saltstack-formulas/apache-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: saltstack-formulas:libertacasa
Branches Tags
saltstack-formulas:libertacasa
saltstack-formulas:dependabot/bundler/activesupport-7.0.4.1
saltstack-formulas:pre-commit-ci-update-config
saltstack-formulas:master
saltstack-formulas:ixs-patch-1
saltstack-formulas:develop-v1.0.0
saltstack-formulas:v1.2.2
saltstack-formulas:v1.2.1
saltstack-formulas:v1.2.0
saltstack-formulas:v1.1.8
saltstack-formulas:v1.1.7
saltstack-formulas:v1.1.6
saltstack-formulas:v1.1.5
saltstack-formulas:v1.1.4
saltstack-formulas:v1.1.3
saltstack-formulas:v1.1.2
saltstack-formulas:v1.1.1
saltstack-formulas:v1.1.0
saltstack-formulas:v1.0.5
saltstack-formulas:v1.0.4
saltstack-formulas:v1.0.3
saltstack-formulas:v1.0.2
saltstack-formulas:v1.0.1
saltstack-formulas:v1.0.0
saltstack-formulas:v0.41.1
saltstack-formulas:v0.41.0
saltstack-formulas:v0.40.0
saltstack-formulas:v0.39.5
saltstack-formulas:v0.39.4
saltstack-formulas:v0.39.3
saltstack-formulas:v0.39.2
saltstack-formulas:v0.39.1
saltstack-formulas:v0.39.0
saltstack-formulas:v0.38.2
saltstack-formulas:v0.38.1
saltstack-formulas:v0.38.0
saltstack-formulas:v0.37.4
..
compare: saltstack-formulas:develop-v1.0.0
Branches Tags
saltstack-formulas:libertacasa
saltstack-formulas:dependabot/bundler/activesupport-7.0.4.1
saltstack-formulas:pre-commit-ci-update-config
saltstack-formulas:master
saltstack-formulas:ixs-patch-1
saltstack-formulas:develop-v1.0.0
saltstack-formulas:v1.2.2
saltstack-formulas:v1.2.1
saltstack-formulas:v1.2.0
saltstack-formulas:v1.1.8
saltstack-formulas:v1.1.7
saltstack-formulas:v1.1.6
saltstack-formulas:v1.1.5
saltstack-formulas:v1.1.4
saltstack-formulas:v1.1.3
saltstack-formulas:v1.1.2
saltstack-formulas:v1.1.1
saltstack-formulas:v1.1.0
saltstack-formulas:v1.0.5
saltstack-formulas:v1.0.4
saltstack-formulas:v1.0.3
saltstack-formulas:v1.0.2
saltstack-formulas:v1.0.1
saltstack-formulas:v1.0.0
saltstack-formulas:v0.41.1
saltstack-formulas:v0.41.0
saltstack-formulas:v0.40.0
saltstack-formulas:v0.39.5
saltstack-formulas:v0.39.4
saltstack-formulas:v0.39.3
saltstack-formulas:v0.39.2
saltstack-formulas:v0.39.1
saltstack-formulas:v0.39.0
saltstack-formulas:v0.38.2
saltstack-formulas:v0.38.1
saltstack-formulas:v0.38.0
saltstack-formulas:v0.37.4

4 Commits
libertacas ... develop-v1

Author SHA1 Message Date
N
86e334a710
Merge pull request #261 from AxaGuilDEv/modules_enabling 
change way of enabling/disabling apache modules for Redhat
 2020-12-05 13:51:31 +00:00
Karim Hamza
84e5328906 change way of enabling/disabling apache modules for Redhat 
use file.comment and file.uncomment builtin states instead of sed
command
 2019-04-23 12:47:00 +02:00
karim Hamza
ba2368907d remove ng stuff (#255) 
* remove -ng stuff

* remove ng from template

* remove -ng from readme

* manage listen directive with disabled vhosts

* add json filter

* remove hardcoded path
 2019-04-20 09:38:32 +02:00
karim Hamza
9662e8b4ab Feature (rhel7/httpd 2.4) : hardening apache and code refactoring (#251) 
* Feature (rhel7/httpd 2.4) : hardening apache and code refactoring

* remove hard returns

* Add default Listen 80 in httpd.conf

In case there no vhosts defined in pillar httpd will listen on port 80.
 Without this default it will not start

* empty file autoindex.conf instead of deleting it

* explicit hardening items and references from CIS

* add #3.5 hardening rule

* explain CIS recommendations categories

* add dependencies before start service

* add recommendation #7.1 Install mod_ssl

* link in readme to hardening doc
 2019-02-22 10:10:30 +01:00
221 changed files with 3162 additions and 12833 deletions
Show Stats Expand all files Collapse all files

8
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View File

@ -0,0 +1,8 @@
**Summary of Changes**
* Issue summary
- Indented line 1
- Indented line 2
**Testing**
- Ran `make`
- Tested in Vagrant
- Tested on OS

16
.github/workflows/commitlint.yml vendored
View File

@ -1,16 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
name: Commitlint
'on': [pull_request]
jobs:
lint:
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: wagoid/commitlint-github-action@v1

40
.github/workflows/kitchen.vagrant.yml vendored
View File

@ -1,40 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
name: 'Kitchen Vagrant (FreeBSD)'
'on': ['push', 'pull_request']
env:
KITCHEN_LOCAL_YAML: 'kitchen.vagrant.yml'
jobs:
test:
runs-on: 'macos-10.15'
strategy:
fail-fast: false
matrix:
instance:
# - default-freebsd-130-master-py3
# - modules-freebsd-130-master-py3
- freebsd-130-master-py3
# - default-freebsd-123-master-py3
# - modules-freebsd-123-master-py3
- freebsd-123-master-py3
# - default-freebsd-130-3004-0-py3
# - default-freebsd-123-3004-0-py3
steps:
- name: 'Check out code'
uses: 'actions/checkout@v2'
- name: 'Set up Bundler cache'
uses: 'actions/cache@v1'
with:
path: 'vendor/bundle'
key: "${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}"
restore-keys: "${{ runner.os }}-gems-"
- name: 'Run Bundler'
run: |
ruby --version
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
- name: 'Run Test Kitchen'
run: 'bundle exec kitchen verify ${{ matrix.instance }}'

134
.gitignore vendored
View File

@ -1,134 +1,2 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
env/
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
*.egg-info/
.installed.cfg
*.egg
# PyInstaller
# Usually these files are written by a python script from a packager
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
.hypothesis/
*.swp
.kitchen
.kitchen.local.yml
kitchen.local.yml
junit-*.xml
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
target/
# Jupyter Notebook
.ipynb_checkpoints
# pyenv
.python-version
# celery beat schedule file
celerybeat-schedule
# SageMath parsed files
*.sage.py
# dotenv
.env
# virtualenv
.venv
venv/
ENV/
# visual studio
.vs/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
# Bundler
.bundle/
# copied `.md` files used for conversion to `.rst` using `m2r`
docs/*.md
# Vim
*.sw?
## Collected when centralising formulas (check and sort)
# `collectd-formula`
.pytest_cache/
/.idea/
Dockerfile.*_*
ignore/
tmp/
# `salt-formula` -- Vagrant Specific files
.vagrant
top.sls
!test/salt/pillar/top.sls
# `suricata-formula` -- Platform binaries
*.rpm
*.deb

254
.gitlab-ci.yml
View File

@ -1,254 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
###############################################################################
# Define all YAML node anchors
###############################################################################
.node_anchors:
# `only` (also used for `except` where applicable)
only_branch_master_parent_repo: &only_branch_master_parent_repo
- 'master@saltstack-formulas/apache-formula'
# `stage`
stage_lint: &stage_lint 'lint'
stage_release: &stage_release 'release'
stage_test: &stage_test 'test'
# `image`
image_commitlint: &image_commitlint 'myii/ssf-commitlint:11'
image_dindruby: &image_dindruby 'myii/ssf-dind-ruby:2.7.1-r3'
image_precommit: &image_precommit
name: 'myii/ssf-pre-commit:2.9.2'
entrypoint: ['/bin/bash', '-c']
image_rubocop: &image_rubocop 'pipelinecomponents/rubocop:latest'
# yamllint disable-line rule:line-length
image_semantic-release: &image_semanticrelease 'myii/ssf-semantic-release-pandoc:15.14'
# `services`
services_docker_dind: &services_docker_dind
- 'docker:dind'
# `variables`
# https://forum.gitlab.com/t/gitlab-com-ci-caching-rubygems/5627/3
# https://bundler.io/v1.16/bundle_config.html
variables_bundler: &variables_bundler
BUNDLE_CACHE_PATH: '${CI_PROJECT_DIR}/.cache/bundler'
BUNDLE_WITHOUT: 'production'
# `cache`
cache_bundler: &cache_bundler
key: '${CI_JOB_STAGE}'
paths:
- '${BUNDLE_CACHE_PATH}'
###############################################################################
# Define stages and global variables
###############################################################################
stages:
- *stage_lint
- *stage_test
- *stage_release
variables:
DOCKER_DRIVER: 'overlay2'
###############################################################################
# `lint` stage: `commitlint`, `pre-commit` & `rubocop` (latest, failure allowed)
###############################################################################
commitlint:
stage: *stage_lint
image: *image_commitlint
script:
# Add `upstream` remote to get access to `upstream/master`
- 'git remote add upstream
https://gitlab.com/saltstack-formulas/apache-formula.git'
- 'git fetch --all'
# Set default commit hashes for `--from` and `--to`
- 'export COMMITLINT_FROM="$(git merge-base upstream/master HEAD)"'
- 'export COMMITLINT_TO="${CI_COMMIT_SHA}"'
# `coqbot` adds a merge commit to test PRs on top of the latest commit in
# the repo; amend this merge commit message to avoid failure
- |
if [ "${GITLAB_USER_LOGIN}" = "coqbot" ] \
&& [ "${CI_COMMIT_BRANCH}" != "master" ]; then
git commit --amend -m \
'chore: reword coqbot merge commit message for commitlint'
export COMMITLINT_TO=HEAD
fi
# Run `commitlint`
- 'commitlint --from "${COMMITLINT_FROM}"
--to "${COMMITLINT_TO}"
--verbose'
pre-commit:
stage: *stage_lint
image: *image_precommit
# https://pre-commit.com/#gitlab-ci-example
variables:
PRE_COMMIT_HOME: '${CI_PROJECT_DIR}/.cache/pre-commit'
cache:
key: '${CI_JOB_NAME}'
paths:
- '${PRE_COMMIT_HOME}'
script:
- 'pre-commit run --all-files --color always --verbose'
# Use a separate job for `rubocop` other than the one potentially run by `pre-commit`
# - The `pre-commit` check will only be available for formulas that pass the default
# `rubocop` check -- and must continue to do so
# - This job is allowed to fail, so can be used for all formulas
# - Furthermore, this job uses all of the latest `rubocop` features & cops,
# which will help when upgrading the `rubocop` linter used in `pre-commit`
rubocop:
allow_failure: true
stage: *stage_lint
image: *image_rubocop
script:
- 'rubocop -d -P -S --enable-pending-cops'
###############################################################################
# Define `test` template
###############################################################################
.test_instance: &test_instance
stage: *stage_test
image: *image_dindruby
services: *services_docker_dind
variables: *variables_bundler
cache: *cache_bundler
before_script:
# TODO: This should work from the env vars above automatically
- 'bundle config set path "${BUNDLE_CACHE_PATH}"'
- 'bundle config set without "${BUNDLE_WITHOUT}"'
- 'bundle install'
script:
# Alternative value to consider: `${CI_JOB_NAME}`
- 'bin/kitchen verify "${DOCKER_ENV_CI_JOB_NAME}"'
###############################################################################
# Define `test` template (`allow_failure: true`)
###############################################################################
.test_instance_failure_permitted:
<<: *test_instance
allow_failure: true
###############################################################################
# `test` stage: each instance below uses the `test` template above
###############################################################################
## Define the rest of the matrix based on Kitchen testing
# Make sure the instances listed below match up with
# the `platforms` defined in `kitchen.yml`
# yamllint disable rule:line-length
# default-debian-11-tiamat-py3: {extends: '.test_instance'}
# default-debian-10-tiamat-py3: {extends: '.test_instance'}
# default-debian-9-tiamat-py3: {extends: '.test_instance'}
# default-ubuntu-2204-tiamat-py3: {extends: '.test_instance_failure_permitted'}
# default-ubuntu-2004-tiamat-py3: {extends: '.test_instance'}
# default-ubuntu-1804-tiamat-py3: {extends: '.test_instance'}
# default-centos-stream8-tiamat-py3: {extends: '.test_instance_failure_permitted'}
# default-centos-7-tiamat-py3: {extends: '.test_instance'}
# default-amazonlinux-2-tiamat-py3: {extends: '.test_instance'}
# default-oraclelinux-8-tiamat-py3: {extends: '.test_instance'}
# default-oraclelinux-7-tiamat-py3: {extends: '.test_instance'}
# default-almalinux-8-tiamat-py3: {extends: '.test_instance'}
# default-rockylinux-8-tiamat-py3: {extends: '.test_instance'}
# default-debian-11-master-py3: {extends: '.test_instance'}
# modules-debian-11-master-py3: {extends: '.test_instance'}
debian-11-master-py3: {extends: '.test_instance'}
# default-debian-10-master-py3: {extends: '.test_instance'}
# modules-debian-10-master-py3: {extends: '.test_instance'}
debian-10-master-py3: {extends: '.test_instance'}
# default-debian-9-master-py3: {extends: '.test_instance'}
# modules-debian-9-master-py3: {extends: '.test_instance'}
# debian-9-master-py3: {extends: '.test_instance'}
# default-ubuntu-2204-master-py3: {extends: '.test_instance_failure_permitted'}
# modules-ubuntu-2204-master-py3: {extends: '.test_instance_failure_permitted'}
ubuntu-2204-master-py3: {extends: '.test_instance_failure_permitted'}
# default-ubuntu-2004-master-py3: {extends: '.test_instance'}
# modules-ubuntu-2004-master-py3: {extends: '.test_instance'}
ubuntu-2004-master-py3: {extends: '.test_instance'}
# default-ubuntu-1804-master-py3: {extends: '.test_instance'}
# modules-ubuntu-1804-master-py3: {extends: '.test_instance'}
ubuntu-1804-master-py3: {extends: '.test_instance'}
# default-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
# modules-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
# default-centos-7-master-py3: {extends: '.test_instance'}
# modules-centos-7-master-py3: {extends: '.test_instance'}
centos-7-master-py3: {extends: '.test_instance'}
# default-fedora-36-master-py3: {extends: '.test_instance_failure_permitted'}
# modules-fedora-36-master-py3: {extends: '.test_instance_failure_permitted'}
fedora-36-master-py3: {extends: '.test_instance_failure_permitted'}
# default-fedora-35-master-py3: {extends: '.test_instance'}
# modules-fedora-35-master-py3: {extends: '.test_instance'}
fedora-35-master-py3: {extends: '.test_instance'}
# default-opensuse-leap-153-master-py3: {extends: '.test_instance'}
# modules-opensuse-leap-153-master-py3: {extends: '.test_instance'}
opensuse-leap-153-master-py3: {extends: '.test_instance'}
default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
# modules-opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
# opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
# https://community.letsencrypt.org/t/localhost-crt-does-not-exist-or-is-empty/103979
default-amazonlinux-2-master-py3: {extends: '.test_instance'}
# modules-amazonlinux-2-master-py3: {extends: '.test_instance'}
# amazonlinux-2-master-py3: {extends: '.test_instance'}
# default-oraclelinux-8-master-py3: {extends: '.test_instance'}
# modules-oraclelinux-8-master-py3: {extends: '.test_instance'}
# oraclelinux-8-master-py3: {extends: '.test_instance'}
# default-oraclelinux-7-master-py3: {extends: '.test_instance'}
# modules-oraclelinux-7-master-py3: {extends: '.test_instance'}
oraclelinux-7-master-py3: {extends: '.test_instance'}
# default-arch-base-latest-master-py3: {extends: '.test_instance'}
modules-arch-base-latest-master-py3: {extends: '.test_instance'}
# arch-base-latest-master-py3: {extends: '.test_instance'}
# default-gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
# modules-gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
# gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
# default-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}
# modules-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}
# gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}
# default-almalinux-8-master-py3: {extends: '.test_instance'}
# modules-almalinux-8-master-py3: {extends: '.test_instance'}
almalinux-8-master-py3: {extends: '.test_instance'}
# default-rockylinux-8-master-py3: {extends: '.test_instance'}
# modules-rockylinux-8-master-py3: {extends: '.test_instance'}
rockylinux-8-master-py3: {extends: '.test_instance'}
# default-debian-11-3004-1-py3: {extends: '.test_instance'}
# default-debian-10-3004-1-py3: {extends: '.test_instance'}
# default-debian-9-3004-1-py3: {extends: '.test_instance'}
# default-ubuntu-2204-3004-1-py3: {extends: '.test_instance_failure_permitted'}
# default-ubuntu-2004-3004-1-py3: {extends: '.test_instance'}
# default-ubuntu-1804-3004-1-py3: {extends: '.test_instance'}
# default-centos-stream8-3004-1-py3: {extends: '.test_instance_failure_permitted'}
# default-centos-7-3004-1-py3: {extends: '.test_instance'}
# default-fedora-36-3004-1-py3: {extends: '.test_instance_failure_permitted'}
# default-fedora-35-3004-1-py3: {extends: '.test_instance'}
# default-amazonlinux-2-3004-1-py3: {extends: '.test_instance'}
# default-oraclelinux-8-3004-1-py3: {extends: '.test_instance'}
# default-oraclelinux-7-3004-1-py3: {extends: '.test_instance'}
# default-arch-base-latest-3004-1-py3: {extends: '.test_instance'}
# default-gentoo-stage3-latest-3004-1-py3: {extends: '.test_instance'}
# default-gentoo-stage3-systemd-3004-1-py3: {extends: '.test_instance'}
# default-almalinux-8-3004-1-py3: {extends: '.test_instance'}
# default-rockylinux-8-3004-1-py3: {extends: '.test_instance'}
# default-opensuse-leap-153-3004-0-py3: {extends: '.test_instance'}
# default-opensuse-tmbl-latest-3004-0-py3: {extends: '.test_instance_failure_permitted'}
# default-debian-10-3003-4-py3: {extends: '.test_instance'}
# default-debian-9-3003-4-py3: {extends: '.test_instance'}
# default-ubuntu-2004-3003-4-py3: {extends: '.test_instance'}
# default-ubuntu-1804-3003-4-py3: {extends: '.test_instance'}
# default-centos-stream8-3003-4-py3: {extends: '.test_instance_failure_permitted'}
# default-centos-7-3003-4-py3: {extends: '.test_instance'}
# default-amazonlinux-2-3003-4-py3: {extends: '.test_instance'}
# default-oraclelinux-8-3003-4-py3: {extends: '.test_instance'}
# default-oraclelinux-7-3003-4-py3: {extends: '.test_instance'}
# default-almalinux-8-3003-4-py3: {extends: '.test_instance'}
# yamllint enable rule:line-length
###############################################################################
# `release` stage: `semantic-release`
###############################################################################
semantic-release:
only: *only_branch_master_parent_repo
stage: *stage_release
image: *image_semanticrelease
variables:
MAINTAINER_TOKEN: '${GH_TOKEN}'
script:
# Update `AUTHORS.md`
- '${HOME}/go/bin/maintainer contributor'
# Run `semantic-release`
- 'semantic-release'

56
.kitchen.yml Normal file
View File

@ -0,0 +1,56 @@
---
driver:
name: docker
use_sudo: false
privileged: true
require_chef_omnibus: false
platforms:
- name: centos-7
- name: ubuntu-16.04
- name: debian-9
provisioner:
name: salt_solo
formula: apache
require_chef: false
data_path: test/shared
pillars:
top.sls:
base:
'*':
- apache
apache.sls:
apache:
manage_service_states: False
mod_security:
crs_install: True
manage_config: True
sec_rule_engine: 'On'
sec_request_body_access: 'On'
sec_request_body_limit: '14000000'
sec_request_body_no_files_limit: '114002'
sec_request_body_in_memory_limit: '114002'
sec_request_body_limit_action: 'Reject'
sec_pcre_match_limit: '15000'
sec_pcre_match_limit_recursion: '15000'
sec_debug_log_level: '3'
suites:
- name: default
provisioner:
state_top:
base:
'*':
- apache
- apache.mod_security
- name: apache_norestart
provisioner:
state_top:
base:
'*':
- apache
pillars:
apache.sls:
apache:
manage_service_states: False

77
.pre-commit-config.yaml
View File

@ -1,77 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
ci:
autofix_commit_msg: |
ci(pre-commit.ci): apply auto fixes from pre-commit.com hooks
For more information, see https://pre-commit.ci
autofix_prs: true
autoupdate_branch: ''
autoupdate_commit_msg: |
ci(pre-commit.ci): perform `pre-commit` autoupdate
autoupdate_schedule: quarterly
skip: []
submodules: false
default_stages: [commit]
repos:
- repo: https://github.com/dafyddj/commitlint-pre-commit-hook
rev: v2.3.0
hooks:
- id: commitlint
name: Check commit message using commitlint
description: Lint commit message against @commitlint/config-conventional rules
stages: [commit-msg]
additional_dependencies: ['@commitlint/config-conventional@8.3.4']
- id: commitlint-travis
stages: [manual]
additional_dependencies: ['@commitlint/config-conventional@8.3.4']
always_run: true
- repo: https://github.com/rubocop-hq/rubocop
rev: v1.30.1
hooks:
- id: rubocop
name: Check Ruby files with rubocop
args: [--debug]
always_run: true
pass_filenames: false
- repo: https://github.com/shellcheck-py/shellcheck-py
rev: v0.8.0.4
hooks:
- id: shellcheck
name: Check shell scripts with shellcheck
files: ^.*\.(sh|bash|ksh)$
types: []
- repo: https://github.com/adrienverge/yamllint
rev: v1.26.3
hooks:
- id: yamllint
name: Check YAML syntax with yamllint
args: [--strict, '.']
always_run: true
pass_filenames: false
- repo: https://github.com/warpnet/salt-lint
rev: v0.8.0
hooks:
- id: salt-lint
name: Check Salt files using salt-lint
files: ^.*\.(sls|jinja|j2|tmpl|tst)$
- repo: https://github.com/myint/rstcheck
rev: 3f929574
hooks:
- id: rstcheck
name: Check reST files using rstcheck
exclude: 'docs/CHANGELOG.rst'
- repo: https://github.com/saltstack-formulas/mirrors-rst-lint
rev: v1.3.2
hooks:
- id: rst-lint
name: Check reST files using rst-lint
exclude: |
(?x)^(
docs/CHANGELOG.rst|
docs/TOFS_pattern.rst|
)$
additional_dependencies: [pygments==2.9.0]

4
.rstcheck.cfg
View File

@ -1,4 +0,0 @@
[rstcheck]
report=info
ignore_language=rst
ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$)

23
.rubocop.yml
View File

@ -1,23 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# General overrides used across formulas in the org
Layout/LineLength:
# Increase from default of `80`
# Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
Max: 88
Metrics/BlockLength:
IgnoredMethods:
- control
- describe
# Increase from default of `25`
Max: 30
Security/YAMLLoad:
Exclude:
- test/integration/**/_mapdata.rb
# General settings across all cops in this formula
AllCops:
NewCops: enable
# Any offenses that should be fixed, e.g. collected via. `rubocop --auto-gen-config`

32
.salt-lint
View File

@ -1,32 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
exclude_paths: []
rules:
203: # Most files should not contain tabs
ignore: |
apache/files/Debian/apache-2.4.config.jinja
apache/files/Debian/mpm/mpm_event.conf.jinja
apache/files/Debian/mpm/mpm_prefork.conf.jinja
apache/files/Debian/mpm/mpm_worker.conf.jinja
apache/files/Debian/ssl.conf.jinja
apache/files/FreeBSD/mod_cgi.conf.jinja
apache/files/FreeBSD/mod_ssl.conf.jinja
apache/files/RedHat/conf.modules.d/00-mpm.conf.jinja
apache/files/RedHat/modsecurity.conf.jinja
apache/logrotate.sls
204: # Lines should be no longer that 160 chars
ignore: |
apache/files/Debian/ssl.conf.jinja
apache/files/FreeBSD/mod_ssl.conf.jinja
apache/files/ssl/tls-defaults.conf.jinja
test/salt/pillar/modules.sls
skip_list:
# Using `salt-lint` for linting other files as well, such as Jinja macros/templates
- 205 # Use ".sls" as a Salt State file extension
# Skipping `207` and `208` because `210` is sufficient, at least for the time-being
# I.e. Allows 3-digit unquoted codes to still be used, such as `644` and `755`
- 207 # File modes should always be encapsulated in quotation marks
- 208 # File modes should always contain a leading zero
tags: []
verbosity: 1

