diff --git a/README.md b/README.md index 28c541d44..b98749b58 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ * [Class: apache::mod::negotiation](#class-apachemodnegotiation) * [Class: apache::mod::deflate](#class-apachemoddeflate) * [Class: apache::mod::reqtimeout](#class-apachemodreqtimeout) + * [Class: apache::mod::version](#class-apachemodversion) * [Defined Type: apache::vhost](#defined-type-apachevhost) * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost) @@ -65,7 +66,7 @@ Apache is a widely-used web server, and this module provides a simplified way of * Apache modules * virtual hosts * listened-to ports -* `/etc/make.conf` on FreeBSD +* `/etc/make.conf` on FreeBSD ###Beginning with Apache @@ -181,9 +182,9 @@ To set up a virtual host with WSGI docroot => '/var/www/pythonapp', wsgi_application_group => '%{GLOBAL}', wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => { - processes => '2', - threads => '15', + wsgi_daemon_process_options => { + processes => '2', + threads => '15', display-name => '%{GROUP}', }, wsgi_import_script => '/var/www/demo.wsgi', @@ -252,7 +253,7 @@ Generates default set of include-able Apache configuration files under `${apach #####`default_mods` -Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. +Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. Defaults to 'true', which includes the default [HTTPD mods](https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp). @@ -309,6 +310,10 @@ SSL vhosts only respond to HTTPS queries. Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [customized virtual hosts](#configure-a-virtual-host). +#####`docroot` + +Changes the location of the default [Documentroot](https://httpd.apache.org/docs/current/mod/core.html#documentroot). Defaults to '/var/www/html' on RedHat, '/var/www' on Debian, and '/usr/local/www/apache22/data' on FreeBSD. + #####`error_documents` Enables custom error documents. Defaults to 'false'. @@ -374,9 +379,9 @@ Determines which MPM is loaded and configured for the HTTPD process. Valid value * `apache::mod::itk` * `apache::mod::peruser` * `apache::mod::prefork` -* `apache::mod::worker` +* `apache::mod::worker` -*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. +*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. #####`package_ensure` @@ -565,7 +570,7 @@ The modules mentioned above, and other Apache modules that have templates, cause ####Class: `apache::mod::info` -Installs and manages mod_info which provides a comprehensive overview of the server configuration. +Installs and manages mod_info which provides a comprehensive overview of the server configuration. Full documentation for mod_info is available from [Apache](http://httpd.apache.org/docs/2.2/mod/mod_info.html). @@ -680,7 +685,7 @@ Overriding the default configuartion: } ``` -or +or ```puppet class {'::apache::mod::php': template => 'apache/php.conf.erb', @@ -710,6 +715,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t class { 'apache::mod::ssl': ssl_compression => false, ssl_options => [ 'StdEnvVars' ], + ssl_protocol => [ 'all', '-SSLv2', '-SSLv3'], } ``` @@ -717,7 +723,7 @@ To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` par ####Class: `apache::mod::wsgi` -Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. +Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. For customized parameters, which tell Apache how Python is currently configured on the operating system, @@ -822,6 +828,15 @@ mod_reqtimeout configuration. } ``` +####Class: `apache::mod::reqtimeout` + +This wrapper around mod_version warns on Debian and Ubuntu systems with Apache httpd 2.4 +about loading mod_version, as on these platforms it's already built-in. + +```puppet + include '::apache::mod::version' +``` + #####`timeouts` A string or an array that sets the `RequestReadTimeout` option. Defaults to @@ -952,7 +967,9 @@ Sets the list of resources to look for when a client requests an index of the di #####`docroot` -Provides the [DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) directive, which identifies the directory Apache serves files from. Required. +Provides the +[DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) +directive, which identifies the directory Apache serves files from. Required. #####`docroot_group` @@ -1127,22 +1144,27 @@ Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/ #####`proxy_pass` -Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. +Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters can be added as an