├── .devcontainer ├── Dockerfile ├── README.md └── devcontainer.json ├── .fixtures.yml ├── .geppetto-rc.json ├── .gitattributes ├── .github ├── pull_request_template.md └── workflows │ ├── ci.yml │ ├── mend.yml │ ├── nightly.yml │ ├── release.yml │ └── release_prep.yml ├── .github_changelog_generator ├── .gitignore ├── .gitpod.Dockerfile ├── .gitpod.yml ├── .nodeset.yml ├── .pdkignore ├── .puppet-lint.rc ├── .rspec ├── .rubocop.yml ├── .rubocop_todo.yml ├── .sync.yml ├── .vscode └── extensions.json ├── .yardopts ├── CHANGELOG.md ├── CODEOWNERS ├── CONTRIBUTING.md ├── Gemfile ├── HISTORY.md ├── LICENSE ├── NOTICE ├── README.md ├── REFERENCE.md ├── Rakefile ├── data └── common.yaml ├── examples ├── apache.pp ├── dev.pp ├── init.pp ├── mod_load_params.pp ├── mods.pp ├── mods_custom.pp ├── php.pp ├── vhost.pp ├── vhost_directories.pp ├── vhost_filter.pp ├── vhost_ip_based.pp ├── vhost_proxypass.pp ├── vhost_ssl.pp └── vhosts_without_listen.pp ├── files └── httpd ├── hiera.yaml ├── lib └── puppet │ ├── functions │ ├── apache │ │ ├── apache_pw_hash.rb │ │ ├── authz_core_config.rb │ │ ├── bool2httpd.rb │ │ └── pw_hash.rb │ ├── apache_pw_hash.rb │ └── bool2httpd.rb │ └── provider │ └── a2mod.rb ├── manifests ├── balancer.pp ├── balancermember.pp ├── confd │ └── no_accf.pp ├── custom_config.pp ├── default_confd_files.pp ├── default_mods.pp ├── default_mods │ └── load.pp ├── dev.pp ├── fastcgi │ └── server.pp ├── init.pp ├── listen.pp ├── mod.pp ├── mod │ ├── actions.pp │ ├── alias.pp │ ├── apreq2.pp │ ├── auth_basic.pp │ ├── auth_cas.pp │ ├── auth_gssapi.pp │ ├── auth_kerb.pp │ ├── auth_mellon.pp │ ├── auth_openidc.pp │ ├── authn_core.pp │ ├── authn_dbd.pp │ ├── authn_file.pp │ ├── authnz_ldap.pp │ ├── authnz_pam.pp │ ├── authz_core.pp │ ├── authz_groupfile.pp │ ├── authz_user.pp │ ├── autoindex.pp │ ├── cache.pp │ ├── cache_disk.pp │ ├── cgi.pp │ ├── cgid.pp │ ├── cluster.pp │ ├── data.pp │ ├── dav.pp │ ├── dav_fs.pp │ ├── dav_svn.pp │ ├── dbd.pp │ ├── deflate.pp │ ├── dir.pp │ ├── disk_cache.pp │ ├── dumpio.pp │ ├── env.pp │ ├── event.pp │ ├── expires.pp │ ├── ext_filter.pp │ ├── fcgid.pp │ ├── filter.pp │ ├── geoip.pp │ ├── headers.pp │ ├── http2.pp │ ├── include.pp │ ├── info.pp │ ├── intercept_form_submit.pp │ ├── itk.pp │ ├── jk.pp │ ├── lbmethod_bybusyness.pp │ ├── lbmethod_byrequests.pp │ ├── lbmethod_bytraffic.pp │ ├── lbmethod_heartbeat.pp │ ├── ldap.pp │ ├── log_forensic.pp │ ├── lookup_identity.pp │ ├── macro.pp │ ├── md.pp │ ├── mime.pp │ ├── mime_magic.pp │ ├── negotiation.pp │ ├── nss.pp │ ├── pagespeed.pp │ ├── passenger.pp │ ├── perl.pp │ ├── peruser.pp │ ├── php.pp │ ├── prefork.pp │ ├── proxy.pp │ ├── proxy_ajp.pp │ ├── proxy_balancer.pp │ ├── proxy_connect.pp │ ├── proxy_fcgi.pp │ ├── proxy_html.pp │ ├── proxy_http.pp │ ├── proxy_http2.pp │ ├── proxy_wstunnel.pp │ ├── python.pp │ ├── remoteip.pp │ ├── reqtimeout.pp │ ├── rewrite.pp │ ├── rpaf.pp │ ├── security.pp │ ├── setenvif.pp │ ├── shib.pp │ ├── socache_shmcb.pp │ ├── speling.pp │ ├── ssl.pp │ ├── ssl │ │ └── reload.pp │ ├── status.pp │ ├── suexec.pp │ ├── userdir.pp │ ├── version.pp │ ├── vhost_alias.pp │ ├── watchdog.pp │ ├── worker.pp │ ├── wsgi.pp │ └── xsendfile.pp ├── mpm.pp ├── mpm │ ├── disable_mpm_event.pp │ ├── disable_mpm_prefork.pp │ └── disable_mpm_worker.pp ├── namevirtualhost.pp ├── package.pp ├── params.pp ├── peruser │ ├── multiplexer.pp │ └── processor.pp ├── security │ └── rule_link.pp ├── service.pp ├── version.pp ├── vhost.pp ├── vhost │ ├── custom.pp │ ├── fragment.pp │ └── proxy.pp └── vhosts.pp ├── metadata.json ├── pdk.yaml ├── provision.yaml ├── readmes └── README_ja_JP.md ├── spec ├── acceptance │ ├── apache_parameters_spec.rb │ ├── apache_ssl_spec.rb │ ├── auth_openidc_spec.rb │ ├── class_spec.rb │ ├── custom_config_spec.rb │ ├── default_mods_spec.rb │ ├── init_task_spec.rb │ ├── itk_spec.rb │ ├── mod_apreq2_spec.rb │ ├── mod_authnz_ldap_spec.rb │ ├── mod_dav_svn_spec.rb │ ├── mod_ldap_spec.rb │ ├── mod_md_spec.rb │ ├── mod_php_spec.rb │ ├── mod_security_spec.rb │ ├── prefork_worker_spec.rb │ ├── service_spec.rb │ ├── vhost_spec.rb │ └── vhosts_spec.rb ├── classes │ ├── apache_spec.rb │ ├── dev_spec.rb │ ├── mod │ │ ├── alias_spec.rb │ │ ├── auth_cas_spec.rb │ │ ├── auth_gssapi_spec.rb │ │ ├── auth_kerb_spec.rb │ │ ├── auth_mellon_spec.rb │ │ ├── auth_openidc_spec.rb │ │ ├── authn_dbd_spec.rb │ │ ├── authnz_ldap_spec.rb │ │ ├── authnz_pam_spec.rb │ │ ├── authz_groupfile_spec.rb │ │ ├── cache_disk_spec.rb │ │ ├── cache_spec.rb │ │ ├── cluster_spec.rb │ │ ├── data_spec.rb │ │ ├── dav_svn_spec.rb │ │ ├── deflate_spec.rb │ │ ├── dir_spec.rb │ │ ├── disk_cache_spec.rb │ │ ├── dumpio_spec.rb │ │ ├── event_spec.rb │ │ ├── expires_spec.rb │ │ ├── ext_filter_spec.rb │ │ ├── fcgid_spec.rb │ │ ├── http2_spec.rb │ │ ├── info_spec.rb │ │ ├── intercept_form_submit_spec.rb │ │ ├── itk_spec.rb │ │ ├── jk_spec.rb │ │ ├── lbmethod_bybusyness.rb │ │ ├── lbmethod_byrequests.rb │ │ ├── lbmethod_bytraffic.rb │ │ ├── lbmethod_heartbeat.rb │ │ ├── ldap_spec.rb │ │ ├── log_forensic_spec.rb │ │ ├── lookup_identity.rb │ │ ├── md_spec.rb │ │ ├── mime_magic_spec.rb │ │ ├── mime_spec.rb │ │ ├── negotiation_spec.rb │ │ ├── pagespeed_spec.rb │ │ ├── passenger_spec.rb │ │ ├── perl_spec.rb │ │ ├── peruser_spec.rb │ │ ├── php_spec.rb │ │ ├── prefork_spec.rb │ │ ├── proxy_balancer_spec.rb │ │ ├── proxy_connect_spec.rb │ │ ├── proxy_html_spec.rb │ │ ├── proxy_http2_spec.rb │ │ ├── proxy_http_spec.rb │ │ ├── proxy_spec.rb │ │ ├── proxy_wstunnel.rb │ │ ├── python_spec.rb │ │ ├── remoteip_spec.rb │ │ ├── reqtimeout_spec.rb │ │ ├── rpaf_spec.rb │ │ ├── security_spec.rb │ │ ├── shib_spec.rb │ │ ├── speling_spec.rb │ │ ├── ssl_spec.rb │ │ ├── status_spec.rb │ │ ├── userdir_spec.rb │ │ ├── watchdog_spec.rb │ │ ├── worker_spec.rb │ │ └── wsgi_spec.rb │ ├── params_spec.rb │ ├── service_spec.rb │ └── vhosts_spec.rb ├── default_facts.yml ├── defines │ ├── balancer_spec.rb │ ├── balancermember_spec.rb │ ├── custom_config_spec.rb │ ├── mod_spec.rb │ ├── modsec_link_spec.rb │ ├── vhost_custom_spec.rb │ ├── vhost_fragment_spec.rb │ ├── vhost_proxy_spec.rb │ └── vhost_spec.rb ├── fixtures │ ├── files │ │ ├── negotiation.conf │ │ └── spec │ ├── site_apache │ │ └── templates │ │ │ └── fake.conf.epp │ └── templates │ │ └── negotiation.conf.erb ├── functions │ ├── authz_core_config_spec.rb │ ├── bool2httpd_spec.rb │ └── pw_hash_spec.rb ├── setup_acceptance_node.pp ├── spec_helper.rb ├── spec_helper_acceptance.rb ├── spec_helper_acceptance_local.rb ├── spec_helper_local.rb ├── type_aliases │ ├── loglevel_spec.rb │ ├── modproxy_spec.rb │ └── vhost_priority_spec.rb └── util │ ├── _resources │ └── test_metadata_json.rb │ └── apache_mod_platform_compatibility_spec.rb ├── tasks ├── init.json └── init.rb ├── templates ├── confd │ └── no-accf.conf.epp ├── fastcgi │ ├── server.epp │ └── server.erb ├── httpd.conf.epp ├── listen.epp ├── mod │ ├── _allow.epp │ ├── _require.epp │ ├── _require.erb │ ├── alias.conf.epp │ ├── auth_cas.conf.epp │ ├── auth_mellon.conf.epp │ ├── authn_dbd.conf.epp │ ├── authnz_ldap.conf.epp │ ├── autoindex.conf.epp │ ├── cache.conf.epp │ ├── cache_disk.conf.epp │ ├── cgid.conf.epp │ ├── cluster.conf.epp │ ├── dav_fs.conf.epp │ ├── deflate.conf.epp │ ├── dir.conf.epp │ ├── dumpio.conf.epp │ ├── event.conf.epp │ ├── expires.conf.epp │ ├── ext_filter.conf.epp │ ├── fcgid.conf.epp │ ├── geoip.conf.epp │ ├── http2.conf.epp │ ├── info.conf.epp │ ├── itk.conf.epp │ ├── jk.conf.epp │ ├── jk │ │ ├── uriworkermap.properties.epp │ │ └── workers.properties.epp │ ├── ldap.conf.epp │ ├── load.epp │ ├── md.conf.epp │ ├── mime.conf.epp │ ├── mime_magic.conf.epp │ ├── negotiation.conf.epp │ ├── nss.conf.epp │ ├── pagespeed.conf.epp │ ├── passenger.conf.epp │ ├── peruser.conf.epp │ ├── php.conf.erb │ ├── prefork.conf.epp │ ├── proxy.conf.epp │ ├── proxy_balancer.conf.epp │ ├── proxy_html.conf.epp │ ├── remoteip.conf.epp │ ├── reqtimeout.conf.epp │ ├── rpaf.conf.epp │ ├── security.conf.epp │ ├── security_crs.conf.epp │ ├── security_crs.conf.erb │ ├── security_custom.conf.epp │ ├── setenvif.conf.epp │ ├── ssl.conf.epp │ ├── status.conf.epp │ ├── status.conf.erb │ ├── userdir.conf.epp │ ├── worker.conf.epp │ └── wsgi.conf.epp ├── namevirtualhost.epp ├── ports_header.epp └── vhost │ ├── _access_log.erb │ ├── _action.epp │ ├── _additional_includes.erb │ ├── _aliases.epp │ ├── _allow_encoded_slashes.epp │ ├── _auth_cas.epp │ ├── _auth_kerb.epp │ ├── _auth_oidc.epp │ ├── _authz_core.epp │ ├── _block.erb │ ├── _charsets.epp │ ├── _custom_fragment.epp │ ├── _directories.erb │ ├── _docroot.epp │ ├── _error_document.erb │ ├── _fallbackresource.epp │ ├── _file_footer.epp │ ├── _file_header.epp │ ├── _filters.epp │ ├── _gssapi.epp │ ├── _header.epp │ ├── _http2.epp │ ├── _http_protocol_options.epp │ ├── _itk.epp │ ├── _jk_mounts.epp │ ├── _keepalive_options.epp │ ├── _logging.epp │ ├── _passenger.epp │ ├── _php.erb │ ├── _php_admin.erb │ ├── _proxy.erb │ ├── _proxy_protocol.epp │ ├── _redirect.erb │ ├── _requestheader.epp │ ├── _require.erb │ ├── _rewrite.erb │ ├── _scriptalias.epp │ ├── _scriptalias.erb │ ├── _security.epp │ ├── _serveralias.epp │ ├── _setenv.erb │ ├── _shib.epp │ ├── _ssl.erb │ ├── _sslproxy.epp │ ├── _userdir.epp │ └── _wsgi.epp ├── types ├── loglevel.pp ├── modproxyprotocol.pp ├── oidcsettings.pp ├── onoff.pp ├── servertokens.pp └── vhost │ ├── priority.pp │ └── proxypass.pp └── util ├── _resources └── tag_format_help_msg.txt └── apache_mod_platform_support.rb /.devcontainer/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM puppet/pdk:latest 2 | 3 | # [Optional] Uncomment this section to install additional packages. 4 | # RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ 5 | # && apt-get -y install --no-install-recommends 6 | 7 | -------------------------------------------------------------------------------- /.devcontainer/README.md: -------------------------------------------------------------------------------- 1 | # devcontainer 2 | 3 | 4 | For format details, see https://aka.ms/devcontainer.json. 5 | 6 | For config options, see the README at: 7 | https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/puppet 8 | 9 | ``` json 10 | { 11 | "name": "Puppet Development Kit (Community)", 12 | "dockerFile": "Dockerfile", 13 | 14 | // Set *default* container specific settings.json values on container create. 15 | "settings": { 16 | "terminal.integrated.profiles.linux": { 17 | "bash": { 18 | "path": "bash", 19 | } 20 | } 21 | }, 22 | 23 | // Add the IDs of extensions you want installed when the container is created. 24 | "extensions": [ 25 | "puppet.puppet-vscode", 26 | "rebornix.Ruby" 27 | ], 28 | 29 | // Use 'forwardPorts' to make a list of ports inside the container available locally. 30 | "forwardPorts": [], 31 | 32 | // Use 'postCreateCommand' to run commands after the container is created. 33 | "postCreateCommand": "pdk --version", 34 | } 35 | ``` 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Puppet Development Kit (Community)", 3 | "dockerFile": "Dockerfile", 4 | 5 | "settings": { 6 | "terminal.integrated.profiles.linux": { 7 | "bash": { 8 | "path": "bash" 9 | } 10 | } 11 | }, 12 | 13 | "extensions": [ 14 | "puppet.puppet-vscode", 15 | "rebornix.Ruby" 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /.fixtures.yml: -------------------------------------------------------------------------------- 1 | --- 2 | fixtures: 3 | repositories: 4 | concat: "https://github.com/puppetlabs/puppetlabs-concat.git" 5 | facts: 'https://github.com/puppetlabs/puppetlabs-facts.git' 6 | portage: "https://github.com/gentoo/puppet-portage.git" 7 | provision: 'https://github.com/puppetlabs/provision.git' 8 | puppet_agent: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git' 9 | stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib.git" 10 | yumrepo_core: "https://github.com/puppetlabs/puppetlabs-yumrepo_core.git" 11 | symlinks: 12 | apache: "#{source_dir}" 13 | site_apache: "#{source_dir}/spec/fixtures/site_apache" 14 | -------------------------------------------------------------------------------- /.geppetto-rc.json: -------------------------------------------------------------------------------- 1 | { 2 | "excludes": [ 3 | "**/contrib/**", 4 | "**/examples/**", 5 | "**/tests/**", 6 | "**/spec/**", 7 | "**/pkg/**" 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.rb eol=lf 2 | *.erb eol=lf 3 | *.pp eol=lf 4 | *.sh eol=lf 5 | *.epp eol=lf 6 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | ## Summary 2 | Provide a detailed description of all the changes present in this pull request. 3 | 4 | ## Additional Context 5 | Add any additional context about the problem here. 6 | - [ ] Root cause and the steps to reproduce. (If applicable) 7 | - [ ] Thought process behind the implementation. 8 | 9 | ## Related Issues (if any) 10 | Mention any related issues or pull requests. 11 | 12 | ## Checklist 13 | - [ ] 🟢 Spec tests. 14 | - [ ] 🟢 Acceptance tests. 15 | - [ ] Manually verified. (For example `puppet apply`) -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: "ci" 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - "main" 7 | workflow_dispatch: 8 | 9 | jobs: 10 | Spec: 11 | uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" 12 | with: 13 | runs_on: "ubuntu-24.04" 14 | secrets: "inherit" 15 | 16 | Acceptance: 17 | needs: Spec 18 | uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" 19 | with: 20 | runs_on: "ubuntu-24.04" 21 | secrets: "inherit" 22 | -------------------------------------------------------------------------------- /.github/workflows/mend.yml: -------------------------------------------------------------------------------- 1 | name: "mend" 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - "main" 7 | schedule: 8 | - cron: "0 0 * * *" 9 | workflow_dispatch: 10 | 11 | jobs: 12 | 13 | mend: 14 | uses: "puppetlabs/cat-github-actions/.github/workflows/mend_ruby.yml@main" 15 | secrets: "inherit" 16 | -------------------------------------------------------------------------------- /.github/workflows/nightly.yml: -------------------------------------------------------------------------------- 1 | name: "nightly" 2 | 3 | on: 4 | schedule: 5 | - cron: "0 0 * * *" 6 | workflow_dispatch: 7 | 8 | jobs: 9 | Spec: 10 | uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" 11 | with: 12 | runs_on: "ubuntu-24.04" 13 | secrets: "inherit" 14 | 15 | Acceptance: 16 | needs: Spec 17 | uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" 18 | with: 19 | runs_on: "ubuntu-24.04" 20 | secrets: "inherit" 21 | 22 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: "Publish module" 2 | 3 | on: 4 | workflow_dispatch: 5 | 6 | jobs: 7 | release: 8 | uses: "puppetlabs/cat-github-actions/.github/workflows/module_release.yml@main" 9 | secrets: "inherit" 10 | -------------------------------------------------------------------------------- /.github/workflows/release_prep.yml: -------------------------------------------------------------------------------- 1 | name: "Release Prep" 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | version: 7 | description: "Module version to be released. Must be a valid semver string. (1.2.3)" 8 | required: true 9 | 10 | jobs: 11 | release_prep: 12 | uses: "puppetlabs/cat-github-actions/.github/workflows/module_release_prep.yml@main" 13 | with: 14 | version: "${{ github.event.inputs.version }}" 15 | secrets: "inherit" 16 | -------------------------------------------------------------------------------- /.github_changelog_generator: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/puppetlabs/puppetlabs-apache/1b27ead17807cbc2615362fb4f2d416e05659a17/.github_changelog_generator -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .git/ 2 | .*.sw[op] 3 | .metadata 4 | .yardoc 5 | .yardwarns 6 | *.iml 7 | /.bundle/ 8 | /.idea/ 9 | /.vagrant/ 10 | /coverage/ 11 | /bin/ 12 | /doc/ 13 | /Gemfile.local 14 | /Gemfile.lock 15 | /junit/ 16 | /log/ 17 | /pkg/ 18 | /spec/fixtures/manifests/ 19 | /spec/fixtures/modules/* 20 | /tmp/ 21 | /vendor/ 22 | /.vendor/ 23 | /convert_report.txt 24 | /update_report.txt 25 | .DS_Store 26 | .project 27 | .envrc 28 | /inventory.yaml 29 | /spec/fixtures/litmus_inventory.yaml 30 | .resource_types 31 | .modules 32 | .task_cache.json 33 | .plan_cache.json 34 | .rerun.json 35 | bolt-debug.log 36 | -------------------------------------------------------------------------------- /.gitpod.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM gitpod/workspace-full 2 | RUN sudo wget https://apt.puppet.com/puppet-tools-release-bionic.deb && \ 3 | wget https://apt.puppetlabs.com/puppet6-release-bionic.deb && \ 4 | sudo dpkg -i puppet6-release-bionic.deb && \ 5 | sudo dpkg -i puppet-tools-release-bionic.deb && \ 6 | sudo apt-get update && \ 7 | sudo apt-get install -y pdk zsh puppet-agent && \ 8 | sudo apt-get clean && \ 9 | sudo rm -rf /var/lib/apt/lists/* 10 | RUN sudo usermod -s $(which zsh) gitpod && \ 11 | sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" && \ 12 | echo "plugins=(git gitignore github gem pip bundler python ruby docker docker-compose)" >> /home/gitpod/.zshrc && \ 13 | echo 'PATH="$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/puppetlabs/bin:/opt/puppetlabs/puppet/bin"' >> /home/gitpod/.zshrc && \ 14 | sudo /opt/puppetlabs/puppet/bin/gem install puppet-debugger hub -N && \ 15 | mkdir -p /home/gitpod/.config/puppet && \ 16 | /opt/puppetlabs/puppet/bin/ruby -r yaml -e "puts ({'disabled' => true}).to_yaml" > /home/gitpod/.config/puppet/analytics.yml 17 | RUN rm -f puppet6-release-bionic.deb puppet-tools-release-bionic.deb 18 | ENTRYPOINT /usr/bin/zsh 19 | -------------------------------------------------------------------------------- /.gitpod.yml: -------------------------------------------------------------------------------- 1 | image: 2 | file: .gitpod.Dockerfile 3 | 4 | tasks: 5 | - init: pdk bundle install 6 | 7 | vscode: 8 | extensions: 9 | - puppet.puppet-vscode@1.2.0:f5iEPbmOj6FoFTOV6q8LTg== 10 | -------------------------------------------------------------------------------- /.nodeset.yml: -------------------------------------------------------------------------------- 1 | --- 2 | default_set: 'centos-64-x64' 3 | sets: 4 | 'centos-59-x64': 5 | nodes: 6 | "main.foo.vm": 7 | prefab: 'centos-59-x64' 8 | 'centos-64-x64': 9 | nodes: 10 | "main.foo.vm": 11 | prefab: 'centos-64-x64' 12 | 'fedora-18-x64': 13 | nodes: 14 | "main.foo.vm": 15 | prefab: 'fedora-18-x64' 16 | 'debian-607-x64': 17 | nodes: 18 | "main.foo.vm": 19 | prefab: 'debian-607-x64' 20 | 'debian-70rc1-x64': 21 | nodes: 22 | "main.foo.vm": 23 | prefab: 'debian-70rc1-x64' 24 | 'ubuntu-server-10044-x64': 25 | nodes: 26 | "main.foo.vm": 27 | prefab: 'ubuntu-server-10044-x64' 28 | 'ubuntu-server-12042-x64': 29 | nodes: 30 | "main.foo.vm": 31 | prefab: 'ubuntu-server-12042-x64' 32 | -------------------------------------------------------------------------------- /.pdkignore: -------------------------------------------------------------------------------- 1 | .git/ 2 | .*.sw[op] 3 | .metadata 4 | .yardoc 5 | .yardwarns 6 | *.iml 7 | /.bundle/ 8 | /.idea/ 9 | /.vagrant/ 10 | /coverage/ 11 | /bin/ 12 | /doc/ 13 | /Gemfile.local 14 | /Gemfile.lock 15 | /junit/ 16 | /log/ 17 | /pkg/ 18 | /spec/fixtures/manifests/ 19 | /spec/fixtures/modules/* 20 | /tmp/ 21 | /vendor/ 22 | /.vendor/ 23 | /convert_report.txt 24 | /update_report.txt 25 | .DS_Store 26 | .project 27 | .envrc 28 | /inventory.yaml 29 | /spec/fixtures/litmus_inventory.yaml 30 | .resource_types 31 | .modules 32 | .task_cache.json 33 | .plan_cache.json 34 | .rerun.json 35 | bolt-debug.log 36 | /.fixtures.yml 37 | /Gemfile 38 | /.gitattributes 39 | /.github/ 40 | /.gitignore 41 | /.pdkignore 42 | /.puppet-lint.rc 43 | /Rakefile 44 | /rakelib/ 45 | /.rspec 46 | /..yml 47 | /.yardopts 48 | /spec/ 49 | /.vscode/ 50 | /.sync.yml 51 | /.devcontainer/ 52 | -------------------------------------------------------------------------------- /.puppet-lint.rc: -------------------------------------------------------------------------------- 1 | --relative 2 | --no-anchor_resource-check 3 | --no-140chars-check 4 | -------------------------------------------------------------------------------- /.rspec: -------------------------------------------------------------------------------- 1 | --color 2 | --format documentation 3 | -------------------------------------------------------------------------------- /.rubocop_todo.yml: -------------------------------------------------------------------------------- 1 | # This configuration was generated by 2 | # `rubocop --auto-gen-config` 3 | # on 2023-11-28 08:35:58 UTC using RuboCop version 1.48.1. 4 | # The point is for the user to remove these configuration records 5 | # one by one as the offenses are removed from the code base. 6 | # Note that changes in the inspected code, or installation of new 7 | # versions of RuboCop, may require this file to be generated again. 8 | 9 | # Offense count: 9 10 | # Configuration parameters: CountAsOne. 11 | RSpec/ExampleLength: 12 | Max: 43 13 | 14 | # Offense count: 6 15 | # Configuration parameters: Include, CustomTransform, IgnoreMethods, SpecSuffixOnly. 16 | # Include: **/*_spec*rb*, **/spec/**/* 17 | RSpec/FilePath: 18 | Exclude: 19 | - 'spec/classes/mod/lbmethod_bybusyness.rb' 20 | - 'spec/classes/mod/lbmethod_byrequests.rb' 21 | - 'spec/classes/mod/lbmethod_bytraffic.rb' 22 | - 'spec/classes/mod/lbmethod_heartbeat.rb' 23 | - 'spec/classes/mod/lookup_identity.rb' 24 | - 'spec/classes/mod/proxy_wstunnel.rb' 25 | 26 | # Offense count: 290 27 | # Configuration parameters: EnforcedStyle, IgnoreSharedExamples. 28 | # SupportedStyles: always, named_only 29 | RSpec/NamedSubject: 30 | Enabled: false 31 | 32 | # Offense count: 8 33 | RSpec/RepeatedExample: 34 | Exclude: 35 | - 'spec/classes/apache_spec.rb' 36 | -------------------------------------------------------------------------------- /.sync.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ".gitlab-ci.yml": 3 | delete: true 4 | ".rubocop.yml": 5 | include_todos: true 6 | appveyor.yml: 7 | delete: true 8 | 9 | spec/spec_helper.rb: 10 | mock_with: ":rspec" 11 | coverage_report: true 12 | .gitpod.Dockerfile: 13 | unmanaged: false 14 | .gitpod.yml: 15 | unmanaged: false 16 | .github/workflows/auto_release.yml: 17 | unmanaged: false 18 | .github/workflows/ci.yml: 19 | unmanaged: true 20 | .github/workflows/nightly.yml: 21 | unmanaged: true 22 | .github/workflows/release.yml: 23 | unmanaged: false 24 | Rakefile: 25 | changelog_max_issues: 500 26 | extras: 27 | "FastGettext.default_text_domain = 'default-text-domain'" 28 | .travis.yml: 29 | delete: true 30 | changelog_since_tag: "3.2.0" 31 | Rakefile: 32 | extra_disabled_lint_checks: 33 | - anchor_resource 34 | - 140chars 35 | -------------------------------------------------------------------------------- /.