mod 'elasticsearch/elasticsearch', '0.9.5'
mod 'nanliu/staging', '1.0.3'
+
+# OpenStack
+mod 'keystone',
+ :git => 'https://github.com/openstack/puppet-keystone',
+ :tag => '5.1.0'
+mod 'puppetlabs/apache', '1.5.0'
+mod 'openstacklib',
+ :git => 'https://github.com/openstack/puppet-openstacklib',
+ :tag => '5.1.0'
+mod 'cinder',
+ :git => 'https://github.com/openstack/puppet-cinder',
+ :tag => '5.1.0'
+mod 'glance',
+ :git => 'https://github.com/openstack/puppet-glance',
+ :tag => '5.1.0'
+mod 'neutron',
+ :git => 'https://github.com/openstack/puppet-neutron',
+ :tag => '5.1.0'
--- /dev/null
+##2015-06-11 - Supported Release 1.5.0
+### Summary
+This release primarily adds Suse compatibility. It also adds a handful of other
+parameters for greater configuration control.
+
+### Features
+- Add `apache::lib_path` parameter
+- Add `apache::service_restart` parameter
+- Add `apache::vhost::geoip_enable` parameter
+- Add `apache::mod::geoip` class
+- Add `apache::mod::remoteip` class
+- Add parameters to `apache::mod::expires` class
+- Add `index_style_sheet` handling to `apache::vhost::directories`
+- Add some compatibility for SLES 11
+- Add `apache::mod::ssl::ssl_sessioncachetimeout` parameter
+- Add `apache::mod::ssl::ssl_cryptodevice` parameter
+- Add `apache::mod::ssl::ssl_honorcipherorder` parameter
+- Add `apache::mod::userdir::options` parameter
+
+### Bugfixes
+- Document `apache::user` parameter
+- Document `apache::group` parameter
+- Fix apache::dev on FreeBSD
+- Fix proxy\_connect on apache >= 2.2
+- Validate log levels better
+- Fix `apache::apache_name` for package and vhost
+- Fix Debian Jessie mod\_prefork package name
+- Fix alias module being declared even when vhost is absent
+- Fix proxy\_pass\_match handling in vhost's proxy template
+- Fix userdir access permissions
+- Fix issue where the module was trying to use systemd on Amazon Linux.
+
+##2015-04-28 - Supported Release 1.4.1
+
+This release corrects a metadata issue that has been present since release 1.2.0. The refactoring of `apache::vhost` to use `puppetlabs-concat` requires a version of concat newer than the version required in PE. If you are using PE 3.3.0 or earlier you will need to use version 1.1.1 or earlier of the `puppetlabs-apache` module.
+
+##2015-03-17 - Supported Release 1.4.0
+###Summary
+
+This release fixes the issue where the docroot was still managed even if the default vhosts were disabled and has many other features and bugfixes including improved support for 'deny' and 'require' as arrays in the 'directories' parameter under `apache::vhost`
+
+####Features
+- New parameters to `apache`
+ - `default_charset`
+ - `default_type`
+- New parameters to `apache::vhost`
+ - `proxy_error_override`
+ - `passenger_app_env` (MODULES-1776)
+ - `proxy_dest_match`
+ - `proxy_dest_reverse_match`
+ - `proxy_pass_match`
+ - `no_proxy_uris_match`
+- New parameters to `apache::mod::passenger`
+ - `passenger_app_env`
+ - `passenger_min_instances`
+- New parameter to `apache::mod::alias`
+ - `icons_options`
+- New classes added under `apache::mod::*`
+ - `authn_file`
+ - `authz_default`
+ - `authz_user`
+- Added support for 'deny' as an array in 'directories' under `apache::vhost`
+- Added support for RewriteMap
+- Improved support for FreeBSD. (Note: If using apache < 2.4.12, see the discussion [here](https://github.com/puppetlabs/puppetlabs-apache/pull/1030))
+- Added check for deprecated options in directories and fail when they are unsupported
+- Added gentoo compatibility
+- Added proper array support for `require` in the `directories` parameter in `apache::vhost`
+- Added support for `setenv` inside proxy locations
+
+###Bugfixes
+- Fix issue in `apache::vhost` that was preventing the scriptalias fragment from being included (MODULES-1784)
+- Install required `mod_ldap` package for EL7 (MODULES-1779)
+- Change default value of `maxrequestworkers` in `apache::mod::event` to be a multiple of the default `ThreadsPerChild` of 25.
