apache
Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x
- Puppet >= 7.9.0 < 9.0.0
- , , , , , , , ,
Tasks:
- apache
Start using this module
Add this module to your Puppetfile:
mod 'puppetlabs-apache', '12.1.0'
Learn more about managing modules with a PuppetfileDocumentation
apache
Table of Contents
- Module description - What is the apache module, and what does it do?
- Setup - The basics of getting started with apache
- Usage - The classes and defined types available for configuration
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- [License][License]
- Development - Guide for contributing to the module
Module description
Apache HTTP Server (also called Apache HTTPD, or simply Apache) is a widely used web server. This Puppet module simplifies the task of creating configurations to manage Apache servers in your infrastructure. It can configure and manage a range of virtual host setups and provides a streamlined way to install and configure Apache modules.
Setup
What the apache module affects:
- Configuration files and directories (created and written to)
- WARNING: Configurations not managed by Puppet will be purged.
- Package/service/configuration files for Apache
- Apache modules
- Virtual hosts
- Listened-to ports
/etc/make.conf
on FreeBSD and Gentoo
On Gentoo, this module depends on the gentoo/puppet-portage
Puppet module. Note that while several options apply or enable certain features and settings for Gentoo, it is not a supported operating system for this module.
Warning: This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Apache configuration should be managed by Puppet, as unmanaged configuration files can cause unexpected failures.
To temporarily disable full Puppet management, set the
purge_configs
parameter in theapache
class declaration to false. We recommend this only as a temporary means of saving and relocating customized configurations.
Beginning with Apache
To have Puppet install Apache with the default parameters, declare the apache
class:
class { 'apache': }
When you declare this class with the default options, the module:
- Installs the appropriate Apache software package and required Apache modules for your operating system.
- Places the required configuration files in a directory, with the default location Depends on operating system.
- Configures the server with a default virtual host and standard port (80) and address ('*') bindings.
- Creates a document root directory Depends on operating system, typically
/var/www
. - Starts the Apache service.
Apache defaults depend on your operating system. These defaults work in testing environments but are not suggested for production. We recommend customizing the class's parameters to suit your site.
For instance, this declaration installs Apache without the apache module's default virtual host configuration, allowing you to customize all Apache virtual hosts:
class { 'apache':
default_vhost => false,
}
Note: When
default_vhost
is set tofalse
, you have to add at least oneapache::vhost
resource or Apache will not start. To establish a default virtual host, either set thedefault_vhost
in theapache
class or use theapache::vhost
defined type. You can also configure additional specific virtual hosts with theapache::vhost
defined type.
Usage
Configuring virtual hosts
The default apache
class sets up a virtual host on port 80, listening on all interfaces and serving the docroot
parameter's default directory of /var/www
.
To configure basic name-based virtual hosts, specify the port
and docroot
parameters in the apache::vhost
defined type:
apache::vhost { 'vhost.example.com':
port => 80,
docroot => '/var/www/vhost',
}
See the apache::vhost
defined type's reference for a list of all virtual host parameters.
Note: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The
apache::vhost
defined type applies a defaultpriority
of 25, which Puppet interprets by prefixing the virtual host's file name with25-
. This means that if multiple sites have the same priority, or if you disable priority numbers by setting thepriority
parameter's value to false, Apache still processes virtual hosts in alphabetical order.
To configure user and group ownership for docroot
, use the docroot_owner
and docroot_group
parameters:
apache::vhost { 'user.example.com':
port => 80,
docroot => '/var/www/user',
docroot_owner => 'www-data',
docroot_group => 'www-data',
}
Configuring virtual hosts with SSL
To configure a virtual host to use SSL encryption and default SSL certificates, set the ssl
parameter. You must also specify the port
parameter, typically with a value of 443, to accommodate HTTPS requests:
apache::vhost { 'ssl.example.com':
port => 443,
docroot => '/var/www/ssl',
ssl => true,
}
To configure a virtual host to use SSL and specific SSL certificates, use the paths to the certificate and key in the ssl_cert
and ssl_key
parameters, respectively:
apache::vhost { 'cert.example.com':
port => 443,
docroot => '/var/www/cert',
ssl => true,
ssl_cert => '/etc/ssl/fourth.example.com.cert',
ssl_key => '/etc/ssl/fourth.example.com.key',
}
To configure a mix of SSL and unencrypted virtual hosts at the same domain, declare them with separate apache::vhost
defined types:
# The non-ssl virtual host
apache::vhost { 'mix.example.com non-ssl':
servername => 'mix.example.com',
port => 80,
docroot => '/var/www/mix',
}
# The SSL virtual host at the same domain
apache::vhost { 'mix.example.com ssl':
servername => 'mix.example.com',
port => 443,
docroot => '/var/www/mix',
ssl => true,
}
To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate apache::vhost
defined types and redirect unencrypted requests to the virtual host with SSL enabled:
apache::vhost { 'redirect.example.com non-ssl':
servername => 'redirect.example.com',
port => 80,
docroot => '/var/www/redirect',
redirect_status => 'permanent',
redirect_dest => 'https://redirect.example.com/'
}
apache::vhost { 'redirect.example.com ssl':
servername => 'redirect.example.com',
port => 443,
docroot => '/var/www/redirect',
ssl => true,
}
Configuring virtual host port and address bindings
Virtual hosts listen on all IP addresses ('*') by default. To configure the virtual host to listen on a specific IP address, use the ip
parameter:
apache::vhost { 'ip.example.com':
ip => '127.0.0.1',
port => 80,
docroot => '/var/www/ip',
}
You can also configure more than one IP address per virtual host by using an array of IP addresses for the ip
parameter:
apache::vhost { 'ip.example.com':
ip => ['127.0.0.1','169.254.1.1'],
port => 80,
docroot => '/var/www/ip',
}
You can configure multiple ports per virtual host by using an array of ports for the port
parameter:
apache::vhost { 'ip.example.com':
ip => ['127.0.0.1'],
port => [80, 8080]
docroot => '/var/www/ip',
}
To configure a virtual host with aliased servers, refer to the aliases using the serveraliases
parameter:
apache::vhost { 'aliases.example.com':
serveraliases => [
'aliases.example.org',
'aliases.example.net',
],
port => 80,
docroot => '/var/www/aliases',
}
To set up a virtual host with a wildcard alias for the subdomain mapped to a directory of the same name, such as 'http://example.com.loc' mapped to /var/www/example.com
, define the wildcard alias using the serveraliases
parameter and the document root with the virtual_docroot
parameter:
apache::vhost { 'subdomain.loc':
vhost_name => '*',
port => 80,
virtual_docroot => '/var/www/%-2+',
docroot => '/var/www',
serveraliases => ['*.loc',],
}
To configure a virtual host with filter rules, pass the filter directives as an array using the filters
parameter:
apache::vhost { 'subdomain.loc':
port => 80,
filters => [
'FilterDeclare COMPRESS',
'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html',
'FilterChain COMPRESS',
'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no',
],
docroot => '/var/www/html',
}
Configuring virtual hosts for apps and processors
To configure a virtual host to use the Web Server Gateway Interface (WSGI) for Python applications, use the wsgi
set of parameters:
apache::vhost { 'wsgi.example.com':
port => 80,
docroot => '/var/www/pythonapp',
wsgi_application_group => '%{GLOBAL}',
wsgi_daemon_process => 'wsgi',
wsgi_daemon_process_options => {
processes => 2,
threads => 15,
display-name => '%{GROUP}',
},
wsgi_import_script => '/var/www/demo.wsgi',
wsgi_import_script_options => {
process-group => 'wsgi',
application-group => '%{GLOBAL}',
},
wsgi_process_group => 'wsgi',
wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },
}
As of Apache 2.2.16, Apache supports FallbackResource, a simple replacement for common RewriteRules. You can set a FallbackResource using the fallbackresource
parameter:
apache::vhost { 'wordpress.example.com':
port => 80,
docroot => '/var/www/wordpress',
fallbackresource => '/index.php',
}
Note: The
fallbackresource
parameter only supports the 'disabled' value since Apache 2.2.24.
To configure a virtual host with a designated directory for Common Gateway Interface (CGI) files, use the scriptalias
parameter to define the cgi-bin
path:
apache::vhost { 'cgi.example.com':
port => 80,
docroot => '/var/www/cgi',
scriptalias => '/usr/lib/cgi-bin',
}
To configure a virtual host for Rack, use the rack_base_uri
parameter:
apache::vhost { 'rack.example.com':
port => 80,
docroot => '/var/www/rack',
rack_base_uri => ['/rackapp1', '/rackapp2'],
}
Configuring IP-based virtual hosts
You can configure IP-based virtual hosts to listen on any port and have them respond to requests on specific IP addresses. In this example, the server listens on ports 80 and 81, because the example virtual hosts are not declared with a port
parameter:
apache::listen { '80': }
apache::listen { '81': }
Configure the IP-based virtual hosts with the ip_based
parameter:
apache::vhost { 'first.example.com':
ip => '10.0.0.10',
docroot => '/var/www/first',
ip_based => true,
}
apache::vhost { 'second.example.com':
ip => '10.0.0.11',
docroot => '/var/www/second',
ip_based => true,
}
You can also configure a mix of IP- and name-based virtual hosts in any combination of SSL and unencrypted configurations.
In this example, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted:
apache::vhost { 'The first IP-based virtual host, non-ssl':
servername => 'first.example.com',
ip => '10.0.0.10',
port => 80,
ip_based => true,
docroot => '/var/www/first',
}
apache::vhost { 'The first IP-based vhost, ssl':
servername => 'first.example.com',
ip => '10.0.0.10',
port => 443,
ip_based => true,
docroot => '/var/www/first-ssl',
ssl => true,
}
Next, we add two name-based virtual hosts listening on a second IP address (10.0.0.20):
apache::vhost { 'second.example.com':
ip => '10.0.0.20',
port => 80,
docroot => '/var/www/second',
}
apache::vhost { 'third.example.com':
ip => '10.0.0.20',
port => 80,
docroot => '/var/www/third',
}
To add name-based virtual hosts that answer on either 10.0.0.10 or 10.0.0.20, you must disable the Apache default Listen 80
, as it conflicts with the preceding IP-based virtual hosts. To do this, set the add_listen
parameter to false
:
apache::vhost { 'fourth.example.com':
port => 80,
docroot => '/var/www/fourth',
add_listen => false,
}
apache::vhost { 'fifth.example.com':
port => 80,
docroot => '/var/www/fifth',
add_listen => false,
}
Installing Apache modules
There are two ways to install Apache modules using the Puppet apache module:
- Use the
apache::mod::<MODULE NAME>
classes to install specific Apache modules with parameters. - Use the
apache::mod
defined type to install arbitrary Apache modules.
Installing specific modules
The Puppet apache module supports installing many common Apache modules, often with parameterized configuration options. For a list of supported Apache modules, see the apache::mod::<MODULE NAME>
class references.
For example, you can install the mod_ssl
Apache module with default settings by declaring the apache::mod::ssl
class:
class { 'apache::mod::ssl': }
apache::mod::ssl
has several parameterized options that you can set when declaring it. For instance, to enable mod_ssl
with compression enabled, set the ssl_compression
parameter to true:
class { 'apache::mod::ssl':
ssl_compression => true,
}
You can pass the SSL Ciphers to override the default ciphers.
class { 'apache::mod::ssl':
ssl_cipher => 'PROFILE=SYSTEM',
}
You can also pass the different ssl_cipher
for different SSL protocols. This allows you to fine-tune the ciphers based on the specific SSL/TLS protocol version being used.
class { 'apache::mod::ssl':
ssl_cipher => {
'TLSv1.1' => 'RSA:!EXP:!NULL:+HIGH:+MEDIUM'
},
}
Note that some modules have prerequisites, which are documented in their references under apache::mod::<MODULE NAME>
.
Installing arbitrary modules
You can pass the name of any module that your operating system's package manager can install to the apache::mod
defined type to install it. Unlike the specific-module classes, the apache::mod
defined type doesn't tailor the installation based on other installed modules or with specific parameters---Puppet only grabs and installs the module's package, leaving detailed configuration up to you.
For example, to install the mod_authnz_external
Apache module, declare the defined type with the 'mod_authnz_external' name:
apache::mod { 'mod_authnz_external': }
There are several optional parameters you can specify when defining Apache modules this way. See the defined type's reference for details.
Load balancing examples
Apache supports load balancing across groups of servers through the mod_proxy
Apache module. Puppet supports configuring Apache load balancing groups (also known as balancer clusters) through the apache::balancer
and apache::balancermember
defined types.
To enable load balancing with exported resources, export the apache::balancermember
defined type from the load balancer member server:
@@apache::balancermember { "${::fqdn}-puppet00":
balancer_cluster => 'puppet00',
url => "ajp://${::fqdn}:8009",
options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
}
Then, on the proxy server, create the load balancing group:
apache::balancer { 'puppet00': }
To enable load balancing without exporting resources, declare the following on the proxy server:
apache::balancer { 'puppet00': }
apache::balancermember { "${::fqdn}-puppet00":
balancer_cluster => 'puppet00',
url => "ajp://${::fqdn}:8009",
options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
}
Then declare the apache::balancer
and apache::balancermember
defined types on the proxy server.
To use the ProxySet directive on the balancer, use the proxy_set
parameter of apache::balancer
:
apache::balancer { 'puppet01':
proxy_set => {
'stickysession' => 'JSESSIONID',
'lbmethod' => 'bytraffic',
},
}
Load balancing scheduler algorithms (lbmethod
) are listed in mod_proxy_balancer documentation.
Reference
For information on classes, types and functions see the REFERENCE.md
Templates
The Apache module relies heavily on templates to enable the apache::vhost
and apache::mod
defined types. These templates are built based on Facter facts that are specific to your operating system. Unless explicitly called out, most templates are not meant for configuration.
Tasks
The Apache module has a task that allows a user to reload the Apache config without restarting the service. Please refer to to the PE documentation or Bolt documentation on how to execute a task.
Limitations
For an extensive list of supported operating systems, see metadata.json
FreeBSD
In order to use this module on FreeBSD, you must use apache24-2.4.12 (www/apache24) or newer.
Gentoo
On Gentoo, this module depends on the gentoo/puppet-portage
Puppet module. Although several options apply or enable certain features and settings for Gentoo, it is not a supported operating system for this module.
RHEL/CentOS
The apache::mod::auth_cas
, apache::mod::passenger
, apache::mod::proxy_html
and apache::mod::shib
classes are not functional on RH/CentOS without providing dependency packages from extra repositories.
See their respective documentation below for related repositories and packages.
RHEL/CentOS 5
The apache::mod::passenger
and apache::mod::proxy_html
classes are untested because repositories are missing compatible packages.
RHEL/CentOS 6
The apache::mod::passenger
class is not installing, because the EL6 repository is missing compatible packages.
RHEL/CentOS 7
The apache::mod::passenger
and apache::mod::proxy_html
classes are untested because the EL7 repository is missing compatible packages, which also blocks us from testing the apache::vhost
defined type's rack_base_uri
parameter.
SELinux and custom paths
If SELinux is in enforcing mode and you want to use custom paths for logroot
, mod_dir
, vhost_dir
, and docroot
, you need to manage the files' context yourself.
You can do this with Puppet:
exec { 'set_apache_defaults':
command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"',
path => '/bin:/usr/bin/:/sbin:/usr/sbin',
require => Package['policycoreutils-python'],
}
package { 'policycoreutils-python':
ensure => installed,
}
exec { 'restorecon_apache':
command => 'restorecon -Rv /apache_spec',
path => '/bin:/usr/bin/:/sbin:/usr/sbin',
before => Class['Apache::Service'],
require => Class['apache'],
}
class { 'apache': }
host { 'test.server':
ip => '127.0.0.1',
}
file { '/custom/path':
ensure => directory,
}
file { '/custom/path/include':
ensure => present,
content => '#additional_includes',
}
apache::vhost { 'test.server':
docroot => '/custom/path',
additional_includes => '/custom/path/include',
}
NOTE: On RHEL 8, the SELinux packages contained in policycoreutils-python
have been replaced by the policycoreutils-python-utils
package.