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | "recommendations": [ 3 | "puppet.puppet-vscode", 4 | "Shopify.ruby-lsp" 5 | ] 6 | } 7 | -------------------------------------------------------------------------------- /.yardopts: -------------------------------------------------------------------------------- 1 | --markup markdown 2 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Setting ownership to the modules team 2 | * @puppetlabs/modules @bastelfreak @ekohl @smortex 3 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to Puppet modules 2 | 3 | Check out our [Contributing to Supported Modules Blog Post](https://puppetlabs.github.io/iac/docs/contributing_to_a_module.html) to find all the information that you will need. 4 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Puppet Module - puppetlabs-apache 2 | 3 | Copyright 2018 Puppet, Inc. 4 | 5 | Licensed under the Apache License, Version 2.0 (the "License"); 6 | you may not use this file except in compliance with the License. 7 | You may obtain a copy of the License at 8 | 9 | http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | Unless required by applicable law or agreed to in writing, software 12 | distributed under the License is distributed on an "AS IS" BASIS, 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | See the License for the specific language governing permissions and 15 | limitations under the License. -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'bundler' 4 | require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus' 5 | require 'puppetlabs_spec_helper/rake_tasks' 6 | require 'puppet-syntax/tasks/puppet-syntax' 7 | require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings' 8 | 9 | PuppetLint.configuration.send('disable_relative') 10 | PuppetLint.configuration.send('disable_anchor_resource') 11 | PuppetLint.configuration.send('disable_140chars') 12 | -------------------------------------------------------------------------------- /data/common.yaml: -------------------------------------------------------------------------------- 1 | --- {} 2 | -------------------------------------------------------------------------------- /examples/apache.pp: -------------------------------------------------------------------------------- 1 | include apache 2 | include apache::mod::php 3 | include apache::mod::cgi 4 | include apache::mod::userdir 5 | include apache::mod::disk_cache 6 | include apache::mod::proxy_http 7 | -------------------------------------------------------------------------------- /examples/dev.pp: -------------------------------------------------------------------------------- 1 | include apache::mod::dev 2 | -------------------------------------------------------------------------------- /examples/init.pp: -------------------------------------------------------------------------------- 1 | include apache 2 | -------------------------------------------------------------------------------- /examples/mod_load_params.pp: -------------------------------------------------------------------------------- 1 | # Tests the path and identifier parameters for the apache::mod class 2 | 3 | # Base class for clarity: 4 | class { 'apache': } 5 | 6 | # Exaple parameter usage: 7 | apache::mod { 'testmod': 8 | path => '/usr/some/path/mod_testmod.so', 9 | id => 'testmod_custom_name', 10 | } 11 | -------------------------------------------------------------------------------- /examples/mods.pp: -------------------------------------------------------------------------------- 1 | ## Default mods 2 | 3 | # Base class. Declares default vhost on port 80 and default ssl 4 | # vhost on port 443 listening on all interfaces and serving 5 | # $apache::docroot, and declaring our default set of modules. 6 | class { 'apache': 7 | default_mods => true, 8 | } 9 | -------------------------------------------------------------------------------- /examples/mods_custom.pp: -------------------------------------------------------------------------------- 1 | ## custom mods 2 | 3 | # Base class. Declares default vhost on port 80 and default ssl 4 | # vhost on port 443 listening on all interfaces and serving 5 | # $apache::docroot, and declaring a custom set of modules. 6 | class { 'apache': 7 | default_mods => [ 8 | 'info', 9 | 'alias', 10 | 'mime', 11 | 'env', 12 | 'setenv', 13 | 'expires', 14 | ], 15 | } 16 | -------------------------------------------------------------------------------- /examples/php.pp: -------------------------------------------------------------------------------- 1 | class { 'apache': 2 | mpm_module => 'prefork', 3 | } 4 | include apache::mod::php 5 | -------------------------------------------------------------------------------- /examples/vhost_directories.pp: -------------------------------------------------------------------------------- 1 | # Base class. Declares default vhost on port 80 and default ssl 2 | # vhost on port 443 listening on all interfaces and serving 3 | # $apache::docroot 4 | class { 'apache': } 5 | 6 | # Example from README adapted. 7 | apache::vhost { 'readme.example.net': 8 | docroot => '/var/www/readme', 9 | directories => [ 10 | { 11 | 'path' => '/var/www/readme', 12 | 'ServerTokens' => 'prod' , 13 | }, 14 | { 15 | 'path' => '/usr/share/empty', 16 | 'allow' => 'from all', 17 | }, 18 | ], 19 | } 20 | 21 | # location test 22 | apache::vhost { 'location.example.net': 23 | docroot => '/var/www/location', 24 | directories => [ 25 | { 26 | 'path' => '/location', 27 | 'provider' => 'location', 28 | 'ServerTokens' => 'prod' 29 | }, 30 | ], 31 | } 32 | 33 | # files test, curedly disable access to accidental backup files. 34 | apache::vhost { 'files.example.net': 35 | docroot => '/var/www/files', 36 | directories => [ 37 | { 38 | 'path' => '(\.swp|\.bak|~)$', 39 | 'provider' => 'filesmatch', 40 | 'deny' => 'from all' 41 | }, 42 | ], 43 | } 44 | -------------------------------------------------------------------------------- /examples/vhost_filter.pp: -------------------------------------------------------------------------------- 1 | # Base class. Declares default vhost on port 80 with filters. 2 | class { 'apache': } 3 | 4 | # Example from README adapted. 5 | apache::vhost { 'readme.example.net': 6 | docroot => '/var/www/html', 7 | filters => [ 8 | 'FilterDeclare COMPRESS', 9 | 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', 10 | 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css', 11 | 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain', 12 | 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml', 13 | 'FilterChain COMPRESS', 14 | 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', 15 | ], 16 | } 17 | -------------------------------------------------------------------------------- /examples/vhost_ip_based.pp: -------------------------------------------------------------------------------- 1 | ## IP-based vhosts on any listen port 2 | # IP-based vhosts respond to requests on specific IP addresses. 3 | 4 | # Base class. Turn off the default vhosts; we will be declaring 5 | # all vhosts below. 6 | class { 'apache': 7 | default_vhost => false, 8 | } 9 | 10 | # Listen on port 80 and 81; required because the following vhosts 11 | # are not declared with a port parameter. 12 | apache::listen { '80': } 13 | apache::listen { '81': } 14 | 15 | # IP-based vhosts 16 | apache::vhost { 'first.example.com': 17 | ip => '10.0.0.10', 18 | docroot => '/var/www/first', 19 | ip_based => true, 20 | } 21 | apache::vhost { 'second.example.com': 22 | ip => '10.0.0.11', 23 | docroot => '/var/www/second', 24 | ip_based => true, 25 | } 26 | -------------------------------------------------------------------------------- /examples/vhost_proxypass.pp: -------------------------------------------------------------------------------- 1 | ## vhost with proxyPass directive 2 | # NB: Please see the other vhost_*.pp example files for further 3 | # examples. 4 | 5 | # Base class. Declares default vhost on port 80 and default ssl 6 | # vhost on port 443 listening on all interfaces and serving 7 | # $apache::docroot 8 | class { 'apache': } 9 | 10 | # Most basic vhost with proxy_pass 11 | apache::vhost { 'first.example.com': 12 | port => 80, 13 | docroot => '/var/www/first', 14 | proxy_pass => [ 15 | { 16 | 'path' => '/first', 17 | 'url' => 'http://localhost:8080/first' 18 | }, 19 | ], 20 | } 21 | 22 | # vhost with proxy_pass and parameters 23 | apache::vhost { 'second.example.com': 24 | port => 80, 25 | docroot => '/var/www/second', 26 | proxy_pass => [ 27 | { 28 | 'path' => '/second', 29 | 'url' => 'http://localhost:8080/second', 30 | 'params' => { 31 | 'retry' => 0, 32 | 'timeout' => 5, 33 | } 34 | }, 35 | ], 36 | } 37 | 38 | # vhost with proxy_pass and keywords 39 | apache::vhost { 'third.example.com': 40 | port => 80, 41 | docroot => '/var/www/third', 42 | proxy_pass => [ 43 | { 44 | 'path' => '/third', 45 | 'url' => 'http://localhost:8080/third', 46 | 'keywords' => ['noquery', 'interpolate'] 47 | }, 48 | ], 49 | } 50 | 51 | # vhost with proxy_pass, parameters and keywords 52 | apache::vhost { 'fourth.example.com': 53 | port => 80, 54 | docroot => '/var/www/fourth', 55 | proxy_pass => [ 56 | { 57 | 'path' => '/fourth', 58 | 'url' => 'http://localhost:8080/fourth', 59 | 'params' => { 60 | 'retry' => 0, 61 | 'timeout' => 5, 62 | }, 63 | 'keywords' => ['noquery', 'interpolate'] 64 | }, 65 | ], 66 | } 67 | -------------------------------------------------------------------------------- /examples/vhost_ssl.pp: -------------------------------------------------------------------------------- 1 | ## SSL-enabled vhosts 2 | # SSL-enabled vhosts respond only to HTTPS queries. 3 | 4 | # Base class. Turn off the default vhosts; we will be declaring 5 | # all vhosts below. 6 | class { 'apache': 7 | default_vhost => false, 8 | } 9 | 10 | # Non-ssl vhost 11 | apache::vhost { 'first.example.com non-ssl': 12 | servername => 'first.example.com', 13 | port => 80, 14 | docroot => '/var/www/first', 15 | } 16 | 17 | # SSL vhost at the same domain 18 | apache::vhost { 'first.example.com ssl': 19 | servername => 'first.example.com', 20 | port => 443, 21 | docroot => '/var/www/first', 22 | ssl => true, 23 | } 24 | -------------------------------------------------------------------------------- /examples/vhosts_without_listen.pp: -------------------------------------------------------------------------------- 1 | ## Declare ip-based and name-based vhosts 2 | # Mixing Name-based vhost with IP-specific vhosts requires `add_listen => 3 | # 'false'` on the non-IP vhosts 4 | 5 | # Base class. Turn off the default vhosts; we will be declaring 6 | # all vhosts below. 7 | class { 'apache': 8 | default_vhost => false, 9 | } 10 | 11 | # Add two an IP-based vhost on 10.0.0.10, ssl and non-ssl 12 | apache::vhost { 'The first IP-based vhost, non-ssl': 13 | servername => 'first.example.com', 14 | ip => '10.0.0.10', 15 | port => 80, 16 | ip_based => true, 17 | docroot => '/var/www/first', 18 | } 19 | apache::vhost { 'The first IP-based vhost, ssl': 20 | servername => 'first.example.com', 21 | ip => '10.0.0.10', 22 | port => 443, 23 | ip_based => true, 24 | docroot => '/var/www/first-ssl', 25 | ssl => true, 26 | } 27 | 28 | # Two name-based vhost listening on 10.0.0.20 29 | apache::vhost { 'second.example.com': 30 | ip => '10.0.0.20', 31 | port => 80, 32 | docroot => '/var/www/second', 33 | } 34 | apache::vhost { 'third.example.com': 35 | ip => '10.0.0.20', 36 | port => 80, 37 | docroot => '/var/www/third', 38 | } 39 | 40 | # Two name-based vhosts without IPs specified, so that they will answer on either 10.0.0.10 or 10.0.0.20 . It is requried to declare 41 | # `add_listen => 'false'` to disable declaring "Listen 80" which will conflict 42 | # with the IP-based preceeding vhosts. 43 | apache::vhost { 'fourth.example.com': 44 | port => 80, 45 | docroot => '/var/www/fourth', 46 | add_listen => false, 47 | } 48 | apache::vhost { 'fifth.example.com': 49 | port => 80, 50 | docroot => '/var/www/fifth', 51 | add_listen => false, 52 | } 53 | -------------------------------------------------------------------------------- /files/httpd: -------------------------------------------------------------------------------- 1 | # Configuration file for the httpd service. 2 | 3 | # 4 | # The default processing model (MPM) is the process-based 5 | # 'prefork' model. A thread-based model, 'worker', is also 6 | # available, but does not work with some modules (such as PHP). 7 | # The service must be stopped before changing this variable. 8 | # 9 | #HTTPD=/usr/sbin/httpd.worker 10 | 11 | # 12 | # To pass additional options (for instance, -D definitions) to the 13 | # httpd binary at startup, set OPTIONS here. 14 | # 15 | #OPTIONS= 16 | #OPTIONS=-DDOWN 17 | 18 | # 19 | # By default, the httpd process is started in the C locale; to 20 | # change the locale in which the server runs, the HTTPD_LANG 21 | # variable can be set. 22 | # 23 | #HTTPD_LANG=C 24 | export SHORTHOST=`hostname -s` 25 | -------------------------------------------------------------------------------- /hiera.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | version: 5 3 | 4 | defaults: # Used for any hierarchy level that omits these keys. 5 | datadir: data # This path is relative to hiera.yaml's directory. 6 | data_hash: yaml_data # Use the built-in YAML backend. 7 | 8 | hierarchy: 9 | - name: "osfamily/major release" 10 | paths: 11 | # Used to distinguish between Debian and Ubuntu 12 | - "os/%{facts.os.name}/%{facts.os.release.major}.yaml" 13 | - "os/%{facts.os.family}/%{facts.os.release.major}.yaml" 14 | # Used for Solaris 15 | - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" 16 | - name: "osfamily" 17 | paths: 18 | - "os/%{facts.os.name}.yaml" 19 | - "os/%{facts.os.family}.yaml" 20 | - name: 'common' 21 | path: 'common.yaml' 22 | -------------------------------------------------------------------------------- /lib/puppet/functions/apache/apache_pw_hash.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # @summary DEPRECATED. Use the function [`apache::pw_hash`](#apachepw_hash) instead. 4 | Puppet::Functions.create_function(:'apache::apache_pw_hash') do 5 | dispatch :deprecation_gen do 6 | repeated_param 'Any', :args 7 | end 8 | def deprecation_gen(*args) 9 | call_function('deprecation', 'apache::apache_pw_hash', 'This function is deprecated, please use apache::pw_hash instead.') 10 | call_function('apache::pw_hash', *args) 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /lib/puppet/functions/apache/bool2httpd.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # @summary 4 | # Transform a supposed boolean to On or Off. Passes all other values through. 5 | # 6 | Puppet::Functions.create_function(:'apache::bool2httpd') do 7 | # @param arg 8 | # The value to be converted into a string. 9 | # 10 | # @return 11 | # Will return either `On` or `Off` if given a boolean value. Returns a string of any 12 | # other given value. 13 | # @example 14 | # $trace_enable = false 15 | # $server_signature = 'mail' 16 | # 17 | # apache::bool2httpd($trace_enable) # returns 'Off' 18 | # apache::bool2httpd($server_signature) # returns 'mail' 19 | # apache::bool2httpd(undef) # returns 'Off' 20 | # 21 | def bool2httpd(arg) 22 | return 'Off' if arg.nil? || arg == false || matches_string?(arg, %r{false}i) || arg == :undef 23 | return 'On' if arg == true || matches_string?(arg, %r{true}i) 24 | 25 | arg.to_s 26 | end 27 | 28 | private 29 | 30 | def matches_string?(value, matcher) 31 | if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.4.0') 32 | value =~ matcher 33 | else 34 | value.is_a?(String) && value.match?(matcher) 35 | end 36 | end 37 | end 38 | -------------------------------------------------------------------------------- /lib/puppet/functions/apache/pw_hash.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # @summary 4 | # Hashes a password in a format suitable for htpasswd files read by apache. 5 | # 6 | # Currently uses SHA-hashes, because although this format is considered insecure, it's the 7 | # most secure format supported by the most platforms. 8 | Puppet::Functions.create_function(:'apache::pw_hash') do 9 | # @param password 10 | # The input that is to be hashed. 11 | # 12 | # @return 13 | # Returns the hash of the input that was given. 14 | dispatch :apache_pw_hash do 15 | required_param 'String[1]', :password 16 | return_type 'String' 17 | end 18 | 19 | def apache_pw_hash(password) 20 | require 'base64' 21 | "{SHA}#{Base64.strict_encode64(Digest::SHA1.digest(password))}" 22 | end 23 | end 24 | -------------------------------------------------------------------------------- /lib/puppet/functions/apache_pw_hash.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # @summary DEPRECATED. Use the namespaced function [`apache::pw_hash`](#apachepw_hash) instead. 4 | Puppet::Functions.create_function(:apache_pw_hash) do 5 | dispatch :deprecation_gen do 6 | repeated_param 'Any', :args 7 | end 8 | def deprecation_gen(*args) 9 | call_function('deprecation', 'apache_pw_hash', 'This function is deprecated, please use apache::pw_hash instead.') 10 | call_function('apache::pw_hash', *args) 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /lib/puppet/functions/bool2httpd.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # @summary DEPRECATED. Use the namespaced function [`apache::bool2httpd`](#apachebool2httpd) instead. 4 | Puppet::Functions.create_function(:bool2httpd) do 5 | dispatch :deprecation_gen do 6 | repeated_param 'Any', :args 7 | end 8 | def deprecation_gen(*args) 9 | call_function('deprecation', 'bool2httpd', 'This function is deprecated, please use apache::bool2httpd instead.') 10 | call_function('apache::bool2httpd', *args) 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /lib/puppet/provider/a2mod.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # a2mod.rb 4 | class Puppet::Provider::A2mod < Puppet::Provider 5 | # Fetches the mod provider 6 | def self.prefetch(mods) 7 | instances.each do |prov| 8 | mod = mods[prov.name] 9 | mod.provider = prov if mod 10 | end 11 | end 12 | 13 | # Clear's the property_hash 14 | def flush 15 | @property_hash.clear 16 | end 17 | 18 | # Returns a copy of the property_hash 19 | def properties 20 | if @property_hash.empty? 21 | @property_hash = query || { ensure: :absent } 22 | @property_hash[:ensure] = :absent if @property_hash.empty? 23 | end 24 | @property_hash.dup 25 | end 26 | 27 | # Returns the properties of the given mod if it exists. 28 | def query 29 | self.class.instances.each do |mod| 30 | return mod.properties if mod.name == name || mod.name.downcase == name 31 | end 32 | nil 33 | end 34 | 35 | # Return's if the ensure property is absent or not 36 | def exists? 37 | properties[:ensure] != :absent 38 | end 39 | end 40 | -------------------------------------------------------------------------------- /manifests/confd/no_accf.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Manages the `no-accf.conf` file. 3 | # 4 | # @api private 5 | class apache::confd::no_accf { 6 | # Template uses no variables 7 | file { 'no-accf.conf': 8 | ensure => 'file', 9 | path => "${apache::confd_dir}/no-accf.conf", 10 | content => epp('apache/confd/no-accf.conf.epp'), 11 | require => Exec["mkdir ${apache::confd_dir}"], 12 | before => File[$apache::confd_dir], 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /manifests/default_confd_files.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Helper for setting up default conf.d files. 3 | # 4 | # @api private 5 | class apache::default_confd_files ( 6 | Boolean $all = true, 7 | ) { 8 | # The rest of the conf.d/* files only get loaded if we want them 9 | if $all { 10 | case $facts['os']['family'] { 11 | 'FreeBSD': { 12 | include apache::confd::no_accf 13 | } 14 | default: { 15 | # do nothing 16 | } 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /manifests/default_mods/load.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Helper used by `apache::default_mods` 3 | # 4 | # @api private 5 | define apache::default_mods::load (String $module = $title) { 6 | if defined("apache::mod::${module}") { 7 | include "::apache::mod::${module}" 8 | } else { 9 | ::apache::mod { $module: } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /manifests/dev.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs Apache development libraries. 3 | # 4 | # The libraries installed depends on the `dev_packages` parameter of the `apache::params` 5 | # class, based on your operating system: 6 | # - **Debian** : `libaprutil1-dev`, `libapr1-dev`; `apache2-dev` 7 | # - **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`. 8 | # - **Gentoo**: `undef`. 9 | # - **Red Hat**: `httpd-devel`. 10 | class apache::dev { 11 | if ! defined(Class['apache']) { 12 | fail('You must include the apache base class before using any apache defined resources') 13 | } 14 | 15 | $packages = $apache::dev_packages 16 | if $packages { # FreeBSD doesn't have dev packages to install 17 | package { $packages: 18 | ensure => present, 19 | require => Package['httpd'], 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /manifests/listen.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Adds `Listen` directives to `ports.conf` that define the 3 | # Apache server's or a virtual host's listening address and port. 4 | # 5 | # The `apache::vhost` class uses this defined type, and titles take the form 6 | # ``, `:`, or `:`. 7 | define apache::listen { 8 | $listen_addr_port = $name 9 | 10 | # Template uses: $listen_addr_port 11 | concat::fragment { "Listen ${listen_addr_port}": 12 | target => $apache::ports_file, 13 | content => epp('apache/listen.epp', { 'listen_addr_port' => $listen_addr_port }), 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /manifests/mod/actions.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs Apache mod_actions 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_actions.html for additional documentation. 5 | # 6 | class apache::mod::actions { 7 | apache::mod { 'actions': } 8 | } 9 | -------------------------------------------------------------------------------- /manifests/mod/apreq2.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_apreq2`. 3 | # 4 | # @see http://httpd.apache.org/apreq/docs/libapreq2/group__mod__apreq2.html for additional documentation. 5 | # 6 | # @note Unsupported platforms: CentOS: all; OracleLinux: all; RedHat: all; Scientific: all; SLES: all; Ubuntu: all 7 | class apache::mod::apreq2 { 8 | ::apache::mod { 'apreq2': 9 | id => 'apreq_module', 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /manifests/mod/auth_basic.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_auth_basic` 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_auth_basic.html for additional documentation. 5 | # 6 | class apache::mod::auth_basic { 7 | include apache::mod::authn_core 8 | ::apache::mod { 'auth_basic': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/auth_gssapi.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_auth_gsappi`. 3 | # 4 | # @see https://github.com/modauthgssapi/mod_auth_gssapi for additional documentation. 5 | # 6 | class apache::mod::auth_gssapi { 7 | include apache 8 | include apache::mod::authn_core 9 | apache::mod { 'auth_gssapi': } 10 | } 11 | -------------------------------------------------------------------------------- /manifests/mod/auth_kerb.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_auth_kerb` 3 | # 4 | # @see http://modauthkerb.sourceforge.net for additional documentation. 5 | class apache::mod::auth_kerb { 6 | include apache 7 | include apache::mod::authn_core 8 | ::apache::mod { 'auth_kerb': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/auth_openidc.