+- Use the correct `mod_prefork` package name for trusty and jessie
+- Don't manage docroot when default vhosts are disabled
+- Ensure resources notify `Class['Apache::Service']` instead of `Service['httpd']` (MODULES-1829)
+- Change the loadfile name for `mod_passenger` so `mod_proxy` will load by default before `mod_passenger`
+- Remove old Debian work-around that removed `passenger_extra.conf`
+
+##2015-02-17 - Supported Release 1.3.0
+###Summary
+
+This release has many new features and bugfixes, including the ability to optionally not trigger service restarts on config changes.
+
+####Features
+- New parameters - `apache`
+ - `service_manage`
+ - `use_optional_includes`
+- New parameters - `apache::service`
+ - `service_manage`
+- New parameters - `apache::vhost`
+ - `access_logs`
+ - `php_flags`
+ - `php_values`
+ - `modsec_disable_vhost`
+ - `modsec_disable_ids`
+ - `modsec_disable_ips`
+ - `modsec_body_limit`
+- Improved FreeBSD support
+- Add ability to omit priority prefix if `$priority` is set to false
+- Add `apache::security::rule_link` define
+- Improvements to `apache::mod::*`
+ - Add `apache::mod::auth_cas` class
+ - Add `threadlimit`, `listenbacklog`, `maxrequestworkers`, `maxconnectionsperchild` parameters to `apache::mod::event`
+ - Add `apache::mod::filter` class
+ - Add `root_group` to `apache::mod::php`
+ - Add `apache::mod::proxy_connect` class
+ - Add `apache::mod::security` class
+ - Add `ssl_pass_phrase_dialog` and `ssl_random_seed_bytes parameters to `apache::mod::ssl` (MODULES-1719)
+ - Add `status_path` parameter to `apache::mod::status`
+ - Add `apache_version` parameter to `apache::mod::version`
+ - Add `package_name` and `mod_path` parameters to `apache::mod::wsgi` (MODULES-1458)
+- Improved SCL support
+ - Add support for specifying the docroot
+- Updated `_directories.erb` to add support for SetEnv
+- Support multiple access log directives (MODULES-1382)
+- Add passenger support for Debian Jessie
+- Add support for not having puppet restart the apache service (MODULES-1559)
+
+####Bugfixes
+- For apache 2.4 `mod_itk` requires `mod_prefork` (MODULES-825)
+- Allow SSLCACertificatePath to be unset in `apache::vhost` (MODULES-1457)
+- Load fcgid after unixd on RHEL7
+- Allow disabling default vhost for Apache 2.4
+- Test fixes
+- `mod_version` is now built-in (MODULES-1446)
+- Sort LogFormats for idempotency
+- `allow_encoded_slashes` was omitted from `apache::vhost`
+- Fix documentation bug (MODULES-1403, MODULES-1510)
+- Sort `wsgi_script_aliases` for idempotency (MODULES-1384)
+- lint fixes
+- Fix automatic version detection for Debian Jessie
+- Fix error docs and icons path for RHEL7-based systems (MODULES-1554)
+- Sort php_* hashes for idempotency (MODULES-1680)
+- Ensure `mod::setenvif` is included if needed (MODULES-1696)
+- Fix indentation in `vhost/_directories.erb` template (MODULES-1688)
+- Create symlinks on all distros if `vhost_enable_dir` is specified
+
+##2014-09-30 - Supported Release 1.2.0
+###Summary
+
+This release features many improvements and bugfixes, including several new defines, a reworking of apache::vhost for more extensibility, and many new parameters for more customization. This release also includes improved support for strict variables and the future parser.
+
+####Features
+- Convert apache::vhost to use concat for easier extensions
+- Test improvements
+- Synchronize files with modulesync
+- Strict variable and future parser support
+- Added apache::custom_config defined type to allow validation of configs before they are created
+- Added bool2httpd function to convert true/false to apache 'On' and 'Off'. Intended for internal use in the module.
