apache

Installs, configures, and manages Apache virtual hosts, web services, and modules.

Project URL RSS Feed Report issues

Module Stats

11,485,443 downloads

1,584 latest version

4.6 quality score

Version information

released Nov 1st 2019

This version is compatible with:

Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x
Puppet >= 5.5.10 < 7.0.0
, , , , , ,

Tasks:

apache

Start using this module

Installation method

Add this module to your Puppetfile:

mod 'puppetlabs-apache', '5.2.0'

Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add puppetlabs-apache

Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install puppetlabs-apache --version 5.2.0

Tags: apache, debian, web, virtualhost, passenger, proxy, ubuntu, ssl, rhel, apache2, httpd, centos, wsgi, virtual-host

Documentation

puppetlabs/apache — version 5.2.0 Nov 1st 2019

apache

Module description - What is the apache module, and what does it do?
Setup - The basics of getting started with apache
- What the apache module affects
- Beginning with Apache - Installation
Usage - The classes and defined types available for configuration
Reference - An under-the-hood peek at what the module is doing and how
Limitations - OS compatibility, etc.
Development - Guide for contributing to the module
- Contributing to the apache module

Module description

Apache HTTP Server (also called Apache HTTPD, or simply Apache) is a widely used web server. This Puppet module simplifies the task of creating configurations to manage Apache servers in your infrastructure. It can configure and manage a range of virtual host setups and provides a streamlined way to install and configure Apache modules.

Setup

What the apache module affects:

Configuration files and directories (created and written to)
- WARNING: Configurations not managed by Puppet will be purged.
Package/service/configuration files for Apache
Apache modules
Virtual hosts
Listened-to ports
/etc/make.conf on FreeBSD and Gentoo

On Gentoo, this module depends on the gentoo/puppet-portage Puppet module. Note that while several options apply or enable certain features and settings for Gentoo, it is not a supported operating system for this module.

Warning: This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Apache configuration should be managed by Puppet, as unmanaged configuration files can cause unexpected failures.

To temporarily disable full Puppet management, set the purge_configs parameter in the apache class declaration to false. We recommend this only as a temporary means of saving and relocating customized configurations.

Beginning with Apache

To have Puppet install Apache with the default parameters, declare the apache class:

class { 'apache': }

When you declare this class with the default options, the module:

Installs the appropriate Apache software package and required Apache modules for your operating system.
Places the required configuration files in a directory, with the default location Depends on operating system.
Configures the server with a default virtual host and standard port ('80') and address ('*') bindings.
Creates a document root directory Depends on operating system, typically /var/www.
Starts the Apache service.

Apache defaults depend on your operating system. These defaults work in testing environments but are not suggested for production. We recommend customizing the class's parameters to suit your site.

For instance, this declaration installs Apache without the apache module's default virtual host configuration, allowing you to customize all Apache virtual hosts:

class { 'apache':
  default_vhost => false,
}

Note: When default_vhost is set to false, you have to add at least one apache::vhost resource or Apache will not start. To establish a default virtual host, either set the default_vhost in the apache class or use the apache::vhost defined type. You can also configure additional specific virtual hosts with the apache::vhost defined type.

Usage

Configuring virtual hosts

The default apache class sets up a virtual host on port 80, listening on all interfaces and serving the docroot parameter's default directory of /var/www.

To configure basic name-based virtual hosts, specify the port and docroot parameters in the apache::vhost defined type:

apache::vhost { 'vhost.example.com':
  port    => '80',
  docroot => '/var/www/vhost',
}

See the apache::vhost defined type's reference for a list of all virtual host parameters.

Note: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The apache::vhost defined type applies a default priority of 25, which Puppet interprets by prefixing the virtual host's file name with 25-. This means that if multiple sites have the same priority, or if you disable priority numbers by setting the priority parameter's value to false, Apache still processes virtual hosts in alphabetical order.

To configure user and group ownership for docroot, use the docroot_owner and docroot_group parameters:

apache::vhost { 'user.example.com':
  port          => '80',
  docroot       => '/var/www/user',
  docroot_owner => 'www-data',
  docroot_group => 'www-data',
}

Configuring virtual hosts with SSL

To configure a virtual host to use SSL encryption and default SSL certificates, set the ssl parameter. You must also specify the port parameter, typically with a value of '443', to accommodate HTTPS requests:

apache::vhost { 'ssl.example.com':
  port    => '443',
  docroot => '/var/www/ssl',
  ssl     => true,
}

To configure a virtual host to use SSL and specific SSL certificates, use the paths to the certificate and key in the ssl_cert and ssl_key parameters, respectively:

apache::vhost { 'cert.example.com':
  port     => '443',
  docroot  => '/var/www/cert',
  ssl      => true,
  ssl_cert => '/etc/ssl/fourth.example.com.cert',
  ssl_key  => '/etc/ssl/fourth.example.com.key',
}

To configure a mix of SSL and unencrypted virtual hosts at the same domain, declare them with separate apache::vhost defined types:

# The non-ssl virtual host
apache::vhost { 'mix.example.com non-ssl':
  servername => 'mix.example.com',
  port       => '80',
  docroot    => '/var/www/mix',
}

# The SSL virtual host at the same domain
apache::vhost { 'mix.example.com ssl':
  servername => 'mix.example.com',
  port       => '443',
  docroot    => '/var/www/mix',
  ssl        => true,
}

To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate apache::vhost defined types and redirect unencrypted requests to the virtual host with SSL enabled:

apache::vhost { 'redirect.example.com non-ssl':
  servername      => 'redirect.example.com',
  port            => '80',
  docroot         => '/var/www/redirect',
  redirect_status => 'permanent',
  redirect_dest   => 'https://redirect.example.com/'
}

apache::vhost { 'redirect.example.com ssl':
  servername => 'redirect.example.com',
  port       => '443',
  docroot    => '/var/www/redirect',
  ssl        => true,
}

Configuring virtual host port and address bindings

Virtual hosts listen on all IP addresses ('*') by default. To configure the virtual host to listen on a specific IP address, use the ip parameter:

apache::vhost { 'ip.example.com':
  ip      => '127.0.0.1',
  port    => '80',
  docroot => '/var/www/ip',
}

You can also configure more than one IP address per virtual host by using an array of IP addresses for the ip parameter:

apache::vhost { 'ip.example.com':
  ip      => ['127.0.0.1','169.254.1.1'],
  port    => '80',
  docroot => '/var/www/ip',
}

You can configure multiple ports per virtual host by using an array of ports for the port parameter:

apache::vhost { 'ip.example.com':
  ip      => ['127.0.0.1'],
  port    => ['80','8080']
  docroot => '/var/www/ip',
}

To configure a virtual host with aliased servers, refer to the aliases using the serveraliases parameter:

apache::vhost { 'aliases.example.com':
  serveraliases => [
    'aliases.example.org',
    'aliases.example.net',
  ],
  port          => '80',
  docroot       => '/var/www/aliases',
}

To set up a virtual host with a wildcard alias for the subdomain mapped to a directory of the same name, such as 'http://example.com.loc' mapped to /var/www/example.com, define the wildcard alias using the serveraliases parameter and the document root with the virtual_docroot parameter:

apache::vhost { 'subdomain.loc':
  vhost_name      => '*',
  port            => '80',
  virtual_docroot => '/var/www/%-2+',
  docroot         => '/var/www',
  serveraliases   => ['*.loc',],
}

To configure a virtual host with filter rules, pass the filter directives as an array using the filters parameter:

apache::vhost { 'subdomain.loc':
  port    => '80',
  filters => [
    'FilterDeclare  COMPRESS',
    'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html',
    'FilterChain    COMPRESS',
    'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no',
  ],
  docroot => '/var/www/html',
}

Configuring virtual hosts for apps and processors

To set up a virtual host with suPHP, use the following parameters:

suphp_engine, to enable the suPHP engine.
suphp_addhandler, to define a MIME type.
suphp_configpath, to set which path suPHP passes to the PHP interpreter.
directory, to configure Directory, File, and Location directive blocks.

For example:

apache::vhost { 'suphp.example.com':
  port             => '80',
  docroot          => '/home/appuser/myphpapp',
  suphp_addhandler => 'x-httpd-php',
  suphp_engine     => 'on',
  suphp_configpath => '/etc/php5/apache2',
  directories      => [
    { 'path'  => '/home/appuser/myphpapp',
      'suphp' => {
        user  => 'myappuser',
        group => 'myappgroup',
      },
    },
  ],
}

To configure a virtual host to use the Web Server Gateway Interface (WSGI) for Python applications, use the wsgi set of parameters:

apache::vhost { 'wsgi.example.com':
  port                        => '80',
  docroot                     => '/var/www/pythonapp',
  wsgi_application_group      => '%{GLOBAL}',
  wsgi_daemon_process         => 'wsgi',
  wsgi_daemon_process_options => {
    processes    => '2',
    threads      => '15',
    display-name => '%{GROUP}',
  },
  wsgi_import_script          => '/var/www/demo.wsgi',
  wsgi_import_script_options  => {
    process-group     => 'wsgi',
    application-group => '%{GLOBAL}',
  },
  wsgi_process_group          => 'wsgi',
  wsgi_script_aliases         => { '/' => '/var/www/demo.wsgi' },
}

As of Apache 2.2.16, Apache supports FallbackResource, a simple replacement for common RewriteRules. You can set a FallbackResource using the fallbackresource parameter:

apache::vhost { 'wordpress.example.com':
  port             => '80',
  docroot          => '/var/www/wordpress',
  fallbackresource => '/index.php',
}

Note: The fallbackresource parameter only supports the 'disabled' value since Apache 2.2.24.

To configure a virtual host with a designated directory for Common Gateway Interface (CGI) files, use the scriptalias parameter to define the cgi-bin path:

apache::vhost { 'cgi.example.com':
  port        => '80',
  docroot     => '/var/www/cgi',
  scriptalias => '/usr/lib/cgi-bin',
}

To configure a virtual host for Rack, use the rack_base_uris parameter:

apache::vhost { 'rack.example.com':
  port           => '80',
  docroot        => '/var/www/rack',
  rack_base_uris => ['/rackapp1', '/rackapp2'],
}

Configuring IP-based virtual hosts

You can configure IP-based virtual hosts to listen on any port and have them respond to requests on specific IP addresses. In this example, the server listens on ports 80 and 81, because the example virtual hosts are not declared with a port parameter:

apache::listen { '80': }

apache::listen { '81': }

Configure the IP-based virtual hosts with the ip_based parameter:

apache::vhost { 'first.example.com':
  ip       => '10.0.0.10',
  docroot  => '/var/www/first',
  ip_based => true,
}

apache::vhost { 'second.example.com':
  ip       => '10.0.0.11',
  docroot  => '/var/www/second',
  ip_based => true,
}

You can also configure a mix of IP- and name-based virtual hosts in any combination of SSL and unencrypted configurations.

In this example, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted:

apache::vhost { 'The first IP-based virtual host, non-ssl':
  servername => 'first.example.com',
  ip         => '10.0.0.10',
  port       => '80',
  ip_based   => true,
  docroot    => '/var/www/first',
}

apache::vhost { 'The first IP-based vhost, ssl':
  servername => 'first.example.com',
  ip         => '10.0.0.10',
  port       => '443',
  ip_based   => true,
  docroot    => '/var/www/first-ssl',
  ssl        => true,
}

Next, we add two name-based virtual hosts listening on a second IP address (10.0.0.20):

apache::vhost { 'second.example.com':
  ip      => '10.0.0.20',
  port    => '80',
  docroot => '/var/www/second',
}

apache::vhost { 'third.example.com':
  ip      => '10.0.0.20',
  port    => '80',
  docroot => '/var/www/third',
}

To add name-based virtual hosts that answer on either 10.0.0.10 or 10.0.0.20, you must disable the Apache default Listen 80, as it conflicts with the preceding IP-based virtual hosts. To do this, set the add_listen parameter to false:

apache::vhost { 'fourth.example.com':
  port       => '80',
  docroot    => '/var/www/fourth',
  add_listen => false,
}

apache::vhost { 'fifth.example.com':
  port       => '80',
  docroot    => '/var/www/fifth',
  add_listen => false,
}

Installing Apache modules

There are two ways to install Apache modules using the Puppet apache module:

Use the apache::mod::<MODULE NAME> classes to install specific Apache modules with parameters.
Use the apache::mod defined type to install arbitrary Apache modules.

Installing specific modules

The Puppet apache module supports installing many common Apache modules, often with parameterized configuration options. For a list of supported Apache modules, see the apache::mod::<MODULE NAME> class references.

For example, you can install the mod_ssl Apache module with default settings by declaring the apache::mod::ssl class:

class { 'apache::mod::ssl': }

apache::mod::ssl has several parameterized options that you can set when declaring it. For instance, to enable mod_ssl with compression enabled, set the ssl_compression parameter to true:

class { 'apache::mod::ssl':
  ssl_compression => true,
}

Note that some modules have prerequisites, which are documented in their references under apache::mod::<MODULE NAME>.

Installing arbitrary modules

You can pass the name of any module that your operating system's package manager can install to the apache::mod defined type to install it. Unlike the specific-module classes, the apache::mod defined type doesn't tailor the installation based on other installed modules or with specific parameters---Puppet only grabs and installs the module's package, leaving detailed configuration up to you.

