puppet_apache.git - [puppet

Age	Commit message (Collapse)	Author
2019-02-14	Update default apache2 conf for StretchHEAD master	kwadronaut

2015-04-29	add apache2.conf for Debian jessie - Fixes #1	Jerome Charaoui

2014-11-15	sni: make ssl_cert configurable per vhost	o
	to support sni we configure ssl_certs on a vhost basis. additionally this commit introduces a generic configuration hash which will be used to replace most other parameters in the future.
2014-10-16	disable SSLv3	o

2014-07-18	make our autoconfig setup public	mh

2013-04-25	Merge commit 'dafb060'	Micah Anderson
	Conflicts: manifests/debian.pp
2013-04-12	Merge remote-tracking branch 'immerda/master'	Micah Anderson
	Fixed apache_no_default_site variable to be a parameter to the apache class (no_default_site = false) Conflicts: files/include.d/Debian/ssl_defaults.inc manifests/base.pp manifests/config/file.pp manifests/vhost.pp manifests/vhost/php/standard.pp manifests/vhost/template.pp templates/vhosts/php/CentOS.erb templates/vhosts/php/Debian.erb
2013-02-28	add munin plugin to this module	mh

2012-11-04	Merge branch 'master' of git://labs.riseup.net/shared-apache	varac

2012-11-04	added wheezy apache2.conf	varac

2012-10-30	Update default apache2.conf for Debian using packaged version	Jerome Charaoui

2012-03-07	Add default vhost files for Debian	Gabriel Filion
	Taken from a Debian Squeeze install of Apache. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-10-13	add worker related config files	mh

2011-10-08	introduce a new template style, less duplicated things, more handy options	mh

2011-03-18	we don't need these logfiles in the include	mh

2011-02-22	add STS header in default ssl config	mh

2010-12-12	update to latest secure ssl directives	mh

2010-08-17	correct statement	mh

2010-08-16	fix various missing things for itk_plus mode	mh

2010-08-16	impelement itk plus mode	mh
	itk plus mode is an additional mode to deploy itk based hostings which should be a bit more performant. The idea is that we have two apache-instances running: A) prefork based, listening on the external interface B) itk based, listening on the loopback interface A) will serve all static webpages, as well as possibly serve all static content of dynamic websites. All requests to dynamic content will be redirected to B). The idea is that A) doesn't load any modules to server dynamic content at all. B) will serve all the dynamic scripts of a vhost. This will mean that for vhosts (static ones) as well as static content (all none dynamic scripts) we can benefit from the fast prefork model, while we can use itk's security model for all the dynamic scripts. There are two new additional run_modes: - proxy-itk: this just passes all requests to apache instance B). This one is similar to plain itk based mode and should be used for vhosts that shouldn't (yet) changed to the mixed mode. - static-itk: this passes only requests to dynamic scripts to B) while all static content is served by A). Beware that the user with which A) is running should be member of the run group of B) and all static files need to readable by the group. This reduces the security model you have with plain itk, as the prefork apache user will be able to read php (config-) files of any vhost that runs in static-itk mode. If you want to keep the level of security for a certain vhost, you need to run the specific vhost in proxy-itk mode. Note 1: you cannot run vhosts in itk mode and others in proxy or static itk mode. There is a duplicate file resource definition that blocks that possibility. Note 2: This mode works currently only on CentOS based systems, as no work have been done so far to implement an init.d script that's able to run 2 apache instances.
2010-06-10	adjust sslciphersuite to new recommendations	mh

2010-02-15	fix log path in include.d/Debian/ssl_defaults.inc	Jerome Charaoui

2010-02-03	add global ssl.conf file on Debian to provide NameVirtualHost directive	Jerome Charaoui

2010-02-03	fix incomplete file include.d/Debian/ssl_defaults.inc	Jerome Charaoui

2010-02-03	provide ssl defaults for vhosts under Debian (copied from CentOS config)	Jerome Charaoui

2010-01-30	fix includes to new location	mh

2009-12-23	manage default 'charset' and 'security' configs on Debian	Jerome Charaoui

2009-12-23	move includes in conf.d into include.d	Jerome Charaoui

2009-12-23	organize files in subdirectories per type : 'config' for main apache config; ↵	Jerome Charaoui
	'scripts' for extra shell scripts; 'service' for service default parameters. also, manage apache2.conf on Debian.
2009-12-08	improve Debian support	Jerome Charaoui

2009-11-24	rotate internal apache logs as well	mh

2009-05-17	enable itk in the sysconfig module	mh

2009-05-17	manage sysconfig for itk as well	duritong

2009-05-17	added sysconfig to be managed as well	Marcel

2009-03-15	added default rewrite rules for joomlas	mh

2009-02-24	deny access to git repository folders	mh

2008-12-05	- add index.shtml to default index if we do includ	mh
	es, as well add +Includes to the directory options if not yet done - removed the security rewrite as it is already in the defaults.inc! - removed the enforcement of mod_security
2008-11-30	merged with puzzle	mh

2008-11-07	adjusted paths to general style	mh

2008-11-07	made path more default	mh
	introduced logrotating for apache
2008-11-07	use rather default shell	mh

2008-11-07	generalized various config styles	mh
	finished support for openbsd
2008-11-07	merged with puzzle	mh

2008-11-01	enabled apache for openbsd	mh

2008-11-01	finally fixed VirtualHosts stuff for ssl	mh

2008-11-01	fixed default paths	mh

2008-11-01	tuned ssl for more secure ciphers, hide server signature by default	mh

2008-11-01	merged with puzzle	mh

2008-10-25	merged with puzzle	mh

2008-07-26	factered out the modules of the apache module	mh