237
.travis.yml
View File

@ -1,227 +1,16 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
################################################################################
# NOTE: This file is UNMAINTAINED; it is provided for references purposes only.
# No guarantees are tendered that this structure will work after 2020.
################################################################################
# * https://en.wikipedia.org/wiki/Travis_CI:
# - "... free open-source plans were removed in [sic] the end of 2020"
# - https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing
# - https://ropensci.org/technotes/2020/11/19/moving-away-travis/
################################################################################
## Machine config
os: 'linux'
arch: 'amd64'
dist: 'bionic'
version: '~> 1.0'
## Language and cache config
language: 'ruby'
cache: 'bundler'
## Services config
services:
sudo: required
language: python
services:
- docker
## Script to run for the test stage
before_install:
- bundle install
env:
matrix:
- INSTANCE: default-centos-7
- INSTANCE: default-ubuntu-1604
- INSTANCE: default-debian-9
script:
- bin/kitchen verify "${INSTANCE}"
## Stages and jobs matrix
stages:
- test
# # As part of the switch away from Travis CI, ensure that the `release` stage
# # is not run inadvertently
# - name: 'release'
# if: 'branch = master AND type != pull_request'
jobs:
include:
## Define the test stage that runs the linters (and testing matrix, if applicable)
# Run all of the linters in a single job
- language: 'node_js'
node_js: 'lts/*'
env: 'Lint'
name: 'Lint: salt-lint, yamllint, rubocop, shellcheck & commitlint'
before_install: 'skip'
script:
# Install and run `salt-lint`
- pip install --user salt-lint
- git ls-files -- '*.sls' '*.jinja' '*.j2' '*.tmpl' '*.tst'
| xargs salt-lint
# Install and run `yamllint`
# Need at least `v1.17.0` for the `yaml-files` setting
- pip install --user yamllint>=1.17.0
- yamllint -s .
# Install and run `rubocop`
- gem install rubocop
- rubocop -d
# Run `shellcheck` (already pre-installed in Travis)
- shellcheck --version
- git ls-files -- '*.sh' '*.bash' '*.ksh'
| xargs shellcheck
# Install and run `commitlint`
- npm i -D @commitlint/config-conventional
@commitlint/travis-cli
- commitlint-travis
# Run `pre-commit` linters in a single job
- language: 'python'
env: 'Lint_pre-commit'
name: 'Lint: pre-commit'
before_install: 'skip'
cache:
directories:
- $HOME/.cache/pre-commit
script:
# Install and run `pre-commit`
- pip install pre-commit==2.7.1
- pre-commit run --all-files --color always --verbose
- pre-commit run --color always --hook-stage manual --verbose commitlint-travis
## Define the rest of the matrix based on Kitchen testing
# Make sure the instances listed below match up with
# the `platforms` defined in `kitchen.yml`
# - env: INSTANCE=default-debian-11-tiamat-py3
# - env: INSTANCE=default-debian-10-tiamat-py3
# - env: INSTANCE=default-debian-9-tiamat-py3
# - env: INSTANCE=default-ubuntu-2204-tiamat-py3
# - env: INSTANCE=default-ubuntu-2004-tiamat-py3
# - env: INSTANCE=default-ubuntu-1804-tiamat-py3
# - env: INSTANCE=default-centos-stream8-tiamat-py3
# - env: INSTANCE=default-centos-7-tiamat-py3
# - env: INSTANCE=default-amazonlinux-2-tiamat-py3
# - env: INSTANCE=default-oraclelinux-8-tiamat-py3
# - env: INSTANCE=default-oraclelinux-7-tiamat-py3
# - env: INSTANCE=default-almalinux-8-tiamat-py3
# - env: INSTANCE=default-rockylinux-8-tiamat-py3
# - env: INSTANCE=default-debian-11-master-py3
# - env: INSTANCE=modules-debian-11-master-py3
- env: INSTANCE=debian-11-master-py3
# - env: INSTANCE=default-debian-10-master-py3
# - env: INSTANCE=modules-debian-10-master-py3
- env: INSTANCE=debian-10-master-py3
# - env: INSTANCE=default-debian-9-master-py3
# - env: INSTANCE=modules-debian-9-master-py3
# - env: INSTANCE=debian-9-master-py3
# - env: INSTANCE=default-ubuntu-2204-master-py3
# - env: INSTANCE=modules-ubuntu-2204-master-py3
- env: INSTANCE=ubuntu-2204-master-py3
# - env: INSTANCE=default-ubuntu-2004-master-py3
# - env: INSTANCE=modules-ubuntu-2004-master-py3
- env: INSTANCE=ubuntu-2004-master-py3
# - env: INSTANCE=default-ubuntu-1804-master-py3
# - env: INSTANCE=modules-ubuntu-1804-master-py3
- env: INSTANCE=ubuntu-1804-master-py3
# - env: INSTANCE=default-centos-stream8-master-py3
# - env: INSTANCE=modules-centos-stream8-master-py3
- env: INSTANCE=centos-stream8-master-py3
# - env: INSTANCE=default-centos-7-master-py3
# - env: INSTANCE=modules-centos-7-master-py3
- env: INSTANCE=centos-7-master-py3
# - env: INSTANCE=default-fedora-36-master-py3
# - env: INSTANCE=modules-fedora-36-master-py3
- env: INSTANCE=fedora-36-master-py3
# - env: INSTANCE=default-fedora-35-master-py3
# - env: INSTANCE=modules-fedora-35-master-py3
- env: INSTANCE=fedora-35-master-py3
# - env: INSTANCE=default-opensuse-leap-153-master-py3
# - env: INSTANCE=modules-opensuse-leap-153-master-py3
- env: INSTANCE=opensuse-leap-153-master-py3
- env: INSTANCE=default-opensuse-tmbl-latest-master-py3
# - env: INSTANCE=modules-opensuse-tmbl-latest-master-py3
# - env: INSTANCE=opensuse-tmbl-latest-master-py3
# https://community.letsencrypt.org/t/localhost-crt-does-not-exist-or-is-empty/103979
- env: INSTANCE=default-amazonlinux-2-master-py3
# - env: INSTANCE=modules-amazonlinux-2-master-py3
# - env: INSTANCE=amazonlinux-2-master-py3
# - env: INSTANCE=default-oraclelinux-8-master-py3
# - env: INSTANCE=modules-oraclelinux-8-master-py3
# - env: INSTANCE=oraclelinux-8-master-py3
# - env: INSTANCE=default-oraclelinux-7-master-py3
# - env: INSTANCE=modules-oraclelinux-7-master-py3
- env: INSTANCE=oraclelinux-7-master-py3
# - env: INSTANCE=default-arch-base-latest-master-py3
- env: INSTANCE=modules-arch-base-latest-master-py3
# - env: INSTANCE=arch-base-latest-master-py3
# - env: INSTANCE=default-gentoo-stage3-latest-master-py3
# - env: INSTANCE=modules-gentoo-stage3-latest-master-py3
# - env: INSTANCE=gentoo-stage3-latest-master-py3
# - env: INSTANCE=default-gentoo-stage3-systemd-master-py3
# - env: INSTANCE=modules-gentoo-stage3-systemd-master-py3
# - env: INSTANCE=gentoo-stage3-systemd-master-py3
# - env: INSTANCE=default-almalinux-8-master-py3
# - env: INSTANCE=modules-almalinux-8-master-py3
- env: INSTANCE=almalinux-8-master-py3
# - env: INSTANCE=default-rockylinux-8-master-py3
# - env: INSTANCE=modules-rockylinux-8-master-py3
- env: INSTANCE=rockylinux-8-master-py3
# - env: INSTANCE=default-debian-11-3004-1-py3
# - env: INSTANCE=default-debian-10-3004-1-py3
# - env: INSTANCE=default-debian-9-3004-1-py3
# - env: INSTANCE=default-ubuntu-2204-3004-1-py3
# - env: INSTANCE=default-ubuntu-2004-3004-1-py3
# - env: INSTANCE=default-ubuntu-1804-3004-1-py3
# - env: INSTANCE=default-centos-stream8-3004-1-py3
# - env: INSTANCE=default-centos-7-3004-1-py3
# - env: INSTANCE=default-fedora-36-3004-1-py3
# - env: INSTANCE=default-fedora-35-3004-1-py3
# - env: INSTANCE=default-amazonlinux-2-3004-1-py3
# - env: INSTANCE=default-oraclelinux-8-3004-1-py3
# - env: INSTANCE=default-oraclelinux-7-3004-1-py3
# - env: INSTANCE=default-arch-base-latest-3004-1-py3
# - env: INSTANCE=default-gentoo-stage3-latest-3004-1-py3
# - env: INSTANCE=default-gentoo-stage3-systemd-3004-1-py3
# - env: INSTANCE=default-almalinux-8-3004-1-py3
# - env: INSTANCE=default-rockylinux-8-3004-1-py3
# - env: INSTANCE=default-opensuse-leap-153-3004-0-py3
# - env: INSTANCE=default-opensuse-tmbl-latest-3004-0-py3
# - env: INSTANCE=default-debian-10-3003-4-py3
# - env: INSTANCE=default-debian-9-3003-4-py3
# - env: INSTANCE=default-ubuntu-2004-3003-4-py3
# - env: INSTANCE=default-ubuntu-1804-3003-4-py3
# - env: INSTANCE=default-centos-stream8-3003-4-py3
# - env: INSTANCE=default-centos-7-3003-4-py3
# - env: INSTANCE=default-amazonlinux-2-3003-4-py3
# - env: INSTANCE=default-oraclelinux-8-3003-4-py3
# - env: INSTANCE=default-oraclelinux-7-3003-4-py3
# - env: INSTANCE=default-almalinux-8-3003-4-py3
## Define the release stage that runs `semantic-release`
- stage: 'release'
language: 'node_js'
node_js: 'lts/*'
env: 'Release'
name: 'Run semantic-release inc. file updates to AUTHORS, CHANGELOG & FORMULA'
before_install: 'skip'
script:
# Update `AUTHORS.md`
- export MAINTAINER_TOKEN=${GH_TOKEN}
- go get github.com/myii/maintainer
- maintainer contributor
# Install all dependencies required for `semantic-release`
- npm i -D @semantic-release/changelog@3
@semantic-release/exec@3
@semantic-release/git@7
deploy:
provider: 'script'
# Opt-in to `dpl v2` to complete the Travis build config validation (beta)
# * https://docs.travis-ci.com/user/build-config-validation
# Deprecated `skip_cleanup` can now be avoided, `cleanup: false` is by default
edge: true
# Run `semantic-release`
script: 'npx semantic-release@15.14'
# Notification options: `always`, `never` or `change`
notifications:
webhooks:
if: 'repo = saltstack-formulas/apache-formula'
urls:
- https://saltstack-formulas.zulipchat.com/api/v1/external/travis?api_key=HsIq3o5QmLxdnVCKF9is0FUIpkpAY79P&stream=CI&topic=saltstack-formulas%2Fapache-formula&ignore_pull_requests=true
on_success: always # default: always
on_failure: always # default: always
on_start: always # default: never
on_cancel: always # default: always
on_error: always # default: always
- bundle exec kitchen verify ${INSTANCE}

46
.yamllint
View File

@ -1,46 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# Extend the `default` configuration provided by `yamllint`
extends: 'default'
# Files to ignore completely
# 1. All YAML files under directory `.bundle/`, introduced if gems are installed locally
# 2. All YAML files under directory `.cache/`, introduced during the CI run
# 3. All YAML files under directory `.git/`
# 4. All YAML files under directory `node_modules/`, introduced during the CI run
# 5. Any SLS files under directory `test/`, which are actually state files
# 6. Any YAML files under directory `.kitchen/`, introduced during local testing
# 7. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax
ignore: |
.bundle/
.cache/
.git/
node_modules/
test/**/states/**/*.sls
.kitchen/
kitchen.vagrant.yml
test/salt/pillar/modules.sls
pillar.example
yaml-files:
# Default settings
- '*.yaml'
- '*.yml'
- .salt-lint
- .yamllint
# SaltStack Formulas additional settings
- '*.example'
- test/**/*.sls
rules:
empty-values:
forbid-in-block-mappings: true
forbid-in-flow-mappings: true
line-length:
# Increase from default of `80`
# Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
max: 88
octal-values:
forbid-implicit-octal: true
forbid-explicit-octal: true

101
AUTHORS.md
View File

@ -1,101 +0,0 @@
# Authors
This list is sorted by the number of commits per contributor in _descending_ order.
Avatar|Contributor|Contributions
:-:|---|:-:
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10231489?v=4' width='36' height='36' alt='@myii'>|[@myii](https://github.com/myii)|147
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1920805?v=4' width='36' height='36' alt='@alxwr'>|[@alxwr](https://github.com/alxwr)|40
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1396878?v=4' width='36' height='36' alt='@gravyboat'>|[@gravyboat](https://github.com/gravyboat)|36
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1800660?v=4' width='36' height='36' alt='@aboe76'>|[@aboe76](https://github.com/aboe76)|32
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/91293?v=4' width='36' height='36' alt='@whiteinge'>|[@whiteinge](https://github.com/whiteinge)|31
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/13322818?v=4' width='36' height='36' alt='@noelmcloughlin'>|[@noelmcloughlin](https://github.com/noelmcloughlin)|29
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/242396?v=4' width='36' height='36' alt='@javierbertoli'>|[@javierbertoli](https://github.com/javierbertoli)|27
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3374962?v=4' width='36' height='36' alt='@nmadhok'>|[@nmadhok](https://github.com/nmadhok)|20
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/528061?v=4' width='36' height='36' alt='@puneetk'>|[@puneetk](https://github.com/puneetk)|20
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/214768?v=4' width='36' height='36' alt='@ixs'>|[@ixs](https://github.com/ixs)|10
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/458548?v=4' width='36' height='36' alt='@SuperTux88'>|[@SuperTux88](https://github.com/SuperTux88)|10
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/287147?v=4' width='36' height='36' alt='@techhat'>|[@techhat](https://github.com/techhat)|10
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/904839?v=4' width='36' height='36' alt='@landergate'>|[@landergate](https://github.com/landergate)|9
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3045456?v=4' width='36' height='36' alt='@bradthurber'>|[@bradthurber](https://github.com/bradthurber)|8
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/117961?v=4' width='36' height='36' alt='@babilen'>|[@babilen](https://github.com/babilen)|8
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/445200?v=4' width='36' height='36' alt='@arthurlogilab'>|[@arthurlogilab](https://github.com/arthurlogilab)|7
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3768412?v=4' width='36' height='36' alt='@stp-ip'>|[@stp-ip](https://github.com/stp-ip)|7
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/17673243?v=4' width='36' height='36' alt='@porunov'>|[@porunov](https://github.com/porunov)|7
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3119969?v=4' width='36' height='36' alt='@genuss'>|[@genuss](https://github.com/genuss)|6
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/5759396?v=4' width='36' height='36' alt='@kadogo'>|[@kadogo](https://github.com/kadogo)|6
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/637990?v=4' width='36' height='36' alt='@bmwiedemann'>|[@bmwiedemann](https://github.com/bmwiedemann)|5
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/48491?v=4' width='36' height='36' alt='@eliasp'>|[@eliasp](https://github.com/eliasp)|5
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/65311?v=4' width='36' height='36' alt='@multani'>|[@multani](https://github.com/multani)|5
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1013915?v=4' width='36' height='36' alt='@rhertzog'>|[@rhertzog](https://github.com/rhertzog)|4
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/20515?v=4' width='36' height='36' alt='@scambra'>|[@scambra](https://github.com/scambra)|4
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2094680?v=4' width='36' height='36' alt='@daschatten'>|[@daschatten](https://github.com/daschatten)|4
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1744181?v=4' width='36' height='36' alt='@adherzog'>|[@adherzog](https://github.com/adherzog)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2192630?v=4' width='36' height='36' alt='@abrefort'>|[@abrefort](https://github.com/abrefort)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1507504?v=4' width='36' height='36' alt='@arnisoph'>|[@arnisoph](https://github.com/arnisoph)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/4195158?v=4' width='36' height='36' alt='@dafyddj'>|[@dafyddj](https://github.com/dafyddj)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/312493?v=4' width='36' height='36' alt='@opdude'>|[@opdude](https://github.com/opdude)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10925856?v=4' width='36' height='36' alt='@louis-haddrell'>|[@louis-haddrell](https://github.com/louis-haddrell)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/964610?v=4' width='36' height='36' alt='@Wenzel'>|[@Wenzel](https://github.com/Wenzel)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/228723?v=4' width='36' height='36' alt='@abednarik'>|[@abednarik](https://github.com/abednarik)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/12513495?v=4' width='36' height='36' alt='@dexbleeker'>|[@dexbleeker](https://github.com/dexbleeker)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/112249?v=4' width='36' height='36' alt='@vincentfretin'>|[@vincentfretin](https://github.com/vincentfretin)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/751889?v=4' width='36' height='36' alt='@Yoda-BZH'>|[@Yoda-BZH](https://github.com/Yoda-BZH)|3
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1079875?v=4' width='36' height='36' alt='@bogdanr'>|[@bogdanr](https://github.com/bogdanr)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/11229682?v=4' width='36' height='36' alt='@carlovollebregt'>|[@carlovollebregt](https://github.com/carlovollebregt)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/4313010?v=4' width='36' height='36' alt='@thornycrackers'>|[@thornycrackers](https://github.com/thornycrackers)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/29622411?v=4' width='36' height='36' alt='@gaetanars'>|[@gaetanars](https://github.com/gaetanars)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/7060082?v=4' width='36' height='36' alt='@msciciel'>|[@msciciel](https://github.com/msciciel)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/201711?v=4' width='36' height='36' alt='@mariusvw'>|[@mariusvw](https://github.com/mariusvw)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/485400?v=4' width='36' height='36' alt='@actionjack'>|[@actionjack](https://github.com/actionjack)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/316108?v=4' width='36' height='36' alt='@mosen'>|[@mosen](https://github.com/mosen)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1244954?v=4' width='36' height='36' alt='@RyPeck'>|[@RyPeck](https://github.com/RyPeck)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/507599?v=4' width='36' height='36' alt='@thatch45'>|[@thatch45](https://github.com/thatch45)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/19413421?v=4' width='36' height='36' alt='@tibberg'>|[@tibberg](https://github.com/tibberg)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/15383526?v=4' width='36' height='36' alt='@emeygret'>|[@emeygret](https://github.com/emeygret)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3609179?v=4' width='36' height='36' alt='@artmoni'>|[@artmoni](https://github.com/artmoni)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/5512529?v=4' width='36' height='36' alt='@alexfrosa'>|[@alexfrosa](https://github.com/alexfrosa)|2
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/20859482?v=4' width='36' height='36' alt='@jhops-ab'>|[@jhops-ab](https://github.com/jhops-ab)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/7612102?v=4' width='36' height='36' alt='@isntall'>|[@isntall](https://github.com/isntall)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/863137?v=4' width='36' height='36' alt='@benjy'>|[@benjy](https://github.com/benjy)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/20441?v=4' width='36' height='36' alt='@iggy'>|[@iggy](https://github.com/iggy)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/47893434?v=4' width='36' height='36' alt='@chorne-togetherwork'>|[@chorne-togetherwork](https://github.com/chorne-togetherwork)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/130219?v=4' width='36' height='36' alt='@corywright'>|[@corywright](https://github.com/corywright)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1233212?v=4' width='36' height='36' alt='@baby-gnu'>|[@baby-gnu](https://github.com/baby-gnu)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1640672?v=4' width='36' height='36' alt='@ev0rtex'>|[@ev0rtex](https://github.com/ev0rtex)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/42472863?v=4' width='36' height='36' alt='@dimitry-unified-streaming'>|[@dimitry-unified-streaming](https://github.com/dimitry-unified-streaming)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/89458395?v=4' width='36' height='36' alt='@fniepelt'>|[@fniepelt](https://github.com/fniepelt)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1194646?v=4' width='36' height='36' alt='@fintanmm'>|[@fintanmm](https://github.com/fintanmm)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/215487?v=4' width='36' height='36' alt='@fcrozat'>|[@fcrozat](https://github.com/fcrozat)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/38090329?v=4' width='36' height='36' alt='@genaumann'>|[@genaumann](https://github.com/genaumann)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/41886?v=4' width='36' height='36' alt='@jbouse'>|[@jbouse](https://github.com/jbouse)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/377632?v=4' width='36' height='36' alt='@jerrykan'>|[@jerrykan](https://github.com/jerrykan)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3703806?v=4' width='36' height='36' alt='@jcristau'>|[@jcristau](https://github.com/jcristau)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/5655231?v=4' width='36' height='36' alt='@kpostrup'>|[@kpostrup](https://github.com/kpostrup)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/783794?v=4' width='36' height='36' alt='@morsik'>|[@morsik](https://github.com/morsik)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/22311?v=4' width='36' height='36' alt='@madssj'>|[@madssj](https://github.com/madssj)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1106959?v=4' width='36' height='36' alt='@mpeeters'>|[@mpeeters](https://github.com/mpeeters)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/7139195?v=4' width='36' height='36' alt='@xenophonf'>|[@xenophonf](https://github.com/xenophonf)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/393545?v=4' width='36' height='36' alt='@mshade'>|[@mshade](https://github.com/mshade)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1829924?v=4' width='36' height='36' alt='@fujexo'>|[@fujexo](https://github.com/fujexo)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/219695?v=4' width='36' height='36' alt='@rmoorman'>|[@rmoorman](https://github.com/rmoorman)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1647923?v=4' width='36' height='36' alt='@robruma'>|[@robruma](https://github.com/robruma)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1554646?v=4' width='36' height='36' alt='@doublerr'>|[@doublerr](https://github.com/doublerr)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3667731?v=4' width='36' height='36' alt='@netzvieh'>|[@netzvieh](https://github.com/netzvieh)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/4156131?v=4' width='36' height='36' alt='@skylerberg'>|[@skylerberg](https://github.com/skylerberg)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/7967223?v=4' width='36' height='36' alt='@TiepiNL'>|[@TiepiNL](https://github.com/TiepiNL)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/326786?v=4' width='36' height='36' alt='@wido'>|[@wido](https://github.com/wido)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/9978732?v=4' width='36' height='36' alt='@abehling'>|[@abehling](https://github.com/abehling)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1021809?v=4' width='36' height='36' alt='@ardin'>|[@ardin](https://github.com/ardin)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/45118187?v=4' width='36' height='36' alt='@l00d3r'>|[@l00d3r](https://github.com/l00d3r)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/17029228?v=4' width='36' height='36' alt='@mcarlton00'>|[@mcarlton00](https://github.com/mcarlton00)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/924183?v=4' width='36' height='36' alt='@mschiff'>|[@mschiff](https://github.com/mschiff)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2869?v=4' width='36' height='36' alt='@nigelsim'>|[@nigelsim](https://github.com/nigelsim)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/55587680?v=4' width='36' height='36' alt='@srse'>|[@srse](https://github.com/srse)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/46799934?v=4' width='36' height='36' alt='@sticky-note'>|[@sticky-note](https://github.com/sticky-note)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/18380701?v=4' width='36' height='36' alt='@tsenay'>|[@tsenay](https://github.com/tsenay)|1
<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2089076?v=4' width='36' height='36' alt='@ze42'>|[@ze42](https://github.com/ze42)|1
---
Auto-generated by a [forked version](https://github.com/myii/maintainer) of [gaocegege/maintainer](https://github.com/gaocegege/maintainer) on 2021-10-28.