For example, to install the mod_authnz_external Apache module, declare the defined type with the 'mod_authnz_external' name:

apache::mod { 'mod_authnz_external': }

There are several optional parameters you can specify when defining Apache modules this way. See the defined type's reference for details.

Configuring FastCGI servers to handle PHP files

FastCGI on Ubuntu 18.04

On Ubuntu 18.04, mod_fastcgi is no longer supported. So considering:

an Apache Vhost with docroot set to /var/www/html
a FastCGI server listening on 127.0.0.1:9000

you can then use the custom_fragment parameter to configure the virtual host to have the FastCGI server handle the specified file type:

apache::vhost { 'www':
  ...
  docroot         => '/var/www/html/',
  custom_fragment => 'ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1',
  ...
}

Please note you have to adjust the second ProxyPassMatch parameter to you docroot value (here /var/www/html/).

Other OSes

Add the apache::fastcgi::server defined type to allow FastCGI servers to handle requests for specific files. For example, the following defines a FastCGI server at 127.0.0.1 (localhost) on port 9000 to handle PHP requests:

apache::fastcgi::server { 'php':
  host       => '127.0.0.1:9000',
  timeout    => 15,
  flush      => false,
  faux_path  => '/var/www/php.fcgi',
  fcgi_alias => '/php.fcgi',
  file_type  => 'application/x-httpd-php'
}

You can then use the custom_fragment parameter to configure the virtual host to have the FastCGI server handle the specified file type:

apache::vhost { 'www':
  ...
  custom_fragment => 'AddType application/x-httpd-php .php'
  ...
}

Load balancing examples

Apache supports load balancing across groups of servers through the mod_proxy Apache module. Puppet supports configuring Apache load balancing groups (also known as balancer clusters) through the apache::balancer and apache::balancermember defined types.

To enable load balancing with exported resources, export the apache::balancermember defined type from the load balancer member server:

@@apache::balancermember { "${::fqdn}-puppet00":
  balancer_cluster => 'puppet00',
  url              => "ajp://${::fqdn}:8009",
  options          => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
}

Then, on the proxy server, create the load balancing group:

apache::balancer { 'puppet00': }

To enable load balancing without exporting resources, declare the following on the proxy server:

apache::balancer { 'puppet00': }

apache::balancermember { "${::fqdn}-puppet00":
  balancer_cluster => 'puppet00',
  url              => "ajp://${::fqdn}:8009",
  options          => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
}

Then declare the apache::balancer and apache::balancermember defined types on the proxy server.

To use the ProxySet directive on the balancer, use the proxy_set parameter of apache::balancer:

apache::balancer { 'puppet01':
  proxy_set => {
    'stickysession' => 'JSESSIONID',
    'lbmethod'      => 'bytraffic',
  },
}

Load balancing scheduler algorithms (lbmethod) are listed in mod_proxy_balancer documentation.

Reference

For information on classes, types and functions see the REFERENCE.md

Templates

The Apache module relies heavily on templates to enable the apache::vhost and apache::mod defined types. These templates are built based on Facter facts that are specific to your operating system. Unless explicitly called out, most templates are not meant for configuration.

Tasks

The Apache module has a task that allows a user to reload the Apache config without restarting the service. Please refer to to the PE documentation or Bolt documentation on how to execute a task.

Limitations

For an extensive list of supported operating systems, see metadata.json

FreeBSD

In order to use this module on FreeBSD, you must use apache24-2.4.12 (www/apache24) or newer.

Gentoo

On Gentoo, this module depends on the gentoo/puppet-portage Puppet module. Although several options apply or enable certain features and settings for Gentoo, it is not a supported operating system for this module.

RHEL/CentOS

The apache::mod::auth_cas, apache::mod::passenger, apache::mod::proxy_html and apache::mod::shib classes are not functional on RH/CentOS without providing dependency packages from extra repositories.

See their respective documentation below for related repositories and packages.

RHEL/CentOS 5

The apache::mod::passenger and apache::mod::proxy_html classes are untested because repositories are missing compatible packages.

RHEL/CentOS 6

The apache::mod::passenger class is not installing, because the the EL6 repository is missing compatible packages.

RHEL/CentOS 7

The apache::mod::passenger and apache::mod::proxy_html classes are untested because the EL7 repository is missing compatible packages, which also blocks us from testing the apache::vhost defined type's rack_base_uris parameter.

SELinux and custom paths

If SELinux is in enforcing mode and you want to use custom paths for logroot, mod_dir, vhost_dir, and docroot, you need to manage the files' context yourself.

You can do this with Puppet:

exec { 'set_apache_defaults':
  command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"',
  path    => '/bin:/usr/bin/:/sbin:/usr/sbin',
  require => Package['policycoreutils-python'],
}

package { 'policycoreutils-python':
  ensure => installed,
}

exec { 'restorecon_apache':
  command => 'restorecon -Rv /apache_spec',
  path    => '/bin:/usr/bin/:/sbin:/usr/sbin',
  before  => Class['Apache::Service'],
  require => Class['apache'],
}

class { 'apache': }

host { 'test.server':
  ip => '127.0.0.1',
}

file { '/custom/path':
  ensure => directory,
}

file { '/custom/path/include':
  ensure  => present,
  content => '#additional_includes',
}

apache::vhost { 'test.server':
  docroot             => '/custom/path',
  additional_includes => '/custom/path/include',
}

You must set the contexts using semanage fcontext instead of chcon because Puppet's file resources reset the values' context in the database if the resource doesn't specify it.

Ubuntu 10.04

The apache::vhost::WSGIImportScript parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring.

Ubuntu 16.04

The [apache::mod::suphp][] class is untested since repositories are missing compatible packages.

Development

Testing

Due to the difficult and specialised nature of acceptance testing mods in apache IE (high OS specificity), we have replaced acceptance tests with unit tests.

To run the unit tests, install the necessary gems:

bundle install

And then execute the command:

bundle exec rake parallel_spec

To check the code coverage, run:

COVERAGE=yes bundle exec rake parallel_spec

Contributing

Puppet modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve.

We want to make it as easy as possible to contribute changes so our modules work in your environment, but we also need contributors to follow a few guidelines to help us maintain and improve the modules' quality.

For more information, please read the complete module contribution guide and check out CONTRIBUTING.md.

Reference

Classes

Public Classes

apache: Guides the basic setup and installation of Apache on your system.
apache::dev: Installs Apache development libraries.
apache::mod::actions: Installs Apache mod_actions
apache::mod::alias: Installs and configures mod_alias.
apache::mod::auth_basic: Installs mod_auth_basic
apache::mod::auth_cas: Installs and configures mod_auth_cas.
apache::mod::auth_gssapi: Installs mod_auth_gsappi.
apache::mod::auth_kerb: Installs mod_auth_kerb
apache::mod::auth_mellon: Installs and configures mod_auth_mellon.
apache::mod::authn_core: Installs mod_authn_core.
apache::mod::authn_dbd: Installs mod_authn_dbd.
apache::mod::authn_file: Installs mod_authn_file.
apache::mod::authnz_ldap: Installs mod_authnz_ldap.
apache::mod::authnz_pam: Installs mod_authnz_pam.
apache::mod::authz_default: Installs and configures mod_authz_default.
apache::mod::authz_user: Installs mod_authz_user
apache::mod::autoindex: Installs mod_autoindex
apache::mod::cache: Installs mod_cache
apache::mod::cgi: Installs mod_cgi.
apache::mod::cgid: Installs mod_cgid.
apache::mod::cluster: Installs mod_cluster.
apache::mod::data: Installs and configures mod_data.
apache::mod::dav: Installs mod_dav.
apache::mod::dav_fs: Installs mod_dav_fs.
apache::mod::dav_svn: Installs and configures mod_dav_svn.
apache::mod::dbd: Installs mod_dbd.
apache::mod::deflate: Installs and configures mod_deflate.
apache::mod::dev: Installs mod_dev.
apache::mod::dir: Installs and configures mod_dir.
apache::mod::disk_cache: Installs and configures mod_disk_cache.
apache::mod::dumpio: Installs and configures mod_dumpio.
apache::mod::env: Installs mod_env.
apache::mod::event: Installs and configures mod_event.
apache::mod::expires: Installs and configures mod_expires.
apache::mod::ext_filter: Installs and configures mod_ext_filter.
apache::mod::fastcgi: Installs mod_fastcgi.
apache::mod::fcgid: Installs and configures mod_fcgid.
apache::mod::filter: Installs mod_filter.
apache::mod::geoip: Installs and configures mod_geoip.
apache::mod::headers: Installs and configures mod_headers.
apache::mod::http2: Installs and configures mod_http2.
apache::mod::include: Installs mod_include.
apache::mod::info: Installs and configures mod_info.
apache::mod::intercept_form_submit: Installs mod_intercept_form_submit.
apache::mod::itk: Installs MPM mod_itk.
apache::mod::jk: Installs mod_jk.
apache::mod::ldap: Installs and configures mod_ldap.
apache::mod::lookup_identity: Installs mod_lookup_identity
apache::mod::macro: Installs mod_macro.
apache::mod::mime: Installs and configures mod_mime.
apache::mod::mime_magic: Installs and configures mod_mime_magic.
apache::mod::negotiation: Installs and configures mod_negotiation.
apache::mod::nss: Installs and configures mod_nss.
apache::mod::pagespeed: Installs and configures mod_pagespeed.
apache::mod::passenger: Installs mod_pasenger.
apache::mod::perl: Installs mod_perl.
apache::mod::peruser: Installs mod_peruser.
apache::mod::php: Installs mod_php.
apache::mod::prefork: Installs and configures MPM prefork.
apache::mod::proxy: Installs and configures mod_proxy.
apache::mod::proxy_ajp: Installs mod_proxy_ajp.
apache::mod::proxy_balancer: Installs and configures mod_proxy_balancer.
apache::mod::proxy_connect: Installs mod_proxy_connect.
apache::mod::proxy_fcgi: Installs mod_proxy_fcgi.
apache::mod::proxy_html: Installs mod_proxy_html.
apache::mod::proxy_http: Installs mod_proxy_http.
apache::mod::proxy_wstunnel: Installs mod_proxy_wstunnel.
apache::mod::python: Installs and configures mod_python.
apache::mod::remoteip: Installs and configures mod_remoteip.
apache::mod::reqtimeout: Installs and configures mod_reqtimeout.
apache::mod::rewrite: Installs mod_rewrite.
apache::mod::rpaf: Installs and configures mod_rpaf.
apache::mod::security: Installs and configures mod_security.
apache::mod::setenvif: Installs mod_setenvif.
apache::mod::shib: Installs and configures mod_shib.
apache::mod::socache_shmcb: Installs mod_socache_shmcb.
apache::mod::speling: Installs mod_spelling.
apache::mod::ssl: Installs mod_ssl.
apache::mod::status: Installs and configures mod_status.
apache::mod::suexec: Installs mod_suexec.
apache::mod::suphp: Installs mod_suphp.
apache::mod::userdir: Installs and configures mod_userdir.
apache::mod::version: Installs mod_version.
apache::mod::vhost_alias: Installs Apache mod_vhost_alias.
apache::mod::worker: Installs and manages the MPM worker.
apache::mod::wsgi: Installs and configures mod_wsgi.
apache::mod::xsendfile: Installs mod_xsendfile.
apache::mpm::disable_mpm_event:
apache::mpm::disable_mpm_worker:
apache::vhosts: Creates apache::vhost defined types.

Private Classes

apache::confd::no_accf: Manages the no-accf.conf file.
apache::default_confd_files: Helper for setting up default conf.d files.
apache::default_mods: Installs and congfigures default mods for Apache
apache::package: Installs an Apache MPM.
apache::params: This class manages Apache parameters
apache::php: This class installs PHP for Apache.
apache::proxy: This class enabled the proxy module for Apache.
apache::python: This class installs Python for Apache
apache::service: Installs and configures Apache service.
apache::ssl: This class installs Apache SSL capabilities
apache::version: Try to automatically detect the version by OS

Defined types

Public Defined types

apache::balancer: This type will create an apache balancer cluster file inside the conf.d directory.
apache::balancermember: Defines members of mod_proxy_balancer
apache::custom_config: Adds a custom configuration file to the Apache server's conf.d directory.
apache::fastcgi::server: Defines one or more external FastCGI servers to handle specific file types. Use this defined type with mod_fastcgi.
apache::listen: Adds Listen directives to ports.conf that define the Apache server's or a virtual host's listening address and port.
apache::mod: Installs packages for an Apache module that doesn't have a corresponding apache::mod::<MODULE NAME> class.
apache::namevirtualhost: Enables name-based virtual hosts
apache::vhost: Allows specialised configurations for virtual hosts that possess requirements outside of the defaults.
apache::vhost::custom: A wrapper around the apache::custom_config defined type.

Private Defined types

apache::default_mods::load: Helper used by apache::default_mods
apache::mpm: Enables the use of Apache MPMs.
apache::peruser::multiplexer: Checks if an Apache module has a class.
apache::peruser::processor: Enables the Peruser module for FreeBSD only.
apache::security::rule_link: Links the activated_rules from apache::mod::security to the respective CRS rules on disk.

