1 files changed, 96 insertions, 26 deletions
diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp
index 19240e9..d1876ff 100644
--- a/manifests/vhost/php/gallery2.pp
+++ b/manifests/vhost/php/gallery2.pp
@@ -1,20 +1,41 @@
-# run_mode:
-#   - normal: nothing special (*default*)
-#   - itk: apache is running with the itk module
-#          and run_uid and run_gid are used as vhost users
+# run_mode: controls in which mode the vhost should be run, there are different setups
+#           possible:
+#   - normal: (*default*) run vhost with the current active worker (default: prefork) don't
+#             setup anything special
+#   - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination
+#          with 'proxy-itk' & 'static-itk' mode)
+#   - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the
+#                requests for the itk setup, that listens only on the loobpack device.
+#                (Incompatibility: cannot be used in combination with the itk setup.)
+#   - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static
+#                 content and proxies the dynamic calls to the itk setup, that listens only on
+#                 the loobpack device (Incompatibility: cannot be used in combination with
+#                 'itk' mode)
+#
 # run_uid: the uid the vhost should run as with the itk module
 # run_gid: the gid the vhost should run as with the itk module
+#
+# mod_security: Whether we use mod_security or not (will include mod_security module)
+#    - false: (*defaul*) don't activate mod_security
+#    - true: activate mod_security
+#
 # php_safe_mode_exec_bins: An array of local binaries which should be linked in the
 #                          safe_mode_exec_bin for this hosting
 #                          *default*: None
 # php_default_charset: default charset header for php.
 #                      *default*: absent, which will set the same as default_charset
 #                                 of apache
+# logmode:
+#   - default: Do normal logging to CustomLog and ErrorLog
+#   - nologs: Send every logging to /dev/null
+#   - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null
+#   - semianonym: Don't log ips for CustomLog, log normal ErrorLog
 define apache::vhost::php::gallery2(
     $ensure = present,
     $domain = 'absent',
     $domainalias = 'absent',
     $server_admin = 'absent',
+    $logmode = 'default',
     $path = 'absent',
     $owner = root,
     $group = apache,
@@ -25,49 +46,98 @@ define apache::vhost::php::gallery2(
     $run_uid = 'absent',
     $run_gid = 'absent',
     $allow_override = 'None',
-    $php_upload_tmp_dir = 'absent',
-    $php_session_save_path = 'absent',
-    $php_safe_mode_exec_bins = 'absent',
-    $php_default_charset = 'absent',
+    $php_settings = {},
+    $php_options = {},
     $do_includes = false,
     $options = 'absent',
     $additional_options = 'absent',
     $default_charset = 'absent',
-    $mod_security = true,
+    $mod_security = false,
     $mod_security_relevantonly = true,
+    $mod_security_rules_to_disable = [],
+    $mod_security_additional_options = 'absent',
     $ssl_mode = false,
     $vhost_mode = 'template',
+    $template_partial = 'apache/vhosts/php_gallery2/partial.erb',
     $vhost_source = 'absent',
     $vhost_destination = 'absent',
     $htpasswd_file = 'absent',
     $htpasswd_path = 'absent',
     $manage_config = true,
     $config_webwriteable = false,
-    $manage_directories = true
+    $manage_directories = true,
+    $upload_dir = 'present'
 ){
     $documentroot = $path ? {
-        'absent' => $operatingsystem ? {
+        'absent' => $::operatingsystem ? {
             openbsd => "/var/www/htdocs/${name}/www",
             default => "/var/www/vhosts/${name}/www"
         },
         default => "${path}/www"
     }
     $gdatadir = $path ? {
-        'absent' => $operatingsystem ? {
+        'absent' => $::operatingsystem ? {
             openbsd => "/var/www/htdocs/${name}/g2data",
