diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index aa16f184..ced1d93e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,71 +1,71 @@ name: "release" on: push: branches: - 'release' jobs: LitmusAcceptancePuppet5: env: HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 HONEYCOMB_DATASET: litmus tests runs-on: self-hosted strategy: matrix: ruby_version: [2.5.x] puppet_gem_version: [~> 6.0] platform: [release_checks_5] agent_family: ['puppet5'] steps: - uses: actions/checkout@v1 - name: Litmus Parallel - uses: puppetlabs/action-litmus_parallel@master + uses: puppetlabs/action-litmus_parallel@main with: platform: ${{ matrix.platform }} agent_family: ${{ matrix.agent_family }} LitmusAcceptancePuppet6: env: HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 HONEYCOMB_DATASET: litmus tests runs-on: self-hosted strategy: matrix: ruby_version: [2.5.x] puppet_gem_version: [~> 6.0] platform: [release_checks_6] agent_family: ['puppet6'] steps: - uses: actions/checkout@v1 - name: Litmus Parallel - uses: puppetlabs/action-litmus_parallel@master + uses: puppetlabs/action-litmus_parallel@main with: platform: ${{ matrix.platform }} agent_family: ${{ matrix.agent_family }} Spec: runs-on: self-hosted strategy: matrix: check: [parallel_spec, 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop'] ruby_version: [2.4.x, 2.5.x] puppet_gem_version: [~> 5.0, ~> 6.0] exclude: - puppet_gem_version: ~> 5.0 check: 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop' - ruby_version: 2.4.x puppet_gem_version: ~> 6.0 - ruby_version: 2.5.x puppet_gem_version: ~> 5.0 steps: - uses: actions/checkout@v1 - name: Spec Tests - uses: puppetlabs/action-litmus_spec@master + uses: puppetlabs/action-litmus_spec@main with: puppet_gem_versionm: ${{ matrix.puppet_gem_version }} check: ${{ matrix.check }} diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index 7ad3cbaf..382b2761 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -1,64 +1,64 @@ name: "weekly" on: schedule: - cron: '0 4 * * 1' jobs: LitmusAcceptancePuppet5: env: HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 HONEYCOMB_DATASET: litmus tests runs-on: self-hosted strategy: matrix: ruby_version: [2.5.x] puppet_gem_version: [~> 6.0] platform: [release_checks_5] agent_family: ['puppet5'] steps: - uses: actions/checkout@v1 - name: Litmus Parallel - uses: puppetlabs/action-litmus_parallel@master + uses: puppetlabs/action-litmus_parallel@main with: platform: ${{ matrix.platform }} agent_family: ${{ matrix.agent_family }} LitmusAcceptancePuppet6: env: HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 HONEYCOMB_DATASET: litmus tests runs-on: self-hosted strategy: matrix: ruby_version: [2.5.x] puppet_gem_version: [~> 6.0] platform: [release_checks_6] agent_family: ['puppet6'] steps: - uses: actions/checkout@v1 - name: Litmus Parallel - uses: puppetlabs/action-litmus_parallel@master + uses: puppetlabs/action-litmus_parallel@main with: platform: ${{ matrix.platform }} agent_family: ${{ matrix.agent_family }} Spec: runs-on: self-hosted strategy: matrix: check: [parallel_spec, 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop'] ruby_version: [2.5.x] puppet_gem_version: [~> 5.0, ~> 6.0] exclude: - puppet_gem_version: ~> 5.0 check: 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop' - ruby_version: 2.5.x puppet_gem_version: ~> 5.0 steps: - uses: actions/checkout@v1 - name: Spec Tests - uses: puppetlabs/action-litmus_spec@master + uses: puppetlabs/action-litmus_spec@main with: puppet_gem_version: ${{ matrix.puppet_gem_version }} check: ${{ matrix.check }} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1a9fb3a5..9c171f99 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,271 +1,271 @@ # Contributing to Puppet modules So you want to contribute to a Puppet module: Great! Below are some instructions to get you started doing that very thing while setting expectations around code quality as well as a few tips for making the process as easy as possible. ### Table of Contents 1. [Getting Started](#getting-started) 1. [Commit Checklist](#commit-checklist) 1. [Submission](#submission) 1. [More about commits](#more-about-commits) 1. [Testing](#testing) - [Running Tests](#running-tests) - [Writing Tests](#writing-tests) 1. [Get Help](#get-help) ## Getting Started - Fork the module repository on GitHub and clone to your workspace - Make your changes! ## Commit Checklist ### The Basics - [x] my commit is a single logical unit of work - [x] I have checked for unnecessary whitespace with "git diff --check" - [x] my commit does not include commented out code or unneeded files ### The Content - [x] my commit includes tests for the bug I fixed or feature I added - [x] my commit includes appropriate documentation changes if it is introducing a new feature or changing existing functionality - [x] my code passes existing test suites ### The Commit Message - [x] the first line of my commit message includes: - [x] an issue number (if applicable), e.g. "(MODULES-xxxx) This is the first line" - [x] a short description (50 characters is the soft limit, excluding ticket number(s)) - [x] the body of my commit message: - [x] is meaningful - [x] uses the imperative, present tense: "change", not "changed" or "changes" - [x] includes motivation for the change, and contrasts its implementation with the previous behavior ## Submission ### Pre-requisites - Make sure you have a [GitHub account](https://github.com/join) - [Create a ticket](https://tickets.puppet.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppet.com/browse/) you are patching for. ### Push and PR - Push your changes to your fork - [Open a Pull Request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/) against the repository in the puppetlabs organization ## More about commits 1. Make separate commits for logically separate changes. Please break your commits down into logically consistent units which include new or changed tests relevant to the rest of the change. The goal of doing this is to make the diff easier to read for whoever is reviewing your code. In general, the easier your diff is to read, the more likely someone will be happy to review it and get it into the code base. If you are going to refactor a piece of code, please do so as a separate commit from your feature or bug fix changes. We also really appreciate changes that include tests to make sure the bug is not re-introduced, and that the feature is not accidentally broken. Describe the technical detail of the change(s). If your description starts to get too long, that is a good sign that you probably need to split up your commit into more finely grained pieces. Commits which plainly describe the things which help reviewers check the patch and future developers understand the code are much more likely to be merged in with a minimum of bike-shedding or requested changes. Ideally, the commit message would include information, and be in a form suitable for inclusion in the release notes for the version of Puppet that includes them. Please also check that you are not introducing any trailing whitespace or other "whitespace errors". You can do this by running "git diff --check" on your changes before you commit. 2. Sending your patches To submit your changes via a GitHub pull request, we _highly_ recommend that you have them on a topic branch, instead of - directly on "master". + directly on "main". It makes things much easier to keep track of, especially if you decide to work on another thing before your first change is merged in. GitHub has some pretty good [general documentation](http://help.github.com/) on using their site. They also have documentation on [creating pull requests](https://help.github.com/articles/creating-a-pull-request-from-a-fork/). In general, after pushing your topic branch up to your repository on GitHub, you can switch to the branch in the GitHub UI and click "Pull Request" towards the top of the page in order to open a pull request. 3. Update the related JIRA issue. If there is a JIRA issue associated with the change you submitted, then you should update the ticket to include the location of your branch, along with any other commentary you may wish to make. # Testing ## Getting Started Our Puppet modules provide [`Gemfile`](./Gemfile)s, which can tell a Ruby package manager such as [bundler](http://bundler.io/) what Ruby packages, or Gems, are required to build, develop, and test this software. Please make sure you have [bundler installed](http://bundler.io/#getting-started) on your system, and then use it to install all dependencies needed for this project in the project root by running ```shell % bundle install --path .bundle/gems Fetching gem metadata from https://rubygems.org/........ Fetching gem metadata from https://rubygems.org/.. Using rake (10.1.0) Using builder (3.2.2) -- 8><-- many more --><8 -- Using rspec-system-puppet (2.2.0) Using serverspec (0.6.3) Using rspec-system-serverspec (1.0.0) Using bundler (1.3.5) Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed. ``` NOTE: some systems may require you to run this command with sudo. If you already have those gems installed, make sure they are up-to-date: ```shell % bundle update ``` ## Running Tests With all dependencies in place and up-to-date, run the tests: ### Unit Tests ```shell % bundle exec rake spec ``` This executes all the [rspec tests](http://rspec-puppet.com/) in the directories defined [here](https://github.com/puppetlabs/puppetlabs_spec_helper/blob/699d9fbca1d2489bff1736bb254bb7b7edb32c74/lib/puppetlabs_spec_helper/rake_tasks.rb#L17) and so on. rspec tests may have the same kind of dependencies as the module they are testing. Although the module defines these dependencies in its [metadata.json](./metadata.json), rspec tests define them in [.fixtures.yml](./fixtures.yml). ### Acceptance Tests Some Puppet modules also come with acceptance tests, which use [beaker][]. These tests spin up a virtual machine under [VirtualBox](https://www.virtualbox.org/), controlled with [Vagrant](http://www.vagrantup.com/), to simulate scripted test scenarios. In order to run these, you need both Virtualbox and Vagrant installed on your system. Run the tests by issuing the following command ```shell % bundle exec rake spec_clean % bundle exec rspec spec/acceptance ``` This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), install Puppet, copy this module, and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) and then run all the tests under [spec/acceptance](./spec/acceptance). ## Writing Tests ### Unit Tests When writing unit tests for Puppet, [rspec-puppet][] is your best friend. It provides tons of helper methods for testing your manifests against a catalog (e.g. contain_file, contain_package, with_params, etc). It would be ridiculous to try and top rspec-puppet's [documentation][rspec-puppet_docs] but here's a tiny sample: Sample manifest: ```puppet file { "a test file": ensure => present, path => "/etc/sample", } ``` Sample test: ```ruby it 'does a thing' do expect(subject).to contain_file("a test file").with({:path => "/etc/sample"}) end ``` ### Acceptance Tests Writing acceptance tests for Puppet involves [beaker][] and its cousin [beaker-rspec][]. A common pattern for acceptance tests is to create a test manifest, apply it twice to check for idempotency or errors, then run expectations. ```ruby it 'does an end-to-end thing' do pp = <<-EOF file { 'a test file': ensure => present, path => "/etc/sample", content => "test string", } apply_manifest(pp, :catch_failures => true) apply_manifest(pp, :catch_changes => true) end describe file("/etc/sample") do it { is_expected.to contain "test string" } end ``` # If you have commit access to the repository Even if you have commit access to the repository, you still need to go through the process above, and have someone else review and merge in your changes. The rule is that **all changes must be reviewed by a project developer that did not write the code to ensure that all changes go through a code review process.** The record of someone performing the merge is the record that they performed the code review. Again, this should be someone other than the author of the topic branch. # Get Help ### On the web * [Puppet help messageboard](http://puppet.com/community/get-help) * [Writing tests](https://docs.puppet.com/guides/module_guides/bgtm.html#step-three-module-testing) * [General GitHub documentation](http://help.github.com/) * [GitHub pull request documentation](http://help.github.com/send-pull-requests/) ### On chat * Slack (slack.puppet.com) #forge-modules, #puppet-dev, #windows, #voxpupuli * IRC (freenode) #puppet-dev, #voxpupuli [rspec-puppet]: http://rspec-puppet.com/ [rspec-puppet_docs]: http://rspec-puppet.com/documentation/ [beaker]: https://github.com/puppetlabs/beaker [beaker-rspec]: https://github.com/puppetlabs/beaker-rspec diff --git a/README.md b/README.md index 84b73b7d..ffa93dd1 100755 --- a/README.md +++ b/README.md @@ -1,1008 +1,1008 @@ # apache [Module description]: #module-description [Setup]: #setup [Beginning with Apache]: #beginning-with-apache [Usage]: #usage [Configuring virtual hosts]: #configuring-virtual-hosts [Configuring virtual hosts with SSL]: #configuring-virtual-hosts-with-ssl [Configuring virtual host port and address bindings]: #configuring-virtual-host-port-and-address-bindings [Configuring virtual hosts for apps and processors]: #configuring-virtual-hosts-for-apps-and-processors [Configuring IP-based virtual hosts]: #configuring-ip-based-virtual-hosts [Installing Apache modules]: #installing-apache-modules [Installing arbitrary modules]: #installing-arbitrary-modules [Installing specific modules]: #installing-specific-modules [Configuring FastCGI servers]: #configuring-fastcgi-servers-to-handle-php-files [Load balancing examples]: #load-balancing-examples [apache affects]: #what-the-apache-module-affects [Reference]: #reference [Limitations]: #limitations [Development]: #development [Contributing]: #contributing [`AddDefaultCharset`]: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset [`add_listen`]: #add_listen [`Alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#alias [`AliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#aliasmatch [aliased servers]: https://httpd.apache.org/docs/current/urlmapping.html [`AllowEncodedSlashes`]: https://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes [`apache`]: #class-apache [`apache_version`]: #apache_version [`apache::balancer`]: #defined-type-apachebalancer [`apache::balancermember`]: #defined-type-apachebalancermember [`apache::fastcgi::server`]: #defined-type-apachefastcgiserver [`apache::mod`]: #defined-type-apachemod [`apache::mod::`]: #classes-apachemodmodule-name [`apache::mod::alias`]: #class-apachemodalias [`apache::mod::auth_cas`]: #class-apachemodauth_cas [`apache::mod::auth_mellon`]: #class-apachemodauth_mellon [`apache::mod::authn_dbd`]: #class-apachemodauthn_dbd [`apache::mod::authnz_ldap`]: #class-apachemodauthnz_ldap [`apache::mod::cluster`]: #class-apachemodcluster [`apache::mod::data]: #class-apachemoddata [`apache::mod::disk_cache`]: #class-apachemoddisk_cache [`apache::mod::dumpio`]: #class-apachemoddumpio [`apache::mod::event`]: #class-apachemodevent [`apache::mod::ext_filter`]: #class-apachemodext_filter [`apache::mod::geoip`]: #class-apachemodgeoip [`apache::mod::http2`]: #class-apachemodhttp2 [`apache::mod::itk`]: #class-apachemoditk [`apache::mod::jk`]: #class-apachemodjk [`apache::mod::ldap`]: #class-apachemodldap [`apache::mod::passenger`]: #class-apachemodpassenger [`apache::mod::peruser`]: #class-apachemodperuser [`apache::mod::prefork`]: #class-apachemodprefork [`apache::mod::proxy`]: #class-apachemodproxy [`apache::mod::proxy_balancer`]: #class-apachemodproxybalancer [`apache::mod::proxy_fcgi`]: #class-apachemodproxy_fcgi [`apache::mod::proxy_html`]: #class-apachemodproxy_html [`apache::mod::python`]: #class-apachemodpython [`apache::mod::security`]: #class-apachemodsecurity [`apache::mod::shib`]: #class-apachemodshib [`apache::mod::ssl`]: #class-apachemodssl [`apache::mod::status`]: #class-apachemodstatus [`apache::mod::userdir`]: #class-apachemoduserdir [`apache::mod::worker`]: #class-apachemodworker [`apache::mod::wsgi`]: #class-apachemodwsgi [`apache::params`]: #class-apacheparams [`apache::version`]: #class-apacheversion [`apache::vhost`]: #defined-type-apachevhost [`apache::vhost::custom`]: #defined-type-apachevhostcustom [`apache::vhost::WSGIImportScript`]: #wsgiimportscript [Apache HTTP Server]: https://httpd.apache.org [Apache modules]: https://httpd.apache.org/docs/current/mod/ [array]: https://docs.puppet.com/puppet/latest/reference/lang_data_array.html [audit log]: https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats#audit-log [beaker-rspec]: https://github.com/puppetlabs/beaker-rspec [certificate revocation list]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationfile [certificate revocation list path]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationpath [common gateway interface]: https://httpd.apache.org/docs/current/howto/cgi.html [`confd_dir`]: #confd_dir [`content`]: #content [CONTRIBUTING.md]: CONTRIBUTING.md [custom error documents]: https://httpd.apache.org/docs/current/custom-error.html [`custom_fragment`]: #custom_fragment [`default_mods`]: #default_mods [`default_ssl_crl`]: #default_ssl_crl [`default_ssl_crl_path`]: #default_ssl_crl_path [`default_ssl_vhost`]: #default_ssl_vhost [`dev_packages`]: #dev_packages [`directory`]: #directory [`directories`]: #parameter-directories-for-apachevhost [`DirectoryIndex`]: https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex [`docroot`]: #docroot [`docroot_owner`]: #docroot_owner [`docroot_group`]: #docroot_group [`DocumentRoot`]: https://httpd.apache.org/docs/current/mod/core.html#documentroot [`EnableSendfile`]: https://httpd.apache.org/docs/current/mod/core.html#enablesendfile [enforcing mode]: http://selinuxproject.org/page/Guide/Mode [`ensure`]: https://docs.puppet.com/latest/type.html#package-attribute-ensure [`error_log_file`]: #error_log_file [`error_log_syslog`]: #error_log_syslog [`error_log_pipe`]: #error_log_pipe [`ExpiresByType`]: https://httpd.apache.org/docs/current/mod/mod_expires.html#expiresbytype [exported resources]: http://docs.puppet.com/latest/reference/lang_exported.md [`ExtendedStatus`]: https://httpd.apache.org/docs/current/mod/core.html#extendedstatus [Facter]: http://docs.puppet.com/facter/ [FastCGI]: http://www.fastcgi.com/ [FallbackResource]: https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource [`fallbackresource`]: #fallbackresource [`FileETag`]: https://httpd.apache.org/docs/current/mod/core.html#fileetag [filter rules]: https://httpd.apache.org/docs/current/filter.html [`filters`]: #filters [`ForceType`]: https://httpd.apache.org/docs/current/mod/core.html#forcetype [GeoIPScanProxyHeaders]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives [`gentoo/puppet-portage`]: https://github.com/gentoo/puppet-portage [Hash]: https://docs.puppet.com/puppet/latest/reference/lang_data_hash.html [`HttpProtocolOptions`]: http://httpd.apache.org/docs/current/mod/core.html#httpprotocoloptions [IAC Team]: https://puppetlabs.github.io/iac/ [`IncludeOptional`]: https://httpd.apache.org/docs/current/mod/core.html#includeoptional [`Include`]: https://httpd.apache.org/docs/current/mod/core.html#include [interval syntax]: https://httpd.apache.org/docs/current/mod/mod_expires.html#AltSyn [`ip`]: #ip [`ip_based`]: #ip_based [IP-based virtual hosts]: https://httpd.apache.org/docs/current/vhosts/ip-based.html [`KeepAlive`]: https://httpd.apache.org/docs/current/mod/core.html#keepalive [`KeepAliveTimeout`]: https://httpd.apache.org/docs/current/mod/core.html#keepalivetimeout [`keepalive` parameter]: #keepalive [`keepalive_timeout`]: #keepalive_timeout [`limitreqfieldsize`]: https://httpd.apache.org/docs/current/mod/core.html#limitrequestfieldsize [`limitreqfields`]: http://httpd.apache.org/docs/current/mod/core.html#limitrequestfields [`lib`]: #lib [`lib_path`]: #lib_path [`Listen`]: https://httpd.apache.org/docs/current/bind.html [`ListenBackLog`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#listenbacklog [`LoadFile`]: https://httpd.apache.org/docs/current/mod/mod_so.html#loadfile [`LogFormat`]: https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat [`logroot`]: #logroot [Log security]: https://httpd.apache.org/docs/current/logs.html#security [`manage_docroot`]: #manage_docroot [`manage_user`]: #manage_user [`manage_group`]: #manage_group [`supplementary_groups`]: #supplementary_groups [`MaxConnectionsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxconnectionsperchild [`max_keepalive_requests`]: #max_keepalive_requests [`MaxRequestWorkers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxrequestworkers [`MaxSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxsparethreads [MIME `content-type`]: https://www.iana.org/assignments/media-types/media-types.xhtml [`MinSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#minsparethreads [`mod_alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html [`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas [`mod_auth_kerb`]: http://modauthkerb.sourceforge.net/configure.html [`mod_auth_gssapi`]: https://github.com/modauthgssapi/mod_auth_gssapi [`mod_authnz_external`]: https://github.com/phokz/mod-auth-external [`mod_auth_dbd`]: http://httpd.apache.org/docs/current/mod/mod_authn_dbd.html [`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon [`mod_dbd`]: http://httpd.apache.org/docs/current/mod/mod_dbd.html [`mod_disk_cache`]: https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html [`mod_dumpio`]: https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html [`mod_env`]: http://httpd.apache.org/docs/current/mod/mod_env.html [`mod_expires`]: https://httpd.apache.org/docs/current/mod/mod_expires.html [`mod_ext_filter`]: https://httpd.apache.org/docs/current/mod/mod_ext_filter.html [`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html [`mod_geoip`]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/ [`mod_http2`]: https://httpd.apache.org/docs/current/mod/mod_http2.html [`mod_info`]: https://httpd.apache.org/docs/current/mod/mod_info.html [`mod_ldap`]: https://httpd.apache.org/docs/2.2/mod/mod_ldap.html [`mod_mpm_event`]: https://httpd.apache.org/docs/current/mod/event.html [`mod_negotiation`]: https://httpd.apache.org/docs/current/mod/mod_negotiation.html [`mod_pagespeed`]: https://developers.google.com/speed/pagespeed/module/?hl=en [`mod_passenger`]: https://www.phusionpassenger.com/library/config/apache/reference/ [`mod_php`]: http://php.net/manual/en/book.apache.php [`mod_proxy`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html [`mod_proxy_balancer`]: https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html [`mod_reqtimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html [`mod_python`]: http://modpython.org/ [`mod_rewrite`]: https://httpd.apache.org/docs/current/mod/mod_rewrite.html [`mod_security`]: https://www.modsecurity.org/ [`mod_ssl`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html [`mod_status`]: https://httpd.apache.org/docs/current/mod/mod_status.html [`mod_version`]: https://httpd.apache.org/docs/current/mod/mod_version.html [`mod_wsgi`]: https://modwsgi.readthedocs.org/en/latest/ [module contribution guide]: https://docs.puppet.com/forge/contributing.html [`mpm_module`]: #mpm_module [multi-processing module]: https://httpd.apache.org/docs/current/mpm.html [name-based virtual hosts]: https://httpd.apache.org/docs/current/vhosts/name-based.html [`no_proxy_uris`]: #no_proxy_uris [open source Puppet]: https://docs.puppet.com/puppet/ [`Options`]: https://httpd.apache.org/docs/current/mod/core.html#options [`path`]: #path [`Peruser`]: https://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr [`port`]: #port [`priority`]: #defined-types-apachevhost [`proxy_dest`]: #proxy_dest [`proxy_dest_match`]: #proxy_dest_match [`proxy_pass`]: #proxy_pass [`ProxyPass`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass [`ProxySet`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset [Puppet Enterprise]: https://docs.puppet.com/pe/ [Puppet Forge]: https://forge.puppet.com [Puppet]: https://puppet.com [Puppet module]: https://docs.puppet.com/puppet/latest/reference/modules_fundamentals.html -[Puppet module's code]: https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp +[Puppet module's code]: https://github.com/puppetlabs/puppetlabs-apache/blob/main/manifests/default_mods.pp [`purge_configs`]: #purge_configs [`purge_vhost_dir`]: #purge_vhost_dir [Python]: https://www.python.org/ [Rack]: http://rack.github.io/ [`rack_base_uris`]: #rack_base_uris [RFC 2616]: https://www.ietf.org/rfc/rfc2616.txt [`RequestReadTimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html#requestreadtimeout [rspec-puppet]: http://rspec-puppet.com/ [`ScriptAlias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptalias [`ScriptAliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptaliasmatch [`scriptalias`]: #scriptalias [SELinux]: http://selinuxproject.org/ [`ServerAdmin`]: https://httpd.apache.org/docs/current/mod/core.html#serveradmin [`serveraliases`]: #serveraliases [`ServerLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#serverlimit [`ServerName`]: https://httpd.apache.org/docs/current/mod/core.html#servername [`ServerRoot`]: https://httpd.apache.org/docs/current/mod/core.html#serverroot [`ServerTokens`]: https://httpd.apache.org/docs/current/mod/core.html#servertokens [`ServerSignature`]: https://httpd.apache.org/docs/current/mod/core.html#serversignature [Service attribute restart]: http://docs.puppet.com/latest/type.html#service-attribute-restart [`source`]: #source [`SSLCARevocationCheck`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck [SSL certificate key file]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile [SSL chain]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile [SSL encryption]: https://httpd.apache.org/docs/current/ssl/index.html [`ssl`]: #ssl [`ssl_cert`]: #ssl_cert [`ssl_compression`]: #ssl_compression [`ssl_key`]: #ssl_key [`StartServers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#startservers [suPHP]: http://www.suphp.org/Home.html [`suphp_addhandler`]: #suphp_addhandler [`suphp_configpath`]: #suphp_configpath [`suphp_engine`]: #suphp_engine [supported operating system]: https://forge.puppet.com/supported#puppet-supported-modules-compatibility-matrix [`ThreadLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadlimit [`ThreadsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadsperchild [`TimeOut`]: https://httpd.apache.org/docs/current/mod/core.html#timeout [template]: http://docs.puppet.com/puppet/latest/reference/lang_template.html [`TraceEnable`]: https://httpd.apache.org/docs/current/mod/core.html#traceenable [`UseCanonicalName`]: https://httpd.apache.org/docs/current/mod/core.html#usecanonicalname [`verify_config`]: #verify_config [`vhost`]: #defined-type-apachevhost [`vhost_dir`]: #vhost_dir [`virtual_docroot`]: #virtual_docroot [Web Server Gateway Interface]: https://www.python.org/dev/peps/pep-3333/#abstract [`WSGIRestrictEmbedded`]: http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIRestrictEmbedded.html [`WSGIPythonPath`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonPath.html [`WSGIPythonHome`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonHome.html [`WSGIApplicationGroup`]: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html [`WSGIPythonOptimize`]: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIPythonOptimize.html #### Table of Contents 1. [Module description - What is the apache module, and what does it do?][Module description] 2. [Setup - The basics of getting started with apache][Setup] - [What the apache module affects][apache affects] - [Beginning with Apache - Installation][Beginning with Apache] 3. [Usage - The classes and defined types available for configuration][Usage] - [Configuring virtual hosts - Examples to help get started][Configuring virtual hosts] - [Configuring FastCGI servers to handle PHP files][Configuring FastCGI servers] - [Load balancing with exported and non-exported resources][Load balancing examples] 4. [Reference - An under-the-hood peek at what the module is doing and how][Reference] 5. [Limitations - OS compatibility, etc.][Limitations] 6. [Development - Guide for contributing to the module][Development] - [Contributing to the apache module][Contributing] ## Module description [Apache HTTP Server][] (also called Apache HTTPD, or simply Apache) is a widely used web server. This [Puppet module][] simplifies the task of creating configurations to manage Apache servers in your infrastructure. It can configure and manage a range of virtual host setups and provides a streamlined way to install and configure [Apache modules][]. ## Setup ### What the apache module affects: - Configuration files and directories (created and written to) - **WARNING**: Configurations *not* managed by Puppet will be purged. - Package/service/configuration files for Apache - Apache modules - Virtual hosts - Listened-to ports - `/etc/make.conf` on FreeBSD and Gentoo On Gentoo, this module depends on the [`gentoo/puppet-portage`][] Puppet module. Note that while several options apply or enable certain features and settings for Gentoo, it is not a [supported operating system][] for this module. > **Warning**: This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Apache configuration should be managed by Puppet, as unmanaged configuration files can cause unexpected failures. > >To temporarily disable full Puppet management, set the [`purge_configs`][] parameter in the [`apache`][] class declaration to false. We recommend this only as a temporary means of saving and relocating customized configurations. ### Beginning with Apache To have Puppet install Apache with the default parameters, declare the [`apache`][] class: ``` puppet class { 'apache': } ``` When you declare this class with the default options, the module: - Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system. - Places the required configuration files in a directory, with the [default location](#conf_dir) Depends on operating system. - Configures the server with a default virtual host and standard port ('80') and address ('\*') bindings. - Creates a document root directory Depends on operating system, typically `/var/www`. - Starts the Apache service. Apache defaults depend on your operating system. These defaults work in testing environments but are not suggested for production. We recommend customizing the class's parameters to suit your site. For instance, this declaration installs Apache without the apache module's [default virtual host configuration][Configuring virtual hosts], allowing you to customize all Apache virtual hosts: ``` puppet class { 'apache': default_vhost => false, } ``` > **Note**: When `default_vhost` is set to `false`, you have to add at least one `apache::vhost` resource or Apache will not start. To establish a default virtual host, either set the `default_vhost` in the `apache` class or use the [`apache::vhost`][] defined type. You can also configure additional specific virtual hosts with the [`apache::vhost`][] defined type. ## Usage ### Configuring virtual hosts The default [`apache`][] class sets up a virtual host on port 80, listening on all interfaces and serving the [`docroot`][] parameter's default directory of `/var/www`. To configure basic [name-based virtual hosts][], specify the [`port`][] and [`docroot`][] parameters in the [`apache::vhost`][] defined type: ``` puppet apache::vhost { 'vhost.example.com': port => '80', docroot => '/var/www/vhost', } ``` See the [`apache::vhost`][] defined type's reference for a list of all virtual host parameters. > **Note**: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The [`apache::vhost`][] defined type applies a default [`priority`][] of 25, which Puppet interprets by prefixing the virtual host's file name with `25-`. This means that if multiple sites have the same priority, or if you disable priority numbers by setting the `priority` parameter's value to false, Apache still processes virtual hosts in alphabetical order. To configure user and group ownership for `docroot`, use the [`docroot_owner`][] and [`docroot_group`][] parameters: ``` puppet apache::vhost { 'user.example.com': port => '80', docroot => '/var/www/user', docroot_owner => 'www-data', docroot_group => 'www-data', } ``` #### Configuring virtual hosts with SSL To configure a virtual host to use [SSL encryption][] and default SSL certificates, set the [`ssl`][] parameter. You must also specify the [`port`][] parameter, typically with a value of '443', to accommodate HTTPS requests: ``` puppet apache::vhost { 'ssl.example.com': port => '443', docroot => '/var/www/ssl', ssl => true, } ``` To configure a virtual host to use SSL and specific SSL certificates, use the paths to the certificate and key in the [`ssl_cert`][] and [`ssl_key`][] parameters, respectively: ``` puppet apache::vhost { 'cert.example.com': port => '443', docroot => '/var/www/cert', ssl => true, ssl_cert => '/etc/ssl/fourth.example.com.cert', ssl_key => '/etc/ssl/fourth.example.com.key', } ``` To configure a mix of SSL and unencrypted virtual hosts at the same domain, declare them with separate [`apache::vhost`][] defined types: ``` puppet # The non-ssl virtual host apache::vhost { 'mix.example.com non-ssl': servername => 'mix.example.com', port => '80', docroot => '/var/www/mix', } # The SSL virtual host at the same domain apache::vhost { 'mix.example.com ssl': servername => 'mix.example.com', port => '443', docroot => '/var/www/mix', ssl => true, } ``` To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate [`apache::vhost`][] defined types and redirect unencrypted requests to the virtual host with SSL enabled: ``` puppet apache::vhost { 'redirect.example.com non-ssl': servername => 'redirect.example.com', port => '80', docroot => '/var/www/redirect', redirect_status => 'permanent', redirect_dest => 'https://redirect.example.com/' } apache::vhost { 'redirect.example.com ssl': servername => 'redirect.example.com', port => '443', docroot => '/var/www/redirect', ssl => true, } ``` #### Configuring virtual host port and address bindings Virtual hosts listen on all IP addresses ('\*') by default. To configure the virtual host to listen on a specific IP address, use the [`ip`][] parameter: ``` puppet apache::vhost { 'ip.example.com': ip => '127.0.0.1', port => '80', docroot => '/var/www/ip', } ``` You can also configure more than one IP address per virtual host by using an array of IP addresses for the [`ip`][] parameter: ``` puppet apache::vhost { 'ip.example.com': ip => ['127.0.0.1','169.254.1.1'], port => '80', docroot => '/var/www/ip', } ``` You can configure multiple ports per virtual host by using an array of ports for the [`port`][] parameter: ``` puppet apache::vhost { 'ip.example.com': ip => ['127.0.0.1'], port => ['80','8080'] docroot => '/var/www/ip', } ``` To configure a virtual host with [aliased servers][], refer to the aliases using the [`serveraliases`][] parameter: ``` puppet apache::vhost { 'aliases.example.com': serveraliases => [ 'aliases.example.org', 'aliases.example.net', ], port => '80', docroot => '/var/www/aliases', } ``` To set up a virtual host with a wildcard alias for the subdomain mapped to a directory of the same name, such as 'http://example.com.loc' mapped to `/var/www/example.com`, define the wildcard alias using the [`serveraliases`][] parameter and the document root with the [`virtual_docroot`][] parameter: ``` puppet apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', virtual_docroot => '/var/www/%-2+', docroot => '/var/www', serveraliases => ['*.loc',], } ``` To configure a virtual host with [filter rules][], pass the filter directives as an [array][] using the [`filters`][] parameter: ``` puppet apache::vhost { 'subdomain.loc': port => '80', filters => [ 'FilterDeclare COMPRESS', 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', 'FilterChain COMPRESS', 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', ], docroot => '/var/www/html', } ``` #### Configuring virtual hosts for apps and processors To set up a virtual host with [suPHP][], use the following parameters: * [`suphp_engine`][], to enable the suPHP engine. * [`suphp_addhandler`][], to define a MIME type. * [`suphp_configpath`][], to set which path suPHP passes to the PHP interpreter. * [`directory`][], to configure Directory, File, and Location directive blocks. For example: ``` puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', suphp_addhandler => 'x-httpd-php', suphp_engine => 'on', suphp_configpath => '/etc/php5/apache2', directories => [ { 'path' => '/home/appuser/myphpapp', 'suphp' => { user => 'myappuser', group => 'myappgroup', }, }, ], } ``` To configure a virtual host to use the [Web Server Gateway Interface][] (WSGI) for [Python][] applications, use the `wsgi` set of parameters: ``` puppet apache::vhost { 'wsgi.example.com': port => '80', docroot => '/var/www/pythonapp', wsgi_application_group => '%{GLOBAL}', wsgi_daemon_process => 'wsgi', wsgi_daemon_process_options => { processes => '2', threads => '15', display-name => '%{GROUP}', }, wsgi_import_script => '/var/www/demo.wsgi', wsgi_import_script_options => { process-group => 'wsgi', application-group => '%{GLOBAL}', }, wsgi_process_group => 'wsgi', wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, } ``` As of Apache 2.2.16, Apache supports [FallbackResource][], a simple replacement for common RewriteRules. You can set a FallbackResource using the [`fallbackresource`][] parameter: ``` puppet apache::vhost { 'wordpress.example.com': port => '80', docroot => '/var/www/wordpress', fallbackresource => '/index.php', } ``` > **Note**: The `fallbackresource` parameter only supports the 'disabled' value since Apache 2.2.24. To configure a virtual host with a designated directory for [Common Gateway Interface][] (CGI) files, use the [`scriptalias`][] parameter to define the `cgi-bin` path: ``` puppet apache::vhost { 'cgi.example.com': port => '80', docroot => '/var/www/cgi', scriptalias => '/usr/lib/cgi-bin', } ``` To configure a virtual host for [Rack][], use the [`rack_base_uris`][] parameter: ``` puppet apache::vhost { 'rack.example.com': port => '80', docroot => '/var/www/rack', rack_base_uris => ['/rackapp1', '/rackapp2'], } ``` #### Configuring IP-based virtual hosts You can configure [IP-based virtual hosts][] to listen on any port and have them respond to requests on specific IP addresses. In this example, the server listens on ports 80 and 81, because the example virtual hosts are _not_ declared with a [`port`][] parameter: ``` puppet apache::listen { '80': } apache::listen { '81': } ``` Configure the IP-based virtual hosts with the [`ip_based`][] parameter: ``` puppet apache::vhost { 'first.example.com': ip => '10.0.0.10', docroot => '/var/www/first', ip_based => true, } apache::vhost { 'second.example.com': ip => '10.0.0.11', docroot => '/var/www/second', ip_based => true, } ``` You can also configure a mix of IP- and [name-based virtual hosts][] in any combination of [SSL][SSL encryption] and unencrypted configurations. In this example, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted: ``` puppet apache::vhost { 'The first IP-based virtual host, non-ssl': servername => 'first.example.com', ip => '10.0.0.10', port => '80', ip_based => true, docroot => '/var/www/first', } apache::vhost { 'The first IP-based vhost, ssl': servername => 'first.example.com', ip => '10.0.0.10', port => '443', ip_based => true, docroot => '/var/www/first-ssl', ssl => true, } ``` Next, we add two name-based virtual hosts listening on a second IP address (10.0.0.20): ``` puppet apache::vhost { 'second.example.com': ip => '10.0.0.20', port => '80', docroot => '/var/www/second', } apache::vhost { 'third.example.com': ip => '10.0.0.20', port => '80', docroot => '/var/www/third', } ``` To add name-based virtual hosts that answer on either 10.0.0.10 or 10.0.0.20, you **must** disable the Apache default `Listen 80`, as it conflicts with the preceding IP-based virtual hosts. To do this, set the [`add_listen`][] parameter to `false`: ``` puppet apache::vhost { 'fourth.example.com': port => '80', docroot => '/var/www/fourth', add_listen => false, } apache::vhost { 'fifth.example.com': port => '80', docroot => '/var/www/fifth', add_listen => false, } ``` ### Installing Apache modules There are two ways to install [Apache modules][] using the Puppet apache module: - Use the [`apache::mod::`][] classes to [install specific Apache modules with parameters][Installing specific modules]. - Use the [`apache::mod`][] defined type to [install arbitrary Apache modules][Installing arbitrary modules]. #### Installing specific modules The Puppet apache module supports installing many common [Apache modules][], often with parameterized configuration options. For a list of supported Apache modules, see the [`apache::mod::`][] class references. For example, you can install the `mod_ssl` Apache module with default settings by declaring the [`apache::mod::ssl`][] class: ``` puppet class { 'apache::mod::ssl': } ``` [`apache::mod::ssl`][] has several parameterized options that you can set when declaring it. For instance, to enable `mod_ssl` with compression enabled, set the [`ssl_compression`][] parameter to true: ``` puppet class { 'apache::mod::ssl': ssl_compression => true, } ``` Note that some modules have prerequisites, which are documented in their references under [`apache::mod::`][]. #### Installing arbitrary modules You can pass the name of any module that your operating system's package manager can install to the [`apache::mod`][] defined type to install it. Unlike the specific-module classes, the [`apache::mod`][] defined type doesn't tailor the installation based on other installed modules or with specific parameters---Puppet only grabs and installs the module's package, leaving detailed configuration up to you. For example, to install the [`mod_authnz_external`][] Apache module, declare the defined type with the 'mod_authnz_external' name: ``` puppet apache::mod { 'mod_authnz_external': } ``` There are several optional parameters you can specify when defining Apache modules this way. See the [defined type's reference][`apache::mod`] for details. ### Configuring FastCGI servers to handle PHP files #### FastCGI on Ubuntu 18.04 On Ubuntu 18.04, `mod_fastcgi` is no longer supported. So considering: * an Apache Vhost with docroot set to `/var/www/html` * a FastCGI server listening on `127.0.0.1:9000` you can then use the [`custom_fragment`][] parameter to configure the virtual host to have the FastCGI server handle the specified file type: ``` puppet apache::vhost { 'www': ... docroot => '/var/www/html/', custom_fragment => 'ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1', ... } ``` Please note you have to adjust the second ProxyPassMatch parameter to you docroot value (here `/var/www/html/`). #### Other OSes Add the [`apache::fastcgi::server`][] defined type to allow [FastCGI][] servers to handle requests for specific files. For example, the following defines a FastCGI server at 127.0.0.1 (localhost) on port 9000 to handle PHP requests: ``` puppet apache::fastcgi::server { 'php': host => '127.0.0.1:9000', timeout => 15, flush => false, faux_path => '/var/www/php.fcgi', fcgi_alias => '/php.fcgi', file_type => 'application/x-httpd-php' } ``` You can then use the [`custom_fragment`][] parameter to configure the virtual host to have the FastCGI server handle the specified file type: ``` puppet apache::vhost { 'www': ... custom_fragment => 'AddType application/x-httpd-php .php' ... } ``` ### Load balancing examples Apache supports load balancing across groups of servers through the [`mod_proxy`][] Apache module. Puppet supports configuring Apache load balancing groups (also known as balancer clusters) through the [`apache::balancer`][] and [`apache::balancermember`][] defined types. To enable load balancing with [exported resources][], export the [`apache::balancermember`][] defined type from the load balancer member server: ``` puppet @@apache::balancermember { "${::fqdn}-puppet00": balancer_cluster => 'puppet00', url => "ajp://${::fqdn}:8009", options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], } ``` Then, on the proxy server, create the load balancing group: ``` puppet apache::balancer { 'puppet00': } ``` To enable load balancing without exporting resources, declare the following on the proxy server: ``` puppet apache::balancer { 'puppet00': } apache::balancermember { "${::fqdn}-puppet00": balancer_cluster => 'puppet00', url => "ajp://${::fqdn}:8009", options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], } ``` Then declare the `apache::balancer` and `apache::balancermember` defined types on the proxy server. To use the [ProxySet](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) directive on the balancer, use the [`proxy_set`](#proxy_set) parameter of `apache::balancer`: ``` puppet apache::balancer { 'puppet01': proxy_set => { 'stickysession' => 'JSESSIONID', 'lbmethod' => 'bytraffic', }, } ``` Load balancing scheduler algorithms (`lbmethod`) are listed [in mod_proxy_balancer documentation](https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html). ## Reference -For information on classes, types and functions see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-apache/blob/master/REFERENCE.md) +For information on classes, types and functions see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-apache/blob/main/REFERENCE.md) ### Templates The Apache module relies heavily on templates to enable the [`apache::vhost`][] and [`apache::mod`][] defined types. These templates are built based on [Facter][] facts that are specific to your operating system. Unless explicitly called out, most templates are not meant for configuration. ### Tasks The Apache module has a task that allows a user to reload the Apache config without restarting the service. Please refer to to the [PE documentation](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html) or [Bolt documentation](https://puppet.com/docs/bolt/latest/bolt.html) on how to execute a task. ## Limitations -For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-apache/blob/master/metadata.json) +For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-apache/blob/main/metadata.json) ### FreeBSD In order to use this module on FreeBSD, you _must_ use apache24-2.4.12 (www/apache24) or newer. ### Gentoo On Gentoo, this module depends on the [`gentoo/puppet-portage`][] Puppet module. Although several options apply or enable certain features and settings for Gentoo, it is not a [supported operating system][] for this module. ### RHEL/CentOS The [`apache::mod::auth_cas`][], [`apache::mod::passenger`][], [`apache::mod::proxy_html`][] and [`apache::mod::shib`][] classes are not functional on RH/CentOS without providing dependency packages from extra repositories. See their respective documentation below for related repositories and packages. #### RHEL/CentOS 5 The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested because repositories are missing compatible packages. #### RHEL/CentOS 6 The [`apache::mod::passenger`][] class is not installing, because the the EL6 repository is missing compatible packages. #### RHEL/CentOS 7 The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested because the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] defined type's [`rack_base_uris`][] parameter. ### SELinux and custom paths If [SELinux][] is in [enforcing mode][] and you want to use custom paths for `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you need to manage the files' context yourself. You can do this with Puppet: ``` puppet exec { 'set_apache_defaults': command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"', path => '/bin:/usr/bin/:/sbin:/usr/sbin', require => Package['policycoreutils-python'], } package { 'policycoreutils-python': ensure => installed, } exec { 'restorecon_apache': command => 'restorecon -Rv /apache_spec', path => '/bin:/usr/bin/:/sbin:/usr/sbin', before => Class['Apache::Service'], require => Class['apache'], } class { 'apache': } host { 'test.server': ip => '127.0.0.1', } file { '/custom/path': ensure => directory, } file { '/custom/path/include': ensure => present, content => '#additional_includes', } apache::vhost { 'test.server': docroot => '/custom/path', additional_includes => '/custom/path/include', } ``` You must set the contexts using `semanage fcontext` instead of `chcon` because Puppet's `file` resources reset the values' context in the database if the resource doesn't specify it. ### Ubuntu 10.04 The [`apache::vhost::WSGIImportScript`][] parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring. ### Ubuntu 16.04 The [`apache::mod::suphp`][] class is untested since repositories are missing compatible packages. ## Development ### Testing To run the unit tests, install the necessary gems: ``` bundle install ``` And then execute the command: ``` bundle exec rake parallel_spec ``` To check the code coverage, run: ``` COVERAGE=yes bundle exec rake parallel_spec ``` Acceptance tests for this module leverage [puppet_litmus](https://github.com/puppetlabs/puppet_litmus). To run the acceptance tests follow the instructions [here](https://github.com/puppetlabs/puppet_litmus/wiki/Tutorial:-use-Litmus-to-execute-acceptance-tests-with-a-sample-module-(MoTD)#install-the-necessary-gems-for-the-module). You can also find a tutorial and walkthrough of using Litmus and the PDK on [YouTube](https://www.youtube.com/watch?v=FYfR7ZEGHoE). ### Development Support If you run into an issue with this module, or if you would like to request a feature, please [file a ticket](https://tickets.puppetlabs.com/browse/MODULES/). Every Monday the Puppet IA Content Team has [office hours](https://puppet.com/community/office-hours) in the [Puppet Community Slack](http://slack.puppet.com/), alternating between an EMEA friendly time (1300 UTC) and an Americas friendly time (0900 Pacific, 1700 UTC). If you have problems getting this module up and running, please [contact Support](http://puppetlabs.com/services/customer-support). If you submit a change to this module, be sure to regenerate the reference documentation as follows: ```bash puppet strings generate --format markdown --out REFERENCE.md ``` ### Apache MOD Test & Support Lifecycle #### Adding Support for a new Apache MOD Support for new [Apache Modules] can be added under the [`apache::mod`] namespace. Acceptance tests should be added for each new [Apache Module][Apache Modules] added. Ideally, the acceptance tests should run on all compatible platforms that this module is supported on (see `metdata.json`), however there are cases when a more niche module is difficult to set up and install on a particular Linux distro. This could be for one or more of the following reasons: - Package not available in default repositories of distro - Package dependencies not available in default repositories of distro - Package (and/or its dependencies) are only available in a specific version of an OS In these cases, it is possible to exclude a module from a test platform using a specific tag, defined above the class declaration: ```puppet # @note Unsupported platforms: OS: ver, ver; OS: ver, ver, ver; OS: all class apache::mod::foobar { ... } ``` For example: ```puppet # @note Unsupported platforms: RedHat: 5, 6; Ubuntu: 14.04; SLES: all; Scientific: 11 SP1 class apache::mod::actions { ... } ``` Please be aware of the following format guidelines for the tag: - All OS/Version declarations must be preceded with `@note Unsupported platforms:` - The tag must be declared ABOVE the class declaration (i.e. not as footer at the bottom of the file) - Each OS/Version declaration must be separated by semicolons (`;`) - Each version must be separated by a comma (`,`) - Versions CANNOT be declared in ranges (e.g. `RedHat:5-7`), they should be explicitly declared (e.g. `RedHat:5,6,7`) - However, to declare all versions of an OS as unsupported, use the word `all` (e.g. `SLES:all`) - OSs with word characters as part of their versions are acceptable (e.g. `Scientific: 11 SP1, 11 SP2, 12, 13`) - Spaces are permitted between OS/Version declarations and version numbers within a declaration - Refer to the `operatingsystem_support` values in the `metadata.json` to find the acceptable OS name and version syntax: - E.g. `OracleLinux` OR `oraclelinux`, not: `Oracle` or `OraLinux` - E.g. `RedHat` OR `redhat`, not: `Red Hat Enterprise Linux`, `RHEL`, or `Red Hat` If the tag is incorrectly formatted, a warning will be printed out at the end of the test run, indicating what tag(s) could not be parsed. This will not halt the execution of other tests. Once the class is tagged, it is possible to exclude a test for that particular [Apache MOD][Apache Modules] using RSpec's filtering and a helper method: ```ruby describe 'auth_oidc', if: mod_supported_on_platform('apache::mod::auth_openidc') do ``` The `mod_supported_on_platform` helper method takes the [Apache Module][Apache Modules] class definition as defined in the manifests under `manifest/mod`. This functionality can be disabled by setting the `DISABLE_MOD_TEST_EXCLUSION` environment variable. When set, all exclusions will be ignored. #### Test Support Lifecycle The puppetlabs-apache module supports a large number of compatible platforms and [Apache Modules][Apache modules]. As a result, Apache Module tests can fail because a package or package dependency has been removed from a Linux distribution repository. The [IAC Team][IAC Team] will try to resolve these issues and keep instructions updated, but due to limited resources this won’t always be possible. In these cases, we will exclude test(s) from certain platforms. As always, we welcome help from our community members, and the IAC team is here to assist and answer questions. diff --git a/REFERENCE.md b/REFERENCE.md index d82e2d85..19d0bdb6 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1,9584 +1,9584 @@ # Reference ## Table of Contents **Classes** _Public Classes_ * [`apache`](#apache): Guides the basic setup and installation of Apache on your system. * [`apache::dev`](#apachedev): Installs Apache development libraries. * [`apache::mod::actions`](#apachemodactions): Installs Apache mod_actions * [`apache::mod::alias`](#apachemodalias): Installs and configures `mod_alias`. * [`apache::mod::auth_basic`](#apachemodauth_basic): Installs `mod_auth_basic` * [`apache::mod::auth_cas`](#apachemodauth_cas): Installs and configures `mod_auth_cas`. * [`apache::mod::auth_gssapi`](#apachemodauth_gssapi): Installs `mod_auth_gsappi`. * [`apache::mod::auth_kerb`](#apachemodauth_kerb): Installs `mod_auth_kerb` * [`apache::mod::auth_mellon`](#apachemodauth_mellon): Installs and configures `mod_auth_mellon`. * [`apache::mod::authn_core`](#apachemodauthn_core): Installs `mod_authn_core`. * [`apache::mod::authn_dbd`](#apachemodauthn_dbd): Installs `mod_authn_dbd`. * [`apache::mod::authn_file`](#apachemodauthn_file): Installs `mod_authn_file`. * [`apache::mod::authnz_ldap`](#apachemodauthnz_ldap): Installs `mod_authnz_ldap`. * [`apache::mod::authnz_pam`](#apachemodauthnz_pam): Installs `mod_authnz_pam`. * [`apache::mod::authz_default`](#apachemodauthz_default): Installs and configures `mod_authz_default`. * [`apache::mod::authz_user`](#apachemodauthz_user): Installs `mod_authz_user` * [`apache::mod::autoindex`](#apachemodautoindex): Installs `mod_autoindex` * [`apache::mod::cache`](#apachemodcache): Installs `mod_cache` * [`apache::mod::cgi`](#apachemodcgi): Installs `mod_cgi`. * [`apache::mod::cgid`](#apachemodcgid): Installs `mod_cgid`. * [`apache::mod::cluster`](#apachemodcluster): Installs `mod_cluster`. * [`apache::mod::data`](#apachemoddata): Installs and configures `mod_data`. * [`apache::mod::dav`](#apachemoddav): Installs `mod_dav`. * [`apache::mod::dav_fs`](#apachemoddav_fs): Installs `mod_dav_fs`. * [`apache::mod::dav_svn`](#apachemoddav_svn): Installs and configures `mod_dav_svn`. * [`apache::mod::dbd`](#apachemoddbd): Installs `mod_dbd`. * [`apache::mod::deflate`](#apachemoddeflate): Installs and configures `mod_deflate`. * [`apache::mod::dev`](#apachemoddev): Installs `mod_dev`. * [`apache::mod::dir`](#apachemoddir): Installs and configures `mod_dir`. * [`apache::mod::disk_cache`](#apachemoddisk_cache): Installs and configures `mod_disk_cache`. * [`apache::mod::dumpio`](#apachemoddumpio): Installs and configures `mod_dumpio`. * [`apache::mod::env`](#apachemodenv): Installs `mod_env`. * [`apache::mod::event`](#apachemodevent): Installs and configures `mod_event`. * [`apache::mod::expires`](#apachemodexpires): Installs and configures `mod_expires`. * [`apache::mod::ext_filter`](#apachemodext_filter): Installs and configures `mod_ext_filter`. * [`apache::mod::fastcgi`](#apachemodfastcgi): Installs `mod_fastcgi`. * [`apache::mod::fcgid`](#apachemodfcgid): Installs and configures `mod_fcgid`. * [`apache::mod::filter`](#apachemodfilter): Installs `mod_filter`. * [`apache::mod::geoip`](#apachemodgeoip): Installs and configures `mod_geoip`. * [`apache::mod::headers`](#apachemodheaders): Installs and configures `mod_headers`. * [`apache::mod::http2`](#apachemodhttp2): Installs and configures `mod_http2`. * [`apache::mod::include`](#apachemodinclude): Installs `mod_include`. * [`apache::mod::info`](#apachemodinfo): Installs and configures `mod_info`. * [`apache::mod::intercept_form_submit`](#apachemodintercept_form_submit): Installs `mod_intercept_form_submit`. * [`apache::mod::itk`](#apachemoditk): Installs MPM `mod_itk`. * [`apache::mod::jk`](#apachemodjk): Installs `mod_jk`. * [`apache::mod::ldap`](#apachemodldap): Installs and configures `mod_ldap`. * [`apache::mod::lookup_identity`](#apachemodlookup_identity): Installs `mod_lookup_identity` * [`apache::mod::macro`](#apachemodmacro): Installs `mod_macro`. * [`apache::mod::mime`](#apachemodmime): Installs and configures `mod_mime`. * [`apache::mod::mime_magic`](#apachemodmime_magic): Installs and configures `mod_mime_magic`. * [`apache::mod::negotiation`](#apachemodnegotiation): Installs and configures `mod_negotiation`. * [`apache::mod::nss`](#apachemodnss): Installs and configures `mod_nss`. * [`apache::mod::pagespeed`](#apachemodpagespeed): Installs and configures `mod_pagespeed`. * [`apache::mod::passenger`](#apachemodpassenger): Installs `mod_pasenger`. * [`apache::mod::perl`](#apachemodperl): Installs `mod_perl`. * [`apache::mod::peruser`](#apachemodperuser): Installs `mod_peruser`. * [`apache::mod::php`](#apachemodphp): Installs `mod_php`. * [`apache::mod::prefork`](#apachemodprefork): Installs and configures MPM `prefork`. * [`apache::mod::proxy`](#apachemodproxy): Installs and configures `mod_proxy`. * [`apache::mod::proxy_ajp`](#apachemodproxy_ajp): Installs `mod_proxy_ajp`. * [`apache::mod::proxy_balancer`](#apachemodproxy_balancer): Installs and configures `mod_proxy_balancer`. * [`apache::mod::proxy_connect`](#apachemodproxy_connect): Installs `mod_proxy_connect`. * [`apache::mod::proxy_fcgi`](#apachemodproxy_fcgi): Installs `mod_proxy_fcgi`. * [`apache::mod::proxy_html`](#apachemodproxy_html): Installs `mod_proxy_html`. * [`apache::mod::proxy_http`](#apachemodproxy_http): Installs `mod_proxy_http`. * [`apache::mod::proxy_wstunnel`](#apachemodproxy_wstunnel): Installs `mod_proxy_wstunnel`. * [`apache::mod::python`](#apachemodpython): Installs and configures `mod_python`. * [`apache::mod::remoteip`](#apachemodremoteip): Installs and configures `mod_remoteip`. * [`apache::mod::reqtimeout`](#apachemodreqtimeout): Installs and configures `mod_reqtimeout`. * [`apache::mod::rewrite`](#apachemodrewrite): Installs `mod_rewrite`. * [`apache::mod::rpaf`](#apachemodrpaf): Installs and configures `mod_rpaf`. * [`apache::mod::security`](#apachemodsecurity): Installs and configures `mod_security`. * [`apache::mod::setenvif`](#apachemodsetenvif): Installs `mod_setenvif`. * [`apache::mod::shib`](#apachemodshib): Installs and configures `mod_shib`. * [`apache::mod::socache_shmcb`](#apachemodsocache_shmcb): Installs `mod_socache_shmcb`. * [`apache::mod::speling`](#apachemodspeling): Installs `mod_spelling`. * [`apache::mod::ssl`](#apachemodssl): Installs `mod_ssl`. * [`apache::mod::status`](#apachemodstatus): Installs and configures `mod_status`. * [`apache::mod::suexec`](#apachemodsuexec): Installs `mod_suexec`. * [`apache::mod::suphp`](#apachemodsuphp): Installs `mod_suphp`. * [`apache::mod::userdir`](#apachemoduserdir): Installs and configures `mod_userdir`. * [`apache::mod::version`](#apachemodversion): Installs `mod_version`. * [`apache::mod::vhost_alias`](#apachemodvhost_alias): Installs Apache `mod_vhost_alias`. * [`apache::mod::worker`](#apachemodworker): Installs and manages the MPM `worker`. * [`apache::mod::wsgi`](#apachemodwsgi): Installs and configures `mod_wsgi`. * [`apache::mod::xsendfile`](#apachemodxsendfile): Installs `mod_xsendfile`. * [`apache::mpm::disable_mpm_event`](#apachempmdisable_mpm_event): * [`apache::mpm::disable_mpm_prefork`](#apachempmdisable_mpm_prefork): * [`apache::mpm::disable_mpm_worker`](#apachempmdisable_mpm_worker): * [`apache::vhosts`](#apachevhosts): Creates `apache::vhost` defined types. _Private Classes_ * `apache::confd::no_accf`: Manages the `no-accf.conf` file. * `apache::default_confd_files`: Helper for setting up default conf.d files. * `apache::default_mods`: Installs and congfigures default mods for Apache * `apache::package`: Installs an Apache MPM. * `apache::params`: This class manages Apache parameters * `apache::php`: This class installs PHP for Apache. * `apache::proxy`: This class enabled the proxy module for Apache. * `apache::python`: This class installs Python for Apache * `apache::service`: Installs and configures Apache service. * `apache::ssl`: This class installs Apache SSL capabilities * `apache::version`: Try to automatically detect the version by OS **Defined types** _Public Defined types_ * [`apache::balancer`](#apachebalancer): This type will create an apache balancer cluster file inside the conf.d directory. * [`apache::balancermember`](#apachebalancermember): Defines members of `mod_proxy_balancer` * [`apache::custom_config`](#apachecustom_config): Adds a custom configuration file to the Apache server's `conf.d` directory. * [`apache::fastcgi::server`](#apachefastcgiserver): Defines one or more external FastCGI servers to handle specific file types. Use this defined type with `mod_fastcgi`. * [`apache::listen`](#apachelisten): Adds `Listen` directives to `ports.conf` that define the Apache server's or a virtual host's listening address and port. * [`apache::mod`](#apachemod): Installs packages for an Apache module that doesn't have a corresponding `apache::mod::` class. * [`apache::namevirtualhost`](#apachenamevirtualhost): Enables name-based virtual hosts * [`apache::vhost`](#apachevhost): Allows specialised configurations for virtual hosts that possess requirements outside of the defaults. * [`apache::vhost::custom`](#apachevhostcustom): A wrapper around the `apache::custom_config` defined type. * [`apache::vhost::fragment`](#apachevhostfragment): Define a fragment within a vhost _Private Defined types_ * `apache::default_mods::load`: Helper used by `apache::default_mods` * `apache::mpm`: Enables the use of Apache MPMs. * `apache::peruser::multiplexer`: Checks if an Apache module has a class. * `apache::peruser::processor`: Enables the `Peruser` module for FreeBSD only. * `apache::security::rule_link`: Links the activated_rules from `apache::mod::security` to the respective CRS rules on disk. **Resource types** * [`a2mod`](#a2mod): Manage Apache 2 modules **Functions** * [`apache::apache_pw_hash`](#apacheapache_pw_hash): Hashes a password in a format suitable for htpasswd files read by apache. * [`apache::bool2httpd`](#apachebool2httpd): Transform a supposed boolean to On or Off. Passes all other values through. * [`apache::validate_apache_log_level`](#apachevalidate_apache_log_level): Perform simple validation of a string against the list of known log levels. * [`apache_pw_hash`](#apache_pw_hash): Hashes a password in a format suitable for htpasswd files read by apache. * [`bool2httpd`](#bool2httpd): Transform a supposed boolean to On or Off. Pass all other values through. * [`validate_apache_log_level`](#validate_apache_log_level): Perform simple validation of a string against the list of known log levels. **Tasks** * [`init`](#init): Allows you to perform apache service functions ## Classes ### apache When this class is declared with the default options, Puppet: - Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system. - Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system. - Configures the server with a default virtual host and standard port (`80`) and address (`\*`) bindings. - Creates a document root directory determined by your operating system, typically `/var/www`. - Starts the Apache service. If an ldaps:// URL is specified, the mode becomes SSL and the setting of LDAPTrustedMode is ignored. #### Examples ##### ```puppet class { 'apache': } ``` #### Parameters The following parameters are available in the `apache` class. ##### `allow_encoded_slashes` Data type: `Optional[Enum['on', 'off', 'nodecode']]` Sets the server default for the `AllowEncodedSlashes` declaration, which modifies the responses to URLs containing '\' and '/' characters. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'. Default value: `undef` ##### `apache_version` Data type: `Any` Configures module template behavior, package names, and default Apache modules by defining the version of Apache to use. We do not recommend manually configuring this parameter without reason. Default value: $::apache::version::default ##### `conf_dir` Data type: `Any` Sets the directory where the Apache server's main configuration file is located. Default value: $::apache::params::conf_dir ##### `conf_template` Data type: `Any` Defines the template used for the main Apache configuration file. Modifying this parameter is potentially risky, as the apache module is designed to use a minimal configuration file customized by `conf.d` entries. Default value: $::apache::params::conf_template ##### `confd_dir` Data type: `Any` Sets the location of the Apache server's custom configuration directory. Default value: $::apache::params::confd_dir ##### `default_charset` Data type: `Any` Used as the `AddDefaultCharset` directive in the main configuration file. Default value: `undef` ##### `default_confd_files` Data type: `Boolean` Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the `confd_dir` parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system. Default value: `true` ##### `default_mods` Data type: `Any` Determines whether to configure and enable a set of default Apache modules depending on your operating system.
If `false`, Puppet includes only the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the `apache::mod::` class or `apache::mod` defined type.
If `true`, Puppet installs additional modules, depending on the operating system and the values of `apache_version` and `mpm_module` parameters. Because these lists of modules can change frequently, consult the Puppet module's code for up-to-date lists.
If this parameter contains an array, Puppet instead enables all passed Apache modules. Default value: `true` ##### `default_ssl_ca` Data type: `Any` Sets the default certificate authority for the Apache server.
Although the default value results in a functioning Apache server, you **must** update this parameter with your certificate authority information before deploying this server in a production environment. Default value: `undef` ##### `default_ssl_cert` Data type: `Any` Sets the SSL encryption certificate location.
Although the default value results in a functioning Apache server, you **must** update this parameter with your certificate location before deploying this server in a production environment. Default value: $::apache::params::default_ssl_cert ##### `default_ssl_chain` Data type: `Any` Sets the default SSL chain location.
Although this default value results in a functioning Apache server, you **must** update this parameter with your SSL chain before deploying this server in a production environment. Default value: `undef` ##### `default_ssl_crl` Data type: `Any` Sets the path of the default certificate revocation list (CRL) file to use.
Although this default value results in a functioning Apache server, you **must** update this parameter with the CRL file path before deploying this server in a production environment. You can use this parameter with or in place of the `default_ssl_crl_path`. Default value: `undef` ##### `default_ssl_crl_path` Data type: `Any` Sets the server's certificate revocation list path, which contains your CRLs.
Although this default value results in a functioning Apache server, you **must** update this parameter with the CRL file path before deploying this server in a production environment. Default value: `undef` ##### `default_ssl_crl_check` Data type: `Any` Sets the default certificate revocation check level via the `SSLCARevocationCheck` directive. This parameter applies only to Apache 2.4 or higher and is ignored on older versions.
Although this default value results in a functioning Apache server, you **must** specify this parameter when using certificate revocation lists in a production environment. Default value: `undef` ##### `default_ssl_key` Data type: `Any` Sets the SSL certificate key file location. Although the default values result in a functioning Apache server, you **must** update this parameter with your SSL key's location before deploying this server in a production environment. Default value: $::apache::params::default_ssl_key ##### `default_ssl_vhost` Data type: `Boolean` Configures a default SSL virtual host. If `true`, Puppet automatically configures the following virtual host using the `apache::vhost` defined type: ```puppet apache::vhost { 'default-ssl': port => 443, ssl => true, docroot => $docroot, scriptalias => $scriptalias, serveradmin => $serveradmin, access_log_file => "ssl_${access_log_file}", } ``` **Note**: SSL virtual hosts only respond to HTTPS queries. Default value: `false` ##### `default_type` Data type: `Any` _Apache 2.2 only_. Sets the MIME `content-type` sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer, and is only for backwards compatibility in configuration files. Default value: 'none' ##### `default_vhost` Data type: `Boolean` Configures a default virtual host when the class is declared.
To configure customized virtual hosts, set this parameter's value to `false`.
> **Note**: Apache will not start without at least one virtual host. If you set this to `false` you must configure a virtual host elsewhere. Default value: `true` ##### `dev_packages` Data type: `Any` Configures a specific dev package to use.
For example, using httpd 2.4 from the IUS yum repo:
``` puppet include ::apache::dev class { 'apache': apache_name => 'httpd24u', dev_packages => 'httpd24u-devel', } ``` Default value: $::apache::params::dev_packages ##### `docroot` Data type: `Any` Sets the default `DocumentRoot` location. Default value: $::apache::params::docroot ##### `error_documents` Data type: `Any` Determines whether to enable [custom error documents](https://httpd.apache.org/docs/current/custom-error.html) on the Apache server. Default value: `false` ##### `group` Data type: `Any` Sets the group ID that owns any Apache processes spawned to answer requests.
By default, Puppet attempts to manage this group as a resource under the `apache` class, determining the group based on the operating system as detected by the `apache::params` class. To prevent the group resource from being created and use a group created by another Puppet module, set the `manage_group` parameter's value to `false`.
> **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process. Default value: $::apache::params::group ##### `httpd_dir` Data type: `Any` Sets the Apache server's base configuration directory. This is useful for specially repackaged Apache server builds but might have unintended consequences when combined with the default distribution packages. Default value: $::apache::params::httpd_dir ##### `http_protocol_options` Data type: `Any` Specifies the strictness of HTTP protocol checks.
Valid options: any sequence of the following alternative values: `Strict` or `Unsafe`, `RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`. Default value: $::apache::params::http_protocol_options ##### `keepalive` Data type: `Any` Determines whether to enable persistent HTTP connections with the `KeepAlive` directive. If you set this to `On`, use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options.
Default value: $::apache::params::keepalive ##### `keepalive_timeout` Data type: `Any` Sets the `KeepAliveTimeout` directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. This parameter is only relevant if the `keepalive` parameter is enabled. Default value: $::apache::params::keepalive_timeout ##### `max_keepalive_requests` Data type: `Any` Limits the number of requests allowed per connection when the `keepalive` parameter is enabled. Default value: $::apache::params::max_keepalive_requests ##### `hostname_lookups` Data type: `Enum['Off', 'On', 'Double', 'off', 'on', 'double']` This directive enables DNS lookups so that host names can be logged and passed to CGIs/SSIs in REMOTE_HOST.
> **Note**: If enabled, it impacts performance significantly. Default value: $::apache::params::hostname_lookups ##### `ldap_trusted_mode` Data type: `Any` The following modes are supported: NONE - no encryption SSL - ldaps:// encryption on default port 636 TLS - STARTTLS encryption on default port 389 Not all LDAP toolkits support all the above modes. An error message will be logged at runtime if a mode is not supported, and the connection to the LDAP server will fail. Default value: `undef` ##### `ldap_verify_server_cert` Data type: `Any` Specifies whether to force the verification of a server certificate when establishing an SSL connection to the LDAP server. On|Off Default value: `undef` ##### `lib_path` Data type: `Any` Specifies the location whereApache module files are stored.
> **Note**: Do not configure this parameter manually without special reason. Default value: $::apache::params::lib_path ##### `log_level` Data type: `Any` Changes the error log's verbosity. Valid options are: `alert`, `crit`, `debug`, `emerg`, `error`, `info`, `notice` and `warn`. Default value: $::apache::params::log_level ##### `log_formats` Data type: `Any` Define additional `LogFormat` directives. Values: A hash, such as: ``` puppet $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } ``` There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates: ``` httpd LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded ``` If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition. Default value: {} ##### `logroot` Data type: `Any` Changes the directory of Apache log files for the virtual host. Default value: $::apache::params::logroot ##### `logroot_mode` Data type: `Any` Overrides the default `logroot` directory's mode.
