Forge Home

apache

Installs, configures, and manages Apache virtual hosts, web services, and modules.

11,400,023 downloads

1,417 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 12.0.3 (latest)
  • 12.0.2
  • 12.0.1
  • 12.0.0
  • 11.1.0
  • 11.0.0
  • 10.1.1
  • 10.1.0
  • 10.0.0
  • 9.1.3
  • 9.1.2
  • 9.1.1
  • 9.1.0
  • 9.0.1
  • 9.0.0
  • 8.6.0
  • 8.5.0
  • 8.4.0
  • 8.3.0
  • 8.2.1
  • 8.2.0
  • 8.1.0
  • 8.0.0
  • 7.0.0
  • 6.5.1
  • 6.5.0
  • 6.4.0
  • 6.3.1
  • 6.3.0
  • 6.2.0
  • 6.1.0
  • 6.0.1
  • 6.0.0
  • 5.10.0
  • 5.9.0
  • 5.8.0
  • 5.7.0
  • 5.6.0
  • 5.5.0
  • 5.4.0
  • 5.3.0
  • 5.2.0
  • 5.1.0
  • 5.0.0
  • 4.1.0
  • 4.0.0
  • 3.5.0
  • 3.4.0
  • 3.3.0
  • 3.2.0
  • 3.1.0
  • 3.0.0
  • 2.3.1
  • 2.3.0
  • 2.2.0
  • 2.1.0
  • 2.0.0
  • 1.11.1
  • 1.11.0
  • 1.10.0
  • 1.9.0 (deleted)
  • 1.8.1
  • 1.8.0
  • 1.7.1
  • 1.7.0
  • 1.6.0
  • 1.5.0
  • 1.4.1
  • 1.4.0
  • 1.3.0
  • 1.2.0
  • 1.1.1
  • 1.1.0
  • 1.0.1
  • 1.0.0
  • 0.11.0
  • 0.10.0
  • 0.9.0
  • 0.8.1
  • 0.8.0
  • 0.7.0
  • 0.6.0
  • 0.5.0-rc1 (pre-release)
  • 0.4.0
  • 0.3.0
  • 0.2.2
  • 0.2.1
  • 0.2.0
  • 0.1.1
  • 0.0.4
  • 0.0.3 (deleted)
  • 0.0.2 (deleted)
  • 0.0.1 (deleted)
released Mar 2nd 2024
This version is compatible with:
  • Puppet Enterprise 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x
  • Puppet >= 7.9.0 < 9.0.0
  • , , , , , , , ,
Tasks:
  • apache

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'puppetlabs-apache', '12.0.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add puppetlabs-apache
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install puppetlabs-apache --version 12.0.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

puppetlabs/apache — version 12.0.3 Mar 2nd 2024

Reference

Table of Contents

Classes

Public Classes

This module does not manage the software repositories needed to automatically install the mod-pagespeed-stable package. The module does however require that the package be installed, or be installable using the system's default package provider. You should ensure that this pre-requisite is met or declaring apache::mod::pagespeed will cause the puppet run to fail.

Private Classes

  • apache::confd::no_accf: Manages the no-accf.conf file.
  • apache::default_confd_files: Helper for setting up default conf.d files.
  • apache::default_mods: Installs and congfigures default mods for Apache
  • apache::mod::ssl::reload: Manages the puppet_ssl folder for ssl file copies, which is needed to track changes for reloading service on changes
  • apache::package: Installs an Apache MPM.
  • apache::params: This class manages Apache parameters
  • apache::service: Installs and configures Apache service.
  • apache::version: Try to automatically detect the version by OS

Defined types

Public Defined types

Private Defined types

  • apache::default_mods::load: Helper used by apache::default_mods
  • apache::mpm: Enables the use of Apache MPMs.
  • apache::peruser::multiplexer: Checks if an Apache module has a class.
  • apache::peruser::processor: Enables the Peruser module for FreeBSD only.
  • apache::security::rule_link: Links the activated_rules from apache::mod::security to the respective CRS rules on disk.

Functions

Data types

Tasks

  • init: Allows you to perform apache service functions

Classes

apache

When this class is declared with the default options, Puppet:

  • Installs the appropriate Apache software package and required Apache modules for your operating system.
  • Places the required configuration files in a directory, with the default location determined by your operating system.
  • Configures the server with a default virtual host and standard port (80) and address (\*) bindings.
  • Creates a document root directory determined by your operating system, typically /var/www.
  • Starts the Apache service.

If an ldaps:// URL is specified, the mode becomes SSL and the setting of LDAPTrustedMode is ignored.

Examples

class { 'apache': }

Parameters

The following parameters are available in the apache class:

allow_encoded_slashes

Data type: Optional[Variant[Apache::OnOff, Enum['nodecode']]]

Sets the server default for the AllowEncodedSlashes declaration, which modifies the responses to URLs containing '\' and '/' characters. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'.

Default value: undef

conf_dir

Data type: Stdlib::Absolutepath

Sets the directory where the Apache server's main configuration file is located.

Default value: $apache::params::conf_dir

conf_template

Data type: String

Defines the template used for the main Apache configuration file. Modifying this parameter is potentially risky, as the apache module is designed to use a minimal configuration file customized by conf.d entries.

Default value: $apache::params::conf_template

confd_dir

Data type: Stdlib::Absolutepath

Sets the location of the Apache server's custom configuration directory.

Default value: $apache::params::confd_dir

default_charset

Data type: Optional[String]

Used as the AddDefaultCharset directive in the main configuration file.

Default value: undef

default_confd_files

Data type: Boolean

Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the confd_dir parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system.

Default value: true

default_mods

Data type: Variant[Array[String[1]], Boolean]

Determines whether to configure and enable a set of default Apache modules depending on your operating system. If false, Puppet includes only the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the apache::mod::<MODULE NAME> class or apache::mod defined type. If true, Puppet installs additional modules, depending on the operating system and the value of the mpm_module parameter. Because these lists of modules can change frequently, consult the Puppet module's code for up-to-date lists. If this parameter contains an array, Puppet instead enables all passed Apache modules.