array. ```puppet apache::vhost { 'site.name.fdqn': - … + … proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, - { 'path' => '/c', 'url' => 'http://backend-a/c' }, + { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => 'max=20 ttl=120 retry=300' }, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, + { 'path' => '/d', 'url' => 'http://backend-a/d', + 'params' => { 'retry' => '0', 'timeout' => '5' }, }, + { 'path' => '/e', 'url' => 'http://backend-a/e', + 'keywords' => ['nocanon', 'interpolate'] }, ], } ``` `reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. +`params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings). #####`rack_base_uris` @@ -1204,7 +1226,7 @@ Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mo #####`rewrites` -Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. +Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. For example, you can specify that anyone trying to access index.html is served welcome.html @@ -1265,7 +1287,7 @@ Multiple rewrites and conditions are also possible rewrite_base => /apps/, rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], }, - ], + ], } ``` @@ -1326,7 +1348,7 @@ Used by HTTPD to conditionally set environment variables for vhosts. Defaults to #####`suphp_addhandler`, `suphp_configpath`, & `suphp_engine` -Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). +Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). `suphp_addhandler` defaults to 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian. @@ -1353,9 +1375,9 @@ To set up a virtual host with suPHP Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '*'. -#####`virtual_docroot` +#####`virtual_docroot` -Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. +Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. ```puppet apache::vhost { 'subdomain.loc': @@ -1391,8 +1413,8 @@ To set up a virtual host with WSGI docroot => '/var/www/pythonapp', wsgi_daemon_process => 'wsgi', wsgi_daemon_process_options => - { processes => '2', - threads => '15', + { processes => '2', + threads => '15', display-name => '%{GROUP}', }, wsgi_process_group => 'wsgi', @@ -1415,9 +1437,9 @@ General `directories` usage looks something like apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ - { 'path' => '/var/www/files', - 'provider' => 'files', - 'deny' => 'from all' + { 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from all' }, ], } @@ -1438,15 +1460,15 @@ Any handlers you do not set in these hashes are considered 'undefined' within Pu ######`addhandlers` -Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. +Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ + directories => [ { path => '/path/to/directory', addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], - }, + }, ], } ``` @@ -1458,10 +1480,10 @@ Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow => 'from example.org', - }, + directories => [ + { path => '/path/to/directory', + allow => 'from example.org', + }, ], } ``` @@ -1473,10 +1495,10 @@ Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow_override => ['AuthConfig', 'Indexes'], - }, + directories => [ + { path => '/path/to/directory', + allow_override => ['AuthConfig', 'Indexes'], + }, ], } ``` @@ -1543,7 +1565,7 @@ Pass a string of custom configuration directives to be placed at the end of the ```puppet apache::vhost { 'monitor': - … + … custom_fragment => ' SetHandler balancer-manager @@ -1566,24 +1588,24 @@ Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) dir ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - deny => 'from example.org', - }, + directories => [ + { path => '/path/to/directory', + deny => 'from example.org', + }, ], } ``` ######`error_documents` -An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. +An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. ```puppet apache::vhost { 'sample.example.net': - directories => [ + directories => [ { path => '/srv/www', error_documents => [ - { 'error_code' => '503', + { 'error_code' => '503', 'document' => '/service-unavail', }, ], @@ -1613,9 +1635,9 @@ Allows configuration settings for [directory indexing](http://httpd.apache.org/d ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], }, ], @@ -1629,11 +1651,11 @@ Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoind ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', index_order_default => ['Descending', 'Date'], - }, + }, ], } ``` @@ -1645,9 +1667,9 @@ Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], }, ], } @@ -1660,9 +1682,9 @@ Sets the order of processing Allow and Deny statements as per [Apache core docum ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', }, ], } @@ -1775,10 +1797,10 @@ String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - ssl_options => '+ExportCertData', + { path => '/path/to/directory', + ssl_options => '+ExportCertData', }, - { path => '/path/to/different/dir', + { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'], }, ], @@ -1793,10 +1815,10 @@ A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://w apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - suphp => - { user => 'myappuser', - group => 'myappgroup', + { path => '/path/to/directory', + suphp => + { user => 'myappuser', + group => 'myappgroup', }, }, ], @@ -1809,7 +1831,7 @@ All of the SSL parameters for `::vhost` default to whatever is set in the base ` #####`ssl` -Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. +Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. #####`ssl_ca` @@ -1821,7 +1843,7 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce #####`ssl_protocol` -Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. +Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2 -SSLv3'. @@ -1883,7 +1905,7 @@ Sets the [SSLVerifyDepth](http://httpd.apache.org/docs/current/mod/mod_ssl.html# #####`ssl_options` -Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. +Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. A string: @@ -2132,7 +2154,7 @@ If you want to add two name-based vhosts so that they answer on either 10.0.0.10 ####Defined Type: `apache::balancer` -`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). +`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). One `apache::balancer` defined resource should be defined for each Apache load balanced set of servers. The `apache::balancermember` resources for all balancer members can be exported and collected on a single Apache load balancer server using exported resources. @@ -2148,7 +2170,7 @@ Configures key-value pairs as [ProxySet](http://httpd.apache.org/docs/current/mo #####`collect_exported` -Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. +Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. If you statically declare all of your backend servers, you should set this to 'false' to rely on existing declared balancer member resources. Also make sure to use `apache::balancermember` with array arguments. @@ -2226,7 +2248,7 @@ If you need to use ProxySet in the balancer config * [`apache`](#class-apache): Guides the basic setup of Apache. * `apache::dev`: Installs Apache development libraries. (*Note:* On FreeBSD, you must declare `apache::package` or `apache` before `apache::dev`.) * [`apache::mod::[name]`](#classes-apachemodname): Enables specific Apache HTTPD modules. - + ####Private Classes * `apache::confd::no_accf`: Creates the no-accf.conf configuration file in conf.d, required by FreeBSD's Apache 2.4. @@ -2245,7 +2267,7 @@ If you need to use ProxySet in the balancer config * `apache::listen`: Based on the title, controls which ports Apache binds to for listening. Adds [Listen](http://httpd.apache.org/docs/current/bind.html) directives to ports.conf in the Apache HTTPD configuration directory. Titles take the form '', ':', or ':'. * `apache::mod`: Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. * `apache::namevirtualhost`: Enables name-based hosting of a virtual host. Adds all [NameVirtualHost](http://httpd.apache.org/docs/current/vhosts/name-based.html) directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles take the form '\*', '*:', '\_default_:, '', or ':'. -* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. +* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. ####Private Defined Types @@ -2264,7 +2286,7 @@ The `apache::vhost::WSGIImportScript` parameter creates a statement inside the V ###RHEL/CentOS 5 -The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. +The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. ###RHEL/CentOS 7 @@ -2272,7 +2294,7 @@ The `apache::mod::passenger` class is untested as the repository does not have p ###General -This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. +This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. The module contains support for other distributions and operating systems, such as FreeBSD and Amazon Linux, but is not formally tested on those and regressions can occur. diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 7e8381f03..09e360a49 