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_auth_openidc`. 3 | # 4 | # @param manage_dnf_module Whether to manage the DNF module 5 | # @param dnf_module_ensure The DNF module name to ensure. Only relevant if manage_dnf_module is set to true. 6 | # @param dnf_module_name The DNF module name to manage. Only relevant if manage_dnf_module is set to true. 7 | # 8 | # @see https://github.com/zmartzone/mod_auth_openidc for additional documentation. 9 | # @note Unsupported platforms: OracleLinux: 6; RedHat: 6; Scientific: 6; SLES: all 10 | # 11 | class apache::mod::auth_openidc ( 12 | Boolean $manage_dnf_module = $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '8', 13 | String[1] $dnf_module_ensure = 'present', 14 | String[1] $dnf_module_name = 'mod_auth_openidc', 15 | ) { 16 | include apache 17 | include apache::mod::authn_core 18 | include apache::mod::authz_user 19 | 20 | apache::mod { 'auth_openidc': } 21 | 22 | if $manage_dnf_module { 23 | package { 'dnf-module-mod_auth_openidc': 24 | ensure => $dnf_module_ensure, 25 | name => $dnf_module_name, 26 | provider => 'dnfmodule', 27 | before => Apache::Mod['auth_openidc'], 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /manifests/mod/authn_core.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_authn_core`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_authn_core.html for additional documentation. 5 | # 6 | class apache::mod::authn_core { 7 | ::apache::mod { 'authn_core': } 8 | } 9 | -------------------------------------------------------------------------------- /manifests/mod/authn_file.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_authn_file`. 3 | # 4 | # @see https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html for additional documentation. 5 | # 6 | class apache::mod::authn_file { 7 | ::apache::mod { 'authn_file': } 8 | } 9 | -------------------------------------------------------------------------------- /manifests/mod/authnz_ldap.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_authnz_ldap`. 3 | # 4 | # @param verify_server_cert 5 | # Whether to force te verification of a server cert or not. 6 | # 7 | # @param package_name 8 | # The name of the ldap package. 9 | # 10 | # @see https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html for additional documentation. 11 | # @note Unsupported platforms: RedHat: 6, 8, 9; CentOS: 6, 8; OracleLinux: 6, 8; Ubuntu: all; Debian: all; SLES: all 12 | class apache::mod::authnz_ldap ( 13 | Boolean $verify_server_cert = true, 14 | Optional[String] $package_name = undef, 15 | ) { 16 | include apache 17 | include 'apache::mod::ldap' 18 | ::apache::mod { 'authnz_ldap': 19 | package => $package_name, 20 | } 21 | 22 | # Template uses: 23 | # - $verify_server_cert 24 | file { 'authnz_ldap.conf': 25 | ensure => file, 26 | path => "${apache::mod_dir}/authnz_ldap.conf", 27 | mode => $apache::file_mode, 28 | content => epp('apache/mod/authnz_ldap.conf.epp', { 'verify_server_cert' => $verify_server_cert, }), 29 | require => Exec["mkdir ${apache::mod_dir}"], 30 | before => File[$apache::mod_dir], 31 | notify => Class['apache::service'], 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /manifests/mod/authnz_pam.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_authnz_pam`. 3 | # 4 | # @see https://www.adelton.com/apache/mod_authnz_pam for additional documentation. 5 | # 6 | class apache::mod::authnz_pam { 7 | include apache 8 | ::apache::mod { 'authnz_pam': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/authz_core.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_authz_core`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_authz_core.html for additional documentation. 5 | # 6 | class apache::mod::authz_core { 7 | apache::mod { 'authz_core': } 8 | } 9 | -------------------------------------------------------------------------------- /manifests/mod/authz_groupfile.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_authz_groupfile` 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html for additional documentation. 5 | # 6 | class apache::mod::authz_groupfile { 7 | include apache 8 | apache::mod { 'authz_groupfile': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/authz_user.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_authz_user` 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_authz_user.html for additional documentation. 5 | # 6 | class apache::mod::authz_user { 7 | ::apache::mod { 'authz_user': } 8 | } 9 | -------------------------------------------------------------------------------- /manifests/mod/autoindex.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_autoindex` 3 | # 4 | # @param icons_prefix 5 | # Change the alias for /icons/. 6 | # 7 | # @see https://httpd.apache.org/docs/current/mod/mod_autoindex.html for additional documentation. 8 | # 9 | class apache::mod::autoindex ( 10 | String $icons_prefix = $apache::params::icons_prefix 11 | ) inherits apache::params { 12 | include apache 13 | ::apache::mod { 'autoindex': } 14 | 15 | # Determine icon filename suffix for autoindex.conf.epp 16 | case $facts['os']['name'] { 17 | 'Debian', 'Ubuntu': { 18 | $icon_suffix = '-20x22' 19 | } 20 | default: { 21 | $icon_suffix = '' 22 | } 23 | } 24 | 25 | file { 'autoindex.conf': 26 | ensure => file, 27 | path => "${apache::mod_dir}/autoindex.conf", 28 | mode => $apache::file_mode, 29 | content => epp('apache/mod/autoindex.conf.epp', { 'icons_prefix' => $icons_prefix, 'icon_suffix' => $icon_suffix, }), 30 | require => Exec["mkdir ${apache::mod_dir}"], 31 | before => File[$apache::mod_dir], 32 | notify => Class['apache::service'], 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /manifests/mod/cgi.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_cgi`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_cgi.html for additional documentation. 5 | # 6 | class apache::mod::cgi { 7 | include apache 8 | case $facts['os']['family'] { 9 | 'FreeBSD': {} 10 | default: { 11 | if defined(Class['apache::mod::itk']) { 12 | Class['apache::mod::itk'] -> Class['apache::mod::cgi'] 13 | } elsif defined(Class['apache::mod::peruser']) { 14 | Class['apache::mod::peruser'] -> Class['apache::mod::cgi'] 15 | } else { 16 | Class['apache::mod::prefork'] -> Class['apache::mod::cgi'] 17 | } 18 | } 19 | } 20 | 21 | if $facts['os']['family'] == 'Suse' { 22 | ::apache::mod { 'cgi': 23 | lib_path => '/usr/lib64/apache2-prefork', 24 | } 25 | } else { 26 | ::apache::mod { 'cgi': } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /manifests/mod/cgid.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_cgid`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_cgid.html 5 | # 6 | class apache::mod::cgid { 7 | include apache 8 | case $facts['os']['family'] { 9 | 'FreeBSD': {} 10 | default: { 11 | if defined(Class['apache::mod::event']) { 12 | Class['apache::mod::event'] -> Class['apache::mod::cgid'] 13 | } else { 14 | Class['apache::mod::worker'] -> Class['apache::mod::cgid'] 15 | } 16 | } 17 | } 18 | 19 | # Debian specifies it's cgid sock path, but RedHat uses the default value 20 | # with no config file 21 | $cgisock_path = $facts['os']['family'] ? { 22 | 'Debian' => "\${APACHE_RUN_DIR}/cgisock", 23 | 'FreeBSD' => 'cgisock', 24 | default => undef, 25 | } 26 | 27 | if $facts['os']['family'] == 'Suse' { 28 | ::apache::mod { 'cgid': 29 | lib_path => '/usr/lib64/apache2-worker', 30 | } 31 | } else { 32 | ::apache::mod { 'cgid': } 33 | } 34 | 35 | if $cgisock_path { 36 | # Template uses $cgisock_path 37 | file { 'cgid.conf': 38 | ensure => file, 39 | path => "${apache::mod_dir}/cgid.conf", 40 | mode => $apache::file_mode, 41 | content => epp('apache/mod/cgid.conf.epp', { 'cgisock_path' => $cgisock_path }), 42 | require => Exec["mkdir ${apache::mod_dir}"], 43 | before => File[$apache::mod_dir], 44 | notify => Class['apache::service'], 45 | } 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /manifests/mod/data.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_data`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_data.html for additional documentation. 5 | # 6 | class apache::mod::data { 7 | include apache 8 | ::apache::mod { 'data': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/dav.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_dav`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_dav.html for additional documentation. 5 | # 6 | class apache::mod::dav { 7 | ::apache::mod { 'dav': } 8 | } 9 | -------------------------------------------------------------------------------- /manifests/mod/dav_fs.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_dav_fs`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_dav_fs.html for additional documentation. 5 | # 6 | class apache::mod::dav_fs { 7 | include apache 8 | $dav_lock = $facts['os']['family'] ? { 9 | 'Debian' => "\${APACHE_LOCK_DIR}/DAVLock", 10 | 'FreeBSD' => '/usr/local/var/DavLock', 11 | default => '/var/lib/dav/lockdb', 12 | } 13 | 14 | Class['apache::mod::dav'] -> Class['apache::mod::dav_fs'] 15 | ::apache::mod { 'dav_fs': } 16 | 17 | # Template uses: $dav_lock 18 | file { 'dav_fs.conf': 19 | ensure => file, 20 | path => "${apache::mod_dir}/dav_fs.conf", 21 | mode => $apache::file_mode, 22 | content => epp('apache/mod/dav_fs.conf.epp', { 'dav_lock' => $dav_lock }), 23 | require => Exec["mkdir ${apache::mod_dir}"], 24 | before => File[$apache::mod_dir], 25 | notify => Class['apache::service'], 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /manifests/mod/dav_svn.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_dav_svn`. 3 | # 4 | # @param authz_svn_enabled 5 | # Specifies whether to install Apache mod_authz_svn 6 | # 7 | # @see https://httpd.apache.org/docs/current/mod/mod_dav_svn.html for additional documentation. 8 | # 9 | class apache::mod::dav_svn ( 10 | Boolean $authz_svn_enabled = false, 11 | ) { 12 | Class['apache::mod::dav'] -> Class['apache::mod::dav_svn'] 13 | include apache 14 | include apache::mod::dav 15 | if($facts['os']['name'] == 'SLES' and versioncmp($facts['os']['release']['major'], '12') < 0) { 16 | package { 'subversion-server': 17 | ensure => 'installed', 18 | provider => 'zypper', 19 | } 20 | } 21 | 22 | ::apache::mod { 'dav_svn': } 23 | 24 | if $authz_svn_enabled { 25 | ::apache::mod { 'authz_svn': 26 | # authz_svn depends on symbols from the dav_svn module, 27 | # therefore, make sure authz_svn is loaded after dav_svn. 28 | loadfile_name => 'dav_svn_authz_svn.load', 29 | require => Apache::Mod['dav_svn'], 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /manifests/mod/dbd.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_dbd`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_dbd.html for additional documentation. 5 | # 6 | class apache::mod::dbd { 7 | ::apache::mod { 'dbd': } 8 | } 9 | -------------------------------------------------------------------------------- /manifests/mod/deflate.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_deflate`. 3 | # 4 | # @param types 5 | # An array of MIME types to be deflated. See https://www.iana.org/assignments/media-types/media-types.xhtml. 6 | # 7 | # @param notes 8 | # A Hash where the key represents the type and the value represents the note name. 9 | # 10 | # @see https://httpd.apache.org/docs/current/mod/mod_deflate.html for additional documentation. 11 | # 12 | class apache::mod::deflate ( 13 | Array[String] $types = [ 14 | 'text/html text/plain text/xml', 15 | 'text/css', 16 | 'application/x-javascript application/javascript application/ecmascript', 17 | 'application/rss+xml', 18 | 'application/json', 19 | ], 20 | Hash $notes = { 21 | 'Input' => 'instream', 22 | 'Output' => 'outstream', 23 | 'Ratio' => 'ratio', 24 | } 25 | ) { 26 | include apache 27 | ::apache::mod { 'deflate': } 28 | 29 | file { 'deflate.conf': 30 | ensure => file, 31 | path => "${apache::mod_dir}/deflate.conf", 32 | mode => $apache::file_mode, 33 | content => epp('apache/mod/deflate.conf.epp', { 'types' => $types, 'notes' => $notes, }), 34 | require => Exec["mkdir ${apache::mod_dir}"], 35 | before => File[$apache::mod_dir], 36 | notify => Class['apache::service'], 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /manifests/mod/dir.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_dir`. 3 | # 4 | # @param dir 5 | # 6 | # @param indexes 7 | # Provides a string for the DirectoryIndex directive 8 | # 9 | # @todo 10 | # This sets the global DirectoryIndex directive, so it may be necessary to consider being able to modify the apache::vhost to declare 11 | # DirectoryIndex statements in a vhost configuration 12 | # 13 | # @see https://httpd.apache.org/docs/current/mod/mod_dir.html for additional documentation. 14 | # 15 | class apache::mod::dir ( 16 | String $dir = 'public_html', 17 | Array[String] $indexes = [ 18 | 'index.html', 19 | 'index.html.var', 20 | 'index.cgi', 21 | 'index.pl', 22 | 'index.php', 23 | 'index.xhtml', 24 | ], 25 | ) { 26 | include apache 27 | ::apache::mod { 'dir': } 28 | 29 | # Template uses 30 | # - $indexes 31 | file { 'dir.conf': 32 | ensure => file, 33 | path => "${apache::mod_dir}/dir.conf", 34 | mode => $apache::file_mode, 35 | content => epp('apache/mod/dir.conf.epp', { 'indexes' => $indexes }), 36 | require => Exec["mkdir ${apache::mod_dir}"], 37 | before => File[$apache::mod_dir], 38 | notify => Class['apache::service'], 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /manifests/mod/disk_cache.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_disk_cache`. 3 | # 4 | # @param cache_root 5 | # Defines the name of the directory on the disk to contain cache files. 6 | # Default depends on the Apache version and operating system: 7 | # - Debian: /var/cache/apache2/mod_cache_disk 8 | # - FreeBSD: /var/cache/mod_cache_disk 9 | # 10 | # @param cache_ignore_headers 11 | # Specifies HTTP header(s) that should not be stored in the cache. 12 | # 13 | # @param default_cache_enable 14 | # Default value is true, which enables "CacheEnable disk /" in disk_cache.conf for the webserver. This would cache 15 | # every request to apache by default for every vhost. If set to false the default cache all behaviour is supressed. 16 | # You can then control this behaviour in individual vhosts by explicitly defining CacheEnable. 17 | # 18 | # @note 19 | # Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed. 20 | # This class is deprecated, use mode_cache_disk instead 21 | # 22 | # @see https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html for additional documentation on version 2.4. 23 | # 24 | class apache::mod::disk_cache ( 25 | Optional[Stdlib::Absolutepath] $cache_root = undef, 26 | Optional[String] $cache_ignore_headers = undef, 27 | Boolean $default_cache_enable = true, 28 | ) { 29 | deprecation('apache::mod::disk_cache', 'This class is deprecated; please use apache::mod::cache_disk') 30 | 31 | class { 'apache::mod::cache_disk': 32 | cache_root => $cache_root, 33 | cache_enable => ['/'], 34 | cache_ignore_headers => $cache_ignore_headers, 35 | cache_dir_length => 1, 36 | cache_dir_levels => 2, 37 | configuration_file_name => 'cache_disk.conf' 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /manifests/mod/dumpio.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_dumpio`. 3 | # 4 | # @param dump_io_input 5 | # Dump all input data to the error log 6 | # 7 | # @param dump_io_output 8 | # Dump all output data to the error log 9 | # 10 | # @example 11 | # class{'apache': 12 | # default_mods => false, 13 | # log_level => 'dumpio:trace7', 14 | # } 15 | # class{'apache::mod::dumpio': 16 | # dump_io_input => 'On', 17 | # dump_io_output => 'Off', 18 | # } 19 | # 20 | # @see https://httpd.apache.org/docs/current/mod/mod_dumpio.html for additional documentation. 21 | # 22 | class apache::mod::dumpio ( 23 | Apache::OnOff $dump_io_input = 'Off', 24 | Apache::OnOff $dump_io_output = 'Off', 25 | ) { 26 | include apache 27 | 28 | ::apache::mod { 'dumpio': } 29 | file { 'dumpio.conf': 30 | ensure => file, 31 | path => "${apache::mod_dir}/dumpio.conf", 32 | mode => $apache::file_mode, 33 | content => epp('apache/mod/dumpio.conf.epp', { 'dump_io_input' => $dump_io_input, 'dump_io_output' => $dump_io_output, }), 34 | require => Exec["mkdir ${apache::mod_dir}"], 35 | before => File[$apache::mod_dir], 36 | notify => Class['apache::service'], 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /manifests/mod/env.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_env`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_env.html for additional documentation. 5 | # 6 | class apache::mod::env { 7 | ::apache::mod { 'env': } 8 | } 9 | -------------------------------------------------------------------------------- /manifests/mod/expires.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_expires`. 3 | # 4 | # @param expires_active 5 | # Enables generation of Expires headers. 6 | # 7 | # @param expires_default 8 | # Specifies the default algorithm for calculating expiration time using ExpiresByType syntax or interval syntax. 9 | # 10 | # @param expires_by_type 11 | # Describes a set of [MIME content-types](https://www.iana.org/assignments/media-types/media-types.xhtml) and their expiration 12 | # times. This should be used as an array of Hashes, with each Hash's key a valid MIME content-type (i.e. 'text/json') and its 13 | # value following valid interval syntax. 14 | # 15 | # @see https://httpd.apache.org/docs/current/mod/mod_expires.html for additional documentation. 16 | # 17 | class apache::mod::expires ( 18 | Boolean $expires_active = true, 19 | Optional[String] $expires_default = undef, 20 | Optional[Array[Hash]] $expires_by_type = undef, 21 | ) { 22 | include apache 23 | ::apache::mod { 'expires': } 24 | 25 | # Template uses 26 | # $expires_active 27 | # $expires_default 28 | # $expires_by_type 29 | $parameters = { 30 | 'expires_active' => $expires_active, 31 | 'expires_default' => $expires_default, 32 | 'expires_by_type' => $expires_by_type, 33 | } 34 | 35 | file { 'expires.conf': 36 | ensure => file, 37 | path => "${apache::mod_dir}/expires.conf", 38 | mode => $apache::file_mode, 39 | content => epp('apache/mod/expires.conf.epp', $parameters), 40 | require => Exec["mkdir ${apache::mod_dir}"], 41 | before => File[$apache::mod_dir], 42 | notify => Class['apache::service'], 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /manifests/mod/ext_filter.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_ext_filter`. 3 | # 4 | # @param ext_filter_define 5 | # Hash of filter names and their parameters. 6 | # 7 | # @example 8 | # class { 'apache::mod::ext_filter': 9 | # ext_filter_define => { 10 | # 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', 11 | # 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', 12 | # }, 13 | # } 14 | # 15 | # @see https://httpd.apache.org/docs/current/mod/mod_ext_filter.html for additional documentation. 16 | # 17 | class apache::mod::ext_filter ( 18 | Optional[Hash] $ext_filter_define = undef 19 | ) { 20 | include apache 21 | 22 | ::apache::mod { 'ext_filter': } 23 | 24 | # Template uses 25 | # -$ext_filter_define 26 | 27 | if $ext_filter_define { 28 | file { 'ext_filter.conf': 29 | ensure => file, 30 | path => "${apache::mod_dir}/ext_filter.conf", 31 | mode => $apache::file_mode, 32 | content => epp('apache/mod/ext_filter.conf.epp', { 'ext_filter_define' => $ext_filter_define, }), 33 | require => [Exec["mkdir ${apache::mod_dir}"],], 34 | before => File[$apache::mod_dir], 35 | notify => Class['Apache::Service'], 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /manifests/mod/filter.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_filter`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_filter.html for additional documentation. 5 | # 6 | class apache::mod::filter { 7 | ::apache::mod { 'filter': } 8 | } 9 | -------------------------------------------------------------------------------- /manifests/mod/headers.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_headers`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_headers.html for additional documentation. 5 | # 6 | class apache::mod::headers { 7 | ::apache::mod { 'headers': } 8 | } 9 | -------------------------------------------------------------------------------- /manifests/mod/include.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_include`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_include.html for additional documentation. 5 | # 6 | class apache::mod::include { 7 | ::apache::mod { 'include': } 8 | } 9 | -------------------------------------------------------------------------------- /manifests/mod/info.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_info`. 3 | # 4 | # @param allow_from 5 | # Allowlist of IPv4 or IPv6 addresses or ranges that can access the info path. 6 | # 7 | # @param restrict_access 8 | # Toggles whether to restrict access to info path. If `false`, the `allow_from` allowlist is ignored and any IP address can 9 | # access the info path. 10 | # 11 | # @param info_path 12 | # Path on server to file containing server configuration information. 13 | # 14 | # @see https://httpd.apache.org/docs/current/mod/mod_info.html for additional documentation. 15 | # 16 | class apache::mod::info ( 17 | Array[Stdlib::IP::Address] $allow_from = ['127.0.0.1', '::1'], 18 | Boolean $restrict_access = true, 19 | Stdlib::Unixpath $info_path = '/server-info', 20 | ) { 21 | include apache 22 | 23 | if $facts['os']['family'] == 'Suse' { 24 | if defined(Class['apache::mod::worker']) { 25 | $suse_path = '/usr/lib64/apache2-worker' 26 | } else { 27 | $suse_path = '/usr/lib64/apache2-prefork' 28 | } 29 | ::apache::mod { 'info': 30 | lib_path => $suse_path, 31 | } 32 | } else { 33 | ::apache::mod { 'info': } 34 | } 35 | 36 | $parameters = { 37 | 'info_path' => $info_path, 38 | 'restrict_access' => $restrict_access, 39 | 'allow_from' => $allow_from, 40 | } 41 | 42 | # Template uses $allow_from 43 | file { 'info.conf': 44 | ensure => file, 45 | path => "${apache::mod_dir}/info.conf", 46 | mode => $apache::file_mode, 47 | content => epp('apache/mod/info.conf.epp', $parameters), 48 | require => Exec["mkdir ${apache::mod_dir}"], 49 | before => File[$apache::mod_dir], 50 | notify => Class['apache::service'], 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /manifests/mod/intercept_form_submit.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_intercept_form_submit`. 3 | # 4 | # @see https://www.adelton.com/apache/mod_intercept_form_submit for additional documentation. 5 | # 6 | class apache::mod::intercept_form_submit { 7 | include apache 8 | ::apache::mod { 'intercept_form_submit': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/lbmethod_bybusyness.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `lbmethod_bybusyness`. 3 | # 4 | # @param apache_version 5 | # Version of Apache to install module on. 6 | # 7 | # @see https://httpd.apache.org/docs/2.4/mod/mod_lbmethod_bybusyness.html for additional documentation. 8 | # 9 | class apache::mod::lbmethod_bybusyness ( 10 | Optional[String] $apache_version = $apache::apache_version, 11 | ) { 12 | require apache::mod::proxy_balancer 13 | 14 | if versioncmp($apache_version, '2.3') >= 0 { 15 | apache::mod { 'lbmethod_bybusyness': } 16 | } else { 17 | fail('Unsuported version for mod lbmethod_bybusyness') 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /manifests/mod/lbmethod_byrequests.