Resource types

a2mod: Manage Apache 2 modules

Functions

apache::apache_pw_hash: Hashes a password in a format suitable for htpasswd files read by apache.
apache::bool2httpd: Transform a supposed boolean to On or Off. Passes all other values through.
apache::validate_apache_log_level: Perform simple validation of a string against the list of known log levels.
apache_pw_hash: Hashes a password in a format suitable for htpasswd files read by apache.
bool2httpd: Transform a supposed boolean to On or Off. Pass all other values through.
validate_apache_log_level: Perform simple validation of a string against the list of known log levels.

Tasks

init: Allows you to perform apache service functions

Classes

apache

When this class is declared with the default options, Puppet:

Installs the appropriate Apache software package and required Apache modules for your operating system.
Places the required configuration files in a directory, with the default location determined by your operating system.
Configures the server with a default virtual host and standard port (80) and address (\*) bindings.
Creates a document root directory determined by your operating system, typically /var/www.
Starts the Apache service.

If an ldaps:// URL is specified, the mode becomes SSL and the setting of LDAPTrustedMode is ignored.

Examples

class { 'apache': }

Configures a default SSL virtual host. If true, Puppet automatically configures the following virtual host using the apache::vhost defined type:

apache::vhost { 'default-ssl':
  port            => 443,
  ssl             => true,
  docroot         => $docroot,
  scriptalias     => $scriptalias,
  serveradmin     => $serveradmin,
  access_log_file => "ssl_${access_log_file}",
}

Note: SSL virtual hosts only respond to HTTPS queries.

Default value: false

`default_type`

Data type: Any

Apache 2.2 only. Sets the MIME content-type sent if the server cannot otherwise determine an appropriate content-type. This directive is deprecated in Apache 2.4 and newer, and is only for backwards compatibility in configuration files.

Default value: 'none'

`default_vhost`

Data type: Boolean

Configures a default virtual host when the class is declared. To configure customized virtual hosts, set this parameter's value to false.

Note: Apache will not start without at least one virtual host. If you set this to false you must configure a virtual host elsewhere.

Default value: true

`dev_packages`

Data type: Any

Configures a specific dev package to use. For example, using httpd 2.4 from the IUS yum repo:

include ::apache::dev
class { 'apache':
  apache_name  => 'httpd24u',
  dev_packages => 'httpd24u-devel',
}

Default value: $::apache::params::dev_packages

`docroot`

Data type: Any

Sets the default DocumentRoot location.

Default value: $::apache::params::docroot

`error_documents`

Data type: Any

Determines whether to enable custom error documents on the Apache server.

Default value: false

`group`

Data type: Any

Sets the group ID that owns any Apache processes spawned to answer requests. By default, Puppet attempts to manage this group as a resource under the apache class, determining the group based on the operating system as detected by the apache::params class. To prevent the group resource from being created and use a group created by another Puppet module, set the manage_group parameter's value to false.

Note: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process.

Note: If enabled, it impacts performance significantly.

Default value: $::apache::params::hostname_lookups

`ldap_trusted_mode`

Data type: Any

The following modes are supported:

NONE - no encryption SSL - ldaps:// encryption on default port 636 TLS - STARTTLS encryption on default port 389 Not all LDAP toolkits support all the above modes. An error message will be logged at runtime if a mode is not supported, and the connection to the LDAP server will fail.

Default value: undef

`ldap_verify_server_cert`

Data type: Any

Specifies whether to force the verification of a server certificate when establishing an SSL connection to the LDAP server. On|Off

Default value: undef

`lib_path`

Data type: Any

Specifies the location whereApache module files are stored.

Note: Do not configure this parameter manually without special reason.

Default value: $::apache::params::lib_path

`log_level`

Data type: Any

Changes the error log's verbosity. Valid options are: alert, crit, debug, emerg, error, info, notice and warn.

Default value: $::apache::params::log_level

`log_formats`

Data type: Any

Define additional LogFormat directives. Values: A hash, such as:

$log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' }

There are a number of predefined LogFormats in the httpd.conf that Puppet creates:

  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  LogFormat "%h %l %u %t \"%r\" %>s %b" common
  LogFormat "%{Referer}i -> %U" referer
  LogFormat "%{User-agent}i" agent
  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded

If your log_formats parameter contains one of those, it will be overwritten with your definition.

Default value: {}

`logroot`

Data type: Any

Changes the directory of Apache log files for the virtual host.

Default value: $::apache::params::logroot

`logroot_mode`

Data type: Any

Overrides the default logroot directory's mode.

Note: Do not grant write access to the directory where the logs are stored without being aware of the consequences. See the Apache documentation for details.

Default value: $::apache::params::logroot_mode

`manage_group`

Data type: Boolean

When false, stops Puppet from creating the group resource. If you have a group created from another Puppet module that you want to use to run Apache, set this to false. Without this parameter, attempting to use a previously established group results in a duplicate resource error.

Default value: true

`supplementary_groups`

Data type: Any

A list of groups to which the user belongs. These groups are in addition to the primary group. Notice: This option only has an effect when manage_user is set to true.

Default value: []

`manage_user`

Data type: Boolean

When false, stops Puppet from creating the user resource. This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error.

Default value: true

`mod_dir`

Data type: Any

Sets where Puppet places configuration files for your Apache modules.

Default value: $::apache::params::mod_dir

`mod_libs`

Data type: Any

Allows the user to override default module library names.

include apache::params
class { 'apache':
  mod_libs => merge($::apache::params::mod_libs, {
    'wsgi' => 'mod_wsgi_python3.so',
  })
}

Default value: $::apache::params::mod_libs

`mod_packages`

Data type: Any

Allows the user to override default module package names.

include apache::params
class { 'apache':
  mod_packages => merge($::apache::params::mod_packages, {
    'auth_kerb' => 'httpd24-mod_auth_kerb',
  })
}

Default value: $::apache::params::mod_packages

`mpm_module`

Data type: Any

Determines which multi-processing module (MPM) is loaded and configured for the HTTPD process. Valid values are: event, itk, peruser, prefork, worker or false. You must set this to false to explicitly declare the following classes with custom parameters:

apache::mod::event
apache::mod::itk
apache::mod::peruser
apache::mod::prefork
apache::mod::worker

Default value: undef

`purge_vdir`

Data type: Any

Removes all other Apache configs and virtual hosts.

Note: This parameter is deprecated in favor of the purge_config parameter.

apache::mod::actions

Installs Apache mod_actions

See also https://httpd.apache.org/docs/current/mod/mod_actions.html for additional documentation.

apache::mod::alias

Installs and configures mod_alias.

See also https://httpd.apache.org/docs/current/mod/mod_alias.html for additional documentation.

Sets the local path for an /icons/ Alias. Default depends on operating system:

Debian: /usr/share/apache2/icons
FreeBSD: /usr/local/www/apache24/icons
Gentoo: /var/www/icons
Red Hat: /var/www/icons, except on Apache 2.4, where it's /usr/share/httpd/icons

Default value: $::apache::params::alias_icons_path

apache::mod::auth_basic

Installs mod_auth_basic

See also https://httpd.apache.org/docs/current/mod/mod_auth_basic.html for additional documentation.

apache::mod::auth_cas

Installs and configures mod_auth_cas.

Note The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL.
See also https://github.com/apereo/mod_auth_cas for additional documentation.

Parameters

The following parameters are available in the apache::mod::auth_cas class.

`cas_login_url`

Data type: String

Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session.

Data type: Any

Default value: undef

`cas_certificate_path`

Data type: Any

Default value: undef

apache::mod::auth_gssapi

Installs mod_auth_gsappi.

See also https://github.com/modauthgssapi/mod_auth_gssapi for additional documentation.

apache::mod::auth_kerb

Installs mod_auth_kerb

See also http://modauthkerb.sourceforge.net for additional documentation.

apache::mod::auth_mellon

Installs and configures mod_auth_mellon.

See also https://github.com/Uninett/mod_auth_mellon for additional documentation.

See also https://httpd.apache.org/docs/current/mod/mod_authn_core.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::authn_core class.

`apache_version`

Data type: Any

The version of apache being run.

Default value: $::apache::apache_version

apache::mod::authn_dbd

Installs mod_authn_dbd.

See also https://httpd.apache.org/docs/current/mod/mod_authn_dbd.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::authn_dbd class.

`authn_dbd_params`

Data type: Any

The params needed for the mod to function.

`authn_dbd_dbdriver`

Data type: Any

Selects an apr_dbd driver by name.

Default value: 'mysql'

Installs mod_authn_file.

See also https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html for additional documentation.

apache::mod::authnz_ldap

Installs mod_authnz_ldap.

See also https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::authnz_ldap class.

`verify_server_cert`

Data type: Boolean

Whether to force te verification of a server cert or not.

Default value: true

`package_name`

Data type: Any

The name of the ldap package.

Default value: undef

apache::mod::authnz_pam

Installs mod_authnz_pam.

See also https://www.adelton.com/apache/mod_authnz_pam for additional documentation.

apache::mod::authz_default

Installs and configures mod_authz_default.

See also https://httpd.apache.org/docs/current/mod/mod_authz_default.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::authz_default class.

`apache_version`

Data type: Any

Version of Apache to install module on.

Default value: $::apache::apache_version

apache::mod::authz_user

Installs mod_authz_user

See also https://httpd.apache.org/docs/current/mod/mod_authz_user.html for additional documentation.

apache::mod::autoindex

Installs mod_autoindex

See also https://httpd.apache.org/docs/current/mod/mod_autoindex.html for additional documentation.

apache::mod::cache

Installs mod_cache

See also https://httpd.apache.org/docs/current/mod/mod_cache.html for additional documentation.

apache::mod::cgi

Installs mod_cgi.

See also https://httpd.apache.org/docs/current/mod/mod_cgi.html for additional documentation.

apache::mod::cgid

Installs mod_cgid.

See also https://httpd.apache.org/docs/current/mod/mod_cgid.html

apache::mod::cluster

Installs mod_cluster.

Note There is no official package available for mod_cluster, so you must make it available outside of the apache module. Binaries can be found here.
See also https://modcluster.io/ for additional documentation.

Examples

class { '::apache::mod::cluster':
  ip                      => '172.17.0.1',
  allowed_network         => '172.17.0.',
  balancer_name           => 'mycluster',
  version                 => '1.3.1'
}

Parameters

The following parameters are available in the apache::mod::cluster class.

`allowed_network`

Data type: Any

Balanced members network.

`balancer_name`

Data type: Any

Name of balancer.

`ip`

Data type: Any

Specifies the IP address to listen to.

Installs and configures mod_data.

See also https://httpd.apache.org/docs/current/mod/mod_data.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::data class.

`apache_version`

Data type: Any

Version of Apache to install module on.

Default value: undef

apache::mod::dav

Installs mod_dav.

See also https://httpd.apache.org/docs/current/mod/mod_dav.html for additional documentation.

apache::mod::dav_fs

Installs mod_dav_fs.

See also https://httpd.apache.org/docs/current/mod/mod_dav_fs.html for additional documentation.

apache::mod::dav_svn

Installs and configures mod_dav_svn.

See also https://httpd.apache.org/docs/current/mod/mod_dav_svn.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::dav_svn class.

`authz_svn_enabled`

Data type: Any

Specifies whether to install Apache mod_authz_svn

Default value: false

apache::mod::dbd

Installs mod_dbd.

See also https://httpd.apache.org/docs/current/mod/mod_dbd.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::dbd class.

`apache_version`

Used to verify that the Apache version you have requested is compatible with the module.

apache::mod::deflate

Installs and configures mod_deflate.

See also https://httpd.apache.org/docs/current/mod/mod_deflate.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::deflate class.

`types`

Data type: Any

An array of MIME types to be deflated. See https://www.iana.org/assignments/media-types/media-types.xhtml.

Default value: [ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json', ]

`notes`

Data type: Any

A Hash where the key represents the type and the value represents the note name.

Default value: { 'Input' => 'instream', 'Output' => 'outstream', 'Ratio' => 'ratio', }

apache::mod::dev

Installs mod_dev.

Note This module is deprecated. Please use apache::dev.

apache::mod::dir

Installs and configures mod_dir.

TODO This sets the global DirectoryIndex directive, so it may be necessary to consider being able to modify the apache::vhost to declare DirectoryIndex statements in a vhost configuration
See also https://httpd.apache.org/docs/current/mod/mod_dir.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::dir class.

`types`

Specifies the text-based content types to compress.

`indexes`

Data type: Array[String]

Provides a string for the DirectoryIndex directive

Default value: ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml']

`dir`

Data type: Any

Default value: 'public_html'

apache::mod::disk_cache

Installs and configures mod_disk_cache.

Note Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed.
See also https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::disk_cache class.

`cache_root`

Data type: Any

Defines the name of the directory on the disk to contain cache files. Default depends on the Apache version and operating system:

Debian: /var/cache/apache2/mod_cache_disk
FreeBSD: /var/cache/mod_cache_disk
Red Hat, Apache 2.4: /var/cache/httpd/proxy
Red Hat, Apache 2.2: /var/cache/mod_proxy

Default value: undef

`cache_ignore_headers`

Data type: Any

Specifies HTTP header(s) that should not be stored in the cache.