+- Improved SCL support
+ - allow overriding of the mod_ssl package name
+- Add support for reverse_urls/ProxyPassReverse in apache::vhost
+- Add satisfy directive in apache::vhost::directories
+- Add apache::fastcgi::server defined type
+- New parameters - apache
+ - allow_encoded_slashes
+ - apache_name
+ - conf_dir
+ - default_ssl_crl_check
+ - docroot
+ - logroot_mode
+ - purge_vhost_dir
+- New parameters - apache::vhost
+ - add_default_charset
+ - allow_encoded_slashes
+ - logroot_ensure
+ - logroot_mode
+ - manage_docroot
+ - passenger_app_root
+ - passenger_min_instances
+ - passenger_pre_start
+ - passenger_ruby
+ - passenger_start_timeout
+ - proxy_preserve_host
+ - redirectmatch_dest
+ - ssl_crl_check
+ - wsgi_chunked_request
+ - wsgi_pass_authorization
+- Add support for ScriptAlias and ScriptAliasMatch in the apache::vhost::aliases parameter
+- Add support for rewrites in the apache::vhost::directories parameter
+- If the service_ensure parameter in apache::service is set to anything other than true, false, running, or stopped, ensure will not be passed to the service resource, allowing for the service to not be managed by puppet
+- Turn of SSLv3 by default
+- Improvements to apache::mod*
+ - Add restrict_access parameter to apache::mod::info
+ - Add force_language_priority and language_priority parameters to apache::mod::negotiation
+ - Add threadlimit parameter to apache::mod::worker
+ - Add content, template, and source parameters to apache::mod::php
+ - Add mod_authz_svn support via the authz_svn_enabled parameter in apache::mod::dav_svn
+ - Add loadfile_name parameter to apache::mod
+ - Add apache::mod::deflate class
+ - Add options parameter to apache::mod::fcgid
+ - Add timeouts parameter to apache::mod::reqtimeout
+ - Add apache::mod::shib
+ - Add apache_version parameter to apache::mod::ldap
+ - Add magic_file parameter to apache::mod::mime_magic
+ - Add apache_version parameter to apache::mod::pagespeed
+ - Add passenger_default_ruby parameter to apache::mod::passenger
+ - Add content, template, and source parameters to apache::mod::php
+ - Add apache_version parameter to apache::mod::proxy
+ - Add loadfiles parameter to apache::mod::proxy_html
+ - Add ssl_protocol and package_name parameters to apache::mod::ssl
+ - Add apache_version parameter to apache::mod::status
+ - Add apache_version parameter to apache::mod::userdir
+ - Add apache::mod::version class
+
+####Bugfixes
+- Set osfamily defaults for wsgi_socket_prefix
+- Support multiple balancermembers with the same url
+- Validate apache::vhost::custom_fragment
+- Add support for itk with mod_php
+- Allow apache::vhost::ssl_certs_dir to not be set
+- Improved passenger support for Debian
+- Improved 2.4 support without mod_access_compat
+- Support for more than one 'Allow from'-directive in _directories.erb
+- Don't load systemd on Amazon linux based on CentOS6 with apache 2.4
+- Fix missing newline in ModPagespeed filter and memcached servers directive
+- Use interpolated strings instead of numbers where required by future parser
+- Make auth_require take precedence over default with apache 2.4
+- Lint fixes
+- Set default for php_admin_flags and php_admin_values to be empty hash instead of empty array
+- Correct typo in mod::pagespeed
+- spec_helper fixes
+- Install mod packages before dealing with the configuration
+- Use absolute scope to check class definition in apache::mod::php
+- Fix dependency loop in apache::vhost
+- Properly scope variables in the inline template in apache::balancer
+- Documentation clarification, typos, and formatting
+- Set apache::mod::ssl::ssl_mutex to default for debian on apache >= 2.4
+- Strict variables fixes
+- Add authn_core mode to Ubuntu trusty defaults
+- Keep default loadfile for authz_svn on Debian
+- Remove '.conf' from the site-include regexp for better Ubuntu/Debian support
+- Load unixd before fcgid for EL7
+- Fix RedirectMatch rules
+- Fix misleading error message in apache::version
+
+####Known Bugs
+* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`.