Default value: true

default_ssl_ca

Data type: Optional[Stdlib::Absolutepath]

Sets the default certificate authority for the Apache server. Although the default value results in a functioning Apache server, you must update this parameter with your certificate authority information before deploying this server in a production environment.

Default value: undef

default_ssl_cert

Data type: Stdlib::Absolutepath

Sets the SSL encryption certificate location. Although the default value results in a functioning Apache server, you must update this parameter with your certificate location before deploying this server in a production environment.

Default value: $apache::params::default_ssl_cert

default_ssl_chain

Data type: Optional[Stdlib::Absolutepath]

Sets the default SSL chain location. Although this default value results in a functioning Apache server, you must update this parameter with your SSL chain before deploying this server in a production environment.

Default value: undef

default_ssl_crl

Data type: Optional[Stdlib::Absolutepath]

Sets the path of the default certificate revocation list (CRL) file to use. Although this default value results in a functioning Apache server, you must update this parameter with the CRL file path before deploying this server in a production environment. You can use this parameter with or in place of the default_ssl_crl_path.

Default value: undef

default_ssl_crl_path

Data type: Optional[Stdlib::Absolutepath]

Sets the server's certificate revocation list path, which contains your CRLs. Although this default value results in a functioning Apache server, you must update this parameter with the CRL file path before deploying this server in a production environment.

Default value: undef

default_ssl_crl_check

Data type: Optional[String]

Sets the default certificate revocation check level via the SSLCARevocationCheck directive. This parameter applies only to Apache 2.4 or higher and is ignored on older versions. Although this default value results in a functioning Apache server, you must specify this parameter when using certificate revocation lists in a production environment.

Default value: undef

default_ssl_key

Data type: Stdlib::Absolutepath

Sets the SSL certificate key file location. Although the default values result in a functioning Apache server, you must update this parameter with your SSL key's location before deploying this server in a production environment.

Default value: $apache::params::default_ssl_key

default_ssl_reload_on_change

Data type: Boolean

Enable reloading of apache if the content of ssl files have changed.

Default value: false

default_ssl_vhost

Data type: Boolean

Configures a default SSL virtual host. If true, Puppet automatically configures the following virtual host using the apache::vhost defined type:

apache::vhost { 'default-ssl':
  port            => 443,
  ssl             => true,
  docroot         => $docroot,
  scriptalias     => $scriptalias,
  serveradmin     => $serveradmin,
  access_log_file => "ssl_${access_log_file}",
}

Note: SSL virtual hosts only respond to HTTPS queries.

Default value: false

default_vhost

Data type: Boolean

Configures a default virtual host when the class is declared. To configure customized virtual hosts, set this parameter's value to false.

Note: Apache will not start without at least one virtual host. If you set this to false you must configure a virtual host elsewhere.

Default value: true

dev_packages

Data type: Optional[Variant[Array, String]]

Configures a specific dev package to use. For example, using httpd 2.4 from the IUS yum repo:

include ::apache::dev
class { 'apache':
  apache_name  => 'httpd24u',
  dev_packages => 'httpd24u-devel',
}

Default value: $apache::params::dev_packages

docroot

Data type: Stdlib::Absolutepath

Sets the default DocumentRoot location.

Default value: $apache::params::docroot

error_documents

Data type: Boolean

Determines whether to enable custom error documents on the Apache server.

Default value: false

group

Data type: String

Sets the group ID that owns any Apache processes spawned to answer requests. By default, Puppet attempts to manage this group as a resource under the apache class, determining the group based on the operating system as detected by the apache::params class. To prevent the group resource from being created and use a group created by another Puppet module, set the manage_group parameter's value to false.

Note: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process.

Default value: $apache::params::group

httpd_dir

Data type: Stdlib::Absolutepath

Sets the Apache server's base configuration directory. This is useful for specially repackaged Apache server builds but might have unintended consequences when combined with the default distribution packages.

Default value: $apache::params::httpd_dir

http_protocol_options

Data type: Optional[String]

Specifies the strictness of HTTP protocol checks. Valid options: any sequence of the following alternative values: Strict or Unsafe, RegisteredMethods or LenientMethods, and Allow0.9 or Require1.0.

Default value: $apache::params::http_protocol_options

keepalive

Data type: Apache::OnOff

Determines whether to enable persistent HTTP connections with the KeepAlive directive. If you set this to On, use the keepalive_timeout and max_keepalive_requests parameters to set relevant options.

Default value: $apache::params::keepalive

keepalive_timeout

Data type: Integer

Sets the KeepAliveTimeout directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. This parameter is only relevant if the keepalive parameter is enabled.

Default value: $apache::params::keepalive_timeout

max_keepalive_requests

Data type: Integer

Limits the number of requests allowed per connection when the keepalive parameter is enabled.

Default value: $apache::params::max_keepalive_requests

hostname_lookups

Data type: Variant[Apache::OnOff, Enum['Double', 'double']]

This directive enables DNS lookups so that host names can be logged and passed to CGIs/SSIs in REMOTE_HOST.

Note: If enabled, it impacts performance significantly.

Default value: $apache::params::hostname_lookups

ldap_trusted_mode

Data type: Optional[String]

The following modes are supported:

NONE - no encryption SSL - ldaps:// encryption on default port 636 TLS - STARTTLS encryption on default port 389 Not all LDAP toolkits support all the above modes. An error message will be logged at runtime if a mode is not supported, and the connection to the LDAP server will fail.

Default value: undef

ldap_verify_server_cert

Data type: Optional[Apache::OnOff]

Specifies whether to force the verification of a server certificate when establishing an SSL connection to the LDAP server. On|Off

Default value: undef

lib_path

Data type: String

Specifies the location whereApache module files are stored.

Note: Do not configure this parameter manually without special reason.

