apache
Formulas to set up and configure the Apache HTTP server on GNU/Linux, FreeBSD, and Windows OS.
1. General notes
See the full SaltStack Formulas installation and usage instructions.
If you are interested in writing or contributing to formulas, please pay attention to the Writing Formula Section.
If you want to use this formula, please pay attention to the FORMULA
file and/or git tag, which contains the currently released version.
This formula is versioned according to Semantic
Versioning.
See Formula Versioning Section for more details.
2. Contributing to this repo
Commit message formatting is significant!!
Please see How to contribute for more details.
3. Available states
3.7. apache.config.modules.mod_mpm
Configures the apache mpm modules on Debian mpm_prefork, mpm_worker
or mpm_event (Debian Only)
3.8. apache.config.modules.mod_rewrite
Enabled the Apache module mod_rewrite (Debian and FreeBSD only)
3.10. apache.config.modules.mod_proxy_http
Enables the Apache module mod_proxy_http and requires the Apache module mod_proxy to be enabled. (Debian Only)
3.11. apache.config.modules.mod_proxy_fcgi
Enables the Apache module mod_proxy_fcgi and requires the Apache module mod_proxy to be enabled. (Debian Only)
3.15. apache.config.modules.mod_pagespeed
Installs and Enables the mod_pagespeed module. (Debian and RedHat Only)
3.16. apache.config.modules.mod_perl2
Installs and enables the mod_perl2 module (Debian and FreeBSD only)
3.23. apache.config.modules.mod_security
Installs an enables the Apache mod_security2 WAF using data from Pillar. (Debian and RedHat Only)
Allows you to install the basic Core Rules (CRS) and some basic configuration for mod_security2
3.24. apache.config.modules.mod_security.rules
This state can create symlinks based on basic Core Rules package. (Debian only) Or it can distribute a mod_security rule file and place it /etc/modsecurity/
3.26. apache.config.modules.mod_ssl
Installs and enables the mod_ssl module (Debian, RedHat and FreeBSD only)
3.29. apache.config.modules.mod_remoteip
Enables and configures the Apache module mod_remoteip using data from Pillar. (Debian Only)
3.31. apache.config.own_default_vhost
Replace default vhost with own version. By default, it’s 503 code. (Debian Only)
3.33. apache.config.vhosts.standard
Configures Apache name-based virtual hosts and creates virtual host directories using data from Pillar.
Example Pillar:
apache:
sites:
example.com: # must be unique; used as an ID declaration in Salt; also passed to the template context as {{ id }}
template_file: salt://apache/vhosts/standard.tmplWhen using the provided templates, one can use a space separated list of interfaces to bind to. For example, to bind both IPv4 and IPv6:
apache:
sites:
example.com:
interface: '1.2.3.4 [2001:abc:def:100::3]'3.34. apache.config.manage_security
Configures Apache’s security.conf options by reassinging them using data from Pillar.
3.38. apache.clean
Stops the Apache service and uninstalls the package.
These states are ordered using the order declaration. Different stages
are divided into the following number ranges:
-
apache will use 1-500 for ordering
-
apache will reserve 1 -100 as unused
-
apache will reserve 101-150 for pre pkg install
-
apache will reserve 151-200 for pkg install
-
apache will reserve 201-250 for pkg configure
-
apache will reserve 251-300 for downloads, git stuff, load data
-
apache will reserve 301-400 for unknown purposes
-
apache will reserve 401-450 for service restart-reloads
-
apache WILL reserve 451-460 for service.running
-
apache will reserve 461-500 for cmd requiring operational services
Example Pillar:
apache:
register-site:
# any name as an array index, and you can duplicate this section
{{UNIQUE}}:
name: 'my name'
path: 'salt://path/to/sites-available/conf/file'
state: 'enabled'
sites:
# Force SSL: Redirect from 80 to 443
example.com:
port: 80
template_file: salt://apache/vhosts/redirect.tmpl
RedirectSource: 'permanent /'
# Trailing slash is important
RedirectTarget: 'https://example.com/'
example.com_ssl:
port: 443
ServerName: example.com
SSLCertificateFile: /path/to/ssl.crt
SSLCertificateKeyFile: /path/to/ssl.key
SSLCertificateChainFile: /path/to/ssl.ca.crt4. Testing
Linux testing is done with kitchen-salt.
4.1. Requirements
-
Ruby
-
Docker
$ gem install bundler
$ bundle install
$ bin/kitchen test [platform]Where [platform] is the platform name defined in kitchen.yml, e.g.
debian-9-2019-2-py3.
4.2. bin/kitchen converge
Creates the docker instance and runs the apache main states, ready for
testing.
5. Testing with Vagrant
Windows/FreeBSD/OpenBSD testing is done with kitchen-salt.
5.2. Setup
$ gem install bundler
$ bundle install --with=vagrant
$ bin/kitchen test [platform]Where [platform] is the platform name defined in
kitchen.vagrant.yml, e.g. windows-81-latest-py3.
5.3. Note
When testing using Vagrant you must set the environment variable
KITCHEN_LOCAL_YAML to kitchen.vagrant.yml. For example:
$ KITCHEN_LOCAL_YAML=kitchen.vagrant.yml bin/kitchen test # Alternatively,
$ export KITCHEN_LOCAL_YAML=kitchen.vagrant.yml
$ bin/kitchen testThen run the following commands as needed.
5.4. bin/kitchen converge
Creates the Vagrant instance and runs the apache main states, ready
for testing.