apache

Puppet module for apache

Module Stats

13,739 downloads

5,140 latest version

4.6 quality score

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

released Jul 12th 2017

This version is compatible with:

, , ,

Start using this module

Installation method

Add this module to your Puppetfile:

mod 'aneesh-apache', '5.0.0'

Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add aneesh-apache

Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install aneesh-apache --version 5.0.0

Tags: apache, web, proxy, apache2, httpd, modsecurity, modevasive

Documentation

aneesh/apache — version 5.0.0 Jul 12th 2017

APACHE Module

Overview

This module install and configure apache web server.

Usage

Default configuration:

include apache

Change configuration file settings:

class { 'apache':
    serverroot                  => '"/etc/httpd"',
    listen                      => [ '80' ],
    user                        => 'apache',
    group                       => 'apache',
    serveradmin                 => 'root@localhost',
    servername                  => 'www.example.com',
    directory                   => {
      '/' => [
        'AllowOverride none',
        'Require all denied'
      ],
      '"/var/www"' => [
        'AllowOverride None',
        'Require all granted'
      ],
      '"/var/www/html"' => [
        'Options Indexes FollowSymLinks',
        'AllowOverride None',
        'Require all granted'
      ],
      '"/var/www/cgi-bin"' => [
        'AllowOverride None',
        'Options None',
        'Require all granted'
      ],
      '"/usr/share/httpd/icons"' => [
        'Options Indexes MultiViews FollowSymlinks',
        'AllowOverride None',
        'Require all granted'
      ],
      '"/home/*/public_html"' => [
        'AllowOverride FileInfo AuthConfig Limit Indexes',
        'Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec',
        'Require method GET POST OPTIONS'
      ]
    },
    documentroot                => '"/var/www/html"',
    directoryindex              => 'index.html',
    files                       => {
      '".ht*"' => [
        'Require all denied'
      ]
    },
    errorlog                    => '"logs/error_log"',
    log_level                   => 'warn',
    logformat                   => [ '"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined', '"%h %l %u %t \"%r\" %>s %b" common', '"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio' ],
    customlog                   => '"logs/access_log" combined',
    alias                       => '/icons/ "/usr/share/httpd/icons/"',
    scriptalias                 => '/cgi-bin/ "/var/www/cgi-bin/"',
    typesconfig                 => '/etc/mime.types',
    addtype                     => [ 'application/x-compress .Z', 'application/x-gzip .gz .tgz', 'text/html .shtml' ],
    addoutputfilter             => 'INCLUDES .shtml',
    adddefaultcharset           => 'UTF-8',
    mimemagicfile               => 'conf/magic',
    enablesendfile              => 'on',
    servertokens                => 'Prod',
    timeout                     => '60',
    keepalivetimeout            => '15',
    userdir                     => 'disabled',
    serversignature             => 'Off',
    addiconbyencoding           => '(CMP,/icons/compressed.gif) x-compress x-gzip',
    addiconbytype               => [ '(TXT,/icons/text.gif) text/*', '(IMG,/icons/image2.gif) image/*', '(SND,/icons/sound2.gif) audio/*', '(VID,/icons/movie.gif) video/*' ],
    addicon                     => [ '/icons/binary.gif .bin .exe', '/icons/binhex.gif .hqx', '/icons/tar.gif .tar', '/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv', '/icons/compressed.gif .Z .z .tgz .gz .zip', '/icons/a.gif .ps .ai .eps', '/icons/layout.gif .html .shtml .htm .pdf', '/icons/text.gif .txt', '/icons/c.gif .c', '/icons/p.gif .pl .py', '/icons/f.gif .for', '/icons/dvi.gif .dvi', '/icons/uuencoded.gif .uu', '/icons/script.gif .conf .sh .shar .csh .ksh .tcl', '/icons/tex.gif .tex', '/icons/bomb.gif /core', '/icons/bomb.gif */core.*', '/icons/back.gif ..', '/icons/hand.right.gif README', '/icons/folder.gif ^^DIRECTORY^^', '/icons/blank.gif ^^BLANKICON^^' ],
    defaulticon                 => '/icons/unknown.gif',
    readmename                  => 'README.html',
    headername                  => 'HEADER.html',
    indexignore                 => '.??* *~ *# HEADER* README* RCS CVS *,v *,t',
    fileetag                    => 'None',
    include                     => [ 'conf.modules.d/*.conf' ],
    includeoptional             => [ 'conf.d/*.conf', 'sites-enabled/*.conf' ],
}

Create virtualhost:

apache::virtualhost { 'example.com.conf':
    filename              => 'example.com.conf',
    listen                => '*:80',
    serveradmin           => 'admin@example.com',
    documentroot          => '/var/www/example.com/public_html/',
    servername            => 'example.com',
    serveralias           => 'www.example.com',
    errorlog              => 'logs/example.com-error.log',
    customlog             => 'logs/example.com-access.log combined',
}

Modsecurity customisation:

class { 'apache::modsecurity':
    includeoptional             => [ 'modsecurity.d/*.conf', 'modsecurity.d/activated_rules/*.conf' ],
    secruleengine               => 'On',
    secrequestbodyaccess        => 'On',
    secrequestbodylimit         => '13107200',
    secrequestbodynofileslimit  => '131072',
    secrequestbodyinmemorylimit => '131072',
    secrequestbodylimitaction   => 'Reject',
    secpcrematchlimit           => '1000',
    secpcrematchlimitrecursion  => '1000',
    secresponsebodyaccess       => 'On',
    secdebuglog                 => '/var/log/httpd/modsec_debug.log',
    secdebugloglevel            => '0',
    secauditengine              => 'RelevantOnly',
    secauditlogrelevantstatus   => '"^(?:5|4(?!04))"',
    secauditlogparts            => 'ABIJDEFHZ',
    secauditlogtype             => 'Serial',
    secauditlog                 => '/var/log/httpd/modsec_audit.log',
    secargumentseparator        => '&',
    seccookieformat             => '0',
    sectmpdir                   => '/var/lib/mod_security',
    secdatadir                  => '/tmp',
    secresponsebodymimetype     => 'text/plain text/html text/xml application/octet-stream',
}

Modevasive customisation:

class { 'apache::modevasive':
    dosemailnotify         => 'admin@example.com',
    dospagecount           => '2',
    dossitecount           => '50',
    dosblockingperiod      => '10',
    doslogdir              => '/var/log/mod_evasive',
    doswhitelist           => [ '127.0.0.1', '192.168.0.*' ],
}

Copyright 2017 Aneesh C

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Modules

Discover

Contribute

Puppet

Premium features

Downloads

Resources

About Forge

Getting Started