diff --git a/CHANGELOG.md b/CHANGELOG.md index 90139bc9..7ee7a785 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,1458 +1,1482 @@ # Change log All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## [v7.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v7.0.0) (2021-10-11) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.5.1...v7.0.0) + +### Changed + +- Drop Debian \< 8 and Ubuntu \< 14.04 code [\#2189](https://github.com/puppetlabs/puppetlabs-apache/pull/2189) ([ekohl](https://github.com/ekohl)) +- Drop support and compatibility for Debian \< 9 and Ubuntu \< 16.04 [\#2123](https://github.com/puppetlabs/puppetlabs-apache/pull/2123) ([ekohl](https://github.com/ekohl)) + +### Added + +- pdksync - \(IAC-1751\) - Add Support for Rocky 8 [\#2196](https://github.com/puppetlabs/puppetlabs-apache/pull/2196) ([david22swan](https://github.com/david22swan)) +- Allow `docroot` with `mod_vhost_alias` `virtual_docroot` [\#2195](https://github.com/puppetlabs/puppetlabs-apache/pull/2195) ([yakatz](https://github.com/yakatz)) + +### Fixed + +- Restore Ubuntu 14.04 support in suphp [\#2193](https://github.com/puppetlabs/puppetlabs-apache/pull/2193) ([ekohl](https://github.com/ekohl)) +- add double quote on scope parameter [\#2191](https://github.com/puppetlabs/puppetlabs-apache/pull/2191) ([aba-rechsteiner](https://github.com/aba-rechsteiner)) +- Debian 11: fix typo in `versioncmp()` / set default php to 7.4 [\#2186](https://github.com/puppetlabs/puppetlabs-apache/pull/2186) ([bastelfreak](https://github.com/bastelfreak)) + ## [v6.5.1](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.5.1) (2021-08-25) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.5.0...v6.5.1) ### Fixed - \(maint\) Allow stdlib 8.0.0 [\#2184](https://github.com/puppetlabs/puppetlabs-apache/pull/2184) ([smortex](https://github.com/smortex)) ## [v6.5.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.5.0) (2021-08-24) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.4.0...v6.5.0) ### Added - pdksync - \(IAC-1709\) - Add Support for Debian 11 [\#2180](https://github.com/puppetlabs/puppetlabs-apache/pull/2180) ([david22swan](https://github.com/david22swan)) ## [v6.4.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.4.0) (2021-08-02) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.3.1...v6.4.0) ### Added - \(MODULES-11075\) Improve future version handling for RHEL [\#2174](https://github.com/puppetlabs/puppetlabs-apache/pull/2174) ([mwhahaha](https://github.com/mwhahaha)) - Allow custom userdir directives [\#2164](https://github.com/puppetlabs/puppetlabs-apache/pull/2164) ([hunner](https://github.com/hunner)) - Add feature to reload apache service when content of ssl files has changed [\#2157](https://github.com/puppetlabs/puppetlabs-apache/pull/2157) ([timdeluxe](https://github.com/timdeluxe)) ## [v6.3.1](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.3.1) (2021-07-22) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.3.0...v6.3.1) ### Fixed - \(MODULES-10899\) Load php module with the right libphp file [\#2166](https://github.com/puppetlabs/puppetlabs-apache/pull/2166) ([sheenaajay](https://github.com/sheenaajay)) - \(maint\) Fix puppet-strings docs on apache::vhost [\#2165](https://github.com/puppetlabs/puppetlabs-apache/pull/2165) ([ekohl](https://github.com/ekohl)) ## [v6.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.3.0) (2021-06-22) -[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.2.0...v6.3.0) +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/kps_ssl_reload_and_cache_disk_combined_tag...v6.3.0) ### Added - The default disk\_cache.conf.erb caches everything. [\#2142](https://github.com/puppetlabs/puppetlabs-apache/pull/2142) ([Pawa2NR](https://github.com/Pawa2NR)) ### Fixed - Update the default version of Apache for Amazon Linux 2 [\#2158](https://github.com/puppetlabs/puppetlabs-apache/pull/2158) ([turnopil](https://github.com/turnopil)) - Only warn about servername logging if relevant [\#2154](https://github.com/puppetlabs/puppetlabs-apache/pull/2154) ([ekohl](https://github.com/ekohl)) +## [kps_ssl_reload_and_cache_disk_combined_tag](https://github.com/puppetlabs/puppetlabs-apache/tree/kps_ssl_reload_and_cache_disk_combined_tag) (2021-06-14) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.2.0...kps_ssl_reload_and_cache_disk_combined_tag) + ## [v6.2.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.2.0) (2021-05-24) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.1.0...v6.2.0) ### Added - \(MODULES-11068\) Allow apache::vhost ssl\_honorcipherorder to take boolean parameter [\#2152](https://github.com/puppetlabs/puppetlabs-apache/pull/2152) ([davidc](https://github.com/davidc)) ## [v6.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.1.0) (2021-05-17) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.0.1...v6.1.0) ### Added - support for uri for severname with use\_servername\_for\_filenames [\#2150](https://github.com/puppetlabs/puppetlabs-apache/pull/2150) ([Zarne](https://github.com/Zarne)) - \(MODULES-11061\) mod\_security custom rule functionality [\#2145](https://github.com/puppetlabs/puppetlabs-apache/pull/2145) ([k2patel](https://github.com/k2patel)) ## [v6.0.1](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.0.1) (2021-05-10) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.0.0...v6.0.1) ### Fixed - Fix HEADER\* and README\* wildcards in IndexIgnore [\#2138](https://github.com/puppetlabs/puppetlabs-apache/pull/2138) ([keto](https://github.com/keto)) - Fix dav\_svn for Debian 10 [\#2135](https://github.com/puppetlabs/puppetlabs-apache/pull/2135) ([martijndegouw](https://github.com/martijndegouw)) ## [v6.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v6.0.0) (2021-03-02) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.10.0...v6.0.0) ### Changed - pdksync - \(MAINT\) Remove SLES 11 support [\#2132](https://github.com/puppetlabs/puppetlabs-apache/pull/2132) ([sanfrancrisko](https://github.com/sanfrancrisko)) - pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 [\#2125](https://github.com/puppetlabs/puppetlabs-apache/pull/2125) ([carabasdaniel](https://github.com/carabasdaniel)) ## [v5.10.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.10.0) (2021-02-17) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.9.0...v5.10.0) ### Added - \(IAC-1186\) Add $use\_port\_for\_filenames parameter [\#2122](https://github.com/puppetlabs/puppetlabs-apache/pull/2122) ([smortex](https://github.com/smortex)) ### Fixed - \(MODULES-10899\) Handle PHP8 MOD package naming convention changes [\#2121](https://github.com/puppetlabs/puppetlabs-apache/pull/2121) ([sanfrancrisko](https://github.com/sanfrancrisko)) ## [v5.9.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.9.0) (2021-01-25) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.8.0...v5.9.0) ### Added - Add ssl\_user\_name vhost parameter [\#2093](https://github.com/puppetlabs/puppetlabs-apache/pull/2093) ([bodgit](https://github.com/bodgit)) - Add support for mod\_md [\#2090](https://github.com/puppetlabs/puppetlabs-apache/pull/2090) ([smortex](https://github.com/smortex)) ### Fixed - \(FIX\) Correct PHP packages on Ubuntu 16.04 [\#2111](https://github.com/puppetlabs/puppetlabs-apache/pull/2111) ([ekohl](https://github.com/ekohl)) ## [v5.8.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.8.0) (2020-12-07) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.7.0...v5.8.0) ### Added - \(MODULES-10887\) Set `use_servername_for_filenames` for defaults [\#2103](https://github.com/puppetlabs/puppetlabs-apache/pull/2103) ([towo](https://github.com/towo)) - pdksync - \(feat\) Add support for Puppet 7 [\#2101](https://github.com/puppetlabs/puppetlabs-apache/pull/2101) ([daianamezdrea](https://github.com/daianamezdrea)) - \(feat\) Add support for apreq2 MOD on Debian 9, 10 [\#2085](https://github.com/puppetlabs/puppetlabs-apache/pull/2085) ([TigerKriika](https://github.com/TigerKriika)) ### Fixed - \(fix\) Convert unnecessary multi line warnings to single lines [\#2104](https://github.com/puppetlabs/puppetlabs-apache/pull/2104) ([rj667](https://github.com/rj667)) - Fix bool2httpd function call for older ruby versions [\#2102](https://github.com/puppetlabs/puppetlabs-apache/pull/2102) ([carabasdaniel](https://github.com/carabasdaniel)) - Use Ruby 2.7 compatible string matching [\#2060](https://github.com/puppetlabs/puppetlabs-apache/pull/2060) ([ekohl](https://github.com/ekohl)) ## [v5.7.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.7.0) (2020-11-24) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.6.0...v5.7.0) ### Added - Add cas\_cookie\_path in vhosts [\#2089](https://github.com/puppetlabs/puppetlabs-apache/pull/2089) ([yakatz](https://github.com/yakatz)) - \(IAC-1186\) Add new $use\_servername\_for\_filenames parameter [\#2086](https://github.com/puppetlabs/puppetlabs-apache/pull/2086) ([sanfrancrisko](https://github.com/sanfrancrisko)) - Allow relative paths in oidc\_redirect\_uri [\#2082](https://github.com/puppetlabs/puppetlabs-apache/pull/2082) ([sanfrancrisko](https://github.com/sanfrancrisko)) - Improve SSLVerify options [\#2081](https://github.com/puppetlabs/puppetlabs-apache/pull/2081) ([bovy89](https://github.com/bovy89)) - Change icon path [\#2079](https://github.com/puppetlabs/puppetlabs-apache/pull/2079) ([yakatz](https://github.com/yakatz)) - Support mod\_auth\_gssapi parameters [\#2078](https://github.com/puppetlabs/puppetlabs-apache/pull/2078) ([traylenator](https://github.com/traylenator)) - Add ssl\_proxy\_machine\_cert\_chain param to vhost class [\#2072](https://github.com/puppetlabs/puppetlabs-apache/pull/2072) ([AbelNavarro](https://github.com/AbelNavarro)) ### Fixed - Use Ruby 2.7 compatible string matching [\#2074](https://github.com/puppetlabs/puppetlabs-apache/pull/2074) ([sanfrancrisko](https://github.com/sanfrancrisko)) ## [v5.6.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.6.0) (2020-10-01) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.5.0...v5.6.0) ### Added - Configure default shared lib path for mod\_wsgi on RHEL8 [\#2063](https://github.com/puppetlabs/puppetlabs-apache/pull/2063) ([nbarrientos](https://github.com/nbarrientos)) - Various enhancements to apache::mod::passenger [\#2058](https://github.com/puppetlabs/puppetlabs-apache/pull/2058) ([smortex](https://github.com/smortex)) ### Fixed - make apache::mod::fcgid redhat 8 compatible [\#2071](https://github.com/puppetlabs/puppetlabs-apache/pull/2071) ([creativefre](https://github.com/creativefre)) - pdksync - \(feat\) - Removal of inappropriate terminology [\#2062](https://github.com/puppetlabs/puppetlabs-apache/pull/2062) ([pmcmaw](https://github.com/pmcmaw)) - Use python3-mod\_wsgi instead of mod\_wsgi on CentOS8 [\#2052](https://github.com/puppetlabs/puppetlabs-apache/pull/2052) ([kajinamit](https://github.com/kajinamit)) ## [v5.5.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.5.0) (2020-07-03) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.4.0...v5.5.0) ### Added - Allow IPv6 CIDRs for proxy\_protocol\_exceptions in mod remoteip [\#2033](https://github.com/puppetlabs/puppetlabs-apache/pull/2033) ([thechristschn](https://github.com/thechristschn)) - \(IAC-746\) - Add ubuntu 20.04 support [\#2032](https://github.com/puppetlabs/puppetlabs-apache/pull/2032) ([david22swan](https://github.com/david22swan)) - Replace legacy `bool2httpd()` function with shim [\#2025](https://github.com/puppetlabs/puppetlabs-apache/pull/2025) ([alexjfisher](https://github.com/alexjfisher)) - Tidy up `pw_hash` function [\#2024](https://github.com/puppetlabs/puppetlabs-apache/pull/2024) ([alexjfisher](https://github.com/alexjfisher)) - Replace validate\_apache\_loglevel\(\) with data type [\#2023](https://github.com/puppetlabs/puppetlabs-apache/pull/2023) ([alexjfisher](https://github.com/alexjfisher)) - Add ProxyIOBufferSize option [\#2014](https://github.com/puppetlabs/puppetlabs-apache/pull/2014) ([jplindquist](https://github.com/jplindquist)) - Add support for SetInputFilter directive [\#2007](https://github.com/puppetlabs/puppetlabs-apache/pull/2007) ([HoucemEddine](https://github.com/HoucemEddine)) - \[MODULES-10530\] Add request limiting directives on virtual host level [\#1996](https://github.com/puppetlabs/puppetlabs-apache/pull/1996) ([aursu](https://github.com/aursu)) - \[MODULES-10528\] Add ErrorLogFormat directive on virtual host level [\#1995](https://github.com/puppetlabs/puppetlabs-apache/pull/1995) ([aursu](https://github.com/aursu)) - Add template variables and parameters for ModSecurity Audit Logs [\#1988](https://github.com/puppetlabs/puppetlabs-apache/pull/1988) ([jplindquist](https://github.com/jplindquist)) - \(MODULES-10432\) Add mod\_auth\_openidc support [\#1987](https://github.com/puppetlabs/puppetlabs-apache/pull/1987) ([asieraguado](https://github.com/asieraguado)) ### Fixed - \(MODULES-10712\) Fix mod\_ldap on RH/CentOS 5 and 6 [\#2041](https://github.com/puppetlabs/puppetlabs-apache/pull/2041) ([h-haaks](https://github.com/h-haaks)) - Update mod\_dir, alias\_icons\_path, error\_documents\_path for CentOS 8 [\#2038](https://github.com/puppetlabs/puppetlabs-apache/pull/2038) ([initrd](https://github.com/initrd)) - Ensure switching of thread module works on Debian 10 / Ubuntu 20.04 [\#2034](https://github.com/puppetlabs/puppetlabs-apache/pull/2034) ([tuxmea](https://github.com/tuxmea)) - MODULES-10586 Centos 8: wrong package used to install mod\_authnz\_ldap [\#2021](https://github.com/puppetlabs/puppetlabs-apache/pull/2021) ([farebers](https://github.com/farebers)) - Re-add package for fcgid on debian/ubuntu machines [\#2006](https://github.com/puppetlabs/puppetlabs-apache/pull/2006) ([vStone](https://github.com/vStone)) - Use ldap\_trusted\_mode in conditional [\#1999](https://github.com/puppetlabs/puppetlabs-apache/pull/1999) ([dacron](https://github.com/dacron)) - Typo in oidcsettings.pp [\#1997](https://github.com/puppetlabs/puppetlabs-apache/pull/1997) ([asieraguado](https://github.com/asieraguado)) - Fix proxy\_html Module to work on Debian 10 [\#1994](https://github.com/puppetlabs/puppetlabs-apache/pull/1994) ([buchstabensalat](https://github.com/buchstabensalat)) - \(MODULES-10360\) Fix icon paths for RedHat systems [\#1991](https://github.com/puppetlabs/puppetlabs-apache/pull/1991) ([2and3makes23](https://github.com/2and3makes23)) - SSLProxyEngine on has to be set before any Proxydirective using it [\#1989](https://github.com/puppetlabs/puppetlabs-apache/pull/1989) ([zivis](https://github.com/zivis)) ## [v5.4.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.4.0) (2020-01-22) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.3.0...v5.4.0) ### Added - Add an apache::vhost::fragment define [\#1980](https://github.com/puppetlabs/puppetlabs-apache/pull/1980) ([ekohl](https://github.com/ekohl)) ### Fixed - \(MODULES-10391\) ssl\_protocol includes SSLv2 and SSLv3 on all platforms [\#1990](https://github.com/puppetlabs/puppetlabs-apache/pull/1990) ([legooolas](https://github.com/legooolas)) ## [v5.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.3.0) (2019-12-11) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.2.0...v5.3.0) ### Added - \(FM-8672\) - Addition of Support for CentOS 8 [\#1977](https://github.com/puppetlabs/puppetlabs-apache/pull/1977) ([david22swan](https://github.com/david22swan)) - \(MODULES-9948\) Allow switching of thread modules [\#1961](https://github.com/puppetlabs/puppetlabs-apache/pull/1961) ([tuxmea](https://github.com/tuxmea)) ### Fixed - Fix newline being added before proxy params [\#1984](https://github.com/puppetlabs/puppetlabs-apache/pull/1984) ([oxc](https://github.com/oxc)) - When using mod jk, we expect the libapache2-mod-jk package to be installed [\#1979](https://github.com/puppetlabs/puppetlabs-apache/pull/1979) ([tuxmea](https://github.com/tuxmea)) - move unless into manage\_security\_corerules [\#1976](https://github.com/puppetlabs/puppetlabs-apache/pull/1976) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) - Change mod\_proxy's ProxyTimeout to follow Apache's global timeout [\#1975](https://github.com/puppetlabs/puppetlabs-apache/pull/1975) ([gcoxmoz](https://github.com/gcoxmoz)) - \(FM-8721\) fix php version and ssl error on redhat8 [\#1973](https://github.com/puppetlabs/puppetlabs-apache/pull/1973) ([sheenaajay](https://github.com/sheenaajay)) ## [v5.2.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.2.0) (2019-11-01) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.1.0...v5.2.0) ### Added - Add parameter version for mod security [\#1953](https://github.com/puppetlabs/puppetlabs-apache/pull/1953) ([tuxmea](https://github.com/tuxmea)) - add possibility to define variables inside VirtualHost definition [\#1947](https://github.com/puppetlabs/puppetlabs-apache/pull/1947) ([trefzer](https://github.com/trefzer)) ### Fixed - \(FM-8662\) Correction in manifests/mod/ssl.pp for SLES 11 [\#1963](https://github.com/puppetlabs/puppetlabs-apache/pull/1963) ([sanfrancrisko](https://github.com/sanfrancrisko)) - always quote ExpiresDefault in vhost::directories [\#1958](https://github.com/puppetlabs/puppetlabs-apache/pull/1958) ([evgeni](https://github.com/evgeni)) - MODULES-9904 Fix lbmethod module load order [\#1956](https://github.com/puppetlabs/puppetlabs-apache/pull/1956) ([optiz0r](https://github.com/optiz0r)) - Add owner, group, file\_mode and show\_diff to apache::custom\_config [\#1942](https://github.com/puppetlabs/puppetlabs-apache/pull/1942) ([treydock](https://github.com/treydock)) - Add shibboleth support for Debian 10 [\#1939](https://github.com/puppetlabs/puppetlabs-apache/pull/1939) ([fabbks](https://github.com/fabbks)) ## [v5.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.1.0) (2019-09-13) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.0.0...v5.1.0) ### Added - \(FM-8393\) add support on Debian 10 [\#1945](https://github.com/puppetlabs/puppetlabs-apache/pull/1945) ([ThoughtCrhyme](https://github.com/ThoughtCrhyme)) - FM-8140 Add Redhat 8 support [\#1941](https://github.com/puppetlabs/puppetlabs-apache/pull/1941) ([sheenaajay](https://github.com/sheenaajay)) - \(FM-8214\) converted to use litmus [\#1938](https://github.com/puppetlabs/puppetlabs-apache/pull/1938) ([tphoney](https://github.com/tphoney)) - \(MODULES-9668 \) Please make ProxyRequests setting in vhost.pp configurable [\#1935](https://github.com/puppetlabs/puppetlabs-apache/pull/1935) ([aukesj](https://github.com/aukesj)) - Added unmanaged\_path and custom\_fragment options to userdir [\#1931](https://github.com/puppetlabs/puppetlabs-apache/pull/1931) ([GeorgeCox](https://github.com/GeorgeCox)) - Add LDAP parameters to httpd.conf [\#1930](https://github.com/puppetlabs/puppetlabs-apache/pull/1930) ([daveseff](https://github.com/daveseff)) - Add LDAPReferrals configuration parameter [\#1928](https://github.com/puppetlabs/puppetlabs-apache/pull/1928) ([HT43-bqxFqB](https://github.com/HT43-bqxFqB)) ### Fixed - \(MODULES-9104\) Add file\_mode to config files. [\#1922](https://github.com/puppetlabs/puppetlabs-apache/pull/1922) ([stevegarn](https://github.com/stevegarn)) - \(bugfix\) Add default package name for mod\_ldap [\#1913](https://github.com/puppetlabs/puppetlabs-apache/pull/1913) ([turnopil](https://github.com/turnopil)) - Remove event mpm when using prefork, worker or itk [\#1905](https://github.com/puppetlabs/puppetlabs-apache/pull/1905) ([tuxmea](https://github.com/tuxmea)) ## [v5.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v5.0.0) (2019-05-20) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/4.1.0...v5.0.0) ### Changed - pdksync - \(MODULES-8444\) - Raise lower Puppet bound [\#1908](https://github.com/puppetlabs/puppetlabs-apache/pull/1908) ([david22swan](https://github.com/david22swan)) ### Added - \(FM-7923\) Implement Puppet Strings [\#1916](https://github.com/puppetlabs/puppetlabs-apache/pull/1916) ([eimlav](https://github.com/eimlav)) - Define SCL package name for mod\_ldap [\#1893](https://github.com/puppetlabs/puppetlabs-apache/pull/1893) ([treydock](https://github.com/treydock)) ### Fixed - \(MODULES-9014\) Improve SSLSessionTickets handling [\#1923](https://github.com/puppetlabs/puppetlabs-apache/pull/1923) ([FredericLespez](https://github.com/FredericLespez)) - \(MODULES-8931\) Fix stahnma/epel failures [\#1914](https://github.com/puppetlabs/puppetlabs-apache/pull/1914) ([eimlav](https://github.com/eimlav)) - Fix wsgi\_daemon\_process to support hash data type [\#1884](https://github.com/puppetlabs/puppetlabs-apache/pull/1884) ([mdechiaro](https://github.com/mdechiaro)) ## [4.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/4.1.0) (2019-04-05) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/4.0.0...4.1.0) ### Added - \(MODULES-7196\) Allow setting CASRootProxiedAs per virtualhost \(replaces \#1857\) [\#1900](https://github.com/puppetlabs/puppetlabs-apache/pull/1900) ([Lavinia-Dan](https://github.com/Lavinia-Dan)) - \(feat\) - Amazon Linux 2 compatibility added [\#1898](https://github.com/puppetlabs/puppetlabs-apache/pull/1898) ([david22swan](https://github.com/david22swan)) - \(MODULES-8731\) Allow CIDRs for proxy\_ips/internal\_proxy in remoteip [\#1891](https://github.com/puppetlabs/puppetlabs-apache/pull/1891) ([JAORMX](https://github.com/JAORMX)) - Manage all mod\_remoteip parameters supported by Apache [\#1882](https://github.com/puppetlabs/puppetlabs-apache/pull/1882) ([johanfleury](https://github.com/johanfleury)) - MODULES-8541 : Allow HostnameLookups to be modified [\#1881](https://github.com/puppetlabs/puppetlabs-apache/pull/1881) ([k2patel](https://github.com/k2patel)) - Add support for mod\_http2 [\#1867](https://github.com/puppetlabs/puppetlabs-apache/pull/1867) ([smortex](https://github.com/smortex)) - Added code to paramertize the libphp prefix [\#1852](https://github.com/puppetlabs/puppetlabs-apache/pull/1852) ([grahamuk2018](https://github.com/grahamuk2018)) - Added WSGI Options WSGIApplicationGroup and WSGIPythonOptimize [\#1847](https://github.com/puppetlabs/puppetlabs-apache/pull/1847) ([emetriqLikedeeler](https://github.com/emetriqLikedeeler)) ### Fixed - \(bugfix\) set kernel for facter version test [\#1895](https://github.com/puppetlabs/puppetlabs-apache/pull/1895) ([tphoney](https://github.com/tphoney)) - \(MODULES-5990\) - Managing conf\_enabled [\#1875](https://github.com/puppetlabs/puppetlabs-apache/pull/1875) ([david22swan](https://github.com/david22swan)) ## [4.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/4.0.0) (2019-01-10) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.5.0...4.0.0) ### Changed - default server\_tokens to prod - more secure default [\#1746](https://github.com/puppetlabs/puppetlabs-apache/pull/1746) ([juju4](https://github.com/juju4)) ### Added - \(Modules 8141/Modules 8379\) - Addition of support for SLES 15 [\#1862](https://github.com/puppetlabs/puppetlabs-apache/pull/1862) ([david22swan](https://github.com/david22swan)) - SCL support for httpd and php7.1 [\#1822](https://github.com/puppetlabs/puppetlabs-apache/pull/1822) ([mmoll](https://github.com/mmoll)) ### Fixed - \(MODULES-5990\) - conf-enabled defaulted to undef [\#1869](https://github.com/puppetlabs/puppetlabs-apache/pull/1869) ([david22swan](https://github.com/david22swan)) - pdksync - \(FM-7655\) Fix rubygems-update for ruby \< 2.3 [\#1866](https://github.com/puppetlabs/puppetlabs-apache/pull/1866) ([tphoney](https://github.com/tphoney)) ## [3.5.0](https://github.com/puppetlabs/puppetlabs-apache/tree/3.5.0) (2018-12-17) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.4.0...3.5.0) ### Added - \(MODULES-5990\) Addition of 'IncludeOptional conf-enabled/\*.conf' to apache2.conf' on Debian Family OS [\#1851](https://github.com/puppetlabs/puppetlabs-apache/pull/1851) ([david22swan](https://github.com/david22swan)) - \(MODULES-8107\) - Support added for Ubuntu 18.04. [\#1850](https://github.com/puppetlabs/puppetlabs-apache/pull/1850) ([david22swan](https://github.com/david22swan)) - \(MODULES-8108\) - Support added for Debian 9 [\#1849](https://github.com/puppetlabs/puppetlabs-apache/pull/1849) ([david22swan](https://github.com/david22swan)) - Add option to add comments to the header of a vhost file [\#1841](https://github.com/puppetlabs/puppetlabs-apache/pull/1841) ([jovandeginste](https://github.com/jovandeginste)) ### Fixed - \(FM-7605\) - Disabling conf\_enabled on Ubuntu 18.04 by default as it conflicts with Shibboleth causing errors with apache2. [\#1856](https://github.com/puppetlabs/puppetlabs-apache/pull/1856) ([david22swan](https://github.com/david22swan)) - \(MODULES-8429\) Update GPG key for phusion passenger [\#1848](https://github.com/puppetlabs/puppetlabs-apache/pull/1848) ([abottchen](https://github.com/abottchen)) - Fix default vhost priority in readme [\#1843](https://github.com/puppetlabs/puppetlabs-apache/pull/1843) ([HT43-bqxFqB](https://github.com/HT43-bqxFqB)) - fix apache::mod::jk example typo and add link for more info [\#1812](https://github.com/puppetlabs/puppetlabs-apache/pull/1812) ([xorpaul](https://github.com/xorpaul)) - MODULES-7379: Fixing syntax by adding newline [\#1803](https://github.com/puppetlabs/puppetlabs-apache/pull/1803) ([wimvr](https://github.com/wimvr)) - ensure mpm\_event is disabled under debian 9 if mpm itk is used [\#1766](https://github.com/puppetlabs/puppetlabs-apache/pull/1766) ([zivis](https://github.com/zivis)) ## [3.4.0](https://github.com/puppetlabs/puppetlabs-apache/tree/3.4.0) (2018-09-27) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.3.0...3.4.0) ### Added - pdksync - \(FM-7392\) - Puppet 6 Testing Changes [\#1838](https://github.com/puppetlabs/puppetlabs-apache/pull/1838) ([pmcmaw](https://github.com/pmcmaw)) - pdksync - \(MODULES-6805\) metadata.json shows support for puppet 6 [\#1836](https://github.com/puppetlabs/puppetlabs-apache/pull/1836) ([tphoney](https://github.com/tphoney)) ### Fixed - Fix "audit\_log\_relevant\_status" typo in README.md [\#1830](https://github.com/puppetlabs/puppetlabs-apache/pull/1830) ([smokris](https://github.com/smokris)) ## [3.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/3.3.0) (2018-09-11) [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.2.0...3.3.0) ### Added - pdksync - \(MODULES-7705\) - Bumping stdlib dependency from \< 5.0.0 to \< 6.0.0 [\#1821](https://github.com/puppetlabs/puppetlabs-apache/pull/1821) ([pmcmaw](https://github.com/pmcmaw)) - Add support for ProxyTimeout [\#1805](https://github.com/puppetlabs/puppetlabs-apache/pull/1805) ([agoodno](https://github.com/agoodno)) - \(MODULES-7343\) - Allow overrides by adding mod\_libs in apache class [\#1800](https://github.com/puppetlabs/puppetlabs-apache/pull/1800) ([karelyatin](https://github.com/karelyatin)) - Rework passenger VHost and Directories [\#1778](https://github.com/puppetlabs/puppetlabs-apache/pull/1778) ([smortex](https://github.com/smortex)) ### Fixed - MODULES-7575 reverse sort the aliases [\#1808](https://github.com/puppetlabs/puppetlabs-apache/pull/1808) ([k2patel](https://github.com/k2patel)) - fixes for OpenSUSE ans SLES [\#1783](https://github.com/puppetlabs/puppetlabs-apache/pull/1783) ([tuxmea](https://github.com/tuxmea)) ## 3.2.0 ### Summary This is a clean release to prepare for several planned backwards incompatible changes. #### Changed - Parameter `passenger_pre_start` has been moved outside of ``. - Apache version fact has been enabled on FreeBSD. - Parameter `ssl_proxyengine` has had it's default changed to false. #### Added - Parameter `passenger_group` can now be set in `apache::vhost`. - Multiple `passenger_pre_start` URIs can now be set at once. - Manifest `mod::auth_gssapi` has been added to allow the deployment of authorisation with kerberos, through GSSAPI. #### Removed - Scientific 5 and Debian 7 are no longer supported on Apache. ## Supported Release [3.1.0] ### Summary This release includes the module being converted using version 1.4.1 of the PDK. It also includes a couple of additional parameters added. #### Added - Module has been pdk converted with version 1.4.1 ([MODULES-6331](https://tickets.puppet.com/browse/MODULES-6331)) - Parameter `ssl_cert` to provide a SSLCertificateFile option for use with SSL, optional of type String. - Parameter `ssl_key` to provide a SSLCertificateKey option for use with SSL, optional of type String. #### Fixed - Documentation updates. - Updates to the Japanese translation based on documentation update. ## Supported Release [3.0.0] ### Summary This major release changes the default value of `keepalive` to `On`. It also includes many other features and bugfixes. #### Changed - Default `apache::keepalive` from `Off` to `On`. #### Added - Class `apache::mod::data` - Function `apache::apache_pw_hash` function (puppet 4 port of `apache_pw_hash()`) - Function `apache::bool2httpd` function (puppet 4 port of `bool2httpd()`) - Function `apache::validate_apache_log_level` function (puppet 4 port of `validate_apache_log_level()`) - Parameter `apache::balancer::options` for additional directives. - Parameter `apache::limitreqfields` setting the LimitRequestFields directive to 100. - Parameter `apache::use_canonical_name` to control how httpd uses self-referential URLs. - Parameter `apache::mod::disk_cache::cache_ignore_headers` to ignore cache headers. - Parameter `apache::mod::itk::enablecapabilities` to manage ITK capabilities. - Parameter `apache::mod::ldap::ldap_trusted_mode` to manage trusted mode. - Parameters for `apache::mod::passenger`: - `passenger_allow_encoded_slashes` - `passenger_app_group_name` - `passenger_app_root` - `passenger_app_type` - `passenger_base_uri` - `passenger_buffer_response` - `passenger_buffer_upload` - `passenger_concurrency_model` - `passenger_debug_log_file` - `passenger_debugger` - `passenger_default_group` - `passenger_default_user` - `passenger_disable_security_update_check` - `passenger_enabled` - `passenger_error_override` - `passenger_file_descriptor_log_file` - `passenger_fly_with` - `passenger_force_max_concurrent_requests_per_process` - `passenger_friendly_error_pages` - `passenger_group` - `passenger_installed_version` - `passenger_instance_registry_dir` - `passenger_load_shell_envvars` - `passenger_lve_min_uid` - `passenger_max_instances` - `passenger_max_preloader_idle_time` - `passenger_max_request_time` - `passenger_memory_limit` - `passenger_meteor_app_settings` - `passenger_nodejs` - `passenger_pre_start` - `passenger_python` - `passenger_resist_deployment_errors` - `passenger_resolve_symlinks_in_document_root` - `passenger_response_buffer_high_watermark` - `passenger_restart_dir` - `passenger_rolling_restarts` - `passenger_security_update_check_proxy` - `passenger_show_version_in_header` - `passenger_socket_backlog` - `passenger_start_timeout` - `passenger_startup_file` - `passenger_sticky_sessions` - `passenger_sticky_sessions_cookie_name` - `passenger_thread_count` - `passenger_user` - `passenger_user_switching` - `rack_auto_detect` - `rack_base_uri` - `rack_env` - `rails_allow_mod_rewrite` - `rails_app_spawner_idle_time` - `rails_auto_detect` - `rails_base_uri` - `rails_default_user` - `rails_env` - `rails_framework_spawner_idle_time` - `rails_ruby` - `rails_spawn_method` - `rails_user_switching` - `wsgi_auto_detect` - Parameter `apache::mod::prefork::listenbacklog` to set the listen backlog to 511. - Parameter `apache::mod::python::loadfile_name` to workaround python.load filename conflicts. - Parameter `apache::mod::ssl::ssl_cert` to manage the client auth cert. - Parameter `apache::mod::ssl::ssl_key` to manage the client auth key. - Parameter `apache::mod::status::requires` as an alternative to `apache::mod::status::allow_from` - Parameter `apache::vhost::ssl_proxy_cipher_suite` to manage that directive. - Parameter `apache::vhost::shib_compat_valid_user` to manage that directive. - Parameter `apache::vhost::use_canonical_name` to manage that directive. - Parameter value `mellon_session_length` for `apache::vhost::directories` ### Fixed - `apache_version` is confined to just Linux to avoid erroring on AIX. - Parameter `apache::mod::jk::workers_file_content` docs typo of "mantain" instead of maintain. - Deduplicate `apache::mod::ldap` managing `File['ldap.conf']` to avoid resource conflicts. - ITK package name on Debian 9 - Dav_svn package for SLES - Log client IP instead of loadbalancer IP when behind a loadbalancer. - `apache::mod::remoteip` now notifies the `Class['apache::service']` class instead of `Service['httpd']` to avoid restarting the service when `apache::service_manage` is false. - `apache::vhost::cas_scrub_request_headers` actually manages the directive. ## Supported Release [2.3.1] ### Summary This release fixes CVE-2018-6508 which is a potential arbitrary code execution via tasks. ### Fixed - Fix init task for arbitrary remote code ## Supported Release [2.3.0] ### Summary This is a feature release. It includes a task that will reload the apache service. #### Added - Add a task that allows the reloading of the Apache service. ## Supported Release [2.2.0] ### Summary This is a maintainence and feature release. It will include updates to translations in Japanese, some maintainence and adding `PassengerSpawnMethod` to vhost. #### Added - `PassengerSpawnMethod` added to `vhost`. #### Changed - Improve version match fact for `apache_version` - Update to prefork.conf params for Apache 2.4 - Updates to `CONTRIBUTING.md` - Do not install mod_fastcgi on el7 - Include mod_wsgi when using wsgi options ## Supported Release [2.1.0] ### Summary This is a feature release including a security patch (CVE-2017-2299) #### Added - `apache::mod::jk` class for managing the mod_jk connector - `apache_pw_hash` function - the ProxyPass directive in location contexts - more Puppet 4 type validation - `apache::mod::macro` class for managing mod_macro #### Changed - $ssl_certs_dir default to `undef` for all platorms - $ssl_verify_client must now be set to use any of the following: `$ssl_certs_dir`, `$ssl_ca`, `$ssl_crl_path`, `$ssl_crl`, `$ssl_verify_depth`, `$ssl_crl_check` #### Fixed - issue where mod_alias was not being loaded when RedirectMatch* directives were being used ([MODULES-3942](https://tickets.puppet.com/browse/MODULES-3942)) - issue with `$directories` parameter in `apache::vhost` - issue in UserDir template where the UserDir path did not match the Directory path - **Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory** #### Removed - support for EOL platforms: Ubuntu 10.04, 12.04 and Debian 6 (Squeeze) ## Supported Release [2.0.0] ### Summary Major release **removing Puppet 3 support** and other backwards-incompatible changes. #### Added - support for FileETag directive configurable with the `file_e_tag` parameter - ability to configure multiple ports per vhost - RequestHeader directive to vhost template ([MODULES-4156](https://tickets.puppet.com/browse/MODULES-4156)) - customizability for AllowOverride directive in userdir.conf ([MODULES-4516](https://tickets.puppet.com/browse/MODULES-4516)) - AdvertiseFrequency directive for cluster.conf ([MODULES-4500](https://tickets.puppet.com/browse/MODULES-4500)) - `ssl_proxy_protocol` and `ssl_sessioncache` parameters for mod::ssl ([MODULES-4737](https://tickets.puppet.com/browse/MODULES-4737)) - SSLCACertificateFile directive in ssl.conf configurable with `ssl_ca` parameter - mod::authnz_pam - mod::intercept_form_submit - mod::lookup_identity - Suse compatibility for mod::proxy_html - support for AddCharset directive configurable with `add_charset` parameter - support for SSLProxyVerifyDepth and SSLProxyCACertificateFile directives configurable with `ssl_proxy_verify_depth` and `ssl_proxy_ca_cert` respectively - `manage_security_crs` parameter for mod::security - support for LimitExcept directive configurable with `limit_except` parameter - support for WSGIRestrictEmbedded directive configurable with `wsgi_restrict_embedded` parameter - support for custom UserDir path ([MODULES-4933](https://tickets.puppet.com/browse/MODULES-4933)) - support for PassengerMaxRequests directive configurable with `passenger_max_requests` - option to override module package names with `mod_packages` parameter ([MODULES-3838](https://tickets.puppet.com/browse/MODULES-3838)) #### Removed - enclose_ipv6 as it was added to puppetlabs-stdlib - deprecated `$verifyServerCert` parameter from the `apache::mod::authnz_ldap` class ([MODULES-4445](https://tickets.puppet.com/browse/MODULES-4445)) #### Changed - `keepalive` default to 'On' from 'Off' - Puppet version compatibility to ">= 4.7.0 < 6.0.0" - puppetlabs-stdlib dependency to ">= 4.12.0 < 