# # Puppet module for Apache # # This module is distributed under the GNU Affero General Public License: # # Backup module for puppet # Copyright (C) 2009 Sarava Group # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # # Using code from Debian Apache2 recipe: # # http://reductivelabs.com/trac/puppet/wiki/Recipes/DebianApache2Recipe # class apache( $sites = "/etc/apache2/sites", $mods = "/etc/apache2/mods", $conf_d = "/etc/apache2/conf.d", $macros = "/etc/apache2/conf.d/macros", $conf = "/etc/apache2/apache2.conf", $www_folder = "/var/www/data", $error_folder = "/var/www/error", $sites_folder = "/var/sites", $error_dest = "http://${domain}/missing.html", $default_folder = '/var/www/data', $server_name = $hostname, $https_proxy = 'no', $remote_addr = false, $http_port = '80', $https_port = '443', ) { include ssl package { "apache": name => "apache2-mpm-itk", ensure => installed, } package { "mod_macro": name => "libapache2-mod-macro", ensure => installed, } service { "apache2": alias => "apache", ensure => running, require => Package["apache"], hasstatus => true, hasrestart => true, } module { "macro": ensure => present, require => Package["mod_macro"], } module { "headers": ensure => present, require => Package["apache"], } module { "ssl": ensure => present, require => Package["apache"], } module { "rewrite": ensure => present, require => Package["apache"], } # apache mod_macro configuration file { "${macros}": ensure => present, content => template('apache/macros.erb'), owner => root, group => root, mode => 0644, require => Module["macro"], notify => Service["apache"], } # apache mod_macro configuration file { "${conf}": ensure => present, content => template('apache/apache2.conf.erb'), owner => root, group => root, mode => 0644, notify => Service["apache"], } # apache alias configuration file { "${mods}-available/alias.conf": ensure => present, content => template('apache/alias.conf.erb'), owner => root, group => root, mode => 0644, notify => Service["apache"], } # apache autoindex configuration file { "${mods}-available/autoindex.conf": ensure => present, content => template('apache/autoindex.conf.erb'), owner => root, group => root, mode => 0644, notify => Service["apache"], } # icons folder # http://larsjung.de/h5ai/ # http://recursive-design.com/blog/2008/12/29/styling-apache-directory-listings-with-mod_autoindex/ # http://code.ecchi.ca/apache-tango-icons/README.html file { "${www_folder}/icons": ensure => directory, recurse => true, purge => true, force => true, owner => "root", group => "root", # This mode will also apply to files from the source directory mode => 0644, # Puppet will automatically set +x for directories source => [ "puppet:///modules/site_apache/htdocs/$domain/icons", "puppet:///modules/apache/icons", ] } # default site configuration file { "${sites}-available/default": ensure => present, content => template('apache/default.erb'), owner => root, group => root, mode => 0644, notify => Service["apache"], } # https proxy configuration # see http://www.metaltoad.com/blog/running-drupal-secure-pages-behind-proxy file { "$conf_d/https-proxy": ensure => $https_proxy ? { '' => absent, default => present, }, content => $https_proxy ? { 'force' => "SetEnv HTTPS on\n", default => "SetEnvIf X-Forwarded-Proto https HTTPS=on\n", }, owner => root, group => root, mode => 0644, notify => Service["apache"], } # TODO: remove this in the future # remote addr rewrite # see http://stackoverflow.com/questions/2328225/how-to-set-remote-addr-in-apache-before-php-is-invoked file { "$conf_d/remote-addr": ensure => $remote_addr ? { false => absent, default => present, }, content => "RequestHeader set REMOTE_ADDR ${remote_addr}\n", owner => root, group => root, mode => 0644, notify => Service["apache"], } # Notify this when apache needs a reload. This is only needed when # sites are added or removed, since a full restart then would be # a waste of time. When the module-config changes, a force-reload is # needed. exec { "reload-apache2": command => "/etc/init.d/apache2 reload", refreshonly => true, } exec { "force-reload-apache2": command => "/etc/init.d/apache2 force-reload", refreshonly => true, } # Avoid this logrotate error: # /usr/sbin/apache2ctl: 87: ulimit: error setting limit (Operation not permitted) file { '/etc/logrotate.d/apache2': ensure => present, owner => root, group => root, mode => 0644, source => $::virtual ? { 'vserver' => 'puppet:///modules/apache/logrotate', default => undef, }, } }