diff options
author | Micah <micah@leap.se> | 2016-07-12 16:45:58 -0400 |
---|---|---|
committer | Micah <micah@leap.se> | 2016-07-12 16:45:58 -0400 |
commit | 4aff06cc2fecc0b59728d7fc825fb36394b847b7 (patch) | |
tree | 3668fd7666051bfd5e6b5b79a7238e54962e3948 /puppet/modules/apache/spec/defines/vhost_php_wordpress_spec.rb | |
parent | f2019755fd724fb1020cb2d97cdf82b751450ebc (diff) |
git subrepo clone https://leap.se/git/puppet_apache puppet/modules/apache
subrepo:
subdir: "puppet/modules/apache"
merged: "415e950"
upstream:
origin: "https://leap.se/git/puppet_apache"
branch: "master"
commit: "415e950"
git-subrepo:
version: "0.3.0"
origin: "https://github.com/ingydotnet/git-subrepo"
commit: "1e79595"
Change-Id: Iba7353669969a09c0b4bbd63add67e3245b05ede
Diffstat (limited to 'puppet/modules/apache/spec/defines/vhost_php_wordpress_spec.rb')
-rw-r--r-- | puppet/modules/apache/spec/defines/vhost_php_wordpress_spec.rb | 171 |
1 files changed, 171 insertions, 0 deletions
diff --git a/puppet/modules/apache/spec/defines/vhost_php_wordpress_spec.rb b/puppet/modules/apache/spec/defines/vhost_php_wordpress_spec.rb new file mode 100644 index 00000000..203f9690 --- /dev/null +++ b/puppet/modules/apache/spec/defines/vhost_php_wordpress_spec.rb @@ -0,0 +1,171 @@ +require File.expand_path(File.join(File.dirname(__FILE__),'../spec_helper')) + +describe 'apache::vhost::php::wordpress', :type => 'define' do + let(:title){ 'example.com' } + let(:facts){ + { + :fqdn => 'apache.example.com', + :operatingsystem => 'CentOS', + :operatingsystemmajrelease => '7', + } + } + describe 'with standard' do + # only test the differences from the default + it { should contain_apache__vhost__php__webapp('example.com').with( + :mod_security_rules_to_disable => ["960010", "950018"], + :manage_directories => true, + :managed_directories => '/var/www/vhosts/example.com/www/wp-content', + :template_partial => 'apache/vhosts/php_wordpress/partial.erb', + :manage_config => true, + :config_webwriteable => false, + :config_file => 'wp-config.php', + )} + # go deeper in the catalog and test the produced template + it { should contain_apache__vhost__file('example.com').with_content( +"<VirtualHost *:80 > + + Include include.d/defaults.inc + ServerName example.com + DocumentRoot /var/www/vhosts/example.com/www/ + DirectoryIndex index.htm index.html index.php + + + ErrorLog /var/www/vhosts/example.com/logs/error_log + CustomLog /var/www/vhosts/example.com/logs/access_log combined + + + + <Directory \"/var/www/vhosts/example.com/www/\"> + AllowOverride FileInfo + + php_admin_flag engine on + php_admin_value error_log /var/www/vhosts/example.com/logs/php_error_log + php_admin_value open_basedir /var/www/vhosts/example.com/www:/var/www/vhosts/example.com/data:/var/www/upload_tmp_dir/example.com:/var/www/session.save_path/example.com + php_admin_flag safe_mode on + php_admin_value session.save_path /var/www/session.save_path/example.com + php_admin_value upload_tmp_dir /var/www/upload_tmp_dir/example.com + + + </Directory> + + + # fixes: http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh + <Directory \"/var/www/vhosts/example.com/www/wp-content/w3tc/dbcache\"> + Deny From All + </Directory> + + # simple wp-login brute force protection + # http://www.frameloss.org/2013/04/26/even-easier-brute-force-login-protection-for-wordpress/ + RewriteEngine On + RewriteCond %{HTTP_COOKIE} !359422a82c97336dc082622faf72013a8e857bfd + RewriteRule ^/wp-login.php /wordpress-login-576a63fdc98202e7c7283713f2ddfee334bf13ee.php [R,L] + <Location /wordpress-login-576a63fdc98202e7c7283713f2ddfee334bf13ee.php> + CookieTracking on + CookieExpires 30 + CookieName 359422a82c97336dc082622faf72013a8e857bfd + </Location> + RewriteRule ^/wordpress-login-576a63fdc98202e7c7283713f2ddfee334bf13ee.php /wp-login.php [NE] + + + <IfModule mod_security2.c> + SecRuleEngine On + SecAuditEngine RelevantOnly + SecAuditLogType Concurrent + SecAuditLogStorageDir /var/www/vhosts/example.com/logs/ + SecAuditLog /var/www/vhosts/example.com/logs/mod_security_audit.log + SecDebugLog /var/www/vhosts/example.com/logs/mod_security_debug.log + + SecRuleRemoveById \"960010\" + SecRuleRemoveById \"950018\" + </IfModule> + +</VirtualHost> +" +)} + end + describe 'with mod_fcgid' do + let(:params){ + { + :run_mode => 'fcgid', + :run_uid => 'foo', + :run_gid => 'bar', + } + } + # only test variables that are tuned + it { should contain_apache__vhost__php__webapp('example.com').with( + :run_mode => 'fcgid', + :run_uid => 'foo', + :run_gid => 'bar', + :template_partial => 'apache/vhosts/php_wordpress/partial.erb', + :mod_security_rules_to_disable => ["960010", "950018"], + :manage_directories => true, + :managed_directories => '/var/www/vhosts/example.com/www/wp-content', + :manage_config => true, + :config_webwriteable => false, + :config_file => 'wp-config.php', + )} + # go deeper in the catalog and test the produced template + it { should contain_apache__vhost__file('example.com').with_content( +"<VirtualHost *:80 > + + Include include.d/defaults.inc + ServerName example.com + DocumentRoot /var/www/vhosts/example.com/www/ + DirectoryIndex index.htm index.html index.php + + + ErrorLog /var/www/vhosts/example.com/logs/error_log + CustomLog /var/www/vhosts/example.com/logs/access_log combined + + + + <IfModule mod_fcgid.c> + SuexecUserGroup foo bar + FcgidMaxRequestsPerProcess 5000 + FCGIWrapper /var/www/mod_fcgid-starters/example.com/example.com-starter .php + AddHandler fcgid-script .php + </IfModule> + + <Directory \"/var/www/vhosts/example.com/www/\"> + AllowOverride FileInfo + Options +ExecCGI + + + </Directory> + + + # fixes: http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh + <Directory \"/var/www/vhosts/example.com/www/wp-content/w3tc/dbcache\"> + Deny From All + </Directory> + + # simple wp-login brute force protection + # http://www.frameloss.org/2013/04/26/even-easier-brute-force-login-protection-for-wordpress/ + RewriteEngine On + RewriteCond %{HTTP_COOKIE} !359422a82c97336dc082622faf72013a8e857bfd + RewriteRule ^/wp-login.php /wordpress-login-576a63fdc98202e7c7283713f2ddfee334bf13ee.php [R,L] + <Location /wordpress-login-576a63fdc98202e7c7283713f2ddfee334bf13ee.php> + CookieTracking on + CookieExpires 30 + CookieName 359422a82c97336dc082622faf72013a8e857bfd + </Location> + RewriteRule ^/wordpress-login-576a63fdc98202e7c7283713f2ddfee334bf13ee.php /wp-login.php [NE] + + + <IfModule mod_security2.c> + SecRuleEngine On + SecAuditEngine RelevantOnly + SecAuditLogType Concurrent + SecAuditLogStorageDir /var/www/vhosts/example.com/logs/ + SecAuditLog /var/www/vhosts/example.com/logs/mod_security_audit.log + SecDebugLog /var/www/vhosts/example.com/logs/mod_security_debug.log + + SecRuleRemoveById \"960010\" + SecRuleRemoveById \"950018\" + </IfModule> + +</VirtualHost> +" +)} + end +end |