puppet_apache.git - [puppet

Age	Commit message (Collapse)	Author
2011-10-08	pass php_settings to fcgid-starter and only set them in vhost, if we don't ↵	mh
	run as fgcid
2011-10-08	fix naming	mh

2011-10-08	add mod_fcgid stuff	mh

2011-10-08	remove dead file	mh

2011-10-08	remove old files	mh

2011-10-08	introduce a new template style, less duplicated things, more handy options	mh

2011-10-08	remove an unnecessary template	mh

2011-10-08	migrating a first part over to the new partial style	mh

2011-10-08	first work on php_settings via hash	mh

2011-05-18	woraround that redirects do not have a documentroot	mh

2011-05-18	we need to set the var also vor http parts	mh

2011-05-18	fix template typo from a previous copy&paste error	mh

2011-05-18	move header to partials	mh

2011-05-17	this is now in the include file	mh

2011-05-17	migrate authentication to partials	mh

2011-05-17	indentation	mh

2011-05-17	switching logs over to partials	mh

2011-05-17	indentation	mh

2011-05-17	fix template typo	mh

2011-05-17	improve mod_security rules	mh
	* handled now by a partial * possibility to add rules that should be removed * possibility to add custom mod_sec options" * use new infrastructure for existing mod_sec tweaks
2011-04-01	fix template error	mh

2011-03-31	add missing files and manage necessary files to run as specific user	mh

2011-03-31	improving passenger support	mh

2011-03-17	put mod_security stuff in its own partial	mh

2011-03-17	add mod_security stuff to the new default template	mh

2011-02-25	we need a new line there	mh

2011-02-25	cleanup rendering	mh

2011-02-25	fix template syntax	mh

2011-02-25	fixing template foo	mh

2011-02-22	fixing mode stuff	mh

2011-02-22	try to fix a variable problem	mh

2011-02-22	fix template paths	mh

2011-02-22	fix typo	mh

2011-02-22	first way to a unified partial based vhost template	mh

2011-01-30	adding htpasswd for proxy	mh

2010-12-12	enable HTS everywhere	mh

2010-12-06	add STS header for enforced SSL sites	mh
	* http://en.wikipedia.org/wiki/Strict_Transport_Security This will tell browsers to interact with that site only per HTTPS.
2010-11-04	allow setting of additional options for proxy vhosts	mh

2010-11-01	add possibility to proxy vhosts	mh

2010-10-25	unify naming	mh

2010-10-25	improve redirect, so we don't stick on the servername	mh

2010-08-18	add missing directive for ssl proxy vhosts	mh

2010-08-16	fix various missing things for itk_plus mode	mh

2010-08-16	impelement itk plus mode	mh
	itk plus mode is an additional mode to deploy itk based hostings which should be a bit more performant. The idea is that we have two apache-instances running: A) prefork based, listening on the external interface B) itk based, listening on the loopback interface A) will serve all static webpages, as well as possibly serve all static content of dynamic websites. All requests to dynamic content will be redirected to B). The idea is that A) doesn't load any modules to server dynamic content at all. B) will serve all the dynamic scripts of a vhost. This will mean that for vhosts (static ones) as well as static content (all none dynamic scripts) we can benefit from the fast prefork model, while we can use itk's security model for all the dynamic scripts. There are two new additional run_modes: - proxy-itk: this just passes all requests to apache instance B). This one is similar to plain itk based mode and should be used for vhosts that shouldn't (yet) changed to the mixed mode. - static-itk: this passes only requests to dynamic scripts to B) while all static content is served by A). Beware that the user with which A) is running should be member of the run group of B) and all static files need to readable by the group. This reduces the security model you have with plain itk, as the prefork apache user will be able to read php (config-) files of any vhost that runs in static-itk mode. If you want to keep the level of security for a certain vhost, you need to run the specific vhost in proxy-itk mode. Note 1: you cannot run vhosts in itk mode and others in proxy or static itk mode. There is a duplicate file resource definition that blocks that possibility. Note 2: This mode works currently only on CentOS based systems, as no work have been done so far to implement an init.d script that's able to run 2 apache instances.
2010-08-11	introduce logmode feature	mh
	We are now able to select how apache should log accesses. These modes are: * default: as you would use it * semianonym: no ips are logged for CustomLog, ErrorLog still logs ips * anonym: no ips are logged for CustomLog, ErrorLog is sent to /dev/null * nologs: all logs are sent to /dev/null
2010-06-12	add upload_dir to open_base_dir if there is one	mh

2010-03-16	typo3 partial errors in backend -> disable modsec for /typo3. Errors like ↵	Andreas
	You don't have permission to access /typo3/alt_doc.php
2010-02-04	add rule to be ignored for wordpress, as it prevents additional uploads	mh

2010-01-30	migrate missing parts	mh
	- migrate missing (newly introduced) vhosts - pass relevant_only stuff to subdefines
2010-01-30	merged with lavamind	mh