Default value: undef

apache::mod::dumpio

Installs and configures mod_dumpio.

See also https://httpd.apache.org/docs/current/mod/mod_dumpio.html for additional documentation.

Examples

class{'apache':
  default_mods => false,
  log_level    => 'dumpio:trace7',
}
class{'apache::mod::dumpio':
  dump_io_input  => 'On',
  dump_io_output => 'Off',
}

Parameters

The following parameters are available in the apache::mod::dumpio class.

`dump_io_input`

Data type: Enum['Off', 'On', 'off', 'on']

Dump all input data to the error log

Default value: 'Off'

`dump_io_output`

Data type: Enum['Off', 'On', 'off', 'on']

Dump all output data to the error log

Default value: 'Off'

apache::mod::env

Installs mod_env.

See also https://httpd.apache.org/docs/current/mod/mod_env.html for additional documentation.

apache::mod::event

Installs and configures mod_event.

Note You cannot include apache::mod::event with apache::mod::itk, apache::mod::peruser, apache::mod::prefork, or apache::mod::worker on the same server.
See also https://httpd.apache.org/docs/current/mod/event.html for additional documentation.

Sets the maximum length of the pending connections queue via the module's ListenBackLog directive. Setting this to false removes the parameter.

Default value: '511'

apache::mod::expires

Installs and configures mod_expires.

See also https://httpd.apache.org/docs/current/mod/mod_expires.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::expires class.

`expires_active`

Data type: Any

Enables generation of Expires headers.

Default value: true

`expires_default`

Data type: Any

Specifies the default algorithm for calculating expiration time using ExpiresByType syntax or interval syntax.

Default value: undef

`expires_by_type`

Data type: Any

Describes a set of MIME content-types and their expiration times. This should be used as an array of Hashes, with each Hash's key a valid MIME content-type (i.e. 'text/json') and its value following valid interval syntax.

Default value: undef

apache::mod::ext_filter

Installs and configures mod_ext_filter.

See also https://httpd.apache.org/docs/current/mod/mod_ext_filter.html for additional documentation.

Examples

class { 'apache::mod::ext_filter':
  ext_filter_define => {
    'slowdown'       => 'mode=output cmd=/bin/cat preservescontentlength',
    'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"',
  },
}

Parameters

The following parameters are available in the apache::mod::ext_filter class.

`ext_filter_define`

Data type: Optional[Hash]

Hash of filter names and their parameters.

Default value: undef

apache::mod::fastcgi

Installs mod_fastcgi.

See also https://github.com/FastCGI-Archives/mod_fastcgi for additional documentation.

apache::mod::fcgid

loaded first; Puppet will not automatically enable it if you set the fcgiwrapper parameter in apache::vhost. include apache::mod::fcgid

apache::vhost { 'example.org': docroot => '/var/www/html', directories => { path => '/var/www/html', fcgiwrapper => { command => '/usr/local/bin/fcgiwrapper', } }, }

See also https://httpd.apache.org/docs/current/mod/mod_fcgid.html for additional documentation.

Examples

The class does not individually parameterize all available options. Instead, configure mod_fcgid using the options hash.

class { 'apache::mod::fcgid':
  options => {
    'FcgidIPCDir'  => '/var/run/fcgidsock',
    'SharememPath' => '/var/run/fcgid_shm',
    'AddHandler'   => 'fcgid-script .fcgi',
  },
}

If you include apache::mod::fcgid, you can set the [FcgidWrapper][] per directory, per virtual host. The module must be

Parameters

The following parameters are available in the apache::mod::fcgid class.

`expires_active`

Enables generation of Expires headers.

`expires_default`

Default algorithm for calculating expiration time.

`expires_by_type`

Value of the Expires header configured by MIME type.

`options`

Data type: Any

Default value: {}

apache::mod::filter

Installs mod_filter.

See also https://httpd.apache.org/docs/current/mod/mod_filter.html for additional documentation.

apache::mod::geoip

Installs and configures mod_geoip.

See also https://dev.maxmind.com/geoip/legacy/mod_geoip2 for additional documentation.

Enables the GeoIPScanProxyHeaders option.

Default value: undef

`scan_proxy_headers_field`

Specifies the header mod_geoip uses to determine the client's IP address.

`use_last_xforwarededfor_ip`

Data type: Any

Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found.

Default value: undef

`scan_proxy_header_field`

Data type: Any

Default value: undef

apache::mod::headers

Installs and configures mod_headers.

See also https://httpd.apache.org/docs/current/mod/mod_headers.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::headers class.

`apache_version`

Version of Apache to install module on.

apache::mod::http2

Installs and configures mod_http2.

See also https://httpd.apache.org/docs/current/mod/mod_http2.html for additional documentation.

Sets maximum number of HTTP/2 server pushes that are remembered per HTTP/2 connection.

Data type: Optional[String]

Version of Apache to install module on.

Default value: undef

`h2_push_priority`

Data type: Array[String]

Default value: []

apache::mod::include

Installs mod_include.

See also https://httpd.apache.org/docs/current/mod/mod_include.html for additional documentation.

apache::mod::info

Installs and configures mod_info.

See also https://httpd.apache.org/docs/current/mod/mod_info.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::info class.

`allow_from`

Data type: Any

Whitelist of IPv4 or IPv6 addresses or ranges that can access the info path.

Default value: ['127.0.0.1','::1']

`apache_version`

Data type: Any

Version of Apache to install module on.

Default value: undef

`restrict_access`

Data type: Any

Toggles whether to restrict access to info path. If false, the allow_from whitelist is ignored and any IP address can access the info path.

Default value: true

`info_path`

Data type: Any

Path on server to file containing server configuration information.

Default value: '/server-info'

apache::mod::intercept_form_submit

Installs mod_intercept_form_submit.

See also https://www.adelton.com/apache/mod_intercept_form_submit for additional documentation.

apache::mod::itk

Installs MPM mod_itk.

See also http://mpm-itk.sesse.net for additional documentation.

Used to verify that the Apache version you have requested is compatible with the module.

Default value: undef

apache::mod::jk

Installs mod_jk.

Note shm_file and log_file Depending on how these files are specified, the class creates their final path differently:

Relative path: prepends supplied path with logroot (see below) Absolute path or pipe: uses supplied path as-is

shm_file => 'shm_file'
# Ends up in
$shm_path = '/var/log/httpd/shm_file'

shm_file => '/run/shm_file'
# Ends up in
$shm_path = '/run/shm_file'

shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'
# Ends up in
$shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'

See also https://tomcat.apache.org/connectors-doc/reference/apache.html for additional documentation.

Examples

class { '::apache::mod::jk':
  ip                   => '192.168.2.15',
  workers_file         => 'conf/workers.properties',
  mount_file           => 'conf/uriworkermap.properties',
  shm_file             => 'run/jk.shm',
  shm_size             => '50M',
  workers_file_content => {
    <Content>
  },
}

If this directive is set to On in some virtual server, the session IDs ;jsessionid=... will be removed for URLs which are not forwarded but instead are handled by the local server.

Default value: undef

`workers_file_content`

Data type: Any

Each directive has the format worker..=. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash specifies each worker properties and values. Plus, there are two global directives, 'worker.list' and 'worker.maintain' For example, the workers file below should be parameterized as follows:

Worker file:

worker.list = status
worker.list = some_name,other_name

worker.maintain = 60

# Optional comment
worker.some_name.type=ajp13
worker.some_name.socket_keepalive=true

# I just like comments
worker.other_name.type=ajp12 (why would you?)
worker.other_name.socket_keepalive=false

Puppet file:

$workers_file_content = {
  worker_lists    => ['status', 'some_name,other_name'],
  worker_maintain => '60',
  some_name       => {
    comment          => 'Optional comment',
    type             => 'ajp13',
    socket_keepalive => 'true',
  },
  other_name      => {
    comment          => 'I just like comments',
    type             => 'ajp12',
    socket_keepalive => 'false',
  },
}

Default value: {}

`mount_file_content`

Data type: Any

Each directive has the format = . This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash contains two items:

uri_list—an array with URIs to be mapped to the worker
comment—an optional string with a comment for the worker. For example, the mount file below should be parameterized as Figure 2:

Worker file:

# Worker 1
/context_1/ = worker_1
/context_1/* = worker_1

# Worker 2
/ = worker_2
/context_2/ = worker_2
/context_2/* = worker_2

Puppet file:

$mount_file_content = {
  worker_1 => {
    uri_list => ['/context_1/', '/context_1/*'],
    comment  => 'Worker 1',
  },
  worker_2 => {
    uri_list => ['/context_2/', '/context_2/*'],
    comment  => 'Worker 2',
  },
},

Default value: {}

`location_list`

Data type: Any

Default value: []

apache::mod::ldap

Installs and configures mod_ldap.

See also https://httpd.apache.org/docs/current/mod/mod_ldap.html for additional documentation.

Examples

class { 'apache::mod::ldap':
  ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt',
  ldap_trusted_global_cert_type => 'CA_DER',
  ldap_trusted_mode             => 'TLS',
  ldap_shared_cache_size        => '500000',
  ldap_cache_entries            => '1024',
  ldap_cache_ttl                => '600',
  ldap_opcache_entries          => '1024',
  ldap_opcache_ttl              => '600',
}

See also https://www.adelton.com/apache/mod_lookup_identity for additional documentation.

apache::mod::macro

Installs mod_macro.

See also https://httpd.apache.org/docs/current/mod/mod_macro.html for additional documentation.

apache::mod::mime

Installs and configures mod_mime.

See also https://httpd.apache.org/docs/current/mod/mod_mime.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::mime class.

`mime_support_package`

Data type: Any

Name of the MIME package to be installed.

Default value: $::apache::params::mime_support_package

`mime_types_config`

Data type: Any

The location of the mime.types file.

Default value: $::apache::params::mime_types_config

`mime_types_additional`

Data type: Any

List of additional MIME types to include.

Default value: undef

apache::mod::mime_magic

Installs and configures mod_mime_magic.

See also https://httpd.apache.org/docs/current/mod/mod_mime_magic.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::mime_magic class.

`magic_file`

Data type: Any

Enable MIME-type determination based on file contents using the specified magic file.

Default value: undef

apache::mod::negotiation

Installs and configures mod_negotiation.

See also [https://httpd.apache.org/docs/current/mod/mod_negotiation.html for additional documentation.

Parameters

The following parameters are available in the apache::mod::negotiation class.

`force_language_priority`

Data type: Variant[Array[String], String]

Action to take if a single acceptable document is not found.

Default value: 'Prefer Fallback'

`language_priority`

Data type: Variant[Array[String], String]

The precedence of language variants for cases where the client does not express a preference.

Default value: [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 'zh-TW' ]

apache::mod::nss

Installs and configures mod_nss.

See also https://pagure.io/mod_nss for additional documentation.

Parameters

The following parameters are available in the apache::mod::nss class.

`transfer_log`

Data type: Any

Path to access.log.

Default value: "${::apache::params::logroot}/access.log"

`error_Log`

Path to error.log

`passwd_file`

Data type: Any

Path to file containing token passwords used for NSSPassPhraseDialog.

Default value: undef

`port`

Data type: Any

Sets the SSL port that should be used by mod_nss.

Default value: 8443

`error_log`

Data type: Any

Default value: "${::apache::params::logroot}/error.log"

apache::mod::pagespeed

Although this apache module requires the mod-pagespeed-stable package, Puppet does not manage the software repositories required to automatically install the package. If you declare this class when the package is either not installed or not available to your package manager, your Puppet run will fail.

TODO Add docs
Note Verify that your system is compatible with the latest Google Pagespeed requirements.
See also https://developers.google.com/speed/pagespeed/module/ for additional documentation.

The current set of server configurations settings were taken directly from the Passenger Reference. To enable deprecation warnings and removal failure messages, set the passenger_installed_version to the version number installed on the server.

Change Log:

As of 08/13/2017 there are 84 available/deprecated/removed settings.
Around 08/20/2017 UnionStation was discontinued options were removed.
As of 08/20/2017 there are 77 available/deprecated/removed settings.

Note In Passenger source code you can strip out what are all the available options by looking in
- src/apache2_module/Configuration.cpp
- src/apache2_module/ConfigurationCommands.cpp There are also several undocumented settings.
See also https://www.phusionpassenger.com/library/config/apache/reference/ for additional documentation.

This option sets, for the current application, the value of the following environment variables:

RAILS_ENV
RACK_ENV
WSGI_ENV
NODE_ENV
PASSENGER_APP_ENV

`passenger_conf_package_file`

Data type: Any

Default value: $::apache::params::passenger_conf_package_file

`passenger_data_buffer_dir`

Data type: Any

Specifies the directory in which to store data buffers.

Default value: undef

What are tasks?

Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.