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -36,10 +36,11 @@ include ::apache::mod::cache include ::apache::mod::mime include ::apache::mod::mime_magic - include ::apache::mod::vhost_alias - include ::apache::mod::suexec include ::apache::mod::rewrite include ::apache::mod::speling + include ::apache::mod::suexec + include ::apache::mod::version + include ::apache::mod::vhost_alias ::apache::mod { 'auth_digest': } ::apache::mod { 'authn_anon': } ::apache::mod { 'authn_dbm': } @@ -51,7 +52,6 @@ ::apache::mod { 'logio': } ::apache::mod { 'substitute': } ::apache::mod { 'usertrack': } - ::apache::mod { 'version': } if versioncmp($apache_version, '2.4') >= 0 { ::apache::mod { 'authn_core': } @@ -71,6 +71,7 @@ include ::apache::mod::reqtimeout include ::apache::mod::rewrite include ::apache::mod::userdir + include ::apache::mod::version include ::apache::mod::vhost_alias include ::apache::mod::speling @@ -93,7 +94,6 @@ ::apache::mod { 'logio': } ::apache::mod { 'unique_id': } ::apache::mod { 'usertrack': } - ::apache::mod { 'version': } } default: {} } @@ -120,7 +120,7 @@ ::apache::mod { 'auth_basic': } ::apache::mod { 'authn_file': } - if versioncmp($apache_version, '2.4') >= 0 { + if versioncmp($apache_version, '2.4') >= 0 { # authz_core is needed for 'Require' directive ::apache::mod { 'authz_core': id => 'authz_core_module', diff --git a/manifests/init.pp b/manifests/init.pp index b5e920457..32966b86f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -59,6 +59,7 @@ $log_level = $::apache::params::log_level, $log_formats = {}, $ports_file = $::apache::params::ports_file, + $docroot = $::apache::params::docroot, $apache_version = $::apache::version::default, $server_tokens = 'OS', $server_signature = 'On', @@ -239,7 +240,6 @@ if $::apache::conf_dir and $::apache::params::conf_file { case $::osfamily { 'debian': { - $docroot = '/var/www' $pidfile = "\${APACHE_PID_FILE}" $error_log = 'error.log' $error_documents_path = '/usr/share/apache2/error' @@ -247,7 +247,6 @@ $access_log_file = 'access.log' } 'redhat': { - $docroot = '/var/www/html' $pidfile = 'run/httpd.pid' $error_log = 'error_log' $error_documents_path = '/var/www/error' @@ -255,7 +254,6 @@ $access_log_file = 'access_log' } 'freebsd': { - $docroot = '/usr/local/www/apache22/data' $pidfile = '/var/run/httpd.pid' $error_log = 'httpd-error.log' $error_documents_path = '/usr/local/www/apache22/error' diff --git a/manifests/mod.pp b/manifests/mod.pp index 4ffde61b1..88cdcd6a5 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -18,11 +18,10 @@ # Determine if we have special lib $mod_libs = $::apache::params::mod_libs - $mod_lib = $mod_libs[$mod] # 2.6 compatibility hack if $lib { $_lib = $lib - } elsif $mod_lib { - $_lib = $mod_lib + } elsif has_key($mod_libs, $mod) { # 2.6 compatibility hack + $_lib = $mod_libs[$mod] } else { $_lib = "mod_${mod}.so" } @@ -48,11 +47,10 @@ # Determine if we have a package $mod_packages = $::apache::params::mod_packages - $mod_package = $mod_packages[$mod] # 2.6 compatibility hack if $package { $_package = $package - } elsif $mod_package { - $_package = $mod_package + } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack + $_package = $mod_packages[$mod] } else { $_package = undef } diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index d13a7d886..6e70598d0 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -5,7 +5,7 @@ include ::apache::mod::dav ::apache::mod { 'dav_svn': } - if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04') { + if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04' and $::operatingsystemrelease != '10.04') { $loadfile_name = undef } else { $loadfile_name = 'dav_svn_authz_svn.load' diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 7e115fb66..293e9319c 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -2,6 +2,7 @@ $ssl_compression = false, $ssl_options = [ 'StdEnvVars' ], $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', + $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], $apache_version = $::apache::apache_version, $package_name = undef, ) { diff --git a/manifests/mod/version.pp b/manifests/mod/version.pp new file mode 100644 index 000000000..c0e405686 --- /dev/null +++ b/manifests/mod/version.pp @@ -0,0 +1,8 @@ +class apache::mod::version { + + if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) { + warning("${module_name}: module version_module is built-in and can't be loaded") + } else { + ::apache::mod { 'version': } + } +} diff --git a/manifests/params.pp