diff options
Diffstat (limited to 'modules/apache/manifests')
| -rw-r--r-- | modules/apache/manifests/base.pp | 32 | ||||
| -rw-r--r-- | modules/apache/manifests/config.pp | 2 | ||||
| -rw-r--r-- | modules/apache/manifests/cve-2011-3192.pp | 7 | ||||
| -rw-r--r-- | modules/apache/manifests/init.pp | 17 | ||||
| -rw-r--r-- | modules/apache/manifests/mod/deflate.pp | 4 | ||||
| -rw-r--r-- | modules/apache/manifests/mod/fastcgi.pp | 1 | ||||
| -rw-r--r-- | modules/apache/manifests/mod/fcgid.pp | 7 | ||||
| -rw-r--r-- | modules/apache/manifests/mod/php.pp | 2 | ||||
| -rw-r--r-- | modules/apache/manifests/mod/ssl.pp | 4 | ||||
| -rw-r--r-- | modules/apache/manifests/mod/wsgi.pp | 2 | ||||
| -rw-r--r-- | modules/apache/manifests/var.pp | 12 | ||||
| -rw-r--r-- | modules/apache/manifests/vhost/base.pp | 14 | ||||
| -rw-r--r-- | modules/apache/manifests/vhost/catalyst_app.pp | 14 | ||||
| -rw-r--r-- | modules/apache/manifests/vhost/django_app.pp | 4 | ||||
| -rw-r--r-- | modules/apache/manifests/vhost/other_app.pp | 2 | ||||
| -rw-r--r-- | modules/apache/manifests/vhost/redirect_ssl.pp | 2 | ||||
| -rw-r--r-- | modules/apache/manifests/vhost/reverse_proxy.pp | 3 | ||||
| -rw-r--r-- | modules/apache/manifests/webapp_other.pp | 2 |
18 files changed, 82 insertions, 49 deletions
diff --git a/modules/apache/manifests/base.pp b/modules/apache/manifests/base.pp index 1af8c256..4e1d6ed4 100644 --- a/modules/apache/manifests/base.pp +++ b/modules/apache/manifests/base.pp @@ -1,34 +1,34 @@ class apache::base { + include apache::var - # number of time the log file are rotated before being removed - $httpdlogs_rotate = '24' + $conf_d = '/etc/httpd/conf/conf.d' - $apache_user = 'apache' - $apache_group = 'apache' - - package { 'apache-mpm-prefork': } - - if ($lsbdistrelease == '1') or ($lsbdistid == 'MandrivaLinux') { - package { 'apache-conf': } - } else { - package { 'apache': } + package { 'apache': + alias => 'apache-server', } service { 'httpd': alias => 'apache', - subscribe => [ Package['apache-mpm-prefork'] ], + subscribe => [ Package['apache-server'] ], } - exec { 'service httpd configtest': + exec { 'apachectl configtest': refreshonly => true, notify => Service['apache'], } apache::config { - '/etc/httpd/conf.d/customization.conf': - content => template('apache/customization.conf'); + "${conf_d}/no_hidden_file_dir.conf": + content => template('apache/no_hidden_file_dir.conf'), + require => Package[$apache::var::pkg_conf]; + "${conf_d}/customization.conf": + content => template('apache/customization.conf'), + require => Package[$apache::var::pkg_conf]; '/etc/httpd/conf/vhosts.d/00_default_vhosts.conf': - content => template('apache/00_default_vhosts.conf'); + content => template('apache/00_default_vhosts.conf'), + require => Package[$apache::var::pkg_conf]; + '/etc/httpd/conf/modules.d/50_mod_deflate.conf': + content => template('apache/50_mod_deflate.conf'); } file { '/etc/logrotate.d/httpd': diff --git a/modules/apache/manifests/config.pp b/modules/apache/manifests/config.pp index a6e1e231..0ff0962c 100644 --- a/modules/apache/manifests/config.pp +++ b/modules/apache/manifests/config.pp @@ -1,6 +1,6 @@ define apache::config($content) { file { $name: content => $content, - notify => Exec['service httpd configtest'], + notify => Exec['apachectl configtest'], } } diff --git a/modules/apache/manifests/cve-2011-3192.pp b/modules/apache/manifests/cve-2011-3192.pp index 20b53216..1e39ac04 100644 --- a/modules/apache/manifests/cve-2011-3192.pp +++ b/modules/apache/manifests/cve-2011-3192.pp @@ -1,8 +1,9 @@ class apache::cve-2011-3192 { + include apache::base # temporary protection against CVE-2011-3192 - # http://httpd.apache.org/security/CVE-2011-3192.txt + # https://httpd.apache.org/security/CVE-2011-3192.txt apache::config { - '/etc/httpd/conf.d/CVE-2011-3192.conf': - content => template('apache/CVE-2011-3192.conf'), + "${apache::base::conf_d}/CVE-2011-3192.conf": + content => template('apache/CVE-2011-3192.conf'), } } diff --git a/modules/apache/manifests/init.pp b/modules/apache/manifests/init.pp index 5bfaa004..40779d4d 100644 --- a/modules/apache/manifests/init.pp +++ b/modules/apache/manifests/init.pp @@ -3,18 +3,23 @@ class apache { include