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `lbmethod_byrequests`. 3 | # 4 | # @param apache_version 5 | # Version of Apache to install module on. 6 | # 7 | # @see https://httpd.apache.org/docs/2.4/mod/mod_lbmethod_byrequests.html for additional documentation. 8 | # 9 | class apache::mod::lbmethod_byrequests ( 10 | Optional[String] $apache_version = $apache::apache_version, 11 | ) { 12 | require apache::mod::proxy_balancer 13 | 14 | if versioncmp($apache_version, '2.3') >= 0 { 15 | apache::mod { 'lbmethod_byrequests': } 16 | } else { 17 | fail('Unsuported version for mod lbmethod_byrequests') 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /manifests/mod/lbmethod_bytraffic.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `lbmethod_bytraffic`. 3 | # 4 | # @param apache_version 5 | # Version of Apache to install module on. 6 | # 7 | # @see https://httpd.apache.org/docs/2.4/mod/mod_lbmethod_bytraffic.html for additional documentation. 8 | # 9 | class apache::mod::lbmethod_bytraffic ( 10 | Optional[String] $apache_version = $apache::apache_version, 11 | ) { 12 | require apache::mod::proxy_balancer 13 | 14 | if versioncmp($apache_version, '2.3') >= 0 { 15 | apache::mod { 'lbmethod_bytraffic': } 16 | } else { 17 | fail('Unsuported version for mod lbmethod_bytraffic') 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /manifests/mod/lbmethod_heartbeat.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `lbmethod_heartbeat`. 3 | # 4 | # @param apache_version 5 | # Version of Apache to install module on. 6 | # 7 | # @see https://httpd.apache.org/docs/2.4/mod/mod_lbmethod_heartbeat.html for additional documentation. 8 | # 9 | class apache::mod::lbmethod_heartbeat ( 10 | Optional[String] $apache_version = $apache::apache_version, 11 | ) { 12 | require apache::mod::proxy_balancer 13 | 14 | if versioncmp($apache_version, '2.3') >= 0 { 15 | apache::mod { 'lbmethod_heartbeat': } 16 | } else { 17 | fail('Unsuported version for mod lbmethod_heartbeat') 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /manifests/mod/log_forensic.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_log_forensic` 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_log_forensic.html for additional documentation. 5 | # 6 | class apache::mod::log_forensic { 7 | include apache 8 | apache::mod { 'log_forensic': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/lookup_identity.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_lookup_identity` 3 | # 4 | # @see https://www.adelton.com/apache/mod_lookup_identity for additional documentation. 5 | # 6 | class apache::mod::lookup_identity { 7 | include apache 8 | ::apache::mod { 'lookup_identity': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/macro.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_macro`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_macro.html for additional documentation. 5 | # 6 | class apache::mod::macro { 7 | include apache 8 | ::apache::mod { 'macro': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/mime.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_mime`. 3 | # 4 | # @param mime_support_package 5 | # Name of the MIME package to be installed. 6 | # 7 | # @param mime_types_config 8 | # The location of the mime.types file. 9 | # 10 | # @param mime_types_additional 11 | # List of additional MIME types to include. 12 | # 13 | # @see https://httpd.apache.org/docs/current/mod/mod_mime.html for additional documentation. 14 | # 15 | class apache::mod::mime ( 16 | Optional[String] $mime_support_package = $apache::params::mime_support_package, 17 | String $mime_types_config = $apache::params::mime_types_config, 18 | Optional[Hash] $mime_types_additional = undef, 19 | ) inherits apache::params { 20 | include apache 21 | $_mime_types_additional = pick($mime_types_additional, $apache::mime_types_additional) 22 | apache::mod { 'mime': } 23 | # Template uses $_mime_types_config 24 | $parameters = { 25 | 'mime_types_config' => $mime_types_config, 26 | '_mime_types_additional' => $_mime_types_additional, 27 | } 28 | 29 | file { 'mime.conf': 30 | ensure => file, 31 | path => "${apache::mod_dir}/mime.conf", 32 | mode => $apache::file_mode, 33 | content => epp('apache/mod/mime.conf.epp', $parameters), 34 | require => Exec["mkdir ${apache::mod_dir}"], 35 | before => File[$apache::mod_dir], 36 | notify => Class['apache::service'], 37 | } 38 | if $mime_support_package { 39 | package { $mime_support_package: 40 | ensure => 'installed', 41 | before => File['mime.conf'], 42 | } 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /manifests/mod/mime_magic.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_mime_magic`. 3 | # 4 | # @param magic_file 5 | # Enable MIME-type determination based on file contents using the specified magic file. 6 | # 7 | # @see https://httpd.apache.org/docs/current/mod/mod_mime_magic.html for additional documentation. 8 | # 9 | class apache::mod::mime_magic ( 10 | Optional[String] $magic_file = undef, 11 | ) { 12 | include apache 13 | $_magic_file = pick($magic_file, "${apache::conf_dir}/magic") 14 | apache::mod { 'mime_magic': } 15 | # Template uses $magic_file 16 | file { 'mime_magic.conf': 17 | ensure => file, 18 | path => "${apache::mod_dir}/mime_magic.conf", 19 | mode => $apache::file_mode, 20 | content => epp('apache/mod/mime_magic.conf.epp', { '_magic_file' => $_magic_file, }), 21 | require => Exec["mkdir ${apache::mod_dir}"], 22 | before => File[$apache::mod_dir], 23 | notify => Class['apache::service'], 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /manifests/mod/negotiation.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_negotiation`. 3 | # 4 | # @param force_language_priority 5 | # Action to take if a single acceptable document is not found. 6 | # 7 | # @param language_priority 8 | # The precedence of language variants for cases where the client does not express a preference. 9 | # 10 | # @see [https://httpd.apache.org/docs/current/mod/mod_negotiation.html for additional documentation. 11 | # 12 | class apache::mod::negotiation ( 13 | Variant[Array[String], String] $force_language_priority = 'Prefer Fallback', 14 | Variant[Array[String], String] $language_priority = ['en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 15 | 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 16 | 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 17 | 'zh-TW'], 18 | ) { 19 | include apache 20 | 21 | ::apache::mod { 'negotiation': } 22 | # Template uses no variables 23 | $parameters = { 24 | 'language_priority' => $language_priority, 25 | 'force_language_priority' => $force_language_priority, 26 | } 27 | 28 | file { 'negotiation.conf': 29 | ensure => file, 30 | mode => $apache::file_mode, 31 | path => "${apache::mod_dir}/negotiation.conf", 32 | content => epp('apache/mod/negotiation.conf.epp', $parameters), 33 | require => Exec["mkdir ${apache::mod_dir}"], 34 | before => File[$apache::mod_dir], 35 | notify => Class['apache::service'], 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /manifests/mod/nss.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_nss`. 3 | # 4 | # @param transfer_log 5 | # Path to `access.log`. 6 | # 7 | # @param error_log 8 | # Path to `error.log` 9 | # 10 | # @param passwd_file 11 | # Path to file containing token passwords used for NSSPassPhraseDialog. 12 | # 13 | # @param port 14 | # Sets the SSL port that should be used by mod_nss. 15 | # 16 | # @see https://pagure.io/mod_nss for additional documentation. 17 | # 18 | class apache::mod::nss ( 19 | Stdlib::Absolutepath $transfer_log = "${apache::params::logroot}/access.log", 20 | Stdlib::Absolutepath $error_log = "${apache::params::logroot}/error.log", 21 | Optional[String] $passwd_file = undef, 22 | Stdlib::Port $port = 8443, 23 | ) { 24 | include apache 25 | include apache::mod::mime 26 | 27 | apache::mod { 'nss': } 28 | 29 | $httpd_dir = $apache::httpd_dir 30 | 31 | # Template uses: 32 | # $transfer_log 33 | # $error_log 34 | # $http_dir 35 | # passwd_file 36 | $parameters = { 37 | 'port' => $port, 38 | 'passwd_file' => $passwd_file, 39 | 'error_log' => $error_log, 40 | 'transfer_log' => $transfer_log, 41 | 'httpd_dir' => $httpd_dir, 42 | } 43 | 44 | file { 'nss.conf': 45 | ensure => file, 46 | path => "${apache::mod_dir}/nss.conf", 47 | mode => $apache::file_mode, 48 | content => epp('apache/mod/nss.conf.epp', $parameters), 49 | require => Exec["mkdir ${apache::mod_dir}"], 50 | before => File[$apache::mod_dir], 51 | notify => Class['apache::service'], 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /manifests/mod/perl.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_perl`. 3 | # 4 | # @see https://perl.apache.org for additional documentation. 5 | # 6 | class apache::mod::perl { 7 | include apache 8 | ::apache::mod { 'perl': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/proxy_ajp.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_proxy_ajp`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_proxy_ajp.html for additional documentation. 5 | # 6 | class apache::mod::proxy_ajp { 7 | require apache::mod::proxy 8 | ::apache::mod { 'proxy_ajp': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/proxy_balancer.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_proxy_balancer`. 3 | # 4 | # @param manager 5 | # Toggle whether to enable balancer manager support. 6 | # 7 | # @param manager_path 8 | # Server relative path to balancer manager. 9 | # 10 | # @param allow_from 11 | # List of IPs from which the balancer manager can be accessed. 12 | # 13 | # @see https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html for additional documentation. 14 | # 15 | class apache::mod::proxy_balancer ( 16 | Boolean $manager = false, 17 | Stdlib::Unixpath $manager_path = '/balancer-manager', 18 | Array[Stdlib::IP::Address] $allow_from = ['127.0.0.1', '::1'], 19 | ) { 20 | require apache::mod::proxy 21 | require apache::mod::proxy_http 22 | ::apache::mod { 'slotmem_shm': } 23 | ::apache::mod { 'proxy_balancer': } 24 | if $manager { 25 | include apache::mod::status 26 | file { 'proxy_balancer.conf': 27 | ensure => file, 28 | path => "${apache::mod_dir}/proxy_balancer.conf", 29 | mode => $apache::file_mode, 30 | content => epp('apache/mod/proxy_balancer.conf.epp', { 'manager_path' => $manager_path, 'allow_from' => $allow_from, }), 31 | require => Exec["mkdir ${apache::mod_dir}"], 32 | before => File[$apache::mod_dir], 33 | notify => Class['apache::service'], 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /manifests/mod/proxy_connect.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_proxy_connect`. 3 | # @see https://httpd.apache.org/docs/current/mod/mod_proxy_connect.html for additional documentation. 4 | # 5 | class apache::mod::proxy_connect { 6 | include apache 7 | require apache::mod::proxy 8 | apache::mod { 'proxy_connect': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/proxy_fcgi.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_proxy_fcgi`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_proxy_fcgi.html for additional documentation. 5 | # 6 | class apache::mod::proxy_fcgi { 7 | require apache::mod::proxy 8 | ::apache::mod { 'proxy_fcgi': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/proxy_http.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_proxy_http`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_proxy_http.html for additional documentation. 5 | # 6 | class apache::mod::proxy_http { 7 | require apache::mod::proxy 8 | ::apache::mod { 'proxy_http': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/proxy_http2.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_proxy_http2`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_proxy_http2.html for additional documentation. 5 | # 6 | class apache::mod::proxy_http2 { 7 | require apache::mod::proxy 8 | apache::mod { 'proxy_http2': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/proxy_wstunnel.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_proxy_wstunnel`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html for additional documentation. 5 | # 6 | class apache::mod::proxy_wstunnel { 7 | include apache 8 | require apache::mod::proxy 9 | ::apache::mod { 'proxy_wstunnel': } 10 | } 11 | -------------------------------------------------------------------------------- /manifests/mod/python.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_python`. 3 | # 4 | # @param loadfile_name 5 | # Sets the name of the configuration file that is used to load the python module. 6 | # 7 | # @see https://github.com/grisha/mod_python for additional documentation. 8 | # 9 | class apache::mod::python ( 10 | Optional[String] $loadfile_name = undef, 11 | ) { 12 | include apache 13 | ::apache::mod { 'python': 14 | loadfile_name => $loadfile_name, 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /manifests/mod/reqtimeout.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_reqtimeout`. 3 | # 4 | # @param timeouts 5 | # List of timeouts and data rates for receiving requests. 6 | # 7 | # @see https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html for additional documentation. 8 | # 9 | class apache::mod::reqtimeout ( 10 | Variant[Array[String], String] $timeouts = ['header=20-40,minrate=500', 'body=10,minrate=500'] 11 | ) { 12 | include apache 13 | ::apache::mod { 'reqtimeout': } 14 | # Template uses no variables 15 | file { 'reqtimeout.conf': 16 | ensure => file, 17 | path => "${apache::mod_dir}/reqtimeout.conf", 18 | mode => $apache::file_mode, 19 | content => epp('apache/mod/reqtimeout.conf.epp', { 'timeouts' => $timeouts, }), 20 | require => Exec["mkdir ${apache::mod_dir}"], 21 | before => File[$apache::mod_dir], 22 | notify => Class['apache::service'], 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /manifests/mod/rewrite.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_rewrite`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_rewrite.html for additional documentation. 5 | # 6 | class apache::mod::rewrite { 7 | include apache::params 8 | ::apache::mod { 'rewrite': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/rpaf.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_rpaf`. 3 | # 4 | # @param sethostname 5 | # Toggles whether to update vhost name so ServerName and ServerAlias work. 6 | # 7 | # @param proxy_ips 8 | # List of IPs & bitmasked subnets to adjust requests for 9 | # 10 | # @param header 11 | # Header to use for the real IP address. 12 | # 13 | # @param template 14 | # Path to template to use for configuring mod_rpaf. 15 | # 16 | # @see https://github.com/gnif/mod_rpaf for additional documentation. 17 | # 18 | class apache::mod::rpaf ( 19 | Variant[Boolean, String] $sethostname = true, 20 | Array[Stdlib::IP::Address] $proxy_ips = ['127.0.0.1'], 21 | String $header = 'X-Forwarded-For', 22 | String $template = 'apache/mod/rpaf.conf.epp' 23 | ) { 24 | include apache 25 | ::apache::mod { 'rpaf': } 26 | 27 | # Template uses: 28 | # - $sethostname 29 | # - $proxy_ips 30 | # - $header 31 | $parameters = { 32 | 'sethostname' => $sethostname, 33 | 'proxy_ips' => $proxy_ips, 34 | 'header' => $header, 35 | } 36 | 37 | file { 'rpaf.conf': 38 | ensure => file, 39 | path => "${apache::mod_dir}/rpaf.conf", 40 | mode => $apache::file_mode, 41 | content => epp($template, $parameters), 42 | require => Exec["mkdir ${apache::mod_dir}"], 43 | before => File[$apache::mod_dir], 44 | notify => Class['apache::service'], 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /manifests/mod/setenvif.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_setenvif`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_setenvif.html for additional documentation. 5 | # 6 | class apache::mod::setenvif { 7 | include apache 8 | ::apache::mod { 'setenvif': } 9 | # Template uses no variables 10 | file { 'setenvif.conf': 11 | ensure => file, 12 | path => "${apache::mod_dir}/setenvif.conf", 13 | mode => $apache::file_mode, 14 | content => epp('apache/mod/setenvif.conf.epp'), 15 | require => Exec["mkdir ${apache::mod_dir}"], 16 | before => File[$apache::mod_dir], 17 | notify => Class['apache::service'], 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /manifests/mod/socache_shmcb.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_socache_shmcb`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_socache_shmcb.html for additional documentation. 5 | # 6 | class apache::mod::socache_shmcb { 7 | ::apache::mod { 'socache_shmcb': } 8 | } 9 | -------------------------------------------------------------------------------- /manifests/mod/speling.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_spelling`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_speling.html for additional documentation. 5 | # 6 | class apache::mod::speling { 7 | include apache 8 | ::apache::mod { 'speling': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mod/ssl/reload.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Manages the puppet_ssl folder for ssl file copies, which is needed to track changes for reloading service on changes 3 | # 4 | # @api private 5 | class apache::mod::ssl::reload () inherits apache::params { 6 | file { $apache::params::puppet_ssl_dir: 7 | ensure => directory, 8 | purge => true, 9 | recurse => true, 10 | require => Package['httpd'], 11 | } 12 | file { 'README.txt': 13 | path => "${apache::params::puppet_ssl_dir}/README.txt", 14 | content => 'This directory contains puppet managed copies of ssl files, so it can track changes and reload apache on changes.', 15 | seltype => 'etc_t', 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /manifests/mod/suexec.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_suexec`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_suexec.html for additional documentation. 5 | # 6 | class apache::mod::suexec { 7 | ::apache::mod { 'suexec': } 8 | } 9 | -------------------------------------------------------------------------------- /manifests/mod/version.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_version`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_version.html for additional documentation. 5 | # 6 | class apache::mod::version { 7 | if $facts['os']['family'] == 'Debian' { 8 | warning("${module_name}: module version_module is built-in and can't be loaded") 9 | } else { 10 | ::apache::mod { 'version': } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /manifests/mod/vhost_alias.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs Apache `mod_vhost_alias`. 3 | # 4 | # @see https://httpd.apache.org/docs/current/mod/mod_vhost_alias.html for additional documentation. 5 | # 6 | class apache::mod::vhost_alias { 7 | ::apache::mod { 'vhost_alias': } 8 | } 9 | -------------------------------------------------------------------------------- /manifests/mod/watchdog.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures `mod_watchdog`. 3 | # 4 | # @param watchdog_interval 5 | # Sets the interval at which the watchdog_step hook runs. 6 | # 7 | # @see https://httpd.apache.org/docs/current/mod/mod_watchdog.html for additional documentation. 8 | class apache::mod::watchdog ( 9 | Optional[Integer] $watchdog_interval = undef, 10 | ) { 11 | include apache 12 | 13 | $module_builtin = $facts['os']['family'] in ['Debian'] 14 | 15 | unless $module_builtin { 16 | apache::mod { 'watchdog': 17 | } 18 | } 19 | 20 | if $watchdog_interval { 21 | file { 'watchdog.conf': 22 | ensure => file, 23 | path => "${apache::mod_dir}/watchdog.conf", 24 | mode => $apache::file_mode, 25 | content => "WatchdogInterval ${watchdog_interval}\n", 26 | require => Exec["mkdir ${apache::mod_dir}"], 27 | before => File[$apache::mod_dir], 28 | notify => Class['apache::service'], 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /manifests/mod/xsendfile.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs `mod_xsendfile`. 3 | # 4 | # @see https://tn123.org/mod_xsendfile/ for additional documentation. 5 | # 6 | class apache::mod::xsendfile { 7 | include apache::params 8 | ::apache::mod { 'xsendfile': } 9 | } 10 | -------------------------------------------------------------------------------- /manifests/mpm/disable_mpm_event.pp: -------------------------------------------------------------------------------- 1 | # @summary disable Apache-Module event 2 | class apache::mpm::disable_mpm_event { 3 | $event_command = ['/usr/sbin/a2dismod', 'mpm_event'] 4 | $event_onlyif = [['/usr/bin/test', '-e', join([$apache::mod_enable_dir, 'mpm_event.load'],'/')]] 5 | exec { '/usr/sbin/a2dismod mpm_event': 6 | command => $event_command, 7 | onlyif => $event_onlyif, 8 | require => Package['httpd'], 9 | notify => Class['apache::service'], 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /manifests/mpm/disable_mpm_prefork.pp: -------------------------------------------------------------------------------- 1 | # @summary disable Apache-Module prefork 2 | class apache::mpm::disable_mpm_prefork { 3 | $prefork_command = ['/usr/sbin/a2dismod', 'prefork'] 4 | $prefork_onlyif = [['/usr/bin/test', '-e', join([$apache::mod_enable_dir, 'prefork.load'],'/')]] 5 | exec { '/usr/sbin/a2dismod prefork': 6 | command => $prefork_command, 7 | onlyif => $prefork_onlyif, 8 | require => Package['httpd'], 9 | before => Class['apache::service'], 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /manifests/mpm/disable_mpm_worker.pp: -------------------------------------------------------------------------------- 1 | # @summary disable Apache-Module worker 2 | class apache::mpm::disable_mpm_worker { 3 | $worker_command = ['/usr/sbin/a2dismod', 'worker'] 4 | $worker_onlyif = [['/usr/bin/test', '-e', join([$apache::mod_enable_dir, 'worker.load'],'/')]] 5 | exec { '/usr/sbin/a2dismod worker': 6 | command => $worker_command, 7 | onlyif => $worker_onlyif, 8 | require => Package['httpd'], 9 | before => Class['apache::service'], 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /manifests/namevirtualhost.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Enables name-based virtual hosts 3 | # 4 | # Adds all related directives to the `ports.conf` file in the Apache HTTPD configuration 5 | # directory. Titles can take the forms `\*`, `\*:\`, `\_default\_:\`, 6 | # `\`, or `\:\`. 7 | define apache::namevirtualhost { 8 | $addr_port = $name 9 | 10 | # Template uses: $addr_port 11 | concat::fragment { "NameVirtualHost ${addr_port}": 12 | target => $apache::ports_file, 13 | content => epp('apache/namevirtualhost.epp', { 'addr_port' => $addr_port }), 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /manifests/package.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs an Apache MPM. 3 | # 4 | # @api private 5 | class apache::package ( 6 | String $ensure = 'present', 7 | String $mpm_module = $apache::params::mpm_module, 8 | ) inherits apache::params { 9 | # The base class must be included first because it is used by parameter defaults 10 | if ! defined(Class['apache']) { 11 | fail('You must include the apache base class before using any apache defined resources') 12 | } 13 | 14 | case $facts['os']['family'] { 15 | 'FreeBSD': { 16 | case $mpm_module { 17 | 'prefork': { 18 | } 19 | 'worker': { 20 | } 21 | 'event': { 22 | } 23 | 'itk': { 24 | package { 'www/mod_mpm_itk': 25 | ensure => installed, 26 | } 27 | } 28 | default: { fail("MPM module ${mpm_module} not supported on FreeBSD") } 29 | } 30 | } 31 | default: { 32 | } 33 | } 34 | 35 | package { 'httpd': 36 | ensure => $ensure, 37 | name => $apache::apache_name, 38 | notify => Class['Apache::Service'], 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /manifests/peruser/multiplexer.