diff --git a/examples/apache.pp b/examples/apache.pp
index 18ec5531..0d454356 100644
--- a/examples/apache.pp
+++ b/examples/apache.pp
@@ -1,6 +1,6 @@
-include ::apache
-include ::apache::mod::php
-include ::apache::mod::cgi
-include ::apache::mod::userdir
-include ::apache::mod::disk_cache
-include ::apache::mod::proxy_http
+include apache
+include apache::mod::php
+include apache::mod::cgi
+include apache::mod::userdir
+include apache::mod::disk_cache
+include apache::mod::proxy_http
diff --git a/examples/dev.pp b/examples/dev.pp
index 5616e32b..6c4f9557 100644
--- a/examples/dev.pp
+++ b/examples/dev.pp
@@ -1 +1 @@
-include ::apache::mod::dev
+include apache::mod::dev
diff --git a/examples/init.pp b/examples/init.pp
index 33911073..b3f9f13a 100644
--- a/examples/init.pp
+++ b/examples/init.pp
@@ -1 +1 @@
-include ::apache
+include apache
diff --git a/examples/mod_load_params.pp b/examples/mod_load_params.pp
index fa43132b..879f2cfe 100644
--- a/examples/mod_load_params.pp
+++ b/examples/mod_load_params.pp
@@ -1,11 +1,10 @@
# Tests the path and identifier parameters for the apache::mod class
# Base class for clarity:
-class { '::apache': }
-
+class { 'apache': }
# Exaple parameter usage:
apache::mod { 'testmod':
path => '/usr/some/path/mod_testmod.so',
id => 'testmod_custom_name',
}
diff --git a/examples/mods.pp b/examples/mods.pp
index 69963824..dd64e3b2 100644
--- a/examples/mods.pp
+++ b/examples/mods.pp
@@ -1,9 +1,8 @@
## Default mods
# Base class. Declares default vhost on port 80 and default ssl
# vhost on port 443 listening on all interfaces and serving
# $apache::docroot, and declaring our default set of modules.
-class { '::apache':
+class { 'apache':
default_mods => true,
}
-
diff --git a/examples/mods_custom.pp b/examples/mods_custom.pp
index 4098c83a..103e52a4 100644
--- a/examples/mods_custom.pp
+++ b/examples/mods_custom.pp
@@ -1,16 +1,15 @@
## custom mods
# Base class. Declares default vhost on port 80 and default ssl
# vhost on port 443 listening on all interfaces and serving
# $apache::docroot, and declaring a custom set of modules.
-class { '::apache':
+class { 'apache':
default_mods => [
'info',
'alias',
'mime',
'env',
'setenv',
'expires',
],
}
-
diff --git a/examples/php.pp b/examples/php.pp
index ee187717..1d926bfb 100644
--- a/examples/php.pp
+++ b/examples/php.pp
@@ -1,4 +1,4 @@
-class { '::apache':
+class { 'apache':
mpm_module => 'prefork',
}
-include ::apache::mod::php
+include apache::mod::php
diff --git a/examples/vhost.pp b/examples/vhost.pp
index 60acda5c..c0813d16 100644
--- a/examples/vhost.pp
+++ b/examples/vhost.pp
@@ -1,258 +1,256 @@
## Default vhosts, and custom vhosts
# NB: Please see the other vhost_*.pp example files for further
# examples.
# Base class. Declares default vhost on port 80 and default ssl
# vhost on port 443 listening on all interfaces and serving
# $apache::docroot
-class { '::apache': }
+class { 'apache': }
# Most basic vhost
apache::vhost { 'first.example.com':
port => '80',
docroot => '/var/www/first',
}
# Vhost with different docroot owner/group/mode
apache::vhost { 'second.example.com':
port => '80',
docroot => '/var/www/second',
docroot_owner => 'third',
docroot_group => 'third',
docroot_mode => '0770',
}
# Vhost with serveradmin
apache::vhost { 'third.example.com':
port => '80',
docroot => '/var/www/third',
serveradmin => 'admin@example.com',
}
# Vhost with ssl (uses default ssl certs)
apache::vhost { 'ssl.example.com':
port => '443',
docroot => '/var/www/ssl',
ssl => true,
}
# Vhost with ssl and specific ssl certs
apache::vhost { 'fourth.example.com':
port => '443',
docroot => '/var/www/fourth',
ssl => true,
ssl_cert => '/etc/ssl/fourth.example.com.cert',
ssl_key => '/etc/ssl/fourth.example.com.key',
}
# Vhost with english title and servername parameter
apache::vhost { 'The fifth vhost':
servername => 'fifth.example.com',
port => '80',
docroot => '/var/www/fifth',
}
# Vhost with server aliases
apache::vhost { 'sixth.example.com':
serveraliases => [
'sixth.example.org',
'sixth.example.net',
],
port => '80',
docroot => '/var/www/fifth',
}
# Vhost with alternate options
apache::vhost { 'seventh.example.com':
port => '80',
docroot => '/var/www/seventh',
options => [
'Indexes',
'MultiViews',
],
}
# Vhost with AllowOverride for .htaccess
apache::vhost { 'eighth.example.com':
port => '80',
docroot => '/var/www/eighth',
override => 'All',
}
# Vhost with access and error logs disabled
apache::vhost { 'ninth.example.com':
port => '80',
docroot => '/var/www/ninth',
access_log => false,
error_log => false,
}
# Vhost with custom access and error logs and logroot
apache::vhost { 'tenth.example.com':
port => '80',
docroot => '/var/www/tenth',
access_log_file => 'tenth_vhost.log',
error_log_file => 'tenth_vhost_error.log',
logroot => '/var/log',
}
# Vhost with a cgi-bin
apache::vhost { 'eleventh.example.com':
port => '80',
docroot => '/var/www/eleventh',
scriptalias => '/usr/lib/cgi-bin',
}
# Vhost with a proxypass configuration
apache::vhost { 'twelfth.example.com':
port => '80',
docroot => '/var/www/twelfth',
proxy_dest => 'http://internal.example.com:8080/twelfth',
no_proxy_uris => ['/login','/logout'],
}
# Vhost to redirect /login and /logout
apache::vhost { 'thirteenth.example.com':
port => '80',
docroot => '/var/www/thirteenth',
redirect_source => [
'/login',
'/logout',
],
redirect_dest => [
'http://10.0.0.10/login',
'http://10.0.0.10/logout',
],
}
# Vhost to permamently redirect
apache::vhost { 'fourteenth.example.com':
port => '80',
docroot => '/var/www/fourteenth',
redirect_source => '/blog',
redirect_dest => 'http://blog.example.com',
redirect_status => 'permanent',
}
# Vhost with a rack configuration
apache::vhost { 'fifteenth.example.com':
port => '80',
docroot => '/var/www/fifteenth',
rack_base_uris => ['/rackapp1', '/rackapp2'],
}
-
# Vhost to redirect non-ssl to ssl
apache::vhost { 'sixteenth.example.com non-ssl':
servername => 'sixteenth.example.com',
port => '80',
docroot => '/var/www/sixteenth',
rewrites => [
{
comment => 'redirect non-SSL traffic to SSL site',
rewrite_cond => ['%{HTTPS} off'],
rewrite_rule => ['(.*) https://%{HTTP_HOST}%{REQUEST_URI}'],
}
],
}
# Rewrite a URL to lower case
apache::vhost { 'sixteenth.example.com non-ssl':
servername => 'sixteenth.example.com',
port => '80',
docroot => '/var/www/sixteenth',
rewrites => [
{ comment => 'Rewrite to lower case',
rewrite_cond => ['%{REQUEST_URI} [A-Z]'],
rewrite_map => ['lc int:tolower'],
rewrite_rule => ["(.*) \${lc:\$1} [R=301,L]"],
}
],
}
apache::vhost { 'sixteenth.example.com ssl':
servername => 'sixteenth.example.com',
port => '443',
docroot => '/var/www/sixteenth',
ssl => true,
}
# Vhost to redirect non-ssl to ssl using old rewrite method
apache::vhost { 'sixteenth.example.com non-ssl old rewrite':
servername => 'sixteenth.example.com',
port => '80',
docroot => '/var/www/sixteenth',
rewrite_cond => '%{HTTPS} off',
rewrite_rule => '(.*) https://%{HTTP_HOST}%{REQUEST_URI}',
}
apache::vhost { 'sixteenth.example.com ssl old rewrite':
servername => 'sixteenth.example.com',
port => '443',
docroot => '/var/www/sixteenth',
ssl => true,
}
# Vhost to block repository files
apache::vhost { 'seventeenth.example.com':
port => '80',
docroot => '/var/www/seventeenth',
block => 'scm',
}
# Vhost with special environment variables
apache::vhost { 'eighteenth.example.com':
port => '80',
docroot => '/var/www/eighteenth',
setenv => ['SPECIAL_PATH /foo/bin','KILROY was_here'],
}
apache::vhost { 'nineteenth.example.com':
port => '80',
docroot => '/var/www/nineteenth',
setenvif => 'Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1',
}
# Vhost with additional include files
apache::vhost { 'twentyieth.example.com':
port => '80',
docroot => '/var/www/twelfth',
additional_includes => ['/tmp/proxy_group_a','/tmp/proxy_group_b'],
}
# Vhost with alias for subdomain mapped to same named directory
# http://example.com.loc => /var/www/example.com
apache::vhost { 'subdomain.loc':
vhost_name => '*',
port => '80',
virtual_docroot => '/var/www/%-2+',
docroot => '/var/www',
serveraliases => ['*.loc',],
}
# Vhost with SSL (SSLProtocol, SSLCipherSuite & SSLHonorCipherOrder from default)
apache::vhost { 'securedomain.com':
priority => '10',
vhost_name => 'www.securedomain.com',
port => '443',
docroot => '/var/www/secure',
ssl => true,
ssl_cert => '/etc/ssl/securedomain.cert',
ssl_key => '/etc/ssl/securedomain.key',
ssl_chain => '/etc/ssl/securedomain.crt',
add_listen => false,
}
# Vhost with access log environment variables writing control
apache::vhost { 'twentyfirst.example.com':
port => '80',
docroot => '/var/www/twentyfirst',
access_log_env_var => 'admin',
}
# Vhost with a passenger_base configuration
apache::vhost { 'twentysecond.example.com':
port => '80',
docroot => '/var/www/twentysecond',
rack_base_uris => ['/passengerapp1', '/passengerapp2'],
}
-
diff --git a/examples/vhost_directories.pp b/examples/vhost_directories.pp
index df5a2d52..f02734d0 100644
--- a/examples/vhost_directories.pp
+++ b/examples/vhost_directories.pp
@@ -1,44 +1,43 @@
# Base class. Declares default vhost on port 80 and default ssl
# vhost on port 443 listening on all interfaces and serving
# $apache::docroot
-class { '::apache': }
+class { 'apache': }
# Example from README adapted.
apache::vhost { 'readme.example.net':
docroot => '/var/www/readme',
directories => [
{
'path' => '/var/www/readme',
'ServerTokens' => 'prod' ,
},
{
'path' => '/usr/share/empty',
'allow' => 'from all',
},
],
}
# location test
apache::vhost { 'location.example.net':
docroot => '/var/www/location',
directories => [
{
'path' => '/location',
'provider' => 'location',
'ServerTokens' => 'prod'
},
],
}
# files test, curedly disable access to accidental backup files.
apache::vhost { 'files.example.net':
docroot => '/var/www/files',
directories => [
{
'path' => '(\.swp|\.bak|~)$',
'provider' => 'filesmatch',
'deny' => 'from all'
},
],
}
-
diff --git a/examples/vhost_filter.pp b/examples/vhost_filter.pp
index 1a66b856..ef27639c 100644
--- a/examples/vhost_filter.pp
+++ b/examples/vhost_filter.pp
@@ -1,17 +1,16 @@
# Base class. Declares default vhost on port 80 with filters.
-class { '::apache': }
+class { 'apache': }
# Example from README adapted.
apache::vhost { 'readme.example.net':
docroot => '/var/www/html',
filters => [
'FilterDeclare COMPRESS',
'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html',
'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css',
'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain',
'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml',
'FilterChain COMPRESS',
'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no',
],
}
-
diff --git a/examples/vhost_ip_based.pp b/examples/vhost_ip_based.pp
index 249c4199..dc0fa4f3 100644
--- a/examples/vhost_ip_based.pp
+++ b/examples/vhost_ip_based.pp
@@ -1,25 +1,25 @@
## IP-based vhosts on any listen port
# IP-based vhosts respond to requests on specific IP addresses.
# Base class. Turn off the default vhosts; we will be declaring
# all vhosts below.
-class { '::apache':
+class { 'apache':
default_vhost => false,
}
# Listen on port 80 and 81; required because the following vhosts
# are not declared with a port parameter.
apache::listen { '80': }
apache::listen { '81': }
# IP-based vhosts
apache::vhost { 'first.example.com':
ip => '10.0.0.10',
docroot => '/var/www/first',
ip_based => true,
}
apache::vhost { 'second.example.com':
ip => '10.0.0.11',
docroot => '/var/www/second',
ip_based => true,
}
diff --git a/examples/vhost_proxypass.pp b/examples/vhost_proxypass.pp
index 8edd0de9..ca9c57df 100644
--- a/examples/vhost_proxypass.pp
+++ b/examples/vhost_proxypass.pp
@@ -1,66 +1,66 @@
## vhost with proxyPass directive
# NB: Please see the other vhost_*.pp example files for further
# examples.
# Base class. Declares default vhost on port 80 and default ssl
# vhost on port 443 listening on all interfaces and serving
# $apache::docroot
-class { '::apache': }
+class { 'apache': }
# Most basic vhost with proxy_pass
apache::vhost { 'first.example.com':
port => 80,
docroot => '/var/www/first',
proxy_pass => [
{
'path' => '/first',
'url' => 'http://localhost:8080/first'
},
],
}
# vhost with proxy_pass and parameters
apache::vhost { 'second.example.com':
port => 80,
docroot => '/var/www/second',
proxy_pass => [
{
'path' => '/second',
'url' => 'http://localhost:8080/second',
'params' => {
'retry' => '0',
'timeout' => '5',
- }
+ }
},
],
}
# vhost with proxy_pass and keywords
apache::vhost { 'third.example.com':
port => 80,
docroot => '/var/www/third',
proxy_pass => [
{
'path' => '/third',
'url' => 'http://localhost:8080/third',
'keywords' => ['noquery', 'interpolate']
},
],
}
# vhost with proxy_pass, parameters and keywords
apache::vhost { 'fourth.example.com':
port => 80,
docroot => '/var/www/fourth',
proxy_pass => [
{
'path' => '/fourth',
'url' => 'http://localhost:8080/fourth',
'params' => {
'retry' => '0',
'timeout' => '5',
- },
+ },
'keywords' => ['noquery', 'interpolate']
},
],
}
diff --git a/examples/vhost_ssl.pp b/examples/vhost_ssl.pp
index 53989ff1..8e7a2b27 100644
--- a/examples/vhost_ssl.pp
+++ b/examples/vhost_ssl.pp
@@ -1,23 +1,23 @@
## SSL-enabled vhosts
# SSL-enabled vhosts respond only to HTTPS queries.
# Base class. Turn off the default vhosts; we will be declaring
# all vhosts below.
-class { '::apache':
+class { 'apache':
default_vhost => false,
}
# Non-ssl vhost
apache::vhost { 'first.example.com non-ssl':
servername => 'first.example.com',
port => '80',
docroot => '/var/www/first',
}
# SSL vhost at the same domain
apache::vhost { 'first.example.com ssl':
servername => 'first.example.com',
port => '443',
docroot => '/var/www/first',
ssl => true,
}
diff --git a/examples/vhosts_without_listen.pp b/examples/vhosts_without_listen.pp
index 0e97a022..d42118bc 100644
--- a/examples/vhosts_without_listen.pp
+++ b/examples/vhosts_without_listen.pp
@@ -1,53 +1,52 @@
## Declare ip-based and name-based vhosts
# Mixing Name-based vhost with IP-specific vhosts requires `add_listen =>
# 'false'` on the non-IP vhosts
# Base class. Turn off the default vhosts; we will be declaring
# all vhosts below.
-class { '::apache':
+class { 'apache':
default_vhost => false,
}
-
# Add two an IP-based vhost on 10.0.0.10, ssl and non-ssl
apache::vhost { 'The first IP-based vhost, non-ssl':
servername => 'first.example.com',
ip => '10.0.0.10',
port => '80',
ip_based => true,
docroot => '/var/www/first',
}
apache::vhost { 'The first IP-based vhost, ssl':
servername => 'first.example.com',
ip => '10.0.0.10',
port => '443',
ip_based => true,
docroot => '/var/www/first-ssl',
ssl => true,
}
# Two name-based vhost listening on 10.0.0.20
apache::vhost { 'second.example.com':
ip => '10.0.0.20',
port => '80',
docroot => '/var/www/second',
}
apache::vhost { 'third.example.com':
ip => '10.0.0.20',
port => '80',
docroot => '/var/www/third',
}
# Two name-based vhosts without IPs specified, so that they will answer on either 10.0.0.10 or 10.0.0.20 . It is requried to declare
# `add_listen => 'false'` to disable declaring "Listen 80" which will conflict
# with the IP-based preceeding vhosts.
apache::vhost { 'fourth.example.com':
port => '80',
docroot => '/var/www/fourth',
add_listen => false,
}
apache::vhost { 'fifth.example.com':
port => '80',
docroot => '/var/www/fifth',
add_listen => false,
}
diff --git a/manifests/balancer.pp b/manifests/balancer.pp
index 790386f1..6740a73c 100644
--- a/manifests/balancer.pp
+++ b/manifests/balancer.pp
@@ -1,106 +1,106 @@
# @summary
# This type will create an apache balancer cluster file inside the conf.d
# directory.
#
# Each balancer cluster needs one or more balancer members (that can
# be declared with the apache::balancermember defined resource type). Using
# storeconfigs, you can export the apache::balancermember resources on all
# balancer members, and then collect them on a single apache load balancer
# server.
#
# @note
# Currently requires the puppetlabs/concat module on the Puppet Forge and uses
# storeconfigs on the Puppet Server to export/collect resources from all
# balancer members.
#
# @param name
# The namevar of the defined resource type is the balancer clusters name.
# This name is also used in the name of the conf.d file
#
# @param proxy_set
# Configures key-value pairs to be used as a ProxySet lines in the configuration.
#
# @param target
# The path to the file the balancer definition will be written in.
#
# @param collect_exported
# Determines whether to use exported resources.
# If you statically declare all of your backend servers, set this parameter to false to rely
# on existing, declared balancer member resources. Also, use apache::balancermember with array
# arguments.
# To dynamically declare backend servers via exported resources collected on a central node,
# set this parameter to true to collect the balancer member resources exported by the balancer
# member nodes.
# If you don't use exported resources, a single Puppet run configures all balancer members. If
# you use exported resources, Puppet has to run on the balanced nodes first, then run on the
# balancer.
#
# @param options
# Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)
# after the balancer URL, and accepts any key-value pairs available to `ProxyPass`.
#
# @example
# apache::balancer { 'puppet00': }
#
define apache::balancer (
$proxy_set = {},
$collect_exported = true,
$target = undef,
$options = [],
) {
- include ::apache::mod::proxy_balancer
+ include apache::mod::proxy_balancer
if versioncmp($apache::mod::proxy_balancer::apache_version, '2.4') >= 0 {
$lbmethod = $proxy_set['lbmethod'] ? {
undef => 'byrequests',
default => $proxy_set['lbmethod'],
}
ensure_resource('apache::mod', "lbmethod_${lbmethod}", {
- 'loadfile_name' => "proxy_balancer_lbmethod_${lbmethod}.load"
+ 'loadfile_name' => "proxy_balancer_lbmethod_${lbmethod}.load"
})
}
if $target {
$_target = $target
} else {
- $_target = "${::apache::confd_dir}/balancer_${name}.conf"
+ $_target = "${apache::confd_dir}/balancer_${name}.conf"
}
if !empty($options) {
$_options = " ${join($options, ' ')}"
} else {
$_options = ''
}
concat { "apache_balancer_${name}":
owner => '0',
group => '0',
path => $_target,
- mode => $::apache::file_mode,
+ mode => $apache::file_mode,
notify => Class['Apache::Service'],
}
concat::fragment { "00-${name}-header":
target => "apache_balancer_${name}",
order => '01',
content => "\n",
}
if $collect_exported {
Apache::Balancermember <<| balancer_cluster == $name |>>
}
# else: the resources have been created and they introduced their
# concat fragments. We don't have to do anything about them.
concat::fragment { "01-${name}-proxyset":
target => "apache_balancer_${name}",
order => '19',
content => inline_template("<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\n<% end %>"),
}
concat::fragment { "01-${name}-footer":
target => "apache_balancer_${name}",
order => '20',
content => "\n",
}
}
diff --git a/manifests/balancermember.pp b/manifests/balancermember.pp
index ec66dcda..3fa54960 100644
--- a/manifests/balancermember.pp
+++ b/manifests/balancermember.pp
@@ -1,51 +1,50 @@
# @summary
# Defines members of `mod_proxy_balancer`
#
# Sets up a balancer member inside a listening service configuration block in
# the load balancer's `apache.cfg`.
#
# This type will setup a balancer member inside a listening service
# configuration block in /etc/apache/apache.cfg on the load balancer.
# Currently it only has the ability to specify the instance name, url and an
# array of options. More features can be added as needed. The best way to
# implement this is to export this resource for all apache balancer member
# servers, and then collect them on the main apache load balancer.
#
# @note
# Currently requires the puppetlabs/concat module on the Puppet Forge and
# uses storeconfigs on the Puppet Server to export/collect resources
# from all balancer members.
#
# @param name
# The title of the resource is arbitrary and only utilized in the concat
# fragment name.
#
# @param balancer_cluster
# The apache service's instance name (or, the title of the apache::balancer
# resource). This must match up with a declared apache::balancer resource.
#
# @param url
# The url used to contact the balancer member server.
#
# @param options
# Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)
# after the URL, and accepts any key-value pairs available to `ProxyPass`.
#
# @example
# @@apache::balancermember { 'apache':
# balancer_cluster => 'puppet00',
# url => "ajp://${::fqdn}:8009"
# options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
# }
#
-define apache::balancermember(
+define apache::balancermember (
$balancer_cluster,
$url = "http://${::fqdn}/",
$options = [],
) {
-
concat::fragment { "BalancerMember ${name}":
target => "apache_balancer_${balancer_cluster}",
content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"),
}
}
diff --git a/manifests/confd/no_accf.pp b/manifests/confd/no_accf.pp
index 4176d2b6..024a088a 100644
--- a/manifests/confd/no_accf.pp
+++ b/manifests/confd/no_accf.pp
@@ -1,14 +1,14 @@
# @summary
# Manages the `no-accf.conf` file.
#
# @api private
class apache::confd::no_accf {
# Template uses no variables
file { 'no-accf.conf':
ensure => 'file',
- path => "${::apache::confd_dir}/no-accf.conf",
+ path => "${apache::confd_dir}/no-accf.conf",
content => template('apache/confd/no-accf.conf.erb'),
- require => Exec["mkdir ${::apache::confd_dir}"],
- before => File[$::apache::confd_dir],
+ require => Exec["mkdir ${apache::confd_dir}"],
+ before => File[$apache::confd_dir],
}
}
diff --git a/manifests/custom_config.pp b/manifests/custom_config.pp
index 8a13163e..52b94b48 100644
--- a/manifests/custom_config.pp
+++ b/manifests/custom_config.pp
@@ -1,126 +1,125 @@
# @summary
# Adds a custom configuration file to the Apache server's `conf.d` directory.
#
# If the file is invalid and this defined type's `verify_config` parameter's value is
# `true`, Puppet throws an error during a Puppet run.
#
# @param ensure
# Specifies whether the configuration file should be present.
#
# @param confdir
# Sets the directory in which Puppet places configuration files.
#
# @param content
# Sets the configuration file's content. The `content` and `source` parameters are exclusive
# of each other.
#
# @param filename
# Sets the name of the file under `confdir` in which Puppet stores the configuration.
#
# @param priority
# Sets the configuration file's priority by prefixing its filename with this parameter's
# numeric value, as Apache processes configuration files in alphanumeric order.
# To omit the priority prefix in the configuration file's name, set this parameter to `false`.
#
# @param source
# Points to the configuration file's source. The `content` and `source` parameters are
# exclusive of each other.
#
# @param verify_command
# Specifies the command Puppet uses to verify the configuration file. Use a fully qualified
# command.
# This parameter is used only if the `verify_config` parameter's value is `true`. If the
# `verify_command` fails, the Puppet run deletes the configuration file and raises an error,
# but does not notify the Apache service.
#
# @param verify_config
# Specifies whether to validate the configuration file before notifying the Apache service.
#
# @param owner
# File owner of configuration file
#
# @param group
# File group of configuration file
#
# @param file_mode
# File mode of configuration file
#
# @param show_diff
# show_diff property for configuration file resource
#
define apache::custom_config (
Enum['absent', 'present'] $ensure = 'present',
- $confdir = $::apache::confd_dir,
+ $confdir = $apache::confd_dir,
$content = undef,
$priority = '25',
$source = undef,
- $verify_command = $::apache::params::verify_command,
+ $verify_command = $apache::params::verify_command,
Boolean $verify_config = true,
$filename = undef,
$owner = undef,
$group = undef,
$file_mode = undef,
Boolean $show_diff = true,
) {
-
if $content and $source {
fail('Only one of $content and $source can be specified.')
}
if $ensure == 'present' and ! $content and ! $source {
fail('One of $content and $source must be specified.')
}
if $filename {
$_filename = $filename
} else {
if $priority {
$priority_prefix = "${priority}-"
} else {
$priority_prefix = ''
}
## Apache include does not always work with spaces in the filename
$filename_middle = regsubst($name, ' ', '_', 'G')
$_filename = "${priority_prefix}${filename_middle}.conf"
}
if ! $verify_config or $ensure == 'absent' {
$notifies = Class['Apache::Service']
} else {
$notifies = undef
}
- $_file_mode = pick($file_mode, $::apache::file_mode)
+ $_file_mode = pick($file_mode, $apache::file_mode)
file { "apache_${name}":
ensure => $ensure,
path => "${confdir}/${_filename}",
owner => $owner,
group => $group,
mode => $_file_mode,
content => $content,
source => $source,
show_diff => $show_diff,
require => Package['httpd'],
notify => $notifies,
}
if $ensure == 'present' and $verify_config {
exec { "syntax verification for ${name}":
command => $verify_command,
subscribe => File["apache_${name}"],
refreshonly => true,
notify => Class['Apache::Service'],
before => Exec["remove ${name} if invalid"],
require => Anchor['::apache::modules_set_up'],
}
exec { "remove ${name} if invalid":
command => "/bin/rm ${confdir}/${_filename}",
unless => $verify_command,
subscribe => File["apache_${name}"],
refreshonly => true,
}
}
}
diff --git a/manifests/default_confd_files.pp b/manifests/default_confd_files.pp
index 36ce5321..ecf543ee 100644
--- a/manifests/default_confd_files.pp
+++ b/manifests/default_confd_files.pp
@@ -1,19 +1,19 @@
# @summary
# Helper for setting up default conf.d files.
#
# @api private
class apache::default_confd_files (
$all = true,
) {
# The rest of the conf.d/* files only get loaded if we want them
if $all {
case $::osfamily {
'freebsd': {
- include ::apache::confd::no_accf
+ include apache::confd::no_accf
}
default: {
# do nothing
}
}
}
}
diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp
index 8254392b..8e7b5d02 100644
--- a/manifests/default_mods.pp
+++ b/manifests/default_mods.pp
@@ -1,186 +1,186 @@
# @summary
# Installs and congfigures default mods for Apache
#
# @api private
class apache::default_mods (
$all = true,
$mods = undef,
- $apache_version = $::apache::apache_version,
- $use_systemd = $::apache::use_systemd,
+ $apache_version = $apache::apache_version,
+ $use_systemd = $apache::use_systemd,
) {
# These are modules required to run the default configuration.
# They are not configurable at this time, so we just include
# them to make sure it works.
case $::osfamily {
'redhat': {
::apache::mod { 'log_config': }
if versioncmp($apache_version, '2.4') >= 0 {
# Lets fork it
# Do not try to load mod_systemd on RHEL/CentOS 6 SCL.
if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon') ) {
if ($use_systemd) {
::apache::mod { 'systemd': }
}
}
if ($::operatingsystem == 'Amazon' and $::operatingsystemrelease == '2') {
::apache::mod { 'systemd': }
}
::apache::mod { 'unixd': }
}
}
'freebsd': {
::apache::mod { 'log_config': }
::apache::mod { 'unixd': }
}
'Suse': {
::apache::mod { 'log_config': }
}
default: {}
}
case $::osfamily {
'gentoo': {}
default: {
::apache::mod { 'authz_host': }
}
}
# The rest of the modules only get loaded if we want all modules enabled
if $all {
case $::osfamily {
'debian': {
- include ::apache::mod::authn_core
- include ::apache::mod::reqtimeout
+ include apache::mod::authn_core
+ include apache::mod::reqtimeout
if versioncmp($apache_version, '2.4') < 0 {
::apache::mod { 'authn_alias': }
}
}
'redhat': {
- include ::apache::mod::actions
- include ::apache::mod::authn_core
- include ::apache::mod::cache
- include ::apache::mod::ext_filter
- include ::apache::mod::mime
- include ::apache::mod::mime_magic
- include ::apache::mod::rewrite
- include ::apache::mod::speling
- include ::apache::mod::suexec
- include ::apache::mod::version
- include ::apache::mod::vhost_alias
+ include apache::mod::actions
+ include apache::mod::authn_core
+ include apache::mod::cache
+ include apache::mod::ext_filter
+ include apache::mod::mime
+ include apache::mod::mime_magic
+ include apache::mod::rewrite
+ include apache::mod::speling
+ include apache::mod::suexec
+ include apache::mod::version
+ include apache::mod::vhost_alias
::apache::mod { 'auth_digest': }
::apache::mod { 'authn_anon': }
::apache::mod { 'authn_dbm': }
::apache::mod { 'authz_dbm': }
::apache::mod { 'authz_owner': }
::apache::mod { 'expires': }
::apache::mod { 'include': }
::apache::mod { 'logio': }
::apache::mod { 'substitute': }
::apache::mod { 'usertrack': }
if versioncmp($apache_version, '2.4') < 0 {
::apache::mod { 'authn_alias': }
::apache::mod { 'authn_default': }
}
}
'freebsd': {
- include ::apache::mod::actions
- include ::apache::mod::authn_core
- include ::apache::mod::cache
- include ::apache::mod::disk_cache
- include ::apache::mod::headers
- include ::apache::mod::info
- include ::apache::mod::mime_magic
- include ::apache::mod::reqtimeout
- include ::apache::mod::rewrite
- include ::apache::mod::userdir
- include ::apache::mod::version
- include ::apache::mod::vhost_alias
- include ::apache::mod::speling
- include ::apache::mod::filter
+ include apache::mod::actions
+ include apache::mod::authn_core
+ include apache::mod::cache
+ include apache::mod::disk_cache
+ include apache::mod::headers
+ include apache::mod::info
+ include apache::mod::mime_magic
+ include apache::mod::reqtimeout
+ include apache::mod::rewrite
+ include apache::mod::userdir
+ include apache::mod::version
+ include apache::mod::vhost_alias
+ include apache::mod::speling
+ include apache::mod::filter
::apache::mod { 'asis': }
::apache::mod { 'auth_digest': }
::apache::mod { 'auth_form': }
::apache::mod { 'authn_anon': }
::apache::mod { 'authn_dbm': }
::apache::mod { 'authn_socache': }
::apache::mod { 'authz_dbd': }
::apache::mod { 'authz_dbm': }
::apache::mod { 'authz_owner': }
::apache::mod { 'dumpio': }
::apache::mod { 'expires': }
::apache::mod { 'file_cache': }
- ::apache::mod { 'imagemap':}
+ ::apache::mod { 'imagemap': }
::apache::mod { 'include': }
::apache::mod { 'logio': }
::apache::mod { 'request': }
::apache::mod { 'session': }
::apache::mod { 'unique_id': }
}
default: {}
}
- case $::apache::mpm_module {
+ case $apache::mpm_module {
'prefork': {
- include ::apache::mod::cgi
+ include apache::mod::cgi
}
'worker': {
- include ::apache::mod::cgid
+ include apache::mod::cgid
}
default: {
# do nothing
}
}
- include ::apache::mod::alias
- include ::apache::mod::authn_file
- include ::apache::mod::autoindex
- include ::apache::mod::dav
- include ::apache::mod::dav_fs
- include ::apache::mod::deflate
- include ::apache::mod::dir
- include ::apache::mod::mime
- include ::apache::mod::negotiation
- include ::apache::mod::setenvif
+ include apache::mod::alias
+ include apache::mod::authn_file
+ include apache::mod::autoindex
+ include apache::mod::dav
+ include apache::mod::dav_fs
+ include apache::mod::deflate
+ include apache::mod::dir
+ include apache::mod::mime
+ include apache::mod::negotiation
+ include apache::mod::setenvif
::apache::mod { 'auth_basic': }
if versioncmp($apache_version, '2.4') >= 0 {
# filter is needed by mod_deflate
- include ::apache::mod::filter
+ include apache::mod::filter
# authz_core is needed for 'Require' directive
::apache::mod { 'authz_core':
id => 'authz_core_module',
}
# lots of stuff seems to break without access_compat
::apache::mod { 'access_compat': }
} else {
- include ::apache::mod::authz_default
+ include apache::mod::authz_default
}
- include ::apache::mod::authz_user
+ include apache::mod::authz_user
::apache::mod { 'authz_groupfile': }
- include ::apache::mod::env
+ include apache::mod::env
} elsif $mods {
::apache::default_mods::load { $mods: }
if versioncmp($apache_version, '2.4') >= 0 {
# authz_core is needed for 'Require' directive
::apache::mod { 'authz_core':
id => 'authz_core_module',
}
# filter is needed by mod_deflate
- include ::apache::mod::filter
+ include apache::mod::filter
}
} else {
if versioncmp($apache_version, '2.4') >= 0 {
# authz_core is needed for 'Require' directive
::apache::mod { 'authz_core':
id => 'authz_core_module',
}
# filter is needed by mod_deflate
- include ::apache::mod::filter
+ include apache::mod::filter
}
}
}
diff --git a/manifests/dev.pp b/manifests/dev.pp
index 95b3fa6d..b8c6991e 100644
--- a/manifests/dev.pp
+++ b/manifests/dev.pp
@@ -1,23 +1,22 @@
# @summary
# Installs Apache development libraries.
#
# The libraries installed depends on the `dev_packages` parameter of the `apache::params`
# class, based on your operating system:
# - **Debian** : `libaprutil1-dev`, `libapr1-dev`; `apache2-dev` on Ubuntu 13.10 and Debian 8; `apache2-prefork-dev` on other versions.
# - **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`.
# - **Gentoo**: `undef`.
# - **Red Hat**: `httpd-devel`.
class apache::dev {
-
if ! defined(Class['apache']) {
fail('You must include the apache base class before using any apache defined resources')
}
- $packages = $::apache::dev_packages
+ $packages = $apache::dev_packages
if $packages { # FreeBSD doesn't have dev packages to install
package { $packages:
ensure => present,
require => Package['httpd'],
}
}
}
diff --git a/manifests/fastcgi/server.pp b/manifests/fastcgi/server.pp
index 76b4d0bc..2e372b1a 100644
--- a/manifests/fastcgi/server.pp
+++ b/manifests/fastcgi/server.pp
@@ -1,59 +1,59 @@
# @summary
# Defines one or more external FastCGI servers to handle specific file types. Use this
# defined type with `mod_fastcgi`.
#
# @param host
# Determines the FastCGI's hostname or IP address and TCP port number (1-65535).
#
# @param timeout
# Sets the number of seconds a [FastCGI](http://www.fastcgi.com/) application can be inactive before aborting the
# request and logging the event at the error LogLevel. The inactivity timer applies only as
# long as a connection is pending with the FastCGI application. If a request is queued to an
# application, but the application doesn't respond by writing and flushing within this period,
# the request is aborted. If communication is complete with the application but incomplete with
# the client (the response is buffered), the timeout does not apply.
#
# @param flush
# Forces `mod_fastcgi` to write to the client as data is received from the
# application. By default, `mod_fastcgi` buffers data in order to free the application
# as quickly as possible.
#
# @param faux_path
# Apache has FastCGI handle URIs that resolve to this filename. The path set in this
# parameter does not have to exist in the local filesystem.
#
# @param fcgi_alias
# Internally links actions with the FastCGI server. This alias must be unique.
#
# @param file_type
# Sets the MIME `content-type` of the file to be processed by the FastCGI server.
#
define apache::fastcgi::server (
$host = '127.0.0.1:9000',
$timeout = 15,
$flush = false,
$faux_path = "/var/www/${name}.fcgi",
$fcgi_alias = "/${name}.fcgi",
$file_type = 'application/x-httpd-php',
$pass_header = undef,
) {
- include ::apache::mod::fastcgi
+ include apache::mod::fastcgi
Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server[$title]
if $host =~ Stdlib::Absolutepath {
$socket = $host
}
file { "fastcgi-pool-${name}.conf":
ensure => file,
- path => "${::apache::confd_dir}/fastcgi-pool-${name}.conf",
+ path => "${apache::confd_dir}/fastcgi-pool-${name}.conf",
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
content => template('apache/fastcgi/server.erb'),
- require => Exec["mkdir ${::apache::confd_dir}"],
- before => File[$::apache::confd_dir],
+ require => Exec["mkdir ${apache::confd_dir}"],
+ before => File[$apache::confd_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/init.pp b/manifests/init.pp
index 67fdaf7c..6fc61249 100755
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,863 +1,862 @@
# @summary
# Guides the basic setup and installation of Apache on your system.
#
# When this class is declared with the default options, Puppet:
# - Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system.
# - Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system.
# - Configures the server with a default virtual host and standard port (`80`) and address (`\*`) bindings.
# - Creates a document root directory determined by your operating system, typically `/var/www`.
# - Starts the Apache service.
#
# @example
# class { 'apache': }
#
# @param allow_encoded_slashes
# Sets the server default for the `AllowEncodedSlashes` declaration, which modifies the
# responses to URLs containing '\' and '/' characters. If not specified, this parameter omits
# the declaration from the server's configuration and uses Apache's default setting of 'off'.
#
# @param apache_version
# Configures module template behavior, package names, and default Apache modules by defining
# the version of Apache to use. We do not recommend manually configuring this parameter
# without reason.
#
# @param conf_dir
# Sets the directory where the Apache server's main configuration file is located.
#
# @param conf_template
# Defines the template used for the main Apache configuration file. Modifying this
# parameter is potentially risky, as the apache module is designed to use a minimal
# configuration file customized by `conf.d` entries.
#
# @param confd_dir
# Sets the location of the Apache server's custom configuration directory.
#
# @param default_charset
# Used as the `AddDefaultCharset` directive in the main configuration file.
#
# @param default_confd_files
# Determines whether Puppet generates a default set of includable Apache configuration files
# in the directory defined by the `confd_dir` parameter. These configuration files
# correspond to what is typically installed with the Apache package on the server's
# operating system.
#
# @param default_mods
# Determines whether to configure and enable a set of default Apache modules depending on
# your operating system.
# If `false`, Puppet includes only the Apache modules required to make the HTTP daemon work
# on your operating system, and you can declare any other modules separately using the
# `apache::mod::` class or `apache::mod` defined type.
# If `true`, Puppet installs additional modules, depending on the operating system and
# the values of `apache_version` and `mpm_module` parameters. Because these lists of
# modules can change frequently, consult the Puppet module's code for up-to-date lists.
# If this parameter contains an array, Puppet instead enables all passed Apache modules.
#
# @param default_ssl_ca
# Sets the default certificate authority for the Apache server.
# Although the default value results in a functioning Apache server, you **must** update
# this parameter with your certificate authority information before deploying this server in
# a production environment.
#
# @param default_ssl_cert
# Sets the SSL encryption certificate location.
# Although the default value results in a functioning Apache server, you **must** update this
# parameter with your certificate location before deploying this server in a production environment.
#
# @param default_ssl_chain
# Sets the default SSL chain location.
# Although this default value results in a functioning Apache server, you **must** update
# this parameter with your SSL chain before deploying this server in a production environment.
#
# @param default_ssl_crl
# Sets the path of the default certificate revocation list (CRL) file to use.
# Although this default value results in a functioning Apache server, you **must** update
# this parameter with the CRL file path before deploying this server in a production
# environment. You can use this parameter with or in place of the `default_ssl_crl_path`.
#
# @param default_ssl_crl_path
# Sets the server's certificate revocation list path, which contains your CRLs.
# Although this default value results in a functioning Apache server, you **must** update
# this parameter with the CRL file path before deploying this server in a production environment.
#
# @param default_ssl_crl_check
# Sets the default certificate revocation check level via the `SSLCARevocationCheck` directive.
# This parameter applies only to Apache 2.4 or higher and is ignored on older versions.
# Although this default value results in a functioning Apache server, you **must** specify
# this parameter when using certificate revocation lists in a production environment.
#
# @param default_ssl_key
# Sets the SSL certificate key file location.
# Although the default values result in a functioning Apache server, you **must** update
# this parameter with your SSL key's location before deploying this server in a production
# environment.
#
# @param default_ssl_vhost
# Configures a default SSL virtual host.
# If `true`, Puppet automatically configures the following virtual host using the
# `apache::vhost` defined type:
# ```puppet
# apache::vhost { 'default-ssl':
# port => 443,
# ssl => true,
# docroot => $docroot,
# scriptalias => $scriptalias,
# serveradmin => $serveradmin,
# access_log_file => "ssl_${access_log_file}",
# }
# ```
# **Note**: SSL virtual hosts only respond to HTTPS queries.
#
# @param default_type
# _Apache 2.2 only_. Sets the MIME `content-type` sent if the server cannot otherwise
# determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and
# newer, and is only for backwards compatibility in configuration files.
#
# @param default_vhost
# Configures a default virtual host when the class is declared.
# To configure customized virtual hosts, set this parameter's
# value to `false`.
# > **Note**: Apache will not start without at least one virtual host. If you set this
# to `false` you must configure a virtual host elsewhere.
#
# @param dev_packages
# Configures a specific dev package to use.
# For example, using httpd 2.4 from the IUS yum repo:
# ``` puppet
# include ::apache::dev
# class { 'apache':
# apache_name => 'httpd24u',
# dev_packages => 'httpd24u-devel',
# }
# ```
#
# @param docroot
# Sets the default `DocumentRoot` location.
#
# @param error_documents
# Determines whether to enable [custom error documents](https://httpd.apache.org/docs/current/custom-error.html) on the Apache server.
#
# @param group
# Sets the group ID that owns any Apache processes spawned to answer requests.
# By default, Puppet attempts to manage this group as a resource under the `apache`
# class, determining the group based on the operating system as detected by the
# `apache::params` class. To prevent the group resource from being created and use a group
# created by another Puppet module, set the `manage_group` parameter's value to `false`.
# > **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn
# child processes to access resources. It does not change the user that owns the parent server
# process.
#
# @param httpd_dir
# Sets the Apache server's base configuration directory. This is useful for specially
# repackaged Apache server builds but might have unintended consequences when combined
# with the default distribution packages.
#
# @param http_protocol_options
# Specifies the strictness of HTTP protocol checks.
# Valid options: any sequence of the following alternative values: `Strict` or `Unsafe`,
# `RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`.
#
# @param keepalive
# Determines whether to enable persistent HTTP connections with the `KeepAlive` directive.
# If you set this to `On`, use the `keepalive_timeout` and `max_keepalive_requests` parameters
# to set relevant options.
#
# @param keepalive_timeout
# Sets the `KeepAliveTimeout` directive, which determines the amount of time the Apache
# server waits for subsequent requests on a persistent HTTP connection. This parameter is
# only relevant if the `keepalive` parameter is enabled.
#
# @param max_keepalive_requests
# Limits the number of requests allowed per connection when the `keepalive` parameter is enabled.
#
# @param hostname_lookups
# This directive enables DNS lookups so that host names can be logged and passed to
# CGIs/SSIs in REMOTE_HOST.
# > **Note**: If enabled, it impacts performance significantly.
#
# @param ldap_trusted_mode
# The following modes are supported:
#
# NONE - no encryption
# SSL - ldaps:// encryption on default port 636
# TLS - STARTTLS encryption on default port 389
# Not all LDAP toolkits support all the above modes. An error message will be logged at
# runtime if a mode is not supported, and the connection to the LDAP server will fail.
#
#If an ldaps:// URL is specified, the mode becomes SSL and the setting of LDAPTrustedMode is ignored.
#
# @param ldap_verify_server_cert
# Specifies whether to force the verification of a server certificate when establishing an SSL
# connection to the LDAP server.
# On|Off
#
# @param lib_path
# Specifies the location whereApache module files are stored.
# > **Note**: Do not configure this parameter manually without special reason.
#
# @param log_level
# Configures the apache [LogLevel](https://httpd.apache.org/docs/current/mod/core.html#loglevel) directive
# which adjusts the verbosity of the messages recorded in the error logs.
#
# @param log_formats
# Define additional `LogFormat` directives. Values: A hash, such as:
# ``` puppet
# $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' }
# ```
# There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates:
# ``` httpd
# LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
# LogFormat "%h %l %u %t \"%r\" %>s %b" common
# LogFormat "%{Referer}i -> %U" referer
# LogFormat "%{User-agent}i" agent
# LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded
# ```
# If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition.
#
# @param logroot
# Changes the directory of Apache log files for the virtual host.
#
# @param logroot_mode
# Overrides the default `logroot` directory's mode.
# > **Note**: Do _not_ grant write access to the directory where the logs are stored
# without being aware of the consequences. See the [Apache documentation](https://httpd.apache.org/docs/current/logs.html#security)
# for details.
#
# @param manage_group
# When `false`, stops Puppet from creating the group resource.
# If you have a group created from another Puppet module that you want to use to run Apache,
# set this to `false`. Without this parameter, attempting to use a previously established
# group results in a duplicate resource error.
#
# @param supplementary_groups
# A list of groups to which the user belongs. These groups are in addition to the primary group.
# Notice: This option only has an effect when `manage_user` is set to true.
#
# @param manage_user
# When `false`, stops Puppet from creating the user resource.
# This is for instances when you have a user, created from another Puppet module, you want
# to use to run Apache. Without this parameter, attempting to use a previously established
# user would result in a duplicate resource error.
#
# @param mod_dir
# Sets where Puppet places configuration files for your Apache modules.
#
# @param mod_libs
# Allows the user to override default module library names.
# ```puppet
# include apache::params
# class { 'apache':
# mod_libs => merge($::apache::params::mod_libs, {
# 'wsgi' => 'mod_wsgi_python3.so',
# })
# }
# ```
#
# @param mod_packages
# Allows the user to override default module package names.
# ```puppet
# include apache::params
# class { 'apache':
# mod_packages => merge($::apache::params::mod_packages, {
# 'auth_kerb' => 'httpd24-mod_auth_kerb',
# })
# }
# ```
#
# @param mpm_module
# Determines which [multi-processing module](https://httpd.apache.org/docs/current/mpm.html) (MPM) is loaded and configured for the
# HTTPD process. Valid values are: `event`, `itk`, `peruser`, `prefork`, `worker` or `false`.
# You must set this to `false` to explicitly declare the following classes with custom parameters:
# - `apache::mod::event`
# - `apache::mod::itk`
# - `apache::mod::peruser`
# - `apache::mod::prefork`
# - `apache::mod::worker`
#
# @param package_ensure
# Controls the `package` resource's `ensure` attribute. Valid values are: `absent`, `installed`
# (or equivalent `present`), or a version string.
#
# @param pidfile
# Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm.