Default value: $apache::params::lib_path

log_level

Data type: Apache::LogLevel

Configures the apache LogLevel directive which adjusts the verbosity of the messages recorded in the error logs.

Default value: $apache::params::log_level

log_formats

Data type: Hash

Define additional LogFormat directives. Values: A hash, such as:

$log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' }

There are a number of predefined LogFormats in the httpd.conf that Puppet creates:

  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  LogFormat "%h %l %u %t \"%r\" %>s %b" common
  LogFormat "%{Referer}i -> %U" referer
  LogFormat "%{User-agent}i" agent
  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded

If your log_formats parameter contains one of those, it will be overwritten with your definition.

Default value: {}

logroot

Data type: Stdlib::Absolutepath

Changes the directory of Apache log files for the virtual host.

Default value: $apache::params::logroot

logroot_mode

Data type: Optional[Stdlib::Filemode]

Overrides the default logroot directory's mode.

Note: Do not grant write access to the directory where the logs are stored without being aware of the consequences. See the Apache documentation for details.

Default value: $apache::params::logroot_mode

manage_group

Data type: Boolean

When false, stops Puppet from creating the group resource. If you have a group created from another Puppet module that you want to use to run Apache, set this to false. Without this parameter, attempting to use a previously established group results in a duplicate resource error.

Default value: true

supplementary_groups

Data type: Array

A list of groups to which the user belongs. These groups are in addition to the primary group. Notice: This option only has an effect when manage_user is set to true.

Default value: []

manage_user

Data type: Boolean

When false, stops Puppet from creating the user resource. This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error.

Default value: true

mod_dir

Data type: Stdlib::Absolutepath

Sets where Puppet places configuration files for your Apache modules.

Default value: $apache::params::mod_dir

mod_libs

Data type: Hash

Allows the user to override default module library names.

include apache::params
class { 'apache':
  mod_libs => merge($::apache::params::mod_libs, {
    'wsgi' => 'mod_wsgi_python3.so',
  })
}

Default value: $apache::params::mod_libs

mod_packages

Data type: Hash

Allows the user to override default module package names.

include apache::params
class { 'apache':
  mod_packages => merge($::apache::params::mod_packages, {
    'auth_kerb' => 'httpd24-mod_auth_kerb',
  })
}

Default value: $apache::params::mod_packages

mpm_module

Data type: Variant[Boolean, Enum['event', 'itk', 'peruser', 'prefork', 'worker']]

Determines which multi-processing module (MPM) is loaded and configured for the HTTPD process. Valid values are: event, itk, peruser, prefork, worker or false. You must set this to false to explicitly declare the following classes with custom parameters:

  • apache::mod::event
  • apache::mod::itk
  • apache::mod::peruser
  • apache::mod::prefork
  • apache::mod::worker

Default value: $apache::params::mpm_module

package_ensure

Data type: String

Controls the package resource's ensure attribute. Valid values are: absent, installed (or equivalent present), or a version string.

Default value: 'installed'

pidfile

Data type: String

Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm.

Default value: $apache::params::pidfile

ports_file

Data type: Stdlib::Absolutepath

Sets the path to the file containing Apache ports configuration.

Default value: $apache::params::ports_file

protocols

Data type: Array[Enum['h2', 'h2c', 'http/1.1']]

Sets the Protocols directive, which lists available protocols for the server.

Default value: []

protocols_honor_order

Data type: Optional[Boolean]

Sets the ProtocolsHonorOrder directive which determines whether the order of Protocols sets precedence during negotiation.

Default value: undef

purge_configs

Data type: Boolean

Removes all other Apache configs and virtual hosts. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see purge_vhost_dir.

Default value: true

purge_vhost_dir

Data type: Optional[Boolean]

If the vhost_dir parameter's value differs from the confd_dir parameter's, this parameter determines whether Puppet removes any configurations inside vhost_dir that are not managed by Puppet. Setting purge_vhost_dir to false is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within vhost_dir.

Default value: undef

sendfile

Data type: Apache::OnOff

Forces Apache to use the Linux kernel's sendfile support to serve static files, via the EnableSendfile directive.

Default value: 'On'

serveradmin

Data type: Optional[String[1]]

Sets the Apache server administrator's contact information via Apache's ServerAdmin directive.

Default value: undef

servername

Data type: Optional[String]

Sets the Apache server name via Apache's ServerName directive. Setting to false will not set ServerName at all.

Default value: $apache::params::servername

server_root

Data type: Stdlib::Absolutepath

Sets the Apache server's root directory via Apache's ServerRoot directive.

Default value: $apache::params::server_root

server_signature

Data type: Variant[Apache::OnOff, String]

Configures a trailing footer line to display at the bottom of server-generated documents, such as error documents and output of certain Apache modules, via Apache's ServerSignature directive. Valid values are: On or Off.

Default value: 'On'

server_tokens

Data type: Apache::ServerTokens

Controls how much information Apache sends to the browser about itself and the operating system, via Apache's ServerTokens directive.

Default value: 'Prod'

service_enable

Data type: Boolean

Determines whether Puppet enables the Apache HTTPD service when the system is booted.

Default value: true

service_ensure

Data type: Variant[Stdlib::Ensure::Service, Boolean]

Determines whether Puppet should make sure the service is running. Valid values are: true (or running) or false (or stopped). The false or stopped values set the 'httpd' service resource's ensure parameter to false, which is useful when you want to let the service be managed by another application, such as Pacemaker.

Default value: 'running'

service_name

Data type: String

Sets the name of the Apache service.

Default value: $apache::params::service_name

service_manage

Data type: Boolean

Determines whether Puppet manages the HTTPD service's state.

Default value: true

service_restart

Data type: Optional[String]

Determines whether Puppet should use a specific command to restart the HTTPD service. Values: a command to restart the Apache service.

Default value: undef

timeout

Data type: Integer[0]

Sets Apache's TimeOut directive, which defines the number of seconds Apache waits for certain events before failing a request.