> **Note**: Do _not_ grant write access to the directory where the logs are stored without being aware of the consequences. See the [Apache documentation](https://httpd.apache.org/docs/current/logs.html#security) for details. Default value: $::apache::params::logroot_mode ##### `manage_group` Data type: `Boolean` When `false`, stops Puppet from creating the group resource.
If you have a group created from another Puppet module that you want to use to run Apache, set this to `false`. Without this parameter, attempting to use a previously established group results in a duplicate resource error. Default value: `true` ##### `supplementary_groups` Data type: `Any` A list of groups to which the user belongs. These groups are in addition to the primary group.
Notice: This option only has an effect when `manage_user` is set to true. Default value: [] ##### `manage_user` Data type: `Boolean` When `false`, stops Puppet from creating the user resource.
This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. Default value: `true` ##### `mod_dir` Data type: `Any` Sets where Puppet places configuration files for your Apache modules. Default value: $::apache::params::mod_dir ##### `mod_libs` Data type: `Any` Allows the user to override default module library names. ```puppet include apache::params class { 'apache': mod_libs => merge($::apache::params::mod_libs, { 'wsgi' => 'mod_wsgi_python3.so', }) } ``` Default value: $::apache::params::mod_libs ##### `mod_packages` Data type: `Any` Allows the user to override default module package names. ```puppet include apache::params class { 'apache': mod_packages => merge($::apache::params::mod_packages, { 'auth_kerb' => 'httpd24-mod_auth_kerb', }) } ``` Default value: $::apache::params::mod_packages ##### `mpm_module` Data type: `Any` Determines which [multi-processing module](https://httpd.apache.org/docs/current/mpm.html) (MPM) is loaded and configured for the HTTPD process. Valid values are: `event`, `itk`, `peruser`, `prefork`, `worker` or `false`.
You must set this to `false` to explicitly declare the following classes with custom parameters: - `apache::mod::event` - `apache::mod::itk` - `apache::mod::peruser` - `apache::mod::prefork` - `apache::mod::worker` Default value: $::apache::params::mpm_module ##### `package_ensure` Data type: `Any` Controls the `package` resource's `ensure` attribute. Valid values are: `absent`, `installed` (or equivalent `present`), or a version string. Default value: 'installed' ##### `pidfile` Data type: `Any` Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm. Default value: $::apache::params::pidfile ##### `ports_file` Data type: `Any` Sets the path to the file containing Apache ports configuration. Default value: $::apache::params::ports_file ##### `protocols` Data type: `Array[Enum['h2', 'h2c', 'http/1.1']]` Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols) directive, which lists available protocols for the server. Default value: [] ##### `protocols_honor_order` Data type: `Optional[Boolean]` Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder) directive which determines whether the order of Protocols sets precedence during negotiation. Default value: `undef` ##### `purge_configs` Data type: `Any` Removes all other Apache configs and virtual hosts.
Setting this to `false` is a stopgap measure to allow the apache module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see `purge_vhost_dir`. Default value: `true` ##### `purge_vhost_dir` Data type: `Any` If the `vhost_dir` parameter's value differs from the `confd_dir` parameter's, this parameter determines whether Puppet removes any configurations inside `vhost_dir` that are _not_ managed by Puppet.
Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. Default value: `undef` ##### `rewrite_lock` Data type: `Optional[Stdlib::Absolutepath]` Allows setting a custom location for a rewrite lock - considered best practice if using a RewriteMap of type prg in the `rewrites` parameter of your virtual host. This parameter only applies to Apache version 2.2 or lower and is ignored on newer versions. Default value: `undef` ##### `sendfile` Data type: `Enum['On', 'Off', 'on', 'off']` Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the `EnableSendfile` directive. Default value: 'On' ##### `serveradmin` Data type: `Any` Sets the Apache server administrator's contact information via Apache's `ServerAdmin` directive. Default value: 'root@localhost' ##### `servername` Data type: `Any` Sets the Apache server name via Apache's `ServerName` directive. Setting to `false` will not set ServerName at all. Default value: $::apache::params::servername ##### `server_root` Data type: `Any` Sets the Apache server's root directory via Apache's `ServerRoot` directive. Default value: $::apache::params::server_root ##### `server_signature` Data type: `Any` Configures a trailing footer line to display at the bottom of server-generated documents, such as error documents and output of certain Apache modules, via Apache's `ServerSignature` directive. Valid values are: `On` or `Off`. Default value: 'On' ##### `server_tokens` Data type: `Any` Controls how much information Apache sends to the browser about itself and the operating system, via Apache's `ServerTokens` directive. Default value: 'Prod' ##### `service_enable` Data type: `Boolean` Determines whether Puppet enables the Apache HTTPD service when the system is booted. Default value: `true` ##### `service_ensure` Data type: `Any` Determines whether Puppet should make sure the service is running. Valid values are: `true` (or `running`) or `false` (or `stopped`).
The `false` or `stopped` values set the 'httpd' service resource's `ensure` parameter to `false`, which is useful when you want to let the service be managed by another application, such as Pacemaker.
Default value: 'running' ##### `service_name` Data type: `Any` Sets the name of the Apache service. Default value: $::apache::params::service_name ##### `service_manage` Data type: `Boolean` Determines whether Puppet manages the HTTPD service's state. Default value: `true` ##### `service_restart` Data type: `Any` Determines whether Puppet should use a specific command to restart the HTTPD service. Values: a command to restart the Apache service. Default value: `undef` ##### `timeout` Data type: `Any` Sets Apache's `TimeOut` directive, which defines the number of seconds Apache waits for certain events before failing a request. Default value: '60' ##### `trace_enable` Data type: `Any` Controls how Apache handles `TRACE` requests (per RFC 2616) via the `TraceEnable` directive. Default value: 'On' ##### `use_canonical_name` Data type: `Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']]` Controls Apache's `UseCanonicalName` directive which controls how Apache handles self-referential URLs. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'. Default value: `undef` ##### `use_systemd` Data type: `Any` Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs. Default value: $::apache::params::use_systemd ##### `file_mode` Data type: `Any` Sets the desired permissions mode for config files. Valid values are: a string, with permissions mode in symbolic or numeric notation. Default value: $::apache::params::file_mode ##### `root_directory_options` Data type: `Any` Array of the desired options for the `/` directory in httpd.conf. Default value: $::apache::params::root_directory_options ##### `root_directory_secured` Data type: `Boolean` Sets the default access policy for the `/` directory in httpd.conf. A value of `false` allows access to all resources that are missing a more specific access policy. A value of `true` denies access to all resources by default. If `true`, more specific rules must be used to allow access to these resources (for example, in a directory block using the `directories` parameter). Default value: `false` ##### `vhost_dir` Data type: `Any` Changes your virtual host configuration files' location. Default value: $::apache::params::vhost_dir ##### `vhost_include_pattern` Data type: `Any` Defines the pattern for files included from the `vhost_dir`. If set to a value like `[^.#]\*.conf[^~]` to make sure that files accidentally created in this directory (such as files created by version control systems or editor backups) are *not* included in your server configuration.
Some operating systems use a value of `*.conf`. By default, this module creates configuration files ending in `.conf`. Default value: $::apache::params::vhost_include_pattern ##### `user` Data type: `Any` Changes the user that Apache uses to answer requests. Apache's parent process continues to run as root, but child processes access resources as the user defined by this parameter. To prevent Puppet from managing the user, set the `manage_user` parameter to `false`. Default value: $::apache::params::user ##### `apache_name` Data type: `Any` The name of the Apache package to install. If you are using a non-standard Apache package you might need to override the default setting.
For CentOS/RHEL Software Collections (SCL), you can also use `apache::version::scl_httpd_version`. Default value: $::apache::params::apache_name ##### `error_log` Data type: `Any` The name of the error log file for the main server instance. If the string starts with `/`, `|`, or `syslog`: the full path is set. Otherwise, the filename is prefixed with `$logroot`. Default value: $::apache::params::error_log ##### `scriptalias` Data type: `Any` Directory to use for global script alias Default value: $::apache::params::scriptalias ##### `access_log_file` Data type: `Any` The name of the access log file for the main server instance. Default value: $::apache::params::access_log_file ##### `limitreqfields` Data type: `Any` The `limitreqfields` parameter sets the maximum number of request header fields in an HTTP request. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request. Default value: '100' ##### `limitreqfieldsize` Data type: `Any` The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will be allowed within a request header. Default value: '8190' ##### `ip` Data type: `Any` Specifies the ip address Default value: `undef` ##### `purge_vdir` Data type: `Any` Removes all other Apache configs and virtual hosts.
> **Note**: This parameter is deprecated in favor of the `purge_config` parameter.
Default value: `false` ##### `conf_enabled` Data type: `Any` Whether the additional config files in `/etc/apache2/conf-enabled` should be managed. Default value: $::apache::params::conf_enabled ##### `vhost_enable_dir` Data type: `Any` Set's whether the vhost definitions will be stored in sites-availible and if they will be symlinked to and from sites-enabled. Default value: $::apache::params::vhost_enable_dir ##### `mod_enable_dir` Data type: `Any` Set's whether the mods-enabled directory should be managed. Default value: $::apache::params::mod_enable_dir ##### `ssl_file` Data type: `Any` This parameter allows you to set an ssl.conf file to be managed in order to implement an SSL Certificate. Default value: `undef` ##### `file_e_tag` Data type: `Any` Sets the server default for the `FileETag` declaration, which modifies the response header field for static files. Default value: `undef` ##### `use_optional_includes` Data type: `Boolean` Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for `additional_includes` in Apache 2.4 or newer. Default value: $::apache::params::use_optional_includes ##### `mime_types_additional` Data type: `Any` Specifies any idditional Internet media (mime) types that you wish to be configured. Default value: $::apache::params::mime_types_additional ### apache::dev The libraries installed depends on the `dev_packages` parameter of the `apache::params` class, based on your operating system: - **Debian** : `libaprutil1-dev`, `libapr1-dev`; `apache2-dev` on Ubuntu 13.10 and Debian 8; `apache2-prefork-dev` on other versions. - **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`. - **Gentoo**: `undef`. - **Red Hat**: `httpd-devel`. ### apache::mod::actions Installs Apache mod_actions * **See also** https://httpd.apache.org/docs/current/mod/mod_actions.html for additional documentation. ### apache::mod::alias Installs and configures `mod_alias`. * **See also** https://httpd.apache.org/docs/current/mod/mod_alias.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::alias` class. ##### `apache_version` Data type: `Any` The version of Apache, if not set will be retrieved from the init class. Default value: `undef` ##### `icons_options` Data type: `Any` Disables directory listings for the icons directory, via Apache [Options](https://httpd.apache.org/docs/current/mod/core.html#options) directive. Default value: 'Indexes MultiViews' ##### `icons_path` Data type: `Any` Sets the local path for an /icons/ Alias. Default depends on operating system: - Debian: /usr/share/apache2/icons - FreeBSD: /usr/local/www/apache24/icons - Gentoo: /var/www/icons - Red Hat: /var/www/icons, except on Apache 2.4, where it's /usr/share/httpd/icons Default value: $::apache::params::alias_icons_path ### apache::mod::auth_basic Installs `mod_auth_basic` * **See also** https://httpd.apache.org/docs/current/mod/mod_auth_basic.html for additional documentation. ### apache::mod::auth_cas Installs and configures `mod_auth_cas`. * **Note** The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. * **See also** https://github.com/apereo/mod_auth_cas for additional documentation. #### Parameters The following parameters are available in the `apache::mod::auth_cas` class. ##### `cas_login_url` Data type: `String` Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session. ##### `cas_validate_url` Data type: `String` Sets the URL to use when validating a client-presented ticket in an HTTP query string. ##### `cas_cookie_path` Data type: `String` Sets the location where information on the current session should be stored. This should be writable by the web server only. Default value: $::apache::params::cas_cookie_path ##### `cas_cookie_path_mode` Data type: `Any` The mode of cas_cookie_path. Default value: '0750' ##### `cas_version` Data type: `Any` The version of the CAS protocol to adhere to. Default value: 2 ##### `cas_debug` Data type: `Any` Whether to enable or disable debug mode. Default value: 'Off' ##### `cas_validate_server` Data type: `Any` Whether to validate the presented certificate. This has been deprecated and removed from Version 1.1-RC1 onward. Default value: `undef` ##### `cas_validatedepth` The maximum depth for chained certificate validation. ##### `cas_proxy_validate_url` Data type: `Any` The URL to use when performing a proxy validation. Default value: `undef` ##### `cas_root_proxied_as` Data type: `Any` Sets the URL end users see when access to this Apache server is proxied per vhost. This URL should not include a trailing slash. Default value: `undef` ##### `cas_cookie_entropy` Data type: `Any` When creating a local session, this many random bytes are used to create a unique session identifier. Default value: `undef` ##### `cas_timeout` Data type: `Any` The hard limit, in seconds, for a mod_auth_cas session. Default value: `undef` ##### `cas_idle_timeout` Data type: `Any` The limit, in seconds, of how long a mod_auth_cas session can be idle. Default value: `undef` ##### `cas_cache_clean_interval` Data type: `Any` The minimum amount of time that must pass inbetween cache cleanings. Default value: `undef` ##### `cas_cookie_domain` Data type: `Any` The value for the 'Domain=' parameter in the Set-Cookie header. Default value: `undef` ##### `cas_cookie_http_only` Data type: `Any` Setting this flag prevents the mod_auth_cas cookies from being accessed by client side Javascript. Default value: `undef` ##### `cas_authoritative` Data type: `Any` Determines whether an optional authorization directive is authoritative and thus binding. Default value: `undef` ##### `cas_validate_saml` Data type: `Any` Parse response from CAS server for SAML. Default value: `undef` ##### `cas_sso_enabled` Data type: `Any` Enables experimental support for single sign out (may mangle POST data). Default value: `undef` ##### `cas_attribute_prefix` Data type: `Any` Adds a header with the value of this header being the attribute values when SAML validation is enabled. Default value: `undef` ##### `cas_attribute_delimiter` Data type: `Any` Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`. Default value: `undef` ##### `cas_scrub_request_headers` Data type: `Any` Remove inbound request headers that may have special meaning within mod_auth_cas. Default value: `undef` ##### `suppress_warning` Data type: `Any` Suppress warning about being on RedHat (mod_auth_cas package is now available in epel-testing repo). Default value: `false` ##### `cas_validate_depth` Data type: `Any` Default value: `undef` ##### `cas_certificate_path` Data type: `Any` Default value: `undef` ### apache::mod::auth_gssapi Installs `mod_auth_gsappi`. * **See also** https://github.com/modauthgssapi/mod_auth_gssapi for additional documentation. ### apache::mod::auth_kerb Installs `mod_auth_kerb` * **See also** http://modauthkerb.sourceforge.net for additional documentation. ### apache::mod::auth_mellon Installs and configures `mod_auth_mellon`. * **See also** https://github.com/Uninett/mod_auth_mellon for additional documentation. #### Parameters The following parameters are available in the `apache::mod::auth_mellon` class. ##### `mellon_cache_size` Data type: `Any` Maximum number of sessions which can be active at once. Default value: $::apache::params::mellon_cache_size ##### `mellon_lock_file` Data type: `Any` Full path to a file used for synchronizing access to the session data. Default value: $::apache::params::mellon_lock_file ##### `mellon_post_directory` Data type: `Any` Full path of a directory where POST requests are saved during authentication. Default value: $::apache::params::mellon_post_directory ##### `mellon_cache_entry_size` Data type: `Any` Maximum size for a single session entry in bytes. Default value: `undef` ##### `mellon_post_ttl` Data type: `Any` Delay in seconds before a saved POST request can be flushed. Default value: `undef` ##### `mellon_post_size` Data type: `Any` Maximum size for saved POST requests. Default value: `undef` ##### `mellon_post_count` Data type: `Any` Maximum amount of saved POST requests. Default value: `undef` ### apache::mod::authn_core Installs `mod_authn_core`. * **See also** https://httpd.apache.org/docs/current/mod/mod_authn_core.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::authn_core` class. ##### `apache_version` Data type: `Any` The version of apache being run. Default value: $::apache::apache_version ### apache::mod::authn_dbd Installs `mod_authn_dbd`. * **See also** https://httpd.apache.org/docs/current/mod/mod_authn_dbd.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::authn_dbd` class. ##### `authn_dbd_params` Data type: `Any` The params needed for the mod to function. ##### `authn_dbd_dbdriver` Data type: `Any` Selects an apr_dbd driver by name. Default value: 'mysql' ##### `authn_dbd_query` Data type: `Any` Default value: `undef` ##### `authn_dbd_min` Data type: `Any` Set the minimum number of connections per process. Default value: '4' ##### `authn_dbd_max` Data type: `Any` Set the maximum number of connections per process. Default value: '20' ##### `authn_dbd_keep` Data type: `Any` Set the maximum number of connections per process to be sustained. Default value: '8' ##### `authn_dbd_exptime` Data type: `Any` Set the time to keep idle connections alive when the number of connections specified in DBDKeep has been exceeded. Default value: '300' ##### `authn_dbd_alias` Data type: `Any` Sets an alias for `AuthnProvider. Default value: `undef` ### apache::mod::authn_file Installs `mod_authn_file`. * **See also** https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html for additional documentation. ### apache::mod::authnz_ldap Installs `mod_authnz_ldap`. * **See also** https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::authnz_ldap` class. ##### `verify_server_cert` Data type: `Boolean` Whether to force te verification of a server cert or not. Default value: `true` ##### `package_name` Data type: `Any` The name of the ldap package. Default value: `undef` ### apache::mod::authnz_pam Installs `mod_authnz_pam`. * **See also** https://www.adelton.com/apache/mod_authnz_pam for additional documentation. ### apache::mod::authz_default Installs and configures `mod_authz_default`. * **See also** https://httpd.apache.org/docs/current/mod/mod_authz_default.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::authz_default` class. ##### `apache_version` Data type: `Any` Version of Apache to install module on. Default value: $::apache::apache_version ### apache::mod::authz_user Installs `mod_authz_user` * **See also** https://httpd.apache.org/docs/current/mod/mod_authz_user.html for additional documentation. ### apache::mod::autoindex Installs `mod_autoindex` * **See also** https://httpd.apache.org/docs/current/mod/mod_autoindex.html for additional documentation. ### apache::mod::cache Installs `mod_cache` * **See also** https://httpd.apache.org/docs/current/mod/mod_cache.html for additional documentation. ### apache::mod::cgi Installs `mod_cgi`. * **See also** https://httpd.apache.org/docs/current/mod/mod_cgi.html for additional documentation. ### apache::mod::cgid Installs `mod_cgid`. * **See also** https://httpd.apache.org/docs/current/mod/mod_cgid.html ### apache::mod::cluster Installs `mod_cluster`. * **Note** There is no official package available for mod_cluster, so you must make it available outside of the apache module. Binaries can be found [here](https://modcluster.io/). * **See also** https://modcluster.io/ for additional documentation. #### Examples ##### ```puppet class { '::apache::mod::cluster': ip => '172.17.0.1', allowed_network => '172.17.0.', balancer_name => 'mycluster', version => '1.3.1' } ``` #### Parameters The following parameters are available in the `apache::mod::cluster` class. ##### `allowed_network` Data type: `Any` Balanced members network. ##### `balancer_name` Data type: `Any` Name of balancer. ##### `ip` Data type: `Any` Specifies the IP address to listen to. ##### `version` Data type: `Any` Specifies the mod_cluster version. Version 1.3.0 or greater is required for httpd 2.4. ##### `enable_mcpm_receive` Data type: `Any` Whether MCPM should be enabled. Default value: `true` ##### `port` Data type: `Any` mod_cluster listen port. Default value: '6666' ##### `keep_alive_timeout` Data type: `Any` Specifies how long Apache should wait for a request, in seconds. Default value: 60 ##### `manager_allowed_network` Data type: `Any` Whether to allow the network to access the mod_cluster_manager. Default value: '127.0.0.1' ##### `max_keep_alive_requests` Data type: `Any` Maximum number of requests kept alive. Default value: 0 ##### `server_advertise` Data type: `Any` Whether the server should advertise. Default value: `true` ##### `advertise_frequency` Data type: `Any` Sets the interval between advertise messages in seconds. Default value: `undef` ### apache::mod::data Installs and configures `mod_data`. * **See also** https://httpd.apache.org/docs/current/mod/mod_data.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::data` class. ##### `apache_version` Data type: `Any` Version of Apache to install module on. Default value: `undef` ### apache::mod::dav Installs `mod_dav`. * **See also** https://httpd.apache.org/docs/current/mod/mod_dav.html for additional documentation. ### apache::mod::dav_fs Installs `mod_dav_fs`. * **See also** https://httpd.apache.org/docs/current/mod/mod_dav_fs.html for additional documentation. ### apache::mod::dav_svn Installs and configures `mod_dav_svn`. * **See also** https://httpd.apache.org/docs/current/mod/mod_dav_svn.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::dav_svn` class. ##### `authz_svn_enabled` Data type: `Any` Specifies whether to install Apache mod_authz_svn Default value: `false` ### apache::mod::dbd Installs `mod_dbd`. * **See also** https://httpd.apache.org/docs/current/mod/mod_dbd.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::dbd` class. ##### `apache_version` Used to verify that the Apache version you have requested is compatible with the module. ### apache::mod::deflate Installs and configures `mod_deflate`. * **See also** https://httpd.apache.org/docs/current/mod/mod_deflate.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::deflate` class. ##### `types` Data type: `Any` An array of MIME types to be deflated. See https://www.iana.org/assignments/media-types/media-types.xhtml. Default value: [ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json', ] ##### `notes` Data type: `Any` A Hash where the key represents the type and the value represents the note name. Default value: { 'Input' => 'instream', 'Output' => 'outstream', 'Ratio' => 'ratio', } ### apache::mod::dev Installs `mod_dev`. * **Note** This module is deprecated. Please use `apache::dev`. ### apache::mod::dir Installs and configures `mod_dir`. * **TODO** This sets the global DirectoryIndex directive, so it may be necessary to consider being able to modify the apache::vhost to declare DirectoryIndex statements in a vhost configuration * **See also** https://httpd.apache.org/docs/current/mod/mod_dir.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::dir` class. ##### `types` Specifies the text-based content types to compress. ##### `indexes` Data type: `Array[String]` Provides a string for the DirectoryIndex directive Default value: ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'] ##### `dir` Data type: `Any` Default value: 'public_html' ### apache::mod::disk_cache Installs and configures `mod_disk_cache`. * **Note** Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed. * **See also** https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::disk_cache` class. ##### `cache_root` Data type: `Any` Defines the name of the directory on the disk to contain cache files. Default depends on the Apache version and operating system: - Debian: /var/cache/apache2/mod_cache_disk - FreeBSD: /var/cache/mod_cache_disk - Red Hat, Apache 2.4: /var/cache/httpd/proxy - Red Hat, Apache 2.2: /var/cache/mod_proxy Default value: `undef` ##### `cache_ignore_headers` Data type: `Any` Specifies HTTP header(s) that should not be stored in the cache. Default value: `undef` ### apache::mod::dumpio Installs and configures `mod_dumpio`. * **See also** https://httpd.apache.org/docs/current/mod/mod_dumpio.html for additional documentation. #### Examples ##### ```puppet class{'apache': default_mods => false, log_level => 'dumpio:trace7', } class{'apache::mod::dumpio': dump_io_input => 'On', dump_io_output => 'Off', } ``` #### Parameters The following parameters are available in the `apache::mod::dumpio` class. ##### `dump_io_input` Data type: `Enum['Off', 'On', 'off', 'on']` Dump all input data to the error log Default value: 'Off' ##### `dump_io_output` Data type: `Enum['Off', 'On', 'off', 'on']` Dump all output data to the error log Default value: 'Off' ### apache::mod::env Installs `mod_env`. * **See also** https://httpd.apache.org/docs/current/mod/mod_env.html for additional documentation. ### apache::mod::event Installs and configures `mod_event`. * **Note** You cannot include apache::mod::event with apache::mod::itk, apache::mod::peruser, apache::mod::prefork, or apache::mod::worker on the same server. * **See also** https://httpd.apache.org/docs/current/mod/event.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::event` class. ##### `startservers` Data type: `Any` Sets the number of child server processes created at startup, via the module's `StartServers` directive. Setting this to `false` removes the parameter. Default value: '2' ##### `maxclients` Data type: `Any` Apache 2.3.12 or older alias for the `MaxRequestWorkers` directive. Default value: '150' ##### `maxrequestworkers` Data type: `Any` Sets the maximum number of connections Apache can simultaneously process, via the module's `MaxRequestWorkers` directive. Setting these to `false` removes the parameters. Default value: `undef` ##### `minsparethreads` Data type: `Any` Sets the minimum number of idle threads, via the `MinSpareThreads` directive. Setting this to `false` removes the parameters. Default value: '25' ##### `maxsparethreads` Data type: `Any` Sets the maximum number of idle threads, via the `MaxSpareThreads` directive. Setting this to `false` removes the parameters. Default value: '75' ##### `threadsperchild` Data type: `Any` Number of threads created by each child process. Default value: '25' ##### `maxrequestsperchild` Data type: `Any` Apache 2.3.8 or older alias for the `MaxConnectionsPerChild` directive. Default value: '0' ##### `maxconnectionsperchild` Data type: `Any` Limit on the number of connections that an individual child server will handle during its life. Default value: `undef` ##### `serverlimit` Data type: `Any` Limits the configurable number of processes via the `ServerLimit` directive. Setting this to `false` removes the parameter. Default value: '25' ##### `apache_version` Data type: `Any` Version of Apache to install module on. Default value: `undef` ##### `threadlimit` Data type: `Any` Limits the number of event threads via the module's `ThreadLimit` directive. Setting this to `false` removes the parameter. Default value: '64' ##### `listenbacklog` Data type: `Any` Sets the maximum length of the pending connections queue via the module's `ListenBackLog` directive. Setting this to `false` removes the parameter. Default value: '511' ### apache::mod::expires Installs and configures `mod_expires`. * **See also** https://httpd.apache.org/docs/current/mod/mod_expires.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::expires` class. ##### `expires_active` Data type: `Any` Enables generation of Expires headers. Default value: `true` ##### `expires_default` Data type: `Any` Specifies the default algorithm for calculating expiration time using ExpiresByType syntax or interval syntax. Default value: `undef` ##### `expires_by_type` Data type: `Any` Describes a set of [MIME content-types](https://www.iana.org/assignments/media-types/media-types.xhtml) and their expiration times. This should be used as an array of Hashes, with each Hash's key a valid MIME content-type (i.e. 'text/json') and its value following valid interval syntax. Default value: `undef` ### apache::mod::ext_filter Installs and configures `mod_ext_filter`. * **See also** https://httpd.apache.org/docs/current/mod/mod_ext_filter.html for additional documentation. #### Examples ##### ```puppet class { 'apache::mod::ext_filter': ext_filter_define => { 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', }, } ``` #### Parameters The following parameters are available in the `apache::mod::ext_filter` class. ##### `ext_filter_define` Data type: `Optional[Hash]` Hash of filter names and their parameters. Default value: `undef` ### apache::mod::fastcgi Installs `mod_fastcgi`. * **See also** https://github.com/FastCGI-Archives/mod_fastcgi for additional documentation. ### apache::mod::fcgid loaded first; Puppet will not automatically enable it if you set the fcgiwrapper parameter in apache::vhost. include apache::mod::fcgid apache::vhost { 'example.org': docroot => '/var/www/html', directories => { path => '/var/www/html', fcgiwrapper => { command => '/usr/local/bin/fcgiwrapper', } }, } * **See also** https://httpd.apache.org/docs/current/mod/mod_fcgid.html for additional documentation. #### Examples ##### The class does not individually parameterize all available options. Instead, configure mod_fcgid using the options hash. ```puppet class { 'apache::mod::fcgid': options => { 'FcgidIPCDir' => '/var/run/fcgidsock', 'SharememPath' => '/var/run/fcgid_shm', 'AddHandler' => 'fcgid-script .fcgi', }, } ``` ##### If you include apache::mod::fcgid, you can set the [FcgidWrapper][] per directory, per virtual host. The module must be ```puppet ``` #### Parameters The following parameters are available in the `apache::mod::fcgid` class. ##### `expires_active` Enables generation of Expires headers. ##### `expires_default` Default algorithm for calculating expiration time. ##### `expires_by_type` Value of the Expires header configured by MIME type. ##### `options` Data type: `Any` Default value: {} ### apache::mod::filter Installs `mod_filter`. * **See also** https://httpd.apache.org/docs/current/mod/mod_filter.html for additional documentation. ### apache::mod::geoip Installs and configures `mod_geoip`. * **See also** https://dev.maxmind.com/geoip/legacy/mod_geoip2 for additional documentation. #### Parameters The following parameters are available in the `apache::mod::geoip` class. ##### `enable` Data type: `Any` Toggles whether to enable geoip. Default value: `false` ##### `db_file` Data type: `Any` Path to database for GeoIP to use. Default value: '/usr/share/GeoIP/GeoIP.dat' ##### `flag` Data type: `Any` Caching directive to use. Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'. Default value: 'Standard' ##### `output` Data type: `Any` Output variable locations. Values: 'All', 'Env', 'Request', 'Notes'. Default value: 'All' ##### `enable_utf8` Data type: `Any` Changes the output from ISO88591 (Latin1) to UTF8. Default value: `undef` ##### `scan_proxy_headers` Data type: `Any` Enables the GeoIPScanProxyHeaders option. Default value: `undef` ##### `scan_proxy_headers_field` Specifies the header mod_geoip uses to determine the client's IP address. ##### `use_last_xforwarededfor_ip` Data type: `Any` Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found. Default value: `undef` ##### `scan_proxy_header_field` Data type: `Any` Default value: `undef` ### apache::mod::headers Installs and configures `mod_headers`. * **See also** https://httpd.apache.org/docs/current/mod/mod_headers.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::headers` class. ##### `apache_version` Version of Apache to install module on. ### apache::mod::http2 Installs and configures `mod_http2`. * **See also** https://httpd.apache.org/docs/current/mod/mod_http2.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::http2` class. ##### `h2_copy_files` Data type: `Optional[Boolean]` Determine file handling in responses. Default value: `undef` ##### `h2_direct` Data type: `Optional[Boolean]` H2 Direct Protocol Switch. Default value: `undef` ##### `h2_early_hints` Data type: `Optional[Boolean]` Determine sending of 103 status codes. Default value: `undef` ##### `h2_max_session_streams` Data type: `Optional[Integer]` Sets maximum number of active streams per HTTP/2 session. Default value: `undef` ##### `h2_max_worker_idle_seconds` Data type: `Optional[Integer]` Sets maximum number of seconds h2 workers remain idle until shut down. Default value: `undef` ##### `h2_max_workers` Data type: `Optional[Integer]` Sets maximum number of worker threads to use per child process. Default value: `undef` ##### `h2_min_workers` Data type: `Optional[Integer]` Sets minimal number of worker threads to use per child process. Default value: `undef` ##### `h2_modern_tls_only` Data type: `Optional[Boolean]` Toggles the security checks on HTTP/2 connections in TLS mode Default value: `undef` ##### `h2_push` Data type: `Optional[Boolean]` Toggles the usage of the HTTP/2 server push protocol feature. Default value: `undef` ##### `h2_push_diary_size` Data type: `Optional[Integer]` Sets maximum number of HTTP/2 server pushes that are remembered per HTTP/2 connection. Default value: `undef` ##### `h2_priority` Require HTTP/2 connections to be "modern TLS" only ##### `h2_push_resource` Data type: `Array[String]` When added to a directory/location, HTTP/2 PUSHes will be attempted for all paths added via this directive Default value: [] ##### `h2_serialize_headers` Data type: `Optional[Boolean]` Toggles if HTTP/2 requests shall be serialized in HTTP/1.1 format for processing by httpd core or if received binary data shall be passed into the request_recs directly. Default value: `undef` ##### `h2_stream_max_mem_size` Data type: `Optional[Integer]` Sets the maximum number of outgoing data bytes buffered in memory for an active streams. Default value: `undef` ##### `h2_tls_cool_down_secs` Data type: `Optional[Integer]` Sets the number of seconds of idle time on a TLS connection before the TLS write size falls back to small (~1300 bytes) length. Default value: `undef` ##### `h2_tls_warm_up_size` Data type: `Optional[Integer]` Sets the number of bytes to be sent in small TLS records (~1300 bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections. Default value: `undef` ##### `h2_upgrade` Data type: `Optional[Boolean]` Toggles the usage of the HTTP/1.1 Upgrade method for switching to HTTP/2. Default value: `undef` ##### `h2_window_size` Data type: `Optional[Integer]` Sets the size of the window that is used for flow control from client to server and limits the amount of data the server has to buffer. Default value: `undef` ##### `apache_version` Data type: `Optional[String]` Version of Apache to install module on. Default value: `undef` ##### `h2_push_priority` Data type: `Array[String]` Default value: [] ### apache::mod::include Installs `mod_include`. * **See also** https://httpd.apache.org/docs/current/mod/mod_include.html for additional documentation. ### apache::mod::info Installs and configures `mod_info`. * **See also** https://httpd.apache.org/docs/current/mod/mod_info.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::info` class. ##### `allow_from` Data type: `Any` -Whitelist of IPv4 or IPv6 addresses or ranges that can access the info path. +Allowlist of IPv4 or IPv6 addresses or ranges that can access the info path. Default value: ['127.0.0.1','::1'] ##### `apache_version` Data type: `Any` Version of Apache to install module on. Default value: `undef` ##### `restrict_access` Data type: `Any` -Toggles whether to restrict access to info path. If `false`, the `allow_from` whitelist is ignored and any IP address can +Toggles whether to restrict access to info path. If `false`, the `allow_from` allowlist is ignored and any IP address can access the info path. Default value: `true` ##### `info_path` Data type: `Any` Path on server to file containing server configuration information. Default value: '/server-info' ### apache::mod::intercept_form_submit Installs `mod_intercept_form_submit`. * **See also** https://www.adelton.com/apache/mod_intercept_form_submit for additional documentation. ### apache::mod::itk Installs MPM `mod_itk`. * **See also** http://mpm-itk.sesse.net for additional documentation. #### Parameters The following parameters are available in the `apache::mod::itk` class. ##### `startservers` Data type: `Any` Number of child server processes created on startup. Default value: '8' ##### `minspareservers` Data type: `Any` Minimum number of idle child server processes. Default value: '5' ##### `maxspareservers` Data type: `Any` Maximum number of idle child server processes. Default value: '20' ##### `serverlimit` Data type: `Any` Maximum configured value for `MaxRequestWorkers` for the lifetime of the Apache httpd process. Default value: '256' ##### `maxclients` Data type: `Any` Limit on the number of simultaneous requests that will be served. Default value: '256' ##### `maxrequestsperchild` Data type: `Any` Limit on the number of connections that an individual child server process will handle. Default value: '4000' ##### `enablecapabilities` Data type: `Any` Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra capabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor capabilities, such as NFS. Default value: `undef` ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: `undef` ### apache::mod::jk Installs `mod_jk`. * **Note** shm_file and log_file Depending on how these files are specified, the class creates their final path differently: Relative path: prepends supplied path with logroot (see below) Absolute path or pipe: uses supplied path as-is ``` shm_file => 'shm_file' # Ends up in $shm_path = '/var/log/httpd/shm_file' shm_file => '/run/shm_file' # Ends up in $shm_path = '/run/shm_file' shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' # Ends up in $shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' ``` * **See also** https://tomcat.apache.org/connectors-doc/reference/apache.html for additional documentation. #### Examples ##### ```puppet class { '::apache::mod::jk': ip => '192.168.2.15', workers_file => 'conf/workers.properties', mount_file => 'conf/uriworkermap.properties', shm_file => 'run/jk.shm', shm_size => '50M', workers_file_content => { }, } ``` #### Parameters The following parameters are available in the `apache::mod::jk` class. ##### `ip` Data type: `Optional[String]` IP for binding to mod_jk. Useful when the binding address is not the primary network interface IP. Default value: `undef` ##### `port` Data type: `Integer` Port for binding to mod_jk. Useful when something else, like a reverse proxy or cache, is receiving requests at port 80, then needs to forward them to Apache at a different port. Default value: 80 ##### `add_listen` Data type: `Boolean` Defines if a Listen directive according to parameters ip and port (see below), so that Apache listens to the IP/port combination and redirect to mod_jk. Useful when another Listen directive, like Listen *: or Listen , can conflict with the one necessary for mod_jk binding. Default value: `true` ##### `workers_file` Data type: `Any` The name of a worker file for the Tomcat servlet containers. Default value: `undef` ##### `worker_property` Data type: `Any` Enables setting worker properties inside Apache configuration file. Default value: {} ##### `logroot` Data type: `Any` The base directory for shm_file and log_file is determined by the logroot parameter. If unspecified, defaults to apache::params::logroot. The default logroot is sane enough therefore it is not recommended to override it. Default value: `undef` ##### `shm_file` Data type: `Any` Shared memory file name. Default value: 'jk-runtime-status' ##### `shm_size` Data type: `Any` Size of the shared memory file name. Default value: `undef` ##### `mount_file` Data type: `Any` File containing multiple mappings from a context to a Tomcat worker. Default value: `undef` ##### `mount_file_reload` Data type: `Any` This directive configures the reload check interval in seconds. Default value: `undef` ##### `mount` Data type: `Any` A mount point from a context to a Tomcat worker. Default value: {} ##### `un_mount` Data type: `Any` An exclusion mount point from a context to a Tomcat worker. Default value: {} ##### `auto_alias` Data type: `Any` Automatically Alias webapp context directories into the Apache document space Default value: `undef` ##### `mount_copy` Data type: `Any` If this directive is set to "On" in some virtual server, the mounts from the global server will be copied to this virtual server, more precisely all mounts defined by JkMount or JkUnMount. Default value: `undef` ##### `worker_indicator` Data type: `Any` Name of the Apache environment variable that can be used to set worker names in combination with SetHandler jakarta-servlet. Default value: `undef` ##### `watchdog_interval` Data type: `Any` This directive configures the watchdog thread interval in seconds. Default value: `undef` ##### `log_file` Data type: `Any` Full or server relative path to the mod_jk log file. Default value: 'mod_jk.log' ##### `log_level` Data type: `Any` The mod_jk log level, can be debug, info, warn error or trace. Default value: `undef` ##### `log_stamp_format` Data type: `Any` The mod_jk date log format, using an extended strftime syntax. Default value: `undef` ##### `request_log_format` Data type: `Any` Request log format string. Default value: `undef` ##### `extract_ssl` Data type: `Any` Turns on SSL processing and information gathering by mod_jk. Default value: `undef` ##### `https_indicator` Data type: `Any` Name of the Apache environment variable that contains SSL indication. Default value: `undef` ##### `sslprotocol_indicator` Data type: `Any` Name of the Apache environment variable that contains the SSL protocol name. Default value: `undef` ##### `certs_indicator` Data type: `Any` Name of the Apache environment variable that contains SSL client certificates. Default value: `undef` ##### `cipher_indicator` Data type: `Any` Name of the Apache environment variable that contains SSL client cipher. Default value: `undef` ##### `certchain_prefix` Data type: `Any` Name of the Apache environment (prefix) that contains SSL client chain certificates. Default value: `undef` ##### `session_indicator` Data type: `Any` Name of the Apache environment variable that contains SSL session. Default value: `undef` ##### `keysize_indicator` Data type: `Any` Name of the Apache environment variable that contains SSL key size in use. Default value: `undef` ##### `local_name_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded local name. Default value: `undef` ##### `ignore_cl_indicator` Data type: `Any` Name of the Apache environment variable which forces to ignore an existing Content-Length request header. Default value: `undef` ##### `local_addr_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded local IP address. Default value: `undef` ##### `local_port_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded local port. Default value: `undef` ##### `remote_host_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) host name. Default value: `undef` ##### `remote_addr_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) IP address. Default value: `undef` ##### `remote_port_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) IP address. Default value: `undef` ##### `remote_user_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded user name. Default value: `undef` ##### `auth_type_indicator` Data type: `Any` Name of the Apache environment variable which can be used to overwrite the forwarded authentication type. Default value: `undef` ##### `options` Data type: `Any` Set one of more options to configure the mod_jk module. Default value: [] ##### `env_var` Data type: `Any` Adds a name and an optional default value of environment variable that should be sent to servlet-engine as a request attribute. Default value: {} ##### `strip_session` Data type: `Any` If this directive is set to On in some virtual server, the session IDs ;jsessionid=... will be removed for URLs which are not forwarded but instead are handled by the local server. Default value: `undef` ##### `workers_file_content` Data type: `Any` Each directive has the format worker..=. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash specifies each worker properties and values. Plus, there are two global directives, 'worker.list' and 'worker.maintain' For example, the workers file below should be parameterized as follows: Worker file: ``` worker.list = status worker.list = some_name,other_name worker.maintain = 60 # Optional comment worker.some_name.type=ajp13 worker.some_name.socket_keepalive=true # I just like comments worker.other_name.type=ajp12 (why would you?) worker.other_name.socket_keepalive=false ``` Puppet file: ``` $workers_file_content = { worker_lists => ['status', 'some_name,other_name'], worker_maintain => '60', some_name => { comment => 'Optional comment', type => 'ajp13', socket_keepalive => 'true', }, other_name => { comment => 'I just like comments', type => 'ajp12', socket_keepalive => 'false', }, } ``` Default value: {} ##### `mount_file_content` Data type: `Any` Each directive has the format = . This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash contains two items: - uri_list—an array with URIs to be mapped to the worker - comment—an optional string with a comment for the worker. For example, the mount file below should be parameterized as Figure 2: Worker file: ``` # Worker 1 /context_1/ = worker_1 /context_1/* = worker_1 # Worker 2 / = worker_2 /context_2/ = worker_2 /context_2/* = worker_2 ``` Puppet file: ``` $mount_file_content = { worker_1 => { uri_list => ['/context_1/', '/context_1/*'], comment => 'Worker 1', }, worker_2 => { uri_list => ['/context_2/', '/context_2/*'], comment => 'Worker 2', }, }, ``` Default value: {} ##### `location_list` Data type: `Any` Default value: [] ### apache::mod::ldap Installs and configures `mod_ldap`. * **See also** https://httpd.apache.org/docs/current/mod/mod_ldap.html for additional documentation. #### Examples ##### ```puppet class { 'apache::mod::ldap': ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt', ldap_trusted_global_cert_type => 'CA_DER', ldap_trusted_mode => 'TLS', ldap_shared_cache_size => '500000', ldap_cache_entries => '1024', ldap_cache_ttl => '600', ldap_opcache_entries => '1024', ldap_opcache_ttl => '600', } ``` #### Parameters The following parameters are available in the `apache::mod::ldap` class. ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: `undef` ##### `package_name` Data type: `Any` Specifies the custom package name. Default value: `undef` ##### `ldap_trusted_global_cert_file` Data type: `Any` Sets the file or database containing global trusted Certificate Authority or global client certificates. Default value: `undef` ##### `ldap_trusted_global_cert_type` Data type: `Optional[String]` Sets the the certificate parameter of the global trusted Certificate Authority or global client certificates. Default value: 'CA_BASE64' ##### `ldap_shared_cache_size` Data type: `Any` Size in bytes of the shared-memory cache Default value: `undef` ##### `ldap_cache_entries` Data type: `Any` Maximum number of entries in the primary LDAP cache Default value: `undef` ##### `ldap_cache_ttl` Data type: `Any` Time that cached items remain valid (in seconds). Default value: `undef` ##### `ldap_opcache_entries` Data type: `Any` Number of entries used to cache LDAP compare operations Default value: `undef` ##### `ldap_opcache_ttl` Data type: `Any` Time that entries in the operation cache remain valid (in seconds). Default value: `undef` ##### `ldap_trusted_mode` Data type: `Any` Specifies the SSL/TLS mode to be used when connecting to an LDAP server. Default value: `undef` ##### `ldap_path` Data type: `String` The server location of the ldap status page. Default value: '/ldap-status' ### apache::mod::lookup_identity Installs `mod_lookup_identity` * **See also** https://www.adelton.com/apache/mod_lookup_identity for additional documentation. ### apache::mod::macro Installs `mod_macro`. * **See also** https://httpd.apache.org/docs/current/mod/mod_macro.html for additional documentation. ### apache::mod::mime Installs and configures `mod_mime`. * **See also** https://httpd.apache.org/docs/current/mod/mod_mime.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::mime` class. ##### `mime_support_package` Data type: `Any` Name of the MIME package to be installed. Default value: $::apache::params::mime_support_package ##### `mime_types_config` Data type: `Any` The location of the mime.types file. Default value: $::apache::params::mime_types_config ##### `mime_types_additional` Data type: `Any` List of additional MIME types to include. Default value: `undef` ### apache::mod::mime_magic Installs and configures `mod_mime_magic`. * **See also** https://httpd.apache.org/docs/current/mod/mod_mime_magic.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::mime_magic` class. ##### `magic_file` Data type: `Any` Enable MIME-type determination based on file contents using the specified magic file. Default value: `undef` ### apache::mod::negotiation Installs and configures `mod_negotiation`. * **See also** [https://httpd.apache.org/docs/current/mod/mod_negotiation.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::negotiation` class. ##### `force_language_priority` Data type: `Variant[Array[String], String]` Action to take if a single acceptable document is not found. Default value: 'Prefer Fallback' ##### `language_priority` Data type: `Variant[Array[String], String]` The precedence of language variants for cases where the client does not express a preference. Default value: [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 'zh-TW' ] ### apache::mod::nss Installs and configures `mod_nss`. * **See also** https://pagure.io/mod_nss for additional documentation. #### Parameters The following parameters are available in the `apache::mod::nss` class. ##### `transfer_log` Data type: `Any` Path to `access.log`. Default value: "${::apache::params::logroot}/access.log" ##### `error_Log` Path to `error.log` ##### `passwd_file` Data type: `Any` Path to file containing token passwords used for NSSPassPhraseDialog. Default value: `undef` ##### `port` Data type: `Any` Sets the SSL port that should be used by mod_nss. Default value: 8443 ##### `error_log` Data type: `Any` Default value: "${::apache::params::logroot}/error.log" ### apache::mod::pagespeed Although this apache module requires the mod-pagespeed-stable package, Puppet does not manage the software repositories required to automatically install the package. If you declare this class when the package is either not installed or not available to your package manager, your Puppet run will fail. * **TODO** Add docs * **Note** Verify that your system is compatible with the latest Google Pagespeed requirements. * **See also** https://developers.google.com/speed/pagespeed/module/ for additional documentation. #### Parameters The following parameters are available in the `apache::mod::pagespeed` class. ##### `inherit_vhost_config` Data type: `Any` Default value: 'on' ##### `filter_xhtml` Data type: `Any` Default value: `false` ##### `cache_path` Data type: `Any` Default value: '/var/cache/mod_pagespeed/' ##### `log_dir` Data type: `Any` Default value: '/var/log/pagespeed' ##### `memcache_servers` Data type: `Any` Default value: [] ##### `rewrite_level` Data type: `Any` Default value: 'CoreFilters' ##### `disable_filters` Data type: `Any` Default value: [] ##### `enable_filters` Data type: `Any` Default value: [] ##### `forbid_filters` Data type: `Any` Default value: [] ##### `rewrite_deadline_per_flush_ms` Data type: `Any` Default value: 10 ##### `additional_domains` Data type: `Any` Default value: `undef` ##### `file_cache_size_kb` Data type: `Any` Default value: 102400 ##### `file_cache_clean_interval_ms` Data type: `Any` Default value: 3600000 ##### `lru_cache_per_process` Data type: `Any` Default value: 1024 ##### `lru_cache_byte_limit` Data type: `Any` Default value: 16384 ##### `css_flatten_max_bytes` Data type: `Any` Default value: 2048 ##### `css_inline_max_bytes` Data type: `Any` Default value: 2048 ##### `css_image_inline_max_bytes` Data type: `Any` Default value: 2048 ##### `image_inline_max_bytes` Data type: `Any` Default value: 2048 ##### `js_inline_max_bytes` Data type: `Any` Default value: 2048 ##### `css_outline_min_bytes` Data type: `Any` Default value: 3000 ##### `js_outline_min_bytes` Data type: `Any` Default value: 3000 ##### `inode_limit` Data type: `Any` Default value: 500000 ##### `image_max_rewrites_at_once` Data type: `Any` Default value: 8 ##### `num_rewrite_threads` Data type: `Any` Default value: 4 ##### `num_expensive_rewrite_threads` Data type: `Any` Default value: 4 ##### `collect_statistics` Data type: `Any` Default value: 'on' ##### `statistics_logging` Data type: `Any` Default value: 'on' ##### `allow_view_stats` Data type: `Any` Default value: [] ##### `allow_pagespeed_console` Data type: `Any` Default value: [] ##### `allow_pagespeed_message` Data type: `Any` Default value: [] ##### `message_buffer_size` Data type: `Any` Default value: 100000 ##### `additional_configuration` Data type: `Any` Default value: {} ##### `apache_version` Data type: `Any` Default value: `undef` ##### `package_ensure` Data type: `Any` Default value: `undef` ### apache::mod::passenger The current set of server configurations settings were taken directly from the Passenger Reference. To enable deprecation warnings and removal failure messages, set the passenger_installed_version to the version number installed on the server. Change Log: - As of 08/13/2017 there are 84 available/deprecated/removed settings. - Around 08/20/2017 UnionStation was discontinued options were removed. - As of 08/20/2017 there are 77 available/deprecated/removed settings. * **Note** In Passenger source code you can strip out what are all the available options by looking in - src/apache2_module/Configuration.cpp - src/apache2_module/ConfigurationCommands.cpp There are also several undocumented settings. * **See also** https://www.phusionpassenger.com/library/config/apache/reference/ for additional documentation. #### Parameters The following parameters are available in the `apache::mod::passenger` class. ##### `manage_repo` Data type: `Any` Toggle whether to manage yum repo if on a RedHat node. Default value: `true` ##### `mod_id` Data type: `Any` Specifies the package id. Default value: `undef` ##### `mod_lib` Data type: `Any` Defines the module's shared object name. Do not configure manually without special reason. Default value: `undef` ##### `mod_lib_path` Data type: `Any` Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter overrides this value. Default value: `undef` ##### `mod_package` Data type: `Any` Name of the module package to install. Default value: `undef` ##### `mod_package_ensure` Data type: `Any` Determines whether Puppet ensures the module should be installed. Default value: `undef` ##### `mod_path` Data type: `Any` Specifies a path to the module. Do not manually set this parameter without a special reason. Default value: `undef` ##### `passenger_allow_encoded_slashes` Data type: `Any` Toggle whether URLs with encoded slashes (%2f) can be used (by default Apache does not support this). Default value: `undef` ##### `passenger_app_env` Data type: `Any` This option sets, for the current application, the value of the following environment variables: - RAILS_ENV - RACK_ENV - WSGI_ENV - NODE_ENV - PASSENGER_APP_ENV Default value: `undef` ##### `passenger_app_group_name` Data type: `Any` Sets the name of the application group that the current application should belong to. Default value: `undef` ##### `passenger_app_root` Data type: `Any` Path to the application root which allows access independent from the DocumentRoot. Default value: `undef` ##### `passenger_app_type` Data type: `Any` Specifies the type of the application. If you set this option, then you must also set PassengerAppRoot, otherwise Passenger will not properly recognize your application. Default value: `undef` ##### `passenger_base_uri` Data type: `Any` Used to specify that the given URI is an distinct application that should be served by Passenger. Default value: `undef` ##### `passenger_buffer_response` Data type: `Any` Toggle whether application-generated responses are buffered by Apache. Buffering will happen in memory. Default value: `undef` ##### `passenger_buffer_upload` Data type: `Any` Toggle whether HTTP client request bodies are buffered before they are sent to the application. Default value: `undef` ##### `passenger_concurrency_model` Data type: `Any` Specifies the I/O concurrency model that should be used for Ruby application processes. Default value: `undef` ##### `passenger_conf_file` Data type: `Any` Default value: $::apache::params::passenger_conf_file ##### `passenger_conf_package_file` Data type: `Any` Default value: $::apache::params::passenger_conf_package_file ##### `passenger_data_buffer_dir` Data type: `Any` Specifies the directory in which to store data buffers. Default value: `undef` ##### `passenger_debug_log_file` Data type: `Any` Default value: `undef` ##### `passenger_debugger` Data type: `Any` Turns support for Ruby application debugging on or off. Default value: `undef` ##### `passenger_default_group` Data type: `Any` Allows you to specify the group that applications must run as, if user switching fails or is disabled. Default value: `undef` ##### `passenger_default_ruby` Data type: `Any` File path to desired ruby interpreter to use by default. Default value: $::apache::params::passenger_default_ruby ##### `passenger_default_user` Data type: `Any` Allows you to specify the user that applications must run as, if user switching fails or is disabled. Default value: `undef` ##### `passenger_disable_security_update_check` Data type: `Any` Allows disabling the Passenger security update check, a daily check with https://securitycheck.phusionpassenger.com for important security updates that might be available. Default value: `undef` ##### `passenger_enabled` Data type: `Any` Toggles whether Passenger should be enabled for that particular context. Default value: `undef` ##### `passenger_error_override` Data type: `Any` Toggles whether Apache will intercept and handle responses with HTTP status codes of 400 and higher. Default value: `undef` ##### `passenger_file_descriptor_log_file` Data type: `Any` Log file descriptor debug tracing messages to the given file. Default value: `undef` ##### `passenger_fly_with` Data type: `Any` Enables the Flying Passenger mode, and configures Apache to connect to the Flying Passenger daemon that's listening on the given socket filename. Default value: `undef` ##### `passenger_force_max_concurrent_requests_per_process` Data type: `Any` Use this option to tell Passenger how many concurrent requests the application can handle per process. Default value: `undef` ##### `passenger_friendly_error_pages` Data type: `Any` Toggles whether Passenger should display friendly error pages whenever an application fails to start. Default value: `undef` ##### `passenger_group` Data type: `Any` Allows you to override that behavior and explicitly set a group to run the web application as, regardless of the ownership of the startup file. Default value: `undef` ##### `passenger_high_performance` Data type: `Any` Toggles whether to enable PassengerHighPerformance which will make Passenger will be a little faster, in return for reduced compatibility with other Apache modules. Default value: `undef` ##### `passenger_installed_version` Data type: `Any` Default value: `undef` ##### `passenger_instance_registry_dir` Data type: `Any` Specifies the directory that Passenger should use for registering its current instance. Default value: `undef` ##### `passenger_load_shell_envvars` Data type: `Any` Enables or disables the loading of shell environment variables before spawning the application. Default value: `undef` ##### `passenger_log_file` Data type: `Optional[Stdlib::Absolutepath]` File path to log file. By default Passenger log messages are written to the Apache global error log. Default value: `undef` ##### `passenger_log_level` Data type: `Any` Specifies how much information Passenger should log to its log file. A higher log level value means that more information will be logged. Default value: `undef` ##### `passenger_lve_min_uid` Data type: `Any` When using Passenger on a LVE-enabled kernel, a security check (enter) is run for spawning application processes. This options tells the check to only allow processes with UIDs equal to, or higher than, the specified value. Default value: `undef` ##### `passenger_max_instances` Data type: `Any` The maximum number of application processes that may simultaneously exist for an application. Default value: `undef` ##### `passenger_max_instances_per_app` Data type: `Any` The maximum number of application processes that may simultaneously exist for a single application. Default value: `undef` ##### `passenger_max_pool_size` Data type: `Any` The maximum number of application processes that may simultaneously exist. Default value: `undef` ##### `passenger_max_preloader_idle_time` Data type: `Any` Set the preloader's idle timeout, in seconds. A value of 0 means that it should never idle timeout. Default value: `undef` ##### `passenger_max_request_queue_size` Data type: `Any` Specifies the maximum size for the queue of all incoming requests. Default value: `undef` ##### `passenger_max_request_time` Data type: `Any` The maximum amount of time, in seconds, that an application process may take to process a request. Default value: `undef` ##### `passenger_max_requests` Data type: `Any` The maximum number of requests an application process will process. Default value: `undef` ##### `passenger_memory_limit` Data type: `Any` The maximum amount of memory that an application process may use, in megabytes. Default value: `undef` ##### `passenger_meteor_app_settings` Data type: `Any` When using a Meteor application in non-bundled mode, use this option to specify a JSON file with settings for the application. Default value: `undef` ##### `passenger_min_instances` Data type: `Any` Specifies the minimum number of application processes that should exist for a given application. Default value: `undef` ##### `passenger_nodejs` Data type: `Any` Specifies the Node.js command to use for serving Node.js web applications. Default value: `undef` ##### `passenger_pool_idle_time` Data type: `Any` The maximum number of seconds that an application process may be idle. Default value: `undef` ##### `passenger_pre_start` Data type: `Optional[Variant[String,Array[String]]]` URL of the web application you want to pre-start. Default value: `undef` ##### `passenger_python` Data type: `Any` Specifies the Python interpreter to use for serving Python web applications. Default value: `undef` ##### `passenger_resist_deployment_errors` Data type: `Any` Enables or disables resistance against deployment errors. Default value: `undef` ##### `passenger_resolve_symlinks_in_document_root` Data type: `Any` This option is no longer available in version 5.2.0. Switch to PassengerAppRoot if you are setting the application root via a document root containing symlinks. Default value: `undef` ##### `passenger_response_buffer_high_watermark` Data type: `Any` Configures the maximum size of the real-time disk-backed response buffering system. Default value: `undef` ##### `passenger_restart_dir` Data type: `Any` Path to directory containing restart.txt file. Can be either absolute or relative. Default value: `undef` ##### `passenger_rolling_restarts` Data type: `Any` Enables or disables support for zero-downtime application restarts through restart.txt. Default value: `undef` ##### `passenger_root` Data type: `Any` Refers to the location to the Passenger root directory, or to a location configuration file. Default value: $::apache::params::passenger_root ##### `passenger_ruby` Data type: `Any` Specifies the Ruby interpreter to use for serving Ruby web applications. Default value: $::apache::params::passenger_ruby ##### `passenger_security_update_check_proxy` Data type: `Any` Allows use of an intermediate proxy for the Passenger security update check. Default value: `undef` ##### `passenger_show_version_in_header` Data type: `Any` Toggle whether Passenger will output its version number in the X-Powered-By header in all Passenger-served requests: Default value: `undef` ##### `passenger_socket_backlog` Data type: `Any` This option can be raised if Apache manages to overflow the backlog queue. Default value: `undef` ##### `passenger_spawn_method` Data type: `Optional[Enum['smart', 'direct', 'smart-lv2', 'conservative']]` Controls whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism. Default value: `undef` ##### `passenger_start_timeout` Data type: `Any` Specifies a timeout for the startup of application processes. Default value: `undef` ##### `passenger_startup_file` Data type: `Any` Specifies the startup file that Passenger should use when loading the application. Default value: `undef` ##### `passenger_stat_throttle_rate` Data type: `Any` Setting this option to a value of x means that certain filesystem checks will be performed at most once every x seconds. Default value: `undef` ##### `passenger_sticky_sessions` Data type: `Any` Toggles whether all requests that a client sends will be routed to the same originating application process, whenever possible. Default value: `undef` ##### `passenger_sticky_sessions_cookie_name` Data type: `Any` Sets the name of the sticky sessions cookie. Default value: `undef` ##### `passenger_thread_count` Data type: `Any` Specifies the number of threads that Passenger should spawn per Ruby application process. Default value: `undef` ##### `passenger_use_global_queue` Data type: `Any` N/A. Default value: `undef` ##### `passenger_user` Data type: `Any` Allows you to override that behavior and explicitly set a user to run the web application as, regardless of the ownership of the startup file. Default value: `undef` ##### `passenger_user_switching` Data type: `Any` Toggles whether to attempt to enable user account sandboxing, also known as user switching. Default value: `undef` ##### `rack_auto_detect` Data type: `Any` This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead. Default value: `undef` ##### `rack_autodetect` Data type: `Any` This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead. Default value: `undef` ##### `rack_base_uri` Data type: `Any` Deprecated in 3.0.0 in favor of PassengerBaseURI. Default value: `undef` ##### `rack_env` Data type: `Any` Alias for PassengerAppEnv. Default value: `undef` ##### `rails_allow_mod_rewrite` Data type: `Any` This option doesn't do anything anymore since version 4.0.0. Default value: `undef` ##### `rails_app_spawner_idle_time` Data type: `Any` This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime. Default value: `undef` ##### `rails_auto_detect` Data type: `Any` This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead. Default value: `undef` ##### `rails_autodetect` Data type: `Any` This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead. Default value: `undef` ##### `rails_base_uri` Data type: `Any` Deprecated in 3.0.0 in favor of PassengerBaseURI. Default value: `undef` ##### `rails_default_user` Data type: `Any` Deprecated in 3.0.0 in favor of PassengerDefaultUser Default value: `undef` ##### `rails_env` Data type: `Any` Alias for PassengerAppEnv. Default value: `undef` ##### `rails_framework_spawner_idle_time` Data type: `Any` This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead. Default value: `undef` ##### `rails_ruby` Data type: `Any` Deprecated in 3.0.0 in favor of PassengerRuby. Default value: `undef` ##### `rails_spawn_method` Data type: `Any` Deprecated in 3.0.0 in favor of PassengerSpawnMethod. Default value: `undef` ##### `rails_user_switching` Data type: `Any` Deprecated in 3.0.0 in favor of PassengerUserSwitching. Default value: `undef` ##### `wsgi_auto_detect` Data type: `Any` This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead. Default value: `undef` ### apache::mod::perl Installs `mod_perl`. * **See also** https://perl.apache.org for additional documentation. ### apache::mod::peruser Installs `mod_peruser`. * **TODO** Add docs #### Parameters The following parameters are available in the `apache::mod::peruser` class. ##### `minspareprocessors` Data type: `Any` Default value: '2' ##### `minprocessors` Data type: `Any` Default value: '2' ##### `maxprocessors` Data type: `Any` Default value: '10' ##### `maxclients` Data type: `Any` Default value: '150' ##### `maxrequestsperchild` Data type: `Any` Default value: '1000' ##### `idletimeout` Data type: `Any` Default value: '120' ##### `expiretimeout` Data type: `Any` Default value: '120' ##### `keepalive` Data type: `Any` Default value: 'Off' ### apache::mod::php Installs `mod_php`. * **TODO** Add docs #### Parameters The following parameters are available in the `apache::mod::php` class. ##### `package_name` Data type: `Any` Default value: `undef` ##### `package_ensure` Data type: `Any` Default value: 'present' ##### `path` Data type: `Any` Default value: `undef` ##### `extensions` Data type: `Array` Default value: ['.php'] ##### `content` Data type: `Any` Default value: `undef` ##### `template` Data type: `Any` Default value: 'apache/mod/php.conf.erb' ##### `source` Data type: `Any` Default value: `undef` ##### `root_group` Data type: `Any` Default value: $::apache::params::root_group ##### `php_version` Data type: `Any` Default value: $::apache::params::php_version ##### `libphp_prefix` Data type: `Any` Default value: 'libphp' ### apache::mod::prefork Installs and configures MPM `prefork`. * **See also** https://httpd.apache.org/docs/current/mod/prefork.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::prefork` class. ##### `startservers` Data type: `Any` Number of child server processes created at startup. Default value: '8' ##### `minspareservers` Data type: `Any` Minimum number of idle child server processes. Default value: '5' ##### `maxspareservers` Data type: `Any` Maximum number of idle child server processes. Default value: '20' ##### `serverlimit` Data type: `Any` Upper limit on configurable number of processes. Default value: '256' ##### `maxclients` Data type: `Any` Old alias for MaxRequestWorkers. Default value: '256' ##### `maxrequestworkers` Data type: `Any` Maximum number of connections that will be processed simultaneously. Default value: `undef` ##### `maxrequestsperchild` Data type: `Any` Old alias for MaxConnectionsPerChild. Default value: '4000' ##### `maxconnectionsperchild` Data type: `Any` Limit on the number of connections that an individual child server will handle during its life. Default value: `undef` ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: `undef` ##### `listenbacklog` Data type: `Any` Maximum length of the queue of pending connections. Default value: '511' ### apache::mod::proxy Installs and configures `mod_proxy`. * **See also** https://httpd.apache.org/docs/current/mod/mod_proxy.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::proxy` class. ##### `proxy_requests` Data type: `Any` Enables forward (standard) proxy requests. Default value: 'Off' ##### `allow_from` Data type: `Any` List of IPs allowed to access proxy. Default value: `undef` ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: `undef` ##### `package_name` Data type: `Any` Name of the proxy package to install. Default value: `undef` ##### `proxy_via` Data type: `Any` Set local IP address for outgoing proxy connections. Default value: 'On' ##### `proxy_timeout` Data type: `Any` Network timeout for proxied requests. Default value: `undef` ### apache::mod::proxy_ajp Installs `mod_proxy_ajp`. * **See also** https://httpd.apache.org/docs/current/mod/mod_proxy_ajp.html for additional documentation. ### apache::mod::proxy_balancer Installs and configures `mod_proxy_balancer`. * **See also** https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::proxy_balancer` class. ##### `manager` Data type: `Boolean` Toggle whether to enable balancer manager support. Default value: `false` ##### `maanger_path` Server relative path to balancer manager. ##### `allow_from` Data type: `Array` List of IPs from which the balancer manager can be accessed. Default value: ['127.0.0.1','::1'] ##### `apache_version` Data type: `Any` Version of Apache to install module on. Default value: $::apache::apache_version ##### `manager_path` Data type: `Stdlib::Absolutepath` Default value: '/balancer-manager' ### apache::mod::proxy_connect Installs `mod_proxy_connect`. * **See also** https://httpd.apache.org/docs/current/mod/mod_proxy_connect.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::proxy_connect` class. ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: `undef` ### apache::mod::proxy_fcgi Installs `mod_proxy_fcgi`. * **See also** https://httpd.apache.org/docs/current/mod/mod_proxy_fcgi.html for additional documentation. ### apache::mod::proxy_html Installs `mod_proxy_html`. * **See also** https://httpd.apache.org/docs/current/mod/mod_proxy_html.html for additional documentation. ### apache::mod::proxy_http Installs `mod_proxy_http`. * **See also** https://httpd.apache.org/docs/current/mod/mod_proxy_http.html for additional documentation. ### apache::mod::proxy_wstunnel Installs `mod_proxy_wstunnel`. * **See also** https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html for additional documentation. ### apache::mod::python Installs and configures `mod_python`. * **See also** https://github.com/grisha/mod_python for additional documentation. #### Parameters The following parameters are available in the `apache::mod::python` class. ##### `loadfile_name` Data type: `Optional[String]` Sets the name of the configuration file that is used to load the python module. Default value: `undef` ### apache::mod::remoteip Installs and configures `mod_remoteip`. * **See also** https://httpd.apache.org/docs/current/mod/mod_remoteip.html https://httpd.apache.org/docs/current/mod/mod_remoteip.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::remoteip` class. ##### `header` Data type: `String` The header field in which `mod_remoteip` will look for the useragent IP. Default value: 'X-Forwarded-For' ##### `internal_proxy` Data type: `Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]]` A list of IP addresses, IP blocks or hostname that are trusted to set a valid value inside specified header. Unlike the `$trusted_proxy_ips` parameter, any IP address (including private addresses) presented by these proxies will trusted by `mod_remoteip`. Default value: `undef` ##### `proxy_ips` Data type: `Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]]` *Deprecated*: use `$internal_proxy` instead. Default value: `undef` ##### `internal_proxy_list` Data type: `Optional[Stdlib::Absolutepath]` The path to a file containing a list of IP addresses, IP blocks or hostname that are trusted to set a valid value inside the specified header. See `$internal_proxy` for details. Default value: `undef` ##### `proxies_header` Data type: `Optional[String]` A header into which `mod_remoteip` will collect a list of all of the intermediate client IP addresses trusted to resolve the useragent IP of the request (e.g. `X-Forwarded-By`). Default value: `undef` ##### `proxy_protocol` Data type: `Boolean` Wether or not to enable the PROXY protocol header handling. If enabled upstream clients must set the header every time they open a connection. Default value: `false` ##### `proxy_protocol_exceptions` Data type: `Optional[Array[Stdlib::Host]]` A list of IP address or IP blocks that are not required to use the PROXY protocol. Default value: `undef` ##### `trusted_proxy` Data type: `Optional[Array[Stdlib::Host]]` A list of IP addresses, IP blocks or hostname that are trusted to set a valid value inside the specified header. Unlike the `$proxy_ips` parameter, any private IP presented by these proxies will be disgarded by `mod_remoteip`. Default value: `undef` ##### `trusted_proxy_ips` Data type: `Optional[Array[Stdlib::Host]]` *Deprecated*: use `$trusted_proxy` instead. Default value: `undef` ##### `trusted_proxy_list` Data type: `Optional[Stdlib::Absolutepath]` The path to a file containing a list of IP addresses, IP blocks or hostname that are trusted to set a valid value inside the specified header. See `$trusted_proxy` for details. Default value: `undef` ##### `apache_version` Data type: `Optional[String]` A version string used to validate that your apache version supports `mod_remoteip`. If not specified, `$::apache::apache_version` is used. Default value: `undef` ### apache::mod::reqtimeout Installs and configures `mod_reqtimeout`. * **See also** https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::reqtimeout` class. ##### `timeouts` Data type: `Any` List of timeouts and data rates for receiving requests. Default value: ['header=20-40,minrate=500', 'body=10,minrate=500'] ### apache::mod::rewrite Installs `mod_rewrite`. * **See also** https://httpd.apache.org/docs/current/mod/mod_rewrite.html for additional documentation. ### apache::mod::rpaf Installs and configures `mod_rpaf`. * **See also** https://github.com/gnif/mod_rpaf for additional documentation. #### Parameters The following parameters are available in the `apache::mod::rpaf` class. ##### `sethostname` Data type: `Any` Toggles whether to update vhost name so ServerName and ServerAlias work. Default value: `true` ##### `proxy_ips` Data type: `Any` List of IPs & bitmasked subnets to adjust requests for Default value: [ '127.0.0.1' ] ##### `header` Data type: `Any` Header to use for the real IP address. Default value: 'X-Forwarded-For' ##### `template` Data type: `Any` Path to template to use for configuring mod_rpaf. Default value: 'apache/mod/rpaf.conf.erb' ### apache::mod::security Installs and configures `mod_security`. * **See also** https://github.com/SpiderLabs/ModSecurity/wiki for additional documentation. #### Parameters The following parameters are available in the `apache::mod::security` class. ##### `version` Data type: `Any` Manage mod_security or mod_security2 Default value: $::apache::params::modsec_version ##### `logroot` Data type: `Any` Configures the location of audit and debug logs. Default value: $::apache::params::logroot ##### `crs_package` Data type: `Any` Name of package that installs CRS rules. Default value: $::apache::params::modsec_crs_package ##### `activated_rules` Data type: `Any` An array of rules from the modsec_crs_path or absolute to activate via symlinks. Default value: $::apache::params::modsec_default_rules ##### `modsec_dir` Data type: `Any` Defines the path where Puppet installs the modsec configuration and activated rules links. Default value: $::apache::params::modsec_dir ##### `modsec_secruleengine` Data type: `Any` Configures the rules engine. Default value: $::apache::params::modsec_secruleengine ##### `audit_log_relevant_status` Data type: `Any` Configures which response status code is to be considered relevant for the purpose of audit logging. Default value: '^(?:5|4(?!04))' ##### `audit_log_parts` Data type: `Any` Defines which parts of each transaction are going to be recorded in the audit log. Each part is assigned a single letter; when a letter appears in the list then the equivalent part will be recorded. Default value: $::apache::params::modsec_audit_log_parts ##### `secpcrematchlimit` Data type: `Any` Sets the match limit in the PCRE library. Default value: $::apache::params::secpcrematchlimit ##### `secpcrematchlimitrecursion` Data type: `Any` Sets the match limit recursion in the PCRE library. Default value: $::apache::params::secpcrematchlimitrecursion ##### `allowed_methods` Data type: `Any` A space-separated list of allowed HTTP methods. Default value: 'GET HEAD POST OPTIONS' ##### `content_types` Data type: `Any` A list of one or more allowed MIME types. Default value: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf' ##### `restricted_extensions` Data type: `Any` A space-sparated list of prohibited file extensions. Default value: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/' ##### `restricted_headers` Data type: `Any` A list of restricted headers separated by slashes and spaces. Default value: '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/' ##### `secdefaultaction` Data type: `Any` Defines the default list of actions, which will be inherited by the rules in the same configuration context. Default value: 'deny' ##### `anomaly_score_blocking` Data type: `Any` Activates or deactivates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set. Default value: 'off' ##### `inbound_anomaly_threshold` Data type: `Any` Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default value: '5' ##### `outbound_anomaly_threshold` Data type: `Any` Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default value: '4' ##### `critical_anomaly_score` Data type: `Any` Sets the Anomaly Score for rules assigned with a critical severity. Default value: '5' ##### `error_anomaly_score` Data type: `Any` Sets the Anomaly Score for rules assigned with a error severity. Default value: '4' ##### `warning_anomaly_score` Data type: `Any` Sets the Anomaly Score for rules assigned with a warning severity. Default value: '3' ##### `notice_anomaly_score` Data type: `Any` Sets the Anomaly Score for rules assigned with a notice severity. Default value: '2' ##### `secrequestmaxnumargs` Data type: `Any` Sets the maximum number of arguments in the request. Default value: '255' ##### `secrequestbodylimit` Data type: `Any` Sets the maximum request body size ModSecurity will accept for buffering. Default value: '13107200' ##### `secrequestbodynofileslimit` Data type: `Any` Configures the maximum request body size ModSecurity will accept for buffering, excluding the size of any files being transported in the request. Default value: '131072' ##### `secrequestbodyinmemorylimit` Data type: `Any` Configures the maximum request body size that ModSecurity will store in memory. Default value: '131072' ##### `manage_security_crs` Data type: `Any` Toggles whether to manage ModSecurity Core Rule Set Default value: `true` ### apache::mod::setenvif Installs `mod_setenvif`. * **See also** https://httpd.apache.org/docs/current/mod/mod_setenvif.html for additional documentation. ### apache::mod::shib This class installs and configures only the Apache components of a web application that consumes Shibboleth SSO identities. You can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). * **Note** The Shibboleth module isn't available on RH/CentOS without providing dependency packages provided by Shibboleth's repositories. See the [Shibboleth Service Provider Installation Guide](http://wiki.aaf.edu.au/tech-info/sp-install-guide). * **See also** https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig for additional documentation. #### Parameters The following parameters are available in the `apache::mod::shib` class. ##### `suppress_warning` Data type: `Any` Toggles whether to trigger warning on RedHat nodes. Default value: `false` ##### `mod_full_path` Data type: `Any` Specifies a path to the module. Do not manually set this parameter without a special reason. Default value: `undef` ##### `package_name` Data type: `Any` Name of the Shibboleth package to be installed. Default value: `undef` ##### `mod_lib` Data type: `Any` Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter overrides this value. Default value: `undef` ### apache::mod::socache_shmcb Installs `mod_socache_shmcb`. * **See also** https://httpd.apache.org/docs/current/mod/mod_socache_shmcb.html for additional documentation. ### apache::mod::speling Installs `mod_spelling`. * **See also** https://httpd.apache.org/docs/current/mod/mod_speling.html for additional documentation. ### apache::mod::ssl On most operating systems, the ssl.conf is placed in the module configuration directory. On Red Hat based operating systems, this file is placed in /etc/httpd/conf.d, the same location in which the RPM stores the configuration. To use SSL with a virtual host, you must either set the default_ssl_vhost parameter in ::apache to true or the ssl parameter in apache::vhost to true. * **See also** https://httpd.apache.org/docs/current/mod/mod_ssl.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::ssl` class. ##### `ssl_compression` Data type: `Boolean` Enable compression on the SSL level. Default value: `false` ##### `ssl_cryptodevice` Data type: `Any` Enable use of a cryptographic hardware accelerator. Default value: 'builtin' ##### `ssl_options` Data type: `Any` Configure various SSL engine run-time options. Default value: [ 'StdEnvVars' ] ##### `ssl_openssl_conf_cmd` Data type: `Any` Configure OpenSSL parameters through its SSL_CONF API. Default value: `undef` ##### `ssl_cert` Data type: `Optional[String]` Path to server PEM-encoded X.509 certificate data file. Default value: `undef` ##### `ssl_key` Data type: `Optional[String]` Path to server PEM-encoded private key file Default value: `undef` ##### `ssl_ca` Data type: `Any` File of concatenated PEM-encoded CA Certificates for Client Auth. Default value: `undef` ##### `ssl_cipher` Data type: `Any` Cipher Suite available for negotiation in SSL handshake. Default value: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES' ##### `ssl_honorcipherorder` Data type: `Variant[Boolean, Enum['on', 'off']]` Option to prefer the server's cipher preference order. Default value: `true` ##### `ssl_protocol` Data type: `Any` Configure usable SSL/TLS protocol versions. Default based on the OS: - RedHat 8: [ 'all' ]. - Other Platforms: [ 'all', '-SSLv2', '-SSLv3' ]. Default value: $::apache::params::ssl_protocol ##### `ssl_proxy_protocol` Data type: `Array` Configure usable SSL protocol flavors for proxy usage. Default value: [] ##### `ssl_pass_phrase_dialog` Data type: `Any` Type of pass phrase dialog for encrypted private keys. Default value: 'builtin' ##### `ssl_random_seed_bytes` Data type: `Any` Pseudo Random Number Generator (PRNG) seeding source. Default value: '512' ##### `ssl_sessioncache` Data type: `String` Configures the storage type of the global/inter-process SSL Session Cache Default value: $::apache::params::ssl_sessioncache ##### `ssl_sessioncachetimeout` Data type: `Any` Number of seconds before an SSL session expires in the Session Cache. Default value: '300' ##### `ssl_stapling` Data type: `Boolean` Enable stapling of OCSP responses in the TLS handshake. Default value: `false` ##### `ssl_stapling_return_errors` Data type: `Optional[Boolean]` Pass stapling related OCSP errors on to client. Default value: `undef` ##### `ssl_mutex` Data type: `Any` Configures mutex mechanism and lock file directory for all or specified mutexes. Default based on the OS and/or Apache version: - RedHat/FreeBSD/Suse/Gentoo: 'default'. - Debian/Ubuntu + Apache >= 2.4: 'default'. - Debian/Ubuntu + Apache < 2.4: 'file:${APACHE_RUN_DIR}/ssl_mutex'. - Ubuntu 10.04: 'file:/var/run/apache2/ssl_mutex'. Default value: `undef` ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: `undef` ##### `package_name` Data type: `Any` Name of ssl package to install. Default value: `undef` ##### `ssl_sessiontickets` Data type: `Optional[Boolean]` Default value: `undef` ##### `stapling_cache` Data type: `Optional[String]` Default value: `undef` ### apache::mod::status Installs and configures `mod_status`. * **See also** http://httpd.apache.org/docs/current/mod/mod_status.html for additional documentation. #### Examples ##### ```puppet # Simple usage allowing access from localhost and a private subnet class { 'apache::mod::status': $allow_from => ['127.0.0.1', '10.10.10.10/24'], } ``` #### Parameters The following parameters are available in the `apache::mod::status` class. ##### `allow_from` Data type: `Optional[Array]` Array of hosts, ip addresses, partial network numbers or networks, in CIDR notation specifying what hosts can view the special /server-status URL. Defaults to ['127.0.0.1', '::1']. > Creates Apache < 2.4 directive "Allow from". Default value: `undef` ##### `requires` Data type: `Optional[Variant[String, Array, Hash]]` A Variant type that can be: - String with: - '' or 'unmanaged' - Host auth control done elsewhere - 'ip ' - Allowed IPs/ranges - 'host ' - Allowed names/domains - 'all [granted|denied]' - Array of strings with ip or host as above - Hash with following keys: - 'requires' - Value => Array as above - 'enforce' - Value => String 'Any', 'All' or 'None' This encloses "Require" directives in "" block Optional - If unspecified, "Require" directives follow current flow > Creates Apache >= 2.4 directives "Require" Default value: `undef` ##### `extended_status` Data type: `Enum['On', 'Off', 'on', 'off']` Determines whether to track extended status information for each request, via the ExtendedStatus directive. Default value: 'On' ##### `status_path` Data type: `Any` Path assigned to the Location directive which defines the URL to access the server status. Default value: '/server-status' ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: `undef` ### apache::mod::suexec Installs `mod_suexec`. * **See also** https://httpd.apache.org/docs/current/mod/mod_suexec.html for additional documentation. ### apache::mod::suphp Installs `mod_suphp`. * **See also** https://www.suphp.org/DocumentationView.html?file=apache/INSTALL for additional documentation. ### apache::mod::userdir Installs and configures `mod_userdir`. * **See also** https://httpd.apache.org/docs/current/mod/mod_userdir.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::userdir` class. ##### `home` Data type: `Any` *Deprecated* Path to system home directory. Default value: `undef` ##### `dir` Data type: `Any` *Deprecated* Path from user's home directory to public directory. Default value: `undef` ##### `disable_root` Data type: `Any` Toggles whether to allow use of root directory. Default value: `true` ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: `undef` ##### `path` Data type: `Any` Path to directory or pattern from which to find user-specific directories. Default value: '/home/*/public_html' ##### `overrides` Data type: `Any` Array of directives that are allowed in .htaccess files. Default value: [ 'FileInfo', 'AuthConfig', 'Limit', 'Indexes' ] ##### `options` Data type: `Any` Configures what features are available in a particular directory. Default value: [ 'MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec' ] ##### `unmanaged_path` Data type: `Any` Toggles whether to manage path in userdir.conf Default value: `false` ##### `custom_fragment` Data type: `Any` Custom configuration to be added to userdir.conf Default value: `undef` ### apache::mod::version Installs `mod_version`. * **See also** https://httpd.apache.org/docs/current/mod/mod_version.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::version` class. ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: $::apache::apache_version ### apache::mod::vhost_alias Installs Apache `mod_vhost_alias`. * **See also** https://httpd.apache.org/docs/current/mod/mod_vhost_alias.html for additional documentation. ### apache::mod::worker Installs and manages the MPM `worker`. * **See also** https://httpd.apache.org/docs/current/mod/worker.html for additional documentation. #### Parameters The following parameters are available in the `apache::mod::worker` class. ##### `startservers` Data type: `Any` The number of child server processes created on startup Default value: '2' ##### `maxclients` Data type: `Any` The max number of simultaneous requests that will be served. This is the old name and is still supported. The new name is MaxRequestWorkers as of 2.3.13. Default value: '150' ##### `minsparethreads` Data type: `Any` Minimum number of idle threads to handle request spikes. Default value: '25' ##### `maxsparethreads` Data type: `Any` Maximum number of idle threads. Default value: '75' ##### `threadsperchild` Data type: `Any` The number of threads created by each child process. Default value: '25' ##### `maxrequestsperchild` Data type: `Any` Limit on the number of connectiojns an individual child server process will handle. This is the old name and is still supported. The new name is MaxConnectionsPerChild as of 2.3.9+. Default value: '0' ##### `serverlimit` Data type: `Any` With worker, use this directive only if your MaxRequestWorkers and ThreadsPerChild settings require more than 16 server processes (default). Do not set the value of this directive any higher than the number of server processes required by what you may want for MaxRequestWorkers and ThreadsPerChild. Default value: '25' ##### `threadlimit` Data type: `Any` This directive sets the maximum configured value for ThreadsPerChild for the lifetime of the Apache httpd process. Default value: '64' ##### `listenbacklog` Data type: `Any` Maximum length of the queue of pending connections. Default value: '511' ##### `apache_version` Data type: `Any` Used to verify that the Apache version you have requested is compatible with the module. Default value: `undef` ### apache::mod::wsgi Installs and configures `mod_wsgi`. * **See also** https://github.com/GrahamDumpleton/mod_wsgi for additional documentation. #### Parameters The following parameters are available in the `apache::mod::wsgi` class. ##### `wsgi_restrict_embedded` Data type: `Any` Enable restrictions on use of embedded mode. Default value: `undef` ##### `wsgi_socket_prefix` Data type: `Any` Configure directory to use for daemon sockets. Default value: $::apache::params::wsgi_socket_prefix ##### `wsgi_python_path` Data type: `Any` Additional directories to search for Python modules. Default value: `undef` ##### `wsgi_python_home` Data type: `Any` Absolute path to Python prefix/exec_prefix directories. Default value: `undef` ##### `wsgi_python_optimize` Data type: `Any` Enables basic Python optimisation features. Default value: `undef` ##### `wsgi_application_group` Data type: `Any` Sets which application group WSGI application belongs to. Default value: `undef` ##### `package_name` Data type: `Any` Names of package that installs mod_wsgi. Default value: `undef` ##### `mod_path` Data type: `Any` Defines the path to the mod_wsgi shared object (.so) file. Default value: `undef` ### apache::mod::xsendfile Installs `mod_xsendfile`. * **See also** https://tn123.org/mod_xsendfile/ for additional documentation. ### apache::mpm::disable_mpm_event The apache::mpm::disable_mpm_event class. ### apache::mpm::disable_mpm_prefork The apache::mpm::disable_mpm_prefork class. ### apache::mpm::disable_mpm_worker The apache::mpm::disable_mpm_worker class. ### apache::vhosts host parameters or Configuring virtual hosts in the README section. * **Note** See the `apache::vhost` defined type's reference for a list of all virtual #### Examples ##### To create a [name-based virtual host](https://httpd.apache.org/docs/current/vhosts/name-based.html) `custom_vhost_1` ```puppet class { 'apache::vhosts': vhosts => { 'custom_vhost_1' => { 'docroot' => '/var/www/custom_vhost_1', 'port' => '81', }, }, } ``` #### Parameters The following parameters are available in the `apache::vhosts` class. ##### `vhosts` Data type: `Any` A hash, where the key represents the name and the value represents a hash of `apache::vhost` defined type's parameters. Default value: {} ## Defined types ### apache::balancer Each balancer cluster needs one or more balancer members (that can be declared with the apache::balancermember defined resource type). Using storeconfigs, you can export the apache::balancermember resources on all balancer members, and then collect them on a single apache load balancer server. * **Note** Currently requires the puppetlabs/concat module on the Puppet Forge and uses -storeconfigs on the Puppet Master to export/collect resources from all +storeconfigs on the Puppet Server to export/collect resources from all balancer members. #### Examples ##### ```puppet apache::balancer { 'puppet00': } ``` #### Parameters The following parameters are available in the `apache::balancer` defined type. ##### `name` The namevar of the defined resource type is the balancer clusters name.