5.0.0" - `ssl_cipher` to explicitly disable 3DES because of Sweet32 #### Fixed - various issues in the vhost template - use of deprecated `include_src` parameter in vhost_spec - management of ssl.conf on RedHat systems - various SLES/Suse params - mod::cgi ordering for FreeBSD - issue where ProxyPreserveHost could not be set without other Proxy* directives - the module attempting to install proxy_html on Ubuntu Xenial and Debian Stretch ## Supported Release [1.11.1] #### Summary This is a security patch release (CVE-2017-2299). These changes are also in version 2.1.0 and higher. #### Changed - $ssl_certs_dir default to `undef` for all platorms - $ssl_verify_client must now be set to use any of the following: `$ssl_certs_dir`, `$ssl_ca`, `$ssl_crl_path`, `$ssl_crl`, `$ssl_verify_depth`, `$ssl_crl_check` #### Fixed - **Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory** ([MODULES-5471](https://tickets.puppet.com/browse/MODULES-5471)) ## Supported Release [1.11.0] ### Summary This release adds SLES12 Support and many more features and bugfixes. #### Features - (MODULES-4049) Adds SLES 12 Support - Adds additional directories options for LDAP Auth - `auth_ldap_url` - `auth_ldap_bind_dn` - `auth_ldap_bind_password` - `auth_ldap_group_attribute` - `auth_ldap_group_attribute_is_dn` - Allows `mod_event` parameters to be unset - Allows management of default root directory access rights - Adds class `apache::vhosts` to create apache::vhost resources - Adds class `apache::mod::proxy_wstunnel` - Adds class `apache::mod::dumpio` - Adds class `apache::mod::socache_shmcb` - Adds class `apache::mod::authn_dbd` - Adds support for apache 2.4 on Amazon Linux - Support the newer `mod_auth_cas` config options - Adds `wsgi_script_aliases_match` parameter to `apache::vhost` - Allow to override all SecDefaultAction attributes - Add audit_log_relevant_status parameter to apache::mod::security - Allow absolute path to $apache::mod::security::activated_rules - Allow setting SecAuditLog - Adds `passenger_max_instances_per_app` to `mod::passenger` - Allow the proxy_via setting to be configured - Allow no_proxy_uris to be used within proxy_pass - Add rpaf.conf template parameter to `mod::rpaf` - Allow user to specify alternative package and library names for shibboleth module - Allows configuration of shibboleth lib path - Adds parameter `passenger_data_buffer_dir` to `mod::passenger` - Adds SSL stapling - Allows use of `balance_manager` with `mod_proxy_balancer` - Raises lower bound of `stdlib` dependency to version 4.2 - Adds support for Passenger repo on Amazon Linux - Add ability to set SSLStaplingReturnResponderErrors on server level - (MODULES-4213) Allow global rewrite rules inheritance in vhosts - Moves `mod_env` to its own class and load it when required #### Bugfixes - Deny access to .ht and .hg, which are created by mercurial hg. - Instead of failing, include apache::mod::prefork in manifests/mod/itk.pp instead. - Only set SSLCompression when it is set to true. - Remove duplicate shib2 hash element - (MODULES-3388) Include mpm_module classes instead of class declaration - Updates `apache::balancer` to respect `apache::confd_dir` - Wrap mod_security directives in an IfModule - Fixes to various mods for Ubuntu Xenial - Fix /etc/modsecurity perms to match package - Fix PassengerRoot under Debian stretch - (MODULES-3476) Updates regex in apache_version custom fact to work with EL5 - Dont sql_injection_attacks.data - Add force option to confd file resource to purge directory without warnings - Patch httpoxy through mod_security - Fixes config ordering of IncludeOptional - Fixes bug where port numbers were unquoted - Fixes bug where empty servername for vhost were written to template - Auto-load `slotmem_shm` and `lbmethod_byrequests` with `proxy_balancer` on 2.4 - Simplify MPM setup on FreeBSD - Adds requirement for httpd package - Do not set ssl_certs_dir on FreeBSD - Fixes bug that produces a duplicate `Listen 443` after a package update on EL7 - Fixes bug where custom facts break structured facts - Avoid relative classname inclusion - Fixes a failure in `vhost` if the first element of `$rewrites` is not a hash - (MODULES-3744) Process $crs_package before $modsec_dir - (MODULES-1491) Adds `::apache` include to mods that need it ## Supported Release [1.10.0] #### Summary This release fixes backwards compatibility bugs introduced in 1.9.0. Also includes a new mod class and a new vhost feature. #### Features - Allow setting KeepAlive related options per vhost - `apache::vhost::keepalive` - `apache::vhost::keepalive_timeout` - `apache::vhost::max_keepalive_requests` - Adds new class `apache::mod::cluster` #### Bugfixes - MODULES-2890: Allow php_version != 5 - MODULES-2890: mod::php: Explicit test on jessie - MODULES-2890: Fix PHP on Debian stretch and Ubuntu Xenial - MODULES-2890: Fix mod_php SetHandler and cleanup - Fixed trailing slash in lib_path on Suse - Revert "MODULES-2956: Enable options within location block on proxy_match". Bug introduced in release 1.9.0. - Revert "changed rpaf Configuration Directives: RPAF -> RPAF_". Bug introduced in release 1.9.0. - Set actual path to apachectl on FreeBSD. Fixes snippets verification. ## Supported Release [1.9.0] [DELETED] #### Features - Added `apache_version` fact - Added `apache::balancer::target` attribute - Added `apache::fastcgi::server::pass_header` attribute - Added ability for `apache::fastcgi::server::host` using sockets - Added `apache::root_directory_options` attribute - Added for `apache::mod::ldap`: - `ldap_shared_cache_size` - `ldap_cache_entries` - `ldap_cache_ttl` - `ldap_opcache_entries` - `ldap_opcache_ttl` - Added `apache::mod::pagespeed::package_ensure` attribute - Added `apache::mod::passenger` attributes: - `passenger_log_level` - `manage_repo` - Added upstream repo for `apache::mod::passenger` - Added `apache::mod::proxy_fcgi` class - Added `apache::mod::security` attributes: - `audit_log_parts` - `secpcrematchlimit` - `secpcrematchlimitrecursion` - `secdefaultaction` - `anomaly_score_blocking` - `inbound_anomaly_threshold` - `outbound_anomaly_threshold` - Added `apache::mod::ssl` attributes: - `ssl_mutex` - `apache_version` - Added ubuntu 16.04 support - Added `apache::mod::authnz_ldap::package_name` attribute - Added `apache::mod::ldap::package_name` attribute - Added `apache::mod::proxy::package_name` attribute - Added `apache::vhost` attributes: - `ssl_proxy_check_peen_expire` - `ssl_proxy_protocol` - `logroot_owner` - `logroot_group` - `setenvifnocase` - `passenger_user` - `passenger_high_performance` - `jk_mounts` - `fastcgi_idle_timeout` - `modsec_disable_msgs` - `modsec_disable_tags` - Added ability for 2.4-style `RequireAll|RequireNone|RequireAny` directory permissions - Added ability for includes in vhost directory - Added directory values: - `AuthMerging` - `MellonSPMetadataFile` - Adds Configurability of Collaborative Detection Severity Levels for OWASP Core Rule Set to `apache::mod::security` class - `critical_anomaly_score` - `error_anomaly_score` - `warning_anomaly_score` - `notice_anomaly_score` - Adds ability to configure `info_path` in `apache::mod::info` class - Adds ability to configure `verify_config` in `apache::vhost::custom` #### Bugfixes - Fixed apache mod setup for event/worker failing syntax - Fixed concat deprecation warnings - Fixed pagespeed mod - Fixed service restart on mod update - Fixed mod dir purging to happen after package installs - Fixed various `apache::mod::*` file modes - Fixed `apache::mod::authnz_ldap` parameter `verifyServerCert` to be `verify_server_cert` - Fixed loadfile name in `apache::mod::fcgid` - Fixed `apache::mod::remoteip` to fail on apache < 2.4 (because it is not available) - Fixed `apache::mod::ssl::ssl_honorcipherorder` interpolation - Lint fixes - Strict variable fixes - Fixed `apache::vhost` attribute `redirectmatch_status` to be optional - Fixed SSLv3 on by default in mod\_nss - Fixed mod\_rpaf directive names in template - Fixed mod\_worker needing MaxClients with ThreadLimit - Fixed quoting on vhost php\_value - Fixed xml2enc for proxy\_html on debian - Fixed a problem where the apache service restarts too fast ## Supported Release [1.8.1] ### Summary This release includes bug fixes and a documentation update. #### Bugfixes - Fixes a bug that occurs when using the module in combination with puppetlabs-concat 2.x. - Fixes a bug where passenger.conf was vulnerable to purging. - Removes the pin of the concat module dependency. ## Supported Release [1.8.0] ### Summary This release includes a lot of bug fixes and feature updates, including support for Debian 8, as well as many test improvements. #### Features - Debian 8 Support. - Added the 'file_mode' property to allow a custom permission setting for config files. - Enable 'PassengerMaxRequestQueueSize' to be set for mod_passenger. - MODULES-2956: Enable options within location block on proxy_match. - Support itk on redhat. - Support the mod_ssl SSLProxyVerify directive. - Support ProxPassReverseCookieDomain directive (mod_proxy). - Support proxy provider for vhost directories. - Added new 'apache::vhost::custom' resource. #### Bugfixes - Fixed ProxyPassReverse configuration. - Fixed error in Amazon operatingsystem detection. - Fixed mod_security catalog ordering issues for RedHat 7. - Fixed paths and packages for the shib2 apache module on Debian pre Jessie. - Fixed EL7 directory path for apache modules. - Fixed validation error when empty array is passed for the rewrites parameter. - Idempotency fixes with regards to '::apache::mod_enable_dir'. - ITK fixes. - (MODULES-2865) fix $mpm_module logic for 'false'. - Set SSLProxy directives even if ssl is false, due to issue with RewriteRules and ProxyPass directives. - Enable setting LimitRequestFieldSize globally, and remove it from vhost. #### Improvements - apache::mod::php now uses FilesMatch to configure the php handler. This is following the recommended upstream configuration guidelines (http://php.net/manual/en/install.unix.apache2.php#example-20) and distribution's default config (e.g.: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/vivid/php5/vivid/view/head:/debian/php5.conf). It avoids inadvertently exposing the PHP handler to executing uploads with names like 'file.php.jpg', but might impact setups with unusual requirements. - Improved compatibility for Gentoo. - Vhosts can now be supplied with a wildcard listen value. - Numerous test improvements. - Removed workarounds for https://bz.apache.org/bugzilla/show_bug.cgi?id=38864 as the issues have been fixed in Apache. - Documentation updates. - Ensureed order of ProxyPass and ProxyPassMatch parameters. - Ensure that ProxyPreserveHost is set to off mode explicitly if not set in manifest. - Put headers and request headers before proxy with regards to template generation. - Added X-Forwarded-For into log_formats defaults. - (MODULES-2703) Allow mod pagespeed to take an array of lines as additional_configuration. ## Supported Release [1.7.1] ###Summary Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. ## Supported Release [1.7.0] ### Summary This release includes many new features and bugfixes. There are test, documentation and misc improvements. #### Features - allow groups with - like vhost-users - ability to enable/disable the secruleengine through a parameter - add mod_auth_kerb parameters to vhost - client auth for reverse proxy - support for mod_auth_mellon - change SSLProtocol in apache::vhost to be space separated - RewriteLock support #### Bugfixes - fix apache::mod::cgid so it can be used with the event MPM - load unixd before fcgid on all operating systems - fixes conditional in vhost aliases - corrects mod_cgid worker/event defaults - ProxyPassMatch parameters were ending up on a newline - catch that mod_authz_default has been removed in Apache 2.4 - mod::ssl fails on SLES - fix typo of MPM_PREFORK for FreeBSD package install - install all modules before adding custom configs - fix acceptance testing for SSLProtocol behaviour for real - fix ordering issue with conf_file and ports_file #### Known Issues - mod_passenger is having issues installing on Redhat/Centos 6, This is due to package dependency issues. #### Improvements - added docs for forcetype directive - removes ruby 1.8.7 from the travisci test matrix - readme reorganisation, minor fixups - support the mod_proxy ProxyPassReverseCookiePath directive - the purge_vhost_configs parameter is actually called purge_vhost_dir - add ListenBacklog for mod worker - deflate application/json by default - install mod_authn_alias as default mod in debian for apache < 2.4 - optionally set LimitRequestFieldSize on an apache::vhost - add SecUploadDir parameter to support file uploads with mod_security - optionally set parameters for mod_ext_filter module - allow SetOutputFilter to be set on a directory - RC4 is deprecated - allow empty docroot - add option to configure the include pattern for the vhost_enable dir - allow multiple IP addresses per vhost - default document root update for Ubuntu 14.04 and Debian 8 ## Supported Release [1.6.0] ### Summary This release includes a couple of new features, along with test and documentation updates, and support for the latest AIO puppet builds. #### Features - Add `scan_proxy_header_field` parameter to `apache::mod::geoip` - Add `ssl_openssl_conf_cmd` parameter to `apache::vhost` and `apache::mod::ssl` - Add `filters` parameter to `apache::vhost` #### Bugfixes - Test updates - Do not use systemd on Amazon Linux - Add missing docs for `timeout` parameter (MODULES-2148) ## Supported Release [1.5.0] ### Summary This release primarily adds Suse compatibility. It also adds a handful of other parameters for greater configuration control. #### Features - Add `apache::lib_path` parameter - Add `apache::service_restart` parameter - Add `apache::vhost::geoip_enable` parameter - Add `apache::mod::geoip` class - Add `apache::mod::remoteip` class - Add parameters to `apache::mod::expires` class - Add `index_style_sheet` handling to `apache::vhost::directories` - Add some compatibility for SLES 11 - Add `apache::mod::ssl::ssl_sessioncachetimeout` parameter - Add `apache::mod::ssl::ssl_cryptodevice` parameter - Add `apache::mod::ssl::ssl_honorcipherorder` parameter - Add `apache::mod::userdir::options` parameter #### Bugfixes - Document `apache::user` parameter - Document `apache::group` parameter - Fix apache::dev on FreeBSD - Fix proxy\_connect on apache >= 2.2 - Validate log levels better - Fix `apache::apache_name` for package and vhost - Fix Debian Jessie mod\_prefork package name - Fix alias module being declared even when vhost is absent - Fix proxy\_pass\_match handling in vhost's proxy template - Fix userdir access permissions - Fix issue where the module was trying to use systemd on Amazon Linux. ## Supported Release [1.4.1] This release corrects a metadata issue that has been present since release 1.2.0. The refactoring of `apache::vhost` to use `puppetlabs-concat` requires a version of concat newer than the version required in PE. If you are using PE 3.3.0 or earlier you will need to use version 1.1.1 or earlier of the `puppetlabs-apache` module. ## Supported Release [1.4.0] ###Summary This release fixes the issue where the docroot was still managed even if the default vhosts were disabled and has many other features and bugfixes including improved support for 'deny' and 'require' as arrays in the 'directories' parameter under `apache::vhost` #### Features - New parameters to `apache` - `default_charset` - `default_type` - New parameters to `apache::vhost` - `proxy_error_override` - `passenger_app_env` (MODULES-1776) - `proxy_dest_match` - `proxy_dest_reverse_match` - `proxy_pass_match` - `no_proxy_uris_match` - New parameters to `apache::mod::passenger` - `passenger_app_env` - `passenger_min_instances` - New parameter to `apache::mod::alias` - `icons_options` - New classes added under `apache::mod::*` - `authn_file` - `authz_default` - `authz_user` - Added support for 'deny' as an array in 'directories' under `apache::vhost` - Added support for RewriteMap - Improved support for FreeBSD. (Note: If using apache < 2.4.12, see the discussion [here](https://github.com/puppetlabs/puppetlabs-apache/pull/1030)) - Added check for deprecated options in directories and fail when they are unsupported - Added gentoo compatibility - Added proper array support for `require` in the `directories` parameter in `apache::vhost` - Added support for `setenv` inside proxy locations ### Bugfixes - Fix issue in `apache::vhost` that was preventing the scriptalias fragment from being included (MODULES-1784) - Install required `mod_ldap` package for EL7 (MODULES-1779) - Change default value of `maxrequestworkers` in `apache::mod::event` to be a multiple of the default `ThreadsPerChild` of 25. - Use the correct `mod_prefork` package name for trusty and jessie - Don't manage docroot when default vhosts are disabled - Ensure resources notify `Class['Apache::Service']` instead of `Service['httpd']` (MODULES-1829) - Change the loadfile name for `mod_passenger` so `mod_proxy` will load by default before `mod_passenger` - Remove old Debian work-around that removed `passenger_extra.conf` ## Supported Release [1.3.0] ### Summary This release has many new features and bugfixes, including the ability to optionally not trigger service restarts on config changes. #### Features - New parameters - `apache` - `service_manage` - `use_optional_includes` - New parameters - `apache::service` - `service_manage` - New parameters - `apache::vhost` - `access_logs` - `php_flags` - `php_values` - `modsec_disable_vhost` - `modsec_disable_ids` - `modsec_disable_ips` - `modsec_body_limit` - Improved FreeBSD support - Add ability to omit priority prefix if `$priority` is set to false - Add `apache::security::rule_link` define - Improvements to `apache::mod::*` - Add `apache::mod::auth_cas` class - Add `threadlimit`, `listenbacklog`, `maxrequestworkers`, `maxconnectionsperchild` parameters to `apache::mod::event` - Add `apache::mod::filter` class - Add `root_group` to `apache::mod::php` - Add `apache::mod::proxy_connect` class - Add `apache::mod::security` class - Add `ssl_pass_phrase_dialog` and `ssl_random_seed_bytes` parameters to `apache::mod::ssl` (MODULES-1719) - Add `status_path` parameter to `apache::mod::status` - Add `apache_version` parameter to `apache::mod::version` - Add `package_name` and `mod_path` parameters to `apache::mod::wsgi` (MODULES-1458) - Improved SCL support - Add support for specifying the docroot - Updated `_directories.erb` to add support for SetEnv - Support multiple access log directives (MODULES-1382) - Add passenger support for Debian Jessie - Add support for not having puppet restart the apache service (MODULES-1559) #### Bugfixes - For apache 2.4 `mod_itk` requires `mod_prefork` (MODULES-825) - Allow SSLCACertificatePath to be unset in `apache::vhost` (MODULES-1457) - Load fcgid after unixd on RHEL7 - Allow disabling default vhost for Apache 2.4 - Test fixes - `mod_version` is now built-in (MODULES-1446) - Sort LogFormats for idempotency - `allow_encoded_slashes` was omitted from `apache::vhost` - Fix documentation bug (MODULES-1403, MODULES-1510) - Sort `wsgi_script_aliases` for idempotency (MODULES-1384) - lint fixes - Fix automatic version detection for Debian Jessie - Fix error docs and icons path for RHEL7-based systems (MODULES-1554) - Sort php_* hashes for idempotency (MODULES-1680) - Ensure `mod::setenvif` is included if needed (MODULES-1696) - Fix indentation in `vhost/_directories.erb` template (MODULES-1688) - Create symlinks on all distros if `vhost_enable_dir` is specified ## Supported Release [1.2.0] ### Summary This release features many improvements and bugfixes, including several new defines, a reworking of apache::vhost for more extensibility, and many new parameters for more customization. This release also includes improved support for strict variables and the future parser. #### Features - Convert apache::vhost to use concat for easier extensions - Test improvements - Synchronize files with modulesync - Strict variable and future parser support - Added apache::custom_config defined type to allow validation of configs before they are created - Added bool2httpd function to convert true/false to apache 'On' and 'Off'. Intended for internal use in the module. - Improved SCL support - allow overriding of the mod_ssl package name - Add support for reverse_urls/ProxyPassReverse in apache::vhost - Add satisfy directive in apache::vhost::directories - Add apache::fastcgi::server defined type - New parameters - apache - allow_encoded_slashes - apache_name - conf_dir - default_ssl_crl_check - docroot - logroot_mode - purge_vhost_dir - New parameters - apache::vhost - add_default_charset - allow_encoded_slashes - logroot_ensure - logroot_mode - manage_docroot - passenger_app_root - passenger_min_instances - passenger_pre_start - passenger_ruby - passenger_start_timeout - proxy_preserve_host - proxy_requests - redirectmatch_dest - ssl_crl_check - wsgi_chunked_request - wsgi_pass_authorization - Add support for ScriptAlias and ScriptAliasMatch in the apache::vhost::aliases parameter - Add support for rewrites in the apache::vhost::directories parameter - If the service_ensure parameter in apache::service is set to anything other than true, false, running, or stopped, ensure will not be passed to the service resource, allowing for the service to not be managed by puppet - Turn of SSLv3 by default - Improvements to apache::mod* - Add restrict_access parameter to apache::mod::info - Add force_language_priority and language_priority parameters to apache::mod::negotiation - Add threadlimit parameter to apache::mod::worker - Add content, template, and source parameters to apache::mod::php - Add mod_authz_svn support via the authz_svn_enabled parameter in apache::mod::dav_svn - Add loadfile_name parameter to apache::mod - Add apache::mod::deflate class - Add options parameter to apache::mod::fcgid - Add timeouts parameter to apache::mod::reqtimeout - Add apache::mod::shib - Add apache_version parameter to apache::mod::ldap - Add magic_file parameter to apache::mod::mime_magic - Add apache_version parameter to apache::mod::pagespeed - Add passenger_default_ruby parameter to apache::mod::passenger - Add content, template, and source parameters to apache::mod::php - Add apache_version parameter to apache::mod::proxy - Add loadfiles parameter to apache::mod::proxy_html - Add ssl_protocol and package_name parameters to apache::mod::ssl - Add apache_version parameter to apache::mod::status - Add apache_version parameter to apache::mod::userdir - Add apache::mod::version class #### Bugfixes - Set osfamily defaults for wsgi_socket_prefix - Support multiple balancermembers with the same url - Validate apache::vhost::custom_fragment - Add support for itk with mod_php - Allow apache::vhost::ssl_certs_dir to not be set - Improved passenger support for Debian - Improved 2.4 support without mod_access_compat - Support for more than one 'Allow from'-directive in _directories.erb - Don't load systemd on Amazon linux based on CentOS6 with apache 2.4 - Fix missing newline in ModPagespeed filter and memcached servers directive - Use interpolated strings instead of numbers where required by future parser - Make auth_require take precedence over default with apache 2.4 - Lint fixes - Set default for php_admin_flags and php_admin_values to be empty hash instead of empty array - Correct typo in mod::pagespeed - spec_helper fixes - Install mod packages before dealing with the configuration - Use absolute scope to check class definition in apache::mod::php - Fix dependency loop in apache::vhost - Properly scope variables in the inline template in apache::balancer - Documentation clarification, typos, and formatting - Set apache::mod::ssl::ssl_mutex to default for debian on apache >= 2.4 - Strict variables fixes - Add authn_core mode to Ubuntu trusty defaults - Keep default loadfile for authz_svn on Debian - Remove '.conf' from the site-include regexp for better Ubuntu/Debian support - Load unixd before fcgid for EL7 - Fix RedirectMatch rules - Fix misleading error message in apache::version #### Known Bugs * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. ## Supported Release [1.1.1] ### Summary This release merely updates metadata.json so the module can be uninstalled and upgraded via the puppet module command. ## Supported Release [1.1.0] ### Summary This release primarily focuses on extending the httpd 2.4 support, tested through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger 4 support, as well as several new modules and important bugfixes. #### Features - Add support for RHEL7 and Ubuntu 14.04 - More complete apache24 support - Passenger 4 support - Add support for max_keepalive_requests and log_formats parameters - Add mod_pagespeed support - Add mod_speling support - Added several parameters for mod_passenger - Added ssl_cipher parameter to apache::mod::ssl - Improved examples in documentation - Added docroot_mode, action, and suexec_user_group parameters to apache::vhost - Add support for custom extensions for mod_php - Improve proxy_html support for Debian #### Bugfixes - Remove NameVirtualHost directive for apache >= 2.4 - Order proxy_set option so it doesn't change between runs - Fix inverted SSL compression - Fix missing ensure on concat::fragment resources - Fix bad dependencies in apache::mod and apache::mod::mime #### Known Bugs * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. ## Supported Release [1.0.1] ### Summary This is a supported release. This release removes a testing symlink that can cause trouble on systems where /var is on a seperate filesystem from the modulepath. #### Features #### Bugfixes #### Known Bugs * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. ## Supported Release [1.0.0] ### Summary This is a supported release. This release introduces Apache 2.4 support for Debian and RHEL based osfamilies. #### Features - Add apache24 support - Add rewrite_base functionality to rewrites - Updated README documentation - Add WSGIApplicationGroup and WSGIImportScript directives #### Bugfixes - Replace mutating hashes with merge() for Puppet 3.5 - Fix WSGI import_script and mod_ssl issues on Lucid #### Known Bugs * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. --- ## Supported Release [0.11.0] ### Summary: This release adds preliminary support for Windows compatibility and multiple rewrite support. #### Backwards-incompatible Changes: - The rewrite_rule parameter is deprecated in favor of the new rewrite parameter and will be removed in a future release. #### Features: - add Match directive - quote paths for windows compatibility - add auth_group_file option to README.md - allow AuthGroupFile directive for vhosts - Support Header directives in vhost context - Don't purge mods-available dir when separate enable dir is used - Fix the servername used in log file name - Added support for mod_include - Remove index parameters. - Support environment variable control for CustomLog - added redirectmatch support - Setting up the ability to do multiple rewrites and conditions. - Convert spec tests to beaker. - Support php_admin_(flag|value)s #### Bugfixes: - directories are either a Hash or an Array of Hashes - Configure Passenger in separate .conf file on RH so PassengerRoot isn't lost - (docs) Update list of `apache::mod::[name]` classes - (docs) Fix apache::namevirtualhost example call style - Fix $ports_file reference in apache::listen. - Fix $ports_file reference in Namevirtualhost. ## Supported Release [0.10.0] ### Summary: This release adds FreeBSD osfamily support and various other improvements to some mods. #### Features: - Add suPHP_UserGroup directive to directory context - Add support for ScriptAliasMatch directives - Set SSLOptions StdEnvVars in server context - No implicit entry for ScriptAlias path - Add support for overriding ErrorDocument - Add support for AliasMatch directives - Disable default "allow from all" in vhost-directories - Add WSGIPythonPath as an optional parameter to mod_wsgi. - Add mod_rpaf support - Add directives: IndexOptions, IndexOrderDefault - Add ability to include additional external configurations in vhost - need to use the provider variable not the provider key value from the directory hash for matches - Support for FreeBSD and few other features - Add new params to apache::mod::mime class - Allow apache::mod to specify module id and path - added $server_root parameter - Add Allow and ExtendedStatus support to mod_status - Expand vhost/_directories.pp directive support - Add initial support for nss module (no directives in vhost template yet) - added peruser and event mpms - added $service_name parameter - add parameter for TraceEnable - Make LogLevel configurable for server and vhost - Add documentation about $ip - Add ability to pass ip (instead of wildcard) in default vhost files #### Bugfixes: - Don't listen on port or set NameVirtualHost for non-existent vhost - only apply Directory defaults when provider is a directory - Working mod_authnz_ldap support on Debian/Ubuntu ## Supported Release [0.9.0] ### Summary: This release adds more parameters to the base apache class and apache defined resource to make the module more flexible. It also adds or enhances SuPHP, WSGI, and Passenger mod support, and support for the ITK mpm module. #### Backwards-incompatible Changes: - Remove many default mods that are not normally needed. - Remove `rewrite_base` `apache::vhost` parameter; did not work anyway. - Specify dependencies on stdlib >=2.4.0 (this was already the case, but making explicit) - Deprecate `a2mod` in favor of the `apache::mod::*` classes and `apache::mod` defined resource. #### Features: - `apache` class - Add `httpd_dir` parameter to change the location of the configuration files. - Add `logroot` parameter to change the logroot - Add `ports_file` parameter to changes the `ports.conf` file location - Add `keepalive` parameter to enable persistent connections - Add `keepalive_timeout` parameter to change the timeout - Update `default_mods` to be able to take an array of mods to enable. - `apache::vhost` - Add `wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, and `wsgi_script_aliases` parameters for per-vhost WSGI configuration. - Add `access_log_syslog` parameter to enable syslogging. - Add `error_log_syslog` parameter to enable syslogging of errors. - Add `directories` hash parameter. Please see README for documentation. - Add `sslproxyengine` parameter to enable SSLProxyEngine - Add `suphp_addhandler`, `suphp_engine`, and `suphp_configpath` for configuring SuPHP. - Add `custom_fragment` parameter to allow for arbitrary apache configuration injection. (Feature pull requests are prefered over using this, but it is available in a pinch.) - Add `apache::mod::suphp` class for configuring SuPHP. - Add `apache::mod::itk` class for configuring ITK mpm module. - Update `apache::mod::wsgi` class for global WSGI configuration with `wsgi_socket_prefix` and `wsgi_python_home` parameters. - Add README.passenger.md to document the `apache::mod::passenger` usage. Added `passenger_high_performance`, `passenger_pool_idle_time`, `passenger_max_requests`, `passenger_stat_throttle_rate`, `rack_autodetect`, and `rails_autodetect` parameters. - Separate the httpd service resource into a new `apache::service` class for dependency chaining of `Class['apache'] -> ~> Class['apache::service']` - Added `apache::mod::proxy_balancer` class for `apache::balancer` #### Bugfixes: - Change dependency to puppetlabs-concat - Fix ruby 1.9 bug for `a2mod` - Change servername to be `$::hostname` if there is no `$::fqdn` - Make `/etc/ssl/certs` the default ssl certs directory for RedHat non-5. - Make `php` the default php package for RedHat non-5. - Made `aliases` able to take a single alias hash instead of requiring an array. ## Supported Release [0.8.1] #### Bugfixes: - Update `apache::mpm_module` detection for worker/prefork - Update `apache::mod::cgi` and `apache::mod::cgid` detection for worker/prefork ## Supported Release [0.8.0] #### Features: - Add `servername` parameter to `apache` class - Add `proxy_set` parameter to `apache::balancer` define #### Bugfixes: - Fix ordering for multiple `apache::balancer` clusters - Fix symlinking for sites-available on Debian-based OSs - Fix dependency ordering for recursive confdir management - Fix `apache::mod::*` to notify the service on config change - Documentation updates ## Supported Release [0.7.0] #### Changes: - Essentially rewrite the module -- too many to list - `apache::vhost` has many abilities -- see README.md for details - `apache::mod::*` classes provide httpd mod-loading capabilities - `apache` base class is much more configurable #### Bugfixes: - Many. And many more to come ## Supported Release [0.6.0] - update travis tests (add more supported versions) - add access log_parameter - make purging of vhost dir configurable ## Supported Release [0.4.0] #### Changes: - `include apache` is now required when using `apache::mod::*` #### Bugfixes: - Fix syntax for validate_re - Fix formatting in vhost template - Fix spec tests such that they pass ## Supported Release [0.0.4] * e62e362 Fix broken tests for ssl, vhost, vhost::* * 42c6363 Changes to match style guide and pass puppet-lint without error * 42bc8ba changed name => path for file resources in order to name namevar by it's name * 72e13de One end too much * 0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc. * 273f94d fix tests * a35ede5 (#13860) Make a2enmod/a2dismo commands optional * 98d774e (#13860) Autorequire Package['httpd'] * 05fcec5 (#13073) Add missing puppet spec tests * 541afda (#6899) Remove virtual a2mod definition * 976cb69 (#13072) Move mod python and wsgi package names to params * 323915a (#13060) Add .gitignore to repo * fdf40af (#13060) Remove pkg directory from source tree * fd90015 Add LICENSE file and update the ModuleFile * d3d0d23 Re-enable local php class * d7516c7 Make management of firewalls configurable for vhosts * 60f83ba Explicitly lookup scope of apache_name in templates. * f4d287f (#12581) Add explicit ordering for vdir directory * 88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall * a776a8b (#11071) Fix to work with latest firewall module * 2b79e8b (#11070) Add support for Scientific Linux * 405b3e9 Fix for a2mod * 57b9048 Commit apache::vhost::redirect Manifest * 8862d01 Commit apache::vhost::proxy Manifest * d5c1fd0 Commit apache::mod::wsgi Manifest * a825ac7 Commit apache::mod::python Manifest * b77062f Commit Templates * 9a51b4a Vhost File Declarations * 6cf7312 Defaults for Parameters * 6a5b11a Ensure installed * f672e46 a2mod fix * 8a56ee9 add pthon support to apache [3.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/3.1.0...3.2.0 [3.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/3.0.0...3.1.0 [3.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.3.1...3.0.0 [2.3.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.3.0...2.3.1 [2.3.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.2.0...2.3.0 [2.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.1.0...2.2.0 [2.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.0.0...2.1.0 [2.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...2.0.0 [1.11.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...1.11.1 [1.11.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.10.0...1.11.0 [1.10.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.9.0...1.10.0 [1.9.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.1...1.9.0 [1.8.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.0...1.8.1 [1.8.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.7.1...1.8.0 [1.7.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.7.0...1.7.1 [1.7.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.6.0...1.7.0 [1.6.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.5.0...1.6.0 [1.5.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.4.1...1.5.0 [1.4.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.4.0...1.4.1 [1.4.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.3.0...1.4.0 [1.3.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.2.0...1.3.0 [1.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.1.1...1.2.0 [1.1.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.1.0...1.1.1 [1.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.0.1...1.1.0 [1.0.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.0.0...1.0.1 [1.