Default value: 60

trace_enable

Data type: Variant[Apache::OnOff, Enum['extended']]

Controls how Apache handles TRACE requests (per RFC 2616) via the TraceEnable directive.

Default value: 'On'

use_canonical_name

Data type: Optional[Variant[Apache::OnOff, Enum['DNS', 'dns']]]

Controls Apache's UseCanonicalName directive which controls how Apache handles self-referential URLs. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'.

Default value: undef

use_systemd

Data type: Boolean

Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs.

Default value: $apache::params::use_systemd

file_mode

Data type: Stdlib::Filemode

Sets the desired permissions mode for config files. Valid values are: a string, with permissions mode in symbolic or numeric notation.

Default value: $apache::params::file_mode

root_directory_options

Data type: Array

Array of the desired options for the / directory in httpd.conf.

Default value: $apache::params::root_directory_options

root_directory_secured

Data type: Boolean

Sets the default access policy for the / directory in httpd.conf. A value of false allows access to all resources that are missing a more specific access policy. A value of true denies access to all resources by default. If true, more specific rules must be used to allow access to these resources (for example, in a directory block using the directories parameter).

Default value: false

vhost_dir

Data type: Stdlib::Absolutepath

Changes your virtual host configuration files' location.

Default value: $apache::params::vhost_dir

vhost_include_pattern

Data type: String

Defines the pattern for files included from the vhost_dir. If set to a value like [^.#]\*.conf[^~] to make sure that files accidentally created in this directory (such as files created by version control systems or editor backups) are not included in your server configuration. Some operating systems use a value of *.conf. By default, this module creates configuration files ending in .conf.

Default value: $apache::params::vhost_include_pattern

user

Data type: String

Changes the user that Apache uses to answer requests. Apache's parent process continues to run as root, but child processes access resources as the user defined by this parameter. To prevent Puppet from managing the user, set the manage_user parameter to false.

Default value: $apache::params::user

apache_name

Data type: String

The name of the Apache package to install. If you are using a non-standard Apache package you might need to override the default setting. For CentOS/RHEL Software Collections (SCL), you can also use apache::version::scl_httpd_version.

Default value: $apache::params::apache_name

error_log

Data type: String

The name of the error log file for the main server instance. If the string starts with /, |, or syslog: the full path is set. Otherwise, the filename is prefixed with $logroot.

Default value: $apache::params::error_log

scriptalias

Data type: String

Directory to use for global script alias

Default value: $apache::params::scriptalias

access_log_file

Data type: String

The name of the access log file for the main server instance.

Default value: $apache::params::access_log_file

limitreqfields

Data type: Integer

The limitreqfields parameter sets the maximum number of request header fields in an HTTP request. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request.

Default value: 100

limitreqfieldsize

Data type: Integer

The limitreqfieldsize parameter sets the maximum ammount of bytes that will be allowed within a request header.

Default value: 8190

limitreqline

Data type: Optional[Integer]

The 'limitreqline' parameter sets the limit on the allowed size of a client's HTTP request-line

Default value: undef

ip

Data type: Optional[String]

Specifies the ip address

Default value: undef

conf_enabled

Data type: Optional[Stdlib::Absolutepath]

Whether the additional config files in /etc/apache2/conf-enabled should be managed.

Default value: $apache::params::conf_enabled

vhost_enable_dir

Data type: Optional[Stdlib::Absolutepath]

Set's the vhost definitions which will be stored in sites-availible and if they will be symlinked to and from sites-enabled.

Default value: $apache::params::vhost_enable_dir

manage_vhost_enable_dir

Data type: Boolean

Overides the vhost_enable_dir inherited parameters and allows it to be disabled

Default value: true

mod_enable_dir

Data type: Optional[Stdlib::Absolutepath]

Set's whether the mods-enabled directory should be managed.

Default value: $apache::params::mod_enable_dir

ssl_file

Data type: Optional[String]

This parameter allows you to set an ssl.conf file to be managed in order to implement an SSL Certificate.

Default value: undef

file_e_tag

Data type: Optional[String]

Sets the server default for the FileETag declaration, which modifies the response header field for static files.

Default value: undef

use_optional_includes

Data type: Boolean

Specifies whether Apache uses the IncludeOptional directive instead of Include for additional_includes in Apache 2.4 or newer.

Default value: $apache::params::use_optional_includes

mime_types_additional

Data type: Hash

Specifies any idditional Internet media (mime) types that you wish to be configured.

Default value: $apache::params::mime_types_additional

apache::dev

The libraries installed depends on the dev_packages parameter of the apache::params class, based on your operating system:

  • Debian : libaprutil1-dev, libapr1-dev; apache2-dev
  • FreeBSD: undef; on FreeBSD, you must declare the apache::package or apache classes before declaring apache::dev.
  • Gentoo: undef.
  • Red Hat: httpd-devel.

apache::mod::actions

Installs Apache mod_actions

apache::mod::alias

Installs and configures mod_alias.

Parameters

The following parameters are available in the apache::mod::alias class:

icons_options

Data type: String

Disables directory listings for the icons directory, via Apache Options directive.

Default value: 'Indexes MultiViews'

icons_path

Data type: Variant[Boolean, Stdlib::Absolutepath]

Sets the local path for an /icons/ Alias. Default depends on operating system:

  • Debian: /usr/share/apache2/icons
  • FreeBSD: /usr/local/www/apache24/icons
  • Gentoo: /var/www/icons
  • Red Hat: /var/www/icons, except on Apache 2.4, where it's /usr/share/httpd/icons Set to 'false' to disable the alias

Default value: $apache::params::alias_icons_path

icons_prefix

Data type: String

Change the alias for /icons/.

Default value: $apache::params::icons_prefix

apache::mod::apreq2

Installs mod_apreq2.

apache::mod::auth_basic

Installs mod_auth_basic

apache::mod::auth_cas

Installs and configures mod_auth_cas.