apache::base apache::vhost::base { $name: location => $location, - } - } + } + apache::vhost::base { "ssl_${name}": + vhost => $name, + use_ssl => true, + location => $location, + } + } define vhost_redirect($url, - $vhost = false, + $vhost = false, $use_ssl = false) { include apache::base apache::vhost::base { $name: use_ssl => $use_ssl, - vhost => $vhost, + vhost => $vhost, content => template("apache/vhost_redirect.conf"), - } - } + } + } } diff --git a/modules/apache/manifests/mod/deflate.pp b/modules/apache/manifests/mod/deflate.pp deleted file mode 100644 index 0e2211aa..00000000 --- a/modules/apache/manifests/mod/deflate.pp +++ /dev/null @@ -1,4 +0,0 @@ -class apache::mod::deflate { - include apache::base - package { 'apache-mod_deflate': } -} diff --git a/modules/apache/manifests/mod/fastcgi.pp b/modules/apache/manifests/mod/fastcgi.pp index 4f10ccab..2b421291 100644 --- a/modules/apache/manifests/mod/fastcgi.pp +++ b/modules/apache/manifests/mod/fastcgi.pp @@ -2,3 +2,4 @@ class apache::mod::fastcgi { include apache::base package { 'apache-mod_fastcgi': } } + diff --git a/modules/apache/manifests/mod/fcgid.pp b/modules/apache/manifests/mod/fcgid.pp index 6c815681..b8186a64 100644 --- a/modules/apache/manifests/mod/fcgid.pp +++ b/modules/apache/manifests/mod/fcgid.pp @@ -1,4 +1,11 @@ class apache::mod::fcgid { include apache::base package { 'apache-mod_fcgid': } + + file { 'urlescape': + path => '/usr/local/bin/urlescape', + mode => '0755', + notify => Service['apache'], + content => template('apache/urlescape'), + } } diff --git a/modules/apache/manifests/mod/php.pp b/modules/apache/manifests/mod/php.pp index c5de893e..2c8d6733 100644 --- a/modules/apache/manifests/mod/php.pp +++ b/modules/apache/manifests/mod/php.pp @@ -4,7 +4,7 @@ class apache::mod::php { package { 'apache-mod_php': } - apache::config { '/etc/httpd/conf.d/mod_php.conf': + apache::config { "${apache::base::conf_d}/mod_php.conf": content => template('apache/mod/php.conf'), } } diff --git a/modules/apache/manifests/mod/ssl.pp b/modules/apache/manifests/mod/ssl.pp index 6e9be525..ab3d24e4 100644 --- a/modules/apache/manifests/mod/ssl.pp +++ b/modules/apache/manifests/mod/ssl.pp @@ -14,7 +14,7 @@ class apache::mod::ssl { apache::config { '/etc/httpd/conf/vhosts.d/01_default_ssl_vhost.conf': content => template('apache/01_default_ssl_vhost.conf'); - '/etc/httpd/conf.d/ssl.conf': - content => template('apache/mod/ssl.conf'); + "${apache::base::conf_d}/ssl_vhost.conf": + content => template('apache/mod/ssl_vhost.conf'); } } diff --git a/modules/apache/manifests/mod/wsgi.pp b/modules/apache/manifests/mod/wsgi.pp index d2ab72d2..7f4fb719 100644 --- a/modules/apache/manifests/mod/wsgi.pp +++ b/modules/apache/manifests/mod/wsgi.pp @@ -6,7 +6,7 @@ class apache::mod::wsgi { ensure => directory, } - apache::config { '/etc/httpd/conf.d/mod_wsgi.conf': + apache::config { "${apache::base::conf_d}/mod_wsgi.conf": content => template('apache/mod/wsgi.conf'), } } diff --git a/modules/apache/manifests/var.pp b/modules/apache/manifests/var.pp new file mode 100644 index 00000000..4a6d68eb --- /dev/null +++ b/modules/apache/manifests/var.pp @@ -0,0 +1,12 @@ +# $httpdlogs_rotate: +# number of time the log file are rotated before being removed +# $default_vhost_redirect: +# URL to redirect to in case of unknown vhost +class apache::var( + $httpdlogs_rotate = '24', + $apache_user = 'apache', + $apache_group = 'apache', + $default_vhost_redirect = '' +) { + $pkg_conf = 'apache' +} diff --git a/modules/apache/manifests/vhost/base.pp b/modules/apache/manifests/vhost/base.pp index a7e5720d..27a19998 100644 --- a/modules/apache/manifests/vhost/base.pp +++ b/modules/apache/manifests/vhost/base.pp @@ -7,10 +7,11 @@ define apache::vhost::base ($content = '', $access_logfile = false, $error_logfile = false, $options = [], - $enable_public_html = false) { + $enable_public_html = false, + $enable_location = true) { include apache::base $httpd_logdir = '/var/log/httpd' - $filename = "$name.conf" + $filename = "${name}.conf" if ! $vhost { $real_vhost = $name @@ -19,12 +20,12 @@ define apache::vhost::base ($content = '', } if ! $access_logfile { - $real_access_logfile = "$httpd_logdir/${real_vhost}-access_log" + $real_access_logfile = "${httpd_logdir}/${real_vhost}-access_log" } else { $real_access_logfile = $access_logfile } if ! $error_logfile { - $real_error_logfile = "$httpd_logdir/${real_vhost}-error_log" + $real_error_logfile = "${httpd_logdir}/${real_vhost}-error_log" } else { $real_error_logfile = $error_logfile } @@ -34,7 +35,7 @@ define apache::vhost::base ($content = '', if $wildcard_sslcert != true { openssl::self_signed_cert{ $real_vhost: directory => '/etc/ssl/apache/', - before => Apache::Config["/etc/httpd/conf/vhosts.d/$filename"], + before => Apache::Config["/etc/httpd/conf/vhosts.d/${filename}"], } } } @@ -43,8 +44,7 @@ define apache::vhost::base ($content = '', include apache::mod::public_html } - apache::config { "/etc/httpd/conf/vhosts.d/$filename": + apache::config { "/etc/httpd/conf/vhosts.d/${filename}": content => template('apache/vhost_base.conf') } } - diff --git a/modules/apache/manifests/vhost/catalyst_app.pp b/modules/apache/manifests/vhost/catalyst_app.pp index 54a00fb2..1ce40747 100644 --- a/modules/apache/manifests/vhost/catalyst_app.pp +++ b/modules/apache/manifests/vhost/catalyst_app.pp @@ -2,12 +2,22 @@ define apache::vhost::catalyst_app( $script, $location = '', $process = 4, $use_ssl = false, + $aliases = {}, $vhost = false) { - include apache::mod::fastcgi + include apache::mod::fcgid + if ($location) { + $aliases['/static'] = "${location}/root/static" + } + + $script_aliases = { + '/' => "$script/", + } + apache::vhost::base { $name: vhost => $vhost, use_ssl => $use_ssl, - content => template('apache/vhost_catalyst_app.conf'), + content => template('apache/vhost_fcgid.conf'), + aliases => $aliases, } } diff --git a/modules/apache/manifests/vhost/django_app.pp b/modules/apache/manifests/vhost/django_app.pp index 5613e384..91974acd 100644 --- a/modules/apache/manifests/vhost/django_app.pp +++ b/modules/apache/manifests/vhost/django_app.pp @@ -11,8 +11,8 @@ define apache::vhost::django_app ($module = false, # module is a ruby reserved keyword, cannot be used in templates $django_module = $module - file { "$name.wsgi": - path => "/usr/local/lib/wsgi/$name.wsgi", + file { "${name}.wsgi": + path => "/usr/local/lib/wsgi/${name}.wsgi", mode => '0755', notify => Service['apache'], content => template('apache/django.wsgi'), diff --git a/modules/apache/manifests/vhost/other_app.pp b/modules/apache/manifests/vhost/other_app.pp index 69b3ec56..f5a71574 100644 --- a/modules/apache/manifests/vhost/other_app.pp +++ b/modules/apache/manifests/vhost/other_app.pp @@ -1,6 +1,6 @@ define apache::vhost::other_app($vhost_file) { include apache::base - apache::config { "/etc/httpd/conf/vhosts.d/$name.conf": + apache::config { "/etc/httpd/conf/vhosts.d/${name}.conf": content => template($vhost_file), } } diff --git a/modules/apache/manifests/vhost/redirect_ssl.pp b/modules/apache/manifests/vhost/redirect_ssl.pp index 3458d59d..22a4d4f6 100644 --- a/modules/apache/manifests/vhost/redirect_ssl.pp +++ b/modules/apache/manifests/vhost/redirect_ssl.pp @@ -1,5 +1,5 @@ define apache::vhost::redirect_ssl() { - apache::vhost::base { "redirect_ssl_$name": + apache::vhost::base { "redirect_ssl_${name}": vhost => $name, content => template('apache/vhost_ssl_redirect.conf') } diff --git a/modules/apache/manifests/vhost/reverse_proxy.pp b/modules/apache/manifests/vhost/reverse_proxy.pp index a6570c2f..a32aaff0 100644 --- a/modules/apache/manifests/vhost/reverse_proxy.pp +++ b/modules/apache/manifests/vhost/reverse_proxy.pp @@ -1,6 +1,7 @@ define apache::vhost::reverse_proxy($url, $vhost = false, - $use_ssl = false) { + $use_ssl = false, + $content = '') { include apache::mod::proxy apache::vhost::base { $name: use_ssl => $use_ssl, diff --git a/modules/apache/manifests/webapp_other.pp b/modules/apache/manifests/webapp_other.pp index 277558b5..147a2370 100644 --- a/modules/apache/manifests/webapp_other.pp +++ b/modules/apache/manifests/webapp_other.pp @@ -1,7 +1,7 @@ define apache::webapp_other($webapp_file) { include apache::base $webappname = $name - apache::config { "/etc/httpd/conf/webapps.d/$webappname.conf": + apache::config { "/etc/httpd/conf/webapps.d/${webappname}.conf": content => template($webapp_file), } } |