#
# @param ports_file
# Sets the path to the file containing Apache ports configuration.
#
# @param protocols
# Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols)
# directive, which lists available protocols for the server.
#
# @param protocols_honor_order
# Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder)
# directive which determines whether the order of Protocols sets precedence during negotiation.
#
# @param purge_configs
# Removes all other Apache configs and virtual hosts.
# Setting this to `false` is a stopgap measure to allow the apache module to coexist with
# existing or unmanaged configurations. We recommend moving your configuration to resources
# within this module. For virtual host configurations, see `purge_vhost_dir`.
#
# @param purge_vhost_dir
# If the `vhost_dir` parameter's value differs from the `confd_dir` parameter's, this parameter
# determines whether Puppet removes any configurations inside `vhost_dir` that are _not_ managed
# by Puppet.
# Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache module to
# coexist with existing or otherwise unmanaged configurations within `vhost_dir`.
#
# @param rewrite_lock
# Allows setting a custom location for a rewrite lock - considered best practice if using
# a RewriteMap of type prg in the `rewrites` parameter of your virtual host. This parameter
# only applies to Apache version 2.2 or lower and is ignored on newer versions.
#
# @param sendfile
# Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the
# `EnableSendfile` directive.
#
# @param serveradmin
# Sets the Apache server administrator's contact information via Apache's `ServerAdmin` directive.
#
# @param servername
# Sets the Apache server name via Apache's `ServerName` directive.
# Setting to `false` will not set ServerName at all.
#
# @param server_root
# Sets the Apache server's root directory via Apache's `ServerRoot` directive.
#
# @param server_signature
# Configures a trailing footer line to display at the bottom of server-generated documents,
# such as error documents and output of certain Apache modules, via Apache's `ServerSignature`
# directive. Valid values are: `On` or `Off`.
#
# @param server_tokens
# Controls how much information Apache sends to the browser about itself and the operating
# system, via Apache's `ServerTokens` directive.
#
# @param service_enable
# Determines whether Puppet enables the Apache HTTPD service when the system is booted.
#
# @param service_ensure
# Determines whether Puppet should make sure the service is running.
# Valid values are: `true` (or `running`) or `false` (or `stopped`).
# The `false` or `stopped` values set the 'httpd' service resource's `ensure` parameter
# to `false`, which is useful when you want to let the service be managed by another
# application, such as Pacemaker.
#
# @param service_name
# Sets the name of the Apache service.
#
# @param service_manage
# Determines whether Puppet manages the HTTPD service's state.
#
# @param service_restart
# Determines whether Puppet should use a specific command to restart the HTTPD service.
# Values: a command to restart the Apache service.
#
# @param timeout
# Sets Apache's `TimeOut` directive, which defines the number of seconds Apache waits for
# certain events before failing a request.
#
# @param trace_enable
# Controls how Apache handles `TRACE` requests (per RFC 2616) via the `TraceEnable` directive.
#
# @param use_canonical_name
# Controls Apache's `UseCanonicalName` directive which controls how Apache handles
# self-referential URLs. If not specified, this parameter omits the declaration from the
# server's configuration and uses Apache's default setting of 'off'.
#
# @param use_systemd
# Controls whether the systemd module should be installed on Centos 7 servers, this is
# especially useful if using custom-built RPMs.
#
# @param file_mode
# Sets the desired permissions mode for config files.
# Valid values are: a string, with permissions mode in symbolic or numeric notation.
#
# @param root_directory_options
# Array of the desired options for the `/` directory in httpd.conf.
#
# @param root_directory_secured
# Sets the default access policy for the `/` directory in httpd.conf. A value of `false`
# allows access to all resources that are missing a more specific access policy. A value of
# `true` denies access to all resources by default. If `true`, more specific rules must be
# used to allow access to these resources (for example, in a directory block using the
# `directories` parameter).
#
# @param vhost_dir
# Changes your virtual host configuration files' location.
#
# @param vhost_include_pattern
# Defines the pattern for files included from the `vhost_dir`.
# If set to a value like `[^.#]\*.conf[^~]` to make sure that files accidentally created in
# this directory (such as files created by version control systems or editor backups) are
# *not* included in your server configuration.
# Some operating systems use a value of `*.conf`. By default, this module creates configuration
# files ending in `.conf`.
#
# @param user
# Changes the user that Apache uses to answer requests. Apache's parent process continues
# to run as root, but child processes access resources as the user defined by this parameter.
# To prevent Puppet from managing the user, set the `manage_user` parameter to `false`.
#
# @param apache_name
# The name of the Apache package to install. If you are using a non-standard Apache package
# you might need to override the default setting.
# For CentOS/RHEL Software Collections (SCL), you can also use `apache::version::scl_httpd_version`.
#
# @param error_log
# The name of the error log file for the main server instance. If the string starts with
# `/`, `|`, or `syslog`: the full path is set. Otherwise, the filename is prefixed with
# `$logroot`.
#
# @param scriptalias
# Directory to use for global script alias
#
# @param access_log_file
# The name of the access log file for the main server instance.
#
# @param limitreqfields
# The `limitreqfields` parameter sets the maximum number of request header fields in
# an HTTP request. This directive gives the server administrator greater control over
# abnormal client request behavior, which may be useful for avoiding some forms of
# denial-of-service attacks. The value should be increased if normal clients see an error
# response from the server that indicates too many fields were sent in the request.
#
# @param limitreqfieldsize
# The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will
# be allowed within a request header.
#
# @param ip
# Specifies the ip address
#
# @param purge_vdir
# Removes all other Apache configs and virtual hosts.
# > **Note**: This parameter is deprecated in favor of the `purge_config` parameter.
#
# @param conf_enabled
# Whether the additional config files in `/etc/apache2/conf-enabled` should be managed.
#
# @param vhost_enable_dir
# Set's whether the vhost definitions will be stored in sites-availible and if
# they will be symlinked to and from sites-enabled.
#
# @param mod_enable_dir
# Set's whether the mods-enabled directory should be managed.
#
# @param ssl_file
# This parameter allows you to set an ssl.conf file to be managed in order to implement
# an SSL Certificate.
#
# @param file_e_tag
# Sets the server default for the `FileETag` declaration, which modifies the response header
# field for static files.
#
# @param use_optional_includes
# Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for
# `additional_includes` in Apache 2.4 or newer.
#
# @param mime_types_additional
# Specifies any idditional Internet media (mime) types that you wish to be configured.
#
class apache (
- $apache_name = $::apache::params::apache_name,
- $service_name = $::apache::params::service_name,
+ $apache_name = $apache::params::apache_name,
+ $service_name = $apache::params::service_name,
$default_mods = true,
Boolean $default_vhost = true,
$default_charset = undef,
Boolean $default_confd_files = true,
Boolean $default_ssl_vhost = false,
- $default_ssl_cert = $::apache::params::default_ssl_cert,
- $default_ssl_key = $::apache::params::default_ssl_key,
+ $default_ssl_cert = $apache::params::default_ssl_cert,
+ $default_ssl_key = $apache::params::default_ssl_key,
$default_ssl_chain = undef,
$default_ssl_ca = undef,
$default_ssl_crl_path = undef,
$default_ssl_crl = undef,
$default_ssl_crl_check = undef,
$default_type = 'none',
- $dev_packages = $::apache::params::dev_packages,
+ $dev_packages = $apache::params::dev_packages,
$ip = undef,
Boolean $service_enable = true,
Boolean $service_manage = true,
$service_ensure = 'running',
$service_restart = undef,
$purge_configs = true,
$purge_vhost_dir = undef,
$purge_vdir = false,
$serveradmin = 'root@localhost',
Enum['On', 'Off', 'on', 'off'] $sendfile = 'On',
$ldap_verify_server_cert = undef,
$ldap_trusted_mode = undef,
$error_documents = false,
$timeout = '60',
- $httpd_dir = $::apache::params::httpd_dir,
- $server_root = $::apache::params::server_root,
- $conf_dir = $::apache::params::conf_dir,
- $confd_dir = $::apache::params::confd_dir,
- Enum['Off', 'On', 'Double', 'off', 'on', 'double'] $hostname_lookups = $::apache::params::hostname_lookups,
- $conf_enabled = $::apache::params::conf_enabled,
- $vhost_dir = $::apache::params::vhost_dir,
- $vhost_enable_dir = $::apache::params::vhost_enable_dir,
- $mod_libs = $::apache::params::mod_libs,
- $mod_packages = $::apache::params::mod_packages,
- $vhost_include_pattern = $::apache::params::vhost_include_pattern,
- $mod_dir = $::apache::params::mod_dir,
- $mod_enable_dir = $::apache::params::mod_enable_dir,
- $mpm_module = $::apache::params::mpm_module,
- $lib_path = $::apache::params::lib_path,
- $conf_template = $::apache::params::conf_template,
- $servername = $::apache::params::servername,
- $pidfile = $::apache::params::pidfile,
+ $httpd_dir = $apache::params::httpd_dir,
+ $server_root = $apache::params::server_root,
+ $conf_dir = $apache::params::conf_dir,
+ $confd_dir = $apache::params::confd_dir,
+ Enum['Off', 'On', 'Double', 'off', 'on', 'double'] $hostname_lookups = $apache::params::hostname_lookups,
+ $conf_enabled = $apache::params::conf_enabled,
+ $vhost_dir = $apache::params::vhost_dir,
+ $vhost_enable_dir = $apache::params::vhost_enable_dir,
+ $mod_libs = $apache::params::mod_libs,
+ $mod_packages = $apache::params::mod_packages,
+ $vhost_include_pattern = $apache::params::vhost_include_pattern,
+ $mod_dir = $apache::params::mod_dir,
+ $mod_enable_dir = $apache::params::mod_enable_dir,
+ $mpm_module = $apache::params::mpm_module,
+ $lib_path = $apache::params::lib_path,
+ $conf_template = $apache::params::conf_template,
+ $servername = $apache::params::servername,
+ $pidfile = $apache::params::pidfile,
Optional[Stdlib::Absolutepath] $rewrite_lock = undef,
Boolean $manage_user = true,
Boolean $manage_group = true,
- $user = $::apache::params::user,
- $group = $::apache::params::group,
- $http_protocol_options = $::apache::params::http_protocol_options,
+ $user = $apache::params::user,
+ $group = $apache::params::group,
+ $http_protocol_options = $apache::params::http_protocol_options,
$supplementary_groups = [],
- $keepalive = $::apache::params::keepalive,
- $keepalive_timeout = $::apache::params::keepalive_timeout,
- $max_keepalive_requests = $::apache::params::max_keepalive_requests,
+ $keepalive = $apache::params::keepalive,
+ $keepalive_timeout = $apache::params::keepalive_timeout,
+ $max_keepalive_requests = $apache::params::max_keepalive_requests,
$limitreqfieldsize = '8190',
$limitreqfields = '100',
- $logroot = $::apache::params::logroot,
- $logroot_mode = $::apache::params::logroot_mode,
- Apache::LogLevel $log_level = $::apache::params::log_level,
+ $logroot = $apache::params::logroot,
+ $logroot_mode = $apache::params::logroot_mode,
+ Apache::LogLevel $log_level = $apache::params::log_level,
$log_formats = {},
$ssl_file = undef,
- $ports_file = $::apache::params::ports_file,
- $docroot = $::apache::params::docroot,
- $apache_version = $::apache::version::default,
+ $ports_file = $apache::params::ports_file,
+ $docroot = $apache::params::docroot,
+ $apache_version = $apache::version::default,
$server_tokens = 'Prod',
$server_signature = 'On',
$trace_enable = 'On',
Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef,
$file_e_tag = undef,
Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']]
- $use_canonical_name = undef,
+ $use_canonical_name = undef,
$package_ensure = 'installed',
- Boolean $use_optional_includes = $::apache::params::use_optional_includes,
- $use_systemd = $::apache::params::use_systemd,
- $mime_types_additional = $::apache::params::mime_types_additional,
- $file_mode = $::apache::params::file_mode,
- $root_directory_options = $::apache::params::root_directory_options,
+ Boolean $use_optional_includes = $apache::params::use_optional_includes,
+ $use_systemd = $apache::params::use_systemd,
+ $mime_types_additional = $apache::params::mime_types_additional,
+ $file_mode = $apache::params::file_mode,
+ $root_directory_options = $apache::params::root_directory_options,
Boolean $root_directory_secured = false,
- $error_log = $::apache::params::error_log,
- $scriptalias = $::apache::params::scriptalias,
- $access_log_file = $::apache::params::access_log_file,
+ $error_log = $apache::params::error_log,
+ $scriptalias = $apache::params::scriptalias,
+ $access_log_file = $apache::params::access_log_file,
Array[Enum['h2', 'h2c', 'http/1.1']] $protocols = [],
Optional[Boolean] $protocols_honor_order = undef,
) inherits ::apache::params {
-
$valid_mpms_re = $apache_version ? {
'2.4' => '(event|itk|peruser|prefork|worker)',
default => '(event|itk|prefork|worker)'
}
- if $::osfamily == 'RedHat' and $::apache::version::distrelease == '7' {
+ if $::osfamily == 'RedHat' and $apache::version::distrelease == '7' {
# On redhat 7 the ssl.conf lives in /etc/httpd/conf.d (the confd_dir)
# when all other module configs live in /etc/httpd/conf.modules.d (the
# mod_dir). On all other platforms and versions, ssl.conf lives in the
# mod_dir. This should maintain the expected location of ssl.conf
$_ssl_file = $ssl_file ? {
undef => "${apache::confd_dir}/ssl.conf",
- default => $ssl_file
+ default => $ssl_file
}
} else {
$_ssl_file = $ssl_file ? {
undef => "${apache::mod_dir}/ssl.conf",
- default => $ssl_file
+ default => $ssl_file
}
}
if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans
assert_type(Pattern[$valid_mpms_re], $mpm_module)
}
# NOTE: on FreeBSD it's mpm module's responsibility to install httpd package.
# NOTE: the same strategy may be introduced for other OSes. For this, you
# should delete the 'if' block below and modify all MPM modules' manifests
# such that they include apache::package class (currently event.pp, itk.pp,
# peruser.pp, prefork.pp, worker.pp).
if $::osfamily != 'FreeBSD' {
package { 'httpd':
ensure => $package_ensure,
name => $apache_name,
notify => Class['Apache::Service'],
}
}
# declare the web server user and group
# Note: requiring the package means the package ought to create them and not puppet
if $manage_user {
user { $user:
ensure => present,
gid => $group,
groups => $supplementary_groups,
require => Package['httpd'],
}
}
if $manage_group {
group { $group:
ensure => present,
require => Package['httpd'],
}
}
- class { '::apache::service':
+ class { 'apache::service':
service_name => $service_name,
service_enable => $service_enable,
service_manage => $service_manage,
service_ensure => $service_ensure,
service_restart => $service_restart,
}
# Deprecated backwards-compatibility
if $purge_vdir {
warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs')
$purge_confd = $purge_vdir
} else {
$purge_confd = $purge_configs
}
# Set purge vhostd appropriately
if $purge_vhost_dir == undef {
$purge_vhostd = $purge_confd
} else {
$purge_vhostd = $purge_vhost_dir
}
Exec {
path => '/bin:/sbin:/usr/bin:/usr/sbin',
}
exec { "mkdir ${confd_dir}":
creates => $confd_dir,
require => Package['httpd'],
}
file { $confd_dir:
ensure => directory,
recurse => true,
purge => $purge_confd,
force => $purge_confd,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
if $conf_enabled and ! defined(File[$conf_enabled]) {
file { $conf_enabled:
ensure => directory,
recurse => true,
purge => $purge_confd,
force => $purge_confd,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
}
if ! defined(File[$mod_dir]) {
exec { "mkdir ${mod_dir}":
creates => $mod_dir,
require => Package['httpd'],
}
# Don't purge available modules if an enable dir is used
$purge_mod_dir = $purge_configs and !$mod_enable_dir
file { $mod_dir:
ensure => directory,
recurse => true,
purge => $purge_mod_dir,
notify => Class['Apache::Service'],
require => Package['httpd'],
before => Anchor['::apache::modules_set_up'],
}
}
if $mod_enable_dir and ! defined(File[$mod_enable_dir]) {
$mod_load_dir = $mod_enable_dir
exec { "mkdir ${mod_enable_dir}":
creates => $mod_enable_dir,
require => Package['httpd'],
}
file { $mod_enable_dir:
ensure => directory,
recurse => true,
purge => $purge_configs,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
} else {
$mod_load_dir = $mod_dir
}
if ! defined(File[$vhost_dir]) {
exec { "mkdir ${vhost_dir}":
creates => $vhost_dir,
require => Package['httpd'],
}
file { $vhost_dir:
ensure => directory,
recurse => true,
purge => $purge_vhostd,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
}
if $vhost_enable_dir and ! defined(File[$vhost_enable_dir]) {
$vhost_load_dir = $vhost_enable_dir
exec { "mkdir ${vhost_load_dir}":
creates => $vhost_load_dir,
require => Package['httpd'],
}
file { $vhost_enable_dir:
ensure => directory,
recurse => true,
purge => $purge_vhostd,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
} else {
$vhost_load_dir = $vhost_dir
}
concat { $ports_file:
ensure => present,
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
concat::fragment { 'Apache ports header':
target => $ports_file,
content => template('apache/ports_header.erb'),
}
- if $::apache::conf_dir and $::apache::params::conf_file {
+ if $apache::conf_dir and $apache::params::conf_file {
if $::osfamily == 'gentoo' {
$error_documents_path = '/usr/share/apache2/error'
if $default_mods =~ Array {
if versioncmp($apache_version, '2.4') >= 0 {
if defined('apache::mod::ssl') {
::portage::makeconf { 'apache2_modules':
- content => concat($default_mods, [ 'authz_core', 'socache_shmcb' ]),
+ content => concat($default_mods, ['authz_core', 'socache_shmcb']),
}
} else {
::portage::makeconf { 'apache2_modules':
content => concat($default_mods, 'authz_core'),
}
}
} else {
::portage::makeconf { 'apache2_modules':
content => $default_mods,
}
}
}
file { [
- '/etc/apache2/modules.d/.keep_www-servers_apache-2',
- '/etc/apache2/vhosts.d/.keep_www-servers_apache-2',
- ]:
- ensure => absent,
- require => Package['httpd'],
+ '/etc/apache2/modules.d/.keep_www-servers_apache-2',
+ '/etc/apache2/vhosts.d/.keep_www-servers_apache-2',
+ ]:
+ ensure => absent,
+ require => Package['httpd'],
}
}
$apxs_workaround = $::osfamily ? {
'freebsd' => true,
default => false
}
# Template uses:
# - $pidfile
# - $user
# - $group
# - $logroot
# - $error_log
# - $sendfile
# - $mod_dir
# - $ports_file
# - $confd_dir
# - $vhost_dir
# - $error_documents
# - $error_documents_path
# - $apxs_workaround
# - $http_protocol_options
# - $keepalive
# - $keepalive_timeout
# - $max_keepalive_requests
# - $server_root
# - $server_tokens
# - $server_signature
# - $trace_enable
# - $rewrite_lock
# - $root_directory_secured
- file { "${::apache::conf_dir}/${::apache::params::conf_file}":
+ file { "${apache::conf_dir}/${apache::params::conf_file}":
ensure => file,
- mode => $::apache::file_mode,
+ mode => $apache::file_mode,
content => template($conf_template),
notify => Class['Apache::Service'],
require => [Package['httpd'], Concat[$ports_file]],
}
# preserve back-wards compatibility to the times when default_mods was
# only a boolean value. Now it can be an array (too)
if $default_mods =~ Array {
- class { '::apache::default_mods':
+ class { 'apache::default_mods':
all => false,
mods => $default_mods,
}
} else {
- class { '::apache::default_mods':
+ class { 'apache::default_mods':
all => $default_mods,
}
}
- class { '::apache::default_confd_files':
+ class { 'apache::default_confd_files':
all => $default_confd_files,
}
if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans
include "::apache::mod::${mpm_module}"
}
$default_vhost_ensure = $default_vhost ? {
true => 'present',
false => 'absent'
}
$default_ssl_vhost_ensure = $default_ssl_vhost ? {
true => 'present',
false => 'absent'
}
::apache::vhost { 'default':
ensure => $default_vhost_ensure,
port => '80',
docroot => $docroot,
scriptalias => $scriptalias,
serveradmin => $serveradmin,
access_log_file => $access_log_file,
priority => '15',
ip => $ip,
logroot_mode => $logroot_mode,
manage_docroot => $default_vhost,
}
$ssl_access_log_file = $::osfamily ? {
'freebsd' => $access_log_file,
default => "ssl_${access_log_file}",
}
::apache::vhost { 'default-ssl':
ensure => $default_ssl_vhost_ensure,
port => '443',
ssl => true,
docroot => $docroot,
scriptalias => $scriptalias,
serveradmin => $serveradmin,
access_log_file => $ssl_access_log_file,
priority => '15',
ip => $ip,
logroot_mode => $logroot_mode,
manage_docroot => $default_ssl_vhost,
}
}
# This anchor can be used as a reference point for things that need to happen *after*
# all modules have been put in place.
anchor { '::apache::modules_set_up': }
}
diff --git a/manifests/listen.pp b/manifests/listen.pp
index 25fb2801..3eb60baa 100644
--- a/manifests/listen.pp
+++ b/manifests/listen.pp
@@ -1,15 +1,15 @@
# @summary
# Adds `Listen` directives to `ports.conf` that define the
# Apache server's or a virtual host's listening address and port.
#
# The `apache::vhost` class uses this defined type, and titles take the form
# ``, `:`, or `:`.
define apache::listen {
$listen_addr_port = $name
# Template uses: $listen_addr_port
concat::fragment { "Listen ${listen_addr_port}":
- target => $::apache::ports_file,
+ target => $apache::ports_file,
content => template('apache/listen.erb'),
}
}
diff --git a/manifests/mod.pp b/manifests/mod.pp
index 323935c5..0f7105d6 100644
--- a/manifests/mod.pp
+++ b/manifests/mod.pp
@@ -1,210 +1,210 @@
# @summary
# Installs packages for an Apache module that doesn't have a corresponding
# `apache::mod::` class.
#
# Checks for or places the module's default configuration files in the Apache server's
# `module` and `enable` directories. The default locations depend on your operating system.
#
# @param package
# **Required**.
# Names the package Puppet uses to install the Apache module.
#
# @param package_ensure
# Determines whether Puppet ensures the Apache module should be installed.
#
# @param lib
# Defines the module's shared object name. Do not configure manually without special reason.
#
# @param lib_path
# Specifies a path to the module's libraries. Do not manually set this parameter
# without special reason. The `path` parameter overrides this value.
#
# @param loadfile_name
# Sets the filename for the module's `LoadFile` directive, which can also set
# the module load order as Apache processes them in alphanumeric order.
#
# @param id
# Specifies the package id
#
# @param loadfiles
# Specifies an array of `LoadFile` directives.
#
# @param path
# Specifies a path to the module. Do not manually set this parameter without a special reason.
#
define apache::mod (
$package = undef,
$package_ensure = 'present',
$lib = undef,
- $lib_path = $::apache::lib_path,
+ $lib_path = $apache::lib_path,
$id = undef,
$path = undef,
$loadfile_name = undef,
$loadfiles = undef,
) {
if ! defined(Class['apache']) {
fail('You must include the apache base class before using any apache defined resources')
}
$mod = $name
#include apache #This creates duplicate resources in rspec-puppet
- $mod_dir = $::apache::mod_dir
+ $mod_dir = $apache::mod_dir
# Determine if we have special lib
- $mod_libs = $::apache::mod_libs
+ $mod_libs = $apache::mod_libs
if $lib {
$_lib = $lib
} elsif has_key($mod_libs, $mod) { # 2.6 compatibility hack
$_lib = $mod_libs[$mod]
} else {
$_lib = "mod_${mod}.so"
}
# Determine if declaration specified a path to the module
if $path {
$_path = $path
} else {
$_path = "${lib_path}/${_lib}"
}
if $id {
$_id = $id
} else {
$_id = "${mod}_module"
}
if $loadfile_name {
$_loadfile_name = $loadfile_name
} else {
$_loadfile_name = "${mod}.load"
}
# Determine if we have a package
- $mod_packages = $::apache::mod_packages
+ $mod_packages = $apache::mod_packages
if $package {
$_package = $package
} elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack
- if ($::apache::apache_version == '2.4' and $::operatingsystem =~ /^[Aa]mazon$/ and $::operatingsystemmajrelease != '2') {
+ if ($apache::apache_version == '2.4' and $::operatingsystem =~ /^[Aa]mazon$/ and $::operatingsystemmajrelease != '2') {
# On amazon linux we need to prefix our package name with mod24 instead of mod to support apache 2.4
$_package = regsubst($mod_packages[$mod],'^(mod_)?(.*)','mod24_\2')
} else {
$_package = $mod_packages[$mod]
}
} else {
$_package = undef
}
if $_package and ! defined(Package[$_package]) {
# note: FreeBSD/ports uses apxs tool to activate modules; apxs clutters
# httpd.conf with 'LoadModule' directives; here, by proper resource
# ordering, we ensure that our version of httpd.conf is reverted after
# the module gets installed.
$package_before = $::osfamily ? {
'freebsd' => [
File[$_loadfile_name],
- File["${::apache::conf_dir}/${::apache::params::conf_file}"]
+ File["${apache::conf_dir}/${apache::params::conf_file}"]
],
default => [
File[$_loadfile_name],
- File[$::apache::confd_dir],
+ File[$apache::confd_dir],
],
}
# if there are any packages, they should be installed before the associated conf file
Package[$_package] -> File<| title == "${mod}.conf" |>
# $_package may be an array
package { $_package:
ensure => $package_ensure,
require => Package['httpd'],
before => $package_before,
notify => Class['apache::service'],
}
}
file { $_loadfile_name:
ensure => file,
path => "${mod_dir}/${_loadfile_name}",
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
content => template('apache/mod/load.erb'),
require => [
Package['httpd'],
Exec["mkdir ${mod_dir}"],
],
before => File[$mod_dir],
notify => Class['apache::service'],
}
if $::osfamily == 'Debian' {
- $enable_dir = $::apache::mod_enable_dir
- file{ "${_loadfile_name} symlink":
+ $enable_dir = $apache::mod_enable_dir
+ file { "${_loadfile_name} symlink":
ensure => link,
path => "${enable_dir}/${_loadfile_name}",
target => "${mod_dir}/${_loadfile_name}",
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
require => [
File[$_loadfile_name],
Exec["mkdir ${enable_dir}"],
],
before => File[$enable_dir],
notify => Class['apache::service'],
}
# Each module may have a .conf file as well, which should be
# defined in the class apache::mod::module
# Some modules do not require this file.
if defined(File["${mod}.conf"]) {
- file{ "${mod}.conf symlink":
+ file { "${mod}.conf symlink":
ensure => link,
path => "${enable_dir}/${mod}.conf",
target => "${mod_dir}/${mod}.conf",
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
require => [
File["${mod}.conf"],
Exec["mkdir ${enable_dir}"],
],
before => File[$enable_dir],
notify => Class['apache::service'],
}
}
} elsif $::osfamily == 'Suse' {
- $enable_dir = $::apache::mod_enable_dir
- file{ "${_loadfile_name} symlink":
+ $enable_dir = $apache::mod_enable_dir
+ file { "${_loadfile_name} symlink":
ensure => link,
path => "${enable_dir}/${_loadfile_name}",
target => "${mod_dir}/${_loadfile_name}",
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
require => [
File[$_loadfile_name],
Exec["mkdir ${enable_dir}"],
],
before => File[$enable_dir],
notify => Class['apache::service'],
}
# Each module may have a .conf file as well, which should be
# defined in the class apache::mod::module
# Some modules do not require this file.
if defined(File["${mod}.conf"]) {
- file{ "${mod}.conf symlink":
+ file { "${mod}.conf symlink":
ensure => link,
path => "${enable_dir}/${mod}.conf",
target => "${mod_dir}/${mod}.conf",
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
require => [
File["${mod}.conf"],
Exec["mkdir ${enable_dir}"],
],
before => File[$enable_dir],
notify => Class['apache::service'],
}
}
}
Apache::Mod[$name] -> Anchor['::apache::modules_set_up']
}
diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp
index de21d2c2..e8bca444 100644
--- a/manifests/mod/alias.pp
+++ b/manifests/mod/alias.pp
@@ -1,42 +1,42 @@
# @summary
# Installs and configures `mod_alias`.
#
# @param apache_version
# The version of Apache, if not set will be retrieved from the init class.
#
# @param icons_options
# Disables directory listings for the icons directory, via Apache [Options](https://httpd.apache.org/docs/current/mod/core.html#options)
# directive.
#
# @param icons_path
# Sets the local path for an /icons/ Alias. Default depends on operating system:
# - Debian: /usr/share/apache2/icons
# - FreeBSD: /usr/local/www/apache24/icons
# - Gentoo: /var/www/icons
# - Red Hat: /var/www/icons, except on Apache 2.4, where it's /usr/share/httpd/icons
#
# @see https://httpd.apache.org/docs/current/mod/mod_alias.html for additional documentation.
#
-class apache::mod::alias(
+class apache::mod::alias (
$apache_version = undef,
$icons_options = 'Indexes MultiViews',
# set icons_path to false to disable the alias
- $icons_path = $::apache::params::alias_icons_path,
+ $icons_path = $apache::params::alias_icons_path,
) inherits ::apache::params {
- include ::apache
+ include apache
$_apache_version = pick($apache_version, $apache::apache_version)
apache::mod { 'alias': }
# Template uses $icons_path, $_apache_version
if $icons_path {
file { 'alias.conf':
ensure => file,
- path => "${::apache::mod_dir}/alias.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/alias.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/alias.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
}
diff --git a/manifests/mod/auth_cas.pp b/manifests/mod/auth_cas.pp
index e13cad21..51e7d2c0 100644
--- a/manifests/mod/auth_cas.pp
+++ b/manifests/mod/auth_cas.pp
@@ -1,138 +1,136 @@
# @summary
# Installs and configures `mod_auth_cas`.
#
# @param cas_login_url
# Sets the URL to which the module redirects users when they attempt to access a
# CAS-protected resource and don't have an active session.
#
# @param cas_validate_url
# Sets the URL to use when validating a client-presented ticket in an HTTP query string.
#
# @param cas_cookie_path
# Sets the location where information on the current session should be stored. This should
# be writable by the web server only.
#
# @param cas_cookie_path_mode
# The mode of cas_cookie_path.
#
# @param cas_version
# The version of the CAS protocol to adhere to.
#
# @param cas_debug
# Whether to enable or disable debug mode.
#
# @param cas_validate_server
# Whether to validate the presented certificate. This has been deprecated and
# removed from Version 1.1-RC1 onward.
#
# @param cas_validatedepth
# The maximum depth for chained certificate validation.
#
# @param cas_proxy_validate_url
# The URL to use when performing a proxy validation.
#
# @param cas_root_proxied_as
# Sets the URL end users see when access to this Apache server is proxied per vhost.
# This URL should not include a trailing slash.
#
# @param cas_cookie_entropy
# When creating a local session, this many random bytes are used to create a unique
# session identifier.
#
# @param cas_timeout
# The hard limit, in seconds, for a mod_auth_cas session.
#
# @param cas_idle_timeout
# The limit, in seconds, of how long a mod_auth_cas session can be idle.
#
# @param cas_cache_clean_interval
# The minimum amount of time that must pass inbetween cache cleanings.
#
# @param cas_cookie_domain
# The value for the 'Domain=' parameter in the Set-Cookie header.
#
# @param cas_cookie_http_only
# Setting this flag prevents the mod_auth_cas cookies from being accessed by
# client side Javascript.
#
# @param cas_authoritative
# Determines whether an optional authorization directive is authoritative and thus binding.
#
# @param cas_validate_saml
# Parse response from CAS server for SAML.
#
# @param cas_sso_enabled
# Enables experimental support for single sign out (may mangle POST data).
#
# @param cas_attribute_prefix
# Adds a header with the value of this header being the attribute values when SAML
# validation is enabled.
#
# @param cas_attribute_delimiter
# Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
#
# @param cas_scrub_request_headers
# Remove inbound request headers that may have special meaning within mod_auth_cas.
#
# @param suppress_warning
# Suppress warning about being on RedHat (mod_auth_cas package is now available in epel-testing repo).
#
# @note The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL.
#
# @see https://github.com/apereo/mod_auth_cas for additional documentation.
#
class apache::mod::auth_cas (
String $cas_login_url,
String $cas_validate_url,
- String $cas_cookie_path = $::apache::params::cas_cookie_path,
+ String $cas_cookie_path = $apache::params::cas_cookie_path,
$cas_cookie_path_mode = '0750',
$cas_version = 2,
$cas_debug = 'Off',
$cas_validate_server = undef,
$cas_validate_depth = undef,
$cas_certificate_path = undef,
$cas_proxy_validate_url = undef,
$cas_root_proxied_as = undef,
$cas_cookie_entropy = undef,
$cas_timeout = undef,
$cas_idle_timeout = undef,
$cas_cache_clean_interval = undef,
$cas_cookie_domain = undef,
$cas_cookie_http_only = undef,
$cas_authoritative = undef,
$cas_validate_saml = undef,
$cas_sso_enabled = undef,
$cas_attribute_prefix = undef,
$cas_attribute_delimiter = undef,
$cas_scrub_request_headers = undef,
$suppress_warning = false,
) inherits ::apache::params {
-
if $::osfamily == 'RedHat' and ! $suppress_warning {
warning('RedHat distributions do not have Apache mod_auth_cas in their default package repositories.')
}
- include ::apache
+ include apache
::apache::mod { 'auth_cas': }
file { $cas_cookie_path:
ensure => directory,
before => File['auth_cas.conf'],
mode => $cas_cookie_path_mode,
owner => $apache::user,
group => $apache::group,
}
# Template uses
# - All variables beginning with cas_
file { 'auth_cas.conf':
ensure => file,
- path => "${::apache::mod_dir}/auth_cas.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/auth_cas.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/auth_cas.conf.erb'),
- require => [ Exec["mkdir ${::apache::mod_dir}"], ],
- before => File[$::apache::mod_dir],
+ require => [Exec["mkdir ${apache::mod_dir}"],],
+ before => File[$apache::mod_dir],
notify => Class['Apache::Service'],
}
-
}
diff --git a/manifests/mod/auth_kerb.pp b/manifests/mod/auth_kerb.pp
index 79bde559..093c26d2 100644
--- a/manifests/mod/auth_kerb.pp
+++ b/manifests/mod/auth_kerb.pp
@@ -1,11 +1,9 @@
# @summary
# Installs `mod_auth_kerb`
#
# @see http://modauthkerb.sourceforge.net for additional documentation.
class apache::mod::auth_kerb {
- include ::apache
- include ::apache::mod::authn_core
+ include apache
+ include apache::mod::authn_core
::apache::mod { 'auth_kerb': }
}
-
-
diff --git a/manifests/mod/auth_mellon.pp b/manifests/mod/auth_mellon.pp
index b1edc482..d585aed6 100644
--- a/manifests/mod/auth_mellon.pp
+++ b/manifests/mod/auth_mellon.pp
@@ -1,52 +1,50 @@
# @summary
# Installs and configures `mod_auth_mellon`.
#
# @param mellon_cache_size
# Maximum number of sessions which can be active at once.
#
# @param mellon_lock_file
# Full path to a file used for synchronizing access to the session data.
#
# @param mellon_post_directory
# Full path of a directory where POST requests are saved during authentication.
#
# @param mellon_cache_entry_size
# Maximum size for a single session entry in bytes.
#
# @param mellon_post_ttl
# Delay in seconds before a saved POST request can be flushed.
#
# @param mellon_post_size
# Maximum size for saved POST requests.
#
# @param mellon_post_count
# Maximum amount of saved POST requests.
#
# @see https://github.com/Uninett/mod_auth_mellon for additional documentation.
#
class apache::mod::auth_mellon (
- $mellon_cache_size = $::apache::params::mellon_cache_size,
- $mellon_lock_file = $::apache::params::mellon_lock_file,
- $mellon_post_directory = $::apache::params::mellon_post_directory,
+ $mellon_cache_size = $apache::params::mellon_cache_size,
+ $mellon_lock_file = $apache::params::mellon_lock_file,
+ $mellon_post_directory = $apache::params::mellon_post_directory,
$mellon_cache_entry_size = undef,
$mellon_post_ttl = undef,
$mellon_post_size = undef,
$mellon_post_count = undef
) inherits ::apache::params {
-
- include ::apache
+ include apache
::apache::mod { 'auth_mellon': }
# Template uses
# - All variables beginning with mellon_
file { 'auth_mellon.conf':
ensure => file,
- path => "${::apache::mod_dir}/auth_mellon.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/auth_mellon.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/auth_mellon.conf.erb'),
- require => [ Exec["mkdir ${::apache::mod_dir}"], ],
- before => File[$::apache::mod_dir],
+ require => [Exec["mkdir ${apache::mod_dir}"],],
+ before => File[$apache::mod_dir],
notify => Class['Apache::Service'],
}
-
}
diff --git a/manifests/mod/auth_openidc.pp b/manifests/mod/auth_openidc.pp
index 36337fd3..ad0024fc 100644
--- a/manifests/mod/auth_openidc.pp
+++ b/manifests/mod/auth_openidc.pp
@@ -1,13 +1,11 @@
# @summary
# Installs and configures `mod_auth_openidc`.
#
# @see https://github.com/zmartzone/mod_auth_openidc for additional documentation.
#
class apache::mod::auth_openidc (
) inherits ::apache::params {
-
- include ::apache
- include ::apache::mod::authz_user
+ include apache
+ include apache::mod::authz_user
apache::mod { 'auth_openidc': }
-
}
diff --git a/manifests/mod/authn_core.pp b/manifests/mod/authn_core.pp
index cde5b51d..f145982e 100644
--- a/manifests/mod/authn_core.pp
+++ b/manifests/mod/authn_core.pp
@@ -1,15 +1,15 @@
# @summary
# Installs `mod_authn_core`.
#
# @param apache_version
# The version of apache being run.
#
# @see https://httpd.apache.org/docs/current/mod/mod_authn_core.html for additional documentation.
#
-class apache::mod::authn_core(
- $apache_version = $::apache::apache_version
+class apache::mod::authn_core (
+ $apache_version = $apache::apache_version
) {
if versioncmp($apache_version, '2.4') >= 0 {
::apache::mod { 'authn_core': }
}
}
diff --git a/manifests/mod/authn_dbd.pp b/manifests/mod/authn_dbd.pp
index 912b2574..b5e8d2c9 100644
--- a/manifests/mod/authn_dbd.pp
+++ b/manifests/mod/authn_dbd.pp
@@ -1,59 +1,59 @@
# @summary
# Installs `mod_authn_dbd`.
#
# @param authn_dbd_params
# The params needed for the mod to function.
#
# @param authn_dbd_dbdriver
# Selects an apr_dbd driver by name.
#
# @param authn_dbd_query
#
# @param authn_dbd_min
# Set the minimum number of connections per process.
#
# @param authn_dbd_max
# Set the maximum number of connections per process.
#
# @param authn_dbd_keep
# Set the maximum number of connections per process to be sustained.
#
# @param authn_dbd_exptime
# Set the time to keep idle connections alive when the number of
# connections specified in DBDKeep has been exceeded.
#
# @param authn_dbd_alias
# Sets an alias for `AuthnProvider.
#
# @see https://httpd.apache.org/docs/current/mod/mod_authn_dbd.html for additional documentation.
#
class apache::mod::authn_dbd (
$authn_dbd_params,
$authn_dbd_dbdriver = 'mysql',
$authn_dbd_query = undef,
$authn_dbd_min = '4',
$authn_dbd_max = '20',
$authn_dbd_keep = '8',
$authn_dbd_exptime = '300',
$authn_dbd_alias = undef,
) inherits ::apache::params {
- include ::apache
- include ::apache::mod::dbd
+ include apache
+ include apache::mod::dbd
::apache::mod { 'authn_dbd': }
if $authn_dbd_alias {
- include ::apache::mod::authn_core
+ include apache::mod::authn_core
}
# Template uses
# - All variables beginning with authn_dbd
file { 'authn_dbd.conf':
ensure => file,
- path => "${::apache::mod_dir}/authn_dbd.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/authn_dbd.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/authn_dbd.conf.erb'),
- require => [ Exec["mkdir ${::apache::mod_dir}"], ],
- before => File[$::apache::mod_dir],
+ require => [Exec["mkdir ${apache::mod_dir}"],],
+ before => File[$apache::mod_dir],
notify => Class['Apache::Service'],
}
}
diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp
index 672373ff..3f194d73 100644
--- a/manifests/mod/authnz_ldap.pp
+++ b/manifests/mod/authnz_ldap.pp
@@ -1,34 +1,33 @@
# @summary
# Installs `mod_authnz_ldap`.
#
# @param verify_server_cert
# Whether to force te verification of a server cert or not.
#
# @param package_name
# The name of the ldap package.
#
# @see https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html for additional documentation.
# @note Unsupported platforms: RedHat: 6, 8; CentOS: 6, 8; OracleLinux: 6, 8; Ubuntu: all; Debian: all; SLES: all
class apache::mod::authnz_ldap (
Boolean $verify_server_cert = true,
$package_name = undef,
) {
-
- include ::apache
- include '::apache::mod::ldap'
+ include apache
+ include 'apache::mod::ldap'
::apache::mod { 'authnz_ldap':
package => $package_name,
}
# Template uses:
# - $verify_server_cert
file { 'authnz_ldap.conf':
ensure => file,
- path => "${::apache::mod_dir}/authnz_ldap.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/authnz_ldap.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/authnz_ldap.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/authnz_pam.pp b/manifests/mod/authnz_pam.pp
index a8fcf606..35ddb779 100644
--- a/manifests/mod/authnz_pam.pp
+++ b/manifests/mod/authnz_pam.pp
@@ -1,9 +1,9 @@
# @summary
# Installs `mod_authnz_pam`.
#
# @see https://www.adelton.com/apache/mod_authnz_pam for additional documentation.
#
class apache::mod::authnz_pam {
- include ::apache
+ include apache
::apache::mod { 'authnz_pam': }
}
diff --git a/manifests/mod/authz_default.pp b/manifests/mod/authz_default.pp
index 2f07a49f..540d086a 100644
--- a/manifests/mod/authz_default.pp
+++ b/manifests/mod/authz_default.pp
@@ -1,17 +1,17 @@
# @summary
# Installs and configures `mod_authz_default`.
#
# @param apache_version
# Version of Apache to install module on.
#
# @see https://httpd.apache.org/docs/current/mod/mod_authz_default.html for additional documentation.
#
-class apache::mod::authz_default(
- $apache_version = $::apache::apache_version
+class apache::mod::authz_default (
+ $apache_version = $apache::apache_version
) {
if versioncmp($apache_version, '2.4') >= 0 {
warning('apache::mod::authz_default has been removed in Apache 2.4')
} else {
::apache::mod { 'authz_default': }
}
}
diff --git a/manifests/mod/autoindex.pp b/manifests/mod/autoindex.pp
index c22d0a00..15e0e554 100644
--- a/manifests/mod/autoindex.pp
+++ b/manifests/mod/autoindex.pp
@@ -1,29 +1,29 @@
# @summary
# Installs `mod_autoindex`
#
# @see https://httpd.apache.org/docs/current/mod/mod_autoindex.html for additional documentation.
#
class apache::mod::autoindex {
- include ::apache
+ include apache
::apache::mod { 'autoindex': }
# Determine icon filename suffix for autoindex.conf.erb
case $::operatingsystem {
'Debian', 'Ubuntu': {
$icon_suffix = '-20x22'
}
default: {
$icon_suffix = ''
}
}
file { 'autoindex.conf':
ensure => file,
- path => "${::apache::mod_dir}/autoindex.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/autoindex.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/autoindex.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/cgi.pp b/manifests/mod/cgi.pp
index 7759176c..c11ea7fc 100644
--- a/manifests/mod/cgi.pp
+++ b/manifests/mod/cgi.pp
@@ -1,29 +1,28 @@
# @summary
# Installs `mod_cgi`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_cgi.html for additional documentation.
#
class apache::mod::cgi {
- include ::apache
+ include apache
case $::osfamily {
'FreeBSD': {}
default: {
if defined(Class['::apache::mod::itk']) {
Class['::apache::mod::itk'] -> Class['::apache::mod::cgi']
} elsif defined(Class['::apache::mod::peruser']) {
Class['::apache::mod::peruser'] -> Class['::apache::mod::cgi']
} else {
Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi']
}
}
}
if $::osfamily == 'Suse' {
::apache::mod { 'cgi':
lib_path => '/usr/lib64/apache2-prefork',
}
} else {
::apache::mod { 'cgi': }
}
-
}
diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp
index 0d8c27b0..e40af45b 100644
--- a/manifests/mod/cgid.pp
+++ b/manifests/mod/cgid.pp
@@ -1,47 +1,47 @@
# @summary
# Installs `mod_cgid`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_cgid.html
#
class apache::mod::cgid {
- include ::apache
+ include apache
case $::osfamily {
'FreeBSD': {}
default: {
if defined(Class['::apache::mod::event']) {
Class['::apache::mod::event'] -> Class['::apache::mod::cgid']
} else {
Class['::apache::mod::worker'] -> Class['::apache::mod::cgid']
}
}
}
# Debian specifies it's cgid sock path, but RedHat uses the default value
# with no config file
$cgisock_path = $::osfamily ? {
'debian' => "\${APACHE_RUN_DIR}/cgisock",
'freebsd' => 'cgisock',
default => undef,
}
if $::osfamily == 'Suse' {
::apache::mod { 'cgid':
lib_path => '/usr/lib64/apache2-worker',
}
} else {
::apache::mod { 'cgid': }
}
if $cgisock_path {
# Template uses $cgisock_path
file { 'cgid.conf':
ensure => file,
- path => "${::apache::mod_dir}/cgid.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/cgid.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/cgid.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
}
diff --git a/manifests/mod/cluster.pp b/manifests/mod/cluster.pp
index 093d3683..9b827f76 100644
--- a/manifests/mod/cluster.pp
+++ b/manifests/mod/cluster.pp
@@ -1,89 +1,87 @@
# @summary
# Installs `mod_cluster`.
#
# @param allowed_network
# Balanced members network.
#
# @param balancer_name
# Name of balancer.
#
# @param ip
# Specifies the IP address to listen to.
#
# @param version
# Specifies the mod_cluster version. Version 1.3.0 or greater is required for httpd 2.4.
#
# @param enable_mcpm_receive
# Whether MCPM should be enabled.
#
# @param port
# mod_cluster listen port.
#
# @param keep_alive_timeout
# Specifies how long Apache should wait for a request, in seconds.
#
# @param manager_allowed_network
# Whether to allow the network to access the mod_cluster_manager.
#
# @param max_keep_alive_requests
# Maximum number of requests kept alive.
#
# @param server_advertise
# Whether the server should advertise.
#
# @param advertise_frequency
# Sets the interval between advertise messages in seconds.
#
# @example
# class { '::apache::mod::cluster':
# ip => '172.17.0.1',
# allowed_network => '172.17.0.',
# balancer_name => 'mycluster',
# version => '1.3.1'
# }
#
# @note
# There is no official package available for mod_cluster, so you must make it available outside of the apache module.
# Binaries can be found [here](https://modcluster.io/).
#
# @see https://modcluster.io/ for additional documentation.
#
class apache::mod::cluster (
$allowed_network,
$balancer_name,
$ip,
$version,
$enable_mcpm_receive = true,
$port = '6666',
$keep_alive_timeout = 60,
$manager_allowed_network = '127.0.0.1',
$max_keep_alive_requests = 0,
$server_advertise = true,
$advertise_frequency = undef,
) {
-
- include ::apache
+ include apache
::apache::mod { 'proxy': }
::apache::mod { 'proxy_ajp': }
::apache::mod { 'manager': }
::apache::mod { 'proxy_cluster': }
::apache::mod { 'advertise': }
if (versioncmp($version, '1.3.0') >= 0 ) {
::apache::mod { 'cluster_slotmem': }
} else {
::apache::mod { 'slotmem': }
}
- file {'cluster.conf':
+ file { 'cluster.conf':
ensure => file,
- path => "${::apache::mod_dir}/cluster.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/cluster.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/cluster.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
-
}
diff --git a/manifests/mod/data.pp b/manifests/mod/data.pp
index b09e2245..43bc2d0c 100644
--- a/manifests/mod/data.pp
+++ b/manifests/mod/data.pp
@@ -1,18 +1,18 @@
# @summary
# Installs and configures `mod_data`.
#
# @param apache_version
# Version of Apache to install module on.
#
# @see https://httpd.apache.org/docs/current/mod/mod_data.html for additional documentation.
#
class apache::mod::data (
$apache_version = undef,
) {
- include ::apache
+ include apache
$_apache_version = pick($apache_version, $apache::apache_version)
if versioncmp($_apache_version, '2.3') < 0 {
fail('mod_data is only available in Apache 2.3 and later')
}
::apache::mod { 'data': }
}
diff --git a/manifests/mod/dav_fs.pp b/manifests/mod/dav_fs.pp
index 1a4fd839..20fd5c01 100644
--- a/manifests/mod/dav_fs.pp
+++ b/manifests/mod/dav_fs.pp
@@ -1,27 +1,27 @@
# @summary
# Installs `mod_dav_fs`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_dav_fs.html for additional documentation.
#
class apache::mod::dav_fs {
- include ::apache
+ include apache
$dav_lock = $::osfamily ? {
'debian' => "\${APACHE_LOCK_DIR}/DAVLock",
'freebsd' => '/usr/local/var/DavLock',
default => '/var/lib/dav/lockdb',
}
Class['::apache::mod::dav'] -> Class['::apache::mod::dav_fs']
::apache::mod { 'dav_fs': }
# Template uses: $dav_lock
file { 'dav_fs.conf':
ensure => file,
- path => "${::apache::mod_dir}/dav_fs.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/dav_fs.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/dav_fs.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp
index 8b5094a0..916e8306 100644
--- a/manifests/mod/dav_svn.pp
+++ b/manifests/mod/dav_svn.pp
@@ -1,36 +1,36 @@
# @summary
# Installs and configures `mod_dav_svn`.
#
# @param authz_svn_enabled
# Specifies whether to install Apache mod_authz_svn
#
# @see https://httpd.apache.org/docs/current/mod/mod_dav_svn.html for additional documentation.
#
class apache::mod::dav_svn (
$authz_svn_enabled = false,
) {
Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn']
- include ::apache
- include ::apache::mod::dav
- if($::operatingsystem == 'SLES' and $::operatingsystemmajrelease < '12'){
+ include apache
+ include apache::mod::dav
+ if($::operatingsystem == 'SLES' and versioncmp($::operatingsystemmajrelease, '12') < 0) {
package { 'subversion-server':
ensure => 'installed',
provider => 'zypper',
}
}
::apache::mod { 'dav_svn': }
if $::osfamily == 'Debian' and ! ($::operatingsystemmajrelease in ['6', '9', '16.04', '18.04']) {
$loadfile_name = undef
} else {
$loadfile_name = 'dav_svn_authz_svn.load'
}
if $authz_svn_enabled {
::apache::mod { 'authz_svn':
loadfile_name => $loadfile_name,
require => Apache::Mod['dav_svn'],
}
}
}
diff --git a/manifests/mod/deflate.pp b/manifests/mod/deflate.pp
index 28e36d49..777c2f88 100644
--- a/manifests/mod/deflate.pp
+++ b/manifests/mod/deflate.pp
@@ -1,38 +1,38 @@
# @summary
# Installs and configures `mod_deflate`.
#
# @param types
# An array of MIME types to be deflated. See https://www.iana.org/assignments/media-types/media-types.xhtml.
#
# @param notes
# A Hash where the key represents the type and the value represents the note name.
#
# @see https://httpd.apache.org/docs/current/mod/mod_deflate.html for additional documentation.
#
class apache::mod::deflate (
$types = [
'text/html text/plain text/xml',
'text/css',
'application/x-javascript application/javascript application/ecmascript',
'application/rss+xml',
'application/json',
],
$notes = {
'Input' => 'instream',
'Output' => 'outstream',
'Ratio' => 'ratio',
}
) {
- include ::apache
+ include apache
::apache::mod { 'deflate': }
file { 'deflate.conf':
ensure => file,
- path => "${::apache::mod_dir}/deflate.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/deflate.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/deflate.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/dev.pp b/manifests/mod/dev.pp
index 4b1afe8c..4039ff1f 100644
--- a/manifests/mod/dev.pp
+++ b/manifests/mod/dev.pp
@@ -1,11 +1,11 @@
# @summary
# Installs `mod_dev`.
#
# @note
# This module is deprecated. Please use `apache::dev`.
#
class apache::mod::dev {
# Development packages are not apache modules
warning('apache::mod::dev is deprecated; please use apache::dev')
- include ::apache::dev
+ include apache::dev
}
diff --git a/manifests/mod/dir.pp b/manifests/mod/dir.pp
index 51bdfd7d..86f97a07 100644
--- a/manifests/mod/dir.pp
+++ b/manifests/mod/dir.pp
@@ -1,35 +1,34 @@
# @summary
# Installs and configures `mod_dir`.
#
# @param types
# Specifies the text-based content types to compress.
#
# @param indexes
# Provides a string for the DirectoryIndex directive
#
# @todo
# This sets the global DirectoryIndex directive, so it may be necessary to consider being able to modify the apache::vhost to declare
# DirectoryIndex statements in a vhost configuration
#
# @see https://httpd.apache.org/docs/current/mod/mod_dir.html for additional documentation.
#
class apache::mod::dir (
$dir = 'public_html',
Array[String] $indexes = ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'],
) {
-
- include ::apache
+ include apache
::apache::mod { 'dir': }
# Template uses
# - $indexes
file { 'dir.conf':
ensure => file,
- path => "${::apache::mod_dir}/dir.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/dir.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/dir.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp
index ef9f6bd8..abd46ddd 100644
--- a/manifests/mod/disk_cache.pp
+++ b/manifests/mod/disk_cache.pp
@@ -1,62 +1,62 @@
# @summary
# Installs and configures `mod_disk_cache`.
#
# @param cache_root
# Defines the name of the directory on the disk to contain cache files.
# Default depends on the Apache version and operating system:
# - Debian: /var/cache/apache2/mod_cache_disk
# - FreeBSD: /var/cache/mod_cache_disk
# - Red Hat, Apache 2.4: /var/cache/httpd/proxy
# - Red Hat, Apache 2.2: /var/cache/mod_proxy
#
# @param cache_ignore_headers
# Specifies HTTP header(s) that should not be stored in the cache.
#
# @note
# Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed.
