apache-formula/README.rst
karim Hamza ba2368907d remove ng stuff (#255)
* remove -ng stuff

* remove ng from template

* remove -ng from readme

* manage listen directive with disabled vhosts

* add json filter

* remove hardcoded path
2019-04-20 09:38:32 +02:00

3.8 KiB

apache

Formulas to set up and configure the Apache HTTP server.

This Formula uses the concepts of directive and container in pillars

see examples below for more explanation

Also it includes and enforce some hardening rules to prevent security issues

See Hardening.md and apache/hardening-values.yaml.

Available states

apache

Installs the Apache package and starts the service.

apache.config

Configures apache server.

The configuration is done by merging the pillar content with defaults present in the state apache/defaults/RedHat/defaults-apache-2.4.yaml

apache:
  server_apache_config:
    directives:
      - Timeout: 5
    containers:
      IfModule:
        -
          item: 'mime_module'
          directives:
            - AddType: 'application/x-font-ttf ttc ttf'
            - AddType: 'application/x-font-opentype otf'
            - AddType: 'application/x-font-woff woff2'

apache.modules

Enables and disables Apache modules.

apache.vhosts.vhost

Configures Apache name-based virtual hosts and creates virtual host directories using data from Pillar.

All necessary data must be provided in the pillar

Exceptions are :

  • CustomLog default is /path/apache/log/ServerName-access.log combined
  • if Logformat is defined in pillar, CustomLog is enforced to /path/apache/log/ServerName-access.log Logformat
  • ErrorLog is enforced to /path/apache/log/ServerName-error.log

Example Pillar:

Create two vhosts example.com.conf and test.example.com.conf

apache:
  VirtualHost:
    example.com:  # <-- this is an id decalaration used in salt and default ServerName
      item: '*:80'
      directives:
        - RewriteEngine: 'on'
        - Header: 'set Access-Control-Allow-Methods GET,PUT,POST,DELETE,OPTIONS'
      containers:
        Location:
          item: '/test.html'
          directives:
            - Require: 'all granted'
    site_id_declaration:
      item: '10.10.1.1:8080'
      directives:
        - ServerName: 'test.example.com'
        - LogFormat: '"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %{ms}T"'

Files produced by these pillars :

example.com.conf

<VirtualHost *:80>
  ServerName example.com
  CustomLog /var/log/httpd/example.com-access.log  combined
  ErrorLog /var/log/httpd/example.com-error.log
  RewriteEngine on
  Header set Access-Control-Allow-Methods GET,PUT,POST,DELETE,OPTIONS
  <Location /test.html>
    Require all granted
  </Location>
</VirtualHost>

test.example.com.conf

<VirtualHost 10.10.1.1:8080>
  ServerName test.example.com
  CustomLog /var/log/httpd/test.example.com-access.log "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %{ms}T"
  ErrorLog /var/log/httpd/test.example.com-error.log
</VirtualHost>

this will delete test.example.com.conf

apache:
  VirtualHost:
    test.example.com:
      item: '10.10.1.1:8080'
      absent: True  # <-- delete test.example.com.conf
      directives:
        - ServerName: 'test.example.com'

apache.uninstall ----------

Stops the Apache service and uninstalls the package.