b/manifests/params.pp index 90f805af8..6a221fd63 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -103,6 +103,7 @@ $fastcgi_lib_path = undef $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' + $docroot = '/var/www/html' if $::osfamily == "RedHat" { $wsgi_socket_prefix = '/var/run/wsgi' } else { @@ -163,6 +164,7 @@ $fastcgi_lib_path = '/var/lib/apache2/fastcgi' $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' + $docroot = '/var/www' # # Passenger-specific settings @@ -273,6 +275,7 @@ $mime_support_package = 'misc/mime-support' $mime_types_config = '/usr/local/etc/mime.types' $wsgi_socket_prefix = undef + $docroot = '/usr/local/www/apache22/data' } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } diff --git a/manifests/vhost.pp b/manifests/vhost.pp index fd942fe5e..0841dfff4 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -795,10 +795,12 @@ # - $passenger_min_instances # - $passenger_start_timeout # - $passenger_pre_start - concat::fragment { "${name}-passenger": - target => "${priority_real}-${filename}.conf", - order => 290, - content => template('apache/vhost/_passenger.erb'), + if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + concat::fragment { "${name}-passenger": + target => "${priority_real}-${filename}.conf", + order => 290, + content => template('apache/vhost/_passenger.erb'), + } } # Template uses: diff --git a/metadata.json b/metadata.json index 79344a839..f6361a10e 100644 --- a/metadata.json +++ b/metadata.json @@ -6,7 +6,7 @@ "license": "Apache 2.0", "source": "git://github.com/puppetlabs/puppetlabs-apache.git", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", - "issues_url": "https://github.com/puppetlabs/puppetlabs-apache/issues", + "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "operatingsystem_support": [ { "operatingsystem": "RedHat", @@ -67,13 +67,7 @@ ], "description": "Module for Apache configuration", "dependencies": [ - { - "name": "puppetlabs/stdlib", - "version_requirement": ">= 2.4.0" - }, - { - "name": "puppetlabs/concat", - "version_requirement": ">= 1.1.1" - } + {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0"}, + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1"} ] } diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 189bb15c4..7e5afed52 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -5,7 +5,7 @@ when 'Debian' mod_dir = '/etc/apache2/mods-available' service_name = 'apache2' - if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' + if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' or fact('operatingsystemrelease') == '10.04' authz_svn_load_file = 'dav_svn_authz_svn.load' else authz_svn_load_file = 'authz_svn.load' diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index d45eaee9f..483b74945 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -298,7 +298,7 @@ class { 'apache': } end end - describe 'Satisfy and Auth directive' do + describe 'Satisfy and Auth directive', :unless => $apache_version == '2.4' do it 'should configure a vhost with Satisfy and Auth directive' do pp = <<-EOS class { 'apache': } @@ -1082,7 +1082,6 @@ class { 'apache::mod::wsgi': } wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, wsgi_pass_authorization => 'On', - wsgi_chunked_request => 'On', } EOS apply_manifest(pp, :catch_failures => true) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index dc5d6b46a..fe61a9796 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -23,6 +23,10 @@ it { is_expected.to contain_user("www-data") } it { is_expected.to contain_group("www-data") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www").with( + 'ensure' => 'directory' + ) + } it { is_expected.to contain_file("/etc/apache2/sites-enabled").with( 'ensure' => 'directory', 'recurse' => 'true', @@ -164,7 +168,7 @@ end it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} } - it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" vhost_combined\n} } end end @@ -225,6 +229,10 @@ it { is_expected.to contain_user("apache") } it { is_expected.to contain_group("apache") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www/html").with( + 'ensure' => 'directory' + ) + } it { is_expected.to contain_file("/etc/httpd/conf.d").with( 'ensure' => 'directory', 'recurse' => 'true', @@ -498,6 +506,10 @@ it { is_expected.to contain_user("www") } it { is_expected.to contain_group("www") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/usr/local/www/apache22/data").with( + 'ensure' => 'directory' + ) + } it { is_expected.to contain_file("/usr/local/etc/apache22/Vhosts").with( 