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.11.0...1.0.0 [0.11.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.10.0...0.11.0 [0.10.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.9.0...0.10.0 [0.9.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.1...0.9.0 [0.8.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.8.0...0.8.1 [0.8.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.7.0...0.8.0 [0.7.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.6.0...0.7.0 [0.6.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.5.0-rc1...0.6.0 [0.5.0-rc1]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.4.0...0.5.0-rc1 [0.4.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.3.0...0.4.0 [0.0.4]:https://github.com/puppetlabs/puppetlabs-apache/commits/0.0.4 \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/REFERENCE.md b/REFERENCE.md index 6da74ba9..9d675863 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1,11319 +1,11319 @@ # Reference ## Table of Contents ### Classes #### Public Classes * [`apache`](#apache): Guides the basic setup and installation of Apache on your system. * [`apache::dev`](#apachedev): Installs Apache development libraries. * [`apache::mod::actions`](#apachemodactions): Installs Apache mod_actions * [`apache::mod::alias`](#apachemodalias): Installs and configures `mod_alias`. * [`apache::mod::apreq2`](#apachemodapreq2): Installs `mod_apreq2`. * [`apache::mod::auth_basic`](#apachemodauth_basic): Installs `mod_auth_basic` * [`apache::mod::auth_cas`](#apachemodauth_cas): Installs and configures `mod_auth_cas`. * [`apache::mod::auth_gssapi`](#apachemodauth_gssapi): Installs `mod_auth_gsappi`. * [`apache::mod::auth_kerb`](#apachemodauth_kerb): Installs `mod_auth_kerb` * [`apache::mod::auth_mellon`](#apachemodauth_mellon): Installs and configures `mod_auth_mellon`. * [`apache::mod::auth_openidc`](#apachemodauth_openidc): Installs and configures `mod_auth_openidc`. * [`apache::mod::authn_core`](#apachemodauthn_core): Installs `mod_authn_core`. * [`apache::mod::authn_dbd`](#apachemodauthn_dbd): Installs `mod_authn_dbd`. * [`apache::mod::authn_file`](#apachemodauthn_file): Installs `mod_authn_file`. * [`apache::mod::authnz_ldap`](#apachemodauthnz_ldap): Installs `mod_authnz_ldap`. * [`apache::mod::authnz_pam`](#apachemodauthnz_pam): Installs `mod_authnz_pam`. * [`apache::mod::authz_default`](#apachemodauthz_default): Installs and configures `mod_authz_default`. * [`apache::mod::authz_user`](#apachemodauthz_user): Installs `mod_authz_user` * [`apache::mod::autoindex`](#apachemodautoindex): Installs `mod_autoindex` * [`apache::mod::cache`](#apachemodcache): Installs `mod_cache` * [`apache::mod::cgi`](#apachemodcgi): Installs `mod_cgi`. * [`apache::mod::cgid`](#apachemodcgid): Installs `mod_cgid`. * [`apache::mod::cluster`](#apachemodcluster): Installs `mod_cluster`. * [`apache::mod::data`](#apachemoddata): Installs and configures `mod_data`. * [`apache::mod::dav`](#apachemoddav): Installs `mod_dav`. * [`apache::mod::dav_fs`](#apachemoddav_fs): Installs `mod_dav_fs`. * [`apache::mod::dav_svn`](#apachemoddav_svn): Installs and configures `mod_dav_svn`. * [`apache::mod::dbd`](#apachemoddbd): Installs `mod_dbd`. * [`apache::mod::deflate`](#apachemoddeflate): Installs and configures `mod_deflate`. * [`apache::mod::dev`](#apachemoddev): Installs `mod_dev`. * [`apache::mod::dir`](#apachemoddir): Installs and configures `mod_dir`. * [`apache::mod::disk_cache`](#apachemoddisk_cache): Installs and configures `mod_disk_cache`. * [`apache::mod::dumpio`](#apachemoddumpio): Installs and configures `mod_dumpio`. * [`apache::mod::env`](#apachemodenv): Installs `mod_env`. * [`apache::mod::event`](#apachemodevent): Installs and configures `mod_event`. * [`apache::mod::expires`](#apachemodexpires): Installs and configures `mod_expires`. * [`apache::mod::ext_filter`](#apachemodext_filter): Installs and configures `mod_ext_filter`. * [`apache::mod::fastcgi`](#apachemodfastcgi): Installs `mod_fastcgi`. * [`apache::mod::fcgid`](#apachemodfcgid): Installs and configures `mod_fcgid`. * [`apache::mod::filter`](#apachemodfilter): Installs `mod_filter`. * [`apache::mod::geoip`](#apachemodgeoip): Installs and configures `mod_geoip`. * [`apache::mod::headers`](#apachemodheaders): Installs and configures `mod_headers`. * [`apache::mod::http2`](#apachemodhttp2): Installs and configures `mod_http2`. * [`apache::mod::include`](#apachemodinclude): Installs `mod_include`. * [`apache::mod::info`](#apachemodinfo): Installs and configures `mod_info`. * [`apache::mod::intercept_form_submit`](#apachemodintercept_form_submit): Installs `mod_intercept_form_submit`. * [`apache::mod::itk`](#apachemoditk): Installs MPM `mod_itk`. * [`apache::mod::jk`](#apachemodjk): Installs `mod_jk`. * [`apache::mod::ldap`](#apachemodldap): Installs and configures `mod_ldap`. * [`apache::mod::lookup_identity`](#apachemodlookup_identity): Installs `mod_lookup_identity` * [`apache::mod::macro`](#apachemodmacro): Installs `mod_macro`. * [`apache::mod::md`](#apachemodmd): Installs and configures `mod_md`. * [`apache::mod::mime`](#apachemodmime): Installs and configures `mod_mime`. * [`apache::mod::mime_magic`](#apachemodmime_magic): Installs and configures `mod_mime_magic`. * [`apache::mod::negotiation`](#apachemodnegotiation): Installs and configures `mod_negotiation`. * [`apache::mod::nss`](#apachemodnss): Installs and configures `mod_nss`. * [`apache::mod::pagespeed`](#apachemodpagespeed): Installs and configures `mod_pagespeed`. * [`apache::mod::passenger`](#apachemodpassenger): Installs `mod_pasenger`. * [`apache::mod::perl`](#apachemodperl): Installs `mod_perl`. * [`apache::mod::peruser`](#apachemodperuser): Installs `mod_peruser`. * [`apache::mod::php`](#apachemodphp): Installs `mod_php`. * [`apache::mod::prefork`](#apachemodprefork): Installs and configures MPM `prefork`. * [`apache::mod::proxy`](#apachemodproxy): Installs and configures `mod_proxy`. * [`apache::mod::proxy_ajp`](#apachemodproxy_ajp): Installs `mod_proxy_ajp`. * [`apache::mod::proxy_balancer`](#apachemodproxy_balancer): Installs and configures `mod_proxy_balancer`. * [`apache::mod::proxy_connect`](#apachemodproxy_connect): Installs `mod_proxy_connect`. * [`apache::mod::proxy_fcgi`](#apachemodproxy_fcgi): Installs `mod_proxy_fcgi`. * [`apache::mod::proxy_html`](#apachemodproxy_html): Installs `mod_proxy_html`. * [`apache::mod::proxy_http`](#apachemodproxy_http): Installs `mod_proxy_http`. * [`apache::mod::proxy_wstunnel`](#apachemodproxy_wstunnel): Installs `mod_proxy_wstunnel`. * [`apache::mod::python`](#apachemodpython): Installs and configures `mod_python`. * [`apache::mod::remoteip`](#apachemodremoteip): Installs and configures `mod_remoteip`. * [`apache::mod::reqtimeout`](#apachemodreqtimeout): Installs and configures `mod_reqtimeout`. * [`apache::mod::rewrite`](#apachemodrewrite): Installs `mod_rewrite`. * [`apache::mod::rpaf`](#apachemodrpaf): Installs and configures `mod_rpaf`. * [`apache::mod::security`](#apachemodsecurity): Installs and configures `mod_security`. * [`apache::mod::setenvif`](#apachemodsetenvif): Installs `mod_setenvif`. * [`apache::mod::shib`](#apachemodshib): Installs and configures `mod_shib`. * [`apache::mod::socache_shmcb`](#apachemodsocache_shmcb): Installs `mod_socache_shmcb`. * [`apache::mod::speling`](#apachemodspeling): Installs `mod_spelling`. * [`apache::mod::ssl`](#apachemodssl): Installs `mod_ssl`. * [`apache::mod::status`](#apachemodstatus): Installs and configures `mod_status`. * [`apache::mod::suexec`](#apachemodsuexec): Installs `mod_suexec`. * [`apache::mod::suphp`](#apachemodsuphp): Installs `mod_suphp`. * [`apache::mod::userdir`](#apachemoduserdir): Installs and configures `mod_userdir`. * [`apache::mod::version`](#apachemodversion): Installs `mod_version`. * [`apache::mod::vhost_alias`](#apachemodvhost_alias): Installs Apache `mod_vhost_alias`. * [`apache::mod::watchdog`](#apachemodwatchdog): Installs and configures `mod_watchdog`. * [`apache::mod::worker`](#apachemodworker): Installs and manages the MPM `worker`. * [`apache::mod::wsgi`](#apachemodwsgi): Installs and configures `mod_wsgi`. * [`apache::mod::xsendfile`](#apachemodxsendfile): Installs `mod_xsendfile`. * [`apache::mpm::disable_mpm_event`](#apachempmdisable_mpm_event) * [`apache::mpm::disable_mpm_prefork`](#apachempmdisable_mpm_prefork) * [`apache::mpm::disable_mpm_worker`](#apachempmdisable_mpm_worker) * [`apache::vhosts`](#apachevhosts): Creates `apache::vhost` defined types. #### Private Classes * `apache::confd::no_accf`: Manages the `no-accf.conf` file. * `apache::default_confd_files`: Helper for setting up default conf.d files. * `apache::default_mods`: Installs and congfigures default mods for Apache * `apache::mod::ssl::reload`: Manages the puppet_ssl folder for ssl file copies, which is needed to track changes for reloading service on changes * `apache::package`: Installs an Apache MPM. * `apache::params`: This class manages Apache parameters * `apache::php`: This class installs PHP for Apache. * `apache::proxy`: This class enabled the proxy module for Apache. * `apache::python`: This class installs Python for Apache * `apache::service`: Installs and configures Apache service. * `apache::ssl`: This class installs Apache SSL capabilities * `apache::version`: Try to automatically detect the version by OS ### Defined types #### Public Defined types * [`apache::balancer`](#apachebalancer): This type will create an apache balancer cluster file inside the conf.d directory. * [`apache::balancermember`](#apachebalancermember): Defines members of `mod_proxy_balancer` * [`apache::custom_config`](#apachecustom_config): Adds a custom configuration file to the Apache server's `conf.d` directory. * [`apache::fastcgi::server`](#apachefastcgiserver): Defines one or more external FastCGI servers to handle specific file types. Use this defined type with `mod_fastcgi`. * [`apache::listen`](#apachelisten): Adds `Listen` directives to `ports.conf` that define the Apache server's or a virtual host's listening address and port. * [`apache::mod`](#apachemod): Installs packages for an Apache module that doesn't have a corresponding `apache::mod::` class. * [`apache::namevirtualhost`](#apachenamevirtualhost): Enables name-based virtual hosts * [`apache::vhost`](#apachevhost): Allows specialised configurations for virtual hosts that possess requirements outside of the defaults. * [`apache::vhost::custom`](#apachevhostcustom): A wrapper around the `apache::custom_config` defined type. * [`apache::vhost::fragment`](#apachevhostfragment): Define a fragment within a vhost #### Private Defined types * `apache::default_mods::load`: Helper used by `apache::default_mods` * `apache::mpm`: Enables the use of Apache MPMs. * `apache::peruser::multiplexer`: Checks if an Apache module has a class. * `apache::peruser::processor`: Enables the `Peruser` module for FreeBSD only. * `apache::security::rule_link`: Links the activated_rules from `apache::mod::security` to the respective CRS rules on disk. ### Resource types * [`a2mod`](#a2mod): Manage Apache 2 modules ### Functions * [`apache::apache_pw_hash`](#apacheapache_pw_hash): DEPRECATED. Use the function [`apache::pw_hash`](#apachepw_hash) instead. * [`apache::bool2httpd`](#apachebool2httpd): Transform a supposed boolean to On or Off. Passes all other values through. * [`apache::pw_hash`](#apachepw_hash): Hashes a password in a format suitable for htpasswd files read by apache. * [`apache_pw_hash`](#apache_pw_hash): DEPRECATED. Use the namespaced function [`apache::pw_hash`](#apachepw_hash) instead. * [`bool2httpd`](#bool2httpd): DEPRECATED. Use the namespaced function [`apache::bool2httpd`](#apachebool2httpd) instead. ### Data types * [`Apache::LogLevel`](#apacheloglevel): A string that conforms to the Apache `LogLevel` syntax. * [`Apache::OIDCSettings`](#apacheoidcsettings): https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf ### Tasks * [`init`](#init): Allows you to perform apache service functions ## Classes ### `apache` When this class is declared with the default options, Puppet: - Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system. - Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system. - Configures the server with a default virtual host and standard port (`80`) and address (`\*`) bindings. - Creates a document root directory determined by your operating system, typically `/var/www`. - Starts the Apache service. If an ldaps:// URL is specified, the mode becomes SSL and the setting of LDAPTrustedMode is ignored. #### Examples ##### ```puppet class { 'apache': } ``` #### Parameters The following parameters are available in the `apache` class: * [`allow_encoded_slashes`](#allow_encoded_slashes) * [`apache_version`](#apache_version) * [`conf_dir`](#conf_dir) * [`conf_template`](#conf_template) * [`confd_dir`](#confd_dir) * [`default_charset`](#default_charset) * [`default_confd_files`](#default_confd_files) * [`default_mods`](#default_mods) * [`default_ssl_ca`](#default_ssl_ca) * [`default_ssl_cert`](#default_ssl_cert) * [`default_ssl_chain`](#default_ssl_chain) * [`default_ssl_crl`](#default_ssl_crl) * [`default_ssl_crl_path`](#default_ssl_crl_path) * [`default_ssl_crl_check`](#default_ssl_crl_check) * [`default_ssl_key`](#default_ssl_key) * [`default_ssl_reload_on_change`](#default_ssl_reload_on_change) * [`default_ssl_vhost`](#default_ssl_vhost) * [`default_type`](#default_type) * [`default_vhost`](#default_vhost) * [`dev_packages`](#dev_packages) * [`docroot`](#docroot) * [`error_documents`](#error_documents) * [`group`](#group) * [`httpd_dir`](#httpd_dir) * [`http_protocol_options`](#http_protocol_options) * [`keepalive`](#keepalive) * [`keepalive_timeout`](#keepalive_timeout) * [`max_keepalive_requests`](#max_keepalive_requests) * [`hostname_lookups`](#hostname_lookups) * [`ldap_trusted_mode`](#ldap_trusted_mode) * [`ldap_verify_server_cert`](#ldap_verify_server_cert) * [`lib_path`](#lib_path) * [`log_level`](#log_level) * [`log_formats`](#log_formats) * [`logroot`](#logroot) * [`logroot_mode`](#logroot_mode) * [`manage_group`](#manage_group) * [`supplementary_groups`](#supplementary_groups) * [`manage_user`](#manage_user) * [`mod_dir`](#mod_dir) * [`mod_libs`](#mod_libs) * [`mod_packages`](#mod_packages) * [`mpm_module`](#mpm_module) * [`package_ensure`](#package_ensure) * [`pidfile`](#pidfile) * [`ports_file`](#ports_file) * [`protocols`](#protocols) * [`protocols_honor_order`](#protocols_honor_order) * [`purge_configs`](#purge_configs) * [`purge_vhost_dir`](#purge_vhost_dir) * [`rewrite_lock`](#rewrite_lock) * [`sendfile`](#sendfile) * [`serveradmin`](#serveradmin) * [`servername`](#servername) * [`server_root`](#server_root) * [`server_signature`](#server_signature) * [`server_tokens`](#server_tokens) * [`service_enable`](#service_enable) * [`service_ensure`](#service_ensure) * [`service_name`](#service_name) * [`service_manage`](#service_manage) * [`service_restart`](#service_restart) * [`timeout`](#timeout) * [`trace_enable`](#trace_enable) * [`use_canonical_name`](#use_canonical_name) * [`use_systemd`](#use_systemd) * [`file_mode`](#file_mode) * [`root_directory_options`](#root_directory_options) * [`root_directory_secured`](#root_directory_secured) * [`vhost_dir`](#vhost_dir) * [`vhost_include_pattern`](#vhost_include_pattern) * [`user`](#user) * [`apache_name`](#apache_name) * [`error_log`](#error_log) * [`scriptalias`](#scriptalias) * [`access_log_file`](#access_log_file) * [`limitreqfields`](#limitreqfields) * [`limitreqfieldsize`](#limitreqfieldsize) * [`ip`](#ip) * [`purge_vdir`](#purge_vdir) * [`conf_enabled`](#conf_enabled) * [`vhost_enable_dir`](#vhost_enable_dir) * [`mod_enable_dir`](#mod_enable_dir) * [`ssl_file`](#ssl_file) * [`file_e_tag`](#file_e_tag) * [`use_optional_includes`](#use_optional_includes) * [`mime_types_additional`](#mime_types_additional) ##### `allow_encoded_slashes` Data type: `Optional[Enum['on', 'off', 'nodecode']]` Sets the server default for the `AllowEncodedSlashes` declaration, which modifies the responses to URLs containing '\' and '/' characters. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'. Default value: ``undef`` ##### `apache_version` Data type: `Any` Configures module template behavior, package names, and default Apache modules by defining the version of Apache to use. We do not recommend manually configuring this parameter without reason. Default value: `$apache::version::default` ##### `conf_dir` Data type: `Any` Sets the directory where the Apache server's main configuration file is located. Default value: `$apache::params::conf_dir` ##### `conf_template` Data type: `Any` Defines the template used for the main Apache configuration file. Modifying this parameter is potentially risky, as the apache module is designed to use a minimal configuration file customized by `conf.d` entries. Default value: `$apache::params::conf_template` ##### `confd_dir` Data type: `Any` Sets the location of the Apache server's custom configuration directory. Default value: `$apache::params::confd_dir` ##### `default_charset` Data type: `Any` Used as the `AddDefaultCharset` directive in the main configuration file. Default value: ``undef`` ##### `default_confd_files` Data type: `Boolean` Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the `confd_dir` parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system. Default value: ``true`` ##### `default_mods` Data type: `Any` Determines whether to configure and enable a set of default Apache modules depending on your operating system.
If `false`, Puppet includes only the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the `apache::mod::` class or `apache::mod` defined type.
If `true`, Puppet installs additional modules, depending on the operating system and the values of `apache_version` and `mpm_module` parameters. Because these lists of modules can change frequently, consult the Puppet module's code for up-to-date lists.
If this parameter contains an array, Puppet instead enables all passed Apache modules. Default value: ``true`` ##### `default_ssl_ca` Data type: `Any` Sets the default certificate authority for the Apache server.
Although the default value results in a functioning Apache server, you **must** update this parameter with your certificate authority information before deploying this server in a production environment. Default value: ``undef`` ##### `default_ssl_cert` Data type: `Any` Sets the SSL encryption certificate location.
Although the default value results in a functioning Apache server, you **must** update this parameter with your certificate location before deploying this server in a production environment. Default value: `$apache::params::default_ssl_cert` ##### `default_ssl_chain` Data type: `Any` Sets the default SSL chain location.
Although this default value results in a functioning Apache server, you **must** update this parameter with your SSL chain before deploying this server in a production environment. Default value: ``undef`` ##### `default_ssl_crl` Data type: `Any` Sets the path of the default certificate revocation list (CRL) file to use.
Although this default value results in a functioning Apache server, you **must** update this parameter with the CRL file path before deploying this server in a production environment. You can use this parameter with or in place of the `default_ssl_crl_path`. Default value: ``undef`` ##### `default_ssl_crl_path` Data type: `Any` Sets the server's certificate revocation list path, which contains your CRLs.
Although this default value results in a functioning Apache server, you **must** update this parameter with the CRL file path before deploying this server in a production environment. Default value: ``undef`` ##### `default_ssl_crl_check` Data type: `Any` Sets the default certificate revocation check level via the `SSLCARevocationCheck` directive. This parameter applies only to Apache 2.4 or higher and is ignored on older versions.
Although this default value results in a functioning Apache server, you **must** specify this parameter when using certificate revocation lists in a production environment. Default value: ``undef`` ##### `default_ssl_key` Data type: `Any` Sets the SSL certificate key file location. Although the default values result in a functioning Apache server, you **must** update this parameter with your SSL key's location before deploying this server in a production environment. Default value: `$apache::params::default_ssl_key` ##### `default_ssl_reload_on_change` Data type: `Boolean` Enable reloading of apache if the content of ssl files have changed. Default value: ``false`` ##### `default_ssl_vhost` Data type: `Boolean` Configures a default SSL virtual host. If `true`, Puppet automatically configures the following virtual host using the `apache::vhost` defined type: ```puppet apache::vhost { 'default-ssl': port => 443, ssl => true, docroot => $docroot, scriptalias => $scriptalias, serveradmin => $serveradmin, access_log_file => "ssl_${access_log_file}", } ``` **Note**: SSL virtual hosts only respond to HTTPS queries. Default value: ``false`` ##### `default_type` Data type: `Any` _Apache 2.2 only_. Sets the MIME `content-type` sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer, and is only for backwards compatibility in configuration files. Default value: `'none'` ##### `default_vhost` Data type: `Boolean` Configures a default virtual host when the class is declared.
To configure customized virtual hosts, set this parameter's value to `false`.
> **Note**: Apache will not start without at least one virtual host. If you set this to `false` you must configure a virtual host elsewhere. Default value: ``true`` ##### `dev_packages` Data type: `Any` Configures a specific dev package to use.
For example, using httpd 2.4 from the IUS yum repo:
``` puppet include ::apache::dev class { 'apache': apache_name => 'httpd24u', dev_packages => 'httpd24u-devel', } ``` Default value: `$apache::params::dev_packages` ##### `docroot` Data type: `Any` Sets the default `DocumentRoot` location. Default value: `$apache::params::docroot` ##### `error_documents` Data type: `Any` Determines whether to enable [custom error documents](https://httpd.apache.org/docs/current/custom-error.html) on the Apache server. Default value: ``false`` ##### `group` Data type: `Any` Sets the group ID that owns any Apache processes spawned to answer requests.
By default, Puppet attempts to manage this group as a resource under the `apache` class, determining the group based on the operating system as detected by the `apache::params` class. To prevent the group resource from being created and use a group created by another Puppet module, set the `manage_group` parameter's value to `false`.
> **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process. Default value: `$apache::params::group` ##### `httpd_dir` Data type: `Any` Sets the Apache server's base configuration directory. This is useful for specially repackaged Apache server builds but might have unintended consequences when combined with the default distribution packages. Default value: `$apache::params::httpd_dir` ##### `http_protocol_options` Data type: `Any` Specifies the strictness of HTTP protocol checks.
Valid options: any sequence of the following alternative values: `Strict` or `Unsafe`, `RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`. Default value: `$apache::params::http_protocol_options` ##### `keepalive` Data type: `Any` Determines whether to enable persistent HTTP connections with the `KeepAlive` directive. If you set this to `On`, use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options.
Default value: `$apache::params::keepalive` ##### `keepalive_timeout` Data type: `Any` Sets the `KeepAliveTimeout` directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. This parameter is only relevant if the `keepalive` parameter is enabled. Default value: `$apache::params::keepalive_timeout` ##### `max_keepalive_requests` Data type: `Any` Limits the number of requests allowed per connection when the `keepalive` parameter is enabled. Default value: `$apache::params::max_keepalive_requests` ##### `hostname_lookups` Data type: `Enum['Off', 'On', 'Double', 'off', 'on', 'double']` This directive enables DNS lookups so that host names can be logged and passed to CGIs/SSIs in REMOTE_HOST.
> **Note**: If enabled, it impacts performance significantly. Default value: `$apache::params::hostname_lookups` ##### `ldap_trusted_mode` Data type: `Any` The following modes are supported: NONE - no encryption SSL - ldaps:// encryption on default port 636 TLS - STARTTLS encryption on default port 389 Not all LDAP toolkits support all the above modes. An error message will be logged at runtime if a mode is not supported, and the connection to the LDAP server will fail. Default value: ``undef`` ##### `ldap_verify_server_cert` Data type: `Any` Specifies whether to force the verification of a server certificate when establishing an SSL connection to the LDAP server. On|Off Default value: ``undef`` ##### `lib_path` Data type: `Any` Specifies the location whereApache module files are stored.
> **Note**: Do not configure this parameter manually without special reason. Default value: `$apache::params::lib_path` ##### `log_level` Data type: `Apache::LogLevel` Configures the apache [LogLevel](https://httpd.apache.org/docs/current/mod/core.html#loglevel) directive which adjusts the verbosity of the messages recorded in the error logs. Default value: `$apache::params::log_level` ##### `log_formats` Data type: `Any` Define additional `LogFormat` directives. Values: A hash, such as: ``` puppet $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } ``` There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates: ``` httpd LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded ``` If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition. Default value: `{}` ##### `logroot` Data type: `Any` Changes the directory of Apache log files for the virtual host. Default value: `$apache::params::logroot` ##### `logroot_mode` Data type: `Any` Overrides the default `logroot` directory's mode.
> **Note**: Do _not_ grant write access to the directory where the logs are stored without being aware of the consequences. See the [Apache documentation](https://httpd.apache.org/docs/current/logs.html#security) for details. Default value: `$apache::params::logroot_mode` ##### `manage_group` Data type: `Boolean` When `false`, stops Puppet from creating the group resource.
If you have a group created from another Puppet module that you want to use to run Apache, set this to `false`. Without this parameter, attempting to use a previously established group results in a duplicate resource error. Default value: ``true`` ##### `supplementary_groups` Data type: `Any` A list of groups to which the user belongs. These groups are in addition to the primary group.
Notice: This option only has an effect when `manage_user` is set to true. Default value: `[]` ##### `manage_user` Data type: `Boolean` When `false`, stops Puppet from creating the user resource.
This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. Default value: ``true`` ##### `mod_dir` Data type: `Any` Sets where Puppet places configuration files for your Apache modules. Default value: `$apache::params::mod_dir` ##### `mod_libs` Data type: `Any` Allows the user to override default module library names. ```puppet include apache::params class { 'apache': mod_libs => merge($::apache::params::mod_libs, { 'wsgi' => 'mod_wsgi_python3.so', }) } ``` Default value: `$apache::params::mod_libs` ##### `mod_packages` Data type: `Any` Allows the user to override default module package names. ```puppet include apache::params class { 'apache': mod_packages => merge($::apache::params::mod_packages, { 'auth_kerb' => 'httpd24-mod_auth_kerb', }) } ``` Default value: `$apache::params::mod_packages` ##### `mpm_module` Data type: `Any` Determines which [multi-processing module](https://httpd.apache.org/docs/current/mpm.html) (MPM) is loaded and configured for the HTTPD process. Valid values are: `event`, `itk`, `peruser`, `prefork`, `worker` or `false`.
You must set this to `false` to explicitly declare the following classes with custom parameters: - `apache::mod::event` - `apache::mod::itk` - `apache::mod::peruser` - `apache::mod::prefork` - `apache::mod::worker` Default value: `$apache::params::mpm_module` ##### `package_ensure` Data type: `Any` Controls the `package` resource's `ensure` attribute. Valid values are: `absent`, `installed` (or equivalent `present`), or a version string. Default value: `'installed'` ##### `pidfile` Data type: `Any` Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm. Default value: `$apache::params::pidfile` ##### `ports_file` Data type: `Any` Sets the path to the file containing Apache ports configuration. Default value: `$apache::params::ports_file` ##### `protocols` Data type: `Array[Enum['h2', 'h2c', 'http/1.1']]` Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols) directive, which lists available protocols for the server. Default value: `[]` ##### `protocols_honor_order` Data type: `Optional[Boolean]` Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder) directive which determines whether the order of Protocols sets precedence during negotiation. Default value: ``undef`` ##### `purge_configs` Data type: `Any` Removes all other Apache configs and virtual hosts.
Setting this to `false` is a stopgap measure to allow the apache module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see `purge_vhost_dir`. Default value: ``true`` ##### `purge_vhost_dir` Data type: `Any` If the `vhost_dir` parameter's value differs from the `confd_dir` parameter's, this parameter determines whether Puppet removes any configurations inside `vhost_dir` that are _not_ managed by Puppet.
Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. Default value: ``undef`` ##### `rewrite_lock` Data type: `Optional[Stdlib::Absolutepath]` Allows setting a custom location for a rewrite lock - considered best practice if using a RewriteMap of type prg in the `rewrites` parameter of your virtual host. This parameter only applies to Apache version 2.2 or lower and is ignored on newer versions. Default value: ``undef`` ##### `sendfile` Data type: `Enum['On', 'Off', 'on', 'off']` Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the `EnableSendfile` directive. Default value: `'On'` ##### `serveradmin` Data type: `Any` Sets the Apache server administrator's contact information via Apache's `ServerAdmin` directive. Default value: `'root@localhost'` ##### `servername` Data type: `Any` Sets the Apache server name via Apache's `ServerName` directive. Setting to `false` will not set ServerName at all. Default value: `$apache::params::servername` ##### `server_root` Data type: `Any` Sets the Apache server's root directory via Apache's `ServerRoot` directive. Default value: `$apache::params::server_root` ##### `server_signature` Data type: `Any` Configures a trailing footer line to display at the bottom of server-generated documents, such as error documents and output of certain Apache modules, via Apache's `ServerSignature` directive. Valid values are: `On` or `Off`. Default value: `'On'` ##### `server_tokens` Data type: `Any` Controls how much information Apache sends to the browser about itself and the operating system, via Apache's `ServerTokens` directive. Default value: `'Prod'` ##### `service_enable` Data type: `Boolean` Determines whether Puppet enables the Apache HTTPD service when the system is booted. Default value: ``true`` ##### `service_ensure` Data type: `Any` Determines whether Puppet should make sure the service is running. Valid values are: `true` (or `running`) or `false` (or `stopped`).
The `false` or `stopped` values set the 'httpd' service resource's `ensure` parameter to `false`, which is useful when you want to let the service be managed by another application, such as Pacemaker.
Default value: `'running'` ##### `service_name` Data type: `Any` Sets the name of the Apache service. Default value: `$apache::params::service_name` ##### `service_manage` Data type: `Boolean` Determines whether Puppet manages the HTTPD service's state. Default value: ``true`` ##### `service_restart` Data type: `Any` Determines whether Puppet should use a specific command to restart the HTTPD service. Values: a command to restart the Apache service. Default value: ``undef`` ##### `timeout` Data type: `Any` Sets Apache's `TimeOut` directive, which defines the number of seconds Apache waits for certain events before failing a request. Default value: `'60'` ##### `trace_enable` Data type: `Any` Controls how Apache handles `TRACE` requests (per RFC 2616) via the `TraceEnable` directive. Default value: `'On'` ##### `use_canonical_name` Data type: `Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']]` Controls Apache's `UseCanonicalName` directive which controls how Apache handles self-referential URLs. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'. Default value: ``undef`` ##### `use_systemd` Data type: `Any` Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs. Default value: `$apache::params::use_systemd` ##### `file_mode` Data type: `Any` Sets the desired permissions mode for config files. Valid values are: a string, with permissions mode in symbolic or numeric notation. Default value: `$apache::params::file_mode` ##### `root_directory_options` Data type: `Any` Array of the desired options for the `/` directory in httpd.conf. Default value: `$apache::params::root_directory_options` ##### `root_directory_secured` Data type: `Boolean` Sets the default access policy for the `/` directory in httpd.conf. A value of `false` allows access to all resources that are missing a more specific access policy. A value of `true` denies access to all resources by default. If `true`, more specific rules must be used to allow access to these resources (for example, in a directory block using the `directories` parameter). Default value: ``false`` ##### `vhost_dir` Data type: `Any` Changes your virtual host configuration files' location. Default value: `$apache::params::vhost_dir` ##### `vhost_include_pattern` Data type: `Any` Defines the pattern for files included from the `vhost_dir`. If set to a value like `[^.#]\*.conf[^~]` to make sure that files accidentally created in this directory (such as files created by version control systems or editor backups) are *not* included in your server configuration.
Some operating systems use a value of `*.conf`. By default, this module creates configuration files ending in `.conf`. Default value: `$apache::params::vhost_include_pattern` ##### `user` Data type: `Any` Changes the user that Apache uses to answer requests. Apache's parent process continues to run as root, but child processes access resources as the user defined by this parameter. To prevent Puppet from managing the user, set the `manage_user` parameter to `false`. Default value: `$apache::params::user` ##### `apache_name` Data type: `Any` The name of the Apache package to install. If you are using a non-standard Apache package you might need to override the default setting.
For CentOS/RHEL Software Collections (SCL), you can also use `apache::version::scl_httpd_version`. Default value: `$apache::params::apache_name` ##### `error_log` Data type: `Any` The name of the error log file for the main server instance. If the string starts with `/`, `|`, or `syslog`: the full path is set. Otherwise, the filename is prefixed with `$logroot`. Default value: `$apache::params::error_log` ##### `scriptalias` Data type: `Any` Directory to use for global script alias Default value: `$apache::params::scriptalias` ##### `access_log_file` Data type: `Any` The name of the access log file for the main server instance. Default value: `$apache::params::access_log_file` ##### `limitreqfields` Data type: `Any` The `limitreqfields` parameter sets the maximum number of request header fields in an HTTP request. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request. Default value: `'100'` ##### `limitreqfieldsize` Data type: `Any` The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will be allowed within a request header. Default value: `'8190'` ##### `ip` Data type: `Any` Specifies the ip address Default value: ``undef`` ##### `purge_vdir` Data type: `Any` Removes all other Apache configs and virtual hosts.
> **Note**: This parameter is deprecated in favor of the `purge_config` parameter.