Tasks in this module release

apache

Allows you to perform apache service functions

Parameters
action	Action to perform `Enum[reload]`
service_name	The name of the apache service `Optional[String[1]]`

Change log

All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

v5.2.0 (2019-11-01)

Full Changelog

Added

Add parameter version for mod security #1953 (tuxmea)
add possibility to define variables inside VirtualHost definition #1947 (trefzer)

Fixed

(FM-8662) Correct in manifests/mod/ssl.pp for SLES 11 #1963 (cmccrisken-puppet)
always quote ExpiresDefault in vhost::directories #1958 (evgeni)
MODULES-9904 Fix lbmethod module load order #1956 (optiz0r)
Add owner, group, file_mode and show_diff to apache::custom_config #1942 (treydock)
Add shibboleth support for Debian 10 #1939 (fabbks)

v5.1.0 (2019-09-13)

Full Changelog

Added

(FM-8393) add support on Debian 10 #1945 (ThoughtCrhyme)
FM-8140 Add Redhat 8 support #1941 (sheenaajay)
(FM-8214) converted to use litmus #1938 (tphoney)
(MODULES-9668 ) Please make ProxyRequests setting in vhost.pp configurable #1935 (aukesj)
Added unmanaged_path and custom_fragment options to userdir #1931 (GeorgeCox)
Add LDAP parameters to httpd.conf #1930 (daveseff)
Add LDAPReferrals configuration parameter #1928 (HT43-bqxFqB)

Fixed

(MODULES-9104) Add file_mode to config files. #1922 (stevegarn)
(bugfix) Add default package name for mod_ldap #1913 (turnopil)
Remove event mpm when using prefork, worker or itk #1905 (tuxmea)

v5.0.0 (2019-05-20)

Full Changelog

Changed

pdksync - (MODULES-8444) - Raise lower Puppet bound #1908 (david22swan)

Added

(FM-7923) Implement Puppet Strings #1916 (eimlav)
Define SCL package name for mod_ldap #1893 (treydock)

Fixed

(MODULES-9014) Improve SSLSessionTickets handling #1923 (FredericLespez)
(MODULES-8931) Fix stahnma/epel failures #1914 (eimlav)
Fix wsgi_daemon_process to support hash data type #1884 (mdechiaro)

4.1.0 (2019-04-05)

Full Changelog

Added

(MODULES-7196) Allow setting CASRootProxiedAs per virtualhost (replaces #1857) #1900 (Lavinia-Dan)
(feat) - Amazon Linux 2 compatibility added #1898 (david22swan)
(MODULES-8731) Allow CIDRs for proxy_ips/internal_proxy in remoteip #1891 (JAORMX)
Manage all mod_remoteip parameters supported by Apache #1882 (johanfleury)
MODULES-8541 : Allow HostnameLookups to be modified #1881 (k2patel)
Add support for mod_http2 #1867 (smortex)
Added code to paramertize the libphp prefix #1852 (grahamuk2018)
Added WSGI Options WSGIApplicationGroup and WSGIPythonOptimize #1847 (emetriqLikedeeler)

Fixed

(bugfix) set kernel for facter version test #1895 (tphoney)
(MODULES-5990) - Managing conf_enabled #1875 (david22swan)

4.0.0 (2019-01-10)

Full Changelog

Changed

default server_tokens to prod - more secure default #1746 (juju4)

Added

(Modules 8141/Modules 8379) - Addition of support for SLES 15 #1862 (david22swan)
SCL support for httpd and php7.1 #1822 (mmoll)

Fixed

(MODULES-5990) - conf-enabled defaulted to undef #1869 (david22swan)
pdksync - (FM-7655) Fix rubygems-update for ruby \< 2.3 #1866 (tphoney)

3.5.0 (2018-12-17)

Full Changelog

Added

(MODULES-5990) Addition of 'IncludeOptional conf-enabled/*.conf' to apache2.conf' on Debian Family OS #1851 (david22swan)
(MODULES-8107) - Support added for Ubuntu 18.04. #1850 (david22swan)
(MODULES-8108) - Support added for Debian 9 #1849 (david22swan)
Add option to add comments to the header of a vhost file #1841 (jovandeginste)

Fixed

(FM-7605) - Disabling conf_enabled on Ubuntu 18.04 by default as it conflicts with Shibboleth causing errors with apache2. #1856 (david22swan)
(MODULES-8429) Update GPG key for phusion passenger #1848 (abottchen)
Fix default vhost priority in readme #1843 (HT43-bqxFqB)
fix apache::mod::jk example typo and add link for more info #1812 (xorpaul)
MODULES-7379: Fixing syntax by adding newline #1803 (wimvr)
ensure mpm_event is disabled under debian 9 if mpm itk is used #1766 (zivis)

3.4.0 (2018-09-27)

Full Changelog

Added

pdksync - (FM-7392) - Puppet 6 Testing Changes #1838 (pmcmaw)
pdksync - (MODULES-6805) metadata.json shows support for puppet 6 #1836 (tphoney)

Fixed

Fix "audit_log_relevant_status" typo in README.md #1830 (smokris)

3.3.0 (2018-09-11)

Full Changelog

Added

pdksync - (MODULES-7705) - Bumping stdlib dependency from \< 5.0.0 to \< 6.0.0 #1821 (pmcmaw)
Add support for ProxyTimeout #1805 (agoodno)
(MODULES-7343) - Allow overrides by adding mod_libs in apache class #1800 (karelyatin)
Rework passenger VHost and Directories #1778 (smortex)

Fixed

MODULES-7575 reverse sort the aliases #1808 (k2patel)
fixes for OpenSUSE ans SLES #1783 (tuxmea)

3.2.0

Summary

This is a clean release to prepare for several planned backwards incompatible changes.

Changed

Parameter passenger_pre_start has been moved outside of <VirtualHost>.
Apache version fact has been enabled on FreeBSD.
Parameter ssl_proxyengine has had it's default changed to false.

Added

Parameter passenger_group can now be set in apache::vhost.
Multiple passenger_pre_start URIs can now be set at once.
Manifest mod::auth_gssapi has been added to allow the deployment of authorisation with kerberos, through GSSAPI.

Removed

Scientific 5 and Debian 7 are no longer supported on Apache.

Supported Release 3.1.0

Summary

This release includes the module being converted using version 1.4.1 of the PDK. It also includes a couple of additional parameters added.

Added

Module has been pdk converted with version 1.4.1 (MODULES-6331)
Parameter ssl_cert to provide a SSLCertificateFile option for use with SSL, optional of type String.
Parameter ssl_key to provide a SSLCertificateKey option for use with SSL, optional of type String.

Fixed

Documentation updates.
Updates to the Japanese translation based on documentation update.

Supported Release 3.0.0

Summary

This major release changes the default value of keepalive to On. It also includes many other features and bugfixes.

Changed

Default apache::keepalive from Off to On.

Added

Class apache::mod::data
Function apache::apache_pw_hash function (puppet 4 port of apache_pw_hash())
Function apache::bool2httpd function (puppet 4 port of bool2httpd())
Function apache::validate_apache_log_level function (puppet 4 port of validate_apache_log_level())
Parameter apache::balancer::options for additional directives.
Parameter apache::limitreqfields setting the LimitRequestFields directive to 100.
Parameter apache::use_canonical_name to control how httpd uses self-referential URLs.
Parameter apache::mod::disk_cache::cache_ignore_headers to ignore cache headers.
Parameter apache::mod::itk::enablecapabilities to manage ITK capabilities.
Parameter apache::mod::ldap::ldap_trusted_mode to manage trusted mode.
Parameters for apache::mod::passenger:
- passenger_allow_encoded_slashes
- passenger_app_group_name
- passenger_app_root
- passenger_app_type
- passenger_base_uri
- passenger_buffer_response
- passenger_buffer_upload
- passenger_concurrency_model
- passenger_debug_log_file
- passenger_debugger
- passenger_default_group
- passenger_default_user
- passenger_disable_security_update_check
- passenger_enabled
- passenger_error_override
- passenger_file_descriptor_log_file
- passenger_fly_with
- passenger_force_max_concurrent_requests_per_process
- passenger_friendly_error_pages
- passenger_group
- passenger_installed_version
- passenger_instance_registry_dir
- passenger_load_shell_envvars
- passenger_lve_min_uid
- passenger_max_instances
- passenger_max_preloader_idle_time
- passenger_max_request_time
- passenger_memory_limit
- passenger_meteor_app_settings
- passenger_nodejs
- passenger_pre_start
- passenger_python
- passenger_resist_deployment_errors
- passenger_resolve_symlinks_in_document_root
- passenger_response_buffer_high_watermark
- passenger_restart_dir
- passenger_rolling_restarts
- passenger_security_update_check_proxy
- passenger_show_version_in_header
- passenger_socket_backlog
- passenger_start_timeout
- passenger_startup_file
- passenger_sticky_sessions
- passenger_sticky_sessions_cookie_name
- passenger_thread_count
- passenger_user
- passenger_user_switching
- rack_auto_detect
- rack_base_uri
- rack_env
- rails_allow_mod_rewrite
- rails_app_spawner_idle_time
- rails_auto_detect
- rails_base_uri
- rails_default_user
- rails_env
- rails_framework_spawner_idle_time
- rails_ruby
- rails_spawn_method
- rails_user_switching
- wsgi_auto_detect
Parameter apache::mod::prefork::listenbacklog to set the listen backlog to 511.
Parameter apache::mod::python::loadfile_name to workaround python.load filename conflicts.
Parameter apache::mod::ssl::ssl_cert to manage the client auth cert.
Parameter apache::mod::ssl::ssl_key to manage the client auth key.
Parameter apache::mod::status::requires as an alternative to apache::mod::status::allow_from
Parameter apache::vhost::ssl_proxy_cipher_suite to manage that directive.
Parameter apache::vhost::shib_compat_valid_user to manage that directive.
Parameter apache::vhost::use_canonical_name to manage that directive.
Parameter value mellon_session_length for apache::vhost::directories

Fixed

apache_version is confined to just Linux to avoid erroring on AIX.
Parameter apache::mod::jk::workers_file_content docs typo of "mantain" instead of maintain.
Deduplicate apache::mod::ldap managing File['ldap.conf'] to avoid resource conflicts.
ITK package name on Debian 9
Dav_svn package for SLES
Log client IP instead of loadbalancer IP when behind a loadbalancer.
apache::mod::remoteip now notifies the Class['apache::service'] class instead of Service['httpd'] to avoid restarting the service when apache::service_manage is false.
apache::vhost::cas_scrub_request_headers actually manages the directive.

Supported Release 2.3.1

Summary

This release fixes CVE-2018-6508 which is a potential arbitrary code execution via tasks.

Fixed

Fix init task for arbitrary remote code

Supported Release 2.3.0

Summary

This is a feature release. It includes a task that will reload the apache service.

Added

Add a task that allows the reloading of the Apache service.

Supported Release 2.2.0

Summary

This is a maintainence and feature release. It will include updates to translations in Japanese, some maintainence and adding PassengerSpawnMethod to vhost.

Added

PassengerSpawnMethod added to vhost.

Changed

Improve version match fact for apache_version
Update to prefork.conf params for Apache 2.4
Updates to CONTRIBUTING.md
Do not install mod_fastcgi on el7
Include mod_wsgi when using wsgi options

Supported Release 2.1.0

Summary

This is a feature release including a security patch (CVE-2017-2299)

Added

apache::mod::jk class for managing the mod_jk connector
apache_pw_hash function
the ProxyPass directive in location contexts
more Puppet 4 type validation
apache::mod::macro class for managing mod_macro

Changed

$ssl_certs_dir default to undef for all platorms
$ssl_verify_client must now be set to use any of the following: $ssl_certs_dir, $ssl_ca, $ssl_crl_path, $ssl_crl, $ssl_verify_depth, $ssl_crl_check

Fixed

issue where mod_alias was not being loaded when RedirectMatch* directives were being used (MODULES-3942)
issue with $directories parameter in apache::vhost
issue in UserDir template where the UserDir path did not match the Directory path
Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory

Removed

support for EOL platforms: Ubuntu 10.04, 12.04 and Debian 6 (Squeeze)

Supported Release 2.0.0

Summary

Major release removing Puppet 3 support and other backwards-incompatible changes.

Added

support for FileETag directive configurable with the file_e_tag parameter
ability to configure multiple ports per vhost
RequestHeader directive to vhost template (MODULES-4156)
customizability for AllowOverride directive in userdir.conf (MODULES-4516)
AdvertiseFrequency directive for cluster.conf (MODULES-4500)
ssl_proxy_protocol and ssl_sessioncache parameters for mod::ssl (MODULES-4737)
SSLCACertificateFile directive in ssl.conf configurable with ssl_ca parameter
mod::authnz_pam
mod::intercept_form_submit
mod::lookup_identity
Suse compatibility for mod::proxy_html
support for AddCharset directive configurable with add_charset parameter
support for SSLProxyVerifyDepth and SSLProxyCACertificateFile directives configurable with ssl_proxy_verify_depth and ssl_proxy_ca_cert respectively
manage_security_crs parameter for mod::security
support for LimitExcept directive configurable with limit_except parameter
support for WSGIRestrictEmbedded directive configurable with wsgi_restrict_embedded parameter
support for custom UserDir path (MODULES-4933)
support for PassengerMaxRequests directive configurable with passenger_max_requests
option to override module package names with mod_packages parameter (MODULES-3838)

Removed

enclose_ipv6 as it was added to puppetlabs-stdlib
deprecated $verifyServerCert parameter from the apache::mod::authnz_ldap class (MODULES-4445)

Changed

keepalive default to 'On' from 'Off'
Puppet version compatibility to ">= 4.7.0 < 6.0.0"
puppetlabs-stdlib dependency to ">= 4.12.0 < 5.0.0"
ssl_cipher to explicitly disable 3DES because of Sweet32

Fixed

various issues in the vhost template
use of deprecated include_src parameter in vhost_spec
management of ssl.conf on RedHat systems
various SLES/Suse params
mod::cgi ordering for FreeBSD
issue where ProxyPreserveHost could not be set without other Proxy* directives
the module attempting to install proxy_html on Ubuntu Xenial and Debian Stretch

Supported Release 1.11.1

Summary

This is a security patch release (CVE-2017-2299). These changes are also in version 2.1.0 and higher.