430
CHANGELOG.md
View File

@ -1,430 +0,0 @@
# Changelog
## [1.2.2](https://github.com/saltstack-formulas/apache-formula/compare/v1.2.1...v1.2.2) (2021-10-28)
### Bug Fixes
* **redhat:** use correct vhostdir, sitesdir and logrotate script for redhat family ([#376](https://github.com/saltstack-formulas/apache-formula/issues/376)) ([c4b8538](https://github.com/saltstack-formulas/apache-formula/commit/c4b85381288ae878207ffa5d2cc36cabc916e8f1))
## [1.2.1](https://github.com/saltstack-formulas/apache-formula/compare/v1.2.0...v1.2.1) (2021-10-20)
### Bug Fixes
* **vhosts:** reset `cleanup` to previous and use dedicated `clean` SLS ([0c6c1d3](https://github.com/saltstack-formulas/apache-formula/commit/0c6c1d36e261ae6f851cb9b6ed2d1319af460a73))
### Continuous Integration
* **kitchen+ci:** update with latest CVE pre-salted images [skip ci] ([a3d49f1](https://github.com/saltstack-formulas/apache-formula/commit/a3d49f185274efc6d1530580daf03b1ad2be0e2d))
* test for upstream Salt regressions in `master` instances (2021-W37a) ([69dcfd9](https://github.com/saltstack-formulas/apache-formula/commit/69dcfd9c3bf49416e6c77d8e982446d99af3b95c))
### Documentation
* **readme:** document vhosts clean/cleanup ([2d72dff](https://github.com/saltstack-formulas/apache-formula/commit/2d72dff82bdcf9c0d30f6735c315a655ebea483d)), closes [#372](https://github.com/saltstack-formulas/apache-formula/issues/372)
# [1.2.0](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.8...v1.2.0) (2021-08-28)
### Bug Fixes
* **suse:** use correct vhostdir and sitesdir for suse family ([#369](https://github.com/saltstack-formulas/apache-formula/issues/369)) ([fe0ceb7](https://github.com/saltstack-formulas/apache-formula/commit/fe0ceb78b7d4e9f67bc4d5b684b847bdcc604b20)), closes [/documentation.suse.com/sles/15-SP3/html/SLES-all/cha-apache2.html#sec-apache2](https://github.com//documentation.suse.com/sles/15-SP3/html/SLES-all/cha-apache2.html/issues/sec-apache2)
### Continuous Integration
* **3003.1:** update inc. AlmaLinux, Rocky & `rst-lint` [skip ci] ([2e116ec](https://github.com/saltstack-formulas/apache-formula/commit/2e116ec4123b846edd85b651c9634e03cb102abf))
* **freebsd:** update with latest pre-salted Vagrant boxes [skip ci] ([d679580](https://github.com/saltstack-formulas/apache-formula/commit/d67958043df41515350a4b02c5de81e0d83eb813))
* **gemfile+lock:** use `ssf` customised `inspec` repo [skip ci] ([5dd7009](https://github.com/saltstack-formulas/apache-formula/commit/5dd700944b413411fc3557063125f22c1eb6f62a))
* **kitchen:** move `provisioner` block & update `run_command` [skip ci] ([0d1a6dc](https://github.com/saltstack-formulas/apache-formula/commit/0d1a6dc75d1a781518bf4d7262dbfb4cfbc2c0b9))
* **kitchen+ci:** update with latest `3003.2` pre-salted images [skip ci] ([d3641d7](https://github.com/saltstack-formulas/apache-formula/commit/d3641d7f0d427d9e8be9d20bd03f84977d1cba22))
* add Debian 11 Bullseye & update `yamllint` configuration [skip ci] ([7741b90](https://github.com/saltstack-formulas/apache-formula/commit/7741b90ff66719c1abfca3fb306d07ee47cbd4c8))
### Features
* **alma+rocky:** add platforms (based on CentOS 8) [skip ci] ([4353e57](https://github.com/saltstack-formulas/apache-formula/commit/4353e57a1b652186f552472f16f1b06f8fb4f0a1))
## [1.1.8](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.7...v1.1.8) (2021-06-28)
### Bug Fixes
* **register_site:** correct semicolon to colon ([4cf848d](https://github.com/saltstack-formulas/apache-formula/commit/4cf848da05eb558012a465bd6996749982908667))
### Continuous Integration
* **gitlab-ci:** ignore line to avoid `yamllint` violation [skip ci] ([a742f4e](https://github.com/saltstack-formulas/apache-formula/commit/a742f4ee00c08e7db34c2f3adcb8c90a58c851aa))
* **gitlab-ci:** use `pandoc`-enabled `semantic-release` image [skip ci] ([3bf9c6e](https://github.com/saltstack-formulas/apache-formula/commit/3bf9c6e6a942b86fd16ca4b222bb6a1781f4e09d))
* **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] ([10ce382](https://github.com/saltstack-formulas/apache-formula/commit/10ce3822dd7ea9868ee986a08e2ccd48bd0026ee))
* **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] ([57e9873](https://github.com/saltstack-formulas/apache-formula/commit/57e98736247b196ad650528b705379fecf58c835))
## [1.1.7](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.6...v1.1.7) (2021-05-14)
### Bug Fixes
* **mod_pagespeed:** add missing colon to `file.directory` ([a8b87a5](https://github.com/saltstack-formulas/apache-formula/commit/a8b87a583e91b7f69cff8485cb56249c3707ce74))
### Continuous Integration
* add `arch-master` to matrix and update `.travis.yml` [skip ci] ([069388b](https://github.com/saltstack-formulas/apache-formula/commit/069388be3a624a91b955227188ddee7c3650045e))
## [1.1.6](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.5...v1.1.6) (2021-05-08)
### Documentation
* **changelog:** regenerate via. `semantic-release` ([de8c82c](https://github.com/saltstack-formulas/apache-formula/commit/de8c82c7533e36e720cf2e44c46154cd8cd3f540))
## [1.1.5](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.4...v1.1.5) (2021-05-08)
### Documentation
* **changelog:** regenerate via. `semantic-release` ([198d525](https://github.com/saltstack-formulas/apache-formula/commit/198d525a6a552c8c83842c26f6c74a43ffcd4b79))
## [1.1.4](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.3...v1.1.4) (2021-05-08)
### Continuous Integration
* **gitlab-ci:** remove adjustments made during Antora test [skip ci] ([0c7082f](https://github.com/saltstack-formulas/apache-formula/commit/0c7082f8d911185390e8ab03077f61c6027461f7))
### Documentation
* **changelog:** regenerate via. `semantic-release` ([e1f1fa7](https://github.com/saltstack-formulas/apache-formula/commit/e1f1fa7d8f3ea5a8c307badcfe890f96f57c580f))
* **changelog:** regenerate via. `semantic-release` ([a1be1d2](https://github.com/saltstack-formulas/apache-formula/commit/a1be1d21dceb304278e680a5ade56c51882e4a0b))
* **changelog:** regenerate via. `semantic-release` ([56efd35](https://github.com/saltstack-formulas/apache-formula/commit/56efd35f85fe049b4cdcbd082e38d547bd306a39))
## [1.1.3](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.2...v1.1.3) (2021-04-30)
### Bug Fixes
* **config/vhosts/standard:** remove erroneous trailing colon ([dedb9e2](https://github.com/saltstack-formulas/apache-formula/commit/dedb9e2f400aa9d391ae39c22f8a4fec1e7bc220)), closes [#302](https://github.com/saltstack-formulas/apache-formula/issues/302)
### Continuous Integration
* **kitchen+gitlab:** adjust matrix to add `3003` [skip ci] ([3c21740](https://github.com/saltstack-formulas/apache-formula/commit/3c21740ba52fa5c2b5cf39cddce6a42d13d17988))
* **vagrant:** add FreeBSD 13.0 [skip ci] ([298fdf4](https://github.com/saltstack-formulas/apache-formula/commit/298fdf4fb569a3d1d4a9dadedb4c3924bcb8cc9a))
* **vagrant:** use pre-salted boxes & conditional local settings [skip ci] ([f354ace](https://github.com/saltstack-formulas/apache-formula/commit/f354ace8e7d328580a60dbc09703ddc54a6af0a0))
## [1.1.2](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.1...v1.1.2) (2021-04-03)
### Bug Fixes
* **freebsd:** fix `default` suite implementation and tests ([0a0f69e](https://github.com/saltstack-formulas/apache-formula/commit/0a0f69ee2fc8168696f9f9c4ae786389ff894615))
* **freebsd:** fix `modsecurity` suite implementation and tests ([bc9aa78](https://github.com/saltstack-formulas/apache-formula/commit/bc9aa78437d14cf26605f58a3c1e17caed8f05bc))
### Continuous Integration
* enable Vagrant-based testing using GitHub Actions ([6e094e2](https://github.com/saltstack-formulas/apache-formula/commit/6e094e2527748cd4d72690b9289836b17f9289c7))
* **gemfile+lock:** use `ssf` customised `kitchen-docker` repo [skip ci] ([53ac463](https://github.com/saltstack-formulas/apache-formula/commit/53ac4638f3b902c1fd65a64d4344387e26c466c1))
* **gitlab-ci:** reset after update hook for `rubocop` [skip ci] ([6d40ab7](https://github.com/saltstack-formulas/apache-formula/commit/6d40ab7634a42048a0f2b3f2e1173cf2da2a8716))
* **kitchen+ci:** use latest pre-salted images (after CVE) [skip ci] ([69e9d30](https://github.com/saltstack-formulas/apache-formula/commit/69e9d304fb7d637df1856e0d8ab66be7ddce86c4))
* **kitchen+gitlab-ci:** use latest pre-salted images [skip ci] ([21cb59d](https://github.com/saltstack-formulas/apache-formula/commit/21cb59daa2f70ce6cc46f8d241fb6032c932746c))
* **pre-commit:** update hook for `rubocop` ([2c090c3](https://github.com/saltstack-formulas/apache-formula/commit/2c090c3a835e42bd07f0788f4b0965f1c3405662))
### Documentation
* **readme:** add `Testing with Vagrant` section ([5a6b203](https://github.com/saltstack-formulas/apache-formula/commit/5a6b203bb18f9f28146f33af8175fc3b8c059077))
### Tests
* standardise use of `share` suite & `_mapdata` state [skip ci] ([e7c2d20](https://github.com/saltstack-formulas/apache-formula/commit/e7c2d20f06f23a5ce8a5edaae513775aca0914ab))
* **nomodsecurity:** use adjusted `modules` suite instead ([838b917](https://github.com/saltstack-formulas/apache-formula/commit/838b9172217c5e067ea0e4a6d2f155ecd1a4b053))
## [1.1.1](https://github.com/saltstack-formulas/apache-formula/compare/v1.1.0...v1.1.1) (2021-01-04)
### Bug Fixes
* **memory:** pass variable not dict ([2830081](https://github.com/saltstack-formulas/apache-formula/commit/28300814fc0a83244ab64a4a87f104d67de4ac53))
### Continuous Integration
* **commitlint:** ensure `upstream/master` uses main repo URL [skip ci] ([0145922](https://github.com/saltstack-formulas/apache-formula/commit/0145922b52f21469c00c85bf46503411ffd11c56))
* **gitlab-ci:** add `rubocop` linter (with `allow_failure`) [skip ci] ([bbf012b](https://github.com/saltstack-formulas/apache-formula/commit/bbf012b82eed50db3c35cb25a10d9ca36e40487b))
* **gitlab-ci:** use GitLab CI as Travis CI replacement ([26208c4](https://github.com/saltstack-formulas/apache-formula/commit/26208c47c644608b00adfa8474616305e7a55e36))
# [1.1.0](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.5...v1.1.0) (2020-10-14)
### Bug Fixes
* **ssl.conf:** fix pillar keys for SSLStapling in ssl.conf on debian ([65043f8](https://github.com/saltstack-formulas/apache-formula/commit/65043f8a6142f7b9988cd406988b524aa9f0a1f2))
### Code Refactoring
* **ssl.conf:** reduce newlines in ssl.conf on debian ([b99b7b7](https://github.com/saltstack-formulas/apache-formula/commit/b99b7b71add9fc1102d1b62eafada8358dfd5e68))
* **vhosts:** reduce empty lines in standard.tmpl and proxy.tmpl ([4b79c1d](https://github.com/saltstack-formulas/apache-formula/commit/4b79c1dddb1999452b618153792a8710bedbb76e))
### Features
* **ssl.conf:** add SSLSessionTickets to ssl.conf on debian ([41a7a83](https://github.com/saltstack-formulas/apache-formula/commit/41a7a83af0bf1bf4d4dde0f8ea522135dd721738))
## [1.0.5](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.4...v1.0.5) (2020-10-14)
### Bug Fixes
* **clean:** remove entire apache config directory ([cac5f35](https://github.com/saltstack-formulas/apache-formula/commit/cac5f357a47d1bdd40371aca97181b490430c158))
### Code Refactoring
* **package:** remove unnecessary state ([fb81d8e](https://github.com/saltstack-formulas/apache-formula/commit/fb81d8e69450702bcd3eaa6e5243fce02715c819))
### Documentation
* **readme:** add mod watchdog to pillar example ([e0043dd](https://github.com/saltstack-formulas/apache-formula/commit/e0043dd7bafcab1b87822d0c831b91e10936b291))
## [1.0.4](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.3...v1.0.4) (2020-10-14)
### Bug Fixes
* **debian:** don't execute a2enmod on every run ([5844322](https://github.com/saltstack-formulas/apache-formula/commit/5844322de46b82cad6beedd2b99c8808df8f2485))
* **debian:** fix default moddir on debian ([c17601e](https://github.com/saltstack-formulas/apache-formula/commit/c17601ee42cc4aa0222ec60e8ec3176d902b32f1))
* **logs:** don't change owners of logfiles with salt ([382e053](https://github.com/saltstack-formulas/apache-formula/commit/382e053c58c1b4e4f3ceb1af8fd75e2f56f6d153))
* **vhosts:** replace %O with %b in default LogFormat ([2b52e11](https://github.com/saltstack-formulas/apache-formula/commit/2b52e11a8a91b0837a442bac816e7383dbe6fb13))
### Tests
* **pillar:** remove modules that aren't installed from being enabled ([47ec5fc](https://github.com/saltstack-formulas/apache-formula/commit/47ec5fcc343ea889898e2418cd7c03a4a75c8f87))
## [1.0.3](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.2...v1.0.3) (2020-10-13)
### Bug Fixes
* **config:** fix old apache.service usage ([32f05e5](https://github.com/saltstack-formulas/apache-formula/commit/32f05e5a66940ad86ce21831598c478b7099ed3a))
## [1.0.2](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.1...v1.0.2) (2020-10-12)
### Bug Fixes
* **package:** remove own_default_vhost and debian_full from config.init ([7691b58](https://github.com/saltstack-formulas/apache-formula/commit/7691b589d7a1b0a87aaf9b13282e6ca154c5787c))
* **package:** remove own_default_vhost and debian_full from config.init ([441459e](https://github.com/saltstack-formulas/apache-formula/commit/441459e56f3a8b091671839042efae2d7020380d))
## [1.0.1](https://github.com/saltstack-formulas/apache-formula/compare/v1.0.0...v1.0.1) (2020-10-10)
### Continuous Integration
* **pre-commit:** finalise `rstcheck` configuration [skip ci] ([1c2125c](https://github.com/saltstack-formulas/apache-formula/commit/1c2125c251016097e7d2c0694bf0245a3644605e))
### Documentation
* **example:** document redirect 80->443 fix [#226](https://github.com/saltstack-formulas/apache-formula/issues/226) ([e15803b](https://github.com/saltstack-formulas/apache-formula/commit/e15803b4b12df2b6e625673409bc854b1d1dd751))
* **readme:** fix `rstcheck` violation [skip ci] ([2747e35](https://github.com/saltstack-formulas/apache-formula/commit/2747e35ce1e49d46a1fd5f8613ce73517aaed095)), closes [/travis-ci.org/github/myii/apache-formula/builds/731605038#L255](https://github.com//travis-ci.org/github/myii/apache-formula/builds/731605038/issues/L255)
# [1.0.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.41.1...v1.0.0) (2020-10-05)
### Code Refactoring
* **formula:** align to template-formula & improve ci features ([47818fc](https://github.com/saltstack-formulas/apache-formula/commit/47818fc360fc87c94f51f2c2c7ff9317d4ecf875))
### Continuous Integration
* **pre-commit:** add to formula [skip ci] ([5532ed7](https://github.com/saltstack-formulas/apache-formula/commit/5532ed7a5b1c9afb5ca4348d3984c5ff357bacad))
* **pre-commit:** enable/disable `rstcheck` as relevant [skip ci] ([233111a](https://github.com/saltstack-formulas/apache-formula/commit/233111af11dd25b573928e746f19b06bcdbf19b9))
### BREAKING CHANGES
* **formula:** 'apache.sls' converted to new style 'init.ssl'
* **formula:** "logrotate.sls" became "config/logrotate.sls"
* **formula:** "debian_full.sls" became "config/debian_full.sls"
* **formula:** "flags.sls" became "config/flags.sls"
* **formula:** "manage_security" became "config/manage_security.sls"
* **formula:** "mod_*.sls" became "config/mod_*.sls"
* **formula:** "no_default_host.sls" became "config/no_default_host.sls"
* **formula:** "own_default_host.sls" became "config/own_default_host.sls"
* **formula:** "register_site.sls" became "config/register_site.sls"
* **formula:** "server_status.sls" became "config/server_status.sls"
* **formula:** "vhosts/" became "config/vhosts/"
* **formula:** "mod_security/" became "config/mod_security/"
NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls'
NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls'
## [0.41.1](https://github.com/saltstack-formulas/apache-formula/compare/v0.41.0...v0.41.1) (2020-07-20)
### Bug Fixes
* **server-status:** enable module in Debian family ([632802a](https://github.com/saltstack-formulas/apache-formula/commit/632802a5a946d2f05c40d9038d6f2ad596fafc58))
* **server-status:** manage module in debian ([eafa419](https://github.com/saltstack-formulas/apache-formula/commit/eafa4196d9495bc975c7e1e7036969bdaba1441d))
### Tests
* **default+modules:** add modules' tests suite ([b253625](https://github.com/saltstack-formulas/apache-formula/commit/b25362535ae01dd140218b131a8e991d3a10cbe5))
# [0.41.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.40.0...v0.41.0) (2020-07-16)
### Features
* **vhosts/standard:** add support for ScriptAlias in standard vhost ([b88b437](https://github.com/saltstack-formulas/apache-formula/commit/b88b437308ff5d6bc504dabf9b69153db89f5b10))
# [0.40.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.5...v0.40.0) (2020-07-16)
### Features
* **redhat/apache-2.x.config.jinja:** allow override of default_charset ([648f589](https://github.com/saltstack-formulas/apache-formula/commit/648f589cc30684550c972d9cc4087e9e8b3fdc80))
## [0.39.5](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.4...v0.39.5) (2020-06-21)
### Bug Fixes
* **vhosts/cleanup:** check `sites-enabled` dir exists before listing it ([88373e3](https://github.com/saltstack-formulas/apache-formula/commit/88373e38f55eab61cf1c4edc68324f3da48f7646)), closes [#278](https://github.com/saltstack-formulas/apache-formula/issues/278)
### Continuous Integration
* **gemfile.lock:** add to repo with updated `Gemfile` [skip ci] ([61b903e](https://github.com/saltstack-formulas/apache-formula/commit/61b903e7803eb80b50130834b90ca86d26b9d6c8))
* **kitchen:** use `saltimages` Docker Hub where available [skip ci] ([6895fb9](https://github.com/saltstack-formulas/apache-formula/commit/6895fb9764e9cebcbbff05763e367401d6cad959))
* **kitchen+travis:** remove `master-py2-arch-base-latest` [skip ci] ([16bb1b0](https://github.com/saltstack-formulas/apache-formula/commit/16bb1b06e351efdf9994676de38dec7b0ecd639d))
* **travis:** add notifications => zulip [skip ci] ([2417a75](https://github.com/saltstack-formulas/apache-formula/commit/2417a75fe218bd04c719f8eb2e2a7e402a20928e))
* **workflows/commitlint:** add to repo [skip ci] ([2ce966d](https://github.com/saltstack-formulas/apache-formula/commit/2ce966d031e9044e8794dc93f605ce780fd99f12))
## [0.39.4](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.3...v0.39.4) (2020-04-02)
### Bug Fixes
* **mod_ssl:** update mod_ssl package variable to prevent clashes ([5591be2](https://github.com/saltstack-formulas/apache-formula/commit/5591be26fddd234ebaed0e024969c45b6536ba82))
## [0.39.3](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.2...v0.39.3) (2020-04-02)
### Bug Fixes
* **debian:** generate remoteip conf before a2enconf ([1ed69f6](https://github.com/saltstack-formulas/apache-formula/commit/1ed69f6c6fab0eb583949105e9e29e58b6ba32a3))
### Continuous Integration
* **kitchen:** avoid using bootstrap for `master` instances [skip ci] ([275b5d5](https://github.com/saltstack-formulas/apache-formula/commit/275b5d5e69fa79f1010852d65f0fcb65cadf735d))
* **travis:** use `major.minor` for `semantic-release` version [skip ci] ([08cced2](https://github.com/saltstack-formulas/apache-formula/commit/08cced29134ca47824e82ee6afa794233cdb5faa))
## [0.39.2](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.1...v0.39.2) (2019-12-20)
### Bug Fixes
* **redhat:** add user & group lookup to configs ([36ad2b2](https://github.com/saltstack-formulas/apache-formula/commit/36ad2b24424936a4badeb7b4b2b26ee0d39e55f2))
## [0.39.1](https://github.com/saltstack-formulas/apache-formula/compare/v0.39.0...v0.39.1) (2019-12-20)
### Bug Fixes
* **mod_mpm:** cast to int to avoid Jinja type mismatch error ([21045c7](https://github.com/saltstack-formulas/apache-formula/commit/21045c7a7b46d639c2d81c5793ad6e6d9d34b66b))
# [0.39.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.38.2...v0.39.0) (2019-12-20)
### Continuous Integration
* **gemfile:** restrict `train` gem version until upstream fix [skip ci] ([13be6f9](https://github.com/saltstack-formulas/apache-formula/commit/13be6f9fac5aae55c48f74c784335c61d7fbaaf2))
* **travis:** apply changes from build config validation [skip ci] ([0aac479](https://github.com/saltstack-formulas/apache-formula/commit/0aac479c253f95b7fdcb1505476638c2d703bc77))
* **travis:** opt-in to `dpl v2` to complete build config validation ([19e90ea](https://github.com/saltstack-formulas/apache-formula/commit/19e90ea2d6ef91118ebf59817ef4c91ad876af54))
* **travis:** quote pathspecs used with `git ls-files` [skip ci] ([6608ddf](https://github.com/saltstack-formulas/apache-formula/commit/6608ddf8c5a361b93e6a44658ab1e306953566bf))
* **travis:** run `shellcheck` during lint job [skip ci] ([2ff6b2f](https://github.com/saltstack-formulas/apache-formula/commit/2ff6b2f17e1fd48b5f0a4156c2dbd90f07f27025))
* **travis:** use build config validation (beta) [skip ci] ([73160b2](https://github.com/saltstack-formulas/apache-formula/commit/73160b249124df6bbd36b113df71724c019a118f))
### Features
* **server-status:** allow remote servers to reach server-status page ([a3c0022](https://github.com/saltstack-formulas/apache-formula/commit/a3c0022d7988eee0ec43d939bced91dee9fec0e1))
## [0.38.2](https://github.com/saltstack-formulas/apache-formula/compare/v0.38.1...v0.38.2) (2019-11-07)
### Bug Fixes
* **apache/modules.sls:** fix duplicated ID ([57afd71](https://github.com/saltstack-formulas/apache-formula/commit/57afd71627eb554138c8d5ec9cc790d899ed80ff))
## [0.38.1](https://github.com/saltstack-formulas/apache-formula/compare/v0.38.0...v0.38.1) (2019-11-05)
### Bug Fixes
* **mod_perl2.sls:** fix a2enmod perl2 error ([fba8d21](https://github.com/saltstack-formulas/apache-formula/commit/fba8d217944c8b5a0abf19cdbae7d41d1ec5bf2e))
* **release.config.js:** use full commit hash in commit link [skip ci] ([dc5593c](https://github.com/saltstack-formulas/apache-formula/commit/dc5593cfdf775e065ea5f680f2ed2b6b7c80d8ed))
### Continuous Integration
* **kitchen:** use `debian-10-master-py3` instead of `develop` [skip ci] ([09d82a5](https://github.com/saltstack-formulas/apache-formula/commit/09d82a581caa09298d3d99ded215c5e45c5b619f))
* **kitchen:** use `develop` image until `master` is ready (`amazonlinux`) [skip ci] ([d0bf6f3](https://github.com/saltstack-formulas/apache-formula/commit/d0bf6f37969a9a97a6e368278e0f9eb40431f2f1))
* **kitchen+travis:** upgrade matrix after `2019.2.2` release [skip ci] ([fc0f869](https://github.com/saltstack-formulas/apache-formula/commit/fc0f869b78ef56369e1cfb6ff3d62179f703efa0))
* **travis:** update `salt-lint` config for `v0.0.10` [skip ci] ([2622d48](https://github.com/saltstack-formulas/apache-formula/commit/2622d48b4ccb01cd70555d46759d79d82d1db7bf))
### Performance Improvements
* **travis:** improve `salt-lint` invocation [skip ci] ([bf75770](https://github.com/saltstack-formulas/apache-formula/commit/bf7577022040a155de8b3ab4f557dd05484d278c))
# [0.38.0](https://github.com/saltstack-formulas/apache-formula/compare/v0.37.4...v0.38.0) (2019-10-20)
### Bug Fixes
* **apache-2.2.config.jinja:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/f4045ef))
* **apache-2.4.config.jinja:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/e2c1c2e))
* **flags.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/a146c59))
* **init.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/8465eb4))
* **map.jinja:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/d011324))
* **mod_geoip.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/e55ef9b))
* **modsecurity.conf.jinja:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/2a79d05))
* **modules.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/55d11f8))
* **server_status.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/da9a592))
* **uninstall.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/ed7dc7b))
* **vhosts/cleanup.sls:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/b0bbd0b))
* **vhosts/minimal.tmpl:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/146dc67))
* **vhosts/proxy.tmpl:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/e7c9fbb))
* **vhosts/redirect.tmpl:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/0a41b19))
* **vhosts/standard.tmpl:** fix `salt-lint` errors ([](https://github.com/saltstack-formulas/apache-formula/commit/1bad58d))
* **yamllint:** fix all errors ([](https://github.com/saltstack-formulas/apache-formula/commit/97f6ead))
### Documentation
* **formula:** use standard structure ([](https://github.com/saltstack-formulas/apache-formula/commit/701929d))
* **readme:** move to `docs/` directory and modify accordingly ([](https://github.com/saltstack-formulas/apache-formula/commit/6933f0e))
### Features
* **semantic-release:** implement for this formula ([](https://github.com/saltstack-formulas/apache-formula/commit/34d1f7c))
### Tests
* **mod_security_spec:** convert from Serverspec to InSpec ([](https://github.com/saltstack-formulas/apache-formula/commit/68b971b))