Default value: ``false`` ##### `conf_enabled` Data type: `Any` Whether the additional config files in `/etc/apache2/conf-enabled` should be managed. Default value: `$apache::params::conf_enabled` ##### `vhost_enable_dir` Data type: `Any` Set's whether the vhost definitions will be stored in sites-availible and if they will be symlinked to and from sites-enabled. Default value: `$apache::params::vhost_enable_dir` ##### `mod_enable_dir` Data type: `Any` Set's whether the mods-enabled directory should be managed. Default value: `$apache::params::mod_enable_dir` ##### `ssl_file` Data type: `Any` This parameter allows you to set an ssl.conf file to be managed in order to implement an SSL Certificate. Default value: ``undef`` ##### `file_e_tag` Data type: `Any` Sets the server default for the `FileETag` declaration, which modifies the response header field for static files. Default value: ``undef`` ##### `use_optional_includes` Data type: `Boolean` Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for `additional_includes` in Apache 2.4 or newer. Default value: `$apache::params::use_optional_includes` ##### `mime_types_additional` Data type: `Any` Specifies any idditional Internet media (mime) types that you wish to be configured. Default value: `$apache::params::mime_types_additional` ### `apache::dev` The libraries installed depends on the `dev_packages` parameter of the `apache::params` class, based on your operating system: -- **Debian** : `libaprutil1-dev`, `libapr1-dev`; `apache2-dev` on Ubuntu 13.10 and Debian 8; `apache2-prefork-dev` on other versions. +- **Debian** : `libaprutil1-dev`, `libapr1-dev`; `apache2-dev` - **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`. - **Gentoo**: `undef`. - **Red Hat**: `httpd-devel`. ### `apache::mod::actions` Installs Apache mod_actions * **See also** * https://httpd.apache.org/docs/current/mod/mod_actions.html * for additional documentation. ### `apache::mod::alias` Installs and configures `mod_alias`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_alias.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::alias` class: * [`apache_version`](#apache_version) * [`icons_options`](#icons_options) * [`icons_path`](#icons_path) * [`icons_path`](#icons_path) * [`icons_prefix`](#icons_prefix) ##### `apache_version` Data type: `Any` The version of Apache, if not set will be retrieved from the init class. Default value: ``undef`` ##### `icons_options` Data type: `Any` Disables directory listings for the icons directory, via Apache [Options](https://httpd.apache.org/docs/current/mod/core.html#options) directive. Default value: `'Indexes MultiViews'` ##### `icons_path` Data type: `Any` Sets the local path for an /icons/ Alias. Default depends on operating system: - Debian: /usr/share/apache2/icons - FreeBSD: /usr/local/www/apache24/icons - Gentoo: /var/www/icons - Red Hat: /var/www/icons, except on Apache 2.4, where it's /usr/share/httpd/icons Default value: `$apache::params::alias_icons_path` ##### `icons_path` Change the alias for /icons/. Default value: `$apache::params::alias_icons_path` ##### `icons_prefix` Data type: `Any` Default value: `$apache::params::icons_prefix` ### `apache::mod::apreq2` Installs `mod_apreq2`. * **Note** Unsupported platforms: CentOS: all; Debian: 8; OracleLinux: all; RedHat: all; Scientific: all; SLES: all; Ubuntu: all * **See also** * http://httpd.apache.org/apreq/docs/libapreq2/group__mod__apreq2.html * for additional documentation. ### `apache::mod::auth_basic` Installs `mod_auth_basic` * **See also** * https://httpd.apache.org/docs/current/mod/mod_auth_basic.html * for additional documentation. ### `apache::mod::auth_cas` Installs and configures `mod_auth_cas`. * **Note** The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. * **See also** * https://github.com/apereo/mod_auth_cas * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::auth_cas` class: * [`cas_login_url`](#cas_login_url) * [`cas_validate_url`](#cas_validate_url) * [`cas_cookie_path`](#cas_cookie_path) * [`cas_cookie_path_mode`](#cas_cookie_path_mode) * [`cas_version`](#cas_version) * [`cas_debug`](#cas_debug) * [`cas_validate_server`](#cas_validate_server) * [`cas_validatedepth`](#cas_validatedepth) * [`cas_proxy_validate_url`](#cas_proxy_validate_url) * [`cas_root_proxied_as`](#cas_root_proxied_as) * [`cas_cookie_entropy`](#cas_cookie_entropy) * [`cas_timeout`](#cas_timeout) * [`cas_idle_timeout`](#cas_idle_timeout) * [`cas_cache_clean_interval`](#cas_cache_clean_interval) * [`cas_cookie_domain`](#cas_cookie_domain) * [`cas_cookie_http_only`](#cas_cookie_http_only) * [`cas_authoritative`](#cas_authoritative) * [`cas_validate_saml`](#cas_validate_saml) * [`cas_sso_enabled`](#cas_sso_enabled) * [`cas_attribute_prefix`](#cas_attribute_prefix) * [`cas_attribute_delimiter`](#cas_attribute_delimiter) * [`cas_scrub_request_headers`](#cas_scrub_request_headers) * [`suppress_warning`](#suppress_warning) * [`cas_validate_depth`](#cas_validate_depth) * [`cas_certificate_path`](#cas_certificate_path) ##### `cas_login_url` Data type: `String` Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session. ##### `cas_validate_url` Data type: `String` Sets the URL to use when validating a client-presented ticket in an HTTP query string. ##### `cas_cookie_path` Data type: `String` Sets the location where information on the current session should be stored. This should be writable by the web server only. Default value: `$apache::params::cas_cookie_path` ##### `cas_cookie_path_mode` Data type: `Any` The mode of cas_cookie_path. Default value: `'0750'` ##### `cas_version` Data type: `Any` The version of the CAS protocol to adhere to. Default value: `2` ##### `cas_debug` Data type: `Any` Whether to enable or disable debug mode. Default value: `'Off'` ##### `cas_validate_server` Data type: `Any` Whether to validate the presented certificate. This has been deprecated and removed from Version 1.1-RC1 onward. Default value: ``undef`` ##### `cas_validatedepth` The maximum depth for chained certificate validation. ##### `cas_proxy_validate_url` Data type: `Any` The URL to use when performing a proxy validation. Default value: ``undef`` ##### `cas_root_proxied_as` Data type: `Any` Sets the URL end users see when access to this Apache server is proxied per vhost. This URL should not include a trailing slash. Default value: ``undef`` ##### `cas_cookie_entropy` Data type: `Any` When creating a local session, this many random bytes are used to create a unique session identifier. Default value: ``undef`` ##### `cas_timeout` Data type: `Any` The hard limit, in seconds, for a mod_auth_cas session. Default value: ``undef`` ##### `cas_idle_timeout` Data type: `Any` The limit, in seconds, of how long a mod_auth_cas session can be idle. Default value: ``undef`` ##### `cas_cache_clean_interval` Data type: `Any` The minimum amount of time that must pass inbetween cache cleanings. Default value: ``undef`` ##### `cas_cookie_domain` Data type: `Any` The value for the 'Domain=' parameter in the Set-Cookie header. Default value: ``undef`` ##### `cas_cookie_http_only` Data type: `Any` Setting this flag prevents the mod_auth_cas cookies from being accessed by client side Javascript. Default value: ``undef`` ##### `cas_authoritative` Data type: `Any` Determines whether an optional authorization directive is authoritative and thus binding. Default value: ``undef`` ##### `cas_validate_saml` Data type: `Any` Parse response from CAS server for SAML. Default value: ``undef`` ##### `cas_sso_enabled` Data type: `Any` Enables experimental support for single sign out (may mangle POST data). Default value: ``undef`` ##### `cas_attribute_prefix` Data type: `Any` Adds a header with the value of this header being the attribute values when SAML validation is enabled. Default value: ``undef`` ##### `cas_attribute_delimiter` Data type: `Any` Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`. Default value: ``undef`` ##### `cas_scrub_request_headers` Data type: `Any` Remove inbound request headers that may have special meaning within mod_auth_cas. Default value: ``undef`` ##### `suppress_warning` Data type: `Any` Suppress warning about being on RedHat (mod_auth_cas package is now available in epel-testing repo). Default value: ``false`` ##### `cas_validate_depth` Data type: `Any` Default value: ``undef`` ##### `cas_certificate_path` Data type: `Any` Default value: ``undef`` ### `apache::mod::auth_gssapi` Installs `mod_auth_gsappi`. * **See also** * https://github.com/modauthgssapi/mod_auth_gssapi * for additional documentation. ### `apache::mod::auth_kerb` Installs `mod_auth_kerb` * **See also** * http://modauthkerb.sourceforge.net * for additional documentation. ### `apache::mod::auth_mellon` Installs and configures `mod_auth_mellon`. * **See also** * https://github.com/Uninett/mod_auth_mellon * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::auth_mellon` class: * [`mellon_cache_size`](#mellon_cache_size) * [`mellon_lock_file`](#mellon_lock_file) * [`mellon_post_directory`](#mellon_post_directory) * [`mellon_cache_entry_size`](#mellon_cache_entry_size) * [`mellon_post_ttl`](#mellon_post_ttl) * [`mellon_post_size`](#mellon_post_size) * [`mellon_post_count`](#mellon_post_count) ##### `mellon_cache_size` Data type: `Any` Maximum number of sessions which can be active at once. Default value: `$apache::params::mellon_cache_size` ##### `mellon_lock_file` Data type: `Any` Full path to a file used for synchronizing access to the session data. Default value: `$apache::params::mellon_lock_file` ##### `mellon_post_directory` Data type: `Any` Full path of a directory where POST requests are saved during authentication. Default value: `$apache::params::mellon_post_directory` ##### `mellon_cache_entry_size` Data type: `Any` Maximum size for a single session entry in bytes. Default value: ``undef`` ##### `mellon_post_ttl` Data type: `Any` Delay in seconds before a saved POST request can be flushed. Default value: ``undef`` ##### `mellon_post_size` Data type: `Any` Maximum size for saved POST requests. Default value: ``undef`` ##### `mellon_post_count` Data type: `Any` Maximum amount of saved POST requests. Default value: ``undef`` ### `apache::mod::auth_openidc` Installs and configures `mod_auth_openidc`. * **See also** * https://github.com/zmartzone/mod_auth_openidc * for additional documentation. ### `apache::mod::authn_core` Installs `mod_authn_core`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_authn_core.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::authn_core` class: * [`apache_version`](#apache_version) ##### `apache_version` Data type: `Any` The version of apache being run. Default value: `$apache::apache_version` ### `apache::mod::authn_dbd` Installs `mod_authn_dbd`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_authn_dbd.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::authn_dbd` class: * [`authn_dbd_params`](#authn_dbd_params) * [`authn_dbd_dbdriver`](#authn_dbd_dbdriver) * [`authn_dbd_query`](#authn_dbd_query) * [`authn_dbd_min`](#authn_dbd_min) * [`authn_dbd_max`](#authn_dbd_max) * [`authn_dbd_keep`](#authn_dbd_keep) * [`authn_dbd_exptime`](#authn_dbd_exptime) * [`authn_dbd_alias`](#authn_dbd_alias) ##### `authn_dbd_params` Data type: `Any` The params needed for the mod to function. ##### `authn_dbd_dbdriver` Data type: `Any` Selects an apr_dbd driver by name. Default value: `'mysql'` ##### `authn_dbd_query` Data type: `Any` Default value: ``undef`` ##### `authn_dbd_min` Data type: `Any` Set the minimum number of connections per process. Default value: `'4'` ##### `authn_dbd_max` Data type: `Any` Set the maximum number of connections per process. Default value: `'20'` ##### `authn_dbd_keep` Data type: `Any` Set the maximum number of connections per process to be sustained. Default value: `'8'` ##### `authn_dbd_exptime` Data type: `Any` Set the time to keep idle connections alive when the number of connections specified in DBDKeep has been exceeded. Default value: `'300'` ##### `authn_dbd_alias` Data type: `Any` Sets an alias for `AuthnProvider. Default value: ``undef`` ### `apache::mod::authn_file` Installs `mod_authn_file`. * **See also** * https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html * for additional documentation. ### `apache::mod::authnz_ldap` Installs `mod_authnz_ldap`. * **Note** Unsupported platforms: RedHat: 6, 8; CentOS: 6, 8; OracleLinux: 6, 8; Ubuntu: all; Debian: all; SLES: all * **See also** * https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::authnz_ldap` class: * [`verify_server_cert`](#verify_server_cert) * [`package_name`](#package_name) ##### `verify_server_cert` Data type: `Boolean` Whether to force te verification of a server cert or not. Default value: ``true`` ##### `package_name` Data type: `Any` The name of the ldap package. Default value: ``undef`` ### `apache::mod::authnz_pam` Installs `mod_authnz_pam`. * **See also** * https://www.adelton.com/apache/mod_authnz_pam * for additional documentation. ### `apache::mod::authz_default` Installs and configures `mod_authz_default`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_authz_default.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::authz_default` class: * [`apache_version`](#apache_version) ##### `apache_version` Data type: `Any` Version of Apache to install module on. Default value: `$apache::apache_version` ### `apache::mod::authz_user` Installs `mod_authz_user` * **See also** * https://httpd.apache.org/docs/current/mod/mod_authz_user.html * for additional documentation. ### `apache::mod::autoindex` Installs `mod_autoindex` * **See also** * https://httpd.apache.org/docs/current/mod/mod_autoindex.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::autoindex` class: * [`icons_prefix`](#icons_prefix) ##### `icons_prefix` Data type: `Any` Default value: `$apache::params::icons_prefix` ### `apache::mod::cache` Installs `mod_cache` * **See also** * https://httpd.apache.org/docs/current/mod/mod_cache.html * for additional documentation. ### `apache::mod::cgi` Installs `mod_cgi`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_cgi.html * for additional documentation. ### `apache::mod::cgid` Installs `mod_cgid`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_cgid.html ### `apache::mod::cluster` Installs `mod_cluster`. * **Note** There is no official package available for mod_cluster, so you must make it available outside of the apache module. Binaries can be found [here](https://modcluster.io/). * **See also** * https://modcluster.io/ * for additional documentation. #### Examples ##### ```puppet class { '::apache::mod::cluster': ip => '172.17.0.1', allowed_network => '172.17.0.', balancer_name => 'mycluster', version => '1.3.1' } ``` #### Parameters The following parameters are available in the `apache::mod::cluster` class: * [`allowed_network`](#allowed_network) * [`balancer_name`](#balancer_name) * [`ip`](#ip) * [`version`](#version) * [`enable_mcpm_receive`](#enable_mcpm_receive) * [`port`](#port) * [`keep_alive_timeout`](#keep_alive_timeout) * [`manager_allowed_network`](#manager_allowed_network) * [`max_keep_alive_requests`](#max_keep_alive_requests) * [`server_advertise`](#server_advertise) * [`advertise_frequency`](#advertise_frequency) ##### `allowed_network` Data type: `Any` Balanced members network. ##### `balancer_name` Data type: `Any` Name of balancer. ##### `ip` Data type: `Any` Specifies the IP address to listen to. ##### `version` Data type: `Any` Specifies the mod_cluster version. Version 1.3.0 or greater is required for httpd 2.4. ##### `enable_mcpm_receive` Data type: `Any` Whether MCPM should be enabled. Default value: ``true`` ##### `port` Data type: `Any` mod_cluster listen port. Default value: `'6666'` ##### `keep_alive_timeout` Data type: `Any` Specifies how long Apache should wait for a request, in seconds. Default value: `60` ##### `manager_allowed_network` Data type: `Any` Whether to allow the network to access the mod_cluster_manager. Default value: `'127.0.0.1'` ##### `max_keep_alive_requests` Data type: `Any` Maximum number of requests kept alive. Default value: `0` ##### `server_advertise` Data type: `Any` Whether the server should advertise. Default value: ``true`` ##### `advertise_frequency` Data type: `Any` Sets the interval between advertise messages in seconds. Default value: ``undef`` ### `apache::mod::data` Installs and configures `mod_data`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_data.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::data` class: * [`apache_version`](#apache_version) ##### `apache_version` Data type: `Any` Version of Apache to install module on. Default value: ``undef`` ### `apache::mod::dav` Installs `mod_dav`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_dav.html * for additional documentation. ### `apache::mod::dav_fs` Installs `mod_dav_fs`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_dav_fs.html * for additional documentation. ### `apache::mod::dav_svn` Installs and configures `mod_dav_svn`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_dav_svn.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::dav_svn` class: * [`authz_svn_enabled`](#authz_svn_enabled) ##### `authz_svn_enabled` Data type: `Any` Specifies whether to install Apache mod_authz_svn Default value: ``false`` ### `apache::mod::dbd` Installs `mod_dbd`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_dbd.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::dbd` class: * [`apache_version`](#apache_version) ##### `apache_version` Used to verify that the Apache version you have requested is compatible with the module. ### `apache::mod::deflate` Installs and configures `mod_deflate`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_deflate.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::deflate` class: * [`types`](#types) * [`notes`](#notes) ##### `types` Data type: `Any` An array of MIME types to be deflated. See https://www.iana.org/assignments/media-types/media-types.xhtml. Default value: `[ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json', ]` ##### `notes` Data type: `Any` A Hash where the key represents the type and the value represents the note name. Default value: `{ 'Input' => 'instream', 'Output' => 'outstream', 'Ratio' => 'ratio', }` ### `apache::mod::dev` Installs `mod_dev`. * **Note** This module is deprecated. Please use `apache::dev`. ### `apache::mod::dir` Installs and configures `mod_dir`. * **TODO** This sets the global DirectoryIndex directive, so it may be necessary to consider being able to modify the apache::vhost to declare DirectoryIndex statements in a vhost configuration * **See also** * https://httpd.apache.org/docs/current/mod/mod_dir.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::dir` class: * [`types`](#types) * [`indexes`](#indexes) * [`dir`](#dir) ##### `types` Specifies the text-based content types to compress. ##### `indexes` Data type: `Array[String]` Provides a string for the DirectoryIndex directive Default value: `['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml']` ##### `dir` Data type: `Any` Default value: `'public_html'` ### `apache::mod::disk_cache` Installs and configures `mod_disk_cache`. * **Note** Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed. * **See also** * https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::disk_cache` class: * [`cache_root`](#cache_root) * [`cache_ignore_headers`](#cache_ignore_headers) * [`default_cache_enable`](#default_cache_enable) ##### `cache_root` Data type: `Any` Defines the name of the directory on the disk to contain cache files. Default depends on the Apache version and operating system: - Debian: /var/cache/apache2/mod_cache_disk - FreeBSD: /var/cache/mod_cache_disk - Red Hat, Apache 2.4: /var/cache/httpd/proxy - Red Hat, Apache 2.2: /var/cache/mod_proxy Default value: ``undef`` ##### `cache_ignore_headers` Data type: `Any` Specifies HTTP header(s) that should not be stored in the cache. Default value: ``undef`` ##### `default_cache_enable` Data type: `Boolean` Default value is true, which enables "CacheEnable disk /" in disk_cache.conf for the webserver. This would cache every request to apache by default for every vhost. If set to false the default cache all behaviour is supressed. You can then control this behaviour in individual vhosts by explicitly defining CacheEnable. Default value: ``true`` ### `apache::mod::dumpio` Installs and configures `mod_dumpio`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_dumpio.html * for additional documentation. #### Examples ##### ```puppet class{'apache': default_mods => false, log_level => 'dumpio:trace7', } class{'apache::mod::dumpio': dump_io_input => 'On', dump_io_output => 'Off', } ``` #### Parameters The following parameters are available in the `apache::mod::dumpio` class: * [`dump_io_input`](#dump_io_input) * [`dump_io_output`](#dump_io_output) ##### `dump_io_input` Data type: `Enum['Off', 'On', 'off', 'on']` Dump all input data to the error log Default value: `'Off'` ##### `dump_io_output` Data type: `Enum['Off', 'On', 'off', 'on']` Dump all output data to the error log Default value: `'Off'` ### `apache::mod::env` Installs `mod_env`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_env.html * for additional documentation. ### `apache::mod::event` Installs and configures `mod_event`. * **Note** You cannot include apache::mod::event with apache::mod::itk, apache::mod::peruser, apache::mod::prefork, or apache::mod::worker on the same server. * **See also** * https://httpd.apache.org/docs/current/mod/event.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::event` class: * [`startservers`](#startservers) * [`maxclients`](#maxclients) * [`maxrequestworkers`](#maxrequestworkers) * [`minsparethreads`](#minsparethreads) * [`maxsparethreads`](#maxsparethreads) * [`threadsperchild`](#threadsperchild) * [`maxrequestsperchild`](#maxrequestsperchild) * [`maxconnectionsperchild`](#maxconnectionsperchild) * [`serverlimit`](#serverlimit) * [`apache_version`](#apache_version) * [`threadlimit`](#threadlimit) * [`listenbacklog`](#listenbacklog) ##### `startservers` Data type: `Any` Sets the number of child server processes created at startup, via the module's `StartServers` directive. Setting this to `false` removes the parameter. Default value: `'2'` ##### `maxclients` Data type: `Any` Apache 2.3.12 or older alias for the `MaxRequestWorkers` directive. Default value: `'150'` ##### `maxrequestworkers` Data type: `Any` Sets the maximum number of connections Apache can simultaneously process, via the module's `MaxRequestWorkers` directive. Setting these to `false` removes the parameters. Default value: ``undef`` ##### `minsparethreads` Data type: `Any` Sets the minimum number of idle threads, via the `MinSpareThreads` directive. Setting this to `false` removes the parameters. Default value: `'25'` ##### `maxsparethreads` Data type: `Any` Sets the maximum number of idle threads, via the `MaxSpareThreads` directive. Setting this to `false` removes the parameters. Default value: `'75'` ##### `threadsperchild` Data type: `Any` Number of threads created by each child process. Default value: `'25'` ##### `maxrequestsperchild` Data type: `Any` Apache 2.3.8 or older alias for the `MaxConnectionsPerChild` directive. Default value: `'0'` ##### `maxconnectionsperchild` Data type: `Any` Limit on the number of connections that an individual child server will handle during its life. Default value: ``undef`` ##### `serverlimit` Data type: `Any` Limits the configurable number of processes via the `ServerLimit` directive. Setting this to `false` removes the parameter. Default value: `'25'` ##### `apache_version` Data type: `Any` Version of Apache to install module on. Default value: ``undef`` ##### `threadlimit` Data type: `Any` Limits the number of event threads via the module's `ThreadLimit` directive. Setting this to `false` removes the parameter. Default value: `'64'` ##### `listenbacklog` Data type: `Any` Sets the maximum length of the pending connections queue via the module's `ListenBackLog` directive. Setting this to `false` removes the parameter. Default value: `'511'` ### `apache::mod::expires` Installs and configures `mod_expires`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_expires.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::expires` class: * [`expires_active`](#expires_active) * [`expires_default`](#expires_default) * [`expires_by_type`](#expires_by_type) ##### `expires_active` Data type: `Any` Enables generation of Expires headers. Default value: ``true`` ##### `expires_default` Data type: `Any` Specifies the default algorithm for calculating expiration time using ExpiresByType syntax or interval syntax. Default value: ``undef`` ##### `expires_by_type` Data type: `Any` Describes a set of [MIME content-types](https://www.iana.org/assignments/media-types/media-types.xhtml) and their expiration times. This should be used as an array of Hashes, with each Hash's key a valid MIME content-type (i.e. 'text/json') and its value following valid interval syntax. Default value: ``undef`` ### `apache::mod::ext_filter` Installs and configures `mod_ext_filter`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_ext_filter.html * for additional documentation. #### Examples ##### ```puppet class { 'apache::mod::ext_filter': ext_filter_define => { 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', }, } ``` #### Parameters The following parameters are available in the `apache::mod::ext_filter` class: * [`ext_filter_define`](#ext_filter_define) ##### `ext_filter_define` Data type: `Optional[Hash]` Hash of filter names and their parameters. Default value: ``undef`` ### `apache::mod::fastcgi` Installs `mod_fastcgi`. * **See also** * https://github.com/FastCGI-Archives/mod_fastcgi * for additional documentation. ### `apache::mod::fcgid` loaded first; Puppet will not automatically enable it if you set the fcgiwrapper parameter in apache::vhost. include apache::mod::fcgid apache::vhost { 'example.org': docroot => '/var/www/html', directories => { path => '/var/www/html', fcgiwrapper => { command => '/usr/local/bin/fcgiwrapper', } }, } * **See also** * https://httpd.apache.org/docs/current/mod/mod_fcgid.html * for additional documentation. #### Examples ##### The class does not individually parameterize all available options. Instead, configure mod_fcgid using the options hash. ```puppet class { 'apache::mod::fcgid': options => { 'FcgidIPCDir' => '/var/run/fcgidsock', 'SharememPath' => '/var/run/fcgid_shm', 'AddHandler' => 'fcgid-script .fcgi', }, } ``` ##### If you include apache::mod::fcgid, you can set the [FcgidWrapper][] per directory, per virtual host. The module must be ```puppet ``` #### Parameters The following parameters are available in the `apache::mod::fcgid` class: * [`expires_active`](#expires_active) * [`expires_default`](#expires_default) * [`expires_by_type`](#expires_by_type) * [`options`](#options) ##### `expires_active` Enables generation of Expires headers. ##### `expires_default` Default algorithm for calculating expiration time. ##### `expires_by_type` Value of the Expires header configured by MIME type. ##### `options` Data type: `Any` Default value: `{}` ### `apache::mod::filter` Installs `mod_filter`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_filter.html * for additional documentation. ### `apache::mod::geoip` Installs and configures `mod_geoip`. * **See also** * https://dev.maxmind.com/geoip/legacy/mod_geoip2 * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::geoip` class: * [`enable`](#enable) * [`db_file`](#db_file) * [`flag`](#flag) * [`output`](#output) * [`enable_utf8`](#enable_utf8) * [`scan_proxy_headers`](#scan_proxy_headers) * [`scan_proxy_headers_field`](#scan_proxy_headers_field) * [`use_last_xforwarededfor_ip`](#use_last_xforwarededfor_ip) * [`scan_proxy_header_field`](#scan_proxy_header_field) ##### `enable` Data type: `Any` Toggles whether to enable geoip. Default value: ``false`` ##### `db_file` Data type: `Any` Path to database for GeoIP to use. Default value: `'/usr/share/GeoIP/GeoIP.dat'` ##### `flag` Data type: `Any` Caching directive to use. Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'. Default value: `'Standard'` ##### `output` Data type: `Any` Output variable locations. Values: 'All', 'Env', 'Request', 'Notes'. Default value: `'All'` ##### `enable_utf8` Data type: `Any` Changes the output from ISO88591 (Latin1) to UTF8. Default value: ``undef`` ##### `scan_proxy_headers` Data type: `Any` Enables the GeoIPScanProxyHeaders option. Default value: ``undef`` ##### `scan_proxy_headers_field` Specifies the header mod_geoip uses to determine the client's IP address. ##### `use_last_xforwarededfor_ip` Data type: `Any` Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found. Default value: ``undef`` ##### `scan_proxy_header_field` Data type: `Any` Default value: ``undef`` ### `apache::mod::headers` Installs and configures `mod_headers`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_headers.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::headers` class: * [`apache_version`](#apache_version) ##### `apache_version` Version of Apache to install module on. ### `apache::mod::http2` Installs and configures `mod_http2`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_http2.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::http2` class: * [`h2_copy_files`](#h2_copy_files) * [`h2_direct`](#h2_direct) * [`h2_early_hints`](#h2_early_hints) * [`h2_max_session_streams`](#h2_max_session_streams) * [`h2_max_worker_idle_seconds`](#h2_max_worker_idle_seconds) * [`h2_max_workers`](#h2_max_workers) * [`h2_min_workers`](#h2_min_workers) * [`h2_modern_tls_only`](#h2_modern_tls_only) * [`h2_push`](#h2_push) * [`h2_push_diary_size`](#h2_push_diary_size) * [`h2_priority`](#h2_priority) * [`h2_push_resource`](#h2_push_resource) * [`h2_serialize_headers`](#h2_serialize_headers) * [`h2_stream_max_mem_size`](#h2_stream_max_mem_size) * [`h2_tls_cool_down_secs`](#h2_tls_cool_down_secs) * [`h2_tls_warm_up_size`](#h2_tls_warm_up_size) * [`h2_upgrade`](#h2_upgrade) * [`h2_window_size`](#h2_window_size) * [`apache_version`](#apache_version) * [`h2_push_priority`](#h2_push_priority) ##### `h2_copy_files` Data type: `Optional[Boolean]` Determine file handling in responses. Default value: ``undef`` ##### `h2_direct` Data type: `Optional[Boolean]` H2 Direct Protocol Switch. Default value: ``undef`` ##### `h2_early_hints` Data type: `Optional[Boolean]` Determine sending of 103 status codes. Default value: ``undef`` ##### `h2_max_session_streams` Data type: `Optional[Integer]` Sets maximum number of active streams per HTTP/2 session. Default value: ``undef`` ##### `h2_max_worker_idle_seconds` Data type: `Optional[Integer]` Sets maximum number of seconds h2 workers remain idle until shut down. Default value: ``undef`` ##### `h2_max_workers` Data type: `Optional[Integer]` Sets maximum number of worker threads to use per child process. Default value: ``undef`` ##### `h2_min_workers` Data type: `Optional[Integer]` Sets minimal number of worker threads to use per child process. Default value: ``undef`` ##### `h2_modern_tls_only` Data type: `Optional[Boolean]` Toggles the security checks on HTTP/2 connections in TLS mode Default value: ``undef`` ##### `h2_push` Data type: `Optional[Boolean]` Toggles the usage of the HTTP/2 server push protocol feature. Default value: ``undef`` ##### `h2_push_diary_size` Data type: `Optional[Integer]` Sets maximum number of HTTP/2 server pushes that are remembered per HTTP/2 connection. Default value: ``undef`` ##### `h2_priority` Require HTTP/2 connections to be "modern TLS" only ##### `h2_push_resource` Data type: `Array[String]` When added to a directory/location, HTTP/2 PUSHes will be attempted for all paths added via this directive Default value: `[]` ##### `h2_serialize_headers` Data type: `Optional[Boolean]` Toggles if HTTP/2 requests shall be serialized in HTTP/1.1 format for processing by httpd core or if received binary data shall be passed into the request_recs directly. Default value: ``undef`` ##### `h2_stream_max_mem_size` Data type: `Optional[Integer]` Sets the maximum number of outgoing data bytes buffered in memory for an active streams. Default value: ``undef`` ##### `h2_tls_cool_down_secs` Data type: `Optional[Integer]` Sets the number of seconds of idle time on a TLS connection before the TLS write size falls back to small (~1300 bytes) length. Default value: ``undef`` ##### `h2_tls_warm_up_size` Data type: `Optional[Integer]` Sets the number of bytes to be sent in small TLS records (~1300 bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections. Default value: ``undef`` ##### `h2_upgrade` Data type: `Optional[Boolean]` Toggles the usage of the HTTP/1.1 Upgrade method for switching to HTTP/2. Default value: ``undef`` ##### `h2_window_size` Data type: `Optional[Integer]` Sets the size of the window that is used for flow control from client to server and limits the amount of data the server has to buffer. Default value: ``undef`` ##### `apache_version` Data type: `Optional[String]` Version of Apache to install module on. Default value: ``undef`` ##### `h2_push_priority` Data type: `Array[String]` Default value: `[]` ### `apache::mod::include` Installs `mod_include`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_include.html * for additional documentation. ### `apache::mod::info` Installs and configures `mod_info`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_info.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::info` class: * [`allow_from`](#allow_from) * [`apache_version`](#apache_version) * [`restrict_access`](#restrict_access) * [`info_path`](#info_path) ##### `allow_from` Data type: `Any` Allowlist of IPv4 or IPv6 addresses or ranges that can access the info path. Default value: `['127.0.0.1','::1']` ##### `apache_version` Data type: `Any` Version of Apache to install module on. Default value: ``undef`` ##### `restrict_access` Data type: `Any` Toggles whether to restrict access to info path. If `false`, the `allow_from` allowlist is ignored and any IP address can access the info path. Default value: ``true`` ##### `info_path` Data type: `Any` Path on server to file containing server configuration information. Default value: `'/server-info'` ### `apache::mod::intercept_form_submit` Installs `mod_intercept_form_submit`. * **See also** * https://www.adelton.com/apache/mod_intercept_form_submit * for additional documentation. ### `apache::mod::itk` Installs MPM `mod_itk`. * **Note** Unsupported platforms: CentOS: 8; RedHat: 8; SLES: all * **See also** * http://mpm-itk.sesse.net * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::itk` class: * [`startservers`](#startservers) * [`minspareservers`](#minspareservers) * [`maxspareservers`](#maxspareservers) * [`serverlimit`](#serverlimit) * [`maxclients`](#maxclients) * [`maxrequestsperchild`](#maxrequestsperchild) * [`enablecapabilities`](#enablecapabilities) * [`apache_version`](#apache_version) ##### `startservers` Data type: `Any` Number of child server processes created on startup. Default value: `'8'` ##### `minspareservers` Data type: `Any` Minimum number of idle child server processes. Default value: `'5'` ##### `maxspareservers` Data type: `Any` Maximum number of idle child server processes. Default value: `'20'` ##### `serverlimit` Data type: `Any` Maximum configured value for `MaxRequestWorkers` for the lifetime of the Apache httpd process. Default value: `'256'` ##### `maxclients` Data type: `Any` Limit on the number of simultaneous requests that will be served. Default value: `'256'` ##### `maxrequestsperchild` Data type: `Any` Limit on the number of connections that an individual child server process will handle. Default value: `'4000'` ##### `enablecapabilities` Data type: `Any` Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra capabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor capabilities, such as NFS. Default value: ``undef`` ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: ``undef`` ### `apache::mod::jk` Installs `mod_jk`. * **Note** shm_file and log_file Depending on how these files are specified, the class creates their final path differently: Relative path: prepends supplied path with logroot (see below) Absolute path or pipe: uses supplied path as-is ``` shm_file => 'shm_file' # Ends up in $shm_path = '/var/log/httpd/shm_file' shm_file => '/run/shm_file' # Ends up in $shm_path = '/run/shm_file' shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' # Ends up in $shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' ``` * **See also** * https://tomcat.apache.org/connectors-doc/reference/apache.html * for additional documentation. #### Examples ##### ```puppet class { '::apache::mod::jk': ip => '192.168.2.15', workers_file => 'conf/workers.properties', mount_file => 'conf/uriworkermap.properties', shm_file => 'run/jk.shm', shm_size => '50M', workers_file_content => { }, } ``` #### Parameters The following parameters are available in the `apache::mod::jk` class: * [`ip`](#ip) * [`port`](#port) * [`add_listen`](#add_listen) * [`workers_file`](#workers_file) * [`worker_property`](#worker_property) * [`logroot`](#logroot) * [`shm_file`](#shm_file) * [`shm_size`](#shm_size) * [`mount_file`](#mount_file) * [`mount_file_reload`](#mount_file_reload) * [`mount`](#mount) * [`un_mount`](#un_mount) * [`auto_alias`](#auto_alias) * [`mount_copy`](#mount_copy) * [`worker_indicator`](#worker_indicator) * [`watchdog_interval`](#watchdog_interval) * [`log_file`](#log_file) * [`log_level`](#log_level) * [`log_stamp_format`](#log_stamp_format) * [`request_log_format`](#request_log_format) * [`extract_ssl`](#extract_ssl) * [`https_indicator`](#https_indicator) * [`sslprotocol_indicator`](#sslprotocol_indicator) * [`certs_indicator`](#certs_indicator) * [`cipher_indicator`](#cipher_indicator) * [`certchain_prefix`](#certchain_prefix) * [`session_indicator`](#session_indicator) * [`keysize_indicator`](#keysize_indicator) * [`local_name_indicator`](#local_name_indicator) * [`ignore_cl_indicator`](#ignore_cl_indicator) * [`local_addr_indicator`](#local_addr_indicator) * [`local_port_indicator`](#local_port_indicator) * [`remote_host_indicator`](#remote_host_indicator) * [`remote_addr_indicator`](#remote_addr_indicator) * [`remote_port_indicator`](#remote_port_indicator) * [`remote_user_indicator`](#remote_user_indicator) * [`auth_type_indicator`](#auth_type_indicator) * [`options`](#options) * [`env_var`](#env_var) * [`strip_session`](#strip_session) * [`workers_file_content`](#workers_file_content) * [`mount_file_content`](#mount_file_content) * [`location_list`](#location_list) ##### `ip` Data type: `Optional[String]` IP for binding to mod_jk. Useful when the binding address is not the primary network interface IP. Default value: ``undef`` ##### `port` Data type: `Integer` Port for binding to mod_jk. Useful when something else, like a reverse proxy or cache, is receiving requests at port 80, then needs to forward them to Apache at a different port. Default value: `80` ##### `add_listen` Data type: `Boolean` Defines if a Listen directive according to parameters ip and port (see below), so that Apache listens to the IP/port combination and redirect to mod_jk. Useful when another Listen directive, like Listen *: or Listen , can conflict with the one necessary for mod_jk binding. Default value: ``true`` ##### `workers_file` Data type: `Any` The name of a worker file for the Tomcat servlet containers. Default value: ``undef`` ##### `worker_property` Data type: `Any` Enables setting worker properties inside Apache configuration file. Default value: `{}` ##### `logroot` Data type: `Any` The base directory for shm_file and log_file is determined by the logroot parameter. If unspecified, defaults to apache::params::logroot. The default logroot is sane enough therefore it is not recommended to override it. Default value: ``undef`` ##### `shm_file` Data type: `Any` Shared memory file name. Default value: `'jk-runtime-status'` ##### `shm_size` Data type: `Any` Size of the shared memory file name. Default value: ``undef`` ##### `mount_file` Data type: `Any` File containing multiple mappings from a context to a Tomcat worker. Default value: ``undef`` ##### `mount_file_reload` Data type: `Any` This directive configures the reload check interval in seconds. Default value: ``undef`` ##### `mount` Data type: `Any` A mount point from a context to a Tomcat worker. Default value: `{}` ##### `un_mount` Data type: `Any` An exclusion mount point from a context to a Tomcat worker. Default value: `{}` ##### `auto_alias` Data type: `Any` Automatically Alias webapp context directories into the Apache document space Default value: ``undef`` ##### `mount_copy` Data type: `Any` If this directive is set to "On" in some virtual server, the mounts from the global server will be copied to this virtual server, more precisely all mounts defined by JkMount or JkUnMount. Default value: ``undef`` ##### `worker_indicator` Data type: `Any` Name of the Apache environment variable that can be used to set worker names in combination with SetHandler jakarta-servlet. Default value: ``undef`` ##### `watchdog_interval` Data type: `Any` This directive configures the watchdog thread interval in seconds. Default value: ``undef`` ##### `log_file` Data type: `Any` Full or server relative path to the mod_jk log file. Default value: `'mod_jk.log'` ##### `log_level` Data type: `Any` The mod_jk log level, can be debug, info, warn error or trace. Default value: ``undef`` ##### `log_stamp_format` Data type: `Any` The mod_jk date log format, using an extended strftime syntax. Default value: ``undef`` ##### `request_log_format` Data type: `Any` Request log format string. Default value: ``undef`` ##### `extract_ssl` Data type: `Any` Turns on SSL processing and information gathering by mod_jk. Default value: ``undef`` ##### `https_indicator` Data type: `Any` Name of the Apache environment variable that contains SSL indication. Default value: ``undef`` ##### `sslprotocol_indicator` Data type: `Any` Name of the Apache environment variable that contains the SSL protocol name. Default value: ``undef`` ##### `certs_indicator` Data type: `Any` Name of the Apache environment variable that contains SSL client certificates. Default value: ``undef`` ##### `cipher_indicator` Data type: `Any` Name of the Apache environment variable that contains SSL client cipher. Default value: ``undef`` ##### `certchain_prefix` Data type: `Any` Name of the Apache environment (prefix) that contains SSL client chain certificates. Default value: ``undef`` ##### `session_indicator` Data type: `Any` Name of the Apache environment variable that contains SSL session. Default value: ``undef`` ##### `keysize_indicator` Data type: `Any` Name of the Apache environment variable that contains SSL key size in use. Default value: ``undef`` ##### `local_name_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded local name. Default value: ``undef`` ##### `ignore_cl_indicator` Data type: `Any` Name of the Apache environment variable which forces to ignore an existing Content-Length request header. Default value: ``undef`` ##### `local_addr_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded local IP address. Default value: ``undef`` ##### `local_port_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded local port. Default value: ``undef`` ##### `remote_host_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) host name. Default value: ``undef`` ##### `remote_addr_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) IP address. Default value: ``undef`` ##### `remote_port_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) IP address. Default value: ``undef`` ##### `remote_user_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded user name. Default value: ``undef`` ##### `auth_type_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded authentication type. Default value: ``undef`` ##### `options` Data type: `Any` Set one of more options to configure the mod_jk module. Default value: `[]` ##### `env_var` Data type: `Any` Adds a name and an optional default value of environment variable that should be sent to servlet-engine as a request attribute. Default value: `{}` ##### `strip_session` Data type: `Any` If this directive is set to On in some virtual server, the session IDs ;jsessionid=... will be removed for URLs which are not forwarded but instead are handled by the local server. Default value: ``undef`` ##### `workers_file_content` Data type: `Any` Each directive has the format worker..=. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash specifies each worker properties and values. Plus, there are two global directives, 'worker.list' and 'worker.maintain' For example, the workers file below should be parameterized as follows: Worker file: ``` worker.list = status worker.list = some_name,other_name worker.maintain = 60 # Optional comment worker.some_name.type=ajp13 worker.some_name.socket_keepalive=true # I just like comments worker.other_name.type=ajp12 (why would you?) worker.other_name.socket_keepalive=false ``` Puppet file: ``` $workers_file_content = { worker_lists => ['status', 'some_name,other_name'], worker_maintain => '60', some_name => { comment => 'Optional comment', type => 'ajp13', socket_keepalive => 'true', }, other_name => { comment => 'I just like comments', type => 'ajp12', socket_keepalive => 'false', }, } ``` Default value: `{}` ##### `mount_file_content` Data type: `Any` Each directive has the format = . This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash contains two items: - uri_list-an array with URIs to be mapped to the worker - comment-an optional string with a comment for the worker. For example, the mount file below should be parameterized as Figure 2: Worker file: ``` # Worker 1 /context_1/ = worker_1 /context_1/* = worker_1 # Worker 2 / = worker_2 /context_2/ = worker_2 /context_2/* = worker_2 ``` Puppet file: ``` $mount_file_content = { worker_1 => { uri_list => ['/context_1/', '/context_1/*'], comment => 'Worker 1', }, worker_2 => { uri_list => ['/context_2/', '/context_2/*'], comment => 'Worker 2', }, }, ``` Default value: `{}` ##### `location_list` Data type: `Any` Default value: `[]` ### `apache::mod::ldap` Installs and configures `mod_ldap`. * **Note** Unsupported platforms: CentOS: 8; RedHat: 8 * **See also** * https://httpd.apache.org/docs/current/mod/mod_ldap.html * for additional documentation. #### Examples ##### ```puppet class { 'apache::mod::ldap': ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt', ldap_trusted_global_cert_type => 'CA_DER', ldap_trusted_mode => 'TLS', ldap_shared_cache_size => '500000', ldap_cache_entries => '1024', ldap_cache_ttl => '600', ldap_opcache_entries => '1024', ldap_opcache_ttl => '600', } ``` #### Parameters The following parameters are available in the `apache::mod::ldap` class: * [`apache_version`](#apache_version) * [`package_name`](#package_name) * [`ldap_trusted_global_cert_file`](#ldap_trusted_global_cert_file) * [`ldap_trusted_global_cert_type`](#ldap_trusted_global_cert_type) * [`ldap_shared_cache_size`](#ldap_shared_cache_size) * [`ldap_cache_entries`](#ldap_cache_entries) * [`ldap_cache_ttl`](#ldap_cache_ttl) * [`ldap_opcache_entries`](#ldap_opcache_entries) * [`ldap_opcache_ttl`](#ldap_opcache_ttl) * [`ldap_trusted_mode`](#ldap_trusted_mode) * [`ldap_path`](#ldap_path) ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: ``undef`` ##### `package_name` Data type: `Any` Specifies the custom package name. Default value: ``undef`` ##### `ldap_trusted_global_cert_file` Data type: `Any` Sets the file or database containing global trusted Certificate Authority or global client certificates. Default value: ``undef`` ##### `ldap_trusted_global_cert_type` Data type: `Optional[String]` Sets the certificate parameter of the global trusted Certificate Authority or global client certificates. Default value: `'CA_BASE64'` ##### `ldap_shared_cache_size` Data type: `Any` Size in bytes of the shared-memory cache Default value: ``undef`` ##### `ldap_cache_entries` Data type: `Any` Maximum number of entries in the primary LDAP cache Default value: ``undef`` ##### `ldap_cache_ttl` Data type: `Any` Time that cached items remain valid (in seconds). Default value: ``undef`` ##### `ldap_opcache_entries` Data type: `Any` Number of entries used to cache LDAP compare operations Default value: ``undef`` ##### `ldap_opcache_ttl` Data type: `Any` Time that entries in the operation cache remain valid (in seconds). Default value: ``undef`` ##### `ldap_trusted_mode` Data type: `Any` Specifies the SSL/TLS mode to be used when connecting to an LDAP server. Default value: ``undef`` ##### `ldap_path` Data type: `String` The server location of the ldap status page. Default value: `'/ldap-status'` ### `apache::mod::lookup_identity` Installs `mod_lookup_identity` * **See also** * https://www.adelton.com/apache/mod_lookup_identity * for additional documentation. ### `apache::mod::macro` Installs `mod_macro`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_macro.html * for additional documentation. ### `apache::mod::md` Installs and configures `mod_md`. * **Note** Unsupported platforms: CentOS: 6, 7; Debian: 8, 9; OracleLinux: all; RedHat: 6, 7; Scientific: all; SLES: all; Ubuntu: 14, 16, 18 * **See also** * https://httpd.apache.org/docs/current/mod/mod_md.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::md` class: * [`md_activation_delay`](#md_activation_delay) * [`md_base_server`](#md_base_server) * [`md_ca_challenges`](#md_ca_challenges) * [`md_certificate_agreement`](#md_certificate_agreement) * [`md_certificate_authority`](#md_certificate_authority) * [`md_certificate_check`](#md_certificate_check) * [`md_certificate_monitor`](#md_certificate_monitor) * [`md_certificate_protocol`](#md_certificate_protocol) * [`md_certificate_status`](#md_certificate_status) * [`md_challenge_dns01`](#md_challenge_dns01) * [`md_contact_email`](#md_contact_email) * [`md_http_proxy`](#md_http_proxy) * [`md_members`](#md_members) * [`md_message_cmd`](#md_message_cmd) * [`md_must_staple`](#md_must_staple) * [`md_notify_cmd`](#md_notify_cmd) * [`md_port_map`](#md_port_map) * [`md_private_keys`](#md_private_keys) * [`md_renew_mode`](#md_renew_mode) * [`md_renew_window`](#md_renew_window) * [`md_require_https`](#md_require_https) * [`md_server_status`](#md_server_status) * [`md_staple_others`](#md_staple_others) * [`md_stapling`](#md_stapling) * [`md_stapling_keep_response`](#md_stapling_keep_response) * [`md_stapling_renew_window`](#md_stapling_renew_window) * [`md_store_dir`](#md_store_dir) * [`md_warn_window`](#md_warn_window) ##### `md_activation_delay` Data type: `Optional[String]` - Default value: ``undef`` ##### `md_base_server` Data type: `Optional[Enum['on', 'off']]` Control if base server may be managed or only virtual hosts. Default value: ``undef`` ##### `md_ca_challenges` Data type: `Optional[Array[Enum['dns-01', 'http-01', 'tls-alpn-01']]]` Type of ACME challenge used to prove domain ownership. Default value: ``undef`` ##### `md_certificate_agreement` Data type: `Optional[Enum['accepted']]` You confirm that you accepted the Terms of Service of the Certificate Authority. Default value: ``undef`` ##### `md_certificate_authority` Data type: `Optional[Stdlib::HTTPUrl]` The URL of the ACME Certificate Authority service. Default value: ``undef`` ##### `md_certificate_check` Data type: `Optional[String]` - Default value: ``undef`` ##### `md_certificate_monitor` Data type: `Optional[String]` The URL of a certificate log monitor. Default value: ``undef`` ##### `md_certificate_protocol` Data type: `Optional[Enum['ACME']]` The protocol to use with the Certificate Authority. Default value: ``undef`` ##### `md_certificate_status` Data type: `Optional[Enum['on', 'off']]` Exposes public certificate information in JSON. Default value: ``undef`` ##### `md_challenge_dns01` Data type: `Optional[Stdlib::Absolutepath]` Define a program to be called when the `dns-01` challenge needs to be setup/torn down. Default value: ``undef`` ##### `md_contact_email` Data type: `Optional[String]` The ACME protocol requires you to give a contact url when you sign up. Default value: ``undef`` ##### `md_http_proxy` Data type: `Optional[Stdlib::HTTPUrl]` Define a proxy for outgoing connections. Default value: ``undef`` ##### `md_members` Data type: `Optional[Enum['auto', 'manual']]` Control if the alias domain names are automatically added. Default value: ``undef`` ##### `md_message_cmd` Data type: `Optional[Stdlib::Absolutepath]` Handle events for Manage Domains. Default value: ``undef`` ##### `md_must_staple` Data type: `Optional[Enum['on', 'off']]` Control if new certificates carry the OCSP Must Staple flag. Default value: ``undef`` ##### `md_notify_cmd` Data type: `Optional[Stdlib::Absolutepath]` Run a program when a Managed Domain is ready. Default value: ``undef`` ##### `md_port_map` Data type: `Optional[String]` Map external to internal ports for domain ownership verification. Default value: ``undef`` ##### `md_private_keys` Data type: `Optional[String]` Set type and size of the private keys generated. Default value: ``undef`` ##### `md_renew_mode` Data type: `Optional[Enum['always', 'auto', 'manual']]` Controls if certificates shall be renewed. Default value: ``undef`` ##### `md_renew_window` Data type: `Optional[String]` Control when a certificate will be renewed. Default value: ``undef`` ##### `md_require_https` Data type: `Optional[Enum['off', 'permanent', 'temporary']]` Redirects http: traffic to https: for Managed Domains. An http: Virtual Host must nevertheless be setup for that domain. Default value: ``undef`` ##### `md_server_status` Data type: `Optional[Enum['on', 'off']]` Control if Managed Domain information is added to server-status. Default value: ``undef`` ##### `md_staple_others` Data type: `Optional[Enum['on', 'off']]` Enable stapling for certificates not managed by mod_md. Default value: ``undef`` ##### `md_stapling` Data type: `Optional[Enum['on', 'off']]` Enable stapling for all or a particular MDomain. Default value: ``undef`` ##### `md_stapling_keep_response` Data type: `Optional[String]` Controls when old responses should be removed. Default value: ``undef`` ##### `md_stapling_renew_window` Data type: `Optional[String]` Control when the stapling responses will be renewed. Default value: ``undef`` ##### `md_store_dir` Data type: `Optional[Stdlib::Absolutepath]` Path on the local file system to store the Managed Domains data. Default value: ``undef`` ##### `md_warn_window` Data type: `Optional[String]` Define the time window when you want to be warned about an expiring certificate. Default value: ``undef`` ### `apache::mod::mime` Installs and configures `mod_mime`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_mime.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::mime` class: * [`mime_support_package`](#mime_support_package) * [`mime_types_config`](#mime_types_config) * [`mime_types_additional`](#mime_types_additional) ##### `mime_support_package` Data type: `Any` Name of the MIME package to be installed. Default value: `$apache::params::mime_support_package` ##### `mime_types_config` Data type: `Any` The location of the mime.types file. Default value: `$apache::params::mime_types_config` ##### `mime_types_additional` Data type: `Any` List of additional MIME types to include. Default value: ``undef`` ### `apache::mod::mime_magic` Installs and configures `mod_mime_magic`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_mime_magic.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::mime_magic` class: * [`magic_file`](#magic_file) ##### `magic_file` Data type: `Any` Enable MIME-type determination based on file contents using the specified magic file. Default value: ``undef`` ### `apache::mod::negotiation` Installs and configures `mod_negotiation`. * **See also** * [https://httpd.apache.org/docs/current/mod/mod_negotiation.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::negotiation` class: * [`force_language_priority`](#force_language_priority) * [`language_priority`](#language_priority) ##### `force_language_priority` Data type: `Variant[Array[String], String]` Action to take if a single acceptable document is not found. Default value: `'Prefer Fallback'` ##### `language_priority` Data type: `Variant[Array[String], String]` The precedence of language variants for cases where the client does not express a preference. Default value: `['en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 'zh-TW']` ### `apache::mod::nss` Installs and configures `mod_nss`. * **See also** * https://pagure.io/mod_nss * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::nss` class: * [`transfer_log`](#transfer_log) * [`error_Log`](#error_Log) * [`passwd_file`](#passwd_file) * [`port`](#port) * [`error_log`](#error_log) ##### `transfer_log` Data type: `Any` Path to `access.log`. Default value: `"${apache::params::logroot}/access.log"` ##### `error_Log` Path to `error.log` ##### `passwd_file` Data type: `Any` Path to file containing token passwords used for NSSPassPhraseDialog. Default value: ``undef`` ##### `port` Data type: `Any` Sets the SSL port that should be used by mod_nss. Default value: `8443` ##### `error_log` Data type: `Any` Default value: `"${apache::params::logroot}/error.log"` ### `apache::mod::pagespeed` Although this apache module requires the mod-pagespeed-stable package, Puppet does not manage the software repositories required to automatically install the package. If you declare this class when the package is either not installed or not available to your package manager, your Puppet run will fail. * **TODO** Add docs * **Note** Verify that your system is compatible with the latest Google Pagespeed requirements. * **See also** * https://developers.google.com/speed/pagespeed/module/ * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::pagespeed` class: * [`inherit_vhost_config`](#inherit_vhost_config) * [`filter_xhtml`](#filter_xhtml) * [`cache_path`](#cache_path) * [`log_dir`](#log_dir) * [`memcache_servers`](#memcache_servers) * [`rewrite_level`](#rewrite_level) * [`disable_filters`](#disable_filters) * [`enable_filters`](#enable_filters) * [`forbid_filters`](#forbid_filters) * [`rewrite_deadline_per_flush_ms`](#rewrite_deadline_per_flush_ms) * [`additional_domains`](#additional_domains) * [`file_cache_size_kb`](#file_cache_size_kb) * [`file_cache_clean_interval_ms`](#file_cache_clean_interval_ms) * [`lru_cache_per_process`](#lru_cache_per_process) * [`lru_cache_byte_limit`](#lru_cache_byte_limit) * [`css_flatten_max_bytes`](#css_flatten_max_bytes) * [`css_inline_max_bytes`](#css_inline_max_bytes) * [`css_image_inline_max_bytes`](#css_image_inline_max_bytes) * [`image_inline_max_bytes`](#image_inline_max_bytes) * [`js_inline_max_bytes`](#js_inline_max_bytes) * [`css_outline_min_bytes`](#css_outline_min_bytes) * [`js_outline_min_bytes`](#js_outline_min_bytes) * [`inode_limit`](#inode_limit) * [`image_max_rewrites_at_once`](#image_max_rewrites_at_once) * [`num_rewrite_threads`](#num_rewrite_threads) * [`num_expensive_rewrite_threads`](#num_expensive_rewrite_threads) * [`collect_statistics`](#collect_statistics) * [`statistics_logging`](#statistics_logging) * [`allow_view_stats`](#allow_view_stats) * [`allow_pagespeed_console`](#allow_pagespeed_console) * [`allow_pagespeed_message`](#allow_pagespeed_message) * [`message_buffer_size`](#message_buffer_size) * [`additional_configuration`](#additional_configuration) * [`apache_version`](#apache_version) * [`package_ensure`](#package_ensure) ##### `inherit_vhost_config` Data type: `Any` Default value: `'on'` ##### `filter_xhtml` Data type: `Any` Default value: ``false`` ##### `cache_path` Data type: `Any` Default value: `'/var/cache/mod_pagespeed/'` ##### `log_dir` Data type: `Any` Default value: `'/var/log/pagespeed'` ##### `memcache_servers` Data type: `Any` Default value: `[]` ##### `rewrite_level` Data type: `Any` Default value: `'CoreFilters'` ##### `disable_filters` Data type: `Any` Default value: `[]` ##### `enable_filters` Data type: `Any` Default value: `[]` ##### `forbid_filters` Data type: `Any` Default value: `[]` ##### `rewrite_deadline_per_flush_ms` Data type: `Any` Default value: `10` ##### `additional_domains` Data type: `Any` Default value: ``undef`` ##### `file_cache_size_kb` Data type: `Any` Default value: `102400` ##### `file_cache_clean_interval_ms` Data type: `Any` Default value: `3600000` ##### `lru_cache_per_process` Data type: `Any` Default value: `1024` ##### `lru_cache_byte_limit` Data type: `Any` Default value: `16384` ##### `css_flatten_max_bytes` Data type: `Any` Default value: `2048` ##### `css_inline_max_bytes` Data type: `Any` Default value: `2048` ##### `css_image_inline_max_bytes` Data type: `Any` Default value: `2048` ##### `image_inline_max_bytes` Data type: `Any` Default value: `2048` ##### `js_inline_max_bytes` Data type: `Any` Default value: `2048` ##### `css_outline_min_bytes` Data type: `Any` Default value: `3000` ##### `js_outline_min_bytes` Data type: `Any` Default value: `3000` ##### `inode_limit` Data type: `Any` Default value: `500000` ##### `image_max_rewrites_at_once` Data type: `Any` Default value: `8` ##### `num_rewrite_threads` Data type: `Any` Default value: `4` ##### `num_expensive_rewrite_threads` Data type: `Any` Default value: `4` ##### `collect_statistics` Data type: `Any` Default value: `'on'` ##### `statistics_logging` Data type: `Any` Default value: `'on'` ##### `allow_view_stats` Data type: `Any` Default value: `[]` ##### `allow_pagespeed_console` Data type: `Any` Default value: `[]` ##### `allow_pagespeed_message` Data type: `Any` Default value: `[]` ##### `message_buffer_size` Data type: `Any` Default value: `100000` ##### `additional_configuration` Data type: `Any` Default value: `{}` ##### `apache_version` Data type: `Any` Default value: ``undef`` ##### `package_ensure` Data type: `Any` Default value: ``undef`` ### `apache::mod::passenger` The current set of server configurations settings were taken directly from the Passenger Reference. To enable deprecation warnings and removal failure messages, set the passenger_installed_version to the version number installed on the server. Change Log: - As of 08/13/2017 there are 84 available/deprecated/removed settings. - Around 08/20/2017 UnionStation was discontinued options were removed. - As of 08/20/2017 there are 77 available/deprecated/removed settings. * **Note** In Passenger source code you can strip out what are all the available options by looking in - src/apache2_module/Configuration.cpp - src/apache2_module/ConfigurationCommands.cpp There are also several undocumented settings. * **See also** * https://www.phusionpassenger.com/docs/references/config_reference/apache/ * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::passenger` class: * [`manage_repo`](#manage_repo) * [`mod_id`](#mod_id) * [`mod_lib`](#mod_lib) * [`mod_lib_path`](#mod_lib_path) * [`mod_package`](#mod_package) * [`mod_package_ensure`](#mod_package_ensure) * [`mod_path`](#mod_path) * [`passenger_allow_encoded_slashes`](#passenger_allow_encoded_slashes) * [`passenger_app_env`](#passenger_app_env) * [`passenger_app_group_name`](#passenger_app_group_name) * [`passenger_app_root`](#passenger_app_root) * [`passenger_app_type`](#passenger_app_type) * [`passenger_base_uri`](#passenger_base_uri) * [`passenger_buffer_response`](#passenger_buffer_response) * [`passenger_buffer_upload`](#passenger_buffer_upload) * [`passenger_concurrency_model`](#passenger_concurrency_model) * [`passenger_conf_file`](#passenger_conf_file) * [`passenger_conf_package_file`](#passenger_conf_package_file) * [`passenger_data_buffer_dir`](#passenger_data_buffer_dir) * [`passenger_debug_log_file`](#passenger_debug_log_file) * [`passenger_debugger`](#passenger_debugger) * [`passenger_default_group`](#passenger_default_group) * [`passenger_default_ruby`](#passenger_default_ruby) * [`passenger_default_user`](#passenger_default_user) * [`passenger_disable_security_update_check`](#passenger_disable_security_update_check) * [`passenger_enabled`](#passenger_enabled) * [`passenger_error_override`](#passenger_error_override) * [`passenger_file_descriptor_log_file`](#passenger_file_descriptor_log_file) * [`passenger_fly_with`](#passenger_fly_with) * [`passenger_force_max_concurrent_requests_per_process`](#passenger_force_max_concurrent_requests_per_process) * [`passenger_friendly_error_pages`](#passenger_friendly_error_pages) * [`passenger_group`](#passenger_group) * [`passenger_high_performance`](#passenger_high_performance) * [`passenger_installed_version`](#passenger_installed_version) * [`passenger_instance_registry_dir`](#passenger_instance_registry_dir) * [`passenger_load_shell_envvars`](#passenger_load_shell_envvars) * [`passenger_log_file`](#passenger_log_file) * [`passenger_log_level`](#passenger_log_level) * [`passenger_lve_min_uid`](#passenger_lve_min_uid) * [`passenger_max_instances`](#passenger_max_instances) * [`passenger_max_instances_per_app`](#passenger_max_instances_per_app) * [`passenger_max_pool_size`](#passenger_max_pool_size) * [`passenger_max_preloader_idle_time`](#passenger_max_preloader_idle_time) * [`passenger_max_request_queue_size`](#passenger_max_request_queue_size) * [`passenger_max_request_time`](#passenger_max_request_time) * [`passenger_max_requests`](#passenger_max_requests) * [`passenger_memory_limit`](#passenger_memory_limit) * [`passenger_meteor_app_settings`](#passenger_meteor_app_settings) * [`passenger_min_instances`](#passenger_min_instances) * [`passenger_nodejs`](#passenger_nodejs) * [`passenger_pool_idle_time`](#passenger_pool_idle_time) * [`passenger_pre_start`](#passenger_pre_start) * [`passenger_python`](#passenger_python) * [`passenger_resist_deployment_errors`](#passenger_resist_deployment_errors) * [`passenger_resolve_symlinks_in_document_root`](#passenger_resolve_symlinks_in_document_root) * [`passenger_response_buffer_high_watermark`](#passenger_response_buffer_high_watermark) * [`passenger_restart_dir`](#passenger_restart_dir) * [`passenger_rolling_restarts`](#passenger_rolling_restarts) * [`passenger_root`](#passenger_root) * [`passenger_ruby`](#passenger_ruby) * [`passenger_security_update_check_proxy`](#passenger_security_update_check_proxy) * [`passenger_show_version_in_header`](#passenger_show_version_in_header) * [`passenger_socket_backlog`](#passenger_socket_backlog) * [`passenger_spawn_method`](#passenger_spawn_method) * [`passenger_start_timeout`](#passenger_start_timeout) * [`passenger_startup_file`](#passenger_startup_file) * [`passenger_stat_throttle_rate`](#passenger_stat_throttle_rate) * [`passenger_sticky_sessions`](#passenger_sticky_sessions) * [`passenger_sticky_sessions_cookie_name`](#passenger_sticky_sessions_cookie_name) * [`passenger_thread_count`](#passenger_thread_count) * [`passenger_use_global_queue`](#passenger_use_global_queue) * [`passenger_user`](#passenger_user) * [`passenger_user_switching`](#passenger_user_switching) * [`rack_auto_detect`](#rack_auto_detect) * [`rack_autodetect`](#rack_autodetect) * [`rack_base_uri`](#rack_base_uri) * [`rack_env`](#rack_env) * [`rails_allow_mod_rewrite`](#rails_allow_mod_rewrite) * [`rails_app_spawner_idle_time`](#rails_app_spawner_idle_time) * [`rails_auto_detect`](#rails_auto_detect) * [`rails_autodetect`](#rails_autodetect) * [`rails_base_uri`](#rails_base_uri) * [`rails_default_user`](#rails_default_user) * [`rails_env`](#rails_env) * [`rails_framework_spawner_idle_time`](#rails_framework_spawner_idle_time) * [`rails_ruby`](#rails_ruby) * [`rails_spawn_method`](#rails_spawn_method) * [`rails_user_switching`](#rails_user_switching) * [`wsgi_auto_detect`](#wsgi_auto_detect) * [`passenger_anonymous_telemetry_proxy`](#passenger_anonymous_telemetry_proxy) * [`passenger_disable_anonymous_telemetry`](#passenger_disable_anonymous_telemetry) * [`passenger_disable_log_prefix`](#passenger_disable_log_prefix) * [`passenger_spawn_dir`](#passenger_spawn_dir) * [`passenger_sticky_sessions_cookie_attributes`](#passenger_sticky_sessions_cookie_attributes) ##### `manage_repo` Data type: `Any` Toggle whether to manage yum repo if on a RedHat node. Default value: ``true`` ##### `mod_id` Data type: `Any` Specifies the package id. Default value: ``undef`` ##### `mod_lib` Data type: `Any` Defines the module's shared object name. Do not configure manually without special reason. Default value: ``undef`` ##### `mod_lib_path` Data type: `Any` Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter overrides this value. Default value: ``undef`` ##### `mod_package` Data type: `Any` Name of the module package to install. Default value: ``undef`` ##### `mod_package_ensure` Data type: `Any` Determines whether Puppet ensures the module should be installed. Default value: ``undef`` ##### `mod_path` Data type: `Any` Specifies a path to the module. Do not manually set this parameter without a special reason. Default value: ``undef`` ##### `passenger_allow_encoded_slashes` Data type: `Any` Toggle whether URLs with encoded slashes (%2f) can be used (by default Apache does not support this). Default value: ``undef`` ##### `passenger_app_env` Data type: `Any` This option sets, for the current application, the value of the following environment variables: - RAILS_ENV - RACK_ENV - WSGI_ENV - NODE_ENV - PASSENGER_APP_ENV Default value: ``undef`` ##### `passenger_app_group_name` Data type: `Any` Sets the name of the application group that the current application should belong to. Default value: ``undef`` ##### `passenger_app_root` Data type: `Any` Path to the application root which allows access independent from the DocumentRoot. Default value: ``undef`` ##### `passenger_app_type` Data type: `Any` Specifies the type of the application. If you set this option, then you must also set PassengerAppRoot, otherwise Passenger will not properly recognize your application. Default value: ``undef`` ##### `passenger_base_uri` Data type: `Any` Used to specify that the given URI is an distinct application that should be served by Passenger. Default value: ``undef`` ##### `passenger_buffer_response` Data type: `Any` Toggle whether application-generated responses are buffered by Apache. Buffering will happen in memory. Default value: ``undef`` ##### `passenger_buffer_upload` Data type: `Any` Toggle whether HTTP client request bodies are buffered before they are sent to the application. Default value: ``undef`` ##### `passenger_concurrency_model` Data type: `Any` Specifies the I/O concurrency model that should be used for Ruby application processes. Default value: ``undef`` ##### `passenger_conf_file` Data type: `Any` Default value: `$apache::params::passenger_conf_file` ##### `passenger_conf_package_file` Data type: `Any` Default value: `$apache::params::passenger_conf_package_file` ##### `passenger_data_buffer_dir` Data type: `Any` Specifies the directory in which to store data buffers. Default value: ``undef`` ##### `passenger_debug_log_file` Data type: `Any` Default value: ``undef`` ##### `passenger_debugger` Data type: `Any` Turns support for Ruby application debugging on or off. Default value: ``undef`` ##### `passenger_default_group` Data type: `Any` Allows you to specify the group that applications must run as, if user switching fails or is disabled. Default value: ``undef`` ##### `passenger_default_ruby` Data type: `Any` File path to desired ruby interpreter to use by default. Default value: `$apache::params::passenger_default_ruby` ##### `passenger_default_user` Data type: `Any` Allows you to specify the user that applications must run as, if user switching fails or is disabled. Default value: ``undef`` ##### `passenger_disable_security_update_check` Data type: `Any` Allows disabling the Passenger security update check, a daily check with https://securitycheck.phusionpassenger.com for important security updates that might be available. Default value: ``undef`` ##### `passenger_enabled` Data type: `Any` Toggles whether Passenger should be enabled for that particular context. Default value: ``undef`` ##### `passenger_error_override` Data type: `Any` Toggles whether Apache will intercept and handle responses with HTTP status codes of 400 and higher. Default value: ``undef`` ##### `passenger_file_descriptor_log_file` Data type: `Any` Log file descriptor debug tracing messages to the given file. Default value: ``undef`` ##### `passenger_fly_with` Data type: `Any` Enables the Flying Passenger mode, and configures Apache to connect to the Flying Passenger daemon that's listening on the given socket filename. Default value: ``undef`` ##### `passenger_force_max_concurrent_requests_per_process` Data type: `Any` Use this option to tell Passenger how many concurrent requests the application can handle per process. Default value: ``undef`` ##### `passenger_friendly_error_pages` Data type: `Any` Toggles whether Passenger should display friendly error pages whenever an application fails to start. Default value: ``undef`` ##### `passenger_group` Data type: `Any` Allows you to override that behavior and explicitly set a group to run the web application as, regardless of the ownership of the startup file. Default value: ``undef`` ##### `passenger_high_performance` Data type: `Any` Toggles whether to enable PassengerHighPerformance which will make Passenger will be a little faster, in return for reduced compatibility with other Apache modules. Default value: ``undef`` ##### `passenger_installed_version` Data type: `Any` Default value: ``undef`` ##### `passenger_instance_registry_dir` Data type: `Any` Specifies the directory that Passenger should use for registering its current instance. Default value: ``undef`` ##### `passenger_load_shell_envvars` Data type: `Any` Enables or disables the loading of shell environment variables before spawning the application. Default value: ``undef`` ##### `passenger_log_file` Data type: `Optional[Stdlib::Absolutepath]` File path to log file. By default Passenger log messages are written to the Apache global error log. Default value: ``undef`` ##### `passenger_log_level` Data type: `Any` Specifies how much information Passenger should log to its log file. A higher log level value means that more information will be logged. Default value: ``undef`` ##### `passenger_lve_min_uid` Data type: `Any` When using Passenger on a LVE-enabled kernel, a security check (enter) is run for spawning application processes. This options tells the check to only allow processes with UIDs equal to, or higher than, the specified value. Default value: ``undef`` ##### `passenger_max_instances` Data type: `Any` The maximum number of application processes that may simultaneously exist for an application. Default value: ``undef`` ##### `passenger_max_instances_per_app` Data type: `Any` The maximum number of application processes that may simultaneously exist for a single application. Default value: ``undef`` ##### `passenger_max_pool_size` Data type: `Any` The maximum number of application processes that may simultaneously exist. Default value: ``undef`` ##### `passenger_max_preloader_idle_time` Data type: `Any` Set the preloader's idle timeout, in seconds. A value of 0 means that it should never idle timeout. Default value: ``undef`` ##### `passenger_max_request_queue_size` Data type: `Any` Specifies the maximum size for the queue of all incoming requests. Default value: ``undef`` ##### `passenger_max_request_time` Data type: `Any` The maximum amount of time, in seconds, that an application process may take to process a request. Default value: ``undef`` ##### `passenger_max_requests` Data type: `Any` The maximum number of requests an application process will process. Default value: ``undef`` ##### `passenger_memory_limit` Data type: `Any` The maximum amount of memory that an application process may use, in megabytes. Default value: ``undef`` ##### `passenger_meteor_app_settings` Data type: `Any` When using a Meteor application in non-bundled mode, use this option to specify a JSON file with settings for the application. Default value: ``undef`` ##### `passenger_min_instances` Data type: `Any` Specifies the minimum number of application processes that should exist for a given application. Default value: ``undef`` ##### `passenger_nodejs` Data type: `Any` Specifies the Node.js command to use for serving Node.js web applications. Default value: ``undef`` ##### `passenger_pool_idle_time` Data type: `Any` The maximum number of seconds that an application process may be idle. Default value: ``undef`` ##### `passenger_pre_start` Data type: `Optional[Variant[String,Array[String]]]` URL of the web application you want to pre-start. Default value: ``undef`` ##### `passenger_python` Data type: `Any` Specifies the Python interpreter to use for serving Python web applications. Default value: ``undef`` ##### `passenger_resist_deployment_errors` Data type: `Any` Enables or disables resistance against deployment errors. Default value: ``undef`` ##### `passenger_resolve_symlinks_in_document_root` Data type: `Any` This option is no longer available in version 5.2.0. Switch to PassengerAppRoot if you are setting the application root via a document root containing symlinks. Default value: ``undef`` ##### `passenger_response_buffer_high_watermark` Data type: `Any` Configures the maximum size of the real-time disk-backed response buffering system. Default value: ``undef`` ##### `passenger_restart_dir` Data type: `Any` Path to directory containing restart.txt file. Can be either absolute or relative. Default value: ``undef`` ##### `passenger_rolling_restarts` Data type: `Any` Enables or disables support for zero-downtime application restarts through restart.txt. Default value: ``undef`` ##### `passenger_root` Data type: `Any` Refers to the location to the Passenger root directory, or to a location configuration file. Default value: `$apache::params::passenger_root` ##### `passenger_ruby` Data type: `Any` Specifies the Ruby interpreter to use for serving Ruby web applications. Default value: `$apache::params::passenger_ruby` ##### `passenger_security_update_check_proxy` Data type: `Any` Allows use of an intermediate proxy for the Passenger security update check. Default value: ``undef`` ##### `passenger_show_version_in_header` Data type: `Any` Toggle whether Passenger will output its version number in the X-Powered-By header in all Passenger-served requests: Default value: ``undef`` ##### `passenger_socket_backlog` Data type: `Any` This option can be raised if Apache manages to overflow the backlog queue. Default value: ``undef`` ##### `passenger_spawn_method` Data type: `Optional[Enum['smart', 'direct', 'smart-lv2', 'conservative']]` Controls whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism. Default value: ``undef`` ##### `passenger_start_timeout` Data type: `Any` Specifies a timeout for the startup of application processes. Default value: ``undef`` ##### `passenger_startup_file` Data type: `Any` Specifies the startup file that Passenger should use when loading the application. Default value: ``undef`` ##### `passenger_stat_throttle_rate` Data type: `Any` Setting this option to a value of x means that certain filesystem checks will be performed at most once every x seconds. Default value: ``undef`` ##### `passenger_sticky_sessions` Data type: `Any` Toggles whether all requests that a client sends will be routed to the same originating application process, whenever possible. Default value: ``undef`` ##### `passenger_sticky_sessions_cookie_name` Data type: `Any` Sets the name of the sticky sessions cookie. Default value: ``undef`` ##### `passenger_thread_count` Data type: `Any` Specifies the number of threads that Passenger should spawn per Ruby application process. Default value: ``undef`` ##### `passenger_use_global_queue` Data type: `Any` N/A. Default value: ``undef`` ##### `passenger_user` Data type: `Any` Allows you to override that behavior and explicitly set a user to run the web application as, regardless of the ownership of the startup file. Default value: ``undef`` ##### `passenger_user_switching` Data type: `Any` Toggles whether to attempt to enable user account sandboxing, also known as user switching. Default value: ``undef`` ##### `rack_auto_detect` Data type: `Any` This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead. Default value: ``undef`` ##### `rack_autodetect` Data type: `Any` This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead. Default value: ``undef`` ##### `rack_base_uri` Data type: `Any` Deprecated in 3.0.0 in favor of PassengerBaseURI. Default value: ``undef`` ##### `rack_env` Data type: `Any` Alias for PassengerAppEnv. Default value: ``undef`` ##### `rails_allow_mod_rewrite` Data type: `Any` This option doesn't do anything anymore since version 4.0.0. Default value: ``undef`` ##### `rails_app_spawner_idle_time` Data type: `Any` This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime. Default value: ``undef`` ##### `rails_auto_detect` Data type: `Any` This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead. Default value: ``undef`` ##### `rails_autodetect` Data type: `Any` This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead. Default value: ``undef`` ##### `rails_base_uri` Data type: `Any` Deprecated in 3.0.0 in favor of PassengerBaseURI. Default value: ``undef`` ##### `rails_default_user` Data type: `Any` Deprecated in 3.0.0 in favor of PassengerDefaultUser Default value: ``undef`` ##### `rails_env` Data type: `Any` Alias for PassengerAppEnv. Default value: ``undef`` ##### `rails_framework_spawner_idle_time` Data type: `Any` This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead. Default value: ``undef`` ##### `rails_ruby` Data type: `Any` Deprecated in 3.0.0 in favor of PassengerRuby. Default value: ``undef`` ##### `rails_spawn_method` Data type: `Any` Deprecated in 3.0.0 in favor of PassengerSpawnMethod. Default value: ``undef`` ##### `rails_user_switching` Data type: `Any` Deprecated in 3.0.0 in favor of PassengerUserSwitching. Default value: ``undef`` ##### `wsgi_auto_detect` Data type: `Any` This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead. Default value: ``undef`` ##### `passenger_anonymous_telemetry_proxy` Data type: `Optional[String]` Default value: ``undef`` ##### `passenger_disable_anonymous_telemetry` Data type: `Optional[Boolean]` Default value: ``undef`` ##### `passenger_disable_log_prefix` Data type: `Optional[Boolean]` Default value: ``undef`` ##### `passenger_spawn_dir` Data type: `Optional[String]` Default value: ``undef`` ##### `passenger_sticky_sessions_cookie_attributes` Data type: `Optional[String]` Default value: ``undef`` ### `apache::mod::perl` Installs `mod_perl`. * **See also** * https://perl.apache.org * for additional documentation. ### `apache::mod::peruser` Installs `mod_peruser`. * **TODO** Add docs #### Parameters The following parameters are available in the `apache::mod::peruser` class: * [`minspareprocessors`](#minspareprocessors) * [`minprocessors`](#minprocessors) * [`maxprocessors`](#maxprocessors) * [`maxclients`](#maxclients) * [`maxrequestsperchild`](#maxrequestsperchild) * [`idletimeout`](#idletimeout) * [`expiretimeout`](#expiretimeout) * [`keepalive`](#keepalive) ##### `minspareprocessors` Data type: `Any` Default value: `'2'` ##### `minprocessors` Data type: `Any` Default value: `'2'` ##### `maxprocessors` Data type: `Any` Default value: `'10'` ##### `maxclients` Data type: `Any` Default value: `'150'` ##### `maxrequestsperchild` Data type: `Any` Default value: `'1000'` ##### `idletimeout` Data type: `Any` Default value: `'120'` ##### `expiretimeout` Data type: `Any` Default value: `'120'` ##### `keepalive` Data type: `Any` Default value: `'Off'` ### `apache::mod::php` Installs `mod_php`. * **TODO** Add docs #### Parameters The following parameters are available in the `apache::mod::php` class: * [`package_name`](#package_name) * [`package_ensure`](#package_ensure) * [`path`](#path) * [`extensions`](#extensions) * [`content`](#content) * [`template`](#template) * [`source`](#source) * [`root_group`](#root_group) * [`php_version`](#php_version) * [`libphp_prefix`](#libphp_prefix) ##### `package_name` Data type: `Any` Default value: ``undef`` ##### `package_ensure` Data type: `Any` Default value: `'present'` ##### `path` Data type: `Any` Default value: ``undef`` ##### `extensions` Data type: `Array` Default value: `['.php']` ##### `content` Data type: `Any` Default value: ``undef`` ##### `template` Data type: `Any` Default value: `'apache/mod/php.conf.erb'` ##### `source` Data type: `Any` Default value: ``undef`` ##### `root_group` Data type: `Any` Default value: `$apache::params::root_group` ##### `php_version` Data type: `Any` Default value: `$apache::params::php_version` ##### `libphp_prefix` Data type: `Any` Default value: `'libphp'` ### `apache::mod::prefork` Installs and configures MPM `prefork`. * **See also** * https://httpd.apache.org/docs/current/mod/prefork.