#
# @see https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html for additional documentation.
#
class apache::mod::disk_cache (
$cache_root = undef,
$cache_ignore_headers = undef,
) {
- include ::apache
+ include apache
if $cache_root {
$_cache_root = $cache_root
}
- elsif versioncmp($::apache::apache_version, '2.4') >= 0 {
+ elsif versioncmp($apache::apache_version, '2.4') >= 0 {
$_cache_root = $::osfamily ? {
'debian' => '/var/cache/apache2/mod_cache_disk',
'redhat' => '/var/cache/httpd/proxy',
'freebsd' => '/var/cache/mod_cache_disk',
}
}
else {
$_cache_root = $::osfamily ? {
'debian' => '/var/cache/apache2/mod_disk_cache',
'redhat' => '/var/cache/mod_proxy',
'freebsd' => '/var/cache/mod_disk_cache',
}
}
- if versioncmp($::apache::apache_version, '2.4') >= 0 {
+ if versioncmp($apache::apache_version, '2.4') >= 0 {
apache::mod { 'cache_disk': }
}
else {
apache::mod { 'disk_cache': }
}
Class['::apache::mod::cache'] -> Class['::apache::mod::disk_cache']
# Template uses $_cache_root
file { 'disk_cache.conf':
ensure => file,
- path => "${::apache::mod_dir}/disk_cache.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/disk_cache.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/disk_cache.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/dumpio.pp b/manifests/mod/dumpio.pp
index c8e53a89..df892a91 100644
--- a/manifests/mod/dumpio.pp
+++ b/manifests/mod/dumpio.pp
@@ -1,39 +1,38 @@
# @summary
# Installs and configures `mod_dumpio`.
#
# @param dump_io_input
# Dump all input data to the error log
#
# @param dump_io_output
# Dump all output data to the error log
#
# @example
# class{'apache':
# default_mods => false,
# log_level => 'dumpio:trace7',
# }
# class{'apache::mod::dumpio':
# dump_io_input => 'On',
# dump_io_output => 'Off',
# }
#
# @see https://httpd.apache.org/docs/current/mod/mod_dumpio.html for additional documentation.
#
-class apache::mod::dumpio(
+class apache::mod::dumpio (
Enum['Off', 'On', 'off', 'on'] $dump_io_input = 'Off',
Enum['Off', 'On', 'off', 'on'] $dump_io_output = 'Off',
) {
- include ::apache
+ include apache
::apache::mod { 'dumpio': }
- file{'dumpio.conf':
+ file { 'dumpio.conf':
ensure => file,
- path => "${::apache::mod_dir}/dumpio.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/dumpio.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/dumpio.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
-
}
diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp
index e7cae3da..402a8530 100644
--- a/manifests/mod/event.pp
+++ b/manifests/mod/event.pp
@@ -1,124 +1,124 @@
# @summary
# Installs and configures `mod_event`.
#
# @param startservers
# Sets the number of child server processes created at startup, via the module's `StartServers` directive. Setting this to `false`
# removes the parameter.
#
# @param maxclients
# Apache 2.3.12 or older alias for the `MaxRequestWorkers` directive.
#
# @param maxrequestworkers
# Sets the maximum number of connections Apache can simultaneously process, via the module's `MaxRequestWorkers` directive. Setting
# these to `false` removes the parameters.
#
# @param minsparethreads
# Sets the minimum number of idle threads, via the `MinSpareThreads` directive. Setting this to `false` removes the parameters.
#
# @param maxsparethreads
# Sets the maximum number of idle threads, via the `MaxSpareThreads` directive. Setting this to `false` removes the parameters.
#
# @param threadsperchild
# Number of threads created by each child process.
#
# @param maxrequestsperchild
# Apache 2.3.8 or older alias for the `MaxConnectionsPerChild` directive.
#
# @param maxconnectionsperchild
# Limit on the number of connections that an individual child server will handle during its life.
#
# @param serverlimit
# Limits the configurable number of processes via the `ServerLimit` directive. Setting this to `false` removes the parameter.
#
# @param apache_version
# Version of Apache to install module on.
#
# @param threadlimit
# Limits the number of event threads via the module's `ThreadLimit` directive. Setting this to `false` removes the parameter.
#
# @param listenbacklog
# Sets the maximum length of the pending connections queue via the module's `ListenBackLog` directive. Setting this to `false` removes
# the parameter.
#
# @note
# You cannot include apache::mod::event with apache::mod::itk, apache::mod::peruser, apache::mod::prefork, or
# apache::mod::worker on the same server.
#
# @see https://httpd.apache.org/docs/current/mod/event.html for additional documentation.
# @note Unsupported platforms: SLES: all
class apache::mod::event (
$startservers = '2',
$maxclients = '150',
$maxrequestworkers = undef,
$minsparethreads = '25',
$maxsparethreads = '75',
$threadsperchild = '25',
$maxrequestsperchild = '0',
$maxconnectionsperchild = undef,
$serverlimit = '25',
$apache_version = undef,
$threadlimit = '64',
$listenbacklog = '511',
) {
- include ::apache
+ include apache
$_apache_version = pick($apache_version, $apache::apache_version)
if defined(Class['apache::mod::itk']) {
fail('May not include both apache::mod::event and apache::mod::itk on the same node')
}
if defined(Class['apache::mod::peruser']) {
fail('May not include both apache::mod::event and apache::mod::peruser on the same node')
}
if defined(Class['apache::mod::prefork']) {
fail('May not include both apache::mod::event and apache::mod::prefork on the same node')
}
if defined(Class['apache::mod::worker']) {
fail('May not include both apache::mod::event and apache::mod::worker on the same node')
}
File {
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
}
# Template uses:
# - $startservers
# - $maxclients
# - $minsparethreads
# - $maxsparethreads
# - $threadsperchild
# - $maxrequestsperchild
# - $serverlimit
- file { "${::apache::mod_dir}/event.conf":
+ file { "${apache::mod_dir}/event.conf":
ensure => file,
- mode => $::apache::file_mode,
+ mode => $apache::file_mode,
content => template('apache/mod/event.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
case $::osfamily {
'redhat': {
if versioncmp($_apache_version, '2.4') >= 0 {
- apache::mpm{ 'event':
+ apache::mpm { 'event':
apache_version => $_apache_version,
}
}
}
'debian','freebsd' : {
- apache::mpm{ 'event':
+ apache::mpm { 'event':
apache_version => $_apache_version,
}
}
'gentoo': {
::portage::makeconf { 'apache2_mpms':
content => 'event',
}
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
}
diff --git a/manifests/mod/expires.pp b/manifests/mod/expires.pp
index d134994f..7a5bfdde 100644
--- a/manifests/mod/expires.pp
+++ b/manifests/mod/expires.pp
@@ -1,38 +1,38 @@
# @summary
# Installs and configures `mod_expires`.
#
# @param expires_active
# Enables generation of Expires headers.
#
# @param expires_default
# Specifies the default algorithm for calculating expiration time using ExpiresByType syntax or interval syntax.
#
# @param expires_by_type
# Describes a set of [MIME content-types](https://www.iana.org/assignments/media-types/media-types.xhtml) and their expiration
# times. This should be used as an array of Hashes, with each Hash's key a valid MIME content-type (i.e. 'text/json') and its
# value following valid interval syntax.
#
# @see https://httpd.apache.org/docs/current/mod/mod_expires.html for additional documentation.
#
class apache::mod::expires (
$expires_active = true,
$expires_default = undef,
$expires_by_type = undef,
) {
- include ::apache
+ include apache
::apache::mod { 'expires': }
# Template uses
# $expires_active
# $expires_default
# $expires_by_type
file { 'expires.conf':
ensure => file,
- path => "${::apache::mod_dir}/expires.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/expires.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/expires.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/ext_filter.pp b/manifests/mod/ext_filter.pp
index 59f90ae4..d2a3d635 100644
--- a/manifests/mod/ext_filter.pp
+++ b/manifests/mod/ext_filter.pp
@@ -1,38 +1,38 @@
# @summary
# Installs and configures `mod_ext_filter`.
#
# @param ext_filter_define
# Hash of filter names and their parameters.
#
# @example
# class { 'apache::mod::ext_filter':
# ext_filter_define => {
# 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength',
# 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"',
# },
# }
#
# @see https://httpd.apache.org/docs/current/mod/mod_ext_filter.html for additional documentation.
#
-class apache::mod::ext_filter(
+class apache::mod::ext_filter (
Optional[Hash] $ext_filter_define = undef
) {
- include ::apache
+ include apache
::apache::mod { 'ext_filter': }
# Template uses
# -$ext_filter_define
if $ext_filter_define {
file { 'ext_filter.conf':
ensure => file,
- path => "${::apache::mod_dir}/ext_filter.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/ext_filter.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/ext_filter.conf.erb'),
- require => [ Exec["mkdir ${::apache::mod_dir}"], ],
- before => File[$::apache::mod_dir],
+ require => [Exec["mkdir ${apache::mod_dir}"],],
+ before => File[$apache::mod_dir],
notify => Class['Apache::Service'],
}
}
}
diff --git a/manifests/mod/fastcgi.pp b/manifests/mod/fastcgi.pp
index abb529d8..d24dcbf0 100644
--- a/manifests/mod/fastcgi.pp
+++ b/manifests/mod/fastcgi.pp
@@ -1,36 +1,35 @@
# @summary
# Installs `mod_fastcgi`.
#
# @see https://github.com/FastCGI-Archives/mod_fastcgi for additional documentation.
#
class apache::mod::fastcgi {
- include ::apache
+ include apache
if ($::osfamily == 'Redhat' and versioncmp($::operatingsystemrelease, '7.0') >= 0) {
fail('mod_fastcgi is no longer supported on el7 and above.')
}
if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '18.04') >= 0) {
fail('mod_fastcgi is no longer supported on Ubuntu 18.04 and above. Please use mod_proxy_fcgi')
}
# Debian specifies it's fastcgi lib path, but RedHat uses the default value
# with no config file
- $fastcgi_lib_path = $::apache::params::fastcgi_lib_path
+ $fastcgi_lib_path = $apache::params::fastcgi_lib_path
::apache::mod { 'fastcgi': }
if $fastcgi_lib_path {
# Template uses:
# - $fastcgi_server
# - $fastcgi_socket
# - $fastcgi_dir
file { 'fastcgi.conf':
ensure => file,
- path => "${::apache::mod_dir}/fastcgi.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/fastcgi.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/fastcgi.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
-
}
diff --git a/manifests/mod/fcgid.pp b/manifests/mod/fcgid.pp
index 22f1d4d4..2209ccd3 100644
--- a/manifests/mod/fcgid.pp
+++ b/manifests/mod/fcgid.pp
@@ -1,65 +1,65 @@
# @summary
# Installs and configures `mod_fcgid`.
#
# @param expires_active
# Enables generation of Expires headers.
#
# @param expires_default
# Default algorithm for calculating expiration time.
#
# @param expires_by_type
# Value of the Expires header configured by MIME type.
#
# @example The class does not individually parameterize all available options. Instead, configure mod_fcgid using the options hash.
# class { 'apache::mod::fcgid':
# options => {
# 'FcgidIPCDir' => '/var/run/fcgidsock',
# 'SharememPath' => '/var/run/fcgid_shm',
# 'AddHandler' => 'fcgid-script .fcgi',
# },
# }
#
# @example If you include apache::mod::fcgid, you can set the [FcgidWrapper][] per directory, per virtual host. The module must be
# loaded first; Puppet will not automatically enable it if you set the fcgiwrapper parameter in apache::vhost.
# include apache::mod::fcgid
#
# apache::vhost { 'example.org':
# docroot => '/var/www/html',
# directories => {
# path => '/var/www/html',
# fcgiwrapper => {
# command => '/usr/local/bin/fcgiwrapper',
# }
# },
# }
#
# @see https://httpd.apache.org/docs/current/mod/mod_fcgid.html for additional documentation.
#
-class apache::mod::fcgid(
+class apache::mod::fcgid (
$options = {},
) {
- include ::apache
+ include apache
if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7') or $::osfamily == 'FreeBSD' {
$loadfile_name = 'unixd_fcgid.load'
$conf_name = 'unixd_fcgid.conf'
} else {
$loadfile_name = undef
$conf_name = 'fcgid.conf'
}
::apache::mod { 'fcgid':
loadfile_name => $loadfile_name,
}
# Template uses:
# - $options
file { $conf_name:
ensure => file,
- path => "${::apache::mod_dir}/${conf_name}",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/${conf_name}",
+ mode => $apache::file_mode,
content => template('apache/mod/fcgid.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/geoip.pp b/manifests/mod/geoip.pp
index 974dcb8d..b77ea05c 100644
--- a/manifests/mod/geoip.pp
+++ b/manifests/mod/geoip.pp
@@ -1,62 +1,61 @@
# @summary
# Installs and configures `mod_geoip`.
#
# @param enable
# Toggles whether to enable geoip.
#
# @param db_file
# Path to database for GeoIP to use.
#
# @param flag
# Caching directive to use. Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'.
#
# @param output
# Output variable locations. Values: 'All', 'Env', 'Request', 'Notes'.
#
# @param enable_utf8
# Changes the output from ISO88591 (Latin1) to UTF8.
#
# @param scan_proxy_headers
# Enables the GeoIPScanProxyHeaders option.
#
# @param scan_proxy_headers_field
# Specifies the header mod_geoip uses to determine the client's IP address.
#
# @param use_last_xforwarededfor_ip
# Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found.
#
# @see https://dev.maxmind.com/geoip/legacy/mod_geoip2 for additional documentation.
#
class apache::mod::geoip (
$enable = false,
$db_file = '/usr/share/GeoIP/GeoIP.dat',
$flag = 'Standard',
$output = 'All',
$enable_utf8 = undef,
$scan_proxy_headers = undef,
$scan_proxy_header_field = undef,
$use_last_xforwarededfor_ip = undef,
) {
- include ::apache
+ include apache
::apache::mod { 'geoip': }
# Template uses:
# - enable
# - db_file
# - flag
# - output
# - enable_utf8
# - scan_proxy_headers
# - scan_proxy_header_field
# - use_last_xforwarededfor_ip
file { 'geoip.conf':
ensure => file,
- path => "${::apache::mod_dir}/geoip.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/geoip.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/geoip.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
-
}
diff --git a/manifests/mod/http2.pp b/manifests/mod/http2.pp
index 95064fff..0637aee4 100644
--- a/manifests/mod/http2.pp
+++ b/manifests/mod/http2.pp
@@ -1,105 +1,105 @@
# @summary
# Installs and configures `mod_http2`.
#
# @param h2_copy_files
# Determine file handling in responses.
#
# @param h2_direct
# H2 Direct Protocol Switch.
#
# @param h2_early_hints
# Determine sending of 103 status codes.
#
# @param h2_max_session_streams
# Sets maximum number of active streams per HTTP/2 session.
#
# @param h2_max_worker_idle_seconds
# Sets maximum number of seconds h2 workers remain idle until shut down.
#
# @param h2_max_workers
# Sets maximum number of worker threads to use per child process.
#
# @param h2_min_workers
# Sets minimal number of worker threads to use per child process.
#
# @param h2_modern_tls_only
# Toggles the security checks on HTTP/2 connections in TLS mode
#
# @param h2_push
# Toggles the usage of the HTTP/2 server push protocol feature.
#
# @param h2_push_diary_size
# Sets maximum number of HTTP/2 server pushes that are remembered per HTTP/2 connection.
#
# @param h2_priority
# Require HTTP/2 connections to be "modern TLS" only
#
# @param h2_push_resource
# When added to a directory/location, HTTP/2 PUSHes will be attempted for all paths added
# via this directive
#
# @param h2_serialize_headers
# Toggles if HTTP/2 requests shall be serialized in HTTP/1.1 format for processing by httpd
# core or if received binary data shall be passed into the request_recs directly.
#
# @param h2_stream_max_mem_size
# Sets the maximum number of outgoing data bytes buffered in memory for an active streams.
#
# @param h2_tls_cool_down_secs
# Sets the number of seconds of idle time on a TLS connection before the TLS write size falls
# back to small (~1300 bytes) length.
#
# @param h2_tls_warm_up_size
# Sets the number of bytes to be sent in small TLS records (~1300 bytes) until doing maximum
# sized writes (16k) on https: HTTP/2 connections.
#
# @param h2_upgrade
# Toggles the usage of the HTTP/1.1 Upgrade method for switching to HTTP/2.
#
# @param h2_window_size
# Sets the size of the window that is used for flow control from client to server and limits
# the amount of data the server has to buffer.
#
# @param apache_version
# Version of Apache to install module on.
#
# @see https://httpd.apache.org/docs/current/mod/mod_http2.html for additional documentation.
#
class apache::mod::http2 (
Optional[Boolean] $h2_copy_files = undef,
Optional[Boolean] $h2_direct = undef,
Optional[Boolean] $h2_early_hints = undef,
Optional[Integer] $h2_max_session_streams = undef,
Optional[Integer] $h2_max_worker_idle_seconds = undef,
Optional[Integer] $h2_max_workers = undef,
Optional[Integer] $h2_min_workers = undef,
Optional[Boolean] $h2_modern_tls_only = undef,
Optional[Boolean] $h2_push = undef,
Optional[Integer] $h2_push_diary_size = undef,
Array[String] $h2_push_priority = [],
Array[String] $h2_push_resource = [],
Optional[Boolean] $h2_serialize_headers = undef,
Optional[Integer] $h2_stream_max_mem_size = undef,
Optional[Integer] $h2_tls_cool_down_secs = undef,
Optional[Integer] $h2_tls_warm_up_size = undef,
Optional[Boolean] $h2_upgrade = undef,
Optional[Integer] $h2_window_size = undef,
Optional[String] $apache_version = undef,
) {
- include ::apache
+ include apache
apache::mod { 'http2': }
$_apache_version = pick($apache_version, $apache::apache_version)
file { 'http2.conf':
ensure => file,
content => template('apache/mod/http2.conf.erb'),
- mode => $::apache::file_mode,
- path => "${::apache::mod_dir}/http2.conf",
- owner => $::apache::params::user,
- group => $::apache::params::group,
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ mode => $apache::file_mode,
+ path => "${apache::mod_dir}/http2.conf",
+ owner => $apache::params::user,
+ group => $apache::params::group,
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/info.pp b/manifests/mod/info.pp
index abcd93ee..baf20cb3 100644
--- a/manifests/mod/info.pp
+++ b/manifests/mod/info.pp
@@ -1,51 +1,51 @@
# @summary
# Installs and configures `mod_info`.
#
# @param allow_from
# Allowlist of IPv4 or IPv6 addresses or ranges that can access the info path.
#
# @param apache_version
# Version of Apache to install module on.
#
# @param restrict_access
# Toggles whether to restrict access to info path. If `false`, the `allow_from` allowlist is ignored and any IP address can
# access the info path.
#
# @param info_path
# Path on server to file containing server configuration information.
#
# @see https://httpd.apache.org/docs/current/mod/mod_info.html for additional documentation.
#
class apache::mod::info (
$allow_from = ['127.0.0.1','::1'],
$apache_version = undef,
$restrict_access = true,
$info_path = '/server-info',
-){
- include ::apache
+) {
+ include apache
$_apache_version = pick($apache_version, $apache::apache_version)
if $::osfamily == 'Suse' {
- if defined(Class['::apache::mod::worker']){
+ if defined(Class['::apache::mod::worker']) {
$suse_path = '/usr/lib64/apache2-worker'
} else {
$suse_path = '/usr/lib64/apache2-prefork'
}
::apache::mod { 'info':
lib_path => $suse_path,
}
} else {
::apache::mod { 'info': }
}
# Template uses $allow_from, $_apache_version
file { 'info.conf':
ensure => file,
- path => "${::apache::mod_dir}/info.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/info.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/info.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/intercept_form_submit.pp b/manifests/mod/intercept_form_submit.pp
index dba95ced..f6ccf653 100644
--- a/manifests/mod/intercept_form_submit.pp
+++ b/manifests/mod/intercept_form_submit.pp
@@ -1,9 +1,9 @@
# @summary
# Installs `mod_intercept_form_submit`.
#
# @see https://www.adelton.com/apache/mod_intercept_form_submit for additional documentation.
#
class apache::mod::intercept_form_submit {
- include ::apache
+ include apache
::apache::mod { 'intercept_form_submit': }
}
diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp
index e631dfde..2f44b01a 100644
--- a/manifests/mod/itk.pp
+++ b/manifests/mod/itk.pp
@@ -1,128 +1,128 @@
# @summary
# Installs MPM `mod_itk`.
#
# @param startservers
# Number of child server processes created on startup.
#
# @param minspareservers
# Minimum number of idle child server processes.
#
# @param maxspareservers
# Maximum number of idle child server processes.
#
# @param serverlimit
# Maximum configured value for `MaxRequestWorkers` for the lifetime of the Apache httpd process.
#
# @param maxclients
# Limit on the number of simultaneous requests that will be served.
#
# @param maxrequestsperchild
# Limit on the number of connections that an individual child server process will handle.
#
# @param enablecapabilities
# Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra
# capabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor
# capabilities, such as NFS.
#
# @param apache_version
# Used to verify that the Apache version you have requested is compatible with the module.
#
# @see http://mpm-itk.sesse.net for additional documentation.
# @note Unsupported platforms: CentOS: 8; RedHat: 8; SLES: all
class apache::mod::itk (
$startservers = '8',
$minspareservers = '5',
$maxspareservers = '20',
$serverlimit = '256',
$maxclients = '256',
$maxrequestsperchild = '4000',
$enablecapabilities = undef,
$apache_version = undef,
) {
- include ::apache
+ include apache
$_apache_version = pick($apache_version, $apache::apache_version)
if defined(Class['apache::mod::event']) {
fail('May not include both apache::mod::itk and apache::mod::event on the same node')
}
if defined(Class['apache::mod::peruser']) {
fail('May not include both apache::mod::itk and apache::mod::peruser on the same node')
}
if versioncmp($_apache_version, '2.4') < 0 {
if defined(Class['apache::mod::prefork']) {
fail('May not include both apache::mod::itk and apache::mod::prefork on the same node')
}
} else {
# prefork is a requirement for itk in 2.4; except on FreeBSD and Gentoo, which are special
if $::osfamily =~ /^(FreeBSD|Gentoo)/ {
if defined(Class['apache::mod::prefork']) {
fail('May not include both apache::mod::itk and apache::mod::prefork on the same node')
}
} else {
if ! defined(Class['apache::mod::prefork']) {
- include ::apache::mod::prefork
+ include apache::mod::prefork
}
}
}
if defined(Class['apache::mod::worker']) {
fail('May not include both apache::mod::itk and apache::mod::worker on the same node')
}
File {
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
}
# Template uses:
# - $startservers
# - $minspareservers
# - $maxspareservers
# - $serverlimit
# - $maxclients
# - $maxrequestsperchild
- file { "${::apache::mod_dir}/itk.conf":
+ file { "${apache::mod_dir}/itk.conf":
ensure => file,
- mode => $::apache::file_mode,
+ mode => $apache::file_mode,
content => template('apache/mod/itk.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
case $::osfamily {
'redhat': {
package { 'httpd-itk':
ensure => present,
}
if versioncmp($_apache_version, '2.4') >= 0 {
- ::apache::mpm{ 'itk':
+ ::apache::mpm { 'itk':
apache_version => $_apache_version,
}
}
else {
file_line { '/etc/sysconfig/httpd itk enable':
ensure => present,
path => '/etc/sysconfig/httpd',
line => 'HTTPD=/usr/sbin/httpd.itk',
match => '#?HTTPD=/usr/sbin/httpd.itk',
require => Package['httpd'],
notify => Class['apache::service'],
}
}
}
'debian', 'freebsd': {
- apache::mpm{ 'itk':
+ apache::mpm { 'itk':
apache_version => $_apache_version,
}
}
'gentoo': {
::portage::makeconf { 'apache2_mpms':
content => 'itk',
}
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
}
diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp
index bf068320..a2b929b0 100644
--- a/manifests/mod/jk.pp
+++ b/manifests/mod/jk.pp
@@ -1,381 +1,378 @@
# @summary
# Installs `mod_jk`.
#
# @param ip
# IP for binding to mod_jk. Useful when the binding address is not the primary network interface IP.
#
# @param port
# Port for binding to mod_jk. Useful when something else, like a reverse proxy or cache, is receiving requests at port 80, then
# needs to forward them to Apache at a different port.
#
# @param add_listen
# Defines if a Listen directive according to parameters ip and port (see below), so that Apache listens to the IP/port combination
# and redirect to mod_jk. Useful when another Listen directive, like Listen *: or Listen , can conflict with the one
# necessary for mod_jk binding.
#
# @param workers_file
# The name of a worker file for the Tomcat servlet containers.
#
# @param worker_property
# Enables setting worker properties inside Apache configuration file.
#
# @param logroot
# The base directory for shm_file and log_file is determined by the logroot parameter. If unspecified, defaults to
# apache::params::logroot. The default logroot is sane enough therefore it is not recommended to override it.
#
# @param shm_file
# Shared memory file name.
#
# @param shm_size
# Size of the shared memory file name.
#
# @param mount_file
# File containing multiple mappings from a context to a Tomcat worker.
#
# @param mount_file_reload
# This directive configures the reload check interval in seconds.
#
# @param mount
# A mount point from a context to a Tomcat worker.
#
# @param un_mount
# An exclusion mount point from a context to a Tomcat worker.
#
# @param auto_alias
# Automatically Alias webapp context directories into the Apache document space
#
# @param mount_copy
# If this directive is set to "On" in some virtual server, the mounts from the global server will be copied
# to this virtual server, more precisely all mounts defined by JkMount or JkUnMount.
#
# @param worker_indicator
# Name of the Apache environment variable that can be used to set worker names in combination with SetHandler
# jakarta-servlet.
#
# @param watchdog_interval
# This directive configures the watchdog thread interval in seconds.
#
# @param log_file
# Full or server relative path to the mod_jk log file.
#
# @param log_level
# The mod_jk log level, can be debug, info, warn error or trace.
#
# @param log_stamp_format
# The mod_jk date log format, using an extended strftime syntax.
#
# @param request_log_format
# Request log format string.
#
# @param extract_ssl
# Turns on SSL processing and information gathering by mod_jk.
#
# @param https_indicator
# Name of the Apache environment variable that contains SSL indication.
#
# @param sslprotocol_indicator
# Name of the Apache environment variable that contains the SSL protocol name.
#
# @param certs_indicator
# Name of the Apache environment variable that contains SSL client certificates.
#
# @param cipher_indicator
# Name of the Apache environment variable that contains SSL client cipher.
#
# @param certchain_prefix
# Name of the Apache environment (prefix) that contains SSL client chain certificates.
#
# @param session_indicator
# Name of the Apache environment variable that contains SSL session.
#
# @param keysize_indicator
# Name of the Apache environment variable that contains SSL key size in use.
#
# @param local_name_indicator
# Name of the Apache environment variable which can be used to overwrite the forwarded local name.
#
# @param ignore_cl_indicator
# Name of the Apache environment variable which forces to ignore an existing Content-Length request header.
#
# @param local_addr_indicator
# Name of the Apache environment variable which can be used to overwrite the forwarded local IP address.
#
# @param local_port_indicator
# Name of the Apache environment variable which can be used to overwrite the forwarded local port.
#
# @param remote_host_indicator
# Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) host name.
#
# @param remote_addr_indicator
# Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) IP address.
#
# @param remote_port_indicator
# Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) IP address.
#
# @param remote_user_indicator
# Name of the Apache environment variable which can be used to overwrite the forwarded user name.
#
# @param auth_type_indicator
# Name of the Apache environment variable which can be used to overwrite the forwarded authentication type.
#
# @param options
# Set one of more options to configure the mod_jk module.
#
# @param env_var
# Adds a name and an optional default value of environment variable that should be sent to servlet-engine as a request attribute.
#
# @param strip_session
# If this directive is set to On in some virtual server, the session IDs ;jsessionid=... will be removed for URLs which are not
# forwarded but instead are handled by the local server.
#
# @param workers_file_content
# Each directive has the format worker..=. This maps as a hash of hashes, where the outer hash specifies
# workers, and each inner hash specifies each worker properties and values. Plus, there are two global directives, 'worker.list' and
# 'worker.maintain' For example, the workers file below should be parameterized as follows:
#
# Worker file:
# ```
# worker.list = status
# worker.list = some_name,other_name
#
# worker.maintain = 60
#
# # Optional comment
# worker.some_name.type=ajp13
# worker.some_name.socket_keepalive=true
#
# # I just like comments
# worker.other_name.type=ajp12 (why would you?)
# worker.other_name.socket_keepalive=false
# ```
#
# Puppet file:
# ```
# $workers_file_content = {
# worker_lists => ['status', 'some_name,other_name'],
# worker_maintain => '60',
# some_name => {
# comment => 'Optional comment',
# type => 'ajp13',
# socket_keepalive => 'true',
# },
# other_name => {
# comment => 'I just like comments',
# type => 'ajp12',
# socket_keepalive => 'false',
# },
# }
# ```
#
# @param mount_file_content
# Each directive has the format = . This maps as a hash of hashes, where the outer hash specifies workers, and
# each inner hash contains two items:
# - uri_list—an array with URIs to be mapped to the worker
# - comment—an optional string with a comment for the worker. For example, the mount file below should be parameterized as Figure 2:
#
# Worker file:
# ```
# # Worker 1
# /context_1/ = worker_1
# /context_1/* = worker_1
#
# # Worker 2
# / = worker_2
# /context_2/ = worker_2
# /context_2/* = worker_2
# ```
#
# Puppet file:
# ```
# $mount_file_content = {
# worker_1 => {
# uri_list => ['/context_1/', '/context_1/*'],
# comment => 'Worker 1',
# },
# worker_2 => {
# uri_list => ['/context_2/', '/context_2/*'],
# comment => 'Worker 2',
# },
# },
# ```
#
# @example
# class { '::apache::mod::jk':
# ip => '192.168.2.15',
# workers_file => 'conf/workers.properties',
# mount_file => 'conf/uriworkermap.properties',
# shm_file => 'run/jk.shm',
# shm_size => '50M',
# workers_file_content => {
#
# },
# }
#
# @note
# shm_file and log_file
# Depending on how these files are specified, the class creates their final path differently:
#
# Relative path: prepends supplied path with logroot (see below)
# Absolute path or pipe: uses supplied path as-is
#
# ```
# shm_file => 'shm_file'
# # Ends up in
# $shm_path = '/var/log/httpd/shm_file'
#
# shm_file => '/run/shm_file'
# # Ends up in
# $shm_path = '/run/shm_file'
#
# shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'
# # Ends up in
# $shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'
# ```
#
# @note
# All parameters are optional. When undefined, some receive default values, while others cause an optional
# directive to be absent
#
# Additionally, There is no official package available for mod_jk and thus it must be made available by means outside of the control of the
# apache module. Binaries can be found at Apache Tomcat Connectors download page
#
# @see https://tomcat.apache.org/connectors-doc/reference/apache.html for additional documentation.
#
class apache::mod::jk (
# Binding to mod_jk
Optional[String] $ip = undef,
Integer $port = 80,
Boolean $add_listen = true,
# Conf file content
$workers_file = undef,
$worker_property = {},
$logroot = undef,
$shm_file = 'jk-runtime-status',
$shm_size = undef,
$mount_file = undef,
$mount_file_reload = undef,
$mount = {},
$un_mount = {},
$auto_alias = undef,
$mount_copy = undef,
$worker_indicator = undef,
$watchdog_interval = undef,
$log_file = 'mod_jk.log',
$log_level = undef,
$log_stamp_format = undef,
$request_log_format = undef,
$extract_ssl = undef,
$https_indicator = undef,
$sslprotocol_indicator = undef,
$certs_indicator = undef,
$cipher_indicator = undef,
$certchain_prefix = undef,
$session_indicator = undef,
$keysize_indicator = undef,
$local_name_indicator = undef,
$ignore_cl_indicator = undef,
$local_addr_indicator = undef,
$local_port_indicator = undef,
$remote_host_indicator = undef,
$remote_addr_indicator = undef,
$remote_port_indicator = undef,
$remote_user_indicator = undef,
$auth_type_indicator = undef,
$options = [],
$env_var = {},
$strip_session = undef,
# Location list
# See comments in template mod/jk.conf.erb
$location_list = [],
# Workers file content
# See comments in template mod/jk/workers.properties.erb
$workers_file_content = {},
# Mount file content
# See comments in template mod/jk/uriworkermap.properties.erb
$mount_file_content = {},
-){
-
+) {
# Provides important variables
- include ::apache
+ include apache
# Manages basic module config
::apache::mod { 'jk': }
# Ensure that we are not using variables with the typo fixed by MODULES-6225
# anymore:
if !empty($workers_file_content) and has_key($workers_file_content, 'worker_mantain') {
fail('Please replace $workers_file_content[\'worker_mantain\'] by $workers_file_content[\'worker_maintain\']. See MODULES-6225 for details.')
}
-
# Binding to mod_jk
if $add_listen {
$_ip = $ip ? {
undef => $facts['ipaddress'],
default => $ip,
}
ensure_resource('apache::listen', "${_ip}:${port}", {})
}
# File resource common parameters
File {
ensure => file,
- mode => $::apache::file_mode,
+ mode => $apache::file_mode,
notify => Class['apache::service'],
}
# Shared memory and log paths
# If logroot unspecified, use default
$log_dir = $logroot ? {
- undef => $::apache::logroot,
+ undef => $apache::logroot,
default => $logroot,
}
# If absolute path or pipe, use as-is
# If relative path, prepend with log directory
# If unspecified, use default
$shm_path = $shm_file ? {
undef => "${log_dir}/jk-runtime-status",
/^\"?[|\/]/ => $shm_file,
default => "${log_dir}/${shm_file}",
}
$log_path = $log_file ? {
undef => "${log_dir}/mod_jk.log",
/^\"?[|\/]/ => $log_file,
default => "${log_dir}/${log_file}",
}
# Main config file
- $mod_dir = $::apache::mod_dir
- file {'jk.conf':
+ $mod_dir = $apache::mod_dir
+ file { 'jk.conf':
path => "${mod_dir}/jk.conf",
content => template('apache/mod/jk.conf.erb'),
require => [
Exec["mkdir ${mod_dir}"],
File[$mod_dir],
],
}
# Workers file
if $workers_file != undef {
$workers_path = $workers_file ? {
/^\// => $workers_file,
default => "${apache::httpd_dir}/${workers_file}",
}
file { $workers_path:
content => template('apache/mod/jk/workers.properties.erb'),
require => Package['httpd'],
}
}
# Mount file
if $mount_file != undef {
$mount_path = $mount_file ? {
/^\// => $mount_file,
default => "${apache::httpd_dir}/${mount_file}",
}
file { $mount_path:
content => template('apache/mod/jk/uriworkermap.properties.erb'),
require => Package['httpd'],
}
}
-
}
diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp
index 4994aafc..7a0fff6f 100644
--- a/manifests/mod/ldap.pp
+++ b/manifests/mod/ldap.pp
@@ -1,80 +1,79 @@
# @summary
# Installs and configures `mod_ldap`.
#
# @param apache_version
# Used to verify that the Apache version you have requested is compatible with the module.
#
# @param package_name
# Specifies the custom package name.
#
# @param ldap_trusted_global_cert_file
# Sets the file or database containing global trusted Certificate Authority or global client certificates.
#
# @param ldap_trusted_global_cert_type
# Sets the the certificate parameter of the global trusted Certificate Authority or global client certificates.
#
# @param ldap_shared_cache_size
# Size in bytes of the shared-memory cache
#
# @param ldap_cache_entries
# Maximum number of entries in the primary LDAP cache
#
# @param ldap_cache_ttl
# Time that cached items remain valid (in seconds).
#
# @param ldap_opcache_entries
# Number of entries used to cache LDAP compare operations
#
# @param ldap_opcache_ttl
# Time that entries in the operation cache remain valid (in seconds).
#
# @param ldap_trusted_mode
# Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
#
# @param ldap_path
# The server location of the ldap status page.
#
# @example
# class { 'apache::mod::ldap':
# ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt',
# ldap_trusted_global_cert_type => 'CA_DER',
# ldap_trusted_mode => 'TLS',
# ldap_shared_cache_size => '500000',
# ldap_cache_entries => '1024',
# ldap_cache_ttl => '600',
# ldap_opcache_entries => '1024',
# ldap_opcache_ttl => '600',
# }
#
# @see https://httpd.apache.org/docs/current/mod/mod_ldap.html for additional documentation.
# @note Unsupported platforms: CentOS: 8; RedHat: 8
class apache::mod::ldap (
$apache_version = undef,
$package_name = undef,
$ldap_trusted_global_cert_file = undef,
Optional[String] $ldap_trusted_global_cert_type = 'CA_BASE64',
$ldap_shared_cache_size = undef,
$ldap_cache_entries = undef,
$ldap_cache_ttl = undef,
$ldap_opcache_entries = undef,
$ldap_opcache_ttl = undef,
$ldap_trusted_mode = undef,
String $ldap_path = '/ldap-status',
-){
-
- include ::apache
+) {
+ include apache
$_apache_version = pick($apache_version, $apache::apache_version)
::apache::mod { 'ldap':
package => $package_name,
}
# Template uses $_apache_version
file { 'ldap.conf':
ensure => file,
- path => "${::apache::mod_dir}/ldap.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/ldap.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/ldap.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/lookup_identity.pp b/manifests/mod/lookup_identity.pp
index 1e25f5ed..3161ec32 100644
--- a/manifests/mod/lookup_identity.pp
+++ b/manifests/mod/lookup_identity.pp
@@ -1,9 +1,9 @@
# @summary
# Installs `mod_lookup_identity`
#
# @see https://www.adelton.com/apache/mod_lookup_identity for additional documentation.
#
class apache::mod::lookup_identity {
- include ::apache
+ include apache
::apache::mod { 'lookup_identity': }
}
diff --git a/manifests/mod/macro.pp b/manifests/mod/macro.pp
index 8766201a..c4d2af00 100644
--- a/manifests/mod/macro.pp
+++ b/manifests/mod/macro.pp
@@ -1,9 +1,9 @@
# @summary
# Installs `mod_macro`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_macro.html for additional documentation.
#
class apache::mod::macro {
- include ::apache
+ include apache
::apache::mod { 'macro': }
}
diff --git a/manifests/mod/mime.pp b/manifests/mod/mime.pp
index e4cdd35d..9243ae1e 100644
--- a/manifests/mod/mime.pp
+++ b/manifests/mod/mime.pp
@@ -1,39 +1,39 @@
# @summary
# Installs and configures `mod_mime`.
#
# @param mime_support_package
# Name of the MIME package to be installed.
#
# @param mime_types_config
# The location of the mime.types file.
#
# @param mime_types_additional
# List of additional MIME types to include.
#
# @see https://httpd.apache.org/docs/current/mod/mod_mime.html for additional documentation.
#
class apache::mod::mime (
- $mime_support_package = $::apache::params::mime_support_package,
- $mime_types_config = $::apache::params::mime_types_config,
+ $mime_support_package = $apache::params::mime_support_package,
+ $mime_types_config = $apache::params::mime_types_config,
$mime_types_additional = undef,
) inherits ::apache::params {
- include ::apache
+ include apache
$_mime_types_additional = pick($mime_types_additional, $apache::mime_types_additional)
apache::mod { 'mime': }
# Template uses $_mime_types_config
file { 'mime.conf':
ensure => file,
- path => "${::apache::mod_dir}/mime.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/mime.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/mime.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
if $mime_support_package {
package { $mime_support_package:
ensure => 'installed',
before => File['mime.conf'],
}
}
}
diff --git a/manifests/mod/mime_magic.pp b/manifests/mod/mime_magic.pp
index 582156ba..99a1ec4b 100644
--- a/manifests/mod/mime_magic.pp
+++ b/manifests/mod/mime_magic.pp
@@ -1,25 +1,25 @@
# @summary
# Installs and configures `mod_mime_magic`.
#
# @param magic_file
# Enable MIME-type determination based on file contents using the specified magic file.
#
# @see https://httpd.apache.org/docs/current/mod/mod_mime_magic.html for additional documentation.
#
class apache::mod::mime_magic (
$magic_file = undef,
) {
- include ::apache
- $_magic_file = pick($magic_file, "${::apache::conf_dir}/magic")
+ include apache
+ $_magic_file = pick($magic_file, "${apache::conf_dir}/magic")
apache::mod { 'mime_magic': }
# Template uses $magic_file
file { 'mime_magic.conf':
ensure => file,
- path => "${::apache::mod_dir}/mime_magic.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/mime_magic.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/mime_magic.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/negotiation.pp b/manifests/mod/negotiation.pp
index c24cdfac..bc018001 100644
--- a/manifests/mod/negotiation.pp
+++ b/manifests/mod/negotiation.pp
@@ -1,32 +1,32 @@
# @summary
# Installs and configures `mod_negotiation`.
#
# @param force_language_priority
# Action to take if a single acceptable document is not found.
#
# @param language_priority
# The precedence of language variants for cases where the client does not express a preference.
#
# @see [https://httpd.apache.org/docs/current/mod/mod_negotiation.html for additional documentation.
#
class apache::mod::negotiation (
Variant[Array[String], String] $force_language_priority = 'Prefer Fallback',
- Variant[Array[String], String] $language_priority = [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et',
- 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn',
- 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN',
- 'zh-TW' ],
+ Variant[Array[String], String] $language_priority = ['en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et',
+ 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn',
+ 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN',
+ 'zh-TW'],
) {
- include ::apache
+ include apache
::apache::mod { 'negotiation': }
# Template uses no variables
file { 'negotiation.conf':
ensure => file,
- mode => $::apache::file_mode,
- path => "${::apache::mod_dir}/negotiation.conf",
+ mode => $apache::file_mode,
+ path => "${apache::mod_dir}/negotiation.conf",
content => template('apache/mod/negotiation.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/nss.pp b/manifests/mod/nss.pp
index 8df2aea3..4c986ff8 100644
--- a/manifests/mod/nss.pp
+++ b/manifests/mod/nss.pp
@@ -1,45 +1,45 @@
# @summary
# Installs and configures `mod_nss`.
#
# @param transfer_log
# Path to `access.log`.
#
# @param error_Log
# Path to `error.log`
#
# @param passwd_file
# Path to file containing token passwords used for NSSPassPhraseDialog.
#
# @param port
# Sets the SSL port that should be used by mod_nss.
#
# @see https://pagure.io/mod_nss for additional documentation.
#
class apache::mod::nss (
- $transfer_log = "${::apache::params::logroot}/access.log",
- $error_log = "${::apache::params::logroot}/error.log",
+ $transfer_log = "${apache::params::logroot}/access.log",
+ $error_log = "${apache::params::logroot}/error.log",
$passwd_file = undef,
$port = 8443,
) {
- include ::apache
- include ::apache::mod::mime
+ include apache
+ include apache::mod::mime
apache::mod { 'nss': }
- $httpd_dir = $::apache::httpd_dir
+ $httpd_dir = $apache::httpd_dir
# Template uses:
# $transfer_log
# $error_log
# $http_dir
# passwd_file
file { 'nss.conf':
ensure => file,
- path => "${::apache::mod_dir}/nss.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/nss.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/nss.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/pagespeed.pp b/manifests/mod/pagespeed.pp
index 84f78dd7..54181545 100644
--- a/manifests/mod/pagespeed.pp
+++ b/manifests/mod/pagespeed.pp
@@ -1,75 +1,75 @@
# @summary
# Installs and configures `mod_pagespeed`.
#
# @todo
# Add docs
#
# @note
# Verify that your system is compatible with the latest Google Pagespeed requirements.
#
# Although this apache module requires the mod-pagespeed-stable package, Puppet does not manage the software repositories required to
# automatically install the package. If you declare this class when the package is either not installed or not available to your
# package manager, your Puppet run will fail.
#
# @see https://developers.google.com/speed/pagespeed/module/ for additional documentation.
#
class apache::mod::pagespeed (
$inherit_vhost_config = 'on',
$filter_xhtml = false,
$cache_path = '/var/cache/mod_pagespeed/',
$log_dir = '/var/log/pagespeed',
$memcache_servers = [],
$rewrite_level = 'CoreFilters',
$disable_filters = [],
$enable_filters = [],
$forbid_filters = [],
$rewrite_deadline_per_flush_ms = 10,
$additional_domains = undef,
$file_cache_size_kb = 102400,
$file_cache_clean_interval_ms = 3600000,
$lru_cache_per_process = 1024,
$lru_cache_byte_limit = 16384,
$css_flatten_max_bytes = 2048,
$css_inline_max_bytes = 2048,
$css_image_inline_max_bytes = 2048,
$image_inline_max_bytes = 2048,
$js_inline_max_bytes = 2048,
$css_outline_min_bytes = 3000,
$js_outline_min_bytes = 3000,
$inode_limit = 500000,
$image_max_rewrites_at_once = 8,
$num_rewrite_threads = 4,
$num_expensive_rewrite_threads = 4,
$collect_statistics = 'on',
$statistics_logging = 'on',
$allow_view_stats = [],
$allow_pagespeed_console = [],
$allow_pagespeed_message = [],
$message_buffer_size = 100000,
$additional_configuration = {},
$apache_version = undef,
$package_ensure = undef,
-){
- include ::apache
+) {
+ include apache
$_apache_version = pick($apache_version, $apache::apache_version)
$_lib = $_apache_version ? {
'2.4' => 'mod_pagespeed_ap24.so',
default => undef
}
apache::mod { 'pagespeed':
lib => $_lib,
package_ensure => $package_ensure,
}
# Template uses $_apache_version
file { 'pagespeed.conf':
ensure => file,
- path => "${::apache::mod_dir}/pagespeed.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/pagespeed.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/pagespeed.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp
index cbc83269..8cd9e8b3 100644
--- a/manifests/mod/passenger.pp
+++ b/manifests/mod/passenger.pp
@@ -1,961 +1,961 @@
# @summary
# Installs `mod_pasenger`.
#
# @param manage_repo
# Toggle whether to manage yum repo if on a RedHat node.
#
# @param mod_id
# Specifies the package id.
#
# @param mod_lib
# Defines the module's shared object name. Do not configure manually without special reason.
#
# @param mod_lib_path
# Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter overrides
# this value.
#
# @param mod_package
# Name of the module package to install.
#
# @param mod_package_ensure
# Determines whether Puppet ensures the module should be installed.
#
# @param mod_path
# Specifies a path to the module. Do not manually set this parameter without a special reason.
#
# @param passenger_allow_encoded_slashes
# Toggle whether URLs with encoded slashes (%2f) can be used (by default Apache does not support this).
#
# @param passenger_app_env
# This option sets, for the current application, the value of the following environment variables:
# - RAILS_ENV
# - RACK_ENV
# - WSGI_ENV
# - NODE_ENV
# - PASSENGER_APP_ENV
#
# @param passenger_app_group_name
# Sets the name of the application group that the current application should belong to.
#
# @param passenger_app_root
# Path to the application root which allows access independent from the DocumentRoot.
#
# @param passenger_app_type
# Specifies the type of the application. If you set this option, then you must also set PassengerAppRoot, otherwise Passenger will
# not properly recognize your application.
#
# @param passenger_base_uri
# Used to specify that the given URI is an distinct application that should be served by Passenger.
#
# @param passenger_buffer_response
# Toggle whether application-generated responses are buffered by Apache. Buffering will happen in memory.
#
# @param passenger_buffer_upload
# Toggle whether HTTP client request bodies are buffered before they are sent to the application.
#
# @param passenger_concurrency_model
# Specifies the I/O concurrency model that should be used for Ruby application processes.
#
# @param passenger_conf_file
#
#
# @param passenger_conf_package_file
#
#
# @param passenger_data_buffer_dir
# Specifies the directory in which to store data buffers.
#
# @param passenger_debug_log_file
#
#
# @param passenger_debugger
# Turns support for Ruby application debugging on or off.
#
# @param passenger_default_group
# Allows you to specify the group that applications must run as, if user switching fails or is disabled.
#
# @param passenger_default_ruby
# File path to desired ruby interpreter to use by default.
#
# @param passenger_default_user
# Allows you to specify the user that applications must run as, if user switching fails or is disabled.
#
# @param passenger_disable_security_update_check
# Allows disabling the Passenger security update check, a daily check with https://securitycheck.phusionpassenger.com for important
# security updates that might be available.
#
# @param passenger_enabled
# Toggles whether Passenger should be enabled for that particular context.
#
# @param passenger_error_override
# Toggles whether Apache will intercept and handle responses with HTTP status codes of 400 and higher.
#
# @param passenger_file_descriptor_log_file
# Log file descriptor debug tracing messages to the given file.
#
# @param passenger_fly_with
# Enables the Flying Passenger mode, and configures Apache to connect to the Flying Passenger daemon that's listening on the
# given socket filename.
#
# @param passenger_force_max_concurrent_requests_per_process
# Use this option to tell Passenger how many concurrent requests the application can handle per process.
#
# @param passenger_friendly_error_pages
# Toggles whether Passenger should display friendly error pages whenever an application fails to start.
#
# @param passenger_group
# Allows you to override that behavior and explicitly set a group to run the web application as, regardless of the ownership of the
# startup file.
#
# @param passenger_high_performance
# Toggles whether to enable PassengerHighPerformance which will make Passenger will be a little faster, in return for reduced
# compatibility with other Apache modules.
#
# @param passenger_installed_version
#
#
# @param passenger_instance_registry_dir
# Specifies the directory that Passenger should use for registering its current instance.
#
# @param passenger_load_shell_envvars
# Enables or disables the loading of shell environment variables before spawning the application.
#
# @param passenger_log_file
# File path to log file. By default Passenger log messages are written to the Apache global error log.
#
# @param passenger_log_level
# Specifies how much information Passenger should log to its log file. A higher log level value means that more
# information will be logged.
#
# @param passenger_lve_min_uid
# When using Passenger on a LVE-enabled kernel, a security check (enter) is run for spawning application processes. This options
# tells the check to only allow processes with UIDs equal to, or higher than, the specified value.
#
# @param passenger_max_instances
# The maximum number of application processes that may simultaneously exist for an application.
#
# @param passenger_max_instances_per_app
# The maximum number of application processes that may simultaneously exist for a single application.
#
# @param passenger_max_pool_size
# The maximum number of application processes that may simultaneously exist.
#
# @param passenger_max_preloader_idle_time
# Set the preloader's idle timeout, in seconds. A value of 0 means that it should never idle timeout.
#
# @param passenger_max_request_queue_size
# Specifies the maximum size for the queue of all incoming requests.
#
# @param passenger_max_request_time
# The maximum amount of time, in seconds, that an application process may take to process a request.
#
# @param passenger_max_requests
# The maximum number of requests an application process will process.
#
# @param passenger_memory_limit
# The maximum amount of memory that an application process may use, in megabytes.
#
# @param passenger_meteor_app_settings
# When using a Meteor application in non-bundled mode, use this option to specify a JSON file with settings for the application.
