, but
# assumes that you will use the audit log only ocassionally.
#
SecAuditLogType Serial
SecAuditLog /var/log/modsec_audit.log
# Specify the path for concurrent audit logging.
#SecAuditLogStorageDir /opt/modsecurity/var/audit/
# -- Miscellaneous -----------------------------------------------------------
# Use the most commonly used application/x-www-form-urlencoded parameter
# separator. There's probably only one application somewhere that uses
# something else so don't expect to change this value.
#
SecArgumentSeparator &
# Settle on version 0 (zero) cookies, as that is what most applications
# use. Using an incorrect cookie version may open your installation to
# evasion attacks (against the rules that examine named cookies).
#
SecCookieFormat 0
# Specify your Unicode Code Point.
# This mapping is used by the t:urlDecodeUni transformation function
# to properly map encoded data to your language. Properly setting
# these directives helps to reduce false positives and negatives.
#
SecUnicodeMapFile unicode.mapping 20127
# Improve the quality of ModSecurity by sharing information about your
# current ModSecurity version and dependencies versions.
# The following information will be shared: ModSecurity version,
# Web Server version, APR version, PCRE version, Lua version, Libxml2
# version, Anonymous unique id for host.
SecStatusEngine On

Some files were not shown because too many files have changed in this diff Show More