+* SLES is unsupported.
+
+##2014-07-15 - Supported Release 1.1.1
+###Summary
+
+This release merely updates metadata.json so the module can be uninstalled and
+upgraded via the puppet module command.
+
+## 2014-04-14 Supported Release 1.1.0
+
+###Summary
+
+This release primarily focuses on extending the httpd 2.4 support, tested
+through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger
+4 support, as well as several new modules and important bugfixes.
+
+####Features
+
+- Add support for RHEL7 and Ubuntu 14.04
+- More complete apache24 support
+- Passenger 4 support
+- Add support for max_keepalive_requests and log_formats parameters
+- Add mod_pagespeed support
+- Add mod_speling support
+- Added several parameters for mod_passenger
+- Added ssl_cipher parameter to apache::mod::ssl
+- Improved examples in documentation
+- Added docroot_mode, action, and suexec_user_group parameters to apache::vhost
+- Add support for custom extensions for mod_php
+- Improve proxy_html support for Debian
+
+####Bugfixes
+
+- Remove NameVirtualHost directive for apache >= 2.4
+- Order proxy_set option so it doesn't change between runs
+- Fix inverted SSL compression
+- Fix missing ensure on concat::fragment resources
+- Fix bad dependencies in apache::mod and apache::mod::mime
+
+####Known Bugs
+* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`.
+* SLES is unsupported.
+
+## 2014-03-04 Supported Release 1.0.1
+###Summary
+
+This is a supported release. This release removes a testing symlink that can
+cause trouble on systems where /var is on a seperate filesystem from the
+modulepath.
+
+####Features
+####Bugfixes
+####Known Bugs
+* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`.
+* SLES is unsupported.
+
+## 2014-03-04 Supported Release 1.0.0
+###Summary
+
+This is a supported release. This release introduces Apache 2.4 support for
+Debian and RHEL based osfamilies.
+
+####Features
+
+- Add apache24 support
+- Add rewrite_base functionality to rewrites
+- Updated README documentation
+- Add WSGIApplicationGroup and WSGIImportScript directives
+
+####Bugfixes
+
+- Replace mutating hashes with merge() for Puppet 3.5
+- Fix WSGI import_script and mod_ssl issues on Lucid
+
+####Known Bugs
+* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`.
+* SLES is unsupported.
+
+---
+
+## 2014-01-31 Release 0.11.0
+### Summary:
+
+This release adds preliminary support for Windows compatibility and multiple rewrite support.
+
+#### Backwards-incompatible Changes:
+
+- The rewrite_rule parameter is deprecated in favor of the new rewrite parameter
+ and will be removed in a future release.
+
+#### Features:
+
+- add Match directive
+- quote paths for windows compatibility
+- add auth_group_file option to README.md
+- allow AuthGroupFile directive for vhosts
+- Support Header directives in vhost context
+- Don't purge mods-available dir when separate enable dir is used
+- Fix the servername used in log file name
+- Added support for mod_include
+- Remove index parameters.
+- Support environment variable control for CustomLog
+- added redirectmatch support
+- Setting up the ability to do multiple rewrites and conditions.
+- Convert spec tests to beaker.
+- Support php_admin_(flag|value)s
+
+#### Bugfixes:
+
+- directories are either a Hash or an Array of Hashes
+- Configure Passenger in separate .conf file on RH so PassengerRoot isn't lost
+- (docs) Update list of `apache::mod::[name]` classes
+- (docs) Fix apache::namevirtualhost example call style
+- Fix $ports_file reference in apache::listen.
+- Fix $ports_file reference in Namevirtualhost.
+
+
+## 2013-12-05 Release 0.10.0
+### Summary:
+
+This release adds FreeBSD osfamily support and various other improvements to some mods.
+
+#### Features:
+
+- Add suPHP_UserGroup directive to directory context
+- Add support for ScriptAliasMatch directives
+- Set SSLOptions StdEnvVars in server context
+- No implicit <Directory> entry for ScriptAlias path
+- Add support for overriding ErrorDocument
+- Add support for AliasMatch directives
+- Disable default "allow from all" in vhost-directories
+- Add WSGIPythonPath as an optional parameter to mod_wsgi.