#
# @param passenger_min_instances
# Specifies the minimum number of application processes that should exist for a given application.
#
# @param passenger_nodejs
# Specifies the Node.js command to use for serving Node.js web applications.
#
# @param passenger_pool_idle_time
# The maximum number of seconds that an application process may be idle.
#
# @param passenger_pre_start
# URL of the web application you want to pre-start.
#
# @param passenger_python
# Specifies the Python interpreter to use for serving Python web applications.
#
# @param passenger_resist_deployment_errors
# Enables or disables resistance against deployment errors.
#
# @param passenger_resolve_symlinks_in_document_root
# This option is no longer available in version 5.2.0. Switch to PassengerAppRoot if you are setting the application root via a
# document root containing symlinks.
#
# @param passenger_response_buffer_high_watermark
# Configures the maximum size of the real-time disk-backed response buffering system.
#
# @param passenger_restart_dir
# Path to directory containing restart.txt file. Can be either absolute or relative.
#
# @param passenger_rolling_restarts
# Enables or disables support for zero-downtime application restarts through restart.txt.
#
# @param passenger_root
# Refers to the location to the Passenger root directory, or to a location configuration file.
#
# @param passenger_ruby
# Specifies the Ruby interpreter to use for serving Ruby web applications.
#
# @param passenger_security_update_check_proxy
# Allows use of an intermediate proxy for the Passenger security update check.
#
# @param passenger_show_version_in_header
# Toggle whether Passenger will output its version number in the X-Powered-By header in all Passenger-served requests:
#
# @param passenger_socket_backlog
# This option can be raised if Apache manages to overflow the backlog queue.
#
# @param passenger_spawn_method
# Controls whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.
#
# @param passenger_start_timeout
# Specifies a timeout for the startup of application processes.
#
# @param passenger_startup_file
# Specifies the startup file that Passenger should use when loading the application.
#
# @param passenger_stat_throttle_rate
# Setting this option to a value of x means that certain filesystem checks will be performed at most once every x seconds.
#
# @param passenger_sticky_sessions
# Toggles whether all requests that a client sends will be routed to the same originating application process, whenever possible.
#
# @param passenger_sticky_sessions_cookie_name
# Sets the name of the sticky sessions cookie.
#
# @param passenger_thread_count
# Specifies the number of threads that Passenger should spawn per Ruby application process.
#
# @param passenger_use_global_queue
# N/A.
#
# @param passenger_user
# Allows you to override that behavior and explicitly set a user to run the web application as, regardless of the ownership of the
# startup file.
#
# @param passenger_user_switching
# Toggles whether to attempt to enable user account sandboxing, also known as user switching.
#
# @param rack_auto_detect
# This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
#
# @param rack_autodetect
# This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
#
# @param rack_base_uri
# Deprecated in 3.0.0 in favor of PassengerBaseURI.
#
# @param rack_env
# Alias for PassengerAppEnv.
#
# @param rails_allow_mod_rewrite
# This option doesn't do anything anymore since version 4.0.0.
#
# @param rails_app_spawner_idle_time
# This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.
#
# @param rails_auto_detect
# This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
#
# @param rails_autodetect
# This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
#
# @param rails_base_uri
# Deprecated in 3.0.0 in favor of PassengerBaseURI.
#
# @param rails_default_user
# Deprecated in 3.0.0 in favor of PassengerDefaultUser
#
# @param rails_env
# Alias for PassengerAppEnv.
#
# @param rails_framework_spawner_idle_time
# This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed
# altogether. You should use smart spawning instead.
#
# @param rails_ruby
# Deprecated in 3.0.0 in favor of PassengerRuby.
#
# @param rails_spawn_method
# Deprecated in 3.0.0 in favor of PassengerSpawnMethod.
#
# @param rails_user_switching
# Deprecated in 3.0.0 in favor of PassengerUserSwitching.
#
# @param wsgi_auto_detect
# This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
#
# @note
# In Passenger source code you can strip out what are all the available options by looking in
# - src/apache2_module/Configuration.cpp
# - src/apache2_module/ConfigurationCommands.cpp
# There are also several undocumented settings.
#
# @note
# For Red Hat based systems, ensure that you meet the minimum requirements described in the passenger docs.
#
# The current set of server configurations settings were taken directly from the Passenger Reference. To enable deprecation warnings
# and removal failure messages, set the passenger_installed_version to the version number installed on the server.
#
# Change Log:
# - As of 08/13/2017 there are 84 available/deprecated/removed settings.
# - Around 08/20/2017 UnionStation was discontinued options were removed.
# - As of 08/20/2017 there are 77 available/deprecated/removed settings.
#
# @see https://www.phusionpassenger.com/docs/references/config_reference/apache/ for additional documentation.
#
class apache::mod::passenger (
$manage_repo = true,
$mod_id = undef,
$mod_lib = undef,
$mod_lib_path = undef,
$mod_package = undef,
$mod_package_ensure = undef,
$mod_path = undef,
$passenger_allow_encoded_slashes = undef,
Optional[String] $passenger_anonymous_telemetry_proxy = undef,
$passenger_app_env = undef,
$passenger_app_group_name = undef,
$passenger_app_root = undef,
$passenger_app_type = undef,
$passenger_base_uri = undef,
$passenger_buffer_response = undef,
$passenger_buffer_upload = undef,
$passenger_concurrency_model = undef,
- $passenger_conf_file = $::apache::params::passenger_conf_file,
- $passenger_conf_package_file = $::apache::params::passenger_conf_package_file,
+ $passenger_conf_file = $apache::params::passenger_conf_file,
+ $passenger_conf_package_file = $apache::params::passenger_conf_package_file,
$passenger_data_buffer_dir = undef,
$passenger_debug_log_file = undef,
$passenger_debugger = undef,
$passenger_default_group = undef,
- $passenger_default_ruby = $::apache::params::passenger_default_ruby,
+ $passenger_default_ruby = $apache::params::passenger_default_ruby,
$passenger_default_user = undef,
Optional[Boolean] $passenger_disable_anonymous_telemetry = undef,
- Optional[Boolean ] $passenger_disable_log_prefix = undef,
+ Optional[Boolean] $passenger_disable_log_prefix = undef,
$passenger_disable_security_update_check = undef,
$passenger_enabled = undef,
$passenger_error_override = undef,
$passenger_file_descriptor_log_file = undef,
$passenger_fly_with = undef,
$passenger_force_max_concurrent_requests_per_process = undef,
$passenger_friendly_error_pages = undef,
$passenger_group = undef,
$passenger_high_performance = undef,
$passenger_installed_version = undef,
$passenger_instance_registry_dir = undef,
$passenger_load_shell_envvars = undef,
Optional[Stdlib::Absolutepath] $passenger_log_file = undef,
$passenger_log_level = undef,
$passenger_lve_min_uid = undef,
$passenger_max_instances = undef,
$passenger_max_instances_per_app = undef,
$passenger_max_pool_size = undef,
$passenger_max_preloader_idle_time = undef,
$passenger_max_request_queue_size = undef,
$passenger_max_request_time = undef,
$passenger_max_requests = undef,
$passenger_memory_limit = undef,
$passenger_meteor_app_settings = undef,
$passenger_min_instances = undef,
$passenger_nodejs = undef,
$passenger_pool_idle_time = undef,
Optional[Variant[String,Array[String]]] $passenger_pre_start = undef,
$passenger_python = undef,
$passenger_resist_deployment_errors = undef,
$passenger_resolve_symlinks_in_document_root = undef,
$passenger_response_buffer_high_watermark = undef,
$passenger_restart_dir = undef,
$passenger_rolling_restarts = undef,
- $passenger_root = $::apache::params::passenger_root,
- $passenger_ruby = $::apache::params::passenger_ruby,
+ $passenger_root = $apache::params::passenger_root,
+ $passenger_ruby = $apache::params::passenger_ruby,
$passenger_security_update_check_proxy = undef,
$passenger_show_version_in_header = undef,
$passenger_socket_backlog = undef,
Optional[String] $passenger_spawn_dir = undef,
Optional[Enum['smart', 'direct', 'smart-lv2', 'conservative']] $passenger_spawn_method = undef,
$passenger_start_timeout = undef,
$passenger_startup_file = undef,
$passenger_stat_throttle_rate = undef,
$passenger_sticky_sessions = undef,
$passenger_sticky_sessions_cookie_name = undef,
Optional[String] $passenger_sticky_sessions_cookie_attributes = undef,
$passenger_thread_count = undef,
$passenger_use_global_queue = undef,
$passenger_user = undef,
$passenger_user_switching = undef,
$rack_auto_detect = undef,
$rack_autodetect = undef,
$rack_base_uri = undef,
$rack_env = undef,
$rails_allow_mod_rewrite = undef,
$rails_app_spawner_idle_time = undef,
$rails_auto_detect = undef,
$rails_autodetect = undef,
$rails_base_uri = undef,
$rails_default_user = undef,
$rails_env = undef,
$rails_framework_spawner_idle_time = undef,
$rails_ruby = undef,
$rails_spawn_method = undef,
$rails_user_switching = undef,
$wsgi_auto_detect = undef,
) inherits ::apache::params {
- include ::apache
+ include apache
if $passenger_installed_version {
if $passenger_allow_encoded_slashes {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_allow_encoded_slashes is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_anonymous_telemetry_proxy {
if (versioncmp($passenger_installed_version, '6.0.0') < 0) {
fail("Passenger config option :: passenger_anonymous_telemetry_proxy is not introduced until version 6.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_app_env {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_app_env is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_app_group_name {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_app_group_name is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_app_root {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_app_root is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_app_type {
if (versioncmp($passenger_installed_version, '4.0.25') < 0) {
fail("Passenger config option :: passenger_app_type is not introduced until version 4.0.25 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_base_uri {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_base_uri is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_buffer_response {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_buffer_response is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_buffer_upload {
if (versioncmp($passenger_installed_version, '4.0.26') < 0) {
fail("Passenger config option :: passenger_buffer_upload is not introduced until version 4.0.26 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_concurrency_model {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_concurrency_model is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_data_buffer_dir {
if (versioncmp($passenger_installed_version, '5.0.0') < 0) {
fail("Passenger config option :: passenger_data_buffer_dir is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_debug_log_file {
if (versioncmp($passenger_installed_version, '5.0.5') > 0) {
warning('DEPRECATED PASSENGER OPTION :: passenger_debug_log_file :: This option has been renamed in version 5.0.5 to PassengerLogFile.')
}
}
if $passenger_debugger {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_debugger is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_default_group {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_default_group is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_default_ruby {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_default_ruby is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_default_user {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_default_user is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_disable_anonymous_telemetry {
if (versioncmp($passenger_installed_version, '6.0.0') < 0) {
fail("Passenger config option :: passenger_disable_anonymous_telemetry is not introduced until version 6.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_disable_log_prefix {
if (versioncmp($passenger_installed_version, '6.0.2') < 0) {
fail("Passenger config option :: passenger_disable_log_prefix is not introduced until version 6.0.2 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_disable_security_update_check {
if (versioncmp($passenger_installed_version, '5.1.0') < 0) {
fail("Passenger config option :: passenger_disable_security_update_check is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_enabled {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_enabled is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_error_override {
if (versioncmp($passenger_installed_version, '4.0.24') < 0) {
fail("Passenger config option :: passenger_error_override is not introduced until version 4.0.24 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_file_descriptor_log_file {
if (versioncmp($passenger_installed_version, '5.0.5') < 0) {
fail("Passenger config option :: passenger_file_descriptor_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_fly_with {
if (versioncmp($passenger_installed_version, '4.0.45') < 0) {
fail("Passenger config option :: passenger_fly_with is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_force_max_concurrent_requests_per_process {
if (versioncmp($passenger_installed_version, '5.0.22') < 0) {
fail("Passenger config option :: passenger_force_max_concurrent_requests_per_process is not introduced until version 5.0.22 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_friendly_error_pages {
if (versioncmp($passenger_installed_version, '4.0.42') < 0) {
fail("Passenger config option :: passenger_friendly_error_pages is not introduced until version 4.0.42 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_group {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_group is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_high_performance {
if (versioncmp($passenger_installed_version, '2.0.0') < 0) {
fail("Passenger config option :: passenger_high_performance is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_instance_registry_dir {
if (versioncmp($passenger_installed_version, '5.0.0') < 0) {
fail("Passenger config option :: passenger_instance_registry_dir is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_load_shell_envvars {
if (versioncmp($passenger_installed_version, '4.0.20') < 0) {
fail("Passenger config option :: passenger_load_shell_envvars is not introduced until version 4.0.20 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_log_file {
if (versioncmp($passenger_installed_version, '5.0.5') < 0) {
fail("Passenger config option :: passenger_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_log_level {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_log_level is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_lve_min_uid {
if (versioncmp($passenger_installed_version, '5.0.28') < 0) {
fail("Passenger config option :: passenger_lve_min_uid is not introduced until version 5.0.28 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_max_instances {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_max_instances is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_max_instances_per_app {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_max_instances_per_app is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_max_pool_size {
if (versioncmp($passenger_installed_version, '1.0.0') < 0) {
fail("Passenger config option :: passenger_max_pool_size is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_max_preloader_idle_time {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_max_preloader_idle_time is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_max_request_queue_size {
if (versioncmp($passenger_installed_version, '4.0.15') < 0) {
fail("Passenger config option :: passenger_max_request_queue_size is not introduced until version 4.0.15 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_max_request_time {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_max_request_time is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_max_requests {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_max_requests is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_memory_limit {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_memory_limit is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_meteor_app_settings {
if (versioncmp($passenger_installed_version, '5.0.7') < 0) {
fail("Passenger config option :: passenger_meteor_app_settings is not introduced until version 5.0.7 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_min_instances {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_min_instances is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_nodejs {
if (versioncmp($passenger_installed_version, '4.0.24') < 0) {
fail("Passenger config option :: passenger_nodejs is not introduced until version 4.0.24 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_pool_idle_time {
if (versioncmp($passenger_installed_version, '1.0.0') < 0) {
fail("Passenger config option :: passenger_pool_idle_time is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_pre_start {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_pre_start is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_python {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_python is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_resist_deployment_errors {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_resist_deployment_errors is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_resolve_symlinks_in_document_root {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_resolve_symlinks_in_document_root is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_response_buffer_high_watermark {
if (versioncmp($passenger_installed_version, '5.0.0') < 0) {
fail("Passenger config option :: passenger_response_buffer_high_watermark is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_restart_dir {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_restart_dir is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_rolling_restarts {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_rolling_restarts is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_root {
if (versioncmp($passenger_installed_version, '1.0.0') < 0) {
fail("Passenger config option :: passenger_root is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_ruby {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_ruby is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_security_update_check_proxy {
if (versioncmp($passenger_installed_version, '5.1.0') < 0) {
fail("Passenger config option :: passenger_security_update_check_proxy is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_show_version_in_header {
if (versioncmp($passenger_installed_version, '5.1.0') < 0) {
fail("Passenger config option :: passenger_show_version_in_header is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_socket_backlog {
if (versioncmp($passenger_installed_version, '5.0.24') < 0) {
fail("Passenger config option :: passenger_socket_backlog is not introduced until version 5.0.24 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_spawn_dir {
if (versioncmp($passenger_installed_version, '6.0.3') < 0) {
fail("Passenger config option :: passenger_spawn_dir is not introduced until version 6.0.3 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_spawn_method {
if (versioncmp($passenger_installed_version, '2.0.0') < 0) {
fail("Passenger config option :: passenger_spawn_method is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_start_timeout {
if (versioncmp($passenger_installed_version, '4.0.15') < 0) {
fail("Passenger config option :: passenger_start_timeout is not introduced until version 4.0.15 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_startup_file {
if (versioncmp($passenger_installed_version, '4.0.25') < 0) {
fail("Passenger config option :: passenger_startup_file is not introduced until version 4.0.25 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_stat_throttle_rate {
if (versioncmp($passenger_installed_version, '2.2.0') < 0) {
fail("Passenger config option :: passenger_stat_throttle_rate is not introduced until version 2.2.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_sticky_sessions {
if (versioncmp($passenger_installed_version, '4.0.45') < 0) {
fail("Passenger config option :: passenger_sticky_sessions is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_sticky_sessions_cookie_name {
if (versioncmp($passenger_installed_version, '4.0.45') < 0) {
fail("Passenger config option :: passenger_sticky_sessions_cookie_name is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_sticky_sessions_cookie_attributes {
if (versioncmp($passenger_installed_version, '6.0.5') < 0) {
fail("Passenger config option :: passenger_sticky_sessions_cookie_attributes is not introduced until version 6.0.5 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_thread_count {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_thread_count is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_use_global_queue {
if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
fail('REMOVED PASSENGER OPTION :: passenger_use_global_queue :: -- no message on the current passenger reference webpage -- ')
}
if (versioncmp($passenger_installed_version, '2.0.4') < 0) {
fail("Passenger config option :: passenger_use_global_queue is not introduced until version 2.0.4 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_user {
if (versioncmp($passenger_installed_version, '4.0.0') < 0) {
fail("Passenger config option :: passenger_user is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $passenger_user_switching {
if (versioncmp($passenger_installed_version, '3.0.0') < 0) {
fail("Passenger config option :: passenger_user_switching is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if ($rack_auto_detect or $rack_autodetect) {
if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
fail('REMOVED PASSENGER OPTION :: rack_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.')
}
}
if $rack_base_uri {
if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
warning('DEPRECATED PASSENGER OPTION :: rack_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.')
}
}
if $rack_env {
if (versioncmp($passenger_installed_version, '2.0.0') < 0) {
fail("Passenger config option :: rack_env is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $rails_allow_mod_rewrite {
if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
warning("DEPRECATED PASSENGER OPTION :: rails_allow_mod_rewrite :: This option doesn't do anything anymore in since version 4.0.0.")
}
}
if $rails_app_spawner_idle_time {
if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
fail('REMOVED PASSENGER OPTION :: rails_app_spawner_idle_time :: This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.')
}
}
if ($rails_auto_detect or $rails_autodetect) {
if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
fail('REMOVED PASSENGER OPTION :: rails_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.')
}
}
if $rails_base_uri {
if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
warning('DEPRECATED PASSENGER OPTION :: rails_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.')
}
}
if $rails_default_user {
if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
warning('DEPRECATED PASSENGER OPTION :: rails_default_user :: Deprecated in 3.0.0 in favor of PassengerDefaultUser.')
}
}
if $rails_env {
if (versioncmp($passenger_installed_version, '2.0.0') < 0) {
fail("Passenger config option :: rails_env is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported")
}
}
if $rails_framework_spawner_idle_time {
if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
fail('REMOVED PASSENGER OPTION :: rails_framework_spawner_idle_time :: This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead.')
}
}
if $rails_ruby {
if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
warning('DEPRECATED PASSENGER OPTION :: rails_ruby :: Deprecated in 3.0.0 in favor of PassengerRuby.')
}
}
if $rails_spawn_method {
if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
warning('DEPRECATED PASSENGER OPTION :: rails_spawn_method :: Deprecated in 3.0.0 in favor of PassengerSpawnMethod.')
}
}
if $rails_user_switching {
if (versioncmp($passenger_installed_version, '3.0.0') > 0) {
warning('DEPRECATED PASSENGER OPTION :: rails_user_switching :: Deprecated in 3.0.0 in favor of PassengerUserSwitching.')
}
}
if $wsgi_auto_detect {
if (versioncmp($passenger_installed_version, '4.0.0') > 0) {
fail('REMOVED PASSENGER OPTION :: wsgi_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.')
}
}
}
# Managed by the package, but declare it to avoid purging
if $passenger_conf_package_file {
file { 'passenger_package.conf':
- path => "${::apache::confd_dir}/${passenger_conf_package_file}",
+ path => "${apache::confd_dir}/${passenger_conf_package_file}",
}
}
$_package = $mod_package
$_package_ensure = $mod_package_ensure
$_lib = $mod_lib
if $::osfamily == 'FreeBSD' {
if $mod_lib_path {
$_lib_path = $mod_lib_path
} else {
$_lib_path = "${passenger_root}/buildout/apache2"
}
} else {
$_lib_path = $mod_lib_path
}
if $::osfamily == 'RedHat' and $manage_repo {
if $::operatingsystem == 'Amazon' {
$baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/6Server/$basearch'
} else {
$baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch'
}
yumrepo { 'passenger':
ensure => 'present',
baseurl => $baseurl,
descr => 'passenger',
enabled => '1',
gpgcheck => '0',
gpgkey => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt',
repo_gpgcheck => '1',
sslcacert => '/etc/pki/tls/certs/ca-bundle.crt',
sslverify => '1',
before => Apache::Mod['passenger'],
}
}
unless ($::operatingsystem == 'SLES') {
$_id = $mod_id
$_path = $mod_path
::apache::mod { 'passenger':
package => $_package,
package_ensure => $_package_ensure,
lib => $_lib,
lib_path => $_lib_path,
id => $_id,
path => $_path,
loadfile_name => 'zpassenger.load',
}
}
# Template uses:
# - $passenger_allow_encoded_slashes : since 4.0.0.
# - $passenger_app_env : since 4.0.0.
# - $passenger_app_group_name : since 4.0.0.
# - $passenger_app_root : since 4.0.0.
# - $passenger_app_type : since 4.0.25.
# - $passenger_base_uri : since 4.0.0.
# - $passenger_buffer_response : since 4.0.0.
# - $passenger_buffer_upload : since 4.0.26.
# - $passenger_concurrency_model : since 4.0.0.
# - $passenger_data_buffer_dir : since 5.0.0.
# - $passenger_debug_log_file : since unkown. Deprecated in 5.0.5.
# - $passenger_debugger : since 3.0.0.
# - $passenger_default_group : since 3.0.0.
# - $passenger_default_ruby : since 4.0.0.
# - $passenger_default_user : since 3.0.0.
# - $passenger_disable_security_update_check : since 5.1.0.
# - $passenger_enabled : since 4.0.0.
# - $passenger_error_override : since 4.0.24.
# - $passenger_file_descriptor_log_file : since 5.0.5.
# - $passenger_fly_with : since 4.0.45.
# - $passenger_force_max_concurrent_requests_per_process : since 5.0.22.
# - $passenger_friendly_error_pages : since 4.0.42.
# - $passenger_group : since 4.0.0.
# - $passenger_high_performance : since 2.0.0.
# - $passenger_instance_registry_dir : since 5.0.0.
# - $passenger_load_shell_envvars : since 4.0.20.
# - $passenger_log_file : since 5.0.5.
# - $passenger_log_level : since 3.0.0.
# - $passenger_lve_min_uid : since 5.0.28.
# - $passenger_max_instances : since 3.0.0.
# - $passenger_max_instances_per_app : since 3.0.0.
# - $passenger_max_pool_size : since 1.0.0.
# - $passenger_max_preloader_idle_time : since 4.0.0.
# - $passenger_max_request_queue_size : since 4.0.15.
# - $passenger_max_request_time : since 3.0.0.
# - $passenger_max_requests : since 3.0.0.
# - $passenger_memory_limit : since 3.0.0.
# - $passenger_meteor_app_settings : since 5.0.7.
# - $passenger_min_instances : since 3.0.0.
# - $passenger_nodejs : since 4.0.24.
# - $passenger_pool_idle_time : since 1.0.0.
# - $passenger_pre_start : since 3.0.0.
# - $passenger_python : since 4.0.0.
# - $passenger_resist_deployment_errors : since 3.0.0.
# - $passenger_resolve_symlinks_in_document_root : since 3.0.0.
# - $passenger_response_buffer_high_watermark : since 5.0.0.
# - $passenger_restart_dir : since 3.0.0.
# - $passenger_rolling_restarts : since 3.0.0.
# - $passenger_root : since 1.0.0.
# - $passenger_ruby : since 4.0.0.
# - $passenger_security_update_check_proxy : since 5.1.0.
# - $passenger_show_version_in_header : since 5.1.0.
# - $passenger_socket_backlog : since 5.0.24.
# - $passenger_spawn_method : since 2.0.0.
# - $passenger_start_timeout : since 4.0.15.
# - $passenger_startup_file : since 4.0.25.
# - $passenger_stat_throttle_rate : since 2.2.0.
# - $passenger_sticky_sessions : since 4.0.45.
# - $passenger_sticky_sessions_cookie_name : since 4.0.45.
# - $passenger_thread_count : since 4.0.0.
# - $passenger_use_global_queue : since 2.0.4.Deprecated in 4.0.0.
# - $passenger_user : since 4.0.0.
# - $passenger_user_switching : since 3.0.0.
# - $rack_auto_detect : since unkown. Deprecated in 4.0.0.
# - $rack_base_uri : since unkown. Deprecated in 3.0.0.
# - $rack_env : since 2.0.0.
# - $rails_allow_mod_rewrite : since unkown. Deprecated in 4.0.0.
# - $rails_app_spawner_idle_time : since unkown. Deprecated in 4.0.0.
# - $rails_auto_detect : since unkown. Deprecated in 4.0.0.
# - $rails_base_uri : since unkown. Deprecated in 3.0.0.
# - $rails_default_user : since unkown. Deprecated in 3.0.0.
# - $rails_env : since 2.0.0.
# - $rails_framework_spawner_idle_time : since unkown. Deprecated in 4.0.0.
# - $rails_ruby : since unkown. Deprecated in 3.0.0.
# - $rails_spawn_method : since unkown. Deprecated in 3.0.0.
# - $rails_user_switching : since unkown. Deprecated in 3.0.0.
# - $wsgi_auto_detect : since unkown. Deprecated in 4.0.0.
# - $rails_autodetect : this options is only for backward compatiblity with older versions of this class
# - $rack_autodetect : this options is only for backward compatiblity with older versions of this class
file { 'passenger.conf':
ensure => file,
- path => "${::apache::mod_dir}/${passenger_conf_file}",
+ path => "${apache::mod_dir}/${passenger_conf_file}",
content => template('apache/mod/passenger.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/perl.pp b/manifests/mod/perl.pp
index 60010a7e..f883305e 100644
--- a/manifests/mod/perl.pp
+++ b/manifests/mod/perl.pp
@@ -1,9 +1,9 @@
# @summary
# Installs `mod_perl`.
#
# @see https://perl.apache.org for additional documentation.
#
class apache::mod::perl {
- include ::apache
+ include apache
::apache::mod { 'perl': }
}
diff --git a/manifests/mod/peruser.pp b/manifests/mod/peruser.pp
index 63f6a0a4..4fec2c04 100644
--- a/manifests/mod/peruser.pp
+++ b/manifests/mod/peruser.pp
@@ -1,82 +1,82 @@
# @summary
# Installs `mod_peruser`.
#
# @todo
# Add docs
class apache::mod::peruser (
$minspareprocessors = '2',
$minprocessors = '2',
$maxprocessors = '10',
$maxclients = '150',
$maxrequestsperchild = '1000',
$idletimeout = '120',
$expiretimeout = '120',
$keepalive = 'Off',
) {
- include ::apache
+ include apache
case $::osfamily {
'freebsd' : {
fail("Unsupported osfamily ${::osfamily}")
}
default: {
if $::osfamily == 'gentoo' {
::portage::makeconf { 'apache2_mpms':
content => 'peruser',
}
}
if defined(Class['apache::mod::event']) {
fail('May not include both apache::mod::peruser and apache::mod::event on the same node')
}
if defined(Class['apache::mod::itk']) {
fail('May not include both apache::mod::peruser and apache::mod::itk on the same node')
}
if defined(Class['apache::mod::prefork']) {
fail('May not include both apache::mod::peruser and apache::mod::prefork on the same node')
}
if defined(Class['apache::mod::worker']) {
fail('May not include both apache::mod::peruser and apache::mod::worker on the same node')
}
File {
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
}
- $mod_dir = $::apache::mod_dir
+ $mod_dir = $apache::mod_dir
# Template uses:
# - $minspareprocessors
# - $minprocessors
# - $maxprocessors
# - $maxclients
# - $maxrequestsperchild
# - $idletimeout
# - $expiretimeout
# - $keepalive
# - $mod_dir
- file { "${::apache::mod_dir}/peruser.conf":
+ file { "${apache::mod_dir}/peruser.conf":
ensure => file,
- mode => $::apache::file_mode,
+ mode => $apache::file_mode,
content => template('apache/mod/peruser.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
- file { "${::apache::mod_dir}/peruser":
+ file { "${apache::mod_dir}/peruser":
ensure => directory,
- require => File[$::apache::mod_dir],
+ require => File[$apache::mod_dir],
}
- file { "${::apache::mod_dir}/peruser/multiplexers":
+ file { "${apache::mod_dir}/peruser/multiplexers":
ensure => directory,
- require => File["${::apache::mod_dir}/peruser"],
+ require => File["${apache::mod_dir}/peruser"],
}
- file { "${::apache::mod_dir}/peruser/processors":
+ file { "${apache::mod_dir}/peruser/processors":
ensure => directory,
- require => File["${::apache::mod_dir}/peruser"],
+ require => File["${apache::mod_dir}/peruser"],
}
::apache::peruser::multiplexer { '01-default': }
}
}
}
diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp
index 96465cd4..7b320d00 100644
--- a/manifests/mod/php.pp
+++ b/manifests/mod/php.pp
@@ -1,108 +1,107 @@
# @summary
# Installs `mod_php`.
#
# @todo
# Add docs
# @note Unsupported platforms: SLES: all
class apache::mod::php (
$package_name = undef,
$package_ensure = 'present',
$path = undef,
Array $extensions = ['.php'],
$content = undef,
$template = 'apache/mod/php.conf.erb',
$source = undef,
- $root_group = $::apache::params::root_group,
- $php_version = $::apache::params::php_version,
+ $root_group = $apache::params::root_group,
+ $php_version = $apache::params::php_version,
$libphp_prefix = 'libphp'
) inherits apache::params {
-
- include ::apache
+ include apache
$mod = "php${php_version}"
- if $::apache::version::scl_httpd_version == undef and $::apache::version::scl_php_version != undef {
+ if $apache::version::scl_httpd_version == undef and $apache::version::scl_php_version != undef {
fail('If you define apache::version::scl_php_version, you also need to specify apache::version::scl_httpd_version')
}
if defined(Class['::apache::mod::prefork']) {
Class['::apache::mod::prefork']->File["${mod}.conf"]
}
elsif defined(Class['::apache::mod::itk']) {
Class['::apache::mod::itk']->File["${mod}.conf"]
}
else {
fail('apache::mod::php requires apache::mod::prefork or apache::mod::itk; please enable mpm_module => \'prefork\' or mpm_module => \'itk\' on Class[\'apache\']')
}
if $source and ($content or $template != 'apache/mod/php.conf.erb') {
warning('source and content or template parameters are provided. source parameter will be used')
} elsif $content and $template != 'apache/mod/php.conf.erb' {
warning('content and template parameters are provided. content parameter will be used')
}
$manage_content = $source ? {
undef => $content ? {
undef => template($template),
default => $content,
},
default => undef,
}
# Determine if we have a package
- $mod_packages = $::apache::mod_packages
+ $mod_packages = $apache::mod_packages
if $package_name {
$_package_name = $package_name
} elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack
$_package_name = $mod_packages[$mod]
} elsif has_key($mod_packages, 'phpXXX') { # 2.6 compatibility hack
$_package_name = regsubst($mod_packages['phpXXX'], 'XXX', $php_version)
} else {
$_package_name = undef
}
$_php_major = regsubst($php_version, '^(\d+)\..*$', '\1')
$_php_version_no_dot = regsubst($php_version, '\.', '')
if $apache::version::scl_httpd_version {
$_lib = "librh-php${_php_version_no_dot}-php${_php_major}.so"
} else {
# Controls php version and libphp prefix
$_lib = "${libphp_prefix}${php_version}.so"
}
if $::operatingsystem == 'SLES' {
::apache::mod { $mod:
package => $_package_name,
package_ensure => $package_ensure,
lib => "mod_${mod}.so",
id => "php${_php_major}_module",
- path => "${::apache::lib_path}/mod_${mod}.so",
+ path => "${apache::lib_path}/mod_${mod}.so",
}
} else {
::apache::mod { $mod:
package => $_package_name,
package_ensure => $package_ensure,
lib => $_lib,
id => "php${_php_major}_module",
path => $path,
}
}
- include ::apache::mod::mime
- include ::apache::mod::dir
+ include apache::mod::mime
+ include apache::mod::dir
Class['::apache::mod::mime'] -> Class['::apache::mod::dir'] -> Class['::apache::mod::php']
# Template uses $extensions
file { "${mod}.conf":
ensure => file,
- path => "${::apache::mod_dir}/${mod}.conf",
+ path => "${apache::mod_dir}/${mod}.conf",
owner => 'root',
group => $root_group,
- mode => $::apache::file_mode,
+ mode => $apache::file_mode,
content => $manage_content,
source => $source,
require => [
- Exec["mkdir ${::apache::mod_dir}"],
+ Exec["mkdir ${apache::mod_dir}"],
],
- before => File[$::apache::mod_dir],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp
index 051d925a..f6c6315a 100644
--- a/manifests/mod/prefork.pp
+++ b/manifests/mod/prefork.pp
@@ -1,134 +1,134 @@
# @summary
# Installs and configures MPM `prefork`.
#
# @param startservers
# Number of child server processes created at startup.
#
# @param minspareservers
# Minimum number of idle child server processes.
#
# @param maxspareservers
# Maximum number of idle child server processes.
#
# @param serverlimit
# Upper limit on configurable number of processes.
#
# @param maxclients
# Old alias for MaxRequestWorkers.
#
# @param maxrequestworkers
# Maximum number of connections that will be processed simultaneously.
#
# @param maxrequestsperchild
# Old alias for MaxConnectionsPerChild.
#
# @param maxconnectionsperchild
# Limit on the number of connections that an individual child server will handle during its life.
#
# @param apache_version
# Used to verify that the Apache version you have requested is compatible with the module.
#
# @param listenbacklog
# Maximum length of the queue of pending connections.
#
# @see https://httpd.apache.org/docs/current/mod/prefork.html for additional documentation.
#
class apache::mod::prefork (
$startservers = '8',
$minspareservers = '5',
$maxspareservers = '20',
$serverlimit = '256',
$maxclients = '256',
$maxrequestworkers = undef,
$maxrequestsperchild = '4000',
$maxconnectionsperchild = undef,
$apache_version = undef,
$listenbacklog = '511'
) {
- include ::apache
+ include apache
$_apache_version = pick($apache_version, $apache::apache_version)
if defined(Class['apache::mod::event']) {
fail('May not include both apache::mod::prefork and apache::mod::event on the same node')
}
if versioncmp($_apache_version, '2.4') < 0 {
if defined(Class['apache::mod::itk']) {
fail('May not include both apache::mod::prefork and apache::mod::itk on the same node')
}
}
if defined(Class['apache::mod::peruser']) {
fail('May not include both apache::mod::prefork and apache::mod::peruser on the same node')
}
if defined(Class['apache::mod::worker']) {
fail('May not include both apache::mod::prefork and apache::mod::worker on the same node')
}
if versioncmp($_apache_version, '2.3.13') < 0 {
if $maxrequestworkers == undef {
warning("For newer versions of Apache, \$maxclients is deprecated, please use \$maxrequestworkers.")
} elsif $maxconnectionsperchild == undef {
warning("For newer versions of Apache, \$maxrequestsperchild is deprecated, please use \$maxconnectionsperchild.")
}
}
File {
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
}
# Template uses:
# - $startservers
# - $minspareservers
# - $maxspareservers
# - $serverlimit
# - $maxclients
# - $maxrequestworkers
# - $maxrequestsperchild
# - $maxconnectionsperchild
- file { "${::apache::mod_dir}/prefork.conf":
+ file { "${apache::mod_dir}/prefork.conf":
ensure => file,
content => template('apache/mod/prefork.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
case $::osfamily {
'redhat': {
if versioncmp($_apache_version, '2.4') >= 0 {
- ::apache::mpm{ 'prefork':
+ ::apache::mpm { 'prefork':
apache_version => $_apache_version,
}
}
else {
file_line { '/etc/sysconfig/httpd prefork enable':
ensure => present,
path => '/etc/sysconfig/httpd',
line => '#HTTPD=/usr/sbin/httpd.worker',
match => '#?HTTPD=/usr/sbin/httpd.worker',
require => Package['httpd'],
notify => Class['apache::service'],
}
}
}
'debian', 'freebsd': {
- ::apache::mpm{ 'prefork':
+ ::apache::mpm { 'prefork':
apache_version => $_apache_version,
}
}
'Suse': {
- ::apache::mpm{ 'prefork':
+ ::apache::mpm { 'prefork':
apache_version => $apache_version,
lib_path => '/usr/lib64/apache2-prefork',
}
}
'gentoo': {
::portage::makeconf { 'apache2_mpms':
content => 'prefork',
}
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
}
diff --git a/manifests/mod/proxy.pp b/manifests/mod/proxy.pp
index 4564e337..2a9eb714 100644
--- a/manifests/mod/proxy.pp
+++ b/manifests/mod/proxy.pp
@@ -1,52 +1,52 @@
# @summary
# Installs and configures `mod_proxy`.
#
# @param proxy_requests
# Enables forward (standard) proxy requests.
#
# @param allow_from
# List of IPs allowed to access proxy.
#
# @param apache_version
# Used to verify that the Apache version you have requested is compatible with the module.
#
# @param package_name
# Name of the proxy package to install.
#
# @param proxy_via
# Set local IP address for outgoing proxy connections.
#
# @param proxy_timeout
# Network timeout for proxied requests.
#
# @param proxy_iobuffersize
# Set the size of internal data throughput buffer
#
# @see https://httpd.apache.org/docs/current/mod/mod_proxy.html for additional documentation.
#
class apache::mod::proxy (
$proxy_requests = 'Off',
$allow_from = undef,
$apache_version = undef,
$package_name = undef,
$proxy_via = 'On',
$proxy_timeout = undef,
$proxy_iobuffersize = undef,
) {
- include ::apache
+ include apache
$_proxy_timeout = $apache::timeout
$_apache_version = pick($apache_version, $apache::apache_version)
::apache::mod { 'proxy':
package => $package_name,
}
# Template uses $proxy_requests, $_apache_version
file { 'proxy.conf':
ensure => file,
- path => "${::apache::mod_dir}/proxy.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/proxy.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/proxy.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/proxy_balancer.pp b/manifests/mod/proxy_balancer.pp
index 7089540a..43bd0af6 100644
--- a/manifests/mod/proxy_balancer.pp
+++ b/manifests/mod/proxy_balancer.pp
@@ -1,46 +1,45 @@
# @summary
# Installs and configures `mod_proxy_balancer`.
#
# @param manager
# Toggle whether to enable balancer manager support.
#
# @param maanger_path
# Server relative path to balancer manager.
#
# @param allow_from
# List of IPs from which the balancer manager can be accessed.
#
# @param apache_version
# Version of Apache to install module on.
#
# @see https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html for additional documentation.
#
-class apache::mod::proxy_balancer(
+class apache::mod::proxy_balancer (
Boolean $manager = false,
Stdlib::Absolutepath $manager_path = '/balancer-manager',
Array $allow_from = ['127.0.0.1','::1'],
- $apache_version = $::apache::apache_version,
+ $apache_version = $apache::apache_version,
) {
-
- include ::apache::mod::proxy
- include ::apache::mod::proxy_http
+ include apache::mod::proxy
+ include apache::mod::proxy_http
if versioncmp($apache_version, '2.4') >= 0 {
::apache::mod { 'slotmem_shm': }
}
Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_balancer']
Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_balancer']
::apache::mod { 'proxy_balancer': }
if $manager {
- include ::apache::mod::status
+ include apache::mod::status
file { 'proxy_balancer.conf':
ensure => file,
- path => "${::apache::mod_dir}/proxy_balancer.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/proxy_balancer.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/proxy_balancer.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
}
diff --git a/manifests/mod/proxy_connect.pp b/manifests/mod/proxy_connect.pp
index 56103f61..e09cab07 100644
--- a/manifests/mod/proxy_connect.pp
+++ b/manifests/mod/proxy_connect.pp
@@ -1,18 +1,18 @@
# @summary
# Installs `mod_proxy_connect`.
#
# @param apache_version
# Used to verify that the Apache version you have requested is compatible with the module.
#
# @see https://httpd.apache.org/docs/current/mod/mod_proxy_connect.html for additional documentation.
#
class apache::mod::proxy_connect (
$apache_version = undef,
) {
- include ::apache
+ include apache
$_apache_version = pick($apache_version, $apache::apache_version)
if versioncmp($_apache_version, '2.2') >= 0 {
Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_connect']
::apache::mod { 'proxy_connect': }
}
}
diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp
index 730940a4..22a57664 100644
--- a/manifests/mod/proxy_html.pp
+++ b/manifests/mod/proxy_html.pp
@@ -1,60 +1,60 @@
# @summary
# Installs `mod_proxy_html`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_proxy_html.html for additional documentation.