Parameters

The following parameters are available in the apache::mod::auth_cas class:

cas_login_url

Data type: String

Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session.

cas_validate_url

Data type: String

Sets the URL to use when validating a client-presented ticket in an HTTP query string.

cas_cookie_path

Data type: String

Sets the location where information on the current session should be stored. This should be writable by the web server only.

Default value: $apache::params::cas_cookie_path

cas_cookie_path_mode

Data type: Stdlib::Filemode

The mode of cas_cookie_path.

Default value: '0750'

cas_version

Data type: Integer

The version of the CAS protocol to adhere to.

Default value: 2

cas_debug

Data type: String

Whether to enable or disable debug mode.

Default value: 'Off'

cas_validate_server

Data type: Optional[String]

Whether to validate the presented certificate. This has been deprecated and removed from Version 1.1-RC1 onward.

Default value: undef

cas_validate_depth

Data type: Optional[String]

The maximum depth for chained certificate validation.

Default value: undef

cas_certificate_path

Data type: Optional[String]

The path leading to the certificate

Default value: undef

cas_proxy_validate_url

Data type: Optional[String]

The URL to use when performing a proxy validation.

Default value: undef

cas_root_proxied_as

Data type: Optional[String]

Sets the URL end users see when access to this Apache server is proxied per vhost. This URL should not include a trailing slash.

Default value: undef

cas_cookie_entropy

Data type: Optional[String]

When creating a local session, this many random bytes are used to create a unique session identifier.

Default value: undef

cas_timeout

Data type: Optional[Integer[0]]

The hard limit, in seconds, for a mod_auth_cas session.

Default value: undef

cas_idle_timeout

Data type: Optional[Integer[0]]

The limit, in seconds, of how long a mod_auth_cas session can be idle.

Default value: undef

cas_cache_clean_interval

Data type: Optional[String]

The minimum amount of time that must pass inbetween cache cleanings.

Default value: undef

cas_cookie_domain

Data type: Optional[String]

The value for the 'Domain=' parameter in the Set-Cookie header.

Default value: undef

cas_cookie_http_only

Data type: Optional[String]

Setting this flag prevents the mod_auth_cas cookies from being accessed by client side Javascript.

Default value: undef

cas_authoritative

Data type: Optional[String]

Determines whether an optional authorization directive is authoritative and thus binding.

Default value: undef

cas_validate_saml

Data type: Optional[String]

Parse response from CAS server for SAML.

Default value: undef

cas_sso_enabled

Data type: Optional[String]

Enables experimental support for single sign out (may mangle POST data).

Default value: undef

cas_attribute_prefix

Data type: Optional[String]

Adds a header with the value of this header being the attribute values when SAML validation is enabled.

Default value: undef

cas_attribute_delimiter

Data type: Optional[String]

Sets the delimiter between attribute values in the header created by cas_attribute_prefix.

Default value: undef

cas_scrub_request_headers

Data type: Optional[String]

Remove inbound request headers that may have special meaning within mod_auth_cas.

Default value: undef

suppress_warning

Data type: Boolean

Suppress warning about being on RedHat (mod_auth_cas package is now available in epel-testing repo).

Default value: false

apache::mod::auth_gssapi

Installs mod_auth_gsappi.

apache::mod::auth_kerb

Installs mod_auth_kerb

apache::mod::auth_mellon

Installs and configures mod_auth_mellon.

Parameters

The following parameters are available in the apache::mod::auth_mellon class:

mellon_cache_size

Data type: Optional[Integer]

Maximum number of sessions which can be active at once.

Default value: $apache::params::mellon_cache_size

mellon_lock_file

Data type: Optional[Stdlib::Absolutepath]

Full path to a file used for synchronizing access to the session data.

Default value: $apache::params::mellon_lock_file

mellon_post_directory

Data type: Optional[Stdlib::Absolutepath]

Full path of a directory where POST requests are saved during authentication.

Default value: $apache::params::mellon_post_directory

mellon_cache_entry_size

Data type: Optional[Integer]

Maximum size for a single session entry in bytes.

Default value: undef

mellon_post_ttl

Data type: Optional[Integer]

Delay in seconds before a saved POST request can be flushed.

Default value: undef

mellon_post_size

Data type: Optional[Integer]

Maximum size for saved POST requests.

Default value: undef

mellon_post_count

Data type: Optional[Integer]

Maximum amount of saved POST requests.

Default value: undef

apache::mod::auth_openidc

Installs and configures mod_auth_openidc.

Parameters

The following parameters are available in the apache::mod::auth_openidc class:

manage_dnf_module

Data type: Boolean

Whether to manage the DNF module

Default value: $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '8'

dnf_module_ensure

Data type: String[1]

The DNF module name to ensure. Only relevant if manage_dnf_module is set to true.

Default value: 'present'

dnf_module_name

Data type: String[1]

The DNF module name to manage. Only relevant if manage_dnf_module is set to true.

Default value: 'mod_auth_openidc'

apache::mod::authn_core

Installs mod_authn_core.

apache::mod::authn_dbd

Installs mod_authn_dbd.

Parameters

The following parameters are available in the apache::mod::authn_dbd class:

authn_dbd_params

Data type: Optional[String]

The params needed for the mod to function.

authn_dbd_dbdriver

Data type: String

Selects an apr_dbd driver by name.

Default value: 'mysql'

authn_dbd_query

Data type: Optional[String]

Default value: undef

authn_dbd_min

Data type: Integer

Set the minimum number of connections per process.

Default value: 4

authn_dbd_max

Data type: Integer

Set the maximum number of connections per process.

Default value: 20

authn_dbd_keep

Data type: Integer

Set the maximum number of connections per process to be sustained.

Default value: 8

authn_dbd_exptime

Data type: Integer

Set the time to keep idle connections alive when the number of connections specified in DBDKeep has been exceeded.

Default value: 300

authn_dbd_alias

Data type: Optional[String]

Sets an alias for `AuthnProvider.

Default value: undef

apache::mod::authn_file

Installs mod_authn_file.

apache::mod::authnz_ldap

Installs mod_authnz_ldap.

