puppet_apache.git - [puppet

Age	Commit message (Collapse)	Author
2010-08-16	fix various missing things for itk_plus mode	mh

2010-08-16	impelement itk plus mode	mh
	itk plus mode is an additional mode to deploy itk based hostings which should be a bit more performant. The idea is that we have two apache-instances running: A) prefork based, listening on the external interface B) itk based, listening on the loopback interface A) will serve all static webpages, as well as possibly serve all static content of dynamic websites. All requests to dynamic content will be redirected to B). The idea is that A) doesn't load any modules to server dynamic content at all. B) will serve all the dynamic scripts of a vhost. This will mean that for vhosts (static ones) as well as static content (all none dynamic scripts) we can benefit from the fast prefork model, while we can use itk's security model for all the dynamic scripts. There are two new additional run_modes: - proxy-itk: this just passes all requests to apache instance B). This one is similar to plain itk based mode and should be used for vhosts that shouldn't (yet) changed to the mixed mode. - static-itk: this passes only requests to dynamic scripts to B) while all static content is served by A). Beware that the user with which A) is running should be member of the run group of B) and all static files need to readable by the group. This reduces the security model you have with plain itk, as the prefork apache user will be able to read php (config-) files of any vhost that runs in static-itk mode. If you want to keep the level of security for a certain vhost, you need to run the specific vhost in proxy-itk mode. Note 1: you cannot run vhosts in itk mode and others in proxy or static itk mode. There is a duplicate file resource definition that blocks that possibility. Note 2: This mode works currently only on CentOS based systems, as no work have been done so far to implement an init.d script that's able to run 2 apache instances.
2010-08-11	introduce logmode feature	mh
	We are now able to select how apache should log accesses. These modes are: * default: as you would use it * semianonym: no ips are logged for CustomLog, ErrorLog still logs ips * anonym: no ips are logged for CustomLog, ErrorLog is sent to /dev/null * nologs: all logs are sent to /dev/null
2010-06-12	add upload_dir to open_base_dir if there is one	mh

2010-03-16	typo3 partial errors in backend -> disable modsec for /typo3. Errors like ↵	Andreas
	You don't have permission to access /typo3/alt_doc.php
2010-02-04	add rule to be ignored for wordpress, as it prevents additional uploads	mh

2010-01-30	migrate missing parts	mh
	- migrate missing (newly introduced) vhosts - pass relevant_only stuff to subdefines
2010-01-30	merged with lavamind	mh

2010-01-27	typo	Andreas

2010-01-27	silverstripe htaccess errors	Andreas

2010-01-27	silverstripe .htaccess	Andreas

2010-01-26	module silverstripe	Andreas

2010-01-04	add $mod_security_relevantonly flag, enabled by default, logs only on ↵	Jerome Charaoui
	suspicious requests, set to 'false' to log all requests (as before)
2010-01-04	source of last change (https logins)	Andreas

2010-01-04	gallery redirect user logins to https	Andreas

2010-01-03	we have already a default charset flag we manage	Andreas

2010-01-02	we have already a default charset flag we manage	mh

2010-01-01	php settings for gallery2	Andreas

2010-01-01	gallery2 module	Andreas

2009-12-26	lockfile name must be specified	Andreas

2009-12-26	DAV needs a writable dir for the db (with itk, with the correct user settings)	Andreas

2009-12-23	introduce config::global for global configs in conf.d and config::include ↵	Jerome Charaoui
	for vhost snippets in include.d
2009-12-23	change OS-specific vhost templates into links, add Debian (though not all ↵	Jerome Charaoui
	are tested on Debian)
2009-12-21	missing AllowOverride line	Andreas

2009-11-21	purge bin dir, only add php option if we actually added binaries	mh

2009-11-21	introduce php_default_charset to set charset header in php	mh

2009-11-19	Merge branch 'master' of ipuppet@git.puppet.immerda.ch:module-apache	Andreas

2009-11-19	allow_url_fopen for extmanger	Andreas

2009-11-18	introduce safe mode exec as well for the other vhost types	mh

2009-11-18	renames and proc move from webhosting for php_safe_mode_exec_bins	Andreas

2009-11-18	add php_bin_dir for typo3	Andreas

2009-11-18	added a dir for binaries (php safe_mode_exec_dir)	Andreas

2009-11-03	add utf-8 as default charset	Andreas

2009-11-01	typo3 centos template for vhost	Andreas Maag

2009-08-19	add spip vhost config	mh

2009-08-17	added a redirect vhost define	ng

2009-07-25	ending dash to prevent empty line	mh

2009-07-25	add variable to tweak php safe_mode	mh

2009-06-24	unified mod_sec stuff, turn audit engine off as well	mh

2009-06-23	added correct options for git vhost template	Marcel Haerry

2009-06-21	fixing if then end block	mh

2009-06-16	set mod_sec block as well for static hostings	Marcel Haerry

2009-06-13	introcuded ssl_mode only	mh

2009-06-13	we can now also enable the usage of pear	mh

2009-06-05	add passenger vhost variant	Simon Josi

2009-05-26	only enable smarty when told to	Marcel Haerry
	and include smarty then
2009-05-23	allow to include smarty templates from system	mh

2009-05-23	turn safe_mode off for media wikis	mh
	according to http://www.mediawiki.org/wiki/Safe_mode it's safe to turn crappy safe_mode off. I had the problem that LocalSettings.php was thought to not exist, as in safe_mode this can happen: http://ch2.php.net/manual/en/function.file-exists.php
2009-05-23	we need the safe_mode_include_dir	mh

2009-05-23	added mediawiki path to the openbasedir	mh