2 files changed, 240 insertions, 0 deletions

diff --git a/manifests/vhost/php/silverstripe.pp b/manifests/vhost/php/silverstripe.pp
new file mode 100644
index 0000000..16f9d32
--- /dev/null
+++ b/manifests/vhost/php/silverstripe.pp
@@ -0,0 +1,94 @@
+# run_mode:
+#   - normal: nothing special (*default*)
+#   - itk: apache is running with the itk module
+#          and run_uid and run_gid are used as vhost users
+# run_uid: the uid the vhost should run as with the itk module
+# run_gid: the gid the vhost should run as with the itk module
+# php_safe_mode_exec_bins: An array of local binaries which should be linked in the
+#                          safe_mode_exec_bin for this hosting
+#                          *default*: None
+# php_default_charset: default charset header for php.
+#                      *default*: absent, which will set the same as default_charset
+#                                 of apache
+define apache::vhost::php::silverstripe(
+    $ensure = present,
+    $domain = 'absent',
+    $domainalias = 'absent',
+    $server_admin = 'absent',
+    $path = 'absent',
+    $owner = root,
+    $group = apache,
+    $documentroot_owner = apache,
+    $documentroot_group = 0,
+    $documentroot_mode = 0640,
+    $run_mode = 'normal',
+    $run_uid = 'absent',
+    $run_gid = 'absent',
+    $allow_override = 'None',
+    $php_upload_tmp_dir = 'absent',
+    $php_session_save_path = 'absent',
+    $php_safe_mode_exec_bins = 'absent',
+    $php_default_charset = 'absent',
+    $do_includes = false,
+    $options = 'absent',
+    $additional_options = 'absent',
+    $default_charset = 'absent',
+    $mod_security = true,
+    $ssl_mode = false,
+    $vhost_mode = 'template',
+    $vhost_source = 'absent',
+    $vhost_destination = 'absent',
+    $htpasswd_file = 'absent',
+    $htpasswd_path = 'absent',
+    $manage_config = true,
+    $config_webwriteable = false,
+    $manage_directories = true
+){
+    $documentroot = $path ? {
+        'absent' => $operatingsystem ? {
+            openbsd => "/var/www/htdocs/${name}/www",
+            default => "/var/www/vhosts/${name}/www"
+        },
+        default => "${path}/www"
+    }
+
+    # create vhost configuration file
+    ::apache::vhost::php::webapp{$name:
+        ensure => $ensure,
+        domain => $domain,
+        domainalias => $domainalias,
+        server_admin => $server_admin,
+        path => $path,
+        template_mode => 'php_silverstripe',
+        owner => $owner,
+        group => $group,
+        documentroot_owner => $documentroot_owner,
+        documentroot_group => $documentroot_group,
+        documentroot_mode => $documentroot_mode,
+        run_mode => $run_mode,
+        run_uid => $run_uid,
+        run_gid => $run_gid,
+        allow_override => $allow_override,
+        php_upload_tmp_dir => $php_upload_tmp_dir,
+        php_session_save_path => $php_session_save_path,
+        php_safe_mode_exec_bins => $php_safe_mode_exec_bins,
+        php_default_charset => $php_default_charset,
+        do_includes => $do_includes,
+        options => $options,
+        additional_options => $additional_options,
+        default_charset => $default_charset,
+        mod_security => $mod_security,
+        ssl_mode => $ssl_mode,
+        vhost_mode => $vhost_mode,
+        vhost_source => $vhost_source,
+        vhost_destination => $vhost_destination,
+        htpasswd_file => $htpasswd_file,
+        htpasswd_path => $htpasswd_path,
+        manage_directories => $manage_directories,
+        managed_directories =>  [ "$documentroot/assets"
+                                ],
+        manage_config => $manage_config,
+    }
+
+}
+
diff --git a/templates/vhosts/php_silverstripe/CentOS.erb b/templates/vhosts/php_silverstripe/CentOS.erb
new file mode 100644
index 0000000..6967728
--- /dev/null
+++ b/templates/vhosts/php_silverstripe/CentOS.erb
@@ -0,0 +1,146 @@
+# <%= servername %>
+<%- unless ssl_mode.to_s == 'only'  then -%>
+<VirtualHost *:80>
+    Include conf.d/defaults.inc
+
+    ServerName <%= servername %>
+    <%- unless serveralias.to_s.empty? then -%>
+    ServerAlias <%= serveralias %>
+    <%- end -%> 
+    <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+    ServerAdmin <%= server_admin %>
+    <%- end -%>
+    DocumentRoot <%= documentroot %>/
+
+    ErrorLog <%= logdir %>/error_log
+    CustomLog <%= logdir %>/access_log combined
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Redirect permanent / https://<%= servername %>/
+    <%- end -%>
+    <%- if default_charset.to_s != 'absent' then -%>