See here for more details.
You must set the contexts using semanage fcontext
instead of chcon
because Puppet's file
resources reset the values' context in the database if the resource doesn't specify it.
Development
Testing
To run the unit tests, install the necessary gems:
bundle install
And then execute the command:
bundle exec rake parallel_spec
To check the code coverage, run:
COVERAGE=yes bundle exec rake parallel_spec
Acceptance tests for this module leverage puppet_litmus. To run the acceptance tests follow the instructions here. You can also find a tutorial and walkthrough of using Litmus and the PDK on YouTube.
License
This codebase is licensed under the Apache2.0 licensing, however due to the nature of the codebase the open source dependencies may also use a combination of AGPL, BSD-2, BSD-3, GPL2.0, LGPL, MIT and MPL Licensing.
Development Support
If you run into an issue with this module, or if you would like to request a feature, please file a ticket. Every Monday the Puppet IA Content Team has office hours in the Puppet Community Slack, alternating between an EMEA friendly time (1300 UTC) and an Americas friendly time (0900 Pacific, 1700 UTC).
If you have problems getting this module up and running, please contact Support.
If you submit a change to this module, be sure to regenerate the reference documentation as follows:
puppet strings generate --format markdown --out REFERENCE.md
Apache MOD Test & Support Lifecycle
Adding Support for a new Apache MOD
Support for new Apache Modules can be added under the apache::mod
namespace.
Acceptance tests should be added for each new Apache Module added.
Ideally, the acceptance tests should run on all compatible platforms that this module is supported on (see metdata.json
), however there are cases when a more niche module is difficult to set up and install on a particular Linux distro.
This could be for one or more of the following reasons:
- Package not available in default repositories of distro
- Package dependencies not available in default repositories of distro
- Package (and/or its dependencies) are only available in a specific version of an OS
In these cases, it is possible to exclude a module from a test platform using a specific tag, defined above the class declaration:
# @note Unsupported platforms: OS: ver, ver; OS: ver, ver, ver; OS: all
class apache::mod::foobar {
...
}
For example:
# @note Unsupported platforms: RedHat: 5, 6; Ubuntu: 14.04; SLES: all; Scientific: 11 SP1
class apache::mod::actions {
...
}
Please be aware of the following format guidelines for the tag:
- All OS/Version declarations must be preceded with
@note Unsupported platforms:
- The tag must be declared ABOVE the class declaration (i.e. not as footer at the bottom of the file)
- Each OS/Version declaration must be separated by semicolons (
;
) - Each version must be separated by a comma (
,
) - Versions CANNOT be declared in ranges (e.g.
RedHat:5-7
), they should be explicitly declared (e.g.RedHat:5,6,7
) - However, to declare all versions of an OS as unsupported, use the word
all
(e.g.SLES:all
) - OSs with word characters as part of their versions are acceptable (e.g.
Scientific: 11 SP1, 11 SP2, 12, 13
) - Spaces are permitted between OS/Version declarations and version numbers within a declaration
- Refer to the
operatingsystem_support
values in themetadata.json
to find the acceptable OS name and version syntax:- E.g.
OracleLinux
ORoraclelinux
, not:Oracle
orOraLinux
- E.g.
RedHat
ORredhat
, not:Red Hat Enterprise Linux
,RHEL
, orRed Hat
- E.g.
If the tag is incorrectly formatted, a warning will be printed out at the end of the test run, indicating what tag(s) could not be parsed. This will not halt the execution of other tests.
Once the class is tagged, it is possible to exclude a test for that particular Apache MOD using RSpec's filtering and a helper method:
describe 'auth_oidc', if: mod_supported_on_platform('apache::mod::auth_openidc') do
The mod_supported_on_platform
helper method takes the Apache Module class definition as defined in the manifests under manifest/mod
.
This functionality can be disabled by setting the DISABLE_MOD_TEST_EXCLUSION
environment variable.
When set, all exclusions will be ignored.
Test Support Lifecycle
The puppetlabs-apache module supports a large number of compatible platforms and Apache Modules. As a result, Apache Module tests can fail because a package or package dependency has been removed from a Linux distribution repository. The CAT Team will try to resolve these issues and keep instructions updated, but due to limited resources this won’t always be possible. In these cases, we will exclude test(s) from certain platforms. As always, we welcome help from our community members, and the CAT(Content & Tooling) team is here to assist and answer questions.
Reference
Table of Contents
Classes
Public Classes
apache
: Guides the basic setup and installation of Apache on your system.apache::dev
: Installs Apache development libraries.apache::mod::actions
: Installs Apache mod_actionsapache::mod::alias
: Installs and configuresmod_alias
.apache::mod::apreq2
: Installsmod_apreq2
.apache::mod::auth_basic
: Installsmod_auth_basic
apache::mod::auth_cas
: Installs and configuresmod_auth_cas
.apache::mod::auth_gssapi
: Installsmod_auth_gsappi
.apache::mod::auth_kerb
: Installsmod_auth_kerb
apache::mod::auth_mellon
: Installs and configuresmod_auth_mellon
.apache::mod::auth_openidc
: Installs and configuresmod_auth_openidc
.apache::mod::authn_core
: Installsmod_authn_core
.apache::mod::authn_dbd
: Installsmod_authn_dbd
.apache::mod::authn_file
: Installsmod_authn_file
.apache::mod::authnz_ldap
: Installsmod_authnz_ldap
.apache::mod::authnz_pam
: Installsmod_authnz_pam
.apache::mod::authz_core
: Installsmod_authz_core
.apache::mod::authz_groupfile
: Installsmod_authz_groupfile
apache::mod::authz_user
: Installsmod_authz_user
apache::mod::autoindex
: Installsmod_autoindex
apache::mod::cache
: Installsmod_cache
apache::mod::cgi
: Installsmod_cgi
.apache::mod::cgid
: Installsmod_cgid
.apache::mod::cluster
: Installsmod_cluster
.apache::mod::data
: Installs and configuresmod_data
.apache::mod::dav
: Installsmod_dav
.apache::mod::dav_fs
: Installsmod_dav_fs
.apache::mod::dav_svn
: Installs and configuresmod_dav_svn
.apache::mod::dbd
: Installsmod_dbd
.apache::mod::deflate
: Installs and configuresmod_deflate
.apache::mod::dir
: Installs and configuresmod_dir
.apache::mod::disk_cache
: Installs and configuresmod_disk_cache
.apache::mod::dumpio
: Installs and configuresmod_dumpio
.apache::mod::env
: Installsmod_env
.apache::mod::event
: Installs and configuresmod_event
.apache::mod::expires
: Installs and configuresmod_expires
.apache::mod::ext_filter
: Installs and configuresmod_ext_filter
.apache::mod::fcgid
: Installs and configuresmod_fcgid
.apache::mod::filter
: Installsmod_filter
.apache::mod::geoip
: Installs and configuresmod_geoip
.apache::mod::headers
: Installs and configuresmod_headers
.apache::mod::http2
: Installs and configuresmod_http2
.apache::mod::include
: Installsmod_include
.apache::mod::info
: Installs and configuresmod_info
.apache::mod::intercept_form_submit
: Installsmod_intercept_form_submit
.apache::mod::itk
: Installs MPMmod_itk
.apache::mod::jk
: Installsmod_jk
.apache::mod::lbmethod_bybusyness
: Installslbmethod_bybusyness
.apache::mod::lbmethod_byrequests
: Installslbmethod_byrequests
.apache::mod::lbmethod_bytraffic
: Installslbmethod_bytraffic
.apache::mod::lbmethod_heartbeat
: Installslbmethod_heartbeat
.apache::mod::ldap
: Installs and configuresmod_ldap
.apache::mod::log_forensic
: Installsmod_log_forensic
apache::mod::lookup_identity
: Installsmod_lookup_identity
apache::mod::macro
: Installsmod_macro
.apache::mod::md
: Installs and configuresmod_md
.apache::mod::mime
: Installs and configuresmod_mime
.apache::mod::mime_magic
: Installs and configuresmod_mime_magic
.apache::mod::negotiation
: Installs and configuresmod_negotiation
.apache::mod::nss
: Installs and configuresmod_nss
.apache::mod::pagespeed
: Installs and manages mod_pagespeed, which is a Google module that rewrites web pages to reduce latency and bandwidth.
This module does not manage the software repositories needed to automatically install the
mod-pagespeed-stable package. The module does however require that the package be installed,
or be installable using the system's default package provider. You should ensure that this
pre-requisite is met or declaring apache::mod::pagespeed
will cause the puppet run to fail.
apache::mod::passenger
: Installsmod_pasenger
.Note: This module support Passenger 4.0.0 and higher.
apache::mod::perl
: Installsmod_perl
.apache::mod::peruser
: Installsmod_peruser
.apache::mod::php
: Installsmod_php
.apache::mod::prefork
: Installs and configures MPMprefork
.apache::mod::proxy
: Installs and configuresmod_proxy
.apache::mod::proxy_ajp
: Installsmod_proxy_ajp
.apache::mod::proxy_balancer
: Installs and configuresmod_proxy_balancer
.apache::mod::proxy_connect
: Installsmod_proxy_connect
.apache::mod::proxy_fcgi
: Installsmod_proxy_fcgi
.apache::mod::proxy_html
: Installsmod_proxy_html
.apache::mod::proxy_http
: Installsmod_proxy_http
.apache::mod::proxy_http2
: Installsmod_proxy_http2
.apache::mod::proxy_wstunnel
: Installsmod_proxy_wstunnel
.apache::mod::python
: Installs and configuresmod_python
.apache::mod::remoteip
: Installs and configuresmod_remoteip
.apache::mod::reqtimeout
: Installs and configuresmod_reqtimeout
.apache::mod::rewrite
: Installsmod_rewrite
.apache::mod::rpaf
: Installs and configuresmod_rpaf
.apache::mod::security
: Installs and configuresmod_security
.apache::mod::setenvif
: Installsmod_setenvif
.apache::mod::shib
: Installs and configuresmod_shib
.apache::mod::socache_shmcb
: Installsmod_socache_shmcb
.apache::mod::speling
: Installsmod_spelling
.apache::mod::ssl
: Installsmod_ssl
.apache::mod::status
: Installs and configuresmod_status
.apache::mod::suexec
: Installsmod_suexec
.apache::mod::userdir
: Installs and configuresmod_userdir
.apache::mod::version
: Installsmod_version
.apache::mod::vhost_alias
: Installs Apachemod_vhost_alias
.apache::mod::watchdog
: Installs and configuresmod_watchdog
.apache::mod::worker
: Installs and manages the MPMworker
.apache::mod::wsgi
: Installs and configuresmod_wsgi
.apache::mod::xsendfile
: Installsmod_xsendfile
.apache::mpm::disable_mpm_event
: disable Apache-Module eventapache::mpm::disable_mpm_prefork
: disable Apache-Module preforkapache::mpm::disable_mpm_worker
: disable Apache-Module workerapache::vhosts
: Createsapache::vhost
defined types.
Private Classes
apache::confd::no_accf
: Manages theno-accf.conf
file.apache::default_confd_files
: Helper for setting up default conf.d files.apache::default_mods
: Installs and congfigures default mods for Apacheapache::mod::ssl::reload
: Manages the puppet_ssl folder for ssl file copies, which is needed to track changes for reloading service on changesapache::package
: Installs an Apache MPM.apache::params
: This class manages Apache parametersapache::service
: Installs and configures Apache service.apache::version
: Try to automatically detect the version by OS
Defined types
Public Defined types
apache::balancer
: This type will create an apache balancer cluster file inside the conf.d directory.apache::balancermember
: Defines members ofmod_proxy_balancer
apache::custom_config
: Adds a custom configuration file to the Apache server'sconf.d
directory.apache::fastcgi::server
: Defines one or more external FastCGI servers to handle specific file types. Use this defined type withmod_fastcgi
.apache::listen
: AddsListen
directives toports.conf
that define the Apache server's or a virtual host's listening address and port.apache::mod
: Installs packages for an Apache module that doesn't have a correspondingapache::mod::<MODULE NAME>
class.apache::namevirtualhost
: Enables name-based virtual hostsapache::vhost
: Allows specialised configurations for virtual hosts that possess requirements outside of the defaults.apache::vhost::custom
: A wrapper around theapache::custom_config
defined type.apache::vhost::fragment
: Define a fragment within a vhostapache::vhost::proxy
: Configure a reverse proxy for a vhost
Private Defined types
apache::default_mods::load
: Helper used byapache::default_mods
apache::mpm
: Enables the use of Apache MPMs.apache::peruser::multiplexer
: Checks if an Apache module has a class.apache::peruser::processor
: Enables thePeruser
module for FreeBSD only.apache::security::rule_link
: Links the activated_rules fromapache::mod::security
to the respective CRS rules on disk.
Functions
apache::apache_pw_hash
: DEPRECATED. Use the functionapache::pw_hash
instead.apache::authz_core_config
: Function to generate the authz_core configuration directives.apache::bool2httpd
: Transform a supposed boolean to On or Off. Passes all other values through.apache::pw_hash
: Hashes a password in a format suitable for htpasswd files read by apache.apache_pw_hash
: DEPRECATED. Use the namespaced functionapache::pw_hash
instead.bool2httpd
: DEPRECATED. Use the namespaced functionapache::bool2httpd
instead.
Data types
Apache::LogLevel
: A string that conforms to the ApacheLogLevel
syntax.Apache::ModProxyProtocol
: Supported protocols / schemes by mod_proxyApache::OIDCSettings
: https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.confApache::OnOff
: A string that is accepted in Apache config to turn something on or offApache::ServerTokens
: A string that conforms to the ApacheServerTokens
syntax.Apache::Vhost::Priority
: The priority on vhostApache::Vhost::ProxyPass
: Struct representing reverse proxy configuration for an Apache vhost, used by the Apache::Vhost::Proxy defined resource type.
Tasks
init
: Allows you to perform apache service functions
Classes
apache
When this class is declared with the default options, Puppet:
- Installs the appropriate Apache software package and required Apache modules for your operating system.
- Places the required configuration files in a directory, with the default location determined by your operating system.
- Configures the server with a default virtual host and standard port (
80
) and address (\*
) bindings. - Creates a document root directory determined by your operating system, typically
/var/www
. - Starts the Apache service.
If an ldaps:// URL is specified, the mode becomes SSL and the setting of LDAPTrustedMode is ignored.
Examples
class { 'apache': }
Parameters
The following parameters are available in the apache
class:
allow_encoded_slashes
conf_dir
conf_template
confd_dir
default_charset
default_confd_files
default_mods
default_ssl_ca
default_ssl_cert
default_ssl_chain
default_ssl_crl
default_ssl_crl_path
default_ssl_crl_check
default_ssl_key
default_ssl_reload_on_change
default_ssl_vhost
default_vhost
dev_packages
docroot
error_documents
group
httpd_dir
http_protocol_options
keepalive
keepalive_timeout
max_keepalive_requests
hostname_lookups
ldap_trusted_mode
ldap_verify_server_cert
lib_path
log_level
log_formats
logroot
logroot_mode
manage_group
supplementary_groups
manage_user
mod_dir
mod_libs
mod_packages
mpm_module
package_ensure
pidfile
ports_file
protocols
protocols_honor_order
purge_configs
purge_vhost_dir
sendfile
serveradmin
servername
server_root
server_signature
server_tokens
service_enable
service_ensure
service_name
service_manage
service_restart
timeout
trace_enable
use_canonical_name
use_systemd
file_mode
root_directory_options
root_directory_secured
vhost_dir
vhost_include_pattern
user
apache_name
error_log
scriptalias
access_log_file
limitreqfields
limitreqfieldsize
limitreqline
ip
conf_enabled
vhost_enable_dir
manage_vhost_enable_dir
mod_enable_dir
ssl_file
file_e_tag
use_optional_includes
mime_types_additional
allow_encoded_slashes
Data type: Optional[Variant[Apache::OnOff, Enum['nodecode']]]
Sets the server default for the AllowEncodedSlashes
declaration, which modifies the
responses to URLs containing '\' and '/' characters. If not specified, this parameter omits
the declaration from the server's configuration and uses Apache's default setting of 'off'.