50
CODEOWNERS
View File

@ -1,50 +0,0 @@
# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
# SECTION: Owner(s) for everything in the repo, unless a later match takes precedence
# FILE PATTERN OWNER(S)
* @noelmcloughlin
# SECTION: Owner(s) for specific directories
# FILE PATTERN OWNER(S)
# SECTION: Owner(s) for files/directories related to `semantic-release`
# FILE PATTERN OWNER(S)
/.github/workflows/ @saltstack-formulas/ssf
/bin/install-hooks @saltstack-formulas/ssf
/bin/kitchen @saltstack-formulas/ssf
/docs/AUTHORS.rst @saltstack-formulas/ssf
/docs/CHANGELOG.rst @saltstack-formulas/ssf
/docs/TOFS_pattern.rst @saltstack-formulas/ssf
/*/_mapdata/ @saltstack-formulas/ssf
/*/libsaltcli.jinja @saltstack-formulas/ssf
/*/libtofs.jinja @saltstack-formulas/ssf
/test/integration/**/_mapdata.rb @saltstack-formulas/ssf
/test/integration/**/libraries/system.rb @saltstack-formulas/ssf
/test/integration/**/inspec.yml @saltstack-formulas/ssf
/test/integration/**/README.md @saltstack-formulas/ssf
/test/salt/pillar/top.sls @saltstack-formulas/ssf
/.gitignore @saltstack-formulas/ssf
/.cirrus.yml @saltstack-formulas/ssf
/.gitlab-ci.yml @saltstack-formulas/ssf
/.pre-commit-config.yaml @saltstack-formulas/ssf
/.rstcheck.cfg @saltstack-formulas/ssf
/.rubocop.yml @saltstack-formulas/ssf
/.salt-lint @saltstack-formulas/ssf
/.travis.yml @saltstack-formulas/ssf
/.yamllint @saltstack-formulas/ssf
/AUTHORS.md @saltstack-formulas/ssf
/CHANGELOG.md @saltstack-formulas/ssf
/CODEOWNERS @saltstack-formulas/ssf
/commitlint.config.js @saltstack-formulas/ssf
/FORMULA @saltstack-formulas/ssf
/Gemfile @saltstack-formulas/ssf
/Gemfile.lock @saltstack-formulas/ssf
/kitchen.yml @saltstack-formulas/ssf
/kitchen.vagrant.yml @saltstack-formulas/ssf
/kitchen.windows.yml @saltstack-formulas/ssf
/pre-commit_semantic-release.sh @saltstack-formulas/ssf
/release-rules.js @saltstack-formulas/ssf
/release.config.js @saltstack-formulas/ssf
# SECTION: Owner(s) for specific files
# FILE PATTERN OWNER(S)

5
FORMULA
View File

@ -1,9 +1,8 @@
name: apache
os: RedHat, Fedora, CentOS, Debian, Ubuntu, Suse, FreeBSD
os: RedHat, Debian, Ubuntu, Suse, FreeBSD
os_family: RedHat, Debian, Suse, FreeBSD
version: 1.2.2
version: 201507
release: 1
minimum_version: 2015.8
summary: Formula for installing Apache
description: Formula for installing Apache web server
top_level_dir: apache

27
Gemfile
View File

@ -1,23 +1,6 @@
# frozen_string_literal: true
source "https://rubygems.org"
source ENV.fetch('PROXY_RUBYGEMSORG', 'https://rubygems.org')
# Install the `inspec` gem using `git` because versions after `4.22.22`
# suppress diff output; this version fixes this for our uses.
# rubocop:disable Layout/LineLength
gem 'inspec', git: 'https://gitlab.com/saltstack-formulas/infrastructure/inspec', branch: 'ssf'
# rubocop:enable Layout/LineLength
# Install the `kitchen-docker` gem using `git` in order to gain a performance
# improvement: avoid package installations which are already covered by the
# `salt-image-builder` (i.e. the pre-salted images that we're using)
# rubocop:disable Layout/LineLength
gem 'kitchen-docker', git: 'https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker', branch: 'ssf'
# rubocop:enable Layout/LineLength
gem 'kitchen-inspec', '>= 2.5.0'
gem 'kitchen-salt', '>= 0.7.2'
group :vagrant do
gem 'kitchen-vagrant'
end
gem "test-kitchen", '>=1.2.1'
gem "kitchen-docker"
gem "kitchen-salt", ">=0.0.11"
gem "kitchen-inspec"

678
Gemfile.lock
View File

@ -1,678 +0,0 @@
GIT
remote: https://gitlab.com/saltstack-formulas/infrastructure/inspec
revision: aaef842906a5666f0fc0b4f186b4dd3498f5b28c
branch: ssf
specs:
inspec (5.18.15)
cookstyle
faraday_middleware (>= 0.12.2, < 1.1)
inspec-core (= 5.18.15)
mongo (= 2.13.2)
progress_bar (~> 1.3.3)
rake
train (~> 3.10)
train-aws (~> 0.2)
train-habitat (~> 0.1)
train-winrm (~> 0.2)
inspec-core (5.18.15)
addressable (~> 2.4)
chef-telemetry (~> 1.0, >= 1.0.8)
faraday (>= 0.9.0, < 1.5)
faraday_middleware (~> 1.0)
hashie (>= 3.4, < 5.0)
license-acceptance (>= 0.2.13, < 3.0)
method_source (>= 0.8, < 2.0)
mixlib-log (~> 3.0)
multipart-post (~> 2.0)
parallel (~> 1.9)
parslet (>= 1.5, < 2.0)
pry (~> 0.13)
rspec (>= 3.9, <= 3.11)
rspec-its (~> 1.2)
rubyzip (>= 1.2.2, < 3.0)
semverse (~> 3.0)
sslshake (~> 1.2)
thor (>= 0.20, < 2.0)
tomlrb (>= 1.2, < 2.1)
train-core (~> 3.10)
tty-prompt (~> 0.17)
tty-table (~> 0.10)
GIT
remote: https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker
revision: 9a09bc1e571e25f3ccabf4725ca2048d970fff82
branch: ssf
specs:
kitchen-docker (2.12.0)
test-kitchen (>= 1.0.0)
GEM
remote: https://rubygems.org/
specs:
activesupport (7.0.3.1)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
addressable (2.8.0)
public_suffix (>= 2.0.2, < 5.0)
ast (2.4.2)
aws-eventstream (1.2.0)
aws-partitions (1.607.0)
aws-sdk-alexaforbusiness (1.56.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-amplify (1.32.0)
aws-sdk-core (~> 3, >= 3.120.0)
aws-sigv4 (~> 1.1)
aws-sdk-apigateway (1.78.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-apigatewayv2 (1.42.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-applicationautoscaling (1.51.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-athena (1.55.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-autoscaling (1.63.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-batch (1.47.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-budgets (1.50.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudformation (1.70.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudfront (1.65.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudhsm (1.39.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudhsmv2 (1.42.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudtrail (1.49.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudwatch (1.64.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudwatchevents (1.46.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-cloudwatchlogs (1.53.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-codecommit (1.51.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-codedeploy (1.49.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-codepipeline (1.53.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-cognitoidentity (1.31.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-cognitoidentityprovider (1.53.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-configservice (1.79.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-core (3.131.2)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.525.0)
aws-sigv4 (~> 1.1)
jmespath (~> 1, >= 1.6.1)
aws-sdk-costandusagereportservice (1.40.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-databasemigrationservice (1.53.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-dynamodb (1.75.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-ec2 (1.322.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-ecr (1.56.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-ecrpublic (1.12.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-ecs (1.100.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-efs (1.54.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-eks (1.75.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-elasticache (1.78.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-elasticbeanstalk (1.51.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-elasticloadbalancing (1.40.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-elasticloadbalancingv2 (1.78.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-elasticsearchservice (1.65.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-emr (1.53.0)
aws-sdk-core (~> 3, >= 3.121.2)
aws-sigv4 (~> 1.1)
aws-sdk-eventbridge (1.24.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-firehose (1.48.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-glue (1.88.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-guardduty (1.58.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-iam (1.69.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-kafka (1.50.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-kinesis (1.41.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-kms (1.57.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-lambda (1.84.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-mq (1.40.0)
aws-sdk-core (~> 3, >= 3.120.0)
aws-sigv4 (~> 1.1)
aws-sdk-networkfirewall (1.17.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-networkmanager (1.24.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-organizations (1.59.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-ram (1.26.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-rds (1.148.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-redshift (1.84.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-route53 (1.63.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-route53domains (1.40.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-route53resolver (1.37.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-s3 (1.114.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.4)
aws-sdk-s3control (1.43.0)
aws-sdk-core (~> 3, >= 3.122.0)
aws-sigv4 (~> 1.1)
aws-sdk-secretsmanager (1.46.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-securityhub (1.67.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-servicecatalog (1.60.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-ses (1.41.0)
aws-sdk-core (~> 3, >= 3.120.0)
aws-sigv4 (~> 1.1)
aws-sdk-shield (1.48.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-signer (1.32.0)
aws-sdk-core (~> 3, >= 3.120.0)
aws-sigv4 (~> 1.1)
aws-sdk-simpledb (1.29.0)
aws-sdk-core (~> 3, >= 3.120.0)
aws-sigv2 (~> 1.0)
aws-sdk-sms (1.40.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-sns (1.53.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-sqs (1.51.1)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-ssm (1.137.0)
aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
aws-sdk-states (1.39.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-synthetics (1.19.0)
aws-sdk-core (~> 3, >= 3.121.2)
aws-sigv4 (~> 1.1)
aws-sdk-transfer (1.34.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
aws-sdk-waf (1.43.0)
aws-sdk-core (~> 3, >= 3.122.0)
aws-sigv4 (~> 1.1)
aws-sigv2 (1.1.0)
aws-sigv4 (1.5.0)
aws-eventstream (~> 1, >= 1.0.2)
azure_graph_rbac (0.17.2)
ms_rest_azure (~> 0.12.0)
azure_mgmt_key_vault (0.17.7)
ms_rest_azure (~> 0.12.0)
azure_mgmt_resources (0.18.2)
ms_rest_azure (~> 0.12.0)
azure_mgmt_security (0.19.0)
ms_rest_azure (~> 0.12.0)
azure_mgmt_storage (0.23.0)
ms_rest_azure (~> 0.12.0)
bcrypt_pbkdf (1.1.0)
bson (4.15.0)
builder (3.2.4)
chef-config (17.10.0)
addressable
chef-utils (= 17.10.0)
fuzzyurl
mixlib-config (>= 2.2.12, < 4.0)
mixlib-shellout (>= 2.0, < 4.0)
tomlrb (~> 1.2)
chef-telemetry (1.1.1)
chef-config
concurrent-ruby (~> 1.0)
chef-utils (17.10.0)
concurrent-ruby
coderay (1.1.3)
concurrent-ruby (1.1.10)
cookstyle (7.32.1)
rubocop (= 1.25.1)
declarative (0.0.20)
diff-lcs (1.5.0)
docker-api (2.2.0)
excon (>= 0.47.0)
multi_json
domain_name (0.5.20190701)
unf (>= 0.0.5, < 1.0.0)
ed25519 (1.3.0)
erubi (1.10.0)
excon (0.92.3)
faraday (1.4.3)
faraday-em_http (~> 1.0)
faraday-em_synchrony (~> 1.0)
faraday-excon (~> 1.1)
faraday-net_http (~> 1.0)
faraday-net_http_persistent (~> 1.1)
multipart-post (>= 1.2, < 3)
ruby2_keywords (>= 0.0.4)
faraday-cookie_jar (0.0.7)
faraday (>= 0.8.0)
http-cookie (~> 1.0.0)
faraday-em_http (1.0.0)
faraday-em_synchrony (1.0.0)
faraday-excon (1.1.0)
faraday-net_http (1.0.1)
faraday-net_http_persistent (1.2.0)
faraday_middleware (1.0.0)
faraday (~> 1.0)
ffi (1.15.5)
fuzzyurl (0.9.0)
google-api-client (0.52.0)
addressable (~> 2.5, >= 2.5.1)
googleauth (~> 0.9)
httpclient (>= 2.8.1, < 3.0)
mini_mime (~> 1.0)
representable (~> 3.0)
retriable (>= 2.0, < 4.0)
rexml
signet (~> 0.12)
googleauth (0.14.0)
faraday (>= 0.17.3, < 2.0)
jwt (>= 1.4, < 3.0)
memoist (~> 0.16)
multi_json (~> 1.11)
os (>= 0.9, < 2.0)
signet (~> 0.14)
gssapi (1.3.1)
ffi (>= 1.0.1)
gyoku (1.4.0)
builder (>= 2.1.2)
rexml (~> 3.0)
hashie (4.1.0)
highline (2.0.3)
http-cookie (1.0.5)
domain_name (~> 0.5)
httpclient (2.8.3)
i18n (1.12.0)
concurrent-ruby (~> 1.0)
inifile (3.0.0)
jmespath (1.6.1)
json (2.6.2)
jwt (2.4.1)
kitchen-inspec (2.6.1)
hashie (>= 3.4, <= 5.0)
inspec (>= 2.2.64, < 7.0)
test-kitchen (>= 2.7, < 4)
kitchen-salt (0.7.2)
hashie (>= 3.5)
test-kitchen (>= 1.4)
kitchen-vagrant (1.12.0)
test-kitchen (>= 1.4, < 4)
license-acceptance (2.1.13)
pastel (~> 0.7)
tomlrb (>= 1.2, < 3.0)
tty-box (~> 0.6)
tty-prompt (~> 0.20)
little-plugger (1.1.4)
logging (2.3.1)
little-plugger (~> 1.1)
multi_json (~> 1.14)
memoist (0.16.2)
method_source (1.0.0)
mini_mime (1.1.2)
minitest (5.16.2)
mixlib-config (3.0.27)
tomlrb
mixlib-install (3.12.19)
mixlib-shellout
mixlib-versioning
thor
mixlib-log (3.0.9)
mixlib-shellout (3.2.7)
chef-utils
mixlib-versioning (1.2.12)
mongo (2.13.2)
bson (>= 4.8.2, < 5.0.0)
ms_rest (0.7.6)
concurrent-ruby (~> 1.0)
faraday (>= 0.9, < 2.0.0)
timeliness (~> 0.3.10)
ms_rest_azure (0.12.0)
concurrent-ruby (~> 1.0)
faraday (>= 0.9, < 2.0.0)
faraday-cookie_jar (~> 0.0.6)
ms_rest (~> 0.7.6)
multi_json (1.15.0)
multipart-post (2.2.3)
net-scp (3.0.0)
net-ssh (>= 2.6.5, < 7.0.0)
net-ssh (6.1.0)
net-ssh-gateway (2.0.0)
net-ssh (>= 4.0.0)
nori (2.6.0)
options (2.3.2)
os (1.1.4)
parallel (1.22.1)
parser (3.1.2.0)
ast (~> 2.4.1)
parslet (1.8.2)
pastel (0.8.0)
tty-color (~> 0.5)
progress_bar (1.3.3)
highline (>= 1.6, < 3)
options (~> 2.3.0)
pry (0.14.1)
coderay (~> 1.1)
method_source (~> 1.0)
public_suffix (4.0.7)
rainbow (3.1.1)
rake (13.0.6)
regexp_parser (2.5.0)
representable (3.2.0)
declarative (< 0.1.0)
trailblazer-option (>= 0.1.1, < 0.2.0)
uber (< 0.2.0)
retriable (3.1.2)
rexml (3.2.5)
rspec (3.11.0)
rspec-core (~> 3.11.0)
rspec-expectations (~> 3.11.0)
rspec-mocks (~> 3.11.0)
rspec-core (3.11.0)
rspec-support (~> 3.11.0)
rspec-expectations (3.11.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.11.0)
rspec-its (1.3.0)
rspec-core (>= 3.0.0)
rspec-expectations (>= 3.0.0)
rspec-mocks (3.11.1)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.11.0)
rspec-support (3.11.0)
rubocop (1.25.1)
parallel (~> 1.10)
parser (>= 3.1.0.0)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml
rubocop-ast (>= 1.15.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 3.0)
rubocop-ast (1.19.1)
parser (>= 3.1.1.0)
ruby-progressbar (1.11.0)
ruby2_keywords (0.0.5)
rubyntlm (0.6.3)
rubyzip (2.3.2)
semverse (3.0.2)
signet (0.17.0)
addressable (~> 2.8)
faraday (>= 0.17.5, < 3.a)
jwt (>= 1.5, < 3.0)
multi_json (~> 1.10)
sslshake (1.3.1)
strings (0.2.1)
strings-ansi (~> 0.2)
unicode-display_width (>= 1.5, < 3.0)
unicode_utils (~> 1.4)
strings-ansi (0.2.0)
test-kitchen (3.3.1)
bcrypt_pbkdf (~> 1.0)
chef-utils (>= 16.4.35)
ed25519 (~> 1.2)
license-acceptance (>= 1.0.11, < 3.0)
mixlib-install (~> 3.6)
mixlib-shellout (>= 1.2, < 4.0)
net-scp (>= 1.1, < 4.0)
net-ssh (>= 2.9, < 7.0)
net-ssh-gateway (>= 1.2, < 3.0)
thor (>= 0.19, < 2.0)
winrm (~> 2.0)
winrm-elevated (~> 1.0)
winrm-fs (~> 1.1)
thor (1.2.1)
timeliness (0.3.10)
tomlrb (1.3.0)
trailblazer-option (0.1.2)
train (3.10.1)
activesupport (>= 6.0.3.1)
azure_graph_rbac (~> 0.16)
azure_mgmt_key_vault (~> 0.17)
azure_mgmt_resources (~> 0.15)
azure_mgmt_security (~> 0.18)
azure_mgmt_storage (~> 0.18)
docker-api (>= 1.26, < 3.0)
google-api-client (>= 0.23.9, <= 0.52.0)
googleauth (>= 0.6.6, <= 0.14.0)
inifile (~> 3.0)
train-core (= 3.10.1)
train-winrm (~> 0.2)
train-aws (0.2.24)
aws-sdk-alexaforbusiness (~> 1.0)
aws-sdk-amplify (~> 1.32.0)
aws-sdk-apigateway (~> 1.0)
aws-sdk-apigatewayv2 (~> 1.0)
aws-sdk-applicationautoscaling (>= 1.46, < 1.52)
aws-sdk-athena (~> 1.0)
aws-sdk-autoscaling (>= 1.22, < 1.64)
aws-sdk-batch (>= 1.36, < 1.48)
aws-sdk-budgets (~> 1.0)
aws-sdk-cloudformation (~> 1.0)
aws-sdk-cloudfront (~> 1.0)
aws-sdk-cloudhsm (~> 1.0)
aws-sdk-cloudhsmv2 (~> 1.0)
aws-sdk-cloudtrail (~> 1.8)
aws-sdk-cloudwatch (~> 1.13)
aws-sdk-cloudwatchevents (>= 1.36, < 1.47)
aws-sdk-cloudwatchlogs (~> 1.13)
aws-sdk-codecommit (~> 1.0)
aws-sdk-codedeploy (~> 1.0)
aws-sdk-codepipeline (~> 1.0)
aws-sdk-cognitoidentity (>= 1.26, < 1.32)
aws-sdk-cognitoidentityprovider (>= 1.46, < 1.54)
aws-sdk-configservice (~> 1.21)
aws-sdk-core (~> 3.0)
aws-sdk-costandusagereportservice (~> 1.6)
aws-sdk-databasemigrationservice (>= 1.42, < 1.54)
aws-sdk-dynamodb (~> 1.31)
aws-sdk-ec2 (~> 1.70)
aws-sdk-ecr (~> 1.18)
aws-sdk-ecrpublic (~> 1.3)
aws-sdk-ecs (~> 1.30)
aws-sdk-efs (~> 1.0)
aws-sdk-eks (~> 1.9)
aws-sdk-elasticache (~> 1.0)
aws-sdk-elasticbeanstalk (~> 1.0)
aws-sdk-elasticloadbalancing (~> 1.8)
aws-sdk-elasticloadbalancingv2 (~> 1.0)
aws-sdk-elasticsearchservice (~> 1.0)
aws-sdk-emr (~> 1.53.0)
aws-sdk-eventbridge (~> 1.24.0)
aws-sdk-firehose (~> 1.0)
aws-sdk-glue (>= 1.71, < 1.89)
aws-sdk-guardduty (~> 1.31)
aws-sdk-iam (~> 1.13)
aws-sdk-kafka (~> 1.0)
aws-sdk-kinesis (~> 1.0)
aws-sdk-kms (~> 1.13)
aws-sdk-lambda (~> 1.0)
aws-sdk-mq (~> 1.40.0)
aws-sdk-networkfirewall (>= 1.6.0)
aws-sdk-networkmanager (>= 1.13.0)
aws-sdk-organizations (>= 1.17, < 1.60)
aws-sdk-ram (>= 1.21, < 1.27)
aws-sdk-rds (~> 1.43)
aws-sdk-redshift (~> 1.0)
aws-sdk-route53 (~> 1.0)
aws-sdk-route53domains (~> 1.0)
aws-sdk-route53resolver (~> 1.0)
aws-sdk-s3 (~> 1.30)
aws-sdk-s3control (~> 1.43.0)
aws-sdk-secretsmanager (>= 1.42, < 1.47)
aws-sdk-securityhub (~> 1.0)
aws-sdk-servicecatalog (>= 1.48, < 1.61)
aws-sdk-ses (~> 1.41.0)
aws-sdk-shield (~> 1.30)
aws-sdk-signer (~> 1.32.0)
aws-sdk-simpledb (~> 1.29.0)
aws-sdk-sms (~> 1.0)
aws-sdk-sns (~> 1.9)
aws-sdk-sqs (~> 1.10)
aws-sdk-ssm (~> 1.0)
aws-sdk-states (>= 1.35, < 1.40)
aws-sdk-synthetics (~> 1.19.0)
aws-sdk-transfer (>= 1.26, < 1.35)
aws-sdk-waf (~> 1.43.0)
train-core (3.10.1)
addressable (~> 2.5)
ffi (!= 1.13.0)
json (>= 1.8, < 3.0)
mixlib-shellout (>= 2.0, < 4.0)
net-scp (>= 1.2, < 4.0)
net-ssh (>= 2.9, < 7.0)
train-habitat (0.2.22)
train-winrm (0.2.13)
winrm (>= 2.3.6, < 3.0)
winrm-elevated (~> 1.2.2)
winrm-fs (~> 1.0)
tty-box (0.7.0)
pastel (~> 0.8)
strings (~> 0.2.0)
tty-cursor (~> 0.7)
tty-color (0.6.0)
tty-cursor (0.7.1)
tty-prompt (0.23.1)
pastel (~> 0.8)
tty-reader (~> 0.8)
tty-reader (0.9.0)
tty-cursor (~> 0.7)
tty-screen (~> 0.8)
wisper (~> 2.0)
tty-screen (0.8.1)
tty-table (0.12.0)
pastel (~> 0.8)
strings (~> 0.2.0)
tty-screen (~> 0.8)
tzinfo (2.0.4)
concurrent-ruby (~> 1.0)
uber (0.1.0)
unf (0.1.4)
unf_ext
unf_ext (0.0.8.2)
unicode-display_width (2.2.0)
unicode_utils (1.4.0)
winrm (2.3.6)
builder (>= 2.1.2)
erubi (~> 1.8)
gssapi (~> 1.2)
gyoku (~> 1.0)
httpclient (~> 2.2, >= 2.2.0.2)
logging (>= 1.6.1, < 3.0)
nori (~> 2.0)
rubyntlm (~> 0.6.0, >= 0.6.3)
winrm-elevated (1.2.3)
erubi (~> 1.8)
winrm (~> 2.0)
winrm-fs (~> 1.0)
winrm-fs (1.3.5)
erubi (~> 1.8)
logging (>= 1.6.1, < 3.0)
rubyzip (~> 2.0)
winrm (~> 2.0)
wisper (2.0.1)
PLATFORMS
ruby
DEPENDENCIES
inspec!
kitchen-docker!
kitchen-inspec (>= 2.5.0)
kitchen-salt (>= 0.7.2)
kitchen-vagrant
BUNDLED WITH
2.1.2