#
class apache::mod::proxy_html {
- include ::apache
+ include apache
Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_html']
Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_html']
# Add libxml2
case $::osfamily {
/RedHat|FreeBSD|Gentoo|Suse/: {
::apache::mod { 'xml2enc': }
$loadfiles = undef
}
'Debian': {
$gnu_path = $::hardwaremodel ? {
'i686' => 'i386',
default => $::hardwaremodel,
}
case $::operatingsystem {
'Ubuntu': {
- $loadfiles = $::apache::params::distrelease ? {
+ $loadfiles = $apache::params::distrelease ? {
'10' => ['/usr/lib/libxml2.so.2'],
default => ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"],
}
}
'Debian': {
- $loadfiles = $::apache::params::distrelease ? {
+ $loadfiles = $apache::params::distrelease ? {
'6' => ['/usr/lib/libxml2.so.2'],
default => ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"],
}
}
default: {
$loadfiles = ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"]
}
}
- if versioncmp($::apache::apache_version, '2.4') >= 0 {
+ if versioncmp($apache::apache_version, '2.4') >= 0 {
::apache::mod { 'xml2enc': }
}
}
- default: { }
+ default: {}
}
::apache::mod { 'proxy_html':
loadfiles => $loadfiles,
}
# Template uses $icons_path
file { 'proxy_html.conf':
ensure => file,
- path => "${::apache::mod_dir}/proxy_html.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/proxy_html.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/proxy_html.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/proxy_wstunnel.pp b/manifests/mod/proxy_wstunnel.pp
index 14e3f9d3..a7dc00f0 100644
--- a/manifests/mod/proxy_wstunnel.pp
+++ b/manifests/mod/proxy_wstunnel.pp
@@ -1,10 +1,10 @@
# @summary
# Installs `mod_proxy_wstunnel`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html for additional documentation.
#
class apache::mod::proxy_wstunnel {
- include ::apache, ::apache::mod::proxy
+ include apache, apache::mod::proxy
Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_wstunnel']
::apache::mod { 'proxy_wstunnel': }
}
diff --git a/manifests/mod/python.pp b/manifests/mod/python.pp
index 3ad11b9f..91f1d381 100644
--- a/manifests/mod/python.pp
+++ b/manifests/mod/python.pp
@@ -1,18 +1,16 @@
# @summary
# Installs and configures `mod_python`.
#
# @param loadfile_name
# Sets the name of the configuration file that is used to load the python module.
#
# @see https://github.com/grisha/mod_python for additional documentation.
#
class apache::mod::python (
Optional[String] $loadfile_name = undef,
) {
- include ::apache
+ include apache
::apache::mod { 'python':
loadfile_name => $loadfile_name,
}
}
-
-
diff --git a/manifests/mod/remoteip.pp b/manifests/mod/remoteip.pp
index 9c7f5b17..addc966f 100644
--- a/manifests/mod/remoteip.pp
+++ b/manifests/mod/remoteip.pp
@@ -1,114 +1,114 @@
# @summary
# Installs and configures `mod_remoteip`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_remoteip.html
#
# @param header
# The header field in which `mod_remoteip` will look for the useragent IP.
#
# @param internal_proxy
# A list of IP addresses, IP blocks or hostname that are trusted to set a
# valid value inside specified header. Unlike the `$trusted_proxy_ips`
# parameter, any IP address (including private addresses) presented by these
# proxies will trusted by `mod_remoteip`.
#
# @param proxy_ips
# *Deprecated*: use `$internal_proxy` instead.
#
# @param internal_proxy_list
# The path to a file containing a list of IP addresses, IP blocks or hostname
# that are trusted to set a valid value inside the specified header. See
# `$internal_proxy` for details.
#
# @param proxies_header
# A header into which `mod_remoteip` will collect a list of all of the
# intermediate client IP addresses trusted to resolve the useragent IP of the
# request (e.g. `X-Forwarded-By`).
#
# @param proxy_protocol
# Wether or not to enable the PROXY protocol header handling. If enabled
# upstream clients must set the header every time they open a connection.
#
# @param proxy_protocol_exceptions
# A list of IP address or IP blocks that are not required to use the PROXY
# protocol.
#
# @param trusted_proxy
# A list of IP addresses, IP blocks or hostname that are trusted to set a
# valid value inside the specified header. Unlike the `$proxy_ips` parameter,
# any private IP presented by these proxies will be disgarded by
# `mod_remoteip`.
#
# @param trusted_proxy_ips
# *Deprecated*: use `$trusted_proxy` instead.
#
# @param trusted_proxy_list
# The path to a file containing a list of IP addresses, IP blocks or hostname
# that are trusted to set a valid value inside the specified header. See
# `$trusted_proxy` for details.
#
# @param apache_version
# A version string used to validate that your apache version supports
# `mod_remoteip`. If not specified, `$::apache::apache_version` is used.
#
# @see https://httpd.apache.org/docs/current/mod/mod_remoteip.html for additional documentation.
#
class apache::mod::remoteip (
String $header = 'X-Forwarded-For',
Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $internal_proxy = undef,
Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $proxy_ips = undef,
Optional[Stdlib::Absolutepath] $internal_proxy_list = undef,
Optional[String] $proxies_header = undef,
Boolean $proxy_protocol = false,
Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $proxy_protocol_exceptions = undef,
Optional[Array[Stdlib::Host]] $trusted_proxy = undef,
Optional[Array[Stdlib::Host]] $trusted_proxy_ips = undef,
Optional[Stdlib::Absolutepath] $trusted_proxy_list = undef,
Optional[String] $apache_version = undef,
) {
- include ::apache
+ include apache
$_apache_version = pick($apache_version, $apache::apache_version)
if versioncmp($_apache_version, '2.4') < 0 {
fail('mod_remoteip is only available in Apache 2.4')
}
if $proxy_ips {
deprecation('apache::mod::remoteip::proxy_ips', 'This parameter is deprecated, please use `internal_proxy`.')
$_internal_proxy = $proxy_ips
} elsif $internal_proxy {
$_internal_proxy = $internal_proxy
} else {
$_internal_proxy = ['127.0.0.1']
}
if $trusted_proxy_ips {
deprecation('apache::mod::remoteip::trusted_proxy_ips', 'This parameter is deprecated, please use `trusted_proxy`.')
$_trusted_proxy = $trusted_proxy_ips
} else {
$_trusted_proxy = $trusted_proxy
}
::apache::mod { 'remoteip': }
$template_parameters = {
header => $header,
internal_proxy => $_internal_proxy,
internal_proxy_list => $internal_proxy_list,
proxies_header => $proxies_header,
proxy_protocol => $proxy_protocol,
proxy_protocol_exceptions => $proxy_protocol_exceptions,
trusted_proxy => $_trusted_proxy,
trusted_proxy_list => $trusted_proxy_list,
}
file { 'remoteip.conf':
ensure => file,
- path => "${::apache::mod_dir}/remoteip.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/remoteip.conf",
+ mode => $apache::file_mode,
content => epp('apache/mod/remoteip.conf.epp', $template_parameters),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/reqtimeout.pp b/manifests/mod/reqtimeout.pp
index 31587207..a971e045 100644
--- a/manifests/mod/reqtimeout.pp
+++ b/manifests/mod/reqtimeout.pp
@@ -1,24 +1,24 @@
# @summary
# Installs and configures `mod_reqtimeout`.
#
# @param timeouts
# List of timeouts and data rates for receiving requests.
#
# @see https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html for additional documentation.
#
class apache::mod::reqtimeout (
$timeouts = ['header=20-40,minrate=500', 'body=10,minrate=500']
-){
- include ::apache
+) {
+ include apache
::apache::mod { 'reqtimeout': }
# Template uses no variables
file { 'reqtimeout.conf':
ensure => file,
- path => "${::apache::mod_dir}/reqtimeout.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/reqtimeout.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/reqtimeout.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/rewrite.pp b/manifests/mod/rewrite.pp
index e7622b19..06986d1e 100644
--- a/manifests/mod/rewrite.pp
+++ b/manifests/mod/rewrite.pp
@@ -1,9 +1,9 @@
# @summary
# Installs `mod_rewrite`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_rewrite.html for additional documentation.
#
class apache::mod::rewrite {
- include ::apache::params
+ include apache::params
::apache::mod { 'rewrite': }
}
diff --git a/manifests/mod/rpaf.pp b/manifests/mod/rpaf.pp
index 21430a36..7e4bab23 100644
--- a/manifests/mod/rpaf.pp
+++ b/manifests/mod/rpaf.pp
@@ -1,40 +1,40 @@
# @summary
# Installs and configures `mod_rpaf`.
#
# @param sethostname
# Toggles whether to update vhost name so ServerName and ServerAlias work.
#
# @param proxy_ips
# List of IPs & bitmasked subnets to adjust requests for
#
# @param header
# Header to use for the real IP address.
#
# @param template
# Path to template to use for configuring mod_rpaf.
#
# @see https://github.com/gnif/mod_rpaf for additional documentation.
#
class apache::mod::rpaf (
$sethostname = true,
- $proxy_ips = [ '127.0.0.1' ],
+ $proxy_ips = ['127.0.0.1'],
$header = 'X-Forwarded-For',
$template = 'apache/mod/rpaf.conf.erb'
) {
- include ::apache
+ include apache
::apache::mod { 'rpaf': }
# Template uses:
# - $sethostname
# - $proxy_ips
# - $header
file { 'rpaf.conf':
ensure => file,
- path => "${::apache::mod_dir}/rpaf.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/rpaf.conf",
+ mode => $apache::file_mode,
content => template($template),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp
index 1bc3edfd..e011c33b 100644
--- a/manifests/mod/security.pp
+++ b/manifests/mod/security.pp
@@ -1,248 +1,246 @@
-
# @summary
# Installs and configures `mod_security`.
#
# @param version
# Manage mod_security or mod_security2
#
# @param logroot
# Configures the location of audit and debug logs.
#
# @param crs_package
# Name of package that installs CRS rules.
#
# @param activated_rules
# An array of rules from the modsec_crs_path or absolute to activate via symlinks.
#
# @param modsec_dir
# Defines the path where Puppet installs the modsec configuration and activated rules links.
#
# @param modsec_secruleengine
# Configures the rules engine.
#
# @param audit_log_relevant_status
# Configures which response status code is to be considered relevant for the purpose of audit logging.
#
# @param audit_log_parts
# Defines which parts of each transaction are going to be recorded in the audit log. Each part is assigned a single letter; when a
# letter appears in the list then the equivalent part will be recorded.
#
# @param audit_log_type
# Defines the type of audit logging mechanism to be used.
#
# @param audit_log_storage_dir
# Defines the directory where concurrent audit log entries are to be stored. This directive is only needed when concurrent audit logging is used.
#
# @param secpcrematchlimit
# Sets the match limit in the PCRE library.
#
# @param secpcrematchlimitrecursion
# Sets the match limit recursion in the PCRE library.
#
# @param allowed_methods
# A space-separated list of allowed HTTP methods.
#
# @param content_types
# A list of one or more allowed MIME types.
#
# @param restricted_extensions
# A space-sparated list of prohibited file extensions.
#
# @param restricted_headers
# A list of restricted headers separated by slashes and spaces.
#
# @param secdefaultaction
# Defines the default list of actions, which will be inherited by the rules in the same configuration context.
#
# @param anomaly_score_blocking
# Activates or deactivates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set.
#
# @param inbound_anomaly_threshold
# Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
#
# @param outbound_anomaly_threshold
# Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
#
# @param critical_anomaly_score
# Sets the Anomaly Score for rules assigned with a critical severity.
#
# @param error_anomaly_score
# Sets the Anomaly Score for rules assigned with a error severity.
#
# @param warning_anomaly_score
# Sets the Anomaly Score for rules assigned with a warning severity.
#
# @param notice_anomaly_score
# Sets the Anomaly Score for rules assigned with a notice severity.
#
# @param secrequestmaxnumargs
# Sets the maximum number of arguments in the request.
#
# @param secrequestbodylimit
# Sets the maximum request body size ModSecurity will accept for buffering.
#
# @param secrequestbodynofileslimit
# Configures the maximum request body size ModSecurity will accept for buffering, excluding the size of any files being transported
# in the request.
#
# @param secrequestbodyinmemorylimit
# Configures the maximum request body size that ModSecurity will store in memory.
#
# @param manage_security_crs
# Toggles whether to manage ModSecurity Core Rule Set
#
# @see https://github.com/SpiderLabs/ModSecurity/wiki for additional documentation.
#
class apache::mod::security (
- $logroot = $::apache::params::logroot,
- $version = $::apache::params::modsec_version,
- $crs_package = $::apache::params::modsec_crs_package,
- $activated_rules = $::apache::params::modsec_default_rules,
- $modsec_dir = $::apache::params::modsec_dir,
- $modsec_secruleengine = $::apache::params::modsec_secruleengine,
+ $logroot = $apache::params::logroot,
+ $version = $apache::params::modsec_version,
+ $crs_package = $apache::params::modsec_crs_package,
+ $activated_rules = $apache::params::modsec_default_rules,
+ $modsec_dir = $apache::params::modsec_dir,
+ $modsec_secruleengine = $apache::params::modsec_secruleengine,
$audit_log_relevant_status = '^(?:5|4(?!04))',
- $audit_log_parts = $::apache::params::modsec_audit_log_parts,
- $audit_log_type = $::apache::params::modsec_audit_log_type,
+ $audit_log_parts = $apache::params::modsec_audit_log_parts,
+ $audit_log_type = $apache::params::modsec_audit_log_type,
$audit_log_storage_dir = undef,
- $secpcrematchlimit = $::apache::params::secpcrematchlimit,
- $secpcrematchlimitrecursion = $::apache::params::secpcrematchlimitrecursion,
+ $secpcrematchlimit = $apache::params::secpcrematchlimit,
+ $secpcrematchlimitrecursion = $apache::params::secpcrematchlimitrecursion,
$allowed_methods = 'GET HEAD POST OPTIONS',
$content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf',
$restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/',
$restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/',
$secdefaultaction = 'deny',
$anomaly_score_blocking = 'off',
$inbound_anomaly_threshold = '5',
$outbound_anomaly_threshold = '4',
$critical_anomaly_score = '5',
$error_anomaly_score = '4',
$warning_anomaly_score = '3',
$notice_anomaly_score = '2',
$secrequestmaxnumargs = '255',
$secrequestbodylimit = '13107200',
$secrequestbodynofileslimit = '131072',
$secrequestbodyinmemorylimit = '131072',
$manage_security_crs = true,
) inherits ::apache::params {
- include ::apache
+ include apache
$_secdefaultaction = $secdefaultaction ? {
/log/ => $secdefaultaction, # it has log or nolog,auditlog or log,noauditlog
default => "${secdefaultaction},log",
}
if $::osfamily == 'FreeBSD' {
fail('FreeBSD is not currently supported')
}
- if ($::osfamily == 'Suse' and $::operatingsystemrelease < '11') {
+ if ($::osfamily == 'Suse' and versioncmp($::operatingsystemrelease, '11') < 0) {
fail('SLES 10 is not currently supported.')
}
case $version {
1: {
$mod_name = 'security'
$mod_conf_name = 'security.conf'
}
2: {
$mod_name = 'security2'
$mod_conf_name = 'security2.conf'
}
default: {
fail('Unsuported version for mod security')
}
}
::apache::mod { $mod_name:
id => 'security2_module',
lib => 'mod_security2.so',
}
-
::apache::mod { 'unique_id_module':
id => 'unique_id_module',
lib => 'mod_unique_id.so',
}
- if $crs_package {
+ if $crs_package {
package { $crs_package:
ensure => 'installed',
before => [
- File[$::apache::confd_dir],
+ File[$apache::confd_dir],
File[$modsec_dir],
],
}
}
# Template uses:
# - logroot
# - $modsec_dir
# - $audit_log_parts
# - $audit_log_type
# - $audit_log_storage_dir
# - secpcrematchlimit
# - secpcrematchlimitrecursion
# - secrequestbodylimit
# - secrequestbodynofileslimit
# - secrequestbodyinmemorylimit
file { 'security.conf':
ensure => file,
content => template('apache/mod/security.conf.erb'),
- mode => $::apache::file_mode,
- path => "${::apache::mod_dir}/${mod_conf_name}",
- owner => $::apache::params::user,
- group => $::apache::params::group,
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ mode => $apache::file_mode,
+ path => "${apache::mod_dir}/${mod_conf_name}",
+ owner => $apache::params::user,
+ group => $apache::params::group,
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
file { $modsec_dir:
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
purge => true,
force => true,
recurse => true,
require => Package['httpd'],
}
file { "${modsec_dir}/activated_rules":
ensure => directory,
- owner => $::apache::params::user,
- group => $::apache::params::group,
+ owner => $apache::params::user,
+ group => $apache::params::group,
mode => '0555',
purge => true,
force => true,
recurse => true,
notify => Class['apache::service'],
}
if $manage_security_crs {
# Template uses:
# - $_secdefaultaction
# - $critical_anomaly_score
# - $error_anomaly_score
# - $warning_anomaly_score
# - $notice_anomaly_score
# - $inbound_anomaly_threshold
# - $outbound_anomaly_threshold
# - $anomaly_score_blocking
# - $allowed_methods
# - $content_types
# - $restricted_extensions
# - $restricted_headers
# - $secrequestmaxnumargs
file { "${modsec_dir}/security_crs.conf":
ensure => file,
content => template('apache/mod/security_crs.conf.erb'),
require => File[$modsec_dir],
notify => Class['apache::service'],
}
# Debian 9 has a different rule setup
unless $::operatingsystem == 'SLES' or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) {
apache::security::rule_link { $activated_rules: }
}
}
}
diff --git a/manifests/mod/setenvif.pp b/manifests/mod/setenvif.pp
index 6e07a32c..6b3586a7 100644
--- a/manifests/mod/setenvif.pp
+++ b/manifests/mod/setenvif.pp
@@ -1,19 +1,19 @@
# @summary
# Installs `mod_setenvif`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_setenvif.html for additional documentation.
#
class apache::mod::setenvif {
- include ::apache
+ include apache
::apache::mod { 'setenvif': }
# Template uses no variables
file { 'setenvif.conf':
ensure => file,
- path => "${::apache::mod_dir}/setenvif.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/setenvif.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/setenvif.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/shib.pp b/manifests/mod/shib.pp
index 8d177f66..85946a10 100644
--- a/manifests/mod/shib.pp
+++ b/manifests/mod/shib.pp
@@ -1,45 +1,45 @@
# @summary
# Installs and configures `mod_shib`.
#
# @param suppress_warning
# Toggles whether to trigger warning on RedHat nodes.
#
# @param mod_full_path
# Specifies a path to the module. Do not manually set this parameter without a special reason.
#
# @param package_name
# Name of the Shibboleth package to be installed.
#
# @param mod_lib
# Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter
# overrides this value.
#
# This class installs and configures only the Apache components of a web application that consumes Shibboleth SSO identities. You
# can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth).
#
# @note
# The Shibboleth module isn't available on RH/CentOS without providing dependency packages provided by Shibboleth's repositories.
# See the [Shibboleth Service Provider Installation Guide](http://wiki.aaf.edu.au/tech-info/sp-install-guide).
#
# @see https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig for additional documentation.
# @note Unsupported platforms: RedHat: all; CentOS: all; Scientific: all; SLES: all; Debian: 7, 8; Ubuntu: all; OracleLinux: all
class apache::mod::shib (
$suppress_warning = false,
$mod_full_path = undef,
$package_name = undef,
$mod_lib = undef,
) {
- include ::apache
+ include apache
if $::osfamily == 'RedHat' and ! $suppress_warning {
warning('RedHat distributions do not have Apache mod_shib in their default package repositories.')
}
$mod_shib = 'shib2'
- apache::mod {$mod_shib:
+ apache::mod { $mod_shib:
id => 'mod_shib',
path => $mod_full_path,
package => $package_name,
lib => $mod_lib,
}
}
diff --git a/manifests/mod/socache_shmcb.pp b/manifests/mod/socache_shmcb.pp
index e5b463ff..e9be75dc 100644
--- a/manifests/mod/socache_shmcb.pp
+++ b/manifests/mod/socache_shmcb.pp
@@ -1,8 +1,8 @@
# @summary
# Installs `mod_socache_shmcb`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_socache_shmcb.html for additional documentation.
#
class apache::mod::socache_shmcb {
- ::apache::mod { 'socache_shmcb': }
+ ::apache::mod { 'socache_shmcb': }
}
diff --git a/manifests/mod/speling.pp b/manifests/mod/speling.pp
index dfd7433c..538e8ffa 100644
--- a/manifests/mod/speling.pp
+++ b/manifests/mod/speling.pp
@@ -1,9 +1,9 @@
# @summary
# Installs `mod_spelling`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_speling.html for additional documentation.
#
class apache::mod::speling {
- include ::apache
+ include apache
::apache::mod { 'speling': }
}
diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp
index ccfc74ea..1d4026a5 100644
--- a/manifests/mod/ssl.pp
+++ b/manifests/mod/ssl.pp
@@ -1,206 +1,205 @@
# @summary
# Installs `mod_ssl`.
#
# @param ssl_compression
# Enable compression on the SSL level.
#
# @param ssl_cryptodevice
# Enable use of a cryptographic hardware accelerator.
#
# @param ssl_options
# Configure various SSL engine run-time options.
#
# @param ssl_openssl_conf_cmd
# Configure OpenSSL parameters through its SSL_CONF API.
#
# @param ssl_cert
# Path to server PEM-encoded X.509 certificate data file.
#
# @param ssl_key
# Path to server PEM-encoded private key file
#
# @param ssl_ca
# File of concatenated PEM-encoded CA Certificates for Client Auth.
#
# @param ssl_cipher
# Cipher Suite available for negotiation in SSL handshake.
#
# @param ssl_honorcipherorder
# Option to prefer the server's cipher preference order.
#
# @param ssl_protocol
# Configure usable SSL/TLS protocol versions.
# Default based on the OS:
# - RedHat 8: [ 'all' ].
# - Other Platforms: [ 'all', '-SSLv2', '-SSLv3' ].
#
# @param ssl_proxy_protocol
# Configure usable SSL protocol flavors for proxy usage.
#
# @param ssl_pass_phrase_dialog
# Type of pass phrase dialog for encrypted private keys.
#
# @param ssl_random_seed_bytes
# Pseudo Random Number Generator (PRNG) seeding source.
#
# @param ssl_sessioncache
# Configures the storage type of the global/inter-process SSL Session Cache
#
# @param ssl_sessioncachetimeout
# Number of seconds before an SSL session expires in the Session Cache.
#
# @param ssl_stapling
# Enable stapling of OCSP responses in the TLS handshake.
#
# @param ssl_stapling_return_errors
# Pass stapling related OCSP errors on to client.
#
# @param ssl_mutex
# Configures mutex mechanism and lock file directory for all or specified mutexes.
# Default based on the OS and/or Apache version:
# - RedHat/FreeBSD/Suse/Gentoo: 'default'.
# - Debian/Ubuntu + Apache >= 2.4: 'default'.
# - Debian/Ubuntu + Apache < 2.4: 'file:${APACHE_RUN_DIR}/ssl_mutex'.
# - Ubuntu 10.04: 'file:/var/run/apache2/ssl_mutex'.
#
# @param apache_version
# Used to verify that the Apache version you have requested is compatible with the module.
#
# @param package_name
# Name of ssl package to install.
#
# On most operating systems, the ssl.conf is placed in the module configuration directory. On Red Hat based operating systems, this
# file is placed in /etc/httpd/conf.d, the same location in which the RPM stores the configuration.
#
# To use SSL with a virtual host, you must either set the default_ssl_vhost parameter in ::apache to true or the ssl parameter in
# apache::vhost to true.
#
# @see https://httpd.apache.org/docs/current/mod/mod_ssl.html for additional documentation.
#
class apache::mod::ssl (
Boolean $ssl_compression = false,
Optional[Boolean] $ssl_sessiontickets = undef,
$ssl_cryptodevice = 'builtin',
- $ssl_options = [ 'StdEnvVars' ],
+ $ssl_options = ['StdEnvVars'],
$ssl_openssl_conf_cmd = undef,
Optional[String] $ssl_cert = undef,
Optional[String] $ssl_key = undef,
$ssl_ca = undef,
$ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES',
Variant[Boolean, Enum['on', 'off']] $ssl_honorcipherorder = true,
- $ssl_protocol = $::apache::params::ssl_protocol,
+ $ssl_protocol = $apache::params::ssl_protocol,
Array $ssl_proxy_protocol = [],
$ssl_pass_phrase_dialog = 'builtin',
$ssl_random_seed_bytes = '512',
- String $ssl_sessioncache = $::apache::params::ssl_sessioncache,
+ String $ssl_sessioncache = $apache::params::ssl_sessioncache,
$ssl_sessioncachetimeout = '300',
Boolean $ssl_stapling = false,
Optional[String] $stapling_cache = undef,
Optional[Boolean] $ssl_stapling_return_errors = undef,
$ssl_mutex = undef,
$apache_version = undef,
$package_name = undef,
) inherits ::apache::params {
-
- include ::apache
- include ::apache::mod::mime
+ include apache
+ include apache::mod::mime
$_apache_version = pick($apache_version, $apache::apache_version)
if $ssl_mutex {
$_ssl_mutex = $ssl_mutex
} else {
case $::osfamily {
'debian': {
if versioncmp($_apache_version, '2.4') >= 0 {
$_ssl_mutex = 'default'
} elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' {
$_ssl_mutex = 'file:/var/run/apache2/ssl_mutex'
} else {
$_ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex"
}
}
'redhat': {
$_ssl_mutex = 'default'
}
'freebsd': {
$_ssl_mutex = 'default'
}
'gentoo': {
$_ssl_mutex = 'default'
}
'Suse': {
$_ssl_mutex = 'default'
}
default: {
fail("Unsupported osfamily ${::osfamily}, please explicitly pass in \$ssl_mutex")
}
}
}
if $ssl_honorcipherorder =~ Boolean {
$_ssl_honorcipherorder = $ssl_honorcipherorder
} else {
$_ssl_honorcipherorder = $ssl_honorcipherorder ? {
'on' => true,
'off' => false,
default => true,
}
}
if $stapling_cache =~ Undef {
$_stapling_cache = $::osfamily ? {
'debian' => "\${APACHE_RUN_DIR}/ocsp(32768)",
'redhat' => '/run/httpd/ssl_stapling(32768)',
'freebsd' => '/var/run/ssl_stapling(32768)',
'gentoo' => '/var/run/ssl_stapling(32768)',
'Suse' => '/var/lib/apache2/ssl_stapling(32768)',
}
} else {
$_stapling_cache = $stapling_cache
}
if $::osfamily == 'Suse' {
- if defined(Class['::apache::mod::worker']){
+ if defined(Class['::apache::mod::worker']) {
$suse_path = '/usr/lib64/apache2-worker'
} else {
$suse_path = '/usr/lib64/apache2-prefork'
}
::apache::mod { 'ssl':
package => $package_name,
lib_path => $suse_path,
}
} else {
::apache::mod { 'ssl':
package => $package_name,
}
}
if versioncmp($_apache_version, '2.4') >= 0 {
- include ::apache::mod::socache_shmcb
+ include apache::mod::socache_shmcb
}
# Template uses
#
# $ssl_compression
# $ssl_sessiontickets
# $ssl_cryptodevice
# $ssl_ca
# $ssl_cipher
# $ssl_honorcipherorder
# $ssl_options
# $ssl_openssl_conf_cmd
# $ssl_sessioncache
# $_stapling_cache
# $ssl_mutex
# $ssl_random_seed_bytes
# $ssl_sessioncachetimeout
# $_apache_version
file { 'ssl.conf':
ensure => file,
- path => $::apache::_ssl_file,
- mode => $::apache::file_mode,
+ path => $apache::_ssl_file,
+ mode => $apache::file_mode,
content => template('apache/mod/ssl.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp
index 0eedf64e..ddd96904 100644
--- a/manifests/mod/status.pp
+++ b/manifests/mod/status.pp
@@ -1,67 +1,66 @@
# @summary
# Installs and configures `mod_status`.
#
# @param allow_from
# Array of hosts, ip addresses, partial network numbers or networks, in CIDR notation specifying what hosts can view the special
# /server-status URL. Defaults to ['127.0.0.1', '::1'].
# > Creates Apache < 2.4 directive "Allow from".
#
# @param requires
# A Variant type that can be:
# - String with:
# - '' or 'unmanaged' - Host auth control done elsewhere
# - 'ip ' - Allowed IPs/ranges
# - 'host ' - Allowed names/domains
# - 'all [granted|denied]'
# - Array of strings with ip or host as above
# - Hash with following keys:
# - 'requires' - Value => Array as above
# - 'enforce' - Value => String 'Any', 'All' or 'None'
# This encloses "Require" directives in "" block
# Optional - If unspecified, "Require" directives follow current flow
# > Creates Apache >= 2.4 directives "Require"
#
# @param extended_status
# Determines whether to track extended status information for each request, via the ExtendedStatus directive.
#
# @param status_path
# Path assigned to the Location directive which defines the URL to access the server status.
#
# @param apache_version
# Used to verify that the Apache version you have requested is compatible with the module.
#
# @example
# # Simple usage allowing access from localhost and a private subnet
# class { 'apache::mod::status':
# $allow_from => ['127.0.0.1', '10.10.10.10/24'],
# }
#
# @see http://httpd.apache.org/docs/current/mod/mod_status.html for additional documentation.
#
class apache::mod::status (
Optional[Array] $allow_from = undef,
Optional[Variant[String, Array, Hash]] $requires = undef,
Enum['On', 'Off', 'on', 'off'] $extended_status = 'On',
$apache_version = undef,
$status_path = '/server-status',
) inherits ::apache::params {
-
- include ::apache
+ include apache
$_apache_version = pick($apache_version, $apache::apache_version)
::apache::mod { 'status': }
# Defaults for "Allow from" or "Require" directives
$allow_defaults = ['127.0.0.1','::1']
$requires_defaults = 'ip 127.0.0.1 ::1'
# Template uses $allow_from, $extended_status, $_apache_version, $status_path
file { 'status.conf':
ensure => file,
- path => "${::apache::mod_dir}/status.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/status.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/status.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/suphp.pp b/manifests/mod/suphp.pp
index 1b998d9f..3a16a76a 100644
--- a/manifests/mod/suphp.pp
+++ b/manifests/mod/suphp.pp
@@ -1,25 +1,24 @@
# @summary
# Installs `mod_suphp`.
#
# @see https://www.suphp.org/DocumentationView.html?file=apache/INSTALL for additional documentation.
#
class apache::mod::suphp (
-){
+) {
if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '15.10') >= 0) or
- ($facts['os']['name'] == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) {
+ ($facts['os']['name'] == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) {
fail("suphp was declared EOL by it's creators as of 2013 and so is no longer supported on Ubuntu 15.10/Debian 8 and above. Please use php-fpm")
}
- include ::apache
+ include apache
::apache::mod { 'suphp': }
- file {'suphp.conf':
+ file { 'suphp.conf':
ensure => file,
- path => "${::apache::mod_dir}/suphp.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/suphp.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/suphp.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
-
diff --git a/manifests/mod/userdir.pp b/manifests/mod/userdir.pp
index d564e07f..4cab25be 100644
--- a/manifests/mod/userdir.pp
+++ b/manifests/mod/userdir.pp
@@ -1,74 +1,74 @@
# @summary
# Installs and configures `mod_userdir`.
#
# @param home
# *Deprecated* Path to system home directory.
#
# @param dir
# *Deprecated* Path from user's home directory to public directory.
#
# @param disable_root
# Toggles whether to allow use of root directory.
#
# @param apache_version
# Used to verify that the Apache version you have requested is compatible with the module.
#
# @param path
# Path to directory or pattern from which to find user-specific directories.
#
# @param overrides
# Array of directives that are allowed in .htaccess files.
#
# @param options
# Configures what features are available in a particular directory.
#
# @param unmanaged_path
# Toggles whether to manage path in userdir.conf
#
# @param custom_fragment
# Custom configuration to be added to userdir.conf
#
# @see https://httpd.apache.org/docs/current/mod/mod_userdir.html for additional documentation.
#
class apache::mod::userdir (
$home = undef,
$dir = undef,
$disable_root = true,
$apache_version = undef,
$path = '/home/*/public_html',
- $overrides = [ 'FileInfo', 'AuthConfig', 'Limit', 'Indexes' ],
- $options = [ 'MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec' ],
+ $overrides = ['FileInfo', 'AuthConfig', 'Limit', 'Indexes'],
+ $options = ['MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec'],
$unmanaged_path = false,
$custom_fragment = undef,
) {
- include ::apache
+ include apache
$_apache_version = pick($apache_version, $apache::apache_version)
if $home or $dir {
$_home = $home ? {
undef => '/home',
- default => $home,
+ default => $home,
}
$_dir = $dir ? {
undef => 'public_html',
- default => $dir,
+ default => $dir,
}
warning('home and dir are deprecated; use path instead')
$_path = "${_home}/*/${_dir}"
} else {
$_path = $path
}
::apache::mod { 'userdir': }
# Template uses $home, $dir, $disable_root, $_apache_version
file { 'userdir.conf':
ensure => file,
- path => "${::apache::mod_dir}/userdir.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/userdir.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/userdir.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
diff --git a/manifests/mod/version.pp b/manifests/mod/version.pp
index a3a658c4..7dd89adc 100644
--- a/manifests/mod/version.pp
+++ b/manifests/mod/version.pp
@@ -1,18 +1,17 @@
# @summary
# Installs `mod_version`.
#
# @param apache_version
# Used to verify that the Apache version you have requested is compatible with the module.
#
# @see https://httpd.apache.org/docs/current/mod/mod_version.html for additional documentation.
#
-class apache::mod::version(
- $apache_version = $::apache::apache_version
+class apache::mod::version (
+ $apache_version = $apache::apache_version
) {
-
if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) {
warning("${module_name}: module version_module is built-in and can't be loaded")
} else {
::apache::mod { 'version': }
}
}
diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp
index 695c4907..d6b57b89 100644
--- a/manifests/mod/worker.pp
+++ b/manifests/mod/worker.pp
@@ -1,137 +1,136 @@
# @summary
# Installs and manages the MPM `worker`.
#
# @param startservers
# The number of child server processes created on startup
#
# @param maxclients
# The max number of simultaneous requests that will be served.
# This is the old name and is still supported. The new name is
# MaxRequestWorkers as of 2.3.13.
#
# @param minsparethreads
# Minimum number of idle threads to handle request spikes.
#
# @param maxsparethreads
# Maximum number of idle threads.
#
# @param threadsperchild
# The number of threads created by each child process.
#
# @param maxrequestsperchild
# Limit on the number of connectiojns an individual child server
# process will handle. This is the old name and is still supported. The new
# name is MaxConnectionsPerChild as of 2.3.9+.
#
# @param serverlimit
# With worker, use this directive only if your MaxRequestWorkers
# and ThreadsPerChild settings require more than 16 server processes
# (default). Do not set the value of this directive any higher than the
# number of server processes required by what you may want for
# MaxRequestWorkers and ThreadsPerChild.
#
# @param threadlimit
# This directive sets the maximum configured value for
# ThreadsPerChild for the lifetime of the Apache httpd process.
#
# @param listenbacklog
# Maximum length of the queue of pending connections.
#
# @param apache_version
# Used to verify that the Apache version you have requested is compatible with the module.
#
# @see https://httpd.apache.org/docs/current/mod/worker.html for additional documentation.
#
class apache::mod::worker (
$startservers = '2',
$maxclients = '150',
$minsparethreads = '25',
$maxsparethreads = '75',
$threadsperchild = '25',
$maxrequestsperchild = '0',
$serverlimit = '25',
$threadlimit = '64',
$listenbacklog = '511',
$apache_version = undef,
) {
- include ::apache
+ include apache
$_apache_version = pick($apache_version, $apache::apache_version)
if defined(Class['apache::mod::event']) {
fail('May not include both apache::mod::worker and apache::mod::event on the same node')
}
if defined(Class['apache::mod::itk']) {
fail('May not include both apache::mod::worker and apache::mod::itk on the same node')
}
if defined(Class['apache::mod::peruser']) {
fail('May not include both apache::mod::worker and apache::mod::peruser on the same node')
}
if defined(Class['apache::mod::prefork']) {
fail('May not include both apache::mod::worker and apache::mod::prefork on the same node')
}
File {
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
}
# Template uses:
# - $startservers
# - $maxclients
# - $minsparethreads
# - $maxsparethreads
# - $threadsperchild
# - $maxrequestsperchild
# - $serverlimit
# - $threadLimit
# - $listenbacklog
- file { "${::apache::mod_dir}/worker.conf":
+ file { "${apache::mod_dir}/worker.conf":
ensure => file,
content => template('apache/mod/worker.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
case $::osfamily {
'redhat': {
-
if versioncmp($_apache_version, '2.4') >= 0 {
- ::apache::mpm{ 'worker':
+ ::apache::mpm { 'worker':
apache_version => $_apache_version,
}
}
else {
file_line { '/etc/sysconfig/httpd worker enable':
ensure => present,
path => '/etc/sysconfig/httpd',
line => 'HTTPD=/usr/sbin/httpd.worker',
match => '#?HTTPD=/usr/sbin/httpd.worker',
require => Package['httpd'],
notify => Class['apache::service'],
}
}
}
'debian', 'freebsd': {
- ::apache::mpm{ 'worker':
+ ::apache::mpm { 'worker':
apache_version => $_apache_version,
}
}
'Suse': {
::apache::mpm { 'worker':
apache_version => $apache_version,
lib_path => '/usr/lib64/apache2-worker',
}
}
'gentoo': {
::portage::makeconf { 'apache2_mpms':
content => 'worker',
}
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
}
diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp
index b6d5a999..0d326a4d 100644
--- a/manifests/mod/wsgi.pp
+++ b/manifests/mod/wsgi.pp
@@ -1,75 +1,74 @@
# @summary
# Installs and configures `mod_wsgi`.
#
# @param wsgi_restrict_embedded
# Enable restrictions on use of embedded mode.
#
# @param wsgi_socket_prefix
# Configure directory to use for daemon sockets.
#
# @param wsgi_python_path
# Additional directories to search for Python modules.
#
# @param wsgi_python_home
# Absolute path to Python prefix/exec_prefix directories.
#
# @param wsgi_python_optimize
# Enables basic Python optimisation features.
#
# @param wsgi_application_group
# Sets which application group WSGI application belongs to.
#
# @param package_name
# Names of package that installs mod_wsgi.
#
# @param mod_path
# Defines the path to the mod_wsgi shared object (.so) file.
#
# @see https://github.com/GrahamDumpleton/mod_wsgi for additional documentation.
# @note Unsupported platforms: SLES: all; RedHat: all; CentOS: all; OracleLinux: all; Scientific: all
class apache::mod::wsgi (
$wsgi_restrict_embedded = undef,
- $wsgi_socket_prefix = $::apache::params::wsgi_socket_prefix,
+ $wsgi_socket_prefix = $apache::params::wsgi_socket_prefix,
$wsgi_python_path = undef,
$wsgi_python_home = undef,
$wsgi_python_optimize = undef,
$wsgi_application_group = undef,
$package_name = undef,
$mod_path = undef,
) inherits ::apache::params {
- include ::apache
+ include apache
if ($package_name != undef and $mod_path == undef) or ($package_name == undef and $mod_path != undef) {
fail('apache::mod::wsgi - both package_name and mod_path must be specified!')
}
if $package_name != undef {
if $mod_path =~ /\// {
$_mod_path = $mod_path
} else {
- $_mod_path = "${::apache::lib_path}/${mod_path}"
+ $_mod_path = "${apache::lib_path}/${mod_path}"
}
::apache::mod { 'wsgi':
package => $package_name,
path => $_mod_path,
}
}
else {
::apache::mod { 'wsgi': }
}
# Template uses:
# - $wsgi_restrict_embedded
# - $wsgi_socket_prefix
# - $wsgi_python_path
# - $wsgi_python_home
- file {'wsgi.conf':
+ file { 'wsgi.conf':
ensure => file,
- path => "${::apache::mod_dir}/wsgi.conf",
- mode => $::apache::file_mode,
+ path => "${apache::mod_dir}/wsgi.conf",
+ mode => $apache::file_mode,
content => template('apache/mod/wsgi.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
notify => Class['apache::service'],
}
}
-
diff --git a/manifests/mod/xsendfile.pp b/manifests/mod/xsendfile.pp
index 7d34ca72..95548846 100644
--- a/manifests/mod/xsendfile.pp
+++ b/manifests/mod/xsendfile.pp
@@ -1,9 +1,9 @@
# @summary
# Installs `mod_xsendfile`.
#
# @see https://tn123.org/mod_xsendfile/ for additional documentation.
#
class apache::mod::xsendfile {
- include ::apache::params
+ include apache::params
::apache::mod { 'xsendfile': }
}
diff --git a/manifests/mpm.pp b/manifests/mpm.pp
index f77bf89d..644d0e1f 100644
--- a/manifests/mpm.pp
+++ b/manifests/mpm.pp
@@ -1,164 +1,162 @@
# @summary Enables the use of Apache MPMs.
#
# @api private
define apache::mpm (
- $lib_path = $::apache::lib_path,
- $apache_version = $::apache::apache_version,
+ $lib_path = $apache::lib_path,
+ $apache_version = $apache::apache_version,
) {
if ! defined(Class['apache']) {
fail('You must include the apache base class before using any apache defined resources')
}
$mpm = $name
- $mod_dir = $::apache::mod_dir
+ $mod_dir = $apache::mod_dir
$_lib = "mod_mpm_${mpm}.so"
$_path = "${lib_path}/${_lib}"
$_id = "mpm_${mpm}_module"
if $::osfamily == 'Suse' {
#mpms on Suse 12 don't use .so libraries so create a placeholder load file
if versioncmp($apache_version, '2.4') >= 0 {
file { "${mod_dir}/${mpm}.load":
ensure => file,
path => "${mod_dir}/${mpm}.load",
content => '',
require => [
Package['httpd'],
Exec["mkdir ${mod_dir}"],
],
before => File[$mod_dir],
notify => Class['apache::service'],
}
}
} else {
- if versioncmp($apache_version, '2.4') >= 0 {
- file { "${mod_dir}/${mpm}.load":
- ensure => file,
- path => "${mod_dir}/${mpm}.load",
- content => "LoadModule ${_id} ${_path}\n",
- require => [
- Package['httpd'],
- Exec["mkdir ${mod_dir}"],
- ],
- before => File[$mod_dir],
- notify => Class['apache::service'],
- }
+ if versioncmp($apache_version, '2.4') >= 0 {
+ file { "${mod_dir}/${mpm}.load":
+ ensure => file,
+ path => "${mod_dir}/${mpm}.load",
+ content => "LoadModule ${_id} ${_path}\n",
+ require => [
+ Package['httpd'],
+ Exec["mkdir ${mod_dir}"],
+ ],
+ before => File[$mod_dir],
+ notify => Class['apache::service'],
}
}
+ }
case $::osfamily {
'debian': {
- file { "${::apache::mod_enable_dir}/${mpm}.conf":
+ file { "${apache::mod_enable_dir}/${mpm}.conf":
ensure => link,
- target => "${::apache::mod_dir}/${mpm}.conf",
- require => Exec["mkdir ${::apache::mod_enable_dir}"],
- before => File[$::apache::mod_enable_dir],
+ target => "${apache::mod_dir}/${mpm}.conf",
+ require => Exec["mkdir ${apache::mod_enable_dir}"],
+ before => File[$apache::mod_enable_dir],
notify => Class['apache::service'],
}
if versioncmp($apache_version, '2.4') >= 0 {
- file { "${::apache::mod_enable_dir}/${mpm}.load":
+ file { "${apache::mod_enable_dir}/${mpm}.load":
ensure => link,
- target => "${::apache::mod_dir}/${mpm}.load",
- require => Exec["mkdir ${::apache::mod_enable_dir}"],
- before => File[$::apache::mod_enable_dir],
+ target => "${apache::mod_dir}/${mpm}.load",
+ require => Exec["mkdir ${apache::mod_enable_dir}"],
+ before => File[$apache::mod_enable_dir],
notify => Class['apache::service'],
}
if $mpm == 'itk' {
file { "${lib_path}/mod_mpm_itk.so":
ensure => link,
target => "${lib_path}/mpm_itk.so",
require => Package['httpd'],
before => Class['apache::service'],
}
}
} else {
package { "apache2-mpm-${mpm}":
ensure => present,
before => [
Class['apache::service'],
- File[$::apache::mod_enable_dir],
+ File[$apache::mod_enable_dir],
],
}
}
-
if $mpm == 'itk' {
if ( ( $::operatingsystem == 'Ubuntu' ) or ( ($::operatingsystem == 'Debian') and ( versioncmp($::operatingsystemrelease, '8.0.0') >= 0 ) ) ) {
include apache::mpm::disable_mpm_event
include apache::mpm::disable_mpm_worker
}
package { 'libapache2-mpm-itk':
ensure => present,
before => [
Class['apache::service'],
- File[$::apache::mod_enable_dir],
+ File[$apache::mod_enable_dir],
],
}
}
if $mpm == 'prefork' {
if ( ( $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease,'18.04') >= 0 ) or ( $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8.0.0') >= 0 ) ) {
include apache::mpm::disable_mpm_event
include apache::mpm::disable_mpm_worker
}
}
if $mpm == 'worker' {
if ( ( $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease,'18.04') >= 0 ) or ( $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8.0.0') >= 0 ) ) {
include apache::mpm::disable_mpm_event
include apache::mpm::disable_mpm_prefork
}
}
-
}
'freebsd': {
- class { '::apache::package':
+ class { 'apache::package':
mpm_module => $mpm,
}
}
'gentoo': {
# so we don't fail
}
'redhat': {
# so we don't fail
}
'Suse': {
- file { "${::apache::mod_enable_dir}/${mpm}.conf":
+ file { "${apache::mod_enable_dir}/${mpm}.conf":
ensure => link,
- target => "${::apache::mod_dir}/${mpm}.conf",
- require => Exec["mkdir ${::apache::mod_enable_dir}"],
- before => File[$::apache::mod_enable_dir],
+ target => "${apache::mod_dir}/${mpm}.conf",
+ require => Exec["mkdir ${apache::mod_enable_dir}"],
+ before => File[$apache::mod_enable_dir],
notify => Class['apache::service'],
}
if versioncmp($apache_version, '2.4') >= 0 {
- file { "${::apache::mod_enable_dir}/${mpm}.load":
+ file { "${apache::mod_enable_dir}/${mpm}.load":
ensure => link,
- target => "${::apache::mod_dir}/${mpm}.load",
- require => Exec["mkdir ${::apache::mod_enable_dir}"],
- before => File[$::apache::mod_enable_dir],
+ target => "${apache::mod_dir}/${mpm}.load",
+ require => Exec["mkdir ${apache::mod_enable_dir}"],
+ before => File[$apache::mod_enable_dir],
notify => Class['apache::service'],
}
if $mpm == 'itk' {
file { "${lib_path}/mod_mpm_itk.so":
ensure => link,
target => "${lib_path}/mpm_itk.so",
}
}
}
package { "apache2-${mpm}":
ensure => present,
}
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
}
diff --git a/manifests/mpm/disable_mpm_event.pp b/manifests/mpm/disable_mpm_event.pp
index bb2acd23..8c47576a 100644
--- a/manifests/mpm/disable_mpm_event.pp
+++ b/manifests/mpm/disable_mpm_event.pp
@@ -1,20 +1,19 @@
class apache::mpm::disable_mpm_event {
exec { '/usr/sbin/a2dismod event':
onlyif => "/usr/bin/test -e ${apache::mod_enable_dir}/event.load",
require => Package['httpd'],
before => Class['apache::service'],
}
exec { 'remove distribution event load file':
command => "/bin/rm ${apache::mod_enable_dir}/mpm_event.load",
onlyif => "/usr/bin/test -e ${apache::mod_enable_dir}/mpm_event.load",
require => Package['httpd'],
before => Class['apache::service'],
}
exec { 'remove distribution event conf file':
command => "/bin/rm ${apache::mod_enable_dir}/mpm_event.conf",
onlyif => "/usr/bin/test -e ${apache::mod_enable_dir}/mpm_event.conf",
require => Package['httpd'],
before => Class['apache::service'],
}
-
}
diff --git a/manifests/mpm/disable_mpm_prefork.pp b/manifests/mpm/disable_mpm_prefork.pp
index d7ff8aad..ea67edbd 100644
--- a/manifests/mpm/disable_mpm_prefork.pp
+++ b/manifests/mpm/disable_mpm_prefork.pp
@@ -1,8 +1,7 @@
class apache::mpm::disable_mpm_prefork {
exec { '/usr/sbin/a2dismod prefork':
onlyif => "/usr/bin/test -e ${apache::mod_enable_dir}/prefork.load",
require => Package['httpd'],
before => Class['apache::service'],
}
-
}
diff --git a/manifests/mpm/disable_mpm_worker.pp b/manifests/mpm/disable_mpm_worker.pp
index 414e7f58..4156d843 100644
--- a/manifests/mpm/disable_mpm_worker.pp
+++ b/manifests/mpm/disable_mpm_worker.pp
@@ -1,8 +1,7 @@
class apache::mpm::disable_mpm_worker {
exec { '/usr/sbin/a2dismod worker':
onlyif => "/usr/bin/test -e ${apache::mod_enable_dir}/worker.load",
require => Package['httpd'],
before => Class['apache::service'],
}
-
}
diff --git a/manifests/namevirtualhost.pp b/manifests/namevirtualhost.pp
index 9701a1ac..246df53d 100644
--- a/manifests/namevirtualhost.pp
+++ b/manifests/namevirtualhost.pp
@@ -1,15 +1,15 @@
# @summary
# Enables name-based virtual hosts
#
# Adds all related directives to the `ports.conf` file in the Apache HTTPD configuration
# directory. Titles can take the forms `\*`, `\*:\`, `\_default\_:\`,
# `\`, or `\:\`.
define apache::namevirtualhost {
$addr_port = $name
# Template uses: $addr_port
concat::fragment { "NameVirtualHost ${addr_port}":