Default value: undef
conf_dir
Data type: Stdlib::Absolutepath
Sets the directory where the Apache server's main configuration file is located.
Default value: $apache::params::conf_dir
conf_template
Data type: String
Defines the template used for the main Apache configuration file. Modifying this
parameter is potentially risky, as the apache module is designed to use a minimal
configuration file customized by conf.d
entries.
Default value: $apache::params::conf_template
confd_dir
Data type: Stdlib::Absolutepath
Sets the location of the Apache server's custom configuration directory.
Default value: $apache::params::confd_dir
default_charset
Data type: Optional[String]
Used as the AddDefaultCharset
directive in the main configuration file.
Default value: undef
default_confd_files
Data type: Boolean
Determines whether Puppet generates a default set of includable Apache configuration files
in the directory defined by the confd_dir
parameter. These configuration files
correspond to what is typically installed with the Apache package on the server's
operating system.
Default value: true
default_mods
Data type: Variant[Array[String[1]], Boolean]
Determines whether to configure and enable a set of default Apache modules depending on
your operating system.
If false
, Puppet includes only the Apache modules required to make the HTTP daemon work
on your operating system, and you can declare any other modules separately using the
apache::mod::<MODULE NAME>
class or apache::mod
defined type.
If true
, Puppet installs additional modules, depending on the operating system and
the value of the mpm_module
parameter. Because these lists of
modules can change frequently, consult the Puppet module's code for up-to-date lists.
If this parameter contains an array, Puppet instead enables all passed Apache modules.
Default value: true
default_ssl_ca
Data type: Optional[Stdlib::Absolutepath]
Sets the default certificate authority for the Apache server. Although the default value results in a functioning Apache server, you must update this parameter with your certificate authority information before deploying this server in a production environment.
Default value: undef
default_ssl_cert
Data type: Stdlib::Absolutepath
Sets the SSL encryption certificate location. Although the default value results in a functioning Apache server, you must update this parameter with your certificate location before deploying this server in a production environment.
Default value: $apache::params::default_ssl_cert
default_ssl_chain
Data type: Optional[Stdlib::Absolutepath]
Sets the default SSL chain location. Although this default value results in a functioning Apache server, you must update this parameter with your SSL chain before deploying this server in a production environment.
Default value: undef
default_ssl_crl
Data type: Optional[Stdlib::Absolutepath]
Sets the path of the default certificate revocation list (CRL) file to use.
Although this default value results in a functioning Apache server, you must update
this parameter with the CRL file path before deploying this server in a production
environment. You can use this parameter with or in place of the default_ssl_crl_path
.
Default value: undef
default_ssl_crl_path
Data type: Optional[Stdlib::Absolutepath]
Sets the server's certificate revocation list path, which contains your CRLs. Although this default value results in a functioning Apache server, you must update this parameter with the CRL file path before deploying this server in a production environment.
Default value: undef
default_ssl_crl_check
Data type: Optional[String]
Sets the default certificate revocation check level via the SSLCARevocationCheck
directive.
This parameter applies only to Apache 2.4 or higher and is ignored on older versions.
Although this default value results in a functioning Apache server, you must specify
this parameter when using certificate revocation lists in a production environment.
Default value: undef
default_ssl_key
Data type: Stdlib::Absolutepath
Sets the SSL certificate key file location. Although the default values result in a functioning Apache server, you must update this parameter with your SSL key's location before deploying this server in a production environment.
Default value: $apache::params::default_ssl_key
default_ssl_reload_on_change
Data type: Boolean
Enable reloading of apache if the content of ssl files have changed.
Default value: false
default_ssl_vhost
Data type: Boolean
Configures a default SSL virtual host.
If true
, Puppet automatically configures the following virtual host using the
apache::vhost
defined type:
apache::vhost { 'default-ssl':
port => 443,
ssl => true,
docroot => $docroot,
scriptalias => $scriptalias,
serveradmin => $serveradmin,
access_log_file => "ssl_${access_log_file}",
}
Note: SSL virtual hosts only respond to HTTPS queries.
Default value: false
default_vhost
Data type: Boolean
Configures a default virtual host when the class is declared.
To configure customized virtual hosts, set this parameter's
value to false
.
Note: Apache will not start without at least one virtual host. If you set this to
false
you must configure a virtual host elsewhere.
Default value: true
dev_packages
Data type: Optional[Variant[Array, String]]
Configures a specific dev package to use. For example, using httpd 2.4 from the IUS yum repo:
include ::apache::dev
class { 'apache':
apache_name => 'httpd24u',
dev_packages => 'httpd24u-devel',
}
Default value: $apache::params::dev_packages
docroot
Data type: Stdlib::Absolutepath
Sets the default DocumentRoot
location.
Default value: $apache::params::docroot
error_documents
Data type: Boolean
Determines whether to enable custom error documents on the Apache server.
Default value: false
group
Data type: String
Sets the group ID that owns any Apache processes spawned to answer requests.
By default, Puppet attempts to manage this group as a resource under the apache
class, determining the group based on the operating system as detected by the
apache::params
class. To prevent the group resource from being created and use a group
created by another Puppet module, set the manage_group
parameter's value to false
.
Note: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process.
Default value: $apache::params::group
httpd_dir
Data type: Stdlib::Absolutepath
Sets the Apache server's base configuration directory. This is useful for specially repackaged Apache server builds but might have unintended consequences when combined with the default distribution packages.
Default value: $apache::params::httpd_dir
http_protocol_options
Data type: Optional[String]
Specifies the strictness of HTTP protocol checks.
Valid options: any sequence of the following alternative values: Strict
or Unsafe
,
RegisteredMethods
or LenientMethods
, and Allow0.9
or Require1.0
.
Default value: $apache::params::http_protocol_options
keepalive
Data type: Apache::OnOff
Determines whether to enable persistent HTTP connections with the KeepAlive
directive.
If you set this to On
, use the keepalive_timeout
and max_keepalive_requests
parameters
to set relevant options.
Default value: $apache::params::keepalive
keepalive_timeout
Data type: Integer
Sets the KeepAliveTimeout
directive, which determines the amount of time the Apache
server waits for subsequent requests on a persistent HTTP connection. This parameter is
only relevant if the keepalive
parameter is enabled.
Default value: $apache::params::keepalive_timeout
max_keepalive_requests
Data type: Integer
Limits the number of requests allowed per connection when the keepalive
parameter is enabled.
Default value: $apache::params::max_keepalive_requests
hostname_lookups
Data type: Variant[Apache::OnOff, Enum['Double', 'double']]
This directive enables DNS lookups so that host names can be logged and passed to CGIs/SSIs in REMOTE_HOST.
Note: If enabled, it impacts performance significantly.
Default value: $apache::params::hostname_lookups
ldap_trusted_mode
Data type: Optional[String]
The following modes are supported:
NONE - no encryption SSL - ldaps:// encryption on default port 636 TLS - STARTTLS encryption on default port 389 Not all LDAP toolkits support all the above modes. An error message will be logged at runtime if a mode is not supported, and the connection to the LDAP server will fail.
Default value: undef
ldap_verify_server_cert
Data type: Optional[Apache::OnOff]
Specifies whether to force the verification of a server certificate when establishing an SSL connection to the LDAP server. On|Off
Default value: undef
lib_path
Data type: String
Specifies the location whereApache module files are stored.
Note: Do not configure this parameter manually without special reason.
Default value: $apache::params::lib_path
log_level
Data type: Apache::LogLevel
Configures the apache LogLevel directive which adjusts the verbosity of the messages recorded in the error logs.
Default value: $apache::params::log_level
log_formats
Data type: Hash
Define additional LogFormat
directives. Values: A hash, such as:
$log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' }
There are a number of predefined LogFormats
in the httpd.conf
that Puppet creates:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded
If your log_formats
parameter contains one of those, it will be overwritten with your definition.
Default value: {}
logroot
Data type: Stdlib::Absolutepath
Changes the directory of Apache log files for the virtual host.
Default value: $apache::params::logroot
logroot_mode
Data type: Optional[Stdlib::Filemode]
Overrides the default logroot
directory's mode.
Note: Do not grant write access to the directory where the logs are stored without being aware of the consequences. See the Apache documentation for details.
Default value: $apache::params::logroot_mode
manage_group
Data type: Boolean
When false
, stops Puppet from creating the group resource.
If you have a group created from another Puppet module that you want to use to run Apache,
set this to false
. Without this parameter, attempting to use a previously established
group results in a duplicate resource error.
Default value: true
supplementary_groups
Data type: Array
A list of groups to which the user belongs. These groups are in addition to the primary group.
Notice: This option only has an effect when manage_user
is set to true.
Default value: []
manage_user
Data type: Boolean
When false
, stops Puppet from creating the user resource.
This is for instances when you have a user, created from another Puppet module, you want
to use to run Apache. Without this parameter, attempting to use a previously established
user would result in a duplicate resource error.
Default value: true
mod_dir
Data type: Stdlib::Absolutepath
Sets where Puppet places configuration files for your Apache modules.
Default value: $apache::params::mod_dir
mod_libs
Data type: Hash
Allows the user to override default module library names.
include apache::params
class { 'apache':
mod_libs => merge($::apache::params::mod_libs, {
'wsgi' => 'mod_wsgi_python3.so',
})
}
Default value: $apache::params::mod_libs
mod_packages
Data type: Hash
Allows the user to override default module package names.
include apache::params
class { 'apache':
mod_packages => merge($::apache::params::mod_packages, {
'auth_kerb' => 'httpd24-mod_auth_kerb',
})
}
Default value: $apache::params::mod_packages
mpm_module
Data type: Variant[Boolean, Enum['event', 'itk', 'peruser', 'prefork', 'worker']]
Determines which multi-processing module (MPM) is loaded and configured for the
HTTPD process. Valid values are: event
, itk
, peruser
, prefork
, worker
or false
.
You must set this to false
to explicitly declare the following classes with custom parameters:
apache::mod::event
apache::mod::itk
apache::mod::peruser
apache::mod::prefork
apache::mod::worker
Default value: $apache::params::mpm_module
package_ensure
Data type: String
Controls the package
resource's ensure
attribute. Valid values are: absent
, installed
(or equivalent present
), or a version string.
Default value: 'installed'
pidfile
Data type: String
Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm.
Default value: $apache::params::pidfile
ports_file
Data type: Stdlib::Absolutepath
Sets the path to the file containing Apache ports configuration.
Default value: $apache::params::ports_file
protocols
Data type: Array[Enum['h2', 'h2c', 'http/1.1']]
Sets the Protocols directive, which lists available protocols for the server.
Default value: []
protocols_honor_order
Data type: Optional[Boolean]
Sets the ProtocolsHonorOrder directive which determines whether the order of Protocols sets precedence during negotiation.
Default value: undef
purge_configs
Data type: Boolean
Removes all other Apache configs and virtual hosts.
Setting this to false
is a stopgap measure to allow the apache module to coexist with
existing or unmanaged configurations. We recommend moving your configuration to resources
within this module. For virtual host configurations, see purge_vhost_dir
.
Default value: true
purge_vhost_dir
Data type: Optional[Boolean]
If the vhost_dir
parameter's value differs from the confd_dir
parameter's, this parameter
determines whether Puppet removes any configurations inside vhost_dir
that are not managed
by Puppet.
Setting purge_vhost_dir
to false
is a stopgap measure to allow the apache module to
coexist with existing or otherwise unmanaged configurations within vhost_dir
.
Default value: undef
sendfile
Data type: Apache::OnOff
Forces Apache to use the Linux kernel's sendfile
support to serve static files, via the
EnableSendfile
directive.
Default value: 'On'
serveradmin
Data type: Optional[String[1]]
Sets the Apache server administrator's contact information via Apache's ServerAdmin
directive.
Default value: undef
servername
Data type: Optional[String]
Sets the Apache server name via Apache's ServerName
directive.
Setting to false
will not set ServerName at all.
Default value: $apache::params::servername
server_root
Data type: Stdlib::Absolutepath
Sets the Apache server's root directory via Apache's ServerRoot
directive.
Default value: $apache::params::server_root
server_signature
Data type: Variant[Apache::OnOff, String]
Configures a trailing footer line to display at the bottom of server-generated documents,
such as error documents and output of certain Apache modules, via Apache's ServerSignature
directive. Valid values are: On
or Off
.
Default value: 'On'
server_tokens
Data type: Apache::ServerTokens
Controls how much information Apache sends to the browser about itself and the operating
system, via Apache's ServerTokens
directive.
Default value: 'Prod'
service_enable
Data type: Boolean
Determines whether Puppet enables the Apache HTTPD service when the system is booted.
Default value: true
service_ensure
Data type: Variant[Stdlib::Ensure::Service, Boolean]
Determines whether Puppet should make sure the service is running.
Valid values are: true
(or running
) or false
(or stopped
).
The false
or stopped
values set the 'httpd' service resource's ensure
parameter
to false
, which is useful when you want to let the service be managed by another
application, such as Pacemaker.
Default value: 'running'
service_name
Data type: String
Sets the name of the Apache service.
Default value: $apache::params::service_name
service_manage
Data type: Boolean
Determines whether Puppet manages the HTTPD service's state.
Default value: true
service_restart
Data type: Optional[String]
Determines whether Puppet should use a specific command to restart the HTTPD service. Values: a command to restart the Apache service.
Default value: undef
timeout
Data type: Integer[0]
Sets Apache's TimeOut
directive, which defines the number of seconds Apache waits for
certain events before failing a request.
Default value: 60
trace_enable
Data type: Variant[Apache::OnOff, Enum['extended']]
Controls how Apache handles TRACE
requests (per RFC 2616) via the TraceEnable
directive.
Default value: 'On'
use_canonical_name
Data type: Optional[Variant[Apache::OnOff, Enum['DNS', 'dns']]]
Controls Apache's UseCanonicalName
directive which controls how Apache handles
self-referential URLs. If not specified, this parameter omits the declaration from the
server's configuration and uses Apache's default setting of 'off'.
Default value: undef
use_systemd
Data type: Boolean
Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs.
Default value: $apache::params::use_systemd
file_mode
Data type: Stdlib::Filemode
Sets the desired permissions mode for config files. Valid values are: a string, with permissions mode in symbolic or numeric notation.
Default value: $apache::params::file_mode
root_directory_options
Data type: Array
Array of the desired options for the /
directory in httpd.conf.
Default value: $apache::params::root_directory_options
root_directory_secured
Data type: Boolean
Sets the default access policy for the /
directory in httpd.conf. A value of false
allows access to all resources that are missing a more specific access policy. A value of
true
denies access to all resources by default. If true
, more specific rules must be
used to allow access to these resources (for example, in a directory block using the
directories
parameter).
Default value: false
vhost_dir
Data type: Stdlib::Absolutepath
Changes your virtual host configuration files' location.
Default value: $apache::params::vhost_dir
vhost_include_pattern
Data type: String
Defines the pattern for files included from the vhost_dir
.
If set to a value like [^.#]\*.conf[^~]
to make sure that files accidentally created in
this directory (such as files created by version control systems or editor backups) are
not included in your server configuration.
Some operating systems use a value of *.conf
. By default, this module creates configuration
files ending in .conf
.
Default value: $apache::params::vhost_include_pattern
user
Data type: String
Changes the user that Apache uses to answer requests. Apache's parent process continues
to run as root, but child processes access resources as the user defined by this parameter.
To prevent Puppet from managing the user, set the manage_user
parameter to false
.
Default value: $apache::params::user
apache_name
Data type: String
The name of the Apache package to install. If you are using a non-standard Apache package
you might need to override the default setting.