105
Hardening.md Normal file
View File

@ -0,0 +1,105 @@
# Hardening list
This formula enforce security recommandations from [CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks/) website
From ***CIS_Apache_HTTP_Server_2.4_Benchmark_v1.4.pdf*** document
> A scoring status indicates whether compliance with the given recommendation impacts the assessed target's benchmark score.
> Items in [*level 2*] profile exhibit one or more of the following characteristics:
> - are intended for environments or use cases where security is paramount
> - acts as defense in depth measure
> - may negatively inhibit the utility or performance of the technology
In this formula we focus on (**Scored**) [*level* ***1***] items
## List of all items with their CIS references
## 2. Minimize Apache Modules
- [ ] 2.1 Enable Only Necessary Authentication and Authorization Modules (Not Scored)
- [X] 2.2 Enable the Log Config Module (**Scored**)
- [X] 2.3 Disable WebDAV Modules (**Scored**)
- [X] 2.4 Disable Status Module (**Scored**)
- [X] 2.5 Disable Autoindex Module (**Scored**)
- [ ] 2.6 Disable Proxy Modules (**Scored**)
- [X] 2.7 Disable User Directories Modules (**Scored**)
- [X] 2.8 Disable Info Module (**Scored**)
## 3. Principles, Permissions, and Ownership
- [X] 3.1 Run the Apache Web Server as a non-root user (**Scored**)
- [X] 3.2 Give the Apache User Account an Invalid Shell (**Scored**)
- [ ] 3.3 Lock the Apache User Account (**Scored**)
- [X] 3.4 Set Ownership on Apache Directories and Files (**Scored**)
- [X] 3.5 Set Group Id on Apache Directories and Files (**Scored**)
- [ ] 3.6 Restrict Other Write Access on Apache Directories and Files (**Scored**)
- [X] 3.7 Secure Core Dump Directory (**Scored**)
- [ ] 3.8 Secure the Lock File (**Scored**)
- [X] 3.9 Secure the Pid File (**Scored**)
- [X] 3.10 Secure the ScoreBoard File (**Scored**)
- [X] 3.11 Restrict Group Write Access for the Apache Directories and Files (**Scored**)
- [X] 3.12 Restrict Group Write Access for the Document Root Directories and Files (**Scored**)
## 4. Apache Access Control
- [X] 4.1 Deny Access to OS Root Directory (**Scored**)
- [ ] 4.2 Allow Appropriate Access to Web Content (Not Scored)
- [X] 4.3 Restrict Override for the OS Root Directory (**Scored**)
- [X] 4.4 Restrict Override for All Directories (**Scored**)
## 5. Minimize Features, Content and Options
- [X] 5.1 Restrict Options for the OS Root Directory (**Scored**)
- [X] 5.2 Restrict Options for the Web Root Directory (**Scored**)
- [X] 5.3 Minimize Options for Other Directories (**Scored**)
- [X] 5.4 Remove Default HTML Content (**Scored**)
- [X] 5.5 Remove Default CGI Content printenv (**Scored**)
- [X] 5.6 Remove Default CGI Content test-cgi (**Scored**)
- [X] 5.7 Limit HTTP Request Methods (**Scored**)
- [X] 5.8 Disable HTTP TRACE Method (**Scored**)
- [X] 5.9 Restrict HTTP Protocol Versions (**Scored**)
- [X] 5.10 Restrict Access to .ht* files (**Scored**)
- [ ] 5.11 Restrict File Extensions [*level 2*] (**Scored**)
- [ ] 5.12 Deny IP Address Based Requests [*level 2*] (**Scored**)
- [ ] 5.13 Restrict Listen Directive [*level 2*] (**Scored**)
- [ ] 5.14 Restrict Browser Frame Options [*level 2*] (**Scored**)
## 6. Operations - Logging, Monitoring and Maintenance
- [X] 6.1 Configure the Error Log (**Scored**)
- [ ] 6.2 Configure a Syslog Facility for Error Logging [*level 2*] (**Scored**)
- [X] 6.3 Configure the Access Log (**Scored**)
- [X] 6.4 Log Storage and Rotation (**Scored**)
- [ ] 6.5 Apply Applicable Patches (**Scored**)
- [ ] 6.6 Install and Enable ModSecurity [*level 2*] (**Scored**)
- [ ] 6.7 Install and Enable OWASP ModSecurity Core Rule Set [*level 2*] (**Scored**)
## 7. SSL/TLS Configuration
- [X] 7.1 Install mod_ssl and/or mod_nss (**Scored**)
- [ ] 7.2 Install a Valid Trusted Certificate (**Scored**)
- [ ] 7.3 Protect the Server's Private Key (**Scored**)
- [X] 7.4 Disable the SSL v3.0 Protocol (**Scored**)
- [ ] 7.5 Restrict Weak SSL/TLS Ciphers (**Scored**)
- [X] 7.6 Disable SSL Insecure Renegotiation (**Scored**)
- [X] 7.7 Ensure SSL Compression is not Enabled (**Scored**)
- [ ] 7.8 Restrict Medium Strength SSL/TLS Ciphers (**Scored**)
- [ ] 7.9 Disable the TLS v1.0 Protocol [*level 2*] (**Scored**)
- [ ] 7.10 Enable OCSP Stapling [*level 2*] (**Scored**)
- [ ] 7.11 Enable HTTP Strict Transport Security [*level 2*] (**Scored**)
## 8. Information Leakage
- [X] 8.1 Set ServerToken to 'Prod' (**Scored**)
- [X] 8.2 Set ServerSignature to 'Off' (**Scored**)
- [ ] 8.3 Information Leakage via Default Apache Content [*level 2*] (**Scored**)
- [ ] 8.4 Information Leakage via ETag [*level 2*] (**Scored**)
## 9. Denial of Service Mitigations
- [X] 9.1 Set TimeOut to 10 or less (**Scored**)
- [X] 9.2 Set the KeepAlive directive to On (**Scored**)
- [X] 9.3 Set MaxKeepAliveRequests to 100 or greater (**Scored**)
- [X] 9.4 Set KeepAliveTimeout Low to Mitigate Denial of Service (**Scored**)
- [X] 9.5 Set Timeout Limits for Request Headers (**Scored**)
- [X] 9.6 Set Timeout Limits for the Request Body (**Scored**)
## 10. Request Limits
- [ ] 10.1 Set the LimitRequestLine directive to 512 or less [*level 2*] (**Scored**)
- [ ] 10.2 Set the LimitRequestFields directive to 100 or less [*level 2*] (**Scored**)
- [ ] 10.3 Set the LimitRequestFieldsize directive to 1024 or less [*level 2*] (**Scored**)
- [ ] 10.4 Set the LimitRequestBody directive to 102400 or less [*level 2*] (**Scored**)
## 11. Enable SELinux to Restrict Apache Processes
- [ ] 11.1 Enable SELinux in Enforcing Mode [*level 2*] (**Scored**)
- [ ] 11.2 Run Apache Processes in the httpd_t Confined Context [*level 2*] (**Scored**)
- [ ] 11.3 Ensure the httpd_t Type is Not in Permissive Mode [*level 2*] (**Scored**)
- [ ] 11.4 Ensure Only the Necessary SELinux Booleans are Enabled [*level 2*] (Not Scored)
## 12. Enable AppArmor to Restrict Apache Processes
- [ ] 12.1 Enable the AppArmor Framework [*level 2*] (**Scored**)
- [ ] 12.2 Customize the Apache AppArmor Profile [*level 2*] (Not Scored)
- [ ] 12.3 Ensure Apache AppArmor Profile is in Enforce Mode [*level 2*] (**Scored**)

149
README.rst Normal file
View File

@ -0,0 +1,149 @@
======
apache
======
Formulas to set up and configure the Apache HTTP server.
This Formula uses the concepts of ``directive`` and ``container`` in pillars
* ``directive`` is an httpd directive https://httpd.apache.org/docs/2.4/en/mod/directives.html
* ``container`` is what described the `configuration sections` https://httpd.apache.org/docs/2.4/en/sections.html
see examples below for more explanation
Also it includes and enforce some hardening rules to prevent security issues
See `<Hardening.md>`_ and `<apache/hardening-values.yaml>`_.
.. note::
See the full `Salt Formulas installation and usage instructions
<http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.
Available states
================
.. contents::
:local:
``apache``
----------
Installs the Apache package and starts the service.
``apache.config``
-----------------
Configures apache server.
The configuration is done by merging the pillar content with defaults
present in the state `<apache/defaults/RedHat/defaults-apache-2.4.yaml>`_
.. code:: yaml
apache:
server_apache_config:
directives:
- Timeout: 5
containers:
IfModule:
-
item: 'mime_module'
directives:
- AddType: 'application/x-font-ttf ttc ttf'
- AddType: 'application/x-font-opentype otf'
- AddType: 'application/x-font-woff woff2'
``apache.modules``
------------------
Enables and disables Apache modules.
``apache.vhosts.vhost``
--------------------------
Configures Apache name-based virtual hosts and creates virtual host directories using data from Pillar.
All necessary data must be provided in the pillar
Exceptions are :
* ``CustomLog`` default is ``/path/apache/log/ServerName-access.log combined``
* if ``Logformat`` is defined in pillar, ``CustomLog`` is enforced to ``/path/apache/log/ServerName-access.log Logformat``
* ``ErrorLog`` is enforced to ``/path/apache/log/ServerName-error.log``
Example Pillar:
Create two vhosts ``example.com.conf`` and ``test.example.com.conf``
.. code:: yaml
apache:
VirtualHost:
example.com: # <-- this is an id decalaration used in salt and default ServerName
item: '*:80'
directives:
- RewriteEngine: 'on'
- Header: 'set Access-Control-Allow-Methods GET,PUT,POST,DELETE,OPTIONS'
containers:
Location:
item: '/test.html'
directives:
- Require: 'all granted'
site_id_declaration:
item: '10.10.1.1:8080'
directives:
- ServerName: 'test.example.com'
- LogFormat: '"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %{ms}T"'
Files produced by these pillars :
``example.com.conf``
.. code:: bash
<VirtualHost *:80>
ServerName example.com
CustomLog /var/log/httpd/example.com-access.log combined
ErrorLog /var/log/httpd/example.com-error.log
RewriteEngine on
Header set Access-Control-Allow-Methods GET,PUT,POST,DELETE,OPTIONS
<Location /test.html>
Require all granted
</Location>
</VirtualHost>
``test.example.com.conf``
.. code:: bash
<VirtualHost 10.10.1.1:8080>
ServerName test.example.com
CustomLog /var/log/httpd/test.example.com-access.log "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %{ms}T"
ErrorLog /var/log/httpd/test.example.com-error.log
</VirtualHost>
this will delete ``test.example.com.conf``
.. code:: yaml
apache:
VirtualHost:
test.example.com:
item: '10.10.1.1:8080'
absent: True # <-- delete test.example.com.conf
directives:
- ServerName: 'test.example.com'
``apache.uninstall``
----------
Stops the Apache service and uninstalls the package.

430
_modules/apache_directives.py Normal file
View File

@ -0,0 +1,430 @@
# -*- coding: utf-8 -*-
'''
apache directives
:maintainer: "karim Hamza"
'''
from __future__ import absolute_import, unicode_literals
# Import python libs
import re
from copy import deepcopy
from salt.exceptions import CommandExecutionError
from salt.ext.six.moves import range
def _get_directive_values(directive, d_list):
'''
Returns list all values of directive
'''
values = [item.get(directive) for item in d_list if directive in item]
return values
def get_directive_single_value(directive, d_list, default=None):
'''
Returns single value of directive
default is returned if directive is absent from list
'''
values = _get_directive_values(directive, d_list)
try:
return values[0]
except IndexError:
if default is not None:
return default
error_msg = "invalid Pillar content - " \
+ directive + " - is not defined"
raise CommandExecutionError(error_msg)
def append_to_container_directives(directive, value, container):
'''
Append directive to directives list
'''
try:
container['directives'].append({directive: value})
except KeyError:
container['directives'] = []
container['directives'].append({directive: value})
return container
def _manage_directive_into_containers(directive,
value,
container,
container_name_target,
item,
enforce_value=False,
add_directive=True):
'''
Enforce value for directive into specific container
directive
directive label (name)
value
value to enforce
container
container to parse
container_name_target
container name target into directive/value have to be enforced
item
name of the item target
enforce_value : default=False
True: enforce value if directive exists, otherwise add it if add_directive=True
add_directive : default=True
Only if enforce_value=False add directive if it is not present
'''
for n_container, l_containers in container.get('containers', {}).items():
for idx, nested_container in enumerate(l_containers):
if (n_container == container_name_target
and nested_container['item'] == item):
if enforce_value:
container['containers'][n_container][idx] = \
enforce_directive_value(directive,
{'value': value, 'add_if_absent': add_directive},
n_container,
nested_container)
else:
container['containers'][n_container][idx] = \
append_to_container_directives(directive,
value,
nested_container)
container['containers'][n_container][idx] = \
_manage_directive_into_containers(directive,
value,
nested_container,
container_name_target,
item,
enforce_value,
add_directive)
return container
def set_vhost_logging_directives(container, servername, logdir):
'''
set value of CustomLog and LogFormat directives in vhost
'''
logformat = get_directive_single_value('LogFormat',
container.get('directives', []),
default='combined')
enforce_directive_value(
directive='CustomLog',
enforced_directive_data=
{'value': logdir + '/' + servername +'-access.log ' + logformat,
'add_if_absent': True},
container_name='VirtualHost',
container_data=container)
enforce_directive_value(
directive='ErrorLog',
enforced_directive_data=
{'value': logdir + '/' + servername +'-error.log ',
'add_if_absent': True},
container_name='VirtualHost',
container_data=container)
return container
def _container_merge_multiple_directives(container):
'''
append directives_multiple list into directives
'''
try:
container['directives'].extend(container.get('directives_multiple', []))
except KeyError:
container['directives'] = []
container['directives'] = container.get('directives_multiple', [])
container.pop('directives_multiple', None)
for sub_container_name, sub_containers_list in container.get('containers', {}).items():
for sub_idx, sub_container in enumerate(sub_containers_list):
container['containers'][sub_container_name][sub_idx] = \
_container_merge_multiple_directives(sub_container)
return container
def merge_container_with_additional_data(container_to_update,
container_to_import,
add_directive=True,
add_container=True):
'''
Merge containers usually to merge default values with pillar content
container_to_update
the default container into which put or modify values with pillar content
container_to_import
usually pillar content
add_directive : default=True
add directive if it is not present
add_container : default=True
add sub_container if it is absent in container_to_update
'''
merged_container = deepcopy(container_to_update)
multiple_directives_to_append = []
for mult_directive_item in container_to_update.get('directives_multiple', []):
for mult_directive, imp_value in mult_directive_item.items():
append_to_container_directives(mult_directive,
imp_value,
merged_container)
if mult_directive not in multiple_directives_to_append:
multiple_directives_to_append.append(mult_directive)
merged_container.pop('directives_multiple', None)
for p_directive_item in container_to_import.get('directives', []):
for p_directive, p_value in p_directive_item.items():
if p_directive in multiple_directives_to_append:
append_to_container_directives(p_directive,
p_value,
merged_container)
else:
merged_container = enforce_directive_value(
p_directive,
{'value': p_value, 'add_if_absent': add_directive},
'virtual_name_container',
merged_container)
# containers:
sub_containers_to_update = merged_container.get('containers', {})
sub_containers_to_import = container_to_import.get('containers', {})
if sub_containers_to_update and sub_containers_to_import:
# merge directives of sub containers
for container_name, u_container_list in sub_containers_to_update.items():
to_imp_containers = sub_containers_to_import.get(container_name, [])
for container_idx, to_upd_container_data in enumerate(u_container_list):
imp_items_containers = [container for container in to_imp_containers
if container['item'] == to_upd_container_data['item']]
for i_item_container in imp_items_containers:
merged_container['containers'][container_name][container_idx] = \
merge_container_with_additional_data(
merged_container['containers'][container_name][container_idx],
i_item_container,
add_directive)
if add_container:
# merge containers not present in default 'container_name' list
d_container_items = set([container.get('item') for container
in u_container_list])
p_container_items = set([container.get('item') for container
in to_imp_containers])
items_diff = (p_container_items - d_container_items)
for item in items_diff:
merged_container['containers'][container_name].extend(
[container for container in to_imp_containers if
container.get('item') == item])
if add_container:
# merge global containers not present in default
k_containers_diff = (set(sub_containers_to_import.keys())
- set(sub_containers_to_update.keys()))
for k_container in k_containers_diff:
merged_container['containers'][k_container] = {}
merged_container['containers'][k_container] = sub_containers_to_import[k_container]
elif not sub_containers_to_update \
and sub_containers_to_import \
and add_container:
merged_container['containers'] = {}
merged_container['containers'] = sub_containers_to_import
elif not sub_containers_to_import:
pass
# move directives_multiple into directives and delete directives_multiple
for container_name, containers_list in merged_container.get('containers', {}).items():
for container_idx, container_data in enumerate(containers_list):
merged_container['containers'][container_name][container_idx] = \
_container_merge_multiple_directives(container_data)
return merged_container
def enforce_security_directives_into_containers(container_to_secure,
secured_containers,
add_directive=True,
add_container=True):
'''
Merge secured containers into pillar content
container_to_secure
usually pillar content
secured_containers
content of hadened values
add_directive : default=True
add directive if it is not present
add_container : default=True
add sub_container if it is absent in container_to_secure
'''
i_secured_containers = {}
i_secured_containers['containers'] = secured_containers
container_to_secure = merge_container_with_additional_data(
container_to_secure,
i_secured_containers,
add_directive=add_directive,
add_container=add_container)
# search in (sub) nested containers and secure them
for secure_container_name, l_s_containers in secured_containers.items():
for s_container in l_s_containers:
# search into container_to_secure
secured_item = s_container.get('item')
for s_directive in s_container.get('directives', []):
for s_d_label, s_d_value in s_directive.items():
container_to_secure = _manage_directive_into_containers(
s_d_label,
s_d_value,
container_to_secure,
container_name_target=secure_container_name,
item=secured_item,
enforce_value=True,
add_directive=add_directive)
return container_to_secure
def _substitute_value(text, enforced_value):
'''
conditional replace in 'text' with regex and condition
text
string to process
enforced_value
dict :
match: regex to match
value: value to enforce
onlyif_pillar_is: condition on pillar content
regex_group_position: number of group to replace in regex
'''
def my_match_function(m_object):
return_value = ''.join([m_object.group(idx) for idx in range(1, position)
if m_object.group(idx) is not None])
if condition == 'greater':
return_value = return_value \
+ str(min(int(m_object.group(position)), int(enforced_value['value']))) \
+ ''.join([m_object.group(idx) for idx in range(position+1, m_object.lastindex+1) if m_object.group(idx) is not None])
elif condition == 'lower':
return_value = return_value \
+ str(max(int(m_object.group(position)), int(enforced_value['value']))) \
+ ''.join([m_object.group(idx) for idx in range(position+1, m_object.lastindex+1) if m_object.group(idx) is not None])
elif condition == 'different' and m_object.group(position) != str(enforced_value['value']):
return_value = return_value \
+ enforced_value['value'] \
+ ''.join([m_object.group(idx) for idx in range(position+1, m_object.lastindex+1) if m_object.group(idx) is not None])
else:
return_value = m_object.group(0)
return return_value
_pattern = re.compile(enforced_value.get('match', r'(\S+(\s+\S+)*)'), re.IGNORECASE)
condition = enforced_value.get('onlyif_pillar_is', 'different')
position = enforced_value.get('regex_group_position', 1)
value = _pattern.sub(my_match_function, str(text))
return value
def enforce_directive_value(directive,
enforced_directive_data,
container_name,
container_data):
'''
Enforce value of directive under conditions
directive
directive label (name)
enforced_directive_data
dict containning
value to put
condition (greater|lower|different)
regex match : default= r'(\\w+(\\s+\\w+)*)'
regex group position : default=1
container : enforce value only on the specified container
container_name
the name of httpd container
container_data
container to parse
'''
d_is_present = False
add_directive = enforced_directive_data.get('add_if_absent', False)
enforced_data_values = enforced_directive_data.get('values', [enforced_directive_data])
for idx_d, d_item in enumerate(container_data.get('directives', [])):
if directive in d_item:
d_is_present = True
for enforced_data_value in enforced_data_values:
if (not enforced_data_value.get('container', '')) \
or (enforced_data_value.get('container') == container_name):
container_data['directives'][idx_d][directive] = \
_substitute_value(container_data['directives'][idx_d][directive],
enforced_data_value)
if re.match(r'(\s*)?$', container_data['directives'][idx_d][directive]) is not None:
# delete directive from list in case of
# the value is empty after replacement
del container_data['directives'][idx_d]
break
if add_directive and not d_is_present \
and not enforced_directive_data.get('match', '') \
and not enforced_directive_data.get('values', ''):
append_to_container_directives(directive,
enforced_directive_data.get('value'),
container_data)
# directive is not added in subcontainers
enforced_directive_data['add_if_absent'] = False
for sub_container_name, sub_containers in \
container_data.get('containers', {}).items():
container_to_match = enforced_directive_data.get('container', sub_container_name)
if container_to_match == sub_container_name:
for idx, nested_container in enumerate(sub_containers):
container_data['containers'][sub_container_name][idx] = \
enforce_directive_value(directive,
enforced_directive_data,
sub_container_name,
nested_container)
return container_data
def remove_container(container_data,
container_name_to_remove,
item_name_to_remove):
'''
remove container_name/item from container_data
'''
for idx, container in enumerate(container_data.get('containers', {}).get(container_name_to_remove, [])):
if container.get('item') == item_name_to_remove:
del container_data['containers'][container_name_to_remove][idx]
for sub_container_name, sub_containers in \
container_data.get('containers', {}).items():
for sub_idx, sub_container in enumerate(sub_containers):
container_data['containers'][sub_container_name][sub_idx] = \
remove_container(sub_container, container_name_to_remove, item_name_to_remove)
return container_data

13
apache/_mapdata/_mapdata.jinja
View File

@ -1,13 +0,0 @@
# yamllint disable rule:indentation rule:line-length
# {{ grains.get("osfinger", grains.os) }}
---
{#- use salt.slsutil.serialize to avoid encoding errors on some platforms #}
{{ salt["slsutil.serialize"](
"yaml",
map,
default_flow_style=False,
allow_unicode=True,
)
| regex_replace("^\s+'$", "'", multiline=True)
| trim
}}

22
apache/_mapdata/init.sls
View File

@ -1,22 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
---
{#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split("/")[0] %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- set _mapdata = {
"values": apache,
} %}
{%- do salt["log.debug"]("### MAP.JINJA DUMP ###\n" ~ _mapdata | yaml(False)) %}
{%- set output_dir = "/temp" if grains.os_family == "Windows" else "/tmp" %}
{%- set output_file = output_dir ~ "/salt_mapdata_dump.yaml" %}
{{ tplroot }}-mapdata-dump:
file.managed:
- name: {{ output_file }}
- source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja
- template: jinja
- context:
map: {{ _mapdata | yaml }}

1
apache/certificates
View File

@ -1 +0,0 @@
config/certificates/

63
apache/certificates.sls Normal file
View File

@ -0,0 +1,63 @@
{% from "apache/map.jinja" import apache with context %}
include:
- apache
{%- for site, confcert in salt['pillar.get']('apache:sites', {}).items() %}
{% if confcert.SSLCertificateKeyFile is defined and confcert.SSLCertificateKeyFile_content is defined %}
# Deploy {{ site }} key file
apache_cert_config_{{ site }}_key_file:
file.managed:
- name: {{ confcert.SSLCertificateKeyFile }}
- contents_pillar: apache:sites:{{ site }}:SSLCertificateKeyFile_content
- makedirs: True
- mode: 600
- user: root
- group: root
- watch_in:
- module: apache-reload
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
{% endif %}
{% if confcert.SSLCertificateFile is defined and confcert.SSLCertificateFile_content is defined %}
# Deploy {{ site }} cert file
apache_cert_config_{{ site }}_cert_file:
file.managed:
- name: {{ confcert.SSLCertificateFile }}
- contents_pillar: apache:sites:{{ site }}:SSLCertificateFile_content
- makedirs: True
- mode: 600
- user: root
- group: root
- watch_in:
- module: apache-reload
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
{% endif %}
{% if confcert.SSLCertificateChainFile is defined and confcert.SSLCertificateChainFile_content is defined %}
# Deploy {{ site }} bundle file
apache_cert_config_{{ site }}_bundle_file:
file.managed:
- name: {{ confcert.SSLCertificateChainFile }}
- contents_pillar: apache:sites:{{ site }}:SSLCertificateChainFile_content
- makedirs: True
- mode: 600
- user: root
- group: root
- watch_in:
- module: apache-reload
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
{% endif %}
{%- endfor %}

7
apache/clean.sls
View File

@ -1,7 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
include:
- .service.clean
- .config.clean
- .package.clean

118
apache/config.sls Normal file
View File

@ -0,0 +1,118 @@
{% from "apache/map.jinja" import apache with context %}
{% import_yaml "apache/hardening-values.yaml" as hardening_values %}
{% import_yaml "apache/defaults/" ~ salt['grains.get']('os_family') ~ "/defaults-apache-" ~ apache.version ~ ".yaml" as global_defaults %}
include:
- apache
- apache.mod_ssl
- apache.hardening
{# merge defaults with pillar content #}
{% set pillar_server_config = salt['pillar.get']('apache:server_apache_config', {}) %}
{% set server_config = salt['apache_directives.merge_container_with_additional_data'](
global_defaults.server_apache_config,
pillar_server_config) %}
{# enforce directives values #}
{% for directive, directive_data in hardening_values.enforced_directives.items() %}
{% set server_config = salt['apache_directives.enforce_directive_value'](directive,
directive_data,
container_name='server',
container_data=server_config) %}
{% endfor %}
{# merge server config with hardened sections #}
{% set server_config = salt['apache_directives.enforce_security_directives_into_containers'](
server_config,
hardening_values.enforced_containers ) %}
{# remove containers #}
{% for container_name_to_remove, items_names in hardening_values.containers_to_remove.items() %}
{% for item_name in items_names %}
{% set server_config = salt['apache_directives.remove_container'](
server_config,
container_name_to_remove,
item_name) %}
{% endfor %}
{% endfor %}
{# add supplemental security directives in server configuration #}
{% for d_directive in hardening_values.server_supplemental_directives %}
{% for directive, value in d_directive.items() %}
{% set server_config = salt['apache_directives.append_to_container_directives'](
directive,
value,
server_config) %}
{% endfor %}
{% endfor %}
{% if grains['os_family']=="RedHat" %}
{{ apache.logdir }}:
file.directory:
- makedirs: True
- require:
- pkg: apache
- user: root
- group: {{ apache.group }}
- dir_mode: 750
- watch_in:
- module: apache-restart
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
{{ apache.configfile }}:
file.managed:
- template: jinja
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/apache-{{ apache.version }}.config.jinja
- user: root
- group: root
- mode: 644
- require:
- pkg: apache
- watch_in:
- module: apache-restart
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
- context:
apache: {{ apache | json}}
server_config: {{ server_config | json }}
{{ apache.vhostdir }}:
file.directory:
- makedirs: True
- require:
- pkg: apache
- user: root
- group: root
- dir_mode: 755
- file_mode: 644
- recurse:
- user
- group
- mode
- watch_in:
- module: apache-restart
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
{{ apache.confdir }}/welcome.conf:
file.managed:
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/welcome.conf
- user: root
- group: root
- mode: 644
- require:
- pkg: apache
- watch_in:
- service: apache
{% endif %}

