diff options
author | Micah Anderson <micah@riseup.net> | 2013-12-16 17:29:02 -0500 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2013-12-16 17:29:02 -0500 |
commit | 15757eb2334e614bc90c8d5235834352f72261e4 (patch) | |
tree | f3a3783b50d782b0d8ca76a7884c64e3cbc08dd9 /manifests/vhost/php/joomla.pp | |
parent | 6158f2ad0cb07159b922b6036013a7be1e4dbab5 (diff) | |
parent | 88dc913a5da951b1a261b6cc6d9767aaf641287d (diff) |
Merge branch 'master' of labs.riseup.net:module_apache into riseup
Diffstat (limited to 'manifests/vhost/php/joomla.pp')
-rw-r--r-- | manifests/vhost/php/joomla.pp | 252 |
1 files changed, 148 insertions, 104 deletions
diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index 280792e..3962efa 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -1,114 +1,158 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::joomla( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $path = 'absent', - $owner = root, - $group = apache, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0640, - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $mod_security = true, - $mod_security_relevantonly = true, - $ssl_mode = false, - $vhost_mode = 'template', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $manage_config = true, - $config_webwriteable = false, - $manage_directories = true + $ensure = present, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $logmode = 'default', + $path = 'absent', + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = '0640', + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'None', + $php_settings = {}, + $php_options = {}, + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = true, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $ssl_mode = false, + $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_joomla/partial.erb', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $manage_config = true, + $config_webwriteable = false, + $manage_directories = true ){ - include ::apache::joomla + include ::apache::include::joomla - $documentroot = $path ? { - 'absent' => $operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/www", - default => "/var/www/vhosts/${name}/www" - }, - default => "${path}/www" - } + $documentroot = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/www", + default => "/var/www/vhosts/${name}/www" + }, + default => "${path}/www" + } - # create vhost configuration file - ::apache::vhost::php::webapp{$name: - ensure => $ensure, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - path => $path, - template_mode => 'php_joomla', - owner => $owner, - group => $group, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - run_gid => $run_gid, - allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, - do_includes => $do_includes, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - ssl_mode => $ssl_mode, - vhost_mode => $vhost_mode, - vhost_source => $vhost_source, - vhost_destination => $vhost_destination, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - manage_directories => $manage_directories, - managed_directories => [ "$documentroot/administrator/backups", - "$documentroot/administrator/components", - "$documentroot/administrator/language", - "$documentroot/administrator/modules", - "$documentroot/administrator/templates", - "$documentroot/components", - "$documentroot/dmdocuments", - "$documentroot/images", - "$documentroot/language", - "$documentroot/media", - "$documentroot/modules", - "$documentroot/plugins", - "$documentroot/templates", - "$documentroot/cache", - "$documentroot/tmp", - "$documentroot/administrator/cache" ], - manage_config => $manage_config, - config_webwriteable => $config_webwriteable, - config_file => 'configuration.php', + if $mod_security_additional_options == 'absent' { + $id_str = $::operatingsystem ? { + 'CentOS' => $::lsbmajdistrelease ? { + 5 => '', + default => 'id:1199400,' + }, + default => '' } + $real_mod_security_additional_options = "# http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + # Exceptions for Joomla Root Directory + <LocationMatch \"^/\"> + SecRuleRemoveById 950013 + </LocationMatch> + + # Exceptions for Joomla Administration Panel + SecRule REQUEST_FILENAME \"/administrator/index2.php\" \"${id_str}allow,phase:1,nolog,ctl:ruleEngine=Off\" + + # Exceptions for Joomla Component Expose + <LocationMatch \"^/components/com_expose/expose/manager/amfphp/gateway.php\"> + SecRuleRemoveById 960010 + </LocationMatch> +" + } else { + $real_mod_security_additional_options = $mod_security_additional_options + } + + # create vhost configuration file + ::apache::vhost::php::webapp{ + $name: + ensure => $ensure, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + logmode => $logmode, + path => $path, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + php_settings => $php_settings, + php_options => $php_options, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $real_mod_security_additional_options, + ssl_mode => $ssl_mode, + vhost_mode => $vhost_mode, + template_partial => $template_partial, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + manage_directories => $manage_directories, + managed_directories => [ "${documentroot}/administrator/backups", + "${documentroot}/administrator/components", + "${documentroot}/administrator/language", + "${documentroot}/administrator/modules", + "${documentroot}/administrator/templates", + "${documentroot}/components", + "${documentroot}/dmdocuments", + "${documentroot}/images", + "${documentroot}/language", + "${documentroot}/media", + "${documentroot}/modules", + "${documentroot}/plugins", + "${documentroot}/templates", + "${documentroot}/cache", + "${documentroot}/tmp", + "${documentroot}/administrator/cache" ], + manage_config => $manage_config, + config_webwriteable => $config_webwriteable, + config_file => 'configuration.php', + } } |