Set up and configure the Apache HTTP server https://github.com/saltstack-formulas/apache-formula
Go to file
2021-02-01 22:20:23 +00:00
.github/workflows ci(workflows/commitlint): add to repo [skip ci] 2020-05-04 09:25:20 +01:00
apache feature(trust): improved remote ip internal proxy support (#300) 2021-01-08 11:33:46 +00:00
bin ci(pre-commit): add to formula [skip ci] 2020-10-03 10:17:10 +01:00
docs chore(release): 1.1.1 [skip ci] 2021-01-04 22:57:35 +00:00
test feature(trust): improved remote ip internal proxy support (#300) 2021-01-08 11:33:46 +00:00
.gitignore ci(gemfile.lock): add to repo with updated Gemfile [skip ci] 2020-04-21 21:35:31 +01:00
.gitlab-ci.yml ci(pre-commit): update hook for rubocop 2021-02-01 22:20:23 +00:00
.pre-commit-config.yaml ci(pre-commit): update hook for rubocop 2021-02-01 22:20:23 +00:00
.rstcheck.cfg ci(pre-commit): add to formula [skip ci] 2020-10-03 10:17:10 +01:00
.rubocop.yml chore(rubocop): use org-wide standard settings for Metrics/BlockLength [skip ci] 2020-04-18 13:27:32 +01:00
.salt-lint refactor(formula): align to template-formula & improve ci features 2020-10-05 14:24:15 +01:00
.travis.yml ci(gitlab-ci): use GitLab CI as Travis CI replacement 2020-12-16 06:18:12 +00:00
.yamllint ci(gitlab-ci): use GitLab CI as Travis CI replacement 2020-12-16 06:18:12 +00:00
AUTHORS.md chore(release): 1.1.1 [skip ci] 2021-01-04 22:57:35 +00:00
CHANGELOG.md chore(release): 1.1.1 [skip ci] 2021-01-04 22:57:35 +00:00
CODEOWNERS ci(pre-commit): update hook for rubocop 2021-02-01 22:20:23 +00:00
commitlint.config.js chore(commitlint): add {body,footer,header}-max(-line)-length [skip ci] 2020-10-07 09:01:00 +01:00
FORMULA chore(release): 1.1.1 [skip ci] 2021-01-04 22:57:35 +00:00
Gemfile chore(gemfile+lock): update to latest gem versions (2020-W44) [skip ci] 2020-10-26 22:44:39 +00:00
Gemfile.lock chore(gemfile+lock): update to latest gem versions (2020-W44) [skip ci] 2020-10-26 22:44:39 +00:00
kitchen.yml chore: standardise structure [skip ci] 2020-10-06 23:26:09 +01:00
LICENSE Update LICENSING year 2015-03-20 20:10:44 -04:00
pillar.example feature(trust): improved remote ip internal proxy support (#300) 2021-01-08 11:33:46 +00:00
pre-commit_semantic-release.sh ci(gitlab-ci): use GitLab CI as Travis CI replacement 2020-12-16 06:18:12 +00:00
release-rules.js feat(semantic-release): implement for this formula 2019-10-17 08:18:11 +01:00
release.config.js ci(gitlab-ci): use GitLab CI as Travis CI replacement 2020-12-16 06:18:12 +00:00

apache

Travis CI Build Status Semantic Release

Formulas to set up and configure the Apache HTTP server on GNU/Linux, FreeBSD, and Windows OS.

Table of Contents

General notes

See the full SaltStack Formulas installation and usage instructions.

If you are interested in writing or contributing to formulas, please pay attention to the Writing Formula Section.

If you want to use this formula, please pay attention to the FORMULA file and/or git tag, which contains the currently released version. This formula is versioned according to Semantic Versioning.

See Formula Versioning Section for more details.

Contributing to this repo

Commit message formatting is significant!!

Please see How to contribute for more details.

Available states

apache

Installs the Apache package and starts the service.

apache.config

Metastate to apply all apache configuration

apache.config.file

Configures apache based on os_family

apache.config.flags

Configures apache flags on SuSE

apache.config.certificates

Deploy SSL certificates from pillars

apache.config.modules

Metastate to Enable and disable Apache modules.

apache.config.modules.mod_mpm

Configures the apache mpm modules on Debian mpm_prefork, mpm_worker or mpm_event (Debian Only)

apache.config.modules.mod_rewrite

Enabled the Apache module mod_rewrite (Debian and FreeBSD only)

apache.config.modules.mod_proxy

Enables the Apache module mod_proxy. (Debian and FreeBSD only)

apache.config.modules.mod_proxy_http

Enables the Apache module mod_proxy_http and requires the Apache module mod_proxy to be enabled. (Debian Only)

apache.config.modules.mod_proxy_fcgi

Enables the Apache module mod_proxy_fcgi and requires the Apache module mod_proxy to be enabled. (Debian Only)

apache.config.modules.mod_wsgi

Installs the mod_wsgi package and enables the Apache module.