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::prefork` class: * [`startservers`](#startservers) * [`minspareservers`](#minspareservers) * [`maxspareservers`](#maxspareservers) * [`serverlimit`](#serverlimit) * [`maxclients`](#maxclients) * [`maxrequestworkers`](#maxrequestworkers) * [`maxrequestsperchild`](#maxrequestsperchild) * [`maxconnectionsperchild`](#maxconnectionsperchild) * [`apache_version`](#apache_version) * [`listenbacklog`](#listenbacklog) ##### `startservers` Data type: `Any` Number of child server processes created at startup. Default value: `'8'` ##### `minspareservers` Data type: `Any` Minimum number of idle child server processes. Default value: `'5'` ##### `maxspareservers` Data type: `Any` Maximum number of idle child server processes. Default value: `'20'` ##### `serverlimit` Data type: `Any` Upper limit on configurable number of processes. Default value: `'256'` ##### `maxclients` Data type: `Any` Old alias for MaxRequestWorkers. Default value: `'256'` ##### `maxrequestworkers` Data type: `Any` Maximum number of connections that will be processed simultaneously. Default value: ``undef`` ##### `maxrequestsperchild` Data type: `Any` Old alias for MaxConnectionsPerChild. Default value: `'4000'` ##### `maxconnectionsperchild` Data type: `Any` Limit on the number of connections that an individual child server will handle during its life. Default value: ``undef`` ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: ``undef`` ##### `listenbacklog` Data type: `Any` Maximum length of the queue of pending connections. Default value: `'511'` ### `apache::mod::proxy` Installs and configures `mod_proxy`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_proxy.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::proxy` class: * [`proxy_requests`](#proxy_requests) * [`allow_from`](#allow_from) * [`apache_version`](#apache_version) * [`package_name`](#package_name) * [`proxy_via`](#proxy_via) * [`proxy_timeout`](#proxy_timeout) * [`proxy_iobuffersize`](#proxy_iobuffersize) ##### `proxy_requests` Data type: `Any` Enables forward (standard) proxy requests. Default value: `'Off'` ##### `allow_from` Data type: `Any` List of IPs allowed to access proxy. Default value: ``undef`` ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: ``undef`` ##### `package_name` Data type: `Any` Name of the proxy package to install. Default value: ``undef`` ##### `proxy_via` Data type: `Any` Set local IP address for outgoing proxy connections. Default value: `'On'` ##### `proxy_timeout` Data type: `Any` Network timeout for proxied requests. Default value: ``undef`` ##### `proxy_iobuffersize` Data type: `Any` Set the size of internal data throughput buffer Default value: ``undef`` ### `apache::mod::proxy_ajp` Installs `mod_proxy_ajp`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_proxy_ajp.html * for additional documentation. ### `apache::mod::proxy_balancer` Installs and configures `mod_proxy_balancer`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::proxy_balancer` class: * [`manager`](#manager) * [`maanger_path`](#maanger_path) * [`allow_from`](#allow_from) * [`apache_version`](#apache_version) * [`manager_path`](#manager_path) ##### `manager` Data type: `Boolean` Toggle whether to enable balancer manager support. Default value: ``false`` ##### `maanger_path` Server relative path to balancer manager. ##### `allow_from` Data type: `Array` List of IPs from which the balancer manager can be accessed. Default value: `['127.0.0.1','::1']` ##### `apache_version` Data type: `Any` Version of Apache to install module on. Default value: `$apache::apache_version` ##### `manager_path` Data type: `Stdlib::Absolutepath` Default value: `'/balancer-manager'` ### `apache::mod::proxy_connect` Installs `mod_proxy_connect`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_proxy_connect.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::proxy_connect` class: * [`apache_version`](#apache_version) ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: ``undef`` ### `apache::mod::proxy_fcgi` Installs `mod_proxy_fcgi`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_proxy_fcgi.html * for additional documentation. ### `apache::mod::proxy_html` Installs `mod_proxy_html`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_proxy_html.html * for additional documentation. ### `apache::mod::proxy_http` Installs `mod_proxy_http`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_proxy_http.html * for additional documentation. ### `apache::mod::proxy_wstunnel` Installs `mod_proxy_wstunnel`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html * for additional documentation. ### `apache::mod::python` Installs and configures `mod_python`. * **See also** * https://github.com/grisha/mod_python * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::python` class: * [`loadfile_name`](#loadfile_name) ##### `loadfile_name` Data type: `Optional[String]` Sets the name of the configuration file that is used to load the python module. Default value: ``undef`` ### `apache::mod::remoteip` Installs and configures `mod_remoteip`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_remoteip.html * https://httpd.apache.org/docs/current/mod/mod_remoteip.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::remoteip` class: * [`header`](#header) * [`internal_proxy`](#internal_proxy) * [`proxy_ips`](#proxy_ips) * [`internal_proxy_list`](#internal_proxy_list) * [`proxies_header`](#proxies_header) * [`proxy_protocol`](#proxy_protocol) * [`proxy_protocol_exceptions`](#proxy_protocol_exceptions) * [`trusted_proxy`](#trusted_proxy) * [`trusted_proxy_ips`](#trusted_proxy_ips) * [`trusted_proxy_list`](#trusted_proxy_list) * [`apache_version`](#apache_version) ##### `header` Data type: `String` The header field in which `mod_remoteip` will look for the useragent IP. Default value: `'X-Forwarded-For'` ##### `internal_proxy` Data type: `Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]]` A list of IP addresses, IP blocks or hostname that are trusted to set a valid value inside specified header. Unlike the `$trusted_proxy_ips` parameter, any IP address (including private addresses) presented by these proxies will trusted by `mod_remoteip`. Default value: ``undef`` ##### `proxy_ips` Data type: `Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]]` *Deprecated*: use `$internal_proxy` instead. Default value: ``undef`` ##### `internal_proxy_list` Data type: `Optional[Stdlib::Absolutepath]` The path to a file containing a list of IP addresses, IP blocks or hostname that are trusted to set a valid value inside the specified header. See `$internal_proxy` for details. Default value: ``undef`` ##### `proxies_header` Data type: `Optional[String]` A header into which `mod_remoteip` will collect a list of all of the intermediate client IP addresses trusted to resolve the useragent IP of the request (e.g. `X-Forwarded-By`). Default value: ``undef`` ##### `proxy_protocol` Data type: `Boolean` Wether or not to enable the PROXY protocol header handling. If enabled upstream clients must set the header every time they open a connection. Default value: ``false`` ##### `proxy_protocol_exceptions` Data type: `Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]]` A list of IP address or IP blocks that are not required to use the PROXY protocol. Default value: ``undef`` ##### `trusted_proxy` Data type: `Optional[Array[Stdlib::Host]]` A list of IP addresses, IP blocks or hostname that are trusted to set a valid value inside the specified header. Unlike the `$proxy_ips` parameter, any private IP presented by these proxies will be disgarded by `mod_remoteip`. Default value: ``undef`` ##### `trusted_proxy_ips` Data type: `Optional[Array[Stdlib::Host]]` *Deprecated*: use `$trusted_proxy` instead. Default value: ``undef`` ##### `trusted_proxy_list` Data type: `Optional[Stdlib::Absolutepath]` The path to a file containing a list of IP addresses, IP blocks or hostname that are trusted to set a valid value inside the specified header. See `$trusted_proxy` for details. Default value: ``undef`` ##### `apache_version` Data type: `Optional[String]` A version string used to validate that your apache version supports `mod_remoteip`. If not specified, `$::apache::apache_version` is used. Default value: ``undef`` ### `apache::mod::reqtimeout` Installs and configures `mod_reqtimeout`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::reqtimeout` class: * [`timeouts`](#timeouts) ##### `timeouts` Data type: `Any` List of timeouts and data rates for receiving requests. Default value: `['header=20-40,minrate=500', 'body=10,minrate=500']` ### `apache::mod::rewrite` Installs `mod_rewrite`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_rewrite.html * for additional documentation. ### `apache::mod::rpaf` Installs and configures `mod_rpaf`. * **See also** * https://github.com/gnif/mod_rpaf * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::rpaf` class: * [`sethostname`](#sethostname) * [`proxy_ips`](#proxy_ips) * [`header`](#header) * [`template`](#template) ##### `sethostname` Data type: `Any` Toggles whether to update vhost name so ServerName and ServerAlias work. Default value: ``true`` ##### `proxy_ips` Data type: `Any` List of IPs & bitmasked subnets to adjust requests for Default value: `['127.0.0.1']` ##### `header` Data type: `Any` Header to use for the real IP address. Default value: `'X-Forwarded-For'` ##### `template` Data type: `Any` Path to template to use for configuring mod_rpaf. Default value: `'apache/mod/rpaf.conf.erb'` ### `apache::mod::security` Installs and configures `mod_security`. * **See also** * https://github.com/SpiderLabs/ModSecurity/wiki * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::security` class: * [`version`](#version) * [`logroot`](#logroot) * [`crs_package`](#crs_package) * [`activated_rules`](#activated_rules) * [`modsec_dir`](#modsec_dir) * [`modsec_secruleengine`](#modsec_secruleengine) * [`audit_log_relevant_status`](#audit_log_relevant_status) * [`audit_log_parts`](#audit_log_parts) * [`audit_log_type`](#audit_log_type) * [`audit_log_storage_dir`](#audit_log_storage_dir) * [`secpcrematchlimit`](#secpcrematchlimit) * [`secpcrematchlimitrecursion`](#secpcrematchlimitrecursion) * [`allowed_methods`](#allowed_methods) * [`content_types`](#content_types) * [`restricted_extensions`](#restricted_extensions) * [`restricted_headers`](#restricted_headers) * [`secdefaultaction`](#secdefaultaction) * [`anomaly_score_blocking`](#anomaly_score_blocking) * [`inbound_anomaly_threshold`](#inbound_anomaly_threshold) * [`outbound_anomaly_threshold`](#outbound_anomaly_threshold) * [`critical_anomaly_score`](#critical_anomaly_score) * [`error_anomaly_score`](#error_anomaly_score) * [`warning_anomaly_score`](#warning_anomaly_score) * [`notice_anomaly_score`](#notice_anomaly_score) * [`secrequestmaxnumargs`](#secrequestmaxnumargs) * [`secrequestbodylimit`](#secrequestbodylimit) * [`secrequestbodynofileslimit`](#secrequestbodynofileslimit) * [`secrequestbodyinmemorylimit`](#secrequestbodyinmemorylimit) * [`manage_security_crs`](#manage_security_crs) * [`custom_rules`](#custom_rules) * [`custom_rules_set`](#custom_rules_set) ##### `version` Data type: `Any` Manage mod_security or mod_security2 Default value: `$apache::params::modsec_version` ##### `logroot` Data type: `Any` Configures the location of audit and debug logs. Default value: `$apache::params::logroot` ##### `crs_package` Data type: `Any` Name of package that installs CRS rules. Default value: `$apache::params::modsec_crs_package` ##### `activated_rules` Data type: `Any` An array of rules from the modsec_crs_path or absolute to activate via symlinks. Default value: `$apache::params::modsec_default_rules` ##### `modsec_dir` Data type: `Any` Defines the path where Puppet installs the modsec configuration and activated rules links. Default value: `$apache::params::modsec_dir` ##### `modsec_secruleengine` Data type: `Any` Configures the rules engine. Default value: `$apache::params::modsec_secruleengine` ##### `audit_log_relevant_status` Data type: `Any` Configures which response status code is to be considered relevant for the purpose of audit logging. Default value: `'^(?:5|4(?!04))'` ##### `audit_log_parts` Data type: `Any` Defines which parts of each transaction are going to be recorded in the audit log. Each part is assigned a single letter; when a letter appears in the list then the equivalent part will be recorded. Default value: `$apache::params::modsec_audit_log_parts` ##### `audit_log_type` Data type: `Any` Defines the type of audit logging mechanism to be used. Default value: `$apache::params::modsec_audit_log_type` ##### `audit_log_storage_dir` Data type: `Any` Defines the directory where concurrent audit log entries are to be stored. This directive is only needed when concurrent audit logging is used. Default value: ``undef`` ##### `secpcrematchlimit` Data type: `Any` Sets the match limit in the PCRE library. Default value: `$apache::params::secpcrematchlimit` ##### `secpcrematchlimitrecursion` Data type: `Any` Sets the match limit recursion in the PCRE library. Default value: `$apache::params::secpcrematchlimitrecursion` ##### `allowed_methods` Data type: `Any` A space-separated list of allowed HTTP methods. Default value: `'GET HEAD POST OPTIONS'` ##### `content_types` Data type: `Any` A list of one or more allowed MIME types. Default value: `'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf'` ##### `restricted_extensions` Data type: `Any` A space-sparated list of prohibited file extensions. Default value: `'.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'` ##### `restricted_headers` Data type: `Any` A list of restricted headers separated by slashes and spaces. Default value: `'/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'` ##### `secdefaultaction` Data type: `Any` Defines the default list of actions, which will be inherited by the rules in the same configuration context. Default value: `'deny'` ##### `anomaly_score_blocking` Data type: `Any` Activates or deactivates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set. Default value: `'off'` ##### `inbound_anomaly_threshold` Data type: `Any` Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default value: `'5'` ##### `outbound_anomaly_threshold` Data type: `Any` Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default value: `'4'` ##### `critical_anomaly_score` Data type: `Any` Sets the Anomaly Score for rules assigned with a critical severity. Default value: `'5'` ##### `error_anomaly_score` Data type: `Any` Sets the Anomaly Score for rules assigned with a error severity. Default value: `'4'` ##### `warning_anomaly_score` Data type: `Any` Sets the Anomaly Score for rules assigned with a warning severity. Default value: `'3'` ##### `notice_anomaly_score` Data type: `Any` Sets the Anomaly Score for rules assigned with a notice severity. Default value: `'2'` ##### `secrequestmaxnumargs` Data type: `Any` Sets the maximum number of arguments in the request. Default value: `'255'` ##### `secrequestbodylimit` Data type: `Any` Sets the maximum request body size ModSecurity will accept for buffering. Default value: `'13107200'` ##### `secrequestbodynofileslimit` Data type: `Any` Configures the maximum request body size ModSecurity will accept for buffering, excluding the size of any files being transported in the request. Default value: `'131072'` ##### `secrequestbodyinmemorylimit` Data type: `Any` Configures the maximum request body size that ModSecurity will store in memory. Default value: `'131072'` ##### `manage_security_crs` Data type: `Any` Toggles whether to manage ModSecurity Core Rule Set Default value: ``true`` ##### `custom_rules` Data type: `Any` Default value: `$apache::params::modsec_custom_rules` ##### `custom_rules_set` Data type: `Any` Default value: `$apache::params::modsec_custom_rules_set` ### `apache::mod::setenvif` Installs `mod_setenvif`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_setenvif.html * for additional documentation. ### `apache::mod::shib` This class installs and configures only the Apache components of a web application that consumes Shibboleth SSO identities. You can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). * **Note** The Shibboleth module isn't available on RH/CentOS without providing dependency packages provided by Shibboleth's repositories. See the [Shibboleth Service Provider Installation Guide](http://wiki.aaf.edu.au/tech-info/sp-install-guide). * **See also** * https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::shib` class: * [`suppress_warning`](#suppress_warning) * [`mod_full_path`](#mod_full_path) * [`package_name`](#package_name) * [`mod_lib`](#mod_lib) ##### `suppress_warning` Data type: `Any` Toggles whether to trigger warning on RedHat nodes. Default value: ``false`` ##### `mod_full_path` Data type: `Any` Specifies a path to the module. Do not manually set this parameter without a special reason. Default value: ``undef`` ##### `package_name` Data type: `Any` Name of the Shibboleth package to be installed. Default value: ``undef`` ##### `mod_lib` Data type: `Any` Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter overrides this value. Default value: ``undef`` ### `apache::mod::socache_shmcb` Installs `mod_socache_shmcb`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_socache_shmcb.html * for additional documentation. ### `apache::mod::speling` Installs `mod_spelling`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_speling.html * for additional documentation. ### `apache::mod::ssl` On most operating systems, the ssl.conf is placed in the module configuration directory. On Red Hat based operating systems, this file is placed in /etc/httpd/conf.d, the same location in which the RPM stores the configuration. To use SSL with a virtual host, you must either set the default_ssl_vhost parameter in ::apache to true or the ssl parameter in apache::vhost to true. * **See also** * https://httpd.apache.org/docs/current/mod/mod_ssl.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::ssl` class: * [`ssl_compression`](#ssl_compression) * [`ssl_cryptodevice`](#ssl_cryptodevice) * [`ssl_options`](#ssl_options) * [`ssl_openssl_conf_cmd`](#ssl_openssl_conf_cmd) * [`ssl_cert`](#ssl_cert) * [`ssl_key`](#ssl_key) * [`ssl_ca`](#ssl_ca) * [`ssl_cipher`](#ssl_cipher) * [`ssl_honorcipherorder`](#ssl_honorcipherorder) * [`ssl_protocol`](#ssl_protocol) * [`ssl_proxy_protocol`](#ssl_proxy_protocol) * [`ssl_pass_phrase_dialog`](#ssl_pass_phrase_dialog) * [`ssl_random_seed_bytes`](#ssl_random_seed_bytes) * [`ssl_sessioncache`](#ssl_sessioncache) * [`ssl_sessioncachetimeout`](#ssl_sessioncachetimeout) * [`ssl_stapling`](#ssl_stapling) * [`ssl_stapling_return_errors`](#ssl_stapling_return_errors) * [`ssl_mutex`](#ssl_mutex) * [`ssl_reload_on_change`](#ssl_reload_on_change) * [`apache_version`](#apache_version) * [`package_name`](#package_name) * [`ssl_sessiontickets`](#ssl_sessiontickets) * [`stapling_cache`](#stapling_cache) ##### `ssl_compression` Data type: `Boolean` Enable compression on the SSL level. Default value: ``false`` ##### `ssl_cryptodevice` Data type: `Any` Enable use of a cryptographic hardware accelerator. Default value: `'builtin'` ##### `ssl_options` Data type: `Any` Configure various SSL engine run-time options. Default value: `['StdEnvVars']` ##### `ssl_openssl_conf_cmd` Data type: `Any` Configure OpenSSL parameters through its SSL_CONF API. Default value: ``undef`` ##### `ssl_cert` Data type: `Optional[String]` Path to server PEM-encoded X.509 certificate data file. Default value: ``undef`` ##### `ssl_key` Data type: `Optional[String]` Path to server PEM-encoded private key file Default value: ``undef`` ##### `ssl_ca` Data type: `Any` File of concatenated PEM-encoded CA Certificates for Client Auth. Default value: ``undef`` ##### `ssl_cipher` Data type: `Any` Cipher Suite available for negotiation in SSL handshake. Default value: `'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES'` ##### `ssl_honorcipherorder` Data type: `Variant[Boolean, Enum['on', 'off']]` Option to prefer the server's cipher preference order. Default value: ``true`` ##### `ssl_protocol` Data type: `Any` Configure usable SSL/TLS protocol versions. Default based on the OS: - RedHat 8: [ 'all' ]. - Other Platforms: [ 'all', '-SSLv2', '-SSLv3' ]. Default value: `$apache::params::ssl_protocol` ##### `ssl_proxy_protocol` Data type: `Array` Configure usable SSL protocol flavors for proxy usage. Default value: `[]` ##### `ssl_pass_phrase_dialog` Data type: `Any` Type of pass phrase dialog for encrypted private keys. Default value: `'builtin'` ##### `ssl_random_seed_bytes` Data type: `Any` Pseudo Random Number Generator (PRNG) seeding source. Default value: `'512'` ##### `ssl_sessioncache` Data type: `String` Configures the storage type of the global/inter-process SSL Session Cache Default value: `$apache::params::ssl_sessioncache` ##### `ssl_sessioncachetimeout` Data type: `Any` Number of seconds before an SSL session expires in the Session Cache. Default value: `'300'` ##### `ssl_stapling` Data type: `Boolean` Enable stapling of OCSP responses in the TLS handshake. Default value: ``false`` ##### `ssl_stapling_return_errors` Data type: `Optional[Boolean]` Pass stapling related OCSP errors on to client. Default value: ``undef`` ##### `ssl_mutex` Data type: `Any` Configures mutex mechanism and lock file directory for all or specified mutexes. Default based on the OS and/or Apache version: - RedHat/FreeBSD/Suse/Gentoo: 'default'. - Debian/Ubuntu + Apache >= 2.4: 'default'. - Debian/Ubuntu + Apache < 2.4: 'file:${APACHE_RUN_DIR}/ssl_mutex'. Default value: ``undef`` ##### `ssl_reload_on_change` Data type: `Boolean` Enable reloading of apache if the content of ssl files have changed. It only affects ssl files configured here and not vhost ones. Default value: ``false`` ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: ``undef`` ##### `package_name` Data type: `Any` Name of ssl package to install. Default value: ``undef`` ##### `ssl_sessiontickets` Data type: `Optional[Boolean]` Default value: ``undef`` ##### `stapling_cache` Data type: `Optional[String]` Default value: ``undef`` ### `apache::mod::status` Installs and configures `mod_status`. * **See also** * http://httpd.apache.org/docs/current/mod/mod_status.html * for additional documentation. #### Examples ##### ```puppet # Simple usage allowing access from localhost and a private subnet class { 'apache::mod::status': $allow_from => ['127.0.0.1', '10.10.10.10/24'], } ``` #### Parameters The following parameters are available in the `apache::mod::status` class: * [`allow_from`](#allow_from) * [`requires`](#requires) * [`extended_status`](#extended_status) * [`status_path`](#status_path) * [`apache_version`](#apache_version) ##### `allow_from` Data type: `Optional[Array]` Array of hosts, ip addresses, partial network numbers or networks, in CIDR notation specifying what hosts can view the special /server-status URL. Defaults to ['127.0.0.1', '::1']. > Creates Apache < 2.4 directive "Allow from". Default value: ``undef`` ##### `requires` Data type: `Optional[Variant[String, Array, Hash]]` A Variant type that can be: - String with: - '' or 'unmanaged' - Host auth control done elsewhere - 'ip ' - Allowed IPs/ranges - 'host ' - Allowed names/domains - 'all [granted|denied]' - Array of strings with ip or host as above - Hash with following keys: - 'requires' - Value => Array as above - 'enforce' - Value => String 'Any', 'All' or 'None' This encloses "Require" directives in "" block Optional - If unspecified, "Require" directives follow current flow > Creates Apache >= 2.4 directives "Require" Default value: ``undef`` ##### `extended_status` Data type: `Enum['On', 'Off', 'on', 'off']` Determines whether to track extended status information for each request, via the ExtendedStatus directive. Default value: `'On'` ##### `status_path` Data type: `Any` Path assigned to the Location directive which defines the URL to access the server status. Default value: `'/server-status'` ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: ``undef`` ### `apache::mod::suexec` Installs `mod_suexec`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_suexec.html * for additional documentation. ### `apache::mod::suphp` Installs `mod_suphp`. * **See also** * https://www.suphp.org/DocumentationView.html?file=apache/INSTALL * for additional documentation. ### `apache::mod::userdir` Installs and configures `mod_userdir`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_userdir.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::userdir` class: * [`home`](#home) * [`dir`](#dir) * [`userdir`](#userdir) * [`disable_root`](#disable_root) * [`apache_version`](#apache_version) * [`path`](#path) * [`overrides`](#overrides) * [`options`](#options) * [`unmanaged_path`](#unmanaged_path) * [`custom_fragment`](#custom_fragment) ##### `home` Data type: `Any` *Deprecated* Path to system home directory. Default value: ``undef`` ##### `dir` Data type: `Any` *Deprecated* Path from user's home directory to public directory. Default value: ``undef`` ##### `userdir` Data type: `Optional[String[1]]` Path or directory name to be used as the UserDir. Default value: ``undef`` ##### `disable_root` Data type: `Any` Toggles whether to allow use of root directory. Default value: ``true`` ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: ``undef`` ##### `path` Data type: `Any` Path to directory or pattern from which to find user-specific directories. Default value: `'/home/*/public_html'` ##### `overrides` Data type: `Any` Array of directives that are allowed in .htaccess files. Default value: `['FileInfo', 'AuthConfig', 'Limit', 'Indexes']` ##### `options` Data type: `Any` Configures what features are available in a particular directory. Default value: `['MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec']` ##### `unmanaged_path` Data type: `Any` Toggles whether to manage path in userdir.conf Default value: ``false`` ##### `custom_fragment` Data type: `Any` Custom configuration to be added to userdir.conf Default value: ``undef`` ### `apache::mod::version` Installs `mod_version`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_version.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::version` class: * [`apache_version`](#apache_version) ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: `$apache::apache_version` ### `apache::mod::vhost_alias` Installs Apache `mod_vhost_alias`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_vhost_alias.html * for additional documentation. ### `apache::mod::watchdog` Installs and configures `mod_watchdog`. * **See also** * https://httpd.apache.org/docs/current/mod/mod_watchdog.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::watchdog` class: * [`watchdog_interval`](#watchdog_interval) ##### `watchdog_interval` Data type: `Optional[Integer]` Sets the interval at which the watchdog_step hook runs. Default value: ``undef`` ### `apache::mod::worker` Installs and manages the MPM `worker`. * **See also** * https://httpd.apache.org/docs/current/mod/worker.html * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::worker` class: * [`startservers`](#startservers) * [`maxclients`](#maxclients) * [`minsparethreads`](#minsparethreads) * [`maxsparethreads`](#maxsparethreads) * [`threadsperchild`](#threadsperchild) * [`maxrequestsperchild`](#maxrequestsperchild) * [`serverlimit`](#serverlimit) * [`threadlimit`](#threadlimit) * [`listenbacklog`](#listenbacklog) * [`apache_version`](#apache_version) ##### `startservers` Data type: `Any` The number of child server processes created on startup Default value: `'2'` ##### `maxclients` Data type: `Any` The max number of simultaneous requests that will be served. This is the old name and is still supported. The new name is MaxRequestWorkers as of 2.3.13. Default value: `'150'` ##### `minsparethreads` Data type: `Any` Minimum number of idle threads to handle request spikes. Default value: `'25'` ##### `maxsparethreads` Data type: `Any` Maximum number of idle threads. Default value: `'75'` ##### `threadsperchild` Data type: `Any` The number of threads created by each child process. Default value: `'25'` ##### `maxrequestsperchild` Data type: `Any` Limit on the number of connectiojns an individual child server process will handle. This is the old name and is still supported. The new name is MaxConnectionsPerChild as of 2.3.9+. Default value: `'0'` ##### `serverlimit` Data type: `Any` With worker, use this directive only if your MaxRequestWorkers and ThreadsPerChild settings require more than 16 server processes (default). Do not set the value of this directive any higher than the number of server processes required by what you may want for MaxRequestWorkers and ThreadsPerChild. Default value: `'25'` ##### `threadlimit` Data type: `Any` This directive sets the maximum configured value for ThreadsPerChild for the lifetime of the Apache httpd process. Default value: `'64'` ##### `listenbacklog` Data type: `Any` Maximum length of the queue of pending connections. Default value: `'511'` ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: ``undef`` ### `apache::mod::wsgi` Installs and configures `mod_wsgi`. * **Note** Unsupported platforms: SLES: all; RedHat: all; CentOS: all; OracleLinux: all; Scientific: all * **See also** * https://github.com/GrahamDumpleton/mod_wsgi * for additional documentation. #### Parameters The following parameters are available in the `apache::mod::wsgi` class: * [`wsgi_restrict_embedded`](#wsgi_restrict_embedded) * [`wsgi_socket_prefix`](#wsgi_socket_prefix) * [`wsgi_python_path`](#wsgi_python_path) * [`wsgi_python_home`](#wsgi_python_home) * [`wsgi_python_optimize`](#wsgi_python_optimize) * [`wsgi_application_group`](#wsgi_application_group) * [`package_name`](#package_name) * [`mod_path`](#mod_path) ##### `wsgi_restrict_embedded` Data type: `Any` Enable restrictions on use of embedded mode. Default value: ``undef`` ##### `wsgi_socket_prefix` Data type: `Any` Configure directory to use for daemon sockets. Default value: `$apache::params::wsgi_socket_prefix` ##### `wsgi_python_path` Data type: `Any` Additional directories to search for Python modules. Default value: ``undef`` ##### `wsgi_python_home` Data type: `Any` Absolute path to Python prefix/exec_prefix directories. Default value: ``undef`` ##### `wsgi_python_optimize` Data type: `Any` Enables basic Python optimisation features. Default value: ``undef`` ##### `wsgi_application_group` Data type: `Any` Sets which application group WSGI application belongs to. Default value: ``undef`` ##### `package_name` Data type: `Any` Names of package that installs mod_wsgi. Default value: ``undef`` ##### `mod_path` Data type: `Any` Defines the path to the mod_wsgi shared object (.so) file. Default value: ``undef`` ### `apache::mod::xsendfile` Installs `mod_xsendfile`. * **See also** * https://tn123.org/mod_xsendfile/ * for additional documentation. ### `apache::mpm::disable_mpm_event` The apache::mpm::disable_mpm_event class. ### `apache::mpm::disable_mpm_prefork` The apache::mpm::disable_mpm_prefork class. ### `apache::mpm::disable_mpm_worker` The apache::mpm::disable_mpm_worker class. ### `apache::vhosts` host parameters or Configuring virtual hosts in the README section. * **Note** See the `apache::vhost` defined type's reference for a list of all virtual #### Examples ##### To create a [name-based virtual host](https://httpd.apache.org/docs/current/vhosts/name-based.html) `custom_vhost_1` ```puppet class { 'apache::vhosts': vhosts => { 'custom_vhost_1' => { 'docroot' => '/var/www/custom_vhost_1', 'port' => '81', }, }, } ``` #### Parameters The following parameters are available in the `apache::vhosts` class: * [`vhosts`](#vhosts) ##### `vhosts` Data type: `Any` A hash, where the key represents the name and the value represents a hash of `apache::vhost` defined type's parameters. Default value: `{}` ## Defined types ### `apache::balancer` Each balancer cluster needs one or more balancer members (that can be declared with the apache::balancermember defined resource type). Using storeconfigs, you can export the apache::balancermember resources on all balancer members, and then collect them on a single apache load balancer server. * **Note** Currently requires the puppetlabs/concat module on the Puppet Forge and uses storeconfigs on the Puppet Server to export/collect resources from all balancer members. #### Examples ##### ```puppet apache::balancer { 'puppet00': } ``` #### Parameters The following parameters are available in the `apache::balancer` defined type: * [`name`](#name) * [`proxy_set`](#proxy_set) * [`target`](#target) * [`collect_exported`](#collect_exported) * [`options`](#options) ##### `name` The namevar of the defined resource type is the balancer clusters name.
This name is also used in the name of the conf.d file ##### `proxy_set` Data type: `Any` Configures key-value pairs to be used as a ProxySet lines in the configuration. Default value: `{}` ##### `target` Data type: `Any` The path to the file the balancer definition will be written in. Default value: ``undef`` ##### `collect_exported` Data type: `Any` Determines whether to use exported resources.
If you statically declare all of your backend servers, set this parameter to false to rely on existing, declared balancer member resources. Also, use apache::balancermember with array arguments.
To dynamically declare backend servers via exported resources collected on a central node, set this parameter to true to collect the balancer member resources exported by the balancer member nodes.
If you don't use exported resources, a single Puppet run configures all balancer members. If you use exported resources, Puppet has to run on the balanced nodes first, then run on the balancer. Default value: ``true`` ##### `options` Data type: `Any` Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the balancer URL, and accepts any key-value pairs available to `ProxyPass`. Default value: `[]` ### `apache::balancermember` Sets up a balancer member inside a listening service configuration block in the load balancer's `apache.cfg`. This type will setup a balancer member inside a listening service configuration block in /etc/apache/apache.cfg on the load balancer. Currently it only has the ability to specify the instance name, url and an array of options. More features can be added as needed. The best way to implement this is to export this resource for all apache balancer member servers, and then collect them on the main apache load balancer. * **Note** Currently requires the puppetlabs/concat module on the Puppet Forge and uses storeconfigs on the Puppet Server to export/collect resources from all balancer members. #### Examples ##### ```puppet @@apache::balancermember { 'apache': balancer_cluster => 'puppet00', url => "ajp://${::fqdn}:8009" options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], } ``` #### Parameters The following parameters are available in the `apache::balancermember` defined type: * [`name`](#name) * [`balancer_cluster`](#balancer_cluster) * [`url`](#url) * [`options`](#options) ##### `name` The title of the resource is arbitrary and only utilized in the concat fragment name. ##### `balancer_cluster` Data type: `Any` The apache service's instance name (or, the title of the apache::balancer resource). This must match up with a declared apache::balancer resource. ##### `url` Data type: `Any` The url used to contact the balancer member server. Default value: `"http://${::fqdn}/"` ##### `options` Data type: `Any` Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the URL, and accepts any key-value pairs available to `ProxyPass`. Default value: `[]` ### `apache::custom_config` If the file is invalid and this defined type's `verify_config` parameter's value is `true`, Puppet throws an error during a Puppet run. #### Parameters The following parameters are available in the `apache::custom_config` defined type: * [`ensure`](#ensure) * [`confdir`](#confdir) * [`content`](#content) * [`filename`](#filename) * [`priority`](#priority) * [`source`](#source) * [`verify_command`](#verify_command) * [`verify_config`](#verify_config) * [`owner`](#owner) * [`group`](#group) * [`file_mode`](#file_mode) * [`show_diff`](#show_diff) ##### `ensure` Data type: `Enum['absent', 'present']` Specifies whether the configuration file should be present. Default value: `'present'` ##### `confdir` Data type: `Any` Sets the directory in which Puppet places configuration files. Default value: `$apache::confd_dir` ##### `content` Data type: `Any` Sets the configuration file's content. The `content` and `source` parameters are exclusive of each other. Default value: ``undef`` ##### `filename` Data type: `Any` Sets the name of the file under `confdir` in which Puppet stores the configuration. Default value: ``undef`` ##### `priority` Data type: `Any` Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order.
To omit the priority prefix in the configuration file's name, set this parameter to `false`. Default value: `'25'` ##### `source` Data type: `Any` Points to the configuration file's source. The `content` and `source` parameters are exclusive of each other. Default value: ``undef`` ##### `verify_command` Data type: `Any` Specifies the command Puppet uses to verify the configuration file. Use a fully qualified command.
This parameter is used only if the `verify_config` parameter's value is `true`. If the `verify_command` fails, the Puppet run deletes the configuration file and raises an error, but does not notify the Apache service. Default value: `$apache::params::verify_command` ##### `verify_config` Data type: `Boolean` Specifies whether to validate the configuration file before notifying the Apache service. Default value: ``true`` ##### `owner` Data type: `Any` File owner of configuration file Default value: ``undef`` ##### `group` Data type: `Any` File group of configuration file Default value: ``undef`` ##### `file_mode` Data type: `Any` File mode of configuration file Default value: ``undef`` ##### `show_diff` Data type: `Boolean` show_diff property for configuration file resource Default value: ``true`` ### `apache::fastcgi::server` Defines one or more external FastCGI servers to handle specific file types. Use this defined type with `mod_fastcgi`. #### Parameters The following parameters are available in the `apache::fastcgi::server` defined type: * [`host`](#host) * [`timeout`](#timeout) * [`flush`](#flush) * [`faux_path`](#faux_path) * [`fcgi_alias`](#fcgi_alias) * [`file_type`](#file_type) * [`pass_header`](#pass_header) ##### `host` Data type: `Any` Determines the FastCGI's hostname or IP address and TCP port number (1-65535). Default value: `'127.0.0.1:9000'` ##### `timeout` Data type: `Any` Sets the number of seconds a [FastCGI](http://www.fastcgi.com/) application can be inactive before aborting the request and logging the event at the error LogLevel. The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond by writing and flushing within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. Default value: `15` ##### `flush` Data type: `Any` Forces `mod_fastcgi` to write to the client as data is received from the application. By default, `mod_fastcgi` buffers data in order to free the application as quickly as possible. Default value: ``false`` ##### `faux_path` Data type: `Any` Apache has FastCGI handle URIs that resolve to this filename. The path set in this parameter does not have to exist in the local filesystem. Default value: `"/var/www/${name}.fcgi"` ##### `fcgi_alias` Data type: `Any` Internally links actions with the FastCGI server. This alias must be unique. Default value: `"/${name}.fcgi"` ##### `file_type` Data type: `Any` Sets the MIME `content-type` of the file to be processed by the FastCGI server. Default value: `'application/x-httpd-php'` ##### `pass_header` Data type: `Any` Default value: ``undef`` ### `apache::listen` The `apache::vhost` class uses this defined type, and titles take the form ``, `:`, or `:`. ### `apache::mod` Checks for or places the module's default configuration files in the Apache server's `module` and `enable` directories. The default locations depend on your operating system. #### Parameters The following parameters are available in the `apache::mod` defined type: * [`package`](#package) * [`package_ensure`](#package_ensure) * [`lib`](#lib) * [`lib_path`](#lib_path) * [`loadfile_name`](#loadfile_name) * [`id`](#id) * [`loadfiles`](#loadfiles) * [`path`](#path) ##### `package` Data type: `Any` **Required**.
Names the package Puppet uses to install the Apache module. Default value: ``undef`` ##### `package_ensure` Data type: `Any` Determines whether Puppet ensures the Apache module should be installed. Default value: `'present'` ##### `lib` Data type: `Any` Defines the module's shared object name. Do not configure manually without special reason. Default value: ``undef`` ##### `lib_path` Data type: `Any` Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter overrides this value. Default value: `$apache::lib_path` ##### `loadfile_name` Data type: `Any` Sets the filename for the module's `LoadFile` directive, which can also set the module load order as Apache processes them in alphanumeric order. Default value: ``undef`` ##### `id` Data type: `Any` Specifies the package id Default value: ``undef`` ##### `loadfiles` Data type: `Any` Specifies an array of `LoadFile` directives. Default value: ``undef`` ##### `path` Data type: `Any` Specifies a path to the module. Do not manually set this parameter without a special reason. Default value: ``undef`` ### `apache::namevirtualhost` Adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms `\*`, `\*:\`, `\_default\_:\`, `\`, or `\:\`. ### `apache::vhost` The apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache to evaluate it multiple times with different parameters.
The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default virtual host within the base `::apache` class, as well as set a customized virtual host as the default. Customized virtual hosts have a lower numeric `priority` than the base class's, causing Apache to process the customized virtual host first.
The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To inject custom fragments for pieces of the configuration that the defined type doesn't inherently support, add a custom fragment.
For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples of 10, so any `order` that isn't a multiple of 10 should work.