For CentOS/RHEL Software Collections (SCL), you can also use apache::version::scl_httpd_version
.
Default value: $apache::params::apache_name
error_log
Data type: String
The name of the error log file for the main server instance. If the string starts with
/
, |
, or syslog
: the full path is set. Otherwise, the filename is prefixed with
$logroot
.
Default value: $apache::params::error_log
scriptalias
Data type: String
Directory to use for global script alias
Default value: $apache::params::scriptalias
access_log_file
Data type: String
The name of the access log file for the main server instance.
Default value: $apache::params::access_log_file
limitreqfields
Data type: Integer
The limitreqfields
parameter sets the maximum number of request header fields in
an HTTP request. This directive gives the server administrator greater control over
abnormal client request behavior, which may be useful for avoiding some forms of
denial-of-service attacks. The value should be increased if normal clients see an error
response from the server that indicates too many fields were sent in the request.
Default value: 100
limitreqfieldsize
Data type: Integer
The limitreqfieldsize
parameter sets the maximum ammount of bytes that will
be allowed within a request header.
Default value: 8190
limitreqline
Data type: Optional[Integer]
The 'limitreqline' parameter sets the limit on the allowed size of a client's HTTP request-line
Default value: undef
ip
Data type: Optional[String]
Specifies the ip address
Default value: undef
conf_enabled
Data type: Optional[Stdlib::Absolutepath]
Whether the additional config files in /etc/apache2/conf-enabled
should be managed.
Default value: $apache::params::conf_enabled
vhost_enable_dir
Data type: Optional[Stdlib::Absolutepath]
Set's the vhost definitions which will be stored in sites-availible and if they will be symlinked to and from sites-enabled.
Default value: $apache::params::vhost_enable_dir
manage_vhost_enable_dir
Data type: Boolean
Overides the vhost_enable_dir inherited parameters and allows it to be disabled
Default value: true
mod_enable_dir
Data type: Optional[Stdlib::Absolutepath]
Set's whether the mods-enabled directory should be managed.
Default value: $apache::params::mod_enable_dir
ssl_file
Data type: Optional[String]
This parameter allows you to set an ssl.conf file to be managed in order to implement an SSL Certificate.
Default value: undef
file_e_tag
Data type: Optional[String]
Sets the server default for the FileETag
declaration, which modifies the response header
field for static files.
Default value: undef
use_optional_includes
Data type: Boolean
Specifies whether Apache uses the IncludeOptional
directive instead of Include
for
additional_includes
in Apache 2.4 or newer.
Default value: $apache::params::use_optional_includes
mime_types_additional
Data type: Hash
Specifies any idditional Internet media (mime) types that you wish to be configured.
Default value: $apache::params::mime_types_additional
apache::dev
The libraries installed depends on the dev_packages
parameter of the apache::params
class, based on your operating system:
- Debian :
libaprutil1-dev
,libapr1-dev
;apache2-dev
- FreeBSD:
undef
; on FreeBSD, you must declare theapache::package
orapache
classes before declaringapache::dev
. - Gentoo:
undef
. - Red Hat:
httpd-devel
.
apache::mod::actions
Installs Apache mod_actions
- See also
- https://httpd.apache.org/docs/current/mod/mod_actions.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_actions.html
apache::mod::alias
Installs and configures mod_alias
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_alias.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_alias.html
Parameters
The following parameters are available in the apache::mod::alias
class:
icons_options
Data type: String
Disables directory listings for the icons directory, via Apache Options directive.
Default value: 'Indexes MultiViews'
icons_path
Data type: Variant[Boolean, Stdlib::Absolutepath]
Sets the local path for an /icons/ Alias. Default depends on operating system:
- Debian: /usr/share/apache2/icons
- FreeBSD: /usr/local/www/apache24/icons
- Gentoo: /var/www/icons
- Red Hat: /var/www/icons, except on Apache 2.4, where it's /usr/share/httpd/icons Set to 'false' to disable the alias
Default value: $apache::params::alias_icons_path
icons_prefix
Data type: String
Change the alias for /icons/.
Default value: $apache::params::icons_prefix
apache::mod::apreq2
Installs mod_apreq2
.
-
Note Unsupported platforms: CentOS: all; OracleLinux: all; RedHat: all; Scientific: all; SLES: all; Ubuntu: all
-
See also
- http://httpd.apache.org/apreq/docs/libapreq2/group__mod__apreq2.html
- for additional documentation.
- http://httpd.apache.org/apreq/docs/libapreq2/group__mod__apreq2.html
apache::mod::auth_basic
Installs mod_auth_basic
- See also
- https://httpd.apache.org/docs/current/mod/mod_auth_basic.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_auth_basic.html
apache::mod::auth_cas
Installs and configures mod_auth_cas
.
-
Note The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL.
-
See also
- https://github.com/apereo/mod_auth_cas
- for additional documentation.
- https://github.com/apereo/mod_auth_cas
Parameters
The following parameters are available in the apache::mod::auth_cas
class:
cas_login_url
cas_validate_url
cas_cookie_path
cas_cookie_path_mode
cas_version
cas_debug
cas_validate_server
cas_validate_depth
cas_certificate_path
cas_proxy_validate_url
cas_root_proxied_as
cas_cookie_entropy
cas_timeout
cas_idle_timeout
cas_cache_clean_interval
cas_cookie_domain
cas_cookie_http_only
cas_authoritative
cas_validate_saml
cas_sso_enabled
cas_attribute_prefix
cas_attribute_delimiter
cas_scrub_request_headers
suppress_warning
cas_login_url
Data type: String
Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session.
cas_validate_url
Data type: String
Sets the URL to use when validating a client-presented ticket in an HTTP query string.
cas_cookie_path
Data type: String
Sets the location where information on the current session should be stored. This should be writable by the web server only.
Default value: $apache::params::cas_cookie_path
cas_cookie_path_mode
Data type: Stdlib::Filemode
The mode of cas_cookie_path.
Default value: '0750'
cas_version
Data type: Integer
The version of the CAS protocol to adhere to.
Default value: 2
cas_debug
Data type: String
Whether to enable or disable debug mode.
Default value: 'Off'
cas_validate_server
Data type: Optional[String]
Whether to validate the presented certificate. This has been deprecated and removed from Version 1.1-RC1 onward.
Default value: undef
cas_validate_depth
Data type: Optional[String]
The maximum depth for chained certificate validation.
Default value: undef
cas_certificate_path
Data type: Optional[String]
The path leading to the certificate
Default value: undef
cas_proxy_validate_url
Data type: Optional[String]
The URL to use when performing a proxy validation.
Default value: undef
cas_root_proxied_as
Data type: Optional[String]
Sets the URL end users see when access to this Apache server is proxied per vhost. This URL should not include a trailing slash.
Default value: undef
cas_cookie_entropy
Data type: Optional[String]
When creating a local session, this many random bytes are used to create a unique session identifier.
Default value: undef
cas_timeout
Data type: Optional[Integer[0]]
The hard limit, in seconds, for a mod_auth_cas session.
Default value: undef
cas_idle_timeout
Data type: Optional[Integer[0]]
The limit, in seconds, of how long a mod_auth_cas session can be idle.
Default value: undef
cas_cache_clean_interval
Data type: Optional[String]
The minimum amount of time that must pass inbetween cache cleanings.
Default value: undef
cas_cookie_domain
Data type: Optional[String]
The value for the 'Domain=' parameter in the Set-Cookie header.
Default value: undef
cas_cookie_http_only
Data type: Optional[String]
Setting this flag prevents the mod_auth_cas cookies from being accessed by client side Javascript.
Default value: undef
cas_authoritative
Data type: Optional[String]
Determines whether an optional authorization directive is authoritative and thus binding.
Default value: undef
cas_validate_saml
Data type: Optional[String]
Parse response from CAS server for SAML.
Default value: undef
cas_sso_enabled
Data type: Optional[String]
Enables experimental support for single sign out (may mangle POST data).
Default value: undef
cas_attribute_prefix
Data type: Optional[String]
Adds a header with the value of this header being the attribute values when SAML validation is enabled.
Default value: undef
cas_attribute_delimiter
Data type: Optional[String]
Sets the delimiter between attribute values in the header created by cas_attribute_prefix
.
Default value: undef
cas_scrub_request_headers
Data type: Optional[String]
Remove inbound request headers that may have special meaning within mod_auth_cas.
Default value: undef
suppress_warning
Data type: Boolean
Suppress warning about being on RedHat (mod_auth_cas package is now available in epel-testing repo).
Default value: false
apache::mod::auth_gssapi
Installs mod_auth_gsappi
.
- See also
- https://github.com/modauthgssapi/mod_auth_gssapi
- for additional documentation.
- https://github.com/modauthgssapi/mod_auth_gssapi
apache::mod::auth_kerb
Installs mod_auth_kerb
- See also
- http://modauthkerb.sourceforge.net
- for additional documentation.
- http://modauthkerb.sourceforge.net
apache::mod::auth_mellon
Installs and configures mod_auth_mellon
.
- See also
- https://github.com/Uninett/mod_auth_mellon
- for additional documentation.
- https://github.com/Uninett/mod_auth_mellon
Parameters
The following parameters are available in the apache::mod::auth_mellon
class:
mellon_cache_size
mellon_lock_file
mellon_post_directory
mellon_cache_entry_size
mellon_post_ttl
mellon_post_size
mellon_post_count
mellon_cache_size
Data type: Optional[Integer]
Maximum number of sessions which can be active at once.
Default value: $apache::params::mellon_cache_size
mellon_lock_file
Data type: Optional[Stdlib::Absolutepath]
Full path to a file used for synchronizing access to the session data.
Default value: $apache::params::mellon_lock_file
mellon_post_directory
Data type: Optional[Stdlib::Absolutepath]
Full path of a directory where POST requests are saved during authentication.
Default value: $apache::params::mellon_post_directory
mellon_cache_entry_size
Data type: Optional[Integer]
Maximum size for a single session entry in bytes.
Default value: undef
mellon_post_ttl
Data type: Optional[Integer]
Delay in seconds before a saved POST request can be flushed.
Default value: undef
mellon_post_size
Data type: Optional[Integer]
Maximum size for saved POST requests.
Default value: undef
mellon_post_count
Data type: Optional[Integer]
Maximum amount of saved POST requests.
Default value: undef
apache::mod::auth_openidc
Installs and configures mod_auth_openidc
.
-
Note Unsupported platforms: OracleLinux: 6; RedHat: 6; Scientific: 6; SLES: all
-
See also
- https://github.com/zmartzone/mod_auth_openidc
- for additional documentation.
- https://github.com/zmartzone/mod_auth_openidc
Parameters
The following parameters are available in the apache::mod::auth_openidc
class:
manage_dnf_module
Data type: Boolean
Whether to manage the DNF module
Default value: $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '8'
dnf_module_ensure
Data type: String[1]
The DNF module name to ensure. Only relevant if manage_dnf_module is set to true.
Default value: 'present'
dnf_module_name
Data type: String[1]
The DNF module name to manage. Only relevant if manage_dnf_module is set to true.
Default value: 'mod_auth_openidc'
apache::mod::authn_core
Installs mod_authn_core
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_authn_core.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_authn_core.html
apache::mod::authn_dbd
Installs mod_authn_dbd
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_authn_dbd.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_authn_dbd.html
Parameters
The following parameters are available in the apache::mod::authn_dbd
class:
authn_dbd_params
authn_dbd_dbdriver
authn_dbd_query
authn_dbd_min
authn_dbd_max
authn_dbd_keep
authn_dbd_exptime
authn_dbd_alias
authn_dbd_params
Data type: Optional[String]
The params needed for the mod to function.
authn_dbd_dbdriver
Data type: String
Selects an apr_dbd driver by name.
Default value: 'mysql'
authn_dbd_query
Data type: Optional[String]
Default value: undef
authn_dbd_min
Data type: Integer
Set the minimum number of connections per process.
Default value: 4
authn_dbd_max
Data type: Integer
Set the maximum number of connections per process.
Default value: 20
authn_dbd_keep
Data type: Integer
Set the maximum number of connections per process to be sustained.
Default value: 8
authn_dbd_exptime
Data type: Integer
Set the time to keep idle connections alive when the number of connections specified in DBDKeep has been exceeded.
Default value: 300
authn_dbd_alias
Data type: Optional[String]
Sets an alias for `AuthnProvider.
Default value: undef
apache::mod::authn_file
Installs mod_authn_file
.
- See also
- https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html
- for additional documentation.
- https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html
apache::mod::authnz_ldap
Installs mod_authnz_ldap
.
-
Note Unsupported platforms: RedHat: 6, 8, 9; CentOS: 6, 8; OracleLinux: 6, 8; Ubuntu: all; Debian: all; SLES: all
-
See also
- https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html
Parameters
The following parameters are available in the apache::mod::authnz_ldap
class:
verify_server_cert
Data type: Boolean
Whether to force te verification of a server cert or not.
Default value: true
package_name
Data type: Optional[String]
The name of the ldap package.
Default value: undef
apache::mod::authnz_pam
Installs mod_authnz_pam
.
- See also
- https://www.adelton.com/apache/mod_authnz_pam
- for additional documentation.
- https://www.adelton.com/apache/mod_authnz_pam
apache::mod::authz_core
Installs mod_authz_core
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_authz_core.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_authz_core.html
apache::mod::authz_groupfile
Installs mod_authz_groupfile
- See also
- https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html
apache::mod::authz_user
Installs mod_authz_user
- See also
- https://httpd.apache.org/docs/current/mod/mod_authz_user.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_authz_user.html
apache::mod::autoindex
Installs mod_autoindex
- See also
- https://httpd.apache.org/docs/current/mod/mod_autoindex.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_autoindex.html
Parameters
The following parameters are available in the apache::mod::autoindex
class:
icons_prefix
Data type: String
Change the alias for /icons/.
Default value: $apache::params::icons_prefix
apache::mod::cache
Installs mod_cache
- See also
- https://httpd.apache.org/docs/current/mod/mod_cache.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_cache.html
apache::mod::cgi
Installs mod_cgi
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_cgi.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_cgi.html
apache::mod::cgid
Installs mod_cgid
.
apache::mod::cluster
Installs mod_cluster
.
-
Note There is no official package available for mod_cluster, so you must make it available outside of the apache module. Binaries can be found here.
-
See also
- https://modcluster.io/
- for additional documentation.
- https://modcluster.io/
Examples
class { '::apache::mod::cluster':
ip => '172.17.0.1',
allowed_network => '172.17.0.',
balancer_name => 'mycluster',
version => '1.3.1'
}
Parameters
The following parameters are available in the apache::mod::cluster
class:
allowed_network
balancer_name
ip
version
enable_mcpm_receive
port
keep_alive_timeout
manager_allowed_network
max_keep_alive_requests
server_advertise
advertise_frequency
allowed_network
Data type: String
Balanced members network.
balancer_name
Data type: String
Name of balancer.
ip
Data type: Stdlib::IP::Address
Specifies the IP address to listen to.
version
Data type: String
Specifies the mod_cluster version. Version 1.3.0 or greater is required for httpd 2.4.
enable_mcpm_receive
Data type: Boolean
Whether MCPM should be enabled.
Default value: true
port
Data type: Stdlib::Port
mod_cluster listen port.
Default value: 6666
keep_alive_timeout
Data type: Integer
Specifies how long Apache should wait for a request, in seconds.
Default value: 60
manager_allowed_network
Data type: Stdlib::IP::Address
Whether to allow the network to access the mod_cluster_manager.
Default value: '127.0.0.1'
max_keep_alive_requests
Data type: Integer
Maximum number of requests kept alive.
Default value: 0
server_advertise
Data type: Boolean
Whether the server should advertise.
Default value: true
advertise_frequency
Data type: Optional[String]
Sets the interval between advertise messages in seconds.