40
apache/config/certificates/clean.sls
View File

@ -1,40 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_clean = tplroot ~ '.service.clean' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_clean }}
{%- for site, cert in salt['pillar.get']('apache:sites', {}).items() %}
{%- if cert.SSLCertificateKeyFile is defined %}
apache_cert_config_clean_{{ site }}_key_file:
file.absent:
- name: {{ cert.SSLCertificateKeyFile }}
- require:
- sls: {{ sls_service_clean }}
{%- endif %}
{%- if cert.SSLCertificateFile is defined %}
apache_cert_config_clean_{{ site }}_cert_file:
file.absent:
- name: {{ cert.SSLCertificateFile }}
- require:
- sls: {{ sls_service_clean }}
{%- endif %}
{%- if cert.SSLCertificateChainFile is defined %}
apache_cert_config_clean_{{ site }}_bundle_file:
file.absent:
- name: {{ cert.SSLCertificateChainFile }}
- require:
- sls: {{ sls_service_clean }}
{%- endif %}
{%- endfor %}

5
apache/config/certificates/init.sls
View File

@ -1,5 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
include:
- .install

67
apache/config/certificates/install.sls
View File

@ -1,67 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
{%- for site, cert in salt['pillar.get']('apache:sites', {}).items() %}
{%- if cert.SSLCertificateKeyFile is defined and cert.SSLCertificateKeyFile_content is defined %}
apache_cert_config_install_{{ site }}_key_file:
file.managed:
- name: {{ cert.SSLCertificateKeyFile }}
- contents_pillar: apache:sites:{{ site }}:SSLCertificateKeyFile_content
- makedirs: True
- mode: 600
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
{%- if cert.SSLCertificateFile is defined and cert.SSLCertificateFile_content is defined %}
apache_cert_config_install_{{ site }}_cert_file:
file.managed:
- name: {{ cert.SSLCertificateFile }}
- contents_pillar: apache:sites:{{ site }}:SSLCertificateFile_content
- makedirs: True
- mode: 600
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
{%- if cert.SSLCertificateChainFile is defined and cert.SSLCertificateChainFile_content is defined %}
apache_cert_config_install_{{ site }}_bundle_file:
file.managed:
- name: {{ cert.SSLCertificateChainFile }}
- contents_pillar: apache:sites:{{ site }}:SSLCertificateChainFile_content
- makedirs: True
- mode: 600
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
{%- endfor %}

25
apache/config/clean.sls
View File

@ -1,25 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_clean = tplroot ~ '.service.clean' %}
{%- set sls_modules_clean = tplroot ~ '.config.modules.clean' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- .modules.clean
- {{ sls_service_clean }}
apache-config-clean-file-absent:
file.absent:
- names:
- {{ apache.config }}
- {{ apache.logdir }}
- {{ apache.vhostdir }}
# apache.portsfile
- /etc/apache2
- /etc/httpd
- {{ apache.confdir }}/server-status{{ apache.confext }}
- require:
- sls: {{ sls_service_clean }}
- sls: {{ sls_modules_clean }}

50
apache/config/debian_full.sls
View File

@ -1,50 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_config_registersite = tplroot ~ '.config.register_site' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains.os_family in ('Debian',) %}
include:
- {{ sls_package_install }}
- {{ sls_service_running }}
- {{ sls_config_registersite }}
extend:
apache-package-install-pkg-installed:
pkg:
- order: 175
apache-service-running:
service:
- order: 455
apache-service-running-reload:
module:
- order: 420
apache-service-running-restart:
module:
- order: 425
apache-config-debian-full-cmd-run:
cmd.run:
- name: a2dissite 000-default{{ apache.confext }} || true
- onlyif: test -f /etc/apache2/sites-enabled/000-default{{ apache.confext }}
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
- require:
- pkg: apache-package-install-pkg-installed
file.absent:
- names:
- /etc/apache2/sites-available/{{ apache.default_site }}
- /etc/apache2/sites-available/{{ apache.default_site_ssl }}
- require:
- pkg: apache-package-install-pkg-installed
{%- endif %} #END: os = debian

163
apache/config/file.sls
View File

@ -1,163 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-file-directory-logdir:
file.directory:
- name: {{ apache.logdir }}
- user: {{ apache.user }}
- group: {{ apache.group }}
- makedirs: True
- require:
- sls: {{ sls_package_install }}
- require_in:
- service: apache-service-running
apache-config-file-directory-vhostdir:
file.directory:
- name: {{ apache.vhostdir }}
- makedirs: True
- require:
- sls: {{ sls_package_install }}
- require_in:
- service: apache-service-running
apache-config-file-directory-moddir:
file.directory:
- name: {{ apache.moddir }}
- makedirs: True
- require:
- sls: {{ sls_package_install }}
- require_in:
- service: apache-service-running
{%- if apache.davlockdbdir %}
apache-config-file-directory-davlockdbdir:
file.directory:
- name: {{ apache.davlockdbdir }}
- makedirs: True
- user: {{ apache.user }}
- group: {{ apache.group }}
- recurse:
- user
- group
- require:
- sls: {{ sls_package_install }}
- require_in:
- service: apache-service-running
{%- endif %}
{%- if 'sitesdir' in apache and apache.sitesdir %}
apache-config-file-directory-sites-enabled:
file.directory:
- name: {{ apache.sitesdir }}
- makedirs: True
- require:
- sls: {{ sls_package_install }}
- require_in:
- service: apache-service-running
{%- endif %}
{%- if grains.os_family in ('Debian',) and 'confdir' in apache and apache.confdir %}
apache-config-file-directory-conf-enabled:
file.directory:
- name: {{ apache.confdir }}
- makedirs: True
- require:
- sls: {{ sls_package_install }}
- require_in:
- service: apache-service-running
{%- endif %}
apache-config-file-managed:
file.managed:
- name: {{ apache.config }}
- source: 'salt://apache/files/{{ grains.os_family }}/apache-{{ apache.version }}.config.jinja'
- mode: 644
- user: {{ apache.rootuser }}
{%- if grains.kernel != 'Windows' %}
- group: {{ apache.rootgroup }}
{%- endif %}
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- require:
- sls: {{ sls_package_install }}
- context:
apache: {{ apache | json }}
{%- if grains.os_family in ('Debian', 'FreeBSD') %}
apache-config-file-managed-{{ grains.os }}-env:
file.managed:
- name: /etc/apache2/envvars
- source: 'salt://apache/files/{{ grains.os_family }}/envvars-{{ apache.version }}.jinja'
- mode: 644
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache | json }}
- require_in:
- file: apache-config-file-managed-{{ grains.os }}-ports
apache-config-file-managed-{{ grains.os }}-ports:
file.managed:
- name: {{ apache.portsfile }}
- source: salt://apache/files/{{ grains.os_family }}/ports-{{ apache.version }}.conf.jinja
- mode: 644
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache | json }}
{%- elif grains.os_family == "RedHat" %}
apache-config-file-absent-{{ grains.os }}:
file.absent:
- name: {{ apache.confdir }}/welcome.conf
{%- elif grains.os_family == "Suse" %}
apache-config-file-managed-{{ grains.os }}:
file.managed:
- name: /etc/apache2/global.conf
- source: 'salt://apache/files/Suse/global.config.jinja'
- mode: 644
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache | json }}
{%- else %}
apache-config-file-managed-skip:
test.show_notification:
- text: |
No configuration file to manage
{%- endif %}
- require:
- sls: {{ sls_package_install }}
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- service: apache-service-running

48
apache/config/flags.sls
View File

@ -1,48 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
{%- if grains.os_family == 'Suse' %}
include:
- {{ sls_package_install }}
- {{ sls_service_running }}
{%- for flag in salt['pillar.get']('apache:flags:enabled', []) %}
apache-config-flags-{{ flag }}-cmd-a2en:
cmd.run:
- name: a2enflag {{ flag }}
- unless: egrep "^APACHE_SERVER_FLAGS=" /etc/sysconfig/apache2 |grep {{ flag }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endfor %}
{%- for flag in salt['pillar.get']('apache:flags:disabled', []) %}
apache-config-flags-{{ flag }}-a2dis:
cmd.run:
- name: a2disflag -f {{ flag }}
- onlyif: egrep "^APACHE_SERVER_FLAGS=" /etc/sysconfig/apache2 | grep {{ flag }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endfor %}
{%- endif %}

5
apache/config/init.sls
View File

@ -1,5 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
include:
- .vhosts

44
apache/config/logrotate.sls
View File

@ -1,44 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
apache-config-logrotate-file-managed:
file.managed:
- name: {{ apache.logrotatedir }}
- makedirs: True
{%- if grains.os_family == "RedHat" %}
- contents: |
{{ apache.logdir }}/*log {
missingok
notifempty
sharedscripts
delaycompress
postrotate
/bin/systemctl reload {{ apache.service.name }}.service > /dev/null 2>/dev/null || true
endscript
}
{% else %}
- contents: |
{{ apache.logdir }}/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
if /etc/init.d/{{ apache.service.name }} status >/dev/null; then \
/etc/init.d/{{ apache.service.name }} reload >/dev/null; \
fi;
endscript
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi; \
endscript
}
{% endif %}

44
apache/config/manage_security.sls
View File

@ -1,44 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains.os_family in ('Debian', 'FreeBSD') %}
include:
- {{ sls_package_install }}
- {{ sls_service_running }}
apache-config-manage-security-{{ grains.os_family }}:
file.managed:
{%- if grains.os_family == "Debian" %}
- onlyif: test -f /etc/apache2/conf-available/security.conf
- name: /etc/apache2/conf-available/security.conf
{%- elif grains.os_family == "FreeBSD" %}
- name: {{ apache.confdir + '/security.conf' }}
{%- endif %}
- source:
- salt://apache/files/{{ grains.os_family }}/security.conf.jinja
- salt://apache/files/ssl/security.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache | json }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

50
apache/config/modules/clean.sls
View File

@ -1,50 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_clean = tplroot ~ '.package.clean' %}
{%- set sls_service_clean = tplroot ~ '.service.clean' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_clean }}
{%- set existing_states = salt['cp.list_states']() %}
{%- for module in salt['pillar.get']('apache:modules:disabled', []) %}
apache-config-modules-{{ module }}-disable:
{%- if grains['os_family']=="Debian" %}
cmd.run:
- name: a2dismod -f {{ module }}
- onlyif: ls {{ apache.moddir }}/{{ module }}.load
{%- elif grains.os_family in ('Redhat', 'Arch') %}
cmd.run:
- name: find /etc/httpd/ -name '*.conf' -type f -exec sed -i -e 's/\(^\s*LoadModule.{{ module }}_module\)/#\1/g' {} \;
- onlyif:
- test -d /etc/httpd
- {{ grains.os_family in ('Arch',) and 'true' }} || (httpd -M 2> /dev/null |grep "[[:space:]]{{ module }}_module")
file.absent:
- name: /etc/httpd/conf.modules.d/*{{ module }}.conf
{%- elif salt['grains.get']('os_family') == 'Suse' %}
cmd.run:
- name: a2dismod {{ module }}
- onlyif: egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep {{ module }}
{%- else %}
test.show_notification:
- text: |
No {{ module }} module change
{%- endif %}
- order: 225
- require:
- sls: {{ sls_service_clean }}
{%- endfor %}

11
apache/config/modules/init.sls
View File

@ -1,11 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
include:
- .install
- .mod_rewrite
- .mod_proxy
- .mod_headers
{%- if 'osfinger' in grains and grains.osfinger not in ('Amazon Linux-2',) %}
- .mod_geoip
{%- endif %}

51
apache/config/modules/install.sls
View File

@ -1,51 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_config_file = tplroot ~ '.config.file' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_config_file }}
{% set existing_states = salt['cp.list_states']() %}
{% for module in salt['pillar.get']('apache:modules:enabled', []) %}
apache-config-modules-{{ module }}-enable:
{% if grains['os_family']=="Debian" %}
cmd.run:
- name: a2enmod -f {{ module }}
- unless: ls {{ apache.moddir }}/{{ module }}.load
{% elif grains.os_family in ('RedHat', 'Arch') %}
cmd.run:
- name: find /etc/httpd/ -name '*.conf' -type f -exec sed -i -e 's/\(^#\)\(\s*LoadModule.{{ module }}_module\)/\2/g' {} \;
- onlyif: {{ grains.os_family in ('Arch',) and 'true' }} || (httpd -M 2> /dev/null |grep "[[:space:]]{{ module }}_module")
{% elif salt['grains.get']('os_family') == 'Suse' %}
cmd.run:
- name: a2enmod {{ module }}
- onlyif: egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 |grep {{ module }}
{% else %}
test.show_notification:
- text: |
No {{ module }} module change
{%- endif %}
- order: 225
- require:
- sls: {{ sls_config_file }}
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
{%- endfor %}

30
apache/config/modules/mod_actions.sls
View File

@ -1,30 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-actions-cmd-run:
cmd.run:
- name: a2enmod actions
- unless:
- ls {{ apache.moddir }}/actions.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep actions
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

33
apache/config/modules/mod_cgi.sls
View File

@ -1,33 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family']=="FreeBSD" %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-cgi-cmd-run:
file.managed:
- name: {{ apache.modulesdir }}/040_mod_cgi.conf
- source: salt://apache/files/FreeBSD/mod_cgi.conf.jinja
- template: {{ apache.get('template_engine', 'jinja') }}
- makedirs: True
- context:
svcname: {{ apache.service.name }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
- mode: 644
{%- endif %}

49
apache/config/modules/mod_dav_svn.sls
View File

@ -1,49 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] == "Debian" %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-dav_svn_pkg_installed:
pkg.installed:
- name: libapache2-mod-svn
apache-config-modules-dav_svn_cmd-run-a2en:
cmd.run:
- name: a2enmod dav_svn
- unless: ls {{ apache.moddir }}/dav_svn.load
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- pkg: apache-config-modules-dav_svn_pkg_installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
apache-config-modules-dav_svn_cmd-run-a2en-authz:
cmd.run:
- name: a2enmod authz_svn
- unless: ls {{ apache.moddir }}/authz_svn.load
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- pkg: apache-config-modules-dav_svn_pkg_installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

49
apache/config/modules/mod_fastcgi.sls
View File

@ -1,49 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] == "Debian" %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
- .mod_actions
apache-config-modules-fastcgi-pkg:
pkgrepo.managed:
- name: "deb http://ftp.us.debian.org/debian {{ grains['oscodename'] }}"
- file: /etc/apt/sources.list.d/non-free.list
- onlyif: grep Debian /proc/version >/dev/null 2>&1
- comps: non-free
pkg.installed:
- name: {{ apache.mod_fastcgi }}
- order: 180
- require:
- pkgrepo: apache-config-modules-fastcgi-pkg
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
apache-config-modules-fastcgi_cmd-run:
cmd.run:
- name: a2enmod fastcgi
- unless: ls {{ apache.moddir }}/fastcgi.load
- order: 225
- require:
- pkg: apache-config-modules-fastcgi-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

35
apache/config/modules/mod_fcgid.sls
View File

@ -1,35 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-fcgid-pkg:
pkg.installed:
- name: {{ apache.mod_fcgid }}
- order: 180
- require:
- pkg: apache-package-install-pkg-installed
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
cmd.run:
- name: a2enmod fcgid
- order: 225
- unless: ls {{ apache.moddir }}/fcgid.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' fcgid'
- require:
- pkg: apache-config-modules-fcgid-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

87
apache/config/modules/mod_geoip.sls
View File

@ -1,87 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if 'mod_geoip' in apache and 'finger' in grains and grains.osfinger not in ('Leap-42',) %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-geoip-pkg:
pkg.installed:
- pkgs:
- {{ apache.mod_geoip }}
- {{ apache.mod_geoip_database }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if grains['os_family']=="RedHat" %}
apache-config-modules-geoip-conf-file-managed:
file.managed:
- name: {{ apache.confdir }}/geoip.conf
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- makedirs: True
- mode: 644
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/geoip.conf
apache-config-modules-geoip-db-file-managed:
file.managed:
- name: /usr/share/GeoIP/GeoIP.dat
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- makedirs: True
- mode: 644
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/GeoIP.dat
apache-config-modules-geoip-{{ grains.os_family }}-conf-file-managed:
file.managed:
- name: {{ apache.moddir }}/10-geoip.conf
- makedirs: True
- source:
- salt://apache/files/RedHat/conf.modules.d/10-geoip.conf.jinja
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-geoip-cmd-run:
cmd.run:
- name: a2enmod geoip
- unless: ls {{ apache.moddir }}/geoip.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep geoip
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- pkg: apache-config-modules-geoip-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
{%- endif %}

29
apache/config/modules/mod_headers.sls
View File

@ -1,29 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-headers-pkg:
cmd.run:
- name: a2enmod headers
- unless: ls {{ apache.moddir }}/headers.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep headers
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

29
apache/config/modules/mod_logio.sls
View File

@ -1,29 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-logio-pkg:
cmd.run:
- name: a2enmod logio
- unless: ls {{ apache.moddir }}/logio.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep logio
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

84
apache/config/modules/mod_mpm.sls
View File

@ -1,84 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- set mpm_module = salt['pillar.get']('apache:mpm:module', 'mpm_prefork') %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-mpm-pkg:
cmd.run:
- name: a2enmod {{ mpm_module }}
- unless: ls {{ apache.moddir }}/{{ mpm_module }}.load
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
file.managed:
- name: /etc/apache2/mods-available/{{ mpm_module }}.conf
- template: {{ apache.get('template_engine', 'jinja') }}
- makedirs: True
- context:
apache: {{ apache|json }}
- source:
- salt://apache/files/Debian/mpm/{{ mpm_module }}.conf.jinja
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
# Deactivate the other mpm modules as a previous step
{%- for mod in ['mpm_prefork', 'mpm_worker', 'mpm_event'] if not mod == mpm_module %}
apache-config-modules-mpm-{{ mod }}-cmd-run:
cmd.run:
- name: a2dismod {{ mod }}
- onlyif: ls {{ apache.moddir }}/{{ mod }}.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' {{ mod }}'
- require:
- pkg: apache-package-install-pkg-installed
- require_in:
- cmd: a2enmod {{ mpm_module }}
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endfor %}
{%- elif grains['os_family']=="RedHat" %}
apache-config-modules-mpm-{{ grains.os_family }}-conf-file-managed:
file.managed:
- name: {{ apache.moddir }}/00-mpm.conf
- template: {{ apache.get('template_engine', 'jinja') }}
- makedirs: True
- context:
apache: {{ apache|json }}
- source:
- salt://apache/files/RedHat/conf.modules.d/00-{{ mpm_module }}.conf.jinja
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

68
apache/config/modules/mod_pagespeed.sls
View File

@ -1,68 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- set pagespeed_module = salt['pillar.get']('apache:pagespeed:module', 'pagespeed_prefork') %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-pagespeed-pkg:
pkg.installed:
- name: {{ apache.mod_pagespeed }}
- sources:
- mod-pagespeed-stable: {{ apache.mod_pagespeed_source }}
cmd.run:
- name: a2enmod pagespeed
- unless: ls {{ apache.moddir }}/pagespeed.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep pagespeed
- order: 255
- require:
- pkg: apache-config-modules-pagespeed-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- for dir in ['/var/cache/mod_pagespeed', '/var/log/pagespeed'] %}
apache-config-modules-pagespeed-{{ dir }}-file-directory:
file.directory:
- name: {{ dir }}
- makedirs: true
- user: {{ apache.user }}
- group: {{ apache.group }}
- require:
- pkg: apache-config-modules-pagespeed-pkg
- user: {{ apache.user }}
- group: {{ apache.group }}
{%- endfor %}
# Here we hardcode a logrotate entry to take care of the logs
apache-config-modules-pagespeed-logrotate-file-managed:
file.managed:
- name: /etc/logrotate.d/pagespeed
- contents: |
/var/log/pagespeed/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
sharedscripts
postrotate
if /etc/init.d/apache2 status > /dev/null ; then \
/etc/init.d/apache2 reload > /dev/null; \
fi;
endscript
}
{%- endif %}

60
apache/config/modules/mod_perl2.sls
View File

@ -1,60 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-perl-pkg:
pkg.installed:
- name: {{ apache.mod_perl2 }}
- order: 180
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
cmd.run:
- name: a2enmod perl
- unless: ls {{ apache.moddir }}/perl.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' perl'
- order: 225
- require:
- pkg: apache-config-modules-perl-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family']=="FreeBSD" %}
file.managed:
- name: {{ apache.modulesdir }}/260_mod_perl.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_perl.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
svcname: {{ apache.service.name }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

84
apache/config/modules/mod_php5.sls
View File

@ -1,84 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-php5-pkg:
pkg.installed:
- name: {{ apache.mod_php5 }}
- order: 180
- require:
- pkg: apache-package-install-pkg-installed
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
cmd.run:
- name: a2enmod php5
- unless: ls {{ apache.moddir }}/php5.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' php5'
- order: 225
- require:
- pkg: apache-config-modules-php5-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if 'apache' in pillar and 'php-ini' in pillar['apache'] %}
file.managed:
- name: /etc/php5/apache2/php.ini
- source: {{ pillar['apache']['php-ini'] }}
- order: 225
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
svcname: {{ apache.service.name }}
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
- require:
- pkg: apache-package-install-pkg-installed
- pkg: apache-config-modules-php5-pkg
{%- endif %}
{%- elif grains['os_family']=="FreeBSD" %}
file.managed:
- name: {{ apache.modulesdir }}/050_mod_php5.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_php5.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
svcname: {{ apache.service.name }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family']=="Suse" %}
file.replace:
- name: /etc/sysconfig/apache2
- unless: grep '^APACHE_MODULES=.*php5' /etc/sysconfig/apache2
- pattern: '^APACHE_MODULES=(.*)"'
- repl: 'APACHE_MODULES=\1 php5"'
{%- endif %}

49
apache/config/modules/mod_proxy.sls
View File

@ -1,49 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-proxy-pkg:
cmd.run:
- name: a2enmod proxy
- unless: ls {{ apache.moddir }}/proxy.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' proxy'
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family']=="FreeBSD" %}
apache-config-modules-proxy-file-managed:
file.managed:
- name: {{ apache.modulesdir }}/040_mod_proxy.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_proxy.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
svcname: {{ apache.service.name }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

51
apache/config/modules/mod_proxy_ajp.sls
View File

@ -1,51 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
- .mod_proxy
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-proxy_ajp-pkg:
cmd.run:
- name: a2enmod proxy_ajp
- unless: ls {{ apache.moddir }}/proxy_ajp.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep proxy_ajp
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
# cmd: a2enmod proxy
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family']=="FreeBSD" %}
apache-config-modules-proxy_ajp-file-managed:
file.managed:
- name: {{ apache.modulesdir }}/040_mod_proxy_ajp.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_proxy_ajp.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

31
apache/config/modules/mod_proxy_fcgi.sls
View File

@ -1,31 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
- .mod_proxy
apache-config-modules-proxy_fcgi-pkg:
cmd.run:
- name: a2enmod proxy_fcgi
- unless: ls {{ apache.moddir }}/proxy_fcgi.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep proxy_fcgi
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
# cmd: a2enmod proxy
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

51
apache/config/modules/mod_proxy_http.sls
View File

@ -1,51 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
- .mod_proxy
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-proxy_http-pkg:
cmd.run:
- name: a2enmod proxy_http
- unless: ls {{ apache.moddir }}/proxy_http.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep proxy_http
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
# cmd: a2enmod proxy
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family']=="FreeBSD" %}
apache-config-modules-proxy_http-file-managed:
file.managed:
- name: {{ apache.modulesdir }}/040_mod_proxy_http.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_proxy_http.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
svcname: {{ apache.service.name }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

80
apache/config/modules/mod_remoteip.sls
View File

@ -1,80 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-remoteip-cmd-run-mod-a2en:
cmd.run:
- name: a2enmod remoteip
- unless: ls {{ apache.moddir }}/remoteip.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep remoteip
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
apache-config-modules-remoteip-cmd-run-conf:
cmd.run:
- name: a2enconf remoteip
- unless: ls /etc/apache2/conf-enabled/remoteip.conf
- order: 255
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
file.managed:
- name: /etc/apache2/conf-available/remoteip.conf
- template: {{ apache.get('template_engine', 'jinja') }}
- makedirs: True
- context:
apache: {{ apache|json }}
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/conf-available/remoteip.conf.jinja
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
- cmd: apache-config-modules-remoteip-cmd-run-conf
{%- elif grains['os_family']=="RedHat" %}
apache-config-modules-remoteip-file-managed-conf:
file.managed:
- name: /etc/httpd/conf.d/remoteip.conf
- template: {{ apache.get('template_engine', 'jinja') }}
- makedirs: True
- context:
apache: {{ apache|json }}
- source:
- salt://apache/files/{{ salt['grains.get']('os_family') }}/conf.modules.d/remoteip.conf.jinja
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

49
apache/config/modules/mod_rewrite.sls
View File

@ -1,49 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains['os_family'] in ('Debian', 'Suse') %}
apache-config-modules-rewrite-cmd-run-mod:
cmd.run:
- name: a2enmod rewrite
- unless: ls {{ apache.moddir }}/rewrite.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep rewrite
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family']=="FreeBSD" %}
apache-config-modules-rewrite-file-managed-conf:
file.managed:
- name: {{ apache.modulesdir }}/040_mod_rewrite.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_rewrite.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
svcname: {{ apache.service.name }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