This name is also used in the name of the conf.d file ##### `proxy_set` Data type: `Any` Configures key-value pairs to be used as a ProxySet lines in the configuration. Default value: {} ##### `target` Data type: `Any` The path to the file the balancer definition will be written in. Default value: `undef` ##### `collect_exported` Data type: `Any` Determines whether to use exported resources.
If you statically declare all of your backend servers, set this parameter to false to rely on existing, declared balancer member resources. Also, use apache::balancermember with array arguments.
To dynamically declare backend servers via exported resources collected on a central node, set this parameter to true to collect the balancer member resources exported by the balancer member nodes.
If you don't use exported resources, a single Puppet run configures all balancer members. If you use exported resources, Puppet has to run on the balanced nodes first, then run on the balancer. Default value: `true` ##### `options` Data type: `Any` Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the balancer URL, and accepts any key-value pairs available to `ProxyPass`. Default value: [] ### apache::balancermember Sets up a balancer member inside a listening service configuration block in the load balancer's `apache.cfg`. This type will setup a balancer member inside a listening service configuration block in /etc/apache/apache.cfg on the load balancer. Currently it only has the ability to specify the instance name, url and an array of options. More features can be added as needed. The best way to implement this is to export this resource for all apache balancer member servers, and then collect them on the main apache load balancer. * **Note** Currently requires the puppetlabs/concat module on the Puppet Forge and -uses storeconfigs on the Puppet Master to export/collect resources +uses storeconfigs on the Puppet Server to export/collect resources from all balancer members. #### Examples ##### ```puppet @@apache::balancermember { 'apache': balancer_cluster => 'puppet00', url => "ajp://${::fqdn}:8009" options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], } ``` #### Parameters The following parameters are available in the `apache::balancermember` defined type. ##### `name` The title of the resource is arbitrary and only utilized in the concat fragment name. ##### `balancer_cluster` Data type: `Any` The apache service's instance name (or, the title of the apache::balancer resource). This must match up with a declared apache::balancer resource. ##### `url` Data type: `Any` The url used to contact the balancer member server. Default value: "http://${::fqdn}/" ##### `options` Data type: `Any` Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the URL, and accepts any key-value pairs available to `ProxyPass`. Default value: [] ### apache::custom_config If the file is invalid and this defined type's `verify_config` parameter's value is `true`, Puppet throws an error during a Puppet run. #### Parameters The following parameters are available in the `apache::custom_config` defined type. ##### `ensure` Data type: `Enum['absent', 'present']` Specifies whether the configuration file should be present. Default value: 'present' ##### `confdir` Data type: `Any` Sets the directory in which Puppet places configuration files. Default value: $::apache::confd_dir ##### `content` Data type: `Any` Sets the configuration file's content. The `content` and `source` parameters are exclusive of each other. Default value: `undef` ##### `filename` Data type: `Any` Sets the name of the file under `confdir` in which Puppet stores the configuration. Default value: `undef` ##### `priority` Data type: `Any` Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order.
To omit the priority prefix in the configuration file's name, set this parameter to `false`. Default value: '25' ##### `source` Data type: `Any` Points to the configuration file's source. The `content` and `source` parameters are exclusive of each other. Default value: `undef` ##### `verify_command` Data type: `Any` Specifies the command Puppet uses to verify the configuration file. Use a fully qualified command.
This parameter is used only if the `verify_config` parameter's value is `true`. If the `verify_command` fails, the Puppet run deletes the configuration file and raises an error, but does not notify the Apache service. Default value: $::apache::params::verify_command ##### `verify_config` Data type: `Boolean` Specifies whether to validate the configuration file before notifying the Apache service. Default value: `true` ##### `owner` Data type: `Any` File owner of configuration file Default value: `undef` ##### `group` Data type: `Any` File group of configuration file Default value: `undef` ##### `file_mode` Data type: `Any` File mode of configuration file Default value: `undef` ##### `show_diff` Data type: `Boolean` show_diff property for configuration file resource Default value: `true` ### apache::fastcgi::server Defines one or more external FastCGI servers to handle specific file types. Use this defined type with `mod_fastcgi`. #### Parameters The following parameters are available in the `apache::fastcgi::server` defined type. ##### `host` Data type: `Any` Determines the FastCGI's hostname or IP address and TCP port number (1-65535). Default value: '127.0.0.1:9000' ##### `timeout` Data type: `Any` Sets the number of seconds a [FastCGI](http://www.fastcgi.com/) application can be inactive before aborting the request and logging the event at the error LogLevel. The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond by writing and flushing within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. Default value: 15 ##### `flush` Data type: `Any` Forces `mod_fastcgi` to write to the client as data is received from the application. By default, `mod_fastcgi` buffers data in order to free the application as quickly as possible. Default value: `false` ##### `faux_path` Data type: `Any` Apache has FastCGI handle URIs that resolve to this filename. The path set in this parameter does not have to exist in the local filesystem. Default value: "/var/www/${name}.fcgi" ##### `fcgi_alias` Data type: `Any` Internally links actions with the FastCGI server. This alias must be unique. Default value: "/${name}.fcgi" ##### `file_type` Data type: `Any` Sets the MIME `content-type` of the file to be processed by the FastCGI server. Default value: 'application/x-httpd-php' ##### `pass_header` Data type: `Any` Default value: `undef` ### apache::listen The `apache::vhost` class uses this defined type, and titles take the form ``, `:`, or `:`. ### apache::mod Checks for or places the module's default configuration files in the Apache server's `module` and `enable` directories. The default locations depend on your operating system. #### Parameters The following parameters are available in the `apache::mod` defined type. ##### `package` Data type: `Any` **Required**.
Names the package Puppet uses to install the Apache module. Default value: `undef` ##### `package_ensure` Data type: `Any` Determines whether Puppet ensures the Apache module should be installed. Default value: 'present' ##### `lib` Data type: `Any` Defines the module's shared object name. Do not configure manually without special reason. Default value: `undef` ##### `lib_path` Data type: `Any` Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter overrides this value. Default value: $::apache::lib_path ##### `loadfile_name` Data type: `Any` Sets the filename for the module's `LoadFile` directive, which can also set the module load order as Apache processes them in alphanumeric order. Default value: `undef` ##### `id` Data type: `Any` Specifies the package id Default value: `undef` ##### `loadfiles` Data type: `Any` Specifies an array of `LoadFile` directives. Default value: `undef` ##### `path` Data type: `Any` Specifies a path to the module. Do not manually set this parameter without a special reason. Default value: `undef` ### apache::namevirtualhost Adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms `\*`, `\*:\`, `\_default\_:\`, `\`, or `\:\`. ### apache::vhost The apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache to evaluate it multiple times with different parameters.
The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default virtual host within the base `::apache` class, as well as set a customized virtual host as the default. Customized virtual hosts have a lower numeric `priority` than the base class's, causing Apache to process the customized virtual host first.
The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To inject custom fragments for pieces of the configuration that the defined type doesn't inherently support, add a custom fragment.
For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples of 10, so any `order` that isn't a multiple of 10 should work.
> **Note:** When creating an `apache::vhost`, it cannot be named `default` or `default-ssl`, because vhosts with these titles are always managed by the module. This means that you cannot override `Apache::Vhost['default']` or `Apache::Vhost['default-ssl]` resources. An optional workaround is to create a vhost named something else, such as `my default`, and ensure that the `default` and `default_ssl` vhosts are set to `false`: #### Examples ##### ```puppet class { 'apache': default_vhost => false, default_ssl_vhost => false, } ``` #### Parameters The following parameters are available in the `apache::vhost` defined type. ##### `apache_version` Data type: `Any` Apache's version number as a string, such as '2.2' or '2.4'. Default value: $::apache::apache_version ##### `access_log` Data type: `Boolean` Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). Default value: `true` ##### `access_log_env_var` Data type: `Any` Specifies that only requests with particular environment variables be logged. Default value: `false` ##### `access_log_file` Data type: `Any` Sets the filename of the `*_access.log` placed in `logroot`. Given a virtual host ---for instance, example.com--- it defaults to 'example.com_ssl.log' for [SSL-encrypted](https://httpd.apache.org/docs/current/ssl/index.html) virtual hosts and `example.com_access.log` for unencrypted virtual hosts. Default value: `false` ##### `access_log_format` Data type: `Any` Specifies the use of either a `LogFormat` nickname or a custom-formatted string for the access log. Default value: `false` ##### `access_log_pipe` Data type: `Any` Specifies a pipe where Apache sends access log messages. Default value: `false` ##### `access_log_syslog` Data type: `Any` Sends all access log messages to syslog. Default value: `false` ##### `access_logs` Data type: `Optional[Array]` Allows you to give a hash that specifies the state of each of the `access_log_*` directives shown above, i.e. `access_log_pipe` and `access_log_syslog`. Default value: `undef` ##### `add_default_charset` Data type: `Any` Sets a default media charset value for the `AddDefaultCharset` directive, which is added to `text/plain` and `text/html` responses. Default value: `undef` ##### `add_listen` Data type: `Any` Determines whether the virtual host creates a `Listen` statement.
Setting `add_listen` to `false` prevents the virtual host from creating a `Listen` statement. This is important when combining virtual hosts that aren't passed an `ip` parameter with those that are. Default value: `true` ##### `use_optional_includes` Data type: `Any` Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for `additional_includes` in Apache 2.4 or newer. Default value: $::apache::use_optional_includes ##### `additional_includes` Data type: `Any` Specifies paths to additional static, virtual host-specific Apache configuration files. You can use this parameter to implement a unique, custom configuration not supported by this module. Default value: [] ##### `aliases` Data type: `Any` Passes a list of [hashes][hash] to the virtual host to create `Alias`, `AliasMatch`, `ScriptAlias` or `ScriptAliasMatch` directives as per the `mod_alias` documentation.
For example: ``` puppet aliases => [ { aliasmatch => '^/image/(.*)\.jpg$', path => '/files/jpg.images/$1.jpg', }, { alias => '/image', path => '/ftp/pub/image', }, { scriptaliasmatch => '^/cgi-bin(.*)', path => '/usr/local/share/cgi-bin$1', }, { scriptalias => '/nagios/cgi-bin/', path => '/usr/lib/nagios/cgi-bin/', }, { alias => '/nagios', path => '/usr/share/nagios/html', }, ], ``` For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs a corresponding context, such as `` or ``. Puppet creates the directives in the order specified in the `aliases` parameter. As described in the `mod_alias` documentation, add more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more general ones to avoid shadowing.
> **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because you can precisely control the order of various alias directives. Defining `ScriptAliases` using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` directives. This often causes problems; for example, this could cause problems with Nagios.
If `apache::mod::passenger` is loaded and `PassengerHighPerformance` is `true`, the `Alias` directive might not be able to honor the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. Default value: `undef` ##### `allow_encoded_slashes` Data type: `Optional[Enum['on', 'off', 'nodecode']]` Sets the `AllowEncodedSlashes` declaration for the virtual host, overriding the server default. This modifies the virtual host responses to URLs with `\` and `/` characters. The default setting omits the declaration from the server configuration and selects the Apache default setting of `Off`. Default value: `undef` ##### `block` Data type: `Any` Specifies the list of things to which Apache blocks access. Valid options are: `scm` (which blocks web access to `.svn`), `.git`, and `.bzr` directories. Default value: [] ##### `cas_attribute_prefix` Data type: `Any` Adds a header with the value of this header being the attribute values when SAML validation is enabled. Default value: `undef` ##### `cas_attribute_delimiter` Data type: `Any` Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`. Default value: `undef` ##### `cas_login_url` Data type: `Any` Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session. Default value: `undef` ##### `cas_root_proxied_as` Data type: `Any` Sets the URL end users see when access to this Apache server is proxied per vhost. This URL should not include a trailing slash. Default value: `undef` ##### `cas_scrub_request_headers` Data type: `Any` Remove inbound request headers that may have special meaning within mod_auth_cas. Default value: `undef` ##### `cas_sso_enabled` Data type: `Any` Enables experimental support for single sign out (may mangle POST data). Default value: `undef` ##### `cas_validate_saml` Data type: `Any` Parse response from CAS server for SAML. Default value: `undef` ##### `cas_validate_url` Data type: `Any` Sets the URL to use when validating a client-presented ticket in an HTTP query string. Default value: `undef` ##### `comment` Data type: `Optional[Variant[String,Array[String]]]` Adds comments to the header of the configuration file. Pass as string or an array of strings. For example: ``` puppet comment => "Account number: 123B", ``` Or: ``` puppet comment => [ "Customer: X", "Frontend domain: x.example.org", ] ``` Default value: `undef` ##### `custom_fragment` Data type: `Optional[String]` Passes a string of custom configuration directives to place at the end of the virtual host configuration. Default value: `undef` ##### `default_vhost` Data type: `Boolean` Sets a given `apache::vhost` defined type as the default to serve requests that do not match any other `apache::vhost` defined types. Default value: `false` ##### `directoryindex` Data type: `Any` Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. See the `DirectoryIndex` directive documentation for details. Default value: '' ##### `docroot` Data type: `Variant[Boolean,String]` **Required**.
Sets the `DocumentRoot` location, from which Apache serves files.
If `docroot` and `manage_docroot` are both set to `false`, no `DocumentRoot` will be set and the accompanying `` block will not be created. ##### `docroot_group` Data type: `Any` Sets group access to the `docroot` directory. Default value: $::apache::params::root_group ##### `docroot_owner` Data type: `Any` Sets individual user access to the `docroot` directory. Default value: 'root' ##### `docroot_mode` Data type: `Any` Sets access permissions for the `docroot` directory, in numeric notation. Default value: `undef` ##### `manage_docroot` Data type: `Any` Determines whether Puppet manages the `docroot` directory. Default value: `true` ##### `error_log` Data type: `Boolean` Specifies whether `*_error.log` directives should be configured. Default value: `true` ##### `error_log_file` Data type: `Any` Points the virtual host's error logs to a `*_error.log` file. If this parameter is undefined, Puppet checks for values in `error_log_pipe`, then `error_log_syslog`.
If none of these parameters is set, given a virtual host `example.com`, Puppet defaults to `$logroot/example.com_error_ssl.log` for SSL virtual hosts and `$logroot/example.com_error.log` for non-SSL virtual hosts. Default value: `undef` ##### `error_log_pipe` Data type: `Any` Specifies a pipe to send error log messages to.
This parameter has no effect if the `error_log_file` parameter has a value. If neither this parameter nor `error_log_file` has a value, Puppet then checks `error_log_syslog`. Default value: `undef` ##### `error_log_syslog` Data type: `Any` Determines whether to send all error log messages to syslog. This parameter has no effect if either of the `error_log_file` or `error_log_pipe` parameters has a value. If none of these parameters has a value, given a virtual host `example.com`, Puppet defaults to `$logroot/example.com_error_ssl.log` for SSL virtual hosts and `$logroot/example.com_error.log` for non-SSL virtual hosts. Default value: `undef` ##### `error_documents` Data type: `Any` A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this virtual host.
For example: ``` puppet apache::vhost { 'sample.example.net': error_documents => [ { 'error_code' => '503', 'document' => '/service-unavail' }, { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, ], } ``` Default value: [] ##### `ensure` Data type: `Enum['absent', 'present']` Specifies if the virtual host is present or absent.
Default value: 'present' ##### `fallbackresource` Data type: `Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]]` Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin with a `/` or be `disabled`. Default value: `undef` ##### `fastcgi_server` Data type: `Any` Specify an external FastCGI server to manage a connection to. Default value: `undef` ##### `fastcgi_socket` Data type: `Any` Specify the socket that will be used to communicate with an external FastCGI server. Default value: `undef` ##### `fastcgi_idle_timeout` Data type: `Any` If using fastcgi, this option sets the timeout for the server to respond. Default value: `undef` ##### `fastcgi_dir` Data type: `Any` Specify an internal FastCGI directory that is to be managed. Default value: `undef` ##### `filters` Data type: `Any` [Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. ``` puppet apache::vhost { "$::fqdn": filters => [ 'FilterDeclare COMPRESS', 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', 'FilterChain COMPRESS', 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', ], } ``` Default value: `undef` ##### `h2_copy_files` Data type: `Optional[Boolean]` Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive which influences how the requestion process pass files to the main connection. Default value: `undef` ##### `h2_direct` Data type: `Optional[Boolean]` Sets the [H2Direct](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2direct) directive which toggles the usage of the HTTP/2 Direct Mode. Default value: `undef` ##### `h2_early_hints` Data type: `Optional[Boolean]` Sets the [H2EarlyHints](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2earlyhints) directive which controls if HTTP status 103 interim responses are forwarded to the client or not. Default value: `undef` ##### `h2_max_session_streams` Data type: `Optional[Integer]` Sets the [H2MaxSessionStreams](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2maxsessionstreams) directive which sets the maximum number of active streams per HTTP/2 session that the server allows. Default value: `undef` ##### `h2_modern_tls_only` Data type: `Optional[Boolean]` Sets the [H2ModernTLSOnly](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2moderntlsonly) directive which toggles the security checks on HTTP/2 connections in TLS mode. Default value: `undef` ##### `h2_push` Data type: `Optional[Boolean]` Sets the [H2Push](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2push) directive which toggles the usage of the HTTP/2 server push protocol feature. Default value: `undef` ##### `h2_push_diary_size` Data type: `Optional[Integer]` Sets the [H2PushDiarySize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushdiarysize) directive which toggles the maximum number of HTTP/2 server pushes that are remembered per HTTP/2 connection. Default value: `undef` ##### `h2_push_priority` Data type: `Array[String]` Sets the [H2PushPriority](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushpriority) directive which defines the priority handling of pushed responses based on the content-type of the response. Default value: [] ##### `h2_push_resource` Data type: `Array[String]` Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive which declares resources for early pushing to the client. Default value: [] ##### `h2_serialize_headers` Data type: `Optional[Boolean]` Sets the [H2SerializeHeaders](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2serializeheaders) directive which toggles if HTTP/2 requests are serialized in HTTP/1.1 format for processing by httpd core. Default value: `undef` ##### `h2_stream_max_mem_size` Data type: `Optional[Integer]` Sets the [H2StreamMaxMemSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2streammaxmemsize) directive which sets the maximum number of outgoing data bytes buffered in memory for an active stream. Default value: `undef` ##### `h2_tls_cool_down_secs` Data type: `Optional[Integer]` Sets the [H2TLSCoolDownSecs](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlscooldownsecs) directive which sets the number of seconds of idle time on a TLS connection before the TLS write size falls back to a small (~1300 bytes) length. Default value: `undef` ##### `h2_tls_warm_up_size` Data type: `Optional[Integer]` Sets the [H2TLSWarmUpSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlswarmupsize) directive which sets the number of bytes to be sent in small TLS records (~1300 bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections. Default value: `undef` ##### `h2_upgrade` Data type: `Optional[Boolean]` Sets the [H2Upgrade](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2upgrade) directive which toggles the usage of the HTTP/1.1 Upgrade method for switching to HTTP/2. Default value: `undef` ##### `h2_window_size` Data type: `Optional[Integer]` Sets the [H2WindowSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2windowsize) directive which sets the size of the window that is used for flow control from client to server and limits the amount of data the server has to buffer. Default value: `undef` ##### `headers` Data type: `Any` Adds lines to replace, merge, or remove response headers. See [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Default value: `undef` ##### `ip` Data type: `Any` Sets the IP address the virtual host listens on. By default, uses Apache's default behavior of listening on all IPs. Default value: `undef` ##### `ip_based` Data type: `Boolean` Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual host. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based virtual hosts. Default value: `false` ##### `itk` Data type: `Optional[Hash]` Configures [ITK](http://mpm-itk.sesse.net/) in a hash.
Usage typically looks something like: ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', itk => { user => 'someuser', group => 'somegroup', }, } ``` Valid values are: a hash, which can include the keys: * `user` + `group` * `assignuseridexpr` * `assigngroupidexpr` * `maxclientvhost` * `nice` * `limituidrange` (Linux 3.5.0 or newer) * `limitgidrange` (Linux 3.5.0 or newer) Default value: `undef` ##### `action` Data type: `Any` Specifies whether you wish to configure mod_actions action directive which will activate cgi-script when triggered by a request. Default value: `undef` ##### `jk_mounts` Data type: `Any` Sets up a virtual host with `JkMount` and `JkUnMount` directives to handle the paths for URL mapping between Tomcat and Apache.
The parameter must be an array of hashes where each hash must contain the `worker` and either the `mount` or `unmount` keys.
Usage typically looks like: ``` puppet apache::vhost { 'sample.example.net': jk_mounts => [ { mount => '/*', worker => 'tcnode1', }, { unmount => '/*.jpg', worker => 'tcnode1', }, ], } ``` Default value: `undef` ##### `http_protocol_options` Data type: `Optional[Pattern[/^((Strict|Unsafe)?\s*(\b(Registered|Lenient)Methods)?\s*(\b(Allow0\.9|Require1\.0))?)$/]]` Specifies the strictness of HTTP protocol checks. Default value: `undef` ##### `keepalive` Data type: `Optional[Enum['on', 'off']]` Determines whether to enable persistent HTTP connections with the `KeepAlive` directive for the virtual host. By default, the global, server-wide `KeepAlive` setting is in effect.
Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options for the virtual host. Default value: `undef` ##### `keepalive_timeout` Data type: `Any` Sets the `KeepAliveTimeout` directive for the virtual host, which determines the amount of time to wait for subsequent requests on a persistent HTTP connection. By default, the global, server-wide `KeepAlive` setting is in effect.
This parameter is only relevant if either the global, server-wide `keepalive` parameter or the per-vhost `keepalive` parameter is enabled. Default value: `undef` ##### `max_keepalive_requests` Data type: `Any` Limits the number of requests allowed per connection to the virtual host. By default, the global, server-wide `KeepAlive` setting is in effect.
This parameter is only relevant if either the global, server-wide `keepalive` parameter or the per-vhost `keepalive` parameter is enabled. Default value: `undef` ##### `auth_kerb` Data type: `Boolean` Enable `mod_auth_kerb` parameters for a virtual host.
Usage typically looks like: ``` puppet apache::vhost { 'sample.example.net': auth_kerb => `true`, krb_method_negotiate => 'on', krb_auth_realms => ['EXAMPLE.ORG'], krb_local_user_mapping => 'on', directories => { path => '/var/www/html', auth_name => 'Kerberos Login', auth_type => 'Kerberos', auth_require => 'valid-user', }, } ``` Default value: `false` ##### `krb_method_negotiate` Data type: `Any` Determines whether to use the Negotiate method. Default value: 'on' ##### `krb_method_k5passwd` Data type: `Any` Determines whether to use password-based authentication for Kerberos v5. Default value: 'on' ##### `krb_authoritative` Data type: `Any` If set to `off`, authentication controls can be passed on to another module. Default value: 'on' ##### `krb_auth_realms` Data type: `Any` Specifies an array of Kerberos realms to use for authentication. Default value: [] ##### `krb_5keytab` Data type: `Any` Specifies the Kerberos v5 keytab file's location. Default value: `undef` ##### `krb_local_user_mapping` Data type: `Any` Strips @REALM from usernames for further use. Default value: `undef` ##### `krb_verify_kdc` Data type: `Any` This option can be used to disable the verification tickets against local keytab to prevent KDC spoofing attacks. Default value: 'on' ##### `krb_servicename` Data type: `Any` Specifies the service name that will be used by Apache for authentication. Corresponding key of this name must be stored in the keytab. Default value: 'HTTP' ##### `krb_save_credentials` Data type: `Any` This option enables credential saving functionality. Default value: 'off' ##### `logroot` Data type: `Any` Specifies the location of the virtual host's logfiles. Default value: $::apache::logroot ##### `logroot_ensure` Data type: `Enum['directory', 'absent']` Determines whether or not to remove the logroot directory for a virtual host. Default value: 'directory' ##### `logroot_mode` Data type: `Any` Overrides the mode the logroot directory is set to. Do *not* grant write access to the directory the logs are stored in without being aware of the consequences; for more information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security). Default value: `undef` ##### `logroot_owner` Data type: `Any` Sets individual user access to the logroot directory. Default value: `undef` ##### `logroot_group` Data type: `Any` Sets group access to the `logroot` directory. Default value: `undef` ##### `log_level` Data type: `Any` Specifies the verbosity of the error log. Default value: `undef` ##### `modsec_body_limit` Data type: `Any` Configures the maximum request body size (in bytes) ModSecurity accepts for buffering. Default value: `undef` ##### `modsec_disable_vhost` Data type: `Any` Disables `mod_security` on a virtual host. Only valid if `apache::mod::security` is included. Default value: `undef` ##### `modsec_disable_ids` Data type: `Optional[Variant[Hash, Array]]` Removes `mod_security` IDs from the virtual host.
Also takes a hash allowing removal of an ID from a specific location. ``` puppet apache::vhost { 'sample.example.net': modsec_disable_ids => [ 90015, 90016 ], } ``` ``` puppet apache::vhost { 'sample.example.net': modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, } ``` Default value: `undef` ##### `modsec_disable_ips` Data type: `Any` Specifies an array of IP addresses to exclude from `mod_security` rule matching. Default value: `undef` ##### `modsec_disable_msgs` Data type: `Optional[Variant[Hash, Array]]` Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing removal of an Msg from a specific location. ``` puppet apache::vhost { 'sample.example.net': modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'], } ``` ``` puppet apache::vhost { 'sample.example.net': modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] }, } ``` Default value: `undef` ##### `modsec_disable_tags` Data type: `Optional[Variant[Hash, Array]]` Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing removal of an Tag from a specific location. ``` puppet apache::vhost { 'sample.example.net': modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'], } ``` ``` puppet apache::vhost { 'sample.example.net': modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] }, } ``` Default value: `undef` ##### `modsec_audit_log_file` Data type: `Any` If set, it is relative to `logroot`.
One of the parameters that determines how to send `mod_security` audit log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)). If none of those parameters are set, the global audit log is used (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ). Default value: `undef` ##### `modsec_audit_log_pipe` Data type: `Any` If `modsec_audit_log_pipe` is set, it should start with a pipe. Example `|/path/to/mlogc /path/to/mlogc.conf`.
One of the parameters that determines how to send `mod_security` audit log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)). If none of those parameters are set, the global audit log is used (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ). Default value: `undef` ##### `modsec_audit_log` Data type: `Any` If `modsec_audit_log` is `true`, given a virtual host ---for instance, example.com--- it defaults to `example.com\_security\_ssl.log` for SSL-encrypted virtual hosts and `example.com\_security.log` for unencrypted virtual hosts.
One of the parameters that determines how to send `mod_security` audit log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
If none of those parameters are set, the global audit log is used (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ). Default value: `undef` ##### `no_proxy_uris` Data type: `Any` Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). Default value: [] ##### `no_proxy_uris_match` Data type: `Any` This directive is equivalent to `no_proxy_uris`, but takes regular expressions. Default value: [] ##### `proxy_preserve_host` Data type: `Any` Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost).
Setting this parameter to `true` enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'. Default value: `false` ##### `proxy_add_headers` Data type: `Any` Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders).
This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server. Default value: `undef` ##### `proxy_error_override` Data type: `Any` Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether Apache should override error pages for proxied content. Default value: `false` ##### `options` Data type: `Any` Sets the `Options` for the specified virtual host. For example: ``` puppet apache::vhost { 'site.name.fdqn': … options => ['Indexes','FollowSymLinks','MultiViews'], } ``` > **Note**: If you use the `directories` parameter of `apache::vhost`, 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. Default value: ['Indexes','FollowSymLinks','MultiViews'] ##### `override` Data type: `Any` Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. Default value: ['None'] ##### `passenger_enabled` Data type: `Optional[Boolean]` Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directive to `on` or `off`. Requires `apache::mod::passenger` to be included. ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', passenger_enabled => 'on', }, ], } ``` > **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. Default value: `undef` ##### `passenger_base_uri` Data type: `Optional[String]` Sets [PassengerBaseURI](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbase_rui), to specify that the given URI is a distinct application served by Passenger. Default value: `undef` ##### `passenger_ruby` Data type: `Optional[Stdlib::Absolutepath]` Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby), specifying the Ruby interpreter to use when serving the relevant web applications. Default value: `undef` ##### `passenger_python` Data type: `Optional[Stdlib::Absolutepath]` Sets [PassengerPython](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpython), specifying the Python interpreter to use when serving the relevant web applications. Default value: `undef` ##### `passenger_nodejs` Data type: `Optional[Stdlib::Absolutepath]` Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#passengernodejs), specifying Node.js command to use when serving the relevant web applications. Default value: `undef` ##### `passenger_meteor_app_settings` Data type: `Optional[String]` Sets [PassengerMeteorAppSettings](https://www.phusionpassenger.com/library/config/apache/reference/#passengermeteorappsettings), specifying a JSON file with settings for the application when using a Meteor application in non-bundled mode. Default value: `undef` ##### `passenger_app_env` Data type: `Optional[String]` Sets [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv), the environment for the Passenger application. If not specified, defaults to the global setting or 'production'. Default value: `undef` ##### `passenger_app_root` Data type: `Optional[Stdlib::Absolutepath]` Sets [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot), the location of the Passenger application root if different from the DocumentRoot. Default value: `undef` ##### `passenger_app_group_name` Data type: `Optional[String]` Sets [PassengerAppGroupName](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappgroupname), the name of the application group that the current application should belong to. Default value: `undef` ##### `passenger_app_type` Data type: `Optional[Enum['meteor', 'node', 'rack', 'wsgi']]` Sets [PassengerAppType](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapptype), to force Passenger to recognize the application as a specific type. Default value: `undef` ##### `passenger_startup_file` Data type: `Optional[String]` Sets the [PassengerStartupFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile) path. This path is relative to the application root. Default value: `undef` ##### `passenger_restart_dir` Data type: `Optional[String]` Sets the [PassengerRestartDir](https://www.phusionpassenger.com/library/config/apache/reference/#passengerrestartdir) to customize the directory in which `restart.txt` is searched for. Default value: `undef` ##### `passenger_spawn_method` Data type: `Optional[Enum['direct', 'smart']]` Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/library/config/apache/reference/#passengerspawnmethod), whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism. Default value: `undef` ##### `passenger_load_shell_envvars` Data type: `Optional[Boolean]` Sets [PassengerLoadShellEnvvars](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloadshellenvvars), to enable or disable the loading of shell environment variables before spawning the application. Default value: `undef` ##### `passenger_rolling_restarts` Data type: `Optional[Boolean]` Sets [PassengerRollingRestarts](https://www.phusionpassenger.com/library/config/apache/reference/#passengerrollingrestarts), to enable or disable support for zero-downtime application restarts through `restart.txt`. Default value: `undef` ##### `passenger_resist_deployment_errors` Data type: `Optional[Boolean]` Sets [PassengerResistDeploymentErrors](https://www.phusionpassenger.com/library/config/apache/reference/#passengerresistdeploymenterrors), to enable or disable resistance against deployment errors. Default value: `undef` ##### `passenger_user` Data type: `Optional[String]` Sets [PassengerUser](https://www.phusionpassenger.com/library/config/apache/reference/#passengeruser), the running user for sandboxing applications. Default value: `undef` ##### `passenger_group` Data type: `Optional[String]` Sets [PassengerGroup](https://www.phusionpassenger.com/library/config/apache/reference/#passengergroup), the running group for sandboxing applications. Default value: `undef` ##### `passenger_friendly_error_pages` Data type: `Optional[Boolean]` Sets [PassengerFriendlyErrorPages](https://www.phusionpassenger.com/library/config/apache/reference/#passengerfriendlyerrorpages), which can display friendly error pages whenever an application fails to start. This friendly error page presents the startup error message, some suggestions for solving the problem, a backtrace and a dump of the environment variables. Default value: `undef` ##### `passenger_min_instances` Data type: `Optional[Integer]` Sets [PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances), the minimum number of application processes to run. Default value: `undef` ##### `passenger_max_instances` Data type: `Optional[Integer]` Sets [PassengerMaxInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstances), the maximum number of application processes to run. Default value: `undef` ##### `passenger_max_preloader_idle_time` Data type: `Optional[Integer]` Sets [PassengerMaxPreloaderIdleTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpreloaderidletime), the maximum amount of time the preloader waits before shutting down an idle process. Default value: `undef` ##### `passenger_force_max_concurrent_requests_per_process` Data type: `Optional[Integer]` Sets [PassengerForceMaxConcurrentRequestsPerProcess](https://www.phusionpassenger.com/library/config/apache/reference/#passengerforcemaxconcurrentrequestsperprocess), the maximum amount of concurrent requests the application can handle per process. Default value: `undef` ##### `passenger_start_timeout` Data type: `Optional[Integer]` Sets [PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout), the timeout for the application startup. Default value: `undef` ##### `passenger_concurrency_model` Data type: `Optional[Enum['process', 'thread']]` Sets [PassengerConcurrencyModel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerconcurrencyodel), to specify the I/O concurrency model that should be used for Ruby application processes. Passenger supports two concurrency models:
* `process` – single-threaded, multi-processed I/O concurrency. * `thread` – multi-threaded, multi-processed I/O concurrency. Default value: `undef` ##### `passenger_thread_count` Data type: `Optional[Integer]` Sets [PassengerThreadCount](https://www.phusionpassenger.com/library/config/apache/reference/#passengerthreadcount), the number of threads that Passenger should spawn per Ruby application process.
This option only has effect if PassengerConcurrencyModel is `thread`. Default value: `undef` ##### `passenger_max_requests` Data type: `Optional[Integer]` Sets [PassengerMaxRequests](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests), the maximum number of requests an application process will process. Default value: `undef` ##### `passenger_max_request_time` Data type: `Optional[Integer]` Sets [PassengerMaxRequestTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequesttime), the maximum amount of time, in seconds, that an application process may take to process a request. Default value: `undef` ##### `passenger_memory_limit` Data type: `Optional[Integer]` Sets [PassengerMemoryLimit](https://www.phusionpassenger.com/library/config/apache/reference/#passengermemorylimit), the maximum amount of memory that an application process may use, in megabytes. Default value: `undef` ##### `passenger_stat_throttle_rate` Data type: `Optional[Integer]` Sets [PassengerStatThrottleRate](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstatthrottlerate), to set a limit, in seconds, on how often Passenger will perform it's filesystem checks. Default value: `undef` ##### `passenger_pre_start` Data type: `Optional[Variant[String,Array[String]]]` Sets [PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/reference/#passengerprestart), the URL of the application if pre-starting is required. Default value: `undef` ##### `passenger_high_performance` Data type: `Optional[Boolean]` Sets [PassengerHighPerformance](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance), to enhance performance in return for reduced compatibility. Default value: `undef` ##### `passenger_buffer_upload` Data type: `Optional[Boolean]` Sets [PassengerBufferUpload](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbufferupload), to buffer HTTP client request bodies before they are sent to the application. Default value: `undef` ##### `passenger_buffer_response` Data type: `Optional[Boolean]` Sets [PassengerBufferResponse](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbufferresponse), to buffer Happlication-generated responses. Default value: `undef` ##### `passenger_error_override` Data type: `Optional[Boolean]` Sets [PassengerErrorOverride](https://www.phusionpassenger.com/library/config/apache/reference/#passengererroroverride), to specify whether Apache will intercept and handle response with HTTP status codes of 400 and higher. Default value: `undef` ##### `passenger_max_request_queue_size` Data type: `Optional[Integer]` Sets [PassengerMaxRequestQueueSize](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize), to specify the maximum amount of requests that are allowed to queue whenever the maximum concurrent request limit is reached. If the queue is already at this specified limit, then Passenger immediately sends a "503 Service Unavailable" error to any incoming requests.
A value of 0 means that the queue size is unbounded. Default value: `undef` ##### `passenger_max_request_queue_time` Data type: `Optional[Integer]` Sets [PassengerMaxRequestQueueTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuetime), to specify the maximum amount of time that requests are allowed to stay in the queue whenever the maximum concurrent request limit is reached. If a request reaches this specified limit, then Passenger immeaditly sends a "504 Gateway Timeout" error for that request.
A value of 0 means that the queue time is unbounded. Default value: `undef` ##### `passenger_sticky_sessions` Data type: `Optional[Boolean]` Sets [PassengerStickySessions](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions), to specify that, whenever possible, all requests sent by a client will be routed to the same originating application process. Default value: `undef` ##### `passenger_sticky_sessions_cookie_name` Data type: `Optional[String]` Sets [PassengerStickySessionsCookieName](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessionscookiename), to specify the name of the sticky sessions cookie. Default value: `undef` ##### `passenger_allow_encoded_slashes` Data type: `Optional[Boolean]` Sets [PassengerAllowEncodedSlashes](https://www.phusionpassenger.com/library/config/apache/reference/#passengerallowencodedslashes), to allow URLs with encoded slashes. Please note that this feature will not work properly unless Apache's `AllowEncodedSlashes` is also enabled. Default value: `undef` ##### `passenger_debugger` Data type: `Optional[Boolean]` Sets [PassengerDebugger](https://www.phusionpassenger.com/library/config/apache/reference/#passengerdebugger), to turn support for Ruby application debugging on or off. Default value: `undef` ##### `passenger_lve_min_uid` Data type: `Optional[Integer]` Sets [PassengerLveMinUid](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlveminuid), to only allow the spawning of application processes with UIDs equal to, or higher than, this specified value on LVE-enabled kernels. Default value: `undef` ##### `php_values` Data type: `Any` Allows per-virtual host setting [`php_value`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Within a vhost declaration: ``` puppet php_values => [ 'include_path ".:/usr/local/example-app/include"' ], ``` Default value: {} ##### `php_flags` Data type: `Any` Allows per-virtual host setting [`php_flags\``](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Default value: {} ##### `php_admin_values` Data type: `Any` Allows per-virtual host setting [`php_admin_value`](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Default value: {} ##### `php_admin_flags` Data type: `Any` Allows per-virtual host setting [`php_admin_flag`](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Default value: {} ##### `port` Data type: `Any` Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only listens on the port set in this parameter. Default value: `undef` ##### `priority` Data type: `Any` Sets the relative load-order for Apache HTTPD VirtualHost configuration files.
If nothing matches the priority, the first name-based virtual host is used. Likewise, passing a higher priority causes the alphabetically first name-based virtual host to be used if no other names match.
> **Note:** You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'.
To omit the priority prefix in file names, pass a priority of `false`. Default value: `undef` ##### `protocols` Data type: `Array[Enum['h2', 'h2c', 'http/1.1']]` Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols) directive, which lists available protocols for the virutal host. Default value: [] ##### `protocols_honor_order` Data type: `Optional[Boolean]` Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder) directive which determines wether the order of Protocols sets precedence during negotiation. Default value: `undef` ##### `proxy_dest` Data type: `Any` Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Default value: `undef` ##### `proxy_pass` Data type: `Any` Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Optionally, parameters can be added as an array. ``` puppet apache::vhost { 'site.name.fdqn': … proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}}, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, { 'path' => '/d', 'url' => 'http://backend-a/d', 'params' => { 'retry' => '0', 'timeout' => '5' }, }, { 'path' => '/e', 'url' => 'http://backend-a/e', 'keywords' => ['nocanon', 'interpolate'] }, { 'path' => '/f', 'url' => 'http://backend-f/', 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, { 'path' => '/g', 'url' => 'http://backend-g/', 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], }, { 'path' => '/h', 'url' => 'http://backend-h/h', 'no_proxy_uris' => ['/h/admin', '/h/server-status'] }, ], } ``` * `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string. * `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`. * `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings. * `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array. Default value: `undef` ##### `proxy_dest_match` Data type: `Any` This directive is equivalent to `proxy_dest`, but takes regular expressions, see [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. Default value: `undef` ##### `proxy_dest_reverse_match` Data type: `Any` Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See [ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) for details. Default value: `undef` ##### `proxy_pass_match` Data type: `Any` This directive is equivalent to `proxy_pass`, but takes regular expressions, see [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. Default value: `undef` ##### `redirect_dest` Data type: `Any` Specifies the address to redirect to. Default value: `undef` ##### `redirect_source` Data type: `Any` Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. ``` puppet apache::vhost { 'site.name.fdqn': … redirect_source => ['/images','/downloads'], redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], } ``` Default value: '/' ##### `redirect_status` Data type: `Any` Specifies the status to append to the redirect. ``` puppet apache::vhost { 'site.name.fdqn': … redirect_status => ['temp','permanent'], } ``` Default value: `undef` ##### `redirectmatch_regexp` Data type: `Any` Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as an array alongside redirectmatch_status and redirectmatch_dest. ``` puppet apache::vhost { 'site.name.fdqn': … redirectmatch_status => ['404','404'], redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], } ``` Default value: `undef` ##### `redirectmatch_status` Data type: `Any` Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as an array alongside redirectmatch_regexp and redirectmatch_dest. ``` puppet apache::vhost { 'site.name.fdqn': … redirectmatch_status => ['404','404'], redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], } ``` Default value: `undef` ##### `redirectmatch_dest` Data type: `Any` Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as an array alongside redirectmatch_status and redirectmatch_regexp. ``` puppet apache::vhost { 'site.name.fdqn': … redirectmatch_status => ['404','404'], redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], } ``` Default value: `undef` ##### `request_headers` Data type: `Any` Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, and so on. ``` puppet apache::vhost { 'site.name.fdqn': … request_headers => [ 'append MirrorID "mirror 12"', 'unset MirrorID', ], } ``` Default value: `undef` ##### `rewrites` Data type: `Optional[Array]` Creates URL rewrite rules. Expects an array of hashes.
Valid Hash keys include `comment`, `rewrite_base`, `rewrite_cond`, `rewrite_rule` or `rewrite_map`.
For example, you can specify that anyone trying to access index.html is served welcome.html ``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] } ``` The parameter allows rewrite conditions that, when `true`, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE ``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ { comment => 'redirect IE', rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], rewrite_rule => ['^index\.html$ welcome.html'], }, ], } ``` You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2) ``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ { comment => 'Lynx or Mozilla v1/2', rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], rewrite_rule => ['^index\.html$ welcome.html'], }, ], } ``` Multiple rewrites and conditions are also possible ``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ { comment => 'Lynx or Mozilla v1/2', rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], rewrite_rule => ['^index\.html$ welcome.html'], }, { comment => 'Internet Explorer', rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], rewrite_rule => ['^index\.html$ /index.IE.html [L]'], }, { rewrite_base => /apps/, rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], }, { comment => 'Rewrite to lower case', rewrite_cond => ['%{REQUEST_URI} [A-Z]'], rewrite_map => ['lc int:tolower'], rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], }, ], } ``` Refer to the [`mod_rewrite` documentation](https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html) for more details on what is possible with rewrite rules and conditions.
> **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the virtual host's directories. Default value: `undef` ##### `rewrite_base` Data type: `Any` The parameter [`rewrite_base`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase) specifies the URL prefix to be used for per-directory (htaccess) RewriteRule directives that substitue a relative path. Default value: `undef` ##### `rewrite_rule` Data type: `Any` The parameter [`rewrite_rile`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule) allows the user to define the rules that will be used by the rewrite engine. Default value: `undef` ##### `rewrite_cond` Data type: `Any` The parameter [`rewrite_cond`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond) defines a rule condition, that when satisfied will implement that rule within the rewrite engine. Default value: `undef` ##### `rewrite_inherit` Data type: `Any` Determines whether the virtual host inherits global rewrite rules.
Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or inside the virtual host `.conf` file. By default, virtual hosts do not inherit global settings. To activate inheritance, specify the `rewrites` parameter and set `rewrite_inherit` parameter to `true`: ``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ , ], rewrite_inherit => `true`, } ``` > **Note**: The `rewrites` parameter is **required** for this to have effect
Apache activates global `Rewrite` rules inheritance if the virtual host files contains the following directives: ``` ApacheConf RewriteEngine On RewriteOptions Inherit ``` Refer to the official [`mod_rewrite`](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html) documentation, section "Rewriting in Virtual Hosts". Default value: `false` ##### `scriptalias` Data type: `Any` Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as '/usr/scripts'. Default value: `undef` ##### `scriptaliases` Data type: `Any` > **Note**: This parameter is deprecated in favor of the `aliases` parameter.
Passes an array of hashes to the virtual host to create either ScriptAlias or ScriptAliasMatch statements per the `mod_alias` documentation. ``` puppet scriptaliases => [ { alias => '/myscript', path => '/usr/share/myscript', }, { aliasmatch => '^/foo(.*)', path => '/usr/share/fooscripts$1', }, { aliasmatch => '^/bar/(.*)', path => '/usr/share/bar/wrapper.sh/$1', }, { alias => '/neatscript', path => '/usr/share/neatscript', }, ] ``` The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases before more general ones to avoid shadowing. Default value: [] ##### `serveradmin` Data type: `Any` Specifies the email address Apache displays when it renders one of its error pages. Default value: `undef` ##### `serveraliases` Data type: `Any` Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site. Default value: [] ##### `servername` Data type: `Any` Sets the servername corresponding to the hostname you connect to the virtual host at. Default value: $name ##### `setenv` Data type: `Any` Used by HTTPD to set environment variables for virtual hosts.
Example: ``` puppet apache::vhost { 'setenv.example.com': setenv => ['SPECIAL_PATH /foo/bin'], } ``` Default value: [] ##### `setenvif` Data type: `Any` Used by HTTPD to conditionally set environment variables for virtual hosts. Default value: [] ##### `setenvifnocase` Data type: `Any` Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching). Default value: [] ##### `suexec_user_group` Data type: `Optional[Pattern[/^[\w-]+ [\w-]+$/]]` Allows the spcification of user and group execution privileges for CGI programs through inclusion of the `mod_suexec` module. Default value: `undef` ##### `suphp_addhandler` Data type: `Any` Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG) working together with suphp_configpath and suphp_engine.
An example virtual host configuration with suPHP: ``` puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', suphp_addhandler => 'x-httpd-php', suphp_engine => 'on', suphp_configpath => '/etc/php5/apache2', directories => { path => '/home/appuser/myphpapp', 'suphp' => { user => 'myappuser', group => 'myappgroup' }, } } ``` Default value: $::apache::params::suphp_addhandler ##### `suphp_configpath` Data type: `Any` Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG) working together with suphp_addhandler and suphp_engine.
An example virtual host configuration with suPHP: ``` puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', suphp_addhandler => 'x-httpd-php', suphp_engine => 'on', suphp_configpath => '/etc/php5/apache2', directories => { path => '/home/appuser/myphpapp', 'suphp' => { user => 'myappuser', group => 'myappgroup' }, } } ``` Default value: $::apache::params::suphp_configpath ##### `suphp_engine` Data type: `Enum['on', 'off']` Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG) working together with suphp_configpath and suphp_addhandler.
An example virtual host configuration with suPHP: ``` puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', suphp_addhandler => 'x-httpd-php', suphp_engine => 'on', suphp_configpath => '/etc/php5/apache2', directories => { path => '/home/appuser/myphpapp', 'suphp' => { user => 'myappuser', group => 'myappgroup' }, } } ``` Default value: $::apache::params::suphp_engine ##### `vhost_name` Data type: `Any` Enables name-based virtual hosting. If no IP is passed to the virtual host, but the virtual host is assigned a port, then the virtual host name is `vhost_name:port`. If the virtual host has no assigned IP or port, the virtual host name is set to the title of the resource. Default value: '*' ##### `virtual_docroot` Data type: `Any` Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, `http://example.com` would map to `/var/www/example.com`. ``` puppet apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', virtual_docroot => '/var/www/%-2+', docroot => '/var/www', serveraliases => ['*.loc',], } ``` Default value: `false` ##### `wsgi_daemon_process` Data type: `Optional[Variant[String,Hash]]` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process_options, wsgi_process_group, wsgi_script_aliases and wsgi_pass_authorization.
A hash that sets the name of the WSGI daemon, accepting [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html).
An example virtual host configuration with WSGI: ``` puppet apache::vhost { 'wsgi.example.com': port => '80', docroot => '/var/www/pythonapp', wsgi_daemon_process => 'wsgi', wsgi_daemon_process_options => { processes => '2', threads => '15', display-name => '%{GROUP}', }, wsgi_process_group => 'wsgi', wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, wsgi_chunked_request => 'On', } ``` Default value: `undef` ##### `wsgi_daemon_process_options` Data type: `Optional[Hash]` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_process_group, wsgi_script_aliases and wsgi_pass_authorization.
Sets the group ID that the virtual host runs under. Default value: `undef` ##### `wsgi_application_group` Data type: `Any` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, and wsgi_pass_authorization.
This parameter defines the [`WSGIApplicationGroup directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html), thus allowing you to specify which application group the WSGI application belongs to, with all WSGI applications within the same group executing within the context of the same Python sub interpreter. Default value: `undef` ##### `wsgi_import_script` Data type: `Any` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, and wsgi_pass_authorization.
This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html), which can be used in order to specify a script file to be loaded upon a process starting. Default value: `undef` ##### `wsgi_import_script_options` Data type: `Optional[Hash]` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, and wsgi_pass_authorization.
This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html), which can be used in order to specify a script file to be loaded upon a process starting.
Specifies the process and aplication groups of the script. Default value: `undef` ##### `wsgi_chunked_request` Data type: `Any` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, and wsgi_pass_authorization.
This parameter defines the [`WSGIChunkedRequest directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIChunkedRequest.html), allowing you to enable support for chunked request content.
WSGI is technically incapable of supporting chunked request content without all chunked request content having first been read in and buffered. Default value: `undef` ##### `wsgi_process_group` Data type: `Any` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_script_aliases and wsgi_pass_authorization.
Requires a hash of web paths to filesystem `.wsgi paths/`. Default value: `undef` ##### `wsgi_script_aliases` Data type: `Optional[Hash]` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, and wsgi_pass_authorization.
Uses the WSGI application to handle authorization instead of Apache when set to `On`.
For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Default value: `undef` ##### `wsgi_script_aliases_match` Data type: `Optional[Hash]` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, and wsgi_pass_authorization.
Uses the WSGI application to handle authorization instead of Apache when set to `On`.
This directive is similar to `wsgi_script_aliases`, but makes use of regular expressions in place of simple prefix matching.
For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Default value: `undef` ##### `wsgi_pass_authorization` Data type: `Optional[Enum['on', 'off', 'On', 'Off']]` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group and wsgi_script_aliases.
Enables support for chunked requests. Default value: `undef` ##### `directories` Data type: `Optional[Variant[Hash, Array[Variant[Array,Hash]]]]` The `directories` parameter within the `apache::vhost` class passes an array of hashes to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory), [File](https://httpd.apache.org/docs/current/mod/core.html#files), and [Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, `< Directory /path/to/directory>...< /Directory>`.
The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the `directory`, `files`, and `location` providers, or a regex for the `directorymatch`, `filesmatch`, or `locationmatch` providers. Each hash passed to `directories` **must** contain `path` as one of the keys.
The `provider` key is optional. If missing, this key defaults to `directory`. Values: `directory`, `files`, `proxy`, `location`, `directorymatch`, `filesmatch`, `proxymatch` or `locationmatch`. If you set `provider` to `directorymatch`, it uses the keyword `DirectoryMatch` in the Apache config file.
