diff options
| author | Marcel Haerry <haerry@puzzle.ch> | 2009-05-11 18:27:09 +0200 |
|---|---|---|
| committer | duritong <peter.meier@immerda.ch> | 2009-05-17 15:47:26 +0200 |
| commit | 245f713aa8fc59da6ee2aee49265f43c01d61cbe (patch) | |
| tree | ce5c062912b297d1e937c7582b8f6c64021d2818 | |
| parent | bcfa2ca2d888aba7c65a2fa3956423936fc0cf14 (diff) | |
drupal vhost file and webdav vhost
- drupal vehost template with certain defaults
- webdav to be able to have a way to upload things over webdav
| -rw-r--r-- | manifests/defines/vhost_files.pp | 19 | ||||
| -rw-r--r-- | manifests/defines/vhost_varieties.pp | 78 | ||||
| -rw-r--r-- | templates/vhosts/php_drupal/CentOS.erb | 175 | ||||
| -rw-r--r-- | templates/vhosts/webdav/CentOS.erb | 135 |
4 files changed, 404 insertions, 3 deletions
diff --git a/manifests/defines/vhost_files.pp b/manifests/defines/vhost_files.pp index cb8e0fb..ae078e2 100644 --- a/manifests/defines/vhost_files.pp +++ b/manifests/defines/vhost_files.pp @@ -14,6 +14,7 @@ define apache::vhost( $ensure = present, $path = 'absent', + $path_is_webdir = false, $template_mode = 'static', $vhost_mode = 'template', $vhost_source = 'absent', @@ -37,7 +38,9 @@ define apache::vhost( $ssl_mode = false, $htpasswd_file = 'absent', $htpasswd_path = 'absent', - $mod_security = true + $mod_security = true, + $ldap_auth = false, + $ldap_user = 'any' ) { # file or template mode? case $vhost_mode { @@ -55,6 +58,7 @@ define apache::vhost( apache::vhost::template{$name: ensure => $ensure, path => $path, + path_is_webdir = $path_is_webdir, domain => $domain, domainalias => $domainalias, server_admin => $server_admin, @@ -73,6 +77,8 @@ define apache::vhost( ssl_mode => $ssl_mode, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, + ldap_auth => $ldap_auth, + ldap_user => $ldap_user, mod_security => $mod_security, } } @@ -192,6 +198,7 @@ define apache::vhost::file( define apache::vhost::template( $ensure = present, $path = 'absent', + $path_is_webdir = false, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', @@ -210,7 +217,9 @@ define apache::vhost::template( $ssl_mode = false, $mod_security = true, $htpasswd_file = 'absent', - $htpasswd_path = 'absent' + $htpasswd_path = 'absent', + $ldap_auth = false, + $ldap_user = 'any' ){ $real_path = $path ? { 'absent' => $operatingsystem ? { @@ -220,7 +229,11 @@ define apache::vhost::template( default => $path } - $documentroot = "$real_path/www" + if $path_is_webdir { + $documentroot = "$real_path" + } else { + $documentroot = "$real_path/www" + } $logdir = "$real_path/logs" $servername = $domain ? { diff --git a/manifests/defines/vhost_varieties.pp b/manifests/defines/vhost_varieties.pp index 92295bb..7d4ab75 100644 --- a/manifests/defines/vhost_varieties.pp +++ b/manifests/defines/vhost_varieties.pp @@ -7,10 +7,12 @@ # - apache::vhost::joomla # - apache::vhost::wordpress # - apache::vhost::simplemachine +# - apache::vhost::drubal # - apache::vhost::cgi TODO # - apache::vhost::modperl TODO # - apache::vhost::modpython TODO # - apache::vhost::modrails TODO +# - apache::vhost::webdav # - apache::vhost::webapp (abstract) # vhost_mode: which option is chosen to deploy the vhost @@ -514,6 +516,82 @@ define apache::vhost::php::drupal( } } +# Webdav vhost: to manage webdav accessible targets +# run_mode: +# - normal: nothing special (*default*) +# - itk: apache is running with the itk module +# and run_uid and run_gid are used as vhost users +# run_uid: the uid the vhost should run as with the itk module +# run_gid: the gid the vhost should run as with the itk module +define apache::vhost::webdav( + $ensure = present, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $path = 'absent', + $owner = root, + $group = 0, + $manage_webdir = true, + $path_is_webdir = false, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = 0750, + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = false, + $ssl_mode = false, + $vhost_mode = 'template', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $ldap_auth = false, + $ldap_user = 'any' +){ + if $manage_webdir { + # create webdir + apache::vhost::webdir{$name: + ensure => $ensure, + path => $path, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + } + } + # create vhost configuration file + apache::vhost{$name: + ensure => $ensure, + path => $path, + path_is_webdir = $path_is_webdir, + template_mode => 'webdav', + vhost_mode => $vhost_mode, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + cgi_binpath => $real_cgi_binpath, + ssl_mode => $ssl_mode, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + ldap_auth => $ldap_auth, + ldap_user => $ldap_user, + mod_security => $mod_security, + } +} + # run_mode: # - normal: nothing special (*default*) # - itk: apache is running with the itk module diff --git a/templates/vhosts/php_drupal/CentOS.erb b/templates/vhosts/php_drupal/CentOS.erb new file mode 100644 index 0000000..f92e3b0 --- /dev/null +++ b/templates/vhosts/php_drupal/CentOS.erb @@ -0,0 +1,175 @@ +# <%= servername %> +<VirtualHost *:80> + Include conf.