Parameters

The following parameters are available in the apache::mod::authnz_ldap class:

verify_server_cert

Data type: Boolean

Whether to force te verification of a server cert or not.

Default value: true

package_name

Data type: Optional[String]

The name of the ldap package.

Default value: undef

apache::mod::authnz_pam

Installs mod_authnz_pam.

apache::mod::authz_core

Installs mod_authz_core.

apache::mod::authz_groupfile

Installs mod_authz_groupfile

apache::mod::authz_user

Installs mod_authz_user

apache::mod::autoindex

Installs mod_autoindex

Parameters

The following parameters are available in the apache::mod::autoindex class:

icons_prefix

Data type: String

Change the alias for /icons/.

Default value: $apache::params::icons_prefix

apache::mod::cache

Installs mod_cache

apache::mod::cgi

Installs mod_cgi.

apache::mod::cgid

Installs mod_cgid.

apache::mod::cluster

Installs mod_cluster.

  • Note There is no official package available for mod_cluster, so you must make it available outside of the apache module. Binaries can be found here.

  • See also

Examples

class { '::apache::mod::cluster':
  ip                      => '172.17.0.1',
  allowed_network         => '172.17.0.',
  balancer_name           => 'mycluster',
  version                 => '1.3.1'
}

Parameters

The following parameters are available in the apache::mod::cluster class:

allowed_network

Data type: String

Balanced members network.

balancer_name

Data type: String

Name of balancer.

ip

Data type: Stdlib::IP::Address

Specifies the IP address to listen to.

version

Data type: String

Specifies the mod_cluster version. Version 1.3.0 or greater is required for httpd 2.4.

enable_mcpm_receive

Data type: Boolean

Whether MCPM should be enabled.

Default value: true

port

Data type: Stdlib::Port

mod_cluster listen port.

Default value: 6666

keep_alive_timeout

Data type: Integer

Specifies how long Apache should wait for a request, in seconds.

Default value: 60

manager_allowed_network

Data type: Stdlib::IP::Address

Whether to allow the network to access the mod_cluster_manager.

Default value: '127.0.0.1'

max_keep_alive_requests

Data type: Integer

Maximum number of requests kept alive.

Default value: 0

server_advertise

Data type: Boolean

Whether the server should advertise.

Default value: true

advertise_frequency

Data type: Optional[String]

Sets the interval between advertise messages in seconds.

Default value: undef

apache::mod::data

Installs and configures mod_data.

apache::mod::dav

Installs mod_dav.

apache::mod::dav_fs

Installs mod_dav_fs.

apache::mod::dav_svn

Installs and configures mod_dav_svn.

Parameters

The following parameters are available in the apache::mod::dav_svn class:

authz_svn_enabled

Data type: Boolean

Specifies whether to install Apache mod_authz_svn

Default value: false

apache::mod::dbd

Installs mod_dbd.

apache::mod::deflate

Installs and configures mod_deflate.

Parameters

The following parameters are available in the apache::mod::deflate class:

types

Data type: Array[String]

An array of MIME types to be deflated. See https://www.iana.org/assignments/media-types/media-types.xhtml.

Default value:

[
    'text/html text/plain text/xml',
    'text/css',
    'application/x-javascript application/javascript application/ecmascript',
    'application/rss+xml',
    'application/json',
  ]
notes

Data type: Hash

A Hash where the key represents the type and the value represents the note name.

Default value:

{
    'Input'  => 'instream',
    'Output' => 'outstream',
    'Ratio'  => 'ratio',
  }

apache::mod::dir

Installs and configures mod_dir.

  • TODO This sets the global DirectoryIndex directive, so it may be necessary to consider being able to modify the apache::vhost to declare DirectoryIndex statements in a vhost configuration

  • See also

Parameters

The following parameters are available in the apache::mod::dir class:

dir

Data type: String

Default value: 'public_html'

indexes

Data type: Array[String]

Provides a string for the DirectoryIndex directive

Default value:

[
    'index.html',
    'index.html.var',
    'index.cgi',
    'index.pl',
    'index.php',
    'index.xhtml',
  ]

apache::mod::disk_cache

Installs and configures mod_disk_cache.

Parameters

The following parameters are available in the apache::mod::disk_cache class:

cache_root

Data type: Optional[Stdlib::Absolutepath]

Defines the name of the directory on the disk to contain cache files. Default depends on the Apache version and operating system:

  • Debian: /var/cache/apache2/mod_cache_disk
  • FreeBSD: /var/cache/mod_cache_disk
  • Red Hat: /var/cache/httpd/proxy

Default value: undef

cache_ignore_headers

Data type: Optional[String]

Specifies HTTP header(s) that should not be stored in the cache.

Default value: undef

default_cache_enable

Data type: Boolean

Default value is true, which enables "CacheEnable disk /" in disk_cache.conf for the webserver. This would cache every request to apache by default for every vhost. If set to false the default cache all behaviour is supressed. You can then control this behaviour in individual vhosts by explicitly defining CacheEnable.

Default value: true

apache::mod::dumpio

Installs and configures mod_dumpio.

Examples

class{'apache':
  default_mods => false,
  log_level    => 'dumpio:trace7',
}
class{'apache::mod::dumpio':
  dump_io_input  => 'On',
  dump_io_output => 'Off',
}

Parameters

The following parameters are available in the apache::mod::dumpio class:

dump_io_input

Data type: Apache::OnOff

Dump all input data to the error log

Default value: 'Off'

dump_io_output

Data type: Apache::OnOff

Dump all output data to the error log

Default value: 'Off'

apache::mod::env

Installs mod_env.

apache::mod::event

Installs and configures mod_event.

Parameters

The following parameters are available in the apache::mod::event class:

startservers

Data type: Variant[Integer, Boolean]

Sets the number of child server processes created at startup, via the module's StartServers directive. Setting this to false removes the parameter.