- target => $::apache::ports_file,
+ target => $apache::ports_file,
content => template('apache/namevirtualhost.erb'),
}
}
diff --git a/manifests/package.pp b/manifests/package.pp
index 46bd98d2..684995ea 100644
--- a/manifests/package.pp
+++ b/manifests/package.pp
@@ -1,41 +1,40 @@
# @summary
# Installs an Apache MPM.
#
# @api private
class apache::package (
$ensure = 'present',
- $mpm_module = $::apache::params::mpm_module,
+ $mpm_module = $apache::params::mpm_module,
) inherits ::apache::params {
-
# The base class must be included first because it is used by parameter defaults
if ! defined(Class['apache']) {
fail('You must include the apache base class before using any apache defined resources')
}
case $::osfamily {
'FreeBSD': {
case $mpm_module {
'prefork': {
}
'worker': {
}
'event': {
}
'itk': {
package { 'www/mod_mpm_itk':
ensure => installed,
}
}
default: { fail("MPM module ${mpm_module} not supported on FreeBSD") }
}
}
default: {
}
}
package { 'httpd':
ensure => $ensure,
- name => $::apache::apache_name,
+ name => $apache::apache_name,
notify => Class['Apache::Service'],
}
}
diff --git a/manifests/params.pp b/manifests/params.pp
index 4aed7c04..a1ebd4bc 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -1,823 +1,822 @@
# @summary
# This class manages Apache parameters
#
# @api private
class apache::params inherits ::apache::version {
if($::fqdn) {
$servername = $::fqdn
} else {
$servername = $::hostname
}
# The default error log level
$log_level = 'warn'
$use_optional_includes = false
# Default mime types settings
$mime_types_additional = {
'AddHandler' => { 'type-map' => 'var', },
'AddType' => { 'text/html' => '.shtml', },
'AddOutputFilter' => { 'INCLUDES' => '.shtml', },
}
# should we use systemd module?
$use_systemd = true
# Default mode for files
$file_mode = '0644'
# The default value for host hame lookup
$hostname_lookups = 'Off'
# Default options for / directory
$root_directory_options = ['FollowSymLinks']
$vhost_include_pattern = '*'
$modsec_audit_log_parts = 'ABIJDEFHZ'
$modsec_audit_log_type = 'Serial'
# no client certs should be trusted for auth by default.
$ssl_certs_dir = undef
- if ($::apache::version::scl_httpd_version) {
- if $::apache::version::scl_php_version == undef {
+ if ($apache::version::scl_httpd_version) {
+ if $apache::version::scl_php_version == undef {
fail('If you define apache::version::scl_httpd_version, you also need to specify apache::version::scl_php_version')
}
- $_scl_httpd_version_nodot = regsubst($::apache::version::scl_httpd_version, '\.', '')
+ $_scl_httpd_version_nodot = regsubst($apache::version::scl_httpd_version, '\.', '')
$_scl_httpd_name = "httpd${_scl_httpd_version_nodot}"
- $_scl_php_version_no_dot = regsubst($::apache::version::scl_php_version, '\.', '')
+ $_scl_php_version_no_dot = regsubst($apache::version::scl_php_version, '\.', '')
$user = 'apache'
$group = 'apache'
$root_group = 'root'
$apache_name = "${_scl_httpd_name}-httpd"
$service_name = "${_scl_httpd_name}-httpd"
$httpd_root = "/opt/rh/${_scl_httpd_name}/root"
$httpd_dir = "${httpd_root}/etc/httpd"
$server_root = "${httpd_root}/etc/httpd"
$conf_dir = "${httpd_dir}/conf"
$confd_dir = "${httpd_dir}/conf.d"
- $mod_dir = $::apache::version::distrelease ? {
+ $mod_dir = $apache::version::distrelease ? {
'7' => "${httpd_dir}/conf.modules.d",
default => "${httpd_dir}/conf.d",
}
$mod_enable_dir = undef
$vhost_dir = "${httpd_dir}/conf.d"
$vhost_enable_dir = undef
$conf_file = 'httpd.conf'
$conf_enabled = undef
$ports_file = "${conf_dir}/ports.conf"
$pidfile = 'run/httpd.pid'
$logroot = "/var/log/${_scl_httpd_name}"
$logroot_mode = undef
$lib_path = 'modules'
$mpm_module = 'prefork'
$dev_packages = "${_scl_httpd_name}-httpd-devel"
$default_ssl_cert = '/etc/pki/tls/certs/localhost.crt'
$default_ssl_key = '/etc/pki/tls/private/localhost.key'
$ssl_sessioncache = '/var/cache/mod_ssl/scache(512000)'
$passenger_conf_file = 'passenger_extra.conf'
$passenger_conf_package_file = 'passenger.conf'
$passenger_root = undef
$passenger_ruby = undef
$passenger_default_ruby = undef
$suphp_addhandler = 'php5-script'
$suphp_engine = 'off'
$suphp_configpath = undef
- $php_version = $::apache::version::scl_php_version
+ $php_version = $apache::version::scl_php_version
$mod_packages = {
'authnz_ldap' => "${_scl_httpd_name}-mod_ldap",
'ldap' => "${_scl_httpd_name}-mod_ldap",
- "php${::apache::version::scl_php_version}" => "rh-php${_scl_php_version_no_dot}-php",
+ "php${apache::version::scl_php_version}" => "rh-php${_scl_php_version_no_dot}-php",
'ssl' => "${_scl_httpd_name}-mod_ssl",
}
$mod_libs = {
'nss' => 'libmodnss.so',
}
$conf_template = 'apache/httpd.conf.erb'
$http_protocol_options = undef
$keepalive = 'On'
$keepalive_timeout = 15
$max_keepalive_requests = 100
$fastcgi_lib_path = undef
$mime_support_package = 'mailcap'
$mime_types_config = '/etc/mime.types'
$docroot = "${httpd_root}/var/www/html"
- $alias_icons_path = $::apache::version::distrelease ? {
+ $alias_icons_path = $apache::version::distrelease ? {
'7' => "${httpd_root}/usr/share/httpd/icons",
default => '/var/www/icons',
}
- $error_documents_path = $::apache::version::distrelease ? {
+ $error_documents_path = $apache::version::distrelease ? {
'7' => "${httpd_root}/usr/share/httpd/error",
default => '/var/www/error'
}
if $::osfamily == 'RedHat' {
$wsgi_socket_prefix = '/var/run/wsgi'
} else {
$wsgi_socket_prefix = undef
}
$cas_cookie_path = '/var/cache/mod_auth_cas/'
$mellon_lock_file = '/run/mod_auth_mellon/lock'
$mellon_cache_size = 100
$mellon_post_directory = undef
$modsec_version = 1
$modsec_crs_package = 'mod_security_crs'
$modsec_crs_path = '/usr/lib/modsecurity.d'
$modsec_dir = '/etc/httpd/modsecurity.d'
$secpcrematchlimit = 1500
$secpcrematchlimitrecursion = 1500
$modsec_secruleengine = 'On'
$modsec_default_rules = [
'base_rules/modsecurity_35_bad_robots.data',
'base_rules/modsecurity_35_scanners.data',
'base_rules/modsecurity_40_generic_attacks.data',
'base_rules/modsecurity_50_outbound.data',
'base_rules/modsecurity_50_outbound_malware.data',
'base_rules/modsecurity_crs_20_protocol_violations.conf',
'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
'base_rules/modsecurity_crs_23_request_limits.conf',
'base_rules/modsecurity_crs_30_http_policy.conf',
'base_rules/modsecurity_crs_35_bad_robots.conf',
'base_rules/modsecurity_crs_40_generic_attacks.conf',
'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
'base_rules/modsecurity_crs_41_xss_attacks.conf',
'base_rules/modsecurity_crs_42_tight_security.conf',
'base_rules/modsecurity_crs_45_trojans.conf',
'base_rules/modsecurity_crs_47_common_exceptions.conf',
'base_rules/modsecurity_crs_49_inbound_blocking.conf',
'base_rules/modsecurity_crs_50_outbound.conf',
'base_rules/modsecurity_crs_59_outbound_blocking.conf',
'base_rules/modsecurity_crs_60_correlation.conf',
]
$error_log = 'error_log'
$scriptalias = "${httpd_root}/var/www/cgi-bin"
$access_log_file = 'access_log'
}
elsif $::osfamily == 'RedHat' or $::operatingsystem =~ /^[Aa]mazon$/ {
$user = 'apache'
$group = 'apache'
$root_group = 'root'
$apache_name = 'httpd'
$service_name = 'httpd'
$httpd_dir = '/etc/httpd'
$server_root = '/etc/httpd'
$conf_dir = "${httpd_dir}/conf"
$confd_dir = "${httpd_dir}/conf.d"
$conf_enabled = undef
if $::operatingsystem =~ /^[Aa]mazon$/ and $::operatingsystemmajrelease == '2' {
# Amazon Linux 2 uses the /conf.modules.d/ dir
$mod_dir = "${httpd_dir}/conf.modules.d"
} else {
- $mod_dir = $::apache::version::distrelease ? {
+ $mod_dir = $apache::version::distrelease ? {
'7' => "${httpd_dir}/conf.modules.d",
'8' => "${httpd_dir}/conf.modules.d",
default => "${httpd_dir}/conf.d",
}
}
$mod_enable_dir = undef
$vhost_dir = "${httpd_dir}/conf.d"
$vhost_enable_dir = undef
$conf_file = 'httpd.conf'
$ports_file = "${conf_dir}/ports.conf"
$pidfile = 'run/httpd.pid'
$logroot = '/var/log/httpd'
$logroot_mode = undef
$lib_path = 'modules'
$mpm_module = 'prefork'
$dev_packages = 'httpd-devel'
$default_ssl_cert = '/etc/pki/tls/certs/localhost.crt'
$default_ssl_key = '/etc/pki/tls/private/localhost.key'
$ssl_sessioncache = '/var/cache/mod_ssl/scache(512000)'
$passenger_conf_file = 'passenger_extra.conf'
$passenger_conf_package_file = 'passenger.conf'
$passenger_root = undef
$passenger_ruby = undef
$passenger_default_ruby = undef
$suphp_addhandler = 'php5-script'
$suphp_engine = 'off'
$suphp_configpath = undef
- $php_version = $::apache::version::distrelease ? {
- '8' => '7', # RedHat8
- default => '5', # RedHat5, RedHat6, RedHat7
- }
+ $php_version = $apache::version::distrelease ? {
+ '8' => '7', # RedHat8
+ default => '5', # RedHat5, RedHat6, RedHat7
+ }
$mod_packages = {
# NOTE: The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL.
'auth_cas' => 'mod_auth_cas',
'auth_kerb' => 'mod_auth_kerb',
'auth_gssapi' => 'mod_auth_gssapi',
'auth_mellon' => 'mod_auth_mellon',
'auth_openidc' => 'mod_auth_openidc',
- 'authnz_ldap' => $::apache::version::distrelease ? {
+ 'authnz_ldap' => $apache::version::distrelease ? {
'7' => 'mod_ldap',
'8' => 'mod_ldap',
default => 'mod_authz_ldap',
},
'authnz_pam' => 'mod_authnz_pam',
- 'fastcgi' => $::apache::version::distrelease ? {
+ 'fastcgi' => $apache::version::distrelease ? {
'5' => 'mod_fastcgi',
'6' => 'mod_fastcgi',
default => undef,
},
'fcgid' => 'mod_fcgid',
'geoip' => 'mod_geoip',
'intercept_form_submit' => 'mod_intercept_form_submit',
- 'ldap' => $::apache::version::distrelease ? {
+ 'ldap' => $apache::version::distrelease ? {
'5' => undef,
'6' => undef,
default => 'mod_ldap',
},
'lookup_identity' => 'mod_lookup_identity',
'pagespeed' => 'mod-pagespeed-stable',
# NOTE: The passenger module isn't available on RH/CentOS without
# providing dependency packages provided by EPEL and passenger
# repositories. See
# https://www.phusionpassenger.com/library/install/apache/install/oss/el7/
'passenger' => 'mod_passenger',
'perl' => 'mod_perl',
- 'php5' => $::apache::version::distrelease ? {
+ 'php5' => $apache::version::distrelease ? {
'5' => 'php53',
default => 'php',
},
'phpXXX' => 'php',
'proxy_html' => 'mod_proxy_html',
'python' => 'mod_python',
'security' => 'mod_security',
# NOTE: The module for Shibboleth is not available on RH/CentOS without
# providing dependency packages provided by Shibboleth's repositories.
# See http://wiki.aaf.edu.au/tech-info/sp-install-guide
'shibboleth' => 'shibboleth',
'ssl' => 'mod_ssl',
- 'wsgi' => $::apache::version::distrelease ? {
+ 'wsgi' => $apache::version::distrelease ? {
'8' => 'python3-mod_wsgi', # RedHat8
default => 'mod_wsgi', # RedHat5, RedHat6, RedHat7
},
'dav_svn' => 'mod_dav_svn',
'suphp' => 'mod_suphp',
'xsendfile' => 'mod_xsendfile',
'nss' => 'mod_nss',
'shib2' => 'shibboleth',
}
$mod_libs = {
'nss' => 'libmodnss.so',
- 'wsgi' => $::apache::version::distrelease ? {
+ 'wsgi' => $apache::version::distrelease ? {
'8' => 'mod_wsgi_python3.so',
default => 'mod_wsgi.so',
},
}
$conf_template = 'apache/httpd.conf.erb'
$http_protocol_options = undef
$keepalive = 'On'
$keepalive_timeout = 15
$max_keepalive_requests = 100
$fastcgi_lib_path = undef
$mime_support_package = 'mailcap'
$mime_types_config = '/etc/mime.types'
$docroot = '/var/www/html'
- $alias_icons_path = $::apache::version::distrelease ? {
+ $alias_icons_path = $apache::version::distrelease ? {
'7' => '/usr/share/httpd/icons',
'8' => '/usr/share/httpd/icons',
default => '/var/www/icons',
}
- $error_documents_path = $::apache::version::distrelease ? {
+ $error_documents_path = $apache::version::distrelease ? {
'7' => '/usr/share/httpd/error',
'8' => '/usr/share/httpd/error',
default => '/var/www/error'
}
if $::osfamily == 'RedHat' {
$wsgi_socket_prefix = '/var/run/wsgi'
} else {
$wsgi_socket_prefix = undef
}
$cas_cookie_path = '/var/cache/mod_auth_cas/'
$mellon_lock_file = '/run/mod_auth_mellon/lock'
$mellon_cache_size = 100
$mellon_post_directory = undef
$modsec_version = 1
$modsec_crs_package = 'mod_security_crs'
$modsec_crs_path = '/usr/lib/modsecurity.d'
$modsec_dir = '/etc/httpd/modsecurity.d'
$secpcrematchlimit = 1500
$secpcrematchlimitrecursion = 1500
$modsec_secruleengine = 'On'
$modsec_default_rules = [
'base_rules/modsecurity_35_bad_robots.data',
'base_rules/modsecurity_35_scanners.data',
'base_rules/modsecurity_40_generic_attacks.data',
'base_rules/modsecurity_50_outbound.data',
'base_rules/modsecurity_50_outbound_malware.data',
'base_rules/modsecurity_crs_20_protocol_violations.conf',
'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
'base_rules/modsecurity_crs_23_request_limits.conf',
'base_rules/modsecurity_crs_30_http_policy.conf',
'base_rules/modsecurity_crs_35_bad_robots.conf',
'base_rules/modsecurity_crs_40_generic_attacks.conf',
'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
'base_rules/modsecurity_crs_41_xss_attacks.conf',
'base_rules/modsecurity_crs_42_tight_security.conf',
'base_rules/modsecurity_crs_45_trojans.conf',
'base_rules/modsecurity_crs_47_common_exceptions.conf',
'base_rules/modsecurity_crs_49_inbound_blocking.conf',
'base_rules/modsecurity_crs_50_outbound.conf',
'base_rules/modsecurity_crs_59_outbound_blocking.conf',
'base_rules/modsecurity_crs_60_correlation.conf',
]
$error_log = 'error_log'
$scriptalias = '/var/www/cgi-bin'
$access_log_file = 'access_log'
} elsif $::osfamily == 'Debian' {
$user = 'www-data'
$group = 'www-data'
$root_group = 'root'
$apache_name = 'apache2'
$service_name = 'apache2'
$httpd_dir = '/etc/apache2'
$server_root = '/etc/apache2'
$conf_dir = $httpd_dir
$confd_dir = "${httpd_dir}/conf.d"
# Overwrite conf_enabled causes errors with Shibboleth when enabled on Ubuntu 18.04
$conf_enabled = undef #"${httpd_dir}/conf-enabled.d"
$mod_dir = "${httpd_dir}/mods-available"
$mod_enable_dir = "${httpd_dir}/mods-enabled"
$vhost_dir = "${httpd_dir}/sites-available"
$vhost_enable_dir = "${httpd_dir}/sites-enabled"
$conf_file = 'apache2.conf'
$ports_file = "${conf_dir}/ports.conf"
$pidfile = "\${APACHE_PID_FILE}"
$logroot = '/var/log/apache2'
$logroot_mode = undef
$lib_path = '/usr/lib/apache2/modules'
$mpm_module = 'worker'
$default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
$default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key'
$ssl_sessioncache = "\${APACHE_RUN_DIR}/ssl_scache(512000)"
$suphp_addhandler = 'x-httpd-php'
$suphp_engine = 'off'
$suphp_configpath = '/etc/php5/apache2'
if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '16.04') < 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') < 0) {
# Only the major version is used here
$php_version = '5'
$mod_packages = {
'auth_cas' => 'libapache2-mod-auth-cas',
'auth_kerb' => 'libapache2-mod-auth-kerb',
'auth_openidc' => 'libapache2-mod-auth-openidc',
'auth_gssapi' => 'libapache2-mod-auth-gssapi',
'auth_mellon' => 'libapache2-mod-auth-mellon',
'authnz_pam' => 'libapache2-mod-authnz-pam',
'dav_svn' => 'libapache2-svn',
'fastcgi' => 'libapache2-mod-fastcgi',
'fcgid' => 'libapache2-mod-fcgid',
'geoip' => 'libapache2-mod-geoip',
'intercept_form_submit' => 'libapache2-mod-intercept-form-submit',
'jk' => 'libapache2-mod-jk',
'lookup_identity' => 'libapache2-mod-lookup-identity',
'nss' => 'libapache2-mod-nss',
'pagespeed' => 'mod-pagespeed-stable',
'passenger' => 'libapache2-mod-passenger',
'perl' => 'libapache2-mod-perl2',
'phpXXX' => 'libapache2-mod-phpXXX',
'proxy_html' => 'libapache2-mod-proxy-html',
'python' => 'libapache2-mod-python',
'rpaf' => 'libapache2-mod-rpaf',
'security' => 'libapache2-modsecurity',
'shib2' => 'libapache2-mod-shib2',
'suphp' => 'libapache2-mod-suphp',
'wsgi' => 'libapache2-mod-wsgi',
'xsendfile' => 'libapache2-mod-xsendfile',
}
} elsif ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) {
$php_version = $facts['operatingsystemmajrelease'] ? {
'9' => '7.0', # Debian Stretch
'10' => '7.3', # Debian Buster
'20.04' => '7.4', # Ubuntu Foccal Fossal
default => '7.2', # Ubuntu Bionic, Cosmic and Disco
}
$mod_packages = {
'auth_cas' => 'libapache2-mod-auth-cas',
'auth_kerb' => 'libapache2-mod-auth-kerb',
'auth_openidc' => 'libapache2-mod-auth-openidc',
'auth_gssapi' => 'libapache2-mod-auth-gssapi',
'auth_mellon' => 'libapache2-mod-auth-mellon',
'authnz_pam' => 'libapache2-mod-authnz-pam',
'dav_svn' => 'libapache2-mod-svn',
'fastcgi' => 'libapache2-mod-fastcgi',
'fcgid' => 'libapache2-mod-fcgid',
'geoip' => 'libapache2-mod-geoip',
'intercept_form_submit' => 'libapache2-mod-intercept-form-submit',
'jk' => 'libapache2-mod-jk',
'lookup_identity' => 'libapache2-mod-lookup-identity',
'nss' => 'libapache2-mod-nss',
'pagespeed' => 'mod-pagespeed-stable',
'passenger' => 'libapache2-mod-passenger',
'perl' => 'libapache2-mod-perl2',
'phpXXX' => 'libapache2-mod-phpXXX',
'python' => 'libapache2-mod-python',
'rpaf' => 'libapache2-mod-rpaf',
'security' => 'libapache2-mod-security2',
'shib2' => 'libapache2-mod-shib2',
'wsgi' => 'libapache2-mod-wsgi',
'xsendfile' => 'libapache2-mod-xsendfile',
}
} else {
# Ubuntu Xenial
$php_version = '7.0'
$mod_packages = {
'auth_cas' => 'libapache2-mod-auth-cas',
'auth_kerb' => 'libapache2-mod-auth-kerb',
'auth_openidc' => 'libapache2-mod-auth-openidc',
'auth_gssapi' => 'libapache2-mod-auth-gssapi',
'auth_mellon' => 'libapache2-mod-auth-mellon',
'authnz_pam' => 'libapache2-mod-authnz-pam',
'dav_svn' => 'libapache2-svn',
'fastcgi' => 'libapache2-mod-fastcgi',
'fcgid' => 'libapache2-mod-fcgid',
'geoip' => 'libapache2-mod-geoip',
'intercept_form_submit' => 'libapache2-mod-intercept-form-submit',
'jk' => 'libapache2-mod-jk',
'lookup_identity' => 'libapache2-mod-lookup-identity',
'nss' => 'libapache2-mod-nss',
'pagespeed' => 'mod-pagespeed-stable',
'passenger' => 'libapache2-mod-passenger',
'perl' => 'libapache2-mod-perl2',
'phpXXX' => 'libapache2-mod-phpXXX',
'python' => 'libapache2-mod-python',
'rpaf' => 'libapache2-mod-rpaf',
'security' => 'libapache2-modsecurity',
'shib2' => 'libapache2-mod-shib2',
'suphp' => 'libapache2-mod-suphp',
'wsgi' => 'libapache2-mod-wsgi',
'xsendfile' => 'libapache2-mod-xsendfile',
}
}
$error_log = 'error.log'
$scriptalias = '/usr/lib/cgi-bin'
$access_log_file = 'access.log'
if $::osfamily == 'Debian' and versioncmp($::operatingsystemrelease, '8') < 0 {
$shib2_lib = 'mod_shib_22.so'
} elsif ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '19.04') < 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '10') < 0) {
$shib2_lib = 'mod_shib2.so'
} else {
$shib2_lib = 'mod_shib.so'
}
$mod_libs = {
'shib2' => $shib2_lib,
}
$conf_template = 'apache/httpd.conf.erb'
$http_protocol_options = undef
$keepalive = 'On'
$keepalive_timeout = 15
$max_keepalive_requests = 100
$fastcgi_lib_path = '/var/lib/apache2/fastcgi'
$mime_support_package = 'mime-support'
$mime_types_config = '/etc/mime.types'
if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) {
$docroot = '/var/www/html'
} else {
$docroot = '/var/www'
}
$cas_cookie_path = '/var/cache/apache2/mod_auth_cas/'
$mellon_lock_file = undef
$mellon_cache_size = undef
$mellon_post_directory = '/var/cache/apache2/mod_auth_mellon/'
$modsec_version = 1
$modsec_crs_package = 'modsecurity-crs'
$modsec_crs_path = '/usr/share/modsecurity-crs'
$modsec_dir = '/etc/modsecurity'
$secpcrematchlimit = 1500
$secpcrematchlimitrecursion = 1500
$modsec_secruleengine = 'On'
if ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) {
$modsec_default_rules = [
'crawlers-user-agents.data',
'iis-errors.data',
'java-code-leakages.data',
'java-errors.data',
'lfi-os-files.data',
'php-config-directives.data',
'php-errors.data',
'php-function-names-933150.data',
'php-function-names-933151.data',
'php-variables.data',
'restricted-files.data',
'scanners-headers.data',
'scanners-urls.data',
'scanners-user-agents.data',
'scripting-user-agents.data',
'sql-errors.data',
'sql-function-names.data',
'unix-shell.data',
'windows-powershell-commands.data',
]
} else {
$modsec_default_rules = [
'base_rules/modsecurity_35_bad_robots.data',
'base_rules/modsecurity_35_scanners.data',
'base_rules/modsecurity_40_generic_attacks.data',
'base_rules/modsecurity_50_outbound.data',
'base_rules/modsecurity_50_outbound_malware.data',
'base_rules/modsecurity_crs_20_protocol_violations.conf',
'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
'base_rules/modsecurity_crs_23_request_limits.conf',
'base_rules/modsecurity_crs_30_http_policy.conf',
'base_rules/modsecurity_crs_35_bad_robots.conf',
'base_rules/modsecurity_crs_40_generic_attacks.conf',
'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
'base_rules/modsecurity_crs_41_xss_attacks.conf',
'base_rules/modsecurity_crs_42_tight_security.conf',
'base_rules/modsecurity_crs_45_trojans.conf',
'base_rules/modsecurity_crs_47_common_exceptions.conf',
'base_rules/modsecurity_crs_49_inbound_blocking.conf',
'base_rules/modsecurity_crs_50_outbound.conf',
'base_rules/modsecurity_crs_59_outbound_blocking.conf',
'base_rules/modsecurity_crs_60_correlation.conf',
]
}
$alias_icons_path = '/usr/share/apache2/icons'
$error_documents_path = '/usr/share/apache2/error'
if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) {
$dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev']
} else {
$dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev']
}
#
# Passenger-specific settings
#
$passenger_conf_file = 'passenger.conf'
$passenger_conf_package_file = undef
if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '14.04') < 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') < 0) {
$passenger_root = '/usr'
$passenger_ruby = '/usr/bin/ruby'
$passenger_default_ruby = undef
} else {
$passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
$passenger_ruby = undef
$passenger_default_ruby = '/usr/bin/ruby'
}
$wsgi_socket_prefix = undef
} elsif $::osfamily == 'FreeBSD' {
$user = 'www'
$group = 'www'
$root_group = 'wheel'
$apache_name = 'apache24'
$service_name = 'apache24'
$httpd_dir = '/usr/local/etc/apache24'
$server_root = '/usr/local'
$conf_dir = $httpd_dir
$confd_dir = "${httpd_dir}/Includes"
$conf_enabled = undef
$mod_dir = "${httpd_dir}/Modules"
$mod_enable_dir = undef
$vhost_dir = "${httpd_dir}/Vhosts"
$vhost_enable_dir = undef
$conf_file = 'httpd.conf'
$ports_file = "${conf_dir}/ports.conf"
$pidfile = '/var/run/httpd.pid'
$logroot = '/var/log/apache24'
$logroot_mode = undef
$lib_path = '/usr/local/libexec/apache24'
$mpm_module = 'prefork'
$dev_packages = undef
$default_ssl_cert = '/usr/local/etc/apache24/server.crt'
$default_ssl_key = '/usr/local/etc/apache24/server.key'
$ssl_sessioncache = '/var/run/ssl_scache(512000)'
$passenger_conf_file = 'passenger.conf'
$passenger_conf_package_file = undef
$passenger_root = '/usr/local/lib/ruby/gems/2.0/gems/passenger-4.0.58'
$passenger_ruby = '/usr/local/bin/ruby'
$passenger_default_ruby = undef
$suphp_addhandler = 'php5-script'
$suphp_engine = 'off'
$suphp_configpath = undef
$php_version = '5'
$mod_packages = {
# NOTE: I list here only modules that are not included in www/apache24
# NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config
# NOTE: 'php' needs to enable APACHE option in make config
# NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config
# NOTE: not sure where the shibboleth should come from
'auth_kerb' => 'www/mod_auth_kerb2',
'auth_gssapi' => 'www/mod_auth_gssapi',
'auth_openidc'=> 'www/mod_auth_openidc',
'fcgid' => 'www/mod_fcgid',
'passenger' => 'www/rubygem-passenger',
'perl' => 'www/mod_perl2',
'phpXXX' => 'www/mod_phpXXX',
'proxy_html' => 'www/mod_proxy_html',
'python' => 'www/mod_python3',
'wsgi' => 'www/mod_wsgi',
'dav_svn' => 'devel/subversion',
'xsendfile' => 'www/mod_xsendfile',
'rpaf' => 'www/mod_rpaf2',
'shib2' => 'security/shibboleth2-sp',
}
$mod_libs = {
}
$conf_template = 'apache/httpd.conf.erb'
$http_protocol_options = undef
$keepalive = 'On'
$keepalive_timeout = 15
$max_keepalive_requests = 100
$fastcgi_lib_path = undef # TODO: revisit
$mime_support_package = 'misc/mime-support'
$mime_types_config = '/usr/local/etc/mime.types'
$wsgi_socket_prefix = undef
$docroot = '/usr/local/www/apache24/data'
$alias_icons_path = '/usr/local/www/apache24/icons'
$error_documents_path = '/usr/local/www/apache24/error'
$error_log = 'httpd-error.log'
$scriptalias = '/usr/local/www/apache24/cgi-bin'
$access_log_file = 'httpd-access.log'
} elsif $::osfamily == 'Gentoo' {
$user = 'apache'
$group = 'apache'
$root_group = 'wheel'
$apache_name = 'www-servers/apache'
$service_name = 'apache2'
$httpd_dir = '/etc/apache2'
$server_root = '/var/www'
$conf_dir = $httpd_dir
$confd_dir = "${httpd_dir}/conf.d"
$conf_enabled = undef
$mod_dir = "${httpd_dir}/modules.d"
$mod_enable_dir = undef
$vhost_dir = "${httpd_dir}/vhosts.d"
$vhost_enable_dir = undef
$conf_file = 'httpd.conf'
$ports_file = "${conf_dir}/ports.conf"
$logroot = '/var/log/apache2'
$logroot_mode = undef
$lib_path = '/usr/lib/apache2/modules'
$mpm_module = 'prefork'
$dev_packages = undef
$default_ssl_cert = '/etc/ssl/apache2/server.crt'
$default_ssl_key = '/etc/ssl/apache2/server.key'
$ssl_sessioncache = '/var/run/ssl_scache(512000)'
$passenger_root = '/usr'
$passenger_ruby = '/usr/bin/ruby'
$passenger_conf_file = 'passenger.conf'
$passenger_conf_package_file = undef
$passenger_default_ruby = undef
$suphp_addhandler = 'x-httpd-php'
$suphp_engine = 'off'
$suphp_configpath = '/etc/php5/apache2'
$php_version = '5'
$mod_packages = {
# NOTE: I list here only modules that are not included in www-servers/apache
'auth_kerb' => 'www-apache/mod_auth_kerb',
'auth_gssapi' => 'www-apache/mod_auth_gssapi',
'authnz_external' => 'www-apache/mod_authnz_external',
'fcgid' => 'www-apache/mod_fcgid',
'passenger' => 'www-apache/passenger',
'perl' => 'www-apache/mod_perl',
'phpXXX' => 'dev-lang/php',
'proxy_html' => 'www-apache/mod_proxy_html',
'proxy_fcgi' => 'www-apache/mod_proxy_fcgi',
'python' => 'www-apache/mod_python',
'wsgi' => 'www-apache/mod_wsgi',
'dav_svn' => 'dev-vcs/subversion',
'xsendfile' => 'www-apache/mod_xsendfile',
'rpaf' => 'www-apache/mod_rpaf',
'xml2enc' => 'www-apache/mod_xml2enc',
}
$mod_libs = {
}
$conf_template = 'apache/httpd.conf.erb'
$http_protocol_options = undef
$keepalive = 'On'
$keepalive_timeout = 15
$max_keepalive_requests = 100
$fastcgi_lib_path = undef # TODO: revisit
$mime_support_package = 'app-misc/mime-types'
$mime_types_config = '/etc/mime.types'
$wsgi_socket_prefix = undef
$docroot = '/var/www/localhost/htdocs'
$alias_icons_path = '/usr/share/apache2/icons'
$error_documents_path = '/usr/share/apache2/error'
$pidfile = '/var/run/apache2.pid'
$error_log = 'error.log'
$scriptalias = '/var/www/localhost/cgi-bin'
$access_log_file = 'access.log'
} elsif $::osfamily == 'Suse' {
$user = 'wwwrun'
$group = 'www'
$root_group = 'root'
$apache_name = 'apache2'
$service_name = 'apache2'
$httpd_dir = '/etc/apache2'
$server_root = '/etc/apache2'
$conf_dir = $httpd_dir
$confd_dir = "${httpd_dir}/conf.d"
$conf_enabled = undef
$mod_dir = "${httpd_dir}/mods-available"
$mod_enable_dir = "${httpd_dir}/mods-enabled"
$vhost_dir = "${httpd_dir}/sites-available"
$vhost_enable_dir = "${httpd_dir}/sites-enabled"
$conf_file = 'httpd.conf'
$ports_file = "${conf_dir}/ports.conf"
$pidfile = '/var/run/httpd2.pid'
$logroot = '/var/log/apache2'
$logroot_mode = undef
$lib_path = '/usr/lib64/apache2' #changes for some modules based on mpm
$mpm_module = 'prefork'
- if $::operatingsystemrelease < '15' {
+ if versioncmp($::operatingsystemrelease, '15') < 0 {
$default_ssl_cert = '/etc/apache2/ssl.crt/server.crt'
$default_ssl_key = '/etc/apache2/ssl.key/server.key'
} else {
$default_ssl_cert = '/etc/apache2/ssl.crt/default-server.crt'
$default_ssl_key = '/etc/apache2/ssl.key/default-server.key'
}
$ssl_sessioncache = '/var/lib/apache2/ssl_scache(512000)'
$suphp_addhandler = 'x-httpd-php'
$suphp_engine = 'off'
$suphp_configpath = '/etc/php5/apache2'
$php_version = '5'
- if $::operatingsystemrelease < '11' or $::operatingsystemrelease >= '12' {
+ if versioncmp($::operatingsystemrelease, '11') < 0 or versioncmp($::operatingsystemrelease, '12') >= 0 {
$mod_packages = {
'auth_kerb' => 'apache2-mod_auth_kerb',
'auth_gssapi' => 'apache2-mod_auth_gssapi',
'dav_svn' => 'subversion-server',
'perl' => 'apache2-mod_perl',
'php5' => 'apache2-mod_php5',
'python' => 'apache2-mod_python',
'security' => 'apache2-mod_security2',
'worker' => 'apache2-worker',
- }
+ }
} else {
$mod_packages = {
'auth_kerb' => 'apache2-mod_auth_kerb',
'auth_gssapi' => 'apache2-mod_auth_gssapi',
'dav_svn' => 'subversion-server',
'perl' => 'apache2-mod_perl',
'php5' => 'apache2-mod_php53',
'python' => 'apache2-mod_python',
'security' => 'apache2-mod_security2',
}
}
$mod_libs = {
'security' => '/usr/lib64/apache2/mod_security2.so',
'php53' => '/usr/lib64/apache2/mod_php5.so',
}
$conf_template = 'apache/httpd.conf.erb'
$http_protocol_options = undef
$keepalive = 'On'
$keepalive_timeout = 15
$max_keepalive_requests = 100
$fastcgi_lib_path = '/var/lib/apache2/fastcgi'
$mime_support_package = 'aaa_base'
$mime_types_config = '/etc/mime.types'
$docroot = '/srv/www'
$cas_cookie_path = '/var/cache/apache2/mod_auth_cas/'
$mellon_lock_file = undef
$mellon_cache_size = undef
$mellon_post_directory = undef
$alias_icons_path = '/usr/share/apache2/icons'
$error_documents_path = '/usr/share/apache2/error'
$dev_packages = ['libapr-util1-devel', 'libapr1-devel', 'libcurl-devel']
$modsec_version = 1
$modsec_crs_package = undef
$modsec_crs_path = undef
$modsec_default_rules = undef
$modsec_dir = '/etc/apache2/modsecurity'
$secpcrematchlimit = 1500
$secpcrematchlimitrecursion = 1500
$modsec_secruleengine = 'On'
$error_log = 'error.log'
$scriptalias = '/usr/lib/cgi-bin'
$access_log_file = 'access.log'
#
# Passenger-specific settings
#
$passenger_conf_file = 'passenger.conf'
$passenger_conf_package_file = undef
$passenger_root = '/usr/lib64/ruby/gems/1.8/gems/passenger-5.0.30'
$passenger_ruby = '/usr/bin/ruby'
$passenger_default_ruby = '/usr/bin/ruby'
$wsgi_socket_prefix = undef
-
} else {
fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}")
}
if ($::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04') or ($::operatingsystem == 'SLES') {
$verify_command = '/usr/sbin/apache2ctl -t'
} elsif $::operatingsystem == 'FreeBSD' {
$verify_command = '/usr/local/sbin/apachectl -t'
- } elsif ($::apache::version::scl_httpd_version) {
+ } elsif ($apache::version::scl_httpd_version) {
$verify_command = "/opt/rh/${_scl_httpd_name}/root/usr/sbin/apachectl -t"
} else {
$verify_command = '/usr/sbin/apachectl -t'
}
if $::osfamily == 'RedHat' and versioncmp($::operatingsystemrelease, '8.0') >= 0 {
$ssl_protocol = ['all'] # Implementations of the SSLv2 and SSLv3 protocol versions have been removed from OpenSSL (and hence mod_ssl) because these are no longer considered secure. For additional documentation https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/deploying_different_types_of_servers/setting-apache-web-server_deploying-different-types-of-servers
} else {
- $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ]
+ $ssl_protocol = ['all', '-SSLv2', '-SSLv3']
}
}
diff --git a/manifests/peruser/multiplexer.pp b/manifests/peruser/multiplexer.pp
index e0e4a5ec..5001090c 100644
--- a/manifests/peruser/multiplexer.pp
+++ b/manifests/peruser/multiplexer.pp
@@ -1,23 +1,23 @@
# @summary
# Checks if an Apache module has a class.
#
# If Apache has a class, it includes that class. If it does not, it passes the module name to the `apache::mod` defined type.
#
# @api private
define apache::peruser::multiplexer (
- $user = $::apache::user,
- $group = $::apache::group,
+ $user = $apache::user,
+ $group = $apache::group,
$file = undef,
) {
if ! $file {
$filename = "${name}.conf"
} else {
$filename = $file
}
- file { "${::apache::mod_dir}/peruser/multiplexers/${filename}":
+ file { "${apache::mod_dir}/peruser/multiplexers/${filename}":
ensure => file,
content => "Multiplexer ${user} ${group}\n",
- require => File["${::apache::mod_dir}/peruser/multiplexers"],
+ require => File["${apache::mod_dir}/peruser/multiplexers"],
notify => Class['apache::service'],
}
}
diff --git a/manifests/peruser/processor.pp b/manifests/peruser/processor.pp
index 798ee957..57c26fa9 100644
--- a/manifests/peruser/processor.pp
+++ b/manifests/peruser/processor.pp
@@ -1,21 +1,21 @@
# @summary
# Enables the `Peruser` module for FreeBSD only.
#
# @api private
define apache::peruser::processor (
$user,
$group,
$file = undef,
) {
if ! $file {
$filename = "${name}.conf"
} else {
$filename = $file
}
- file { "${::apache::mod_dir}/peruser/processors/${filename}":
+ file { "${apache::mod_dir}/peruser/processors/${filename}":
ensure => file,
content => "Processor ${user} ${group}\n",
- require => File["${::apache::mod_dir}/peruser/processors"],
+ require => File["${apache::mod_dir}/peruser/processors"],
notify => Class['apache::service'],
}
}
diff --git a/manifests/php.pp b/manifests/php.pp
index 24758417..32999a92 100644
--- a/manifests/php.pp
+++ b/manifests/php.pp
@@ -1,11 +1,11 @@
# @summary
# This class installs PHP for Apache.
#
# @note
# This class is deprecated.
#
# @api private
class apache::php {
warning('apache::php is deprecated; please use apache::mod::php')
- include ::apache::mod::php
+ include apache::mod::php
}
diff --git a/manifests/proxy.pp b/manifests/proxy.pp
index 1ecdaa8f..9df41958 100644
--- a/manifests/proxy.pp
+++ b/manifests/proxy.pp
@@ -1,11 +1,11 @@
# @summary
# This class enabled the proxy module for Apache.
#
# @note
# This class is deprecated.
#
# @api private
class apache::proxy {
warning('apache::proxy is deprecated; please use apache::mod::proxy')
- include ::apache::mod::proxy
+ include apache::mod::proxy
}
diff --git a/manifests/python.pp b/manifests/python.pp
index 067ebc78..586ed9e8 100644
--- a/manifests/python.pp
+++ b/manifests/python.pp
@@ -1,18 +1,18 @@
# @summary
# This class installs Python for Apache
#
# Parameters:
# - $php_package
#
# Actions:
# - Install Apache Python package
#
# Requires:
#
# Sample Usage:
#
# @api private
class apache::python {
warning('apache::python is deprecated; please use apache::mod::python')
- include ::apache::mod::python
+ include apache::mod::python
}
diff --git a/manifests/security/rule_link.pp b/manifests/security/rule_link.pp
index d8b79e15..a3f70b10 100644
--- a/manifests/security/rule_link.pp
+++ b/manifests/security/rule_link.pp
@@ -1,22 +1,21 @@
# @summary
# Links the activated_rules from `apache::mod::security` to the respective CRS rules on disk.
#
# @api private
define apache::security::rule_link () {
-
$parts = split($title, '/')
$filename = $parts[-1]
$target = $title ? {
/^\// => $title,
- default => "${::apache::params::modsec_crs_path}/${title}",
+ default => "${apache::params::modsec_crs_path}/${title}",
}
file { $filename:
ensure => 'link',
- path => "${::apache::mod::security::modsec_dir}/activated_rules/${filename}",
+ path => "${apache::mod::security::modsec_dir}/activated_rules/${filename}",
target => $target ,
- require => File["${::apache::mod::security::modsec_dir}/activated_rules"],
+ require => File["${apache::mod::security::modsec_dir}/activated_rules"],
notify => Class['apache::service'],
}
}
diff --git a/manifests/service.pp b/manifests/service.pp
index 703d95f8..7366e5fd 100644
--- a/manifests/service.pp
+++ b/manifests/service.pp
@@ -1,37 +1,36 @@
# @summary
# Installs and configures Apache service.
#
# @api private
class apache::service (
- $service_name = $::apache::params::service_name,
+ $service_name = $apache::params::service_name,
Boolean $service_enable = true,
$service_ensure = 'running',
Boolean $service_manage = true,
$service_restart = undef
) {
-
# The base class must be included first because parameter defaults depend on it
if ! defined(Class['apache::params']) {
fail('You must include the apache::params class before using any apache defined resources')
}
case $service_ensure {
true, false, 'running', 'stopped': {
$_service_ensure = $service_ensure
}
default: {
$_service_ensure = undef
}
}
$service_hasrestart = $service_restart == undef
if $service_manage {
service { 'httpd':
ensure => $_service_ensure,
name => $service_name,
enable => $service_enable,
restart => $service_restart,
hasrestart => $service_hasrestart,
}
}
}
diff --git a/manifests/ssl.pp b/manifests/ssl.pp
index c4442638..a241a98a 100644
--- a/manifests/ssl.pp
+++ b/manifests/ssl.pp
@@ -1,11 +1,11 @@
# @summary
# This class installs Apache SSL capabilities
#
# @note
# This class is deprecated.
#
# @api private
class apache::ssl {
warning('apache::ssl is deprecated; please use apache::mod::ssl')
- include ::apache::mod::ssl
+ include apache::mod::ssl
}
diff --git a/manifests/version.pp b/manifests/version.pp
index 9116fadb..36e2a040 100644
--- a/manifests/version.pp
+++ b/manifests/version.pp
@@ -1,55 +1,55 @@
# @summary
# Try to automatically detect the version by OS
#
# @api private
-class apache::version(
+class apache::version (
Optional[String] $scl_httpd_version = undef,
Optional[String] $scl_php_version = undef,
) {
# This will be 5 or 6 on RedHat, 6 or wheezy on Debian, 12 or quantal on Ubuntu, etc.
$osr_array = split($::operatingsystemrelease,'[\/\.]')
$distrelease = $osr_array[0]
if ! $distrelease {
fail("Class['apache::version']: Unparsable \$::operatingsystemrelease: ${::operatingsystemrelease}")
}
case $::osfamily {
'RedHat': {
if $scl_httpd_version {
$default = $scl_httpd_version
}
elsif ($::operatingsystem == 'Amazon') {
$default = '2.2'
} elsif ($::operatingsystem == 'Fedora' and versioncmp($distrelease, '18') >= 0) or ($::operatingsystem != 'Fedora' and versioncmp($distrelease, '7') >= 0) {
$default = '2.4'
} else {
$default = '2.2'
}
}
'Debian': {
if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0 {
$default = '2.4'
} elsif $::operatingsystem == 'Debian' and versioncmp($distrelease, '8') >= 0 {
$default = '2.4'
} else {
$default = '2.2'
}
}
'FreeBSD': {
$default = '2.4'
}
'Gentoo': {
$default = '2.4'
}
'Suse': {
- if ($::operatingsystem == 'SLES' and $::operatingsystemrelease >= '12') or ($::operatingsystem == 'OpenSuSE' and $::operatingsystemrelease >= '42') {
+ if ($::operatingsystem == 'SLES' and versioncmp($::operatingsystemrelease, '12') >= 0) or ($::operatingsystem == 'OpenSuSE' and versioncmp($::operatingsystemrelease, '42') >= 0) {
$default = '2.4'
} else {
$default = '2.2'
}
}
default: {
fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}")
}
}
}
diff --git a/manifests/vhost.pp b/manifests/vhost.pp
index e2a86a3b..bf953433 100644
--- a/manifests/vhost.pp
+++ b/manifests/vhost.pp
@@ -1,2876 +1,2874 @@
# @summary
# Allows specialised configurations for virtual hosts that possess requirements
# outside of the defaults.
#
# The apache module allows a lot of flexibility in the setup and configuration of virtual hosts.
# This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache
# to evaluate it multiple times with different parameters.
# The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts
# that have requirements outside the defaults. You can set up a default virtual host within
# the base `::apache` class, as well as set a customized virtual host as the default.
# Customized virtual hosts have a lower numeric `priority` than the base class's, causing
# Apache to process the customized virtual host first.
# The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To
# inject custom fragments for pieces of the configuration that the defined type doesn't
# inherently support, add a custom fragment.
# For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples
# of 10, so any `order` that isn't a multiple of 10 should work.
# > **Note:** When creating an `apache::vhost`, it cannot be named `default` or `default-ssl`,
# because vhosts with these titles are always managed by the module. This means that you cannot
# override `Apache::Vhost['default']` or `Apache::Vhost['default-ssl]` resources. An optional
# workaround is to create a vhost named something else, such as `my default`, and ensure that the
# `default` and `default_ssl` vhosts are set to `false`:
#
# @example
# class { 'apache':
# default_vhost => false,
# default_ssl_vhost => false,
# }
#
# @param apache_version
# Apache's version number as a string, such as '2.2' or '2.4'.
#
# @param access_log
# Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`).