apache.config.modules.mod_actions

Enables the Apache module mod_actions. (Debian Only)

apache.config.modules.mod_headers

Enables the Apache module mod_headers. (Debian Only)

apache.config.modules.mod_pagespeed

Installs and Enables the mod_pagespeed module. (Debian and RedHat Only)

apache.config.modules.mod_perl2

Installs and enables the mod_perl2 module (Debian and FreeBSD only)

apache.config.modules.mod_geoip

Installs and enables the mod_geoIP (RedHat only)

apache.config.modules.mod_php5

Installs and enables the mod_php5 module

apache.config.modules.mod_cgi

Enables mod_cgi. (FreeBSD only)

apache.config.modules.mod_fcgid

Installs and enables the mod_fcgid module (Debian only)

apache.config.modules.mod_fastcgi

Installs and enables the mod_fastcgi module

apache.config.modules.mod_dav_svn

Installs and enables the mod_dav_svn module (Debian only)

apache.config.modules.mod_security

Installs an enables the Apache mod_security2 WAF using data from Pillar. (Debian and RedHat Only)

Allows you to install the basic Core Rules (CRS) and some basic configuration for mod_security2

apache.config.modules.mod_security.rules

This state can create symlinks based on basic Core Rules package. (Debian only) Or it can distribute a mod_security rule file and place it /etc/modsecurity/

apache.config.modules.mod_socache_shmcb

Enables mod_socache_shmcb. (FreeBSD only)

apache.config.modules.mod_ssl

Installs and enables the mod_ssl module (Debian, RedHat and FreeBSD only)

apache.config.modules.mod_suexec

Enables mod_suexec. (FreeBSD only)

apache.config.modules.mod_vhost_alias

Enables the Apache module vhost_alias (Debian Only)

apache.config.modules.mod_remoteip

Enables and configures the Apache module mod_remoteip using data from Pillar. (Debian Only)

apache.config.modules.mod_xsendfile

Installs and enables mod_xsendfile module. (Debian Only)

apache.config.own_default_vhost

Replace default vhost with own version. By default, it's 503 code. (Debian Only)

apache.config.no_default_vhost

Remove the default vhost. (Debian Only)

apache.config.vhosts.standard

Configures Apache name-based virtual hosts and creates virtual host directories using data from Pillar.

Example Pillar:

apache:
  sites:
    example.com: # must be unique; used as an ID declaration in Salt; also passed to the template context as {{ id }}
      template_file: salt://apache/vhosts/standard.tmpl

When using the provided templates, one can use a space separated list of interfaces to bind to. For example, to bind both IPv4 and IPv6:

apache:
  sites:
    example.com:
      interface: '1.2.3.4 [2001:abc:def:100::3]'

apache.config.manage_security

Configures Apache's security.conf options by reassinging them using data from Pillar.

apache.config.modules.mod_status

Configures Apache's server_status handler for localhost

apache.config.debian_full

Installs and configures Apache on Debian and Ubuntu systems.

apache.config.clean

Metastate to cleanup all apache configuration.

apache.clean

Stops the Apache service and uninstalls the package.

These states are ordered using the order declaration. Different stages are divided into the following number ranges:

  1. apache will use 1-500 for ordering
  2. apache will reserve 1 -100 as unused
  3. apache will reserve 101-150 for pre pkg install
  4. apache will reserve 151-200 for pkg install
  5. apache will reserve 201-250 for pkg configure
  6. apache will reserve 251-300 for downloads, git stuff, load data
  7. apache will reserve 301-400 for unknown purposes
  8. apache will reserve 401-450 for service restart-reloads
  9. apache WILL reserve 451-460 for service.running
  10. apache will reserve 461-500 for cmd requiring operational services

Example Pillar:

apache:
  register-site:
    # any name as an array index, and you can duplicate this section
    {{UNIQUE}}:
      name: 'my name'
      path: 'salt://path/to/sites-available/conf/file'
      state: 'enabled'

  sites:
    # Force SSL: Redirect from 80 to 443
    example.com:
      port: 80
      template_file: salt://apache/vhosts/redirect.tmpl
      RedirectSource: 'permanent /'
      # Trailing slash is important
      RedirectTarget: 'https://example.com/'
    example.com_ssl:
      port: 443
      ServerName: example.com
      SSLCertificateFile: /path/to/ssl.crt
      SSLCertificateKeyFile: /path/to/ssl.key
      SSLCertificateChainFile: /path/to/ssl.ca.crt

Testing

Linux testing is done with kitchen-salt.

Requirements

  • Ruby
  • Docker
$ gem install bundler
$ bundle install
:1
$ bin/kitchen test [platform]

Where [platform] is the platform name defined in kitchen.yml, e.g. debian-9-2019-2-py3.

bin/kitchen converge

Creates the docker instance and runs the template main state, ready for testing.

bin/kitchen verify

Runs the inspec tests on the actual instance.

bin/kitchen destroy

Removes the docker instance.

bin/kitchen test

Runs all of the stages above in one go: i.e. destroy + converge + verify + destroy.

bin/kitchen login

Gives you SSH access to the instance for manual testing.