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Checks if an Apache module has a class. 3 | # 4 | # If Apache has a class, it includes that class. If it does not, it passes the module name to the `apache::mod` defined type. 5 | # 6 | # @api private 7 | define apache::peruser::multiplexer ( 8 | String $user = $apache::user, 9 | String $group = $apache::group, 10 | Optional[String] $file = undef, 11 | ) { 12 | if ! $file { 13 | $filename = "${name}.conf" 14 | } else { 15 | $filename = $file 16 | } 17 | file { "${apache::mod_dir}/peruser/multiplexers/${filename}": 18 | ensure => file, 19 | content => "Multiplexer ${user} ${group}\n", 20 | require => File["${apache::mod_dir}/peruser/multiplexers"], 21 | notify => Class['apache::service'], 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /manifests/peruser/processor.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Enables the `Peruser` module for FreeBSD only. 3 | # 4 | # @api private 5 | define apache::peruser::processor ( 6 | String $user, 7 | String $group, 8 | Optional[String] $file = undef, 9 | ) { 10 | if ! $file { 11 | $filename = "${name}.conf" 12 | } else { 13 | $filename = $file 14 | } 15 | file { "${apache::mod_dir}/peruser/processors/${filename}": 16 | ensure => file, 17 | content => "Processor ${user} ${group}\n", 18 | require => File["${apache::mod_dir}/peruser/processors"], 19 | notify => Class['apache::service'], 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /manifests/security/rule_link.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Links the activated_rules from `apache::mod::security` to the respective CRS rules on disk. 3 | # 4 | # @api private 5 | define apache::security::rule_link { 6 | $parts = split($title, '/') 7 | $filename = $parts[-1] 8 | 9 | $target = $title ? { 10 | /^\// => $title, 11 | default => "${apache::params::modsec_crs_path}/${title}", 12 | } 13 | 14 | file { $filename: 15 | ensure => 'link', 16 | path => "${apache::mod::security::modsec_dir}/activated_rules/${filename}", 17 | target => $target , 18 | require => File["${apache::mod::security::modsec_dir}/activated_rules"], 19 | notify => Class['apache::service'], 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /manifests/service.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs and configures Apache service. 3 | # 4 | # @api private 5 | class apache::service ( 6 | String $service_name = $apache::params::service_name, 7 | Boolean $service_enable = true, 8 | Variant[Boolean, String] $service_ensure = 'running', 9 | Boolean $service_manage = true, 10 | Optional[String] $service_restart = undef 11 | ) { 12 | # The base class must be included first because parameter defaults depend on it 13 | if ! defined(Class['apache::params']) { 14 | fail('You must include the apache::params class before using any apache defined resources') 15 | } 16 | case $service_ensure { 17 | true, false, 'running', 'stopped': { 18 | $_service_ensure = $service_ensure 19 | } 20 | default: { 21 | $_service_ensure = undef 22 | } 23 | } 24 | 25 | $service_hasrestart = $service_restart == undef 26 | 27 | if $service_manage { 28 | service { 'httpd': 29 | ensure => $_service_ensure, 30 | name => $service_name, 31 | enable => $service_enable, 32 | restart => $service_restart, 33 | hasrestart => $service_hasrestart, 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /manifests/version.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Try to automatically detect the version by OS 3 | # 4 | # @api private 5 | class apache::version ( 6 | Optional[String] $scl_httpd_version = undef, 7 | Optional[String] $scl_php_version = undef, 8 | ) { 9 | } 10 | -------------------------------------------------------------------------------- /manifests/vhosts.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Creates `apache::vhost` defined types. 3 | # 4 | # @note See the `apache::vhost` defined type's reference for a list of all virtual 5 | # host parameters or Configuring virtual hosts in the README section. 6 | # 7 | # @example To create a [name-based virtual host](https://httpd.apache.org/docs/current/vhosts/name-based.html) `custom_vhost_1` 8 | # class { 'apache::vhosts': 9 | # vhosts => { 10 | # 'custom_vhost_1' => { 11 | # 'docroot' => '/var/www/custom_vhost_1', 12 | # 'port' => 81, 13 | # }, 14 | # }, 15 | # } 16 | # 17 | # @param vhosts 18 | # A hash, where the key represents the name and the value represents a hash of 19 | # `apache::vhost` defined type's parameters. 20 | # 21 | class apache::vhosts ( 22 | Hash $vhosts = {}, 23 | ) { 24 | include apache 25 | create_resources('apache::vhost', $vhosts) 26 | } 27 | -------------------------------------------------------------------------------- /pdk.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ignore: [] 3 | -------------------------------------------------------------------------------- /provision.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | default: 3 | provisioner: docker 4 | images: 5 | - litmusimage/debian:8 6 | vagrant: 7 | provisioner: vagrant 8 | images: 9 | - centos/7 10 | - generic/ubuntu1804 11 | docker_deb: 12 | provisioner: docker 13 | images: 14 | - litmusimage/debian:8 15 | - litmusimage/debian:9 16 | - litmusimage/debian:10 17 | docker_ub_6: 18 | provisioner: docker 19 | images: 20 | - litmusimage/ubuntu:14.04 21 | - litmusimage/ubuntu:16.04 22 | - litmusimage/ubuntu:18.04 23 | - litmusimage/ubuntu:20.04 24 | docker_el7: 25 | provisioner: docker 26 | images: 27 | - litmusimage/centos:7 28 | - litmusimage/oraclelinux:7 29 | - litmusimage/scientificlinux:7 30 | docker_el8: 31 | provisioner: docker 32 | images: 33 | - litmusimage/centos:8 34 | release_checks_6: 35 | provisioner: abs 36 | images: 37 | - redhat-6-x86_64 38 | - redhat-7-x86_64 39 | - redhat-8-x86_64 40 | - centos-6-x86_64 41 | - centos-7-x86_64 42 | - centos-8-x86_64 43 | - oracle-6-x86_64 44 | - oracle-7-x86_64 45 | - scientific-6-x86_64 46 | - scientific-7-x86_64 47 | - debian-8-x86_64 48 | - debian-9-x86_64 49 | - debian-10-x86_64 50 | - ubuntu-1404-x86_64 51 | - ubuntu-1604-x86_64 52 | - ubuntu-1804-x86_64 53 | - ubuntu-2004-x86_64 54 | - sles-12-x86_64 55 | - sles-15-x86_64 56 | release_checks_7: 57 | provisioner: abs 58 | images: 59 | - redhat-7-x86_64 60 | - redhat-8-x86_64 61 | - centos-7-x86_64 62 | - centos-8-x86_64 63 | - oracle-7-x86_64 64 | - scientific-7-x86_64 65 | - debian-9-x86_64 66 | - debian-10-x86_64 67 | - sles-12-x86_64 68 | - sles-15-x86_64 69 | - ubuntu-1804-x86_64 70 | - ubuntu-2004-x86_64 71 | -------------------------------------------------------------------------------- /spec/acceptance/auth_openidc_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper_acceptance' 4 | 5 | describe 'apache::mod::auth_openidc', if: mod_supported_on_platform?('apache::mod::auth_openidc') do 6 | pp = <<-MANIFEST 7 | include apache 8 | apache::vhost { 'example.com': 9 | docroot => '/var/www/example.com', 10 | port => 80, 11 | auth_oidc => true, 12 | oidc_settings => { 13 | 'ProviderMetadataURL' => 'https://login.example.com/.well-known/openid-configuration', 14 | 'ClientID' => 'test', 15 | 'RedirectURI' => 'https://login.example.com/redirect_uri', 16 | 'ProviderTokenEndpointAuth' => 'client_secret_basic', 17 | 'RemoteUserClaim' => 'sub', 18 | 'ClientSecret' => 'aae053a9-4abf-4824-8956-e94b2af335c8', 19 | 'CryptoPassphrase' => '4ad1bb46-9979-450e-ae58-c696967df3cd', 20 | }, 21 | } 22 | MANIFEST 23 | 24 | it 'succeeds in configuring a virtual host using mod_auth_openidc' do 25 | apply_manifest(pp, catch_failures: true) 26 | end 27 | 28 | it 'is idempotent' do 29 | apply_manifest(pp, catch_changes: true) 30 | end 31 | end 32 | -------------------------------------------------------------------------------- /spec/acceptance/init_task_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper_acceptance' 4 | 5 | describe 'apache tasks' do 6 | describe 'reload' do 7 | pp = <<-MANIFEST 8 | class { 'apache': 9 | default_vhost => false, 10 | } 11 | apache::listen { '9090':} 12 | MANIFEST 13 | it 'execute reload' do 14 | apply_manifest(pp, catch_failures: true) 15 | 16 | result = run_bolt_task('apache', 'action' => 'reload') 17 | expect(result.stdout).to contain(%(reload successful)) 18 | end 19 | end 20 | end 21 | -------------------------------------------------------------------------------- /spec/acceptance/itk_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper_acceptance' 4 | 5 | case os[:family] 6 | when 'debian', 'ubuntu' 7 | service_name = 'apache2' 8 | when 'redhat' 9 | service_name = 'httpd' 10 | when 'freebsd' 11 | service_name = 'apache24' 12 | end 13 | 14 | # IAC-787: The http-itk mod package is not available in any of the standard RHEL/CentOS 8.x repos. Disable this test 15 | # on those platforms until we can find a suitable source for this package. 16 | describe 'apache::mod::itk class', if: service_name && mod_supported_on_platform?('apache::mod::itk') do 17 | describe 'running puppet code' do 18 | pp = <<-MANIFEST 19 | class { 'apache': 20 | mpm_module => 'prefork', 21 | } 22 | class { 'apache::mod::itk': } 23 | MANIFEST 24 | 25 | it 'behaves idempotently' do 26 | idempotent_apply(pp) 27 | end 28 | end 29 | 30 | describe service(service_name) do 31 | it { is_expected.to be_running } 32 | it { is_expected.to be_enabled } 33 | end 34 | end 35 | -------------------------------------------------------------------------------- /spec/acceptance/mod_apreq2_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper_acceptance' 4 | _apache_hash = apache_settings_hash 5 | 6 | describe 'apache::mod::apreq2', if: mod_supported_on_platform?('apache::mod::apreq2') do 7 | pp = <<-MANIFEST 8 | class { 'apache' : } 9 | class { 'apache::mod::apreq2': } 10 | MANIFEST 11 | 12 | it 'succeeds in installing the mod_authnz_apreq2 module' do 13 | apply_manifest(pp, catch_failures: true) 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /spec/acceptance/mod_authnz_ldap_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper_acceptance' 4 | apache_hash = apache_settings_hash 5 | 6 | # We need to restrict this test to RHEL 7.x, 8.x derived OSs as there are too many unique 7 | # dependency issues to solve on all supported platforms. 8 | describe 'apache::mod::authnz_ldap', if: mod_supported_on_platform?('apache::mod::authnz_ldap') do 9 | context 'Default mod_authnz_ldap module installation' do 10 | pp = if run_shell("grep 'Oracle Linux Server' /etc/os-release", expect_failures: true).exit_status == 0 11 | <<-MANIFEST 12 | yumrepo { 'ol7_optional_latest': 13 | name => 'ol7_optional_latest', 14 | baseurl => 'https://yum.oracle.com/repo/OracleLinux/OL7/optional/latest/x86_64/', 15 | gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle', 16 | gpgcheck => 1, 17 | enabled => 1, 18 | } 19 | class { 'apache': } 20 | class { 'apache::mod::authnz_ldap': } 21 | MANIFEST 22 | else 23 | <<-MANIFEST 24 | class { 'apache': } 25 | class { 'apache::mod::authnz_ldap': } 26 | MANIFEST 27 | end 28 | 29 | it 'succeeds in installing the mod_authnz_ldap module' do 30 | apply_manifest(pp, catch_failures: true) 31 | end 32 | 33 | describe file("#{apache_hash['mod_dir']}/authnz_ldap.load") do 34 | it { is_expected.to contain 'mod_authnz_ldap.so' } 35 | end 36 | end 37 | end 38 | -------------------------------------------------------------------------------- /spec/acceptance/mod_dav_svn_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper_acceptance' 4 | 5 | describe 'apache::mod::dav_svn class' do 6 | context 'dav_svn module with authz_svn disabled' do 7 | pp = <<-MANIFEST 8 | class { 'apache': } 9 | class { 'apache::mod::dav_svn': 10 | authz_svn_enabled => false, 11 | } 12 | MANIFEST 13 | 14 | it 'applies with no errors' do 15 | apply_manifest(pp, catch_failures: true) 16 | end 17 | 18 | it 'applies a second time without changes' do 19 | apply_manifest(pp, catch_changes: true) 20 | end 21 | end 22 | 23 | context 'dav_svn module with authz_svn enabled' do 24 | pp = <<-MANIFEST 25 | class { 'apache': } 26 | class { 'apache::mod::dav_svn': 27 | authz_svn_enabled => true, 28 | } 29 | MANIFEST 30 | 31 | it 'applies with no errors' do 32 | apply_manifest(pp, catch_failures: true) 33 | end 34 | 35 | it 'applies a second time without changes' do 36 | apply_manifest(pp, catch_changes: true) 37 | end 38 | end 39 | end 40 | -------------------------------------------------------------------------------- /spec/acceptance/mod_ldap_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper_acceptance' 4 | apache_hash = apache_settings_hash 5 | 6 | describe 'apache::mod::ldap', if: mod_supported_on_platform?('apache::mod::ldap') do 7 | context 'Default ldap module installation' do 8 | pp = <<-MANIFEST 9 | class { 'apache': } 10 | class { 'apache::mod::ldap': } 11 | MANIFEST 12 | 13 | it 'succeeds in installing the ldap module' do 14 | apply_manifest(pp, catch_failures: true) 15 | end 16 | 17 | describe file("#{apache_hash['mod_dir']}/ldap.load") do 18 | it { is_expected.to contain 'mod_ldap.so' } 19 | end 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /spec/acceptance/mod_md_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper_acceptance' 4 | 5 | describe 'apache::mod::md', if: mod_supported_on_platform?('apache::mod::md') do 6 | pp = <<-MANIFEST 7 | class { 'apache': 8 | } 9 | apache::vhost { 'example.com': 10 | docroot => '/var/www/example.com', 11 | port => 443, 12 | ssl => true, 13 | mdomain => true, 14 | } 15 | MANIFEST 16 | 17 | it 'succeeds in configuring a virtual host using mod_md' do 18 | apply_manifest(pp, catch_failures: true) 19 | end 20 | end 21 | -------------------------------------------------------------------------------- /spec/acceptance/mod_security_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper_acceptance' 4 | apache_hash = apache_settings_hash 5 | 6 | describe 'apache::mod::security class', if: mod_supported_on_platform?('apache::mod::security') do 7 | context 'default mod security config' do 8 | pp = <<-MANIFEST 9 | class { 'apache': } 10 | class { 'apache::mod::security': } 11 | MANIFEST 12 | it 'succeeds in puppeting mod security' do 13 | apply_manifest(pp, catch_failures: true) 14 | end 15 | end 16 | 17 | context 'with vhost config' do 18 | pp = <<-MANIFEST 19 | class { 'apache': } 20 | class { 'apache::mod::security': } 21 | apache::vhost { 'modsecurity.example.com': 22 | port => 80, 23 | docroot => '#{apache_hash['doc_root']}', 24 | } 25 | host { 'modsecurity.example.com': ip => '127.0.0.1', } 26 | MANIFEST 27 | it 'succeeds in puppeting mod security' do 28 | apply_manifest(pp, catch_failures: true) 29 | end 30 | end 31 | end 32 | -------------------------------------------------------------------------------- /spec/acceptance/service_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper_acceptance' 4 | 5 | describe 'apache::service class' do 6 | describe 'adding dependencies in between the base class and service class' do 7 | let(:pp) do 8 | <<-MANIFEST 9 | class { 'apache': } 10 | file { '/tmp/test': 11 | require => Class['apache'], 12 | notify => Class['apache::service'], 13 | } 14 | MANIFEST 15 | end 16 | 17 | it 'behaves idempotently' do 18 | idempotent_apply(pp) 19 | end 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /spec/acceptance/vhosts_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper_acceptance' 4 | apache_hash = apache_settings_hash 5 | describe 'apache::vhosts class' do 6 | context 'custom vhosts defined via class apache::vhosts' do 7 | pp = <<-MANIFEST 8 | class { 'apache::vhosts': 9 | vhosts => { 10 | 'custom_vhost_1' => { 11 | 'docroot' => '/var/www/custom_vhost_1', 12 | 'port' => 81, 13 | }, 14 | 'custom_vhost_2' => { 15 | 'docroot' => '/var/www/custom_vhost_2', 16 | 'port' => 82, 17 | }, 18 | }, 19 | } 20 | MANIFEST 21 | it 'creates custom vhost config files' do 22 | apply_manifest(pp, catch_failures: true) 23 | end 24 | 25 | describe file("#{apache_hash['vhost_dir']}/25-custom_vhost_1.conf") do 26 | it { is_expected.to contain '' } 27 | end 28 | 29 | describe file("#{apache_hash['vhost_dir']}/25-custom_vhost_2.conf") do 30 | it { is_expected.to contain '' } 31 | end 32 | end 33 | end 34 | -------------------------------------------------------------------------------- /spec/classes/dev_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::dev' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let :facts do 9 | facts 10 | end 11 | 12 | context 'with all defaults' do 13 | let(:pre_condition) do 14 | [ 15 | 'include apache', 16 | ] 17 | end 18 | 19 | it { is_expected.to compile.with_all_deps } 20 | it { is_expected.to contain_class('apache::params') } 21 | 22 | case facts[:os]['name'] 23 | when 'Debian' 24 | it { is_expected.to contain_package('libaprutil1-dev') } 25 | it { is_expected.to contain_package('libapr1-dev') } 26 | 27 | it { is_expected.to contain_package('apache2-prefork-dev') } if facts[:os]['release']['major'].to_i < 8 28 | when 'Ubuntu' 29 | it { is_expected.to contain_package('apache2-dev') } 30 | when 'RedHat' 31 | it { is_expected.to contain_package('httpd-devel') } 32 | end 33 | end 34 | end 35 | end 36 | end 37 | -------------------------------------------------------------------------------- /spec/classes/mod/auth_gssapi_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::auth_gssapi', type: :class do 6 | it_behaves_like 'a mod class, without including apache' 7 | 8 | context 'default configuration with parameters' do 9 | context 'on a Debian OS', :compile do 10 | include_examples 'Debian 11' 11 | 12 | it { is_expected.to contain_class('apache::params') } 13 | it { is_expected.to contain_class('apache::mod::authn_core') } 14 | it { is_expected.to contain_apache__mod('auth_gssapi') } 15 | it { is_expected.to contain_package('libapache2-mod-auth-gssapi') } 16 | end 17 | 18 | context 'on a RedHat OS', :compile do 19 | include_examples 'RedHat 8' 20 | 21 | it { is_expected.to contain_class('apache::params') } 22 | it { is_expected.to contain_class('apache::mod::authn_core') } 23 | it { is_expected.to contain_apache__mod('auth_gssapi') } 24 | it { is_expected.to contain_package('mod_auth_gssapi') } 25 | end 26 | 27 | context 'on a FreeBSD OS', :compile do 28 | include_examples 'FreeBSD 9' 29 | 30 | it { is_expected.to contain_class('apache::params') } 31 | it { is_expected.to contain_class('apache::mod::authn_core') } 32 | it { is_expected.to contain_apache__mod('auth_gssapi') } 33 | it { is_expected.to contain_package('www/mod_auth_gssapi') } 34 | end 35 | 36 | context 'on a Gentoo OS', :compile do 37 | include_examples 'Gentoo' 38 | 39 | it { is_expected.to contain_class('apache::params') } 40 | it { is_expected.to contain_class('apache::mod::authn_core') } 41 | it { is_expected.to contain_apache__mod('auth_gssapi') } 42 | it { is_expected.to contain_package('www-apache/mod_auth_gssapi') } 43 | end 44 | end 45 | end 46 | -------------------------------------------------------------------------------- /spec/classes/mod/authn_dbd_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::authn_dbd', type: :class do 6 | context 'default params' do 7 | let :params do 8 | { 9 | authn_dbd_params: 'host=db_host port=3306 user=apache password=###### dbname=apache_auth' 10 | } 11 | end 12 | 13 | it_behaves_like 'a mod class, without including apache' 14 | end 15 | 16 | context 'default configuration with parameters' do 17 | let :params do 18 | { 19 | authn_dbd_params: 'host=db_host port=3306 user=apache password=###### dbname=apache_auth', 20 | authn_dbd_alias: 'db_authn', 21 | authn_dbd_query: 'SELECT password FROM authn WHERE username = %s' 22 | } 23 | end 24 | 25 | context 'on a Debian OS', :compile do 26 | include_examples 'Debian 11' 27 | 28 | it { is_expected.to contain_class('apache::params') } 29 | it { is_expected.to contain_apache__mod('authn_dbd') } 30 | it { is_expected.to contain_apache__mod('dbd') } 31 | it { is_expected.to contain_file('authn_dbd.conf').with_path('/etc/apache2/mods-available/authn_dbd.conf') } 32 | end 33 | 34 | context 'on a RedHat OS', :compile do 35 | include_examples 'RedHat 8' 36 | 37 | it { is_expected.to contain_class('apache::params') } 38 | it { is_expected.to contain_apache__mod('authn_dbd') } 39 | it { is_expected.to contain_apache__mod('dbd') } 40 | it { is_expected.to contain_file('authn_dbd.conf').with_path('/etc/httpd/conf.modules.d/authn_dbd.conf') } 41 | end 42 | end 43 | end 44 | -------------------------------------------------------------------------------- /spec/classes/mod/authnz_pam_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::authnz_pam', type: :class do 6 | it_behaves_like 'a mod class, without including apache' 7 | 8 | context 'default configuration with parameters' do 9 | context 'on a Debian OS' do 10 | include_examples 'Debian 11' 11 | 12 | it { is_expected.to contain_class('apache') } 13 | it { is_expected.to contain_package('libapache2-mod-authnz-pam') } 14 | it { is_expected.to contain_apache__mod('authnz_pam') } 15 | end 16 | 17 | context 'on a RedHat OS' do 18 | include_examples 'RedHat 8' 19 | 20 | it { is_expected.to contain_class('apache') } 21 | it { is_expected.to contain_package('mod_authnz_pam') } 22 | it { is_expected.to contain_apache__mod('authnz_pam') } 23 | end 24 | end 25 | end 26 | -------------------------------------------------------------------------------- /spec/classes/mod/authz_groupfile_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::authz_groupfile' do 6 | it_behaves_like 'a mod class, without including apache' 7 | 8 | context 'default configuration with parameters' do 9 | context 'on a Debian OS' do 10 | include_examples 'Debian 11' 11 | 12 | it { is_expected.to contain_apache__mod('authz_groupfile') } 13 | end 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /spec/classes/mod/cluster_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::cluster', type: :class do 6 | context 'on a RedHat OS Release 7 with mod version = 1.3.0' do 7 | include_examples 'RedHat 7' 8 | 9 | let(:params) do 10 | { 11 | allowed_network: '172.17.0', 12 | balancer_name: 'mycluster', 13 | ip: '172.17.0.1', 14 | version: '1.3.0' 15 | } 16 | end 17 | 18 | it { is_expected.to contain_class('apache') } 19 | it { is_expected.to contain_apache__mod('proxy') } 20 | it { is_expected.to contain_apache__mod('proxy_ajp') } 21 | it { is_expected.to contain_apache__mod('manager') } 22 | it { is_expected.to contain_apache__mod('proxy_cluster') } 23 | it { is_expected.to contain_apache__mod('advertise') } 24 | it { is_expected.to contain_apache__mod('cluster_slotmem') } 25 | 26 | it { is_expected.to contain_file('cluster.conf') } 27 | end 28 | 29 | context 'on a RedHat OS Release 7 with mod version > 1.3.0' do 30 | include_examples 'RedHat 7' 31 | 32 | let(:params) do 33 | { 34 | allowed_network: '172.17.0', 35 | balancer_name: 'mycluster', 36 | ip: '172.17.0.1', 37 | version: '1.3.1' 38 | } 39 | end 40 | 41 | it { is_expected.to contain_class('apache') } 42 | it { is_expected.to contain_apache__mod('proxy') } 43 | it { is_expected.to contain_apache__mod('proxy_ajp') } 44 | it { is_expected.to contain_apache__mod('manager') } 45 | it { is_expected.to contain_apache__mod('proxy_cluster') } 46 | it { is_expected.to contain_apache__mod('advertise') } 47 | it { is_expected.to contain_apache__mod('cluster_slotmem') } 48 | 49 | it { is_expected.to contain_file('cluster.conf') } 50 | end 51 | end 52 | -------------------------------------------------------------------------------- /spec/classes/mod/data_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::data', type: :class do 6 | context 'on a Debian OS' do 7 | include_examples 'Debian 11' 8 | 9 | it { is_expected.to contain_apache__mod('data') } 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /spec/classes/mod/dir_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::dir', type: :class do 6 | ['Debian 11', 'RedHat 8', 'FreeBSD 9', 'Gentoo'].each do |os| 7 | context "default configuration with parameters on #{os}" do 8 | include_examples os 9 | 10 | context 'passing no parameters' do 11 | it { is_expected.to contain_class('apache::params') } 12 | it { is_expected.to contain_apache__mod('dir') } 13 | 14 | it do 15 | expect(subject).to contain_file('dir.conf') 16 | .with_content(%r{^DirectoryIndex }) 17 | .with_content(%r{ index\.html }) 18 | .with_content(%r{ index\.html\.var }) 19 | .with_content(%r{ index\.cgi }) 20 | .with_content(%r{ index\.pl }) 21 | .with_content(%r{ index\.php }) 22 | .with_content(%r{ index\.xhtml$}) 23 | end 24 | end 25 | 26 | context "passing indexes => ['example.txt','fearsome.aspx']" do 27 | let :params do 28 | { indexes: ['example.txt', 'fearsome.aspx'] } 29 | end 30 | 31 | it { is_expected.to contain_file('dir.conf').with_content(%r{ example\.txt }).with_content(%r{ fearsome\.aspx$}) } 32 | end 33 | end 34 | end 35 | end 36 | -------------------------------------------------------------------------------- /spec/classes/mod/dumpio_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::dumpio', type: :class do 6 | context 'on a Debian OS' do 7 | let :pre_condition do 8 | 'class{"apache": 9 | default_mods => false, 10 | mod_dir => "/tmp/junk", 11 | }' 12 | end 13 | 14 | include_examples 'Debian 11' 15 | 16 | context 'default configuration fore parameters' do 17 | it { is_expected.to compile } 18 | it { is_expected.to contain_class('apache::mod::dumpio') } 19 | it { is_expected.to contain_file('dumpio.conf').with_path('/tmp/junk/dumpio.conf') } 20 | it { is_expected.to contain_file('dumpio.conf').with_content(%r{^\s*DumpIOInput\s+"Off"$}) } 21 | it { is_expected.to contain_file('dumpio.conf').with_content(%r{^\s*DumpIOOutput\s+"Off"$}) } 22 | end 23 | 24 | context 'with dumpio_input set to On' do 25 | let :params do 26 | { 27 | dump_io_input: 'On' 28 | } 29 | end 30 | 31 | it { is_expected.to contain_file('dumpio.conf').with_content(%r{^\s*DumpIOInput\s+"On"$}) } 32 | it { is_expected.to contain_file('dumpio.conf').with_content(%r{^\s*DumpIOOutput\s+"Off"$}) } 33 | end 34 | 35 | context 'with dumpio_ouput set to On' do 36 | let :params do 37 | { 38 | dump_io_output: 'On' 39 | } 40 | end 41 | 42 | it { is_expected.to contain_file('dumpio.conf').with_content(%r{^\s*DumpIOInput\s+"Off"$}) } 43 | it { is_expected.to contain_file('dumpio.conf').with_content(%r{^\s*DumpIOOutput\s+"On"$}) } 44 | end 45 | end 46 | end 47 | -------------------------------------------------------------------------------- /spec/classes/mod/expires_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::expires', type: :class do 6 | it_behaves_like 'a mod class, without including apache' 7 | 8 | context 'with expires active', :compile do 9 | include_examples 'Debian 11' 10 | 11 | it { is_expected.to contain_apache__mod('expires') } 12 | it { is_expected.to contain_file('expires.conf').with(content: %r{ExpiresActive On\n}) } 13 | end 14 | 15 | context 'with expires default', :compile do 16 | let :pre_condition do 17 | 'class { apache: default_mods => false }' 18 | end 19 | let :params do 20 | { 21 | 'expires_default' => 'access plus 1 month' 22 | } 23 | end 24 | 25 | include_examples 'RedHat 7' 26 | 27 | it { is_expected.to contain_apache__mod('expires') } 28 | 29 | it { 30 | expect(subject).to contain_file('expires.conf').with_content( 31 | "ExpiresActive On\n" \ 32 | "ExpiresDefault \"access plus 1 month\"\n", 33 | ) 34 | } 35 | end 36 | 37 | context 'with expires by type', :compile do 38 | let :pre_condition do 39 | 'class { apache: default_mods => false }' 40 | end 41 | let :params do 42 | { 43 | 'expires_by_type' => [ 44 | { 'text/json' => 'mod plus 1 day' }, 45 | { 'text/html' => 'access plus 1 year' }, 46 | ] 47 | } 48 | end 49 | 50 | include_examples 'RedHat 7' 51 | 52 | it { is_expected.to contain_apache__mod('expires') } 53 | 54 | it { 55 | expect(subject).to contain_file('expires.conf').with_content( 56 | "ExpiresActive On\n" \ 57 | "ExpiresByType text/json \"mod plus 1 day\"\n" \ 58 | "ExpiresByType text/html \"access plus 1 year\"\n", 59 | ) 60 | } 61 | end 62 | end 63 | -------------------------------------------------------------------------------- /spec/classes/mod/fcgid_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::fcgid', type: :class do 6 | it_behaves_like 'a mod class, without including apache' 7 | 8 | context 'on a Debian OS' do 9 | include_examples 'Debian 11' 10 | 11 | it { is_expected.to contain_class('apache::params') } 12 | 13 | it { 14 | expect(subject).to contain_apache__mod('fcgid').with('loadfile_name' => nil) 15 | } 16 | 17 | it { is_expected.to contain_package('libapache2-mod-fcgid') } 18 | end 19 | 20 | context 'on RHEL7' do 21 | include_examples 'RedHat 7' 22 | 23 | describe 'without parameters' do 24 | it { is_expected.to contain_class('apache::params') } 25 | 26 | it { 27 | expect(subject).to contain_apache__mod('fcgid').with('loadfile_name' => 'unixd_fcgid.load') 28 | } 29 | 30 | it { is_expected.to contain_package('mod_fcgid') } 31 | end 32 | end 33 | 34 | context 'on a FreeBSD OS' do 35 | include_examples 'FreeBSD 10' 36 | 37 | it { is_expected.to contain_class('apache::params') } 38 | 39 | it { 40 | expect(subject).to contain_apache__mod('fcgid').with('loadfile_name' => 'unixd_fcgid.load') 41 | } 42 | 43 | it { is_expected.to contain_package('www/mod_fcgid') } 44 | end 45 | 46 | context 'on a Gentoo OS' do 47 | include_examples 'Gentoo' 48 | 49 | it { is_expected.to contain_class('apache::params') } 50 | 51 | it { 52 | expect(subject).to contain_apache__mod('fcgid').with('loadfile_name' => nil) 53 | } 54 | 55 | it { is_expected.to contain_package('www-apache/mod_fcgid') } 56 | end 57 | end 58 | -------------------------------------------------------------------------------- /spec/classes/mod/intercept_form_submit_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::intercept_form_submit', type: :class do 6 | it_behaves_like 'a mod class, without including apache' 7 | 8 | context 'default configuration with parameters' do 9 | context 'on a Debian OS' do 10 | include_examples 'Debian 11' 11 | 12 | it { is_expected.to contain_class('apache') } 13 | it { is_expected.to contain_package('libapache2-mod-intercept-form-submit') } 14 | it { is_expected.to contain_apache__mod('intercept_form_submit') } 15 | end 16 | 17 | context 'on a RedHat OS' do 18 | include_examples 'RedHat 8' 19 | 20 | it { is_expected.to contain_class('apache') } 21 | it { is_expected.to contain_package('mod_intercept_form_submit') } 22 | it { is_expected.to contain_apache__mod('intercept_form_submit') } 23 | end 24 | end 25 | end 26 | -------------------------------------------------------------------------------- /spec/classes/mod/lbmethod_bybusyness.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::lbmethod_byrequests', type: :class do 6 | context 'on a Debian OS' do 7 | include_examples 'Debian 11' 8 | 9 | context 'with Apache version >= 2.4' do 10 | let :params do 11 | { 12 | apache_version: '2.4' 13 | } 14 | end 15 | 16 | it { 17 | # rubocop:disable Layout/LineLength 18 | expect(subject).to contain_file('/etc/apache2/mods-enabled/lbmethod_byrequests.load').with('ensure' => 'file', 19 | 'content' => "LoadModule lbmethod_byrequests_module /usr/lib/apache2/modules/mod_lbmethod_byrequests.so\n") 20 | # rubocop:enable Layout/LineLength 21 | } 22 | end 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /spec/classes/mod/lbmethod_byrequests.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::lbmethod_byrequests', type: :class do 6 | context 'on a Debian OS' do 7 | include_examples 'Debian 11' 8 | 9 | context 'with Apache version >= 2.4' do 10 | let :params do 11 | { 12 | apache_version: '2.4' 13 | } 14 | end 15 | 16 | it { 17 | # rubocop:disable Layout/LineLength 18 | expect(subject).to contain_file('/etc/apache2/mods-enabled/lbmethod_byrequests.load').with('ensure' => 'file', 19 | 'content' => "LoadModule lbmethod_byrequests_module /usr/lib/apache2/modules/mod_lbmethod_byrequests.so\n") 20 | # rubocop:enable Layout/LineLength 21 | } 22 | end 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /spec/classes/mod/lbmethod_bytraffic.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::lbmethod_byrequests', type: :class do 6 | context 'on a Debian OS' do 7 | include_examples 'Debian 11' 8 | 9 | context 'with Apache version >= 2.4' do 10 | let :params do 11 | { 12 | apache_version: '2.4' 13 | } 14 | end 15 | 16 | it { 17 | # rubocop:disable Layout/LineLength 18 | expect(subject).to contain_file('/etc/apache2/mods-enabled/lbmethod_byrequests.load').with('ensure' => 'file', 19 | 'content' => "LoadModule lbmethod_byrequests_module /usr/lib/apache2/modules/mod_lbmethod_byrequests.so\n") 20 | # rubocop:enable Layout/LineLength 21 | } 22 | end 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /spec/classes/mod/lbmethod_heartbeat.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::lbmethod_byrequests', type: :class do 6 | context 'on a Debian OS' do 7 | include_examples 'Debian 11' 8 | 9 | context 'with Apache version >= 2.4' do 10 | let :params do 11 | { 12 | apache_version: '2.4' 13 | } 14 | end 15 | 16 | it { 17 | # rubocop:disable Layout/LineLength 18 | expect(subject).to contain_file('/etc/apache2/mods-enabled/lbmethod_byrequests.load').with('ensure' => 'file', 19 | 'content' => "LoadModule lbmethod_byrequests_module /usr/lib/apache2/modules/mod_lbmethod_byrequests.so\n") 20 | # rubocop:enable Layout/LineLength 21 | } 22 | end 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /spec/classes/mod/log_forensic_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::log_forensic', type: :class do 6 | ['Debian 11', 'RedHat 8'].each do |os| 7 | context "on a #{os} OS" do 8 | include_examples os 9 | 10 | it { is_expected.to contain_class('apache::params') } 11 | it { is_expected.to contain_class('apache::mod::log_forensic') } 12 | it { is_expected.to contain_apache__mod('log_forensic') } 13 | it { is_expected.to contain_file('log_forensic.load').with_content(%r{LoadModule log_forensic_module}) } 14 | end 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /spec/classes/mod/lookup_identity.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::lookup_identity', type: :class do 6 | it_behaves_like 'a mod class, without including apache' 7 | 8 | context 'default configuration with parameters' do 9 | context 'on a Debian OS' do 10 | include_examples 'Debian 11' 11 | 12 | it { is_expected.to contain_class('apache') } 13 | it { is_expected.to contain_package('libapache2-mod-lookup-identity') } 14 | it { is_expected.to contain_apache__mod('lookup_identity') } 15 | end 16 | 17 | context 'on a RedHat OS' do 18 | include_examples 'RedHat 8' 19 | 20 | it { is_expected.to contain_class('apache') } 21 | it { is_expected.to contain_package('mod_lookup_identity') } 22 | it { is_expected.to contain_apache__mod('lookup_identity') } 23 | end 24 | end 25 | end 26 | -------------------------------------------------------------------------------- /spec/classes/mod/mime_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | # This function is called inside the OS specific conte, :compilexts 6 | def general_mime_specs 7 | it { is_expected.to contain_apache__mod('mime') } 8 | 9 | it do 10 | expect(subject).to contain_file('mime.conf').with_content(%r{AddHandler type-map var}) 11 | expect(subject).to contain_file('mime.conf').with_content(%r{ddOutputFilter INCLUDES .shtml}) 12 | expect(subject).to contain_file('mime.conf').with_content(%r{AddType text/html .shtml}) 13 | expect(subject).to contain_file('mime.conf').with_content(%r{AddType application/x-compress .Z}) 14 | end 15 | end 16 | 17 | describe 'apache::mod::mime', type: :class do 18 | it_behaves_like 'a mod class, without including apache' 19 | 20 | context 'On a Debian OS with default params', :compile do 21 | include_examples 'Debian 11' 22 | 23 | general_mime_specs 24 | 25 | it { is_expected.to contain_file('mime.conf').with_path('/etc/apache2/mods-available/mime.conf') } 26 | end 27 | 28 | context 'on a RedHat OS with default params', :compile do 29 | include_examples 'RedHat 8' 30 | 31 | general_mime_specs 32 | 33 | it { is_expected.to contain_file('mime.conf').with_path('/etc/httpd/conf.modules.d/mime.conf') } 34 | end 35 | end 36 | -------------------------------------------------------------------------------- /spec/classes/mod/negotiation_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::negotiation', type: :class do 6 | it_behaves_like 'a mod class, without including apache' 7 | describe 'OS independent tests' do 8 | include_examples 'Debian 11' 9 | 10 | context 'default params' do 11 | it { is_expected.to contain_class('apache') } 12 | 13 | it do 14 | expect(subject).to contain_file('negotiation.conf').with(ensure: 'file', 15 | content: 'LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW 16 | ForceLanguagePriority Prefer Fallback 17 | ') 18 | end 19 | end 20 | 21 | context 'with force_language_priority parameter' do 22 | let :params do 23 | { force_language_priority: 'Prefer' } 24 | end 25 | 26 | it do 27 | expect(subject).to contain_file('negotiation.conf').with(ensure: 'file', 28 | content: %r{^ForceLanguagePriority Prefer$}) 29 | end 30 | end 31 | 32 | context 'with language_priority parameter' do 33 | let :params do 34 | { language_priority: ['en', 'es'] } 35 | end 36 | 37 | it do 38 | expect(subject).to contain_file('negotiation.conf').with(ensure: 'file', 39 | content: %r{^LanguagePriority en es$}) 40 | end 41 | end 42 | end 43 | end 44 | -------------------------------------------------------------------------------- /spec/classes/mod/pagespeed_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::pagespeed', type: :class do 6 | context 'on a Debian OS' do 7 | include_examples 'Debian 11' 8 | 9 | it { is_expected.to contain_class('apache::params') } 10 | it { is_expected.to contain_apache__mod('pagespeed') } 11 | it { is_expected.to contain_package('mod-pagespeed-stable') } 12 | 13 | context 'when setting additional_configuration to a Hash' do 14 | let :params do 15 | { additional_configuration: { 'Key' => 'Value' } } 16 | end 17 | 18 | it { is_expected.to contain_file('pagespeed.conf').with_content %r{Key Value} } 19 | end 20 | 21 | context 'when setting additional_configuration to an Array' do 22 | let :params do 23 | { additional_configuration: ['Key Value'] } 24 | end 25 | 26 | it { is_expected.to contain_file('pagespeed.conf').with_content %r{Key Value} } 27 | end 28 | end 29 | 30 | context 'on a RedHat OS' do 31 | include_examples 'RedHat 8' 32 | 33 | it { is_expected.to contain_class('apache::params') } 34 | it { is_expected.to contain_apache__mod('pagespeed') } 35 | it { is_expected.to contain_package('mod-pagespeed-stable') } 36 | it { is_expected.to contain_file('pagespeed.conf') } 37 | end 38 | end 39 | -------------------------------------------------------------------------------- /spec/classes/mod/perl_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::perl', type: :class do 6 | it_behaves_like 'a mod class, without including apache' 7 | context 'on a Debian OS' do 8 | include_examples 'Debian 11' 9 | 10 | it { is_expected.to contain_class('apache::params') } 11 | it { is_expected.to contain_apache__mod('perl') } 12 | it { is_expected.to contain_package('libapache2-mod-perl2') } 13 | end 14 | 15 | context 'on a RedHat OS' do 16 | include_examples 'RedHat 8' 17 | 18 | it { is_expected.to contain_class('apache::params') } 19 | it { is_expected.to contain_apache__mod('perl') } 20 | it { is_expected.to contain_package('mod_perl') } 21 | end 22 | 23 | context 'on a FreeBSD OS' do 24 | include_examples 'FreeBSD 9' 25 | 26 | it { is_expected.to contain_class('apache::params') } 27 | it { is_expected.to contain_apache__mod('perl') } 28 | it { is_expected.to contain_package('www/mod_perl2') } 29 | end 30 | 31 | context 'on a Gentoo OS' do 32 | include_examples 'Gentoo' 33 | 34 | it { is_expected.to contain_class('apache::params') } 35 | it { is_expected.to contain_apache__mod('perl') } 36 | it { is_expected.to contain_package('www-apache/mod_perl') } 37 | end 38 | end 39 | -------------------------------------------------------------------------------- /spec/classes/mod/peruser_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::peruser', type: :class do 6 | let :pre_condition do 7 | 'class { "apache": mpm_module => false, }' 8 | end 9 | 10 | context 'on a FreeBSD OS' do 11 | include_examples 'FreeBSD 10' 12 | 13 | it { is_expected.to compile.and_raise_error(%r{Unsupported osfamily FreeBSD}) } 14 | end 15 | 16 | context 'on a Gentoo OS' do 17 | include_examples 'Gentoo' 18 | 19 | it { is_expected.to contain_class('apache::params') } 20 | it { is_expected.not_to contain_apache__mod('peruser') } 21 | it { is_expected.to contain_file('/etc/apache2/modules.d/peruser.conf').with_ensure('file') } 22 | end 23 | end 24 | -------------------------------------------------------------------------------- /spec/classes/mod/proxy_connect_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::proxy_connect', type: :class do 6 | let :pre_condition do 7 | [ 8 | 'include apache::mod::proxy', 9 | ] 10 | end 11 | 12 | include_examples 'a mod class, without including apache' 13 | 14 | it { is_expected.to contain_apache__mod('proxy_connect') } 15 | end 16 | -------------------------------------------------------------------------------- /spec/classes/mod/proxy_http2_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::proxy_http2' do 6 | on_supported_os.each do |os, os_facts| 7 | context "on #{os}" do 8 | let(:facts) { os_facts } 9 | 10 | it { is_expected.to compile.with_all_deps } 11 | it { is_expected.to contain_class('apache::mod::proxy') } 12 | it { is_expected.to contain_apache__mod('proxy_http2') } 13 | end 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /spec/classes/mod/proxy_http_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::proxy_http' do 6 | on_supported_os.each do |os, os_facts| 7 | context "on #{os}" do 8 | let(:facts) { os_facts } 9 | 10 | it { is_expected.to compile.with_all_deps } 11 | it { is_expected.to contain_class('apache::mod::proxy') } 12 | it { is_expected.to contain_apache__mod('proxy_http') } 13 | end 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /spec/classes/mod/proxy_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::proxy', type: :class do 6 | it_behaves_like 'a mod class, without including apache' 7 | 8 | on_supported_os.each do |os, os_facts| 9 | context "On #{os}" do 10 | let :facts do 11 | os_facts 12 | end 13 | 14 | it { is_expected.to contain_file('proxy.conf').with_content(%r{ProxyRequests Off}) } 15 | it { is_expected.to contain_file('proxy.conf').without_content(%r{ProxyTimeout}) } 16 | 17 | context 'with parameters set' do 18 | let(:params) do 19 | { proxy_timeout: 12_345 } 20 | end 21 | 22 | it { is_expected.to contain_file('proxy.conf').with_content(%r{ProxyTimeout 12345}) } 23 | end 24 | end 25 | end 26 | end 27 | -------------------------------------------------------------------------------- /spec/classes/mod/proxy_wstunnel.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::proxy_wstunnel', type: :class do 6 | it_behaves_like 'a mod class, without including apache' 7 | end 8 | -------------------------------------------------------------------------------- /spec/classes/mod/python_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::python', type: :class do 6 | it_behaves_like 'a mod class, without including apache' 7 | 8 | context 'on a Debian OS' do 9 | include_examples 'Debian 11' 10 | 11 | it { is_expected.to contain_class('apache::params') } 12 | it { is_expected.to contain_apache__mod('python') } 13 | it { is_expected.to contain_package('libapache2-mod-python') } 14 | end 15 | 16 | context 'on a RedHat OS' do 17 | include_examples 'RedHat 8' 18 | 19 | it { is_expected.to contain_class('apache::params') } 20 | it { is_expected.to contain_apache__mod('python') } 21 | it { is_expected.to contain_package('mod_python') } 22 | it { is_expected.to contain_file('python.load').with_path('/etc/httpd/conf.modules.d/python.load') } 23 | 24 | describe 'with loadfile_name specified' do 25 | let :params do 26 | { loadfile_name: 'FooBar' } 27 | end 28 | 29 | it { is_expected.to contain_file('FooBar').with_path('/etc/httpd/conf.modules.d/FooBar') } 30 | end 31 | end 32 | 33 | context 'on a FreeBSD OS' do 34 | include_examples 'FreeBSD 9' 35 | 36 | it { is_expected.to contain_class('apache::params') } 37 | it { is_expected.to contain_apache__mod('python') } 38 | it { is_expected.to contain_package('www/mod_python3') } 39 | end 40 | 41 | context 'on a Gentoo OS' do 42 | include_examples 'Gentoo' 43 | 44 | it { is_expected.to contain_class('apache::params') } 45 | it { is_expected.to contain_apache__mod('python') } 46 | it { is_expected.to contain_package('www-apache/mod_python') } 47 | end 48 | end 49 | -------------------------------------------------------------------------------- /spec/classes/mod/shib_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::shib', type: :class do 6 | it_behaves_like 'a mod class, without including apache' 7 | context 'on a Debian OS' do 8 | include_examples 'Debian 11' 9 | 10 | describe 'with no parameters' do 11 | it { is_expected.to contain_apache__mod('shib2').with_id('mod_shib') } 12 | end 13 | end 14 | 15 | context 'on a RedHat OS' do 16 | include_examples 'RedHat 8' 17 | 18 | describe 'with no parameters' do 19 | it { is_expected.to contain_apache__mod('shib2').with_id('mod_shib') } 20 | end 21 | end 22 | end 23 | -------------------------------------------------------------------------------- /spec/classes/mod/speling_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::speling', type: :class do 6 | it_behaves_like 'a mod class, without including apache' 7 | context 'on a Debian OS' do 8 | include_examples 'Debian 11' 9 | 10 | it { is_expected.to contain_apache__mod('speling') } 11 | end 12 | 13 | context 'on a RedHat OS' do 14 | include_examples 'RedHat 8' 15 | 16 | it { is_expected.to contain_apache__mod('speling') } 17 | end 18 | end 19 | -------------------------------------------------------------------------------- /spec/classes/mod/watchdog_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::mod::watchdog', type: :class do 6 | it_behaves_like 'a mod class, without including apache' 7 | 8 | on_supported_os.each do |os, os_facts| 9 | context "On #{os}" do 10 | let :facts do 11 | os_facts 12 | end 13 | 14 | if os_facts[:os]['family'] == 'Debian' 15 | it { is_expected.not_to contain_apache__mod('watchdog') } 16 | else 17 | it { is_expected.to contain_apache__mod('watchdog') } 18 | end 19 | 20 | context 'with default configuration' do 21 | it { is_expected.not_to contain_file('watchdog.conf') } 22 | end 23 | 24 | context 'with custom configuration' do 25 | let(:params) do 26 | { 27 | watchdog_interval: 5 28 | } 29 | end 30 | 31 | it { is_expected.to contain_file('watchdog.conf').with_content(%r{^WatchdogInterval 5$}) } 32 | end 33 | end 34 | end 35 | end 36 | -------------------------------------------------------------------------------- /spec/classes/params_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::params', type: :class do 6 | context 'On a Debian OS' do 7 | include_examples 'Debian 11' 8 | 9 | it { is_expected.to compile.with_all_deps } 10 | it { is_expected.to have_resource_count(0) } 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /spec/classes/vhosts_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::vhosts', type: :class do 6 | context 'on all OSes' do 7 | include_examples 'RedHat 8' 8 | 9 | context 'with custom vhosts parameter' do 10 | let :params do 11 | { 12 | vhosts: { 13 | 'custom_vhost_1' => { 14 | 'docroot' => '/var/www/custom_vhost_1', 15 | 'port' => 81 16 | }, 17 | 'custom_vhost_2' => { 18 | 'docroot' => '/var/www/custom_vhost_2', 19 | 'port' => 82 20 | } 21 | } 22 | } 23 | end 24 | 25 | it { is_expected.to contain_apache__vhost('custom_vhost_1') } 26 | it { is_expected.to contain_apache__vhost('custom_vhost_2') } 27 | end 28 | end 29 | end 30 | -------------------------------------------------------------------------------- /spec/default_facts.yml: -------------------------------------------------------------------------------- 1 | # Use default_module_facts.yml for module specific facts. 