             default => "/var/www/vhosts/${name}/g2data"
         },
         default => "${path}/g2data"
     }
-    file{$gdatadir:
-            ensure => $ensure ? {
-              'present' => directory,
-              default => absent
-            },
-            owner => $documentroot_owner, 
-            group => $documentroot_group,
-            mode => 0660;
+    if ($upload_dir == 'present') or ($upload_dir == 'absent') {
+      $real_upload_dir = $::operatingsystem ? {
+        openbsd => "/var/www/htdocs/${name}/upload",
+        default => "/var/www/vhosts/${name}/upload"
+      }
+    } else {
+      $real_upload_dir = $upload_dir
     }
+    file{
+      $gdatadir:
+        ensure => $ensure ? {
+          'present' => directory,
+          default => absent
+        },
+        owner => $documentroot_owner, group => $documentroot_group, mode => 0660;
+      $real_upload_dir:
+        owner => $documentroot_owner, group => $documentroot_group, mode => 0660;
+    }
+    if ($ensure == 'absent') or ($upload_dir == 'absent') {
+      File[$real_upload_dir]{
+        ensure => absent,
+        purge => true,
+        force => true,
+        recurse => true
+      }
+    } else {
+      File[$real_upload_dir]{
+        ensure => directory
+      }
+    }
+
+    $gallery_php_settings = {
+      safe_mode => 'Off',
+      output_buffering => 'Off',
+    }
+
+    # php upload_tmp_dir
+    case $php_settings[upload_tmp_dir] {
+      '',undef: {
+        $php_settings[upload_tmp_dir] = "/var/www/upload_tmp_dir/$name"
+      }
+    }
+    # php session_save_path
+    case $php_settings['session.save_path'] {
+      '',undef: {
+        $php_settings['session.save_path'] = "/var/www/session.save_path/$name"
+      }
+    }
+
+    if $upload_dir != 'absent' {
+      $gallery_php_settings[open_basedir] = "${documentroot}:${php_settings[upload_tmp_dir]}:${php_settings['session.save_path']}:${gdatadir}:${real_upload_dir}"
+    } else {
+      $gallery_php_settings[open_basedir] = "${documentroot}:${php_settings[upload_tmp_dir]}:${php_settings['session.save_path']}:${gdatadir}"
+    }
+
+    $real_php_settings = merge($gallery_php_settings,$php_settings)
 
     # create vhost configuration file
     ::apache::vhost::php::webapp{$name:
@@ -75,8 +145,8 @@ define apache::vhost::php::gallery2(
         domain => $domain,
         domainalias => $domainalias,
         server_admin => $server_admin,
+        logmode => $logmode,
         path => $path,
-        template_mode => 'php_gallery2',
         owner => $owner,
         group => $group,
         documentroot_owner => $documentroot_owner,
@@ -86,18 +156,19 @@ define apache::vhost::php::gallery2(
         run_uid => $run_uid,
         run_gid => $run_gid,
         allow_override => $allow_override,
-        php_upload_tmp_dir => $php_upload_tmp_dir,
-        php_session_save_path => $php_session_save_path,
-        php_safe_mode_exec_bins => $real_php_safe_mode_exec_bins,
-        php_default_charset => $php_default_charset,
+        php_settings => $real_php_settings,
+        php_options => $php_options,
         do_includes => $do_includes,
         options => $options,
         additional_options => $additional_options,
         default_charset => $default_charset,
         mod_security => $mod_security,
         mod_security_relevantonly => $mod_security_relevantonly,
+        mod_security_rules_to_disable => $mod_security_rules_to_disable,
+        mod_security_additional_options => $mod_security_additional_options,
         ssl_mode => $ssl_mode,
         vhost_mode => $vhost_mode,
+        template_partial => $template_partial,
         vhost_source => $vhost_source,
         vhost_destination => $vhost_destination,
         htpasswd_file => $htpasswd_file,
@@ -106,6 +177,5 @@ define apache::vhost::php::gallery2(
         manage_config => $manage_config,
         config_file => 'config.php',
     }
-
 }