An example use of `directories`: ``` puppet apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ { 'path' => '/var/www/files', 'provider' => 'files', 'deny' => 'from all', }, ], } ``` > **Note:** At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter.
Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', handler => value } ], } ``` Any handlers you do not set in these hashes are considered `undefined` within Puppet and are not added to the virtual host, resulting in the module using their default values. Default value: `undef` ##### `custom_fragment` Pass a string of custom configuration directives to be placed at the end of the directory configuration. ``` puppet apache::vhost { 'monitor': … directories => [ { path => '/path/to/directory', custom_fragment => ' SetHandler balancer-manager Order allow,deny Allow from all SetHandler server-status Order allow,deny Allow from all ProxyStatus On', }, ] } ``` Default value: `undef` ##### `error_documents` An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. ``` puppet apache::vhost { 'sample.example.net': directories => [ { path => '/srv/www', error_documents => [ { 'error_code' => '503', 'document' => '/service-unavail', }, ], }, ], } ``` Default value: [] ##### `h2_copy_files` Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive.
Note that you must declare `class {'apache::mod::http2': }` before using this directive. Default value: `undef` ##### `h2_push_resource` Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive.
Note that you must declare `class {'apache::mod::http2': }` before using this directive. Default value: [] ##### `headers` Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => { path => '/path/to/directory', headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', }, } ``` Default value: `undef` ##### `options` Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'], }, ], } ``` Default value: ['Indexes','FollowSymLinks','MultiViews'] ##### `shib_compat_valid_user` Data type: `Optional[String]` Default is Off, matching the behavior prior to this command's existence. Addresses a conflict when using Shibboleth in conjunction with other auth/auth modules by restoring `standard` Apache behavior when processing the `valid-user` and `user` Require rules. See the [`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions), and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess) topic for more details. This key is disabled if `apache::mod::shib` is not defined. Default value: `undef` ##### `ssl_options` Data type: `Any` String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the virtual host. ``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', ssl_options => '+ExportCertData', }, { path => '/path/to/different/dir', ssl_options => ['-StdEnvVars', '+ExportCertData'], }, ], } ``` Default value: `undef` ##### `additional_includes` Specifies paths to additional static, specific Apache configuration files in virtual host directories. ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/different/dir', additional_includes => ['/custom/path/includes', '/custom/path/another_includes',], }, ], } ``` Default value: [] ##### `ssl` Data type: `Boolean` Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. Default value: `false` ##### `ssl_ca` Data type: `Any` Specifies the SSL certificate authority to be used to verify client certificates used for authentication. You must also set `ssl_verify_client` to use this. Default value: $::apache::default_ssl_ca ##### `ssl_cert` Data type: `Any` Specifies the SSL certification. Default value: $::apache::default_ssl_cert ##### `ssl_protocol` Data type: `Any` Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array or space separated string of accepted protocols. Default value: `undef` ##### `ssl_cipher` Data type: `Any` Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Default value: `undef` ##### `ssl_honorcipherorder` Data type: `Any` Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), to cause Apache to use the server's preferred order of ciphers rather than the client's preferred order. Default value: `undef` ##### `ssl_certs_dir` Data type: `Any` Specifies the location of the SSL certification directory to verify client certs. Will not be used unless `ssl_verify_client` is also set (see below). Default value: $::apache::params::ssl_certs_dir ##### `ssl_chain` Data type: `Any` Specifies the SSL chain. This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production. Default value: $::apache::default_ssl_chain ##### `ssl_crl` Data type: `Any` Specifies the certificate revocation list to use. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) Default value: $::apache::default_ssl_crl ##### `ssl_crl_path` Data type: `Any` Specifies the location of the certificate revocation list to verify certificates for client authentication with. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) Default value: $::apache::default_ssl_crl_path ##### `ssl_crl_check` Data type: `Any` Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck) for ssl client authentication. The default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. Default value: $::apache::default_ssl_crl_check ##### `ssl_key` Data type: `Any` Specifies the SSL key.
Defaults are based on your operating system. Default work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production. Default value: $::apache::default_ssl_key ##### `ssl_verify_client` Data type: `Any` Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. ``` puppet apache::vhost { 'sample.example.net': … ssl_verify_client => 'optional', } ``` Default value: `undef` ##### `ssl_verify_depth` Data type: `Any` Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. You must set `ssl_verify_client` for it to take effect. ``` puppet apache::vhost { 'sample.example.net': … ssl_verify_client => 'require', ssl_verify_depth => 1, } ``` Default value: `undef` ##### `ssl_proxy_protocol` Data type: `Any` Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) directive, which controls which SSL protocol flavors `mod_ssl` should use when establishing its server environment for proxy. It connects to servers using only one of the provided protocols. Default value: `undef` ##### `ssl_proxy_verify` Data type: `Optional[Enum['none', 'optional', 'require', 'optional_no_ca']]` Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) directive, which configures certificate verification of the remote server when a proxy is configured to forward requests to a remote SSL server. Default value: `undef` ##### `ssl_proxy_verify_depth` Data type: `Optional[Integer[0]]` Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth) directive, which configures how deeply mod_ssl should verify before deciding that the remote server does not have a valid certificate.
A depth of 0 means that only self-signed remote server certificates are accepted, the default depth of 1 means the remote server certificate can be self-signed or signed by a CA that is directly known to the server. Default value: `undef` ##### `ssl_proxy_cipher_suite` Data type: `Any` Sets the [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite) directive, which controls cipher suites supported for ssl proxy traffic. Default value: `undef` ##### `ssl_proxy_ca_cert` Data type: `Any` Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile) directive, which specifies an all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose remote servers you deal with. These are used for Remote Server Authentication. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Default value: `undef` ##### `ssl_proxy_machine_cert` Data type: `Any` Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. ``` puppet apache::vhost { 'sample.example.net': … ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem', } ``` Default value: `undef` ##### `ssl_proxy_check_peer_cn` Data type: `Optional[Enum['on', 'off']]` Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Default value: `undef` ##### `ssl_proxy_check_peer_name` Data type: `Optional[Enum['on', 'off']]` Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Default value: `undef` ##### `ssl_proxy_check_peer_expire` Data type: `Optional[Enum['on', 'off']]` Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) directive, which specifies whether the remote server certificate is checked for expiration or not. Default value: `undef` ##### `ssl_options` Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given virtual host and can be a string or an array.
A string: ``` puppet apache::vhost { 'sample.example.net': … ssl_options => '+ExportCertData', } ``` An array: ``` puppet apache::vhost { 'sample.example.net': … ssl_options => ['+StrictRequire', '+ExportCertData'], } ``` Default value: `undef` ##### `ssl_openssl_conf_cmd` Data type: `Any` Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. Default value: `undef` ##### `ssl_proxyengine` Data type: `Boolean` Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Default value: `false` ##### `ssl_stapling` Data type: `Optional[Boolean]` Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). By default, uses what is set globally.
This parameter only applies to Apache 2.4 or higher and is ignored on older versions. Default value: `undef` ##### `ssl_stapling_timeout` Data type: `Any` Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive.
This parameter only applies to Apache 2.4 or higher and is ignored on older versions. Default value: `undef` ##### `ssl_stapling_return_errors` Data type: `Any` Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.
This parameter only applies to Apache 2.4 or higher and is ignored on older versions. Default value: `undef` ##### `use_canonical_name` Data type: `Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']]` Specifies whether to use the [`UseCanonicalName directive`](https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname), which allows you to configure how the server determines it's own name and port. Default value: `undef` ##### `define` Data type: `Hash` this lets you define configuration variables inside a vhost using [`Define`](https://httpd.apache.org/docs/2.4/mod/core.html#define), these can then be used to replace configuration values. All Defines are Undefined at the end of the VirtualHost. Default value: {} ##### `proxy_requests` Data type: `Boolean` Default value: `false` ### apache::vhost::custom The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache. #### Parameters The following parameters are available in the `apache::vhost::custom` defined type. ##### `content` Data type: `Any` Sets the configuration file's content. ##### `ensure` Data type: `Any` Specifies if the virtual host file is present or absent. Default value: 'present' ##### `priority` Data type: `Any` Sets the relative load order for Apache HTTPD VirtualHost configuration files. Default value: '25' ##### `verify_config` Data type: `Any` Specifies whether to validate the configuration file before notifying the Apache service. Default value: `true` ### apache::vhost::fragment Define a fragment within a vhost #### Examples ##### With a vhost without priority ```puppet include apache apache::vhost { 'myvhost': } apache::vhost::fragment { 'myfragment': vhost => 'myvhost', content => '# Foo', } ``` ##### With a vhost with priority ```puppet include apache apache::vhost { 'myvhost': priority => '42', } apache::vhost::fragment { 'myfragment': vhost => 'myvhost', priority => '42', content => '# Foo', } ``` ##### With a vhost with default vhost ```puppet include apache apache::vhost { 'myvhost': default_vhost => true, } apache::vhost::fragment { 'myfragment': vhost => 'myvhost', priority => '10', # default_vhost implies priority 10 content => '# Foo', } ``` ##### Adding a fragment to the built in default vhost ```puppet include apache apache::vhost::fragment { 'myfragment': vhost => 'default', priority => '15', content => '# Foo', } ``` #### Parameters The following parameters are available in the `apache::vhost::fragment` defined type. ##### `vhost` Data type: `String[1]` The title of the vhost resource to append to ##### `priority` Data type: `Any` Set the priority to match the one `apache::vhost` sets. This must match the one `apache::vhost` sets or else the concat fragment won't be found. Default value: `undef` ##### `content` Data type: `Optional[String]` The content to put in the fragment. Only when it's non-empty the actual fragment will be created. Default value: `undef` ##### `order` Data type: `Integer[0]` The order to insert the fragment at Default value: 900 ## Resource types ### a2mod Manage Apache 2 modules #### Properties The following properties are available in the `a2mod` type. ##### `ensure` Valid values: present, absent The basic property that the resource should be in. Default value: present #### Parameters The following parameters are available in the `a2mod` type. ##### `name` namevar The name of the module to be managed ##### `lib` The name of the .so library to be loaded ##### `identifier` Module identifier string used by LoadModule. Default: module-name_module ## Functions ### apache::apache_pw_hash Type: Ruby 4.x API Currently uses SHA-hashes, because although this format is considered insecure, its the most secure format supported by the most platforms. #### `apache::apache_pw_hash(String[1] $password)` Currently uses SHA-hashes, because although this format is considered insecure, its the most secure format supported by the most platforms. Returns: `String` Return's the hash of the input that was given. ##### `password` Data type: `String[1]` The input that is to be hashed. ### apache::bool2httpd Type: Ruby 4.x API Transform a supposed boolean to On or Off. Passes all other values through. #### Examples ##### ```puppet $trace_enable = false $server_signature = 'mail' bool2httpd($trace_enable) # returns 'Off' bool2httpd($server_signature) # returns 'mail' bool2httpd(undef) # returns 'Off' ``` #### `apache::bool2httpd(Any $arg)` The apache::bool2httpd function. Returns: `Any` Will return either `On` or `Off` if given a boolean value. Return's a string of any other given value. ##### Examples ###### ```puppet $trace_enable = false $server_signature = 'mail' bool2httpd($trace_enable) # returns 'Off' bool2httpd($server_signature) # returns 'mail' bool2httpd(undef) # returns 'Off' ``` ##### `arg` Data type: `Any` The value to be converted into a string. ### apache::validate_apache_log_level Type: Ruby 4.x API As per http://httpd.apache.org/docs/current/mod/core.html#loglevel * validate_apache_loglevel('info') Modules maybe specified with their own levels like these: * validate_apache_loglevel('warn ssl:info') * validate_apache_loglevel('warn mod_ssl.c:info') * validate_apache_loglevel('warn ssl_module:info') Expected to be used from the main or vhost. Might be used from directory too later as apache supports that #### `apache::validate_apache_log_level(String $log_level)` As per http://httpd.apache.org/docs/current/mod/core.html#loglevel * validate_apache_loglevel('info') Modules maybe specified with their own levels like these: * validate_apache_loglevel('warn ssl:info') * validate_apache_loglevel('warn mod_ssl.c:info') * validate_apache_loglevel('warn ssl_module:info') Expected to be used from the main or vhost. Might be used from directory too later as apache supports that Returns: `Any` Return's an error if the validation fails. ##### `log_level` Data type: `String` The string that is to be validated. ### apache_pw_hash Type: Ruby 3.x API Currently uses SHA-hashes, because although this format is considered insecure, its the most secure format supported by the most platforms. #### `apache_pw_hash(Any $password)` Currently uses SHA-hashes, because although this format is considered insecure, its the most secure format supported by the most platforms. Returns: `Any` Return's the hash of the input that was given. ##### `password` Data type: `Any` The input that is to be hashed. ### bool2httpd Type: Ruby 3.x API Transform a supposed boolean to On or Off. Pass all other values through. #### Examples ##### ```puppet $trace_enable = false $server_signature = 'mail' bool2httpd($trace_enable) # returns 'Off' bool2httpd($server_signature) # returns 'mail' bool2httpd(undef) # returns 'Off' ``` #### `bool2httpd(Any $arg)` The bool2httpd function. Returns: `Any` Will return either `On` or `Off` if given a boolean value. Return's a string of any other given value. ##### Examples ###### ```puppet $trace_enable = false $server_signature = 'mail' bool2httpd($trace_enable) # returns 'Off' bool2httpd($server_signature) # returns 'mail' bool2httpd(undef) # returns 'Off' ``` ##### `arg` Data type: `Any` The value to be converted into a string. ### validate_apache_log_level Type: Ruby 3.x API As per http://httpd.apache.org/docs/current/mod/core.html#loglevel * validate_apache_loglevel('info') Modules maybe specified with their own levels like these: * validate_apache_loglevel('warn ssl:info') * validate_apache_loglevel('warn mod_ssl.c:info') * validate_apache_loglevel('warn ssl_module:info') Expected to be used from the main or vhost. Might be used from directory too later as apaceh supports that #### `validate_apache_log_level(Any $log_level)` As per http://httpd.apache.org/docs/current/mod/core.html#loglevel * validate_apache_loglevel('info') Modules maybe specified with their own levels like these: * validate_apache_loglevel('warn ssl:info') * validate_apache_loglevel('warn mod_ssl.c:info') * validate_apache_loglevel('warn ssl_module:info') Expected to be used from the main or vhost. Might be used from directory too later as apaceh supports that Returns: `Any` Return's an error if the validation fails. ##### `log_level` Data type: `Any` The string that is to be validated. ## Tasks ### init Allows you to perform apache service functions **Supports noop?** false #### Parameters ##### `action` Data type: `Enum[reload]` Action to perform ##### `service_name` Data type: `Optional[String[1]]` The name of the apache service diff --git a/manifests/balancer.pp b/manifests/balancer.pp index 0bd8af95..790386f1 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -1,106 +1,106 @@ # @summary # This type will create an apache balancer cluster file inside the conf.d # directory. # # Each balancer cluster needs one or more balancer members (that can # be declared with the apache::balancermember defined resource type). Using # storeconfigs, you can export the apache::balancermember resources on all # balancer members, and then collect them on a single apache load balancer # server. # # @note # Currently requires the puppetlabs/concat module on the Puppet Forge and uses -# storeconfigs on the Puppet Master to export/collect resources from all +# storeconfigs on the Puppet Server to export/collect resources from all # balancer members. # # @param name # The namevar of the defined resource type is the balancer clusters name.
# This name is also used in the name of the conf.d file # # @param proxy_set # Configures key-value pairs to be used as a ProxySet lines in the configuration. # # @param target # The path to the file the balancer definition will be written in. # # @param collect_exported # Determines whether to use exported resources.
# If you statically declare all of your backend servers, set this parameter to false to rely # on existing, declared balancer member resources. Also, use apache::balancermember with array # arguments.
# To dynamically declare backend servers via exported resources collected on a central node, # set this parameter to true to collect the balancer member resources exported by the balancer # member nodes.
# If you don't use exported resources, a single Puppet run configures all balancer members. If # you use exported resources, Puppet has to run on the balanced nodes first, then run on the # balancer. # # @param options # Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) # after the balancer URL, and accepts any key-value pairs available to `ProxyPass`. # # @example # apache::balancer { 'puppet00': } # define apache::balancer ( $proxy_set = {}, $collect_exported = true, $target = undef, $options = [], ) { include ::apache::mod::proxy_balancer if versioncmp($apache::mod::proxy_balancer::apache_version, '2.4') >= 0 { $lbmethod = $proxy_set['lbmethod'] ? { undef => 'byrequests', default => $proxy_set['lbmethod'], } ensure_resource('apache::mod', "lbmethod_${lbmethod}", { 'loadfile_name' => "proxy_balancer_lbmethod_${lbmethod}.load" }) } if $target { $_target = $target } else { $_target = "${::apache::confd_dir}/balancer_${name}.conf" } if !empty($options) { $_options = " ${join($options, ' ')}" } else { $_options = '' } concat { "apache_balancer_${name}": owner => '0', group => '0', path => $_target, mode => $::apache::file_mode, notify => Class['Apache::Service'], } concat::fragment { "00-${name}-header": target => "apache_balancer_${name}", order => '01', content => "\n", } if $collect_exported { Apache::Balancermember <<| balancer_cluster == $name |>> } # else: the resources have been created and they introduced their # concat fragments. We don't have to do anything about them. concat::fragment { "01-${name}-proxyset": target => "apache_balancer_${name}", order => '19', content => inline_template("<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\n<% end %>"), } concat::fragment { "01-${name}-footer": target => "apache_balancer_${name}", order => '20', content => "\n", } } diff --git a/manifests/balancermember.pp b/manifests/balancermember.pp index 1d4abb2e..ec66dcda 100644 --- a/manifests/balancermember.pp +++ b/manifests/balancermember.pp @@ -1,51 +1,51 @@ # @summary # Defines members of `mod_proxy_balancer` # # Sets up a balancer member inside a listening service configuration block in # the load balancer's `apache.cfg`. # # This type will setup a balancer member inside a listening service # configuration block in /etc/apache/apache.cfg on the load balancer. # Currently it only has the ability to specify the instance name, url and an # array of options. More features can be added as needed. The best way to # implement this is to export this resource for all apache balancer member # servers, and then collect them on the main apache load balancer. # # @note # Currently requires the puppetlabs/concat module on the Puppet Forge and -# uses storeconfigs on the Puppet Master to export/collect resources +# uses storeconfigs on the Puppet Server to export/collect resources # from all balancer members. # # @param name # The title of the resource is arbitrary and only utilized in the concat # fragment name. # # @param balancer_cluster # The apache service's instance name (or, the title of the apache::balancer # resource). This must match up with a declared apache::balancer resource. # # @param url # The url used to contact the balancer member server. # # @param options # Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) # after the URL, and accepts any key-value pairs available to `ProxyPass`. # # @example # @@apache::balancermember { 'apache': # balancer_cluster => 'puppet00', # url => "ajp://${::fqdn}:8009" # options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], # } # define apache::balancermember( $balancer_cluster, $url = "http://${::fqdn}/", $options = [], ) { concat::fragment { "BalancerMember ${name}": target => "apache_balancer_${balancer_cluster}", content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"), } } diff --git a/manifests/mod/info.pp b/manifests/mod/info.pp index d8191bd0..abcd93ee 100644 --- a/manifests/mod/info.pp +++ b/manifests/mod/info.pp @@ -1,51 +1,51 @@ # @summary # Installs and configures `mod_info`. # # @param allow_from -# Whitelist of IPv4 or IPv6 addresses or ranges that can access the info path. +# Allowlist of IPv4 or IPv6 addresses or ranges that can access the info path. # # @param apache_version # Version of Apache to install module on. # # @param restrict_access -# Toggles whether to restrict access to info path. If `false`, the `allow_from` whitelist is ignored and any IP address can +# Toggles whether to restrict access to info path. If `false`, the `allow_from` allowlist is ignored and any IP address can # access the info path. # # @param info_path # Path on server to file containing server configuration information. # # @see https://httpd.apache.org/docs/current/mod/mod_info.html for additional documentation. # class apache::mod::info ( $allow_from = ['127.0.0.1','::1'], $apache_version = undef, $restrict_access = true, $info_path = '/server-info', ){ include ::apache $_apache_version = pick($apache_version, $apache::apache_version) if $::osfamily == 'Suse' { if defined(Class['::apache::mod::worker']){ $suse_path = '/usr/lib64/apache2-worker' } else { $suse_path = '/usr/lib64/apache2-prefork' } ::apache::mod { 'info': lib_path => $suse_path, } } else { ::apache::mod { 'info': } } # Template uses $allow_from, $_apache_version file { 'info.conf': ensure => file, path => "${::apache::mod_dir}/info.conf", mode => $::apache::file_mode, content => template('apache/mod/info.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], notify => Class['apache::service'], } } diff --git a/manifests/vhost.pp b/manifests/vhost.pp index e2a86a3b..08997e3e 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -1,2876 +1,2876 @@ # @summary # Allows specialised configurations for virtual hosts that possess requirements # outside of the defaults. # # The apache module allows a lot of flexibility in the setup and configuration of virtual hosts. # This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache # to evaluate it multiple times with different parameters.
# The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts # that have requirements outside the defaults. You can set up a default virtual host within # the base `::apache` class, as well as set a customized virtual host as the default. # Customized virtual hosts have a lower numeric `priority` than the base class's, causing # Apache to process the customized virtual host first.
# The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To # inject custom fragments for pieces of the configuration that the defined type doesn't # inherently support, add a custom fragment.
# For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples # of 10, so any `order` that isn't a multiple of 10 should work.
# > **Note:** When creating an `apache::vhost`, it cannot be named `default` or `default-ssl`, # because vhosts with these titles are always managed by the module. This means that you cannot # override `Apache::Vhost['default']` or `Apache::Vhost['default-ssl]` resources. An optional # workaround is to create a vhost named something else, such as `my default`, and ensure that the # `default` and `default_ssl` vhosts are set to `false`: # # @example # class { 'apache': # default_vhost => false, # default_ssl_vhost => false, # } # # @param apache_version # Apache's version number as a string, such as '2.2' or '2.4'. # # @param access_log # Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). # # @param access_log_env_var # Specifies that only requests with particular environment variables be logged. # # @param access_log_file # Sets the filename of the `*_access.log` placed in `logroot`. Given a virtual host ---for # instance, example.com--- it defaults to 'example.com_ssl.log' for # [SSL-encrypted](https://httpd.apache.org/docs/current/ssl/index.html) virtual hosts and # `example.com_access.log` for unencrypted virtual hosts. # # @param access_log_format # Specifies the use of either a `LogFormat` nickname or a custom-formatted string for the # access log. # # @param access_log_pipe # Specifies a pipe where Apache sends access log messages. # # @param access_log_syslog # Sends all access log messages to syslog. # # @param access_logs # Allows you to give a hash that specifies the state of each of the `access_log_*` # directives shown above, i.e. `access_log_pipe` and `access_log_syslog`. # # @param add_default_charset # Sets a default media charset value for the `AddDefaultCharset` directive, which is # added to `text/plain` and `text/html` responses. # # @param add_listen # Determines whether the virtual host creates a `Listen` statement.
# Setting `add_listen` to `false` prevents the virtual host from creating a `Listen` # statement. This is important when combining virtual hosts that aren't passed an `ip` # parameter with those that are. # # @param use_optional_includes # Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for # `additional_includes` in Apache 2.4 or newer. # # @param additional_includes # Specifies paths to additional static, virtual host-specific Apache configuration files. # You can use this parameter to implement a unique, custom configuration not supported by # this module. # # @param aliases # Passes a list of [hashes][hash] to the virtual host to create `Alias`, `AliasMatch`, # `ScriptAlias` or `ScriptAliasMatch` directives as per the `mod_alias` documentation.
# For example: # ``` puppet # aliases => [ # { aliasmatch => '^/image/(.*)\.jpg$', # path => '/files/jpg.images/$1.jpg', # }, # { alias => '/image', # path => '/ftp/pub/image', # }, # { scriptaliasmatch => '^/cgi-bin(.*)', # path => '/usr/local/share/cgi-bin$1', # }, # { scriptalias => '/nagios/cgi-bin/', # path => '/usr/lib/nagios/cgi-bin/', # }, # { alias => '/nagios', # path => '/usr/share/nagios/html', # }, # ], # ``` # For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs # a corresponding context, such as `` or # ``. Puppet creates the directives in the order specified in # the `aliases` parameter. As described in the `mod_alias` documentation, add more specific # `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more # general ones to avoid shadowing.
# > **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because # you can precisely control the order of various alias directives. Defining `ScriptAliases` # using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after # *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` # directives. This often causes problems; for example, this could cause problems with Nagios.
# If `apache::mod::passenger` is loaded and `PassengerHighPerformance` is `true`, the `Alias` # directive might not be able to honor the `PassengerEnabled => off` statement. See # [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. # # @param allow_encoded_slashes # Sets the `AllowEncodedSlashes` declaration for the virtual host, overriding the server # default. This modifies the virtual host responses to URLs with `\` and `/` characters. The # default setting omits the declaration from the server configuration and selects the # Apache default setting of `Off`. # # @param block # Specifies the list of things to which Apache blocks access. Valid options are: `scm` (which # blocks web access to `.svn`), `.git`, and `.bzr` directories. # # @param cas_attribute_prefix # Adds a header with the value of this header being the attribute values when SAML # validation is enabled. # # @param cas_attribute_delimiter # Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`. # # @param cas_login_url # Sets the URL to which the module redirects users when they attempt to access a # CAS-protected resource and don't have an active session. # # @param cas_root_proxied_as # Sets the URL end users see when access to this Apache server is proxied per vhost. # This URL should not include a trailing slash. # # @param cas_scrub_request_headers # Remove inbound request headers that may have special meaning within mod_auth_cas. # # @param cas_sso_enabled # Enables experimental support for single sign out (may mangle POST data). # # @param cas_validate_saml # Parse response from CAS server for SAML. # # @param cas_validate_url # Sets the URL to use when validating a client-presented ticket in an HTTP query string. # # @param comment # Adds comments to the header of the configuration file. Pass as string or an array of strings. # For example: # ``` puppet # comment => "Account number: 123B", # ``` # Or: # ``` puppet # comment => [ # "Customer: X", # "Frontend domain: x.example.org", # ] # ``` # # @param custom_fragment # Passes a string of custom configuration directives to place at the end of the virtual # host configuration. # # @param default_vhost # Sets a given `apache::vhost` defined type as the default to serve requests that do not # match any other `apache::vhost` defined types. # # @param directoryindex # Sets the list of resources to look for when a client requests an index of the directory # by specifying a '/' at the end of the directory name. See the `DirectoryIndex` directive # documentation for details. # # @param docroot # **Required**.
# Sets the `DocumentRoot` location, from which Apache serves files.
# If `docroot` and `manage_docroot` are both set to `false`, no `DocumentRoot` will be set # and the accompanying `` block will not be created. # # @param docroot_group # Sets group access to the `docroot` directory. # # @param docroot_owner # Sets individual user access to the `docroot` directory. # # @param docroot_mode # Sets access permissions for the `docroot` directory, in numeric notation. # # @param manage_docroot # Determines whether Puppet manages the `docroot` directory. # # @param error_log # Specifies whether `*_error.log` directives should be configured. # # @param error_log_file # Points the virtual host's error logs to a `*_error.log` file. If this parameter is # undefined, Puppet checks for values in `error_log_pipe`, then `error_log_syslog`.
# If none of these parameters is set, given a virtual host `example.com`, Puppet defaults # to `$logroot/example.com_error_ssl.log` for SSL virtual hosts and # `$logroot/example.com_error.log` for non-SSL virtual hosts. # # @param error_log_pipe # Specifies a pipe to send error log messages to.
# This parameter has no effect if the `error_log_file` parameter has a value. If neither # this parameter nor `error_log_file` has a value, Puppet then checks `error_log_syslog`. # # @param error_log_syslog # Determines whether to send all error log messages to syslog. # This parameter has no effect if either of the `error_log_file` or `error_log_pipe` # parameters has a value. If none of these parameters has a value, given a virtual host # `example.com`, Puppet defaults to `$logroot/example.com_error_ssl.log` for SSL virtual # hosts and `$logroot/example.com_error.log` for non-SSL virtual hosts. # # @param error_log_format # Sets the [ErrorLogFormat](https://httpd.apache.org/docs/current/mod/core.html#errorlogformat) # format specification for error log entries inside virtual host # For example: # ``` puppet # apache::vhost { 'site.name.fdqn': # ... # error_log_format => [ # '[%{uc}t] [%-m:%-l] [R:%L] [C:%{C}L] %7F: %E: %M', # { '[%{uc}t] [R:%L] Request %k on C:%{c}L pid:%P tid:%T' => 'request' }, # { "[%{uc}t] [R:%L] UA:'%+{User-Agent}i'" => 'request' }, # { "[%{uc}t] [R:%L] Referer:'%+{Referer}i'" => 'request' }, # { '[%{uc}t] [C:%{c}L] local\ %a remote\ %A' => 'connection' }, # ], # } # ``` # # @param error_documents # A list of hashes which can be used to override the # [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) # settings for this virtual host.
# For example: # ``` puppet # apache::vhost { 'sample.example.net': # error_documents => [ # { 'error_code' => '503', 'document' => '/service-unavail' }, # { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, # ], # } # ``` # # @param ensure # Specifies if the virtual host is present or absent.
# # @param fallbackresource # Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) # directive, which specifies an action to take for any URL that doesn't map to anything in # your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin # with a `/` or be `disabled`. # # @param fastcgi_server # Specify an external FastCGI server to manage a connection to. # # @param fastcgi_socket # Specify the socket that will be used to communicate with an external FastCGI server. # # @param fastcgi_idle_timeout # If using fastcgi, this option sets the timeout for the server to respond. # # @param fastcgi_dir # Specify an internal FastCGI directory that is to be managed. # # @param filters # [Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart, # context-sensitive configuration of output content filters. # ``` puppet # apache::vhost { "$::fqdn": # filters => [ # 'FilterDeclare COMPRESS', # 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', # 'FilterChain COMPRESS', # 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', # ], # } # ``` # # @param h2_copy_files # Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) # directive which influences how the requestion process pass files to the main connection. # # @param h2_direct # Sets the [H2Direct](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2direct) # directive which toggles the usage of the HTTP/2 Direct Mode. # # @param h2_early_hints # Sets the [H2EarlyHints](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2earlyhints) # directive which controls if HTTP status 103 interim responses are forwarded to # the client or not. # # @param h2_max_session_streams # Sets the [H2MaxSessionStreams](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2maxsessionstreams) # directive which sets the maximum number of active streams per HTTP/2 session # that the server allows. # # @param h2_modern_tls_only # Sets the [H2ModernTLSOnly](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2moderntlsonly) # directive which toggles the security checks on HTTP/2 connections in TLS mode. # # @param h2_push # Sets the [H2Push](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2push) # directive which toggles the usage of the HTTP/2 server push protocol feature. # # @param h2_push_diary_size # Sets the [H2PushDiarySize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushdiarysize) # directive which toggles the maximum number of HTTP/2 server pushes that are # remembered per HTTP/2 connection. # # @param h2_push_priority # Sets the [H2PushPriority](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushpriority) # directive which defines the priority handling of pushed responses based on the # content-type of the response. # # @param h2_push_resource # Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) # directive which declares resources for early pushing to the client. # # @param h2_serialize_headers # Sets the [H2SerializeHeaders](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2serializeheaders) # directive which toggles if HTTP/2 requests are serialized in HTTP/1.1 # format for processing by httpd core. # # @param h2_stream_max_mem_size # Sets the [H2StreamMaxMemSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2streammaxmemsize) # directive which sets the maximum number of outgoing data bytes buffered in # memory for an active stream. # # @param h2_tls_cool_down_secs # Sets the [H2TLSCoolDownSecs](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlscooldownsecs) # directive which sets the number of seconds of idle time on a TLS connection # before the TLS write size falls back to a small (~1300 bytes) length. # # @param h2_tls_warm_up_size # Sets the [H2TLSWarmUpSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlswarmupsize) # directive which sets the number of bytes to be sent in small TLS records (~1300 # bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections. # # @param h2_upgrade # Sets the [H2Upgrade](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2upgrade) # directive which toggles the usage of the HTTP/1.1 Upgrade method for switching # to HTTP/2. # # @param h2_window_size # Sets the [H2WindowSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2windowsize) # directive which sets the size of the window that is used for flow control from # client to server and limits the amount of data the server has to buffer. # # @param headers # Adds lines to replace, merge, or remove response headers. See # [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. # # @param ip # Sets the IP address the virtual host listens on. By default, uses Apache's default behavior # of listening on all IPs. # # @param ip_based # Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual # host. This parameter inhibits the creation of a NameVirtualHost directive, since those are # used to funnel requests to name-based virtual hosts. # # @param itk # Configures [ITK](http://mpm-itk.sesse.net/) in a hash.
# Usage typically looks something like: # ``` puppet # apache::vhost { 'sample.example.net': # docroot => '/path/to/directory', # itk => { # user => 'someuser', # group => 'somegroup', # }, # } # ``` # Valid values are: a hash, which can include the keys: # * `user` + `group` # * `assignuseridexpr` # * `assigngroupidexpr` # * `maxclientvhost` # * `nice` # * `limituidrange` (Linux 3.5.0 or newer) # * `limitgidrange` (Linux 3.5.0 or newer) # # @param action # Specifies whether you wish to configure mod_actions action directive which will # activate cgi-script when triggered by a request. # # @param jk_mounts # Sets up a virtual host with `JkMount` and `JkUnMount` directives to handle the paths # for URL mapping between Tomcat and Apache.
# The parameter must be an array of hashes where each hash must contain the `worker` # and either the `mount` or `unmount` keys.
# Usage typically looks like: # ``` puppet # apache::vhost { 'sample.example.net': # jk_mounts => [ # { mount => '/*', worker => 'tcnode1', }, # { unmount => '/*.jpg', worker => 'tcnode1', }, # ], # } # ``` # # @param http_protocol_options # Specifies the strictness of HTTP protocol checks. # # @param keepalive # Determines whether to enable persistent HTTP connections with the `KeepAlive` directive # for the virtual host. By default, the global, server-wide `KeepAlive` setting is in effect.
# Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options # for the virtual host. # # @param keepalive_timeout # Sets the `KeepAliveTimeout` directive for the virtual host, which determines the amount # of time to wait for subsequent requests on a persistent HTTP connection. By default, the # global, server-wide `KeepAlive` setting is in effect.
# This parameter is only relevant if either the global, server-wide `keepalive` parameter or # the per-vhost `keepalive` parameter is enabled. # # @param max_keepalive_requests # Limits the number of requests allowed per connection to the virtual host. By default, # the global, server-wide `KeepAlive` setting is in effect.
# This parameter is only relevant if either the global, server-wide `keepalive` parameter or # the per-vhost `keepalive` parameter is enabled. # # @param auth_kerb # Enable `mod_auth_kerb` parameters for a virtual host.
# Usage typically looks like: # ``` puppet # apache::vhost { 'sample.example.net': # auth_kerb => `true`, # krb_method_negotiate => 'on', # krb_auth_realms => ['EXAMPLE.ORG'], # krb_local_user_mapping => 'on', # directories => { # path => '/var/www/html', # auth_name => 'Kerberos Login', # auth_type => 'Kerberos', # auth_require => 'valid-user', # }, # } # ``` # # @param krb_method_negotiate # Determines whether to use the Negotiate method. # # @param krb_method_k5passwd # Determines whether to use password-based authentication for Kerberos v5. # # @param krb_authoritative # If set to `off`, authentication controls can be passed on to another module. # # @param krb_auth_realms # Specifies an array of Kerberos realms to use for authentication. # # @param krb_5keytab # Specifies the Kerberos v5 keytab file's location. # # @param krb_local_user_mapping # Strips @REALM from usernames for further use. # # @param krb_verify_kdc # This option can be used to disable the verification tickets against local keytab to prevent # KDC spoofing attacks. # # @param krb_servicename # Specifies the service name that will be used by Apache for authentication. Corresponding # key of this name must be stored in the keytab. # # @param krb_save_credentials # This option enables credential saving functionality. # # @param logroot # Specifies the location of the virtual host's logfiles. # # @param logroot_ensure # Determines whether or not to remove the logroot directory for a virtual host. # # @param logroot_mode # Overrides the mode the logroot directory is set to. Do *not* grant write access to the # directory the logs are stored in without being aware of the consequences; for more # information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security). # # @param logroot_owner # Sets individual user access to the logroot directory. # # @param logroot_group # Sets group access to the `logroot` directory. # # @param log_level # Specifies the verbosity of the error log. # # @param modsec_body_limit # Configures the maximum request body size (in bytes) ModSecurity accepts for buffering. # # @param modsec_disable_vhost # Disables `mod_security` on a virtual host. Only valid if `apache::mod::security` is included. # # @param modsec_disable_ids # Removes `mod_security` IDs from the virtual host.
# Also takes a hash allowing removal of an ID from a specific location. # ``` puppet # apache::vhost { 'sample.example.net': # modsec_disable_ids => [ 90015, 90016 ], # } # ``` # # ``` puppet # apache::vhost { 'sample.example.net': # modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, # } # ``` # # @param modsec_disable_ips # Specifies an array of IP addresses to exclude from `mod_security` rule matching. # # @param modsec_disable_msgs # Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing # removal of an Msg from a specific location. # ``` puppet # apache::vhost { 'sample.example.net': # modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'], # } # ``` # ``` puppet # apache::vhost { 'sample.example.net': # modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] }, # } # ``` # # @param modsec_disable_tags # Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing # removal of an Tag from a specific location. # ``` puppet # apache::vhost { 'sample.example.net': # modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'], # } # ``` # ``` puppet # apache::vhost { 'sample.example.net': # modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] }, # } # ``` # # @param modsec_audit_log_file # If set, it is relative to `logroot`.
# One of the parameters that determines how to send `mod_security` audit # log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)). # If none of those parameters are set, the global audit log is used # (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ). # # @param modsec_audit_log_pipe # If `modsec_audit_log_pipe` is set, it should start with a pipe. Example # `|/path/to/mlogc /path/to/mlogc.conf`.
# One of the parameters that determines how to send `mod_security` audit # log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)). # If none of those parameters are set, the global audit log is used # (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ). # # @param modsec_audit_log # If `modsec_audit_log` is `true`, given a virtual host ---for instance, example.com--- it # defaults to `example.com\_security\_ssl.log` for SSL-encrypted virtual hosts # and `example.com\_security.log` for unencrypted virtual hosts.
# One of the parameters that determines how to send `mod_security` audit # log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
# If none of those parameters are set, the global audit log is used # (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ). # # @param no_proxy_uris # Specifies URLs you do not want to proxy. This parameter is meant to be used in combination # with [`proxy_dest`](#proxy_dest). # # @param no_proxy_uris_match # This directive is equivalent to `no_proxy_uris`, but takes regular expressions. # # @param proxy_preserve_host # Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost).
# Setting this parameter to `true` enables the `Host:` line from an incoming request to be # proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'. # # @param proxy_add_headers # Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders).
# This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For, # X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server. # # @param proxy_error_override # Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). # This directive controls whether Apache should override error pages for proxied content. # # @param options # Sets the `Options` for the specified virtual host. For example: # ``` puppet # apache::vhost { 'site.name.fdqn': # … # options => ['Indexes','FollowSymLinks','MultiViews'], # } # ``` # > **Note**: If you use the `directories` parameter of `apache::vhost`, 'Options', # 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. # # @param override # Sets the overrides for the specified virtual host. Accepts an array of # [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. # # @param passenger_enabled # Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) # directive to `on` or `off`. Requires `apache::mod::passenger` to be included. # ``` puppet # apache::vhost { 'sample.example.net': # docroot => '/path/to/directory', # directories => [ # { path => '/path/to/directory', # passenger_enabled => 'on', # }, # ], # } # ``` # > **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) # using the PassengerEnabled directive with the PassengerHighPerformance directive. # # @param passenger_base_uri # Sets [PassengerBaseURI](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbase_rui), # to specify that the given URI is a distinct application served by Passenger. # # @param passenger_ruby # Sets [PassengerRuby](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerruby), # specifying the Ruby interpreter to use when serving the relevant web applications. # # @param passenger_python # Sets [PassengerPython](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerpython), # specifying the Python interpreter to use when serving the relevant web applications. # # @param passenger_nodejs # Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengernodejs), # specifying Node.js command to use when serving the relevant web applications. # # @param passenger_meteor_app_settings # Sets [PassengerMeteorAppSettings](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermeteorappsettings), # specifying a JSON file with settings for the application when using a Meteor # application in non-bundled mode. # # @param passenger_app_env # Sets [PassengerAppEnv](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappenv), # the environment for the Passenger application. If not specified, defaults to the global # setting or 'production'. # # @param passenger_app_root # Sets [PassengerRoot](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapproot), # the location of the Passenger application root if different from the DocumentRoot. # # @param passenger_app_group_name # Sets [PassengerAppGroupName](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappgroupname), # the name of the application group that the current application should belong to. # # @param passenger_app_start_command # Sets [PassengerAppStartCommand](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappstartcommand), # how Passenger should start your app on a specific port. # # @param passenger_app_type # Sets [PassengerAppType](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapptype), # to force Passenger to recognize the application as a specific type. # # @param passenger_startup_file # Sets the [PassengerStartupFile](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstartupfile), # path. This path is relative to the application root. # # @param passenger_restart_dir # Sets the [PassengerRestartDir](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerrestartdir), # to customize the directory in which `restart.txt` is searched for. # # @param passenger_spawn_method # Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerspawnmethod), # whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism. # # @param passenger_load_shell_envvars # Sets [PassengerLoadShellEnvvars](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerloadshellenvvars), # to enable or disable the loading of shell environment variables before spawning the application. # # @param passenger_rolling_restarts # Sets [PassengerRollingRestarts](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerrollingrestarts), # to enable or disable support for zero-downtime application restarts through `restart.txt`. # # @param passenger_resist_deployment_errors # Sets [PassengerResistDeploymentErrors](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerresistdeploymenterrors), # to enable or disable resistance against deployment errors. # # @param passenger_user # Sets [PassengerUser](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengeruser), # the running user for sandboxing applications. # # @param passenger_group # Sets [PassengerGroup](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengergroup), # the running group for sandboxing applications. # # @param passenger_friendly_error_pages # Sets [PassengerFriendlyErrorPages](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerfriendlyerrorpages), # which can display friendly error pages whenever an application fails to start. This # friendly error page presents the startup error message, some suggestions for solving # the problem, a backtrace and a dump of the environment variables. # # @param passenger_min_instances # Sets [PassengerMinInstances](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermininstances), # the minimum number of application processes to run. # # @param passenger_max_instances # Sets [PassengerMaxInstances](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxinstances), # the maximum number of application processes to run. # # @param passenger_max_preloader_idle_time # Sets [PassengerMaxPreloaderIdleTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxpreloaderidletime), # the maximum amount of time the preloader waits before shutting down an idle process. # # @param passenger_force_max_concurrent_requests_per_process # Sets [PassengerForceMaxConcurrentRequestsPerProcess](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerforcemaxconcurrentrequestsperprocess), # the maximum amount of concurrent requests the application can handle per process. # # @param passenger_start_timeout # Sets [PassengerStartTimeout](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstarttimeout), # the timeout for the application startup. # # @param passenger_concurrency_model # Sets [PassengerConcurrencyModel](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerconcurrencyodel), # to specify the I/O concurrency model that should be used for Ruby application processes. # Passenger supports two concurrency models:
# * `process` – single-threaded, multi-processed I/O concurrency. # * `thread` – multi-threaded, multi-processed I/O concurrency. # # @param passenger_thread_count # Sets [PassengerThreadCount](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerthreadcount), # the number of threads that Passenger should spawn per Ruby application process.
# This option only has effect if PassengerConcurrencyModel is `thread`. # # @param passenger_max_requests # Sets [PassengerMaxRequests](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequests), # the maximum number of requests an application process will process. # # @param passenger_max_request_time # Sets [PassengerMaxRequestTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequesttime), # the maximum amount of time, in seconds, that an application process may take to # process a request. # # @param passenger_memory_limit # Sets [PassengerMemoryLimit](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermemorylimit), # the maximum amount of memory that an application process may use, in megabytes. # # @param passenger_stat_throttle_rate # Sets [PassengerStatThrottleRate](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstatthrottlerate), # to set a limit, in seconds, on how often Passenger will perform it's filesystem checks. # # @param passenger_pre_start # Sets [PassengerPreStart](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerprestart), # the URL of the application if pre-starting is required. # # @param passenger_high_performance # Sets [PassengerHighPerformance](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerhighperformance), # to enhance performance in return for reduced compatibility. # # @param passenger_buffer_upload # Sets [PassengerBufferUpload](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbufferupload), # to buffer HTTP client request bodies before they are sent to the application. # # @param passenger_buffer_response # Sets [PassengerBufferResponse](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbufferresponse), # to buffer Happlication-generated responses. # # @param passenger_error_override # Sets [PassengerErrorOverride](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengererroroverride), # to specify whether Apache will intercept and handle response with HTTP status codes of # 400 and higher. # # @param passenger_max_request_queue_size # Sets [PassengerMaxRequestQueueSize](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequestqueuesize), # to specify the maximum amount of requests that are allowed to queue whenever the maximum # concurrent request limit is reached. If the queue is already at this specified limit, then # Passenger immediately sends a "503 Service Unavailable" error to any incoming requests.
# A value of 0 means that the queue size is unbounded. # # @param passenger_max_request_queue_time # Sets [PassengerMaxRequestQueueTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequestqueuetime), # to specify the maximum amount of time that requests are allowed to stay in the queue # whenever the maximum concurrent request limit is reached. If a request reaches this specified # limit, then Passenger immeaditly sends a "504 Gateway Timeout" error for that request.
# A value of 0 means that the queue time is unbounded. # # @param passenger_sticky_sessions # Sets [PassengerStickySessions](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessions), # to specify that, whenever possible, all requests sent by a client will be routed to the same # originating application process. # # @param passenger_sticky_sessions_cookie_name # Sets [PassengerStickySessionsCookieName](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessionscookiename), # to specify the name of the sticky sessions cookie. # # @param passenger_sticky_sessions_cookie_attributes # Sets [PassengerStickySessionsCookieAttributes](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessionscookieattributes), # the attributes of the sticky sessions cookie. # # @param passenger_allow_encoded_slashes # Sets [PassengerAllowEncodedSlashes](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerallowencodedslashes), # to allow URLs with encoded slashes. Please note that this feature will not work properly # unless Apache's `AllowEncodedSlashes` is also enabled. # # @param passenger_app_log_file # Sets [PassengerAppLogFile](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapplogfile), # app specific messages logged to a different file in addition to Passenger log file. # # @param passenger_debugger # Sets [PassengerDebugger](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerdebugger), # to turn support for Ruby application debugging on or off. # # @param passenger_lve_min_uid # Sets [PassengerLveMinUid](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerlveminuid), # to only allow the spawning of application processes with UIDs equal to, or higher than, this # specified value on LVE-enabled kernels. # # @param php_values # Allows per-virtual host setting [`php_value`s](http://php.net/manual/en/configuration.changes.php). # These flags or values can be overwritten by a user or an application. # Within a vhost declaration: # ``` puppet # php_values => [ 'include_path ".:/usr/local/example-app/include"' ], # ``` # # @param php_flags # Allows per-virtual host setting [`php_flags\``](http://php.net/manual/en/configuration.changes.php). # These flags or values can be overwritten by a user or an application. # # @param php_admin_values # Allows per-virtual host setting [`php_admin_value`](http://php.net/manual/en/configuration.changes.php). # These flags or values cannot be overwritten by a user or an application. # # @param php_admin_flags # Allows per-virtual host setting [`php_admin_flag`](http://php.net/manual/en/configuration.changes.php). # These flags or values cannot be overwritten by a user or an application. # # @param port # Sets the port the host is configured on. The module's defaults ensure the host listens # on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only # listens on the port set in this parameter. # # @param priority # Sets the relative load-order for Apache HTTPD VirtualHost configuration files.
# If nothing matches the priority, the first name-based virtual host is used. Likewise, # passing a higher priority causes the alphabetically first name-based virtual host to be # used if no other names match.
# > **Note:** You should not need to use this parameter. However, if you do use it, be # aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'.
# To omit the priority prefix in file names, pass a priority of `false`. # # @param protocols # Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols) # directive, which lists available protocols for the virutal host. # # @param protocols_honor_order # Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder) # directive which determines wether the order of Protocols sets precedence during negotiation. # # @param proxy_dest # Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. # # @param proxy_pass # Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) # configuration. Optionally, parameters can be added as an array. # ``` puppet # apache::vhost { 'site.name.fdqn': # … # proxy_pass => [ # { 'path' => '/a', 'url' => 'http://backend-a/' }, # { 'path' => '/b', 'url' => 'http://backend-b/' }, # { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}}, # { 'path' => '/l', 'url' => 'http://backend-xy', # 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, # { 'path' => '/d', 'url' => 'http://backend-a/d', # 'params' => { 'retry' => '0', 'timeout' => '5' }, }, # { 'path' => '/e', 'url' => 'http://backend-a/e', # 'keywords' => ['nocanon', 'interpolate'] }, # { 'path' => '/f', 'url' => 'http://backend-f/', # 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, # { 'path' => '/g', 'url' => 'http://backend-g/', # 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], }, # { 'path' => '/h', 'url' => 'http://backend-h/h', # 'no_proxy_uris' => ['/h/admin', '/h/server-status'] }, # ], # } # ``` # * `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string. # * `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`. # * `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings. # * `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array. # # @param proxy_dest_match # This directive is equivalent to `proxy_dest`, but takes regular expressions, see # [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) # for details. # # @param proxy_dest_reverse_match # Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See # [ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) # for details. # # @param proxy_pass_match # This directive is equivalent to `proxy_pass`, but takes regular expressions, see # [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) # for details. # # @param redirect_dest # Specifies the address to redirect to. # # @param redirect_source # Specifies the source URIs that redirect to the destination specified in `redirect_dest`. # If more than one item for redirect is supplied, the source and destination must be the same # length, and the items are order-dependent. # ``` puppet # apache::vhost { 'site.name.fdqn': # … # redirect_source => ['/images','/downloads'], # redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], # } # ``` # # @param redirect_status # Specifies the status to append to the redirect. # ``` puppet # apache::vhost { 'site.name.fdqn': # … # redirect_status => ['temp','permanent'], # } # ``` # # @param redirectmatch_regexp # Determines which server status should be raised for a given regular expression # and where to forward the user to. Entered as an array alongside redirectmatch_status # and redirectmatch_dest. # ``` puppet # apache::vhost { 'site.name.fdqn': # … # redirectmatch_status => ['404','404'], # redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], # redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], # } # ``` # # @param redirectmatch_status # Determines which server status should be raised for a given regular expression # and where to forward the user to. Entered as an array alongside redirectmatch_regexp # and redirectmatch_dest. # ``` puppet # apache::vhost { 'site.name.fdqn': # … # redirectmatch_status => ['404','404'], # redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], # redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], # } # ``` # # @param redirectmatch_dest # Determines which server status should be raised for a given regular expression # and where to forward the user to. Entered as an array alongside redirectmatch_status # and redirectmatch_regexp. # ``` puppet # apache::vhost { 'site.name.fdqn': # … # redirectmatch_status => ['404','404'], # redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], # redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], # } # ``` # # @param request_headers # Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) # in various ways, including adding additional request headers, removing request headers, # and so on. # ``` puppet # apache::vhost { 'site.name.fdqn': # … # request_headers => [ # 'append MirrorID "mirror 12"', # 'unset MirrorID', # ], # } # ``` # # @param rewrites # Creates URL rewrite rules. Expects an array of hashes.
# Valid Hash keys include `comment`, `rewrite_base`, `rewrite_cond`, `rewrite_rule` # or `rewrite_map`.
# For example, you can specify that anyone trying to access index.html is served welcome.html # ``` puppet # apache::vhost { 'site.name.fdqn': # … # rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] # } # ``` # The parameter allows rewrite conditions that, when `true`, execute the associated rule. # For instance, if you wanted to rewrite URLs only if the visitor is using IE # ``` puppet # apache::vhost { 'site.name.fdqn': # … # rewrites => [ # { # comment => 'redirect IE', # rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], # rewrite_rule => ['^index\.html$ welcome.html'], # }, # ], # } # ``` # You can also apply multiple conditions. For instance, rewrite index.html to welcome.html # only when the browser is Lynx or Mozilla (version 1 or 2) # ``` puppet # apache::vhost { 'site.name.fdqn': # … # rewrites => [ # { # comment => 'Lynx or Mozilla v1/2', # rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], # rewrite_rule => ['^index\.html$ welcome.html'], # }, # ], # } # ``` # Multiple rewrites and conditions are also possible # ``` puppet # apache::vhost { 'site.name.fdqn': # … # rewrites => [ # { # comment => 'Lynx or Mozilla v1/2', # rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], # rewrite_rule => ['^index\.html$ welcome.html'], # }, # { # comment => 'Internet Explorer', # rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], # rewrite_rule => ['^index\.html$ /index.IE.html [L]'], # }, # { # rewrite_base => /apps/, # rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], # }, # { comment => 'Rewrite to lower case', # rewrite_cond => ['%{REQUEST_URI} [A-Z]'], # rewrite_map => ['lc int:tolower'], # rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], # }, # ], # } # ``` # Refer to the [`mod_rewrite` documentation](https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html) # for more details on what is possible with rewrite rules and conditions.
# > **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` # and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather # than setting the rewrites in the virtual host's directories. # # @param rewrite_base # The parameter [`rewrite_base`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase) # specifies the URL prefix to be used for per-directory (htaccess) RewriteRule directives # that substitue a relative path. # # @param rewrite_rule # The parameter [`rewrite_rile`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule) # allows the user to define the rules that will be used by the rewrite engine. # # @param rewrite_cond # The parameter [`rewrite_cond`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond) # defines a rule condition, that when satisfied will implement that rule within the # rewrite engine. # # @param rewrite_inherit # Determines whether the virtual host inherits global rewrite rules.
# Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or # inside the virtual host `.conf` file. By default, virtual hosts do not inherit # global settings. To activate inheritance, specify the `rewrites` parameter and set # `rewrite_inherit` parameter to `true`: # ``` puppet # apache::vhost { 'site.name.fdqn': # … # rewrites => [ # , # ], # rewrite_inherit => `true`, # } # ``` # > **Note**: The `rewrites` parameter is **required** for this to have effect
# Apache activates global `Rewrite` rules inheritance if the virtual host files contains # the following directives: # ``` ApacheConf # RewriteEngine On # RewriteOptions Inherit # ``` # Refer to the official [`mod_rewrite`](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html) # documentation, section "Rewriting in Virtual Hosts". # # @param scriptalias # Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as # '/usr/scripts'. # # @param scriptaliases # > **Note**: This parameter is deprecated in favor of the `aliases` parameter.
# Passes an array of hashes to the virtual host to create either ScriptAlias or # ScriptAliasMatch statements per the `mod_alias` documentation. # ``` puppet # scriptaliases => [ # { # alias => '/myscript', # path => '/usr/share/myscript', # }, # { # aliasmatch => '^/foo(.*)', # path => '/usr/share/fooscripts$1', # }, # { # aliasmatch => '^/bar/(.*)', # path => '/usr/share/bar/wrapper.sh/$1', # }, # { # alias => '/neatscript', # path => '/usr/share/neatscript', # }, # ] # ``` # The ScriptAlias and ScriptAliasMatch directives are created in the order specified. # As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases # before more general ones to avoid shadowing. # # @param serveradmin # Specifies the email address Apache displays when it renders one of its error pages. # # @param serveraliases # Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias) # of the site. # # @param servername # Sets the servername corresponding to the hostname you connect to the virtual host at. # # @param setenv # Used by HTTPD to set environment variables for virtual hosts.
# Example: # ``` puppet # apache::vhost { 'setenv.example.com': # setenv => ['SPECIAL_PATH /foo/bin'], # } # ``` # # @param setenvif # Used by HTTPD to conditionally set environment variables for virtual hosts. # # @param setenvifnocase # Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching). # # @param suexec_user_group # Allows the spcification of user and group execution privileges for CGI programs through # inclusion of the `mod_suexec` module. # # @param suphp_addhandler # Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG) # working together with suphp_configpath and suphp_engine.
# An example virtual host configuration with suPHP: # ``` puppet # apache::vhost { 'suphp.example.com': # port => '80', # docroot => '/home/appuser/myphpapp', # suphp_addhandler => 'x-httpd-php', # suphp_engine => 'on', # suphp_configpath => '/etc/php5/apache2', # directories => { path => '/home/appuser/myphpapp', # 'suphp' => { user => 'myappuser', group => 'myappgroup' }, # } # } # ``` # # @param suphp_configpath # Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG) # working together with suphp_addhandler and suphp_engine.
# An example virtual host configuration with suPHP: # ``` puppet # apache::vhost { 'suphp.example.com': # port => '80', # docroot => '/home/appuser/myphpapp', # suphp_addhandler => 'x-httpd-php', # suphp_engine => 'on', # suphp_configpath => '/etc/php5/apache2', # directories => { path => '/home/appuser/myphpapp', # 'suphp' => { user => 'myappuser', group => 'myappgroup' }, # } # } # ``` # # @param suphp_engine # Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG) # working together with suphp_configpath and suphp_addhandler.
# An example virtual host configuration with suPHP: # ``` puppet # apache::vhost { 'suphp.example.com': # port => '80', # docroot => '/home/appuser/myphpapp', # suphp_addhandler => 'x-httpd-php', # suphp_engine => 'on', # suphp_configpath => '/etc/php5/apache2', # directories => { path => '/home/appuser/myphpapp', # 'suphp' => { user => 'myappuser', group => 'myappgroup' }, # } # } # ``` # # @param vhost_name # Enables name-based virtual hosting. If no IP is passed to the virtual host, but the # virtual host is assigned a port, then the virtual host name is `vhost_name:port`. # If the virtual host has no assigned IP or port, the virtual host name is set to the # title of the resource. # # @param virtual_docroot # Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the # same name. For example, `http://example.com` would map to `/var/www/example.com`. # ``` puppet # apache::vhost { 'subdomain.loc': # vhost_name => '*', # port => '80', # virtual_docroot => '/var/www/%-2+', # docroot => '/var/www', # serveraliases => ['*.loc',], # } # ``` # # @param wsgi_daemon_process # Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside # wsgi_daemon_process_options, wsgi_process_group, # wsgi_script_aliases and wsgi_pass_authorization.
# A hash that sets the name of the WSGI daemon, accepting # [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html).
# An example virtual host configuration with WSGI: # ``` puppet # apache::vhost { 'wsgi.example.com': # port => '80', # docroot => '/var/www/pythonapp', # wsgi_daemon_process => 'wsgi', # wsgi_daemon_process_options => # { processes => '2', # threads => '15', # display-name => '%{GROUP}', # }, # wsgi_process_group => 'wsgi', # wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, # wsgi_chunked_request => 'On', # } # ``` # # @param wsgi_daemon_process_options # Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside # wsgi_daemon_process, wsgi_process_group, # wsgi_script_aliases and wsgi_pass_authorization.
# Sets the group ID that the virtual host runs under. # # @param wsgi_application_group # Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside # wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, # and wsgi_pass_authorization.
# This parameter defines the [`WSGIApplicationGroup directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html), # thus allowing you to specify which application group the WSGI application belongs to, # with all WSGI applications within the same group executing within the context of the # same Python sub interpreter. # # @param wsgi_import_script # Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside # wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, # and wsgi_pass_authorization.
# This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html), # which can be used in order to specify a script file to be loaded upon a process starting. # # @param wsgi_import_script_options # Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside # wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, # and wsgi_pass_authorization.
# This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html), # which can be used in order to specify a script file to be loaded upon a process starting.
# Specifies the process and aplication groups of the script. # # @param wsgi_chunked_request # Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside # wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, # and wsgi_pass_authorization.
# This parameter defines the [`WSGIChunkedRequest directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIChunkedRequest.html), # allowing you to enable support for chunked request content.
# WSGI is technically incapable of supporting chunked request content without all chunked # request content having first been read in and buffered. # # @param wsgi_process_group # Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside # wsgi_daemon_process, wsgi_daemon_process_options, # wsgi_script_aliases and wsgi_pass_authorization.
# Requires a hash of web paths to filesystem `.wsgi paths/`. # # @param wsgi_script_aliases # Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside # wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, # and wsgi_pass_authorization.
# Uses the WSGI application to handle authorization instead of Apache when set to `On`.
# For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). # # @param wsgi_script_aliases_match # Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside # wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, # and wsgi_pass_authorization.
# Uses the WSGI application to handle authorization instead of Apache when set to `On`.
# This directive is similar to `wsgi_script_aliases`, but makes use of regular expressions # in place of simple prefix matching.
# For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). # # @param wsgi_pass_authorization # Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside # wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group and # wsgi_script_aliases.
# Enables support for chunked requests. # # @param directories # The `directories` parameter within the `apache::vhost` class passes an array of hashes # to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory), # [File](https://httpd.apache.org/docs/current/mod/core.html#files), and # [Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. # These blocks take the form, `< Directory /path/to/directory>...< /Directory>`.
# The `path` key sets the path for the directory, files, and location blocks. Its value # must be a path for the `directory`, `files`, and `location` providers, or a regex for # the `directorymatch`, `filesmatch`, or `locationmatch` providers. Each hash passed to # `directories` **must** contain `path` as one of the keys.
# The `provider` key is optional. If missing, this key defaults to `directory`. # Values: `directory`, `files`, `proxy`, `location`, `directorymatch`, `filesmatch`, # `proxymatch` or `locationmatch`. If you set `provider` to `directorymatch`, it # uses the keyword `DirectoryMatch` in the Apache config file.
# An example use of `directories`: # ``` puppet # apache::vhost { 'files.example.net': # docroot => '/var/www/files', # directories => [ # { 'path' => '/var/www/files', # 'provider' => 'files', # 'deny' => 'from all', # }, # ], # } # ``` # > **Note:** At least one directory should match the `docroot` parameter. After you # start declaring directories, `apache::vhost` assumes that all required Directory blocks # will be declared. If not defined, a single default Directory block is created that matches # the `docroot` parameter.
# Available handlers, represented as keys, should be placed within the `directory`, # `files`, or `location` hashes. This looks like # ``` puppet # apache::vhost { 'sample.example.net': # docroot => '/path/to/directory', # directories => [ { path => '/path/to/directory', handler => value } ], # } # ``` # Any handlers you do not set in these hashes are considered `undefined` within Puppet and # are not added to the virtual host, resulting in the module using their default values. # # @param custom_fragment # Pass a string of custom configuration directives to be placed at the end of the directory # configuration. # ``` puppet # apache::vhost { 'monitor': # … # directories => [ # { # path => '/path/to/directory', # custom_fragment => ' # # SetHandler balancer-manager # Order allow,deny # Allow from all # # # SetHandler server-status # Order allow,deny # Allow from all # # ProxyStatus On', # }, # ] # } # ``` # # @param error_documents # An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) # settings for the directory. # ``` puppet # apache::vhost { 'sample.example.net': # directories => [ # { path => '/srv/www', # error_documents => [ # { 'error_code' => '503', # 'document' => '/service-unavail', # }, # ], # }, # ], # } # ``` # # @param h2_copy_files # Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive.
# Note that you must declare `class {'apache::mod::http2': }` before using this directive. # # @param h2_push_resource # Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive.
# Note that you must declare `class {'apache::mod::http2': }` before using this directive. # # @param headers # Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. # ``` puppet # apache::vhost { 'sample.example.net': # docroot => '/path/to/directory', # directories => { # path => '/path/to/directory', # headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', # }, # } # ``` # # @param options # Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the # given Directory block. # ``` puppet # apache::vhost { 'sample.example.net': # docroot => '/path/to/directory', # directories => [ # { path => '/path/to/directory', # options => ['Indexes','FollowSymLinks','MultiViews'], # }, # ], # } # ``` # # @param shib_compat_valid_user # Default is Off, matching the behavior prior to this command's existence. Addresses a conflict # when using Shibboleth in conjunction with other auth/auth modules by restoring `standard` # Apache behavior when processing the `valid-user` and `user` Require rules. See the # [`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions), # and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess) # topic for more details. This key is disabled if `apache::mod::shib` is not defined. # # @param ssl_options # String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), # which configure SSL engine run-time options. This handler takes precedence over SSLOptions # set in the parent block of the virtual host. # ``` puppet # apache::vhost { 'secure.example.net': # docroot => '/path/to/directory', # directories => [ # { path => '/path/to/directory', # ssl_options => '+ExportCertData', # }, # { path => '/path/to/different/dir', # ssl_options => ['-StdEnvVars', '+ExportCertData'], # }, # ], # } # ``` # # @param additional_includes # Specifies paths to additional static, specific Apache configuration files in virtual # host directories. # ``` puppet # apache::vhost { 'sample.example.net': # docroot => '/path/to/directory', # directories => [ # { path => '/path/to/different/dir', # additional_includes => ['/custom/path/includes', '/custom/path/another_includes',], # }, # ], # } # ``` # # @param ssl # Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. # # @param ssl_ca # Specifies the SSL certificate authority to be used to verify client certificates used # for authentication. You must also set `ssl_verify_client` to use this. # # @param ssl_cert # Specifies the SSL certification. # # @param ssl_protocol # Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). # Expects an array or space separated string of accepted protocols. # # @param ssl_cipher # Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). # # @param ssl_honorcipherorder # Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), # to cause Apache to use the server's preferred order of ciphers rather than the client's # preferred order. # # @param ssl_certs_dir # Specifies the location of the SSL certification directory to verify client certs. Will not # be used unless `ssl_verify_client` is also set (see below). # # @param ssl_chain # Specifies the SSL chain. This default works out of the box, but it must be updated in # the base `apache` class with your specific certificate information before being used in # production. # # @param ssl_crl # Specifies the certificate revocation list to use. (This default works out of the box but # must be updated in the base `apache` class with your specific certificate information # before being used in production.) # # @param ssl_crl_path # Specifies the location of the certificate revocation list to verify certificates for # client authentication with. (This default works out of the box but must be updated in # the base `apache` class with your specific certificate information before being used in # production.) # # @param ssl_crl_check # Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck) # for ssl client authentication. The default works out of the box but must be specified when # using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on # older versions. # # @param ssl_key # Specifies the SSL key.
# Defaults are based on your operating system. Default work out of the box but must be # updated in the base `apache` class with your specific certificate information before # being used in production. # # @param ssl_verify_client # Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) # directive, which sets the certificate verification level for client authentication. # ``` puppet # apache::vhost { 'sample.example.net': # … # ssl_verify_client => 'optional', # } # ``` # # @param ssl_verify_depth # Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) # directive, which specifies the maximum depth of CA certificates in client certificate # verification. You must set `ssl_verify_client` for it to take effect. # ``` puppet # apache::vhost { 'sample.example.net': # … # ssl_verify_client => 'require', # ssl_verify_depth => 1, # } # ``` # # @param ssl_proxy_protocol # Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) # directive, which controls which SSL protocol flavors `mod_ssl` should use when establishing # its server environment for proxy. It connects to servers using only one of the provided # protocols. # # @param ssl_proxy_verify # Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) # directive, which configures certificate verification of the remote server when a proxy is # configured to forward requests to a remote SSL server. # # @param ssl_proxy_verify_depth # Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth) # directive, which configures how deeply mod_ssl should verify before deciding that the # remote server does not have a valid certificate.
# A depth of 0 means that only self-signed remote server certificates are accepted, # the default depth of 1 means the remote server certificate can be self-signed or # signed by a CA that is directly known to the server. # # @param ssl_proxy_cipher_suite # Sets the [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite) # directive, which controls cipher suites supported for ssl proxy traffic. # # @param ssl_proxy_ca_cert # Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile) # directive, which specifies an all-in-one file where you can assemble the Certificates # of Certification Authorities (CA) whose remote servers you deal with. These are used # for Remote Server Authentication. This file should be a concatenation of the PEM-encoded # certificate files in order of preference. # # @param ssl_proxy_machine_cert # Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) # directive, which specifies an all-in-one file where you keep the certs and keys used # for this server to authenticate itself to remote servers. This file should be a # concatenation of the PEM-encoded certificate files in order of preference. # ``` puppet # apache::vhost { 'sample.example.net': # … # ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem', # } # ``` # # @param ssl_proxy_check_peer_cn # Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) # directive, which specifies whether the remote server certificate's CN field is compared # against the hostname of the request URL. # # @param ssl_proxy_check_peer_name # Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) # directive, which specifies whether the remote server certificate's CN field is compared # against the hostname of the request URL. # # @param ssl_proxy_check_peer_expire # Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) # directive, which specifies whether the remote server certificate is checked for expiration # or not. # # @param ssl_options # Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) # directive, which configures various SSL engine run-time options. This is the global # setting for the given virtual host and can be a string or an array.