89
apache/config/modules/mod_security/init.sls
View File

@ -1,89 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains.os_family not in ('Arch',) %}
apache-config-modules-security-pkg:
pkg.installed:
- name: {{ apache.mod_security.package }}
- order: 180
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if apache.mod_security.crs_install and 'crs_package' in apache.mod_security %}
apache-config-modules-security-crs-pkg:
pkg.installed:
- name: {{ apache.mod_security.crs_package }}
- order: 180
- require:
- pkg: apache-config-modules-security-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
{%- if apache.mod_security.manage_config and 'config_file' in apache.mod_security %}
apache-config-modules-security-main-config-file-managed:
file.managed:
- name: {{ apache.mod_security.config_file }}
- order: 220
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- source:
- {{ 'salt://apache/files/' ~ salt['grains.get']('os_family') ~ '/modsecurity.conf.jinja' }}
- context: {{ apache.mod_security|json }}
- require:
- pkg: apache-config-modules-security-pkg
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-security-cmd-run-a2en-security2:
cmd.run:
- name: a2enmod security2
- unless: ls {{ apache.moddir }}/security2.load && ls {{ apache.moddir }}/security2.conf
- order: 225
{%- elif grains.os_family in ('Redhat',) %}
apache-config-modules-security-file-directory-modsecurity:
file.directory:
- name: /etc/httpd/modsecurity.d
{%- endif %}
- require:
- pkg: apache-config-modules-security-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

35
apache/config/modules/mod_socache_shmcb.sls
View File

@ -1,35 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family']=="FreeBSD" %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-socache_shmcb-file-managed:
file.managed:
- name: {{ apache.modulesdir }}/009_mod_socache_shmcb.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/generic_module.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
- context:
module_name: socache_shmcb
{%- endif %}

129
apache/config/modules/mod_ssl.sls
View File

@ -1,129 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains['os_family'] in ('Debian', 'Suse') %}
apache-config-modules-ssl-cmd-run:
cmd.run:
- name: a2enmod ssl
- unless: ls {{ apache.moddir }}/ssl.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' ssl'
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
file.managed:
- name: /etc/apache2/mods-available/ssl.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/ssl.conf.jinja
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- mode: 644
- makedirs: True
- watch_in:
- module: apache-service-running-restart
{%- elif grains['os_family']=="RedHat" %}
apache-config-modules-ssl-pkg:
pkg.installed:
- name: {{ apache.pkg.mod_ssl }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
file.absent:
- name: {{ apache.confdir }}/ssl.conf
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- elif grains['os_family']=="FreeBSD" %}
- .mod_ssl
apache-config-modules-ssl-file-managed:
file.managed:
- name: {{ apache.modulesdir }}/010_mod_ssl.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_ssl.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
apache-config-modules-ssl-file-managed-tls-defaults:
{%- if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}
file.managed:
- name: {{ apache.confdir }}/tls-defaults.conf
- source: salt://apache/files/ssl/tls-defaults.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
{%- else %}
file.absent:
- name: {{ apache.confdir }}/tls-defaults.conf
{%- endif %}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if grains['os_family'] in ('Debian',) %}
apache-config-modules-ssl-cmd-run-debian-tls-defaults:
cmd.run:
{%- if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}
- name: a2enconf tls-defaults
- unless: test -L /etc/apache2/conf-enabled/tls-defaults.conf
{%- else %}
- name: a2disconf tls-defaults
- onlyif: test -L /etc/apache2/conf-enabled/tls-defaults.conf
{%- endif %}
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
- file: {{ apache.confdir }}/tls-defaults.conf
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

52
apache/config/modules/mod_status.sls
View File

@ -1,52 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_package_install }}
apache-config-server-status:
file.managed:
- name: {{ apache.confdir }}/server-status{{ apache.confext }}
- source: 'salt://apache/files/server-status.conf.jinja'
- template: {{ apache.get('template_engine', 'jinja') }}
- makedirs: True
- context:
apache: {{ apache|json }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if grains['os_family'] == "Debian" %}
apache-config-server-status-file-directory:
file.directory:
- name: /etc/apache2/conf-enabled
- require:
- pkg: apache-package-install-pkg-installed
apache-config-server-status-cmd-run:
cmd.run:
- name: a2enconf server-status
- unless: 'test -L /etc/apache2/conf-enabled/server-status.conf'
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
- file: apache-config-server-status
- file: apache-config-server-status-file-directory
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

33
apache/config/modules/mod_suexec.sls
View File

@ -1,33 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family']=="FreeBSD" %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-suexec-file-managed:
file.managed:
- name: {{ apache.modulesdir }}/040_mod_suexec.conf
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_suexec.conf.jinja
- mode: 644
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
svcname: {{ apache.service.name }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

31
apache/config/modules/mod_upload_progress.sls
View File

@ -1,31 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-upload_progress-pkg:
pkg.installed:
- name: {{ apache.mod_upload_progress }}
cmd.run:
- name: a2enmod upload_progress
- unless: ls {{ apache.moddir }}/upload_progress.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep upload_progress
- order: 255
- require:
- pkg: apache-config-modules-upload_progress-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

29
apache/config/modules/mod_vhost_alias.sls
View File

@ -1,29 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-vhost_alias-cmd-run:
cmd.run:
- name: a2enmod vhost_alias
- unless: ls {{ apache.moddir }}/vhost_alias.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep vhost_alias
- order: 225
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

40
apache/config/modules/mod_wsgi.sls
View File

@ -1,40 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-modules-wsgi-pkg:
pkg.installed:
- name: {{ apache.mod_wsgi }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if 'conf_mod_wsgi' in apache %}
file.uncomment:
- name: {{ apache.conf_mod_wsgi }}
- regex: LoadModule
- onlyif: test -f {{ apache.conf_mod_wsgi }}
- require:
- pkg: apache-config-modules-wsgi-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

41
apache/config/modules/mod_xsendfile.sls
View File

@ -1,41 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
apache-config-xsendfile-pkg:
pkg.installed:
- name: {{ apache.mod_xsendfile }}
- order: 180
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
cmd.run:
- name: a2enmod xsendfile
- order: 225
- unless: ls {{ apache.moddir }}/xsendfile.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep xsendfile
- require:
- pkg: apache-config-xsendfile-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

1
apache/config/modules/server_status.sls
View File

@ -1 +0,0 @@
mod_status.sls

28
apache/config/no_default_vhost.sls
View File

@ -1,28 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains.os_family == "Debian" %}
include:
- {{ sls_package_install }}
- {{ sls_service_running }}
apache-config-default-vhost:
cmd.run:
- name: a2dissite 000-default.conf || true
- unless: test ! -f /etc/apache2/sites-enabled/000-default.conf
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

32
apache/config/own_default_vhost.sls
View File

@ -1,32 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains.os_family == "Debian" %}
include:
- {{ sls_package_install }}
- {{ sls_service_running }}
apache-config-own-default-vhost:
file.managed:
- name: {{ apache.vhostdir }}/000-default.conf
- source: salt://apache/files/Debian/sites-available/000-default.conf
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}

76
apache/config/register_site.sls
View File

@ -1,76 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains.os_family == "Debian" %}
include:
- {{ sls_package_install }}
- {{ sls_service_running }}
apache-config-register-site-file-directory:
file.directory:
- name: {{ apache.sitesdir }}
- require:
- pkg: apache-package-install-pkg-installed
{%- if 'apache' in pillar and 'register-site' in pillar['apache'] %}
{%- for site in pillar['apache']['register-site'] %}
{%- if 'name' in pillar['apache']['register-site'][site] and 'state' in pillar['apache']['register-site'][site] %}
{%- if 'path' in pillar['apache']['register-site'][site] %}
{%- if pillar['apache']['register-site'][site]['state'] == 'enabled' %}
{%- set a2modid = "a2ensite " ~ pillar['apache']['register-site'][site]['name'] ~ apache.confext %}
{%- else %}
{%- set a2modid = "a2dissite " ~ pillar['apache']['register-site'][site]['name'] ~ apache.confext %}
{%- endif %}
apache-config-register-site-{{ a2modid }}:
cmd.run:
- name: {{ a2modid }}
{%- if pillar['apache']['register-site'][site]['state'] == 'enabled' %}
- unless: test -f /etc/apache2/sites-enabled/{{ pillar['apache']['register-site'][site]['name'] }}{{ apache.confext }}
{%- else %}
- onlyif: test -f /etc/apache2/sites-enabled/{{ pillar['apache']['register-site'][site]['name'] }}{{ apache.confext }}
{%- endif %}
- order: 230
- require:
- pkg: apache-package-install-pkg-installed
- file: apache-config-register-site-file-managed
- file: apache-config-register-site-file-directory
- watch:
- file: apache-config-register-site-file-managed
apache-config-register-site-file-managed:
file.managed:
- name: /etc/apache2/sites-available/{{ pillar['apache']['register-site'][site]['name'] }}{{ apache.confext }}
- source: {{ pillar['apache']['register-site'][site]['path'] }}
- order: 225
- makedirs: True
- user: {{ apache.rootuser }}
- group: {{ apache.rootgroup }}
- mode: 775
{%- if 'template' in pillar['apache']['register-site'][site] and 'defaults' in pillar['apache']['register-site'][site] %}
- template: {{ apache.get('template_engine', 'jinja') }}
- defaults:
{%- for key, value in pillar['apache']['register-site'][site]['defaults'].items() %}
{{ key }}: {{ value }}
{%- endfor %}
{%- endif %}
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-reload
cmd.run:
- name: echo dummy state to workaround requisite issue >/dev/null 2>&1
- require_in:
- file: apache-config-register-site-file-managed
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endif %} #END: apache-service-running-register-site
{%- endif %} #END: grains['os_family'] == debian

41
apache/config/vhosts/clean.sls
View File

@ -1,41 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_clean = tplroot ~ '.service.clean' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains.os_family == 'Debian' %}
include:
- {{ sls_service_clean }}
{%- set dirpath = '/etc/apache2/sites-enabled' %}
{# Add . and .. to make it easier to not clean those #}
{%- set valid_sites = ['.', '..', ] %}
{# Take sites from apache.vhosts.standard #}
{%- for id, site in salt['pillar.get']('apache:sites', {}).items() %}
{%- do valid_sites.append('{}{}'.format(id, apache.confext)) %}
{%- endfor %}
{# Take sites from apache.register_site #}
{%- for id, site in salt['pillar.get']('apache:register-site', {}).items() %}
{%- do valid_sites.append('{}{}'.format(site.name, apache.confext)) %}
{%- endfor %}
{%- if salt['file.directory_exists'](dirpath) %}
{%- for filename in salt['file.readdir'](dirpath) %}
{%- if filename not in valid_sites %}
apache-config-vhosts-clean-{{ filename }}-cmd-run:
cmd.run:
- name: a2dissite {{ filename }} || true
- onlyif: "test -L {{ dirpath }}/{{ filename }} || test -f {{ dirpath }}/{{ filename }}"
- require:
- sls: {{ sls_service_clean }}
{%- endif %}
{%- endfor %}
{%- endif %}
{%- endif %}{# Debian #}

42
apache/config/vhosts/cleanup.sls
View File

@ -1,42 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{%- if grains.os_family == 'Debian' %}
include:
- {{ sls_service_running }}
{%- set dirpath = '/etc/apache2/sites-enabled' %}
{# Add . and .. to make it easier to not clean those #}
{%- set valid_sites = ['.', '..', ] %}
{# Take sites from apache.vhosts.standard #}
{%- for id, site in salt['pillar.get']('apache:sites', {}).items() %}
{%- do valid_sites.append('{}{}'.format(id, apache.confext)) %}
{%- endfor %}
{# Take sites from apache.register_site #}
{%- for id, site in salt['pillar.get']('apache:register-site', {}).items() %}
{%- do valid_sites.append('{}{}'.format(site.name, apache.confext)) %}
{%- endfor %}
{%- if salt['file.directory_exists'](dirpath) %}
{%- for filename in salt['file.readdir'](dirpath) %}
{%- if filename not in valid_sites %}
apache-config-vhosts-cleanup-{{ filename }}-cmd-run:
cmd.run:
- name: a2dissite {{ filename }} || true
- onlyif: "test -L {{ dirpath }}/{{ filename }} || test -f {{ dirpath }}/{{ filename }}"
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
{%- endif %}
{%- endfor %}
{%- endif %}
{%- endif %}{# Debian #}

5
apache/config/vhosts/init.sls
View File

@ -1,5 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
include:
- .standard

37
apache/config/vhosts/minimal.tmpl
View File

@ -1,37 +0,0 @@
#
# This file is managed by Salt! Do not edit by hand!
#
{# Define default values here so the template below can just focus on layout #}
{%- set sitename = site.get('ServerName', id) -%}
{%- set vals = {
'interfaces': site.get('interface', '*').split(),
'port': site.get('port', '80'),
'ServerName': sitename,
'ServerAlias': site.get('ServerAlias', ''),
'ServerAdmin': site.get('ServerAdmin', 'webmaster@{0}'.format(sitename)),
'LogLevel': site.get('LogLevel', 'warn'),
'ErrorLog': site.get('ErrorLog', '{0}/{1}-error.log'.format(map.logdir, sitename)),
'CustomLog': site.get('CustomLog', '{0}/{1}-access.log'.format(map.logdir, sitename)),
'LogFormat': site.get('LogFormat', '"%h %l %u %t \\\"%r\\\" %>s %b"'),
'DocumentRoot': site.get('DocumentRoot', '{0}/{1}'.format(map.wwwdir, sitename))
} -%}
<VirtualHost {% for intf in vals.interfaces %} {{ intf }}:{{ vals.port }}{% endfor -%}>
ServerName {{ vals.ServerName }}
{% if site.get('ServerAlias') != False %}ServerAlias {{ vals.ServerAlias }}{% endif %}
{% if site.get('ServerAdmin') != False %}ServerAdmin {{ vals.ServerAdmin }}{% endif %}
{% if site.get('DocumentRoot') != False -%}DocumentRoot {{ vals.DocumentRoot }}{% endif %}
{% if site.get('LogLevel') != False -%}LogLevel {{ vals.LogLevel }}{% endif %}
{% if site.get('ErrorLog') != False -%}ErrorLog {{ vals.ErrorLog }}{% endif %}
{% if site.get('LogFormat') != False -%}LogFormat {{ vals.LogFormat }}{% endif %}
{% if site.get('CustomLog') != False -%}LogFormat {{ vals.LogFormat }} {{ sitename }}
CustomLog {{ vals.CustomLog }} {{ sitename }}{% endif %}
</VirtualHost>

131
apache/config/vhosts/proxy.tmpl
View File

@ -1,131 +0,0 @@
#
# This file is managed by Salt! Do not edit by hand!
#
{# Define default values here so the template below can just focus on layout #}
{% set sitename = site.get('ServerName', id) -%}
{% set vals = {
'interfaces': site.get('interface', '*').split(),
'port': site.get('port', '80'),
'ServerName': sitename,
'ServerAlias': site.get('ServerAlias', ''),
'ServerAdmin': site.get('ServerAdmin', 'webmaster@{0}'.format(sitename)),
'UseCanonicalName': site.get('UseCanonicalName'),
'LogLevel': site.get('LogLevel', 'warn'),
'ErrorLog': site.get('ErrorLog', '{0}/{1}-error.log'.format(map.logdir, sitename)),
'LogFormat': site.get('LogFormat', '"%a %l %u %t \\"%r\\" %>s %b \\"%{Referer}i\\" \\"%{User-Agent}i\\""'),
'CustomLog': site.get('CustomLog', '{0}/{1}-access.log'.format(map.logdir, sitename)),
'ProxyRequests': site.get('ProxyRequests', 'Off'),
'ProxyPreserveHost': site.get('ProxyPreserveHost', 'On'),
'ProxyRoute': site.get('ProxyRoute', {}),
'Location': {
'Order': 'allow,deny',
'Allow': 'from all',
'Require': 'all granted',
},
'LocationMatch': {
'Order': 'allow,deny',
'Allow': 'from all',
'Require': 'all granted',
},
} -%}
<VirtualHost {%- for intf in vals.interfaces %} {{ intf }}:{{ vals.port }}{% endfor -%}>
ServerName {{ vals.ServerName }}
{% if site.get('ServerAlias') != False %}ServerAlias {{ vals.ServerAlias }}{% endif %}
{% if site.get('ServerAdmin') != False %}ServerAdmin {{ vals.ServerAdmin }}{% endif %}
{% if site.get('UseCanonicalName') %}UseCanonicalName {{ vals.UseCanonicalName }}{% endif %}
{% if site.get('LogLevel') != False %}LogLevel {{ vals.LogLevel }}{% endif %}
{% if site.get('ErrorLog') != False %}ErrorLog {{ vals.ErrorLog }}{% endif %}
{% if site.get('LogFormat') != False -%}LogFormat {{ vals.LogFormat }}{% endif %}
{% if site.get('CustomLog') != False -%}LogFormat {{ vals.LogFormat }} {{ sitename }}
CustomLog {{ vals.CustomLog }} {{ sitename }}{% endif %}
{% if site.get('SSLCertificateFile') %}SSLEngine on
SSLCertificateFile {{ site.SSLCertificateFile }}
{% if site.get('SSLCertificateKeyFile') %}SSLCertificateKeyFile {{ site.SSLCertificateKeyFile }}{% endif %}
{% if site.get('SSLCertificateChainFile') %}SSLCertificateChainFile {{ site.SSLCertificateChainFile }}{% endif %}
{%- endif %}
{% if site.get('Rewrite') %}RewriteEngine on
{{ site.Rewrite|indent(4) }}
{%- endif %}
{% if site.get('SSLProxyEngine') %}SSLProxyEngine {{ site.SSLProxyEngine }}{% endif %}
ProxyRequests {{ vals.ProxyRequests }}
ProxyPreserveHost {{ vals.ProxyPreserveHost }}
{% if site.get('ProxyErrorOverride') %}ProxyErrorOverride {{ site.ProxyErrorOverride }} {% endif %}
{% if site.get('ProxyErrorDir') %}ProxyPass /{{ site.ProxyErrorDir }}/ ! {% endif %}
{%- for proxy, proxyargs in vals.ProxyRoute|dictsort|reverse %}
{%- set proxyvals = {
'ProxyPassSource': proxyargs.get('ProxyPassSource', '/'),
'ProxyPassTarget': proxyargs.get('ProxyPassTarget', 'https://{0}'.format(sitename)),
'ProxyPassTargetOptions': proxyargs.get('ProxyPassTargetOptions', ''),
'ProxyPassReverseSource': proxyargs.get('ProxyPassReverseSource', '/'),
'ProxyPassReverseTarget': proxyargs.get('ProxyPassReverseTarget', proxyargs.get('ProxyPassTarget', 'https://{0}'.format(sitename))),
} %}
######### {{proxy}} #########
ProxyPass {{ proxyvals.ProxyPassSource }} {{ proxyvals.ProxyPassTarget }} {{ proxyvals.ProxyPassTargetOptions }}
ProxyPassReverse {{ proxyvals.ProxyPassReverseSource }} {{ proxyvals.ProxyPassReverseTarget }}
{% endfor %}
{%- for path, loc in site.get('Location', {}).items() %}
{%- set lvals = {
'Order': loc.get('Order', vals.Location.Order),
'Allow': loc.get('Allow', vals.Location.Allow),
'Require': loc.get('Require', vals.Location.Require),
'Dav': loc.get('Dav', False),
} %}
<Location "{{ path }}">
{%- if map.version == '2.4' %}
{% if lvals.get('Require') != False %}Require {{ lvals.Require }}{% endif %}
{%- else %}
{% if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %}
{% if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %}
{%- endif %}
{% if loc.get('Formula_Append') %} {{ loc.Formula_Append|indent(8) }} {% endif %}
</Location>
{% endfor %}
{%- for regpath, locmat in site.get('LocationMatch', {}).items() %}
{%- set lmvals = {
'Order': locmat.get('Order', vals.LocationMatch.Order),
'Allow': locmat.get('Allow', vals.LocationMatch.Allow),
'Require': locmat.get('Require', vals.LocationMatch.Require),
'Dav': locmat.get('Dav', False),
} %}
<LocationMatch "{{ regpath }}">
{%- if map.version == '2.4' %}
{% if lmvals.get('Require') != False %}Require {{ lmvals.Require }}{% endif %}
{%- else %}
{% if lmvals.get('Order') != False %}Order {{ lmvals.Order }}{% endif %}
{% if lmvals.get('Allow') != False %}Allow {{ lmvals.Allow }}{% endif %}
{%- endif %}
{% if locmat.get('Formula_Append') %} {{ locmat.Formula_Append|indent(8) }} {% endif %}
</LocationMatch>
{% endfor %}
{%- for proxypath, prox in site.get('Proxy_control', {}).items() %}
{%- set proxvals = {
'AllowAll': prox.get('AllowAll', vals.AllowAll),
'AllowCountry': prox.get('AllowCountry', vals.AllowCountry),
'AllowIP': prox.get('AllowIP', vals.AllowIP),
} %}
<Proxy "{{ proxypath }}">
{%- if proxvals.get('AllowAll') != False %}
Require all granted
{%- else %}
{% if proxvals.get('AllowCountry') != False %}{% set country_list = proxvals.get('AllowCountry', {}) %}GeoIPEnable On
{% for every_country in country_list %}SetEnvIf GEOIP_COUNTRY_CODE {{ every_country }} AllowCountry
{% endfor %}Require env AllowCountry {% endif %}
{% if proxvals.get('AllowIP') is defined %}{% set ip_list = proxvals.get('AllowIP', {}) %}
Require ip {% for every_ip in ip_list %}{{ every_ip }} {% endfor %} {% endif %}
{%- endif %}
</Proxy>
{%- endfor %}
{%- if site.get('Formula_Append') %}
{{ site.Formula_Append|indent(4) }}
{%- endif %}
</VirtualHost>

50
apache/config/vhosts/redirect.tmpl
View File

@ -1,50 +0,0 @@
#
# This file is managed by Salt! Do not edit by hand!
#
{# Define default values here so the template below can just focus on layout #}
{%- set sitename = site.get('ServerName', id) %}
{%- set vals = {
'interfaces': site.get('interface', '*').split(),
'port': site.get('port', '80'),
'ServerName': sitename,
'ServerAlias': site.get('ServerAlias', ''),
'ServerAdmin': site.get('ServerAdmin', 'webmaster@{0}'.format(sitename)),
'UseCanonicalName': site.get('UseCanonicalName'),
'LogLevel': site.get('LogLevel', 'warn'),
'ErrorLog': site.get('ErrorLog', '{0}/{1}-error.log'.format(map.logdir, sitename)),
'LogFormat': site.get('LogFormat', '"%h %l %u %t \\\"%r\\\" %>s %b"'),
'CustomLog': site.get('CustomLog', '{0}/{1}-access.log'.format(map.logdir, sitename)),
'RedirectSource': site.get('RedirectSource', '/'),
'RedirectTarget': site.get('RedirectTarget', 'https://{0}/'.format(sitename)),
} %}
<VirtualHost {%- for intf in vals.interfaces %} {{ intf }}:{{ vals.port }}{% endfor -%}>
ServerName {{ vals.ServerName }}
{% if site.get('ServerAlias') != False %}ServerAlias {{ vals.ServerAlias }}{% endif %}
{% if site.get('ServerAdmin') != False %}ServerAdmin {{ vals.ServerAdmin }}{% endif %}
{% if site.get('UseCanonicalName') %}UseCanonicalName {{ vals.UseCanonicalName }}{% endif %}
{% if site.get('LogLevel') != False %}LogLevel {{ vals.LogLevel }}{% endif %}
{% if site.get('ErrorLog') != False %}ErrorLog {{ vals.ErrorLog }}{% endif %}
{% if site.get('LogFormat') != False -%}LogFormat {{ vals.LogFormat }}{% endif %}
{% if site.get('CustomLog') != False -%}LogFormat {{ vals.LogFormat }} {{ sitename }}
CustomLog {{ vals.CustomLog }} {{ sitename }}{% endif %}
{% if site.get('RedirectMatch') %}
RedirectMatch {{ vals.RedirectSource }} {{ vals.RedirectTarget }}
{% else %}
Redirect {{ vals.RedirectSource }} {{ vals.RedirectTarget }}
{% endif %}
{% if site.get('Formula_Append') %}
{{ site.Formula_Append|indent(4) }}
{% endif %}
</VirtualHost>

71
apache/config/vhosts/standard.sls
View File

@ -1,71 +0,0 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
{#- The apache variable can grow _very_ large, especially the sites subkey.
Create a trimmed copy with config variables. #}
{%- set map = apache %}
{%- do map.pop('sites', None) %}
include:
- {{ sls_package_install }}
- {{ sls_service_running }}
{%- for id, site in salt['pillar.get']('apache:sites', {}).items() %}
{%- set documentroot = site.get('DocumentRoot', '{0}/{1}'.format(apache.wwwdir, site.get('ServerName', id))) %}
apache-config-vhosts-standard-{{ id }}:
file.managed:
- name: {{ apache.vhostdir }}/{{ id }}{{ apache.confext }}
- source: {{ site.get('template_file', 'salt://apache/config/vhosts/standard.tmpl') }}
- template: {{ apache.get('template_engine', 'jinja') }}
- makedirs: True
- context:
id: {{ id|json }}
site: {{ site|json }}
map: {{ map|json }}
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- service: apache-service-running
{%- if site.get('DocumentRoot') != False %}
apache-config-vhosts-standard-{{ id }}-docroot:
file.directory:
- name: {{ documentroot }}
- makedirs: True
- user: {{ site.get('DocumentRootUser', apache.get('document_root_user'))|json or apache.user }}
- group: {{ site.get('DocumentRootGroup', apache.get('document_root_group'))|json or apache.group }}
- allow_symlink: True
{%- endif %}
{%- if grains.os_family == 'Debian' %}
{%- if site.get('enabled', True) %}
apache-config-vhosts-standard-{{ id }}-cmd-run-a2en:
cmd.run:
- name: a2ensite {{ id }}{{ apache.confext }}
- unless: test -f /etc/apache2/sites-enabled/{{ id }}{{ apache.confext }}
- require:
- file: apache-config-vhosts-standard-{{ id }}
- watch_in:
- service: apache-service-running
{%- else %}
apache-config-vhosts-standard-{{ id }}-cmd-run-a2dis:
cmd.run:
- name: a2dissite {{ id }}{{ apache.confext }}
- onlyif: test -f /etc/apache2/sites-enabled/{{ id }}{{ apache.confext }}
- require:
- file: apache-config-vhosts-standard-{{ id }}
- watch_in:
- service: apache-service-running
{%- endif %}
{%- endif %} {# Debian #}
{%- endfor %}