Default value: undef
apache::mod::data
Installs and configures mod_data
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_data.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_data.html
apache::mod::dav
Installs mod_dav
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_dav.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_dav.html
apache::mod::dav_fs
Installs mod_dav_fs
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_dav_fs.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_dav_fs.html
apache::mod::dav_svn
Installs and configures mod_dav_svn
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_dav_svn.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_dav_svn.html
Parameters
The following parameters are available in the apache::mod::dav_svn
class:
authz_svn_enabled
Data type: Boolean
Specifies whether to install Apache mod_authz_svn
Default value: false
apache::mod::dbd
Installs mod_dbd
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_dbd.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_dbd.html
apache::mod::deflate
Installs and configures mod_deflate
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_deflate.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_deflate.html
Parameters
The following parameters are available in the apache::mod::deflate
class:
types
Data type: Array[String]
An array of MIME types to be deflated. See https://www.iana.org/assignments/media-types/media-types.xhtml.
Default value:
[
'text/html text/plain text/xml',
'text/css',
'application/x-javascript application/javascript application/ecmascript',
'application/rss+xml',
'application/json',
]
notes
Data type: Hash
A Hash where the key represents the type and the value represents the note name.
Default value:
{
'Input' => 'instream',
'Output' => 'outstream',
'Ratio' => 'ratio',
}
apache::mod::dir
Installs and configures mod_dir
.
-
TODO This sets the global DirectoryIndex directive, so it may be necessary to consider being able to modify the apache::vhost to declare DirectoryIndex statements in a vhost configuration
-
See also
- https://httpd.apache.org/docs/current/mod/mod_dir.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_dir.html
Parameters
The following parameters are available in the apache::mod::dir
class:
dir
Data type: String
Default value: 'public_html'
indexes
Data type: Array[String]
Provides a string for the DirectoryIndex directive
Default value:
[
'index.html',
'index.html.var',
'index.cgi',
'index.pl',
'index.php',
'index.xhtml',
]
apache::mod::disk_cache
Installs and configures mod_disk_cache
.
-
Note On Apache 2.4, mod_cache_disk installed.
-
See also
- https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html
- for additional documentation.
- https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html
Parameters
The following parameters are available in the apache::mod::disk_cache
class:
cache_root
Data type: Optional[Stdlib::Absolutepath]
Defines the name of the directory on the disk to contain cache files. Default depends on the Apache version and operating system:
- Debian: /var/cache/apache2/mod_cache_disk
- FreeBSD: /var/cache/mod_cache_disk
- Red Hat: /var/cache/httpd/proxy
Default value: undef
cache_ignore_headers
Data type: Optional[String]
Specifies HTTP header(s) that should not be stored in the cache.
Default value: undef
default_cache_enable
Data type: Boolean
Default value is true, which enables "CacheEnable disk /" in disk_cache.conf for the webserver. This would cache every request to apache by default for every vhost. If set to false the default cache all behaviour is supressed. You can then control this behaviour in individual vhosts by explicitly defining CacheEnable.
Default value: true
apache::mod::dumpio
Installs and configures mod_dumpio
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_dumpio.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_dumpio.html
Examples
class{'apache':
default_mods => false,
log_level => 'dumpio:trace7',
}
class{'apache::mod::dumpio':
dump_io_input => 'On',
dump_io_output => 'Off',
}
Parameters
The following parameters are available in the apache::mod::dumpio
class:
dump_io_input
Data type: Apache::OnOff
Dump all input data to the error log
Default value: 'Off'
dump_io_output
Data type: Apache::OnOff
Dump all output data to the error log
Default value: 'Off'
apache::mod::env
Installs mod_env
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_env.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_env.html
apache::mod::event
Installs and configures mod_event
.
-
Note You cannot include apache::mod::event with apache::mod::itk, apache::mod::peruser, apache::mod::prefork, or apache::mod::worker on the same server.
-
See also
- https://httpd.apache.org/docs/current/mod/event.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/event.html
Parameters
The following parameters are available in the apache::mod::event
class:
startservers
maxrequestworkers
minsparethreads
maxsparethreads
threadsperchild
maxconnectionsperchild
serverlimit
threadlimit
listenbacklog
startservers
Data type: Variant[Integer, Boolean]
Sets the number of child server processes created at startup, via the module's StartServers
directive. Setting this to false
removes the parameter.
Default value: 2
maxrequestworkers
Data type: Optional[Variant[Integer, Boolean]]
Sets the maximum number of connections Apache can simultaneously process, via the module's MaxRequestWorkers
directive. Setting
these to false
removes the parameters.
Default value: undef
minsparethreads
Data type: Variant[Integer, Boolean]
Sets the minimum number of idle threads, via the MinSpareThreads
directive. Setting this to false
removes the parameters.
Default value: 25
maxsparethreads
Data type: Variant[Integer, Boolean]
Sets the maximum number of idle threads, via the MaxSpareThreads
directive. Setting this to false
removes the parameters.
Default value: 75
threadsperchild
Data type: Variant[Integer, Boolean]
Number of threads created by each child process.
Default value: 25
maxconnectionsperchild
Data type: Optional[Variant[Integer, Boolean]]
Limit on the number of connections that an individual child server will handle during its life.
Default value: undef
serverlimit
Data type: Variant[Integer, Boolean]
Limits the configurable number of processes via the ServerLimit
directive. Setting this to false
removes the parameter.
Default value: 25
threadlimit
Data type: Variant[Integer, Boolean]
Limits the number of event threads via the module's ThreadLimit
directive. Setting this to false
removes the parameter.
Default value: 64
listenbacklog
Data type: Variant[Integer, Boolean]
Sets the maximum length of the pending connections queue via the module's ListenBackLog
directive. Setting this to false
removes
the parameter.
Default value: 511
apache::mod::expires
Installs and configures mod_expires
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_expires.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_expires.html
Parameters
The following parameters are available in the apache::mod::expires
class:
expires_active
Data type: Boolean
Enables generation of Expires headers.
Default value: true
expires_default
Data type: Optional[String]
Specifies the default algorithm for calculating expiration time using ExpiresByType syntax or interval syntax.
Default value: undef
expires_by_type
Data type: Optional[Array[Hash]]
Describes a set of MIME content-types and their expiration times. This should be used as an array of Hashes, with each Hash's key a valid MIME content-type (i.e. 'text/json') and its value following valid interval syntax.
Default value: undef
apache::mod::ext_filter
Installs and configures mod_ext_filter
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_ext_filter.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_ext_filter.html
Examples
class { 'apache::mod::ext_filter':
ext_filter_define => {
'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength',
'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"',
},
}
Parameters
The following parameters are available in the apache::mod::ext_filter
class:
ext_filter_define
Data type: Optional[Hash]
Hash of filter names and their parameters.
Default value: undef
apache::mod::fcgid
loaded first; Puppet will not automatically enable it if you set the fcgiwrapper parameter in apache::vhost. include apache::mod::fcgid
apache::vhost { 'example.org': docroot => '/var/www/html', directories => { path => '/var/www/html', fcgiwrapper => { command => '/usr/local/bin/fcgiwrapper', } }, }
- See also
- https://httpd.apache.org/docs/current/mod/mod_fcgid.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_fcgid.html
Examples
The class does not individually parameterize all available options. Instead, configure mod_fcgid using the options hash.
class { 'apache::mod::fcgid':
options => {
'FcgidIPCDir' => '/var/run/fcgidsock',
'SharememPath' => '/var/run/fcgid_shm',
'AddHandler' => 'fcgid-script .fcgi',
},
}
If you include apache::mod::fcgid, you can set the [FcgidWrapper][] per directory, per virtual host. The module must be
Parameters
The following parameters are available in the apache::mod::fcgid
class:
options
Data type: Hash
A hash used to parameterize the availible options: expires_active Enables generation of Expires headers. expires_default Default algorithm for calculating expiration time. expires_by_type Value of the Expires header configured by MIME type.
Default value: {}
apache::mod::filter
Installs mod_filter
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_filter.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_filter.html
apache::mod::geoip
Installs and configures mod_geoip
.
- See also
- https://dev.maxmind.com/geoip/legacy/mod_geoip2
- for additional documentation.
- https://dev.maxmind.com/geoip/legacy/mod_geoip2
Parameters
The following parameters are available in the apache::mod::geoip
class:
enable
db_file
flag
output
enable_utf8
scan_proxy_headers
scan_proxy_header_field
use_last_xforwarededfor_ip
enable
Data type: Boolean
Toggles whether to enable geoip.
Default value: false
db_file
Data type: Stdlib::Absolutepath
Path to database for GeoIP to use.
Default value: '/usr/share/GeoIP/GeoIP.dat'
flag
Data type: String
Caching directive to use. Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'.
Default value: 'Standard'
output
Data type: String
Output variable locations. Values: 'All', 'Env', 'Request', 'Notes'.
Default value: 'All'
enable_utf8
Data type: Optional[String]
Changes the output from ISO88591 (Latin1) to UTF8.
Default value: undef
scan_proxy_headers
Data type: Optional[String]
Enables the GeoIPScanProxyHeaders option.
Default value: undef
scan_proxy_header_field
Data type: Optional[String]
Specifies the header mod_geoip uses to determine the client's IP address.
Default value: undef
use_last_xforwarededfor_ip
Data type: Optional[String]
Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found.
Default value: undef
apache::mod::headers
Installs and configures mod_headers
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_headers.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_headers.html
apache::mod::http2
Installs and configures mod_http2
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_http2.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_http2.html
Parameters
The following parameters are available in the apache::mod::http2
class:
h2_copy_files
h2_direct
h2_early_hints
h2_max_session_streams
h2_max_worker_idle_seconds
h2_max_workers
h2_min_workers
h2_modern_tls_only
h2_push
h2_push_diary_size
h2_push_priority
h2_push_resource
h2_serialize_headers
h2_stream_max_mem_size
h2_tls_cool_down_secs
h2_tls_warm_up_size
h2_upgrade
h2_window_size
h2_copy_files
Data type: Optional[Boolean]
Determine file handling in responses.
Default value: undef
h2_direct
Data type: Optional[Boolean]
H2 Direct Protocol Switch.
Default value: undef
h2_early_hints
Data type: Optional[Boolean]
Determine sending of 103 status codes.
Default value: undef
h2_max_session_streams
Data type: Optional[Integer]
Sets maximum number of active streams per HTTP/2 session.
Default value: undef
h2_max_worker_idle_seconds
Data type: Optional[Integer]
Sets maximum number of seconds h2 workers remain idle until shut down.
Default value: undef
h2_max_workers
Data type: Optional[Integer]
Sets maximum number of worker threads to use per child process.
Default value: undef
h2_min_workers
Data type: Optional[Integer]
Sets minimal number of worker threads to use per child process.
Default value: undef
h2_modern_tls_only
Data type: Optional[Boolean]
Toggles the security checks on HTTP/2 connections in TLS mode
Default value: undef
h2_push
Data type: Optional[Boolean]
Toggles the usage of the HTTP/2 server push protocol feature.
Default value: undef
h2_push_diary_size
Data type: Optional[Integer]
Sets maximum number of HTTP/2 server pushes that are remembered per HTTP/2 connection.
Default value: undef
h2_push_priority
Data type: Array[String]
Require HTTP/2 connections to be "modern TLS" only
Default value: []
h2_push_resource
Data type: Array[String]
When added to a directory/location, HTTP/2 PUSHes will be attempted for all paths added via this directive
Default value: []
h2_serialize_headers
Data type: Optional[Boolean]
Toggles if HTTP/2 requests shall be serialized in HTTP/1.1 format for processing by httpd core or if received binary data shall be passed into the request_recs directly.
Default value: undef
h2_stream_max_mem_size
Data type: Optional[Integer]
Sets the maximum number of outgoing data bytes buffered in memory for an active streams.
Default value: undef
h2_tls_cool_down_secs
Data type: Optional[Integer]
Sets the number of seconds of idle time on a TLS connection before the TLS write size falls back to small (~1300 bytes) length.
Default value: undef
h2_tls_warm_up_size
Data type: Optional[Integer]
Sets the number of bytes to be sent in small TLS records (~1300 bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections.
Default value: undef
h2_upgrade
Data type: Optional[Boolean]
Toggles the usage of the HTTP/1.1 Upgrade method for switching to HTTP/2.
Default value: undef
h2_window_size
Data type: Optional[Integer]
Sets the size of the window that is used for flow control from client to server and limits the amount of data the server has to buffer.
Default value: undef
apache::mod::include
Installs mod_include
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_include.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_include.html
apache::mod::info
Installs and configures mod_info
.
- See also
- https://httpd.apache.org/docs/current/mod/mod_info.html
- for additional documentation.
- https://httpd.apache.org/docs/current/mod/mod_info.html
Parameters
The following parameters are available in the apache::mod::info
class:
allow_from
Data type: Array[Stdlib::IP::Address]
Allowlist of IPv4 or IPv6 addresses or ranges that can access the info path.
Default value: ['127.0.0.1', '::1']
restrict_access
Data type: Boolean
Toggles whether to restrict access to info path. If false
, the allow_from
allowlist is ignored and any IP address can
access the info path.
Default value: true
info_path
Data type: Stdlib::Unixpath
Path on server to file containing server configuration information.
Default value: '/server-info'
apache::mod::intercept_form_submit
Installs mod_intercept_form_submit
.
- See also
- https://www.adelton.com/apache/mod_intercept_form_submit
- for additional documentation.
- https://www.adelton.com/apache/mod_intercept_form_submit
apache::mod::itk
Installs MPM mod_itk
.
-
Note Unsupported platforms: CentOS: 8; RedHat: 8, 9; SLES: all
-
See also
- http://mpm-itk.sesse.net
- for additional documentation.
- http://mpm-itk.sesse.net
Parameters
The following parameters are available in the apache::mod::itk
class:
startservers
minspareservers
maxspareservers
serverlimit
maxclients
maxrequestsperchild
enablecapabilities
startservers
Data type: Integer
Number of child server processes created on startup.
Default value: 8
minspareservers
Data type: Integer
Minimum number of idle child server processes.
Default value: 5
maxspareservers
Data type: Integer
Maximum number of idle child server processes.
Default value: 20
serverlimit
Data type: Integer
Maximum configured value for MaxRequestWorkers
for the lifetime of the Apache httpd process.
Default value: 256
maxclients
Data type: Integer
Limit on the number of simultaneous requests that will be served.
Default value: 256
maxrequestsperchild
Data type: Integer
Limit on the number of connections that an individual child server process will handle.
Default value: 4000
enablecapabilities
Data type: Optional[Variant[Boolean, String]]
Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra capabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor capabilities, such as NFS.
Default value: undef
apache::mod::jk
Installs mod_jk
.
- Note shm_file and log_file Depending on how these files are specified, the class creates their final path differently:
Relative path: prepends supplied path with logroot (see below) Absolute path or pipe: uses supplied path as-is
shm_file => 'shm_file'
# Ends up in
$shm_path = '/var/log/httpd/shm_file'
shm_file => '/run/shm_file'
# Ends up in
$shm_path = '/run/shm_file'
shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'
# Ends up in
$shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'
- See also
- https://tomcat.apache.org/connectors-doc/reference/apache.html
- for additional documentation.
- https://tomcat.apache.org/connectors-doc/reference/apache.html
Examples
class { '::apache::mod::jk':
ip => '192.168.2.15',
workers_file => 'conf/workers.properties',
mount_file => 'conf/uriworkermap.properties',
shm_file => 'run/jk.shm',
shm_size => '50M',
workers_file_content => {
<Content>
},
}
Parameters
The following parameters are available in the apache::mod::jk
class:
ip
port
add_listen
workers_file
worker_property
logroot
shm_file
shm_size
mount_file
mount_file_reload
mount
un_mount
auto_alias
mount_copy
worker_indicator
watchdog_interval
log_file
log_level
log_stamp_format
request_log_format
extract_ssl
https_indicator
sslprotocol_indicator
certs_indicator
cipher_indicator
certchain_prefix
session_indicator
keysize_indicator
local_name_indicator
ignore_cl_indicator
local_addr_indicator
local_port_indicator
remote_host_indicator
remote_addr_indicator
remote_port_indicator
remote_user_indicator
auth_type_indicator
options
env_var
strip_session
location_list
workers_file_content
mount_file_content
ip
Data type: Optional[Stdlib::IP::Address]
IP for binding to mod_jk. Useful when the binding address is not the primary network interface IP.