# A string: # ``` puppet # apache::vhost { 'sample.example.net': # … # ssl_options => '+ExportCertData', # } # ``` # An array: # ``` puppet # apache::vhost { 'sample.example.net': # … # ssl_options => ['+StrictRequire', '+ExportCertData'], # } # ``` # # @param ssl_openssl_conf_cmd # Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) # directive, which provides direct configuration of OpenSSL parameters. # # @param ssl_proxyengine # Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). # # @param ssl_stapling # Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). # By default, uses what is set globally.
# This parameter only applies to Apache 2.4 or higher and is ignored on older versions. # # @param ssl_stapling_timeout # Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive.
# This parameter only applies to Apache 2.4 or higher and is ignored on older versions. # # @param ssl_stapling_return_errors # Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.
# This parameter only applies to Apache 2.4 or higher and is ignored on older versions. # # @param use_canonical_name # Specifies whether to use the [`UseCanonicalName directive`](https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname), # which allows you to configure how the server determines it's own name and port. # # @param define # this lets you define configuration variables inside a vhost using [`Define`](https://httpd.apache.org/docs/2.4/mod/core.html#define), # these can then be used to replace configuration values. All Defines are Undefined at the end of the VirtualHost. # # @param auth_oidc # Enable `mod_auth_openidc` parameters for OpenID Connect authentication. # # @param oidc_settings -# An Apache::OIDCSettings Struct containing (mod_auth_openidc settings)[https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf]. +# An Apache::OIDCSettings Struct containing (mod_auth_openidc settings)[https://github.com/zmartzone/mod_auth_openidc/blob/main/auth_openidc.conf]. # # @param limitreqfields # The `limitreqfields` parameter sets the maximum number of request header fields in # an HTTP request. This directive gives the server administrator greater control over # abnormal client request behavior, which may be useful for avoiding some forms of # denial-of-service attacks. The value should be increased if normal clients see an error # response from the server that indicates too many fields were sent in the request. # # @param limitreqfieldsize # The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will # be allowed within a request header. # # @param limitreqline # Limit the size of the HTTP request line that will be accepted from the client # This directive sets the number of bytes that will be allowed on the HTTP # request-line. The LimitRequestLine directive allows the server administrator # to set the limit on the allowed size of a client's HTTP request-line. Since # the request-line consists of the HTTP method, URI, and protocol version, the # LimitRequestLine directive places a restriction on the length of a request-URI # allowed for a request on the server. A server needs this value to be large # enough to hold any of its resource names, including any information that might # be passed in the query part of a GET request. # # @param limitreqbody # Restricts the total size of the HTTP request body sent from the client # The LimitRequestBody directive allows the user to set a limit on the allowed # size of an HTTP request message body within the context in which the # directive is given (server, per-directory, per-file or per-location). If the # client request exceeds that limit, the server will return an error response # instead of servicing the request. # define apache::vhost( Variant[Boolean,String] $docroot, $manage_docroot = true, $virtual_docroot = false, $port = undef, $ip = undef, Boolean $ip_based = false, $add_listen = true, $docroot_owner = 'root', $docroot_group = $::apache::params::root_group, $docroot_mode = undef, Array[Enum['h2', 'h2c', 'http/1.1']] $protocols = [], Optional[Boolean] $protocols_honor_order = undef, $serveradmin = undef, Boolean $ssl = false, $ssl_cert = $::apache::default_ssl_cert, $ssl_key = $::apache::default_ssl_key, $ssl_chain = $::apache::default_ssl_chain, $ssl_ca = $::apache::default_ssl_ca, $ssl_crl_path = $::apache::default_ssl_crl_path, $ssl_crl = $::apache::default_ssl_crl, $ssl_crl_check = $::apache::default_ssl_crl_check, $ssl_certs_dir = $::apache::params::ssl_certs_dir, $ssl_protocol = undef, $ssl_cipher = undef, $ssl_honorcipherorder = undef, $ssl_verify_client = undef, $ssl_verify_depth = undef, Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_proxy_verify = undef, Optional[Integer[0]] $ssl_proxy_verify_depth = undef, $ssl_proxy_ca_cert = undef, Optional[Enum['on', 'off']] $ssl_proxy_check_peer_cn = undef, Optional[Enum['on', 'off']] $ssl_proxy_check_peer_name = undef, Optional[Enum['on', 'off']] $ssl_proxy_check_peer_expire = undef, $ssl_proxy_machine_cert = undef, $ssl_proxy_cipher_suite = undef, $ssl_proxy_protocol = undef, $ssl_options = undef, $ssl_openssl_conf_cmd = undef, Boolean $ssl_proxyengine = false, Optional[Boolean] $ssl_stapling = undef, $ssl_stapling_timeout = undef, $ssl_stapling_return_errors = undef, $priority = undef, Boolean $default_vhost = false, $servername = $name, $serveraliases = [], $options = ['Indexes','FollowSymLinks','MultiViews'], $override = ['None'], $directoryindex = '', $vhost_name = '*', $logroot = $::apache::logroot, Enum['directory', 'absent'] $logroot_ensure = 'directory', $logroot_mode = undef, $logroot_owner = undef, $logroot_group = undef, Optional[Apache::LogLevel] $log_level = undef, Boolean $access_log = true, $access_log_file = false, $access_log_pipe = false, $access_log_syslog = false, $access_log_format = false, $access_log_env_var = false, Optional[Array] $access_logs = undef, $aliases = undef, Optional[Variant[Hash, Array[Variant[Array,Hash]]]] $directories = undef, Boolean $error_log = true, $error_log_file = undef, $error_log_pipe = undef, $error_log_syslog = undef, Optional[ Array[ Variant[ String, Hash[String, Enum['connection', 'request']] ] ] ] $error_log_format = undef, Optional[Pattern[/^((Strict|Unsafe)?\s*(\b(Registered|Lenient)Methods)?\s*(\b(Allow0\.9|Require1\.0))?)$/]] $http_protocol_options = undef, $modsec_audit_log = undef, $modsec_audit_log_file = undef, $modsec_audit_log_pipe = undef, $error_documents = [], Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]] $fallbackresource = undef, $scriptalias = undef, $scriptaliases = [], Optional[Integer] $limitreqfieldsize = undef, Optional[Integer] $limitreqfields = undef, Optional[Integer] $limitreqline = undef, Optional[Integer] $limitreqbody = undef, $proxy_dest = undef, $proxy_dest_match = undef, $proxy_dest_reverse_match = undef, $proxy_pass = undef, $proxy_pass_match = undef, Boolean $proxy_requests = false, $suphp_addhandler = $::apache::params::suphp_addhandler, Enum['on', 'off'] $suphp_engine = $::apache::params::suphp_engine, $suphp_configpath = $::apache::params::suphp_configpath, $php_flags = {}, $php_values = {}, $php_admin_flags = {}, $php_admin_values = {}, $no_proxy_uris = [], $no_proxy_uris_match = [], $proxy_preserve_host = false, $proxy_add_headers = undef, $proxy_error_override = false, $redirect_source = '/', $redirect_dest = undef, $redirect_status = undef, $redirectmatch_status = undef, $redirectmatch_regexp = undef, $redirectmatch_dest = undef, $headers = undef, $request_headers = undef, $filters = undef, Optional[Array] $rewrites = undef, $rewrite_base = undef, $rewrite_rule = undef, $rewrite_cond = undef, $rewrite_inherit = false, $setenv = [], $setenvif = [], $setenvifnocase = [], $block = [], Enum['absent', 'present'] $ensure = 'present', $wsgi_application_group = undef, Optional[Variant[String,Hash]] $wsgi_daemon_process = undef, Optional[Hash] $wsgi_daemon_process_options = undef, $wsgi_import_script = undef, Optional[Hash] $wsgi_import_script_options = undef, $wsgi_process_group = undef, Optional[Hash] $wsgi_script_aliases_match = undef, Optional[Hash] $wsgi_script_aliases = undef, Optional[Enum['on', 'off', 'On', 'Off']] $wsgi_pass_authorization = undef, $wsgi_chunked_request = undef, Optional[String] $custom_fragment = undef, Optional[Hash] $itk = undef, $action = undef, $fastcgi_server = undef, $fastcgi_socket = undef, $fastcgi_dir = undef, $fastcgi_idle_timeout = undef, $additional_includes = [], $use_optional_includes = $::apache::use_optional_includes, $apache_version = $::apache::apache_version, Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef, Optional[Pattern[/^[\w-]+ [\w-]+$/]] $suexec_user_group = undef, Optional[Boolean] $h2_copy_files = undef, Optional[Boolean] $h2_direct = undef, Optional[Boolean] $h2_early_hints = undef, Optional[Integer] $h2_max_session_streams = undef, Optional[Boolean] $h2_modern_tls_only = undef, Optional[Boolean] $h2_push = undef, Optional[Integer] $h2_push_diary_size = undef, Array[String] $h2_push_priority = [], Array[String] $h2_push_resource = [], Optional[Boolean] $h2_serialize_headers = undef, Optional[Integer] $h2_stream_max_mem_size = undef, Optional[Integer] $h2_tls_cool_down_secs = undef, Optional[Integer] $h2_tls_warm_up_size = undef, Optional[Boolean] $h2_upgrade = undef, Optional[Integer] $h2_window_size = undef, Optional[Boolean] $passenger_enabled = undef, Optional[String] $passenger_base_uri = undef, Optional[Stdlib::Absolutepath] $passenger_ruby = undef, Optional[Stdlib::Absolutepath] $passenger_python = undef, Optional[Stdlib::Absolutepath] $passenger_nodejs = undef, Optional[String] $passenger_meteor_app_settings = undef, Optional[String] $passenger_app_env = undef, Optional[Stdlib::Absolutepath] $passenger_app_root = undef, Optional[String] $passenger_app_group_name = undef, Optional[String] $passenger_app_start_command = undef, Optional[Enum['meteor', 'node', 'rack', 'wsgi']] $passenger_app_type = undef, Optional[String] $passenger_startup_file = undef, Optional[String] $passenger_restart_dir = undef, Optional[Enum['direct', 'smart']] $passenger_spawn_method = undef, Optional[Boolean] $passenger_load_shell_envvars = undef, Optional[Boolean] $passenger_rolling_restarts = undef, Optional[Boolean] $passenger_resist_deployment_errors = undef, Optional[String] $passenger_user = undef, Optional[String] $passenger_group = undef, Optional[Boolean] $passenger_friendly_error_pages = undef, Optional[Integer] $passenger_min_instances = undef, Optional[Integer] $passenger_max_instances = undef, Optional[Integer] $passenger_max_preloader_idle_time = undef, Optional[Integer] $passenger_force_max_concurrent_requests_per_process = undef, Optional[Integer] $passenger_start_timeout = undef, Optional[Enum['process', 'thread']] $passenger_concurrency_model = undef, Optional[Integer] $passenger_thread_count = undef, Optional[Integer] $passenger_max_requests = undef, Optional[Integer] $passenger_max_request_time = undef, Optional[Integer] $passenger_memory_limit = undef, Optional[Integer] $passenger_stat_throttle_rate = undef, Optional[Variant[String,Array[String]]] $passenger_pre_start = undef, Optional[Boolean] $passenger_high_performance = undef, Optional[Boolean] $passenger_buffer_upload = undef, Optional[Boolean] $passenger_buffer_response = undef, Optional[Boolean] $passenger_error_override = undef, Optional[Integer] $passenger_max_request_queue_size = undef, Optional[Integer] $passenger_max_request_queue_time = undef, Optional[Boolean] $passenger_sticky_sessions = undef, Optional[String] $passenger_sticky_sessions_cookie_name = undef, Optional[String] $passenger_sticky_sessions_cookie_attributes = undef, Optional[Boolean] $passenger_allow_encoded_slashes = undef, Optional[String] $passenger_app_log_file = undef, Optional[Boolean] $passenger_debugger = undef, Optional[Integer] $passenger_lve_min_uid = undef, $add_default_charset = undef, $modsec_disable_vhost = undef, Optional[Variant[Hash, Array]] $modsec_disable_ids = undef, $modsec_disable_ips = undef, Optional[Variant[Hash, Array]] $modsec_disable_msgs = undef, Optional[Variant[Hash, Array]] $modsec_disable_tags = undef, $modsec_body_limit = undef, $jk_mounts = undef, Boolean $auth_kerb = false, $krb_method_negotiate = 'on', $krb_method_k5passwd = 'on', $krb_authoritative = 'on', $krb_auth_realms = [], $krb_5keytab = undef, $krb_local_user_mapping = undef, $krb_verify_kdc = 'on', $krb_servicename = 'HTTP', $krb_save_credentials = 'off', Optional[Enum['on', 'off']] $keepalive = undef, $keepalive_timeout = undef, $max_keepalive_requests = undef, $cas_attribute_prefix = undef, $cas_attribute_delimiter = undef, $cas_root_proxied_as = undef, $cas_scrub_request_headers = undef, $cas_sso_enabled = undef, $cas_login_url = undef, $cas_validate_url = undef, $cas_validate_saml = undef, Optional[String] $shib_compat_valid_user = undef, Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']] $use_canonical_name = undef, Optional[Variant[String,Array[String]]] $comment = undef, Hash $define = {}, Boolean $auth_oidc = false, Optional[Apache::OIDCSettings] $oidc_settings = undef, ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { fail('You must include the apache base class before using any apache defined resources') } $apache_name = $::apache::apache_name if $rewrites { unless empty($rewrites) { $rewrites_flattened = delete_undef_values(flatten([$rewrites])) assert_type(Array[Hash], $rewrites_flattened) } } # Input validation begins if $access_log_file and $access_log_pipe { fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time") } if $error_log_file and $error_log_pipe { fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time") } if $modsec_audit_log_file and $modsec_audit_log_pipe { fail("Apache::Vhost[${name}]: 'modsec_audit_log_file' and 'modsec_audit_log_pipe' cannot be defined at the same time") } # Input validation ends if $ssl and $ensure == 'present' { include ::apache::mod::ssl # Required for the AddType lines. include ::apache::mod::mime } if $auth_kerb and $ensure == 'present' { include ::apache::mod::auth_kerb } if $auth_oidc and $ensure == 'present' { include ::apache::mod::auth_openidc } if $virtual_docroot { include ::apache::mod::vhost_alias } if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { include ::apache::mod::wsgi } if $suexec_user_group { include ::apache::mod::suexec } if $passenger_enabled != undef or $passenger_start_timeout != undef or $passenger_ruby != undef or $passenger_python != undef or $passenger_nodejs != undef or $passenger_meteor_app_settings != undef or $passenger_app_env != undef or $passenger_app_root != undef or $passenger_app_group_name != undef or $passenger_app_start_command != undef or $passenger_app_type != undef or $passenger_startup_file != undef or $passenger_restart_dir != undef or $passenger_spawn_method != undef or $passenger_load_shell_envvars != undef or $passenger_rolling_restarts != undef or $passenger_resist_deployment_errors != undef or $passenger_min_instances != undef or $passenger_max_instances != undef or $passenger_max_preloader_idle_time != undef or $passenger_force_max_concurrent_requests_per_process != undef or $passenger_concurrency_model != undef or $passenger_thread_count != undef or $passenger_high_performance != undef or $passenger_max_request_queue_size != undef or $passenger_max_request_queue_time != undef or $passenger_user != undef or $passenger_group != undef or $passenger_friendly_error_pages != undef or $passenger_buffer_upload != undef or $passenger_buffer_response != undef or $passenger_allow_encoded_slashes != undef or $passenger_lve_min_uid != undef or $passenger_base_uri != undef or $passenger_error_override != undef or $passenger_sticky_sessions != undef or $passenger_sticky_sessions_cookie_name != undef or $passenger_sticky_sessions_cookie_attributes != undef or $passenger_app_log_file != undef or $passenger_debugger != undef or $passenger_max_requests != undef or $passenger_max_request_time != undef or $passenger_memory_limit != undef { include ::apache::mod::passenger } # Configure the defaultness of a vhost if $priority { $priority_real = "${priority}-" } elsif $priority == false { $priority_real = '' } elsif $default_vhost { $priority_real = '10-' } else { $priority_real = '25-' } ## Apache include does not always work with spaces in the filename $filename = regsubst($name, ' ', '_', 'G') # This ensures that the docroot exists # But enables it to be specified across multiple vhost resources if $manage_docroot and $docroot and ! defined(File[$docroot]) { file { $docroot: ensure => directory, owner => $docroot_owner, group => $docroot_group, mode => $docroot_mode, require => Package['httpd'], before => Concat["${priority_real}${filename}.conf"], } } # Same as above, but for logroot if ! defined(File[$logroot]) { file { $logroot: ensure => $logroot_ensure, owner => $logroot_owner, group => $logroot_group, mode => $logroot_mode, require => Package['httpd'], before => Concat["${priority_real}${filename}.conf"], notify => Class['Apache::Service'], } } # Is apache::mod::shib enabled (or apache::mod['shib2']) $shibboleth_enabled = defined(Apache::Mod['shib2']) # Is apache::mod::cas enabled (or apache::mod['cas']) $cas_enabled = defined(Apache::Mod['auth_cas']) if $access_log and !$access_logs { $_access_logs = [{ 'file' => $access_log_file, 'pipe' => $access_log_pipe, 'syslog' => $access_log_syslog, 'format' => $access_log_format, 'env' => $access_log_env_var }] } elsif $access_logs { $_access_logs = $access_logs } if $error_log_file { if $error_log_file =~ /^\// { # Absolute path provided - don't prepend $logroot $error_log_destination = $error_log_file } else { $error_log_destination = "${logroot}/${error_log_file}" } } elsif $error_log_pipe { $error_log_destination = $error_log_pipe } elsif $error_log_syslog { $error_log_destination = $error_log_syslog } else { if $ssl { $error_log_destination = "${logroot}/${name}_error_ssl.log" } else { $error_log_destination = "${logroot}/${name}_error.log" } } if versioncmp($apache_version, '2.4') >= 0 { $error_log_format24 = $error_log_format } else { $error_log_format24 = undef } if $modsec_audit_log == false { $modsec_audit_log_destination = undef } elsif $modsec_audit_log_file { $modsec_audit_log_destination = "${logroot}/${modsec_audit_log_file}" } elsif $modsec_audit_log_pipe { $modsec_audit_log_destination = $modsec_audit_log_pipe } elsif $modsec_audit_log { if $ssl { $modsec_audit_log_destination = "${logroot}/${name}_security_ssl.log" } else { $modsec_audit_log_destination = "${logroot}/${name}_security.log" } } else { $modsec_audit_log_destination = undef } if $ip { $_ip = any2array(enclose_ipv6($ip)) if $port { $_port = any2array($port) $listen_addr_port = split(inline_template("<%= @_ip.product(@_port).map {|x| x.join(':') }.join(',')%>"), ',') $nvh_addr_port = split(inline_template("<%= @_ip.product(@_port).map {|x| x.join(':') }.join(',')%>"), ',') } else { $listen_addr_port = undef $nvh_addr_port = $_ip if ! $servername and ! $ip_based { fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts") } } } else { if $port { $listen_addr_port = $port $nvh_addr_port = prefix(any2array($port),"${vhost_name}:") } else { $listen_addr_port = undef $nvh_addr_port = $name if ! $servername and $servername != '' { fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter") } } } if $add_listen { if $ip and defined(Apache::Listen[String($port)]) { fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") } if $listen_addr_port and $ensure == 'present' { ensure_resource('apache::listen', $listen_addr_port) } } if ! $ip_based { if $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) { ensure_resource('apache::namevirtualhost', $nvh_addr_port) } } # Load mod_rewrite if needed and not yet loaded if $rewrites or $rewrite_cond { if ! defined(Class['apache::mod::rewrite']) { include ::apache::mod::rewrite } } # Load mod_alias if needed and not yet loaded if ($scriptalias or $scriptaliases != []) or ($aliases and $aliases != []) or ($redirect_source and $redirect_dest) or ($redirectmatch_regexp or $redirectmatch_status or $redirectmatch_dest){ if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') { include ::apache::mod::alias } } # Load mod_proxy if needed and not yet loaded if ($proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match) { if ! defined(Class['apache::mod::proxy']) { include ::apache::mod::proxy } if ! defined(Class['apache::mod::proxy_http']) { include ::apache::mod::proxy_http } } # Load mod_fastcgi if needed and not yet loaded if $fastcgi_server and $fastcgi_socket { if ! defined(Class['apache::mod::fastcgi']) { include ::apache::mod::fastcgi } } # Check if mod_headers is required to process $headers/$request_headers if $headers or $request_headers { if ! defined(Class['apache::mod::headers']) { include ::apache::mod::headers } } # Check if mod_filter is required to process $filters if $filters { if ! defined(Class['apache::mod::filter']) { include ::apache::mod::filter } } # Check if mod_env is required and not yet loaded. # create an expression to simplify the conditional check $use_env_mod = $setenv and ! empty($setenv) if ($use_env_mod) { if ! defined(Class['apache::mod::env']) { include ::apache::mod::env } } # Check if mod_setenvif is required and not yet loaded. # create an expression to simplify the conditional check $use_setenvif_mod = ($setenvif and ! empty($setenvif)) or ($setenvifnocase and ! empty($setenvifnocase)) if ($use_setenvif_mod) { if ! defined(Class['apache::mod::setenvif']) { include ::apache::mod::setenvif } } ## Create a default directory list if none defined if $directories { $_directories = $directories } elsif $docroot { $_directory = { provider => 'directory', path => $docroot, options => $options, allow_override => $override, directoryindex => $directoryindex, } if versioncmp($apache_version, '2.4') >= 0 { $_directory_version = { require => 'all granted', } } else { $_directory_version = { order => 'allow,deny', allow => 'from all', } } $_directories = [ merge($_directory, $_directory_version) ] } else { $_directories = undef } ## Create a global LocationMatch if locations aren't defined if $modsec_disable_ids { if $modsec_disable_ids =~ Array { $_modsec_disable_ids = { '.*' => $modsec_disable_ids } } else { $_modsec_disable_ids = $modsec_disable_ids } } if $modsec_disable_msgs { if $modsec_disable_msgs =~ Array { $_modsec_disable_msgs = { '.*' => $modsec_disable_msgs } } else { $_modsec_disable_msgs = $modsec_disable_msgs } } if $modsec_disable_tags { if $modsec_disable_tags =~ Array { $_modsec_disable_tags = { '.*' => $modsec_disable_tags } } else { $_modsec_disable_tags = $modsec_disable_tags } } concat { "${priority_real}${filename}.conf": ensure => $ensure, path => "${::apache::vhost_dir}/${priority_real}${filename}.conf", owner => 'root', group => $::apache::params::root_group, mode => $::apache::file_mode, order => 'numeric', require => Package['httpd'], notify => Class['apache::service'], } # NOTE(pabelanger): This code is duplicated in ::apache::vhost::custom and # needs to be converted into something generic. if $::apache::vhost_enable_dir { $vhost_enable_dir = $::apache::vhost_enable_dir $vhost_symlink_ensure = $ensure ? { present => link, default => $ensure, } file{ "${priority_real}${filename}.conf symlink": ensure => $vhost_symlink_ensure, path => "${vhost_enable_dir}/${priority_real}${filename}.conf", target => "${::apache::vhost_dir}/${priority_real}${filename}.conf", owner => 'root', group => $::apache::params::root_group, mode => $::apache::file_mode, require => Concat["${priority_real}${filename}.conf"], notify => Class['apache::service'], } } # Template uses: # - $comment # - $nvh_addr_port # - $servername # - $serveradmin # - $protocols # - $protocols_honor_order # - $apache_version concat::fragment { "${name}-apache-header": target => "${priority_real}${filename}.conf", order => 0, content => template('apache/vhost/_file_header.erb'), } # Template uses: # - $virtual_docroot # - $docroot if $docroot { concat::fragment { "${name}-docroot": target => "${priority_real}${filename}.conf", order => 10, content => template('apache/vhost/_docroot.erb'), } } # Template uses: # - $aliases if $aliases and ! empty($aliases) { concat::fragment { "${name}-aliases": target => "${priority_real}${filename}.conf", order => 20, content => template('apache/vhost/_aliases.erb'), } } # Template uses: # - $itk # - $::kernelversion if $itk and ! empty($itk) { concat::fragment { "${name}-itk": target => "${priority_real}${filename}.conf", order => 30, content => template('apache/vhost/_itk.erb'), } } # Template uses: # - $fallbackresource if $fallbackresource { concat::fragment { "${name}-fallbackresource": target => "${priority_real}${filename}.conf", order => 40, content => template('apache/vhost/_fallbackresource.erb'), } } # Template uses: # - $allow_encoded_slashes if $allow_encoded_slashes { concat::fragment { "${name}-allow_encoded_slashes": target => "${priority_real}${filename}.conf", order => 50, content => template('apache/vhost/_allow_encoded_slashes.erb'), } } # Template uses: # - $_directories # - $docroot # - $apache_version # - $suphp_engine # - $shibboleth_enabled if $_directories and ! empty($_directories) { concat::fragment { "${name}-directories": target => "${priority_real}${filename}.conf", order => 60, content => template('apache/vhost/_directories.erb'), } } # Template uses: # - $additional_includes if $additional_includes and ! empty($additional_includes) { concat::fragment { "${name}-additional_includes": target => "${priority_real}${filename}.conf", order => 70, content => template('apache/vhost/_additional_includes.erb'), } } # Template uses: # - $error_log # - $error_log_format24 # - $log_level # - $error_log_destination # - $log_level if $error_log or $log_level { concat::fragment { "${name}-logging": target => "${priority_real}${filename}.conf", order => 80, content => template('apache/vhost/_logging.erb'), } } # Template uses no variables concat::fragment { "${name}-serversignature": target => "${priority_real}${filename}.conf", order => 90, content => template('apache/vhost/_serversignature.erb'), } # Template uses: # - $access_log # - $_access_log_env_var # - $access_log_destination # - $_access_log_format # - $_access_log_env_var # - $access_logs if $access_log or $access_logs { concat::fragment { "${name}-access_log": target => "${priority_real}${filename}.conf", order => 100, content => template('apache/vhost/_access_log.erb'), } } # Template uses: # - $action if $action { concat::fragment { "${name}-action": target => "${priority_real}${filename}.conf", order => 110, content => template('apache/vhost/_action.erb'), } } # Template uses: # - $block # - $apache_version if $block and ! empty($block) { concat::fragment { "${name}-block": target => "${priority_real}${filename}.conf", order => 120, content => template('apache/vhost/_block.erb'), } } # Template uses: # - $error_documents if $error_documents and ! empty($error_documents) { concat::fragment { "${name}-error_document": target => "${priority_real}${filename}.conf", order => 130, content => template('apache/vhost/_error_document.erb'), } } # Template uses: # - $headers if $headers and ! empty($headers) { concat::fragment { "${name}-header": target => "${priority_real}${filename}.conf", order => 140, content => template('apache/vhost/_header.erb'), } } # Template uses: # - $request_headers if $request_headers and ! empty($request_headers) { concat::fragment { "${name}-requestheader": target => "${priority_real}${filename}.conf", order => 150, content => template('apache/vhost/_requestheader.erb'), } } # Template uses: # - $ssl_proxyengine # - $ssl_proxy_verify # - $ssl_proxy_verify_depth # - $ssl_proxy_ca_cert # - $ssl_proxy_check_peer_cn # - $ssl_proxy_check_peer_name # - $ssl_proxy_check_peer_expire # - $ssl_proxy_machine_cert # - $ssl_proxy_protocol if $ssl_proxyengine { concat::fragment { "${name}-sslproxy": target => "${priority_real}${filename}.conf", order => 160, content => template('apache/vhost/_sslproxy.erb'), } } # Template uses: # - $proxy_dest # - $proxy_pass # - $proxy_pass_match # - $proxy_preserve_host # - $proxy_add_headers # - $no_proxy_uris if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match or $proxy_preserve_host { concat::fragment { "${name}-proxy": target => "${priority_real}${filename}.conf", order => 170, content => template('apache/vhost/_proxy.erb'), } } # Template uses: # - $redirect_source # - $redirect_dest # - $redirect_status # - $redirect_dest_a # - $redirect_source_a # - $redirect_status_a # - $redirectmatch_status # - $redirectmatch_regexp # - $redirectmatch_dest # - $redirectmatch_status_a # - $redirectmatch_regexp_a # - $redirectmatch_dest if ($redirect_source and $redirect_dest) or ($redirectmatch_regexp and $redirectmatch_dest) { concat::fragment { "${name}-redirect": target => "${priority_real}${filename}.conf", order => 180, content => template('apache/vhost/_redirect.erb'), } } # Template uses: # - $rewrites # - $rewrite_base # - $rewrite_rule # - $rewrite_cond # - $rewrite_map if $rewrites or $rewrite_rule { concat::fragment { "${name}-rewrite": target => "${priority_real}${filename}.conf", order => 190, content => template('apache/vhost/_rewrite.erb'), } } # Template uses: # - $scriptaliases # - $scriptalias if ( $scriptalias or $scriptaliases != [] ) { concat::fragment { "${name}-scriptalias": target => "${priority_real}${filename}.conf", order => 200, content => template('apache/vhost/_scriptalias.erb'), } } # Template uses: # - $serveraliases if $serveraliases and ! empty($serveraliases) { concat::fragment { "${name}-serveralias": target => "${priority_real}${filename}.conf", order => 210, content => template('apache/vhost/_serveralias.erb'), } } # Template uses: # - $setenv # - $setenvif if ($use_env_mod or $use_setenvif_mod) { concat::fragment { "${name}-setenv": target => "${priority_real}${filename}.conf", order => 220, content => template('apache/vhost/_setenv.erb'), } } # Template uses: # - $ssl # - $ssl_cert # - $ssl_key # - $ssl_chain # - $ssl_certs_dir # - $ssl_ca # - $ssl_crl_path # - $ssl_crl # - $ssl_crl_check # - $ssl_protocol # - $ssl_cipher # - $ssl_honorcipherorder # - $ssl_verify_client # - $ssl_verify_depth # - $ssl_options # - $ssl_openssl_conf_cmd # - $ssl_stapling # - $apache_version if $ssl { concat::fragment { "${name}-ssl": target => "${priority_real}${filename}.conf", order => 230, content => template('apache/vhost/_ssl.erb'), } } # Template uses: # - $auth_kerb # - $krb_method_negotiate # - $krb_method_k5passwd # - $krb_authoritative # - $krb_auth_realms # - $krb_5keytab # - $krb_local_user_mapping if $auth_kerb { concat::fragment { "${name}-auth_kerb": target => "${priority_real}${filename}.conf", order => 230, content => template('apache/vhost/_auth_kerb.erb'), } } # Template uses: # - $suphp_engine # - $suphp_addhandler # - $suphp_configpath if $suphp_engine == 'on' { concat::fragment { "${name}-suphp": target => "${priority_real}${filename}.conf", order => 240, content => template('apache/vhost/_suphp.erb'), } } # Template uses: # - $php_values # - $php_flags if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) { concat::fragment { "${name}-php": target => "${priority_real}${filename}.conf", order => 240, content => template('apache/vhost/_php.erb'), } } # Template uses: # - $php_admin_values # - $php_admin_flags if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { concat::fragment { "${name}-php_admin": target => "${priority_real}${filename}.conf", order => 250, content => template('apache/vhost/_php_admin.erb'), } } # Template uses: # - $wsgi_application_group # - $wsgi_daemon_process # - $wsgi_daemon_process_options # - $wsgi_import_script # - $wsgi_import_script_options # - $wsgi_process_group # - $wsgi_script_aliases # - $wsgi_pass_authorization if $wsgi_daemon_process_options { deprecation('apache::vhost::wsgi_daemon_process_options', 'This parameter is deprecated. Please add values inside Hash `wsgi_daemon_process`.') } if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { concat::fragment { "${name}-wsgi": target => "${priority_real}${filename}.conf", order => 260, content => template('apache/vhost/_wsgi.erb'), } } # Template uses: # - $custom_fragment if $custom_fragment { concat::fragment { "${name}-custom_fragment": target => "${priority_real}${filename}.conf", order => 270, content => template('apache/vhost/_custom_fragment.erb'), } } # Template uses: # - $fastcgi_server # - $fastcgi_socket # - $fastcgi_dir # - $fastcgi_idle_timeout # - $apache_version if $fastcgi_server or $fastcgi_dir { concat::fragment { "${name}-fastcgi": target => "${priority_real}${filename}.conf", order => 280, content => template('apache/vhost/_fastcgi.erb'), } } # Template uses: # - $suexec_user_group if $suexec_user_group { concat::fragment { "${name}-suexec": target => "${priority_real}${filename}.conf", order => 290, content => template('apache/vhost/_suexec.erb'), } } if $h2_copy_files != undef or $h2_direct != undef or $h2_early_hints != undef or $h2_max_session_streams != undef or $h2_modern_tls_only != undef or $h2_push != undef or $h2_push_diary_size != undef or $h2_push_priority != [] or $h2_push_resource != [] or $h2_serialize_headers != undef or $h2_stream_max_mem_size != undef or $h2_tls_cool_down_secs != undef or $h2_tls_warm_up_size != undef or $h2_upgrade != undef or $h2_window_size != undef { include ::apache::mod::http2 concat::fragment { "${name}-http2": target => "${priority_real}${filename}.conf", order => 300, content => template('apache/vhost/_http2.erb'), } } # Template uses: # - $passenger_enabled # - $passenger_start_timeout # - $passenger_ruby # - $passenger_python # - $passenger_nodejs # - $passenger_meteor_app_settings # - $passenger_app_env # - $passenger_app_root # - $passenger_app_group_name # - $passenger_app_start_command # - $passenger_app_type # - $passenger_startup_file # - $passenger_restart_dir # - $passenger_spawn_method # - $passenger_load_shell_envvars # - $passenger_rolling_restarts # - $passenger_resist_deployment_errors # - $passenger_min_instances # - $passenger_max_instances # - $passenger_max_preloader_idle_time # - $passenger_force_max_concurrent_requests_per_process # - $passenger_concurrency_model # - $passenger_thread_count # - $passenger_high_performance # - $passenger_max_request_queue_size # - $passenger_max_request_queue_time # - $passenger_user # - $passenger_group # - $passenger_friendly_error_pages # - $passenger_buffer_upload # - $passenger_buffer_response # - $passenger_allow_encoded_slashes # - $passenger_lve_min_uid # - $passenger_base_uri # - $passenger_error_override # - $passenger_sticky_sessions # - $passenger_sticky_sessions_cookie_name # - $passenger_sticky_sessions_cookie_attributes # - $passenger_app_log_file # - $passenger_debugger # - $passenger_max_requests # - $passenger_max_request_time # - $passenger_memory_limit if $passenger_enabled != undef or $passenger_start_timeout != undef or $passenger_ruby != undef or $passenger_python != undef or $passenger_nodejs != undef or $passenger_meteor_app_settings != undef or $passenger_app_env != undef or $passenger_app_root != undef or $passenger_app_group_name != undef or $passenger_app_start_command != undef or $passenger_app_type != undef or $passenger_startup_file != undef or $passenger_restart_dir != undef or $passenger_spawn_method != undef or $passenger_load_shell_envvars != undef or $passenger_rolling_restarts != undef or $passenger_resist_deployment_errors != undef or $passenger_min_instances != undef or $passenger_max_instances != undef or $passenger_max_preloader_idle_time != undef or $passenger_force_max_concurrent_requests_per_process != undef or $passenger_concurrency_model != undef or $passenger_thread_count != undef or $passenger_high_performance != undef or $passenger_max_request_queue_size != undef or $passenger_max_request_queue_time != undef or $passenger_user != undef or $passenger_group != undef or $passenger_friendly_error_pages != undef or $passenger_buffer_upload != undef or $passenger_buffer_response != undef or $passenger_allow_encoded_slashes != undef or $passenger_lve_min_uid != undef or $passenger_base_uri != undef or $passenger_error_override != undef or $passenger_sticky_sessions != undef or $passenger_sticky_sessions_cookie_name != undef or $passenger_sticky_sessions_cookie_attributes != undef or $passenger_app_log_file != undef or $passenger_debugger != undef or $passenger_max_requests != undef or $passenger_max_request_time != undef or $passenger_memory_limit != undef { concat::fragment { "${name}-passenger": target => "${priority_real}${filename}.conf", order => 300, content => template('apache/vhost/_passenger.erb'), } } # Template uses: # - $add_default_charset if $add_default_charset { concat::fragment { "${name}-charsets": target => "${priority_real}${filename}.conf", order => 310, content => template('apache/vhost/_charsets.erb'), } } # Template uses: # - $modsec_disable_vhost # - $modsec_disable_ids # - $modsec_disable_ips # - $modsec_disable_msgs # - $modsec_disable_tags # - $modsec_body_limit # - $modsec_audit_log_destination if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips or $modsec_disable_msgs or $modsec_disable_tags or $modsec_audit_log_destination { concat::fragment { "${name}-security": target => "${priority_real}${filename}.conf", order => 320, content => template('apache/vhost/_security.erb'), } } # Template uses: # - $filters if $filters and ! empty($filters) { concat::fragment { "${name}-filters": target => "${priority_real}${filename}.conf", order => 330, content => template('apache/vhost/_filters.erb'), } } # Template uses: # - $jk_mounts if $jk_mounts and ! empty($jk_mounts) { concat::fragment { "${name}-jk_mounts": target => "${priority_real}${filename}.conf", order => 340, content => template('apache/vhost/_jk_mounts.erb'), } } # Template uses: # - $keepalive # - $keepalive_timeout # - $max_keepalive_requests if $keepalive or $keepalive_timeout or $max_keepalive_requests { concat::fragment { "${name}-keepalive_options": target => "${priority_real}${filename}.conf", order => 350, content => template('apache/vhost/_keepalive_options.erb'), } } # Template uses: # - $cas_* if $cas_enabled { concat::fragment { "${name}-auth_cas": target => "${priority_real}${filename}.conf", order => 350, content => template('apache/vhost/_auth_cas.erb'), } } # Template uses: # - $http_protocol_options if $http_protocol_options { concat::fragment { "${name}-http_protocol_options": target => "${priority_real}${filename}.conf", order => 350, content => template('apache/vhost/_http_protocol_options.erb'), } } # Template uses: # - $auth_oidc # - $oidc_settings if $auth_oidc { concat::fragment { "${name}-auth_oidc": target => "${priority_real}${filename}.conf", order => 360, content => template('apache/vhost/_auth_oidc.erb'), } } # Template uses: # - $shib_compat_valid_user if $shibboleth_enabled { concat::fragment { "${name}-shibboleth": target => "${priority_real}${filename}.conf", order => 370, content => template('apache/vhost/_shib.erb'), } } # - $use_canonical_name if $use_canonical_name { concat::fragment { "${name}-use_canonical_name": target => "${priority_real}${filename}.conf", order => 360, content => template('apache/vhost/_use_canonical_name.erb'), } } # Template uses no variables concat::fragment { "${name}-file_footer": target => "${priority_real}${filename}.conf", order => 999, content => template('apache/vhost/_file_footer.erb'), } } diff --git a/metadata.json b/metadata.json index c399a690..a95496c0 100644 --- a/metadata.json +++ b/metadata.json @@ -1,87 +1,87 @@ { "name": "puppetlabs-apache", "version": "5.5.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", "source": "https://github.com/puppetlabs/puppetlabs-apache", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "dependencies": [ { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.13.1 < 7.0.0" }, { "name": "puppetlabs/concat", "version_requirement": ">= 2.2.1 < 7.0.0" } ], "operatingsystem_support": [ { "operatingsystem": "RedHat", "operatingsystemrelease": [ "6", "7", "8" ] }, { "operatingsystem": "CentOS", "operatingsystemrelease": [ "6", "7", "8" ] }, { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ "6", "7" ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ "6", "7" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ "8", "9", "10" ] }, { "operatingsystem": "SLES", "operatingsystemrelease": [ "11 SP1", "12", "15" ] }, { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ "14.04", "16.04", "18.04", "20.04" ] } ], "requirements": [ { "name": "puppet", "version_requirement": ">= 5.5.10 < 7.0.0" } ], "description": "Module for Apache configuration", "pdk-version": "1.18.0", - "template-url": "https://github.com/puppetlabs/pdk-templates#master", - "template-ref": "heads/master-0-g9c14433" + "template-url": "https://github.com/puppetlabs/pdk-templates#main", + "template-ref": "heads/main-0-g9c14433" } diff --git a/readmes/README_ja_JP.md b/readmes/README_ja_JP.md index 958b839c..2e9a5648 100644 --- a/readmes/README_ja_JP.md +++ b/readmes/README_ja_JP.md @@ -1,5753 +1,5753 @@ # apache [モジュールの概要]: #module-description [セットアップ]: #setup [Apacheの使用を始める]: #beginning-with-apache [使用方法]: #usage [バーチャルホストの設定]: #configuring-virtual-hosts [SSLを使ったバーチャルホストの設定]: #configuring-virtual-hosts-with-ssl [バーチャルホストのポートおよびアドレスのバインディング設定]: #configuring-virtual-host-port-and-address-bindings [アプリおよびプロセッサのバーチャルホストの設定]: #configuring-virtual-hosts-for-apps-and-processors [IPベースのバーチャルホストの設定]: #configuring-ip-based-virtual-hosts [Apacheモジュールのインストール]: #installing-apache-modules [任意モジュールのインストール]: #installing-arbitrary-modules [固有モジュールのインストール]: #installing-specific-modules [FastCGIサーバの設定]: #configuring-fastcgi-servers-to-handle-php-files [ロードバランシングの例]: #load-balancing-examples [apacheの影響]: #what-the-apache-module-affects [リファレンス]: #reference [パブリッククラス]: #public-classes [プライベートクラス]: #private-classes [パブリック定義タイプ]: #public-defined-types [プライベート定義タイプ]: #private-defined-types [テンプレート]: #templates [タスク]: #tasks [制約事項]: #limitations [開発]: #development [貢献]: #contributing [`AddDefaultCharset`]: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset [`add_listen`]: #add_listen [`Alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#alias [`AliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#aliasmatch [エイリアスサーバ]: https://httpd.apache.org/docs/current/urlmapping.html [`AllowEncodedSlashes`]: https://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes [`apache`]: #class-apache [`apache_version`]: #apache_version [`apache::balancer`]: #defined-type-apachebalancer [`apache::balancermember`]: #defined-type-apachebalancermember [`apache::fastcgi::server`]: #defined-type-apachefastcgiserver [`apache::mod`]: #defined-type-apachemod [`apache::mod::`]: #classes-apachemodmodule-name [`apache::mod::alias`]: #class-apachemodalias [`apache::mod::auth_cas`]: #class-apachemodauth_cas [`apache::mod::auth_mellon`]: #class-apachemodauth_mellon [`apache::mod::authn_dbd`]: #class-apachemodauthn_dbd [`apache::mod::authnz_ldap`]: #class-apachemodauthnz_ldap [`apache::mod::cluster`]: #class-apachemodcluster [`apache::mod::data]: #class-apachemoddata [`apache::mod::disk_cache`]: #class-apachemoddisk_cache [`apache::mod::dumpio`]: #class-apachemoddumpio [`apache::mod::event`]: #class-apachemodevent [`apache::mod::ext_filter`]: #class-apachemodext_filter [`apache::mod::geoip`]: #class-apachemodgeoip [`apache::mod::itk`]: #class-apachemoditk [`apache::mod::jk`]: #class-apachemodjk [`apache::mod::ldap`]: #class-apachemodldap [`apache::mod::passenger`]: #class-apachemodpassenger [`apache::mod::peruser`]: #class-apachemodperuser [`apache::mod::prefork`]: #class-apachemodprefork [`apache::mod::proxy`]: #class-apachemodproxy [`apache::mod::proxy_balancer`]: #class-apachemodproxybalancer [`apache::mod::proxy_fcgi`]: #class-apachemodproxy_fcgi [`apache::mod::proxy_html`]: #class-apachemodproxy_html [`apache::mod::python`]: #class-apachemodpython [`apache::mod::security`]: #class-apachemodsecurity [`apache::mod::shib`]: #class-apachemodshib [`apache::mod::ssl`]: #class-apachemodssl [`apache::mod::status`]: #class-apachemodstatus [`apache::mod::userdir`]: #class-apachemoduserdir [`apache::mod::worker`]: #class-apachemodworker [`apache::mod::wsgi`]: #class-apachemodwsgi [`apache::params`]: #class-apacheparams [`apache::version`]: #class-apacheversion [`apache::vhost`]: #defined-type-apachevhost [`apache::vhost::custom`]: #defined-type-apachevhostcustom [`apache::vhost::WSGIImportScript`]: #wsgiimportscript [Apache HTTPサーバ]: https://httpd.apache.org [Apacheモジュール]: https://httpd.apache.org/docs/current/mod/ [配列]: https://docs.puppet.com/puppet/latest/reference/lang_data_array.html [オーディットログ]: https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats#audit-log [beaker-rspec]: https://github.com/puppetlabs/beaker-rspec [証明書失効リスト]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationfile [証明書失効リストパス]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationpath [コモンゲートウェイインターフェース]: https://httpd.apache.org/docs/current/howto/cgi.html [`confd_dir`]: #confd_dir [`content`]: #content [CONTRIBUTING.md]: CONTRIBUTING.md [カスタムエラードキュメント]: https://httpd.apache.org/docs/current/custom-error.html [`custom_fragment`]: #custom_fragment [`default_mods`]: #default_mods [`default_ssl_crl`]: #default_ssl_crl [`default_ssl_crl_path`]: #default_ssl_crl_path [`default_ssl_vhost`]: #default_ssl_vhost [`dev_packages`]: #dev_packages [`directory`]: #directory [`directories`]: #parameter-directories-for-apachevhost [`DirectoryIndex`]: https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex [`docroot`]: #docroot [`docroot_owner`]: #docroot_owner [`docroot_group`]: #docroot_group [`DocumentRoot`]: https://httpd.apache.org/docs/current/mod/core.html#documentroot [`EnableSendfile`]: https://httpd.apache.org/docs/current/mod/core.html#enablesendfile [適用モード]: http://selinuxproject.org/page/Guide/Mode [`ensure`]: https://docs.puppet.com/latest/type.html#package-attribute-ensure [`error_log_file`]: #error_log_file [`error_log_syslog`]: #error_log_syslog [`error_log_pipe`]: #error_log_pipe [`ExpiresByType`]: https://httpd.apache.org/docs/current/mod/mod_expires.html#expiresbytype [エクスポートリソース]: http://docs.puppet.com/latest/reference/lang_exported.md [`ExtendedStatus`]: https://httpd.apache.org/docs/current/mod/core.html#extendedstatus [Facter]: http://docs.puppet.com/facter/ [FastCGI]: http://www.fastcgi.com/ [FallbackResource]: https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource [`fallbackresource`]: #fallbackresource [`FileETag`]: https://httpd.apache.org/docs/current/mod/core.html#fileetag [フィルタルール]: https://httpd.apache.org/docs/current/filter.html [`filters`]: #filters [`ForceType`]: https://httpd.apache.org/docs/current/mod/core.html#forcetype [GeoIPScanProxyHeaders]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives [`gentoo/puppet-portage`]: https://github.com/gentoo/puppet-portage [ハッシュ]: https://docs.puppet.com/puppet/latest/reference/lang_data_hash.html [`HttpProtocolOptions`]: http://httpd.apache.org/docs/current/mod/core.html#httpprotocoloptions [`IncludeOptional`]: https://httpd.apache.org/docs/current/mod/core.html#includeoptional [`Include`]: https://httpd.apache.org/docs/current/mod/core.html#include [インターバル構文]: https://httpd.apache.org/docs/current/mod/mod_expires.html#AltSyn [`ip`]: #ip [`ip_based`]: #ip_based [IPベースのバーチャルホスト]: https://httpd.apache.org/docs/current/vhosts/ip-based.html [`KeepAlive`]: https://httpd.apache.org/docs/current/mod/core.html#keepalive [`KeepAliveTimeout`]: https://httpd.apache.org/docs/current/mod/core.html#keepalivetimeout [`keepalive`パラメータ]: #keepalive [`keepalive_timeout`]: #keepalive_timeout [`limitreqfieldsize`]: https://httpd.apache.org/docs/current/mod/core.html#limitrequestfieldsize [`limitreqfields`]: http://httpd.apache.org/docs/current/mod/core.html#limitrequestfields [`lib`]: #lib [`lib_path`]: #lib_path [`Listen`]: https://httpd.apache.org/docs/current/bind.html [`ListenBackLog`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#listenbacklog [`LoadFile`]: https://httpd.apache.org/docs/current/mod/mod_so.html#loadfile [`LogFormat`]: https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat [`logroot`]: #logroot [ログセキュリティ]: https://httpd.apache.org/docs/current/logs.html#security [`manage_docroot`]: #manage_docroot [`manage_user`]: #manage_user [`manage_group`]: #manage_group [`supplementary_groups`]: #supplementary_groups [`MaxConnectionsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxconnectionsperchild [`max_keepalive_requests`]: #max_keepalive_requests [`MaxRequestWorkers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxrequestworkers [`MaxSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxsparethreads [MIME `content-type`]: https://www.iana.org/assignments/media-types/media-types.xhtml [`MinSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#minsparethreads [`mod_alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html [`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas [`mod_auth_kerb`]: http://modauthkerb.sourceforge.net/configure.html [`mod_auth_gssapi`]: https://github.com/modauthgssapi/mod_auth_gssapi [`mod_authnz_external`]: https://github.com/phokz/mod-auth-external [`mod_auth_dbd`]: http://httpd.apache.org/docs/current/mod/mod_authn_dbd.html [`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon [`mod_dbd`]: http://httpd.apache.org/docs/current/mod/mod_dbd.html [`mod_disk_cache`]: https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html [`mod_dumpio`]: https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html [`mod_env`]: http://httpd.apache.org/docs/current/mod/mod_env.html [`mod_expires`]: https://httpd.apache.org/docs/current/mod/mod_expires.html [`mod_ext_filter`]: https://httpd.apache.org/docs/current/mod/mod_ext_filter.html [`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html [`mod_geoip`]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/ [`mod_info`]: https://httpd.apache.org/docs/current/mod/mod_info.html [`mod_ldap`]: https://httpd.apache.org/docs/2.2/mod/mod_ldap.html [`mod_mpm_event`]: https://httpd.apache.org/docs/current/mod/event.html [`mod_negotiation`]: https://httpd.apache.org/docs/current/mod/mod_negotiation.html [`mod_pagespeed`]: https://developers.google.com/speed/pagespeed/module/?hl=en [`mod_passenger`]: https://www.phusionpassenger.com/library/config/apache/reference/ [`mod_php`]: http://php.net/manual/en/book.apache.php [`mod_proxy`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html [`mod_proxy_balancer`]: https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html [`mod_reqtimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html [`mod_python`]: http://modpython.org/ [`mod_rewrite`]: https://httpd.apache.org/docs/current/mod/mod_rewrite.html [`mod_security`]: https://www.modsecurity.org/ [`mod_ssl`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html [`mod_status`]: https://httpd.apache.org/docs/current/mod/mod_status.html [`mod_version`]: https://httpd.apache.org/docs/current/mod/mod_version.html [`mod_wsgi`]: https://modwsgi.readthedocs.org/en/latest/ [モジュール貢献ガイド]: https://docs.puppet.com/forge/contributing.html [`mpm_module`]: #mpm_module [マルチプロセッシングモジュール]: https://httpd.apache.org/docs/current/mpm.html [名前ベースのバーチャルホスト]: https://httpd.apache.org/docs/current/vhosts/name-based.html [`no_proxy_uris`]: #no_proxy_uris [オープンソース版Puppet]: https://docs.puppet.com/puppet/ [`Options`]: https://httpd.apache.org/docs/current/mod/core.html#options [`path`]: #path [`Peruser`]: https://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr [`port`]: #port [`priority`]: #defined-types-apachevhost [`proxy_dest`]: #proxy_dest [`proxy_dest_match`]: #proxy_dest_match [`proxy_pass`]: #proxy_pass [`ProxyPass`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass [`ProxySet`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset [Puppet Enterprise]: https://docs.puppet.com/pe/ [Puppet Forge]: https://forge.puppet.com [Puppet]: https://puppet.com [Puppetモジュール]: https://docs.puppet.com/puppet/latest/reference/modules_fundamentals.html -[Puppetモジュールのコード]: https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp +[Puppetモジュールのコード]: https://github.com/puppetlabs/puppetlabs-apache/blob/main/manifests/default_mods.pp [`purge_configs`]: #purge_configs [`purge_vhost_dir`]: #purge_vhost_dir [Python]: https://www.python.org/ [Rack]: http://rack.github.io/ [`rack_base_uris`]: #rack_base_uris [RFC 2616]: https://www.ietf.org/rfc/rfc2616.txt [`RequestReadTimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html#requestreadtimeout [rspec-puppet]: http://rspec-puppet.com/ [`ScriptAlias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptalias [`ScriptAliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptaliasmatch [`scriptalias`]: #scriptalias [SELinux]: http://selinuxproject.org/ [`ServerAdmin`]: https://httpd.apache.org/docs/current/mod/core.html#serveradmin [`serveraliases`]: #serveraliases [`ServerLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#serverlimit [`ServerName`]: https://httpd.apache.org/docs/current/mod/core.html#servername [`ServerRoot`]: https://httpd.apache.org/docs/current/mod/core.html#serverroot [`ServerTokens`]: https://httpd.apache.org/docs/current/mod/core.html#servertokens [`ServerSignature`]: https://httpd.apache.org/docs/current/mod/core.html#serversignature [サービス属性リスタート]: http://docs.puppet.com/latest/type.html#service-attribute-restart [`source`]: #source [`SSLCARevocationCheck`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck [SSL証明書のキーファイル]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile [SSLチェーン]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile [SSL暗号化]: https://httpd.apache.org/docs/current/ssl/index.html [`ssl`]: #ssl [`ssl_cert`]: #ssl_cert [`ssl_compression`]: #ssl_compression [`ssl_key`]: #ssl_key [`StartServers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#startservers [suPHP]: http://www.suphp.org/Home.html [`suphp_addhandler`]: #suphp_addhandler [`suphp_configpath`]: #suphp_configpath [`suphp_engine`]: #suphp_engine [対応するオペレーティングシステム]: https://forge.puppet.com/supported#puppet-supported-modules-compatibility-matrix [`ThreadLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadlimit [`ThreadsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadsperchild [`TimeOut`]: https://httpd.apache.org/docs/current/mod/core.html#timeout [テンプレート]: http://docs.puppet.com/puppet/latest/reference/lang_template.html [`TraceEnable`]: https://httpd.apache.org/docs/current/mod/core.html#traceenable [`UseCanonicalName`]: https://httpd.apache.org/docs/current/mod/core.html#usecanonicalname [`verify_config`]: #verify_config [`vhost`]: #defined-type-apachevhost [`vhost_dir`]: #vhost_dir [`virtual_docroot`]: #virtual_docroot [Webサーバゲートウェイインターフェース ]: https://www.python.org/dev/peps/pep-3333/#abstract [`WSGIRestrictEmbedded`]: http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIRestrictEmbedded.html [`WSGIPythonPath`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonPath.html [`WSGIPythonHome`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonHome.html #### 目次 1. [モジュールの概要 - apacheモジュールとは? 