Changed

$ssl_certs_dir default to undef for all platorms
$ssl_verify_client must now be set to use any of the following: $ssl_certs_dir, $ssl_ca, $ssl_crl_path, $ssl_crl, $ssl_verify_depth, $ssl_crl_check

Fixed

Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory (MODULES-5471)

Supported Release 1.11.0

Summary

This release adds SLES12 Support and many more features and bugfixes.

Features

(MODULES-4049) Adds SLES 12 Support
Adds additional directories options for LDAP Auth
- auth_ldap_url
- auth_ldap_bind_dn
- auth_ldap_bind_password
- auth_ldap_group_attribute
- auth_ldap_group_attribute_is_dn
Allows mod_event parameters to be unset
Allows management of default root directory access rights
Adds class apache::vhosts to create apache::vhost resources
Adds class apache::mod::proxy_wstunnel
Adds class apache::mod::dumpio
Adds class apache::mod::socache_shmcb
Adds class apache::mod::authn_dbd
Adds support for apache 2.4 on Amazon Linux
Support the newer mod_auth_cas config options
Adds wsgi_script_aliases_match parameter to apache::vhost
Allow to override all SecDefaultAction attributes
Add audit_log_relevant_status parameter to apache::mod::security
Allow absolute path to $apache::mod::security::activated_rules
Allow setting SecAuditLog
Adds passenger_max_instances_per_app to mod::passenger
Allow the proxy_via setting to be configured
Allow no_proxy_uris to be used within proxy_pass
Add rpaf.conf template parameter to mod::rpaf
Allow user to specify alternative package and library names for shibboleth module
Allows configuration of shibboleth lib path
Adds parameter passenger_data_buffer_dir to mod::passenger
Adds SSL stapling
Allows use of balance_manager with mod_proxy_balancer
Raises lower bound of stdlib dependency to version 4.2
Adds support for Passenger repo on Amazon Linux
Add ability to set SSLStaplingReturnResponderErrors on server level
(MODULES-4213) Allow global rewrite rules inheritance in vhosts
Moves mod_env to its own class and load it when required

Bugfixes

Deny access to .ht and .hg, which are created by mercurial hg.
Instead of failing, include apache::mod::prefork in manifests/mod/itk.pp instead.
Only set SSLCompression when it is set to true.
Remove duplicate shib2 hash element
(MODULES-3388) Include mpm_module classes instead of class declaration
Updates apache::balancer to respect apache::confd_dir
Wrap mod_security directives in an IfModule
Fixes to various mods for Ubuntu Xenial
Fix /etc/modsecurity perms to match package
Fix PassengerRoot under Debian stretch
(MODULES-3476) Updates regex in apache_version custom fact to work with EL5
Dont sql_injection_attacks.data
Add force option to confd file resource to purge directory without warnings
Patch httpoxy through mod_security
Fixes config ordering of IncludeOptional
Fixes bug where port numbers were unquoted
Fixes bug where empty servername for vhost were written to template
Auto-load slotmem_shm and lbmethod_byrequests with proxy_balancer on 2.4
Simplify MPM setup on FreeBSD
Adds requirement for httpd package
Do not set ssl_certs_dir on FreeBSD
Fixes bug that produces a duplicate Listen 443 after a package update on EL7
Fixes bug where custom facts break structured facts
Avoid relative classname inclusion
Fixes a failure in vhost if the first element of $rewrites is not a hash
(MODULES-3744) Process $crs_package before $modsec_dir
(MODULES-1491) Adds ::apache include to mods that need it

Supported Release 1.10.0

Summary

This release fixes backwards compatibility bugs introduced in 1.9.0. Also includes a new mod class and a new vhost feature.

Features

Allow setting KeepAlive related options per vhost
- apache::vhost::keepalive
- apache::vhost::keepalive_timeout
- apache::vhost::max_keepalive_requests
Adds new class apache::mod::cluster

Bugfixes

MODULES-2890: Allow php_version != 5
MODULES-2890: mod::php: Explicit test on jessie
MODULES-2890: Fix PHP on Debian stretch and Ubuntu Xenial
MODULES-2890: Fix mod_php SetHandler and cleanup
Fixed trailing slash in lib_path on Suse
Revert "MODULES-2956: Enable options within location block on proxy_match". Bug introduced in release 1.9.0.
Revert "changed rpaf Configuration Directives: RPAF -> RPAF_". Bug introduced in release 1.9.0.
Set actual path to apachectl on FreeBSD. Fixes snippets verification.

Supported Release [1.9.0][DELETED]

Features

Added apache_version fact
Added apache::balancer::target attribute
Added apache::fastcgi::server::pass_header attribute
Added ability for apache::fastcgi::server::host using sockets
Added apache::root_directory_options attribute
Added for apache::mod::ldap:
- ldap_shared_cache_size
- ldap_cache_entries
- ldap_cache_ttl
- ldap_opcache_entries
- ldap_opcache_ttl
Added apache::mod::pagespeed::package_ensure attribute
Added apache::mod::passenger attributes:
- passenger_log_level
- manage_repo
Added upstream repo for apache::mod::passenger
Added apache::mod::proxy_fcgi class
Added apache::mod::security attributes:
- audit_log_parts
- secpcrematchlimit
- secpcrematchlimitrecursion
- secdefaultaction
- anomaly_score_blocking
- inbound_anomaly_threshold
- outbound_anomaly_threshold
Added apache::mod::ssl attributes:
- ssl_mutex
- apache_version
Added ubuntu 16.04 support
Added apache::mod::authnz_ldap::package_name attribute
Added apache::mod::ldap::package_name attribute
Added apache::mod::proxy::package_name attribute
Added apache::vhost attributes:
- ssl_proxy_check_peen_expire
- ssl_proxy_protocol
- logroot_owner
- logroot_group
- setenvifnocase
- passenger_user
- passenger_high_performance
- jk_mounts
- fastcgi_idle_timeout
- modsec_disable_msgs
- modsec_disable_tags
Added ability for 2.4-style RequireAll|RequireNone|RequireAny directory permissions
Added ability for includes in vhost directory
Added directory values:
- AuthMerging
- MellonSPMetadataFile
Adds Configurability of Collaborative Detection Severity Levels for OWASP Core Rule Set to apache::mod::security class
- critical_anomaly_score
- error_anomaly_score
- warning_anomaly_score
- notice_anomaly_score
Adds ability to configure info_path in apache::mod::info class
Adds ability to configure verify_config in apache::vhost::custom

Bugfixes

Fixed apache mod setup for event/worker failing syntax
Fixed concat deprecation warnings
Fixed pagespeed mod
Fixed service restart on mod update
Fixed mod dir purging to happen after package installs
Fixed various apache::mod::* file modes
Fixed apache::mod::authnz_ldap parameter verifyServerCert to be verify_server_cert
Fixed loadfile name in apache::mod::fcgid
Fixed apache::mod::remoteip to fail on apache < 2.4 (because it is not available)
Fixed apache::mod::ssl::ssl_honorcipherorder interpolation
Lint fixes
Strict variable fixes
Fixed apache::vhost attribute redirectmatch_status to be optional
Fixed SSLv3 on by default in mod_nss
Fixed mod_rpaf directive names in template
Fixed mod_worker needing MaxClients with ThreadLimit
Fixed quoting on vhost php_value
Fixed xml2enc for proxy_html on debian
Fixed a problem where the apache service restarts too fast

Supported Release 1.8.1

Summary

This release includes bug fixes and a documentation update.

Bugfixes

Fixes a bug that occurs when using the module in combination with puppetlabs-concat 2.x.
Fixes a bug where passenger.conf was vulnerable to purging.
Removes the pin of the concat module dependency.

Supported Release 1.8.0

Summary

This release includes a lot of bug fixes and feature updates, including support for Debian 8, as well as many test improvements.

Features

Debian 8 Support.
Added the 'file_mode' property to allow a custom permission setting for config files.
Enable 'PassengerMaxRequestQueueSize' to be set for mod_passenger.
MODULES-2956: Enable options within location block on proxy_match.
Support itk on redhat.
Support the mod_ssl SSLProxyVerify directive.
Support ProxPassReverseCookieDomain directive (mod_proxy).
Support proxy provider for vhost directories.
Added new 'apache::vhost::custom' resource.

Bugfixes

Fixed ProxyPassReverse configuration.
Fixed error in Amazon operatingsystem detection.
Fixed mod_security catalog ordering issues for RedHat 7.
Fixed paths and packages for the shib2 apache module on Debian pre Jessie.
Fixed EL7 directory path for apache modules.
Fixed validation error when empty array is passed for the rewrites parameter.
Idempotency fixes with regards to '::apache::mod_enable_dir'.
ITK fixes.
(MODULES-2865) fix $mpm_module logic for 'false'.
Set SSLProxy directives even if ssl is false, due to issue with RewriteRules and ProxyPass directives.
Enable setting LimitRequestFieldSize globally, and remove it from vhost.

Improvements

apache::mod::php now uses FilesMatch to configure the php handler. This is following the recommended upstream configuration guidelines (http://php.net/manual/en/install.unix.apache2.php#example-20) and distribution's default config (e.g.: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/vivid/php5/vivid/view/head:/debian/php5.conf). It avoids inadvertently exposing the PHP handler to executing uploads with names like 'file.php.jpg', but might impact setups with unusual requirements.
Improved compatibility for Gentoo.
Vhosts can now be supplied with a wildcard listen value.
Numerous test improvements.
Removed workarounds for https://bz.apache.org/bugzilla/show_bug.cgi?id=38864 as the issues have been fixed in Apache.
Documentation updates.
Ensureed order of ProxyPass and ProxyPassMatch parameters.
Ensure that ProxyPreserveHost is set to off mode explicitly if not set in manifest.
Put headers and request headers before proxy with regards to template generation.
Added X-Forwarded-For into log_formats defaults.
(MODULES-2703) Allow mod pagespeed to take an array of lines as additional_configuration.

Supported Release 1.7.1

###Summary

Small release for support of newer PE versions. This increments the version of PE in the metadata.json file.

Supported Release 1.7.0

Summary

This release includes many new features and bugfixes. There are test, documentation and misc improvements.

Features

allow groups with - like vhost-users
ability to enable/disable the secruleengine through a parameter
add mod_auth_kerb parameters to vhost
client auth for reverse proxy
support for mod_auth_mellon
change SSLProtocol in apache::vhost to be space separated
RewriteLock support

Bugfixes

fix apache::mod::cgid so it can be used with the event MPM
load unixd before fcgid on all operating systems
fixes conditional in vhost aliases
corrects mod_cgid worker/event defaults
ProxyPassMatch parameters were ending up on a newline
catch that mod_authz_default has been removed in Apache 2.4
mod::ssl fails on SLES
fix typo of MPM_PREFORK for FreeBSD package install
install all modules before adding custom configs
fix acceptance testing for SSLProtocol behaviour for real
fix ordering issue with conf_file and ports_file

Known Issues

mod_passenger is having issues installing on Redhat/Centos 6, This is due to package dependency issues.

Improvements

added docs for forcetype directive
removes ruby 1.8.7 from the travisci test matrix
readme reorganisation, minor fixups
support the mod_proxy ProxyPassReverseCookiePath directive
the purge_vhost_configs parameter is actually called purge_vhost_dir
add ListenBacklog for mod worker
deflate application/json by default
install mod_authn_alias as default mod in debian for apache < 2.4
optionally set LimitRequestFieldSize on an apache::vhost
add SecUploadDir parameter to support file uploads with mod_security
optionally set parameters for mod_ext_filter module
allow SetOutputFilter to be set on a directory
RC4 is deprecated
allow empty docroot
add option to configure the include pattern for the vhost_enable dir
allow multiple IP addresses per vhost
default document root update for Ubuntu 14.04 and Debian 8

Supported Release 1.6.0

Summary

This release includes a couple of new features, along with test and documentation updates, and support for the latest AIO puppet builds.

Features

Add scan_proxy_header_field parameter to apache::mod::geoip
Add ssl_openssl_conf_cmd parameter to apache::vhost and apache::mod::ssl
Add filters parameter to apache::vhost

Bugfixes

Test updates
Do not use systemd on Amazon Linux
Add missing docs for timeout parameter (MODULES-2148)

Supported Release 1.5.0

Summary

This release primarily adds Suse compatibility. It also adds a handful of other parameters for greater configuration control.