#
# @param access_log_env_var
# Specifies that only requests with particular environment variables be logged.
#
# @param access_log_file
# Sets the filename of the `*_access.log` placed in `logroot`. Given a virtual host ---for
# instance, example.com--- it defaults to 'example.com_ssl.log' for
# [SSL-encrypted](https://httpd.apache.org/docs/current/ssl/index.html) virtual hosts and
# `example.com_access.log` for unencrypted virtual hosts.
#
# @param access_log_format
# Specifies the use of either a `LogFormat` nickname or a custom-formatted string for the
# access log.
#
# @param access_log_pipe
# Specifies a pipe where Apache sends access log messages.
#
# @param access_log_syslog
# Sends all access log messages to syslog.
#
# @param access_logs
# Allows you to give a hash that specifies the state of each of the `access_log_*`
# directives shown above, i.e. `access_log_pipe` and `access_log_syslog`.
#
# @param add_default_charset
# Sets a default media charset value for the `AddDefaultCharset` directive, which is
# added to `text/plain` and `text/html` responses.
#
# @param add_listen
# Determines whether the virtual host creates a `Listen` statement.
# Setting `add_listen` to `false` prevents the virtual host from creating a `Listen`
# statement. This is important when combining virtual hosts that aren't passed an `ip`
# parameter with those that are.
#
# @param use_optional_includes
# Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for
# `additional_includes` in Apache 2.4 or newer.
#
# @param additional_includes
# Specifies paths to additional static, virtual host-specific Apache configuration files.
# You can use this parameter to implement a unique, custom configuration not supported by
# this module.
#
# @param aliases
# Passes a list of [hashes][hash] to the virtual host to create `Alias`, `AliasMatch`,
# `ScriptAlias` or `ScriptAliasMatch` directives as per the `mod_alias` documentation.
# For example:
# ``` puppet
# aliases => [
# { aliasmatch => '^/image/(.*)\.jpg$',
# path => '/files/jpg.images/$1.jpg',
# },
# { alias => '/image',
# path => '/ftp/pub/image',
# },
# { scriptaliasmatch => '^/cgi-bin(.*)',
# path => '/usr/local/share/cgi-bin$1',
# },
# { scriptalias => '/nagios/cgi-bin/',
# path => '/usr/lib/nagios/cgi-bin/',
# },
# { alias => '/nagios',
# path => '/usr/share/nagios/html',
# },
# ],
# ```
# For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs
# a corresponding context, such as `` or
# ``. Puppet creates the directives in the order specified in
# the `aliases` parameter. As described in the `mod_alias` documentation, add more specific
# `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more
# general ones to avoid shadowing.
# > **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because
# you can precisely control the order of various alias directives. Defining `ScriptAliases`
# using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after
# *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias`
# directives. This often causes problems; for example, this could cause problems with Nagios.
# If `apache::mod::passenger` is loaded and `PassengerHighPerformance` is `true`, the `Alias`
# directive might not be able to honor the `PassengerEnabled => off` statement. See
# [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details.
#
# @param allow_encoded_slashes
# Sets the `AllowEncodedSlashes` declaration for the virtual host, overriding the server
# default. This modifies the virtual host responses to URLs with `\` and `/` characters. The
# default setting omits the declaration from the server configuration and selects the
# Apache default setting of `Off`.
#
# @param block
# Specifies the list of things to which Apache blocks access. Valid options are: `scm` (which
# blocks web access to `.svn`), `.git`, and `.bzr` directories.
#
# @param cas_attribute_prefix
# Adds a header with the value of this header being the attribute values when SAML
# validation is enabled.
#
# @param cas_attribute_delimiter
# Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
#
# @param cas_login_url
# Sets the URL to which the module redirects users when they attempt to access a
# CAS-protected resource and don't have an active session.
#
# @param cas_root_proxied_as
# Sets the URL end users see when access to this Apache server is proxied per vhost.
# This URL should not include a trailing slash.
#
# @param cas_scrub_request_headers
# Remove inbound request headers that may have special meaning within mod_auth_cas.
#
# @param cas_sso_enabled
# Enables experimental support for single sign out (may mangle POST data).
#
# @param cas_validate_saml
# Parse response from CAS server for SAML.
#
# @param cas_validate_url
# Sets the URL to use when validating a client-presented ticket in an HTTP query string.
#
# @param comment
# Adds comments to the header of the configuration file. Pass as string or an array of strings.
# For example:
# ``` puppet
# comment => "Account number: 123B",
# ```
# Or:
# ``` puppet
# comment => [
# "Customer: X",
# "Frontend domain: x.example.org",
# ]
# ```
#
# @param custom_fragment
# Passes a string of custom configuration directives to place at the end of the virtual
# host configuration.
#
# @param default_vhost
# Sets a given `apache::vhost` defined type as the default to serve requests that do not
# match any other `apache::vhost` defined types.
#
# @param directoryindex
# Sets the list of resources to look for when a client requests an index of the directory
# by specifying a '/' at the end of the directory name. See the `DirectoryIndex` directive
# documentation for details.
#
# @param docroot
# **Required**.
# Sets the `DocumentRoot` location, from which Apache serves files.
# If `docroot` and `manage_docroot` are both set to `false`, no `DocumentRoot` will be set
# and the accompanying `` block will not be created.
#
# @param docroot_group
# Sets group access to the `docroot` directory.
#
# @param docroot_owner
# Sets individual user access to the `docroot` directory.
#
# @param docroot_mode
# Sets access permissions for the `docroot` directory, in numeric notation.
#
# @param manage_docroot
# Determines whether Puppet manages the `docroot` directory.
#
# @param error_log
# Specifies whether `*_error.log` directives should be configured.
#
# @param error_log_file
# Points the virtual host's error logs to a `*_error.log` file. If this parameter is
# undefined, Puppet checks for values in `error_log_pipe`, then `error_log_syslog`.
# If none of these parameters is set, given a virtual host `example.com`, Puppet defaults
# to `$logroot/example.com_error_ssl.log` for SSL virtual hosts and
# `$logroot/example.com_error.log` for non-SSL virtual hosts.
#
# @param error_log_pipe
# Specifies a pipe to send error log messages to.
# This parameter has no effect if the `error_log_file` parameter has a value. If neither
# this parameter nor `error_log_file` has a value, Puppet then checks `error_log_syslog`.
#
# @param error_log_syslog
# Determines whether to send all error log messages to syslog.
# This parameter has no effect if either of the `error_log_file` or `error_log_pipe`
# parameters has a value. If none of these parameters has a value, given a virtual host
# `example.com`, Puppet defaults to `$logroot/example.com_error_ssl.log` for SSL virtual
# hosts and `$logroot/example.com_error.log` for non-SSL virtual hosts.
#
# @param error_log_format
# Sets the [ErrorLogFormat](https://httpd.apache.org/docs/current/mod/core.html#errorlogformat)
# format specification for error log entries inside virtual host
# For example:
# ``` puppet
# apache::vhost { 'site.name.fdqn':
# ...
# error_log_format => [
# '[%{uc}t] [%-m:%-l] [R:%L] [C:%{C}L] %7F: %E: %M',
# { '[%{uc}t] [R:%L] Request %k on C:%{c}L pid:%P tid:%T' => 'request' },
# { "[%{uc}t] [R:%L] UA:'%+{User-Agent}i'" => 'request' },
# { "[%{uc}t] [R:%L] Referer:'%+{Referer}i'" => 'request' },
# { '[%{uc}t] [C:%{c}L] local\ %a remote\ %A' => 'connection' },
# ],
# }
# ```
#
# @param error_documents
# A list of hashes which can be used to override the
# [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument)
# settings for this virtual host.
# For example:
# ``` puppet
# apache::vhost { 'sample.example.net':
# error_documents => [
# { 'error_code' => '503', 'document' => '/service-unavail' },
# { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },
# ],
# }
# ```
#
# @param ensure
# Specifies if the virtual host is present or absent.
#
# @param fallbackresource
# Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource)
# directive, which specifies an action to take for any URL that doesn't map to anything in
# your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin
# with a `/` or be `disabled`.
#
# @param fastcgi_server
# Specify an external FastCGI server to manage a connection to.
#
# @param fastcgi_socket
# Specify the socket that will be used to communicate with an external FastCGI server.
#
# @param fastcgi_idle_timeout
# If using fastcgi, this option sets the timeout for the server to respond.
#
# @param fastcgi_dir
# Specify an internal FastCGI directory that is to be managed.
#
# @param filters
# [Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart,
# context-sensitive configuration of output content filters.
# ``` puppet
# apache::vhost { "$::fqdn":
# filters => [
# 'FilterDeclare COMPRESS',
# 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html',
# 'FilterChain COMPRESS',
# 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no',
# ],
# }
# ```
#
# @param h2_copy_files
# Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles)
# directive which influences how the requestion process pass files to the main connection.
#
# @param h2_direct
# Sets the [H2Direct](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2direct)
# directive which toggles the usage of the HTTP/2 Direct Mode.
#
# @param h2_early_hints
# Sets the [H2EarlyHints](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2earlyhints)
# directive which controls if HTTP status 103 interim responses are forwarded to
# the client or not.
#
# @param h2_max_session_streams
# Sets the [H2MaxSessionStreams](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2maxsessionstreams)
# directive which sets the maximum number of active streams per HTTP/2 session
# that the server allows.
#
# @param h2_modern_tls_only
# Sets the [H2ModernTLSOnly](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2moderntlsonly)
# directive which toggles the security checks on HTTP/2 connections in TLS mode.
#
# @param h2_push
# Sets the [H2Push](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2push)
# directive which toggles the usage of the HTTP/2 server push protocol feature.
#
# @param h2_push_diary_size
# Sets the [H2PushDiarySize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushdiarysize)
# directive which toggles the maximum number of HTTP/2 server pushes that are
# remembered per HTTP/2 connection.
#
# @param h2_push_priority
# Sets the [H2PushPriority](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushpriority)
# directive which defines the priority handling of pushed responses based on the
# content-type of the response.
#
# @param h2_push_resource
# Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource)
# directive which declares resources for early pushing to the client.
#
# @param h2_serialize_headers
# Sets the [H2SerializeHeaders](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2serializeheaders)
# directive which toggles if HTTP/2 requests are serialized in HTTP/1.1
# format for processing by httpd core.
#
# @param h2_stream_max_mem_size
# Sets the [H2StreamMaxMemSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2streammaxmemsize)
# directive which sets the maximum number of outgoing data bytes buffered in
# memory for an active stream.
#
# @param h2_tls_cool_down_secs
# Sets the [H2TLSCoolDownSecs](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlscooldownsecs)
# directive which sets the number of seconds of idle time on a TLS connection
# before the TLS write size falls back to a small (~1300 bytes) length.
#
# @param h2_tls_warm_up_size
# Sets the [H2TLSWarmUpSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlswarmupsize)
# directive which sets the number of bytes to be sent in small TLS records (~1300
# bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections.
#
# @param h2_upgrade
# Sets the [H2Upgrade](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2upgrade)
# directive which toggles the usage of the HTTP/1.1 Upgrade method for switching
# to HTTP/2.
#
# @param h2_window_size
# Sets the [H2WindowSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2windowsize)
# directive which sets the size of the window that is used for flow control from
# client to server and limits the amount of data the server has to buffer.
#
# @param headers
# Adds lines to replace, merge, or remove response headers. See
# [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information.
#
# @param ip
# Sets the IP address the virtual host listens on. By default, uses Apache's default behavior
# of listening on all IPs.
#
# @param ip_based
# Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual
# host. This parameter inhibits the creation of a NameVirtualHost directive, since those are
# used to funnel requests to name-based virtual hosts.
#
# @param itk
# Configures [ITK](http://mpm-itk.sesse.net/) in a hash.
# Usage typically looks something like:
# ``` puppet
# apache::vhost { 'sample.example.net':
# docroot => '/path/to/directory',
# itk => {
# user => 'someuser',
# group => 'somegroup',
# },
# }
# ```
# Valid values are: a hash, which can include the keys:
# * `user` + `group`
# * `assignuseridexpr`
# * `assigngroupidexpr`
# * `maxclientvhost`
# * `nice`
# * `limituidrange` (Linux 3.5.0 or newer)
# * `limitgidrange` (Linux 3.5.0 or newer)
#
# @param action
# Specifies whether you wish to configure mod_actions action directive which will
# activate cgi-script when triggered by a request.
#
# @param jk_mounts
# Sets up a virtual host with `JkMount` and `JkUnMount` directives to handle the paths
# for URL mapping between Tomcat and Apache.
# The parameter must be an array of hashes where each hash must contain the `worker`
# and either the `mount` or `unmount` keys.
# Usage typically looks like:
# ``` puppet
# apache::vhost { 'sample.example.net':
# jk_mounts => [
# { mount => '/*', worker => 'tcnode1', },
# { unmount => '/*.jpg', worker => 'tcnode1', },
# ],
# }
# ```
#
# @param http_protocol_options
# Specifies the strictness of HTTP protocol checks.
#
# @param keepalive
# Determines whether to enable persistent HTTP connections with the `KeepAlive` directive
# for the virtual host. By default, the global, server-wide `KeepAlive` setting is in effect.
# Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options
# for the virtual host.
#
# @param keepalive_timeout
# Sets the `KeepAliveTimeout` directive for the virtual host, which determines the amount
# of time to wait for subsequent requests on a persistent HTTP connection. By default, the
# global, server-wide `KeepAlive` setting is in effect.
# This parameter is only relevant if either the global, server-wide `keepalive` parameter or
# the per-vhost `keepalive` parameter is enabled.
#
# @param max_keepalive_requests
# Limits the number of requests allowed per connection to the virtual host. By default,
# the global, server-wide `KeepAlive` setting is in effect.
# This parameter is only relevant if either the global, server-wide `keepalive` parameter or
# the per-vhost `keepalive` parameter is enabled.
#
# @param auth_kerb
# Enable `mod_auth_kerb` parameters for a virtual host.
# Usage typically looks like:
# ``` puppet
# apache::vhost { 'sample.example.net':
# auth_kerb => `true`,
# krb_method_negotiate => 'on',
# krb_auth_realms => ['EXAMPLE.ORG'],
# krb_local_user_mapping => 'on',
# directories => {
# path => '/var/www/html',
# auth_name => 'Kerberos Login',
# auth_type => 'Kerberos',
# auth_require => 'valid-user',
# },
# }
# ```
#
# @param krb_method_negotiate
# Determines whether to use the Negotiate method.
#
# @param krb_method_k5passwd
# Determines whether to use password-based authentication for Kerberos v5.
#
# @param krb_authoritative
# If set to `off`, authentication controls can be passed on to another module.
#
# @param krb_auth_realms
# Specifies an array of Kerberos realms to use for authentication.
#
# @param krb_5keytab
# Specifies the Kerberos v5 keytab file's location.
#
# @param krb_local_user_mapping
# Strips @REALM from usernames for further use.
#
# @param krb_verify_kdc
# This option can be used to disable the verification tickets against local keytab to prevent
# KDC spoofing attacks.
#
# @param krb_servicename
# Specifies the service name that will be used by Apache for authentication. Corresponding
# key of this name must be stored in the keytab.
#
# @param krb_save_credentials
# This option enables credential saving functionality.
#
# @param logroot
# Specifies the location of the virtual host's logfiles.
#
# @param logroot_ensure
# Determines whether or not to remove the logroot directory for a virtual host.
#
# @param logroot_mode
# Overrides the mode the logroot directory is set to. Do *not* grant write access to the
# directory the logs are stored in without being aware of the consequences; for more
# information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security).
#
# @param logroot_owner
# Sets individual user access to the logroot directory.
#
# @param logroot_group
# Sets group access to the `logroot` directory.
#
# @param log_level
# Specifies the verbosity of the error log.
#
# @param modsec_body_limit
# Configures the maximum request body size (in bytes) ModSecurity accepts for buffering.
#
# @param modsec_disable_vhost
# Disables `mod_security` on a virtual host. Only valid if `apache::mod::security` is included.
#
# @param modsec_disable_ids
# Removes `mod_security` IDs from the virtual host.
# Also takes a hash allowing removal of an ID from a specific location.
# ``` puppet
# apache::vhost { 'sample.example.net':
# modsec_disable_ids => [ 90015, 90016 ],
# }
# ```
#
# ``` puppet
# apache::vhost { 'sample.example.net':
# modsec_disable_ids => { '/location1' => [ 90015, 90016 ] },
# }
# ```
#
# @param modsec_disable_ips
# Specifies an array of IP addresses to exclude from `mod_security` rule matching.
#
# @param modsec_disable_msgs
# Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing
# removal of an Msg from a specific location.
# ``` puppet
# apache::vhost { 'sample.example.net':
# modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'],
# }
# ```
# ``` puppet
# apache::vhost { 'sample.example.net':
# modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] },
# }
# ```
#
# @param modsec_disable_tags
# Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing
# removal of an Tag from a specific location.
# ``` puppet
# apache::vhost { 'sample.example.net':
# modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'],
# }
# ```
# ``` puppet
# apache::vhost { 'sample.example.net':
# modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] },
# }
# ```
#
# @param modsec_audit_log_file
# If set, it is relative to `logroot`.
# One of the parameters that determines how to send `mod_security` audit
# log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
# If none of those parameters are set, the global audit log is used
# (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
#
# @param modsec_audit_log_pipe
# If `modsec_audit_log_pipe` is set, it should start with a pipe. Example
# `|/path/to/mlogc /path/to/mlogc.conf`.
# One of the parameters that determines how to send `mod_security` audit
# log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
# If none of those parameters are set, the global audit log is used
# (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
#
# @param modsec_audit_log
# If `modsec_audit_log` is `true`, given a virtual host ---for instance, example.com--- it
# defaults to `example.com\_security\_ssl.log` for SSL-encrypted virtual hosts
# and `example.com\_security.log` for unencrypted virtual hosts.
# One of the parameters that determines how to send `mod_security` audit
# log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
# If none of those parameters are set, the global audit log is used
# (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
#
# @param no_proxy_uris
# Specifies URLs you do not want to proxy. This parameter is meant to be used in combination
# with [`proxy_dest`](#proxy_dest).
#
# @param no_proxy_uris_match
# This directive is equivalent to `no_proxy_uris`, but takes regular expressions.
#
# @param proxy_preserve_host
# Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost).
# Setting this parameter to `true` enables the `Host:` line from an incoming request to be
# proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'.
#
# @param proxy_add_headers
# Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders).
# This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For,
# X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server.
#
# @param proxy_error_override
# Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride).
# This directive controls whether Apache should override error pages for proxied content.
#
# @param options
# Sets the `Options` for the specified virtual host. For example:
# ``` puppet
# apache::vhost { 'site.name.fdqn':
# …
# options => ['Indexes','FollowSymLinks','MultiViews'],
# }
# ```
# > **Note**: If you use the `directories` parameter of `apache::vhost`, 'Options',
# 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`.
#
# @param override
# Sets the overrides for the specified virtual host. Accepts an array of
# [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments.
#
# @param passenger_enabled
# Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled)
# directive to `on` or `off`. Requires `apache::mod::passenger` to be included.
# ``` puppet
# apache::vhost { 'sample.example.net':
# docroot => '/path/to/directory',
# directories => [
# { path => '/path/to/directory',
# passenger_enabled => 'on',
# },
# ],
# }
# ```
# > **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html)
# using the PassengerEnabled directive with the PassengerHighPerformance directive.
#
# @param passenger_base_uri
# Sets [PassengerBaseURI](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbase_rui),
# to specify that the given URI is a distinct application served by Passenger.
#
# @param passenger_ruby
# Sets [PassengerRuby](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerruby),
# specifying the Ruby interpreter to use when serving the relevant web applications.
#
# @param passenger_python
# Sets [PassengerPython](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerpython),
# specifying the Python interpreter to use when serving the relevant web applications.
#
# @param passenger_nodejs
# Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengernodejs),
# specifying Node.js command to use when serving the relevant web applications.
#
# @param passenger_meteor_app_settings
# Sets [PassengerMeteorAppSettings](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermeteorappsettings),
# specifying a JSON file with settings for the application when using a Meteor
# application in non-bundled mode.
#
# @param passenger_app_env
# Sets [PassengerAppEnv](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappenv),
# the environment for the Passenger application. If not specified, defaults to the global
# setting or 'production'.
#
# @param passenger_app_root
# Sets [PassengerRoot](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapproot),
# the location of the Passenger application root if different from the DocumentRoot.
#
# @param passenger_app_group_name
# Sets [PassengerAppGroupName](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappgroupname),
# the name of the application group that the current application should belong to.
#
# @param passenger_app_start_command
# Sets [PassengerAppStartCommand](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappstartcommand),
# how Passenger should start your app on a specific port.
#
# @param passenger_app_type
# Sets [PassengerAppType](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapptype),
# to force Passenger to recognize the application as a specific type.
#
# @param passenger_startup_file
# Sets the [PassengerStartupFile](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstartupfile),
# path. This path is relative to the application root.
#
# @param passenger_restart_dir
# Sets the [PassengerRestartDir](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerrestartdir),
# to customize the directory in which `restart.txt` is searched for.
#
# @param passenger_spawn_method
# Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerspawnmethod),
# whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.
#
# @param passenger_load_shell_envvars
# Sets [PassengerLoadShellEnvvars](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerloadshellenvvars),
# to enable or disable the loading of shell environment variables before spawning the application.
#
# @param passenger_rolling_restarts
# Sets [PassengerRollingRestarts](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerrollingrestarts),
# to enable or disable support for zero-downtime application restarts through `restart.txt`.
#
# @param passenger_resist_deployment_errors
# Sets [PassengerResistDeploymentErrors](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerresistdeploymenterrors),
# to enable or disable resistance against deployment errors.
#
# @param passenger_user
# Sets [PassengerUser](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengeruser),
# the running user for sandboxing applications.
#
# @param passenger_group
# Sets [PassengerGroup](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengergroup),
# the running group for sandboxing applications.
#
# @param passenger_friendly_error_pages
# Sets [PassengerFriendlyErrorPages](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerfriendlyerrorpages),
# which can display friendly error pages whenever an application fails to start. This
# friendly error page presents the startup error message, some suggestions for solving
# the problem, a backtrace and a dump of the environment variables.
#
# @param passenger_min_instances
# Sets [PassengerMinInstances](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermininstances),
# the minimum number of application processes to run.
#
# @param passenger_max_instances
# Sets [PassengerMaxInstances](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxinstances),
# the maximum number of application processes to run.
#
# @param passenger_max_preloader_idle_time
# Sets [PassengerMaxPreloaderIdleTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxpreloaderidletime),
# the maximum amount of time the preloader waits before shutting down an idle process.
#
# @param passenger_force_max_concurrent_requests_per_process
# Sets [PassengerForceMaxConcurrentRequestsPerProcess](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerforcemaxconcurrentrequestsperprocess),
# the maximum amount of concurrent requests the application can handle per process.
#
# @param passenger_start_timeout
# Sets [PassengerStartTimeout](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstarttimeout),
# the timeout for the application startup.
#
# @param passenger_concurrency_model
# Sets [PassengerConcurrencyModel](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerconcurrencyodel),
# to specify the I/O concurrency model that should be used for Ruby application processes.
# Passenger supports two concurrency models:
# * `process` – single-threaded, multi-processed I/O concurrency.
# * `thread` – multi-threaded, multi-processed I/O concurrency.
#
# @param passenger_thread_count
# Sets [PassengerThreadCount](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerthreadcount),
# the number of threads that Passenger should spawn per Ruby application process.
# This option only has effect if PassengerConcurrencyModel is `thread`.
#
# @param passenger_max_requests
# Sets [PassengerMaxRequests](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequests),
# the maximum number of requests an application process will process.
#
# @param passenger_max_request_time
# Sets [PassengerMaxRequestTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequesttime),
# the maximum amount of time, in seconds, that an application process may take to
# process a request.
#
# @param passenger_memory_limit
# Sets [PassengerMemoryLimit](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermemorylimit),
# the maximum amount of memory that an application process may use, in megabytes.
#
# @param passenger_stat_throttle_rate
# Sets [PassengerStatThrottleRate](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstatthrottlerate),
# to set a limit, in seconds, on how often Passenger will perform it's filesystem checks.
#
# @param passenger_pre_start
# Sets [PassengerPreStart](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerprestart),
# the URL of the application if pre-starting is required.
#
# @param passenger_high_performance
# Sets [PassengerHighPerformance](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerhighperformance),
# to enhance performance in return for reduced compatibility.
#
# @param passenger_buffer_upload
# Sets [PassengerBufferUpload](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbufferupload),
# to buffer HTTP client request bodies before they are sent to the application.
#
# @param passenger_buffer_response
# Sets [PassengerBufferResponse](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbufferresponse),
# to buffer Happlication-generated responses.
#
# @param passenger_error_override
# Sets [PassengerErrorOverride](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengererroroverride),
# to specify whether Apache will intercept and handle response with HTTP status codes of
# 400 and higher.
#
# @param passenger_max_request_queue_size
# Sets [PassengerMaxRequestQueueSize](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequestqueuesize),
# to specify the maximum amount of requests that are allowed to queue whenever the maximum
# concurrent request limit is reached. If the queue is already at this specified limit, then
# Passenger immediately sends a "503 Service Unavailable" error to any incoming requests.
# A value of 0 means that the queue size is unbounded.
#
# @param passenger_max_request_queue_time
# Sets [PassengerMaxRequestQueueTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequestqueuetime),
# to specify the maximum amount of time that requests are allowed to stay in the queue
# whenever the maximum concurrent request limit is reached. If a request reaches this specified
# limit, then Passenger immeaditly sends a "504 Gateway Timeout" error for that request.
# A value of 0 means that the queue time is unbounded.
#
# @param passenger_sticky_sessions
# Sets [PassengerStickySessions](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessions),
# to specify that, whenever possible, all requests sent by a client will be routed to the same
# originating application process.
#
# @param passenger_sticky_sessions_cookie_name
# Sets [PassengerStickySessionsCookieName](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessionscookiename),
# to specify the name of the sticky sessions cookie.
#
# @param passenger_sticky_sessions_cookie_attributes
# Sets [PassengerStickySessionsCookieAttributes](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessionscookieattributes),
# the attributes of the sticky sessions cookie.
#
# @param passenger_allow_encoded_slashes
# Sets [PassengerAllowEncodedSlashes](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerallowencodedslashes),
# to allow URLs with encoded slashes. Please note that this feature will not work properly
# unless Apache's `AllowEncodedSlashes` is also enabled.
#
# @param passenger_app_log_file
# Sets [PassengerAppLogFile](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapplogfile),
# app specific messages logged to a different file in addition to Passenger log file.
#
# @param passenger_debugger
# Sets [PassengerDebugger](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerdebugger),
# to turn support for Ruby application debugging on or off.
#
# @param passenger_lve_min_uid
# Sets [PassengerLveMinUid](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerlveminuid),
# to only allow the spawning of application processes with UIDs equal to, or higher than, this
# specified value on LVE-enabled kernels.
#
# @param php_values
# Allows per-virtual host setting [`php_value`s](http://php.net/manual/en/configuration.changes.php).
# These flags or values can be overwritten by a user or an application.
# Within a vhost declaration:
# ``` puppet
# php_values => [ 'include_path ".:/usr/local/example-app/include"' ],
# ```
#
# @param php_flags
# Allows per-virtual host setting [`php_flags\``](http://php.net/manual/en/configuration.changes.php).
# These flags or values can be overwritten by a user or an application.
#
# @param php_admin_values
# Allows per-virtual host setting [`php_admin_value`](http://php.net/manual/en/configuration.changes.php).
# These flags or values cannot be overwritten by a user or an application.
#
# @param php_admin_flags
# Allows per-virtual host setting [`php_admin_flag`](http://php.net/manual/en/configuration.changes.php).
# These flags or values cannot be overwritten by a user or an application.
#
# @param port
# Sets the port the host is configured on. The module's defaults ensure the host listens
# on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only
# listens on the port set in this parameter.
#
# @param priority
# Sets the relative load-order for Apache HTTPD VirtualHost configuration files.
# If nothing matches the priority, the first name-based virtual host is used. Likewise,
# passing a higher priority causes the alphabetically first name-based virtual host to be
# used if no other names match.
# > **Note:** You should not need to use this parameter. However, if you do use it, be
# aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'.
# To omit the priority prefix in file names, pass a priority of `false`.
#
# @param protocols
# Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols)
# directive, which lists available protocols for the virutal host.
#
# @param protocols_honor_order
# Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder)
# directive which determines wether the order of Protocols sets precedence during negotiation.
#
# @param proxy_dest
# Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration.
#
# @param proxy_pass
# Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass)
# configuration. Optionally, parameters can be added as an array.
# ``` puppet
# apache::vhost { 'site.name.fdqn':
# …
# proxy_pass => [
# { 'path' => '/a', 'url' => 'http://backend-a/' },
# { 'path' => '/b', 'url' => 'http://backend-b/' },
# { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}},
# { 'path' => '/l', 'url' => 'http://backend-xy',
# 'reverse_urls' => ['http://backend-x', 'http://backend-y'] },
# { 'path' => '/d', 'url' => 'http://backend-a/d',
# 'params' => { 'retry' => '0', 'timeout' => '5' }, },
# { 'path' => '/e', 'url' => 'http://backend-a/e',
# 'keywords' => ['nocanon', 'interpolate'] },
# { 'path' => '/f', 'url' => 'http://backend-f/',
# 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']},
# { 'path' => '/g', 'url' => 'http://backend-g/',
# 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], },
# { 'path' => '/h', 'url' => 'http://backend-h/h',
# 'no_proxy_uris' => ['/h/admin', '/h/server-status'] },
# ],
# }
# ```
# * `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string.
# * `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`.
# * `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings.
# * `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array.
#
# @param proxy_dest_match
# This directive is equivalent to `proxy_dest`, but takes regular expressions, see
# [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)
# for details.
#
# @param proxy_dest_reverse_match
# Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See
# [ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse)
# for details.
#
# @param proxy_pass_match
# This directive is equivalent to `proxy_pass`, but takes regular expressions, see
# [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)
# for details.
#
# @param redirect_dest
# Specifies the address to redirect to.
#
# @param redirect_source
# Specifies the source URIs that redirect to the destination specified in `redirect_dest`.
# If more than one item for redirect is supplied, the source and destination must be the same
# length, and the items are order-dependent.
# ``` puppet
# apache::vhost { 'site.name.fdqn':
# …
# redirect_source => ['/images','/downloads'],
# redirect_dest => ['http://img.example.com/','http://downloads.example.com/'],
# }
# ```
#
# @param redirect_status
# Specifies the status to append to the redirect.
# ``` puppet
# apache::vhost { 'site.name.fdqn':
# …
# redirect_status => ['temp','permanent'],
# }
# ```
#
# @param redirectmatch_regexp
# Determines which server status should be raised for a given regular expression
# and where to forward the user to. Entered as an array alongside redirectmatch_status
# and redirectmatch_dest.
# ``` puppet
# apache::vhost { 'site.name.fdqn':
# …
# redirectmatch_status => ['404','404'],
# redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
# redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
# }
# ```
#
# @param redirectmatch_status
# Determines which server status should be raised for a given regular expression
# and where to forward the user to. Entered as an array alongside redirectmatch_regexp
# and redirectmatch_dest.
# ``` puppet
# apache::vhost { 'site.name.fdqn':
# …
# redirectmatch_status => ['404','404'],
# redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
# redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
# }
# ```
#
# @param redirectmatch_dest
# Determines which server status should be raised for a given regular expression
# and where to forward the user to. Entered as an array alongside redirectmatch_status
# and redirectmatch_regexp.
# ``` puppet
# apache::vhost { 'site.name.fdqn':
# …
# redirectmatch_status => ['404','404'],
# redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
# redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
# }
# ```
#
# @param request_headers
# Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader)
# in various ways, including adding additional request headers, removing request headers,
# and so on.
# ``` puppet
# apache::vhost { 'site.name.fdqn':
# …
# request_headers => [
# 'append MirrorID "mirror 12"',
# 'unset MirrorID',
# ],
# }
# ```
#
# @param rewrites
# Creates URL rewrite rules. Expects an array of hashes.
# Valid Hash keys include `comment`, `rewrite_base`, `rewrite_cond`, `rewrite_rule`
# or `rewrite_map`.
# For example, you can specify that anyone trying to access index.html is served welcome.html
# ``` puppet
# apache::vhost { 'site.name.fdqn':
# …
# rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ]
# }
# ```
# The parameter allows rewrite conditions that, when `true`, execute the associated rule.
# For instance, if you wanted to rewrite URLs only if the visitor is using IE
# ``` puppet
# apache::vhost { 'site.name.fdqn':
# …
# rewrites => [
# {
# comment => 'redirect IE',
# rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
# rewrite_rule => ['^index\.html$ welcome.html'],
# },
# ],
# }
# ```
# You can also apply multiple conditions. For instance, rewrite index.html to welcome.html
# only when the browser is Lynx or Mozilla (version 1 or 2)
# ``` puppet
# apache::vhost { 'site.name.fdqn':
# …
# rewrites => [
# {
# comment => 'Lynx or Mozilla v1/2',
# rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
# rewrite_rule => ['^index\.html$ welcome.html'],
# },
# ],
# }
# ```
# Multiple rewrites and conditions are also possible
# ``` puppet
# apache::vhost { 'site.name.fdqn':
# …
# rewrites => [
# {
# comment => 'Lynx or Mozilla v1/2',
# rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
# rewrite_rule => ['^index\.html$ welcome.html'],
# },
# {
# comment => 'Internet Explorer',
# rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
# rewrite_rule => ['^index\.html$ /index.IE.html [L]'],
# },
# {
# rewrite_base => /apps/,
# rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'],
# },
# { comment => 'Rewrite to lower case',
# rewrite_cond => ['%{REQUEST_URI} [A-Z]'],
# rewrite_map => ['lc int:tolower'],
# rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'],
# },
# ],
# }
# ```
# Refer to the [`mod_rewrite` documentation](https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html)
# for more details on what is possible with rewrite rules and conditions.
# > **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite`
# and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather
# than setting the rewrites in the virtual host's directories.
#
# @param rewrite_base
# The parameter [`rewrite_base`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase)
# specifies the URL prefix to be used for per-directory (htaccess) RewriteRule directives
# that substitue a relative path.
#
# @param rewrite_rule
# The parameter [`rewrite_rile`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule)
# allows the user to define the rules that will be used by the rewrite engine.
#
# @param rewrite_cond
# The parameter [`rewrite_cond`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond)
# defines a rule condition, that when satisfied will implement that rule within the
# rewrite engine.
#
# @param rewrite_inherit
# Determines whether the virtual host inherits global rewrite rules.
# Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or
# inside the virtual host `.conf` file. By default, virtual hosts do not inherit
# global settings. To activate inheritance, specify the `rewrites` parameter and set
# `rewrite_inherit` parameter to `true`:
# ``` puppet
# apache::vhost { 'site.name.fdqn':
# …
# rewrites => [
# ,
# ],
# rewrite_inherit => `true`,
# }
# ```
# > **Note**: The `rewrites` parameter is **required** for this to have effect
# Apache activates global `Rewrite` rules inheritance if the virtual host files contains
# the following directives:
# ``` ApacheConf
# RewriteEngine On
# RewriteOptions Inherit
# ```
# Refer to the official [`mod_rewrite`](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html)
# documentation, section "Rewriting in Virtual Hosts".
#
# @param scriptalias
# Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as
# '/usr/scripts'.
#
# @param scriptaliases
# > **Note**: This parameter is deprecated in favor of the `aliases` parameter.
# Passes an array of hashes to the virtual host to create either ScriptAlias or
# ScriptAliasMatch statements per the `mod_alias` documentation.
# ``` puppet
# scriptaliases => [
# {
# alias => '/myscript',
# path => '/usr/share/myscript',
# },
# {
# aliasmatch => '^/foo(.*)',
# path => '/usr/share/fooscripts$1',
# },
# {
# aliasmatch => '^/bar/(.*)',
# path => '/usr/share/bar/wrapper.sh/$1',
# },
# {
# alias => '/neatscript',
# path => '/usr/share/neatscript',
# },
# ]
# ```
# The ScriptAlias and ScriptAliasMatch directives are created in the order specified.
# As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases
# before more general ones to avoid shadowing.
#
# @param serveradmin
# Specifies the email address Apache displays when it renders one of its error pages.
#
# @param serveraliases
# Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias)
# of the site.
#
# @param servername
# Sets the servername corresponding to the hostname you connect to the virtual host at.
#
# @param setenv
# Used by HTTPD to set environment variables for virtual hosts.
# Example:
# ``` puppet
# apache::vhost { 'setenv.example.com':
# setenv => ['SPECIAL_PATH /foo/bin'],
# }
# ```
#
# @param setenvif
# Used by HTTPD to conditionally set environment variables for virtual hosts.
#
# @param setenvifnocase
# Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching).
#
# @param suexec_user_group
# Allows the spcification of user and group execution privileges for CGI programs through
# inclusion of the `mod_suexec` module.
#
# @param suphp_addhandler
# Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
# working together with suphp_configpath and suphp_engine.
# An example virtual host configuration with suPHP:
# ``` puppet
# apache::vhost { 'suphp.example.com':
# port => '80',
# docroot => '/home/appuser/myphpapp',
# suphp_addhandler => 'x-httpd-php',
# suphp_engine => 'on',
# suphp_configpath => '/etc/php5/apache2',
# directories => { path => '/home/appuser/myphpapp',
# 'suphp' => { user => 'myappuser', group => 'myappgroup' },
# }
# }
# ```
#
# @param suphp_configpath
# Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
# working together with suphp_addhandler and suphp_engine.
# An example virtual host configuration with suPHP:
# ``` puppet
# apache::vhost { 'suphp.example.com':
# port => '80',
# docroot => '/home/appuser/myphpapp',
# suphp_addhandler => 'x-httpd-php',
# suphp_engine => 'on',
# suphp_configpath => '/etc/php5/apache2',
# directories => { path => '/home/appuser/myphpapp',
# 'suphp' => { user => 'myappuser', group => 'myappgroup' },
# }
# }
# ```
#
# @param suphp_engine
# Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
# working together with suphp_configpath and suphp_addhandler.
# An example virtual host configuration with suPHP:
# ``` puppet
# apache::vhost { 'suphp.example.com':
# port => '80',
# docroot => '/home/appuser/myphpapp',
# suphp_addhandler => 'x-httpd-php',
# suphp_engine => 'on',
# suphp_configpath => '/etc/php5/apache2',
# directories => { path => '/home/appuser/myphpapp',
# 'suphp' => { user => 'myappuser', group => 'myappgroup' },
# }
# }
# ```
#
# @param vhost_name
# Enables name-based virtual hosting. If no IP is passed to the virtual host, but the
# virtual host is assigned a port, then the virtual host name is `vhost_name:port`.
# If the virtual host has no assigned IP or port, the virtual host name is set to the
# title of the resource.
#
# @param virtual_docroot
# Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the
# same name. For example, `http://example.com` would map to `/var/www/example.com`.
# ``` puppet
# apache::vhost { 'subdomain.loc':
# vhost_name => '*',
# port => '80',
# virtual_docroot => '/var/www/%-2+',
# docroot => '/var/www',
# serveraliases => ['*.loc',],
# }
# ```
#
# @param wsgi_daemon_process
# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
# wsgi_daemon_process_options, wsgi_process_group,
# wsgi_script_aliases and wsgi_pass_authorization.
# A hash that sets the name of the WSGI daemon, accepting
# [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html).
# An example virtual host configuration with WSGI:
# ``` puppet
# apache::vhost { 'wsgi.example.com':
# port => '80',
# docroot => '/var/www/pythonapp',
# wsgi_daemon_process => 'wsgi',
# wsgi_daemon_process_options =>
# { processes => '2',
# threads => '15',
# display-name => '%{GROUP}',
# },
# wsgi_process_group => 'wsgi',
# wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },
# wsgi_chunked_request => 'On',
# }
# ```
#
# @param wsgi_daemon_process_options
# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
# wsgi_daemon_process, wsgi_process_group,
# wsgi_script_aliases and wsgi_pass_authorization.
# Sets the group ID that the virtual host runs under.
#
# @param wsgi_application_group
# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
# and wsgi_pass_authorization.
# This parameter defines the [`WSGIApplicationGroup directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html),
# thus allowing you to specify which application group the WSGI application belongs to,
# with all WSGI applications within the same group executing within the context of the
# same Python sub interpreter.
#
# @param wsgi_import_script
# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
# and wsgi_pass_authorization.
# This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html),
# which can be used in order to specify a script file to be loaded upon a process starting.
#
# @param wsgi_import_script_options
# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
# and wsgi_pass_authorization.
# This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html),
# which can be used in order to specify a script file to be loaded upon a process starting.
# Specifies the process and aplication groups of the script.
#
# @param wsgi_chunked_request
# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
# and wsgi_pass_authorization.
# This parameter defines the [`WSGIChunkedRequest directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIChunkedRequest.html),
# allowing you to enable support for chunked request content.
# WSGI is technically incapable of supporting chunked request content without all chunked
# request content having first been read in and buffered.
#
# @param wsgi_process_group
# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
# wsgi_daemon_process, wsgi_daemon_process_options,
# wsgi_script_aliases and wsgi_pass_authorization.
# Requires a hash of web paths to filesystem `.wsgi paths/`.
#
# @param wsgi_script_aliases
# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
# and wsgi_pass_authorization.
# Uses the WSGI application to handle authorization instead of Apache when set to `On`.
# For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).
#
# @param wsgi_script_aliases_match
# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
# and wsgi_pass_authorization.
# Uses the WSGI application to handle authorization instead of Apache when set to `On`.
# This directive is similar to `wsgi_script_aliases`, but makes use of regular expressions
# in place of simple prefix matching.
# For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).
#
# @param wsgi_pass_authorization
# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group and
# wsgi_script_aliases.
# Enables support for chunked requests.
#
# @param directories
# The `directories` parameter within the `apache::vhost` class passes an array of hashes
# to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory),
# [File](https://httpd.apache.org/docs/current/mod/core.html#files), and
# [Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks.
# These blocks take the form, `< Directory /path/to/directory>...< /Directory>`.
# The `path` key sets the path for the directory, files, and location blocks. Its value
# must be a path for the `directory`, `files`, and `location` providers, or a regex for
# the `directorymatch`, `filesmatch`, or `locationmatch` providers. Each hash passed to
# `directories` **must** contain `path` as one of the keys.
# The `provider` key is optional. If missing, this key defaults to `directory`.
# Values: `directory`, `files`, `proxy`, `location`, `directorymatch`, `filesmatch`,
# `proxymatch` or `locationmatch`. If you set `provider` to `directorymatch`, it
# uses the keyword `DirectoryMatch` in the Apache config file.
# An example use of `directories`:
# ``` puppet
# apache::vhost { 'files.example.net':
# docroot => '/var/www/files',
# directories => [
# { 'path' => '/var/www/files',
# 'provider' => 'files',
# 'deny' => 'from all',
# },
# ],
# }
# ```
# > **Note:** At least one directory should match the `docroot` parameter. After you
# start declaring directories, `apache::vhost` assumes that all required Directory blocks
# will be declared. If not defined, a single default Directory block is created that matches
# the `docroot` parameter.
# Available handlers, represented as keys, should be placed within the `directory`,
# `files`, or `location` hashes. This looks like
# ``` puppet
# apache::vhost { 'sample.example.net':
# docroot => '/path/to/directory',
# directories => [ { path => '/path/to/directory', handler => value } ],
# }
# ```
# Any handlers you do not set in these hashes are considered `undefined` within Puppet and
# are not added to the virtual host, resulting in the module using their default values.
#
# @param custom_fragment
# Pass a string of custom configuration directives to be placed at the end of the directory
# configuration.
# ``` puppet
# apache::vhost { 'monitor':
# …
# directories => [
# {
# path => '/path/to/directory',
# custom_fragment => '
#
# SetHandler balancer-manager
# Order allow,deny
# Allow from all
#
#
# SetHandler server-status
# Order allow,deny
# Allow from all
#
# ProxyStatus On',
# },
# ]
# }
# ```
#
# @param error_documents
# An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument)
# settings for the directory.
# ``` puppet
# apache::vhost { 'sample.example.net':
# directories => [
# { path => '/srv/www',
# error_documents => [
# { 'error_code' => '503',
# 'document' => '/service-unavail',
# },
# ],
# },
# ],
# }
# ```
#
# @param h2_copy_files
# Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive.
# Note that you must declare `class {'apache::mod::http2': }` before using this directive.
#
# @param h2_push_resource
# Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive.
# Note that you must declare `class {'apache::mod::http2': }` before using this directive.
#
# @param headers
# Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives.
# ``` puppet
# apache::vhost { 'sample.example.net':
# docroot => '/path/to/directory',
# directories => {
# path => '/path/to/directory',
# headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
# },
# }
# ```
#
# @param options
# Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the
# given Directory block.
# ``` puppet
# apache::vhost { 'sample.example.net':
# docroot => '/path/to/directory',
# directories => [
# { path => '/path/to/directory',
# options => ['Indexes','FollowSymLinks','MultiViews'],
# },
# ],
# }
# ```
#
# @param shib_compat_valid_user
# Default is Off, matching the behavior prior to this command's existence. Addresses a conflict
# when using Shibboleth in conjunction with other auth/auth modules by restoring `standard`
# Apache behavior when processing the `valid-user` and `user` Require rules. See the
# [`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions),
# and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess)
# topic for more details. This key is disabled if `apache::mod::shib` is not defined.
#
# @param ssl_options
# String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions),
# which configure SSL engine run-time options. This handler takes precedence over SSLOptions
# set in the parent block of the virtual host.
# ``` puppet
# apache::vhost { 'secure.example.net':
# docroot => '/path/to/directory',
# directories => [
# { path => '/path/to/directory',
# ssl_options => '+ExportCertData',
# },
# { path => '/path/to/different/dir',
# ssl_options => ['-StdEnvVars', '+ExportCertData'],
# },
# ],
# }
# ```
#
# @param additional_includes
# Specifies paths to additional static, specific Apache configuration files in virtual
# host directories.
# ``` puppet
# apache::vhost { 'sample.example.net':
# docroot => '/path/to/directory',
# directories => [
# { path => '/path/to/different/dir',
# additional_includes => ['/custom/path/includes', '/custom/path/another_includes',],
# },
# ],
# }
# ```
#
# @param ssl
# Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries.
#
# @param ssl_ca
# Specifies the SSL certificate authority to be used to verify client certificates used
# for authentication. You must also set `ssl_verify_client` to use this.
#
# @param ssl_cert
# Specifies the SSL certification.
#
# @param ssl_protocol
# Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol).
# Expects an array or space separated string of accepted protocols.
#
# @param ssl_cipher
# Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite).
#
# @param ssl_honorcipherorder
# Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder),
# to cause Apache to use the server's preferred order of ciphers rather than the client's
# preferred order.
#
# @param ssl_certs_dir
# Specifies the location of the SSL certification directory to verify client certs. Will not
# be used unless `ssl_verify_client` is also set (see below).
#
# @param ssl_chain
# Specifies the SSL chain. This default works out of the box, but it must be updated in
# the base `apache` class with your specific certificate information before being used in
# production.
#
# @param ssl_crl
# Specifies the certificate revocation list to use. (This default works out of the box but
# must be updated in the base `apache` class with your specific certificate information
# before being used in production.)
#
# @param ssl_crl_path
# Specifies the location of the certificate revocation list to verify certificates for
# client authentication with. (This default works out of the box but must be updated in
# the base `apache` class with your specific certificate information before being used in
# production.)
#
# @param ssl_crl_check
# Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck)
# for ssl client authentication. The default works out of the box but must be specified when
# using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on
# older versions.
#
# @param ssl_key
# Specifies the SSL key.
# Defaults are based on your operating system. Default work out of the box but must be
# updated in the base `apache` class with your specific certificate information before
# being used in production.
#
# @param ssl_verify_client
# Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient)
# directive, which sets the certificate verification level for client authentication.
# ``` puppet
# apache::vhost { 'sample.example.net':
# …
# ssl_verify_client => 'optional',
# }
# ```
#
# @param ssl_verify_depth
# Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth)
# directive, which specifies the maximum depth of CA certificates in client certificate
# verification. You must set `ssl_verify_client` for it to take effect.
# ``` puppet
# apache::vhost { 'sample.example.net':
# …
# ssl_verify_client => 'require',
# ssl_verify_depth => 1,
# }
# ```
#
# @param ssl_proxy_protocol
# Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol)
# directive, which controls which SSL protocol flavors `mod_ssl` should use when establishing
# its server environment for proxy. It connects to servers using only one of the provided
# protocols.
#
# @param ssl_proxy_verify
# Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify)
# directive, which configures certificate verification of the remote server when a proxy is
# configured to forward requests to a remote SSL server.
#
# @param ssl_proxy_verify_depth
# Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth)
# directive, which configures how deeply mod_ssl should verify before deciding that the
# remote server does not have a valid certificate.
# A depth of 0 means that only self-signed remote server certificates are accepted,
# the default depth of 1 means the remote server certificate can be self-signed or
# signed by a CA that is directly known to the server.
#
# @param ssl_proxy_cipher_suite
# Sets the [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite)
# directive, which controls cipher suites supported for ssl proxy traffic.
#
# @param ssl_proxy_ca_cert
# Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile)
# directive, which specifies an all-in-one file where you can assemble the Certificates
# of Certification Authorities (CA) whose remote servers you deal with. These are used
# for Remote Server Authentication. This file should be a concatenation of the PEM-encoded
# certificate files in order of preference.
#
# @param ssl_proxy_machine_cert
# Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile)
# directive, which specifies an all-in-one file where you keep the certs and keys used
# for this server to authenticate itself to remote servers. This file should be a
# concatenation of the PEM-encoded certificate files in order of preference.
# ``` puppet
# apache::vhost { 'sample.example.net':
# …
# ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem',
# }
# ```
#
# @param ssl_proxy_check_peer_cn
# Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn)
# directive, which specifies whether the remote server certificate's CN field is compared
# against the hostname of the request URL.
#
# @param ssl_proxy_check_peer_name
# Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername)
# directive, which specifies whether the remote server certificate's CN field is compared
# against the hostname of the request URL.
#
# @param ssl_proxy_check_peer_expire
# Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire)
# directive, which specifies whether the remote server certificate is checked for expiration
# or not.
#
# @param ssl_options
# Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions)
# directive, which configures various SSL engine run-time options. This is the global
# setting for the given virtual host and can be a string or an array.
# A string:
# ``` puppet
# apache::vhost { 'sample.example.net':
# …
# ssl_options => '+ExportCertData',
# }
# ```
# An array:
# ``` puppet
# apache::vhost { 'sample.example.net':
# …
# ssl_options => ['+StrictRequire', '+ExportCertData'],
# }
# ```
#
# @param ssl_openssl_conf_cmd
# Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd)
# directive, which provides direct configuration of OpenSSL parameters.
#
# @param ssl_proxyengine
# Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine).