Default value: 2

maxrequestworkers

Data type: Optional[Variant[Integer, Boolean]]

Sets the maximum number of connections Apache can simultaneously process, via the module's MaxRequestWorkers directive. Setting these to false removes the parameters.

Default value: undef

minsparethreads

Data type: Variant[Integer, Boolean]

Sets the minimum number of idle threads, via the MinSpareThreads directive. Setting this to false removes the parameters.

Default value: 25

maxsparethreads

Data type: Variant[Integer, Boolean]

Sets the maximum number of idle threads, via the MaxSpareThreads directive. Setting this to false removes the parameters.

Default value: 75

threadsperchild

Data type: Variant[Integer, Boolean]

Number of threads created by each child process.

Default value: 25

maxconnectionsperchild

Data type: Optional[Variant[Integer, Boolean]]

Limit on the number of connections that an individual child server will handle during its life.

Default value: undef

serverlimit

Data type: Variant[Integer, Boolean]

Limits the configurable number of processes via the ServerLimit directive. Setting this to false removes the parameter.

Default value: 25

threadlimit

Data type: Variant[Integer, Boolean]

Limits the number of event threads via the module's ThreadLimit directive. Setting this to false removes the parameter.

Default value: 64

listenbacklog

Data type: Variant[Integer, Boolean]

Sets the maximum length of the pending connections queue via the module's ListenBackLog directive. Setting this to false removes the parameter.

Default value: 511

apache::mod::expires

Installs and configures mod_expires.

Parameters

The following parameters are available in the apache::mod::expires class:

expires_active

Data type: Boolean

Enables generation of Expires headers.

Default value: true

expires_default

Data type: Optional[String]

Specifies the default algorithm for calculating expiration time using ExpiresByType syntax or interval syntax.

Default value: undef

expires_by_type

Data type: Optional[Array[Hash]]

Describes a set of MIME content-types and their expiration times. This should be used as an array of Hashes, with each Hash's key a valid MIME content-type (i.e. 'text/json') and its value following valid interval syntax.

Default value: undef

apache::mod::ext_filter

Installs and configures mod_ext_filter.

Examples

class { 'apache::mod::ext_filter':
  ext_filter_define => {
    'slowdown'       => 'mode=output cmd=/bin/cat preservescontentlength',
    'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"',
  },
}

Parameters

The following parameters are available in the apache::mod::ext_filter class:

ext_filter_define

Data type: Optional[Hash]

Hash of filter names and their parameters.

Default value: undef

apache::mod::fcgid

loaded first; Puppet will not automatically enable it if you set the fcgiwrapper parameter in apache::vhost. include apache::mod::fcgid

apache::vhost { 'example.org': docroot => '/var/www/html', directories => { path => '/var/www/html', fcgiwrapper => { command => '/usr/local/bin/fcgiwrapper', } }, }

Examples

The class does not individually parameterize all available options. Instead, configure mod_fcgid using the options hash.
class { 'apache::mod::fcgid':
  options => {
    'FcgidIPCDir'  => '/var/run/fcgidsock',
    'SharememPath' => '/var/run/fcgid_shm',
    'AddHandler'   => 'fcgid-script .fcgi',
  },
}
If you include apache::mod::fcgid, you can set the [FcgidWrapper][] per directory, per virtual host. The module must be

Parameters

The following parameters are available in the apache::mod::fcgid class:

options

Data type: Hash

A hash used to parameterize the availible options: expires_active Enables generation of Expires headers. expires_default Default algorithm for calculating expiration time. expires_by_type Value of the Expires header configured by MIME type.

Default value: {}

apache::mod::filter

Installs mod_filter.

apache::mod::geoip

Installs and configures mod_geoip.

Parameters

The following parameters are available in the apache::mod::geoip class:

enable

Data type: Boolean

Toggles whether to enable geoip.

Default value: false

db_file

Data type: Stdlib::Absolutepath

Path to database for GeoIP to use.

Default value: '/usr/share/GeoIP/GeoIP.dat'

flag

Data type: String

Caching directive to use. Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'.

Default value: 'Standard'

output

Data type: String

Output variable locations. Values: 'All', 'Env', 'Request', 'Notes'.

Default value: 'All'

enable_utf8

Data type: Optional[String]

Changes the output from ISO88591 (Latin1) to UTF8.

Default value: undef

scan_proxy_headers

Data type: Optional[String]

Enables the GeoIPScanProxyHeaders option.

Default value: undef

scan_proxy_header_field

Data type: Optional[String]

Specifies the header mod_geoip uses to determine the client's IP address.

Default value: undef

use_last_xforwarededfor_ip

Data type: Optional[String]

Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found.

Default value: undef

apache::mod::headers

Installs and configures mod_headers.

apache::mod::http2

Installs and configures mod_http2.

Parameters

The following parameters are available in the apache::mod::http2 class:

h2_copy_files

Data type: Optional[Boolean]

Determine file handling in responses.

Default value: undef

h2_direct

Data type: Optional[Boolean]

H2 Direct Protocol Switch.

Default value: undef

h2_early_hints

Data type: Optional[Boolean]

Determine sending of 103 status codes.

Default value: undef

h2_max_session_streams

Data type: Optional[Integer]

Sets maximum number of active streams per HTTP/2 session.

Default value: undef

h2_max_worker_idle_seconds

Data type: Optional[Integer]

Sets maximum number of seconds h2 workers remain idle until shut down.

Default value: undef

h2_max_workers

Data type: Optional[Integer]

Sets maximum number of worker threads to use per child process.

Default value: undef

h2_min_workers

Data type: Optional[Integer]

Sets minimal number of worker threads to use per child process.

Default value: undef

h2_modern_tls_only

Data type: Optional[Boolean]

Toggles the security checks on HTTP/2 connections in TLS mode

Default value: undef

h2_push

Data type: Optional[Boolean]

Toggles the usage of the HTTP/2 server push protocol feature.

Default value: undef

h2_push_diary_size

Data type: Optional[Integer]

Sets maximum number of HTTP/2 server pushes that are remembered per HTTP/2 connection.