Features

Add apache::lib_path parameter
Add apache::service_restart parameter
Add apache::vhost::geoip_enable parameter
Add apache::mod::geoip class
Add apache::mod::remoteip class
Add parameters to apache::mod::expires class
Add index_style_sheet handling to apache::vhost::directories
Add some compatibility for SLES 11
Add apache::mod::ssl::ssl_sessioncachetimeout parameter
Add apache::mod::ssl::ssl_cryptodevice parameter
Add apache::mod::ssl::ssl_honorcipherorder parameter
Add apache::mod::userdir::options parameter

Bugfixes

Document apache::user parameter
Document apache::group parameter
Fix apache::dev on FreeBSD
Fix proxy_connect on apache >= 2.2
Validate log levels better
Fix apache::apache_name for package and vhost
Fix Debian Jessie mod_prefork package name
Fix alias module being declared even when vhost is absent
Fix proxy_pass_match handling in vhost's proxy template
Fix userdir access permissions
Fix issue where the module was trying to use systemd on Amazon Linux.

Supported Release 1.4.1

This release corrects a metadata issue that has been present since release 1.2.0. The refactoring of apache::vhost to use puppetlabs-concat requires a version of concat newer than the version required in PE. If you are using PE 3.3.0 or earlier you will need to use version 1.1.1 or earlier of the puppetlabs-apache module.

Supported Release 1.4.0

###Summary

This release fixes the issue where the docroot was still managed even if the default vhosts were disabled and has many other features and bugfixes including improved support for 'deny' and 'require' as arrays in the 'directories' parameter under apache::vhost

Features

New parameters to apache
- default_charset
- default_type
New parameters to apache::vhost
- proxy_error_override
- passenger_app_env (MODULES-1776)
- proxy_dest_match
- proxy_dest_reverse_match
- proxy_pass_match
- no_proxy_uris_match
New parameters to apache::mod::passenger
- passenger_app_env
- passenger_min_instances
New parameter to apache::mod::alias
- icons_options
New classes added under apache::mod::*
- authn_file
- authz_default
- authz_user
Added support for 'deny' as an array in 'directories' under apache::vhost
Added support for RewriteMap
Improved support for FreeBSD. (Note: If using apache < 2.4.12, see the discussion here)
Added check for deprecated options in directories and fail when they are unsupported
Added gentoo compatibility
Added proper array support for require in the directories parameter in apache::vhost
Added support for setenv inside proxy locations

Bugfixes

Fix issue in apache::vhost that was preventing the scriptalias fragment from being included (MODULES-1784)
Install required mod_ldap package for EL7 (MODULES-1779)
Change default value of maxrequestworkers in apache::mod::event to be a multiple of the default ThreadsPerChild of 25.
Use the correct mod_prefork package name for trusty and jessie
Don't manage docroot when default vhosts are disabled
Ensure resources notify Class['Apache::Service'] instead of Service['httpd'] (MODULES-1829)
Change the loadfile name for mod_passenger so mod_proxy will load by default before mod_passenger
Remove old Debian work-around that removed passenger_extra.conf

Supported Release 1.3.0

Summary

This release has many new features and bugfixes, including the ability to optionally not trigger service restarts on config changes.

Features

New parameters - apache
- service_manage
- use_optional_includes
New parameters - apache::service
- service_manage
New parameters - apache::vhost
- access_logs
- php_flags
- php_values
- modsec_disable_vhost
- modsec_disable_ids
- modsec_disable_ips
- modsec_body_limit
Improved FreeBSD support
Add ability to omit priority prefix if $priority is set to false
Add apache::security::rule_link define
Improvements to apache::mod::*
- Add apache::mod::auth_cas class
- Add threadlimit, listenbacklog, maxrequestworkers, maxconnectionsperchild parameters to apache::mod::event
- Add apache::mod::filter class
- Add root_group to apache::mod::php
- Add apache::mod::proxy_connect class
- Add apache::mod::security class
- Add ssl_pass_phrase_dialog and ssl_random_seed_bytes parameters to apache::mod::ssl (MODULES-1719)
- Add status_path parameter to apache::mod::status
- Add apache_version parameter to apache::mod::version
- Add package_name and mod_path parameters to apache::mod::wsgi (MODULES-1458)
Improved SCL support
- Add support for specifying the docroot
Updated _directories.erb to add support for SetEnv
Support multiple access log directives (MODULES-1382)
Add passenger support for Debian Jessie
Add support for not having puppet restart the apache service (MODULES-1559)

Bugfixes

For apache 2.4 mod_itk requires mod_prefork (MODULES-825)
Allow SSLCACertificatePath to be unset in apache::vhost (MODULES-1457)
Load fcgid after unixd on RHEL7
Allow disabling default vhost for Apache 2.4
Test fixes
mod_version is now built-in (MODULES-1446)
Sort LogFormats for idempotency
allow_encoded_slashes was omitted from apache::vhost
Fix documentation bug (MODULES-1403, MODULES-1510)
Sort wsgi_script_aliases for idempotency (MODULES-1384)
lint fixes
Fix automatic version detection for Debian Jessie
Fix error docs and icons path for RHEL7-based systems (MODULES-1554)
Sort php_* hashes for idempotency (MODULES-1680)
Ensure mod::setenvif is included if needed (MODULES-1696)
Fix indentation in vhost/_directories.erb template (MODULES-1688)
Create symlinks on all distros if vhost_enable_dir is specified

Supported Release 1.2.0

Summary

This release features many improvements and bugfixes, including several new defines, a reworking of apache::vhost for more extensibility, and many new parameters for more customization. This release also includes improved support for strict variables and the future parser.

Features

Convert apache::vhost to use concat for easier extensions
Test improvements
Synchronize files with modulesync
Strict variable and future parser support
Added apache::custom_config defined type to allow validation of configs before they are created
Added bool2httpd function to convert true/false to apache 'On' and 'Off'. Intended for internal use in the module.
Improved SCL support
- allow overriding of the mod_ssl package name
Add support for reverse_urls/ProxyPassReverse in apache::vhost
Add satisfy directive in apache::vhost::directories
Add apache::fastcgi::server defined type
New parameters - apache
- allow_encoded_slashes
- apache_name
- conf_dir
- default_ssl_crl_check
- docroot
- logroot_mode
- purge_vhost_dir
New parameters - apache::vhost
- add_default_charset
- allow_encoded_slashes
- logroot_ensure
- logroot_mode
- manage_docroot
- passenger_app_root
- passenger_min_instances
- passenger_pre_start
- passenger_ruby
- passenger_start_timeout
- proxy_preserve_host
- proxy_requests
- redirectmatch_dest
- ssl_crl_check
- wsgi_chunked_request
- wsgi_pass_authorization
Add support for ScriptAlias and ScriptAliasMatch in the apache::vhost::aliases parameter
Add support for rewrites in the apache::vhost::directories parameter
If the service_ensure parameter in apache::service is set to anything other than true, false, running, or stopped, ensure will not be passed to the service resource, allowing for the service to not be managed by puppet
Turn of SSLv3 by default
Improvements to apache::mod*
- Add restrict_access parameter to apache::mod::info
- Add force_language_priority and language_priority parameters to apache::mod::negotiation
- Add threadlimit parameter to apache::mod::worker
- Add content, template, and source parameters to apache::mod::php
- Add mod_authz_svn support via the authz_svn_enabled parameter in apache::mod::dav_svn
- Add loadfile_name parameter to apache::mod
- Add apache::mod::deflate class
- Add options parameter to apache::mod::fcgid
- Add timeouts parameter to apache::mod::reqtimeout
- Add apache::mod::shib
- Add apache_version parameter to apache::mod::ldap
- Add magic_file parameter to apache::mod::mime_magic
- Add apache_version parameter to apache::mod::pagespeed
- Add passenger_default_ruby parameter to apache::mod::passenger
- Add content, template, and source parameters to apache::mod::php
- Add apache_version parameter to apache::mod::proxy
- Add loadfiles parameter to apache::mod::proxy_html
- Add ssl_protocol and package_name parameters to apache::mod::ssl
- Add apache_version parameter to apache::mod::status
- Add apache_version parameter to apache::mod::userdir
- Add apache::mod::version class

Bugfixes

Set osfamily defaults for wsgi_socket_prefix
Support multiple balancermembers with the same url
Validate apache::vhost::custom_fragment
Add support for itk with mod_php
Allow apache::vhost::ssl_certs_dir to not be set
Improved passenger support for Debian
Improved 2.4 support without mod_access_compat
Support for more than one 'Allow from'-directive in _directories.erb
Don't load systemd on Amazon linux based on CentOS6 with apache 2.4
Fix missing newline in ModPagespeed filter and memcached servers directive
Use interpolated strings instead of numbers where required by future parser
Make auth_require take precedence over default with apache 2.4
Lint fixes
Set default for php_admin_flags and php_admin_values to be empty hash instead of empty array
Correct typo in mod::pagespeed
spec_helper fixes
Install mod packages before dealing with the configuration
Use absolute scope to check class definition in apache::mod::php
Fix dependency loop in apache::vhost
Properly scope variables in the inline template in apache::balancer
Documentation clarification, typos, and formatting
Set apache::mod::ssl::ssl_mutex to default for debian on apache >= 2.4
Strict variables fixes
Add authn_core mode to Ubuntu trusty defaults
Keep default loadfile for authz_svn on Debian
Remove '.conf' from the site-include regexp for better Ubuntu/Debian support
Load unixd before fcgid for EL7
Fix RedirectMatch rules
Fix misleading error message in apache::version

Known Bugs

By default, the version of Apache that ships with Ubuntu 10.04 does not work with wsgi_import_script.
SLES is unsupported.

Supported Release 1.1.1

Summary

This release merely updates metadata.json so the module can be uninstalled and upgraded via the puppet module command.

Supported Release 1.1.0

Summary

This release primarily focuses on extending the httpd 2.4 support, tested through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger 4 support, as well as several new modules and important bugfixes.

Features

Add support for RHEL7 and Ubuntu 14.04
More complete apache24 support
Passenger 4 support
Add support for max_keepalive_requests and log_formats parameters
Add mod_pagespeed support
Add mod_speling support
Added several parameters for mod_passenger
Added ssl_cipher parameter to apache::mod::ssl
Improved examples in documentation
Added docroot_mode, action, and suexec_user_group parameters to apache::vhost
Add support for custom extensions for mod_php
Improve proxy_html support for Debian

Bugfixes

Remove NameVirtualHost directive for apache >= 2.4
Order proxy_set option so it doesn't change between runs
Fix inverted SSL compression
Fix missing ensure on concat::fragment resources
Fix bad dependencies in apache::mod and apache::mod::mime

Known Bugs

By default, the version of Apache that ships with Ubuntu 10.04 does not work with wsgi_import_script.
SLES is unsupported.

Supported Release 1.0.1

Summary

This is a supported release. This release removes a testing symlink that can cause trouble on systems where /var is on a seperate filesystem from the modulepath.

Features

Bugfixes

Known Bugs

By default, the version of Apache that ships with Ubuntu 10.04 does not work with wsgi_import_script.
SLES is unsupported.

Supported Release 1.0.0

Summary

This is a supported release. This release introduces Apache 2.4 support for Debian and RHEL based osfamilies.

Features

Add apache24 support
Add rewrite_base functionality to rewrites
Updated README documentation
Add WSGIApplicationGroup and WSGIImportScript directives

Bugfixes

Replace mutating hashes with merge() for Puppet 3.5
Fix WSGI import_script and mod_ssl issues on Lucid

Known Bugs

By default, the version of Apache that ships with Ubuntu 10.04 does not work with wsgi_import_script.
SLES is unsupported.

Supported Release 0.11.0

Summary:

This release adds preliminary support for Windows compatibility and multiple rewrite support.

Backwards-incompatible Changes:

The rewrite_rule parameter is deprecated in favor of the new rewrite parameter and will be removed in a future release.

Features:

add Match directive
quote paths for windows compatibility
add auth_group_file option to README.md
allow AuthGroupFile directive for vhosts
Support Header directives in vhost context
Don't purge mods-available dir when separate enable dir is used
Fix the servername used in log file name
Added support for mod_include
Remove index parameters.
Support environment variable control for CustomLog
added redirectmatch support
Setting up the ability to do multiple rewrites and conditions.
Convert spec tests to beaker.
Support phpadmin(flag|value)s

Bugfixes:

directories are either a Hash or an Array of Hashes
Configure Passenger in separate .conf file on RH so PassengerRoot isn't lost
(docs) Update list of apache::mod::[name] classes
(docs) Fix apache::namevirtualhost example call style
Fix $ports_file reference in apache::listen.
Fix $ports_file reference in Namevirtualhost.

Supported Release 0.10.0

Summary:

This release adds FreeBSD osfamily support and various other improvements to some mods.