何をするためのもの?][モジュールの概要] 2. [セットアップ - apacheの使用を開始するにあたっての基礎][セットアップ] - [apacheモジュールが影響を与えるもの][apacheの影響] - [Apacheの使用を始める - インストール][Apacheの使用を始める] 3. [使用方法 - 設定に使用できるクラスと定義タイプ][使用方法] - [バーチャルホストの設定 - 使用開始に役立つ例][バーチャルホストの設定] - [PHPファイルを処理するFastCGIサーバの設定][FastCGIサーバの設定] - [エクスポートおよび非エクスポートリソースのロードバランシング][ロードバランシングの例] 4. [リファレンス - モジュールの機能と動作について][リファレンス] - [パブリッククラス][] - [プライベートクラス][] - [パブリック定義タイプ][] - [プライベート定義タイプ][] - [テンプレート][] - [タスク][] 5. [制約事項 - OSの互換性など][制約事項] 6. [開発 - モジュールへの貢献方法][開発] - [apacheモジュールへの貢献][貢献] - [テストの実施 - クイックガイド][テストの実施] ## モジュールの概要 [Apache HTTPサーバ][] (Apache HTTPD、あるいは単にApacheとも呼ばれます)は、広く使用されているWebサーバです。この[Puppetモジュール][]によって、インフラ内でApacheを管理するための設定がシンプルなものになります。幅広いバーチャルホストセットアップを設定および管理し、[Apacheモジュール][]を効率的にインストールして設定することができます。 ## セットアップ ### apacheモジュールが影響を与えるもの: - (作成し、書き込みを行う)設定ファイルおよびディレクトリ - **警告**: Puppetにより管理*されていない*設定はパージされます。 - Apacheのパッケージ/サービス/設定ファイル - Apacheモジュール - バーチャルホスト - リッスンするポート - FreeBSDおよびGentooの`/etc/make.conf` Gentooでは、このモジュールは [`gentoo/puppet-portage`][] Puppetモジュールに依存します。Gentooについては、いくつかのオプションが適用され、一部の機能や設定が有効になりますが、このモジュールに[対応するオペレーティングシステム][]ではない点に留意してください。 > **警告**: このモジュールにより、Apache設定ファイルおよびディレクトリが修正され、Puppetで管理されていない設定がパージされます。Apache設定はPuppetで管理する必要があります。これは、管理されていない設定ファイルにより、予期せぬ不具合が生じる可能性があるためです。 > >全面的なPuppet管理を一時的に無効にするには、[`apache`][]クラス宣言の[`purge_configs`][]パラメータをfalseに設定します。この手順は、カスタマイズした設定を保存し、リロケーションするための一時的な対策としてのみ推奨されます。 ### Apacheの使用を始める デフォルトパラメータを用いてPuppetでApacheをインストールするには、[`apache`][]クラスを宣言します。 ``` puppet class { 'apache': } ``` デフォルトオプションを用いてこのクラスを宣言すると、モジュールでは以下のことが実行されます。 - オペレーティングシステムに適したApacheソフトウェアパッケージおよび[必要なApacheモジュール](#default_mods)をインストールします。 - オペレーティングシステムに応じた[デフォルトロケーション](#conf_dir)を用いて、ディレクトリ内に必要な設定ファイルを配置します。 - デフォルトのバーチャルホストおよび標準的なポート('80')とアドレス('\*')のバインディングを用いてサーバを設定します。 - ドキュメントルートディレクトリを作成します。オペレーティングシステムによって異なりますが、通常は`/var/www`です。 - Apacheサービスを開始します。 Apacheのデフォルト設定は、オペレーティングシステムによって異なります。これらのデフォルトは、テスト環境では機能しますが、本稼働環境には推奨されません。実際のサイトに応じてクラスのパラメータをカスタマイズすることを推奨します。 例えば、以下の宣言では、apacheモジュールの[デフォルトのバーチャルホスト設定][バーチャルホストの設定]を使わずにApacheがインストールされるので、すべてのApacheバーチャルホストをカスタマイズすることができます。 ``` puppet class { 'apache': default_vhost => false, } ``` > **注意**: `default_vhost`を`false`に設定する場合、少なくとも1つの`apache::vhost`リソースを追加する必要があります。追加しなければ、Apacheは起動しません。デフォルトのバーチャルホストを設定するには、`apache`クラスで`default_vhost`を設定するか、[`apache::vhost`][]定義タイプを使用します。[`apache::vhost`][]定義タイプを用いて、追加の固有バーチャルホストを設定することもできます。 ## 使用方法 ### バーチャルホストの設定 デフォルトの[`apache`][]クラスは、ポート80にバーチャルホストを設定します。すべてのインターフェースをリッスンし、[`docroot`][]パラメータのデフォルトディレクトリ`/var/www`をサーブします。 基本の[名前ベースのバーチャルホスト][]を設定するには、[`apache::vhost`][]定義タイプで[`port`][]および[`docroot`][]パラメータを指定します。 ``` puppet apache::vhost { 'vhost.example.com': port => '80', docroot => '/var/www/vhost', } ``` すべてのバーチャルホストパラメータのリストについては、[`apache::vhost`][]定義タイプのリファレンスを参照してください。 > **注意**: Apacheはバーチャルホストをアルファベット順に処理します。サーバ管理者は、バーチャルホスト設定ファイル名の先頭に数字を付けることで、 Apacheバーチャルホスト処理の優先順位を設定できます。[`apache::vhost`][]定義タイプは、デフォルトの [`priority`][]である25を適用します。これはPuppetではバーチャルホストのファイル名の先頭に`25-`が付いていると解釈されます。そのため、優先順位が同じサイトが複数ある場合や、`priority`パラメータの値をfalseに設定して優先順位番号を無効にした場合でも、Apacheはバーチャルホストをアルファベット順に処理します。 `docroot`のユーザおよびグループのオーナーシップを設定するには、[`docroot_owner`][]および[`docroot_group`][]パラメータを使用します。 ``` puppet apache::vhost { 'user.example.com': port => '80', docroot => '/var/www/user', docroot_owner => 'www-data', docroot_group => 'www-data', } ``` #### SSLを使ったバーチャルホストの設定 [SSL encryption][]およびデフォルトのSSL証明書を使うようにバーチャルホストを設定するには、[`ssl`][]パラメータを設定します。また、[`port`][]パラメータを指定する必要もあります。通常は、'443'という値がHTTPSリクエストに対応します。 ``` puppet apache::vhost { 'ssl.example.com': port => '443', docroot => '/var/www/ssl', ssl => true, } ``` SSLおよび固有SSL証明書を使うようにバーチャルホストを設定するには、[`ssl_cert`][]および[`ssl_key`][]パラメータで証明書およびキーへのパスを使用します。 ``` puppet apache::vhost { 'cert.example.com': port => '443', docroot => '/var/www/cert', ssl => true, ssl_cert => '/etc/ssl/fourth.example.com.cert', ssl_key => '/etc/ssl/fourth.example.com.key', } ``` 同じドメインでSSLと暗号化されていないバーチャルホストを混ぜて設定するには、それぞれを個別の[`apache::vhost`][]定義タイプで宣言します。 ``` puppet # The non-ssl virtual host apache::vhost { 'mix.example.com non-ssl': servername => 'mix.example.com', port => '80', docroot => '/var/www/mix', } # The SSL virtual host at the same domain apache::vhost { 'mix.example.com ssl': servername => 'mix.example.com', port => '443', docroot => '/var/www/mix', ssl => true, } ``` 暗号化されていない接続をSSLにリダイレクトするようにバーチャルホストを設定するには、それぞれを個別の[`apache::vhost`][]定義タイプで宣言し、SSLが有効化されているバーチャルホストに、暗号化されていないリクエストをリダイレクトします。 ``` puppet apache::vhost { 'redirect.example.com non-ssl': servername => 'redirect.example.com', port => '80', docroot => '/var/www/redirect', redirect_status => 'permanent', redirect_dest => 'https://redirect.example.com/' } apache::vhost { 'redirect.example.com ssl': servername => 'redirect.example.com', port => '443', docroot => '/var/www/redirect', ssl => true, } ``` #### バーチャルホストのポートおよびアドレスのバインディング設定  バーチャルホストはデフォルトですべてのIPアドレス('\*')をリッスンします。特定のIPアドレスをリッスンするようにバーチャルホストを設定するには、[`ip`][]パラメータを使用します。 ``` puppet apache::vhost { 'ip.example.com': ip => '127.0.0.1', port => '80', docroot => '/var/www/ip', } ``` [`ip`][]パラメータにIPアドレスの配列を使えば、1つのバーチャルホストに複数のIPアドレスを設定することもできます。 ``` puppet apache::vhost { 'ip.example.com': ip => ['127.0.0.1','169.254.1.1'], port => '80', docroot => '/var/www/ip', } ``` [`port`][]パラメータにポートの配列を使えば、1つのバーチャルホストに複数のポートを設定することができます。 ``` puppet apache::vhost { 'ip.example.com': ip => ['127.0.0.1'], port => ['80','8080'] docroot => '/var/www/ip', } ``` [エイリアスサーバ][]を使ってバーチャルホストを設定するには、[`serveraliases`][]パラメータを使ってエイリアスを指定します。 ``` puppet apache::vhost { 'aliases.example.com': serveraliases => [ 'aliases.example.org', 'aliases.example.net', ], port => '80', docroot => '/var/www/aliases', } ``` `/var/www/example.com`に'http://example.com.loc'をマッピングするケースのように、 同じ名前のディレクトリにマッピングされたサブドメイン用にワイルドカードエイリアスを使ってバーチャルホストを設定するには、[`serveraliases`][]パラメータを使ってワイルドカードエイリアスを、[`virtual_docroot`][]パラメータを使ってドキュメントルートを定義します。 ``` puppet apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', virtual_docroot => '/var/www/%-2+', docroot => '/var/www', serveraliases => ['*.loc',], } ``` [フィルタルール][]を使ってバーチャルホストを設定するには、[`filters`][]パラメータを使って、フィルタディレクティブを[array][]として渡します。 ``` puppet apache::vhost { 'subdomain.loc': port => '80', filters => [ 'FilterDeclare COMPRESS', 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', 'FilterChain COMPRESS', 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', ], docroot => '/var/www/html', } ``` #### アプリおよびプロセッサのバーチャルホストの設定  [suPHP][]を使ってバーチャルホストを設定するには、以下のパラメータを使用します。 * [`suphp_engine`][]、suPHPエンジンを有効にします。 * [`suphp_addhandler`][]、MIMEタイプを定義します。 * [`suphp_configpath`][]、suPHPがPHPインタープリタに渡すパスを設定します。 * [`directory`][]、ディレクトリ、ファイル、ロケーションの各ディレクティブブロックを設定します。 例:  ``` puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', suphp_addhandler => 'x-httpd-php', suphp_engine => 'on', suphp_configpath => '/etc/php5/apache2', directories => [ { 'path' => '/home/appuser/myphpapp', 'suphp' => { user => 'myappuser', group => 'myappgroup', }, }, ], } ``` [Python][]アプリケーション用の[Webサーバゲートウェイインターフェース][] (WSGI)を使ってバーチャルホストを設定するには、`wsgi`パラメータセットを使用します。 ``` puppet apache::vhost { 'wsgi.example.com': port => '80', docroot => '/var/www/pythonapp', wsgi_application_group => '%{GLOBAL}', wsgi_daemon_process => 'wsgi', wsgi_daemon_process_options => { processes => '2', threads => '15', display-name => '%{GROUP}', }, wsgi_import_script => '/var/www/demo.wsgi', wsgi_import_script_options => { process-group => 'wsgi', application-group => '%{GLOBAL}', }, wsgi_process_group => 'wsgi', wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, } ``` Apache 2.2.16の時点では、Apacheは[FallbackResource][]をサポートしています。これは、一般的なRewriteRulesに代わるシンプルなディレクティブです。[`fallbackresource`][]パラメータを使えば、FallbackResourceを設定できます。 ``` puppet apache::vhost { 'wordpress.example.com': port => '80', docroot => '/var/www/wordpress', fallbackresource => '/index.php', } ``` > **注意**: Apache 2.2.24以降では、`fallbackresource`パラメータがサポートするのは'disabled'値のみです。 [コモンゲートウェイインターフェース][] (CGI)ファイル用の指定ディレクトリを使ってバーチャルホストを設定するには、[`scriptalias`][]パラメータを使って`cgi-bin`パスを定義します。 ``` puppet apache::vhost { 'cgi.example.com': port => '80', docroot => '/var/www/cgi', scriptalias => '/usr/lib/cgi-bin', } ``` [Rack][]用のバーチャルホストを設定するには、[`rack_base_uris`][]パラメータを使用します。 ``` puppet apache::vhost { 'rack.example.com': port => '80', docroot => '/var/www/rack', rack_base_uris => ['/rackapp1', '/rackapp2'], } ``` #### IPベースのバーチャルホストの設定  任意のポートをリッスンし、固有IPアドレスのリクエストに応答する[IPベースのバーチャルホスト][]を設定することができます。この例では、サーバはポート80および81をリッスンします。これは、この例のバーチャルホストが[`port`][]パラメータにより宣言されて_いない_ ためです。 ``` puppet apache::listen { '80': } apache::listen { '81': } ``` [`ip_based`][]パラメータを使ってIPベースのバーチャルホストを設定します。 ``` puppet apache::vhost { 'first.example.com': ip => '10.0.0.10', docroot => '/var/www/first', ip_based => true, } apache::vhost { 'second.example.com': ip => '10.0.0.11', docroot => '/var/www/second', ip_based => true, } ``` 任意の[SSL][SSL暗号化]構成と暗号化されていない構成を組み合わせ、IPベースと[名前ベースのバーチャルホスト][]を混ぜて設定することもできます。 この例では、1つのIPアドレス(この例では、10.0.0.10)に2つのIPベースのバーチャルホストを追加します。一方はSSLを使用するもの、もう一方は暗号化されていないものです。 ``` puppet apache::vhost { 'The first IP-based virtual host, non-ssl': servername => 'first.example.com', ip => '10.0.0.10', port => '80', ip_based => true, docroot => '/var/www/first', } apache::vhost { 'The first IP-based vhost, ssl': servername => 'first.example.com', ip => '10.0.0.10', port => '443', ip_based => true, docroot => '/var/www/first-ssl', ssl => true, } ``` 次に、第2のIPアドレス(10.0.0.20)に2つの名前ベースのバーチャルホストを追加します。 ``` puppet apache::vhost { 'second.example.com': ip => '10.0.0.20', port => '80', docroot => '/var/www/second', } apache::vhost { 'third.example.com': ip => '10.0.0.20', port => '80', docroot => '/var/www/third', } ``` 10.0.0.10または10.0.0.20のいずれかで応答する名前ベースのバーチャルホストを追加するには、Apacheのデフォルトの`Listen 80`を無効にする**必要があります**。これは、前述のIPベースのバーチャルホストとコンフリクトするためです。無効にするには、[`add_listen`][]パラメータを`false`に設定します。 ``` puppet apache::vhost { 'fourth.example.com': port => '80', docroot => '/var/www/fourth', add_listen => false, } apache::vhost { 'fifth.example.com': port => '80', docroot => '/var/www/fifth', add_listen => false, } ``` ### Apacheモジュールのインストール  Puppet apacheモジュールを使って[Apacheモジュール][]をインストールするには、2つの方法があります。 - [`apache::mod::`][] クラスを使って、[パラメータを伴う固有のApacheモジュールをインストール][固有モジュールのインストール]する方法 - [`apache::mod`][]定義タイプを使って、[任意のApacheモジュールをインストール][任意モジュールのインストール]する方法 #### 固有モジュールのインストール Puppet apacheモジュールは、多くの一般的な[Apacheモジュール][]のインストールをサポートしており、多くの場合、パラメータ化された設定オプションがあります。サポートされるApacheモジュールのリストについては、[`apache::mod::`][]クラスリファレンスを参照してください。 例えば、[`apache::mod::ssl`][]クラスを宣言すれば、デフォルト設定で`mod_ssl` Apacheモジュールをインストールすることができます。 ``` puppet class { 'apache::mod::ssl': } ``` [`apache::mod::ssl`][]には複数のパラメータ化されたオプションがあり、宣言する際に設定することができます。たとえば、圧縮を有効にして`mod_ssl`を有効化するには、[`ssl_compression`][]パラメータをtrueに設定します。 ``` puppet class { 'apache::mod::ssl': ssl_compression => true, } ``` 一部のモジュールには必須条件があります。[`apache::mod::`][]のリファレンスを参照してください。 #### 任意モジュールのインストール オペレーティングシステムのパッケージマネージャでインストール可能な任意のモジュールの名前を[`apache::mod`][]定義タイプに渡し、それをインストールすることができます。固有モジュールクラスとは異なり、 [`apache::mod`][]定義タイプでは、インストールされている他のモジュールや固有のパラメータに基づいてインストールが調整されることはありません。Puppetはモジュールのパッケージを取得し、インストールするだけです。詳細な設定はユーザが必要に応じて行います。 例えば、[`mod_authnz_external`][] Apacheモジュールをインストールするには、'mod_authnz_external'の名前を使って定義タイプを宣言します。 ``` puppet apache::mod { 'mod_authnz_external': } ``` この方法でApacheモジュールを定義する際には、いくつかのオプションパラメータを指定できます。詳細については、[定義タイプのリファレンス][`apache::mod`]を参照してください。 ### PHPファイルを処理するFastCGIサーバの設定 [`apache::fastcgi::server`][]定義タイプを追加すれば、 [FastCGI][]サーバで特定のファイルに関するリクエストを処理することができます。以下の例では、PHPリクエストを処理するFastCGIサーバをポート9000の127.0.0.1 (ローカルホスト)で定義しています。 ``` puppet apache::fastcgi::server { 'php': host => '127.0.0.1:9000', timeout => 15, flush => false, faux_path => '/var/www/php.fcgi', fcgi_alias => '/php.fcgi', file_type => 'application/x-httpd-php' } ``` [`custom_fragment`][]パラメータを使えば、指定したファイルタイプがFastCGIサーバで処理されるように、バーチャルホストを設定することができます。 ``` puppet apache::vhost { 'www': ... custom_fragment => 'AddType application/x-httpd-php .php' ... } ``` ### ロードバランシングの例 Apacheは、[`mod_proxy`][] Apacheモジュールを通じて、複数のグループのサーバにわたるロードバランシングをサポートしています。Puppetでは、[`apache::balancer`][]および[`apache::balancermember`][]定義タイプにより、Apacheロードバランシンググループ(バランサクラスタとも呼ばれます)をサポートしています。 [エクスポートリソース][]でロードバランシングを有効にするには、[`apache::balancermember`][]定義タイプをロードバランサメンバーサーバからエクスポートします。 ``` puppet @@apache::balancermember { "${::fqdn}-puppet00": balancer_cluster => 'puppet00', url => "ajp://${::fqdn}:8009", options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], } ``` 次に、プロキシサーバでロードバランシンググループを作成します。 ``` puppet apache::balancer { 'puppet00': } ``` リソースをエクスポートせずにロードバランシングを有効にするには、プロキシサーバで以下を宣言します。 ``` puppet apache::balancer { 'puppet00': } apache::balancermember { "${::fqdn}-puppet00": balancer_cluster => 'puppet00', url => "ajp://${::fqdn}:8009", options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], } ``` 次に、プロキシサーバで`apache::balancer`および`apache::balancermember`定義タイプを宣言します。 バランサで[ProxySet](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset)ディレクティブを使うには、`apache::balancer`の[`proxy_set`](#proxy_set)パラメータを使用します。 ``` puppet apache::balancer { 'puppet01': proxy_set => { 'stickysession' => 'JSESSIONID', 'lbmethod' => 'bytraffic', }, } ``` ロードバランシングのスケジューラのアルゴリズム(`lbmethod`)は、[mod_proxy_balancerドキュメント](https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html)に記載されています。 ## リファレンス - [**パブリッククラス**](#public-classes) - [クラス: apache](#class-apache) - [クラス: apache::dev](#class-apachedev) - [クラス: apache::vhosts](#class-apachevhosts) - [クラス: apache::mod::\*](#classes-apachemodname) - [**プライベートクラス**](#private-classes) - [クラス: apache::confd::no_accf](#class-apacheconfdno_accf) - [クラス: apache::default_confd_files](#class-apachedefault_confd_files) - [クラス: apache::default_mods](#class-apachedefault_mods) - [クラス: apache::package](#class-apachepackage) - [クラス: apache::params](#class-apacheparams) - [クラス: apache::service](#class-apacheservice) - [クラス: apache::version](#class-apacheversion) - [**パブリック定義タイプ**](#public-defined-types) - [定義タイプ: apache::balancer](#defined-type-apachebalancer) - [定義タイプ: apache::balancermember](#defined-type-apachebalancermember) - [定義タイプ: apache::custom_config](#defined-type-apachecustom_config) - [定義タイプ: apache::fastcgi::server](#defined-type-fastcgi-server) - [定義タイプ: apache::listen](#defined-type-apachelisten) - [定義タイプ: apache::mod](#defined-type-apachemod) - [定義タイプ: apache::namevirtualhost](#defined-type-apachenamevirtualhost) - [定義タイプ: apache::vhost](#defined-type-apachevhost) - [定義タイプ: apache::vhost::custom](#defined-type-apachevhostcustom) - [**プライベート定義タイプ**](#private-defined-types) - [定義タイプ: apache::default_mods::load](#defined-type-default_mods-load) - [定義タイプ: apache::peruser::multiplexer](#defined-type-apacheperusermultiplexer) - [定義タイプ: apache::peruser::processor](#defined-type-apacheperuserprocessor) - [定義タイプ: apache::security::file_link](#defined-type-apachesecurityfile_link) - [**テンプレート**](#templates) - [**タスク**](#tasks) ### パブリッククラス #### クラス: `apache` システムでのApacheの基本的な設定とインストールをガイドします。 デフォルトオプションを用いてこのクラスを宣言すると、Puppetでは以下が実行されます。 - オペレーティングシステムに適したApacheソフトウェアパッケージおよび[必要なApacheモジュール](#default_mods)をインストールします。 - [デフォルトロケーション](#conf_dir)を用いて、ディレクトリ内に必要な設定ファイルを配置します。デフォルトロケーションは、オペレーティングシステムによって異なります。 - デフォルトのバーチャルホストおよび標準的なポート('80')とアドレス('\*')のバインディングを用いてサーバを設定します。 - ドキュメントルートディレクトリを作成します。オペレーティングシステムによって異なりますが、通常は`/var/www`です。 - Apacheサービスを開始します。 ここでは、デフォルトの`apache`クラスを宣言するだけです。 ``` puppet class { 'apache': } ``` ##### `allow_encoded_slashes` [`AllowEncodedSlashes`][]宣言のサーバデフォルトを設定します。これにより、'\'および'/'を含むURLに対する応答が変更されます。このパラメータを指定しない場合、サーバの設定でこの宣言が省かれ、Apacheのデフォルト設定'off'が使用されます。 値: 'on'、'off'、'nodecode'。 デフォルト値: `undef`。 ##### `apache_version` 使用するApacheのバージョンを定義し、モジュールテンプレートの挙動、パッケージ名、デフォルトのApacheモジュールを設定します。このパラメータを理由なく手動で設定することは、推奨していません。 デフォルト値: [`apache::version`][]クラスにより検出されたオペレーティングシステムとリリースバージョンによって異なります。 ##### `conf_dir` Apacheサーバのメイン設定ファイルを置くディレクトリを設定します。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian**: `/etc/apache2` - **FreeBSD**: `/usr/local/etc/apache22` - **Gentoo**: `/etc/apache2` - **Red Hat**: `/etc/httpd/conf` ##### `conf_template` メインのApache設定ファイルで使用される[テンプレート][]を定義します。apacheモジュールは、`conf.d`エントリによりカスタマイズされた最小限の設定ファイルを使用するように設計されているため、このパラメータの変更には潜在的なリスクが伴います。 デフォルト値: `apache/httpd.conf.erb`。 ##### `confd_dir` Apacheサーバのカスタム設定ディレクトリの場所を設定します。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian**: `/etc/apache2/conf.d` - **FreeBSD**: `/usr/local/etc/apache22` - **Gentoo**: `/etc/apache2/conf.d` - **Red Hat**: `/etc/httpd/conf.d` ##### `default_charset` メイン設定ファイルで[`AddDefaultCharset`][]ディレクティブとして使用されます。 デフォルト値: `undef`。 ##### `default_confd_files` [`confd_dir`][]パラメータにより定義されるディレクトリに、インクルード可能なApache設定ファイルのデフォルトセットを生成するかどうかを決定します。この設定ファイルは、サーバのオペレーティングシステムにApacheパッケージとともに通常インストールされるものに相当します。 ブーリアン。 デフォルト値: `true`。 ##### `default_mods` オペレーティングシステムに応じたデフォルトの[Apacheモジュール][]のセットを設定して有効にするかどうかを決定します。 `false`の場合、Puppetはオペレーティングシステム上でHTTPデーモンを機能させるのに必要なApacheモジュールのみを含めます。[`apache::mod::`][]クラスまたは[`apache::mod`][]定義タイプを使えば、他のモジュールを個別に宣言することができます。 `true`の場合、Puppetはオペレーティングシステムと [`apache_version`][]および[`mpm_module`][]パラメータの値に応じて、その他のモジュールもインストールします。このモジュールリストは頻繁に変更されるので、最新のリストについては[Puppetモジュールのコード][]を参照してください。 このパラメータに配列が含まれる場合、Puppetは渡されたすべてのApacheモジュールを有効にします。 値: ブーリアンまたはApacheモジュール名の配列。 デフォルト値: `true`。 ##### `default_ssl_ca` Apacheサーバのデフォルトの証明書認証局を設定します。 デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、各自の認証局情報を用いてこのパラメータを更新する**必要があります**。 ブーリアン。 デフォルト値: `undef`。 ##### `default_ssl_cert` [SSL暗号化][]証明書の保存場所を設定します。 デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、各自の証明書ロケーション情報を用いてこのパラメータを更新する**必要があります**。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian**: `/etc/ssl/certs/ssl-cert-snakeoil.pem` - **FreeBSD**: `/usr/local/etc/apache22/server.crt` - **Gentoo**: `/etc/ssl/apache2/server.crt` - **Red Hat**: `/etc/pki/tls/certs/localhost.crt` ##### `default_ssl_chain` デフォルトの[SSLチェーン][]の保存場所を設定します。 デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、各自のSSLチェーンを用いてこのパラメータを更新する**必要があります**。 デフォルト値: `undef`。 ##### `default_ssl_crl` 使用するデフォルトの[証明書失効リスト][] (CRL)ファイルのパスを設定します。 デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、CRLファイルパスを用いてこのパラメータを更新する**必要があります**。このパラメータは、[`default_ssl_crl_path`][]とともに使用することも、その代わりに使用することもできます。 デフォルト値: `undef`。 ##### `default_ssl_crl_path` サーバの[証明書失効リストパス][]を設定します。これにはCRLが含まれます。 デフォルト値を使えばApacheサーバは機能しますが、本稼働環境でこのサーバをデプロイする前に、CRLファイルパスを用いてこのパラメータを更新する**必要があります**。 デフォルト値: `undef`。 ##### `default_ssl_crl_check` [`SSLCARevocationCheck`][]ディレクティブを通じてデフォルトの証明書失効チェックレベルを設定します。このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。 デフォルト値を使えばApacheサーバは機能しますが、本稼働環境で証明書失効リストを使用する際には、このパラメータを指定する**必要があります**。 デフォルト値: `undef`。 ##### `default_ssl_key` [SSL証明書キーファイル][]の保存場所を設定します。 デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、各自のSSLキーのロケーションを用いてこのパラメータを更新する**必要があります**。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian**: `/etc/ssl/private/ssl-cert-snakeoil.key` - **FreeBSD**: `/usr/local/etc/apache22/server.key` - **Gentoo**: `/etc/ssl/apache2/server.key` - **Red Hat**: `/etc/pki/tls/private/localhost.key` ##### `default_ssl_vhost` デフォルトの[SSL][SSL暗号化]バーチャルホストを設定します。 `true`の場合、Puppetは [`apache::vhost`][]定義タイプを用いて、以下のバーチャルホストを自動的に設定します。 ```puppet apache::vhost { 'default-ssl': port => 443, ssl => true, docroot => $docroot, scriptalias => $scriptalias, serveradmin => $serveradmin, access_log_file => "ssl_${access_log_file}", } ``` > **注意**: SSLバーチャルホストはHTTPSクエリにのみ応答します。 ブーリアン。 デフォルト値: `false`。 ##### `default_type` _Apache 2.2のみ_。サーバが他の方法で適切な`content-type`を決定できない場合に送信される[MIME `content-type`][]を設定します。このディレクティブはApache 2.4以降では廃止予定になっており、設定ファイルの下位互換性確保の目的でのみ使われます。 デフォルト値: `undef`。 ##### `default_vhost` クラスが宣言された際にデフォルトのバーチャルホストを設定します。 [カスタマイズしたバーチャルホスト][バーチャルホストの設定]を設定するには、このパラメータの値を`false`に設定します。 > **注意**: 少なくとも1つのバーチャルホストがなければ、Apacheは起動しません。このパラメータを`false`に設定する場合は、別の場所でバーチャルホストを設定する必要があります。 ブーリアン。 デフォルト値: `true`。 ##### `dev_packages` 使用する固有devパッケージを設定します。 値: 文字列または文字列の配列。 IUS yumリポジトリからhttpd 2.4を使用する例: ``` puppet include ::apache::dev class { 'apache': apache_name => 'httpd24u', dev_packages => 'httpd24u-devel', } ``` デフォルト値: オペレーティングシステムによって異なります。 - **Red Hat:** 'httpd-devel' - **Debian 8/Ubuntu 13.10以降:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] - **それ以前のDebian/Ubuntuバージョン:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] - **FreeBSD, Gentoo:** `undef` - **Suse:** ['libapr-util1-devel', 'libapr1-devel'] ##### `docroot` デフォルトの[`DocumentRoot`][]の場所を設定します。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian**: `/var/www/html` - **FreeBSD**: `/usr/local/www/apache22/data` - **Gentoo**: `/var/www/localhost/htdocs` - **Red Hat**: `/var/www/html` ##### `error_documents` Apacheサーバの[カスタムエラードキュメント][]を有効にするかどうかを決定します。 ブーリアン。 デフォルト値: `false`。 ##### `group` リクエストに応答するために生成されるApacheプロセスを所有するグループIDを設定します。 デフォルトでは、Puppetはこのグループを`apache`クラスの下のリソースとして管理するよう試み、[`apache::params`][]クラスにより検出されたオペレーティングシステムに基づいてグループを決定します。このグループリソースを作成せずに、別のPuppetモジュールで作成されたグループを使用するには、[`manage_group`][]パラメータの値を`false`に設定します。 > **注意**: このパラメータを修正すると、Apacheが子プロセスを生成してリソースにアクセスする際に使用するグループIDのみが変更されます。親サーバプロセスを所有するユーザは変更されません。 ##### `httpd_dir` Apacheサーバの基本設定ディレクトリを設定します。これは、特別に再パッケージされたApacheサーバビルドにおいて、デフォルトのディストリビューションパッケージと組み合わせると意図せぬ結果が生じる可能性がある場合に役立ちます。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian**: `/etc/apache2` - **FreeBSD**: `/usr/local/etc/apache22` - **Gentoo**: `/etc/apache2` - **Red Hat**: `/etc/httpd` ##### `http_protocol_options` HTTPプロトコルチェックの厳密さを指定します。 有効なオプション: 以下の値の選択肢のシーケンス: `Strict`または`Unsafe`、`RegisteredMethods`または`LenientMethods`、`Allow0.9`または`Require1.0`。 デフォルト '`Strict LenientMethods Allow0.9`'。 ##### `keepalive` [`KeepAlive`][]ディレクティブによってHTTPの持続的接続を有効にするかどうかを決定します。 'On'に設定する場合は、[`keepalive_timeout`][]および[`max_keepalive_requests`][]パラメータを使って関連オプションを設定してください。 値: 'Off'、'On'。 デフォルト値: 'On'。 ##### `keepalive_timeout` [`KeepAliveTimeout`]ディレクティブによって、HTTPの持続的接続でApacheサーバが後続のリクエストを行うまでの待機時間を設定します。このパラメータが意味を持つのは、[`keepalive` parameter][]を有効にしている場合のみです。 デフォルト値: '15'。 ##### `max_keepalive_requests` [`keepalive` parameter][]が有効の場合に、1回の接続で許可されるリクエストの数を制限します。 デフォルト値: '100'。 ##### `lib_path` [Apacheモジュール][Apacheモジュール]ファイルの保存場所を指定します。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian**および**Gentoo**: `/usr/lib/apache2/modules` - **FreeBSD**: `/usr/local/libexec/apache24` - **Red Hat**: `modules` > **注意**: このパラメータは、特別な理由がない限り手動で設定しないでください。 ##### `log_level` エラーログの詳細レベルを変更します。値: 'alert'、'crit'、'debug'、'emerg'、'error'、'info'、'notice'、'warn'。 デフォルト値: 'warn'。 ##### `log_formats` 追加の[`LogFormat`][]ディレクティブを定義します。値: [ハッシュ][]、例: ``` puppet $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } ``` Puppetの作成する`httpd.conf`には、以下のような複数の`LogFormats`が事前定義されています。 ``` httpd LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded ``` 定義した`log_formats`パラメータに上記のいずれかが含まれる場合は、**ユーザの**定義により上書きされます。 ##### `logroot` バーチャルホストのApacheログファイルのディレクトリを変更します。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian**: `/var/log/apache2` - **FreeBSD**: `/var/log/apache22` - **Gentoo**: `/var/log/apache2` - **Red Hat**: `/var/log/httpd` ##### `logroot_mode` デフォルトの[`logroot`][]ディレクトリをオーバーライドします。 > **注意**: 影響を把握できない場合は、ログが保存されているディレクトリへの書き込みアクセス権限を付与_しないで_ください。詳細については、[Apacheドキュメント][ログセキュリティ]を参照してください。 デフォルト値: `undef`。 ##### `manage_group` `false`の場合、Puppetではグループリソースは作成されません。 別のPuppetモジュールで作成されたグループをApacheの実行に使用する場合は、この値を`false`に設定してください。このパラメータを設定せずに過去に作成されたグループを使用しようとすると、重複リソースエラーが生じます。 ブーリアン。 デフォルト値: `true`。 ##### `supplementary_groups` ユーザの所属するグループのリスト。主要グループに加えて設定する場合に使用します。 デフォルト値: 追加グループなし。 注意: このオプションは、`manage_user`がtrueに設定されている場合のみ有効です。 ##### `manage_user` `false`の場合、Puppetではユーザリソースが作成されません。 このパラメータは、別のPuppetモジュールで作成されたユーザをApache実行に使用する場合などに使用します。このパラメータを設定せずに過去に作成されたユーザを使用しようとすると、重複リソースエラーが生じます。 ブーリアン。 デフォルト値: `true`。 ##### `mod_dir` Puppetが[Apacheモジュール][]の設定ファイルを置く場所を設定します。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian**: `/etc/apache2/mods-available` - **FreeBSD**: `/usr/local/etc/apache22/Modules` - **Gentoo**: `/etc/apache2/modules.d` - **Red Hat**: `/etc/httpd/conf.d` ##### `mod_libs` デフォルトのモジュールライブラリ名をユーザがオーバーライドすることを許可します。 ```puppet include apache::params class { 'apache': mod_libs => merge($::apache::params::mod_libs, { 'wsgi' => 'mod_wsgi_python3.so', }) } ``` ハッシュ。デフォルト値: `$apache::params::mod_libs` ##### `mod_packages` デフォルトのモジュールパッケージ名をユーザがオーバーライドすることを許可します。 ```puppet include apache::params class { 'apache': mod_packages => merge($::apache::params::mod_packages, { 'auth_kerb' => 'httpd24-mod_auth_kerb', }) } ``` ハッシュ。デフォルト値: `$apache::params::mod_packages`。 ##### `mpm_module` HTTPDプロセスに関してロードおよび設定する[マルチプロセッシングモジュール][] (MPM)を決定します。値: 'event'、'itk'、'peruser'、'prefork'、'worker'、`false`。 カスタムパラメータを用いて以下のクラスを明示的に宣言するためには、このパラメータを`false`に設定する必要があります。 - [`apache::mod::event`][] - [`apache::mod::itk`][] - [`apache::mod::peruser`][] - [`apache::mod::prefork`][] - [`apache::mod::worker`][] デフォルト値: オペレーティングシステムによって異なります。 - **Debian**: 'worker' - **FreeBSD、Gentoo、Red Hat**: 'prefork' ##### `package_ensure` `package`リソースの[`ensure`][]属性を制御します。値: 'absent'、'installed' (またはそれに相当する'present')、またはバージョン文字列。 デフォルト値: 'installed'。 ##### `pidfile` pidファイルのカスタムロケーションの設定を許可します。カスタムビルトのApache rpmを使用する場合に役立ちます。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian:** '\${APACHE_PID_FILE}' - **FreeBSD:** '/var/run/httpd.pid' - **Red Hat:** 'run/httpd.pid' ##### `ports_file` Apacheポート設定を含むファイルのパスを設定します。 デフォルト値: '{$conf_dir}/ports.conf'。 ##### `purge_configs` 他のすべてのApache設定およびバーチャルホストを削除します。 このパラメータを`false`に設定すると、一時的な対策として、既存の設定や管理されていない設定をApacheモジュールと共存させることができます。この場合、設定をこのモジュール内のリソースに移すことを推奨します。バーチャルホストの設定については、[`purge_vhost_dir`][]を参照してください。 ブーリアン。 デフォルト値: `true`。 ##### `purge_vhost_dir` [`vhost_dir`][]パラメータの値が[`confd_dir`][]パラメータの値と異なる場合は、このパラメータにより、Puppetにより管理されて_いない_`vhost_dir`内の設定を削除するかどうかが決定されます。 `purge_vhost_dir`を`false`に設定すると、一時的な対策として、`vhost_dir`内の既存の設定や管理されていない設定をapacheモジュールと共存させることができます。 ブーリアン。 デフォルト値: [`purge_configs`][]と同じ。 ##### `rewrite_lock` リライトロックのカスタムロケーションの設定を可能にします。これは、バーチャルホストの[`rewrites`][]パラメータでタイプprgのRewriteMapを使用している場合のベストプラクティスとされています。このパラメータは、Apacheバージョン2.2以前のみに適用され、それよりも新しいバージョンでは無視されます。 デフォルト値: `undef`。 ##### `sendfile` [`EnableSendfile`][]ディレクティブで静的ファイルをサーブする際に、ApacheがLinuxカーネルの`sendfile`サポートを使用するようにします。値: 'On'、'Off'。 デフォルト値: 'On'。 ##### `serveradmin` Apacheの[`ServerAdmin`][]ディレクティブでApacheサーバ管理者の連絡先情報を設定します。 デフォルト値: 'root@localhost'。 ##### `servername` Apacheの[`ServerName`][]ディレクティブでApacheサーバ名を設定します。 `false`に設定すると、ServerNameは設定されません。 デフォルト値: [Facter][]により報告された'fqdn' fact。 ##### `server_root` Apacheの[`ServerRoot`][]ディレクティブでApacheサーバのルートを設定します。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian**: `/etc/apache2` - **FreeBSD**: `/usr/local` - **Gentoo**: `/var/www` - **Red Hat**: `/etc/httpd` ##### `server_signature` Apacheの[`ServerSignature`][]ディレクティブで、エラードキュメントや一部の[Apacheモジュール][]のアウトプットなどの、サーバ生成ドキュメントの下部に表示される末尾のフッタの行を設定します。値: 'Off'、'On'。 デフォルト値: 'On'。 ##### `server_tokens` Apacheの[`ServerTokens`][]ディレクティブで、Apacheからブラウザに送信される、Apacheやオペレーティングシステムに関する情報の量を制御します。 デフォルト値: 'Prod'. ##### `service_enable` システムの起動時にPuppetがApache HTTPDサービスを有効にするかどうかを決定します。 ブーリアン。 デフォルト値: `true`。 ##### `service_ensure` サービスが稼働していることをPuppetが確認するかどうかを決定します。値: `true` (または'running')、`false` (または'stopped')。 値を`false`または'stopped'にすると、'httpd'サービスリソースの`ensure`パラメータが`false`に設定されます。この設定は、Pacemakerなどの別のアプリケーションでサービスを管理する場合に役立ちます。 デフォルト値: 'running'。 ##### `service_name` Apacheサービスの名前を設定します。 デフォルト値: オペレーティングシステムによって異なります。 - **DebianおよびGentoo**: 'apache2' - **FreeBSD**: 'apache22' - **Red Hat**: 'httpd' ##### `service_manage` PuppetでHTTPDサービスの状態を管理するかどうかを決定します。 ブーリアン。 デフォルト値: `true`。 ##### `service_restart` HTTPDサービスの再起動にあたり、Puppetが特定のコマンドを使用するかどうかを決定します。 値: Apacheサービスを再起動するためのコマンド。デフォルト設定では、 [デフォルトのPuppet挙動][サービス属性リスタート]が使われます。 デフォルト値: `undef`。 ##### `ssl_cert` 特定の SSLCertificateFile を指定できるようになります。 詳細については、[SSLCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#SSLCertificateFile)を参照してください。 デフォルト値: `undef`。 ##### `ssl_key` 特定の SSLCertificateKey を指定できるようになります。 詳細については、[SSLCertificateKey](https://httpd.apache.org/docs/current/mod/mod_ssl.html#SSLCertificateKeyFile)を参照してください。 デフォルト値: `undef`。 ##### `ssl_ca` SSL証明書認証局を指定します。[SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile)を使用してSSLクライアント認証で使用する証明書を確認します。 これはバーチャルホストレベルでオーバーライドすることが可能です。 デフォルト値: `undef`。 ##### `timeout` Apacheの[`TimeOut`][]ディレクティブを設定します。このディレクティブは、一部のイベントに関してリクエスト履行を止めるまでの Apacheの待機秒数を定義します。 デフォルト値: 120。 ##### `trace_enable` [`TraceEnable`][]ディレクティブで、Apacheが`TRACE`リクエスト([RFC 2616][]ごと)をどのように処理するかを制御します。 値: 'Off'、'On'。 デフォルト値: 'On'。 ##### `use_canonical_name` Apacheの [`UseCanonicalName`][]ディレクティブを制御します。このディレクティブは、Apacheが自己参照URLをどのように処理するかを制御します。指定しない場合、このパラメータの宣言がサーバの設定から除外され、Apacheのデフォルト設定'off'が使用されます。 値: 'On', 'on', 'Off', 'off', 'DNS', 'dns'。 デフォルト値: `undef`。 ##### `use_systemd` systemdモジュールをCentos 7サーバにインストールするかどうかを制御します。これは、カスタムビルトのRPMを使用している場合は特に役立ちます。 ブーリアン。 デフォルト値: `true`。 ##### `file_mode` 設定ファイルの許可モードを設定します。 値: 文字列、記号表記法または数字表記法での許可モード。 デフォルト値: '0644'。 ##### `root_directory_options` httpd.confの/ディレクトリで指定するオプションの配列。 デフォルト値: 'FollowSymLinks'。 ##### `root_directory_secured` httpd.confの/ディレクトリについて、デフォルトのアクセスポリシーを設定します。`false`にすると、特定のアクセスポリシーがないすべてのリソースへのアクセスが許可されます。 `true`にするとデフォルトですべてのリソースへのアクセスが拒否されます。`true`の場合、リソースへのアクセスを許可するには、具体的なルールを使用する必要があります([`directories`](#parameter-directories-for-apachevhost)パラメータを用いたディレクトリブロックなどで)。 ブーリアン。 デフォルト値: `false`。 ##### `vhost_dir` バーチャルホストの設定ファイルの保存場所を変更します。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian**: `/etc/apache2/sites-available` - **FreeBSD**: `/usr/local/etc/apache22/Vhosts` - **Gentoo**: `/etc/apache2/vhosts.d` - **Red Hat**: `/etc/httpd/conf.d` ##### `vhost_include_pattern` `vhost_dir`に含まれるファイルのパターンを定義します。 `[^.#]\*.conf[^~]`などの値に設定すると、このディレクトリで偶発的に作成されたファイル(バージョン管理システムやエディタのバックアップにより作成されたファイルなど)がサーバ設定に*含まれなく*なります。 デフォルト値: '*'。 一部のオペレーティングシステムでは、`*.conf`の値が使用されます。デフォルトでは、このモジュールは`.conf`で終わる設定ファイルを作成します。 ##### `user` Apacheがリクエストの応答に使用するユーザを変更します。Apacheの親プロセスは引き続きルートとして稼働しますが、子プロセスはこのパラメータで定義されたユーザとしてリソースにアクセスします。Puppetがこのユーザを管理しないようにするには、[`manage_user`][]パラメータを`false`に設定します。 デフォルト値: [`apache::params`][]クラスにより設定されたユーザに依存します。これはオペレーティングシステムによって異なります。 - **Debian**: 'www-data' - **FreeBSD**: 'www' - **Gentoo**および**Red Hat**: 'apache' Puppetがこのユーザを管理しないようにするには、[`manage_user`][]パラメータをfalseに設定します。 ##### `apache_name` インストールするApacheパッケージの名前。標準的ではないApacheパッケージを使用している場合は、デフォルト設定をオーバーライドする必要があるかもしれません。 CentOS/RHELソフトウェアコレクション(SCL)では、`apache::version::scl_httpd_version`も使用できます。 デフォルト値: [`apache::params`][]クラスにより設定されたユーザに依存します。これはオペレーティングシステムによって異なります。 - **Debian**: 'apache2' - **FreeBSD**: 'apache24' - **Gentoo**: 'www-servers/apache' - **Red Hat**: 'httpd' ##### `error_log` メインサーバインスタンスのエラーログファイルの名前。`/`、`|`、または`syslog`で始まる文字列の場合、フルパスが設定されます。それ以外の場合は、ファイル名の先頭に`$logroot`がつきます。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian**: 'error.log' - **FreeBSD**: 'httpd-error.log' - **Gentoo**: 'error.log' - **Red Hat**: 'error_log' - **Suse**: 'error.log' ##### `scriptalias` グローバルスクリプトエイリアスに使用するディレクトリ。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian**: '/usr/lib/cgi-bin' - **FreeBSD**: '/usr/local/www/apache24/cgi-bin' - **Gentoo**: 'var/www/localhost/cgi-bin' - **Red Hat**: '/var/www/cgi-bin' - **Suse**: '/usr/lib/cgi-bin' ##### `access_log_file` メインサーバインスタンスのアクセスログファイルの名前。 デフォルト値: オペレーティングシステムによって異なります。 - **Debian**: 'error.log' - **FreeBSD**: 'httpd-access.log' - **Gentoo**: 'access.log' - **Red Hat**: 'access_log' - **Suse**: 'access.log' ##### `limitreqfields` [`limitreqfields`][]パラメータは、HTTPリクエスト内のリクエストヘッダフィールドの最大数を設定します。このディレクティブを使用すると、サーバ管理者は異常なクライアントリクエスト動作の制御を強化できるので、ある種のDoS攻撃の防止に役立てることができます。送信リクエスト内のフィールドが多過ぎることを示すエラー応答が、通常のクライアントに対して表示される場合、この値を増やす必要があります。 デフォルト値: '100'。 #### クラス: `apache::dev` Apache開発ライブラリをインストールします。 デフォルト値: オペレーティングシステムによって異なります。使用するオペレーティングシステムに基づく、[`apache::params`][]クラスの[`dev_packages`][]パラメータ。 - **Debian**: Ubuntu 13.10およびDebian 8では'libaprutil1-dev'、'libapr1-dev'、'apache2-dev'。その他のバージョンでは'apache2-prefork-dev'。 - **FreeBSD**: `undef`; FreeBSDでは、`apache::dev`を宣言する前に`apache::package`または`apache`クラスを宣言する必要があります。 - **Gentoo**: `undef` - **Red Hat**: 'httpd-devel' #### クラス: `apache::vhosts` [`apache::vhost`][]定義タイプを作成します。 **パラメータ**:  * `vhosts`: [`apache::vhost`][]定義タイプのパラメータを指定します。 値: [ハッシュ][]、キーは名前を表し、値は[`apache::vhost`][]定義タイプのパラメータの[ハッシュ][]を表します。 デフォルト値: '{}'。 > **注意**: すべてのバーチャルホストのパラメータのリストや[バーチャルホストの設定]については、[`apache::vhost`][]定義タイプのリファレンスを参照してください。 例えば、[名前ベースのバーチャルホスト][名前ベースのバーチャルホスト]のcustom_vhost_1を作成するには、`vhosts`パラメータを'{ "custom_vhost_1" => { "docroot" => "/var/www/custom_vhost_1", "port" => "81" }'に設定し、このクラスを宣言します。 ``` puppet class { 'apache::vhosts': vhosts => { 'custom_vhost_1' => { 'docroot' => '/var/www/custom_vhost_1', 'port' => '81', }, }, } ``` #### クラス: `apache::mod::` 指定した[Apacheモジュール][]を有効にします。Apacheモジュールを有効にして設定するには、このクラスを宣言します。 例えば、アイコンなしで[`mod_alias`][]をインストールして有効にするには、`icons_options`パラメータをNone'に設定して[`apache::mod::alias`][]クラスを宣言します。 ``` puppet class { 'apache::mod::alias': icons_options => 'None', } ``` 以下のApacheモジュールにはサポートするクラスがあり、その多くは、パラメータ化された設定が可能です。[`apache::mod`][]定義タイプを使えば、他のApacheモジュールをインストールできます。 * `actions` * `alias` ([`apache::mod::alias`][]参照) * `auth_basic` * `auth_cas`\* ([`apache::mod::auth_cas`][]参照) * `auth_mellon`\* ([`apache::mod::auth_mellon`][]参照) * `auth_kerb` * auth_gssapi * `authn_core` * `authn_dbd`\* ([`apache::mod::authn_dbd`][]参照) * `authn_file` * `authnz_ldap`\* ([`apache::mod::authnz_ldap`][]参照) * `authnz_pam` * `authz_default` * `authz_user` * `autoindex` * `cache` * `cgi` * `cgid` * `cluster` ([`apache::mod::cluster`][]参照) * `data` * `dav` * `dav_fs` * `dav_svn`\* * `dbd` * `deflate\` * `dev` * `dir`\* * `disk_cache` ([`apache::mod::disk_cache`][]参照) * `dumpio` ([`apache::mod::dumpio`][]参照) * `env` * `event` ([`apache::mod::event`][]参照) * `expires` * `ext_filter` ([`apache::mod::ext_filter`][]参照) * `fastcgi` * `fcgid` * `filter` * `geoip` ([`apache::mod::geoip`][]参照) * `headers` * `include` * `info`\* * `intercept_form_submit` * `itk` * `jk` ([`apache::mod::jk`]参照) * `ldap` ([`apache::mod::ldap`][]参照) * `lookup_identity` * `macro` ([`apache:mod:macro`][]参照) * `mime` * `mime_magic`\* * `negotiation` * `nss`\* ([`apache::mod::nss`][]参照) * `pagespeed` ([`apache::mod::pagespeed`][]参照) * `passenger`\* ([`apache::mod::passenger`][]参照) * `perl` * `peruser` * `php` ([`mpm_module`][]を`prefork`に設定する必要があります) * `prefork`\* * `proxy`\* ([`apache::mod::proxy`][]参照) * `proxy_ajp` * `proxy_balancer`\* ([`apache::mod::proxy_balancer`][]参照) * `proxy_balancer` * `proxy_html` ([`apache::mod::proxy_html`][]参照) * `proxy_http` * `python` ([`apache::mod::python`][]参照) * `reqtimeout` * `remoteip`\* * `rewrite` * `rpaf`\* * `setenvif` * `security` * `shib`\* ([`apache::mod::shib`]参照) * `speling` * `ssl`\* ([`apache::mod::ssl`][]参照) * `status`\* ([`apache::mod::status`][]参照) * `suphp` * `userdir`\* ([`apache::mod::userdir`][]参照) * `version` * `vhost_alias` * `worker`\* * `wsgi` ([`apache::mod::wsgi`][]参照) * `xsendfile` モジュールに付いている*のマークは、設定やモジュールを設定するためのパラメータが含まれるテンプレートがあることを示しています。ほとんどのApacheモジュールクラスパラメータにはデフォルト値があり、設定は必要ありません。 テンプレートのあるモジュールについては、Puppetでモジュールとともにテンプレートファイルがインストールされます。これらのテンプレートファイルは、モジュールが機能するために必要です。 ##### クラス: `apache::mod::alias` [`mod_alias`][]をインストールして管理します。 **パラメータ**:  * `icons_options`: Apache [`Options`]ディレクティブにより、アイコンディレクトリのディレクトリリスティングを無効にします。 デフォルト値: 'Indexes MultiViews'。 * `icons_path`: `/icons/`エイリアスのローカルパスを設定します。 デフォルト値: オペレーティングシステムによって異なります。 * **Debian**: `/usr/share/apache2/icons` * **FreeBSD**: `/usr/local/www/apache24/icons` * **Gentoo**: `/var/www/icons` * **Red Hat**: `/var/www/icons`、Apache 2.4の場合のみ、`/usr/share/httpd/icons` #### クラス: `apache::mod::disk_cache` Apache 2.2に[`mod_disk_cache`][]、またはApache 2.4に[`mod_cache_disk`][]をインストールして設定します。 デフォルト値: Apacheバージョンとオペレーティングシステムによって異なります。 - **Debian**: `/var/cache/apache2/mod_cache_disk` - **FreeBSD**: `/var/cache/mod_cache_disk` - **Red Hat、Apache 2.4**: `/var/cache/httpd/proxy` - **Red Hat、Apache 2.2**: `/var/cache/mod_proxy` キャッシュルートを指定するには、パスを文字列として`cache_root`パラメータに渡します。 ``` puppet class {'::apache::mod::disk_cache': cache_root => '/path/to/cache', } ``` キャッシュ無視ヘッダを指定するには、文字列を`cache_ignore_headers`パラメータに渡します。 ``` puppet class {'::apache::mod::disk_cache': cache_ignore_headers => "Set-Cookie", } ``` ##### クラス: `apache::mod::dumpio` [`mod_dumpio`][]をインストールして設定します。 ```puppet class{'apache': default_mods => false, log_level => 'dumpio:trace7', } class{'apache::mod::dumpio': dump_io_input => 'On', dump_io_output => 'Off', } ``` **パラメータ**:  * `dump_io_input`: すべての入力データをエラーログにダンプします。 値: 'On'、'Off'。  デフォルト値: 'Off'。 * `dump_io_output`: すべての出力データをエラーログにダンプします。 値: 'On'、'Off'。  デフォルト値: 'Off'。 ##### クラス: `apache::mod::event` [`mod_mpm_event`][]をインストールして管理します。同じサーバ上に、`apache::mod::event`と一緒に[`apache::mod::itk`][]、[`apache::mod::peruser`][]、[`apache::mod::prefork`][]、[`apache::mod::worker`][]を含めることはできません。 **パラメータ**:  * `listenbacklog`: モジュールの[`ListenBackLog`][]ディレクティブでペンディング接続キューの最大長を設定します。`false`に設定すると、このパラメータが削除されます。 デフォルト値: '511'。 * `maxrequestworkers` (_Apache 2.3.12以前_: `maxclients`): モジュールの[`MaxRequestWorkers`][]ディレクティブで、Apacheが同時に処理できる接続の最大数を設定します。`false`に設定すると、このパラメータが削除されます。 デフォルト値: '150'。 * `maxconnectionsperchild` (_Apache 2.3.8以前_: `maxrequestsperchild`): モジュールの[`MaxConnectionsPerChild`][]ディレクティブで、子サーバが稼働中に処理する接続の数を制限します。`false`に設定すると、このパラメータが削除されます。 デフォルト値: '0'。 * `maxsparethreads` and `minsparethreads`: [`MaxSpareThreads`][]および[`MinSpareThreads`][]ディレクティブで、待機スレッドの最大数と最小数を設定します。`false`に設定すると、このパラメータが削除されます。 デフォルト値: それぞれ'75'および'25'。 * `serverlimit`: [`ServerLimit`][]ディレクティブで、プロセスの設定数を制限します。`false`に設定すると、このパラメータが削除されます。 デフォルト値: '25'。 * `startservers`: モジュールの[`StartServers`][]ディレクティブで、起動時に作成される子サーバプロセスの数を設定します。`false`に設定すると、このパラメータが削除されます。 デフォルト値: '2'。 * `threadlimit`: モジュールの[`ThreadLimit`][]ディレクティブで、イベントスレッドの数を制限します。`false`に設定すると、このパラメータが削除されます。 デフォルト値: '64'。 * `threadsperchild`: [`ThreadsPerChild`][]ディレクティブで、各子サーバにより作成されるスレッドの数を設定します。 デフォルト値: '25'。`false`に設定すると、このパラメータが削除されます。 ##### クラス: `apache::mod::auth_cas` [`mod_auth_cas`][]をインストールして管理します。パラメータの名前はApacheモジュールのディレクティブと共通です。 `cas_login_url`および`cas_validate_url`パラメータは必須です。 その他のいくつかのパラメータのデフォルト値は`undef`です。 > **注意**: auth_casモジュールは、EPELにより提供される依存関係パッケージがなければ、RH/CentOSで使用できません。 [https://github.com/Jasig/mod_auth_cas]()を参照してください。 **パラメータ**:  - `cas_attribute_prefix`: ヘッダを追加します。SAMLバリデーションが有効になっている場合には、このヘッダの値が属性値になります。 デフォルト値: CAS_。 - `cas_attribute_delimiter`:`cas_attribute_prefix`により作成されたヘッダの属性値の区切り文字。 デフォルト値: ,。 - `cas_authoritative`: オプションの認証ディレクティブを承認してバインドするかどうかを決定します。 デフォルト値: `undef`。 - `cas_certificate_path`: `cas_login_url`および`cas_validate_url`のサーバについて、証明書認証局のX509証明書へのパスを設定します。 デフォルト値: `undef`。 - `cas_cache_clean_interval`: キャッシュクリーニング時間の最小秒数を設定します。 デフォルト値: `undef`。 - `cas_cookie_domain`: `Set-Cookie` HTTPヘッダの`Domain=`パラメータの値を設定します。 デフォルト値: `undef`。 - `cas_cookie_entropy`: セッション識別子を作成する際に使用するバイト数を設定します。 デフォルト値: `undef`。 - `cas_cookie_http_only`: `mod_auth_cas`がクッキーを発行する際のオプションの`HttpOnly`フラグを設定します。 デフォルト値: `undef`。 - `cas_cookie_path`: casクッキーセッションデータの保存場所。Webサーバユーザによる書き込みを可能にする必要があります。 デフォルト値: OSによって異なります。 - `cas_cookie_path_mode`: `cas_cookie_path`のモード。 デフォルト値: '0750'。 - `cas_debug`: モジュールのデバッギングモードを有効にするかどうかを決定します。 デフォルト値: 'Off'。 - `cas_idle_timeout`: 待機タイムアウトの制限を秒数で設定します。 デフォルト値: `undef`。 - `cas_login_url`: **必須**。ユーザがCASで保護されたリソースへのアクセスを試み、かつアクティブなセッションがない場合に、モジュールがユーザをリダイレクトする先のURLを設定します。 - `cas_proxy_validate_url`: プロキシバリデーションを実施する際に使用するURL。 デフォルト値: `undef`。 - `cas_root_proxied_as`: このApacheサーバへのアクセスがプロキシされた場合に、エンドユーザに表示されるURLを設定します。 デフォルト値: `undef`。 - `cas_scrub_request_headers`: mod_auth_cas内で特別な意味を持つ可能性のあるインバウンドリクエストヘッダを削除します。 - `cas_sso_enabled`: シングルサインアウトの実験的サポートを有効にします(POSTデータが壊れる可能性があります)。 デフォルト値: 'Off'。 - `cas_timeout`: `mod_auth_cas`セッションのアクティブ状態を維持する時間(秒数)を制限します。 デフォルト値: `undef`。 - `cas_validate_depth`: チェーンされた証明書バリデーションの深さを制限します。 デフォルト値: `undef`。 - `cas_validate_saml`: SAMLに関するCASサーバからの解析応答。 デフォルト値: 'Off'。 - `cas_validate_server`: CASサーバの証明書をバリデーションするかどうか(1.1 - RedHat 7では廃止予定)。 デフォルト値: `undef`。 - `cas_validate_url`: **必須**。HTTPクエリ文字列でクライアントの提示するチケットをバリデーションする際に使用するURL。 - `cas_version`: 従うべきCASプロトコルバージョン。値: '1'、'2'。 デフォルト値: '2'。 - `suppress_warning`: RedHat上にいることを示す警告を表示しないようにします(`mod_auth_cas`パッケージは、現在はepel-testingレポジトリで使用できます)。 デフォルト値: `false`。 ##### クラス: `apache::mod::auth_mellon` [`mod_auth_mellon`][]をインストールして管理します。パラメータの名前はApacheモジュールのディレクティブと共通です。 ``` puppet class{ 'apache::mod::auth_mellon': mellon_cache_size => 101, } ``` **パラメータ**:  * `mellon_cache_entry_size`: 1回のセッションの最大サイズ。 デフォルト値: `undef`。 * `mellon_cache_size`: mellonキャッシュのサイズ、単位はメガバイト。 デフォルト値: 100。 * `mellon_lock_file`: ロックファイルの場所。 デフォルト値: '`/run/mod_auth_mellon/lock`'。 * `mellon_post_directory`: ポストリクエストが保存される場所のフルパス。 デフォルト値: '`/var/cache/apache2/mod_auth_mellon/`'。 * `mellon_post_ttl`: ポストリクエストの維持時間。 デフォルト値: `undef`。 * `mellon_post_size`: ポストリクエストの最大サイズ。 デフォルト値: `undef`。 * `mellon_post_count`: ポストリクエストの最大数。 デフォルト値: `undef`。 ##### クラス: `apache::mod::authn_dbd` `mod_authn_dbd`をインストールし、`authn_dbd.conf.erb`テンプレートを使用して設定を生成します。オプションで、AuthnProviderAliasを作成します。 ``` puppet class { 'apache::mod::authn_dbd': $authn_dbd_params => 'host=db01 port=3306 user=apache password=xxxxxx dbname=apacheauth', $authn_dbd_query => 'SELECT password FROM authn WHERE user = %s', $authn_dbd_alias => 'db_auth', } ``` **パラメータ**:  * `authn_dbd_alias`: AuthnProviderAlias'の名前。 * `authn_dbd_dbdriver`: 使用するデータベースドライブを指定します。 デフォルト値: 'mysql'。 * `authn_dbd_exptime`: DBDExptimeに相当します。 デフォルト値: 300。 * `authn_dbd_keep`: DBDKeepに相当します。 デフォルト値: 8。 * `authn_dbd_max`: DBDMaxに相当します。 デフォルト値: 20。 * `authn_dbd_min`: DBDMinに相当します。 デフォルト値: 4。  * `authn_dbd_params`: **必須**。接続文字列に関して、DBDParamsに相当します。 * `authn_dbd_query`: 認証に関してユーザとパスワードを問い合わせるかどうか。 ##### クラス: `apache::mod::authnz_ldap` `mod_authnz_ldap`をインストールし、`authnz_ldap.conf.erb`テンプレートを使用して設定を生成します。 **パラメータ**:  * `package_name`: パッケージの名前。 デフォルト値: `undef`。 * `verify_server_cert`: サーバの証明書を確認するかどうか。 デフォルト値: `undef`。 ##### クラス: `apache::mod::cluster` **注意**: `mod_cluster`に関して提供されている公式なパッケージはありません。そのため、Apacheモジュールの外部から使用できるようにする必要があります。バイナリは[こちら](http://mod-cluster.jboss.org/)にあります。 ``` puppet class { '::apache::mod::cluster': ip => '172.17.0.1', allowed_network => '172.17.0.', balancer_name => 'mycluster', version => '1.3.1' } ``` **パラメータ**:  * `port`: mod_clusterのリッスンポート。 デフォルト値: '6666'。 * `server_advertise`: サーバをアドバタイズするかどうか。 デフォルト値: `true`。 * `advertise_frequency`: アドバタイズメッセージ間のインターバルを秒数[.ミリ秒]で設定します。 デフォルト値: 10。 * `manager_allowed_network`: ネットワークにmod_cluster_managerへのアクセスを許可するかどうか。 デフォルト値: '127.0.0.1'。 * `keep_alive_timeout`: Apacheがリクエストを待機する長さを秒数で指定します。 デフォルト値: 60。 * `max_keep_alive_requests`: 維持されるリクエストの最大数。 デフォルト値: 0。 * `enable_mcpm_receive`: MCPMを有効にするかどうか。 デフォルト値: `true`。 * `ip`: リッスンするIPアドレスを指定します。 * `allowed_network`: バランスドメンバーネットワーク。 * `version`: `mod_cluster`バージョンを指定します。httpd 2.4ではバージョン1.3.0以上が必要です。 ##### クラス: `apache::mod::deflate` [`mod_deflate`][]をインストールして設定します。 **パラメータ**:  * `types`: デフレートする[配列][]または[MIMEタイプ][MIME `content-type`]。 デフォルト値: ['text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json']。 * `notes`: [ハッシュ][]、キーはタイプを表し、値はノート名を表します。 デフォルト値: { 'Input' => 'instream'、'Output' => 'outstream'、'Ratio' => 'ratio' }。 ##### クラス: `apache::mod::expires` [`mod_expires`][]をインストールし、`expires.conf.erb`を使用して設定を生成します。 **パラメータ**:  * `expires_active`: ドキュメント領域に関して`Expires`ヘッダの生成を有効にします。 ブーリアン。 デフォルト値: `true`。 * `expires_default`: [`ExpiresByType`][]構文または[インターバル構文][]を用いた有効期限計算のためのデフォルトアルゴリズムを指定します。 デフォルト値: `undef`。 * `expires_by_type`: 一連の[MIME `content-type`][]とその有効期限を表します。 値: [ハッシュ][ハッシュ]の[配列][]、各ハッシュのキーは有効なMIME `content-type` ('text/json'など)、値は以下の有効な [インターバル構文][]。 デフォルト値: `undef`。 ##### クラス: `apache::mod::ext_filter` [`mod_ext_filter`][]をインストールして設定します。 ``` puppet class { 'apache::mod::ext_filter': ext_filter_define => { 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', }, } ``` **パラメータ**:  * `ext_filter_define`: フィルタ名とそのパラメータのハッシュ。 デフォルト値: `undef`。 ##### クラス: `apache::mod::fcgid` [`mod_fcgid`][]をインストールして設定します。 このクラスでは、使用可能なすべてのオプションを個別にパラメータ化するのではなく、`options` [ハッシュ][]を使って`mod_fcgid`を設定します。例: ``` puppet class { 'apache::mod::fcgid': options => { 'FcgidIPCDir' => '/var/run/fcgidsock', 'SharememPath' => '/var/run/fcgid_shm', 'AddHandler' => 'fcgid-script .fcgi', }, } ``` すべてのオプションのリストについては、[公式`mod_fcgid`ドキュメント][`mod_fcgid`]を参照してください。 `apache::mod::fcgid`を含める場合は、ディレクトリごと、バーチャルホストごとに[`FcgidWrapper`][]を設定できます。最初にモジュールをロードする必要があります。`apache::vhost`で`fcgiwrapper`パラメータを設定している場合、Puppetは自動的にはモジュールを有効化しません。 ``` puppet include apache::mod::fcgid apache::vhost { 'example.org': docroot => '/var/www/html', directories => { path => '/var/www/html', fcgiwrapper => { command => '/usr/local/bin/fcgiwrapper', } }, } ``` ##### クラス: `apache::mod::geoip` [`mod_geoip`][]をインストールして管理します。 **パラメータ**:  * `db_file`: GeoIPデータベースファイルのパスを設定します。 値: パス、または複数のGeoIPデータベースファイルの[配列][]パス。 デフォルト値: `/usr/share/GeoIP/GeoIP.dat`。 * `enable`: [`mod_geoip`][]を全体で有効にするかどうかを決定します。 ブーリアン。 デフォルト値: `false`。 * `flag`: GeoIPフラグを設定します。 値: 'CheckCache'、'IndexCache'、'MemoryCache'、'Standard'。 デフォルト値: 'Standard'。 * `output`: 使用するアウトプット変数を定義します。 値: 'All'、'Env'、'Request'、'Notes'。 デフォルト値: 'All'。 * `enable_utf8`: アウトプットをISO*8859*1 (ラテン*1)からUTF*8に変更します。 ブーリアン。 デフォルト値: `undef`。 * `scan_proxy_headers`: [GeoIPScanProxyHeaders][]オプションを有効にします。 ブーリアン。 デフォルト値: `undef`。 * `scan_proxy_header_field`: クライアントのIPアドレスの決定に使用するヘッダの[`mod_geoip`][]を指定します。 デフォルト値: `undef`。 * `use_last_xforwarededfor_ip` (sic): IPアドレスのカンマ区切りリストで見つかったクライアントのIPの最初または最後のIPアドレスを使うかどうかを決定します。 ブーリアン。 デフォルト値: `undef`。 ##### クラス: `apache::mod::info` サーバ設定の全体的な概要を提供する[`mod_info`][]をインストールして管理します。 **パラメータ**:  * `allow_from`: IPv4またはIPv6アドレスのホワイトリスト、または`/server*info`にアクセスできる範囲。 値: IPv4アドレス、IPv6アドレス、または範囲の1つまたは複数のオクテット、またはいずれかの配列。 デフォルト値: ['127.0.0.1','::1']。  * `apache_version`: 文字列で表されるApacheのバージョン番号、'2.2'や'2.4'など。  デフォルト値: [`$::apache::apache_version`][`apache_version`]の値。 * `restrict_access`: アクセス制限を有効にするかどうかを決定します。`false`の場合、`allow_from`ホワイトリストは無視され、すべてのIPアドレスが `/server*info`にアクセスできるようになります。 ブーリアン。 デフォルト値: `true`。 ##### クラス: `apache::mod::itk` [`mod_itk`][]をインストールして管理します。これはHTTPDプロセス向けにロードおよび設定されるMPMです。[公式ドキュメント](http://mpm-itk.sesse.net/)。 **パラメータ**:  * `startservers`: 起動時に作成される子サーバプロセスの数。 値: 整数。 デフォルト値: `8`。 * `minspareservers`: 待機する子サーバプロセスに望ましい最小数。 値: 整数。 デフォルト値: `5`。 * `maxspareservers`: 待機する子サーバプロセスに望ましい最大数。 値: 整数。 デフォルト値: `20`。 * `serverlimit`: Apache httpdプロセスの継続期間に対して設定されるMaxRequestWorkersの最大数。 値: 整数。 デフォルト値: `256`。 * `maxclients`: 処理される同時リクエストの最大数。 値: 整数。 デフォルト値: `256`。 * `maxrequestsperchild`: 個々の子サーバプロセスが処理する接続の最大数。 値: 整数。 デフォルト値: `4000`。 * `enablecapabilities`: 親プロセスのルート機能をほぼすべて削除し、User/Groupディレクティブで指定されたユーザとして、いくつかの追加機能(特にsetuid)付きで実行します。 セキュリティはある程度強化されますが、NFSなどの機能に対応しないファイルシステムによる処理では問題が生じるおそれがあります。 値: ブール値。 デフォルト値: `undef`。 ##### クラス: `apache::mod::jk` `mod_jk`をインストールして管理します。これは、Apache httpdリダイレクションと古いバージョンのTomCatおよびJBossを結ぶコネクタです。 **注意**: mod\_jkに関して提供されている公式のパッケージはありません。そのため、apacheモジュールの制御以外の手段で使用できるようにする必要があります。バイナリは[Apache Tomcatコネクタダウンロードページ](https://tomcat.apache.org/download-connectors.cgi)にあります。 ``` puppet class { '::apache::mod::jk': ip => '192.168.2.15', workers_file => 'conf/workers.properties', mount_file => 'conf/uriworkermap.properties', shm_file => 'run/jk.shm', shm_size => '50M', workers_file_content => { }, } ``` 詳細については、[templates/mod/jk/workers.properties.erb](templates/mod/jk/workers.properties.erb)を参照してください。 **`apache::mod::jk`**内のパラメータ: `mod_jk`パラメータを理解するための情報源としては、[公式ドキュメント](https://tomcat.apache.org/connectors-doc/reference/apache.html)が最適です。ただし、次はこれに含まれません: **add_listen** パラメータ`ip`および `port`に従って`Listen`ディレクティブを定義して(下記参照)、ApacheがIP/portの組合せをリッスンし`mod_jk`にリダイレクトするようにします。 `Listen *:`または`Listen `のように、別の`Listen`ディレクティブが`mod_jk`バインディングで必要なものと競合するときに役立ちます。 タイプ: ブール値 デフォルト: true **ip** `mod_jk`にバインディングするIP。 バインディングアドレスがプライマリのネットワークインターフェースIPではないときに役立ちます。 タイプ: 文字列 デフォルト: `$facts['ipaddress']` **port** `mod_jk`にバインディングするポート。 リバースプロキシまたはキャッシュのような、別のものがポート80でリクエストを受信して、異なるポートのApacheに転送する必要があるときに役立ちます。 タイプ: 文字列(数値) デフォルト: '80' **workers\_file\_content** 各ディレクティブにはフォーマット`worker..=`があります。このマップは複数ハッシュのハッシュとして表され、外側のハッシュはワーカーを指定し、内側の各ハッシュは各ワーカーのプロパティと値を指定します。 また、2つのグローバルディレクティブ 'worker.list'および'worker.maintain'もあります。 例えば、以下のワーカーファイルは図1のようにパラメータ化します。 ``` puppet worker.list = status worker.list = some_name,other_name worker.maintain = 60 # Optional comment worker.some_name.type=ajp13 worker.some_name.socket_keepalive=true # I just like comments worker.other_name.type=ajp12 (why would you?) worker.other_name.socket_keepalive=false ``` **図1:** ``` puppet $workers_file_content = { worker_lists => ['status', 'some_name,other_name'], worker_maintain => '60', some_name => { comment => 'Optional comment', type => 'ajp13', socket_keepalive => 'true', }, other_name => { comment => 'I just like comments', type => 'ajp12', socket_keepalive => 'false', }, } ``` **mount\_file\_content** 各ディレクティブにはフォーマット` = `があります。このマップは複数ハッシュのハッシュとして表され、外側のハッシュはワーカーを指定し、内側の各ハッシュは次の2つのアイテムを含みます: * uri_list&mdash - ワーカーにマップするURIを用いた配列 * comment&mdash - ワーカーに関するコメントを記したオプションの文字列 例えば、以下のマウントファイルは図2のようにパラメータ化します。 ``` puppet # Worker 1 /context_1/ = worker_1 /context_1/* = worker_1 # Worker 2 / = worker_2 /context_2/ = worker_2 /context_2/* = worker_2 ``` **図2:** ``` puppet $mount_file_content = { worker_1 => { uri_list => ['/context_1/', '/context_1/*'], comment => 'Worker 1', }, worker_2 => { uri_list => ['/context_2/', '/context_2/*'], comment => 'Worker 2', }, }, ``` **shm\_file and log\_file** これらのファイルがどのように定義されているかによって、クラスはそれらの最終パスを別々に作成します。 - 相対パス: `logroot`で提供されたパスを追加します (下記参照) - 絶対パスまたはパイプ: 提供されたパスをそのまま使用します 例 (RHEL 6): ``` puppet shm_file => 'shm_file' # Ends up in $shm_path = '/var/log/httpd/shm_file' ``` ``` puppet shm_file => '/run/shm_file' # Ends up in $shm_path = '/run/shm_file' ``` ``` puppet shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' # Ends up in $shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' ``` > デフォルトのlogrootは十分健全です。このため、絶対パスを指定することは推奨しません。 **logroot** `shm_file`および`log_file`のベースディレクトリは`logroot`パラメータで決定されます。指定されない場合、デフォルトは`apache::params::logroot`です。 > デフォルトのlogrootは十分健全です。このため、上書きすることは推奨しません。 ##### クラス: `apache::mod::passenger`  [`mod_passenger`][]をインストールして管理します。Red Hatベースのシステムの場合は、[passengerドキュメント](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux)に記載された最小要件を満たしていることを確認してください。 現在のサーバ設定は、[Passengerリファレンス](https://www.phusionpassenger.com/library/config/apache/reference/)から直接取得されています。廃止予定の警告と削除失敗メッセージを有効にするには、 サーバにインストールされているバージョン番号を`passenger_installed_version`に設定します。 **パラメータ**:  |パラメータ|デフォルト値|passengerの設定|コンテキスト|注記| |---------|-------------|------------------------|-------|-----| |manage_repo|true|n/a||| |mod_id|未定義|n/a||| |mod_lib|未定義|n/a||| |mod_lib_path|未定義|n/a||| |mod_package|未定義|n/a||| |mod_package_ensure|未定義|n/a||| |mod_path|未定義|n/a||| |passenger_allow_encoded_slashes|未定義|[`PassengerAllowEncodedSlashes`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAllowEncodedSlashes)|server-config virutal-host htaccess directory || |passenger_app_env|未定義|[`PassengerAppEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppEnv)|server-config virutal-host htaccess directory || |passenger_app_group_name|未定義|[`PassengerAppGroupName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppGroupName)|server-config virutal-host htaccess directory || |passenger_app_root|未定義|[`PassengerAppRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppRoot)|server-config virutal-host htaccess directory || |passenger_app_type|未定義|[`PassengerAppType`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppType)|server-config virutal-host htaccess directory || |passenger_base_uri|未定義|[`PassengerBaseURI`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBaseURI)|server-config virutal-host htaccess directory || |passenger_buffer_response|未定義|[`PassengerBufferResponse`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferResponse)|server-config virutal-host htaccess directory || |passenger_buffer_upload|未定義|[`PassengerBufferUpload`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferUpload)|server-config virutal-host htaccess directory || |passenger_concurrency_model|未定義|[`PassengerConcurrencyModel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerConcurrencyModel)|server-config virutal-host htaccess directory || |passenger_conf_file|$::apache::params::passenger_conf_file|n/a||| |passenger_conf_package_file|$::apache::params::passenger_conf_package_file|n/a||| |passenger_data_buffer_dir|未定義|[`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDataBufferDir)|server-config || |passenger_debug_log_file|未定義|PassengerDebugLogFile|server-config |このオプションの名前は、バージョン5.0.5でPassengerLogFileに変更されています。| |passenger_debugger|未定義|[`PassengerDebugger`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDebugger)|server-config virutal-host htaccess directory || |passenger_default_group|未定義|[`PassengerDefaultGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultGroup)|server-config || |passenger_default_ruby|$::apache::params::passenger_default_ruby|[`PassengerDefaultRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultRuby)|server-config || |passenger_default_user|未定義|[`PassengerDefaultUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultUser)|server-config || |passenger_disable_security_update_check|未定義|[`PassengerDisableSecurityUpdateCheck`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDisableSecurityUpdateCheck)|server-config || |passenger_enabled|未定義|[`PassengerEnabled`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerEnabled)|server-config virutal-host htaccess directory || |passenger_error_override|未定義|[`PassengerErrorOverride`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerErrorOverride)|server-config virutal-host htaccess directory || |passenger_file_descriptor_log_file|未定義|[`PassengerFileDescriptorLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFileDescriptorLogFile)|server-config || |passenger_fly_with|未定義|[`PassengerFlyWith`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFlyWith)|server-config || |passenger_force_max_concurrent_requests_per_process|未定義|[`PassengerForceMaxConcurrentRequestsPerProcess`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerForceMaxConcurrentRequestsPerProcess)|server-config virutal-host htaccess directory || |passenger_friendly_error_pages|未定義|[`PassengerFriendlyErrorPages`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFriendlyErrorPages)|server-config virutal-host htaccess directory || |passenger_group|未定義|[`PassengerGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerGroup)|server-config virutal-host directory || |passenger_high_performance|未定義|[`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerHighPerformance)|server-config virutal-host htaccess directory || |passenger_installed_version|未定義|n/a| |このオプションを設定すると、指定した値に対するpassengerオプションのバージョンチェックが有効になります。