Default value: undef

h2_push_priority

Data type: Array[String]

Require HTTP/2 connections to be "modern TLS" only

Default value: []

h2_push_resource

Data type: Array[String]

When added to a directory/location, HTTP/2 PUSHes will be attempted for all paths added via this directive

Default value: []

h2_serialize_headers

Data type: Optional[Boolean]

Toggles if HTTP/2 requests shall be serialized in HTTP/1.1 format for processing by httpd core or if received binary data shall be passed into the request_recs directly.

Default value: undef

h2_stream_max_mem_size

Data type: Optional[Integer]

Sets the maximum number of outgoing data bytes buffered in memory for an active streams.

Default value: undef

h2_tls_cool_down_secs

Data type: Optional[Integer]

Sets the number of seconds of idle time on a TLS connection before the TLS write size falls back to small (~1300 bytes) length.

Default value: undef

h2_tls_warm_up_size

Data type: Optional[Integer]

Sets the number of bytes to be sent in small TLS records (~1300 bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections.

Default value: undef

h2_upgrade

Data type: Optional[Boolean]

Toggles the usage of the HTTP/1.1 Upgrade method for switching to HTTP/2.

Default value: undef

h2_window_size

Data type: Optional[Integer]

Sets the size of the window that is used for flow control from client to server and limits the amount of data the server has to buffer.

Default value: undef

apache::mod::include

Installs mod_include.

apache::mod::info

Installs and configures mod_info.

Parameters

The following parameters are available in the apache::mod::info class:

allow_from

Data type: Array[Stdlib::IP::Address]

Allowlist of IPv4 or IPv6 addresses or ranges that can access the info path.

Default value: ['127.0.0.1', '::1']

restrict_access

Data type: Boolean

Toggles whether to restrict access to info path. If false, the allow_from allowlist is ignored and any IP address can access the info path.

Default value: true

info_path

Data type: Stdlib::Unixpath

Path on server to file containing server configuration information.

Default value: '/server-info'

apache::mod::intercept_form_submit

Installs mod_intercept_form_submit.

apache::mod::itk

Installs MPM mod_itk.

  • Note Unsupported platforms: CentOS: 8; RedHat: 8, 9; SLES: all

  • See also

Parameters

The following parameters are available in the apache::mod::itk class:

startservers

Data type: Integer

Number of child server processes created on startup.

Default value: 8

minspareservers

Data type: Integer

Minimum number of idle child server processes.

Default value: 5

maxspareservers

Data type: Integer

Maximum number of idle child server processes.

Default value: 20

serverlimit

Data type: Integer

Maximum configured value for MaxRequestWorkers for the lifetime of the Apache httpd process.

Default value: 256

maxclients

Data type: Integer

Limit on the number of simultaneous requests that will be served.

Default value: 256

maxrequestsperchild

Data type: Integer

Limit on the number of connections that an individual child server process will handle.

Default value: 4000

enablecapabilities

Data type: Optional[Variant[Boolean, String]]

Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra capabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor capabilities, such as NFS.

Default value: undef

apache::mod::jk

Installs mod_jk.

  • Note shm_file and log_file Depending on how these files are specified, the class creates their final path differently:

Relative path: prepends supplied path with logroot (see below) Absolute path or pipe: uses supplied path as-is

shm_file => 'shm_file'
# Ends up in
$shm_path = '/var/log/httpd/shm_file'

shm_file => '/run/shm_file'
# Ends up in
$shm_path = '/run/shm_file'

shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'
# Ends up in
$shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'

Examples

class { '::apache::mod::jk':
  ip                   => '192.168.2.15',
  workers_file         => 'conf/workers.properties',
  mount_file           => 'conf/uriworkermap.properties',
  shm_file             => 'run/jk.shm',
  shm_size             => '50M',
  workers_file_content => {
    <Content>
  },
}

Parameters

The following parameters are available in the apache::mod::jk class:

ip

Data type: Optional[Stdlib::IP::Address]

IP for binding to mod_jk. Useful when the binding address is not the primary network interface IP.

Default value: undef

port

Data type: Stdlib::Port

Port for binding to mod_jk. Useful when something else, like a reverse proxy or cache, is receiving requests at port 80, then needs to forward them to Apache at a different port.

Default value: 80

add_listen

Data type: Boolean

Defines if a Listen directive according to parameters ip and port (see below), so that Apache listens to the IP/port combination and redirect to mod_jk. Useful when another Listen directive, like Listen *: or Listen , can conflict with the one necessary for mod_jk binding.

Default value: true

workers_file

Data type: Optional[String]

The name of a worker file for the Tomcat servlet containers.

Default value: undef

worker_property

Data type: Hash

Enables setting worker properties inside Apache configuration file.

Default value: {}

logroot

Data type: Optional[Stdlib::Absolutepath]

The base directory for shm_file and log_file is determined by the logroot parameter. If unspecified, defaults to apache::params::logroot. The default logroot is sane enough therefore it is not recommended to override it.

Default value: undef

shm_file

Data type: String

Shared memory file name.

Default value: 'jk-runtime-status'

shm_size

Data type: Optional[String]

Size of the shared memory file name.

Default value: undef

mount_file

Data type: Optional[String]

File containing multiple mappings from a context to a Tomcat worker.

Default value: undef

mount_file_reload

Data type: Optional[String]

This directive configures the reload check interval in seconds.

Default value: undef

mount

Data type: Hash

A mount point from a context to a Tomcat worker.

Default value: {}

un_mount

Data type: Hash

An exclusion mount point from a context to a Tomcat worker.

Default value: {}

auto_alias

Data type: Optional[String]

Automatically Alias webapp context directories into the Apache document space

Default value: undef

mount_copy

Data type: Optional[String]

If this directive is set to "On" in some virtual server, the mounts from the global server will be copied to this virtual server, more precisely all mounts defined by JkMount or JkUnMount.

Default value: undef