Default value: undef
port
Data type: Stdlib::Port
Port for binding to mod_jk. Useful when something else, like a reverse proxy or cache, is receiving requests at port 80, then needs to forward them to Apache at a different port.
Default value: 80
add_listen
Data type: Boolean
Defines if a Listen directive according to parameters ip and port (see below), so that Apache listens to the IP/port combination and redirect to mod_jk. Useful when another Listen directive, like Listen *: or Listen , can conflict with the one necessary for mod_jk binding.
Default value: true
workers_file
Data type: Optional[String]
The name of a worker file for the Tomcat servlet containers.
Default value: undef
worker_property
Data type: Hash
Enables setting worker properties inside Apache configuration file.
Default value: {}
logroot
Data type: Optional[Stdlib::Absolutepath]
The base directory for shm_file and log_file is determined by the logroot parameter. If unspecified, defaults to apache::params::logroot. The default logroot is sane enough therefore it is not recommended to override it.
Default value: undef
shm_file
Data type: String
Shared memory file name.
Default value: 'jk-runtime-status'
shm_size
Data type: Optional[String]
Size of the shared memory file name.
Default value: undef
mount_file
Data type: Optional[String]
File containing multiple mappings from a context to a Tomcat worker.
Default value: undef
mount_file_reload
Data type: Optional[String]
This directive configures the reload check interval in seconds.
Default value: undef
mount
Data type: Hash
A mount point from a context to a Tomcat worker.
Default value: {}
un_mount
Data type: Hash
An exclusion mount point from a context to a Tomcat worker.
Default value: {}
auto_alias
Data type: Optional[String]
Automatically Alias webapp context directories into the Apache document space
Default value: undef
mount_copy
Data type: Optional[String]
If this directive is set to "On" in some virtual server, the mounts from the global server will be copied to this virtual server, more precisely all mounts defined by JkMount or JkUnMount.
Default value: undef
What are tasks?
Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.
Tasks in this module release
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
v12.1.0 - 2024-04-03
Added
Fixed
v12.0.3 - 2024-03-02
Fixed
v12.0.2 - 2024-01-10
Fixed
v12.0.1 - 2024-01-03
Fixed
- Fix use_canonical_name directive #2515 (pebtron)
- Fix extra newline at end of headers #2514 (smortex)
v12.0.0 - 2024-01-01
Changed
- Drop EoL Debian 9 and older code #2479 (bastelfreak)
Added
apache::vhost::directories
: switch default fromundef
to empty array #2507 (bastelfreak)- Add
AllowOverrideList
support #2486 (yakatz)
Fixed
v11.1.0 - 2023-09-25
Added
Fixed
v11.0.0 - 2023-09-23
Changed
- (CAT-1449) - Remove deprecated parameters for scriptaliases & passenger #2470 (Ramesh7)
- Remove deprecated classes #2466 (ekohl)
- Remove deprecated parameters from mod::userdir #2465 (ekohl)
- (CAT-1424)-Removal of redhat/scientific/oraclelinux 6 for apache module #2462 (praj1001)
Added
- (CAT-1417) Nested require support for authz_core mod #2460 (Ramesh7)
- Simplify data types and array handling #2457 (ekohl)
- CAT-1285 - RHEL-8 mode security CRS fix #2452 (Ramesh7)
- (CAT-1283) - Enable forensic module #2442 (Ramesh7)
- (CAT-1281) - Support to add cipher with respective ssl protocol #2440 (Ramesh7)
- feat: add Debian12 Compability #2439 (Robnarok)
- Add MellonSetEnv support #2423 (ic248)
- Add the missing mod_authnz_ldap parameters #2404 (chutzimir)
Fixed
- (CAT-1308) Making mod list more restrictive and minor improvements in documentation for default mods override #2459 (Ramesh7)
- (CAT-1346) erb_to_epp conversion for mod directory #2453 (praj1001)
- (CAT-1348)-Conversion of erb to epp templates except mod or vhost dir… #2449 (praj1001)
- Raise Puppet lower bound to >= 7.9.0 #2444 (ekohl)
- (CAT-1261)-update_SUSE_repo_name #2437 (praj1001)
- Add required package for kerberos auth on jammy #2403 (chrisongthb)
- strickter loglevel syntax verification #2397 (igt-marcin-wasilewski)
v10.1.1 - 2023-06-30
Added
Fixed
- puppetlabs/concat: Allow 9.x #2426 (bastelfreak)
- fix ssl_ciphers array behavior #2421 (SimonHoenscheid)
v10.1.0 - 2023-06-15
Added
- (CONT-577) - allow deferred function for password/secret #2419 (Ramesh7)
- use a dedicated Enum type for On/Off and accept lower case too #2415 (evgeni)
- pdksync - (MAINT) - Allow Stdlib 9.x #2413 (LukasAud)
Fixed
v10.0.0 - 2023-04-21
Changed
v9.1.3 - 2023-04-20
Fixed
- #2391 Allow Sensitive type in addition to String type #2392 (dpavlotzky)
v9.1.2 - 2023-02-10
Fixed
- (BUGFIX) Update to ensure correct facter comparisons #2387 (david22swan)
- Fixes mod::proxy allow_from parameter inconsistency #2352 #2385 (pebtron)
- Fix example code for apache::vhost::php_values #2384 (gcoxmoz)
- Suppress bad Directory comment when DocumentRoot is not set #2368 (gcoxmoz)
- fix rewrite rules being ignored #2330 (trefzer)
v9.1.1 - 2023-02-03
Fixed
- (BugFix) Update OS Family comparison to correctly match #2381 (david22swan)
- Adding mod_version module to be activated by default #2380 (Q-Storm)
v9.1.0 - 2023-01-31
Added
- vhost: Make ProxyAddHeaders configureable #2365 (bastelfreak)
Fixed
- (#2374) Suse: Switch modsec_default_rules to array #2375 (bastelfreak)
- security{,_crs}.conf: switch to structured facts #2373 (bastelfreak)
- Simplify templates by reusing bool2httpd #2366 (ekohl)
- Simplify templates by reusing methods #2344 (ekohl)
v9.0.1 - 2022-12-22
Fixed
- (CONT-406) Fix for RHEL 7 compatibility #2362 (david22swan)
v9.0.0 - 2022-12-15
Changed
- (GH-2291) Further refine types #2359 (david22swan)
- Drop deprecated a2mod type/providers #2350 (bastelfreak)
- Drop Apache 2.2 support #2329 (ekohl)
v8.6.0 - 2022-12-14
Added
Fixed
- fix mod_proxy_html on FreeBSD #2355 (fraenki)
- disable::mpm_event: Fix module deactivation #2349 (bastelfreak)
v8.5.0 - 2022-12-06
Added
- add LimitRequestLine parameter #2345 (stefan-ahrefs)
Fixed
- remove _module from apache::mod::unique_id name. #2339 (mdklapwijk)
v8.4.0 - 2022-11-15
Added
- add maxrequestworkers parameter for mpm_worker module #2331 (trefzer)
- support lbmethod modules #2268 (xorpaul)
Fixed
- Declare minimum Puppet version to be 6.24.0 #2342 (ekohl)
- Fix RedHat + PHP 8 libphp file #2333 (polatsinan)
v8.3.0 - 2022-10-28
Added
- Automatically enable mod_http2 if needed #2337 (ekohl)
- Update EL8+ and Debian SSL defaults #2336 (ekohl)
- Support setting SSLProxyCipherSuite on mod_ssl #2335 (ekohl)
Fixed
- Make serveradmin an optional parameter and use it #2338 (ekohl)
- pdksync - (CONT-189) Remove support for RedHat6 / OracleLinux6 / Scientific6 #2326 (david22swan)
- pdksync - (CONT-130) Dropping Support for Debian 9 #2322 (jordanbreen28)
- fix directory empty options if an empty array is being used #2312 (bovy89)
v8.2.1 - 2022-09-27
Fixed
- (maint) Codebase Hardening #2313 (david22swan)
v8.2.0 - 2022-09-13
Added
- Allow RewriteInherit with empty rewrites #2301 (martin-koerner)
- Add support for all proxy schemes, not just https:// #2289 (canth1)
- Parameterize CRS DOS protection #2280 (Vincevrp)
- Allow multiple scopes for Scope in Apache::OIDCSettings #2265 (jjackzhn)
Fixed
- (maint) Add variable manage_vhost_enable_dir #2309 (david22swan)
- Simplify the logic in _require.erb #2303 (ekohl)
- Fix deprecation warning about performing a regex comparison on a hash #2293 (smokris)
v8.1.0 - 2022-08-18
Added
- Manage DNF module for mod_auth_openidc #2283 (ekohl)
- pdksync - (GH-cat-11) Certify Support for Ubuntu 22.04 #2276 (david22swan)
Fixed
- Allow integers for timeouts #2294 (traylenator)
- Allow setting icons_path to false so no alias will be set for it #2292 (Zarne)
- fix duplicate definition of auth_basic-mod #2287 (sircubbi)
- Allow custom_config to have a string priority again #2284 (martin-koerner)
- Remove auth_kerb and nss from Debian Bullseye #2281 (ekohl)
v8.0.0 - 2022-08-09
Changed
- Drop mod_fastcgi support #2267 (ekohl)
- Drop suphp support #2263 (ekohl)
- Use a stricter data type on apache::vhost::aliases #2253 (ekohl)
- Narrow down Datatypes #2245 (cocker-cc)
- (GH-cat-9) Update module to match current syntax standard #2235 (david22swan)
- Drop Apache 2.0 compatibility code #2226 (ekohl)
- (GH-iac-334) Remove code specific to unsupported OSs #2223 (david22swan)
- Remove warnings and plans to change vhost default naming #2202 (ekohl)
- Update modsec crs config and template #2197 (henkworks)
Added
- Allow overriding CRS allowed HTTP methods per vhost #2274 (Vincevrp)
- Allow overriding CRS anomaly threshold per vhost #2273 (Vincevrp)
- Allow configuring SecRequestBodyAccess and SecResponseBodyAccess #2272 (Vincevrp)
- Allow configuring CRS paranoia level #2270 (Vincevrp)
- Automatically include modules used in vhost directories #2255 (ekohl)
- Clean up includes and templates in vhost.pp #2254 (ekohl)
- pdksync - (GH-cat-12) Add Support for Redhat 9 #2239 (david22swan)
- Add support for PassengerPreloadBundler #2233 (smortex)
- apache::vhost ProxyPassMatch in Location containers #2222 (skylar2-uw)
- Allow additional settings for GSSAPI in Vhost #2215 (tuxmea)
- mod_auth_gssapi: Add support for every configuration directive #2214 (canth1)
- mod_auth_gssapi: Add support for
GssapiBasicAuth
. #2212 (olifre) - pdksync - (IAC-1753) - Add Support for AlmaLinux 8 #2200 (david22swan)
- Add support for setting UserDir in Virual Hosts #2192 (smortex)
- Add an apache::vhost::proxy define #2169 (wbclark)
Fixed
- Disable mod_php on EL9 #2277 (ekohl)
- Allow vhosts to have a string priority again #2275 (ekohl)
- Remove duplicate SecDefaultAction in CRS template #2271 (Vincevrp)
- Better data types on apache::vhost parameters #2252 (ekohl)
- Update $timeout to
Variant[Integer,String]
#2242 (david22swan) - Let limitreqfieldsize and limitreqfields be integers #2240 (traylenator)
- Drop support for Fedora < 18 #2238 (ekohl)
- Restructure MPM disabling #2227 (ekohl)
- pdksync - (GH-iac-334) Remove Support for Ubuntu 16.04 #2220 (david22swan)
- Drop Apache 2.2 support with Gentoo #2216 (ekohl)
- pdksync - (IAC-1787) Remove Support for CentOS 6 #2213 (david22swan)
v7.0.0 - 2021-10-11
Changed
- Drop Debian < 8 and Ubuntu < 14.04 code #2189 (ekohl)
- Drop support and compatibility for Debian < 9 and Ubuntu < 16.04 #2123 (ekohl)
Added
- pdksync - (IAC-1751) - Add Support for Rocky 8 #2196 (david22swan)
- Allow
docroot
withmod_vhost_alias
virtual_docroot
#2195 (yakatz)
Fixed
- Restore Ubuntu 14.04 support in suphp #2193 (ekohl)
- add double quote on scope parameter #2191 (aba-rechsteiner)
- Debian 11: fix typo in
versioncmp()
/ set default php to 7.4 #2186 (bastelfreak)
v6.5.1 - 2021-08-25
Fixed
v6.5.0 - 2021-08-24
Added
- pdksync - (IAC-1709) - Add Support for Debian 11 #2180 (david22swan)
v6.4.0 - 2021-08-02
Added
- (MODULES-11075) Improve future version handling for RHEL #2174 (mwhahaha)
- Allow custom userdir directives #2164 (hunner)
- Add feature to reload apache service when content of ssl files has changed #2157 (timdeluxe)
v6.3.1 - 2021-07-22
Fixed
- (MODULES-10899) Load php module with the right libphp file #2166 (sheenaajay)
- (maint) Fix puppet-strings docs on apache::vhost #2165 (ekohl)
v6.3.0 - 2021-06-22
Fixed
- Update the default version of Apache for Amazon Linux 2 #2158 (turnopil)
- Only warn about servername logging if relevant #2154 (ekohl)
kps_ssl_reload_and_cache_disk_combined_tag - 2021-06-14
Added
v6.2.0 - 2021-05-24
Added
v6.1.0 - 2021-05-17
Added
- support for uri for severname with use_servername_for_filenames #2150 (Zarne)
- (MODULES-11061) mod_security custom rule functionality #2145 (k2patel)
v6.0.1 - 2021-05-10
Fixed
- Fix HEADER and README wildcards in IndexIgnore #2138 (keto)
- Fix dav_svn for Debian 10 #2135 (martijndegouw)
v6.0.0 - 2021-03-02
Changed
- pdksync - (MAINT) Remove SLES 11 support #2132 (sanfrancrisko)
- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 #2125 (carabasdaniel)
v5.10.0 - 2021-02-17
Added
Fixed
- (MODULES-10899) Handle PHP8 MOD package naming convention changes #2121 (sanfrancrisko)
v5.9.0 - 2021-01-25
Added
Fixed
v5.8.0 - 2020-12-07
Added
- (MODULES-10887) Set
use_servername_for_filenames
for defaults #2103 (towo) - pdksync - (feat) Add support for Puppet 7 #2101 (daianamezdrea)
- (feat) Add support for apreq2 MOD on Debian 9, 10 #2085 (TigerKriika)
Fixed
- (fix) Convert unnecessary multi line warnings to single lines #2104 (rj667)
- Fix bool2httpd function call for older ruby versions #2102 (carabasdaniel)
v5.7.0 - 2020-11-24
Added
- Add cas_cookie_path in vhosts #2089 (yakatz)
- (IAC-1186) Add new $use_servername_for_filenames parameter #2086 (sanfrancrisko)
- Allow relative paths in oidc_redirect_uri #2082 (sanfrancrisko)
- Improve SSLVerify options #2081 (bovy89)
- Change icon path #2079 (yakatz)
- Support mod_auth_gssapi parameters #2078 (traylenator)
- Add ssl_proxy_machine_cert_chain param to vhost class #2072 (AbelNavarro)
Fixed
- Use Ruby 2.7 compatible string matching #2074 (sanfrancrisko)
v5.6.0 - 2020-10-05
Added
- Configure default shared lib path for mod_wsgi on RHEL8 #2063 (nbarrientos)
- Various enhancements to apache::mod::passenger #2058 (smortex)
Fixed
- make apache::mod::fcgid redhat 8 compatible #2071 (creativefre)
- pdksync - (feat) - Removal of inappropriate terminology #2062 (pmcmaw)
- Use Ruby 2.7 compatible string matching #2060 (ekohl)
- Use python3-mod_wsgi instead of mod_wsgi on CentOS8 #2052 (kajinamit)