2 | # 3 | # Facts specified here will override the values provided by rspec-puppet-facts. 4 | --- 5 | networking: 6 | ip: "172.16.254.254" 7 | ip6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA" 8 | mac: "AA:AA:AA:AA:AA:AA" 9 | is_pe: false 10 | -------------------------------------------------------------------------------- /spec/defines/balancermember_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::balancermember', type: :define do 6 | let :pre_condition do 7 | 'include apache' 8 | end 9 | 10 | include_examples 'Debian 11' 11 | 12 | describe 'allows multiple balancermembers with the same url' do 13 | let :pre_condition do 14 | 'include apache 15 | apache::balancer {"balancer":} 16 | apache::balancer {"balancer-external":} 17 | apache::balancermember {"http://127.0.0.1:8080-external": url => "http://127.0.0.1:8080/", balancer_cluster => "balancer-external"} 18 | ' 19 | end 20 | let :title do 21 | 'http://127.0.0.1:8080/' 22 | end 23 | let :params do 24 | { 25 | options: [], 26 | url: 'http://127.0.0.1:8080/', 27 | balancer_cluster: 'balancer-internal' 28 | } 29 | end 30 | 31 | it { is_expected.to contain_concat__fragment('BalancerMember http://127.0.0.1:8080/') } 32 | end 33 | 34 | describe 'allows balancermember with a different target' do 35 | let :pre_condition do 36 | 'include apache 37 | apache::balancer {"balancername": target => "/etc/apache/balancer.conf"} 38 | apache::balancermember {"http://127.0.0.1:8080-external": url => "http://127.0.0.1:8080/", balancer_cluster => "balancername"} 39 | ' 40 | end 41 | let :title do 42 | 'http://127.0.0.1:8080/' 43 | end 44 | let :params do 45 | { 46 | options: [], 47 | url: 'http://127.0.0.1:8080/', 48 | balancer_cluster: 'balancername' 49 | } 50 | end 51 | 52 | it { 53 | expect(subject).to contain_concat__fragment('BalancerMember http://127.0.0.1:8080/').with(target: 'apache_balancer_balancername') 54 | } 55 | end 56 | end 57 | -------------------------------------------------------------------------------- /spec/defines/modsec_link_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::security::rule_link', type: :define do 6 | let :pre_condition do 7 | 'class { "apache": } 8 | class { "apache::mod::security": activated_rules => [] } 9 | ' 10 | end 11 | 12 | let :title do 13 | 'base_rules/modsecurity_35_bad_robots.data' 14 | end 15 | 16 | on_supported_os.each do |os, facts| 17 | context "on #{os}" do 18 | let :facts do 19 | facts 20 | end 21 | 22 | it { is_expected.to compile.with_all_deps } 23 | 24 | case facts[:os]['family'] 25 | when 'RedHat' 26 | if facts[:os]['release']['major'].to_i <= 7 27 | it { 28 | expect(subject).to contain_file('modsecurity_35_bad_robots.data').with( 29 | path: '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data', 30 | target: '/usr/lib/modsecurity.d/base_rules/modsecurity_35_bad_robots.data', 31 | ) 32 | } 33 | else 34 | it { 35 | expect(subject).to contain_file('modsecurity_35_bad_robots.data').with( 36 | path: '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data', 37 | target: '/usr/share/mod_modsecurity_crs/base_rules/modsecurity_35_bad_robots.data', 38 | ) 39 | } 40 | end 41 | when 'Debian' 42 | it { 43 | expect(subject).to contain_file('modsecurity_35_bad_robots.data').with( 44 | path: '/etc/modsecurity/activated_rules/modsecurity_35_bad_robots.data', 45 | target: '/usr/share/modsecurity-crs/base_rules/modsecurity_35_bad_robots.data', 46 | ) 47 | } 48 | end 49 | end 50 | end 51 | end 52 | -------------------------------------------------------------------------------- /spec/fixtures/files/negotiation.conf: -------------------------------------------------------------------------------- 1 | # This is a file only for spec testing 2 | 3 | LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW 4 | ForceLanguagePriority Prefer Fallback 5 | -------------------------------------------------------------------------------- /spec/fixtures/files/spec: -------------------------------------------------------------------------------- 1 | # This is a file only for spec testing 2 | -------------------------------------------------------------------------------- /spec/fixtures/site_apache/templates/fake.conf.epp: -------------------------------------------------------------------------------- 1 | Fake template for rspec. 2 | -------------------------------------------------------------------------------- /spec/fixtures/templates/negotiation.conf.erb: -------------------------------------------------------------------------------- 1 | # This is a template only for spec testing 2 | 3 | LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW 4 | ForceLanguagePriority Prefer Fallback 5 | -------------------------------------------------------------------------------- /spec/functions/authz_core_config_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'apache::authz_core_config' do 6 | let(:input1) do 7 | { 8 | 'Require' => [ 9 | 'user foo', 10 | 'user bar', 11 | ] 12 | } 13 | end 14 | 15 | let(:input2) do 16 | { 17 | 'require_all' => { 18 | 'require_any' => { 19 | 'require' => ['user superadmin'], 20 | 'require_all' => { 21 | 'require' => ['group admins', 'ldap-group "cn=Administrators,o=Airius"'] 22 | } 23 | }, 24 | 'require_none' => { 25 | 'require' => ['group temps', 'ldap-group "cn=Temporary Employees,o=Airius"'] 26 | } 27 | } 28 | } 29 | end 30 | let(:output2) do 31 | [ 32 | ' ', 33 | ' ', 34 | ' Require user superadmin', 35 | ' ', 36 | ' Require group admins', 37 | ' Require ldap-group "cn=Administrators,o=Airius"', 38 | ' ', 39 | ' ', 40 | ' ', 41 | ' Require group temps', 42 | ' Require ldap-group "cn=Temporary Employees,o=Airius"', 43 | ' ', 44 | ' ', 45 | ] 46 | end 47 | 48 | it { is_expected.to run.with_params(nil).and_raise_error(StandardError) } 49 | it { is_expected.to run.with_params([]).and_raise_error(StandardError) } 50 | it { is_expected.to run.with_params({}).and_return([]) } 51 | it { is_expected.to run.with_params(input1).and_return([' Require user foo', ' Require user bar']) } 52 | it { is_expected.to run.with_params(input2).and_return(output2) } 53 | end 54 | -------------------------------------------------------------------------------- /spec/functions/bool2httpd_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | shared_examples 'apache::bool2httpd function' do 6 | it { is_expected.not_to eq(nil) } 7 | it { is_expected.to run.with_params.and_raise_error(ArgumentError) } 8 | it { is_expected.to run.with_params('1', '2').and_raise_error(ArgumentError) } 9 | it { is_expected.to run.with_params(true).and_return('On') } 10 | it { is_expected.to run.with_params('true').and_return('On') } 11 | 12 | it 'expected to return a string "On"' do 13 | expect(subject.execute(true)).to be_an_instance_of(String) 14 | end 15 | 16 | it { is_expected.to run.with_params(false).and_return('Off') } 17 | it { is_expected.to run.with_params('false').and_return('Off') } 18 | 19 | it 'expected to return a string "Off"' do 20 | expect(subject.execute(false)).to be_an_instance_of(String) 21 | end 22 | 23 | it { is_expected.to run.with_params('mail').and_return('mail') } 24 | it { is_expected.to run.with_params(nil).and_return('Off') } 25 | it { is_expected.to run.with_params(:undef).and_return('Off') } 26 | it { is_expected.to run.with_params('foo').and_return('foo') } 27 | end 28 | 29 | describe 'apache::bool2httpd' do 30 | it_behaves_like 'apache::bool2httpd function' 31 | 32 | describe 'deprecated non-namespaced shim' do 33 | describe 'bool2httpd', type: :puppet_function do 34 | it_behaves_like 'apache::bool2httpd function' 35 | end 36 | end 37 | end 38 | -------------------------------------------------------------------------------- /spec/functions/pw_hash_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | shared_examples 'apache::pw_hash function' do 6 | it { is_expected.not_to eq(nil) } 7 | it { is_expected.to run.with_params.and_raise_error(ArgumentError) } 8 | it { is_expected.to run.with_params('').and_raise_error(ArgumentError) } 9 | it { is_expected.to run.with_params(1).and_raise_error(ArgumentError) } 10 | it { is_expected.to run.with_params(true).and_raise_error(ArgumentError) } 11 | it { is_expected.to run.with_params({}).and_raise_error(ArgumentError) } 12 | it { is_expected.to run.with_params([]).and_raise_error(ArgumentError) } 13 | it { is_expected.to run.with_params('test').and_return('{SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=') } 14 | end 15 | 16 | describe 'apache::pw_hash' do 17 | it_behaves_like 'apache::pw_hash function' 18 | 19 | describe 'deprecated shims' do 20 | describe 'apache_pw_hash', type: :puppet_function do 21 | it_behaves_like 'apache::pw_hash function' 22 | end 23 | 24 | describe 'apache::apache_pw_hash', type: :puppet_function do 25 | it_behaves_like 'apache::pw_hash function' 26 | end 27 | end 28 | end 29 | -------------------------------------------------------------------------------- /spec/spec_helper_acceptance.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'puppet_litmus' 4 | require 'spec_helper_acceptance_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_acceptance_local.rb')) 5 | 6 | PuppetLitmus.configure! 7 | ApacheModTestFilterHelper.instance.initialize_ampc(os) 8 | -------------------------------------------------------------------------------- /spec/type_aliases/loglevel_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'Apache::LogLevel' do 6 | [ 7 | 'info', 8 | 'warn ssl:info', 9 | 'warn mod_ssl.c:info', 10 | 'warn mod_ssl.c:info', 11 | 'warn ssl_module:info', 12 | 'trace4', 13 | 'ssl:info', 14 | ].each do |allowed_value| 15 | it { is_expected.to allow_value(allowed_value) } 16 | end 17 | 18 | [ 19 | 'garbage', 20 | '', 21 | [], 22 | ['info'], 23 | 'thisiswarning', 24 | 'errorerror', 25 | ].each do |invalid_value| 26 | it { is_expected.not_to allow_value(invalid_value) } 27 | end 28 | end 29 | -------------------------------------------------------------------------------- /spec/type_aliases/modproxy_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'Apache::ModProxyProtocol' do 6 | [ 7 | 'ajp://www.example.com', 8 | 'fcgi://www.example.com', 9 | 'ftp://www.example.com', 10 | 'h2://www.example.com', 11 | 'h2c://www.example.com', 12 | 'http://www.example.com', 13 | 'https://www.example.com', 14 | 'scgi://www.example.com', 15 | 'uwsgi://www.example.com', 16 | 'ws://www.example.com', 17 | 'wss://www.example.com', 18 | 'unix:/path/to/unix.socket', 19 | ].each do |allowed_value| 20 | it { is_expected.to allow_value(allowed_value) } 21 | end 22 | end 23 | -------------------------------------------------------------------------------- /spec/type_aliases/vhost_priority_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'Apache::Vhost::Priority' do 6 | # Pattern 7 | it { is_expected.to allow_value('10') } 8 | it { is_expected.to allow_value('010') } 9 | it { is_expected.not_to allow_value('') } 10 | it { is_expected.not_to allow_value('a') } 11 | it { is_expected.not_to allow_value('a1') } 12 | it { is_expected.not_to allow_value('1a') } 13 | 14 | # Integer 15 | it { is_expected.to allow_value(0) } 16 | it { is_expected.to allow_value(1) } 17 | 18 | # Boolean 19 | it { is_expected.to allow_value(true) } # Technically an illegal value 20 | it { is_expected.to allow_value(false) } 21 | 22 | it { is_expected.not_to allow_value(nil) } 23 | end 24 | -------------------------------------------------------------------------------- /tasks/init.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Allows you to perform apache service functions", 3 | "input_method": "stdin", 4 | "parameters": { 5 | "action": { 6 | "description": "Action to perform ", 7 | "type": "Enum[reload]" 8 | }, 9 | "service_name": { 10 | "description": "The name of the apache service ", 11 | "type": "Optional[String[1]]" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /tasks/init.rb: -------------------------------------------------------------------------------- 1 | #!/opt/puppetlabs/puppet/bin/ruby 2 | # frozen_string_literal: true 3 | 4 | require 'json' 5 | require 'open3' 6 | require 'puppet' 7 | 8 | def service(action, service_name) 9 | if service_name.nil? 10 | stdout, _stderr, _status = Open3.capture3('facter', '-p', 'osfamily') 11 | osfamily = stdout.strip 12 | service_name = if osfamily == 'RedHat' 13 | 'httpd' 14 | elsif osfamily == 'FreeBSD' 15 | 'apache24' 16 | else 17 | 'apache2' 18 | end 19 | end 20 | _stdout, stderr, status = Open3.capture3('service', service_name, action) 21 | raise Puppet::Error, stderr if status != 0 22 | 23 | { status: "#{action} successful" } 24 | end 25 | 26 | params = JSON.parse($stdin.read) 27 | action = params['action'] 28 | service_name = params['service_name'] 29 | 30 | begin 31 | result = service(action, service_name) 32 | puts result.to_json 33 | exit 0 34 | rescue Puppet::Error => e 35 | puts({ status: 'failure', error: e.message }.to_json) 36 | exit 1 37 | end 38 | -------------------------------------------------------------------------------- /templates/confd/no-accf.conf.epp: -------------------------------------------------------------------------------- 1 | 2 | AcceptFilter http none 3 | AcceptFilter https none 4 | 5 | -------------------------------------------------------------------------------- /templates/fastcgi/server.epp: -------------------------------------------------------------------------------- 1 | <% 2 | $timeout_updated = " -idle-timeout #{$timeout}" 3 | 4 | if $flush { 5 | $flush_updated = " -flush" 6 | } else { 7 | $flush_updated = "" 8 | } 9 | if $socket { 10 | $host_or_socket = " -socket #{$socket}" 11 | } else { 12 | $host_or_socket = " -host #{$host}" 13 | } 14 | if $pass_header and !$pass_header.empty { 15 | $pass_header_updated = " -pass-header #{$pass_header}" 16 | } else { 17 | $pass_header_updated = "" 18 | } 19 | 20 | $options = $timeout_updated + $flush_updated + $host_or_socket + $pass_header_updated 21 | -%> 22 | FastCGIExternalServer <%= $faux_path %><%= $options %> 23 | Alias <%= $fcgi_alias %> <%= $faux_path %> 24 | Action <%= $file_type %> <%= $fcgi_alias %> 25 | -------------------------------------------------------------------------------- /templates/fastcgi/server.erb: -------------------------------------------------------------------------------- 1 | <% 2 | timeout = " -idle-timeout #{@timeout}" 3 | flush = "" 4 | if @flush 5 | flush = " -flush" 6 | end 7 | if @socket 8 | host_or_socket = " -socket #{@socket}" 9 | else 10 | host_or_socket = " -host #{@host}" 11 | end 12 | 13 | pass_header = "" 14 | if @pass_header and ! @pass_header.empty? 15 | pass_header = " -pass-header #{@pass_header}" 16 | end 17 | 18 | options = timeout + flush + host_or_socket + pass_header 19 | -%> 20 | FastCGIExternalServer <%= @faux_path %><%= options %> 21 | Alias <%= @fcgi_alias %> <%= @faux_path %> 22 | Action <%= @file_type %> <%= @fcgi_alias %> 23 | -------------------------------------------------------------------------------- /templates/listen.epp: -------------------------------------------------------------------------------- 1 | <%# Listen should always be one of: 2 | - 3 | - : 4 | - [ 5 | -%> 6 | Listen <%= $listen_addr_port %> 7 | -------------------------------------------------------------------------------- /templates/mod/_allow.epp: -------------------------------------------------------------------------------- 1 | Order deny,allow 2 | Deny from all 3 | <% if $allow_from and !$allow_from.empty { -%> 4 | Allow from <%= Array($allow_from).join(" ") %> 5 | <% } else { -%> 6 | Allow from <%= Array($allow_defaults).join(" ") %> 7 | <% } -%> 8 | -------------------------------------------------------------------------------- /templates/mod/_require.epp: -------------------------------------------------------------------------------- 1 | <% $_requires = if $requires { %>$requires<% } else {%>$requires_defaults<%} %> 2 | <% if type($_requires, 'generalized') == String { %> 3 | <%- if !($_requires.downcase in ['', 'unmanaged']) { -%> 4 | Require <%= $_requires %> 5 | <%- } -%> 6 | <% }elsif String(type($_requires, 'generalized')).index('Array') == 0 { -%> 7 | <%- $_requires.each |$req| { -%> 8 | Require <%= $req %> 9 | <%- } -%> 10 | <% }elsif String(type($_requires, 'generalized')).index('Hash') == 0 { -%> 11 | <%- if $_requires['enforce'] and $_requires['enforce'].downcase in ['all', 'none', 'any'] { -%> 12 | <%- $enforce_str = "Require${_requires['enforce'].capitalize}>\n" -%> 13 | <%- $enforce_open = " <${enforce_str}" -%> 14 | <%- $enforce_close = " 15 | <%- $indentation = ' ' -%> 16 | <%- } else { -%> 17 | <%- if $_requires['enforce'] { -%> 18 | <%- scope.function_warning(["Class #{@title}: Require can only be overwritten with all, none or any."]) -%> 19 | <%- } -%> 20 | <%- $enforce_open = '' -%> 21 | <%- $enforce_close = '' -%> 22 | <%- $indentation = '' -%> 23 | <%- } -%> 24 | <%- if $_requires['requires'] and String(type($_requires['requires'], 'generalized')).index('Array') == 0 { -%> 25 | <%# %><%= $enforce_open -%> 26 | <%- $_requires['requires'].each |$req| { -%> 27 | <%# %> <%= $indentation -%>Require <%= $req %> 28 | <%- } -%> 29 | <%# %><%= $enforce_close -%> 30 | <%- } else { -%> 31 | <%- scope.function_warning(["Class #{@title}: Require hash must have a key named \"requires\" with array value"]) -%> 32 | <%- } -%> 33 | <% } -%> 34 | -------------------------------------------------------------------------------- /templates/mod/_require.erb: -------------------------------------------------------------------------------- 1 | <% _requires = @requires != nil ? @requires : @requires_defaults -%> 2 | <% if _requires.is_a?(String) -%> 3 | <%- if ! ['', 'unmanaged'].include?_requires.downcase -%> 4 | Require <%= _requires %> 5 | <%- end -%> 6 | <% elsif _requires.is_a?(Array) -%> 7 | <%- _requires.each do |req| -%> 8 | Require <%= req %> 9 | <%- end -%> 10 | <% elsif _requires.is_a?(Hash) -%> 11 | <%- if _requires.has_key?('enforce') and ['all', 'none', 'any'].include?_requires['enforce'].downcase -%> 12 | <%- enforce_str = "Require#{_requires['enforce'].capitalize}>\n" -%> 13 | <%- enforce_open = " <#{enforce_str}" -%> 14 | <%- enforce_close = " 15 | <%- indentation = ' ' -%> 16 | <%- else -%> 17 | <%- if _requires.has_key?('enforce') -%> 18 | <%- scope.function_warning(["Class #{@title}: Require can only be overwritten with all, none or any."]) -%> 19 | <%- end -%> 20 | <%- enforce_open = '' -%> 21 | <%- enforce_close = '' -%> 22 | <%- indentation = '' -%> 23 | <%- end -%> 24 | <%- if _requires.has_key?('requires') and _requires['requires'].is_a?