'ensure' => 'directory', 'recurse' => 'true', diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 3eac5ffb4..84a95bf44 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -172,8 +172,13 @@ 'proxy_dest' => '/', 'proxy_pass' => [ { - 'path' => '/a', - 'url' => 'http://backend-a/' + 'path' => '/a', + 'url' => 'http://backend-a/', + 'keywords' => ['noquery', 'interpolate'], + 'params' => { + 'retry' => '0', + 'timeout' => '5' + } } ], 'suphp_addhandler' => 'foo', @@ -296,7 +301,12 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-action') } it { is_expected.to contain_concat__fragment('rspec.example.com-block') } it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') } - it { is_expected.to contain_concat__fragment('rspec.example.com-proxy') } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /retry=0/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /timeout=5/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /noquery interpolate/) } it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 68d6b50ae..54d24c8ae 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -59,7 +59,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent <% if @log_formats and !@log_formats.empty? -%> - <%- @log_formats.each do |nickname,format| -%> + <%- @log_formats.sort.each do |nickname,format| -%> LogFormat "<%= format -%>" <%= nickname %> <%- end -%> <% end -%> @@ -70,7 +70,11 @@ IncludeOptional "<%= @confd_dir %>/*.conf" Include "<%= @confd_dir %>/*.conf" <%- end -%> <% if @vhost_load_dir != @confd_dir -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +IncludeOptional "<%= @vhost_load_dir %>/*" +<%- else -%> Include "<%= @vhost_load_dir %>/*" +<%- end -%> <% end -%> <% if @error_documents -%> diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 35ec92afd..e92e37e7a 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -21,7 +21,7 @@ SSLCryptoDevice builtin SSLHonorCipherOrder On SSLCipherSuite <%= @ssl_cipher %> - SSLProtocol all -SSLv2 -SSLv3 + SSLProtocol <%= @ssl_protocol.compact.join(' ') %> <% if @ssl_options -%> SSLOptions <%= @ssl_options.compact.join(' ') %> <% end -%> diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 045c90691..dd25e2c87 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -7,7 +7,13 @@ ProxyPreserveHost On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] -%> + <%- if proxy['params'] -%> + <%- proxy['params'].each_pair do |key, value| -%> <%= key %>=<%= value -%> + <%- end -%> + <%- end -%> + <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> + <%- end %> > <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 70213f48c..516992558 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -7,7 +7,7 @@ <%- if @ssl_chain -%> SSLCertificateChainFile "<%= @ssl_chain %>" <%- end -%> - <%- if @ssl_certs_dir -%> + <%- if @ssl_certs_dir && @ssl_certs_dir != '' -%> SSLCACertificatePath "<%= @ssl_certs_dir %>" <%- end -%> <%- if @ssl_ca -%> diff --git a/tests/vhost_proxypass.pp b/tests/vhost_proxypass.pp new file mode 100644 index 000000000..e911f85f9 --- /dev/null +++ b/tests/vhost_proxypass.pp @@ -0,0 +1,66 @@ +## vhost with proxyPass directive +# NB: Please see the other vhost_*.pp example files for further +# examples. + +# Base class. Declares default vhost on port 80 and default ssl +# vhost on port 443 listening on all interfaces and serving +# $apache::docroot +class { 'apache': } + +# Most basic vhost with proxy_pass +apache::vhost { 'first.example.com': + port => 80, + docroot => '/var/www/first', + proxy_pass => [ + { + 'path' => '/first', + 'url' => 'http://localhost:8080/first' + }, + ], +} + +# vhost with proxy_pass and parameters +apache::vhost { 'second.example.com': + port => 80, + docroot => '/var/www/second', + proxy_pass => [ + { + 'path' => '/second', + 'url' => 'http://localhost:8080/second', + 'params' => { + 'retry' => '0', + 'timeout' => '5' + } + }, + ], +} + +# vhost with proxy_pass and keywords +apache::vhost { 'third.example.com': + port => 80, + docroot => '/var/www/third', + proxy_pass => [ + { + 'path' => '/third', + 'url' => 'http://localhost:8080/third', + 'keywords' => ['noquery', 'interpolate'] + }, + ], +} + +# vhost with proxy_pass, parameters and keywords +apache::vhost { 'fourth.example.com': + port => 80, + docroot => '/var/www/fourth', + proxy_pass => [ + { + 'path' => '/fourth', + 'url' => 'http://localhost:8080/fourth', + 'params' => { + 'retry' => '0', + 'timeout' => '5' + }, + 'keywords' => ['noquery', 'interpolate'] + }, + ], +}