v5.5.0 - 2020-07-03
Added
- Allow IPv6 CIDRs for proxy_protocol_exceptions in mod remoteip #2033 (thechristschn)
- (IAC-746) - Add ubuntu 20.04 support #2032 (david22swan)
- Replace legacy
bool2httpd()
function with shim #2025 (alexjfisher) - Tidy up
pw_hash
function #2024 (alexjfisher) - Replace validate_apache_loglevel() with data type #2023 (alexjfisher)
- Add ProxyIOBufferSize option #2014 (jplindquist)
- Add support for SetInputFilter directive #2007 (HoucemEddine)
- [MODULES-10530] Add request limiting directives on virtual host level #1996 (aursu)
- [MODULES-10528] Add ErrorLogFormat directive on virtual host level #1995 (aursu)
- Add template variables and parameters for ModSecurity Audit Logs #1988 (jplindquist)
- (MODULES-10432) Add mod_auth_openidc support #1987 (asieraguado)
Fixed
- (MODULES-10712) Fix mod_ldap on RH/CentOS 5 and 6 #2041 (h-haaks)
- Update mod_dir, alias_icons_path, error_documents_path for CentOS 8 #2038 (initrd)
- Ensure switching of thread module works on Debian 10 / Ubuntu 20.04 #2034 (tuxmea)
- MODULES-10586 Centos 8: wrong package used to install mod_authnz_ldap #2021 (farebers)
- Re-add package for fcgid on debian/ubuntu machines #2006 (vStone)
- Use ldap_trusted_mode in conditional #1999 (dacron)
- Typo in oidcsettings.pp #1997 (asieraguado)
- Fix proxy_html Module to work on Debian 10 #1994 (buchstabensalat)
- (MODULES-10360) Fix icon paths for RedHat systems #1991 (2and3makes23)
- SSLProxyEngine on has to be set before any Proxydirective using it #1989 (zivis)
v5.4.0 - 2020-01-23
Added
Fixed
v5.3.0 - 2019-12-11
Added
- (FM-8672) - Addition of Support for CentOS 8 #1977 (david22swan)
- (MODULES-9948) Allow switching of thread modules #1961 (tuxmea)
Fixed
- Fix newline being added before proxy params #1984 (oxc)
- When using mod jk, we expect the libapache2-mod-jk package to be installed #1979 (tuxmea)
- move unless into manage_security_corerules #1976 (SimonHoenscheid)
- Change mod_proxy's ProxyTimeout to follow Apache's global timeout #1975 (gcoxmoz)
- (FM-8721) fix php version and ssl error on redhat8 #1973 (sheenaajay)
v5.2.0 - 2019-11-01
Added
- Add parameter version for mod security #1953 (tuxmea)
- add possibility to define variables inside VirtualHost definition #1947 (trefzer)
Fixed
- (FM-8662) Correction in manifests/mod/ssl.pp for SLES 11 #1963 (sanfrancrisko)
- always quote ExpiresDefault in vhost::directories #1958 (evgeni)
- MODULES-9904 Fix lbmethod module load order #1956 (optiz0r)
- Add owner, group, file_mode and show_diff to apache::custom_config #1942 (treydock)
- Add shibboleth support for Debian 10 #1939 (fabbks)
v5.1.0 - 2019-09-13
Added
- (FM-8393) add support on Debian 10 #1945 (ThoughtCrhyme)
- FM-8140 Add Redhat 8 support #1941 (sheenaajay)
- (FM-8214) converted to use litmus #1938 (tphoney)
- (MODULES-9668 ) Please make ProxyRequests setting in vhost.pp configurable #1935 (aukesj)
- Added unmanaged_path and custom_fragment options to userdir #1931 (GeorgeCox)
- Add LDAP parameters to httpd.conf #1930 (daveseff)
- Add LDAPReferrals configuration parameter #1928 (HT43-bqxFqB)
Fixed
- (MODULES-9104) Add file_mode to config files. #1922 (stevegarn)
- (bugfix) Add default package name for mod_ldap #1913 (turnopil)
- Remove event mpm when using prefork, worker or itk #1905 (tuxmea)
v5.0.0 - 2019-05-20
Changed
- pdksync - (MODULES-8444) - Raise lower Puppet bound #1908 (david22swan)
Added
- (FM-7923) Implement Puppet Strings #1916 (eimlav)
- Define SCL package name for mod_ldap #1893 (treydock)
Fixed
- (MODULES-9014) Improve SSLSessionTickets handling #1923 (FredericLespez)
- (MODULES-8931) Fix stahnma/epel failures #1914 (eimlav)
- Fix wsgi_daemon_process to support hash data type #1884 (mdechiaro)
4.1.0 - 2019-04-05
Added
- (MODULES-7196) Allow setting CASRootProxiedAs per virtualhost (replaces #1857) #1900 (Lavinia-Dan)
- (feat) - Amazon Linux 2 compatibility added #1898 (david22swan)
- (MODULES-8731) Allow CIDRs for proxy_ips/internal_proxy in remoteip #1891 (JAORMX)
- Manage all mod_remoteip parameters supported by Apache #1882 (johanfleury)
- MODULES-8541 : Allow HostnameLookups to be modified #1881 (k2patel)
- Add support for mod_http2 #1867 (smortex)
- Added code to paramertize the libphp prefix #1852 (grahamuk2018)
- Added WSGI Options WSGIApplicationGroup and WSGIPythonOptimize #1847 (emetriqLikedeeler)
Fixed
- (bugfix) set kernel for facter version test #1895 (tphoney)
- (MODULES-5990) - Managing conf_enabled #1875 (david22swan)
4.0.0 - 2019-01-10
Changed
Added
- (Modules 8141/Modules 8379) - Addition of support for SLES 15 #1862 (david22swan)
Fixed
- (MODULES-5990) - conf-enabled defaulted to undef #1869 (david22swan)
- pdksync - (FM-7655) Fix rubygems-update for ruby < 2.3 #1866 (tphoney)
3.5.0 - 2018-12-17
Added
- (MODULES-5990) Addition of 'IncludeOptional conf-enabled/*.conf' to apache2.conf' on Debian Family OS #1851 (david22swan)
- (MODULES-8107) - Support added for Ubuntu 18.04. #1850 (david22swan)
- (MODULES-8108) - Support added for Debian 9 #1849 (david22swan)
- Add option to add comments to the header of a vhost file #1841 (jovandeginste)
- SCL support for httpd and php7.1 #1822 (mmoll)
Fixed
- (FM-7605) - Disabling conf_enabled on Ubuntu 18.04 by default as it conflicts with Shibboleth causing errors with apache2. #1856 (david22swan)
- (MODULES-8429) Update GPG key for phusion passenger #1848 (abottchen)
- Fix default vhost priority in readme #1843 (HT43-bqxFqB)
- fix apache::mod::jk example typo and add link for more info #1812 (xorpaul)
- MODULES-7379: Fixing syntax by adding newline #1803 (wimvr)
- ensure mpm_event is disabled under debian 9 if mpm itk is used #1766 (zivis)
3.4.0 - 2018-09-28
Added
- pdksync - (FM-7392) - Puppet 6 Testing Changes #1838 (pmcmaw)
- pdksync - (MODULES-6805) metadata.json shows support for puppet 6 #1836 (tphoney)
Fixed
3.3.0 - 2018-09-12
Added
- pdksync - (MODULES-7705) - Bumping stdlib dependency from < 5.0.0 to < 6.0.0 #1821 (pmcmaw)
- Add support for ProxyTimeout #1805 (agoodno)
- Rework passenger VHost and Directories #1778 (smortex)
Fixed
3.2.0 - 2018-06-29
Added
- (MODULES-7343) - Allow overrides by adding mod_libs in apache class #1800 (karelyatin)
- Allow
apache::mod::passenger::passenger_pre_start
to accept multiple URIs #1776 (smortex)
Fixed
3.1.0 - 2018-03-22
Added
3.0.0 - 2018-02-20
2.3.1 - 2018-02-02
Added
- Add LimitRequestFields parameter in main configuration #1742 (geekix)
- Add enable capabilities to itk #1687 (edestecd)
- updated log formats to include client ip #1686 (tenajsystems)
- MODULES-5452 - add $options to
balancer
type #1668 (cedef) - [Modules 5385] Include support for Apache 2.4 mod_authz_host directives in apache::mod::status #1667 (EmersonPrado)
- Expose loadfile_name option to mod::python class #1663 (traylenator)
- Add ShibCompatValidUser option to vhost config #1657 (mdechiaro)
Fixed
- Fix typos #1728 (hfm)
- [MODULES-5644] Package name is libapache2-mpm-itk for Debian 9 #1724 (zivis)
- Fix case of setting apache::mpm_module to false #1720 (edestecd)
- remoteip: Notify apache::service instead of service['httpd'][#1684](https://github.com/puppetlabs/puppetlabs-apache/pull/1684) (sergiik)
2.3.0 - 2017-10-11
2.2.0 - 2017-10-05
Added
- (MODULES-2062) updates prefork.conf params for apache 2.4 #1685 (eputnam)
- MODULES-5426 : Add support for all mod_passenger server config settings #1665 (dacat)
Fixed
2.1.0 - 2017-09-13
1.11.1 - 2017-09-13
Added
- [Modules 5519] Add port parameter in class mod::jk #1679 (EmersonPrado)
- (MODULES-3942) make sure mod_alias is loaded with redirectmatch #1675 (eputnam)
- [Modules 5492] - Include treatment for absolute, relative and pipe paths for JkLogFile and JkShmFile for class mod::jk #1671 (EmersonPrado)
- Replace deprecated type checking with Puppet 4 types #1670 (ekohl)
- [Modules 4746] Creates class for managing Apache mod_jk connector #1630 (EmersonPrado)
- Adds apache::mod::macro #1590 (kyledecot)
Fixed
- Setup SSL/TLS client auth without overly broad trusts for client certificates #1680 (epackorigan)
2.0.0 - 2017-07-26
Changed
- MODULES-4824: Update the version compatibility to >= 4.7.0 < 5.0.0 #1628 (angrox)
- Migrate to puppet4 datatypes #1621 (bastelfreak)
- Set default keepalive to On #1434 (sathieu)
Added
- (MODULES-4933) Allow custom UserDir string #1650 (hunner)
- Add proxy_pass in directory template for location context #1644 (toteva)
- Don't install proxy_html package in ubuntu xenial #1643 (amateo)
- (MODULES-5121) Allow ssl.conf to have better defaults #1636 (hunner)
- MODULES-3838 Pass mod_packages through init.pp to allow overrides #1631 (optiz0r)
- MODULES-4946 Add HTTP protocol options support #1629 (dspinellis)
- Use enclose_ipv6 function from stdlib #1624 (acritox)
- (MODULES-4819) remove include_src parameter from vhost_spec #1617 (eputnam)
- MODULES-4816 - new param for mod::security class #1616 (cedef)
- Add WSGIRestrictEmbedded to apache::mod::wsgi #1614 (dsavineau)
- Enable configuring CA file in ssl.conf #1612 (JAORMX)
- MODULES-4737 - Additional class params for mod ssl #1611 (cedef)
- Added supplementary_groups to the user resource #1608 (chgarling)
- [msync] 786266 Implement puppet-module-gems, a45803 Remove metadata.json from locales config #1606 (wilson208)
- Limit except support #1605 (ffapitalle)
- (FM-6116) - Adding POT file for metadata.json #1604 (pmcmaw)
- [MODULES-4528] Replace Puppet.version.to_f version comparison from spec_helper.rb #1603 (wilson208)
- Add param for AllowOverride in the userdir.conf template #1602 (dstepe)
- Modules-4500 Add optional "AdvertiseFrequency" directive in cluster.conf template #1601 (EmersonPrado)
- The base tag also needs link rewriting #1599 (tobixen)
- MODULES-4391 add SSLProxyVerifyDepth and SSLProxyCACertificateFile directives #1596 (hex2a)
- add parser function apache_pw_hash #1592 (aptituz)
- Add mod_{authnz_pam,intercept_form_submit,lookup_identity} #1588 (ekohl)
- Allow multiple ports per vhost #1583 (tjikkun)
- Feature/add charset #1582 (harakiri406)
- Add FileETag #1581 (kuchosauronad0)
- (MODULES-4156) adds RequestHeader directive to vhost template #puppethack #1573 (eputnam)
- add passenger_max_requests option per vhost #1517 (pulecp)
Fixed
- Ensure that ProxyPreserveHost is set even when ProxyPass (etc) are not. #1639 (tpdownes)
- When absolute path is specified for access_log_file/error_log_file, don't prepend logbase #1633 (ca-asm)
- Fix single quoted string #1623 (lordbink)
- fixed apache group for SUSE/SLES Systems (checked for SLES11/12) #1613 (pseiler)
- the wsgi_script_aliases need to support array type of value #1609 (netman2k)
- Fix alignement in vhost.conf #1607 (sathieu)
- [apache::mod::cgi] Fix: ordering constraint for mod_cgi #1585 (punycode)
- Fix vhost template #1552 (iamspido)
1.11.0 - 2016-12-19
Added
- (MODULES-4213) Adds spec test for rewrite_inherit #1575 (bmjen)
- Add ability to set SSLStaplingReturnResponderErrors on server level #1571 (tjikkun)
- (MODULES-4213) Allow global rewrite rules inheritance in vhosts #1569 (EmersonPrado)
- mod_proxy_balancer manager #1562 (sathieu)
- Add SSL stapling #1561 (tjikkun)
- ModSec debug logs to use apache logroot parameter #1560 (scottmullaly)
- (MODULES-4049) SLES support #1554 (eputnam)
- Validate wsgi_chunked_request parameter for vhost #1553 (JAORMX)
- (MODULES-4048) SLES 10 support #1551 (eputnam)
- Support Passenger repo on Amazon Linux #1549 (seefood)
- Support parameter PassengerDataBufferDir #1548 (seefood)
- Allow user to specify alternative package and library names for shibboleth module #1547 (tpdownes)
- (FM-5739) removes mocha stubbing #1540 (eputnam)
- Adding requirement for httpd package #1539 (jplindquist)
- Update modulesync_config [51f469d][#1535](https://github.com/puppetlabs/puppetlabs-apache/pull/1535) (DavidS)
- Allow the proxy_via setting to be configured #1534 (bmjen)
- The meier move error log to params #1533 (bmjen)
- Add path to shibboleth lib #1532 (gvdb1967)
- Add rpaf.conf template parameter #1531 (gvdb1967)
- (MODULES-3712) SLES 11 Support #1528 (eputnam)
- Settings to control modcluster request size #1527 (lexkastro)
- Allow no_proxy_uris to be used within proxy_pass #1524 (df7cb)
- Update modulesync_config [a3fe424][#1519](https://github.com/puppetlabs/puppetlabs-apache/pull/1519) (DavidS)
- Update modulesync_config [0d59329][#1518](https://github.com/puppetlabs/puppetlabs-apache/pull/1518) (DavidS)
- Add some more passenger params #1510 (Reamer)
- MODULES-3682 - config of auth_dbd, include dbd, allow AuthnProviderAlias #1508 (johndixon)
- mod_passenger: PassengerMaxInstancesPerApp option #1503 (ygt-davidstirling)
- add force option to confd file resource #1502 (martinpfeifer)
- Auto load Apache::Mod[slotmem_shm] and Apache::Mod[lbmethod_byrequest… #1499 (sathieu)
- Allow to set SecAuditLog #1490 (sathieu)
- Add wsgi script aliases match #1485 (tphoney)
- Add cas_cookie_path_mode param #1475 (edestecd)
- Added support for apache 2.4 on Amazon Linux #1473 (lotjuh)
- Add apache::mod::socache_shmcb so it can be included multiple times #1471 (mpdude)
- Manage default root directory access rights #1468 (smoeding)
- Add apache::mod::proxy_wstunnel and tests #1465 (DavidS)
- Add apache::mod::proxy_wstunnel #1462 (sathieu)
- add additional directories options for LDAP Auth #1443 (zivis)
- Update _block.erb #1441 (jostmart)
- Support the newer mod_auth_cas config options #1436 (pcfens)
- Wrap mod_security directives in an IfModule #1423 (kimor79)
Fixed