(Array) -%> 25 | <%# %><%= enforce_open -%> 26 | <%- _requires['requires'].each do |req| -%> 27 | <%# %> <%= indentation -%>Require <%= req %> 28 | <%- end -%> 29 | <%# %><%= enforce_close -%> 30 | <%- else -%> 31 | <%- scope.function_warning(["Class #{@title}: Require hash must have a key named \"requires\" with array value"]) -%> 32 | <%- end -%> 33 | <% end -%> 34 | -------------------------------------------------------------------------------- /templates/mod/alias.conf.epp: -------------------------------------------------------------------------------- 1 | 2 | Alias /<%= $icons_prefix %>/ "<%= $icons_path %>/" 3 | "> 4 | Options <%= $icons_options %> 5 | AllowOverride None 6 | Require all granted 7 | 8 | 9 | -------------------------------------------------------------------------------- /templates/mod/auth_mellon.conf.epp: -------------------------------------------------------------------------------- 1 | <%- if $mellon_cache_size { -%> 2 | MellonCacheSize <%= $mellon_cache_size %> 3 | <%- } -%> 4 | <%- if $mellon_cache_entry_size { -%> 5 | MellonCacheEntrySize <%= $mellon_cache_entry_size %> 6 | <%- } -%> 7 | <%- if $mellon_lock_file { -%> 8 | MellonLockFile "<%= $mellon_lock_file %>" 9 | <%- } -%> 10 | <%- if $mellon_post_directory { -%> 11 | MellonPostDirectory "<%= $mellon_post_directory %>" 12 | <%- } -%> 13 | <%- if $mellon_post_ttl { -%> 14 | MellonPostTTL <%= $mellon_post_ttl %> 15 | <%- } -%> 16 | <%- if $mellon_post_size { -%> 17 | MellonPostSize <%= $mellon_post_size %> 18 | <%- } -%> 19 | <%- if $mellon_post_count { -%> 20 | MellonPostCount <%= $mellon_post_count %> 21 | <%- } -%> 22 | -------------------------------------------------------------------------------- /templates/mod/authn_dbd.conf.epp: -------------------------------------------------------------------------------- 1 | #Database Management 2 | DBDriver <%= $authn_dbd_dbdriver %> 3 | 4 | #Connection string: database name and login credentials 5 | DBDParams "<%= $authn_dbd_params %>" 6 | 7 | #Parameters for Connection Pool Management 8 | DBDMin <%= $authn_dbd_min %> 9 | DBDMax <%= $authn_dbd_max %> 10 | DBDKeep <%= $authn_dbd_keep %> 11 | DBDExptime <%= $authn_dbd_exptime %> 12 | 13 | <%- if $authn_dbd_alias { -%> 14 | > 15 | AuthDBDUserPWQuery "<%= $authn_dbd_query %>" 16 | 17 | <%- } -%> 18 | -------------------------------------------------------------------------------- /templates/mod/authnz_ldap.conf.epp: -------------------------------------------------------------------------------- 1 | LDAPVerifyServerCert <%= apache::bool2httpd($verify_server_cert) %> 2 | -------------------------------------------------------------------------------- /templates/mod/cache.conf.epp: -------------------------------------------------------------------------------- 1 | <% | 2 | Optional[Array[String[1]]] $cache_ignore_headers = undef, 3 | Optional[Integer] $cache_default_expire = undef, 4 | Optional[Integer] $cache_max_expire = undef, 5 | Optional[Apache::OnOff] $cache_ignore_no_lastmod = undef, 6 | Optional[Apache::OnOff] $cache_header = undef, 7 | Optional[Apache::OnOff] $cache_lock = undef, 8 | Optional[Apache::OnOff] $cache_ignore_cache_control = undef, 9 | | -%> 10 | <%- if $cache_default_expire { -%> 11 | CacheDefaultExpire <%= $cache_default_expire %> 12 | <%- } -%> 13 | <%- if $cache_max_expire { -%> 14 | CacheMaxExpire <%= $cache_max_expire %> 15 | <%- } -%> 16 | <%- if $cache_ignore_no_lastmod { -%> 17 | CacheIgnoreNoLastMod <%= $cache_ignore_no_lastmod %> 18 | <%- } -%> 19 | <%- if $cache_header { -%> 20 | CacheHeader <%= $cache_header %> 21 | <%- } -%> 22 | <%- if $cache_lock { -%> 23 | CacheLock <%= $cache_lock %> 24 | <%- } -%> 25 | <%- if $cache_ignore_cache_control { -%> 26 | CacheIgnoreCacheControl <%= $cache_ignore_cache_control %> 27 | <%- } -%> 28 | <%- if ! empty($cache_ignore_headers) { -%> 29 | CacheIgnoreHeaders <%= $cache_ignore_headers.sort.join(' ') %> 30 | <%- } -%> 31 | -------------------------------------------------------------------------------- /templates/mod/cache_disk.conf.epp: -------------------------------------------------------------------------------- 1 | <% | 2 | Optional[String] $cache_root = undef, 3 | Array[String] $cache_enable = [], 4 | Optional[Integer] $cache_dir_length = undef, 5 | Optional[Integer] $cache_dir_levels = undef, 6 | Optional[Integer] $cache_max_filesize = undef, 7 | Optional[String] $cache_ignore_headers = undef, 8 | | -%> 9 | <%- if $cache_enable { -%> 10 | <%- $cache_enable.each |$enable| { -%> 11 | CacheEnable disk <%= $enable %> 12 | <%- } -%> 13 | <%- } -%> 14 | CacheRoot "<%= $cache_root %>" 15 | <%- if $cache_dir_levels { -%> 16 | CacheDirLevels <%= $cache_dir_levels %> 17 | <%- } -%> 18 | <%- if $cache_dir_length { -%> 19 | CacheDirLength <%= $cache_dir_length %> 20 | <%- } -%> 21 | <%- if $cache_max_filesize { -%> 22 | CacheMaxFileSize <%= $cache_max_filesize %> 23 | <%- } -%> 24 | <%- if $cache_ignore_headers { -%> 25 | CacheIgnoreHeaders <%= $cache_ignore_headers -%> 26 | <%- } -%> 27 | -------------------------------------------------------------------------------- /templates/mod/cgid.conf.epp: -------------------------------------------------------------------------------- 1 | ScriptSock "<%= $cgisock_path %>" 2 | -------------------------------------------------------------------------------- /templates/mod/cluster.conf.epp: -------------------------------------------------------------------------------- 1 | Listen <%= $ip %>:<%= $port %> 2 | :<%= $port %>> 3 | 4 | Order deny,allow 5 | Deny from all 6 | Allow from <%= $allowed_network %> 7 | 8 | 9 | KeepAliveTimeout <%= $keep_alive_timeout %> 10 | MaxKeepAliveRequests <%= $max_keep_alive_requests %> 11 | EnableMCPMReceive <%= apache::bool2httpd($enable_mcpm_receive) %> 12 | 13 | ManagerBalancerName <%= $balancer_name %> 14 | ServerAdvertise <%= apache::bool2httpd($server_advertise) %> 15 | <%- if $server_advertise == true and $advertise_frequency != undef { -%> 16 | AdvertiseFrequency <%= $advertise_frequency %> 17 | <%- } -%> 18 | 19 | 20 | SetHandler mod_cluster-manager 21 | Order deny,allow 22 | Deny from all 23 | Allow from <%= $manager_allowed_network %> 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /templates/mod/dav_fs.conf.epp: -------------------------------------------------------------------------------- 1 | DAVLockDB "<%= $dav_lock %>" 2 | -------------------------------------------------------------------------------- /templates/mod/deflate.conf.epp: -------------------------------------------------------------------------------- 1 | <%- $types.sort.each |$type| { -%> 2 | AddOutputFilterByType DEFLATE <%= $type %> 3 | <%- } -%> 4 | 5 | <%- Array($notes).sort.each |$values| { -%> 6 | DeflateFilterNote <%= $values[0] %> <%= $values[1] %> 7 | <%- } -%> 8 | -------------------------------------------------------------------------------- /templates/mod/dir.conf.epp: -------------------------------------------------------------------------------- 1 | DirectoryIndex <%= $indexes.join(' ') %> 2 | -------------------------------------------------------------------------------- /templates/mod/dumpio.conf.epp: -------------------------------------------------------------------------------- 1 | # https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html 2 | DumpIOInput "<%= $dump_io_input %>" 3 | DumpIOOutput "<%= $dump_io_output %>" 4 | -------------------------------------------------------------------------------- /templates/mod/event.conf.epp: -------------------------------------------------------------------------------- 1 | 2 | <%- if $serverlimit { -%> 3 | ServerLimit <%= $serverlimit %> 4 | <%- } -%> 5 | <%- if $startservers { -%> 6 | StartServers <%= $startservers %> 7 | <%- } -%> 8 | <%- if $maxrequestworkers { -%> 9 | MaxRequestWorkers <%= $maxrequestworkers %> 10 | <%- } -%> 11 | <%- if $minsparethreads { -%> 12 | MinSpareThreads <%= $minsparethreads %> 13 | <%- } -%> 14 | <%- if $maxsparethreads { -%> 15 | MaxSpareThreads <%= $maxsparethreads %> 16 | <%- } -%> 17 | <%- if $threadsperchild { -%> 18 | ThreadsPerChild <%= $threadsperchild %> 19 | <%- } -%> 20 | <%- if $maxconnectionsperchild { -%> 21 | MaxConnectionsPerChild <%= $maxconnectionsperchild %> 22 | <%- } -%> 23 | <%- if $threadlimit { -%> 24 | ThreadLimit <%= $threadlimit %> 25 | <%- } -%> 26 | <%- if $listenbacklog { -%> 27 | ListenBacklog <%= $listenbacklog %> 28 | <%- } -%> 29 | 30 | -------------------------------------------------------------------------------- /templates/mod/expires.conf.epp: -------------------------------------------------------------------------------- 1 | ExpiresActive <%= apache::bool2httpd($expires_active) %> 2 | <%- if $expires_default != undef and !($expires_default.empty) { -%> 3 | ExpiresDefault "<%= $expires_default %>" 4 | <%- } -%> 5 | <%- if $expires_by_type != undef and !($expires_by_type.empty) { -%> 6 | <%- $expires_by_type.flatten.each |$line| { -%> 7 | <%- $line.map |$type, $seconds| { -%> 8 | ExpiresByType <%= $type %> "<%= $seconds -%>" 9 | <%- } -%> 10 | <%- } -%> 11 | <%- } -%> 12 | -------------------------------------------------------------------------------- /templates/mod/ext_filter.conf.epp: -------------------------------------------------------------------------------- 1 | # mod_ext_filter definitions 2 | <%- Array($ext_filter_define).sort.each |$name_and_value| { -%> 3 | ExtFilterDefine <%= $name_and_value[0] %> <%= $name_and_value[1] %> 4 | <%- } -%> 5 | -------------------------------------------------------------------------------- /templates/mod/fcgid.conf.epp: -------------------------------------------------------------------------------- 1 | 2 | <% $sorted_keys = $options.keys.sort -%> 3 | <% $sorted_keys.each |$key| { -%> 4 | <%= $key %> <%= $options[$key] %> 5 | <% } -%> 6 | 7 | -------------------------------------------------------------------------------- /templates/mod/geoip.conf.epp: -------------------------------------------------------------------------------- 1 | GeoIPEnable <%= apache::bool2httpd($enable) %> 2 | 3 | <%- if $db_file and !($db_file in [ false, 'false', '' ]) { -%> 4 | <%- if String(type($db_file, 'generalized')).index('Array') == 0 { -%> 5 | <%- Array($db_file).each |$file| { -%> 6 | GeoIPDBFile <%= $file %> <%= $flag %> 7 | <%- } -%> 8 | <%- } else { -%> 9 | GeoIPDBFile <%= $db_file %> <%= $flag %> 10 | <%- } -%> 11 | <%- } -%> 12 | GeoIPOutput <%= $output %> 13 | <% if $enable_utf8 != undef { -%> 14 | GeoIPEnableUTF8 <%= apache::bool2httpd($enable_utf8) %> 15 | <% } -%> 16 | <% if $scan_proxy_headers != undef { -%> 17 | GeoIPScanProxyHeaders <%= apache::bool2httpd($scan_proxy_headers) %> 18 | <% } -%> 19 | <% if $scan_proxy_header_field != undef { -%> 20 | GeoIPScanProxyHeaderField <%= $scan_proxy_header_field %> 21 | <% } -%> 22 | <% if $use_last_xforwarededfor_ip != undef { -%> 23 | GeoIPUseLastXForwardedForIP <%= apache::bool2httpd($use_last_xforwarededfor_ip) %> 24 | <% } -%> 25 | 26 | -------------------------------------------------------------------------------- /templates/mod/info.conf.epp: -------------------------------------------------------------------------------- 1 | > 2 | SetHandler server-info 3 | <%- if $restrict_access { -%> 4 | Require ip <%= Array($allow_from).join(" ") %> 5 | <%- } -%> 6 | 7 | -------------------------------------------------------------------------------- /templates/mod/itk.conf.epp: -------------------------------------------------------------------------------- 1 | 2 | StartServers <%= $startservers %> 3 | MinSpareServers <%= $minspareservers %> 4 | MaxSpareServers <%= $maxspareservers %> 5 | ServerLimit <%= $serverlimit %> 6 | MaxClients <%= $maxclients %> 7 | MaxRequestsPerChild <%= $maxrequestsperchild %> 8 | <%- if $enablecapabilities != undef { -%> 9 | EnableCapabilities <%= apache::bool2httpd($enablecapabilities) %> 10 | <%- } -%> 11 | 12 | -------------------------------------------------------------------------------- /templates/mod/jk/uriworkermap.properties.epp: -------------------------------------------------------------------------------- 1 | # This file is generated automatically by Puppet - DO NOT EDIT 2 | # Any manual changes will be overwritten 3 | <%# -%> 4 | <%# mount_file_content should be a hash which keys are workers names -%> 5 | <%# and values are new hashes with two items: -%> 6 | <%# uri_list - Array with URIs to be mapped to worker -%> 7 | <%# comment - Optional comment line -%> 8 | <%# -%> 9 | <%# Example: -%> 10 | <%# # Worker 1 -%> 11 | <%# /context_1/ = worker_1 -%> 12 | <%# /context_1/* = worker_1 -%> 13 | <%# -%> 14 | <%# # Worker 2 -%> 15 | <%# / = worker_2 -%> 16 | <%# /context_2/ = worker_2 -%> 17 | <%# /context_2/* = worker_2 -%> 18 | <%# -%> 19 | <%# should be parameterized as: -%> 20 | <%# $mount_file_content = { -%> 21 | <%# worker_1 => { -%> 22 | <%# uri_list => ['/context_1/', '/context_1/*'], -%> 23 | <%# comment => 'Worker 1', -%> 24 | <%# }, -%> 25 | <%# worker_2 => { -%> 26 | <%# uri_list => ['/context_2/', '/context_2/*'], -%> 27 | <%# comment => 'Worker 2', -%> 28 | <%# }, -%> 29 | <%# }, -%> 30 | <%# -%> 31 | <% Array($mount_file_content).sort.each |$worker_and_directives| { -%> 32 | 33 | <%# Places comment before worker mappings -%> 34 | <% if $worker_and_directives[1]['comment'] { -%> 35 | # <%= $worker_and_directives[1]['comment'] %> 36 | <% } -%> 37 | <% $worker_and_directives[1]['uri_list'].sort.each |$uri| { -%> 38 | <%= $uri %> = <%= $worker_and_directives[0] %> 39 | <% } -%> 40 | <% } -%> 41 | -------------------------------------------------------------------------------- /templates/mod/ldap.conf.epp: -------------------------------------------------------------------------------- 1 | > 2 | SetHandler ldap-status 3 | Require ip 127.0.0.1 ::1 4 | 5 | <% if $ldap_trusted_global_cert_file { -%> 6 | LDAPTrustedGlobalCert <%= $ldap_trusted_global_cert_type %> <%= $ldap_trusted_global_cert_file %> 7 | <% } -%> 8 | <% if $ldap_trusted_mode { -%> 9 | LDAPTrustedMode <%= $ldap_trusted_mode %> 10 | <% } -%> 11 | <%- if $ldap_shared_cache_size { -%> 12 | LDAPSharedCacheSize <%= $ldap_shared_cache_size %> 13 | <%- } -%> 14 | <%- if $ldap_cache_entries { -%> 15 | LDAPCacheEntries <%= $ldap_cache_entries %> 16 | <%- } -%> 17 | <%- if $ldap_cache_ttl { -%> 18 | LDAPCacheTTL <%= $ldap_cache_ttl %> 19 | <%- } -%> 20 | <%- if $ldap_opcache_entries { -%> 21 | LDAPOpCacheEntries <%= $ldap_opcache_entries %> 22 | <%- } -%> 23 | <%- if $ldap_opcache_ttl { -%> 24 | LDAPOpCacheTTL <%= $ldap_opcache_ttl %> 25 | <%- } -%> 26 | -------------------------------------------------------------------------------- /templates/mod/load.epp: -------------------------------------------------------------------------------- 1 | <% if $loadfiles { -%> 2 | <% Array($loadfiles).each |$loadfile| { -%> 3 | LoadFile <%= $loadfile %> 4 | <% } -%> 5 | 6 | <% } -%> 7 | LoadModule <%= $_id %> <%= $_path %> 8 | -------------------------------------------------------------------------------- /templates/mod/mime.conf.epp: -------------------------------------------------------------------------------- 1 | TypesConfig <%= $mime_types_config %> 2 | 3 | AddType application/x-compress .Z 4 | AddType application/x-gzip .gz .tgz 5 | AddType application/x-bzip2 .bz2 6 | 7 | AddLanguage ca .ca 8 | AddLanguage cs .cz .cs 9 | AddLanguage da .dk 10 | AddLanguage de .de 11 | AddLanguage el .el 12 | AddLanguage en .en 13 | AddLanguage eo .eo 14 | AddLanguage es .es 15 | AddLanguage et .et 16 | AddLanguage fr .fr 17 | AddLanguage he .he 18 | AddLanguage hr .hr 19 | AddLanguage it .it 20 | AddLanguage ja .ja 21 | AddLanguage ko .ko 22 | AddLanguage ltz .ltz 23 | AddLanguage nl .nl 24 | AddLanguage nn .nn 25 | AddLanguage no .no 26 | AddLanguage pl .po 27 | AddLanguage pt .pt 28 | AddLanguage pt-BR .pt-br 29 | AddLanguage ru .ru 30 | AddLanguage sv .sv 31 | AddLanguage zh-CN .zh-cn 32 | AddLanguage zh-TW .zh-tw 33 | 34 | <%- Array($_mime_types_additional).sort.each |$add_mime_and_config| { -%> 35 | <%- $add_mime_and_config[1].each |$type, $extension| { %> 36 | <%= $add_mime_and_config[0] %> <%= $type %> <%= $extension %> 37 | <%- } -%> 38 | <% } %> 39 | -------------------------------------------------------------------------------- /templates/mod/mime_magic.conf.epp: -------------------------------------------------------------------------------- 1 | MIMEMagicFile "<%= $_magic_file %>" 2 | -------------------------------------------------------------------------------- /templates/mod/negotiation.conf.epp: -------------------------------------------------------------------------------- 1 | <% if String(type($language_priority, 'generalized')).index('Array') == 0 { -%> 2 | <%- $language_priority_updated = $language_priority.join(' ') -%> 3 | <% } else { -%> 4 | <%- $language_priority_updated = $language_priority -%> 5 | <% } -%> 6 | <% if String(type($force_language_priority, 'generalized')).index('Array') == 0 { -%> 7 | <%- $force_language_priority_updated = $force_language_priority.join(' ') -%> 8 | <% } else { -%> 9 | <%- $force_language_priority_updated = $force_language_priority -%> 10 | <% } -%> 11 | LanguagePriority <%= $language_priority_updated %> 12 | ForceLanguagePriority <%= $force_language_priority_updated %> 13 | -------------------------------------------------------------------------------- /templates/mod/peruser.conf.epp: -------------------------------------------------------------------------------- 1 | 2 | MinSpareProcessors <%= $minspareprocessors %> 3 | MinProcessors <%= $minprocessors %> 4 | MaxProcessors <%= $maxprocessors %> 5 | MaxClients <%= $maxclients %> 6 | MaxRequestsPerChild <%= $maxrequestsperchild %> 7 | IdleTimeout <%= $idletimeout %> 8 | ExpireTimeout <%= $expiretimeout %> 9 | KeepAlive <%= $keepalive %> 10 | Include "<%= $mod_dir %>/peruser/multiplexers/*.conf" 11 | Include "<%= $mod_dir %>/peruser/processors/*.conf" 12 | 13 | -------------------------------------------------------------------------------- /templates/mod/php.conf.erb: -------------------------------------------------------------------------------- 1 | # 2 | # PHP is an HTML-embedded scripting language which attempts to make it 3 | # easy for developers to write dynamically generated webpages. 4 | # 5 | 6 | # 7 | # Cause the PHP interpreter to handle files with a .php extension. 8 | # 9 | )$"> 10 | SetHandler application/x-httpd-php 11 | 12 | 13 | # 14 | # Add index.php to the list of files that will be served as directory 15 | # indexes. 16 | # 17 | DirectoryIndex index.php 18 | 19 | # 20 | # Uncomment the following line to allow PHP to pretty-print .phps 21 | # files as PHP source code: 22 | # 23 | #AddType application/x-httpd-php-source .phps 24 | -------------------------------------------------------------------------------- /templates/mod/prefork.conf.epp: -------------------------------------------------------------------------------- 1 | 2 | StartServers <%= $startservers %> 3 | MinSpareServers <%= $minspareservers %> 4 | MaxSpareServers <%= $maxspareservers %> 5 | ServerLimit <%= $serverlimit %> 6 | <%- if $maxrequestworkers { -%> 7 | MaxRequestWorkers <%= $maxrequestworkers %> 8 | <%- }elsif $maxclients { -%> 9 | MaxClients <%= $maxclients %> 10 | <%- } -%> 11 | <%- if $maxconnectionsperchild { -%> 12 | MaxConnectionsPerChild <%= $maxconnectionsperchild %> 13 | <%- }elsif $maxrequestsperchild { -%> 14 | MaxRequestsPerChild <%= $maxrequestsperchild %> 15 | <%- } -%> 16 | ListenBacklog <%= $listenbacklog %> 17 | 18 | -------------------------------------------------------------------------------- /templates/mod/proxy.conf.epp: -------------------------------------------------------------------------------- 1 | # 2 | # Proxy Server directives. Uncomment the following lines to 3 | # enable the proxy server: 4 | # 5 | 6 | # Do not enable proxying with ProxyRequests until you have secured your 7 | # server. Open proxy servers are dangerous both to your network and to the 8 | # Internet at large. 9 | ProxyRequests <%= $proxy_requests %> 10 | 11 | <% if $proxy_requests != 'Off' or ( $allow_from and ! $allow_from.empty ) { -%> 12 | 13 | <%- if String(type($allow_from, 'generalized')).index('Array') == 0 { -%> 14 | Require ip <%= $allow_from.join(" ") %> 15 | <%- } else { -%> 16 | Require ip <%= $allow_from %> 17 | <%- } -%> 18 | 19 | <% } -%> 20 | 21 | # Enable/disable the handling of HTTP/1.1 "Via:" headers. 22 | # ("Full" adds the server version; "Block" removes all outgoing Via: headers) 23 | # Set to one of: Off | On | Full | Block 24 | ProxyVia <%= $proxy_via %> 25 | 26 | <%- if $proxy_timeout { -%> 27 | ProxyTimeout <%= $proxy_timeout %> 28 | <%- } -%> 29 | <%- if $proxy_iobuffersize { -%> 30 | ProxyIOBufferSize <%= $proxy_iobuffersize %> 31 | <%- } -%> 32 | 33 | -------------------------------------------------------------------------------- /templates/mod/proxy_balancer.conf.epp: -------------------------------------------------------------------------------- 1 | > 2 | SetHandler balancer-manager 3 | Require ip <%= $allow_from.join(" ") %> 4 | 5 | -------------------------------------------------------------------------------- /templates/mod/proxy_html.conf.epp: -------------------------------------------------------------------------------- 1 | ProxyHTMLLinks a href 2 | ProxyHTMLLinks area href 3 | ProxyHTMLLinks link href 4 | ProxyHTMLLinks img src longdesc usemap 5 | ProxyHTMLLinks object classid codebase data usemap 6 | ProxyHTMLLinks q cite 7 | ProxyHTMLLinks blockquote cite 8 | ProxyHTMLLinks ins cite 9 | ProxyHTMLLinks del cite 10 | ProxyHTMLLinks form action 11 | ProxyHTMLLinks input src usemap 12 | ProxyHTMLLinks head profile 13 | ProxyHTMLLinks base href 14 | ProxyHTMLLinks script src for 15 | ProxyHTMLLinks meta content 16 | 17 | ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \ 18 | onmouseover onmousemove onmouseout onkeypress \ 19 | onkeydown onkeyup onfocus onblur onload \ 20 | onunload onsubmit onreset onselect onchange 21 | -------------------------------------------------------------------------------- /templates/mod/reqtimeout.conf.epp: -------------------------------------------------------------------------------- 1 | <% if type($timeouts, 'generalized') == String { -%> 2 | RequestReadTimeout <%= $timeouts -%> 3 | <% } else { -%> 4 | <%- $timeouts.each |$timeout| { -%> 5 | RequestReadTimeout <%= $timeout %> 6 | <%- } -%> 7 | <% } -%> 8 | 9 | -------------------------------------------------------------------------------- /templates/mod/rpaf.conf.epp: -------------------------------------------------------------------------------- 1 | # Enable reverse proxy add forward 2 | RPAFenable On 3 | # RPAFsethostname will, when enabled, take the incoming X-Host header and 4 | # update the virtual host settings accordingly. This allows to have the same 5 | # hostnames as in the "real" configuration for the forwarding proxy. 6 | RPAFsethostname <%= apache::bool2httpd($sethostname) %> 7 | # Which IPs are forwarding requests to us 8 | RPAFproxy_ips <%= Array($proxy_ips).join(" ") %> 9 | # Setting RPAFheader allows you to change the header name to parse from the 10 | # default X-Forwarded-For to something of your choice. 11 | RPAFheader <%= $header %> 12 | -------------------------------------------------------------------------------- /templates/mod/security_custom.conf.epp: -------------------------------------------------------------------------------- 1 | # This file is managed by puppet, any direct modification will be overwritten. 2 | <% if $custom_rules_set and !($custom_rules_set.empty) { -%> 3 | <% $custom_rules_set.each |$secrule| { -%> 4 | SecRule <%= $secrule %> 5 | <% } -%> 6 | <% } -%> -------------------------------------------------------------------------------- /templates/mod/setenvif.conf.epp: -------------------------------------------------------------------------------- 1 | # 2 | # The following directives modify normal HTTP response behavior to 3 | # handle known problems with browser implementations. 4 | # 5 | BrowserMatch "Mozilla/2" nokeepalive 6 | BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 7 | BrowserMatch "RealPlayer 4\.0" force-response-1.0 8 | BrowserMatch "Java/1\.0" force-response-1.0 9 | BrowserMatch "JDK/1\.0" force-response-1.0 10 | 11 | # 12 | # The following directive disables redirects on non-GET requests for 13 | # a directory that does not include the trailing slash. This fixes a 14 | # problem with Microsoft WebFolders which does not appropriately handle 15 | # redirects for folders with DAV methods. 16 | # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. 17 | # 18 | BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully 19 | BrowserMatch "MS FrontPage" redirect-carefully 20 | BrowserMatch "^WebDrive" redirect-carefully 21 | BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully 22 | BrowserMatch "^gnome-vfs/1.0" redirect-carefully 23 | BrowserMatch "^gvfs/1" redirect-carefully 24 | BrowserMatch "^XML Spy" redirect-carefully 25 | BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully 26 | BrowserMatch " Konqueror/4" redirect-carefully 27 | 28 | 29 | BrowserMatch "MSIE [2-6]" \ 30 | nokeepalive ssl-unclean-shutdown \ 31 | downgrade-1.0 force-response-1.0 32 | # MSIE 7 and newer should be able to use keepalive 33 | BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown 34 | 35 | -------------------------------------------------------------------------------- /templates/mod/status.conf.epp: -------------------------------------------------------------------------------- 1 | > 2 | SetHandler server-status 3 | <%# From Puppet 4.2 up, replace: -%> 4 | <%# "scope.function_template(["apache/mod/