diff options
Diffstat (limited to 'manifests/vhost/php/standard.pp')
| -rw-r--r-- | manifests/vhost/php/standard.pp | 223 |
1 files changed, 156 insertions, 67 deletions
diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 6a83a42..53fa8f9 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -1,24 +1,40 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::standard( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', + $logpath = 'absent', $path = 'absent', $manage_webdir = true, + $path_is_webdir = false, $manage_docroot = true, - $template_mode = 'php', $owner = root, $group = apache, $documentroot_owner = apache, @@ -28,15 +44,8 @@ define apache::vhost::php::standard( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_use_smarty = false, - $php_use_pear = false, - $php_safe_mode = true, - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', - $php_additional_open_basedirs = 'absent', - $php_additional_options = 'absent', + $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -44,95 +53,179 @@ define apache::vhost::php::standard( $use_mod_macro = false, $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', $htpasswd_path = 'absent' ){ - $real_php_default_charset = $php_default_charset ? { - 'absent' => $default_charset ? { - 'On' => 'iso-8859-1', - default => $default_charset - }, - default => $php_default_charset - } - - ::apache::vhost::phpdirs{"${name}": + if $manage_webdir { + # create webdir + ::apache::vhost::webdir{$name: ensure => $ensure, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, + path => $path, + owner => $owner, + group => $group, + run_mode => $run_mode, + manage_docroot => $manage_docroot, documentroot_owner => $documentroot_owner, documentroot_group => $documentroot_group, documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, + } } - $php_safe_mode_exec_bin_dir = $path ? { - 'absent' => $operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/bin", - default => "/var/www/vhosts/${name}/bin" - }, - default => "${path}/bin" + $real_path = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}", + default => "/var/www/vhosts/${name}" + }, + default => $path + } + + if $path_is_webdir { + $documentroot = $real_path + } else { + $documentroot = "${real_path}/www" + } + $logdir = $logpath ? { + 'absent' => "$real_path/logs", + default => $logpath } - file{$php_safe_mode_exec_bin_dir: + + $std_php_options = { + smarty => false, + pear => false, + } + $real_php_options = merge($std_php_options,$php_options) + + if $real_php_options[smarty] { + include php::extensions::smarty + $smarty_path = '/usr/share/php/Smarty/:' + } else { + $smarty_path = '' + } + + if $real_php_options[pear] { + $pear_path = '/usr/share/pear/:' + } else { + $pear_path = '' + } + + + $std_php_settings = { + engine => 'On', + upload_tmp_dir => "/var/www/upload_tmp_dir/${name}", + 'session.save_path' => "/var/www/session.save_path/${name}", + open_basedir => "${smarty_path}${pear_path}${documentroot}:/var/www/upload_tmp_dir/${name}:/var/www/session.save_path/${name}", + safe_mode => 'On', + } + if $logmode != 'nologs' { + $std_php_settings[error_log] = "${logdir}/php_error_log" + } + if $run_mode == 'fcgid' { + $std_php_settings[safe_mode_gid] = 'On' + } + + if has_key($php_settings,'safe_mode_exec_dir') { + $php_safe_mode_exec_dir = $php_settings[safe_mode_exec_dir] + } else { + $php_safe_mode_exec_dir = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/bin", + default => "/var/www/vhosts/${name}/bin" + }, + default => "${path}/bin" + } + } + file{$php_safe_mode_exec_dir: recurse => true, force => true, purge => true, } - if $php_safe_mode_exec_bins != 'absent' { - File[$php_safe_mode_exec_bin_dir]{ + if has_key($php_options,'safe_mode_exec_bins') { + $std_php_settings[safe_mode_exec_dir] = $php_safe_mode_exec_dir + File[$php_safe_mode_exec_dir]{ ensure => $ensure ? { 'present' => directory, default => absent, }, - source => "puppet://$server/modules/common/empty", owner => $documentroot_owner, group => $documentroot_group, mode => 0750, } - $php_safe_mode_exec_bins_subst = regsubst($php_safe_mode_exec_bins,"(.+)","${name}_\\1") + $php_safe_mode_exec_bins_subst = regsubst($php_options[safe_mode_exec_bins],"(.+)","${name}@\\1") apache::vhost::php::safe_mode_bin{ $php_safe_mode_exec_bins_subst: ensure => $ensure, - path => $php_safe_mode_exec_bin_dir + path => $php_safe_mode_exec_dir } }else{ - File[$php_safe_mode_exec_bin_dir]{ + File[$php_safe_mode_exec_dir]{ ensure => absent, } } - if $php_use_smarty { - include php::extensions::smarty + if !has_key($php_settings,'default_charset') { + if $default_charset != 'absent' { + $std_php_settings[default_charset] = $default_charset ? { + 'On' => 'iso-8859-1', + default => $default_charset + } + } } - if $manage_webdir { - # create webdir - ::apache::vhost::webdir{$name: + $real_php_settings = merge($std_php_settings,$php_settings) + + if $ensure != 'absent' { + case $run_mode { + 'proxy-itk','static-itk': { + include ::php::itk_plus + } + 'itk': { include ::php::itk } + 'fcgid': { + include ::mod_fcgid + include ::php::mod_fcgid + include apache::include::mod_fcgid + + mod_fcgid::starter {$name: + cgi_type => 'php', + cgi_type_options => $real_php_settings, + owner => $run_uid, + group => $run_gid, + notify => Service['apache'], + } + } + default: { include ::php } + } + } + + ::apache::vhost::phpdirs{"${name}": ensure => $ensure, - path => $path, - owner => $owner, - group => $group, - run_mode => $run_mode, - manage_docroot => $manage_docroot, + php_upload_tmp_dir => $real_php_settings[upload_tmp_dir], + php_session_save_path => $real_php_settings['session.save_path'], documentroot_owner => $documentroot_owner, documentroot_group => $documentroot_group, documentroot_mode => $documentroot_mode, - } + run_mode => $run_mode, + run_uid => $run_uid, } # create vhost configuration file ::apache::vhost{$name: ensure => $ensure, path => $path, - template_mode => $template_mode, + path_is_webdir => $path_is_webdir, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logmode => $logmode, + logpath => $logpath, run_mode => $run_mode, run_uid => $run_uid, run_gid => $run_gid, @@ -141,21 +234,17 @@ define apache::vhost::php::standard( options => $options, additional_options => $additional_options, default_charset => $default_charset, - php_safe_mode_exec_bin_dir => $php_safe_mode_exec_bin_dir, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_use_smarty => $php_use_smarty, - php_use_pear => $php_use_pear, - php_safe_mode => $php_safe_mode, - php_default_charset => $real_php_default_charset, - php_additional_open_basedirs => $php_additional_open_basedirs, - php_additional_options => $php_additional_options, + php_settings => $real_php_settings, + php_options => $real_php_options, ssl_mode => $ssl_mode, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, use_mod_macro => $use_mod_macro, + passing_extension => 'php', } } |