summaryrefslogtreecommitdiff
path: root/manifests/vhost/php/wordpress.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/vhost/php/wordpress.pp')
-rw-r--r--manifests/vhost/php/wordpress.pp63
1 files changed, 41 insertions, 22 deletions
diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp
index c4e77f2..7a41ad7 100644
--- a/manifests/vhost/php/wordpress.pp
+++ b/manifests/vhost/php/wordpress.pp
@@ -1,20 +1,35 @@
-# run_mode:
-# - normal: nothing special (*default*)
-# - itk: apache is running with the itk module
-# and run_uid and run_gid are used as vhost users
+# run_mode: controls in which mode the vhost should be run, there are different setups
+# possible:
+# - normal: (*default*) run vhost with the current active worker (default: prefork) don't
+# setup anything special
+# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination
+# with 'proxy-itk' & 'static-itk' mode)
+# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the
+# requests for the itk setup, that listens only on the loobpack device.
+# (Incompatibility: cannot be used in combination with the itk setup.)
+# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static
+# content and proxies the dynamic calls to the itk setup, that listens only on
+# the loobpack device (Incompatibility: cannot be used in combination with
+# 'itk' mode)
+#
# run_uid: the uid the vhost should run as with the itk module
# run_gid: the gid the vhost should run as with the itk module
-# php_safe_mode_exec_bins: An array of local binaries which should be linked in the
-# safe_mode_exec_bin for this hosting
-# *default*: None
-# php_default_charset: default charset header for php.
-# *default*: absent, which will set the same as default_charset
-# of apache
+#
+# mod_security: Whether we use mod_security or not (will include mod_security module)
+# - false: don't activate mod_security
+# - true: (*default*) activate mod_security
+#
+# logmode:
+# - default: Do normal logging to CustomLog and ErrorLog
+# - nologs: Send every logging to /dev/null
+# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null
+# - semianonym: Don't log ips for CustomLog, log normal ErrorLog
define apache::vhost::php::wordpress(
$ensure = present,
$domain = 'absent',
$domainalias = 'absent',
$server_admin = 'absent',
+ $logmode = 'default',
$path = 'absent',
$owner = root,
$group = apache,
@@ -25,18 +40,19 @@ define apache::vhost::php::wordpress(
$run_uid = 'absent',
$run_gid = 'absent',
$allow_override = 'FileInfo',
- $php_upload_tmp_dir = 'absent',
- $php_session_save_path = 'absent',
- $php_safe_mode_exec_bins = 'absent',
- $php_default_charset = 'absent',
+ $php_settings = {},
+ $php_options = {},
$do_includes = false,
$options = 'absent',
$additional_options = 'absent',
$default_charset = 'absent',
$mod_security = true,
$mod_security_relevantonly = true,
+ $mod_security_rules_to_disable = [],
+ $mod_security_additional_options = 'absent',
$ssl_mode = false,
$vhost_mode = 'template',
+ $template_partial = 'apache/vhosts/php_wordpress/partial.erb',
$vhost_source = 'absent',
$vhost_destination = 'absent',
$htpasswd_file = 'absent',
@@ -47,21 +63,23 @@ define apache::vhost::php::wordpress(
){
$documentroot = $path ? {
- 'absent' => $operatingsystem ? {
+ 'absent' => $::operatingsystem ? {
openbsd => "/var/www/htdocs/${name}/www",
default => "/var/www/vhosts/${name}/www"
},
default => "${path}/www"
}
+ $modsec_rules = ["960010", "950018"]
+ $real_mod_security_rules_to_disable = array_union($mod_security_rules_to_disable,$modsec_rules)
# create vhost configuration file
- ::apache::vhost::php::webapp{$name:
+ apache::vhost::php::webapp{$name:
ensure => $ensure,
domain => $domain,
domainalias => $domainalias,
server_admin => $server_admin,
+ logmode => $logmode,
path => $path,
- template_mode => 'php_wordpress',
owner => $owner,
group => $group,
documentroot_owner => $documentroot_owner,
@@ -71,24 +89,25 @@ define apache::vhost::php::wordpress(
run_uid => $run_uid,
run_gid => $run_gid,
allow_override => $allow_override,
- php_upload_tmp_dir => $php_upload_tmp_dir,
- php_session_save_path => $php_session_save_path,
- php_safe_mode_exec_bins => $php_safe_mode_exec_bins,
- php_default_charset => $php_default_charset,
+ php_settings => $php_settings,
+ php_options => $php_options,
do_includes => $do_includes,
options => $options,
additional_options => $additional_options,
default_charset => $default_charset,
mod_security => $mod_security,
mod_security_relevantonly => $mod_security_relevantonly,
+ mod_security_rules_to_disable => $real_mod_security_rules_to_disable,
+ mod_security_additional_options => $mod_security_additional_options,
ssl_mode => $ssl_mode,
vhost_mode => $vhost_mode,
+ template_partial => $template_partial,
vhost_source => $vhost_source,
vhost_destination => $vhost_destination,
htpasswd_file => $htpasswd_file,
htpasswd_path => $htpasswd_path,
manage_directories => $manage_directories,
- managed_directories => "$documentroot/wp-content",
+ managed_directories => "${documentroot}/wp-content",
manage_config => $manage_config,
config_webwriteable => $config_webwriteable,
config_file => 'wp-config.php',