From a2874ab6b1bab2c0a75ad9c62a77490d37846e0f Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 4 Nov 2012 20:25:48 +0100 Subject: added wheezy apache2.conf --- files/config/Debian.wheezy/apache2.conf | 268 ++++++++++++++++++++++++++++++++ 1 file changed, 268 insertions(+) create mode 100644 files/config/Debian.wheezy/apache2.conf diff --git a/files/config/Debian.wheezy/apache2.conf b/files/config/Debian.wheezy/apache2.conf new file mode 100644 index 0000000..5054567 --- /dev/null +++ b/files/config/Debian.wheezy/apache2.conf @@ -0,0 +1,268 @@ +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See http://httpd.apache.org/docs/2.2/ for detailed information about +# the directives and /usr/share/doc/apache2-common/README.Debian.gz about +# Debian specific hints. +# +# +# Summary of how the Apache 2 configuration works in Debian: +# The Apache 2 web server configuration in Debian is quite different to +# upstream's suggested way to configure the web server. This is because Debian's +# default Apache2 installation attempts to make adding and removing modules, +# virtual hosts, and extra configuration directives as flexible as possible, in +# order to make automating the changes and administering the server as easy as +# possible. + +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * +# `-- sites-enabled +# `-- * +# +# +# * apache2.conf is the main configuration file (this file). It puts the pieces +# together by including all remaining configuration files when starting up the +# web server. +# +# In order to avoid conflicts with backup files, the Include directive is +# adapted to ignore files that: +# - do not begin with a letter or number +# - contain a character that is neither letter nor number nor _-:. +# - contain .dpkg +# +# Yet we strongly suggest that all configuration files either end with a +# .conf or .load suffix in the file name. The next Debian release will +# ignore files not ending with .conf (or .load for mods-enabled). +# +# * ports.conf is always included from the main configuration file. It is +# supposed to determine listening ports for incoming connections, and which +# of these ports are used for name based virtual hosts. +# +# * Configuration files in the mods-enabled/ and sites-enabled/ directories +# contain particular configuration snippets which manage modules or virtual +# host configurations, respectively. +# +# They are activated by symlinking available configuration files from their +# respective *-available/ counterparts. These should be managed by using our +# helpers a2enmod/a2dismod, a2ensite/a2dissite. See +# their respective man pages for detailed information. +# +# * Configuration files in the conf.d directory are either provided by other +# packages or may be added by the local administrator. Local additions +# should start with local- or end with .local.conf to avoid name clashes. All +# files in conf.d are considered (excluding the exceptions noted above) by +# the Apache 2 web server. +# +# * The binary is called apache2. Due to the use of environment variables, in +# the default configuration, apache2 needs to be started/stopped with +# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not +# work with the default configuration. + + +# Global configuration +# + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the LockFile documentation (available +# at ); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +#ServerRoot "/etc/apache2" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +LockFile ${APACHE_LOCK_DIR}/accept.lock + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# This needs to be set in /etc/apache2/envvars +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 5 + +## +## Server-Pool Size Regulation (MPM specific) +## + +# prefork MPM +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# MaxClients: maximum number of server processes allowed to start +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxClients 150 + MaxRequestsPerChild 0 + + +# worker MPM +# StartServers: initial number of server processes to start +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a +# graceful restart. ThreadLimit can only be changed by stopping +# and starting Apache. +# ThreadsPerChild: constant number of worker threads in each server process +# MaxClients: maximum number of simultaneous client connections +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 150 + MaxRequestsPerChild 0 + + +# event MPM +# StartServers: initial number of server processes to start +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxClients: maximum number of simultaneous client connections +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 150 + MaxRequestsPerChild 0 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +# +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# + +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Order allow,deny + Deny from all + Satisfy all + + +# +# DefaultType is the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +# +# It is also possible to omit any default MIME type and let the +# client's browser guess an appropriate action instead. Typically the +# browser will decide based on the file's extension then. In cases +# where no good assumption can be made, letting the default MIME type +# unset is suggested instead of forcing the browser to accept +# incorrect metadata. +# +DefaultType None + + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog ${APACHE_LOG_DIR}/error.log + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +# +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# Include of directories ignores editors' and dpkg's backup files, +# see the comments above for details. + +# Include generic snippets of statements +Include conf.d/ + +# Include the virtual host configurations: +Include sites-enabled/ -- cgit v1.2.3 From 104b2e09399e02a8aa9687df0de795644e4b83e0 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 4 Nov 2012 21:30:21 +0100 Subject: added paths so wheez config is picked up, also linted a bit --- manifests/debian.pp | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/manifests/debian.pp b/manifests/debian.pp index e07920f..b7a5d9e 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -3,7 +3,7 @@ class apache::debian inherits apache::package { $config_dir = '/etc/apache2' Package[apache] { - name => 'apache2', + name => 'apache2', } File[vhosts_dir] { path => "${config_dir}/sites-enabled", @@ -12,28 +12,31 @@ class apache::debian inherits apache::package { path => "${config_dir}/mods-enabled", } File[htpasswd_dir] { - path => "/var/www/htpasswds", - group => 'www-data', + path => '/var/www/htpasswds', + group => 'www-data', } File[default_apache_index] { path => '/var/www/index.html', } file { 'apache_main_config': - path => "${config_dir}/apache2.conf", - source => [ "puppet://$server/modules/site-apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", + path => "${config_dir}/apache2.conf", + source => [ "puppet://$server/modules/site-apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", "puppet://$server/modules/site-apache/config/Debian/{$fqdn}/apache2.conf", "puppet://$server/modules/site-apache/config/Debian.${lsbdistcodename}/apache2.conf", "puppet://$server/modules/site-apache/config/Debian/apache2.conf", + "puppet://$server/modules/apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", + "puppet://$server/modules/apache/config/Debian/{$fqdn}/apache2.conf", + "puppet://$server/modules/apache/config/Debian.${lsbdistcodename}/apache2.conf", "puppet://$server/modules/apache/config/Debian/apache2.conf" ], require => Package['apache'], - notify => Service['apache'], - owner => root, group => 0, mode => 0644; + notify => Service['apache'], + owner => root, group => 0, mode => '0644'; } apache::config::global{ 'charset': } apache::config::global{ 'security': } file { 'default_debian_apache_vhost': - path => '/etc/apache2/sites-enabled/000-default', ensure => absent, + path => '/etc/apache2/sites-enabled/000-default', } } -- cgit v1.2.3 From dafb060fc57957dbe9e5e90698537e781cebeaf6 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 10 Mar 2013 15:41:35 +0100 Subject: updated facts in file source for apache2.conf, linted --- manifests/debian.pp | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/manifests/debian.pp b/manifests/debian.pp index b7a5d9e..828245f 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -20,17 +20,19 @@ class apache::debian inherits apache::package { } file { 'apache_main_config': path => "${config_dir}/apache2.conf", - source => [ "puppet://$server/modules/site-apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", - "puppet://$server/modules/site-apache/config/Debian/{$fqdn}/apache2.conf", - "puppet://$server/modules/site-apache/config/Debian.${lsbdistcodename}/apache2.conf", - "puppet://$server/modules/site-apache/config/Debian/apache2.conf", - "puppet://$server/modules/apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", - "puppet://$server/modules/apache/config/Debian/{$fqdn}/apache2.conf", - "puppet://$server/modules/apache/config/Debian.${lsbdistcodename}/apache2.conf", - "puppet://$server/modules/apache/config/Debian/apache2.conf" ], + source => [ "puppet:///modules/site-apache/config/Debian.${::lsbdistcodename}/${::fqdn}/apache2.conf", + "puppet:///modules/site-apache/config/Debian/${::fqdn}/apache2.conf", + "puppet:///modules/site-apache/config/Debian.${::lsbdistcodename}/apache2.conf", + 'puppet:///modules/site-apache/config/Debian/apache2.conf', + "puppet:///modules/apache/config/Debian.${::lsbdistcodename}/${::fqdn}/apache2.conf", + "puppet:///modules/apache/config/Debian/${::fqdn}/apache2.conf", + "puppet:///modules/apache/config/Debian.${::lsbdistcodename}/apache2.conf", + 'puppet:///modules/apache/config/Debian/apache2.conf' ], require => Package['apache'], notify => Service['apache'], - owner => root, group => 0, mode => '0644'; + owner => root, + group => 0, + mode => '0644'; } apache::config::global{ 'charset': } apache::config::global{ 'security': } -- cgit v1.2.3 From 2f6d7891e115f921c157567e2aa5afd6199c310e Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 15 Apr 2013 15:48:43 -0400 Subject: add the requirement for perl::extensions::libwww --- README | 2 ++ manifests/munin.pp | 3 +++ 2 files changed, 5 insertions(+) diff --git a/README b/README index 6eee262..ff6d338 100644 --- a/README +++ b/README @@ -19,6 +19,8 @@ have to be deployed to fit this schema. * if using the munin module, you need a version of the munin module that is at or newer than commit 77e0a70999a8c4c20ee8d9eb521b927c525ac653 (Feb 28, 2013) + * if using munin, you will need to have the perl module installed + * you must change your modules/site-apache to modules/site_apache * the $apache_no_default_site variable is no longer supported, you should diff --git a/manifests/munin.pp b/manifests/munin.pp index 8b5bda1..2a04e97 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -1,5 +1,8 @@ # manage apache