+    AddDefaultCharset <%= default_charset %>
+    <%- end -%>
+    <%- if run_mode.to_s == 'itk' -%>
+    <IfModule mpm_itk_module>
+        AssignUserId <%= run_uid+" "+run_gid %>
+    </IfModule>
+    <%- end -%>
+    <%- if not ssl_mode.to_s == 'force' then -%>
+    <Directory "<%= documentroot %>/">
+        AllowOverride <%= allow_override %>
+        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+        <%- end -%>
+        <%- unless htpasswd_file.to_s == 'absent' then -%>
+        AuthType Basic
+        AuthName "Access fuer <%= servername %>"
+        AuthUserFile <%= real_htpasswd_path %>
+        require valid-user
+        <%- end -%>
+        php_admin_flag engine on
+        <%- unless php_default_charset.to_s == 'absent' then -%>
+        php_admin_value default_charset <%= php_default_charset %>
+        <%- end -%>
+        php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>
+        php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %>
+        php_admin_value session.save_path <%= real_php_session_save_path %>
+        <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%>
+        php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %>
+        <%- end -%>
+    </Directory>
+    <%- end -%>
+
+    <IfModule mod_security2.c>
+        <%- if mod_security.to_s == 'true' then -%>
+        SecRuleEngine On
+        SecAuditEngine On
+        <%- else -%>
+        SecRuleEngine Off
+        SecAuditEngine Off
+        <%- end -%>
+        SecAuditLogType Concurrent
+        SecAuditLogStorageDir <%= logdir %>/
+        SecAuditLog <%= logdir %>/mod_security_audit.log
+        SecDebugLog <%= logdir %>/mod_security_debug.log
+        # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+        SecRuleRemoveById "960010"
+    </IfModule>
+
+    <%- unless additional_options.to_s == 'absent' then -%>
+    <%= additional_options %>
+    <%- end -%>
+</VirtualHost>
+<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false'  then -%>
+<VirtualHost *:443>
+    Include conf.d/defaults.inc
+    Include conf.d/ssl_defaults.inc
+
+    ServerName <%= servername %>
+    <%- unless serveralias.to_s.empty? then -%>
+    ServerAlias <%= serveralias %>
+    <%- end -%> 
+    <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+    ServerAdmin <%= server_admin %>
+    <%- end -%>
+    DocumentRoot <%= documentroot %>/
+
+    ErrorLog <%= logdir %>/error_log
+    CustomLog <%= logdir %>/access_log combined
+    <%- if run_mode.to_s == 'itk' -%>
+    <IfModule mpm_itk_module>
+        AssignUserId <%= run_uid+" "+run_gid %>
+    </IfModule>
+    <%- end -%>
+    <%- if default_charset.to_s != 'absent' then -%>
+    AddDefaultCharset <%= default_charset %>
+    <%- end -%>
+    <Directory "<%= documentroot %>/">
+        AllowOverride <%= allow_override %>
+        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+        <%- end -%>
+        <%- unless htpasswd_file.to_s == 'absent' then -%>
+        AuthType Basic
+        AuthName "Access fuer <%= servername %>"
+        AuthUserFile <%= real_htpasswd_path %>
+        require valid-user
+        <%- end -%>
+        php_admin_flag engine on
+        <%- unless php_default_charset.to_s == 'absent' then -%>
+        php_admin_value default_charset <%= php_default_charset %>
+        <%- end -%>
+        php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>
+        php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %>
+        php_admin_value session.save_path <%= real_php_session_save_path %>
+        <%- unless php_safe_mode_exec_bins.to_s == 'absent' then -%>
+        php_admin_value safe_mode_exec_dir <%= real_php_safe_mode_exec_bin_dir %>
+        <%- end -%>
+        # turn allow_url_fopen on for the extension manager fetch
+        php_admin_value allow_url_fopen On
+    </Directory>
+
+    <IfModule mod_security2.c>
+        <%- if mod_security.to_s == 'true' then -%>
+        SecRuleEngine On
+        SecAuditEngine On
+        <%- else -%>
+        SecRuleEngine Off
+        SecAuditEngine Off
+        <%- end -%>
+        SecAuditLogType Concurrent
+        SecAuditLogStorageDir <%= logdir %>/
+        SecAuditLog <%= logdir %>/mod_security_audit.log
+        SecDebugLog <%= logdir %>/mod_security_debug.log
+        # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html
+        SecRuleRemoveById "960010"
+    </IfModule>
+
+    <%- unless additional_options.to_s == 'absent' then -%>
+    <%= additional_options %>
+    <%- end -%>
+</VirtualHost>
+<%- end -%>