140
apache/config/vhosts/standard.tmpl
View File

@ -1,140 +0,0 @@
#
# This file is managed by Salt! Do not edit by hand!
#
{# Define default values here so the template below can just focus on layout #}
{% set sitename = site.get('ServerName', id) -%}
{% set vals = {
'interfaces': site.get('interface', '*').split(),
'port': site.get('port', '80'),
'ServerName': sitename,
'ServerAlias': site.get('ServerAlias', ''),
'ServerAdmin': site.get('ServerAdmin', 'webmaster@{0}'.format(sitename)),
'DirectoryIndex': site.get('DirectoryIndex'),
'UseCanonicalName': site.get('UseCanonicalName'),
'AllowEncodedSlashes': site.get('AllowEncodedSlashes', 'Off'),
'LogLevel': site.get('LogLevel', 'warn'),
'ErrorLog': site.get('ErrorLog', '{0}/{1}-error.log'.format(map.logdir, sitename)),
'LogFormat': site.get('LogFormat', '"%h %l %u %t \\\"%r\\\" %>s"'),
'CustomLog': site.get('CustomLog', '{0}/{1}-access.log'.format(map.logdir, sitename)),
'DocumentRoot': site.get('DocumentRoot', '{0}/{1}'.format(map.wwwdir, sitename)),
'VirtualDocumentRoot': site.get('VirtualDocumentRoot'),
'Timeout': site.get('Timeout'),
'LimitRequestFields': site.get('LimitRequestFields'),
'Directory_default': site.get('DocumentRoot', '{0}/{1}'.format(map.wwwdir, sitename)),
'Directory': {
'Options': '-Indexes +FollowSymLinks',
'Order': 'allow,deny',
'Allow': 'from all',
'Require': 'all granted',
'AllowOverride': 'None',
},
'Location': {
'Order': 'allow,deny',
'Allow': 'from all',
'Require': 'all granted',
},
} -%}
<VirtualHost {%- for intf in vals.interfaces %} {{ intf }}:{{ vals.port }}{% endfor -%}>
ServerName {{ vals.ServerName }}
{% if site.get('ServerAlias') != False %}ServerAlias {{ vals.ServerAlias }}{% endif %}
{% if site.get('ServerAdmin') != False %}ServerAdmin {{ vals.ServerAdmin }}{% endif %}
{% if site.get('DirectoryIndex') -%}DirectoryIndex {{ vals.DirectoryIndex }}{% endif %}
{% if site.get('UseCanonicalName') -%}UseCanonicalName {{ vals.UseCanonicalName }}{% endif %}
{% if site.get('AllowEncodedSlashes') != False -%}AllowEncodedSlashes {{ vals.AllowEncodedSlashes }}{% endif %}
{% if site.get('LogLevel') != False -%}LogLevel {{ vals.LogLevel }}{% endif %}
{% if site.get('ErrorLog') != False -%}ErrorLog {{ vals.ErrorLog }}{% endif %}
{% if site.get('LogFormat') != False -%}LogFormat {{ vals.LogFormat }}{% endif %}
{% if site.get('CustomLog') != False -%}CustomLog {{ vals.CustomLog }} {{ vals.LogFormat }}{% endif %}
{% if site.get('DocumentRoot') != False -%}DocumentRoot {{ vals.DocumentRoot }}{% endif %}
{% if site.get('VirtualDocumentRoot') -%}VirtualDocumentRoot {{ vals.VirtualDocumentRoot }}{% endif %}
{% if site.get('Timeout') != False and site.get('Timeout') != None %}Timeout {{ vals.Timeout }}{% endif %}
{% if site.get('LimitRequestFields') %}LimitRequestFields {{ vals.LimitRequestFields }}{% endif %}
{% if site.get('SSLCertificateFile') %}SSLEngine on
SSLCertificateFile {{ site.SSLCertificateFile }}
{% if site.get('SSLCertificateKeyFile') %}SSLCertificateKeyFile {{ site.SSLCertificateKeyFile }}{% endif %}
{% if site.get('SSLCertificateChainFile') %}SSLCertificateChainFile {{ site.SSLCertificateChainFile }}{% endif %}
{%- endif %}
{% if site.get('Rewrite') %}RewriteEngine on
{{ site.Rewrite|indent(4) }}
{%- endif %}
{%- for loc, path in site.get('Alias', {}).items() %}
Alias {{ loc }} {{ path }}
{%- endfor %}
{%- for loc, path in site.get('ScriptAlias', {}).items() %}
ScriptAlias {{ loc }} {{ path }}
{%- endfor %}
{%- for path, dir in site.get('Directory', {}).items() %}
{%- set dvals = {
'Options': dir.get('Options', vals.Directory.Options),
'Order': dir.get('Order', vals.Directory.Order),
'Allow': dir.get('Allow', vals.Directory.Allow),
'Require': dir.get('Require', vals.Directory.Require),
'AllowOverride': dir.get('AllowOverride', vals.Directory.AllowOverride),
'Dav': dir.get('Dav', False),
} %}
{%- if path == 'default' %}{% set path = vals.Directory_default %}{% endif %}
<Directory "{{ path }}">
{% if dvals.get('Options') != False %}Options {{ dvals.Options }}{% endif %}
{%- if map.version == '2.4' %}
{% if dvals.get('Require') != False %}Require {{ dvals.Require }}{% endif %}
{%- else %}
{% if dvals.get('Order') != False %}Order {{ dvals.Order }}{% endif %}
{% if dvals.get('Allow') != False %}Allow {{ dvals.Allow }}{% endif %}
{%- endif %}
{% if dvals.get('AllowOverride') != False %}AllowOverride {{ dvals.AllowOverride }}{% endif %}
{% if dvals.get('Dav') != False %}Dav On{% endif %}
{%- if dir.get('Formula_Append') %}
{{ dir.Formula_Append|indent(8) }}
{%- endif %}
</Directory>
{%- endfor %}
{%- for path, loc in site.get('Location', {}).items() %}
{%- set lvals = {
'Order': loc.get('Order', vals.Location.Order),
'Allow': loc.get('Allow', vals.Location.Allow),
'Require': loc.get('Require', vals.Location.Require),
'Dav': loc.get('Dav', False),
} %}
<Location "{{ path }}">
{%- if map.version == '2.4' %}
{% if lvals.get('Require') != False %}Require {{ lvals.Require }}{% endif %}
{%- else %}
{% if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %}
{% if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %}
{%- endif %}
{% if lvals.get('Dav') != False %}Dav On{% endif %}
{%- if loc.get('Formula_Append') %}
{{ loc.Formula_Append|indent(8) }}
{%- endif %}
</Location>
{%- endfor %}
{%- if site.get('Formula_Append') %}
{{ site.Formula_Append|indent(4) }}
{%- endif %}
</VirtualHost>

44
apache/debian_full.sls Normal file
View File

@ -0,0 +1,44 @@
{% from "apache/map.jinja" import apache with context %}
{% if grains['os_family']=="Debian" %}
include:
- apache
- apache.register_site
extend:
apache:
pkg:
- order: 175
service:
- order: 455
apache-reload:
module:
- order: 420
apache-restart:
module:
- order: 425
a2dissite 000-default{{ apache.confext }}:
cmd.run:
- onlyif: test -f /etc/apache2/sites-enabled/000-default{{ apache.confext }}
- watch_in:
- module: apache-reload
- require_in:
- module: apache-restart
- module: apache-reload
- service: apache
- require:
- pkg: apache
/etc/apache2/sites-available/{{ apache.default_site }}:
file.absent:
- require:
- pkg: apache
/etc/apache2/sites-available/{{ apache.default_site_ssl }}:
file.absent:
- require:
- pkg: apache
{% endif %} #END: os = debian

53
apache/defaults.yaml
View File

@ -1,54 +1,11 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
apache:
lookup: {}
pkg:
name: apache2
mod_ssl: mod_ssl
mod_wsgi: mod_wsgi
deps: []
rootuser: root
rootgroup: root
template_engine: jinja
config: '/etc/apache'
service:
name: apache
user: www-data
group: www-data
vhostdir: /etc/apache2/sites-available
confdir: /etc/apache2/conf.d
davlockdbdir: null
logdir: /var/log/apache2
wwwdir: /srv/apache2
document_root_user: null # Do not enforce group
document_root_group: null # Do not enforce group
manage_service_states: true
manage_service_states: True
service_state: running
service_enable: true
flags: {}
global: {}
modules: {}
mod_remoteip: {}
service_enable: True
mod_security:
crs_install: false
manage_config: false # use software defaults
mod_ssl:
manage_tls_defaults: false # use software defaults
# Just here for testing
added_in_defaults: defaults_value
winner: defaults
retry_option:
# https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states
attempts: 2
until: true
interval: 10
splay: 10
crs_install: False
manage_config: False

77
apache/defaults/RedHat/defaults-apache-2.4.yaml Normal file
View File

@ -0,0 +1,77 @@
# defaults for httpd.conf
# The data structure is a little bit different with pillar structure
# ``directives_multiple`` list are directives that can be present multiple time in conf file
# if the same directive is present in pillar, it will be appended to the defaults ones
# there will be no replacement of values
server_apache_config:
directives:
- ServerRoot: '"/etc/httpd"'
- AllowEncodedSlashes: 'On'
- DocumentRoot: '"/var/www"'
- ServerAdmin: 'root@localhost'
- EnableSendfile: 'on'
- ErrorLog: '"/var/log/httpd/error.log"'
- LogLevel: 'warn core:info'
- AddDefaultCharset: 'UTF-8'
- ServerTokens: 'Prod'
containers:
Directory:
-
item: '/'
directives:
- AllowOverride: 'None'
- Require: 'all denied'
-
item: '/var/www'
directives:
- AllowOverride: 'None'
- Require: 'all granted'
- Options: 'Indexes FollowSymLinks'
-
item: '/var/www/cgi-bin'
directives:
- AllowOverride: 'None'
- Options: 'None'
- Require: 'all granted'
IfModule:
-
item: 'dir_module'
directives:
- DirectoryIndex: index.html
-
item: 'log_config_module'
directives:
- CustomLog: '"/var/log/httpd/access.log" combined'
directives_multiple: # <-- Theses directives are appended as it to pillar content
- LogFormat: '"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined'
- LogFormat: '"%h %l %u %t \"%r\" %>s %b" common'
containers:
IfModule:
-
item: 'logio_module'
directives:
- LogFormat: '"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio'
-
item: 'alias_module'
directives:
- ScriptAlias: '/cgi-bin/ "/var/www/cgi-bin/"'
-
item: 'mime_module'
directives:
- TypesConfig: '/etc/mime.types'
- AddOutputFilter: 'INCLUDES .shtml'
directives_multiple:
- AddType: 'application/x-compress .Z'
- AddType: 'application/x-gzip .gz .tgz'
- AddType: 'text/html .shtml'
-
item: 'mime_magic_module'
directives:
- MIMEMagicFile: 'conf/magic'
FilesMatch:
-
item: '"^\.ht"'
directives:
- Require: 'all denied'

611
apache/files/Arch/apache-2.4.config.jinja
View File

@ -1,611 +0,0 @@
#
# This file is managed by Salt! Do not edit by hand!
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "{{ apache.get('serverroot', '/etc/httpd') }}"
#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
# Mutex default:/run/httpd
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
{% if salt['pillar.get']('apache:sites') is mapping %}
{%- set listen_directives = [] %}
{%- for id, site in salt['pillar.get']('apache:sites').items() %}
{%- set interfaces = site.get('interface', '*').split() %}
{%- set port = site.get('port', 80) %}
{%- for interface in interfaces %}
{%- if not site.get('exclude_listen_directive', False) and not port == '*' %}
{%- set listen_directive = interface ~ ':' ~ port %}
{%- if listen_directive not in listen_directives %}
{%- do listen_directives.append(listen_directive) %}
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
{%- for listen in listen_directives %}
Listen {{ listen }}
{%- endfor %}
{%- else %}
Listen 80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
{%- endif %}
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule mpm_event_module modules/mod_mpm_event.so
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule cache_socache_module modules/mod_cache_socache.so
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule socache_redis_module modules/mod_socache_redis.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule echo_module modules/mod_echo.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule data_module modules/mod_data.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule request_module modules/mod_request.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule xml2enc_module modules/mod_xml2enc.so
#LoadModule proxy_html_module modules/mod_proxy_html.so
#LoadModule brotli_module modules/mod_brotli.so
LoadModule mime_module modules/mod_mime.so
#LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule logio_module modules/mod_logio.so
#LoadModule lua_module modules/mod_lua.so
LoadModule env_module modules/mod_env.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
#LoadModule remoteip_module modules/mod_remoteip.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_express_module modules/mod_proxy_express.so
#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
#LoadModule session_module modules/mod_session.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_crypto_module modules/mod_session_crypto.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
#LoadModule ssl_module modules/mod_ssl.so
#LoadModule dialup_module modules/mod_dialup.so
#LoadModule http2_module modules/mod_http2.so
#LoadModule proxy_http2_module modules/mod_proxy_http2.so
#LoadModule md_module modules/mod_md.so
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
#LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule info_module modules/mod_info.so
#LoadModule suexec_module modules/mod_suexec.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
#LoadModule cgi_module modules/mod_cgi.so
</IfModule>
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_lock_module modules/mod_dav_lock.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule imagemap_module modules/mod_imagemap.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User {{ apache.user or 'http' }}
Group {{ apache.group or 'http' }}
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin you@example.com
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "{{ apache.get('docroot', apache.wwwdir or '/srv/http') }}"
#
# Relax access to content within {{ apache.wwwdir }}.
#
<Directory "{{ apache.wwwdir }}">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
# Further relax access to the default document root:
<Directory "{{ apache.get('docroot', apache.wwwdir + '/srv/http') }}">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "{{ apache.logdir }}/error_log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
{%- for log_format in salt['pillar.get']('apache:log_formats', []) %}
LogFormat {{ log_format }}
{%- endfor %}
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog "/var/log/httpd/access_log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog "/var/log/httpd/access_log" combined
CustomLog "{{ apache.logdir }}/access_log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "{{ apache.wwwdir }}/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock cgisock
</IfModule>
#
# "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "{{ apache.wwwdir }}/cgi-bin/">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig conf/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
#
# Specify a default charset for all content served; this enables
# interpretation of all content as UTF-8 by default. To use the
# default browser choice (ISO-8859-1), or to allow the META tags
# in HTML content to override this choice, comment out this
# directive:
#
{%- if apache.get('default_charset', False) is none %}
# AddDefaultCharset UTF-8
{%- else %}
AddDefaultCharset {{ apache.get('default_charset', 'UTF-8') }}
{%- endif %}
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile conf/magic
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on
{%- for directive, dvalue in salt['pillar.get']('apache:global', {}).items() %}
{{ directive }} {{ dvalue }}
{%- endfor %}
# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional {{ apache.confdir }}/*.conf
{% if apache.vhostdir != apache.confdir %}
IncludeOptional {{ apache.vhostdir }}/*.conf
{% endif %}
# Server-pool management (MPM specific)
Include conf/extra/httpd-mpm.conf
# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
Include conf/extra/httpd-autoindex.conf
# Language settings
Include conf/extra/httpd-languages.conf
# User home directories
Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
<IfModule mod_dav.c>
Include conf/extra/httpd-dav.conf
</IfModule>
# Various default settings
Include conf/extra/httpd-default.conf
# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

15
apache/files/Debian/apache-2.2.config.jinja
View File

@ -1,6 +1,3 @@
#
# This file is managed by Salt! Do not edit by hand!
#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
@ -11,7 +8,7 @@
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# consult the online docs. You have been warned.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
@ -90,7 +87,7 @@ KeepAliveTimeout 5
##
## Server-Pool Size Regulation (MPM specific)
##
##
# prefork MPM
# StartServers: number of server processes to start
@ -119,7 +116,7 @@ KeepAliveTimeout 5
<IfModule mpm_worker_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
@ -136,7 +133,7 @@ KeepAliveTimeout 5
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
@ -156,8 +153,8 @@ Group ${APACHE_RUN_GROUP}
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny

3
apache/files/Debian/conf-available/remoteip.conf.jinja
View File

@ -2,6 +2,3 @@ RemoteIPHeader {{ salt['pillar.get']('apache:mod_remoteip:RemoteIPHeader', 'X-Fo
{%- for trusted_proxy in salt['pillar.get']('apache:mod_remoteip:RemoteIPTrustedProxy', []) %}
RemoteIPTrustedProxy {{ trusted_proxy }}
{%- endfor %}
{%- for trusted_proxy in salt['pillar.get']('apache:mod_remoteip:RemoteIPInternalProxy', []) %}
RemoteIPInternalProxy {{ trusted_proxy }}
{%- endfor %}

1
apache/files/Debian/envvars-2.2.jinja
View File

@ -1,6 +1,7 @@
#
# This file is managed by Salt! Do not edit by hand!
#
{% from "apache/map.jinja" import apache with context -%}
# envvars - default environment variables for apache2ctl

1
apache/files/Debian/envvars-2.4.jinja
View File

@ -1,6 +1,7 @@
#
# This file is managed by Salt! Do not edit by hand!
#
{% from "apache/map.jinja" import apache with context -%}
# envvars - default environment variables for apache2ctl

2
apache/files/Debian/modsecurity.conf.jinja
View File

@ -10,7 +10,7 @@
{%- set sec_pcre_match_limit_recursion = modsec.get('sec_pcre_match_limit_recursion', 1000 ) -%}
{%- set sec_debug_log_level = modsec.get('sec_debug_log_level', 0 ) -%}
#
# This file is managed by Salt! Do not edit by hand!
# This file is managed/autogenerated by salt.
# Modify the salt pillar that generates this file instead
#
# -- Rule engine initialization ----------------------------------------------

2
apache/files/Debian/mpm/mpm_prefork.conf.jinja
View File

@ -14,7 +14,7 @@
<IfModule mpm_prefork_module>
StartServers {{ mpm_param['start_servers'] | d('5') }}
MaxRequestWorkers {{ mpm_param['max_request_workers'] | d('150') }}
{%- if mpm_param['max_request_workers'] | d('150') | int >= 256 %}
{%- if mpm_param['max_request_workers'] | d('150') >= 256 %}
ServerLimit {{ mpm_param['max_request_workers'] | d('150') }}
{%- endif %}
MinSpareServers {{ mpm_param['min_spare_servers'] | d('5') }}

1
apache/files/Debian/ports-2.2.conf.jinja
View File

@ -1,6 +1,7 @@
#
# This file is managed by Salt! Do not edit by hand!
#
{%- from "apache/map.jinja" import apache with context -%}
{% if salt['pillar.get']('apache:sites') is mapping %}
{%- set listen_directives = [] %}

1
apache/files/Debian/ports-2.4.conf.jinja
View File

@ -1,6 +1,7 @@
#
# This file is managed by Salt! Do not edit by hand!
#
{%- from "apache/map.jinja" import apache with context -%}
{% if salt['pillar.get']('apache:sites') is mapping %}
{%- set listen_directives = [] %}

25
apache/files/Debian/ssl.conf.jinja
View File

@ -39,7 +39,7 @@
SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
# (The mechanism dbm has known memory leaks and should not be used).
#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
@ -48,7 +48,7 @@
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
# SSL engine uses internally for inter-process synchronization.
# (Disabled by default, the global Mutex directive consolidates by default
# this)
#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
@ -59,7 +59,7 @@
# ciphers(1) man page from the openssl package for list of all available
# options.
# Enable only secure ciphers:
{#- default from https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 #}
{# default from https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 #}
SSLCipherSuite {{ salt['pillar.get']('apache:ssl:SSLCipherSuite', 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS') }}
# SSL server cipher order preference:
@ -84,25 +84,18 @@
# Default: Off
#SSLStrictSNIVHostCheck On
{% set use_stapling = salt['pillar.get']('apache:ssl:SSLUseStapling', 'Off') -%}
{% if use_stapling == 'On' -%}
{% set use_stapling = salt['pillar.get']('apache:ssl:SSLUseStapling', 'Off') %}
{% if use_stapling == 'On' %}
# Stapling configuration
# Default: Off
#
# See https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html for more details
# Defaults values taken from https://mozilla.github.io/server-side-tls/ssl-config-generator/
SSLUseStapling {{ use_stapling }}
SSLStaplingResponderTimeout {{ salt['pillar.get']('apache:ssl:SSLStaplingResponderTimeout', '5') }}
SSLStaplingReturnResponderErrors {{ salt['pillar.get']('apache:ssl:SSLStaplingReturnResponderErrors', 'Off') }}
SSLStaplingCache {{ salt['pillar.get']('apache:ssl:SSLStaplingCache', 'shmcb:/var/run/ocsp(128000)') }}
{%- endif %}
{% set ssl_session_ticket = salt['pillar.get']('apache:ssl:SSLSessionTickets') -%}
{% if ssl_session_ticket -%}
# Enable or disable use of TLS session tickets
# Default: On
SSLSessionTickets {{ ssl_session_ticket }}
{%- endif %}
SSLStaplingResponderTimeout {{ salt['pillar.get']('SSLStaplingResponderTimeout', '5') }}
SSLStaplingReturnResponderErrors {{ salt['pillar.get']('SSLStaplingReturnResponderErrors', 'Off') }}
SSLStaplingCache {{ salt['pillar.get']('SSLStaplingCache', 'shmcb:/var/run/ocsp(128000)') }}
{% endif %}
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

36
apache/files/FreeBSD/apache-2.4.config.jinja
View File

@ -1,25 +1,21 @@
#
# This file is managed by Salt! Do not edit by hand!
#
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.
#
@ -172,13 +168,13 @@ LoadModule alias_module libexec/apache24/mod_alias.so
# Third party modules
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
Include {{ apache.portsfile }}
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
@ -219,7 +215,7 @@ ServerAdmin root@localhost
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
@ -283,8 +279,8 @@ DocumentRoot "{{ apache.global_document_root }}"
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
@ -337,8 +333,8 @@ LogLevel warn
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
@ -355,7 +351,7 @@ LogLevel warn
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
@ -458,10 +454,10 @@ LogLevel warn
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
@ -471,9 +467,9 @@ LogLevel warn
# Supplemental configuration
#
# The configuration files in the etc/apache24/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# The configuration files in the etc/apache24/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)

1
apache/files/FreeBSD/envvars-2.4.jinja
View File

@ -1,6 +1,7 @@
#
# This file is managed by Salt! Do not edit by hand!
#
{%- from "apache/map.jinja" import apache with context -%}
# envvars - default environment variables for apache2ctl

6
apache/files/FreeBSD/mod_cgi.conf.jinja
View File

@ -1,6 +1,8 @@
{% from "apache/map.jinja" import apache with context %}
<IfModule !mpm_prefork_module>
LoadModule cgid_module libexec/{{ svcname }}/mod_cgid.so
LoadModule cgid_module libexec/{{ apache.service }}/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
LoadModule cgi_module libexec/{{ svcname }}/mod_cgi.so
LoadModule cgi_module libexec/{{ apache.service }}/mod_cgi.so
</IfModule>

4
apache/files/FreeBSD/mod_perl.conf.jinja
View File

@ -1 +1,3 @@
LoadModule perl_module libexec/{{ svcname }}/mod_perl.so
{% from "apache/map.jinja" import apache with context %}
LoadModule perl_module libexec/{{ apache.service }}/mod_perl.so

4
apache/files/FreeBSD/mod_php5.conf.jinja
View File

@ -1,4 +1,6 @@
LoadModule php5_module /usr/local/libexec/{{ svcname }}/libphp5.so
{% from "apache/map.jinja" import apache with context %}
LoadModule php5_module /usr/local/libexec/{{ apache.service }}/libphp5.so
DirectoryIndex index.html index.php

4
apache/files/FreeBSD/mod_proxy.conf.jinja
View File

@ -1 +1,3 @@
LoadModule proxy_module libexec/{{ svcname }}/mod_proxy.so
{% from "apache/map.jinja" import apache with context %}
LoadModule proxy_module libexec/{{ apache.service }}/mod_proxy.so

4
apache/files/FreeBSD/mod_proxy_http.conf.jinja
View File

@ -1 +1,3 @@
LoadModule proxy_http_module libexec/{{ svcname }}/mod_proxy_http.so
{% from "apache/map.jinja" import apache with context %}
LoadModule proxy_http_module libexec/{{ apache.service }}/mod_proxy_http.so

4
apache/files/FreeBSD/mod_rewrite.conf.jinja
View File

@ -1 +1,3 @@
LoadModule rewrite_module libexec/{{ svcname }}/mod_rewrite.so
{% from "apache/map.jinja" import apache with context %}
LoadModule rewrite_module libexec/{{ apache.service }}/mod_rewrite.so

Some files were not shown because too many files have changed in this diff Show More