#
# @param ssl_stapling
# Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling).
# By default, uses what is set globally.
# This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
#
# @param ssl_stapling_timeout
# Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive.
# This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
#
# @param ssl_stapling_return_errors
# Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.
# This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
#
# @param use_canonical_name
# Specifies whether to use the [`UseCanonicalName directive`](https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname),
# which allows you to configure how the server determines it's own name and port.
#
# @param define
# this lets you define configuration variables inside a vhost using [`Define`](https://httpd.apache.org/docs/2.4/mod/core.html#define),
# these can then be used to replace configuration values. All Defines are Undefined at the end of the VirtualHost.
#
# @param auth_oidc
# Enable `mod_auth_openidc` parameters for OpenID Connect authentication.
#
# @param oidc_settings
# An Apache::OIDCSettings Struct containing (mod_auth_openidc settings)[https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf].
#
# @param limitreqfields
# The `limitreqfields` parameter sets the maximum number of request header fields in
# an HTTP request. This directive gives the server administrator greater control over
# abnormal client request behavior, which may be useful for avoiding some forms of
# denial-of-service attacks. The value should be increased if normal clients see an error
# response from the server that indicates too many fields were sent in the request.
#
# @param limitreqfieldsize
# The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will
# be allowed within a request header.
#
# @param limitreqline
# Limit the size of the HTTP request line that will be accepted from the client
# This directive sets the number of bytes that will be allowed on the HTTP
# request-line. The LimitRequestLine directive allows the server administrator
# to set the limit on the allowed size of a client's HTTP request-line. Since
# the request-line consists of the HTTP method, URI, and protocol version, the
# LimitRequestLine directive places a restriction on the length of a request-URI
# allowed for a request on the server. A server needs this value to be large
# enough to hold any of its resource names, including any information that might
# be passed in the query part of a GET request.
#
# @param limitreqbody
# Restricts the total size of the HTTP request body sent from the client
# The LimitRequestBody directive allows the user to set a limit on the allowed
# size of an HTTP request message body within the context in which the
# directive is given (server, per-directory, per-file or per-location). If the
# client request exceeds that limit, the server will return an error response
# instead of servicing the request.
#
-define apache::vhost(
+define apache::vhost (
Variant[Boolean,String] $docroot,
$manage_docroot = true,
$virtual_docroot = false,
$port = undef,
$ip = undef,
Boolean $ip_based = false,
$add_listen = true,
$docroot_owner = 'root',
- $docroot_group = $::apache::params::root_group,
+ $docroot_group = $apache::params::root_group,
$docroot_mode = undef,
Array[Enum['h2', 'h2c', 'http/1.1']] $protocols = [],
Optional[Boolean] $protocols_honor_order = undef,
$serveradmin = undef,
Boolean $ssl = false,
- $ssl_cert = $::apache::default_ssl_cert,
- $ssl_key = $::apache::default_ssl_key,
- $ssl_chain = $::apache::default_ssl_chain,
- $ssl_ca = $::apache::default_ssl_ca,
- $ssl_crl_path = $::apache::default_ssl_crl_path,
- $ssl_crl = $::apache::default_ssl_crl,
- $ssl_crl_check = $::apache::default_ssl_crl_check,
- $ssl_certs_dir = $::apache::params::ssl_certs_dir,
+ $ssl_cert = $apache::default_ssl_cert,
+ $ssl_key = $apache::default_ssl_key,
+ $ssl_chain = $apache::default_ssl_chain,
+ $ssl_ca = $apache::default_ssl_ca,
+ $ssl_crl_path = $apache::default_ssl_crl_path,
+ $ssl_crl = $apache::default_ssl_crl,
+ $ssl_crl_check = $apache::default_ssl_crl_check,
+ $ssl_certs_dir = $apache::params::ssl_certs_dir,
$ssl_protocol = undef,
$ssl_cipher = undef,
$ssl_honorcipherorder = undef,
$ssl_verify_client = undef,
$ssl_verify_depth = undef,
Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_proxy_verify = undef,
Optional[Integer[0]] $ssl_proxy_verify_depth = undef,
$ssl_proxy_ca_cert = undef,
Optional[Enum['on', 'off']] $ssl_proxy_check_peer_cn = undef,
Optional[Enum['on', 'off']] $ssl_proxy_check_peer_name = undef,
Optional[Enum['on', 'off']] $ssl_proxy_check_peer_expire = undef,
$ssl_proxy_machine_cert = undef,
$ssl_proxy_cipher_suite = undef,
$ssl_proxy_protocol = undef,
$ssl_options = undef,
$ssl_openssl_conf_cmd = undef,
Boolean $ssl_proxyengine = false,
Optional[Boolean] $ssl_stapling = undef,
$ssl_stapling_timeout = undef,
$ssl_stapling_return_errors = undef,
$priority = undef,
Boolean $default_vhost = false,
$servername = $name,
$serveraliases = [],
$options = ['Indexes','FollowSymLinks','MultiViews'],
$override = ['None'],
$directoryindex = '',
$vhost_name = '*',
- $logroot = $::apache::logroot,
+ $logroot = $apache::logroot,
Enum['directory', 'absent'] $logroot_ensure = 'directory',
$logroot_mode = undef,
$logroot_owner = undef,
$logroot_group = undef,
Optional[Apache::LogLevel] $log_level = undef,
Boolean $access_log = true,
$access_log_file = false,
$access_log_pipe = false,
$access_log_syslog = false,
$access_log_format = false,
$access_log_env_var = false,
Optional[Array] $access_logs = undef,
$aliases = undef,
Optional[Variant[Hash, Array[Variant[Array,Hash]]]] $directories = undef,
Boolean $error_log = true,
$error_log_file = undef,
$error_log_pipe = undef,
$error_log_syslog = undef,
Optional[
Array[
Variant[
String,
Hash[String, Enum['connection', 'request']]
]
]
] $error_log_format = undef,
Optional[Pattern[/^((Strict|Unsafe)?\s*(\b(Registered|Lenient)Methods)?\s*(\b(Allow0\.9|Require1\.0))?)$/]] $http_protocol_options = undef,
$modsec_audit_log = undef,
$modsec_audit_log_file = undef,
$modsec_audit_log_pipe = undef,
$error_documents = [],
Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]] $fallbackresource = undef,
$scriptalias = undef,
$scriptaliases = [],
Optional[Integer] $limitreqfieldsize = undef,
Optional[Integer] $limitreqfields = undef,
Optional[Integer] $limitreqline = undef,
Optional[Integer] $limitreqbody = undef,
$proxy_dest = undef,
$proxy_dest_match = undef,
$proxy_dest_reverse_match = undef,
$proxy_pass = undef,
$proxy_pass_match = undef,
Boolean $proxy_requests = false,
- $suphp_addhandler = $::apache::params::suphp_addhandler,
- Enum['on', 'off'] $suphp_engine = $::apache::params::suphp_engine,
- $suphp_configpath = $::apache::params::suphp_configpath,
+ $suphp_addhandler = $apache::params::suphp_addhandler,
+ Enum['on', 'off'] $suphp_engine = $apache::params::suphp_engine,
+ $suphp_configpath = $apache::params::suphp_configpath,
$php_flags = {},
$php_values = {},
$php_admin_flags = {},
$php_admin_values = {},
$no_proxy_uris = [],
$no_proxy_uris_match = [],
$proxy_preserve_host = false,
$proxy_add_headers = undef,
$proxy_error_override = false,
$redirect_source = '/',
$redirect_dest = undef,
$redirect_status = undef,
$redirectmatch_status = undef,
$redirectmatch_regexp = undef,
$redirectmatch_dest = undef,
$headers = undef,
$request_headers = undef,
$filters = undef,
Optional[Array] $rewrites = undef,
$rewrite_base = undef,
$rewrite_rule = undef,
$rewrite_cond = undef,
$rewrite_inherit = false,
$setenv = [],
$setenvif = [],
$setenvifnocase = [],
$block = [],
Enum['absent', 'present'] $ensure = 'present',
$wsgi_application_group = undef,
Optional[Variant[String,Hash]] $wsgi_daemon_process = undef,
Optional[Hash] $wsgi_daemon_process_options = undef,
$wsgi_import_script = undef,
Optional[Hash] $wsgi_import_script_options = undef,
$wsgi_process_group = undef,
Optional[Hash] $wsgi_script_aliases_match = undef,
Optional[Hash] $wsgi_script_aliases = undef,
Optional[Enum['on', 'off', 'On', 'Off']] $wsgi_pass_authorization = undef,
$wsgi_chunked_request = undef,
Optional[String] $custom_fragment = undef,
Optional[Hash] $itk = undef,
$action = undef,
$fastcgi_server = undef,
$fastcgi_socket = undef,
$fastcgi_dir = undef,
$fastcgi_idle_timeout = undef,
$additional_includes = [],
- $use_optional_includes = $::apache::use_optional_includes,
- $apache_version = $::apache::apache_version,
+ $use_optional_includes = $apache::use_optional_includes,
+ $apache_version = $apache::apache_version,
Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef,
Optional[Pattern[/^[\w-]+ [\w-]+$/]] $suexec_user_group = undef,
Optional[Boolean] $h2_copy_files = undef,
Optional[Boolean] $h2_direct = undef,
Optional[Boolean] $h2_early_hints = undef,
Optional[Integer] $h2_max_session_streams = undef,
Optional[Boolean] $h2_modern_tls_only = undef,
Optional[Boolean] $h2_push = undef,
Optional[Integer] $h2_push_diary_size = undef,
Array[String] $h2_push_priority = [],
Array[String] $h2_push_resource = [],
Optional[Boolean] $h2_serialize_headers = undef,
Optional[Integer] $h2_stream_max_mem_size = undef,
Optional[Integer] $h2_tls_cool_down_secs = undef,
Optional[Integer] $h2_tls_warm_up_size = undef,
Optional[Boolean] $h2_upgrade = undef,
Optional[Integer] $h2_window_size = undef,
Optional[Boolean] $passenger_enabled = undef,
Optional[String] $passenger_base_uri = undef,
Optional[Stdlib::Absolutepath] $passenger_ruby = undef,
Optional[Stdlib::Absolutepath] $passenger_python = undef,
Optional[Stdlib::Absolutepath] $passenger_nodejs = undef,
Optional[String] $passenger_meteor_app_settings = undef,
Optional[String] $passenger_app_env = undef,
Optional[Stdlib::Absolutepath] $passenger_app_root = undef,
Optional[String] $passenger_app_group_name = undef,
Optional[String] $passenger_app_start_command = undef,
Optional[Enum['meteor', 'node', 'rack', 'wsgi']] $passenger_app_type = undef,
Optional[String] $passenger_startup_file = undef,
Optional[String] $passenger_restart_dir = undef,
Optional[Enum['direct', 'smart']] $passenger_spawn_method = undef,
Optional[Boolean] $passenger_load_shell_envvars = undef,
Optional[Boolean] $passenger_rolling_restarts = undef,
Optional[Boolean] $passenger_resist_deployment_errors = undef,
Optional[String] $passenger_user = undef,
Optional[String] $passenger_group = undef,
Optional[Boolean] $passenger_friendly_error_pages = undef,
Optional[Integer] $passenger_min_instances = undef,
Optional[Integer] $passenger_max_instances = undef,
Optional[Integer] $passenger_max_preloader_idle_time = undef,
Optional[Integer] $passenger_force_max_concurrent_requests_per_process = undef,
Optional[Integer] $passenger_start_timeout = undef,
Optional[Enum['process', 'thread']] $passenger_concurrency_model = undef,
Optional[Integer] $passenger_thread_count = undef,
Optional[Integer] $passenger_max_requests = undef,
Optional[Integer] $passenger_max_request_time = undef,
Optional[Integer] $passenger_memory_limit = undef,
Optional[Integer] $passenger_stat_throttle_rate = undef,
Optional[Variant[String,Array[String]]] $passenger_pre_start = undef,
Optional[Boolean] $passenger_high_performance = undef,
Optional[Boolean] $passenger_buffer_upload = undef,
Optional[Boolean] $passenger_buffer_response = undef,
Optional[Boolean] $passenger_error_override = undef,
Optional[Integer] $passenger_max_request_queue_size = undef,
Optional[Integer] $passenger_max_request_queue_time = undef,
Optional[Boolean] $passenger_sticky_sessions = undef,
Optional[String] $passenger_sticky_sessions_cookie_name = undef,
Optional[String] $passenger_sticky_sessions_cookie_attributes = undef,
Optional[Boolean] $passenger_allow_encoded_slashes = undef,
Optional[String] $passenger_app_log_file = undef,
Optional[Boolean] $passenger_debugger = undef,
Optional[Integer] $passenger_lve_min_uid = undef,
$add_default_charset = undef,
$modsec_disable_vhost = undef,
Optional[Variant[Hash, Array]] $modsec_disable_ids = undef,
$modsec_disable_ips = undef,
Optional[Variant[Hash, Array]] $modsec_disable_msgs = undef,
Optional[Variant[Hash, Array]] $modsec_disable_tags = undef,
$modsec_body_limit = undef,
$jk_mounts = undef,
Boolean $auth_kerb = false,
$krb_method_negotiate = 'on',
$krb_method_k5passwd = 'on',
$krb_authoritative = 'on',
$krb_auth_realms = [],
$krb_5keytab = undef,
$krb_local_user_mapping = undef,
$krb_verify_kdc = 'on',
$krb_servicename = 'HTTP',
$krb_save_credentials = 'off',
Optional[Enum['on', 'off']] $keepalive = undef,
$keepalive_timeout = undef,
$max_keepalive_requests = undef,
$cas_attribute_prefix = undef,
$cas_attribute_delimiter = undef,
$cas_root_proxied_as = undef,
$cas_scrub_request_headers = undef,
$cas_sso_enabled = undef,
$cas_login_url = undef,
$cas_validate_url = undef,
$cas_validate_saml = undef,
Optional[String] $shib_compat_valid_user = undef,
Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']] $use_canonical_name = undef,
Optional[Variant[String,Array[String]]] $comment = undef,
Hash $define = {},
Boolean $auth_oidc = false,
Optional[Apache::OIDCSettings] $oidc_settings = undef,
) {
-
# The base class must be included first because it is used by parameter defaults
if ! defined(Class['apache']) {
fail('You must include the apache base class before using any apache defined resources')
}
- $apache_name = $::apache::apache_name
+ $apache_name = $apache::apache_name
if $rewrites {
unless empty($rewrites) {
$rewrites_flattened = delete_undef_values(flatten([$rewrites]))
assert_type(Array[Hash], $rewrites_flattened)
}
}
# Input validation begins
if $access_log_file and $access_log_pipe {
fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time")
}
if $error_log_file and $error_log_pipe {
fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time")
}
if $modsec_audit_log_file and $modsec_audit_log_pipe {
fail("Apache::Vhost[${name}]: 'modsec_audit_log_file' and 'modsec_audit_log_pipe' cannot be defined at the same time")
}
# Input validation ends
if $ssl and $ensure == 'present' {
- include ::apache::mod::ssl
+ include apache::mod::ssl
# Required for the AddType lines.
- include ::apache::mod::mime
+ include apache::mod::mime
}
if $auth_kerb and $ensure == 'present' {
- include ::apache::mod::auth_kerb
+ include apache::mod::auth_kerb
}
if $auth_oidc and $ensure == 'present' {
- include ::apache::mod::auth_openidc
+ include apache::mod::auth_openidc
}
if $virtual_docroot {
- include ::apache::mod::vhost_alias
+ include apache::mod::vhost_alias
}
if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization {
- include ::apache::mod::wsgi
+ include apache::mod::wsgi
}
if $suexec_user_group {
- include ::apache::mod::suexec
+ include apache::mod::suexec
}
if $passenger_enabled != undef or $passenger_start_timeout != undef or $passenger_ruby != undef or $passenger_python != undef or $passenger_nodejs != undef or $passenger_meteor_app_settings != undef or $passenger_app_env != undef or $passenger_app_root != undef or $passenger_app_group_name != undef or $passenger_app_start_command != undef or $passenger_app_type != undef or $passenger_startup_file != undef or $passenger_restart_dir != undef or $passenger_spawn_method != undef or $passenger_load_shell_envvars != undef or $passenger_rolling_restarts != undef or $passenger_resist_deployment_errors != undef or $passenger_min_instances != undef or $passenger_max_instances != undef or $passenger_max_preloader_idle_time != undef or $passenger_force_max_concurrent_requests_per_process != undef or $passenger_concurrency_model != undef or $passenger_thread_count != undef or $passenger_high_performance != undef or $passenger_max_request_queue_size != undef or $passenger_max_request_queue_time != undef or $passenger_user != undef or $passenger_group != undef or $passenger_friendly_error_pages != undef or $passenger_buffer_upload != undef or $passenger_buffer_response != undef or $passenger_allow_encoded_slashes != undef or $passenger_lve_min_uid != undef or $passenger_base_uri != undef or $passenger_error_override != undef or $passenger_sticky_sessions != undef or $passenger_sticky_sessions_cookie_name != undef or $passenger_sticky_sessions_cookie_attributes != undef or $passenger_app_log_file != undef or $passenger_debugger != undef or $passenger_max_requests != undef or $passenger_max_request_time != undef or $passenger_memory_limit != undef {
- include ::apache::mod::passenger
+ include apache::mod::passenger
}
# Configure the defaultness of a vhost
if $priority {
$priority_real = "${priority}-"
} elsif $priority == false {
$priority_real = ''
} elsif $default_vhost {
$priority_real = '10-'
} else {
$priority_real = '25-'
}
## Apache include does not always work with spaces in the filename
$filename = regsubst($name, ' ', '_', 'G')
# This ensures that the docroot exists
# But enables it to be specified across multiple vhost resources
if $manage_docroot and $docroot and ! defined(File[$docroot]) {
file { $docroot:
ensure => directory,
owner => $docroot_owner,
group => $docroot_group,
mode => $docroot_mode,
require => Package['httpd'],
before => Concat["${priority_real}${filename}.conf"],
}
}
# Same as above, but for logroot
if ! defined(File[$logroot]) {
file { $logroot:
ensure => $logroot_ensure,
owner => $logroot_owner,
group => $logroot_group,
mode => $logroot_mode,
require => Package['httpd'],
before => Concat["${priority_real}${filename}.conf"],
notify => Class['Apache::Service'],
}
}
# Is apache::mod::shib enabled (or apache::mod['shib2'])
$shibboleth_enabled = defined(Apache::Mod['shib2'])
# Is apache::mod::cas enabled (or apache::mod['cas'])
$cas_enabled = defined(Apache::Mod['auth_cas'])
if $access_log and !$access_logs {
$_access_logs = [{
- 'file' => $access_log_file,
- 'pipe' => $access_log_pipe,
- 'syslog' => $access_log_syslog,
- 'format' => $access_log_format,
- 'env' => $access_log_env_var
+ 'file' => $access_log_file,
+ 'pipe' => $access_log_pipe,
+ 'syslog' => $access_log_syslog,
+ 'format' => $access_log_format,
+ 'env' => $access_log_env_var
}]
} elsif $access_logs {
$_access_logs = $access_logs
}
if $error_log_file {
if $error_log_file =~ /^\// {
# Absolute path provided - don't prepend $logroot
$error_log_destination = $error_log_file
} else {
$error_log_destination = "${logroot}/${error_log_file}"
}
} elsif $error_log_pipe {
$error_log_destination = $error_log_pipe
} elsif $error_log_syslog {
$error_log_destination = $error_log_syslog
} else {
if $ssl {
$error_log_destination = "${logroot}/${name}_error_ssl.log"
} else {
$error_log_destination = "${logroot}/${name}_error.log"
}
}
if versioncmp($apache_version, '2.4') >= 0 {
$error_log_format24 = $error_log_format
}
else {
$error_log_format24 = undef
}
if $modsec_audit_log == false {
$modsec_audit_log_destination = undef
} elsif $modsec_audit_log_file {
$modsec_audit_log_destination = "${logroot}/${modsec_audit_log_file}"
} elsif $modsec_audit_log_pipe {
$modsec_audit_log_destination = $modsec_audit_log_pipe
} elsif $modsec_audit_log {
if $ssl {
$modsec_audit_log_destination = "${logroot}/${name}_security_ssl.log"
} else {
$modsec_audit_log_destination = "${logroot}/${name}_security.log"
}
} else {
$modsec_audit_log_destination = undef
}
-
if $ip {
$_ip = any2array(enclose_ipv6($ip))
if $port {
$_port = any2array($port)
$listen_addr_port = split(inline_template("<%= @_ip.product(@_port).map {|x| x.join(':') }.join(',')%>"), ',')
$nvh_addr_port = split(inline_template("<%= @_ip.product(@_port).map {|x| x.join(':') }.join(',')%>"), ',')
} else {
$listen_addr_port = undef
$nvh_addr_port = $_ip
if ! $servername and ! $ip_based {
fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts")
}
}
} else {
if $port {
$listen_addr_port = $port
$nvh_addr_port = prefix(any2array($port),"${vhost_name}:")
} else {
$listen_addr_port = undef
$nvh_addr_port = $name
if ! $servername and $servername != '' {
fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter")
}
}
}
if $add_listen {
if $ip and defined(Apache::Listen[String($port)]) {
fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this")
}
if $listen_addr_port and $ensure == 'present' {
ensure_resource('apache::listen', $listen_addr_port)
}
}
if ! $ip_based {
if $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) {
ensure_resource('apache::namevirtualhost', $nvh_addr_port)
}
}
# Load mod_rewrite if needed and not yet loaded
if $rewrites or $rewrite_cond {
if ! defined(Class['apache::mod::rewrite']) {
- include ::apache::mod::rewrite
+ include apache::mod::rewrite
}
}
# Load mod_alias if needed and not yet loaded
if ($scriptalias or $scriptaliases != [])
- or ($aliases and $aliases != [])
- or ($redirect_source and $redirect_dest)
- or ($redirectmatch_regexp or $redirectmatch_status or $redirectmatch_dest){
+ or ($aliases and $aliases != [])
+ or ($redirect_source and $redirect_dest)
+ or ($redirectmatch_regexp or $redirectmatch_status or $redirectmatch_dest) {
if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') {
- include ::apache::mod::alias
+ include apache::mod::alias
}
}
# Load mod_proxy if needed and not yet loaded
if ($proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match) {
if ! defined(Class['apache::mod::proxy']) {
- include ::apache::mod::proxy
+ include apache::mod::proxy
}
if ! defined(Class['apache::mod::proxy_http']) {
- include ::apache::mod::proxy_http
+ include apache::mod::proxy_http
}
}
# Load mod_fastcgi if needed and not yet loaded
if $fastcgi_server and $fastcgi_socket {
if ! defined(Class['apache::mod::fastcgi']) {
- include ::apache::mod::fastcgi
+ include apache::mod::fastcgi
}
}
# Check if mod_headers is required to process $headers/$request_headers
if $headers or $request_headers {
if ! defined(Class['apache::mod::headers']) {
- include ::apache::mod::headers
+ include apache::mod::headers
}
}
# Check if mod_filter is required to process $filters
if $filters {
if ! defined(Class['apache::mod::filter']) {
- include ::apache::mod::filter
+ include apache::mod::filter
}
}
# Check if mod_env is required and not yet loaded.
# create an expression to simplify the conditional check
$use_env_mod = $setenv and ! empty($setenv)
if ($use_env_mod) {
if ! defined(Class['apache::mod::env']) {
- include ::apache::mod::env
+ include apache::mod::env
}
}
# Check if mod_setenvif is required and not yet loaded.
# create an expression to simplify the conditional check
$use_setenvif_mod = ($setenvif and ! empty($setenvif)) or ($setenvifnocase and ! empty($setenvifnocase))
if ($use_setenvif_mod) {
if ! defined(Class['apache::mod::setenvif']) {
- include ::apache::mod::setenvif
+ include apache::mod::setenvif
}
}
## Create a default directory list if none defined
if $directories {
$_directories = $directories
} elsif $docroot {
$_directory = {
provider => 'directory',
path => $docroot,
options => $options,
allow_override => $override,
directoryindex => $directoryindex,
}
if versioncmp($apache_version, '2.4') >= 0 {
$_directory_version = {
require => 'all granted',
}
} else {
$_directory_version = {
order => 'allow,deny',
allow => 'from all',
}
}
- $_directories = [ merge($_directory, $_directory_version) ]
+ $_directories = [merge($_directory, $_directory_version)]
} else {
$_directories = undef
}
## Create a global LocationMatch if locations aren't defined
if $modsec_disable_ids {
if $modsec_disable_ids =~ Array {
$_modsec_disable_ids = { '.*' => $modsec_disable_ids }
} else {
$_modsec_disable_ids = $modsec_disable_ids
}
}
if $modsec_disable_msgs {
if $modsec_disable_msgs =~ Array {
$_modsec_disable_msgs = { '.*' => $modsec_disable_msgs }
} else {
$_modsec_disable_msgs = $modsec_disable_msgs
}
}
if $modsec_disable_tags {
if $modsec_disable_tags =~ Array {
$_modsec_disable_tags = { '.*' => $modsec_disable_tags }
} else {
$_modsec_disable_tags = $modsec_disable_tags
}
}
concat { "${priority_real}${filename}.conf":
ensure => $ensure,
- path => "${::apache::vhost_dir}/${priority_real}${filename}.conf",
+ path => "${apache::vhost_dir}/${priority_real}${filename}.conf",
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
order => 'numeric',
require => Package['httpd'],
notify => Class['apache::service'],
}
# NOTE(pabelanger): This code is duplicated in ::apache::vhost::custom and
# needs to be converted into something generic.
- if $::apache::vhost_enable_dir {
- $vhost_enable_dir = $::apache::vhost_enable_dir
+ if $apache::vhost_enable_dir {
+ $vhost_enable_dir = $apache::vhost_enable_dir
$vhost_symlink_ensure = $ensure ? {
- present => link,
+ 'present' => link,
default => $ensure,
}
- file{ "${priority_real}${filename}.conf symlink":
+ file { "${priority_real}${filename}.conf symlink":
ensure => $vhost_symlink_ensure,
path => "${vhost_enable_dir}/${priority_real}${filename}.conf",
- target => "${::apache::vhost_dir}/${priority_real}${filename}.conf",
+ target => "${apache::vhost_dir}/${priority_real}${filename}.conf",
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
require => Concat["${priority_real}${filename}.conf"],
notify => Class['apache::service'],
}
}
# Template uses:
# - $comment
# - $nvh_addr_port
# - $servername
# - $serveradmin
# - $protocols
# - $protocols_honor_order
# - $apache_version
concat::fragment { "${name}-apache-header":
target => "${priority_real}${filename}.conf",
order => 0,
content => template('apache/vhost/_file_header.erb'),
}
# Template uses:
# - $virtual_docroot
# - $docroot
if $docroot {
concat::fragment { "${name}-docroot":
target => "${priority_real}${filename}.conf",
order => 10,
content => template('apache/vhost/_docroot.erb'),
}
}
# Template uses:
# - $aliases
if $aliases and ! empty($aliases) {
concat::fragment { "${name}-aliases":
target => "${priority_real}${filename}.conf",
order => 20,
content => template('apache/vhost/_aliases.erb'),
}
}
# Template uses:
# - $itk
# - $::kernelversion
if $itk and ! empty($itk) {
concat::fragment { "${name}-itk":
target => "${priority_real}${filename}.conf",
order => 30,
content => template('apache/vhost/_itk.erb'),
}
}
# Template uses:
# - $fallbackresource
if $fallbackresource {
concat::fragment { "${name}-fallbackresource":
target => "${priority_real}${filename}.conf",
order => 40,
content => template('apache/vhost/_fallbackresource.erb'),
}
}
# Template uses:
# - $allow_encoded_slashes
if $allow_encoded_slashes {
concat::fragment { "${name}-allow_encoded_slashes":
target => "${priority_real}${filename}.conf",
order => 50,
content => template('apache/vhost/_allow_encoded_slashes.erb'),
}
}
# Template uses:
# - $_directories
# - $docroot
# - $apache_version
# - $suphp_engine
# - $shibboleth_enabled
if $_directories and ! empty($_directories) {
concat::fragment { "${name}-directories":
target => "${priority_real}${filename}.conf",
order => 60,
content => template('apache/vhost/_directories.erb'),
}
}
# Template uses:
# - $additional_includes
if $additional_includes and ! empty($additional_includes) {
concat::fragment { "${name}-additional_includes":
target => "${priority_real}${filename}.conf",
order => 70,
content => template('apache/vhost/_additional_includes.erb'),
}
}
# Template uses:
# - $error_log
# - $error_log_format24
# - $log_level
# - $error_log_destination
# - $log_level
if $error_log or $log_level {
concat::fragment { "${name}-logging":
target => "${priority_real}${filename}.conf",
order => 80,
content => template('apache/vhost/_logging.erb'),
}
}
# Template uses no variables
concat::fragment { "${name}-serversignature":
target => "${priority_real}${filename}.conf",
order => 90,
content => template('apache/vhost/_serversignature.erb'),
}
# Template uses:
# - $access_log
# - $_access_log_env_var
# - $access_log_destination
# - $_access_log_format
# - $_access_log_env_var
# - $access_logs
if $access_log or $access_logs {
concat::fragment { "${name}-access_log":
target => "${priority_real}${filename}.conf",
order => 100,
content => template('apache/vhost/_access_log.erb'),
}
}
# Template uses:
# - $action
if $action {
concat::fragment { "${name}-action":
target => "${priority_real}${filename}.conf",
order => 110,
content => template('apache/vhost/_action.erb'),
}
}
# Template uses:
# - $block
# - $apache_version
if $block and ! empty($block) {
concat::fragment { "${name}-block":
target => "${priority_real}${filename}.conf",
order => 120,
content => template('apache/vhost/_block.erb'),
}
}
# Template uses:
# - $error_documents
if $error_documents and ! empty($error_documents) {
concat::fragment { "${name}-error_document":
target => "${priority_real}${filename}.conf",
order => 130,
content => template('apache/vhost/_error_document.erb'),
}
}
# Template uses:
# - $headers
if $headers and ! empty($headers) {
concat::fragment { "${name}-header":
target => "${priority_real}${filename}.conf",
order => 140,
content => template('apache/vhost/_header.erb'),
}
}
# Template uses:
# - $request_headers
if $request_headers and ! empty($request_headers) {
concat::fragment { "${name}-requestheader":
target => "${priority_real}${filename}.conf",
order => 150,
content => template('apache/vhost/_requestheader.erb'),
}
}
# Template uses:
# - $ssl_proxyengine
# - $ssl_proxy_verify
# - $ssl_proxy_verify_depth
# - $ssl_proxy_ca_cert
# - $ssl_proxy_check_peer_cn
# - $ssl_proxy_check_peer_name
# - $ssl_proxy_check_peer_expire
# - $ssl_proxy_machine_cert
# - $ssl_proxy_protocol
if $ssl_proxyengine {
concat::fragment { "${name}-sslproxy":
target => "${priority_real}${filename}.conf",
order => 160,
content => template('apache/vhost/_sslproxy.erb'),
}
}
# Template uses:
# - $proxy_dest
# - $proxy_pass
# - $proxy_pass_match
# - $proxy_preserve_host
# - $proxy_add_headers
# - $no_proxy_uris
if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match or $proxy_preserve_host {
concat::fragment { "${name}-proxy":
target => "${priority_real}${filename}.conf",
order => 170,
content => template('apache/vhost/_proxy.erb'),
}
}
# Template uses:
# - $redirect_source
# - $redirect_dest
# - $redirect_status
# - $redirect_dest_a
# - $redirect_source_a
# - $redirect_status_a
# - $redirectmatch_status
# - $redirectmatch_regexp
# - $redirectmatch_dest
# - $redirectmatch_status_a
# - $redirectmatch_regexp_a
# - $redirectmatch_dest
if ($redirect_source and $redirect_dest) or ($redirectmatch_regexp and $redirectmatch_dest) {
concat::fragment { "${name}-redirect":
target => "${priority_real}${filename}.conf",
order => 180,
content => template('apache/vhost/_redirect.erb'),
}
}
# Template uses:
# - $rewrites
# - $rewrite_base
# - $rewrite_rule
# - $rewrite_cond
# - $rewrite_map
if $rewrites or $rewrite_rule {
concat::fragment { "${name}-rewrite":
target => "${priority_real}${filename}.conf",
order => 190,
content => template('apache/vhost/_rewrite.erb'),
}
}
# Template uses:
# - $scriptaliases
# - $scriptalias
- if ( $scriptalias or $scriptaliases != [] ) {
+ if ( $scriptalias or $scriptaliases != []) {
concat::fragment { "${name}-scriptalias":
target => "${priority_real}${filename}.conf",
order => 200,
content => template('apache/vhost/_scriptalias.erb'),
}
}
# Template uses:
# - $serveraliases
if $serveraliases and ! empty($serveraliases) {
concat::fragment { "${name}-serveralias":
target => "${priority_real}${filename}.conf",
order => 210,
content => template('apache/vhost/_serveralias.erb'),
}
}
# Template uses:
# - $setenv
# - $setenvif
if ($use_env_mod or $use_setenvif_mod) {
concat::fragment { "${name}-setenv":
target => "${priority_real}${filename}.conf",
order => 220,
content => template('apache/vhost/_setenv.erb'),
}
}
# Template uses:
# - $ssl
# - $ssl_cert
# - $ssl_key
# - $ssl_chain
# - $ssl_certs_dir
# - $ssl_ca
# - $ssl_crl_path
# - $ssl_crl
# - $ssl_crl_check
# - $ssl_protocol
# - $ssl_cipher
# - $ssl_honorcipherorder
# - $ssl_verify_client
# - $ssl_verify_depth
# - $ssl_options
# - $ssl_openssl_conf_cmd
# - $ssl_stapling
# - $apache_version
if $ssl {
concat::fragment { "${name}-ssl":
target => "${priority_real}${filename}.conf",
order => 230,
content => template('apache/vhost/_ssl.erb'),
}
}
# Template uses:
# - $auth_kerb
# - $krb_method_negotiate
# - $krb_method_k5passwd
# - $krb_authoritative
# - $krb_auth_realms
# - $krb_5keytab
# - $krb_local_user_mapping
if $auth_kerb {
concat::fragment { "${name}-auth_kerb":
target => "${priority_real}${filename}.conf",
order => 230,
content => template('apache/vhost/_auth_kerb.erb'),
}
}
# Template uses:
# - $suphp_engine
# - $suphp_addhandler
# - $suphp_configpath
if $suphp_engine == 'on' {
concat::fragment { "${name}-suphp":
target => "${priority_real}${filename}.conf",
order => 240,
content => template('apache/vhost/_suphp.erb'),
}
}
# Template uses:
# - $php_values
# - $php_flags
if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) {
concat::fragment { "${name}-php":
target => "${priority_real}${filename}.conf",
order => 240,
content => template('apache/vhost/_php.erb'),
}
}
# Template uses:
# - $php_admin_values
# - $php_admin_flags
if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) {
concat::fragment { "${name}-php_admin":
target => "${priority_real}${filename}.conf",
order => 250,
content => template('apache/vhost/_php_admin.erb'),
}
}
# Template uses:
# - $wsgi_application_group
# - $wsgi_daemon_process
# - $wsgi_daemon_process_options
# - $wsgi_import_script
# - $wsgi_import_script_options
# - $wsgi_process_group
# - $wsgi_script_aliases
# - $wsgi_pass_authorization
if $wsgi_daemon_process_options {
deprecation('apache::vhost::wsgi_daemon_process_options', 'This parameter is deprecated. Please add values inside Hash `wsgi_daemon_process`.')
}
if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization {
concat::fragment { "${name}-wsgi":
target => "${priority_real}${filename}.conf",
order => 260,
content => template('apache/vhost/_wsgi.erb'),
}
}
# Template uses:
# - $custom_fragment
if $custom_fragment {
concat::fragment { "${name}-custom_fragment":
target => "${priority_real}${filename}.conf",
order => 270,
content => template('apache/vhost/_custom_fragment.erb'),
}
}
# Template uses:
# - $fastcgi_server
# - $fastcgi_socket
# - $fastcgi_dir
# - $fastcgi_idle_timeout
# - $apache_version
if $fastcgi_server or $fastcgi_dir {
concat::fragment { "${name}-fastcgi":
target => "${priority_real}${filename}.conf",
order => 280,
content => template('apache/vhost/_fastcgi.erb'),
}
}
# Template uses:
# - $suexec_user_group
if $suexec_user_group {
concat::fragment { "${name}-suexec":
target => "${priority_real}${filename}.conf",
order => 290,
content => template('apache/vhost/_suexec.erb'),
}
}
if $h2_copy_files != undef or $h2_direct != undef or $h2_early_hints != undef or $h2_max_session_streams != undef or $h2_modern_tls_only != undef or $h2_push != undef or $h2_push_diary_size != undef or $h2_push_priority != [] or $h2_push_resource != [] or $h2_serialize_headers != undef or $h2_stream_max_mem_size != undef or $h2_tls_cool_down_secs != undef or $h2_tls_warm_up_size != undef or $h2_upgrade != undef or $h2_window_size != undef {
- include ::apache::mod::http2
+ include apache::mod::http2
concat::fragment { "${name}-http2":
target => "${priority_real}${filename}.conf",
order => 300,
content => template('apache/vhost/_http2.erb'),
}
}
# Template uses:
# - $passenger_enabled
# - $passenger_start_timeout
# - $passenger_ruby
# - $passenger_python
# - $passenger_nodejs
# - $passenger_meteor_app_settings
# - $passenger_app_env
# - $passenger_app_root
# - $passenger_app_group_name
# - $passenger_app_start_command
# - $passenger_app_type
# - $passenger_startup_file
# - $passenger_restart_dir
# - $passenger_spawn_method
# - $passenger_load_shell_envvars
# - $passenger_rolling_restarts
# - $passenger_resist_deployment_errors
# - $passenger_min_instances
# - $passenger_max_instances
# - $passenger_max_preloader_idle_time
# - $passenger_force_max_concurrent_requests_per_process
# - $passenger_concurrency_model
# - $passenger_thread_count
# - $passenger_high_performance
# - $passenger_max_request_queue_size
# - $passenger_max_request_queue_time
# - $passenger_user
# - $passenger_group
# - $passenger_friendly_error_pages
# - $passenger_buffer_upload
# - $passenger_buffer_response
# - $passenger_allow_encoded_slashes
# - $passenger_lve_min_uid
# - $passenger_base_uri
# - $passenger_error_override
# - $passenger_sticky_sessions
# - $passenger_sticky_sessions_cookie_name
# - $passenger_sticky_sessions_cookie_attributes
# - $passenger_app_log_file
# - $passenger_debugger
# - $passenger_max_requests
# - $passenger_max_request_time
# - $passenger_memory_limit
if $passenger_enabled != undef or $passenger_start_timeout != undef or $passenger_ruby != undef or $passenger_python != undef or $passenger_nodejs != undef or $passenger_meteor_app_settings != undef or $passenger_app_env != undef or $passenger_app_root != undef or $passenger_app_group_name != undef or $passenger_app_start_command != undef or $passenger_app_type != undef or $passenger_startup_file != undef or $passenger_restart_dir != undef or $passenger_spawn_method != undef or $passenger_load_shell_envvars != undef or $passenger_rolling_restarts != undef or $passenger_resist_deployment_errors != undef or $passenger_min_instances != undef or $passenger_max_instances != undef or $passenger_max_preloader_idle_time != undef or $passenger_force_max_concurrent_requests_per_process != undef or $passenger_concurrency_model != undef or $passenger_thread_count != undef or $passenger_high_performance != undef or $passenger_max_request_queue_size != undef or $passenger_max_request_queue_time != undef or $passenger_user != undef or $passenger_group != undef or $passenger_friendly_error_pages != undef or $passenger_buffer_upload != undef or $passenger_buffer_response != undef or $passenger_allow_encoded_slashes != undef or $passenger_lve_min_uid != undef or $passenger_base_uri != undef or $passenger_error_override != undef or $passenger_sticky_sessions != undef or $passenger_sticky_sessions_cookie_name != undef or $passenger_sticky_sessions_cookie_attributes != undef or $passenger_app_log_file != undef or $passenger_debugger != undef or $passenger_max_requests != undef or $passenger_max_request_time != undef or $passenger_memory_limit != undef {
concat::fragment { "${name}-passenger":
target => "${priority_real}${filename}.conf",
order => 300,
content => template('apache/vhost/_passenger.erb'),
}
}
# Template uses:
# - $add_default_charset
if $add_default_charset {
concat::fragment { "${name}-charsets":
target => "${priority_real}${filename}.conf",
order => 310,
content => template('apache/vhost/_charsets.erb'),
}
}
# Template uses:
# - $modsec_disable_vhost
# - $modsec_disable_ids
# - $modsec_disable_ips
# - $modsec_disable_msgs
# - $modsec_disable_tags
# - $modsec_body_limit
# - $modsec_audit_log_destination
if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips or $modsec_disable_msgs or $modsec_disable_tags or $modsec_audit_log_destination {
concat::fragment { "${name}-security":
target => "${priority_real}${filename}.conf",
order => 320,
content => template('apache/vhost/_security.erb'),
}
}
# Template uses:
# - $filters
if $filters and ! empty($filters) {
concat::fragment { "${name}-filters":
target => "${priority_real}${filename}.conf",
order => 330,
content => template('apache/vhost/_filters.erb'),
}
}
# Template uses:
# - $jk_mounts
if $jk_mounts and ! empty($jk_mounts) {
concat::fragment { "${name}-jk_mounts":
target => "${priority_real}${filename}.conf",
order => 340,
content => template('apache/vhost/_jk_mounts.erb'),
}
}
# Template uses:
# - $keepalive
# - $keepalive_timeout
# - $max_keepalive_requests
if $keepalive or $keepalive_timeout or $max_keepalive_requests {
concat::fragment { "${name}-keepalive_options":
target => "${priority_real}${filename}.conf",
order => 350,
content => template('apache/vhost/_keepalive_options.erb'),
}
}
# Template uses:
# - $cas_*
if $cas_enabled {
concat::fragment { "${name}-auth_cas":
target => "${priority_real}${filename}.conf",
order => 350,
content => template('apache/vhost/_auth_cas.erb'),
}
}
# Template uses:
# - $http_protocol_options
if $http_protocol_options {
concat::fragment { "${name}-http_protocol_options":
target => "${priority_real}${filename}.conf",
order => 350,
content => template('apache/vhost/_http_protocol_options.erb'),
}
}
# Template uses:
# - $auth_oidc
# - $oidc_settings
if $auth_oidc {
concat::fragment { "${name}-auth_oidc":
target => "${priority_real}${filename}.conf",
order => 360,
content => template('apache/vhost/_auth_oidc.erb'),
}
}
# Template uses:
# - $shib_compat_valid_user
if $shibboleth_enabled {
concat::fragment { "${name}-shibboleth":
target => "${priority_real}${filename}.conf",
order => 370,
content => template('apache/vhost/_shib.erb'),
}
}
# - $use_canonical_name
if $use_canonical_name {
concat::fragment { "${name}-use_canonical_name":
target => "${priority_real}${filename}.conf",
order => 360,
content => template('apache/vhost/_use_canonical_name.erb'),
}
}
# Template uses no variables
concat::fragment { "${name}-file_footer":
target => "${priority_real}${filename}.conf",
order => 999,
content => template('apache/vhost/_file_footer.erb'),
}
}
diff --git a/manifests/vhost/custom.pp b/manifests/vhost/custom.pp
index 2dfa8a1d..56e8b125 100644
--- a/manifests/vhost/custom.pp
+++ b/manifests/vhost/custom.pp
@@ -1,56 +1,56 @@
# @summary
# A wrapper around the `apache::custom_config` defined type.
#
# The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache.
#
# @param content
# Sets the configuration file's content.
#
# @param ensure
# Specifies if the virtual host file is present or absent.
#
# @param priority
# Sets the relative load order for Apache HTTPD VirtualHost configuration files.
#
# @param verify_config
# Specifies whether to validate the configuration file before notifying the Apache service.
#
-define apache::vhost::custom(
+define apache::vhost::custom (
$content,
$ensure = 'present',
$priority = '25',
$verify_config = true,
) {
- include ::apache
+ include apache
## Apache include does not always work with spaces in the filename
$filename = regsubst($name, ' ', '_', 'G')
::apache::custom_config { $filename:
ensure => $ensure,
- confdir => $::apache::vhost_dir,
+ confdir => $apache::vhost_dir,
content => $content,
priority => $priority,
verify_config => $verify_config,
}
# NOTE(pabelanger): This code is duplicated in ::apache::vhost and needs to
# converted into something generic.
- if $::apache::vhost_enable_dir {
+ if $apache::vhost_enable_dir {
$vhost_symlink_ensure = $ensure ? {
- present => link,
+ 'present' => link,
default => $ensure,
}
file { "${priority}-${filename}.conf symlink":
ensure => $vhost_symlink_ensure,
- path => "${::apache::vhost_enable_dir}/${priority}-${filename}.conf",
- target => "${::apache::vhost_dir}/${priority}-${filename}.conf",
+ path => "${apache::vhost_enable_dir}/${priority}-${filename}.conf",
+ target => "${apache::vhost_dir}/${priority}-${filename}.conf",
owner => 'root',
- group => $::apache::params::root_group,
- mode => $::apache::file_mode,
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
require => Apache::Custom_config[$filename],
notify => Class['apache::service'],
}
}
}
diff --git a/manifests/vhost/fragment.pp b/manifests/vhost/fragment.pp
index e5b33184..37a3105b 100644
--- a/manifests/vhost/fragment.pp
+++ b/manifests/vhost/fragment.pp
@@ -1,80 +1,80 @@
# @summary Define a fragment within a vhost
#
# @param vhost
# The title of the vhost resource to append to
#
# @param priority
# Set the priority to match the one `apache::vhost` sets. This must match the
# one `apache::vhost` sets or else the concat fragment won't be found.
#
# @param content
# The content to put in the fragment. Only when it's non-empty the actual
# fragment will be created.
#
# @param order
# The order to insert the fragment at
#
# @example With a vhost without priority
# include apache
# apache::vhost { 'myvhost':
# }
# apache::vhost::fragment { 'myfragment':
# vhost => 'myvhost',
# content => '# Foo',
# }
#
# @example With a vhost with priority
# include apache
# apache::vhost { 'myvhost':
# priority => '42',
# }
# apache::vhost::fragment { 'myfragment':
# vhost => 'myvhost',
# priority => '42',
# content => '# Foo',
# }
#
# @example With a vhost with default vhost
# include apache
# apache::vhost { 'myvhost':
# default_vhost => true,
# }
# apache::vhost::fragment { 'myfragment':
# vhost => 'myvhost',
# priority => '10', # default_vhost implies priority 10
# content => '# Foo',
# }
#
# @example Adding a fragment to the built in default vhost
# include apache
# apache::vhost::fragment { 'myfragment':
# vhost => 'default',
# priority => '15',
# content => '# Foo',
# }
#
-define apache::vhost::fragment(
+define apache::vhost::fragment (
String[1] $vhost,
$priority = undef,
Optional[String] $content = undef,
Integer[0] $order = 900,
) {
# This copies the logic from apache::vhost
if $priority {
$priority_real = "${priority}-"
} elsif $priority == false {
$priority_real = ''
} else {
$priority_real = '25-'
}
$filename = regsubst($vhost, ' ', '_', 'G')
if $content =~ String[1] {
concat::fragment { "${vhost}-${title}":
target => "${priority_real}${filename}.conf",
order => $order,
content => $content,
}
}
}
diff --git a/manifests/vhosts.pp b/manifests/vhosts.pp
index 8a37752b..6d0fcf27 100644
--- a/manifests/vhosts.pp
+++ b/manifests/vhosts.pp
@@ -1,26 +1,26 @@
# @summary
# Creates `apache::vhost` defined types.
#
# @note See the `apache::vhost` defined type's reference for a list of all virtual
# host parameters or Configuring virtual hosts in the README section.
#
# @example To create a [name-based virtual host](https://httpd.apache.org/docs/current/vhosts/name-based.html) `custom_vhost_1`
# class { 'apache::vhosts':
# vhosts => {
# 'custom_vhost_1' => {
# 'docroot' => '/var/www/custom_vhost_1',
# 'port' => '81',
# },
# },
# }
#
# @param vhosts
# A hash, where the key represents the name and the value represents a hash of
# `apache::vhost` defined type's parameters.
#
class apache::vhosts (
$vhosts = {},
) {
- include ::apache
+ include apache
create_resources('apache::vhost', $vhosts)
}