apache-formula/pillar.example
Martin Jackson b1640f4f3d [#141] Support additional options for Proxypass (#142)
* Add support for proxy pass target options

* Add example usage
2016-05-23 10:32:12 -07:00

163 lines
5.0 KiB
Plaintext

# ``apache`` formula configuration:
apache:
# lookup section overrides ``map.jinja`` values
lookup:
server: apache2
service: apache2
vhostdir: /etc/apache2/sites-available
confdir: /etc/apache2/conf.d
confext: .conf
logdir: /var/log/apache2
wwwdir: /srv/apache2
# apache version (generally '2.2' or '2.4')
version: '2.2'
# ``apache.mod_wsgi`` formula additional configuration:
mod_wsgi: mod_wsgi
global:
# global apache directives
AllowEncodedSlashes: 'On'
name_virtual_hosts:
- interface: '*'
port: 80
- interface: '*'
port: 443
# ``apache.vhosts`` formula additional configuration:
sites:
example.net:
template_file: salt://apache/vhosts/minimal.tmpl
example.com: # must be unique; used as an ID declaration in Salt.
enabled: True
template_file: salt://apache/vhosts/standard.tmpl # or redirect.tmpl or proxy.tmpl
####################### DEFAULT VALUES BELOW ############################
# NOTE: the values below are simply default settings that *can* be
# overridden and are not required in order to use this formula to create
# vhost entries.
#
# Do not copy the values below into your Pillar unless you intend to
# modify these vaules.
####################### DEFAULT VALUES BELOW ############################
template_engine: jinja
interface: '*'
port: '80'
ServerName: example.com # uses the unique ID above unless specified
ServerAlias: www.example.com
ServerAdmin: webmaster@example.com
LogLevel: warn
ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log
CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log
DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com
SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired
SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file
SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file
Directory:
# "default" is a special case; Adds ``/path/to/www/dir/example.com``
# E.g.: /var/www/example.com
default:
Options: -Indexes +FollowSymLinks
Order: allow,deny # For Apache < 2.4
Allow: from all # For apache < 2.4
Require: all granted # For apache > 2.4.
AllowOverride: None
Formula_Append: |
Additional config as a
multi-line string here
# if template is 'redirect.tmpl'
# RedirectSource: '/'
# RedirectTarget: 'http://www.example.net'
# if template is 'proxy.tmpl'
# ProxyPreserveHost: 'On'
# ProxyRoute:
# my sample route:
# ProxyPassSource: '/'
# ProxyPassTarget: 'http://www.example.net'
# ProxyPassTargetOptions: 'connectiontimeout=5 timeout=30'
# ProxyPassReverseSource: '/'
# ProxyPassReverseTarget: 'http://www.example.net'
Alias:
/docs: /usr/share/docs
Location:
/docs:
Order: allow,deny # For Apache < 2.4
Allow: from all # For apache < 2.4
Require: all granted # For apache > 2.4.
Formula_Append: |
Additional config as a
multi-line string here
Formula_Append: |
Additional config as a
multi-line string here
# ``apache.debian_full`` formula additional configuration:
register-site:
# any name as an array index, and you can duplicate this section
UNIQUE_VALUE_HERE:
name: 'my name'
path: 'salt://path/to/sites-available/conf/file'
state: 'enabled'
# Optional - use managed file as Jinja Template
#template: true
#defaults:
# custom_var: "default value"
modules:
enabled: # List modules to enable
- ldap
- ssl
disabled: # List modules to disable
- rewrite
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
keepalive: 'On'
security:
# can be Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
ServerTokens: Prod
# ``apache.mod_remoteip`` formula additional configuration:
mod_remoteip:
RemoteIPHeader: X-Forwarded-For
RemoteIPTrustedProxy:
- 10.0.8.0/24
- 127.0.0.1
# ``apache.mod_security`` formula additional configuration:
mod_security:
crs_install: True
# If not set, default distro's configuration is installed as is
manage_config: True
sec_rule_engine: 'On'
sec_request_body_access: 'On'
sec_request_body_limit: '14000000'
sec_request_body_no_files_limit: '114002'
sec_request_body_in_memory_limit: '114002'
sec_request_body_limit_action: 'Reject'
sec_pcre_match_limit: '15000'
sec_pcre_match_limit_recursion: '15000'
sec_debug_log_level: '3'