- Fix conditional in vhost ssl template #1574 (bmjen)
- Avoid relative classname inclusion #1566 (roidelapluie)
- custom facts shouldn't break structured facts #1565 (igalic)
- (#MODULES-3744) Process $crs_package before $modsec_dir #1563 (EmersonPrado)
- (MODULES-3972) fixes version errors and small fix for suse ssl #1557 (eputnam)
- Don't fail if first element of is not an hash before flattening #1555 (sathieu)
- [MODULES-3548] SLES 12 fix #1545 (HelenCampbell)
- Move ssl.conf to main conf directory on EL7 #1543 (stbenjam)
- Do not set ssl_certs_dir on FreeBSD #1538 (smortex)
- [MODULES-3882] Don't write empty servername for vhost to template #1526 (JAORMX)
- Bug - Port numbers must be quoted #1525 (blackknight36)
- Fixes spec tests for apache::mod::disk_cache #1509 (gerhardsam)
- Httpoxy fix #1506 (simonrondelez)
- Fix non breaking space (MODULES-3503) #1489 (Jeoffreybauvin)
- Fix PassengerRoot under Debian stretch #1478 (sathieu)
- variety of xenial fixes #1477 (tphoney)
- fix and make 2.4 require docu more readable #1466 (HT43-bqxFqB)
- apache::balancer now respects apache::confd_dir #1463 (traylenator)
1.10.0 - 2016-05-19
Added
- Remove duplicate shib2 hash element #1458 (domcleal)
- mod_event: parameters can be unset #1455 (timogoebel)
- Set DAV parameters in a directory block #1454 (jonnytdevops)
- Add support for mod_cluster, an httpd-based load balancer. #1453 (jonnytdevops)
- Only set SSLCompression when it is set to true. #1452 (buzzdeee)
- Add class apache::vhosts to create apache::vhost resources #1450 (gerhardsam)
- Allow setting KeepAlive related options per vhost #1447 (antaflos)
Fixed
- Set actual path to apachectl on FreeBSD. #1448 (smortex)
- Revert "changed rpaf Configuration Directives: RPAF -> RPAF_" #1446 (antaflos)
- mod_event: do not set parameters twice #1445 (timogoebel)
- setting options-hash in proxy_pass or proxy_match leads to syntax errors in Apache #1444 (zivis)
- Fixed trailing slash in lib_path on Suse #1429 (OpenCoreCH)
- Add simple support + ProxyAddHeaders #1427 (costela)
1.9.0 - 2016-04-21
Added
- Expose verify_config in apache::vhost::custom #1433 (cmurphy)
- (MODULES-3140) explicitly rely on hasrestart if no restart command is… #1432 (DavidS)
- (MODULES-3274) mod-info: specify the info_path #1431 (DavidS)
- Update to newest modulesync_configs [9ca280f][#1426](https://github.com/puppetlabs/puppetlabs-apache/pull/1426) (DavidS)
- Allow for pagespeed mod to automatically be updated to the latest version #1422 (lymichaels)
- Allow package names to be specified for mod_proxy, mod_ldap, and mod_authnz_ldap #1421 (MG2R)
- Add parameter passanger_log_level #1420 (samuelb)
- add passenger_high_performance on the vhost level #1419 (timogoebel)
- Adding SSLProxyCheckPeerExpire support #1418 (jasonhancock)
- (MODULES-3218) add auth_merging for directory enteries #1412 (pyther)
- MODULES-3212: add parallel_spec option #1410 (jlambert121)
- MODULES-1352 : Better support for Apache 2.4 style require directives implementation #1408 (witjoh)
- Added vhost options SecRuleRemoveByTag and SecRuleRemoveByMsg #1407 (FlatKey)
- Configurability of Collaborative Detection Threshold Levels for OWASP Core Rule Set #1405 (FlatKey)
- Configurability of Collaborative Detection Severity Levels for OWASP Core Rule Set #1404 (FlatKey)
- Configurability of SecDefaultAction for OWASP Core Rule Set #1403 (FlatKey)
- MODULES-2179: Implement SetEnvIfNoCase #1402 (jlambert121)
- Load mod_xml2enc on Apache >= 2.4 on Debian #1401 (sathieu)
- Take igalic's suggestion to use bool2httpd #1400 (tpdownes)
- Added vhost option fastcgi_idle_timeout #1399 (michakrause)
- Move all ensure parameters from concat::fragment to concat #1396 (domcleal)
- mod_ssl requires mod_mime for AddType directives #1394 (sathieu)
- Allow configuring mod_security's SecAuditLogParts #1392 (stig)
- (#3139) Add support for PassengerUser #1391 (Reamer)
- add support for SSLProxyProtocol directive #1390 (saimonn)
- Add mellon_sp_metadata_file parameter for directory entries #1389 (jokajak)
- Manage mod dir before things that depend on mods #1388 (cmurphy)
- add support for fcgi #1387 (mlhess)
- apache::balancer: Add a target parameter to write to a custom path #1386 (roidelapluie)
- Add JkMount/JkUnmount directives to vhost #1384 (smoeding)
- Remove SSLv3 #1383 (ghoneycutt)
- include apache, so parsing works #1380 (tphoney)
- include apache, so parsing works. #1377 (tphoney)
- mod/ssl: Add option to configure SSL mutex #1371 (daenney)
- support pass-header option in apache::fastcgi::server #1370 (janschumann)
- Support socket communication option in apache::fastcgi::server #1368 (janschumann)
- allow include in vhost directory #1366 (Zarne)
- support Ubuntu xenial (16.04) #1364 (mmoll)
- changed rpaf Configuration Directives: RPAF -> RPAF_ #1361 (gvdb1967)
- (MODULES-2756) Adding include ::apache so mkdir exec works properly #1236 (damonconway)
Fixed
- fix incorrect use of .join() with newlines #1425 (mpeter)
- SSLCompression directive only available with apache 2.4.3 #1417 (Reamer)
- Fix in custom fact "apache_version" for OracleLinux. #1416 (Reamer)
- MODULES-3211: fix broken strict_variable tests #1414 (jonnytdevops)
- MODULES-3211: fix broken strict_variable tests #1409 (jlambert121)
- Fix MODULES-3158 (any string interpreted as SSLCompression on) #1398 (tpdownes)
- Fix broken internal link for virtual hosts configuration #1369 (gerhardsam)
1.8.1 - 2016-02-08
Added
- allow status code on redirect match to be optional and not a requirement #1355 (BigAl)
- Ldap parameters #1352 (tphoney)
- Add apache_version fact #1347 (jyaworski)
- (FM-4049) update to modulesync_configs #1343 (DavidS)
- Specify owning permissions for logroot directory #1340 (SlavaValAl)
- add file_mode to mod manifests #1338 (timogoebel)
Added support for modsecurity parameter SecPcreMatchLimit and SecPcr… [#1296](https://github.com/puppetlabs/puppetlabs-apache/pull/1296) ([whotwagner](https://github.com/whotwagner))
Fixed
- Fix in custom fact "apache_version" for RHEL. #1360 (BobVincentatNCRdotcom)
- Fix passenger on redhat systems #1354 (hunner)
- ThreadLimit needs to be above MaxClients or it is ignored. https://bz… #1351 (tphoney)
- Bugfix: require concat, not file #1350 (BobVincentatNCRdotcom)
- (MODULES-3018) Fixes apache to work correctly with concat. #1348 (bmjen)
- Fix fcgid.conf on Debian #1331 (sathieu)
- MODULES-2958 : correct CustomLog syslog entry #1322 (BigAl)
1.8.0 - 2016-01-25
Added
- add paramter to set config file permissions #1333 (timogoebel)
- (MODULES-2964) Enable PassengerMaxRequestQueueSize to be set #1323 (traylenator)
- MODULES-2956: Enable options within location block on proxy_match #1317 (jlambert121)
- Support itk on redhat #1316 (edestecd)
- SSLProxyVerify #1311 (occelebi)
- Support the mod_proxy ProxPassReverseCookieDomain directive #1309 (occelebi)
- Add X-Forwarded-For into log_formats defaults #1308 (mpolenchuk)
- Put headers and request headers before proxy #1306 (quixoten)
- EL7 uses conf.modules.d directory for modules. #1305 (jasonhancock)
- Support proxy provider for vhost directories. #1304 (roidelapluie)
Fixed
- MODULES-2990: Gentoo - fix module includes in portage::makeconf #1337 (derdanne)
- fix vhosts listen to wildcard ip #1335 (timogoebel)
- fixing apache_parameters_spec.rb #1330 (tphoney)
- a path is needed for ProxyPassReverse #1327 (tphoney)
- Fixing error in Amazon $operatingsystem comparison #1321 (ryno75)
- fix ordering of catalogue for redhat 7 #1319 (tphoney)
- fix validation error when empty array is passed as rewrites parameter #1301 (timogoebel)
- Fix typo with versioncmp #1299 (pabelanger)
- enable setting LimitRequestFieldSize globally as it does not actually… #1293 (KlavsKlavsen)
- Fixes paths and packages for the shib2 module on Debian #1292 (cholyoak)
- Add ::apache::vhost::custom #1271 (pabelanger)
1.7.1 - 2015-12-04
Added
- (MODULES-2682, FM-3919) Use more FilesMatch #1280 (DavidS)
- (MODULES-2682) Update Apache Configuration to use FilesMatch instead … #1277 (DavidS)
- (MODULES-2703) Allow mod pagespeed to take an array of lines as additional_configuration #1276 (DavidS)
- add ability to overide file name generation in custom_config #1270 (karmix)
- (MODULES-2834) Support SSLProxyCheckPeerCN and SSLProxyCheckPeerName … #1268 (traylenator)
- Leave require directive unmanaged #1267 (robertvargason)
- Added support for LDAPTrustedGlobalCert option to apache::mod::ldap #1262 (lukebigum)
Fixed
- (MODULES-2200, MODULES-2865) fix ITK configuration on Ubuntu #1288 (bmjen)
- (MODULES-2773) Duplicate Entries in Spec Files #1278 (DavidS)
- (MODULES-2863) Set SSLProxy directives even if ssl is false #1274 (ckaenzig)
1.7.0 - 2015-11-17
Added
- Add support for changing mod_nss listen port (vol 2) #1260 (rexcze-zz)
- (MODULES-2811) Add missing helper lines to spec files #1256 (alexharv074)
- Add missing parameters in mod_auth_kerb #1255 (olivierHa)
- (MODULES-2764) Enclose IPv6 addresses in square brackets #1248 (Benedikt1992)
- (MODULES-2757) Adding if around ServerName in template #1237 (damonconway)
- (MODULES-2651) Default document root update for Ubuntu 14.04 and Debian 8 #1235 (abednarik)
- Update mime.conf.erb to support dynamic AddHandler AddType AddOutputF… #1232 (prabin5)
- #2544 Allow multiple IP addresses per vhost #1229 (Benedikt1992)
- RewriteLock support #1228 (wickedOne)
- (MODULES-2120) Allow empty docroot #1224 (DavidS)
- Add option to configure the include pattern for the vhost_enable dir #1223 (DavidS)
- (MODULES-2120) Allow empty docroot #1222 (yakatz)
- Install all modules before adding custom configs #1221 (mpdude)
- (#2673) Adding dev_packages to apache class. Allows use of httpd24u-d… #1218 (damonconway)
- Change SSLProtocol in apache::vhost to be space separated #1216 (bmfurtado)
- (MODULES-2649) Allow SetOutputFilter to be set on a directory. #1214 (traylenator)
- (MODULES-2647) Optinally set parameters for mod_ext_filter module #1213 (traylenator)
- (MODULES-2622) add SecUploadDir parameter to support file uploads with mod_security #1210 (jlambert121)
- (MODULES-2616) Optionally set LimitRequestFieldSize on an apache::vhost #1208 (traylenator)
- also install mod_authn_alias as default mod in debian for apache < 2.4 #1205 (zivis)
- Add an option to configure PassengerLogFile #1194 (igalic)
- (MODULES-2458) Support for mod_auth_mellon. #1189 (traylenator)
- Client auth for reverse proxy #1188 (holtwilkins)
- Add ListenBacklog for mod worker (MODULES-2432) #1185 (mwhahaha)
- (MODULES-2419) - Add mod_auth_kerb parameters to vhost #1183 (traylenator)
- Support the mod_proxy ProxyPassReverseCookiePath directive #1180 (roidelapluie)
- Adding use_optional_includes parameter to vhost define. #1162 (cropalato)
- Add support for user modifiable installation of mod_systemd and pidfile locations: #1159 (vamegh)
- mod_passenger: Allow setting PassengerSpawnMethod #1158 (wubr)
- Feature/master/passengerbaseuri #1152 (aronymous)
Fixed
- (MODULES-2813) Fix deprecation warning in spec_helper.rb #1258 (alexharv074)
- (MODULES-2812) Fix deprecation warning in service_spec.rb #1257 (alexharv074)
- Fix typo about dynamic AddHandler/AddType #1254 (olivierHa)
- reduce constraints on regex to fix pe tests #1231 (tphoney)
- Fix ordering issue with conf_file and ports_file #1230 (MasonM)
- (MODULES-2655) Fix acceptance testing for SSLProtocol behaviour for real #1226 (DavidS)
- Multiple fixes #1225 (DavidS)
- Fix typo of MPM_PREFORK for FreeBSD package install #1200 (edmundcraske)
- Deflate "application/json" by default #1198 (leopoiroux)
- MODULES-2513 mod::ssl fails on SLES #1195 (ngrossmann)
- Catch that mod_authz_default has been removed in Apache 2.4 #1193 (mpdude)
- MODULES-2439 - ProxyPassMatch parameters were ending up on a newline #1190 (underscorgan)
- The purge_vhost_configs parameter is actually called purge_vhost_dir #1184 (mpdude)
- corrects mod_cgid worker/event defaults #1182 (bmjen)
- fixes conditional in vhost aliases #1181 (bmjen)
- load unixd before fcgid on all operating systems (see #879) #1178 (sethlyons)
- Fix apache::mod::cgid so it can be used with the event MPM #1175 (MasonM)
- Fix _proxy.erb for SetEnv within ProxyMatch. #1156 (dconry)
- mod::alias should be included when the aliases parameter is used #1155 (pcfens)
- Fix: missing package for mod_geoip on Debian systems #1148 (olivierHa)
1.6.0 - 2015-07-30
Added
Dependencies
- puppetlabs/stdlib (>= 4.13.1 < 10.0.0)
- puppetlabs/concat (>= 2.2.1 < 10.0.0)
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Quality checks
We run a couple of automated scans to help you assess a module’s quality. Each module is given a score based on how well the author has formatted their code and documentation and select modules are also checked for malware using VirusTotal.
Please note, the information below is for guidance only and neither of these methods should be considered an endorsement by Puppet.
Malware scan results
The malware detection service on Puppet Forge is an automated process that identifies known malware in module releases before they’re published. It is not intended to replace your own virus scanning solution.
Learn more about malware scans- Module name:
- puppetlabs-apache
- Module version:
- 12.1.0
- Scan initiated:
- April 3rd 2024, 1:33:46
- Detections:
- 0 / 61
- Scan stats:
- 60 undetected
- 0 harmless
- 1 failures
- 0 timeouts
- 0 malicious
- 0 suspicious
- 15 unsupported
- Scan report:
- View the detailed scan report