> **Note:** When creating an `apache::vhost`, it cannot be named `default` or `default-ssl`, because vhosts with these titles are always managed by the module. This means that you cannot override `Apache::Vhost['default']` or `Apache::Vhost['default-ssl]` resources. An optional workaround is to create a vhost named something else, such as `my default`, and ensure that the `default` and `default_ssl` vhosts are set to `false`: #### Examples ##### ```puppet class { 'apache': default_vhost => false, default_ssl_vhost => false, } ``` #### Parameters The following parameters are available in the `apache::vhost` defined type: * [`apache_version`](#apache_version) * [`access_log`](#access_log) * [`access_log_env_var`](#access_log_env_var) * [`access_log_file`](#access_log_file) * [`access_log_format`](#access_log_format) * [`access_log_pipe`](#access_log_pipe) * [`access_log_syslog`](#access_log_syslog) * [`access_logs`](#access_logs) * [`add_default_charset`](#add_default_charset) * [`add_listen`](#add_listen) * [`use_optional_includes`](#use_optional_includes) * [`additional_includes`](#additional_includes) * [`aliases`](#aliases) * [`allow_encoded_slashes`](#allow_encoded_slashes) * [`block`](#block) * [`cas_attribute_prefix`](#cas_attribute_prefix) * [`cas_attribute_delimiter`](#cas_attribute_delimiter) * [`cas_login_url`](#cas_login_url) * [`cas_root_proxied_as`](#cas_root_proxied_as) * [`cas_scrub_request_headers`](#cas_scrub_request_headers) * [`cas_sso_enabled`](#cas_sso_enabled) * [`cas_validate_saml`](#cas_validate_saml) * [`cas_validate_url`](#cas_validate_url) * [`cas_cookie_path`](#cas_cookie_path) * [`comment`](#comment) * [`custom_fragment`](#custom_fragment) * [`default_vhost`](#default_vhost) * [`directoryindex`](#directoryindex) * [`docroot`](#docroot) * [`docroot_group`](#docroot_group) * [`docroot_owner`](#docroot_owner) * [`docroot_mode`](#docroot_mode) * [`manage_docroot`](#manage_docroot) * [`error_log`](#error_log) * [`error_log_file`](#error_log_file) * [`error_log_pipe`](#error_log_pipe) * [`error_log_syslog`](#error_log_syslog) * [`error_log_format`](#error_log_format) * [`error_documents`](#error_documents) * [`ensure`](#ensure) * [`fallbackresource`](#fallbackresource) * [`fastcgi_server`](#fastcgi_server) * [`fastcgi_socket`](#fastcgi_socket) * [`fastcgi_idle_timeout`](#fastcgi_idle_timeout) * [`fastcgi_dir`](#fastcgi_dir) * [`filters`](#filters) * [`h2_copy_files`](#h2_copy_files) * [`h2_direct`](#h2_direct) * [`h2_early_hints`](#h2_early_hints) * [`h2_max_session_streams`](#h2_max_session_streams) * [`h2_modern_tls_only`](#h2_modern_tls_only) * [`h2_push`](#h2_push) * [`h2_push_diary_size`](#h2_push_diary_size) * [`h2_push_priority`](#h2_push_priority) * [`h2_push_resource`](#h2_push_resource) * [`h2_serialize_headers`](#h2_serialize_headers) * [`h2_stream_max_mem_size`](#h2_stream_max_mem_size) * [`h2_tls_cool_down_secs`](#h2_tls_cool_down_secs) * [`h2_tls_warm_up_size`](#h2_tls_warm_up_size) * [`h2_upgrade`](#h2_upgrade) * [`h2_window_size`](#h2_window_size) * [`headers`](#headers) * [`ip`](#ip) * [`ip_based`](#ip_based) * [`itk`](#itk) * [`action`](#action) * [`jk_mounts`](#jk_mounts) * [`http_protocol_options`](#http_protocol_options) * [`keepalive`](#keepalive) * [`keepalive_timeout`](#keepalive_timeout) * [`max_keepalive_requests`](#max_keepalive_requests) * [`auth_kerb`](#auth_kerb) * [`krb_method_negotiate`](#krb_method_negotiate) * [`krb_method_k5passwd`](#krb_method_k5passwd) * [`krb_authoritative`](#krb_authoritative) * [`krb_auth_realms`](#krb_auth_realms) * [`krb_5keytab`](#krb_5keytab) * [`krb_local_user_mapping`](#krb_local_user_mapping) * [`krb_verify_kdc`](#krb_verify_kdc) * [`krb_servicename`](#krb_servicename) * [`krb_save_credentials`](#krb_save_credentials) * [`logroot`](#logroot) * [`logroot_ensure`](#logroot_ensure) * [`logroot_mode`](#logroot_mode) * [`logroot_owner`](#logroot_owner) * [`logroot_group`](#logroot_group) * [`log_level`](#log_level) * [`modsec_body_limit`](#modsec_body_limit) * [`modsec_disable_vhost`](#modsec_disable_vhost) * [`modsec_disable_ids`](#modsec_disable_ids) * [`modsec_disable_ips`](#modsec_disable_ips) * [`modsec_disable_msgs`](#modsec_disable_msgs) * [`modsec_disable_tags`](#modsec_disable_tags) * [`modsec_audit_log_file`](#modsec_audit_log_file) * [`modsec_audit_log_pipe`](#modsec_audit_log_pipe) * [`modsec_audit_log`](#modsec_audit_log) * [`no_proxy_uris`](#no_proxy_uris) * [`no_proxy_uris_match`](#no_proxy_uris_match) * [`proxy_preserve_host`](#proxy_preserve_host) * [`proxy_add_headers`](#proxy_add_headers) * [`proxy_error_override`](#proxy_error_override) * [`options`](#options) * [`override`](#override) * [`passenger_enabled`](#passenger_enabled) * [`passenger_base_uri`](#passenger_base_uri) * [`passenger_ruby`](#passenger_ruby) * [`passenger_python`](#passenger_python) * [`passenger_nodejs`](#passenger_nodejs) * [`passenger_meteor_app_settings`](#passenger_meteor_app_settings) * [`passenger_app_env`](#passenger_app_env) * [`passenger_app_root`](#passenger_app_root) * [`passenger_app_group_name`](#passenger_app_group_name) * [`passenger_app_start_command`](#passenger_app_start_command) * [`passenger_app_type`](#passenger_app_type) * [`passenger_startup_file`](#passenger_startup_file) * [`passenger_restart_dir`](#passenger_restart_dir) * [`passenger_spawn_method`](#passenger_spawn_method) * [`passenger_load_shell_envvars`](#passenger_load_shell_envvars) * [`passenger_rolling_restarts`](#passenger_rolling_restarts) * [`passenger_resist_deployment_errors`](#passenger_resist_deployment_errors) * [`passenger_user`](#passenger_user) * [`passenger_group`](#passenger_group) * [`passenger_friendly_error_pages`](#passenger_friendly_error_pages) * [`passenger_min_instances`](#passenger_min_instances) * [`passenger_max_instances`](#passenger_max_instances) * [`passenger_max_preloader_idle_time`](#passenger_max_preloader_idle_time) * [`passenger_force_max_concurrent_requests_per_process`](#passenger_force_max_concurrent_requests_per_process) * [`passenger_start_timeout`](#passenger_start_timeout) * [`passenger_concurrency_model`](#passenger_concurrency_model) * [`passenger_thread_count`](#passenger_thread_count) * [`passenger_max_requests`](#passenger_max_requests) * [`passenger_max_request_time`](#passenger_max_request_time) * [`passenger_memory_limit`](#passenger_memory_limit) * [`passenger_stat_throttle_rate`](#passenger_stat_throttle_rate) * [`passenger_pre_start`](#passenger_pre_start) * [`passenger_high_performance`](#passenger_high_performance) * [`passenger_buffer_upload`](#passenger_buffer_upload) * [`passenger_buffer_response`](#passenger_buffer_response) * [`passenger_error_override`](#passenger_error_override) * [`passenger_max_request_queue_size`](#passenger_max_request_queue_size) * [`passenger_max_request_queue_time`](#passenger_max_request_queue_time) * [`passenger_sticky_sessions`](#passenger_sticky_sessions) * [`passenger_sticky_sessions_cookie_name`](#passenger_sticky_sessions_cookie_name) * [`passenger_sticky_sessions_cookie_attributes`](#passenger_sticky_sessions_cookie_attributes) * [`passenger_allow_encoded_slashes`](#passenger_allow_encoded_slashes) * [`passenger_app_log_file`](#passenger_app_log_file) * [`passenger_debugger`](#passenger_debugger) * [`passenger_lve_min_uid`](#passenger_lve_min_uid) * [`php_values`](#php_values) * [`php_flags`](#php_flags) * [`php_admin_values`](#php_admin_values) * [`php_admin_flags`](#php_admin_flags) * [`port`](#port) * [`priority`](#priority) * [`protocols`](#protocols) * [`protocols_honor_order`](#protocols_honor_order) * [`proxy_dest`](#proxy_dest) * [`proxy_pass`](#proxy_pass) * [`proxy_dest_match`](#proxy_dest_match) * [`proxy_dest_reverse_match`](#proxy_dest_reverse_match) * [`proxy_pass_match`](#proxy_pass_match) * [`redirect_dest`](#redirect_dest) * [`redirect_source`](#redirect_source) * [`redirect_status`](#redirect_status) * [`redirectmatch_regexp`](#redirectmatch_regexp) * [`redirectmatch_status`](#redirectmatch_status) * [`redirectmatch_dest`](#redirectmatch_dest) * [`request_headers`](#request_headers) * [`rewrites`](#rewrites) * [`rewrite_base`](#rewrite_base) * [`rewrite_rule`](#rewrite_rule) * [`rewrite_cond`](#rewrite_cond) * [`rewrite_inherit`](#rewrite_inherit) * [`scriptalias`](#scriptalias) * [`scriptaliases`](#scriptaliases) * [`serveradmin`](#serveradmin) * [`serveraliases`](#serveraliases) * [`servername`](#servername) * [`setenv`](#setenv) * [`setenvif`](#setenvif) * [`setenvifnocase`](#setenvifnocase) * [`suexec_user_group`](#suexec_user_group) * [`suphp_addhandler`](#suphp_addhandler) * [`suphp_configpath`](#suphp_configpath) * [`suphp_engine`](#suphp_engine) * [`vhost_name`](#vhost_name) * [`virtual_docroot`](#virtual_docroot) * [`virtual_use_default_docroot`](#virtual_use_default_docroot) * [`wsgi_daemon_process`](#wsgi_daemon_process) * [`wsgi_daemon_process_options`](#wsgi_daemon_process_options) * [`wsgi_application_group`](#wsgi_application_group) * [`wsgi_import_script`](#wsgi_import_script) * [`wsgi_import_script_options`](#wsgi_import_script_options) * [`wsgi_chunked_request`](#wsgi_chunked_request) * [`wsgi_process_group`](#wsgi_process_group) * [`wsgi_script_aliases`](#wsgi_script_aliases) * [`wsgi_script_aliases_match`](#wsgi_script_aliases_match) * [`wsgi_pass_authorization`](#wsgi_pass_authorization) * [`directories`](#directories) * [`custom_fragment`](#custom_fragment) * [`error_documents`](#error_documents) * [`h2_copy_files`](#h2_copy_files) * [`h2_push_resource`](#h2_push_resource) * [`headers`](#headers) * [`options`](#options) * [`shib_compat_valid_user`](#shib_compat_valid_user) * [`ssl_options`](#ssl_options) * [`additional_includes`](#additional_includes) * [`gssapi`](#gssapi) * [`ssl`](#ssl) * [`ssl_ca`](#ssl_ca) * [`ssl_cert`](#ssl_cert) * [`ssl_protocol`](#ssl_protocol) * [`ssl_cipher`](#ssl_cipher) * [`ssl_honorcipherorder`](#ssl_honorcipherorder) * [`ssl_certs_dir`](#ssl_certs_dir) * [`ssl_chain`](#ssl_chain) * [`ssl_crl`](#ssl_crl) * [`ssl_crl_path`](#ssl_crl_path) * [`ssl_crl_check`](#ssl_crl_check) * [`ssl_key`](#ssl_key) * [`ssl_verify_client`](#ssl_verify_client) * [`ssl_verify_depth`](#ssl_verify_depth) * [`ssl_proxy_protocol`](#ssl_proxy_protocol) * [`ssl_proxy_verify`](#ssl_proxy_verify) * [`ssl_proxy_verify_depth`](#ssl_proxy_verify_depth) * [`ssl_proxy_cipher_suite`](#ssl_proxy_cipher_suite) * [`ssl_proxy_ca_cert`](#ssl_proxy_ca_cert) * [`ssl_proxy_machine_cert`](#ssl_proxy_machine_cert) * [`ssl_proxy_machine_cert_chain`](#ssl_proxy_machine_cert_chain) * [`ssl_proxy_check_peer_cn`](#ssl_proxy_check_peer_cn) * [`ssl_proxy_check_peer_name`](#ssl_proxy_check_peer_name) * [`ssl_proxy_check_peer_expire`](#ssl_proxy_check_peer_expire) * [`ssl_options`](#ssl_options) * [`ssl_openssl_conf_cmd`](#ssl_openssl_conf_cmd) * [`ssl_proxyengine`](#ssl_proxyengine) * [`ssl_stapling`](#ssl_stapling) * [`ssl_stapling_timeout`](#ssl_stapling_timeout) * [`ssl_stapling_return_errors`](#ssl_stapling_return_errors) * [`ssl_user_name`](#ssl_user_name) * [`ssl_reload_on_change`](#ssl_reload_on_change) * [`use_canonical_name`](#use_canonical_name) * [`define`](#define) * [`auth_oidc`](#auth_oidc) * [`oidc_settings`](#oidc_settings) * [`limitreqfields`](#limitreqfields) * [`limitreqfieldsize`](#limitreqfieldsize) * [`limitreqline`](#limitreqline) * [`limitreqbody`](#limitreqbody) * [`$use_servername_for_filenames`](#$use_servername_for_filenames) * [`$use_port_for_filenames`](#$use_port_for_filenames) * [`$mdomain`](#$mdomain) * [`use_servername_for_filenames`](#use_servername_for_filenames) * [`use_port_for_filenames`](#use_port_for_filenames) * [`proxy_requests`](#proxy_requests) * [`mdomain`](#mdomain) ##### `apache_version` Data type: `Any` Apache's version number as a string, such as '2.2' or '2.4'. Default value: `$apache::apache_version` ##### `access_log` Data type: `Boolean` Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). Default value: ``true`` ##### `access_log_env_var` Data type: `Any` Specifies that only requests with particular environment variables be logged. Default value: ``false`` ##### `access_log_file` Data type: `Any` Sets the filename of the `*_access.log` placed in `logroot`. Given a virtual host ---for instance, example.com--- it defaults to 'example.com_ssl.log' for [SSL-encrypted](https://httpd.apache.org/docs/current/ssl/index.html) virtual hosts and `example.com_access.log` for unencrypted virtual hosts. Default value: ``false`` ##### `access_log_format` Data type: `Any` Specifies the use of either a `LogFormat` nickname or a custom-formatted string for the access log. Default value: ``false`` ##### `access_log_pipe` Data type: `Any` Specifies a pipe where Apache sends access log messages. Default value: ``false`` ##### `access_log_syslog` Data type: `Any` Sends all access log messages to syslog. Default value: ``false`` ##### `access_logs` Data type: `Optional[Array]` Allows you to give a hash that specifies the state of each of the `access_log_*` directives shown above, i.e. `access_log_pipe` and `access_log_syslog`. Default value: ``undef`` ##### `add_default_charset` Data type: `Any` Sets a default media charset value for the `AddDefaultCharset` directive, which is added to `text/plain` and `text/html` responses. Default value: ``undef`` ##### `add_listen` Data type: `Any` Determines whether the virtual host creates a `Listen` statement.
Setting `add_listen` to `false` prevents the virtual host from creating a `Listen` statement. This is important when combining virtual hosts that aren't passed an `ip` parameter with those that are. Default value: ``true`` ##### `use_optional_includes` Data type: `Any` Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for `additional_includes` in Apache 2.4 or newer. Default value: `$apache::use_optional_includes` ##### `additional_includes` Data type: `Any` Specifies paths to additional static, virtual host-specific Apache configuration files. You can use this parameter to implement a unique, custom configuration not supported by this module. Default value: `[]` ##### `aliases` Data type: `Any` Passes a list of [hashes][hash] to the virtual host to create `Alias`, `AliasMatch`, `ScriptAlias` or `ScriptAliasMatch` directives as per the `mod_alias` documentation.
For example: ``` puppet aliases => [ { aliasmatch => '^/image/(.*)\.jpg$', path => '/files/jpg.images/$1.jpg', }, { alias => '/image', path => '/ftp/pub/image', }, { scriptaliasmatch => '^/cgi-bin(.*)', path => '/usr/local/share/cgi-bin$1', }, { scriptalias => '/nagios/cgi-bin/', path => '/usr/lib/nagios/cgi-bin/', }, { alias => '/nagios', path => '/usr/share/nagios/html', }, ], ``` For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs a corresponding context, such as `` or ``. Puppet creates the directives in the order specified in the `aliases` parameter. As described in the `mod_alias` documentation, add more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more general ones to avoid shadowing.
> **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because you can precisely control the order of various alias directives. Defining `ScriptAliases` using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` directives. This often causes problems; for example, this could cause problems with Nagios.
If `apache::mod::passenger` is loaded and `PassengerHighPerformance` is `true`, the `Alias` directive might not be able to honor the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. Default value: ``undef`` ##### `allow_encoded_slashes` Data type: `Optional[Enum['on', 'off', 'nodecode']]` Sets the `AllowEncodedSlashes` declaration for the virtual host, overriding the server default. This modifies the virtual host responses to URLs with `\` and `/` characters. The default setting omits the declaration from the server configuration and selects the Apache default setting of `Off`. Default value: ``undef`` ##### `block` Data type: `Any` Specifies the list of things to which Apache blocks access. Valid options are: `scm` (which blocks web access to `.svn`), `.git`, and `.bzr` directories. Default value: `[]` ##### `cas_attribute_prefix` Data type: `Any` Adds a header with the value of this header being the attribute values when SAML validation is enabled. Default value: ``undef`` ##### `cas_attribute_delimiter` Data type: `Any` Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`. Default value: ``undef`` ##### `cas_login_url` Data type: `Any` Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session. Default value: ``undef`` ##### `cas_root_proxied_as` Data type: `Any` Sets the URL end users see when access to this Apache server is proxied per vhost. This URL should not include a trailing slash. Default value: ``undef`` ##### `cas_scrub_request_headers` Data type: `Any` Remove inbound request headers that may have special meaning within mod_auth_cas. Default value: ``undef`` ##### `cas_sso_enabled` Data type: `Any` Enables experimental support for single sign out (may mangle POST data). Default value: ``undef`` ##### `cas_validate_saml` Data type: `Any` Parse response from CAS server for SAML. Default value: ``undef`` ##### `cas_validate_url` Data type: `Any` Sets the URL to use when validating a client-presented ticket in an HTTP query string. Default value: ``undef`` ##### `cas_cookie_path` Data type: `Any` Sets the location where information on the current session should be stored. This should be writable by the web server only. Default value: ``undef`` ##### `comment` Data type: `Optional[Variant[String,Array[String]]]` Adds comments to the header of the configuration file. Pass as string or an array of strings. For example: ``` puppet comment => "Account number: 123B", ``` Or: ``` puppet comment => [ "Customer: X", "Frontend domain: x.example.org", ] ``` Default value: ``undef`` ##### `custom_fragment` Data type: `Optional[String]` Passes a string of custom configuration directives to place at the end of the virtual host configuration. Default value: ``undef`` ##### `default_vhost` Data type: `Boolean` Sets a given `apache::vhost` defined type as the default to serve requests that do not match any other `apache::vhost` defined types. Default value: ``false`` ##### `directoryindex` Data type: `Any` Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. See the `DirectoryIndex` directive documentation for details. Default value: `''` ##### `docroot` Data type: `Variant[Boolean,String]` **Required**.
Sets the `DocumentRoot` location, from which Apache serves files.
If `docroot` and `manage_docroot` are both set to `false`, no `DocumentRoot` will be set and the accompanying `` block will not be created. ##### `docroot_group` Data type: `Any` Sets group access to the `docroot` directory. Default value: `$apache::params::root_group` ##### `docroot_owner` Data type: `Any` Sets individual user access to the `docroot` directory. Default value: `'root'` ##### `docroot_mode` Data type: `Any` Sets access permissions for the `docroot` directory, in numeric notation. Default value: ``undef`` ##### `manage_docroot` Data type: `Any` Determines whether Puppet manages the `docroot` directory. Default value: ``true`` ##### `error_log` Data type: `Boolean` Specifies whether `*_error.log` directives should be configured. Default value: ``true`` ##### `error_log_file` Data type: `Any` Points the virtual host's error logs to a `*_error.log` file. If this parameter is undefined, Puppet checks for values in `error_log_pipe`, then `error_log_syslog`.
If none of these parameters is set, given a virtual host `example.com`, Puppet defaults to `$logroot/example.com_error_ssl.log` for SSL virtual hosts and `$logroot/example.com_error.log` for non-SSL virtual hosts. Default value: ``undef`` ##### `error_log_pipe` Data type: `Any` Specifies a pipe to send error log messages to.
This parameter has no effect if the `error_log_file` parameter has a value. If neither this parameter nor `error_log_file` has a value, Puppet then checks `error_log_syslog`. Default value: ``undef`` ##### `error_log_syslog` Data type: `Any` Determines whether to send all error log messages to syslog. This parameter has no effect if either of the `error_log_file` or `error_log_pipe` parameters has a value. If none of these parameters has a value, given a virtual host `example.com`, Puppet defaults to `$logroot/example.com_error_ssl.log` for SSL virtual hosts and `$logroot/example.com_error.log` for non-SSL virtual hosts. Default value: ``undef`` ##### `error_log_format` Data type: `Optional[ Array[ Variant[ String, Hash[String, Enum['connection', 'request']] ] ] ]` Sets the [ErrorLogFormat](https://httpd.apache.org/docs/current/mod/core.html#errorlogformat) format specification for error log entries inside virtual host For example: ``` puppet apache::vhost { 'site.name.fdqn': ... error_log_format => [ '[%{uc}t] [%-m:%-l] [R:%L] [C:%{C}L] %7F: %E: %M', { '[%{uc}t] [R:%L] Request %k on C:%{c}L pid:%P tid:%T' => 'request' }, { "[%{uc}t] [R:%L] UA:'%+{User-Agent}i'" => 'request' }, { "[%{uc}t] [R:%L] Referer:'%+{Referer}i'" => 'request' }, { '[%{uc}t] [C:%{c}L] local\ %a remote\ %A' => 'connection' }, ], } ``` Default value: ``undef`` ##### `error_documents` Data type: `Any` A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this virtual host.
For example: ``` puppet apache::vhost { 'sample.example.net': error_documents => [ { 'error_code' => '503', 'document' => '/service-unavail' }, { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, ], } ``` Default value: `[]` ##### `ensure` Data type: `Enum['absent', 'present']` Specifies if the virtual host is present or absent.
Default value: `'present'` ##### `fallbackresource` Data type: `Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]]` Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin with a `/` or be `disabled`. Default value: ``undef`` ##### `fastcgi_server` Data type: `Any` Specify an external FastCGI server to manage a connection to. Default value: ``undef`` ##### `fastcgi_socket` Data type: `Any` Specify the socket that will be used to communicate with an external FastCGI server. Default value: ``undef`` ##### `fastcgi_idle_timeout` Data type: `Any` If using fastcgi, this option sets the timeout for the server to respond. Default value: ``undef`` ##### `fastcgi_dir` Data type: `Any` Specify an internal FastCGI directory that is to be managed. Default value: ``undef`` ##### `filters` Data type: `Any` [Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. ``` puppet apache::vhost { "$::fqdn": filters => [ 'FilterDeclare COMPRESS', 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', 'FilterChain COMPRESS', 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', ], } ``` Default value: ``undef`` ##### `h2_copy_files` Data type: `Optional[Boolean]` Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive which influences how the requestion process pass files to the main connection. Default value: ``undef`` ##### `h2_direct` Data type: `Optional[Boolean]` Sets the [H2Direct](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2direct) directive which toggles the usage of the HTTP/2 Direct Mode. Default value: ``undef`` ##### `h2_early_hints` Data type: `Optional[Boolean]` Sets the [H2EarlyHints](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2earlyhints) directive which controls if HTTP status 103 interim responses are forwarded to the client or not. Default value: ``undef`` ##### `h2_max_session_streams` Data type: `Optional[Integer]` Sets the [H2MaxSessionStreams](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2maxsessionstreams) directive which sets the maximum number of active streams per HTTP/2 session that the server allows. Default value: ``undef`` ##### `h2_modern_tls_only` Data type: `Optional[Boolean]` Sets the [H2ModernTLSOnly](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2moderntlsonly) directive which toggles the security checks on HTTP/2 connections in TLS mode. Default value: ``undef`` ##### `h2_push` Data type: `Optional[Boolean]` Sets the [H2Push](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2push) directive which toggles the usage of the HTTP/2 server push protocol feature. Default value: ``undef`` ##### `h2_push_diary_size` Data type: `Optional[Integer]` Sets the [H2PushDiarySize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushdiarysize) directive which toggles the maximum number of HTTP/2 server pushes that are remembered per HTTP/2 connection. Default value: ``undef`` ##### `h2_push_priority` Data type: `Array[String]` Sets the [H2PushPriority](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushpriority) directive which defines the priority handling of pushed responses based on the content-type of the response. Default value: `[]` ##### `h2_push_resource` Data type: `Array[String]` Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive which declares resources for early pushing to the client. Default value: `[]` ##### `h2_serialize_headers` Data type: `Optional[Boolean]` Sets the [H2SerializeHeaders](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2serializeheaders) directive which toggles if HTTP/2 requests are serialized in HTTP/1.1 format for processing by httpd core. Default value: ``undef`` ##### `h2_stream_max_mem_size` Data type: `Optional[Integer]` Sets the [H2StreamMaxMemSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2streammaxmemsize) directive which sets the maximum number of outgoing data bytes buffered in memory for an active stream. Default value: ``undef`` ##### `h2_tls_cool_down_secs` Data type: `Optional[Integer]` Sets the [H2TLSCoolDownSecs](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlscooldownsecs) directive which sets the number of seconds of idle time on a TLS connection before the TLS write size falls back to a small (~1300 bytes) length. Default value: ``undef`` ##### `h2_tls_warm_up_size` Data type: `Optional[Integer]` Sets the [H2TLSWarmUpSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlswarmupsize) directive which sets the number of bytes to be sent in small TLS records (~1300 bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections. Default value: ``undef`` ##### `h2_upgrade` Data type: `Optional[Boolean]` Sets the [H2Upgrade](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2upgrade) directive which toggles the usage of the HTTP/1.1 Upgrade method for switching to HTTP/2. Default value: ``undef`` ##### `h2_window_size` Data type: `Optional[Integer]` Sets the [H2WindowSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2windowsize) directive which sets the size of the window that is used for flow control from client to server and limits the amount of data the server has to buffer. Default value: ``undef`` ##### `headers` Data type: `Any` Adds lines to replace, merge, or remove response headers. See [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Default value: ``undef`` ##### `ip` Data type: `Any` Sets the IP address the virtual host listens on. By default, uses Apache's default behavior of listening on all IPs. Default value: ``undef`` ##### `ip_based` Data type: `Boolean` Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual host. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based virtual hosts. Default value: ``false`` ##### `itk` Data type: `Optional[Hash]` Configures [ITK](http://mpm-itk.sesse.net/) in a hash.
Usage typically looks something like: ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', itk => { user => 'someuser', group => 'somegroup', }, } ``` Valid values are: a hash, which can include the keys: * `user` + `group` * `assignuseridexpr` * `assigngroupidexpr` * `maxclientvhost` * `nice` * `limituidrange` (Linux 3.5.0 or newer) * `limitgidrange` (Linux 3.5.0 or newer) Default value: ``undef`` ##### `action` Data type: `Any` Specifies whether you wish to configure mod_actions action directive which will activate cgi-script when triggered by a request. Default value: ``undef`` ##### `jk_mounts` Data type: `Any` Sets up a virtual host with `JkMount` and `JkUnMount` directives to handle the paths for URL mapping between Tomcat and Apache.
The parameter must be an array of hashes where each hash must contain the `worker` and either the `mount` or `unmount` keys.
Usage typically looks like: ``` puppet apache::vhost { 'sample.example.net': jk_mounts => [ { mount => '/*', worker => 'tcnode1', }, { unmount => '/*.jpg', worker => 'tcnode1', }, ], } ``` Default value: ``undef`` ##### `http_protocol_options` Data type: `Optional[Pattern[/^((Strict|Unsafe)?\s*(\b(Registered|Lenient)Methods)?\s*(\b(Allow0\.9|Require1\.0))?)$/]]` Specifies the strictness of HTTP protocol checks. Default value: ``undef`` ##### `keepalive` Data type: `Optional[Enum['on', 'off']]` Determines whether to enable persistent HTTP connections with the `KeepAlive` directive for the virtual host. By default, the global, server-wide `KeepAlive` setting is in effect.
Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options for the virtual host. Default value: ``undef`` ##### `keepalive_timeout` Data type: `Any` Sets the `KeepAliveTimeout` directive for the virtual host, which determines the amount of time to wait for subsequent requests on a persistent HTTP connection. By default, the global, server-wide `KeepAlive` setting is in effect.
This parameter is only relevant if either the global, server-wide `keepalive` parameter or the per-vhost `keepalive` parameter is enabled. Default value: ``undef`` ##### `max_keepalive_requests` Data type: `Any` Limits the number of requests allowed per connection to the virtual host. By default, the global, server-wide `KeepAlive` setting is in effect.
This parameter is only relevant if either the global, server-wide `keepalive` parameter or the per-vhost `keepalive` parameter is enabled. Default value: ``undef`` ##### `auth_kerb` Data type: `Boolean` Enable `mod_auth_kerb` parameters for a virtual host.
Usage typically looks like: ``` puppet apache::vhost { 'sample.example.net': auth_kerb => `true`, krb_method_negotiate => 'on', krb_auth_realms => ['EXAMPLE.ORG'], krb_local_user_mapping => 'on', directories => { path => '/var/www/html', auth_name => 'Kerberos Login', auth_type => 'Kerberos', auth_require => 'valid-user', }, } ``` Default value: ``false`` ##### `krb_method_negotiate` Data type: `Any` Determines whether to use the Negotiate method. Default value: `'on'` ##### `krb_method_k5passwd` Data type: `Any` Determines whether to use password-based authentication for Kerberos v5. Default value: `'on'` ##### `krb_authoritative` Data type: `Any` If set to `off`, authentication controls can be passed on to another module. Default value: `'on'` ##### `krb_auth_realms` Data type: `Any` Specifies an array of Kerberos realms to use for authentication. Default value: `[]` ##### `krb_5keytab` Data type: `Any` Specifies the Kerberos v5 keytab file's location. Default value: ``undef`` ##### `krb_local_user_mapping` Data type: `Any` Strips @REALM from usernames for further use. Default value: ``undef`` ##### `krb_verify_kdc` Data type: `Any` This option can be used to disable the verification tickets against local keytab to prevent KDC spoofing attacks. Default value: `'on'` ##### `krb_servicename` Data type: `Any` Specifies the service name that will be used by Apache for authentication. Corresponding key of this name must be stored in the keytab. Default value: `'HTTP'` ##### `krb_save_credentials` Data type: `Any` This option enables credential saving functionality. Default value: `'off'` ##### `logroot` Data type: `Any` Specifies the location of the virtual host's logfiles. Default value: `$apache::logroot` ##### `logroot_ensure` Data type: `Enum['directory', 'absent']` Determines whether or not to remove the logroot directory for a virtual host. Default value: `'directory'` ##### `logroot_mode` Data type: `Any` Overrides the mode the logroot directory is set to. Do *not* grant write access to the directory the logs are stored in without being aware of the consequences; for more information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security). Default value: ``undef`` ##### `logroot_owner` Data type: `Any` Sets individual user access to the logroot directory. Default value: ``undef`` ##### `logroot_group` Data type: `Any` Sets group access to the `logroot` directory. Default value: ``undef`` ##### `log_level` Data type: `Optional[Apache::LogLevel]` Specifies the verbosity of the error log. Default value: ``undef`` ##### `modsec_body_limit` Data type: `Any` Configures the maximum request body size (in bytes) ModSecurity accepts for buffering. Default value: ``undef`` ##### `modsec_disable_vhost` Data type: `Any` Disables `mod_security` on a virtual host. Only valid if `apache::mod::security` is included. Default value: ``undef`` ##### `modsec_disable_ids` Data type: `Optional[Variant[Hash, Array]]` Removes `mod_security` IDs from the virtual host.
Also takes a hash allowing removal of an ID from a specific location. ``` puppet apache::vhost { 'sample.example.net': modsec_disable_ids => [ 90015, 90016 ], } ``` ``` puppet apache::vhost { 'sample.example.net': modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, } ``` Default value: ``undef`` ##### `modsec_disable_ips` Data type: `Any` Specifies an array of IP addresses to exclude from `mod_security` rule matching. Default value: ``undef`` ##### `modsec_disable_msgs` Data type: `Optional[Variant[Hash, Array]]` Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing removal of an Msg from a specific location. ``` puppet apache::vhost { 'sample.example.net': modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'], } ``` ``` puppet apache::vhost { 'sample.example.net': modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] }, } ``` Default value: ``undef`` ##### `modsec_disable_tags` Data type: `Optional[Variant[Hash, Array]]` Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing removal of an Tag from a specific location. ``` puppet apache::vhost { 'sample.example.net': modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'], } ``` ``` puppet apache::vhost { 'sample.example.net': modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] }, } ``` Default value: ``undef`` ##### `modsec_audit_log_file` Data type: `Any` If set, it is relative to `logroot`.
One of the parameters that determines how to send `mod_security` audit log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)). If none of those parameters are set, the global audit log is used (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ). Default value: ``undef`` ##### `modsec_audit_log_pipe` Data type: `Any` If `modsec_audit_log_pipe` is set, it should start with a pipe. Example `|/path/to/mlogc /path/to/mlogc.conf`.
One of the parameters that determines how to send `mod_security` audit log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)). If none of those parameters are set, the global audit log is used (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ). Default value: ``undef`` ##### `modsec_audit_log` Data type: `Any` If `modsec_audit_log` is `true`, given a virtual host ---for instance, example.com--- it defaults to `example.com\_security\_ssl.log` for SSL-encrypted virtual hosts and `example.com\_security.log` for unencrypted virtual hosts.
One of the parameters that determines how to send `mod_security` audit log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
If none of those parameters are set, the global audit log is used (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ). Default value: ``undef`` ##### `no_proxy_uris` Data type: `Any` Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). Default value: `[]` ##### `no_proxy_uris_match` Data type: `Any` This directive is equivalent to `no_proxy_uris`, but takes regular expressions. Default value: `[]` ##### `proxy_preserve_host` Data type: `Any` Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost).
Setting this parameter to `true` enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'. Default value: ``false`` ##### `proxy_add_headers` Data type: `Any` Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders).
This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server. Default value: ``undef`` ##### `proxy_error_override` Data type: `Any` Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether Apache should override error pages for proxied content. Default value: ``false`` ##### `options` Data type: `Any` Sets the `Options` for the specified virtual host. For example: ``` puppet apache::vhost { 'site.name.fdqn': ... options => ['Indexes','FollowSymLinks','MultiViews'], } ``` > **Note**: If you use the `directories` parameter of `apache::vhost`, 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. Default value: `['Indexes','FollowSymLinks','MultiViews']` ##### `override` Data type: `Any` Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. Default value: `['None']` ##### `passenger_enabled` Data type: `Optional[Boolean]` Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directive to `on` or `off`. Requires `apache::mod::passenger` to be included. ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', passenger_enabled => 'on', }, ], } ``` > **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. Default value: ``undef`` ##### `passenger_base_uri` Data type: `Optional[String]` Sets [PassengerBaseURI](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbase_rui), to specify that the given URI is a distinct application served by Passenger. Default value: ``undef`` ##### `passenger_ruby` Data type: `Optional[Stdlib::Absolutepath]` Sets [PassengerRuby](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerruby), specifying the Ruby interpreter to use when serving the relevant web applications. Default value: ``undef`` ##### `passenger_python` Data type: `Optional[Stdlib::Absolutepath]` Sets [PassengerPython](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerpython), specifying the Python interpreter to use when serving the relevant web applications. Default value: ``undef`` ##### `passenger_nodejs` Data type: `Optional[Stdlib::Absolutepath]` Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengernodejs), specifying Node.js command to use when serving the relevant web applications. Default value: ``undef`` ##### `passenger_meteor_app_settings` Data type: `Optional[String]` Sets [PassengerMeteorAppSettings](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermeteorappsettings), specifying a JSON file with settings for the application when using a Meteor application in non-bundled mode. Default value: ``undef`` ##### `passenger_app_env` Data type: `Optional[String]` Sets [PassengerAppEnv](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappenv), the environment for the Passenger application. If not specified, defaults to the global setting or 'production'. Default value: ``undef`` ##### `passenger_app_root` Data type: `Optional[Stdlib::Absolutepath]` Sets [PassengerRoot](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapproot), the location of the Passenger application root if different from the DocumentRoot. Default value: ``undef`` ##### `passenger_app_group_name` Data type: `Optional[String]` Sets [PassengerAppGroupName](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappgroupname), the name of the application group that the current application should belong to. Default value: ``undef`` ##### `passenger_app_start_command` Data type: `Optional[String]` Sets [PassengerAppStartCommand](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappstartcommand), how Passenger should start your app on a specific port. Default value: ``undef`` ##### `passenger_app_type` Data type: `Optional[Enum['meteor', 'node', 'rack', 'wsgi']]` Sets [PassengerAppType](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapptype), to force Passenger to recognize the application as a specific type. Default value: ``undef`` ##### `passenger_startup_file` Data type: `Optional[String]` Sets the [PassengerStartupFile](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstartupfile), path. This path is relative to the application root. Default value: ``undef`` ##### `passenger_restart_dir` Data type: `Optional[String]` Sets the [PassengerRestartDir](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerrestartdir), to customize the directory in which `restart.txt` is searched for. Default value: ``undef`` ##### `passenger_spawn_method` Data type: `Optional[Enum['direct', 'smart']]` Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerspawnmethod), whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism. Default value: ``undef`` ##### `passenger_load_shell_envvars` Data type: `Optional[Boolean]` Sets [PassengerLoadShellEnvvars](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerloadshellenvvars), to enable or disable the loading of shell environment variables before spawning the application. Default value: ``undef`` ##### `passenger_rolling_restarts` Data type: `Optional[Boolean]` Sets [PassengerRollingRestarts](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerrollingrestarts), to enable or disable support for zero-downtime application restarts through `restart.txt`. Default value: ``undef`` ##### `passenger_resist_deployment_errors` Data type: `Optional[Boolean]` Sets [PassengerResistDeploymentErrors](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerresistdeploymenterrors), to enable or disable resistance against deployment errors. Default value: ``undef`` ##### `passenger_user` Data type: `Optional[String]` Sets [PassengerUser](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengeruser), the running user for sandboxing applications. Default value: ``undef`` ##### `passenger_group` Data type: `Optional[String]` Sets [PassengerGroup](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengergroup), the running group for sandboxing applications. Default value: ``undef`` ##### `passenger_friendly_error_pages` Data type: `Optional[Boolean]` Sets [PassengerFriendlyErrorPages](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerfriendlyerrorpages), which can display friendly error pages whenever an application fails to start. This friendly error page presents the startup error message, some suggestions for solving the problem, a backtrace and a dump of the environment variables. Default value: ``undef`` ##### `passenger_min_instances` Data type: `Optional[Integer]` Sets [PassengerMinInstances](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermininstances), the minimum number of application processes to run. Default value: ``undef`` ##### `passenger_max_instances` Data type: `Optional[Integer]` Sets [PassengerMaxInstances](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxinstances), the maximum number of application processes to run. Default value: ``undef`` ##### `passenger_max_preloader_idle_time` Data type: `Optional[Integer]` Sets [PassengerMaxPreloaderIdleTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxpreloaderidletime), the maximum amount of time the preloader waits before shutting down an idle process. Default value: ``undef`` ##### `passenger_force_max_concurrent_requests_per_process` Data type: `Optional[Integer]` Sets [PassengerForceMaxConcurrentRequestsPerProcess](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerforcemaxconcurrentrequestsperprocess), the maximum amount of concurrent requests the application can handle per process. Default value: ``undef`` ##### `passenger_start_timeout` Data type: `Optional[Integer]` Sets [PassengerStartTimeout](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstarttimeout), the timeout for the application startup. Default value: ``undef`` ##### `passenger_concurrency_model` Data type: `Optional[Enum['process', 'thread']]` Sets [PassengerConcurrencyModel](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerconcurrencyodel), to specify the I/O concurrency model that should be used for Ruby application processes. Passenger supports two concurrency models:
* `process` - single-threaded, multi-processed I/O concurrency. * `thread` - multi-threaded, multi-processed I/O concurrency. Default value: ``undef`` ##### `passenger_thread_count` Data type: `Optional[Integer]` Sets [PassengerThreadCount](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerthreadcount), the number of threads that Passenger should spawn per Ruby application process.
This option only has effect if PassengerConcurrencyModel is `thread`. Default value: ``undef`` ##### `passenger_max_requests` Data type: `Optional[Integer]` Sets [PassengerMaxRequests](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequests), the maximum number of requests an application process will process. Default value: ``undef`` ##### `passenger_max_request_time` Data type: `Optional[Integer]` Sets [PassengerMaxRequestTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequesttime), the maximum amount of time, in seconds, that an application process may take to process a request. Default value: ``undef`` ##### `passenger_memory_limit` Data type: `Optional[Integer]` Sets [PassengerMemoryLimit](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermemorylimit), the maximum amount of memory that an application process may use, in megabytes. Default value: ``undef`` ##### `passenger_stat_throttle_rate` Data type: `Optional[Integer]` Sets [PassengerStatThrottleRate](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstatthrottlerate), to set a limit, in seconds, on how often Passenger will perform it's filesystem checks. Default value: ``undef`` ##### `passenger_pre_start` Data type: `Optional[Variant[String,Array[String]]]` Sets [PassengerPreStart](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerprestart), the URL of the application if pre-starting is required. Default value: ``undef`` ##### `passenger_high_performance` Data type: `Optional[Boolean]` Sets [PassengerHighPerformance](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerhighperformance), to enhance performance in return for reduced compatibility. Default value: ``undef`` ##### `passenger_buffer_upload` Data type: `Optional[Boolean]` Sets [PassengerBufferUpload](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbufferupload), to buffer HTTP client request bodies before they are sent to the application. Default value: ``undef`` ##### `passenger_buffer_response` Data type: `Optional[Boolean]` Sets [PassengerBufferResponse](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbufferresponse), to buffer Happlication-generated responses. Default value: ``undef`` ##### `passenger_error_override` Data type: `Optional[Boolean]` Sets [PassengerErrorOverride](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengererroroverride), to specify whether Apache will intercept and handle response with HTTP status codes of 400 and higher. Default value: ``undef`` ##### `passenger_max_request_queue_size` Data type: `Optional[Integer]` Sets [PassengerMaxRequestQueueSize](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequestqueuesize), to specify the maximum amount of requests that are allowed to queue whenever the maximum concurrent request limit is reached. If the queue is already at this specified limit, then Passenger immediately sends a "503 Service Unavailable" error to any incoming requests.
A value of 0 means that the queue size is unbounded. Default value: ``undef`` ##### `passenger_max_request_queue_time` Data type: `Optional[Integer]` Sets [PassengerMaxRequestQueueTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequestqueuetime), to specify the maximum amount of time that requests are allowed to stay in the queue whenever the maximum concurrent request limit is reached. If a request reaches this specified limit, then Passenger immeaditly sends a "504 Gateway Timeout" error for that request.
A value of 0 means that the queue time is unbounded. Default value: ``undef`` ##### `passenger_sticky_sessions` Data type: `Optional[Boolean]` Sets [PassengerStickySessions](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessions), to specify that, whenever possible, all requests sent by a client will be routed to the same originating application process. Default value: ``undef`` ##### `passenger_sticky_sessions_cookie_name` Data type: `Optional[String]` Sets [PassengerStickySessionsCookieName](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessionscookiename), to specify the name of the sticky sessions cookie. Default value: ``undef`` ##### `passenger_sticky_sessions_cookie_attributes` Data type: `Optional[String]` Sets [PassengerStickySessionsCookieAttributes](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessionscookieattributes), the attributes of the sticky sessions cookie. Default value: ``undef`` ##### `passenger_allow_encoded_slashes` Data type: `Optional[Boolean]` Sets [PassengerAllowEncodedSlashes](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerallowencodedslashes), to allow URLs with encoded slashes. Please note that this feature will not work properly unless Apache's `AllowEncodedSlashes` is also enabled. Default value: ``undef`` ##### `passenger_app_log_file` Data type: `Optional[String]` Sets [PassengerAppLogFile](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapplogfile), app specific messages logged to a different file in addition to Passenger log file. Default value: ``undef`` ##### `passenger_debugger` Data type: `Optional[Boolean]` Sets [PassengerDebugger](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerdebugger), to turn support for Ruby application debugging on or off. Default value: ``undef`` ##### `passenger_lve_min_uid` Data type: `Optional[Integer]` Sets [PassengerLveMinUid](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerlveminuid), to only allow the spawning of application processes with UIDs equal to, or higher than, this specified value on LVE-enabled kernels. Default value: ``undef`` ##### `php_values` Data type: `Any` Allows per-virtual host setting [`php_value`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Within a vhost declaration: ``` puppet php_values => [ 'include_path ".:/usr/local/example-app/include"' ], ``` Default value: `{}` ##### `php_flags` Data type: `Any` Allows per-virtual host setting [`php_flags\``](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Default value: `{}` ##### `php_admin_values` Data type: `Any` Allows per-virtual host setting [`php_admin_value`](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Default value: `{}` ##### `php_admin_flags` Data type: `Any` Allows per-virtual host setting [`php_admin_flag`](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Default value: `{}` ##### `port` Data type: `Any` Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only listens on the port set in this parameter. Default value: ``undef`` ##### `priority` Data type: `Any` Sets the relative load-order for Apache HTTPD VirtualHost configuration files.