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if not ssl_mode.to_s == 'force' then -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + + php_value magic_quotes_gpc 0 + php_value register_globals 0 + php_value session.auto_start 0 + php_value mbstring.http_input pass + php_value mbstring.http_output pass + php_value mbstring.encoding_translation 0 + + # Protect files and directories from prying eyes. + <FilesMatch "\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template)$"> + Order allow,deny + </FilesMatch> + + # Customized error messages. + ErrorDocument 404 /index.php + + RewriteEngine on + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] + </Directory> + <Directory "<%= documentroot %>/files/"> + SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 + Options None + Options +FollowSymLinks + </Directory> + <%- end -%> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + <%- else -%> + SecRuleEngine Off + <%- end -%> + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> + +<%- unless ssl_mode.to_s == 'false' then -%> +<VirtualHost *:443> + Include conf.d/defaults.inc + Include conf.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <Directory "<%= documentroot %>/"> + AllowOverride <%= allow_override %> + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + php_admin_flag engine on + php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %> + php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %> + php_admin_value session.save_path <%= real_php_session_save_path %> + + php_value magic_quotes_gpc 0 + php_value register_globals 0 + php_value session.auto_start 0 + php_value mbstring.http_input pass + php_value mbstring.http_output pass + php_value mbstring.encoding_translation 0 + + # Protect files and directories from prying eyes. + <FilesMatch "\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template)$"> + Order allow,deny + </FilesMatch> + + # Customized error messages. + ErrorDocument 404 /index.php + + RewriteEngine on + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] + </Directory> + <Directory "<%= documentroot %>/files/"> + SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 + Options None + Options +FollowSymLinks + </Directory> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + <%- else -%> + SecRuleEngine Off + <%- end -%> + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> diff --git a/templates/vhosts/webdav/CentOS.erb b/templates/vhosts/webdav/CentOS.erb new file mode 100644 index 0000000..c297de5 --- /dev/null +++ b/templates/vhosts/webdav/CentOS.erb @@ -0,0 +1,135 @@ +# <%= servername %> +<VirtualHost *:80> + Include conf.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if ssl_mode.to_s == 'force' then -%> + Redirect permanent / https://<%= servername %>/ + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if not ssl_mode.to_s == 'force' then -%> + <Directory "<%= documentroot %>/"> + Dav on + AllowOverride None + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- unless options.include?('Indexes') then -%> Indexes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + <%- unless ldap_auth.to_s == 'true' then -%> + Include conf.d/ldap_auth.inc + <%- unless ldap-user.to_s == 'any' -%> + Require ldap-user <%= ldap_user.to_s %> + <%- else -%> + Require valid-user + <%- end -%> + <%- end -%> + </Directory> + <%- end -%> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- else -%> + SecRuleEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> + +<%- unless ssl_mode.to_s == 'false' then -%> +<VirtualHost *:443> + Include conf.d/defaults.inc + Include conf.d/ssl_defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? then -%> + ServerAlias <%= serveralias %> + <%- end -%> + <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%> + ServerAdmin <%= server_admin %> + <%- end -%> + DocumentRoot <%= documentroot %>/ + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if run_mode.to_s == 'itk' -%> + <IfModule mpm_itk_module> + AssignUserId <%= run_uid+" "+run_gid %> + </IfModule> + <%- end -%> + <%- if default_charset.to_s != 'absent' then -%> + AddDefaultCharset <%= default_charset %> + <%- end -%> + <Directory "<%= documentroot %>/"> + Dav on + AllowOverride None + <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> + Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- unless options.include?('Indexes') then -%> Indexes<%- end -%> + + <%- end -%> + <%- unless htpasswd_file.to_s == 'absent' then -%> + AuthType Basic + AuthName "Access fuer <%= servername %>" + AuthUserFile <%= real_htpasswd_path %> + require valid-user + <%- end -%> + <%- unless ldap_auth.to_s == 'true' then -%> + Include conf.d/ldap_auth.inc + <%- unless ldap-user.to_s == 'any' -%> + Require ldap-user <%= ldap_user.to_s %> + <%- else -%> + Require valid-user + <%- end -%> + <%- end -%> + </Directory> + + <IfModule mod_security2.c> + <%- if mod_security.to_s == 'true' then -%> + SecRuleEngine On + <%- else -%> + SecRuleEngine Off + <%- end -%> + SecAuditLogType Concurrent + SecAuditLogStorageDir <%= logdir %>/ + SecAuditLog <%= logdir %>/mod_security_audit.log + SecDebugLog <%= logdir %>/mod_security_debug.log + </IfModule> + + <%- unless additional_options.to_s == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> +<%- end -%> |