Features:

Add suPHP_UserGroup directive to directory context
Add support for ScriptAliasMatch directives
Set SSLOptions StdEnvVars in server context
No implicit entry for ScriptAlias path
Add support for overriding ErrorDocument
Add support for AliasMatch directives
Disable default "allow from all" in vhost-directories
Add WSGIPythonPath as an optional parameter to mod_wsgi.
Add mod_rpaf support
Add directives: IndexOptions, IndexOrderDefault
Add ability to include additional external configurations in vhost
need to use the provider variable not the provider key value from the directory hash for matches
Support for FreeBSD and few other features
Add new params to apache::mod::mime class
Allow apache::mod to specify module id and path
added $server_root parameter
Add Allow and ExtendedStatus support to mod_status
Expand vhost/_directories.pp directive support
Add initial support for nss module (no directives in vhost template yet)
added peruser and event mpms
added $service_name parameter
add parameter for TraceEnable
Make LogLevel configurable for server and vhost
Add documentation about $ip
Add ability to pass ip (instead of wildcard) in default vhost files

Bugfixes:

Don't listen on port or set NameVirtualHost for non-existent vhost
only apply Directory defaults when provider is a directory
Working mod_authnz_ldap support on Debian/Ubuntu

Supported Release 0.9.0

Summary:

This release adds more parameters to the base apache class and apache defined resource to make the module more flexible. It also adds or enhances SuPHP, WSGI, and Passenger mod support, and support for the ITK mpm module.

Backwards-incompatible Changes:

Remove many default mods that are not normally needed.
Remove rewrite_base apache::vhost parameter; did not work anyway.
Specify dependencies on stdlib >=2.4.0 (this was already the case, but making explicit)
Deprecate a2mod in favor of the apache::mod::* classes and apache::mod defined resource.

Features:

apache class
- Add httpd_dir parameter to change the location of the configuration files.
- Add logroot parameter to change the logroot
- Add ports_file parameter to changes the ports.conf file location
- Add keepalive parameter to enable persistent connections
- Add keepalive_timeout parameter to change the timeout
- Update default_mods to be able to take an array of mods to enable.
apache::vhost
- Add wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, and wsgi_script_aliases parameters for per-vhost WSGI configuration.
- Add access_log_syslog parameter to enable syslogging.
- Add error_log_syslog parameter to enable syslogging of errors.
- Add directories hash parameter. Please see README for documentation.
- Add sslproxyengine parameter to enable SSLProxyEngine
- Add suphp_addhandler, suphp_engine, and suphp_configpath for configuring SuPHP.
- Add custom_fragment parameter to allow for arbitrary apache configuration injection. (Feature pull requests are prefered over using this, but it is available in a pinch.)
Add apache::mod::suphp class for configuring SuPHP.
Add apache::mod::itk class for configuring ITK mpm module.
Update apache::mod::wsgi class for global WSGI configuration with wsgi_socket_prefix and wsgi_python_home parameters.
Add README.passenger.md to document the apache::mod::passenger usage. Added passenger_high_performance, passenger_pool_idle_time, passenger_max_requests, passenger_stat_throttle_rate, rack_autodetect, and rails_autodetect parameters.
Separate the httpd service resource into a new apache::service class for dependency chaining of Class['apache'] -> <resource> ~> Class['apache::service']
Added apache::mod::proxy_balancer class for apache::balancer

Bugfixes:

Change dependency to puppetlabs-concat
Fix ruby 1.9 bug for a2mod
Change servername to be $::hostname if there is no $::fqdn
Make /etc/ssl/certs the default ssl certs directory for RedHat non-5.
Make php the default php package for RedHat non-5.
Made aliases able to take a single alias hash instead of requiring an array.

Supported Release 0.8.1

Bugfixes:

Update apache::mpm_module detection for worker/prefork
Update apache::mod::cgi and apache::mod::cgid detection for worker/prefork

Supported Release 0.8.0

Features:

Add servername parameter to apache class
Add proxy_set parameter to apache::balancer define

Bugfixes:

Fix ordering for multiple apache::balancer clusters
Fix symlinking for sites-available on Debian-based OSs
Fix dependency ordering for recursive confdir management
Fix apache::mod::* to notify the service on config change
Documentation updates

Supported Release 0.7.0

Changes:

Essentially rewrite the module -- too many to list
apache::vhost has many abilities -- see README.md for details
apache::mod::* classes provide httpd mod-loading capabilities
apache base class is much more configurable

Bugfixes:

Many. And many more to come

Supported Release 0.6.0

update travis tests (add more supported versions)
add access log_parameter
make purging of vhost dir configurable

Supported Release 0.4.0

Changes:

include apache is now required when using apache::mod::*

Bugfixes:

Fix syntax for validate_re
Fix formatting in vhost template
Fix spec tests such that they pass

Supported Release 0.0.4

e62e362 Fix broken tests for ssl, vhost, vhost::*
42c6363 Changes to match style guide and pass puppet-lint without error
42bc8ba changed name => path for file resources in order to name namevar by it's name
72e13de One end too much
0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc.
273f94d fix tests
a35ede5 (#13860) Make a2enmod/a2dismo commands optional
98d774e (#13860) Autorequire Package['httpd']
05fcec5 (#13073) Add missing puppet spec tests
541afda (#6899) Remove virtual a2mod definition
976cb69 (#13072) Move mod python and wsgi package names to params
323915a (#13060) Add .gitignore to repo
fdf40af (#13060) Remove pkg directory from source tree
fd90015 Add LICENSE file and update the ModuleFile
d3d0d23 Re-enable local php class
d7516c7 Make management of firewalls configurable for vhosts
60f83ba Explicitly lookup scope of apache_name in templates.
f4d287f (#12581) Add explicit ordering for vdir directory
88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall
a776a8b (#11071) Fix to work with latest firewall module
2b79e8b (#11070) Add support for Scientific Linux
405b3e9 Fix for a2mod
57b9048 Commit apache::vhost::redirect Manifest
8862d01 Commit apache::vhost::proxy Manifest
d5c1fd0 Commit apache::mod::wsgi Manifest
a825ac7 Commit apache::mod::python Manifest
b77062f Commit Templates
9a51b4a Vhost File Declarations
6cf7312 Defaults for Parameters
6a5b11a Ensure installed
f672e46 a2mod fix
8a56ee9 add pthon support to apache

* This Changelog was automatically generated by github_changelog_generator


                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/

   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

   1. Definitions.

      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.

      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.

      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.

      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.

      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.

      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.

      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).

      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.

      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      designated in writing by the copyright owner as "Not a Contribution."

      "Contributor" shall mean Licensor and any individual or Legal Entity
      on behalf of whom a Contribution has been received by Licensor and
      subsequently incorporated within the Work.

   2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to reproduce, prepare Derivative Works of,
      publicly display, publicly perform, sublicense, and distribute the
      Work and such Derivative Works in Source or Object form.

   3. Grant of Patent License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      (except as stated in this section) patent license to make, have made,
      use, offer to sell, sell, import, and otherwise transfer the Work,
      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work
      or a Contribution incorporated within the Work constitutes direct
      or contributory patent infringement, then any patent licenses
      granted to You under this License for that Work shall terminate
      as of the date such litigation is filed.

   4. Redistribution. You may reproduce and distribute copies of the
      Work or Derivative Works thereof in any medium, with or without
      modifications, and in Source or Object form, provided that You
      meet the following conditions:

      (a) You must give any other recipients of the Work or
          Derivative Works a copy of this License; and

      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and

      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and

      (d) If the Work includes a "NOTICE" text file as part of its
          distribution, then any Derivative Works that You distribute must
          include a readable copy of the attribution notices contained
          within such NOTICE file, excluding those notices that do not
          pertain to any part of the Derivative Works, in at least one
          of the following places: within a NOTICE text file distributed
          as part of the Derivative Works; within the Source form or
          documentation, if provided along with the Derivative Works; or,
          within a display generated by the Derivative Works, if and
          wherever such third-party notices normally appear. The contents
          of the NOTICE file are for informational purposes only and
          do not modify the License. You may add Your own attribution
          notices within Derivative Works that You distribute, alongside
          or as an addendum to the NOTICE text from the Work, provided
          that such additional attribution notices cannot be construed
          as modifying the License.

      You may add Your own copyright statement to Your modifications and
      may provide additional or different license terms and conditions
      for use, reproduction, or distribution of Your modifications, or
      for any such Derivative Works as a whole, provided Your use,
      reproduction, and distribution of the Work otherwise complies with
      the conditions stated in this License.

   5. Submission of Contributions. Unless You explicitly state otherwise,
      any Contribution intentionally submitted for inclusion in the Work
      by You to the Licensor shall be under the terms and conditions of
      this License, without any additional terms or conditions.
      Notwithstanding the above, nothing herein shall supersede or modify
      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.

   6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the
      origin of the Work and reproducing the content of the NOTICE file.

   7. Disclaimer of Warranty. Unless required by applicable law or
      agreed to in writing, Licensor provides the Work (and each
      Contributor provides its Contributions) on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
      implied, including, without limitation, any warranties or conditions
      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
      PARTICULAR PURPOSE. You are solely responsible for determining the
      appropriateness of using or redistributing the Work and assume any
      risks associated with Your exercise of permissions under this License.

   8. Limitation of Liability. In no event and under no legal theory,
      whether in tort (including negligence), contract, or otherwise,
      unless required by applicable law (such as deliberate and grossly
      negligent acts) or agreed to in writing, shall any Contributor be
      liable to You for damages, including any direct, indirect, special,
      incidental, or consequential damages of any character arising as a
      result of this License or out of the use or inability to use the
      Work (including but not limited to damages for loss of goodwill,
      work stoppage, computer failure or malfunction, or any and all
      other commercial damages or losses), even if such Contributor
      has been advised of the possibility of such damages.

   9. Accepting Warranty or Additional Liability. While redistributing
      the Work or Derivative Works thereof, You may choose to offer,
      and charge a fee for, acceptance of support, warranty, indemnity,
      or other liability obligations and/or rights consistent with this
      License. However, in accepting such obligations, You may act only
      on Your own behalf and on Your sole responsibility, not on behalf
      of any other Contributor, and only if You agree to indemnify,
      defend, and hold each Contributor harmless for any liability
      incurred by, or claims asserted against, such Contributor by reason
      of your accepting any such warranty or additional liability.

   END OF TERMS AND CONDITIONS

   APPENDIX: How to apply the Apache License to your work.

      To apply the Apache License to your work, attach the following
      boilerplate notice, with the fields enclosed by brackets "[]"
      replaced with your own identifying information. (Don't include
      the brackets!)  The text should be enclosed in the appropriate
      comment syntax for the file format. We also recommend that a
      file or class name and description of purpose be included on the
      same "printed page" as the copyright notice for easier
      identification within third-party archives.

   Copyright [yyyy] [name of copyright owner]

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.

Modules

Discover

Contribute

Puppet

Premium features

Downloads

Resources

About Forge

Getting Started

apache

Version information

This version is compatible with:

Tasks:

Start using this module

Documentation

apache

Table of Contents

Module description

Setup

What the apache module affects:

Beginning with Apache

Usage

Configuring virtual hosts

Configuring virtual hosts with SSL

Configuring virtual host port and address bindings

Configuring virtual hosts for apps and processors

Configuring IP-based virtual hosts

Installing Apache modules

Installing specific modules

Installing arbitrary modules

Configuring FastCGI servers to handle PHP files

FastCGI on Ubuntu 18.04

Other OSes

Load balancing examples

Reference

Templates

Tasks

Limitations

FreeBSD

Gentoo

RHEL/CentOS

RHEL/CentOS 5

RHEL/CentOS 6

RHEL/CentOS 7

SELinux and custom paths

Ubuntu 10.04

Ubuntu 16.04

Development

Testing

Contributing

Reference

Table of Contents

Classes

apache

Examples

Parameters

allow_encoded_slashes

apache_version

conf_dir

conf_template

confd_dir

default_charset

default_confd_files

default_mods

default_ssl_ca

default_ssl_cert

default_ssl_chain

default_ssl_crl

default_ssl_crl_path

default_ssl_crl_check

default_ssl_key

default_ssl_vhost

default_type

default_vhost

dev_packages

docroot

error_documents

group

httpd_dir

http_protocol_options

`allow_encoded_slashes`

`apache_version`

`conf_dir`

`conf_template`

`confd_dir`

`default_charset`

`default_confd_files`

`default_mods`

`default_ssl_ca`

`default_ssl_cert`

`default_ssl_chain`

`default_ssl_crl`

`default_ssl_crl_path`

`default_ssl_crl_check`

`default_ssl_key`

`default_ssl_vhost`

`default_type`

`default_vhost`

`dev_packages`

`docroot`

`error_documents`

`group`

`httpd_dir`

`http_protocol_options`

`keepalive`

`keepalive_timeout`

`max_keepalive_requests`

`hostname_lookups`

`ldap_trusted_mode`

`ldap_verify_server_cert`

`lib_path`

`log_level`

`log_formats`

`logroot`

`logroot_mode`

`manage_group`

`supplementary_groups`

`manage_user`

`mod_dir`

`mod_libs`

`mod_packages`

`mpm_module`

`package_ensure`

`pidfile`

`ports_file`

`protocols`

`protocols_honor_order`

`purge_configs`

`purge_vhost_dir`

`rewrite_lock`

`sendfile`

`serveradmin`

`servername`

`server_root`

`server_signature`

`server_tokens`

`service_enable`

`service_ensure`

`service_name`

`service_manage`

`service_restart`

`timeout`

`trace_enable`

`use_canonical_name`

`use_systemd`

`file_mode`

`root_directory_options`

`root_directory_secured`

`vhost_dir`

`vhost_include_pattern`

`user`

`apache_name`

`error_log`

`scriptalias`

`access_log_file`

`limitreqfields`

`limitreqfieldsize`

`ip`

`purge_vdir`

`conf_enabled`