| |passenger_instance_registry_dir|未定義|[`PassengerInstanceRegistryDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerInstanceRegistryDir)|server-config || |passenger_load_shell_envvars|未定義|[`PassengerLoadShellEnvvars`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLoadShellEnvvars)|server-config virutal-host htaccess directory || |passenger_log_file|未定義|[`PassengerLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogFile)|server-config || |passenger_log_level|未定義|[`PassengerLogLevel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogLevel)|server-config || |passenger_lve_min_uid|未定義|[`PassengerLveMinUid`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLveMinUid)|server-config virtual-host || |passenger_max_instances|未定義|[`PassengerMaxInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstances)|server-config virutal-host htaccess directory || |passenger_max_instances_per_app|未定義|[`PassengerMaxInstancesPerApp`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstancesPerApp)|server-config || |passenger_max_pool_size|未定義|[`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPoolSize)|server-config || |passenger_max_preloader_idle_time|未定義|[`PassengerMaxPreloaderIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPreloaderIdleTime)|server-config virtual-host || |passenger_max_request_queue_size|未定義|[`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestQueueSize)|server-config virutal-host htaccess directory || |passenger_max_request_time|未定義|[`PassengerMaxRequestTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestTime)|server-config virutal-host htaccess directory || |passenger_max_requests|未定義|[`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequests)|server-config virutal-host htaccess directory || |passenger_memory_limit|未定義|[`PassengerMemoryLimit`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMemoryLimit)|server-config virutal-host htaccess directory || |passenger_meteor_app_settings|未定義|[`PassengerMeteorAppSettings`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMeteorAppSettings)|server-config virutal-host htaccess directory || |passenger_min_instances|未定義|[`PassengerMinInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMinInstances)|server-config virutal-host htaccess directory || |passenger_nodejs|未定義|[`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerNodejs)|server-config virutal-host htaccess directory || |passenger_pool_idle_time|未定義|[`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPoolIdleTime)|server-config || |passenger_pre_start|未定義|[`PassengerPreStart`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPreStart)|server-config virtual-host || |passenger_python|未定義|[`PassengerPython`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPython)|server-config virutal-host htaccess directory || |passenger_resist_deployment_errors|未定義|[`PassengerResistDeploymentErrors`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResistDeploymentErrors)|server-config virutal-host htaccess directory || |passenger_resolve_symlinks_in_document_root|未定義|[`PassengerResolveSymlinksInDocumentRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResolveSymlinksInDocumentRoot)|server-config virutal-host htaccess directory || |passenger_response_buffer_high_watermark|未定義|[`PassengerResponseBufferHighWatermark`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResponseBufferHighWatermark)|server-config || |passenger_restart_dir|未定義|[`PassengerRestartDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRestartDir)|server-config virutal-host htaccess directory || |passenger_rolling_restarts|未定義|[`PassengerRollingRestarts`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRollingRestarts)|server-config virutal-host htaccess directory || |passenger_root|$::apache::params::passenger_root|[`PassengerRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRoot)|server-config || |passenger_ruby|$::apache::params::passenger_ruby|[`PassengerRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRuby)|server-config virutal-host htaccess directory || |passenger_security_update_check_proxy|未定義|[`PassengerSecurityUpdateCheckProxy`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSecurityUpdateCheckProxy)|server-config || |passenger_show_version_in_header|未定義|[`PassengerShowVersionInHeader`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerShowVersionInHeader)|server-config || |passenger_socket_backlog|未定義|[`PassengerSocketBacklog`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSocketBacklog)|server-config || |passenger_spawn_method|未定義|[`PassengerSpawnMethod`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSpawnMethod)|server-config virtual-host || |passenger_start_timeout|未定義|[`PassengerStartTimeout`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartTimeout)|server-config virutal-host htaccess directory || |passenger_startup_file|未定義|[`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartupFile)|server-config virutal-host htaccess directory || |passenger_stat_throttle_rate|未定義|[`PassengerStatThrottleRate`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStatThrottleRate)|server-config || |passenger_sticky_sessions|未定義|[`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessions)|server-config virutal-host htaccess directory || |passenger_sticky_sessions_cookie_name|未定義|[`PassengerStickySessionsCookieName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessionsCookieName)|server-config virutal-host htaccess directory || |passenger_thread_count|未定義|[`PassengerThreadCount`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerThreadCount)|server-config virutal-host htaccess directory || |passenger_use_global_queue|未定義|PassengerUseGlobalQueue|server-config || |passenger_user|未定義|[`PassengerUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUser)|server-config virutal-host directory || |passenger_user_switching|未定義|[`PassengerUserSwitching`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUserSwitching)|server-config || |rack_auto_detect|未定義|RackAutoDetect|server-config |これらのオプションは、バージョン4.0.0で最適化の一環として削除されました。代わりにPassengerEnabledを使用してください。| |rack_autodetect|未定義|n/a||| |rack_base_uri|未定義|RackBaseURI|server-config |3.0.0で廃止され、PassengerBaseURIが採用されました。| |rack_env|未定義|[`RackEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RackEnv)|server-config virutal-host htaccess directory || |rails_allow_mod_rewrite|未定義|RailsAllowModRewrite|server-config |このオプションは、バージョン4.0.0以降では何の影響も与えません。| |rails_app_spawner_idle_time|未定義|RailsAppSpawnerIdleTime|server-config |このオプションはバージョン4.0.0で削除され、PassengerMaxPreloaderIdleTimeに置き換えられました。| |rails_auto_detect|未定義|RailsAutoDetect|server-config |これらのオプションは、バージョン4.0.0で最適化の一環として削除されました。代わりにPassengerEnabledを使用してください。| |rails_autodetect|未定義|n/a||| |rails_base_uri|未定義|RailsBaseURI|server-config |3.0.0で廃止され、PassengerBaseURIが採用されました。| |rails_default_user|未定義|RailsDefaultUser|server-config |3.0.0で廃止され、PassengerDefaultUserが採用されました。| |rails_env|未定義|[`RailsEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RailsEnv)|server-config virutal-host htaccess directory || |rails_framework_spawner_idle_time|未定義|RailsFrameworkSpawnerIdleTime|server-config |このオプションはバージョン4.0.0では使用できません。フレームワークスポーンも同時に削除されたので、代わりのオプションはありません。スマートスポーンを使用してください。| |rails_ruby|未定義|RailsRuby|server-config |3.0.0で廃止され、PassengerRubyが採用されました。| |rails_spawn_method|未定義|RailsSpawnMethod|server-config |3.0.0で廃止され、PassengerSpawnMethodが採用されました。| |rails_user_switching|未定義|RailsUserSwitching|server-config |3.0.0で廃止され、PassengerUserSwitchingが採用されました。| |wsgi_auto_detect|未定義|WsgiAutoDetect|server-config |これらのオプションは、バージョン4.0.0で最適化の一環として削除されました。代わりにPassengerEnabledを使用してください。| ##### クラス: `apache::mod::ldap` [`mod_ldap`][]をインストールして設定し、[`LDAPTrustedGlobalCert`](https://httpd.apache.org/docs/current/mod/mod_ldap.html#ldaptrustedglobalcert)ディレクティブの修正を可能にします。 ``` puppet class { 'apache::mod::ldap': ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt', ldap_trusted_global_cert_type => 'CA_DER', ldap_trusted_mode => 'TLS', ldap_shared_cache_size => '500000', ldap_cache_entries => '1024', ldap_cache_ttl => '600', ldap_opcache_entries => '1024', ldap_opcache_ttl => '600', } ``` **パラメータ**  * `apache_version`: インストールされたApacheバージョンを指定します。 デフォルト値: `undef`。 * `ldap_trusted_global_cert_file`: LDAPサーバ上でSSLまたはTLS接続を確立する際に使用する、信頼できるCA証明書のパスとファイル名を指定します。 * `ldap_trusted_global_cert_type`:グローバルな信頼できる証明書フォーマットを指定します。 デフォルト値: 'CA_BASE64'。 * `ldap_trusted_mode`: LDAPサーバ接続時に使用されるSSL/TLSモードを指定します。 * `ldap_shared_cache_size`: 共有されたメモリのキャッシュのサイズをバイトで指定します。 * `ldap_cache_entries`: 一次LDAPキャッシュのエントリの最大数を指定します。 * `ldap_cache_ttl`: キャッシュされたアイテムが有効に保たれる時間を秒数で指定します。 * `ldap_opcache_entries`: LDAP比較演算のキャッシュに用いるエントリ数を指定します。 * `ldap_opcache_ttl`: 演算キャッシュのエントリが有効に保たれる時間を秒数で指定します。 * `package_name`: カスタムパッケージ名を指定します。 デフォルト値: `undef`。 ##### クラス: `apache::mod::negotiation` [`mod_negotiation`][]をインストールして設定します。 **パラメータ**:  * `force_language_priority`: `ForceLanguagePriority`オプションを設定します。 値: 文字列。  デフォルト値: `Prefer Fallback`。 * `language_priority`: モジュールの`LanguagePriority`オプションを設定するための言語の[配列][]。 デフォルト値: ['en'、'ca'、cs'、'da'、'de'、'el'、'eo'、'es'、'et'、'fr'、'he'、'hr'、'it'、'ja'、'ko'、'ltz'、'nl'、'nn'、'no'、'pl'、'pt'、'pt-BR'、'ru'、'sv'、'zh-CN'、'zh-TW']。 ##### クラス: `apache::mod::nss` NSS暗号化ライブラリを使用するApacheのSSLプロバイダ。 **パラメータ:** - `transfer_log`: access.logのパス。 - `error_log`: error.logのパス。 - `passwd_file`: NSSPassPhraseDialogディレクティブに使用するファイルのパス。 - `port`: SSLポート。デフォルト値8443。 ##### クラス: `apache::mod::pagespeed` [`mod_pagespeed`][]をインストールして管理します。これは、Webページをリライトして冗長性と帯域を軽減するためのGoogleモジュールです。 このapacheモジュールには`mod-pagespeed-stable`が必要ですが、Puppetはパッケージを自動的にインストールするために必要なソフトウェアを管理**しません**。パッケージがインストールされていないか、お使いのパッケージマネージャで使用できない場合にこのクラスを宣言すると、Puppet実行は失敗します。 > **注意:** お使いのシステムが最新のGoogle Pagespeed要件を満たしていることを確認してください。 **パラメータ**:  以下のパラメータはモジュールのディレクティブに相当します。詳細については、[モジュールのドキュメント][`mod_pagespeed`]を参照してください。 * `inherit_vhost_config`: デフォルト値: 'on'。 * `filter_xhtml`: デフォルト値: `false`。 * `cache_path`: デフォルト値: '/var/cache/mod_pagespeed/'。 * `log_dir`: デフォルト値: '/var/log/pagespeed'。 * `memcache_servers`: デフォルト値: []。 * `rewrite_level`: デフォルト値: 'CoreFilters'。 * `disable_filters`: デフォルト値: []。 * `enable_filters`: デフォルト値: []。 * `forbid_filters`: デフォルト値: []。 * `rewrite_deadline_per_flush_ms`: デフォルト値: 10。 * `additional_domains`: デフォルト値: `undef`。 * `file_cache_size_kb`: デフォルト値: 102400。 * `file_cache_clean_interval_ms`: デフォルト値: 3600000。 * `lru_cache_per_process`: デフォルト値: 1024。 * `lru_cache_byte_limit`: デフォルト値: 16384。 * `css_flatten_max_bytes`: デフォルト値: 2048。 * `css_inline_max_bytes`: デフォルト値: 2048。 * `css_image_inline_max_bytes`: デフォルト値: 2048。 * `image_inline_max_bytes`: デフォルト値: 2048。 * `js_inline_max_bytes`: デフォルト値: 2048。 * `css_outline_min_bytes`: デフォルト値: 3000。 * `js_outline_min_bytes`: デフォルト値: 3000。 * `inode_limit`: デフォルト値: 500000。 * `image_max_rewrites_at_once`: デフォルト値: 8。 * `num_rewrite_threads`: デフォルト値: 4。 * `num_expensive_rewrite_threads`: デフォルト値: 4。 * `collect_statistics`: デフォルト値: 'on'。 * `statistics_logging`: デフォルト値: 'on'。 * `allow_view_stats`: デフォルト値: []。 * `allow_pagespeed_console`: デフォルト値: []。 * `allow_pagespeed_message`: デフォルト値: []。 * `message_buffer_size`: デフォルト値: 100000。 * `additional_configuration`: ディレクティブ値ペアのハッシュ、またはpagespeed設定の最後に挿入する行の配列。デフォルト値: '{ }'。 ##### クラス: `apache::mod::passenger`  `mod_passenger`をインストールして設定します。 >**注意**: passengerモジュールは、EPELにより提供される依存関係パッケージと`mod_passengers`カスタムリポジトリがなければ、RH/CentOSでは使用できません。前述の`manage_repo`パラメータと[https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]()を参照してください。 **パラメータ**:  * `passenger_conf_file`: `$::apache::params::passenger_conf_file` * `passenger_conf_package_file: `$::apache::params::passenger_conf_package_file` * `passenger_high_performance`: デフォルト値: `undef` * `passenger_pool_idle_time`: デフォルト値: `undef` * `passenger_max_request_queue_size`: デフォルト値: `undef` * `passenger_max_requests`: デフォルト値: `undef` * `passenger_spawn_method`: デフォルト値: `undef` * `passenger_stat_throttle_rate`: デフォルト値: `undef` * `rack_autodetect`: デフォルト値: `undef` * `rails_autodetect`: デフォルト値: `undef` * `passenger_root` : `$::apache::params::passenger_root` * `passenger_ruby` : `$::apache::params::passenger_ruby` * `passenger_default_ruby`: `$::apache::params::passenger_default_ruby` * `passenger_max_pool_size`: デフォルト値: `undef` * `passenger_min_instances`: デフォルト値: `undef` * `passenger_max_instances_per_app`: デフォルト値: `undef` * `passenger_use_global_queue`: デフォルト値: `undef` * `passenger_app_env`: デフォルト値: `undef` * `passenger_log_file`: デフォルト値: `undef` * `passenger_log_level`: デフォルト値: `undef` * `passenger_data_buffer_dir`: デフォルト値: `undef` * `manage_repo`: phusionpassenger.comリポジトリを管理するかどうか。デフォルト値: `true` * `mod_package`: デフォルト値: `undef` * `mod_package_ensure`: デフォルト値: `undef` * `mod_lib`: デフォルト値: `undef` * `mod_lib_path`: デフォルト値: `undef` * `mod_id`: デフォルト値: `undef` * `mod_path`: デフォルト値: `undef` ##### クラス: `apache::mod::proxy` I`mod_proxy`をインストールし、`proxy.conf.erb`テンプレートを使用して設定を生成します。 **`apache::mod::proxy`内のパラメータ**: - `allow_from`: デフォルト値: `undef` - `apache_version`: デフォルト値: `undef` - `package_name`: デフォルト値: `undef` - `proxy_requests`: デフォルト値: 'Off' - `proxy_via`: デフォルト値: 'On' ##### クラス: `apache::mod::proxy_balancer` ロードバランシングを提供する[`mod_proxy_balancer`][]をインストールして管理します。 **パラメータ**:  * `manager`: バランサマネージャのサポートを有効にするかどうかを決定します。 デフォルト値: `false`。 * `manager_path`: バランサマネージャのサーバロケーション。 デフォルト値: '/balancer-manager'。 * `allow_from`: `/balancer-manager`にアクセスできるIPv4またはIPv6アドレスの[配列][]。 デフォルト値: ['127.0.0.1','::1']。  * `apache_version`: 文字列で表されるApacheのバージョン番号、'2.2'や'2.4'など。  デフォルト値: [`$::apache::apache_version`][`apache_version`]の値。Apache 2.4以上では、`mod_slotmem_shm`がロードされます。 ##### クラス: `apache::mod::php` [`mod_php`][]をインストールして設定します。 **パラメータ**:  以下のパラメータのデフォルト値は、オペレーティングシステムによって異なります。このクラスのパラメータのほとんどは、`mod_php`ディレクティブに相当します。詳細については、[モジュールのドキュメント][`mod_php`]を参照してください。 * `package_name`: `mod_php`をインストールするパッケージの名前。 * `path`: `mod_php`共有オブジェクト(`.so`)ファイルのパスを定義します。 * `source`: デフォルト設定のパスを定義します。値には`puppet:///`パスが含まれます。 * `template`: Puppetが設定ファイルの生成に使用する`php.conf`テンプレートのパスを定義します。 * `content`: `php.conf`に任意のコンテンツを追加します。 ##### クラス: `apache::mod::proxy_html` **注意**: `mod_proxy_html`に関して提供されている公式なパッケージはありません。そのため、apacheモジュールの外部から使用できるようにする必要があります。 ##### クラス: `apache::mod::python` [`mod_python`][]をインストールして設定します。 **パラメータ**  * `loadfile_name`: pythonモジュールのロードに使用される設定ファイルの名前を指定します。 ##### クラス: `apache::mod::reqtimeout` [`mod_reqtimeout`][]をインストールして設定します。 **パラメータ**  * `timeouts`: [`RequestReadTimeout`][]オプションを設定します。 値: 文字列または[配列][]。 デフォルト値: ['header=20-40,MinRate=500', 'body=20,MinRate=500']。 ##### クラス: `apache::mod::rewrite` Apacheモジュール`mod_rewrite`をインストールして有効にします。 ##### クラス: `apache::mod::shib` [Shibboleth](http://shibboleth.net/) Apacheモジュール`mod_shib`をインストールします。このモジュールは、Shibboleth認証プロバイダおよびShibboleth FederationsによるSAML2シングルサインオン(SSO)認証を有効にするものです。このクラスを定義すると、`apache::vhost`インスタンス内でShibboleth固有のパラメータが有効になります。 このクラスでインストールおよび設定されるのは、Shibboleth SSO認証をコンシュームするWebアプリケーションのApacheコンポーネントのみです。PuppetでShibboleth設定を手動で管理することも、[Shibboleth Puppetモジュール](https://github.com/aethylred/puppet-shibboleth)を使用することもできます。 **注意**: shibbolethモジュールは、Shibbolethのリポジトリにより提供される依存関係パッケージがなければ、RH/CentOSでは使用できません。[Shibboleth Service Provider Installation Guide](http://wiki.aaf.edu.au/tech-info/sp-install-guide)を参照してください。 ##### クラス: `apache::mod::ssl` [Apache SSL機能][`mod_ssl`]をインストールし、`ssl.conf.erb`テンプレートを使用して設定を生成します。ほとんどのオペレーティングシステムでは、この`ssl.conf`はモジュール設定ディレクトリに置かれています。Red Hatベースのオペレーティングシステムでは、このファイルは`/etc/httpd/conf.d`にあります。これは、RPMが設定を保存するのと同じロケーションです。 バーチャルホストでSSLを使用するには、`::apache`の[`default_ssl_vhost`][]パラメータを`true`に設定する**か**、[`apache::vhost`][]の[`ssl`][]パラメータを`true`に設定する必要があります。 - `ssl_cipher`: デフォルト値: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4' - `ssl_compression`: デフォルト値: false - `ssl_cryptodevice`: デフォルト値: 'builtin' - `ssl_honorcipherorder`: デフォルト値: true - `ssl_openssl_conf_cmd`: デフォルト値: undef - `ssl_cert`: デフォルト値: undef。 - `ssl_key`: デフォルト値: undef。 - `ssl_options`: デフォルト値: ['StdEnvVars'] - `ssl_pass_phrase_dialog`: デフォルト値: 'builtin' - `ssl_protocol`: デフォルト値: ['all', '-SSLv2', '-SSLv3']。 - `ssl_proxy_protocol`: デフォルト値: [] - `ssl_random_seed_bytes`: 有効なオプション: 文字列、デフォルト値: '512' - `ssl_sessioncache`: 有効なオプション: 文字列。デフォルト値: '300' - `ssl_sessioncachetimeout`: 有効なオプション: 文字列。デフォルト値: '300' - `ssl_mutex`: デフォルト値: OSによって異なります。有効なオプション: [mod_ssl][mod_ssl]ドキュメントを参照 - RedHat/FreeBSD/Suse/Gentoo: 'default' - Debian/Ubuntu + Apache >= 2.4: 'default' - Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex' **パラメータ: * `ssl_cipher` デフォルト値: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4' * `ssl_compression` デフォルト値: `false`。 * `ssl_cryptodevice` デフォルト値: 'builtin'  * `ssl_honorcipherorder` デフォルト値: `true`。 * `ssl_openssl_conf_cmd` デフォルト値: `undef`。 * `ssl_cert` デフォルト値: `undef`。 * `ssl_key` デフォルト値: `undef`。 * `ssl_options` デフォルト値: ['StdEnvVars'] * `ssl_pass_phrase_dialog` デフォルト値: 'builtin'  * `ssl_protocol` デフォルト値: ['all', '-SSLv2', '-SSLv3'] * `ssl_random_seed_bytes` 値: 文字列。  デフォルト値: '512' * `ssl_sessioncachetimeout` 値: 文字列。  デフォルト値: '300' * `ssl_mutex`: 値: [mod_ssl][mod_ssl]ドキュメントを参照。 デフォルト値: OSによって異なります: * RedHat/FreeBSD/Suse/Gentoo: 'default'. * Debian/Ubuntu + Apache >= 2.4: 'default'. * Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex'. * Ubuntu 10.04: 'file:/var/run/apache2/ssl_mutex'. ##### クラス: `apache::mod::status` [`mod_status`][]をインストールし、`status.conf.erb`テンプレートを使用して設定を生成します。 **パラメータ**:  * `allow_from`: `/server-status`にアクセスできるIPv4またはIPv6アドレスの[配列][]。 デフォルト値: ['127.0.0.1','::1']。  * Apacheバージョン2.4以降の`mod_authz_host` ディレクティブ(`require ip`、`require host`など)を使用して、アクセスできる/できないIPまたは名前の文字列、[配列][]、または[ハッシュ][]。このパラメータは、以下のいずれかの構成で指定します。 > Apacheバージョンが2.4以降の場合のみ使用 - `undef` - `allow_from` および古いディレクティブ構文(`Allow from `)を使用し、廃止予定の警告を通知します。 - String - `''`または`'unmanaged'` - authディレクティブなし(アクセス制御は別の方法で実施) - `'ip '` - `/server-status`にアクセスできるIP/範囲 - `'host '` - `/server-status`にアクセスできる名前/ドメイン - `'all [granted|denied]'` - すべてのユーザを許可/ブロック - 配列 - 各要素には上記のいずれかの文字列が入ります。配列要素ごとに1つのディレクティブになります。 - 以下の構造を持つハッシュ(キー => 値の形式で表示、キーは文字列) - `'requires'` => 上記に従った配列 - 配列と同じ作用 - `'enforce'` => `'Any'`、`'All'`、`'None'`のいずれかの文字列(任意指定) - `'requires'`キーで指定されたすべてのディレクティブを``ブロックで囲みます。 デフォルト値: 'ip 127.0.0.1 ::1' * `extended_status`: [`ExtendedStatus`][]ディレクティブをつうじて、各リクエストに関する拡張ステータス情報を追跡するかどうかを決定します。 値: 'Off'、'On'。 デフォルト値: 'On'。 * `status_path`: ステータスページのサーバロケーション。 デフォルト値: '/server-status'。 ##### クラス: `apache::mod::userdir` `http://example.com/~user/`構文を用いて、ユーザ指定のディレクトリにアクセスできるようにします。すべてのパラメータは、[公式のApacheドキュメント](https://httpd.apache.org/docs/2.4/mod/mod_userdir.html)で見られます。 **パラメータ**:  * `overrides`: ディレクティブタイプの[配列][]。 デフォルト値: ['FileInfo', 'AuthConfig', 'Limit', 'Indexes']。 ##### クラス: `apache::mod::version` 多くのオペレーティングシステムおよびApache構成上で[`mod_version`][]をインストールします。 Apache 2.4を使用するDebianおよびUbuntuが`apache::mod::version`で分類された場合は、`mod_version`がビルトインされているためロードできない旨の警告をPuppetが表示します。 ##### クラス: `apache::mod::security` Trustwaveの[`mod_security`][]をインストールして設定します。これはすべてのバーチャルホストでデフォルトで有効化され、実行されます。 **パラメータ**:  * `activated_rules`: `modsec_crs_path`のルールの[配列][]またはsymlinkを使用してアクティベートする絶対値。 * `allowed_methods`: 許可されるHTTPメソッドのスペース区切りリスト。 デフォルト値: 'GET HEAD POST OPTIONS'。 * `content_types`: 1つまたは複数の許可される[MIMEタイプ][MIME `content-type`]のリスト。 デフォルト値: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf'。 * `crs_package`: CRSルールをインストールするパッケージの名前。 デフォルト値: [`apache::params`][]内の`modsec_crs_package`。 * `manage_security_crs`: security_crs.confルールファイルを管理します。 デフォルト値: `true`。 * `modsec_dir`: Puppetがmodsec設定およびアクティベートされたルールリンクをインストールする場所のパスを定義します。 デフォルト値: 'On'、[`apache::params`][]の`modsec_dir`により設定。 ${modsec\_dir}/activated\_rules。 * `modsec_secruleengine`: modsecルールエンジンを設定します。値: 'On'、'Off'、'DetectionOnly'。 デフォルト値: [`apache::params`][]の`modsec_secruleengine`。 * `restricted_extensions`: 禁止されるファイル拡張子のスペース区切りリスト。 デフォルト値: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'。 * `restricted_headers`: 禁止されるヘッダのスラッシュおよびスペースで区切ったリスト。 デフォルト値: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'。 * `secdefaultaction`: OWASP ModSecurityコアルールセットに関して、動作モード、自己完結('deny')、コラボレーティブ検出('pass')を設定します。 デフォルト値: 'deny'。"log,auditlog,deny,status:406,tag:'SLA 24/7'"などの完全な値を設定することもできます。 * `secpcrematchlimit`: PCREライブラリのマッチ限度数を設定します。 デフォルト値: 1500。  * `secpcrematchlimitrecursion`: PCREライブラリのマッチ再帰制限数を設定します。 デフォルト値: 1500。  * `logroot`: オーディットおよびデバッグログの場所を設定します。 デフォルト値はApacheのログディレクトリ(Redhat: `/var/log/httpd`、Debian: `/var/log/apache2`)。 * `audit_log_relevant_status`: オーディットロギングの目的に関して、考慮すべき応答ステータスコードを設定します。 デフォルト値: '^(?:5|4(?!04))'。 * `audit_log_parts`: [オーディットログ][]に入れるべきセクションを設定します。 デフォルト値: 'ABIJDEFHZ'。 * `anomaly_score_blocking`: OWASP ModSecurityコアルールセットのコラボレーティブ検出ブロッキングをアクティベートまたはディアクティベートします。 デフォルト値: 'off'。 * `inbound_anomaly_threshold`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、インバウンドブロッキングルールのスコアリング閾値レベルを設定します。 デフォルト値: 5。  * `outbound_anomaly_threshold`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、アウトバウンドブロッキングルールのスコアリング閾値レベルを設定します。 デフォルト値: 4。  * `critical_anomaly_score`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、重要なセキュリティレベルのスコアリングポイントを設定します。 デフォルト値: 5。  * `error_anomaly_score`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、エラー深刻度レベルのスコアリングポイントを設定します。 デフォルト値: 4。  * `warning_anomaly_score`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、警告深刻度レベルのスコアリングポイントを設定します。 デフォルト値: 3。 * `notice_anomaly_score`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、通知深刻度レベルのスコアリングポイントを設定します。 デフォルト値: 2。 * `secrequestmaxnumargs`: リクエストの引数の最大数を設定します。 デフォルト値: 255。 * `secrequestbodylimit`: バッファリングに関してModSecurityが受け入れる最大リクエストボディサイズを設定します。 デフォルト値: '13107200'。 * `secrequestbodynofileslimit`: バッファリングに関してModSecurityが受け入れる最大リクエストボディサイズを設定します。リクエスト内でトランスポートされたファイルのサイズは除外されます。 デフォルト値: '131072'。 * `secrequestbodyinmemorylimit`: ModSecurityがメモリに保存する最大リクエストボディサイズを設定します。 デフォルト値: '131072'。 ##### クラス: `apache::mod::wsgi` [`mod_wsgi`][]を使用したPythonサポートを有効にします。 **パラメータ**:  * `mod_path`: `mod_wsgi`共有オブジェクト(`.so`)ファイルのパスを定義します。 デフォルト値: `undef`。 * `mod_path`パラメータに`/`が含まれていない場合、Puppetではオペレーティングシステムのデフォルトのモジュールパスの先頭にこれを付加します。含まれている場合は、そのとおりに扱われます。 * `package_name`: `mod_wsgi`をインストールするパッケージの名前。 デフォルト値: `undef`。 * `wsgi_python_home`: '/path/to/venv'などの[`WSGIPythonHome`][]ディレクティブを定義します。 値: パスを指定する文字列。  デフォルト値: `undef`。 * `wsgi_python_path`: '/path/to/venv/site-packages'などの[`WSGIPythonPath`][]ディレクティブを定義します。 値: パスを指定する文字列。  デフォルト値: `undef`。 * `wsgi_restrict_embedded`: 'On'などの[`WSGIRestrictEmbedded`][]ディレクティブを定義します。 値: On|Off|undef。 デフォルト値: undef。 * `wsgi_socket_prefix`: "\${APACHE\_RUN\_DIR}WSGI"などの[`WSGISocketPrefix`][]ディレクティブを定義します。 デフォルト値: [`apache::params`][]の`wsgi_socket_prefix`。 このクラスのパラメータはモジュールのディレクティブに相当します。詳細については、[モジュールのドキュメント][`mod_wsgi`]を参照してください。 ### プライベートクラス #### クラス: `apache::confd::no_accf` FreeBSDの Apache 2.4で必要とされる`no-accf.conf`設定ファイルを`conf.d`内に作成します。 #### クラス: `apache::default_confd_files` FreeBSDに`conf.d`を含めます。 #### クラス: `apache::default_mods` デフォルト設定の実行に必要なApacheモジュールをインストールします。詳細については、`apache`クラスの[`default_mods`][]パラメータを参照してください。 #### クラス: `apache::package` 基本のApacheパッケージをインストールして設定します。 #### クラス: `apache::params` 各種のオペレーティングシステムのApacheパラメータを管理します。 #### クラス: `apache::service` Apacheデーモンを管理します。 #### クラス: `apache::version` オペレーティングシステムに基づき、Apacheバージョンの自動検出を試みます。 ##### Red Hat Software Collections (SCL) CentOS/RHELのSoftware Collectionsでは、新しいApacheおよびPHPに加え、他のパッケージも使用できます。 `scl_httpd_version`が設定されている場合、Apache Httpdは[Software Collections](https://www.softwarecollections.org/en/)からインストールされます。 `scl_httpd_version`が設定されている場合、PHPをインストールする予定がない場合でも`scl_php_version`を設定する必要があります。 リポジトリはこのモジュールではまだ管理されていません。CentOSでは、`centos-release-scl-rh`パッケージをインストールすることでリポジトリを有効にできます。 ##### `scl_httpd_version` Red Hat Software Collections (SCL)を使用してインストールされるhttpdのバージョン。CentOSおよびRHELのコレクションでは、新しいApacheおよびPHPパッケージを使用できます。 `scl_httpd_version`を設定すると、Apache httpdは[Software Collections](https://www.softwarecollections.org/en/)からインストールされます。 `scl_httpd_version`を設定した場合、PHPをインストールする予定がない場合でも`scl_php_version`を設定する必要があります。 SCLリポジトリはこのモジュールではまだ管理されていません。CentOSでは、`centos-release-scl-rh`パッケージをインストールすることでリポジトリを有効にできます。 有効な値: インストールするhttpdのバージョンを指定する文字列。例えば、Apache 2.4の場合は'2.4'を指定します。 デフォルト値: undef。 ##### `scl_php_version` Red Hat Software Collections (SCL)を使用してインストールするhttpdのバージョン。CentOSおよびRHELのコレクションでは、新しいApacheおよびPHPのパッケージを使用できます。 `scl_php_version`を設定すると、PHPは[Software Collections](https://www.softwarecollections.org/en/)からインストールされます。 SCLリポジトリはこのモジュールではまだ管理されていません。CentOSでは、`centos-release-scl-rh`パッケージをインストールすることでリポジトリを有効にできます。 有効な値: インストールするPHPのバージョンを指定する文字列。例えば、PHP 7.1の場合は'7.1'を指定します。 デフォルト値: undef。 ### パブリック定義タイプ  #### 定義タイプ: `apache::balancer` [`mod_proxy`][]を用いて、Apacheロードバランシンググループ(バランサクラスタとも呼ばれます)を作成します。各ロードバランシンググループには、1つ以上のバランサメンバーが必要です。これは、 [`apache::balancermember`][]定義タイプによりPuppet内で宣言することができます。 各Apacheロードバランシンググループにつき、1つの`apache::balancer`定義タイプを宣言します。すべてのバランサメンバーについて`apache::balancermember`定義タイプをエクスポートし、[エクスポートリソース][]を用いて単一のApacheロードバランササーバで収集することもできます。 **パラメータ**:  ##### `name` バランサクラスタのタイトルと、その設定を含む`conf.d`の名前を設定します。 ##### `proxy_set` キー‐値ペアを[`ProxySet`][]行として設定します。値: [ハッシュ][]。 デフォルト値: '{}'。 ##### `options` バランサURLの後に[オプション](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)の[配列][]を指定します。[`ProxyPass`][]で使用可能な任意のキー-値ペアを使用できます。 デフォルト値: []。  ##### `collect_exported` [エクスポートリソース][]を使用するかどうかを決定します。 すべてのバックエンドサーバを静的に宣言する場合は、このパラメータを`false`に設定し、宣言済みの既存のバランサメンバーリソースに依存するようにします。また、[配列][]引数とともに`apache::balancermember`を使用します。 中央ノードで収集したエクスポートリソースを使用してバックエンドサーバを動的に宣言するには、このパラメータを`true`に設定し、バランサメンバーノードによりエクスポートされたバランサメンバーリソースを収集します。 エクスポートリソースを使用しない場合は、1回のPuppet実行ですべてのバランサメンバーが設定されます。エクスポートリソースを使用する場合は、まずバランシングしたノードについてPuppetを実行し、次にバランサで実行する必要があります。 ブーリアン。 デフォルト値: `true`。 #### 定義タイプ: `apache::balancermember` [`mod_proxy_balancer`][]のメンバーを定義します。これにより、ロードバランサの`apache.cfg`内でリッスンするサービス設定ブロック内のバランサメンバーが設定されます。 **パラメータ**:  ##### `balancer_cluster` **必須**。  Apacheサービスのインスタンス名を設定します。宣言された[`apache::balancer`][]リソースの名前と一致する必要があります。 ##### `url` バランサメンバーサーバとの連絡に使用するURLを指定します。 デフォルト値: 'http://${::fqdn}/'。 ##### `options` URL後に[オプション](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)の[配列][]を指定します。[`ProxyPass`][]で使用可能な任意のキー-値ペアを使用できます。 デフォルト値: 空配列。  #### 定義タイプ: `apache::custom_config` Apacheサーバの`conf.d`ディレクトリにカスタム設定ファイルを追加します。このファイルが無効で、この定義タイプの[`verify_config`][]パラメータの値が`true`になっている場合は、Puppet実行時にエラーが生じます。 **パラメータ**:  ##### `ensure` 設定ファイルが存在するべきかどうかを指定します。 値: 'absent'、'present'。  デフォルト値: 'present'。  ##### `confdir`  Puppetが設定ファイルを置くディレクトリを設定します。 デフォルト値: [`$::apache::confd_dir`][`confd_dir`]の値。 ##### `content` 設定ファイルのコンテンツを設定します。`content`および[`source`][]パラメータは、相互排他的な関係にあります。 デフォルト値: `undef`。  ##### `filename` Puppetが設定を保存する`confdir`下のファイル名を設定します。 デフォルト値: `priority`パラメータから生成したファイル名およびリソース名。 ##### `priority` Apacheでは設定ファイルがアルファベット順に処理されるため、ファイル名の先頭にこのパラメータの数値を付加することで、設定ファイルの優先順位を設定します。 設定ファイル名の優先順位の接頭値を無視するには、このパラメータを`false`に設定します。 デフォルト値: '25'。 ##### `source` 設定ファイルのソースを指します。[`content`][]および`source`パラメータは互いに排他的です。 デフォルト値: `undef`。  ##### `verify_command` Puppetが設定ファイルの確認に用いるコマンドを指定します。完全修飾コマンドを使用してください。 このパラメータは、[`verify_config`][]パラメータの値が`true`になっている場合にのみ使用されます。`verify_command`が失敗すると、Puppet実行により設定ファイルが削除されてエラーが生じますが、Apacheサービスには通知されません。 デフォルト値: '/usr/sbin/apachectl -t'。 ##### `verify_config` Apacheサービスに通知する前に設定ファイルのバリデーションを行うかどうかを指定します。 ブーリアン。 デフォルト値: `true`。 #### 定義タイプ: `apache::fastcgi::server` 特定のファイルタイプを処理する1つまたは複数の外部FastCGIサーバを定義します。この定義タイプは、[`mod_fastcgi`][FastCGI]とともに使用します。 **パラメータ**  ##### `host` FastCGIのホスト名またはIPアドレスおよびTCPポート番号(1-65535)を決定します。 デフォルト値: '127.0.0.1:9000'。 ##### `timeout` リクエストが中止され、エラーLogLevelにイベントが記録されるまでに、[FastCGI][]アプリケーションが非アクティブの状態で待機する秒数を設定します。この非アクティブタイマーは、FastCGIアプリケーションとの接続が待機中の場合のみ適用されます。アプリケーションの待ち行列に入ったリクエストに対して時間内に記述やフラッシュによる応答がないと、リクエストは中止されます。アプリケーションとの通信は完了したものの、クライアントとの通信が完了しなかった(応答がバッファリングされた)場合は、タイムアウトは適用されません。 デフォルト値: 15。 ##### `flush` アプリケーションから受信したデータを、強制的に[`mod_fastcgi`][FastCGI]がクライアントに書き込みます。デフォルトでは、アプリケーションをできるだけ早くフリーな状態にするために、`mod_fastcgi`はデータをバッファリングします。 デフォルト値: `false`。 ##### `faux_path` Apacheには、このファイル名を決定するURIを処理する[FastCGI][]があります。このパラメータで設定されたパスは、ローカルのファイルシステムに存在する必要はありません。 デフォルト値: "/var/www/${name}.fcgi"。 ##### `alias` FastCGIサーバとアクションを内部でリンクします。このエイリアスは一意である必要があります。 デフォルト値: "/${name}.fcgi"。 ##### `file_type` FastCGIサーバにより処理するファイルの[MIME `content-type`][]を設定します。 デフォルト値: 'application/x-httpd-php'。 #### 定義タイプ: `apache::listen` Apacheサーバまたはバーチャルホストのリッスンするアドレスとポートを定義する、Apache設定ディレクトリの`ports.conf`に、[`Listen`][]ディレクティブを追加します。[`apache::vhost`][]クラスはこの定義タイプを使用します。タイトルは ``、`:`、または`:`の形式をとります。 #### 定義タイプ: `apache::mod` 対応する[`apache::mod::`][]クラスを持たないApacheモジュール用のパッケージをインストールし、Apacheサーバの`module`および`enable`ディレクトリ内で、モジュールのデフォルト設定ファイルを確認または配置します。デフォルトのロケーションは、オペレーティングシステムによって異なります。 **パラメータ**:  ##### `package` **必須**。  PuppetがApacheモジュールのインストールに使用するパッケージの名前。 デフォルト値: `undef`。 ##### `package_ensure` Apacheモジュールをインストールの必要性をPuppetが確認するかどうかを決定します。 値: 'absent'、'present'。  デフォルト値: 'present'。  ##### `lib` モジュールの共有オブジェクト名を定義します。特別な理由がない限り、手動で設定しないでください。 デフォルト値: `mod_$name.so`。 ##### `lib_path` モジュールのライブラリのパスを指定します。特別な理由がない限り、手動で設定しないでください。[`path`][]パラメータは、この値をオーバーライドします。 デフォルト値: `apache`クラスの[`lib_path`][]パラメータ。 ##### `loadfile_name` モジュールの[`LoadFile`][]ディレクティブのファイル名を設定します。Apacheの処理はアルファベット順に行われるため、ファイル名によってモジュールのロード順序も設定できます。 値: `\*.load`の形式のファイル名。 デフォルト値: '$name.load'のように、リソース名の後に'load'をつけた値。 ##### `loadfiles` [`LoadFile`][]ディレクティブの配列を指定します。 デフォルト値: `undef`。 ##### `path` モジュールのパスを指定します。特別な理由がない限り、このパラメータは手動で設定しないでください。 デフォルト値: [`lib_path`][]/[`lib`][]。 #### 定義タイプ: `apache::namevirtualhost` [名前ベースのバーチャルホスト][]を有効にし、Apache HTTPD設定ディレクトリの `ports.conf`ファイルに関連するすべてのディレクティブを追加します。タイトルは、'\*'、'\*:\'、'\_default\_:\、'\'、または'\:\'の形式をとることができます。 #### 定義タイプ: `apache::vhost` apacheモジュールでは、バーチャルホストのセットアップと設定に関して、かなりの柔軟性が認められています。この柔軟性の一部は、定義リソースタイプの`vhost`によるものです。これを使えば、さまざまなパラメータを用いて、Apacheを何度も検証することができます。 `apache::vhost`定義タイプを使えば、デフォルトの範囲外の要件を持つバーチャルホストについて、特別な設定をすることができます。基本の`::apache`クラス内でデフォルトのバーチャルホストを設定することも、カスタマイズしたバーチャルホストをデフォルトとして設定することもできます。カスタマイズしたバーチャルホストの[`priority`][]の数値は基本のクラスよりも小さくなるため、Apacheはカスタマイズしたバーチャルホストを先に処理します。 `apache::vhost`定義タイプでは、`concat::fragment`を使用して設定ファイルを構築します。定義タイプがもともとサポートしていない設定の要素についてカスタムフラグメントを挿入するには、カスタムフラグメントをひとつずつ追加します。 `apache::vhost`定義タイプでは、カスタムフラグメントの`order`パラメータについては10の倍数が使用されるため、10の倍数ではない`order`が機能します。 > **Note:** `apache::vhost`を作成するとき、`default`または`default-ssl`を指定することはできません。これはこの属性を持つvhostsが常にモジュールによって管理されるためです。これは`Apache::Vhost['default']`または`Apache::Vhost['default-ssl]`リソースを上書きできないことを意味します。 オプションの回避策として、`my default`などの別の名前のvhostを作成して、`default`および`default_ssl`が`false`に設定されていることを確認します。 ``` class { 'apache': default_vhost => false default_ssl_vhost => false, } ``` **パラメータ**:  ##### `access_log` `*_access.log`ディレクティブ(`*_file`,`*_pipe`または`*_syslog`)を設定するかどうかを決定します。 ブーリアン。 デフォルト値: `true`。 ##### `access_log_env_var` 特定の環境変数を持つリクエストのみをロギングするように指定します。 デフォルト値: `undef`。 ##### `access_log_file` [`logroot`][]に置く`*_access.log`のファイル名を設定します。バーチャルホスト---例えばexample.comなど---を与えると、[SSL暗号化][SSL暗号化]バーチャルホストの場合はデフォルト値が'example.com_ssl.log'、暗号化されていないバーチャルホストの場合は'example.com_access.log'になります。 デフォルト値: `false`。 ##### `access_log_format` アクセスログに、[`LogFormat`][]のニックネームかカスタムフォーマットの文字列のいずれを使うかを指定します。 デフォルト値: 'combined'。 ##### `access_log_pipe` Apacheがアクセスログメッセージを送信するパイプを指定します。 デフォルト値: `undef`。 ##### `access_log_syslog` すべてのアクセスログメッセージをsyslogに送ります。 デフォルト値: `undef`。 ##### `add_default_charset` [`AddDefaultCharset`][]ディレクティブのデフォルトのメディア文字セット値を設定します。これは`text/plain`および`text/html`応答に追加されます。 デフォルト値: `undef`。 ##### `add_listen` バーチャルホストが[`Listen`][]ステートメントを作成するかどうかを決定します。 `add_listen`を`false`に設定すると、バーチャルホストは`Listen`ステートメントを作成しません。これは、`ip`パラメータを渡されていないバーチャルホストと渡されているバーチャルホストを組み合わせる場合に重要となります。 ブーリアン。 デフォルト値: `true`。 ##### `use_optional_includes` Apache 2.4以降の`additional_includes`について、Apacheが[`Include`][]の代わりに[`IncludeOptional`][]ディレクティブを使うかどうかを指定します。 ブーリアン。 デフォルト値: `false`。 ##### `additional_includes` 追加の静的なバーチャルホスト固有のApache設定ファイルのパスを指定します。このパラメータを使えば、このモジュールでサポートされていない固有のカスタム設定を実装することができます。 値: パスを指定する文字列また文字列の[配列][]。 デフォルト値: 空配列。  ##### `aliases` [ハッシュ][ハッシュ]のリストをバーチャルホストに渡し、[`mod_alias`][]ドキュメントに従って[`Alias`][]、[`AliasMatch`][]、[`ScriptAlias`][]、または[`ScriptAliasMatch`][]ディレクティブを作成します。 例:  ``` puppet aliases => [ { aliasmatch => '^/image/(.*)\.jpg$', path => '/files/jpg.images/$1.jpg', }, { alias => '/image', path => '/ftp/pub/image', }, { scriptaliasmatch => '^/cgi-bin(.*)', path => '/usr/local/share/cgi-bin$1', }, { scriptalias => '/nagios/cgi-bin/', path => '/usr/lib/nagios/cgi-bin/', }, { alias => '/nagios', path => '/usr/share/nagios/html', }, ], ``` `alias`、`aliasmatch`、`scriptalias`、`scriptaliasmatch`キーを機能させるには、``、``などの、それぞれに対応するコンテキストが必要です。Puppetは`aliases`パラメータで指定された順序でディレクティブを作成します。[`mod_alias`][]ドキュメントにもあるように、シャドーイングを避けるため、まず具体性の高い`alias`、`aliasmatch`、`scriptalias`、`scriptaliasmatch`パラメータを追加してから、全般的なパラメータを追加してください。 > **注意**: `scriptaliases`パラメータの代わりに`aliases`パラメータを使用すれば、各種のエイリアスディレクティブの順序を正確に制御できます。`scriptaliases`パラメータを使って`ScriptAliases`を定義すると、すべての*`Alias`ディレクティブの後に*すべての*`ScriptAlias`ディレクティブが*処理されます。これは`Alias`ディレクティブによる`ScriptAlias`ディレクティブのシャドーイングにつながり、多くの場合、問題が生じます。例えば、Nagiosに関する問題が生じる可能性があります。 I[`apache::mod::passenger`][]がロードされ、`PassengerHighPerformance`が`true`になっている場合、`Alias`ディレクティブが`PassengerEnabled => off`ステートメントを履行できない可能性があります。詳細については、[この記事](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html)を参照してください。 ##### `allow_encoded_slashes` バーチャルホストの[`AllowEncodedSlashes`][]宣言を設定し、サーバのデフォルトをオーバーライドします。これにより、`\`および`/`文字を含むURLに対するバーチャルホストの応答が変更されます。値: 'nodecode'、'off'、'on'。デフォルト設定では、サーバ設定からこの宣言が省かれ、Apacheのデフォルト設定'Off'が選択されます。 デフォルト値: `undef`。  ##### `block` Apacheがアクセスをブロックする対象のリストを指定します。有効なオプション: 'scm'、これにより、`.svn`、`.git`、`.bzr`ディレクティブへのWebアクセスがブロックされます。 デフォルト値: 空[配列][]。 ##### `cas_attribute_prefix` SAMLバリデーションが有効になっている場合に、このヘッダの値を属性値としてヘッダを追加します。 デフォルト値: [`apache::mod::auth_cas`][]により設定された値。 ##### `cas_attribute_delimiter` `cas_attribute_prefix`により作成されたヘッダの属性値の区切り文字を設定します。 デフォルト値: [`apache::mod::auth_cas`][]により設定された値。  ##### `cas_login_url` ユーザがCASで保護されたリソースへのアクセスを試み、かつアクティブなセッションがない場合に、モジュールがユーザをリダイレクトする先のURLを設定します。 デフォルト値: [`apache::mod::auth_cas`][]により設定された値。  ##### `cas_scrub_request_headers` mod_auth_cas内で特別な意味を持つ可能性のあるインバウンドリクエストヘッダを削除します。 デフォルト値: [`apache::mod::auth_cas`][]により設定された値。  ##### `cas_sso_enabled` `cas_sso_enabled`: シングルサインアウトの実験的サポートを有効にします(POSTデータが壊れる可能性があります)。 デフォルト値: [`apache::mod::auth_cas`][]により設定された値。  ##### `cas_validate_saml` SAMLに関するCASサーバからの解析応答。 デフォルト値: [`apache::mod::auth_cas`][]により設定された値。  ##### `cas_validate_url` HTTPクエリ文字列でクライアントの提示するチケットをバリデーションする際に使用するURL。 デフォルト値: [`apache::mod::auth_cas`][]により設定された値。 ##### `comment` 設定ファイルのヘッダにコメントを追加します。文字列または文字列の配列として渡します。 デフォルト値: `undef`。 例:  ``` puppet comment => "Account number: 123B", ``` Or: ``` puppet comment => [ "Customer: X", "Frontend domain: x.example.org", ] ``` ##### `custom_fragment` カスタム設定ディレクティブの文字列を渡し、バーチャルホスト設定の最後に配置します。 デフォルト値: `undef`。 ##### `default_vhost` 任意の`apache::vhost`定義タイプを、他の`apache::vhost`定義タイプと一致しないリクエストをサーブするためのデフォルトとして設定します。 デフォルト値: `false`。 ##### `directories` [`directories`](#parameter-directories-for-apachevhost)セクションを参照してください。 ##### `directoryindex` ディレクトリ名の最後で'/'を指定することで、クライアントがディレクトリのインデックスをリクエストした際に探すべきリソースのリストを設定します。詳細については、[`DirectoryIndex`][]ディレクティブドキュメントを参照してください。 デフォルト値: `undef`。 ##### `docroot` **必須**。  [`DocumentRoot`][]ロケーションを設定します。Apacheはここからファイルをサーブします。 `docroot`と[`manage_docroot`][]がともに`false`に設定されている場合、[`DocumentRoot`][]は設定されず、それに付随する``ブロックは作成されません。 値: ディレクトリパスを指定する文字列。 ##### `docroot_group` [`docroot`][]ディレクトリへのグループアクセスを設定します。 値: システムグループを指定する文字列。 デフォルト値: 'root'。  ##### `docroot_owner` [`docroot`][]ディレクトリへの個々のユーザのアクセスを設定します。 値: ユーザアカウントを指定する文字列。 デフォルト値: 'root'。  ##### `docroot_mode` [`docroot`][]ディレクトリへのアクセス許可を数字表記法で設定します。 値: 文字列。  デフォルト値: `undef`。 ##### `manage_docroot` Puppetが[`docroot`][]ディレクトリを管理するかどうかを決定します。 ブーリアン。 デフォルト値: `true`。 ##### `error_log` `*_error.log`ディレクティブを設定するかどうかを指定します。 ブーリアン。 デフォルト値: `true`。 ##### `error_log_file` バーチャルホストのエラーログについて、`*_error.log`ファイルを優先します。このパラメータが定義されていない場合、Puppetはまず[`error_log_pipe`][]で、次に[`error_log_syslog`][]で値を確認します。 これらのパラメータをいずれも設定しない場合は、例えばバーチャルホストが`example.com`なら、PuppetはSSLバーチャルホストのデフォルトを'$logroot/example.com_error_ssl.log'、非SSLバーチャルホストのデフォルトを'$logroot/example.com_error.log'とします。 デフォルト値: `undef`。 ##### `error_log_pipe` エラーログメッセージを送るパイプを指定します。 [`error_log_file`][]パラメータに値がある場合は、このパラメータに効力は生じません。このパラメータにも`error_log_file`にも値がない場合、Puppetは[`error_log_syslog`][]をチェックします。 デフォルト値: `undef`。 ##### `error_log_syslog` すべてのエラーログメッセージをsyslogに送るかどうかを決定します。 [`error_log_file`][]パラメータまたは[`error_log_pipe`][]パラメータのいずれかに値がある場合、このパラメータの効力は生じません。これらのパラメータのいずれにも値がない場合は、例えばバーチャルホスト`example.com`では、PuppetはSSLバーチャルホストのデフォルトを'$logroot/example.com_error_ssl.log'、非SSLバーチャルホストのデフォルトを '$logroot/example.com_error.log'とします。 ブーリアン。 デフォルト値: `undef`。 ##### `error_documents` このバーチャルホストの[エラードキュメント](https://httpd.apache.org/docs/current/mod/core.html#errordocument)設定のオーバーライドに使用できるハッシュのリスト。 例:  ``` puppet apache::vhost { 'sample.example.net': error_documents => [ { 'error_code' => '503', 'document' => '/service-unavail' }, { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, ], } ``` デフォルト値: []。  ##### `ensure` バーチャルホストが存在するかどうかを指定します。 値: 'absent'、'present'。  デフォルト値: 'present'。  ##### `fallbackresource` [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource)ディレクティブを設定します。このディレクティブは、ファイルシステム内のどこにもマッピングされていないURLに対してどのようなアクションをとるか指定します。指定されていない場合は'HTTP 404 (Not Found)'が返されます。値は'/'で始めるか、'disabled'とする必要があります。 デフォルト値: `undef`。 ##### `fastcgi_idle_timeout` fastcgiを使用する場合に、このオプションにより、サーバ応答のタイムアウトを設定します。 デフォルト値: `undef`。 ##### `file_e_tag` [`FileETag`][]宣言のサーバデフォルトを設定します。これにより、静的ファイルの応答ヘッダフィールドが変更されます。 値: 'INode'、'MTime'、'Size'、'All'、'None'。 デフォルト値: `undef`、この場合、Apacheのデフォルト設定'MTime Size'が使用されます。 ##### `filters` [フィルタ](https://httpd.apache.org/docs/current/mod/mod_filter.html)により、アウトプットコンテンツフィルタのスマートな文脈依存設定が有効になります。 ``` puppet apache::vhost { "$::fqdn": filters => [ 'FilterDeclare COMPRESS', 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', 'FilterChain COMPRESS', 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', ], } ``` ##### `force_type` [`ForceType`][]ディレクティブを設定します。このディレクティブは、[MIME `content-type`][]がこのパラメータの値に一致するすべてのマッチングファイルをApacheに強制的にサーブさせます。 #### `add_charset` ディレクトリおよびファイル拡張子ごとに、Apacheにカスタムコンテンツ文字セットを設定させます。 ##### `headers` レスポンスヘッダを置換、結合、または削除するための行を追加します。詳細については、[Apacheのmod_headersドキュメント](https://httpd.apache.org/docs/current/mod/mod_headers.html#header)を参照してください。 値: 文字列または文字列の配列。  デフォルト値: `undef`。 ##### `ip` バーチャルホストがリッスンするIPアドレスを設定します。デフォルトでは、Apacheのデフォルト挙動が使用され、すべてのIPをリッスンします。 値: 文字列または文字列の配列。  デフォルト値: `undef`。 ##### `ip_based` [IPベースの](https://httpd.apache.org/docs/current/vhosts/ip-based.html)バーチャルホストを有効にします。このパラメータにより、NameVirtualHostディレクティブの作成が禁止されます。これは、このディレクティブが名前ベースのバーチャルホストにリクエストを送る際に使用されるためです。 デフォルト値: `false`。 ##### `itk` ハッシュで[ITK](http://mpm-itk.sesse.net/)を設定します。 通常は、以下のように使用します。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', itk => { user => 'someuser', group => 'somegroup', }, } ```  値: ハッシュ。キーを含めることもできます。 * ユーザ + グループ * `assignuseridexpr` * `assigngroupidexpr` * `maxclientvhost` * `nice` * `limituidrange` (Linux 3.5.0以降) * `limitgidrange` (Linux 3.5.0以降) 通常は、以下のように使用します。  ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', itk => { user => 'someuser', group => 'somegroup', }, } ```  デフォルト値: `undef`。 ##### `jk_mounts` 'JkMount'および'JkUnMount'ディレクティブによりバーチャルホストを設定し、TomcatとApacheの間をマッピングするURLのパスを処理します。 このパラメータは、ハッシュの配列にする必要があります。各ハッシュには、'worker'と、'mount'または'unmount'キーのいずれかが含まれている必要があります。 通常は、以下のように使用します。  ``` puppet apache::vhost { 'sample.example.net': jk_mounts => [ { mount => '/*', worker => 'tcnode1', }, { unmount => '/*.jpg', worker => 'tcnode1', }, ], } ``` デフォルト値: `undef`。 ##### `keepalive` バーチャルホストで[`KeepAlive`][]ディレクティブによるHTTPの持続的接続を有効にするかどうかを決定します。デフォルトでは、グローバルなサーバ全体の[`KeepAlive`][]設定が有効になります。 バーチャルホストの関連オプションを設定するには、`keepalive_timeout`および`max_keepalive_requests`パラメータを使用します。 値: 'Off'、'On'。 デフォルト値: `undef`。  ##### `keepalive_timeout` バーチャルホストの[`KeepAliveTimeout`]ディレクティブを設定します。これにより、HTTPの持続的接続で後続のリクエストを実行するまでの待機時間が決まります。デフォルトでは、グローバルなサーバ全体の[`KeepAlive`][]設定が有効になります。 このパラメータが意味を持つのは、グローバルなサーバ全体の[`keepalive`パラメータ][]またはバーチャルホストごとの`keepalive`パラメータのいずれかが有効になっている場合のみです。  デフォルト値: `undef`。  ##### `max_keepalive_requests` 接続1回につき許可されるバーチャルホストへのリクエスト数を制限します。デフォルトでは、グローバルなサーバ全体の[`KeepAlive`][]設定が有効になります。 このパラメータが意味を持つのは、グローバルなサーバ全体の[`keepalive`パラメータ][]またはバーチャルホストごとの`keepalive`パラメータのいずれかが有効になっている場合のみです。  デフォルト値: `undef`。 ##### `auth_kerb` バーチャルホストの[`mod_auth_kerb`][]パラメータを有効にします。 通常は、以下のように使用します。  ``` puppet apache::vhost { 'sample.example.net': auth_kerb => `true`, krb_method_negotiate => 'on', krb_auth_realms => ['EXAMPLE.ORG'], krb_local_user_mapping => 'on', directories => { path => '/var/www/html', auth_name => 'Kerberos Login', auth_type => 'Kerberos', auth_require => 'valid-user', }, } ``` 関連するパラメータは、`mod_auth_kerb`ディレクティブの名前に従います。 - `krb_method_negotiate`: Negotiateメソッドを使用するかどうかを決定します。デフォルト値: 'on'。 - `krb_method_k5passwd`: Kerberos v5に関してパスワードベースの認証を使用するかどうかを決定します。デフォルト値: 'on'。 - `krb_authoritative`: 'off'に設定すると、認証コントロールを別のモジュールに渡すことができます。デフォルト値: 'on'。 - `krb_auth_realms`: 認証に使用するKerberos領域の配列を指定します。デフォルト値: []。 - `krb_5keytab`: Kerberos v5キータブファイルのロケーションを指定します。デフォルト値: `undef`。 - `krb_local_user_mapping`: 今後の使用のために、ユーザ名から@REALMを取り除きます。デフォルト値: `undef`。 ブーリアン。 デフォルト値: `false`。 ##### `krb_verify_kdc` このオプションを使えば、ローカルなキータブに対する認証チケットを無効にし、KDCスプーフィング攻撃を防ぐことができます。 デフォルト値: 'on'。 ##### `krb_servicename` Apacheが認証に使用するサービス名を指定します。この名前に対応するキーをキータブに保存する必要があります。 デフォルト値: 'HTTP'。 ##### `krb_save_credentials` このオプションにより、認証情報の保存機能が有効になります。 デフォルト値: 'off'。 ##### `logroot` バーチャルホストのログファイルの保存場所を指定します。 デフォルト値: `/var/log//`。 ##### `$logroot_ensure` バーチャルホストのlogrootディレクトリを削除するかどうかを決定します。 値: 'directory'、'absent'。 デフォルト値: 'directory'。 ##### `logroot_mode` logrootディレクトリで設定されたモードをオーバーライドします。影響を把握できない場合は、ログが保存されているディレクトリへの書き込みアクセス権限を付与*しないで*ください。詳細については、[Apacheのログセキュリティドキュメント](https://httpd.apache.org/docs/2.4/logs.html#security)を参照してください。 デフォルト値: `undef`。 ##### `logroot_owner` logrootディレクトリへの個々のユーザのアクセスを設定します。 デフォルト値:`undef`。 ##### `logroot_group` [`logroot`][]ディレクトリへのグループアクセスを設定します。 デフォルト値:`undef`。 ##### `log_level` エラーログの詳細レベルを指定します。 値: 'emerg'、'alert'、'crit'、'error'、'warn'、'notice'、'info'、'debug'。 デフォルト値: グローバルサーバ設定については'warn'。バーチャルホストごとにオーバーライドできます。 ###### `modsec_body_limit` バッファリングに関してModSecurityが受け入れる最大リクエストボディサイズをバイト数で設定します。 値: 整数。 デフォルト値: `undef`。 ###### `modsec_disable_vhost` バーチャルホストで[`mod_security`][]を無効にします。[`apache::mod::security`][]が含まれている場合にのみ有効です。 ブーリアン。 デフォルト値: `undef`。 ###### `modsec_disable_ids` バーチャルホストから`mod_security` IDを削除します。 値: バーチャルホストから削除する`mod_security` IDの配列。ハッシュも使用できます。この場合、特定のロケーションからのIDの削除が可能です。 ``` puppet apache::vhost { 'sample.example.net': modsec_disable_ids => [ 90015, 90016 ], } ``` ``` puppet apache::vhost { 'sample.example.net': modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, } ``` デフォルト値: `undef`。 ###### `modsec_disable_ips` [`mod_security`][]ルールマッチングから除外するIPアドレスの配列を指定します。 デフォルト値: `undef`。 ###### `modsec_disable_msgs` バーチャルホストから削除するmod_security Msgの配列。ハッシュも使用できます。この場合、特定のロケーションからのMsgの削除が可能です。 ``` puppet apache::vhost { 'sample.example.net': modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'], } ``` ``` puppet apache::vhost { 'sample.example.net': modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] }, } ``` デフォルト値: `undef`。 ###### `modsec_disable_tags` バーチャルホストから削除するmod_securityタグの配列。ハッシュも使用できます。この場合、特定のロケーションからのタグの削除が可能です。 ``` puppet apache::vhost { 'sample.example.net': modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'], } ``` ``` puppet apache::vhost { 'sample.example.net': modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] }, } ``` デフォルト値: `undef`。 ##### `modsec_audit*` * `modsec_audit_log` * `modsec_audit_log_file` * `modsec_audit_log_pipe` この3つのパラメータは、いずれも`mod_security`オーディットログの送信方法を決定します([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog))。 * `modsec_audit_log_file`が設定されている場合は、[`logroot`][]と比較されます。 デフォルト値: `undef`。 * `modsec_audit_log_pipe`を設定する場合は、パイプで始める必要があります。例えば、'|/path/to/mlogc /path/to/mlogc.conf'のようになります。 デフォルト値: `undef`。 * `modsec_audit_log`が`true`になっている場合、バーチャルホスト---example.comなど---を与えると、[SSL暗号化][SSL encryption]バーチャルホストの場合はデフォルト値が'example.com\_security\_ssl.log'、暗号化されていないバーチャルホストの場合は'example.com\_security.log'になります。 デフォルト値: `false`。 上述のパラメータがいずれも設定されていない場合、グローバルオーディットログが使用されます(''/var/log/httpd/modsec\_audit.log''; Debianおよびデリバティブ: ''/var/log/apache2/modsec\_audit.log''; その他: )。 ##### `no_proxy_uris` プロキシを使用しないURLを指定します。このパラメータは、[`proxy_dest`](#proxy_dest)と組み合わせて使用することはできません。 デフォルト値: []。  ##### `no_proxy_uris_match` このディレクティブは[`no_proxy_uris`][]と同じですが、正規表現をとります。 デフォルト値: []。  ##### `proxy_preserve_host` [ProxyPreserveHostディレクティブ](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost)を設定します。 このパラメータを`true`に設定すると、受信リクエストの`Host:`行が有効になり、ホスト名ではなくホストにプロキシされます。`false`に設定すると、このディレクティブが'Off'になります。 ブーリアン。 デフォルト値: `false`。 ##### `proxy_add_headers` [ProxyAddHeadersディレクティブ](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders)を設定します。 このパラメータは、プロキシ関連のHTTPヘッダ(X-Forwarded-For、X-Forwarded-Host、X-Forwarded-Server)をバックエンドサーバに送信するかどうかを制御します。 ブーリアン。 デフォルト値: `false`。 ##### `proxy_error_override` [ProxyErrorOverrideディレクティブ](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride)を設定します。このディレクティブは、プロキシされたコンテンツに関するエラーページをApacheによりオーバーライドすべきかどうかを制御します。 ブーリアン。 デフォルト値: `false`。 ##### `options` 指定されたバーチャルホストの[`Options`][]を設定します。例: ``` puppet apache::vhost { 'site.name.fdqn': … options => ['Indexes','FollowSymLinks','MultiViews'], } ``` > **注意**: [`apache::vhost`][]の[`directories`][]パラメータを使うと、'Options'、'Override'、'DirectoryIndex'は`directories`内のパラメータであるため、無視されます。 デフォルト値: ['Indexes','FollowSymLinks','MultiViews']。 ##### `override` 指定されたバーチャルホストのオーバーライドを設定します。[AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride)引数の配列を使用できます。 デフォルト値: ['None']。 ##### `passenger_spawn_method` [PassengerSpawnMethod](https://www.phusionpassenger.com/library/config/apache/reference/#passengerspawnmethod)を設定します。Passengerが引き起こしたアプリケーションに直接か、preforkのcopy-on-writeメカニズムを使用します。 有効なオプション: `smart`または`direct`。 デフォルト値: `undef`。 ##### `passenger_app_root` [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot)を設定します。これは、DocumentRootと異なる場合のPassengerアプリケーションルートのロケーションです。 値: パスを指定する文字列。  デフォルト値: `undef`。 ##### `passenger_app_env` [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv)を設定します。これは、Passengerアプリケーションに関する環境です。指定されていない場合は、グローバル設定の'production'がデフォルトになります。 値: 環境名を指定する文字列。 デフォルト値: `undef`。 ##### `passenger_log_file` デフォルトでは、PassengerログメッセージはApacheグローバルエラーログに書き込まれます。[PassengerLogFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlogfile)を使えば、そのメッセージを別のファイルに書き込むように設定することができます。このオプションは、Passenger 5.0.5以降でのみ使用できます。 値: パスを指定する文字列。  デフォルト値: `undef`。 ##### `passenger_log_level` このオプションを使えば、ログファイルに書き込む情報の量を指定できます。設定されていない場合は、[PassengerLogLevel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloglevel)は設定ファイルに表示されず、デフォルト値が使用されます。 デフォルト値: 3.0.0以前のPassengerバージョン: '0'; 5.0.0以降: '3'。 ##### `passenger_ruby` [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby)を設定します。これは、バーチャルホスト上でこのアプリケーションに関して使用するRubyインタープリタです。 デフォルト値: `undef`。 ##### `passenger_min_instances` [PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances)を設定します。これは、実行するアプリケーションプロセスの最小数です。 ##### `passenger_max_requests` [PassengerMaxRequests](https://www.phusionpassenger.com/library/config/apache/reference/#pas sengermaxrequests)を設定します。これは、アプリケーションプロセスが処理するリクエストの最大数です。 ##### `passenger_max_instances_per_app` [PassengerMaxInstancesPerApp](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstancesperapp)を設定します。これは、単一のアプリケーションに関して同時に存在できるアプリケーションプロセスの最大数です。 デフォルト値: `undef`。 ##### `passenger_start_timeout` [PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout)を設定します。これは、アプリケーション起動のタイムアウトです。 ##### `passenger_pre_start` [PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/reference/#passengerprestart)を設定します。これは、プレ起動が必要とされる場合のアプリケーションのURLです。 ##### `passenger_user` [PassengerUser](https://www.phusionpassenger.com/library/config/apache/reference/#passengeruser)を設定します。これは、サンドボックスアプリケーションの実行ユーザです。 ##### passenger_group [PassengerGroup](https://www.phusionpassenger.com/library/config/apache/reference/#passengergroup)を設定します。これは、サンドボックスアプリケーションの実行グループです。 ##### `passenger_high_performance` [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance)パラメータを設定します。 値: `true`、`false`。 デフォルト値: `undef`。 ##### `passenger_nodejs` [`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#passengernodejs)を設定します。これは、バーチャルホスト上でこのアプリケーションに関して使用するNodeJSインタープリタです。 ##### `passenger_sticky_sessions` [`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions)パラメータを設定します。 ブーリアン。 デフォルト値: `undef`。 ##### `passenger_startup_file` [`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile)パスを設定します。このパスは、アプリケーションルートに関連しています。 ##### `php_values & php_flags` バーチャルホストごとの設定[`php_value`または`php_flag`](http://php.net/manual/en/configuration.changes.php)を許可します。これらのフラグや値は、ユーザまたはアプリケーションにより上書きすることができます。 デフォルト値: '{}'。 vhostの宣言内 ``` puppet php_values => [ 'include_path ".:/usr/local/example-app/include"' ], ``` ##### `php_admin_flags & values` バーチャルホストごとの設定[`php_admin_value`または`php_admin_flag`](http://php.net/manual/en/configuration.changes.php)を許可します。これらのフラグや値は、ユーザまたはアプリケーションにより上書きすることができます。 デフォルト値: '{}'。 ##### `port` ホストを設定するポートを設定します。モジュールのデフォルトでは、ホストがリッスンするのは、非SSLバーチャルホストではポート80、SSLバーチャルホストではポート443です。ホストはこのパラメータで設定されたポートのみをリッスンします。 ##### `priority` Apache HTTPD VirtualHost設定ファイルに関連するロード順序を設定します。 優先順位に一致するものがない場合は、アルファベット順で最初の名前ベースのバーチャルホストが使用されます。同様に、高い優先順位を渡すと、他に一致する名前がなければ、アルファベット順で最初の名前ベースのバーチャルホストが使用されます。 > **注意:** このパラメータを使用する必要はありません。ただし、使用する場合は、`apache::vhost`の`default_vhost`パラメータの優先順位は'15'になる点に留意してください。 ファイル名の優先順位の接頭値を無視するには、優先順位として`false`を渡します。 デフォルト値: '25'。 ##### `proxy_dest` [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass)設定の宛先アドレスを指定します。 デフォルト値: `undef`。 ##### `proxy_pass` [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass)設定の`path => URI`値の配列を指定します。オプションで、配列としてパラメータを追加できます。 デフォルト値: `undef`。 ``` puppet apache::vhost { 'site.name.fdqn': … proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}}, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, { 'path' => '/d', 'url' => 'http://backend-a/d', 'params' => { 'retry' => '0', 'timeout' => '5' }, }, { 'path' => '/e', 'url' => 'http://backend-a/e', 'keywords' => ['nocanon', 'interpolate'] }, { 'path' => '/f', 'url' => 'http://backend-f/', 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, { 'path' => '/g', 'url' => 'http://backend-g/', 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], }, { 'path' => '/h', 'url' => 'http://backend-h/h', 'no_proxy_uris' => ['/h/admin', '/h/server-status'] }, ], } ``` * `reverse_urls`。*オプション。*この設定は、`mod_proxy_balancer`とともに使用する場合に役立ちます。値: 配列または文字列。 * `reverse_cookies`。*オプション。*`ProxyPassReverseCookiePath`および`ProxyPassReverseCookieDomain`を設定します。 * `params`。*オプション。*接続設定などのProxyPassキー-値パラメータを許可します。 * `setenv`。*オプション。*プロキシディレクティブの[環境変数](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings)を設定します。値: 配列。 ##### `proxy_dest_match` このディレクティブは[`proxy_dest`][]と同じですが、正規表現をとります。詳細については、[ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)を参照してください。 ##### `proxy_dest_reverse_match` [`proxy_dest_match`][]が指定されている場合に、ProxyPassReverseを渡せるようにします。詳細については、[ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse)を参照してください。 ##### `proxy_pass_match` このディレクティブは[`proxy_pass`][]と同じですが、正規表現をとります。詳細については、[ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)を参照してください。 ##### `rack_base_uris` rack設定のリソース識別子を設定します。指定されたファイルパスは、_rack.erbテンプレート内の[Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri)のrackアプリケーションルートとしてリストされます。 デフォルト値: `undef`。 ##### `passenger_base_uris` 任意のURIをPhusion Passengerのサーブするアプリケーションとして指定するのに使用します。指定されたファイルパスは、_passenger_base_uris.erbテンプレート内の[Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI)のpassengerアプリケーションルートとしてリストされます。 デフォルト値: `undef`。 ##### `redirect_dest` リダイレクト先のアドレスを指定します。 デフォルト値: `undef`。 ##### `redirect_source` `redirect_dest`で指定された宛先にリダイレクトするソースURIを指定します。リダイレクトするアイテムが複数提供されている場合は、ソースと宛先の長さを一致させる必要があります。また、アイテムは順序に依存します。 ``` puppet apache::vhost { 'site.name.fdqn': … redirect_source => ['/images','/downloads'], redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], } ``` ##### `redirect_status` リダイレクトに追加するステータスを指定します。 デフォルト値: `undef`。 ``` puppet apache::vhost { 'site.name.fdqn': … redirect_status => ['temp','permanent'], } ``` ##### `redirectmatch_*` * `redirectmatch_regexp` * `redirectmatch_status` * `redirectmatch_dest` 任意の正規表現について呼び出すサーバステータスとユーザの転送先を決定します。配列として入力します。 デフォルト値: `undef`。 ``` puppet apache::vhost { 'site.name.fdqn': … redirectmatch_status => ['404','404'], redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], } ``` ##### `request_headers` 他のリクエストヘッダの追加、リクエストヘッダの削除など、収集した[リクエストヘッダ](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader)をさまざまな形で修正します。 デフォルト値: `undef`。 ``` puppet apache::vhost { 'site.name.fdqn': … request_headers => [ 'append MirrorID "mirror 12"', 'unset MirrorID', ], } ``` ##### `rewrites` URLリライトルールを作成します。ハッシュの配列が求められます。 値: 'comment'、'rewrite_base'、'rewrite_cond'、'rewrite_rule'、'rewrite_map'のいずれかのハッシュキー。 デフォルト値: `undef`。 誰かがindex.htmlにアクセスした場合、welcome.htmlを表示するように指定できます。 ``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] } ``` このパラメータにより条件をリライトし、`true`の場合に関連ルールを実行させることが可能です。例えば、ビジターがIEを使っている場合のみURLをリライトするには、以下のように設定します。 ``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ { comment => 'redirect IE', rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], rewrite_rule => ['^index\.html$ welcome.html'], }, ], } ``` 複数の条件を適用することもできます。たとえば、ブラウザがLynxかMozilla(バージョン1または2)の場合にのみ、index.htmlをwelcome.htmlにリライトする場合は、以下のようになります。 ``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ { comment => 'Lynx or Mozilla v1/2', rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], rewrite_rule => ['^index\.html$ welcome.html'], }, ], } ``` 複数のリライトと条件を設定することも可能です。 ``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ { comment => 'Lynx or Mozilla v1/2', rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], rewrite_rule => ['^index\.html$ welcome.html'], }, { comment => 'Internet Explorer', rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], rewrite_rule => ['^index\.html$ /index.IE.html [L]'], }, { rewrite_base => /apps/, rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], }, { comment => 'Rewrite to lower case', rewrite_cond => ['%{REQUEST_URI} [A-Z]'], rewrite_map => ['lc int:tolower'], rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], }, ], } ``` リライトのルールおよび条件については、[`mod_rewrite`ドキュメント][`mod_rewrite`]を参照してください。 ##### `rewrite_inherit` バーチャルホストが全体のリライトルールを継承するかどうかを決定します。 デフォルト値: `false`。 リライトルールは、全体(`$conf_file`または`$confd_dir`で)またはバーチャルホストの`.conf`ファイル内で指定することができます。デフォルトでは、バーチャルホストは全体の設定を継承しません。継承を有効にするには、`rewrites`パラメータを指定し、`rewrite_inherit`パラメータを`true`に設定します。 ``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ , ], rewrite_inherit => `true`, } ``` > **注意**: この設定を有効にするには、`rewrites`パラメータが**必須**です。 バーチャルホストに以下のディレクティブが含まれている場合は、Apacheが全体の`Rewrite`ルールを有効にします。 ``` ApacheConf RewriteEngine On RewriteOptions Inherit ``` [公式`mod_rewrite`ドキュメント](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html)のセクション"Rewriting in Virtual Hosts"を参照してください。 ##### `scriptalias` '/usr/scripts'などの、パス'/cgi-bin'のエイリアスとするCGIスクリプトのディレクトリを定義します。 デフォルト値: `undef`。 ##### `scriptaliases` > **注意**: このパラメータは廃止予定であり、`aliases`パラメータに置き換えられます。 ハッシュの配列をバーチャルホストに渡し、[`mod_alias`ドキュメント][`mod_alias`]に従ってScriptAliasまたはScriptAliasMatchステートメントのいずれかを作成します。 ``` puppet scriptaliases => [ { alias => '/myscript', path => '/usr/share/myscript', }, { aliasmatch => '^/foo(.*)', path => '/usr/share/fooscripts$1', }, { aliasmatch => '^/bar/(.*)', path => '/usr/share/bar/wrapper.sh/$1', }, { alias => '/neatscript', path => '/usr/share/neatscript', }, ] ``` ScriptAliasおよびScriptAliasMatchディレクティブは、指定した順に作成されます。 [AliasおよびAliasMatch](#aliases)ディレクティブと同様、シャドーイングを避けるため、まず具体的なエイリアスを指定してから、全般的なものを指定してください。 ##### `serveradmin` エラーページの表示時にApacheが表示するEメールアドレスを指定します。 デフォルト値: `undef`。 ##### `serveraliases` サイトの[ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias)を設定します。 デフォルト値: []。  ##### `servername` バーチャルホストに接続するホスト名に対応するサーバ名を設定します。 デフォルト値: リソースのタイトル。 ##### `setenv` HTTPDにより使用し、バーチャルホストの環境変数を設定します。 デフォルト値: []。  例: ``` puppet apache::vhost { 'setenv.example.com': setenv => ['SPECIAL_PATH /foo/bin'], } ``` ##### `setenvif` HTTPDにより使用し、条件を用いてバーチャルホストの環境変数を設定します。 デフォルト値: []。  ##### `setenvifnocase` HTTPDにより使用し、条件を用いてバーチャルホストの環境変数を設定します(大文字小文字を区別しないマッチング)。 デフォルト値: []。  ##### `suphp_*` * `suphp_addhandler` * `suphp_configpath` * `suphp_engine` [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)によりバーチャルホストを設定します。 * `suphp_addhandler`。デフォルト値: RedHatおよびFreeBSDでは'php5-script'、DebianおよびGentooでは'x-httpd-php'。 * `suphp_configpath`。デフォルト値: RedHatおよびFreeBSDでは`undef`、DebianおよびGentooでは'/etc/php5/apache2'。 * `suphp_engine`。値: 'on'または'off'。デフォルト値: 'off'。 suPHPによるバーチャルホスト設定の例: ``` puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', suphp_addhandler => 'x-httpd-php', suphp_engine => 'on', suphp_configpath => '/etc/php5/apache2', directories => { path => '/home/appuser/myphpapp', 'suphp' => { user => 'myappuser', group => 'myappgroup' }, } } ``` ##### `vhost_name` 名前ベースのバーチャルホストを有効にします。バーチャルホストにIPではなくポートが割り当てられている場合は、バーチャルホスト名は'vhost_name:port'になります。バーチャルホストにIPもポートも割り当てられていない場合は、バーチャルホスト名はリソースのタイトルに設定されます。 デフォルト値: '*'。 ##### `virtual_docroot` 同じ名前を持つディレクトリにマッピングされたワイルドカードエイリアスサブドメインにより、バーチャルホストを設定します。例えば、'http://example.com' would map to '/var/www/example.com'のようになります。 デフォルト値: `false`。 ``` puppet apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', virtual_docroot => '/var/www/%-2+', docroot => '/var/www', serveraliases => ['*.loc',], } ``` ##### `wsgi*` * `wsgi_daemon_process` * `wsgi_daemon_process_options` * `wsgi_process_group` * `wsgi_script_aliases` * `wsgi_pass_authorization` [WSGI](https://github.com/GrahamDumpleton/mod_wsgi)によりバーチャルホストを設定します。 * `wsgi_daemon_process`: WSGIデーモンの名前を設定するハッシュ。[特定のキー](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html)を使用できます。デフォルト値: `undef`。 * `wsgi_daemon_process_options`。_オプション。_ デフォルト値: `undef`。 * `wsgi_process_group`: バーチャルホストが実行されるグループIDを設定します。デフォルト値: `undef`。 * `wsgi_script_aliases`: ファイルシステム.wsgiパスへのWebパスのハッシュにする必要があります。デフォルト値: `undef`。 * `wsgi_script_aliases_match`: ファイルシステム.wsgiパスへのWebパスの正規表現のハッシュにする必要があります。デフォルト値: `undef`。 * `wsgi_pass_authorization`: 'On'に設定すると、Apacheの代わりにWSGIアプリケーションを使って認証を処理します。詳細については、[mod_wsgi's WSGIPassAuthorizationドキュメント] (https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html)を参照してください。デフォルト値: `undef`、これにより、Apacheのデフォルト値である'Off'が使われます。 * `wsgi_chunked_request`: チャンク形式のリクエストのサポートを有効にします。デフォルト値: `undef`。 WSGIによるバーチャルホスト設定の例: ``` puppet apache::vhost { 'wsgi.example.com': port => '80', docroot => '/var/www/pythonapp', wsgi_daemon_process => 'wsgi', wsgi_daemon_process_options => { processes => '2', threads => '15', display-name => '%{GROUP}', }, wsgi_process_group => 'wsgi', wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, wsgi_chunked_request => 'On', } ``` #### `apache::vhost`のパラメータ`directories` `apache::vhost`クラスの`directories`パラメータは、バーチャルホストにハッシュの配列を渡し、[Directory](https://httpd.apache.org/docs/current/mod/core.html#directory)、[File](https://httpd.apache.org/docs/current/mod/core.html#files)、[Location](https://httpd.apache.org/docs/current/mod/core.html#location)ディレクティブブロックを作成します。これらのブロックは、'< Directory /path/to/directory>...< /Directory>'の形式をとります。 `path`キーは、ディレクトリ、ファイル、ロケーションブロックのパスを設定します。この値は、'directory'、'files'、または'location'プロバイダのパスか、'directorymatch'、'filesmatch'、または 'locationmatch'プロバイダの正規表現でなければなりません。`directories`に渡される各ハッシュには、キーのひとつとして`path`が含まれていなければ**なりません**。 `provider`キーはオプションです。設定されていない場合、このキーのデフォルトは'directory'になります。値: 'directory'、'files'、'proxy'、'location'、'directorymatch'、'filesmatch'、'proxymatch'、'locationmatch'。`provider`を'directorymatch'に設定すると、 Apache設定ファイルでキーワード'DirectoryMatch'が使用されます。 `directories`の使用例: ``` puppet apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ { 'path' => '/var/www/files', 'provider' => 'files', 'deny' => 'from all', }, ], } ``` > **注意:** 少なくとも1つのディレクトリが`docroot`パラメータとマッチする必要があります。ディレクトリの宣言を開始すると、`apache::vhost`は必要なすべてのディレクトリブロックが宣言されるものと見なします。定義されない場合、`docroot`パラメータにマッチする1つのデフォルトディレクトリブロックが作成されます。 `directory`、`files`、または`location`ハッシュ内に、使用可能なハンドラを配置し、キーとして表す必要があります。以下のようになります。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', handler => value } ], } ``` これらのハッシュで設定していないハンドラは、Puppet内で'undefined'と見なされ、バーチャルホストに追加されず、モジュールではデフォルト値が使われます。サポートされているハンドラは、次のとおりです。 ##### `addhandlers` [AddHandler](https://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler)ディレクティブを設定します。これは、ファイル名の拡張子を指定されたハンドラにマッピングするものです。ハッシュのリストを使用し、`extensions`はハンドラによりマッピングされた拡張子を記述するために使用されます。`{ handler => 'handler-name', extensions => ['extension'] }`の形式をとります。 例: ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], }, ], } ``` ##### `allow` [Allow](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow)ディレクティブを設定します。これは、ホスト名またはIPに基づく認証をグループ化するものです。**廃止予定:**このパラメータは、Apacheが変更されたため、廃止予定になっています。Apache 2.2以下でのみ機能します。1つのルールに対する単一の文字列としても、複数のルールに対する配列としても使用できます。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', allow => 'from example.org', }, ], } ``` ##### `allow_override` [.htaccess](https://httpd.apache.org/docs/current/mod/core.html#allowoverride)ファイルで許可されるディレクティブのタイプを設定します。配列を使用できます。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', allow_override => ['AuthConfig', 'Indexes'], }, ], } ``` ##### `auth_basic_authoritative` [AuthBasicAuthoritative](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicauthoritative)の値を設定します。これにより、下位のApacheモジュールに権限と認証を渡すかどうかが決定されます。 ##### `auth_basic_fake` [AuthBasicFake](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake)の値を設定します。これにより、任意のディレクティブブロックに関する認証情報が静的に設定されます。 ##### `auth_basic_provider` [AuthBasicProvider](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider)の値を設定します。これにより、任意のロケーションの認証プロバイダが設定されます。 ##### `auth_digest_algorithm` [AuthDigestAlgorithm](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm)の値を設定します。これにより、チャレンジおよびレスポンスハッシュの計算に用いるアルゴリズムを選択します。 ###### `auth_digest_domain` [AuthDigestDomain](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain)の値を設定します。これにより、ダイジェスト認証に関して、同じ保護スペースで1つまたは複数のURIを指定できます。 ##### `auth_digest_nonce_lifetime` [AuthDigestNonceLifetime](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime)の値を設定します。これにより、サーバのノンスが有効になる長さを制御します。 ##### `auth_digest_provider` [AuthDigestProvider](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider)の値を設定します。これにより、任意のロケーションに関する認証プロバイダを設定します。 ##### `auth_digest_qop` [AuthDigestQop](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop)の値を設定します。これにより、ダイジェスト認証で用いる保護品質を決定します。 ##### `auth_digest_shmem_size` [AuthAuthDigestShmemSize](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize)の値を設定します。これにより、クライアントの追跡に関して、サーバに割り当てられる共通メモリの量を定義します。 ##### `auth_group_file` [AuthGroupFile](https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html#authgroupfile)の値を設定します。これにより、認証に関して、ユーザグループのリストを含むテキストファイルの名前を設定します。 ##### `auth_name` [AuthName](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname)の値を設定します。これにより、認証領域の名前を設定します。 ##### `auth_require` アクセスを許可するのに必要なエンティティ名を設定します。詳細については、[Require](https://httpd.apache.org/docs/current/mod/mod_authz_host.html#requiredirectives)を参照してください。 ##### `auth_type` [AuthType](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype)の値を設定します。これにより、ユーザ認証のタイプをガイドします。 ##### `auth_user_file` [AuthUserFile](https://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile)の値を設定します。これにより、認証に関するユーザ/パスワードを含むテキストファイルの名前を設定します。 ##### `auth_merging` [AuthMerging](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#authmerging)の値を設定します。これにより、認証ロジックを組み合わせるかどうかを決定します。 ##### `auth_ldap_url` [AuthLDAPURL](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapurl)の値を設定します。これにより、AuthBasicProvider 'ldap'を使用する場合のLDAPサーバのURLを決定します。 ##### `auth_ldap_bind_dn` [AuthLDAPBindDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbinddn)の値を設定します。これにより、AuthBasicProvider 'ldap'を使用する場合に、エントリの検索時にLDAPサーバにバインドするオプションのDNを使用できるようになります。 ##### `auth_ldap_bind_password` [AuthLDAPBindPassword](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbindpassword)の値を設定します。これにより、AuthBasicProvider 'ldap'を使用する場合に、バインドDNとともに用いるオプションのバインドパスワードを使用できるようになります。 ##### `auth_ldap_group_attribute` [AuthLDAPGroupAttribute](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattribute)の値の配列。ldapグループ内のユーザメンバーの確認に使用するLDAP属性を指定します。 デフォルト値: "member"および "uniquemember"。 ##### `auth_ldap_group_attribute_is_dn` [AuthLDAPGroupAttributeIsDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattributeisdn)の値を設定し、ldapグループのメンバーにDNかシンプルなユーザ名のどちらを使用するかを指定します。onに設定すると、グループメンバーシップの確認時に、クライアントユーザ名の識別名が使用されます。そうでない場合は、ユーザ名が使われます。有効な値は"on"か"off"です。 ##### `custom_fragment` カスタム設定ディレクティブの文字列を渡し、ディレクトリ設定の最後に配置します。 ``` puppet apache::vhost { 'monitor': … directories => [ { path => '/path/to/directory', custom_fragment => ' SetHandler balancer-manager Order allow,deny Allow from all SetHandler server-status Order allow,deny Allow from all ProxyStatus On', }, ] } ``` ##### `dav` [Dav](http://httpd.apache.org/docs/current/mod/mod_dav.html#dav)の値を設定します。これにより、WebDAV HTTPメソッドを有効にするかどうかを決定します。値としては、'On'、'Off'、またはプロバイダの名前を使用できます。'On'に設定すると、`mod_dav_fs`モジュールにより実装されているデフォルトのファイルシステムプロバイダが有効になります。 ##### `dav_depth_infinity` [DavDepthInfinity](http://httpd.apache.org/docs/current/mod/mod_dav.html#davdepthinfinity)の値を設定します。これは、`Depth: Infinity`ヘッダを持つ`PROPFIND`リクエストの処理を有効にするのに使用されます。 ##### `dav_min_timeout` [DavMinTimeout](http://httpd.apache.org/docs/current/mod/mod_dav.html#davmintimeout)の値を設定します。DAVリソースでサーバがロック状態を維持する時間(秒数)を指定します。 ##### `deny` [Deny](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny)ディレクティブを設定し、サーバへのアクセスを否定するホストを指定します。**廃止予定:** このパラメータは、Apacheが変更されたため、廃止予定になっています。Apache 2.2以下でのみ機能します。1つのルールに対する単一の文字列としても、複数のルールに対する配列としても使用できます。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', deny => 'from example.org', }, ], } ``` ##### `error_documents` ディレクトリの[ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument)設定をオーバーライドするハッシュの配列。 ``` puppet apache::vhost { 'sample.example.net': directories => [ { path => '/srv/www', error_documents => [ { 'error_code' => '503', 'document' => '/service-unavail', }, ], }, ], } ``` ##### `ext_filter_options` [ExtFilterOptions](https://httpd.apache.org/docs/current/mod/mod_ext_filter.html)ディレクティブを設定します。 このディレクティブを使用する前に、`class { 'apache::mod::ext_filter': }`を宣言する必要があります。 ``` puppet apache::vhost { 'filter.example.org': docroot => '/var/www/filter', directories => [ { path => '/var/www/filter', ext_filter_options => 'LogStderr Onfail=abort', }, ], } ``` ##### `geoip_enable` [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration)ディレクティブを設定します。 このディレクティブを使用する前に、`class {'apache::mod::geoip': }`を宣言する必要があります。 ``` puppet apache::vhost { 'first.example.com': docroot => '/var/www/first', directories => [ { path => '/var/www/first', geoip_enable => `true`, }, ], } ``` ##### `headers` [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header)ディレクティブの行を追加します。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => { path => '/path/to/directory', headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', }, } ``` ##### `index_options` [ディレクトリインデキシング](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions)の設定を可能にします。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], }, ], } ``` ##### `index_order_default` ディレクトリインデックスの[デフォルトの順序付け](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault)を設定します。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', order => 'Allow,Deny', index_order_default => ['Descending', 'Date'], }, ], } ``` ###### `index_style_sheet` [IndexStyleSheet](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet)を設定します。これにより、ディレクトリインデックスにCSSスタイルシートが追加されます。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['FancyIndexing'], index_style_sheet => '/styles/style.css', }, ], } ``` ##### `limit` ディレクトリブロック内に[Limit](https://httpd.apache.org/docs/current/mod/core.html#limit)ブロックを作成します。`require`ディレクティブを含めることもできます。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/docroot', directories => [ { path => '/', provider => 'location', limit => [ { methods => 'GET HEAD', require => ['valid-user'] }, ], }, ], } ``` ##### `limit_except` ディレクトリブロック内に[LimitExcept](https://httpd.apache.org/docs/current/mod/core.html#limitexcept)ブロックを作成します。`require`ディレクティブを含めることもできます。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/docroot', directories => [ { path => '/', provider => 'location', limit_except => [ { methods => 'GET HEAD', require => ['valid-user'] }, ], }, ], } ``` ##### `mellon_enable` [MellonEnable][`mod_auth_mellon`]ディレクトリを設定し、 [`mod_auth_mellon`][]を有効にします。[`apache::mod::auth_mellon`][]を使って`mod_auth_mellon`をインストールできます。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/', provider => 'directory', mellon_enable => 'info', mellon_sp_private_key_file => '/etc/certs/${::fqdn}.key', mellon_endpoint_path => '/mellon', mellon_set_env_no_prefix => { 'ADFS_GROUP' => 'http://schemas.xmlsoap.org/claims/Group', 'ADFS_EMAIL' => 'http://schemas.xmlsoap.org/claims/EmailAddress', }, mellon_user => 'ADFS_LOGIN', }, { path => '/protected', provider => 'location', mellon_enable => 'auth', auth_type => 'Mellon', auth_require => 'valid-user', mellon_cond => ['ADFS_LOGIN userA [MAP]','ADFS_LOGIN userB [MAP]'], }, ] } ``` 関連するパラメータは、`mod_auth_mellon`ディレクティブの名前に従います。 - `mellon_cond`: アクセスを許可するために満たす必要のあるmellon条件の配列をとり、配列内の各アイテムについて [MellonCond][`mod_auth_mellon`]ディレクティブを作成します。 - `mellon_endpoint_path`: [MellonEndpointPath][`mod_auth_mellon`]を設定し、mellonエンドポイントパスを設定します。 - `mellon_sp_metadata_file`: SPメタデータファイルの[MellonSPMetadataFile][`mod_auth_mellon`]ロケーションを設定します。 - `mellon_idp_metadata_file`: IDPメタデータファイルの[MellonIDPMetadataFile][`mod_auth_mellon`]ロケーションを設定します。 - `mellon_saml_rsponse_dump`: [MellonSamlResponseDump][`mod_auth_mellon`]ディレクティブを設定し、SAMLのデバッグを有効にします。 - `mellon_set_env_no_prefix`:環境変数にマッピングする属性名のハッシュに関する [MellonSetEnvNoPrefix][`mod_auth_mellon`]ディレクティブを 設定します。 - `mellon_sp_private_key_file`: サービスプロバイダのプライベートキー保存場所に関する[MellonSPPrivateKeyFile][`mod_auth_mellon`]ディレクティブを設定します。 - `mellon_sp_cert_file`: サービスプロバイダの公開キー保存場所に関する[MellonSPCertFile][`mod_auth_mellon`]ディレクティブを設定します。 - `mellon_user`: ユーザ名に関して使用する[MellonUser][`mod_auth_mellon`]属性を設定します。 - `mellon_session_length`: [MellonSessionLength][`mod_auth_mellon`]属性を設定します。 ##### `options` 任意のディレクトリブロックに関する[オプション](https://httpd.apache.org/docs/current/mod/core.html#options)をリスト化します。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'], }, ], } ``` ##### `order` [Apacheコアドキュメント](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order)に従い、AllowおよびDenyステートメントの処理順序を設定します。**廃止予定:** このパラメータは、Apacheが変更されたため、廃止予定になっています。Apache 2.2以下でのみ機能します。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', order => 'Allow,Deny', }, ], } ``` ##### `passenger_enabled` [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled)ディレクティブの値を'on'または'off'に設定します。`apache::mod::passenger`を含める必要があります。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', passenger_enabled => 'on', }, ], } ``` > **注意:** PassengerEnabledディレクティブをPassengerHighPerformanceディレクティブとともに使用すると、[問題](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html)が生じます。 ##### `php_value`および`php_flag` `php_value`はディレクトリの値を設定し、`php_flag`はブーリアンを用いてディレクトリを設定します。詳細は[こちら](http://php.net/manual/en/configuration.changes.php)で確認できます。 ##### `php_admin_value`および`php_admin_flag` `php_admin_value`はディレクトリの値を設定し、`php_admin_flag`はブーリアンを用いてディレクトリを設定します。詳細は[こちら](http://php.net/manual/en/configuration.changes.php)で確認できます。 ##### `require` [Apache Authzドキュメント](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#require)に従い、`Require`ディレクティブを設定します。`require`が設定されていない場合、`Require all granted`がデフォルトになります。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', require => 'ip 10.17.42.23', } ], } ``` より複雑な要件設定が必要な場合、apache >= 2.4では[RequireAll](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireall)、[RequireNone](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requirenone)または[RequireAny](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireany)ディレクティブを使用できます。'any'、'none'、'all'のみをサポートする(その他の値は無視されます)'enforce'キーを使うと、以下のように設定できます。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', require => { enforce => 'any', requires => [ 'ip 1.2.3.4', 'not host host.example.com', 'user xyz', ], }, }, ], } ``` `require`を`unmanaged`に設定すると、何も設定されません。これは、カスタムフラグメントで扱われる複雑な認証/権限要件に役立ちます。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', require => 'unmanaged', } ], } ``` ##### `satisfy` [Apacheコアドキュメント](https://httpd.apache.org/docs/2.2/mod/core.html#satisfy)に従い、`Satisfy`ディレクティブを設定します。**廃止予定:** このパラメータは、Apacheが変更されたため、廃止予定になっています。Apache 2.2以下でのみ機能します。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', satisfy => 'Any', } ], } ``` ##### `sethandler` [Apache Coreドキュメント](https://httpd.apache.org/docs/2.2/mod/core.html#sethandler)に従い、`SetHandler`ディレクティブを設定します。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', sethandler => 'None', } ], } ``` ##### `set_output_filter` [Apache Coreドキュメント](https://httpd.apache.org/docs/current/mod/core.html#setoutputfilter)に従い、`SetOutputFilter`ディレクティブを設定します。 ``` puppet apache::vhost{ 'filter.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', set_output_filter => puppetdb-strip-resource-params, }, ], } ``` ##### `rewrites` バーチャルホストディレクトリ内でURL [`rewrites`](#rewrites)ルールを作成します。ハッシュの配列が求められます。ハッシュキーは'comment'、'rewrite_base'、'rewrite_cond'または'rewrite_rule'のいずれかにすることができます。 ``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', rewrites => [ { comment => 'Permalink Rewrites', rewrite_base => '/' }, { rewrite_rule => ['^index\.php$ - [L]'] }, { rewrite_cond => ['%{REQUEST_FILENAME} !-f', '%{REQUEST_FILENAME} !-d', ], rewrite_rule => ['. /index.php [L]'], } ], }, ], } ``` > **注意**: ディレクトリにリライトを含める場合は、`apache::mod::rewrite`も含めてください。また、バーチャルホストのディレクトリのリライト設定ではなく、`apache::vhost`の`rewrites`パラメータを用いたリライトの設定を考慮してください。 ##### `shib_request_settings` アプリケーションリクエストに関して、有効なコンテンツ設定の設定または変更を可能にします。このコマンドは、次の2つのパラメータをとります: コンテンツ設定の名前、およびそれについて設定する値。有効な設定については、Shibboleth [コンテンツ設定ドキュメント](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings)を参照してください。このキーは、`apache::mod::shib`が定義されていない場合は無効になります。詳細については、[`mod_shib`ドキュメント](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions)を参照してください。 ``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', shib_request_settings => { 'requiresession' => 'On' }, shib_use_headers => 'On', }, ], } ``` ##### `shib_use_headers` 'On'に設定すると、アプリケーションに属性を公開するリクエストヘッダの使用がオンになります。このキーの値は'On'または'Off'です。デフォルト値は'Off'です。このキーは、`apache::mod::shib`が定義されていない場合は無効になります。詳細については、[`mod_shib`ドキュメント](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions)を参照してください。 ##### `shib_compat_valid_user` このコマンドが存在しなかったときの動作と合わせるため、デフォルト値はOffです。 "valid-user"および"user"のRequireルールの処理で、「標準」Apacheの動作を復元して、Shibbolethをその他のauth/authモジュールと組み合わせて使用する場合の競合を解消します。詳細については、[`mod_shib`ドキュメント](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions)、および[NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess)を参照してください。`apache::mod::shib`が定義されていない場合、このキーは無効です。 ##### `ssl_options` [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions)の文字列またはリスト。これにより、SSLエンジンのランタイムオプションが設定されます。このハンドラは、バーチャルホストの親ブロック内のSSLOptionsセットよりも優先されます。 ``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', ssl_options => '+ExportCertData', }, { path => '/path/to/different/dir', ssl_options => ['-StdEnvVars', '+ExportCertData'], }, ], } ``` ##### `suphp` [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG)設定に関する'user'および'group'キーを含むハッシュ。バーチャルホスト宣言で`suphp_engine => on`とともに使用する必要があり、`directories`内でのみ渡すことができます。 ``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', suphp => { user => 'myappuser', group => 'myappgroup', }, }, ], } ``` ##### `additional_includes` バーチャルホストディレクトリ内にある追加の静的な固有のApache設定ファイルのパスを指定します。値: 文字列パスの配列。 ``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/different/dir', additional_includes => ['/custom/path/includes', '/custom/path/another_includes',], }, ], } ``` #### `apache::vhost`のSSLパラメータ `::vhost`のすべてのSSLパラメータは、基本の`apache`クラスで設定された値がデフォルトになります。以下のパラメータを使えば、特定のバーチャルホストに関する個別のSSL設定を調整できます。 ##### `ssl` バーチャルホストのSSLを有効にします。SSLバーチャルホストはHTTPSクエリにのみ応答します。値: ブーリアン。 デフォルト値: `false`。 ##### `ssl_ca` 使用するSSL認証局を指定して、認証に使用するクライアントの証明書を検証します。これを使用するには、`ssl_verify_client`も設定する必要があります。 デフォルト値: `undef`。 ##### `ssl_cert` SSL証明書を指定します。 デフォルト値: オペレーティングシステムによって異なります。 * RedHat: '/etc/pki/tls/certs/localhost.crt' * Debian: '/etc/ssl/certs/ssl-cert-snakeoil.pem' * FreeBSD: '/usr/local/etc/apache22/server.crt' * Gentoo: '/etc/ssl/apache2/server.crt' ##### `ssl_protocol` [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol)を指定します。許可されるプロトコルの配列またはスペースで区切った文字列が求められます。 デフォルト値: 'all'、'-SSLv2'、'-SSLv3'。 ##### `ssl_cipher` [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite)を指定します。 デフォルト値: 'HIGH:MEDIUM:!aNULL:!MD5'。 ##### `ssl_honorcipherorder` [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder)を指定し、クライアントの優先順ではなくサーバの優先順をApacheに使用させます。値: 値: ブーリアン、'on'、'off'。 デフォルト値: `true`。 ##### `ssl_certs_dir` SSL認証ディレクトリの場所を指定してクライアントの証明書を検証します。`ssl_verify_client`も設定されていない限り使用されません(下記参照)。 デフォルト: undef ##### `ssl_chain` SSLチェーンを指定します。このデフォルト値は設定しなくても機能しますが、本稼働環境で使用する前に、固有の証明書情報により基本の`apache`クラス内で更新する必要があります。 デフォルト値: `undef`。 ##### `ssl_crl` 使用する証明書失効リストを指定します。(このデフォルト値は設定しなくても機能しますが、本稼働環境で使用する前に、固有の証明書情報により基本の`apache`クラス内で更新する必要があります。) デフォルト値: `undef`。 ##### `ssl_crl_path` 証明書失効リストの保存場所を指定して、クライアント認証の証明書を検証します(このデフォルト値は設定しなくても機能しますが、本稼働環境で使用する前に、固有の証明書情報により基本の`apache`クラス内で更新する必要があります)。 デフォルト値: `undef`。 ##### `ssl_crl_check` [SSLCARevocationCheckディレクティブ](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck)により、SSLクライアント認証の証明書失効チェックレベルを設定します。このデフォルト値は設定しなくても機能しますが、本稼働環境でCRLを使用する際に指定する必要があります。Apache 2.4以上にのみ適用され、それ以前のバージョンではこの値は無視されます。 デフォルト値: `undef`。 ##### `ssl_key` SSLキーを指定します。 デフォルト値はオペレーティングシステムによって異なります。このデフォルト値は設定しなくても機能しますが、本稼働環境で使用する前に、固有の証明書情報により基本の`apache`クラス内で更新する必要があります。 * RedHat: '/etc/pki/tls/private/localhost.key' * Debian: '/etc/ssl/private/ssl-cert-snakeoil.key' * FreeBSD: '/usr/local/etc/apache22/server.key' * Gentoo: '/etc/ssl/apache2/server.key' ##### `ssl_verify_client` [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient)ディレクティブを設定します。これにより、クライアント認証に関する証明書確認レベルが設定されます。 ``` puppet apache::vhost { 'sample.example.net': … ssl_verify_client => 'optional', } ``` 値: 'none'、'optional'、'require'、'optional_no_ca'。 デフォルト値: `undef`。 ##### `ssl_verify_depth` [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth)ディレクティブを設定します。これにより、クライアント認証確認におけるCA証明書の最大深さが指定されます。これを有効にするには、`ssl_verify_client`を設定する必要があります。 ``` puppet apache::vhost { 'sample.example.net': … ssl_verify_client => 'require', ssl_verify_depth => 1, } ``` デフォルト値: `undef`。 ##### `ssl_proxy_protocol` [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol)ディレクティブを設定します。これにより、プロキシに関するサーバ環境を確立する際に`mod_ssl`が使用すべきSSLプロトコルフレーバーを制御します。提示されたプロトコルのうちの1つのみを使用しているサーバに接続します。 デフォルト値: `undef`。 ##### `ssl_proxy_verify` [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify)ディレクティブを設定します。これにより、リクエストをリモートSSLサーバに転送するようにプロキシが設定されている場合のリモートサーバの証明書確認を設定します。 デフォルト値: `undef`。 ##### `ssl_proxy_verify_depth` [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth)ディレクティブを設定します。これにより、リモートサーバに有効な証明書がないと判断するにあたり、mod_sslが行う確認の深さを設定します。 深さ0では、自己署名リモートサーバ証明書のみが許可されます。デフォルトの深さ 1では、リモートサーバ証明書を自己署名にすることも、サーバが直接知っているCAにより署名することもできます。 デフォルト値: `undef`。  ##### `ssl_proxy_cipher_suite` [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite)ディレクティブを設定します。このディレクティブは、sslプロキシトラフィックに対してサポートされる暗号化スイートを制御します。 デフォルト値: `undef`。  ##### `ssl_proxy_ca_cert` [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile)ディレクティブを設定します。これにより、やりとりするリモートサーバに関する認証局(CA)の証明書を集められるオールインワンファイルを指定します。これはリモートサーバ認証に用いられます。このファイルは、PEMエンコード証明書ファイルを優先順に連結したものにする必要があります。 デフォルト値: `undef`。  ##### `ssl_proxy_machine_cert` [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile)ディレクティブを設定します。これにより、このサーバがリモートサーバの認証に用いる証明書とキーを保存するオールインワンファイルを指定します。このファイルは、PEMエンコード証明書ファイルを優先順に連結したものにする必要があります。 ``` puppet apache::vhost { 'sample.example.net': … ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem', } ``` デフォルト値: `undef`。  ##### `ssl_proxy_check_peer_cn` [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn)ディレクティブを設定します。これにより、リモートサーバの証明書のCNフィールドをリクエストURLのホスト名と比較するかどうかを指定します。 値: 'on'、'off'。  デフォルト値: `undef`。  ##### `ssl_proxy_check_peer_name` [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername)ディレクティブを設定します。これにより、リモートサーバの証明書のCNフィールドをリクエストURLのホスト名と比較するかどうかを決定します。 値: 'on'、'off'。  デフォルト値: `undef`。  ##### `ssl_proxy_check_peer_expire` [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire)ディレクティブを設定します。これにより、リモートサーバの証明書の有効期限をチェックするかどうかを指定します。 値: 'on'、'off'。  デフォルト値: `undef`。  ##### `ssl_options` [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions)ディレクティブを設定します。これにより、各種のSSLエンジンのランタイムオプションを設定します。これは任意のバーチャルホスト全体の設定で、文字列にすることも配列にすることもできます。 文字列: ``` puppet apache::vhost { 'sample.example.net': … ssl_options => '+ExportCertData', } ``` 配列: ``` puppet apache::vhost { 'sample.example.net': … ssl_options => ['+StrictRequire', '+ExportCertData'], } ``` デフォルト値: `undef`。 ##### `ssl_openssl_conf_cmd` [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd)ディレクティブを設定します。これにより、OpenSSLパラメータを直接設定できます。 デフォルト値: `undef`。  ##### `ssl_proxyengine` [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine)を使用するかどうかを指定します。 ブーリアン。 デフォルト値: `false`。 ##### `ssl_stapling` [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling)を使用するかどうかを指定します。デフォルトでは、全体で設定されているものを使用します。 このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。  ブーリアンまたは`undef`。 デフォルト値: `undef`。  ##### `ssl_stapling_timeout` [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout)ディレクティブの設定に使用できます。 このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。  デフォルト値: なし。  ##### `ssl_stapling_return_errors` [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors)ディレクティブの設定に使用できます。 このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。  デフォルト値: なし。  #### 定義タイプ: FastCGIサーバ このタイプは、mod\_fastcgiとともに使用します。特定のファイルタイプを扱う1つまたは複数の外部FastCGIサーバを定義することができます。 ** 注意 ** Ubuntu 10.04+では、マルチバースリポジトリを手動で有効にする必要があります。 例: ``` puppet apache::fastcgi::server { 'php': host => '127.0.0.1:9000', timeout => 15, flush => `false`, faux_path => '/var/www/php.fcgi', fcgi_alias => '/php.fcgi', file_type => 'application/x-httpd-php', pass_header => '' } ``` その後、バーチャルホスト内で、上で指定したfastcgiサーバで扱う特定のファイルタイプを設定することができます。 ``` puppet apache::vhost { 'www': ... custom_fragment => 'AddType application/x-httpd-php .php' ... } ``` ##### `host` FastCGIサーバのホスト名またはIPアドレスおよびTCPポート番号(1-65535)。 unixソケットを渡すこともできます。 ``` puppet apache::fastcgi::server { 'php': host => '/var/run/fcgi.sock', } ``` ##### `timeout` リクエストが中止され、(エラーLogLevel)にイベントが記録されるまでに、FastCGIアプリケーションが非アクティブの状態で待機する秒数。この非アクティブタイマーは、FastCGIアプリケーションとの接続が待機中の場合のみ適用されます。アプリケーションの待ち行列に入ったリクエストに対して、時間内に記述やフラッシュによる応答がないと、リクエストは中止されます。アプリケーションとの通信が完了したものの、クライアントとの通信が完了しなかった(応答がバッファリングされた)場合は、タイムアウトは適用されません。 ##### `flush` アプリケーションから受信したデータを、強制的にクライアントに書き込みます。デフォルトでは、アプリケーションをできるだけ早くフリーな状態にするために、`mod_fastcgi`はデータをバッファリングします。 ##### `faux_path` ローカルファイルシステムに存在する必要はありません。Apacheがこのファイル名に解読するURIは、この外部FastCGIアプリケーションにより処理されます。 ##### `alias` 一意のエイリアス。 アクションとFastCGIサーバをリンクさせるために内部で用いられます。 ##### `file_type` FastCGIサーバにより処理するファイルのMIMEタイプ。 ##### `pass_header` リクエスト環境で渡されるHTTPリクエストヘッダの名前。このオプションにより、通常はCGI環境で利用できないヘッダコンテンツ(認証など)が利用できるようになります。 #### 定義タイプ: `apache::vhost::custom` `apache::vhost::custom`定義タイプは、 `apache::custom_config`定義タイプのシンラッパーで、Apacheにおいてバーチャルホストディレクトリに固有のデフォルト設定の一部をオーバーライドします。 **`apache::vhost::custom`内のパラメータ**: ##### `content` 設定ファイルのコンテンツを設定します。 ##### `ensure` バーチャルホストファイルが存在するかどうかを指定します。 値: 'absent'、'present'。  デフォルト値: 'present'。  ##### `priority` Apache HTTPD VirtualHost設定ファイルに関する相対的なロード順序を設定します。 デフォルト値: '25'。 ##### `verify_config` Apacheサービスに通知する前に設定ファイルのバリデーションを行うかどうかを指定します。 ブーリアン。 デフォルト値: `true`。 ### プライベート定義タイプ #### 定義タイプ: `apache::peruser::multiplexer`  この定義タイプは、Apacheモジュールにクラスがあるかどうかを確認します。クラスがある場合は、そのクラスを含めます。ない場合は、モジュール名を[`apache::mod`][]定義タイプに渡します。 #### 定義タイプ: `apache::peruser::multiplexer`  FreeBSDに関してのみ、[`Peruser`][]モジュールを有効にします。  #### 定義タイプ: `apache::peruser::processor` FreeBSDに関してのみ、[`Peruser`][]モジュールを有効にします。  #### 定義タイプ: `apache::security::file_link` [`apache::mod::security`][]の`activated_rules`をディスク上のそれぞれのCRSルールにリンクします。 ### テンプレート Apacheモジュールは、[`apache::vhost`][]および[`apache::mod`][]定義タイプを有効にするにあたり、テンプレートに大きく依存しています。このテンプレートは、オペレーティングシステムに固有の[Facter][] factsをベースに構築されています。明示的にコールアウトされない限り、ほとんどのテンプレートは設定には使われません。 ### タスク Apacheモジュールには、サービスの再起動なしでApache設定を再ロードできるタスクがあります。タスクの実行方法については、[Puppet Enterpriseマニュアル](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html)または[Boltマニュアル](https://puppet.com/docs/bolt/latest/bolt.html)を参照してください。 ### 関数 #### apache_pw_hash Apacheが読みこむhtpasswdファイルに適したフォーマットでパスワードをハッシュします。 現在はSHAハッシュを使用しています。これは、このフォーマットは安全ではないとされているものの、ほとんどのプラットフォームでサポートされているもっとも安全なフォーマットであるためです。 ## 制約事項 - サポートされているオペレーティングシステムの一覧については、[metadata.json](https://github.com/puppetlabs/puppetlabs-apache/blob/master/metadata.json)を参照してください。 + サポートされているオペレーティングシステムの一覧については、[metadata.json](https://github.com/puppetlabs/puppetlabs-apache/blob/main/metadata.json)を参照してください。 ### FreeBSD FreeBSDでこのモジュールを使用するには、apache24-2.4.12 (www/apache24)以降を使用する_必要があります_。 ### Gentoo Gentooでは、このモジュールは[`gentoo/puppet-portage`][] Puppetモジュールに依存します。Gentooに関しては、一部の機能や設定が適用または有効化されますが、このモジュールに[対応するオペレーティングシステム][]ではありません。 ### RHEL/CentOS [`apache::mod::auth_cas`][]、[`apache::mod::passenger`][]、[`apache::mod::proxy_html`][]、[`apache::mod::shib`][]クラスは、追加のリポジトリから依存関係パッケージが提供されていなければ、RH/CentOSでは機能しません。 関連するリポジトリとパッケージについては、以下の各ドキュメントを参照してください。 #### RHEL/CentOS 5 [`apache::mod::passenger`][]および[`apache::mod::proxy_html`][]クラスは、リポジトリに適合するパッケージがないため、テストされていません。 #### RHEL/CentOS 6 [`apache::mod::passenger`][]クラスは、EL6リポジトリに適合するパッケージがないため、インストールされません。 #### RHEL/CentOS 7 [`apache::mod::passenger`][]および[`apache::mod::proxy_html`][]クラスは、EL7リポジトリに適合するパッケージがないため、テストされていません。また、[`apache::vhost`][]定義タイプの[`rack_base_uris`][]パラメータも、同様の理由でテストされていません。 ### SELinuxおよびカスタムパス [SELinux][]が[適用モード][]になっていて、`logroot`、`mod_dir`、`vhost_dir`、`docroot`に関してカスタムパスを使用したい場合は、ファイルのコンテキストを各自で管理する必要があります。 これにはPuppetを使用できます。 ``` puppet exec { 'set_apache_defaults': command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"', path => '/bin:/usr/bin/:/sbin:/usr/sbin', require => Package['policycoreutils-python'], } package { 'policycoreutils-python': ensure => installed, } exec { 'restorecon_apache': command => 'restorecon -Rv /apache_spec', path => '/bin:/usr/bin/:/sbin:/usr/sbin', before => Class['Apache::Service'], require => Class['apache'], } class { 'apache': } host { 'test.server': ip => '127.0.0.1', } file { '/custom/path': ensure => directory, } file { '/custom/path/include': ensure => present, content => '#additional_includes', } apache::vhost { 'test.server': docroot => '/custom/path', additional_includes => '/custom/path/include', } ``` `chcon`ではなく、`semanage fcontext`を用いてコンテキストを設定する必要があります。これは、Puppetの`file`リソースでは、リソースにより指定されていない場合、その値のコンテキストがリセットされるためです。 ### Ubuntu 10.04 [`apache::vhost::WSGIImportScript`][]パラメータにより、Apacheの古いバージョンではサポートされていないバーチャルホスト内のステートメントが作成され、不具合が生じます。これは今後のリファクタリングで修正される予定です。 ### Ubuntu 16.04 [`apache::mod::suphp`][]クラスは、リポジトリに適合するパッケージがないため、テストされていません。 ## 開発 ### 貢献 [Puppet Forge][]上の[Puppet][]モジュールはオープンプロジェクトであり、その価値を維持するにはコミュニティからの貢献が欠かせません。Puppetが提供する膨大な数のプラットフォームや、無数のハードウェア、ソフトウェア、デプロイ設定に弊社がアクセスすることは不可能です。 できるだけ変更に簡単に貢献していただき、お使いの環境でモジュールが動作するようにしたいと考えています。モジュールの品質の維持と改善のため、Puppetは貢献者に守っていただくガイドラインを設けています。 詳細については、[モジュールコントリビューションガイド][]および[CONTRIBUTING.md][]を参照してください。 diff --git a/spec/util/_resources/test_metadata_json.rb b/spec/util/_resources/test_metadata_json.rb index f00933ba..b8f64ae5 100644 --- a/spec/util/_resources/test_metadata_json.rb +++ b/spec/util/_resources/test_metadata_json.rb @@ -1,86 +1,86 @@ METADATA_JSON = '{ "name": "puppetlabs-apache", "version": "5.4.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", "source": "https://github.com/puppetlabs/puppetlabs-apache", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "dependencies": [ { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.13.1 < 7.0.0" }, { "name": "puppetlabs/concat", "version_requirement": ">= 2.2.1 < 7.0.0" } ], "operatingsystem_support": [ { "operatingsystem": "RedHat", "operatingsystemrelease": [ "6", "7", "8" ] }, { "operatingsystem": "CentOS", "operatingsystemrelease": [ "6", "7", "8" ] }, { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ "6", "7" ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ "6", "7" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ "8", "9", "10" ] }, { "operatingsystem": "SLES", "operatingsystemrelease": [ "11 SP1", "12", "15" ] }, { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ "14.04", "16.04", "18.04" ] } ], "requirements": [ { "name": "puppet", "version_requirement": ">= 5.5.10 < 7.0.0" } ], "description": "Module for Apache configuration", "pdk-version": "1.17.0", - "template-url": "https://github.com/puppetlabs/pdk-templates#master", - "template-ref": "heads/master-0-g095317c" + "template-url": "https://github.com/puppetlabs/pdk-templates#main", + "template-ref": "heads/main-0-g095317c" }'.freeze diff --git a/templates/mod/security_crs.conf.erb b/templates/mod/security_crs.conf.erb index 641daac3..2a725e20 100644 --- a/templates/mod/security_crs.conf.erb +++ b/templates/mod/security_crs.conf.erb @@ -1,436 +1,436 @@ # --------------------------------------------------------------- # Core ModSecurity Rule Set ver.2.2.9 # Copyright (C) 2006-2012 Trustwave All rights reserved. # # The OWASP ModSecurity Core Rule Set is distributed under # Apache Software License (ASL) version 2 # Please see the enclosed LICENCE file for full details. # --------------------------------------------------------------- # # -- [[ Recommended Base Configuration ]] ------------------------------------------------- # # The configuration directives/settings in this file are used to control # the OWASP ModSecurity CRS. These settings do **NOT** configure the main # ModSecurity settings such as: # # - SecRuleEngine # - SecRequestBodyAccess # - SecAuditEngine # - SecDebugLog # # You should use the modsecurity.conf-recommended file that comes with the # ModSecurity source code archive. # -# Ref: https://github.com/SpiderLabs/ModSecurity/blob/master/modsecurity.conf-recommended +# Ref: https://github.com/SpiderLabs/ModSecurity/blob/main/modsecurity.conf-recommended # # # -- [[ Rule Version ]] ------------------------------------------------------------------- # # Rule version data is added to the "Producer" line of Section H of the Audit log: # # - Producer: ModSecurity for Apache/2.7.0-rc1 (http://www.modsecurity.org/); OWASP_CRS/2.2.4. # # Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecComponentSignature # SecComponentSignature "OWASP_CRS/2.2.9" # # -- [[ Modes of Operation: Self-Contained vs. Collaborative Detection ]] ----------------- # # Each detection rule uses the "block" action which will inherit the SecDefaultAction # specified below. Your settings here will determine which mode of operation you use. # # -- [[ Self-Contained Mode ]] -- # Rules inherit the "deny" disruptive action. The first rule that matches will block. # # -- [[ Collaborative Detection Mode ]] -- # This is a "delayed blocking" mode of operation where each matching rule will inherit # the "pass" action and will only contribute to anomaly scores. Transactional blocking # can be applied # # -- [[ Alert Logging Control ]] -- # You have three options - # # - To log to both the Apache error_log and ModSecurity audit_log file use: "log" # - To log *only* to the ModSecurity audit_log file use: "nolog,auditlog" # - To log *only* to the Apache error_log file use: "log,noauditlog" # # Ref: http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html # Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecDefaultAction # SecDefaultAction "phase:1,<%= @_secdefaultaction -%>" SecDefaultAction "phase:2,<%= @_secdefaultaction -%>" # # -- [[ Collaborative Detection Severity Levels ]] ---------------------------------------- # # These are the default scoring points for each severity level. You may # adjust these to you liking. These settings will be used in macro expansion # in the rules to increment the anomaly scores when rules match. # # These are the default Severity ratings (with anomaly scores) of the individual rules - # # - 2: Critical - Anomaly Score of 5. # Is the highest severity level possible without correlation. It is # normally generated by the web attack rules (40 level files). # - 3: Error - Anomaly Score of 4. # Is generated mostly from outbound leakage rules (50 level files). # - 4: Warning - Anomaly Score of 3. # Is generated by malicious client rules (35 level files). # - 5: Notice - Anomaly Score of 2. # Is generated by the Protocol policy and anomaly files. # SecAction \ "id:'900001', \ phase:1, \ t:none, \ setvar:tx.critical_anomaly_score=<%= @critical_anomaly_score -%>, \ setvar:tx.error_anomaly_score=<%= @error_anomaly_score -%>, \ setvar:tx.warning_anomaly_score=<%= @warning_anomaly_score -%>, \ setvar:tx.notice_anomaly_score=<%= @notice_anomaly_score -%>, \ nolog, \ pass" # # -- [[ Collaborative Detection Scoring Initialization and Threshold Levels ]] ------------------------------ # # These variables are used in macro expansion in the 49 inbound blocking and 59 # outbound blocking files. # # **MUST HAVE** ModSecurity v2.5.12 or higher to use macro expansion in numeric # operators. If you have an earlier version, edit the 49/59 files directly to # set the appropriate anomaly score levels. # # You should set the score level (rule 900003) to the proper threshold you # would prefer. If set to "5" it will work similarly to previous Mod CRS rules # and will create an event in the error_log file if there are any rules that # match. If you would like to lessen the number of events generated in the # error_log file, you should increase the anomaly score threshold to something # like "20". This would only generate an event in the error_log file if there # are multiple lower severity rule matches or if any 1 higher severity item matches. # SecAction \ "id:'900002', \ phase:1, \ t:none, \ setvar:tx.anomaly_score=0, \ setvar:tx.sql_injection_score=0, \ setvar:tx.xss_score=0, \ setvar:tx.inbound_anomaly_score=0, \ setvar:tx.outbound_anomaly_score=0, \ nolog, \ pass" SecAction \ "id:'900003', \ phase:1, \ t:none, \ setvar:tx.inbound_anomaly_score_level=<%= @inbound_anomaly_threshold -%>, \ setvar:tx.outbound_anomaly_score_level=<%= @outbound_anomaly_threshold -%>, \ nolog, \ pass" # # -- [[ Collaborative Detection Blocking ]] ----------------------------------------------- # # This is a collaborative detection mode where each rule will increment an overall # anomaly score for the transaction. The scores are then evaluated in the following files: # # Inbound anomaly score - checked in the modsecurity_crs_49_inbound_blocking.conf file # Outbound anomaly score - checked in the modsecurity_crs_59_outbound_blocking.conf file # # If you want to use anomaly scoring mode, then uncomment this line. # SecAction \ "id:'900004', \ phase:1, \ t:none, \ setvar:tx.anomaly_score_blocking=<%= @anomaly_score_blocking -%>, \ nolog, \ pass" # # -- [[ GeoIP Database ]] ----------------------------------------------------------------- # # There are some rulesets that need to inspect the GEO data of the REMOTE_ADDR data. # # You must first download the MaxMind GeoIP Lite City DB - # # http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz # # You then need to define the proper path for the SecGeoLookupDb directive # # Ref: http://blog.spiderlabs.com/2010/10/detecting-malice-with-modsecurity-geolocation-data.html # Ref: http://blog.spiderlabs.com/2010/11/detecting-malice-with-modsecurity-ip-forensics.html # #SecGeoLookupDb /opt/modsecurity/lib/GeoLiteCity.dat # # -- [[ Regression Testing Mode ]] -------------------------------------------------------- # # If you are going to run the regression testing mode, you should uncomment the # following rule. It will enable DetectionOnly mode for the SecRuleEngine and # will enable Response Header tagging so that the client testing script can see # which rule IDs have matched. # # You must specify the your source IP address where you will be running the tests # from. # #SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" \ "id:'900005', \ phase:1, \ t:none, \ ctl:ruleEngine=DetectionOnly, \ setvar:tx.regression_testing=1, \ nolog, \ pass" # # -- [[ HTTP Policy Settings ]] ---------------------------------------------------------- # # Set the following policy settings here and they will be propagated to the 23 rules # file (modsecurity_common_23_request_limits.conf) by using macro expansion. # If you run into false positives, you can adjust the settings here. # # Only the max number of args is uncommented by default as there are a high rate # of false positives. Uncomment the items you wish to set. # # # -- Maximum number of arguments in request limited SecAction \ "id:'900006', \ phase:1, \ t:none, \ setvar:tx.max_num_args=<%= @secrequestmaxnumargs %>, \ nolog, \ pass" # # -- Limit argument name length #SecAction \ "id:'900007', \ phase:1, \ t:none, \ setvar:tx.arg_name_length=100, \ nolog, \ pass" # # -- Limit value name length #SecAction \ "id:'900008', \ phase:1, \ t:none, \ setvar:tx.arg_length=400, \ nolog, \ pass" # # -- Limit arguments total length #SecAction \ "id:'900009', \ phase:1, \ t:none, \ setvar:tx.total_arg_length=64000, \ nolog, \ pass" # # -- Individual file size is limited #SecAction \ "id:'900010', \ phase:1, \ t:none, \ setvar:tx.max_file_size=1048576, \ nolog, \ pass" # # -- Combined file size is limited #SecAction \ "id:'900011', \ phase:1, \ t:none, \ setvar:tx.combined_file_sizes=1048576, \ nolog, \ pass" # # Set the following policy settings here and they will be propagated to the 30 rules # file (modsecurity_crs_30_http_policy.conf) by using macro expansion. # If you run into false positves, you can adjust the settings here. # SecAction \ "id:'900012', \ phase:1, \ t:none, \ setvar:'tx.allowed_methods=<%= @allowed_methods -%>', \ setvar:'tx.allowed_request_content_type=<%= @content_types -%>', \ setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \ setvar:'tx.restricted_extensions=<%= @restricted_extensions -%>', \ setvar:'tx.restricted_headers=<%= @restricted_headers -%>', \ nolog, \ pass" # # -- [[ Content Security Policy (CSP) Settings ]] ----------------------------------------- # # The purpose of these settings is to send CSP response headers to # Mozilla FireFox users so that you can enforce how dynamic content # is used. CSP usage helps to prevent XSS attacks against your users. # # Reference Link: # # https://developer.mozilla.org/en/Security/CSP # # Uncomment this SecAction line if you want use CSP enforcement. # You need to set the appropriate directives and settings for your site/domain and # and activate the CSP file in the experimental_rules directory. # # Ref: http://blog.spiderlabs.com/2011/04/modsecurity-advanced-topic-of-the-week-integrating-content-security-policy-csp.html # #SecAction \ "id:'900013', \ phase:1, \ t:none, \ setvar:tx.csp_report_only=1, \ setvar:tx.csp_report_uri=/csp_violation_report, \ setenv:'csp_policy=allow \'self\'; img-src *.yoursite.com; media-src *.yoursite.com; style-src *.yoursite.com; frame-ancestors *.yoursite.com; script-src *.yoursite.com; report-uri %{tx.csp_report_uri}', \ nolog, \ pass" # # -- [[ Brute Force Protection ]] --------------------------------------------------------- # # If you are using the Brute Force Protection rule set, then uncomment the following # lines and set the following variables: # - Protected URLs: resources to protect (e.g. login pages) - set to your login page # - Burst Time Slice Interval: time interval window to monitor for bursts # - Request Threshold: request # threshold to trigger a burst # - Block Period: temporary block timeout # #SecAction \ "id:'900014', \ phase:1, \ t:none, \ setvar:'tx.brute_force_protected_urls=#/login.jsp# #/partner_login.php#', \ setvar:'tx.brute_force_burst_time_slice=60', \ setvar:'tx.brute_force_counter_threshold=10', \ setvar:'tx.brute_force_block_timeout=300', \ nolog, \ pass" # # -- [[ DoS Protection ]] ---------------------------------------------------------------- # # If you are using the DoS Protection rule set, then uncomment the following # lines and set the following variables: # - Burst Time Slice Interval: time interval window to monitor for bursts # - Request Threshold: request # threshold to trigger a burst # - Block Period: temporary block timeout # SecAction \ "id:'900015', \ phase:1, \ t:none, \ setvar:'tx.dos_burst_time_slice=60', \ setvar:'tx.dos_counter_threshold=100', \ setvar:'tx.dos_block_timeout=600', \ nolog, \ pass" # # -- [[ Check UTF enconding ]] ----------------------------------------------------------- # # We only want to apply this check if UTF-8 encoding is actually used by the site, otherwise # it will result in false positives. # # Uncomment this line if your site uses UTF8 encoding #SecAction \ "id:'900016', \ phase:1, \ t:none, \ setvar:tx.crs_validate_utf8_encoding=1, \ nolog, \ pass" # # -- [[ Enable XML Body Parsing ]] ------------------------------------------------------- # # The rules in this file will trigger the XML parser upon an XML request # # Initiate XML Processor in case of xml content-type # SecRule REQUEST_HEADERS:Content-Type "text/xml" \ "id:'900017', \ phase:1, \ t:none,t:lowercase, \ nolog, \ pass, \ chain" SecRule REQBODY_PROCESSOR "!@streq XML" \ "ctl:requestBodyProcessor=XML" # # -- [[ Global and IP Collections ]] ----------------------------------------------------- # # Create both Global and IP collections for rules to use # There are some CRS rules that assume that these two collections # have already been initiated. # SecRule REQUEST_HEADERS:User-Agent "^(.*)$" \ "id:'900018', \ phase:1, \ t:none,t:sha1,t:hexEncode, \ setvar:tx.ua_hash=%{matched_var}, \ nolog, \ pass" SecRule REQUEST_HEADERS:x-forwarded-for "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" \ "id:'900019', \ phase:1, \ t:none, \ capture, \ setvar:tx.real_ip=%{tx.1}, \ nolog, \ pass" SecRule &TX:REAL_IP "!@eq 0" \ "id:'900020', \ phase:1, \ t:none, \ initcol:global=global, \ initcol:ip=%{tx.real_ip}_%{tx.ua_hash}, \ nolog, \ pass" SecRule &TX:REAL_IP "@eq 0" \ "id:'900021', \ phase:1, \ t:none, \ initcol:global=global, \ initcol:ip=%{remote_addr}_%{tx.ua_hash}, \ setvar:tx.real_ip=%{remote_addr}, \ nolog, \ pass" diff --git a/types/oidcsettings.pp b/types/oidcsettings.pp index bc3ce5c7..a2356ae9 100644 --- a/types/oidcsettings.pp +++ b/types/oidcsettings.pp @@ -1,112 +1,112 @@ -# https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf +# https://github.com/zmartzone/mod_auth_openidc/blob/main/auth_openidc.conf type Apache::OIDCSettings = Struct[ { Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl,Stdlib::HttpUrl], Optional['CryptoPassphrase'] => String, Optional['MetadataDir'] => String, Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl, Optional['ProviderIssuer'] => String, Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl, Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl, Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl, Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic','client_secret_post','client_secret_jwt','private_key_jwt','none'], Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl, Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl, Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl, Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl, Optional['ProviderBackChannelLogoutSupported'] => Enum['On','Off'], Optional['ProviderRegistrationEndpointJson'] => String, Optional['Scope'] => Pattern[/^[A-Za-z0-9\-\._\s]+$/], Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], Optional['SSLValidateServer'] => Enum['On','Off'], Optional['UserInfoRefreshInterval'] => Integer, Optional['JWKSRefreshInterval'] => Integer, Optional['UserInfoTokenMethod'] => Enum['authz_header','post_param'], Optional['ProviderAuthRequestMethod'] => Enum['GET','POST'], Optional['PublicKeyFiles'] => String, Optional['ResponseType'] => Enum['code','id_token','id_token token','code id_token','code token','code id_token token'], Optional['ResponseMode'] => Enum['fragment','query','form_post'], Optional['ClientID'] => String, Optional['ClientSecret'] => String, Optional['ClientTokenEndpointCert'] => String, Optional['ClientTokenEndpointKey'] => String, Optional['ClientName'] => String, Optional['ClientContact'] => String, Optional['PKCDMethod'] => Enum['plain','S256','referred_tb'], Optional['TokenBindingPolicy'] => Enum['disabled','optional','required','enforced'], Optional['ClientJwksUri'] => Stdlib::HTTPSUrl, Optional['IDTokenSignedResponseAlg'] => Enum['RS256','RS384','RS512','PS256','PS384','PS512','HS256','HS384','HS512','ES256','ES384','ES512'], Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5','A128KW','A256KW','RSA-OAEP'], Optional['IDTokenEncryptedResponseAlg'] => Enum['A128CBC-HS256','A256CBC-HS512','A256GCM'], Optional['UserInfoSignedResposeAlg'] => Enum['RS256','RS384','RS512','PS256','PS384','PS512','HS256','HS384','HS512','ES256','ES384','ES512'], Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5','A128KW','A256KW','RSA-OAEP'], Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256','A256CBC-HS512','A256GCM'], Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl, Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl, Optional['OAuthClientID'] => String, Optional['OAuthClientSecret'] => String, Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic','client_secret_post','client_secret_jwt','private_key_jwt','bearer_access_token','none'], Optional['OAuthIntrospectionClientAuthBearerToken'] => String, Optional['OAuthIntrospectionEndpointCert'] => String, Optional['OAuthIntrospectionEndpointKey'] => String, Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST','GET'], Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], Optional['OAuthIntrospectionTokenParamName'] => String, Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s(absolute|relative)\s(mandatory|optional)$/], Optional['OAuthSSLValidateServer'] => Enum['On','Off'], Optional['OAuthVerifySharedKeys'] => String, Optional['OAuthVerifyCertFiles'] => String, Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl, Optional['OAuthRemoteUserClaim'] => String, Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/], Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled','optional','required','enforced'], Optional['Cookie'] => String, Optional['SessionCookieChunkSize'] => Integer, Optional['CookieHTTPOnly'] => Enum['On','Off'], Optional['CookieSameSite'] => Enum['On','Off'], Optional['PassCookies'] => String, Optional['StripCookies'] => String, Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+\s(false|true)$/], Optional['SessionInactivityTimeout'] => Integer, Optional['SessionMaxDuration'] => Integer, Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent)?)$/], Optional['SessionCacheFallbackToCookie'] => Enum['On','Off'], Optional['CacheType'] => Enum['shm','memcache','file','redis'], Optional['CacheEncrypt'] => Enum['On','Off'], Optional['CacheShmMax'] => Integer, Optional['CacheShmEntrySizeMax'] => Integer, Optional['CacheFileCleanInterval'] => Integer, Optional['MemCacheServers'] => String, Optional['RedisCacheServer'] => String, Optional['RedisCachePassword'] => String, Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl,Stdlib::HttpUrl], Optional['HTMLErrorTemplate'] => String, Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl,Stdlib::HttpUrl], Optional['PathScope'] => Pattern[/^[A-Za-z0-9\-\._\s]+$/], Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], Optional['IDTokenIatSlack'] => Integer, Optional['ClaimPrefix'] => String, Optional['ClaimDelimiter'] => Pattern[/^.$/], Optional['RemoteUserClaim'] => String, Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/], Optional['PassUserInfoAs'] => Pattern[/^((claims|json|jwt)\s?)+$/], Optional['PassClaimsAs'] => Enum['none','headers','environment','both'], Optional['AuthNHeader'] => String, Optional['HTTPTimeoutLong'] => Integer, Optional['HTTPTimeoutShort'] => Integer, Optional['StateTimeout'] => Integer, Optional['ScrubRequestHeaders'] => Enum['On','Off'], Optional['OutgoingProxy'] => String, Optional['UnAuthAction'] => Enum['auth','pass','401','410'], Optional['UnAuthzAction'] => Enum['401','403','auth'], Optional['PreservePost'] => Enum['On','Off'], Optional['PassRefreshToken'] => Enum['On','Off'], Optional['RequestObject'] => String, Optional['ProviderMetadataRefreshInterval'] => Integer, Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|userinfo|refresh_token|session)\s?)+$/], Optional['BlackListedClaims'] => String, Optional['WhiteListedClaims'] => String, Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\slogout_on_error)?$/], } ]