monitoring things class apache::munin { + + include perl::extensions::libwww + munin::plugin{ [ 'apache_accesses', 'apache_processes', 'apache_volume' ]: } munin::plugin::deploy { 'apache_activity': source => 'apache/munin/apache_activity', -- cgit v1.2.3 From 688f07793a72ba4453f6663b6d19fe6388ba382f Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 18 Apr 2013 16:36:48 -0400 Subject: add a 'ssl' parameter, so you do not need to include two classes to get ssl support, you can simply just pass the 'ssl => true'. this may also help the occasional warning: warning: Scope(Class[Apache::Ssl]): Could not look up qualified variable 'apache::manage_shorewall'; class apache has not been evaluated at /srv/leap/puppet/modules/apache/manifests/ssl.pp:10 --- README | 10 +++++----- manifests/init.pp | 6 +++++- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/README b/README index ff6d338..b723a54 100644 --- a/README +++ b/README @@ -77,18 +77,18 @@ class to have the module do some things for you: 0-default_ssl.conf virtualhosts automatically created in your node configuration. (Default: false) + * ssl: If you want to install Apache SSL support enabled, just pass this + parameter (Default: false) + For example: class { 'apache': manage_shorewall => true, manage_munin => true, - no_default_site => true + no_default_site => true, + ssl => true } -If you want to install Apache and also enable SSL support: - - include apache::ssl - You can install the ITK worker model to enforce stronger, per-user security: include apache::itk diff --git a/manifests/init.pp b/manifests/init.pp index 574c212..542e7aa 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -17,7 +17,8 @@ class apache( $cluster_node = '', $manage_shorewall = false, $manage_munin = false, - $no_default_site = false + $no_default_site = false, + $ssl = false ) { case $::operatingsystem { centos: { include apache::centos } @@ -32,5 +33,8 @@ class apache( if $apache::manage_shorewall { include shorewall::rules::http } + if $ssl { + include apache::ssl + } } -- cgit v1.2.3 From 090e59ad1fcba01e868237a83cadf9254cf09d3e Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 25 Apr 2013 14:34:20 -0400 Subject: fix merge conflict resolution mistake --- manifests/debian.pp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/manifests/debian.pp b/manifests/debian.pp index 9180825..d009e25 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -19,11 +19,15 @@ class apache::debian inherits apache::package { path => '/var/www/index.html', } file { 'apache_main_config': - path => "${config_dir}/apache2.conf", - source => [ "puppet:///modules/site_apache/config/Debian/{$::fqdn}/apache2.conf", + path => "${config_dir}/apache2.conf", + source => [ "puppet:///modules/site_apache/config/Debian.${::lsbdistcodename}/${::fqdn}/apache2.conf", + "puppet:///modules/site_apache/config/Debian/${::fqdn}/apache2.conf", "puppet:///modules/site_apache/config/Debian.${::lsbdistcodename}/apache2.conf", - "puppet:///modules/site_apache/config/Debian/apache2.conf", - "puppet:///modules/apache/config/Debian/apache2.conf" ], + 'puppet:///modules/site_apache/config/Debian/apache2.conf', + "puppet:///modules/apache/config/Debian.${::lsbdistcodename}/${::fqdn}/apache2.conf", + "puppet:///modules/apache/config/Debian/${::fqdn}/apache2.conf", + "puppet:///modules/apache/config/Debian.${::lsbdistcodename}/apache2.conf", + 'puppet:///modules/apache/config/Debian/apache2.conf' ], require => Package['apache'], notify => Service['apache'], owner => root, -- cgit v1.2.3 From c3e92a9b3cb02f1546b6b1570f10a968d380005c Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 19 May 2013 12:32:30 -0700 Subject: fixed typo that caused 0-default_ssl.conf to always be created. --- manifests/ssl/base.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/ssl/base.pp b/manifests/ssl/base.pp index ff9baa5..7c17423 100644 --- a/manifests/ssl/base.pp +++ b/manifests/ssl/base.pp @@ -1,7 +1,7 @@ class apache::ssl::base { ::apache::config::include{ 'ssl_defaults.inc': } - if !$apache_no_default_site { + if !$apache::no_default_site { ::apache::vhost::file{ '0-default_ssl': } } } -- cgit v1.2.3 From fec34a4c27a591f55416ed4409bee09d924232cd Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Thu, 20 Feb 2014 17:38:20 -0500 Subject: Document templatewlv requirement --- README | 1 + 1 file changed, 1 insertion(+) diff --git a/README b/README index b723a54..e90bdce 100644 --- a/README +++ b/README @@ -50,6 +50,7 @@ Requirements: * puppet 2.7 or newer * stdlib + * templatewlv Usage -- cgit v1.2.3 From 1194d183efb1395b91c5433b2878f7908a24c78f Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Fri, 21 Feb 2014 14:46:38 -0500 Subject: enable status module on debian --- manifests/status.pp | 1 + manifests/status/debian.pp | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 manifests/status/debian.pp diff --git a/manifests/status.pp b/manifests/status.pp index 1f7ca89..c507013 100644 --- a/manifests/status.pp +++ b/manifests/status.pp @@ -3,6 +3,7 @@ class apache::status { case $::operatingsystem { centos: { include apache::status::centos } + debian: { include apache::status::debian } defaults: { include apache::status::base } } if $apache::manage_munin { diff --git a/manifests/status/debian.pp b/manifests/status/debian.pp new file mode 100644 index 0000000..678bc44 --- /dev/null +++ b/manifests/status/debian.pp @@ -0,0 +1,3 @@ +class apache::status::debian { + ::apache::debian::module { 'status': } +} -- cgit v1.2.3