If nothing matches the priority, the first name-based virtual host is used. Likewise, passing a higher priority causes the alphabetically first name-based virtual host to be used if no other names match.
> **Note:** You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'.
To omit the priority prefix in file names, pass a priority of `false`. Default value: ``undef`` ##### `protocols` Data type: `Array[Enum['h2', 'h2c', 'http/1.1']]` Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols) directive, which lists available protocols for the virutal host. Default value: `[]` ##### `protocols_honor_order` Data type: `Optional[Boolean]` Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder) directive which determines wether the order of Protocols sets precedence during negotiation. Default value: ``undef`` ##### `proxy_dest` Data type: `Any` Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Default value: ``undef`` ##### `proxy_pass` Data type: `Any` Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Optionally, parameters can be added as an array. ``` puppet apache::vhost { 'site.name.fdqn': ... proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}}, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, { 'path' => '/d', 'url' => 'http://backend-a/d', 'params' => { 'retry' => '0', 'timeout' => '5' }, }, { 'path' => '/e', 'url' => 'http://backend-a/e', 'keywords' => ['nocanon', 'interpolate'] }, { 'path' => '/f', 'url' => 'http://backend-f/', 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, { 'path' => '/g', 'url' => 'http://backend-g/', 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], }, { 'path' => '/h', 'url' => 'http://backend-h/h', 'no_proxy_uris' => ['/h/admin', '/h/server-status'] }, ], } ``` * `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string. * `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`. * `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings. * `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array. Default value: ``undef`` ##### `proxy_dest_match` Data type: `Any` This directive is equivalent to `proxy_dest`, but takes regular expressions, see [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. Default value: ``undef`` ##### `proxy_dest_reverse_match` Data type: `Any` Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See [ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) for details. Default value: ``undef`` ##### `proxy_pass_match` Data type: `Any` This directive is equivalent to `proxy_pass`, but takes regular expressions, see [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. Default value: ``undef`` ##### `redirect_dest` Data type: `Any` Specifies the address to redirect to. Default value: ``undef`` ##### `redirect_source` Data type: `Any` Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. ``` puppet apache::vhost { 'site.name.fdqn': ... redirect_source => ['/images','/downloads'], redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], } ``` Default value: `'/'` ##### `redirect_status` Data type: `Any` Specifies the status to append to the redirect. ``` puppet apache::vhost { 'site.name.fdqn': ... redirect_status => ['temp','permanent'], } ``` Default value: ``undef`` ##### `redirectmatch_regexp` Data type: `Any` Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as an array alongside redirectmatch_status and redirectmatch_dest. ``` puppet apache::vhost { 'site.name.fdqn': ... redirectmatch_status => ['404','404'], redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], } ``` Default value: ``undef`` ##### `redirectmatch_status` Data type: `Any` Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as an array alongside redirectmatch_regexp and redirectmatch_dest. ``` puppet apache::vhost { 'site.name.fdqn': ... redirectmatch_status => ['404','404'], redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], } ``` Default value: ``undef`` ##### `redirectmatch_dest` Data type: `Any` Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as an array alongside redirectmatch_status and redirectmatch_regexp. ``` puppet apache::vhost { 'site.name.fdqn': ... redirectmatch_status => ['404','404'], redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], } ``` Default value: ``undef`` ##### `request_headers` Data type: `Any` Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, and so on. ``` puppet apache::vhost { 'site.name.fdqn': ... request_headers => [ 'append MirrorID "mirror 12"', 'unset MirrorID', ], } ``` Default value: ``undef`` ##### `rewrites` Data type: `Optional[Array]` Creates URL rewrite rules. Expects an array of hashes.
Valid Hash keys include `comment`, `rewrite_base`, `rewrite_cond`, `rewrite_rule` or `rewrite_map`.
For example, you can specify that anyone trying to access index.html is served welcome.html ``` puppet apache::vhost { 'site.name.fdqn': ... rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] } ``` The parameter allows rewrite conditions that, when `true`, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE ``` puppet apache::vhost { 'site.name.fdqn': ... rewrites => [ { comment => 'redirect IE', rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], rewrite_rule => ['^index\.html$ welcome.html'], }, ], } ``` You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2) ``` puppet apache::vhost { 'site.name.fdqn': ... rewrites => [ { comment => 'Lynx or Mozilla v1/2', rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], rewrite_rule => ['^index\.html$ welcome.html'], }, ], } ``` Multiple rewrites and conditions are also possible ``` puppet apache::vhost { 'site.name.fdqn': ... rewrites => [ { comment => 'Lynx or Mozilla v1/2', rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], rewrite_rule => ['^index\.html$ welcome.html'], }, { comment => 'Internet Explorer', rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], rewrite_rule => ['^index\.html$ /index.IE.html [L]'], }, { rewrite_base => /apps/, rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], }, { comment => 'Rewrite to lower case', rewrite_cond => ['%{REQUEST_URI} [A-Z]'], rewrite_map => ['lc int:tolower'], rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], }, ], } ``` Refer to the [`mod_rewrite` documentation](https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html) for more details on what is possible with rewrite rules and conditions.
> **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the virtual host's directories. Default value: ``undef`` ##### `rewrite_base` Data type: `Any` The parameter [`rewrite_base`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase) specifies the URL prefix to be used for per-directory (htaccess) RewriteRule directives that substitue a relative path. Default value: ``undef`` ##### `rewrite_rule` Data type: `Any` The parameter [`rewrite_rile`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule) allows the user to define the rules that will be used by the rewrite engine. Default value: ``undef`` ##### `rewrite_cond` Data type: `Any` The parameter [`rewrite_cond`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond) defines a rule condition, that when satisfied will implement that rule within the rewrite engine. Default value: ``undef`` ##### `rewrite_inherit` Data type: `Any` Determines whether the virtual host inherits global rewrite rules.
Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or inside the virtual host `.conf` file. By default, virtual hosts do not inherit global settings. To activate inheritance, specify the `rewrites` parameter and set `rewrite_inherit` parameter to `true`: ``` puppet apache::vhost { 'site.name.fdqn': ... rewrites => [ , ], rewrite_inherit => `true`, } ``` > **Note**: The `rewrites` parameter is **required** for this to have effect
Apache activates global `Rewrite` rules inheritance if the virtual host files contains the following directives: ``` ApacheConf RewriteEngine On RewriteOptions Inherit ``` Refer to the official [`mod_rewrite`](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html) documentation, section "Rewriting in Virtual Hosts". Default value: ``false`` ##### `scriptalias` Data type: `Any` Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as '/usr/scripts'. Default value: ``undef`` ##### `scriptaliases` Data type: `Any` > **Note**: This parameter is deprecated in favor of the `aliases` parameter.
Passes an array of hashes to the virtual host to create either ScriptAlias or ScriptAliasMatch statements per the `mod_alias` documentation. ``` puppet scriptaliases => [ { alias => '/myscript', path => '/usr/share/myscript', }, { aliasmatch => '^/foo(.*)', path => '/usr/share/fooscripts$1', }, { aliasmatch => '^/bar/(.*)', path => '/usr/share/bar/wrapper.sh/$1', }, { alias => '/neatscript', path => '/usr/share/neatscript', }, ] ``` The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases before more general ones to avoid shadowing. Default value: `[]` ##### `serveradmin` Data type: `Any` Specifies the email address Apache displays when it renders one of its error pages. Default value: ``undef`` ##### `serveraliases` Data type: `Any` Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site. Default value: `[]` ##### `servername` Data type: `Any` Sets the servername corresponding to the hostname you connect to the virtual host at. Default value: `$name` ##### `setenv` Data type: `Any` Used by HTTPD to set environment variables for virtual hosts.
Example: ``` puppet apache::vhost { 'setenv.example.com': setenv => ['SPECIAL_PATH /foo/bin'], } ``` Default value: `[]` ##### `setenvif` Data type: `Any` Used by HTTPD to conditionally set environment variables for virtual hosts. Default value: `[]` ##### `setenvifnocase` Data type: `Any` Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching). Default value: `[]` ##### `suexec_user_group` Data type: `Optional[Pattern[/^[\w-]+ [\w-]+$/]]` Allows the spcification of user and group execution privileges for CGI programs through inclusion of the `mod_suexec` module. Default value: ``undef`` ##### `suphp_addhandler` Data type: `Any` Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG) working together with suphp_configpath and suphp_engine.
An example virtual host configuration with suPHP: ``` puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', suphp_addhandler => 'x-httpd-php', suphp_engine => 'on', suphp_configpath => '/etc/php5/apache2', directories => { path => '/home/appuser/myphpapp', 'suphp' => { user => 'myappuser', group => 'myappgroup' }, } } ``` Default value: `$apache::params::suphp_addhandler` ##### `suphp_configpath` Data type: `Any` Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG) working together with suphp_addhandler and suphp_engine.
An example virtual host configuration with suPHP: ``` puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', suphp_addhandler => 'x-httpd-php', suphp_engine => 'on', suphp_configpath => '/etc/php5/apache2', directories => { path => '/home/appuser/myphpapp', 'suphp' => { user => 'myappuser', group => 'myappgroup' }, } } ``` Default value: `$apache::params::suphp_configpath` ##### `suphp_engine` Data type: `Enum['on', 'off']` Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG) working together with suphp_configpath and suphp_addhandler.
An example virtual host configuration with suPHP: ``` puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', suphp_addhandler => 'x-httpd-php', suphp_engine => 'on', suphp_configpath => '/etc/php5/apache2', directories => { path => '/home/appuser/myphpapp', 'suphp' => { user => 'myappuser', group => 'myappgroup' }, } } ``` Default value: `$apache::params::suphp_engine` ##### `vhost_name` Data type: `Any` Enables name-based virtual hosting. If no IP is passed to the virtual host, but the virtual host is assigned a port, then the virtual host name is `vhost_name:port`. If the virtual host has no assigned IP or port, the virtual host name is set to the title of the resource. Default value: `'*'` ##### `virtual_docroot` Data type: `Any` Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, `http://example.com` would map to `/var/www/example.com`. Note that the `DocumentRoot` directive will not be present even though there is a value set for `docroot` in the manifest. See [`virtual_use_default_docroot`](#virtual_use_default_docroot) to change this behavior. ``` puppet apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', virtual_docroot => '/var/www/%-2+', docroot => '/var/www', serveraliases => ['*.loc',], } ``` Default value: ``false`` ##### `virtual_use_default_docroot` Data type: `Any` By default, when using `virtual_docroot`, the value of `docroot` is ignored. Setting this to `true` will mean both directives will be added to the configuration. ``` puppet apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', virtual_docroot => '/var/www/%-2+', docroot => '/var/www', virtual_use_default_docroot => true, serveraliases => ['*.loc',], } ``` Default value: ``false`` ##### `wsgi_daemon_process` Data type: `Optional[Variant[String,Hash]]` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process_options, wsgi_process_group, wsgi_script_aliases and wsgi_pass_authorization.
A hash that sets the name of the WSGI daemon, accepting [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html).
An example virtual host configuration with WSGI: ``` puppet apache::vhost { 'wsgi.example.com': port => '80', docroot => '/var/www/pythonapp', wsgi_daemon_process => 'wsgi', wsgi_daemon_process_options => { processes => '2', threads => '15', display-name => '%{GROUP}', }, wsgi_process_group => 'wsgi', wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, wsgi_chunked_request => 'On', } ``` Default value: ``undef`` ##### `wsgi_daemon_process_options` Data type: `Optional[Hash]` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_process_group, wsgi_script_aliases and wsgi_pass_authorization.
Sets the group ID that the virtual host runs under. Default value: ``undef`` ##### `wsgi_application_group` Data type: `Any` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, and wsgi_pass_authorization.
This parameter defines the [`WSGIApplicationGroup directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html), thus allowing you to specify which application group the WSGI application belongs to, with all WSGI applications within the same group executing within the context of the same Python sub interpreter. Default value: ``undef`` ##### `wsgi_import_script` Data type: `Any` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, and wsgi_pass_authorization.
This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html), which can be used in order to specify a script file to be loaded upon a process starting. Default value: ``undef`` ##### `wsgi_import_script_options` Data type: `Optional[Hash]` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, and wsgi_pass_authorization.
This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html), which can be used in order to specify a script file to be loaded upon a process starting.
Specifies the process and aplication groups of the script. Default value: ``undef`` ##### `wsgi_chunked_request` Data type: `Any` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, and wsgi_pass_authorization.
This parameter defines the [`WSGIChunkedRequest directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIChunkedRequest.html), allowing you to enable support for chunked request content.
WSGI is technically incapable of supporting chunked request content without all chunked request content having first been read in and buffered. Default value: ``undef`` ##### `wsgi_process_group` Data type: `Any` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_script_aliases and wsgi_pass_authorization.
Requires a hash of web paths to filesystem `.wsgi paths/`. Default value: ``undef`` ##### `wsgi_script_aliases` Data type: `Optional[Hash]` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, and wsgi_pass_authorization.
Uses the WSGI application to handle authorization instead of Apache when set to `On`.
For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Default value: ``undef`` ##### `wsgi_script_aliases_match` Data type: `Optional[Hash]` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, and wsgi_pass_authorization.
Uses the WSGI application to handle authorization instead of Apache when set to `On`.
This directive is similar to `wsgi_script_aliases`, but makes use of regular expressions in place of simple prefix matching.
For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Default value: ``undef`` ##### `wsgi_pass_authorization` Data type: `Optional[Enum['on', 'off', 'On', 'Off']]` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group and wsgi_script_aliases.
Enables support for chunked requests. Default value: ``undef`` ##### `directories` Data type: `Optional[Variant[Hash, Array[Variant[Array,Hash]]]]` The `directories` parameter within the `apache::vhost` class passes an array of hashes to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory), [File](https://httpd.apache.org/docs/current/mod/core.html#files), and [Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, `< Directory /path/to/directory>...< /Directory>`.
The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the `directory`, `files`, and `location` providers, or a regex for the `directorymatch`, `filesmatch`, or `locationmatch` providers. Each hash passed to `directories` **must** contain `path` as one of the keys.
The `provider` key is optional. If missing, this key defaults to `directory`. Values: `directory`, `files`, `proxy`, `location`, `directorymatch`, `filesmatch`, `proxymatch` or `locationmatch`. If you set `provider` to `directorymatch`, it uses the keyword `DirectoryMatch` in the Apache config file.
An example use of `directories`: ``` puppet apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ { 'path' => '/var/www/files', 'provider' => 'files', 'deny' => 'from all', }, ], } ``` > **Note:** At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter.
Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', handler => value } ], } ``` Any handlers you do not set in these hashes are considered `undefined` within Puppet and are not added to the virtual host, resulting in the module using their default values. Default value: ``undef`` ##### `custom_fragment` Pass a string of custom configuration directives to be placed at the end of the directory configuration. ``` puppet apache::vhost { 'monitor': ... directories => [ { path => '/path/to/directory', custom_fragment => ' SetHandler balancer-manager Order allow,deny Allow from all SetHandler server-status Order allow,deny Allow from all ProxyStatus On', }, ] } ``` Default value: ``undef`` ##### `error_documents` An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. ``` puppet apache::vhost { 'sample.example.net': directories => [ { path => '/srv/www', error_documents => [ { 'error_code' => '503', 'document' => '/service-unavail', }, ], }, ], } ``` Default value: `[]` ##### `h2_copy_files` Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive.
Note that you must declare `class {'apache::mod::http2': }` before using this directive. Default value: ``undef`` ##### `h2_push_resource` Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive.
Note that you must declare `class {'apache::mod::http2': }` before using this directive. Default value: `[]` ##### `headers` Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => { path => '/path/to/directory', headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', }, } ``` Default value: ``undef`` ##### `options` Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'], }, ], } ``` Default value: `['Indexes','FollowSymLinks','MultiViews']` ##### `shib_compat_valid_user` Data type: `Optional[String]` Default is Off, matching the behavior prior to this command's existence. Addresses a conflict when using Shibboleth in conjunction with other auth/auth modules by restoring `standard` Apache behavior when processing the `valid-user` and `user` Require rules. See the [`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions), and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess) topic for more details. This key is disabled if `apache::mod::shib` is not defined. Default value: ``undef`` ##### `ssl_options` Data type: `Any` String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the virtual host. ``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', ssl_options => '+ExportCertData', }, { path => '/path/to/different/dir', ssl_options => ['-StdEnvVars', '+ExportCertData'], }, ], } ``` Default value: ``undef`` ##### `additional_includes` Specifies paths to additional static, specific Apache configuration files in virtual host directories. ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/different/dir', additional_includes => ['/custom/path/includes', '/custom/path/another_includes',], }, ], } ``` Default value: `[]` ##### `gssapi` Specfies mod_auth_gssapi parameters for particular directories in a virtual host directory ```puppet include apache::mod::auth_gssapi apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/different/dir', gssapi => { credstore => 'keytab:/foo/bar.keytab', localname => 'Off', sslonly => 'On', } }, ], } ``` ##### `ssl` Data type: `Boolean` Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. Default value: ``false`` ##### `ssl_ca` Data type: `Any` Specifies the SSL certificate authority to be used to verify client certificates used for authentication. Default value: `$apache::default_ssl_ca` ##### `ssl_cert` Data type: `Any` Specifies the SSL certification. Default value: `$apache::default_ssl_cert` ##### `ssl_protocol` Data type: `Any` Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array or space separated string of accepted protocols. Default value: ``undef`` ##### `ssl_cipher` Data type: `Any` Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Default value: ``undef`` ##### `ssl_honorcipherorder` Data type: `Variant[Boolean, Enum['on', 'On', 'off', 'Off'], Undef]` Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), to cause Apache to use the server's preferred order of ciphers rather than the client's preferred order. Default value: ``undef`` ##### `ssl_certs_dir` Data type: `Any` Specifies the location of the SSL certification directory to verify client certs. Default value: `$apache::params::ssl_certs_dir` ##### `ssl_chain` Data type: `Any` Specifies the SSL chain. This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production. Default value: `$apache::default_ssl_chain` ##### `ssl_crl` Data type: `Any` Specifies the certificate revocation list to use. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) Default value: `$apache::default_ssl_crl` ##### `ssl_crl_path` Data type: `Any` Specifies the location of the certificate revocation list to verify certificates for client authentication with. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) Default value: `$apache::default_ssl_crl_path` ##### `ssl_crl_check` Data type: `Any` Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck) for ssl client authentication. The default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. Default value: `$apache::default_ssl_crl_check` ##### `ssl_key` Data type: `Any` Specifies the SSL key.
Defaults are based on your operating system. Default work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production. Default value: `$apache::default_ssl_key` ##### `ssl_verify_client` Data type: `Optional[Enum['none', 'optional', 'require', 'optional_no_ca']]` Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. ``` puppet apache::vhost { 'sample.example.net': ... ssl_verify_client => 'optional', } ``` Default value: ``undef`` ##### `ssl_verify_depth` Data type: `Any` Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. You must set `ssl_verify_client` for it to take effect. ``` puppet apache::vhost { 'sample.example.net': ... ssl_verify_client => 'require', ssl_verify_depth => 1, } ``` Default value: ``undef`` ##### `ssl_proxy_protocol` Data type: `Any` Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) directive, which controls which SSL protocol flavors `mod_ssl` should use when establishing its server environment for proxy. It connects to servers using only one of the provided protocols. Default value: ``undef`` ##### `ssl_proxy_verify` Data type: `Optional[Enum['none', 'optional', 'require', 'optional_no_ca']]` Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) directive, which configures certificate verification of the remote server when a proxy is configured to forward requests to a remote SSL server. Default value: ``undef`` ##### `ssl_proxy_verify_depth` Data type: `Optional[Integer[0]]` Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth) directive, which configures how deeply mod_ssl should verify before deciding that the remote server does not have a valid certificate.
A depth of 0 means that only self-signed remote server certificates are accepted, the default depth of 1 means the remote server certificate can be self-signed or signed by a CA that is directly known to the server. Default value: ``undef`` ##### `ssl_proxy_cipher_suite` Data type: `Any` Sets the [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite) directive, which controls cipher suites supported for ssl proxy traffic. Default value: ``undef`` ##### `ssl_proxy_ca_cert` Data type: `Any` Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile) directive, which specifies an all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose remote servers you deal with. These are used for Remote Server Authentication. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Default value: ``undef`` ##### `ssl_proxy_machine_cert` Data type: `Any` Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. ``` puppet apache::vhost { 'sample.example.net': ... ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem', } ``` Default value: ``undef`` ##### `ssl_proxy_machine_cert_chain` Data type: `Any` Sets the [SSLProxyMachineCertificateChainFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatechainfile) directive, which specifies an all-in-one file where you keep the certificate chain for all of the client certs in use. This directive will be needed if the remote server presents a list of CA certificates that are not direct signers of one of the configured client certificates. This referenced file is simply the concatenation of the various PEM-encoded certificate files. Upon startup, each client certificate configured will be examined and a chain of trust will be constructed. Default value: ``undef`` ##### `ssl_proxy_check_peer_cn` Data type: `Optional[Enum['on', 'off']]` Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Default value: ``undef`` ##### `ssl_proxy_check_peer_name` Data type: `Optional[Enum['on', 'off']]` Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Default value: ``undef`` ##### `ssl_proxy_check_peer_expire` Data type: `Optional[Enum['on', 'off']]` Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) directive, which specifies whether the remote server certificate is checked for expiration or not. Default value: ``undef`` ##### `ssl_options` Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given virtual host and can be a string or an array.
A string: ``` puppet apache::vhost { 'sample.example.net': ... ssl_options => '+ExportCertData', } ``` An array: ``` puppet apache::vhost { 'sample.example.net': ... ssl_options => ['+StrictRequire', '+ExportCertData'], } ``` Default value: ``undef`` ##### `ssl_openssl_conf_cmd` Data type: `Any` Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. Default value: ``undef`` ##### `ssl_proxyengine` Data type: `Boolean` Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Default value: ``false`` ##### `ssl_stapling` Data type: `Optional[Boolean]` Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). By default, uses what is set globally.
This parameter only applies to Apache 2.4 or higher and is ignored on older versions. Default value: ``undef`` ##### `ssl_stapling_timeout` Data type: `Any` Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive.
This parameter only applies to Apache 2.4 or higher and is ignored on older versions. Default value: ``undef`` ##### `ssl_stapling_return_errors` Data type: `Any` Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.
This parameter only applies to Apache 2.4 or higher and is ignored on older versions. Default value: ``undef`` ##### `ssl_user_name` Data type: `Optional[String]` Sets the [SSLUserName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusername) directive. Default value: ``undef`` ##### `ssl_reload_on_change` Data type: `Boolean` Enable reloading of apache if the content of ssl files have changed. Default value: `$apache::default_ssl_reload_on_change` ##### `use_canonical_name` Data type: `Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']]` Specifies whether to use the [`UseCanonicalName directive`](https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname), which allows you to configure how the server determines it's own name and port. Default value: ``undef`` ##### `define` Data type: `Hash` this lets you define configuration variables inside a vhost using [`Define`](https://httpd.apache.org/docs/2.4/mod/core.html#define), these can then be used to replace configuration values. All Defines are Undefined at the end of the VirtualHost. Default value: `{}` ##### `auth_oidc` Data type: `Boolean` Enable `mod_auth_openidc` parameters for OpenID Connect authentication. Default value: ``false`` ##### `oidc_settings` Data type: `Optional[Apache::OIDCSettings]` An Apache::OIDCSettings Struct containing (mod_auth_openidc settings)[https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf]. Default value: ``undef`` ##### `limitreqfields` Data type: `Optional[Integer]` The `limitreqfields` parameter sets the maximum number of request header fields in an HTTP request. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request. Default value: ``undef`` ##### `limitreqfieldsize` Data type: `Optional[Integer]` The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will be allowed within a request header. Default value: ``undef`` ##### `limitreqline` Data type: `Optional[Integer]` Limit the size of the HTTP request line that will be accepted from the client This directive sets the number of bytes that will be allowed on the HTTP request-line. The LimitRequestLine directive allows the server administrator to set the limit on the allowed size of a client's HTTP request-line. Since the request-line consists of the HTTP method, URI, and protocol version, the LimitRequestLine directive places a restriction on the length of a request-URI allowed for a request on the server. A server needs this value to be large enough to hold any of its resource names, including any information that might be passed in the query part of a GET request. Default value: ``undef`` ##### `limitreqbody` Data type: `Optional[Integer]` Restricts the total size of the HTTP request body sent from the client The LimitRequestBody directive allows the user to set a limit on the allowed size of an HTTP request message body within the context in which the directive is given (server, per-directory, per-file or per-location). If the client request exceeds that limit, the server will return an error response instead of servicing the request. Default value: ``undef`` ##### `$use_servername_for_filenames` When set to true, default log / config file names will be derived from the sanitized value of the $servername parameter. When set to false (default), the existing behaviour of using the $name parameter will remain. ##### `$use_port_for_filenames` When set to true and use_servername_for_filenames is also set to true, default log / config file names will be derived from the sanitized value of both the $servername and $port parameters. When set to false (default), the port is not included in the file names and may lead to duplicate declarations if two virtual hosts use the same domain. ##### `$mdomain` All the names in the list are managed as one Managed Domain (MD). mod_md will request one single certificate that is valid for all these names. ##### `use_servername_for_filenames` Data type: `Optional[Boolean]` Default value: ``false`` ##### `use_port_for_filenames` Data type: `Optional[Boolean]` Default value: ``false`` ##### `proxy_requests` Data type: `Boolean` Default value: ``false`` ##### `mdomain` Data type: `Optional[Variant[Boolean,String]]` Default value: ``undef`` ### `apache::vhost::custom` The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache. #### Parameters The following parameters are available in the `apache::vhost::custom` defined type: * [`content`](#content) * [`ensure`](#ensure) * [`priority`](#priority) * [`verify_config`](#verify_config) ##### `content` Data type: `Any` Sets the configuration file's content. ##### `ensure` Data type: `Any` Specifies if the virtual host file is present or absent. Default value: `'present'` ##### `priority` Data type: `Any` Sets the relative load order for Apache HTTPD VirtualHost configuration files. Default value: `'25'` ##### `verify_config` Data type: `Any` Specifies whether to validate the configuration file before notifying the Apache service. Default value: ``true`` ### `apache::vhost::fragment` Define a fragment within a vhost #### Examples ##### With a vhost without priority ```puppet include apache apache::vhost { 'myvhost': } apache::vhost::fragment { 'myfragment': vhost => 'myvhost', content => '# Foo', } ``` ##### With a vhost with priority ```puppet include apache apache::vhost { 'myvhost': priority => '42', } apache::vhost::fragment { 'myfragment': vhost => 'myvhost', priority => '42', content => '# Foo', } ``` ##### With a vhost with default vhost ```puppet include apache apache::vhost { 'myvhost': default_vhost => true, } apache::vhost::fragment { 'myfragment': vhost => 'myvhost', priority => '10', # default_vhost implies priority 10 content => '# Foo', } ``` ##### Adding a fragment to the built in default vhost ```puppet include apache apache::vhost::fragment { 'myfragment': vhost => 'default', priority => '15', content => '# Foo', } ``` #### Parameters The following parameters are available in the `apache::vhost::fragment` defined type: * [`vhost`](#vhost) * [`priority`](#priority) * [`content`](#content) * [`order`](#order) * [`port`](#port) ##### `vhost` Data type: `String[1]` The title of the vhost resource to append to ##### `priority` Data type: `Any` Set the priority to match the one `apache::vhost` sets. This must match the one `apache::vhost` sets or else the concat fragment won't be found. Default value: ``undef`` ##### `content` Data type: `Optional[String]` The content to put in the fragment. Only when it's non-empty the actual fragment will be created. Default value: ``undef`` ##### `order` Data type: `Integer[0]` The order to insert the fragment at Default value: `900` ##### `port` Data type: `Optional[Integer[0]]` Default value: ``undef`` ## Resource types ### `a2mod` Manage Apache 2 modules #### Properties The following properties are available in the `a2mod` type. ##### `ensure` Valid values: `present`, `absent` The basic property that the resource should be in. Default value: `present` #### Parameters The following parameters are available in the `a2mod` type. * [`identifier`](#identifier) * [`lib`](#lib) * [`name`](#name) * [`provider`](#provider) ##### `identifier` Module identifier string used by LoadModule. Default: module-name_module ##### `lib` The name of the .so library to be loaded ##### `name` namevar The name of the module to be managed ##### `provider` The specific backend to use for this `a2mod` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform. ## Functions ### `apache::apache_pw_hash` Type: Ruby 4.x API DEPRECATED. Use the function [`apache::pw_hash`](#apachepw_hash) instead. #### `apache::apache_pw_hash(Any *$args)` The apache::apache_pw_hash function. Returns: `Any` ##### `*args` Data type: `Any` ### `apache::bool2httpd` Type: Ruby 4.x API Transform a supposed boolean to On or Off. Passes all other values through. #### Examples ##### ```puppet $trace_enable = false $server_signature = 'mail' apache::bool2httpd($trace_enable) # returns 'Off' apache::bool2httpd($server_signature) # returns 'mail' apache::bool2httpd(undef) # returns 'Off' ``` #### `apache::bool2httpd(Any $arg)` The apache::bool2httpd function. Returns: `Any` Will return either `On` or `Off` if given a boolean value. Returns a string of any other given value. ##### Examples ###### ```puppet $trace_enable = false $server_signature = 'mail' apache::bool2httpd($trace_enable) # returns 'Off' apache::bool2httpd($server_signature) # returns 'mail' apache::bool2httpd(undef) # returns 'Off' ``` ##### `arg` Data type: `Any` The value to be converted into a string. ### `apache::pw_hash` Type: Ruby 4.x API Currently uses SHA-hashes, because although this format is considered insecure, it's the most secure format supported by the most platforms. #### `apache::pw_hash(String[1] $password)` Currently uses SHA-hashes, because although this format is considered insecure, it's the most secure format supported by the most platforms. Returns: `String` Returns the hash of the input that was given. ##### `password` Data type: `String[1]` The input that is to be hashed. ### `apache_pw_hash` Type: Ruby 4.x API DEPRECATED. Use the namespaced function [`apache::pw_hash`](#apachepw_hash) instead. #### `apache_pw_hash(Any *$args)` The apache_pw_hash function. Returns: `Any` ##### `*args` Data type: `Any` ### `bool2httpd` Type: Ruby 4.x API DEPRECATED. Use the namespaced function [`apache::bool2httpd`](#apachebool2httpd) instead. #### `bool2httpd(Any *$args)` The bool2httpd function. Returns: `Any` ##### `*args` Data type: `Any` ## Data types ### `Apache::LogLevel` A string that conforms to the Apache `LogLevel` syntax. Different levels can be specified for individual apache modules. ie. `[module:]level [module:level] ...` The levels are (in order of decreasing significance): * `emerg` * `alert` * `crit` * `error` * `warn` * `notice` * `info` * `debug` * `trace1` * `trace2` * `trace3` * `trace4` * `trace5` * `trace6` * `trace7` * `trace8` * **See also** * https://httpd.apache.org/docs/current/mod/core.html#loglevel Alias of ```puppet Pattern[/(emerg|alert|crit|error|warn|notice|info|debug|trace[1-8])/] ``` ### `Apache::OIDCSettings` https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf Alias of ```puppet Struct[{ Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl,Stdlib::HttpUrl,Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]], Optional['CryptoPassphrase'] => String, Optional['MetadataDir'] => String, Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl, Optional['ProviderIssuer'] => String, Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl, Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl, Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl, Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic','client_secret_post','client_secret_jwt','private_key_jwt','none'], Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl, Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl, Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl, Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl, Optional['ProviderBackChannelLogoutSupported'] => Enum['On','Off'], Optional['ProviderRegistrationEndpointJson'] => String, Optional['Scope'] => Pattern[/^[A-Za-z0-9\-\._\s]+$/], Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], Optional['SSLValidateServer'] => Enum['On','Off'], Optional['UserInfoRefreshInterval'] => Integer, Optional['JWKSRefreshInterval'] => Integer, Optional['UserInfoTokenMethod'] => Enum['authz_header','post_param'], Optional['ProviderAuthRequestMethod'] => Enum['GET','POST'], Optional['PublicKeyFiles'] => String, Optional['ResponseType'] => Enum['code','id_token','id_token token','code id_token','code token','code id_token token'], Optional['ResponseMode'] => Enum['fragment','query','form_post'], Optional['ClientID'] => String, Optional['ClientSecret'] => String, Optional['ClientTokenEndpointCert'] => String, Optional['ClientTokenEndpointKey'] => String, Optional['ClientName'] => String, Optional['ClientContact'] => String, Optional['PKCDMethod'] => Enum['plain','S256','referred_tb'], Optional['TokenBindingPolicy'] => Enum['disabled','optional','required','enforced'], Optional['ClientJwksUri'] => Stdlib::HTTPSUrl, Optional['IDTokenSignedResponseAlg'] => Enum['RS256','RS384','RS512','PS256','PS384','PS512','HS256','HS384','HS512','ES256','ES384','ES512'], Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5','A128KW','A256KW','RSA-OAEP'], Optional['IDTokenEncryptedResponseAlg'] => Enum['A128CBC-HS256','A256CBC-HS512','A256GCM'], Optional['UserInfoSignedResposeAlg'] => Enum['RS256','RS384','RS512','PS256','PS384','PS512','HS256','HS384','HS512','ES256','ES384','ES512'], Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5','A128KW','A256KW','RSA-OAEP'], Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256','A256CBC-HS512','A256GCM'], Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl, Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl, Optional['OAuthClientID'] => String, Optional['OAuthClientSecret'] => String, Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic','client_secret_post','client_secret_jwt','private_key_jwt','bearer_access_token','none'], Optional['OAuthIntrospectionClientAuthBearerToken'] => String, Optional['OAuthIntrospectionEndpointCert'] => String, Optional['OAuthIntrospectionEndpointKey'] => String, Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST','GET'], Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], Optional['OAuthIntrospectionTokenParamName'] => String, Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s(absolute|relative)\s(mandatory|optional)$/], Optional['OAuthSSLValidateServer'] => Enum['On','Off'], Optional['OAuthVerifySharedKeys'] => String, Optional['OAuthVerifyCertFiles'] => String, Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl, Optional['OAuthRemoteUserClaim'] => String, Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/], Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled','optional','required','enforced'], Optional['Cookie'] => String, Optional['SessionCookieChunkSize'] => Integer, Optional['CookieHTTPOnly'] => Enum['On','Off'], Optional['CookieSameSite'] => Enum['On','Off'], Optional['PassCookies'] => String, Optional['StripCookies'] => String, Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+\s(false|true)$/], Optional['SessionInactivityTimeout'] => Integer, Optional['SessionMaxDuration'] => Integer, Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent)?)$/], Optional['SessionCacheFallbackToCookie'] => Enum['On','Off'], Optional['CacheType'] => Enum['shm','memcache','file','redis'], Optional['CacheEncrypt'] => Enum['On','Off'], Optional['CacheShmMax'] => Integer, Optional['CacheShmEntrySizeMax'] => Integer, Optional['CacheFileCleanInterval'] => Integer, Optional['MemCacheServers'] => String, Optional['RedisCacheServer'] => String, Optional['RedisCachePassword'] => String, Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl,Stdlib::HttpUrl], Optional['HTMLErrorTemplate'] => String, Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl,Stdlib::HttpUrl], Optional['PathScope'] => Pattern[/^[A-Za-z0-9\-\._\s]+$/], Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], Optional['IDTokenIatSlack'] => Integer, Optional['ClaimPrefix'] => String, Optional['ClaimDelimiter'] => Pattern[/^.$/], Optional['RemoteUserClaim'] => String, Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/], Optional['PassUserInfoAs'] => Pattern[/^((claims|json|jwt)\s?)+$/], Optional['PassClaimsAs'] => Enum['none','headers','environment','both'], Optional['AuthNHeader'] => String, Optional['HTTPTimeoutLong'] => Integer, Optional['HTTPTimeoutShort'] => Integer, Optional['StateTimeout'] => Integer, Optional['ScrubRequestHeaders'] => Enum['On','Off'], Optional['OutgoingProxy'] => String, Optional['UnAuthAction'] => Enum['auth','pass','401','410'], Optional['UnAuthzAction'] => Enum['401','403','auth'], Optional['PreservePost'] => Enum['On','Off'], Optional['PassRefreshToken'] => Enum['On','Off'], Optional['RequestObject'] => String, Optional['ProviderMetadataRefreshInterval'] => Integer, Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|userinfo|refresh_token|session)\s?)+$/], Optional['BlackListedClaims'] => String, Optional['WhiteListedClaims'] => String, Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\slogout_on_error)?$/], }] ``` ## Tasks ### `init` Allows you to perform apache service functions **Supports noop?** false #### Parameters ##### `action` Data type: `Enum[reload]` Action to perform ##### `service_name` Data type: `Optional[String[1]]` The name of the apache service diff --git a/metadata.json b/metadata.json index cb0506cf..29255598 100644 --- a/metadata.json +++ b/metadata.json @@ -1,91 +1,91 @@ { "name": "puppetlabs-apache", - "version": "6.5.1", + "version": "7.0.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", "source": "https://github.com/puppetlabs/puppetlabs-apache", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "dependencies": [ { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.13.1 < 9.0.0" }, { "name": "puppetlabs/concat", "version_requirement": ">= 2.2.1 < 8.0.0" } ], "operatingsystem_support": [ { "operatingsystem": "RedHat", "operatingsystemrelease": [ "6", "7", "8" ] }, { "operatingsystem": "CentOS", "operatingsystemrelease": [ "6", "7", "8" ] }, { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ "6", "7" ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ "6", "7" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ "9", "10", "11" ] }, { "operatingsystem": "SLES", "operatingsystemrelease": [ "12", "15" ] }, { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ "16.04", "18.04", "20.04" ] }, { "operatingsystem": "Rocky", "operatingsystemrelease": [ "8" ] } ], "requirements": [ { "name": "puppet", "version_requirement": ">= 6.0.0 < 8.0.0" } ], "description": "Module for Apache configuration", "pdk-version": "2.1.0", "template-url": "https://github.com/puppetlabs/pdk-templates.git#main", "template-ref": "heads/main-0-g03daa92" } diff --git a/pdk.yaml b/pdk.yaml new file mode 100644 index 00000000..4bef4bd0 --- /dev/null +++ b/pdk.yaml @@ -0,0 +1,2 @@ +--- +ignore: []