+- Add mod_rpaf support
+- Add directives: IndexOptions, IndexOrderDefault
+- Add ability to include additional external configurations in vhost
+- need to use the provider variable not the provider key value from the directory hash for matches
+- Support for FreeBSD and few other features
+- Add new params to apache::mod::mime class
+- Allow apache::mod to specify module id and path
+- added $server_root parameter
+- Add Allow and ExtendedStatus support to mod_status
+- Expand vhost/_directories.pp directive support
+- Add initial support for nss module (no directives in vhost template yet)
+- added peruser and event mpms
+- added $service_name parameter
+- add parameter for TraceEnable
+- Make LogLevel configurable for server and vhost
+- Add documentation about $ip
+- Add ability to pass ip (instead of wildcard) in default vhost files
+
+#### Bugfixes:
+
+- Don't listen on port or set NameVirtualHost for non-existent vhost
+- only apply Directory defaults when provider is a directory
+- Working mod_authnz_ldap support on Debian/Ubuntu
+
+## 2013-09-06 Release 0.9.0
+### Summary:
+This release adds more parameters to the base apache class and apache defined
+resource to make the module more flexible. It also adds or enhances SuPHP,
+WSGI, and Passenger mod support, and support for the ITK mpm module.
+
+#### Backwards-incompatible Changes:
+- Remove many default mods that are not normally needed.
+- Remove `rewrite_base` `apache::vhost` parameter; did not work anyway.
+- Specify dependencies on stdlib >=2.4.0 (this was already the case, but
+making explicit)
+- Deprecate `a2mod` in favor of the `apache::mod::*` classes and `apache::mod`
+defined resource.
+
+#### Features:
+- `apache` class
+ - Add `httpd_dir` parameter to change the location of the configuration
+ files.
+ - Add `logroot` parameter to change the logroot
+ - Add `ports_file` parameter to changes the `ports.conf` file location
+ - Add `keepalive` parameter to enable persistent connections
+ - Add `keepalive_timeout` parameter to change the timeout
+ - Update `default_mods` to be able to take an array of mods to enable.
+- `apache::vhost`
+ - Add `wsgi_daemon_process`, `wsgi_daemon_process_options`,
+ `wsgi_process_group`, and `wsgi_script_aliases` parameters for per-vhost
+ WSGI configuration.
+ - Add `access_log_syslog` parameter to enable syslogging.
+ - Add `error_log_syslog` parameter to enable syslogging of errors.
+ - Add `directories` hash parameter. Please see README for documentation.
+ - Add `sslproxyengine` parameter to enable SSLProxyEngine
+ - Add `suphp_addhandler`, `suphp_engine`, and `suphp_configpath` for
+ configuring SuPHP.
+ - Add `custom_fragment` parameter to allow for arbitrary apache
+ configuration injection. (Feature pull requests are prefered over using
+ this, but it is available in a pinch.)
+- Add `apache::mod::suphp` class for configuring SuPHP.
+- Add `apache::mod::itk` class for configuring ITK mpm module.
+- Update `apache::mod::wsgi` class for global WSGI configuration with
+`wsgi_socket_prefix` and `wsgi_python_home` parameters.
+- Add README.passenger.md to document the `apache::mod::passenger` usage.
+Added `passenger_high_performance`, `passenger_pool_idle_time`,
+`passenger_max_requests`, `passenger_stat_throttle_rate`, `rack_autodetect`,
+and `rails_autodetect` parameters.
+- Separate the httpd service resource into a new `apache::service` class for
+dependency chaining of `Class['apache'] -> <resource> ~>
+Class['apache::service']`
+- Added `apache::mod::proxy_balancer` class for `apache::balancer`
+
+#### Bugfixes:
+- Change dependency to puppetlabs-concat
+- Fix ruby 1.9 bug for `a2mod`
+- Change servername to be `$::hostname` if there is no `$::fqdn`
+- Make `/etc/ssl/certs` the default ssl certs directory for RedHat non-5.
+- Make `php` the default php package for RedHat non-5.
+- Made `aliases` able to take a single alias hash instead of requiring an
+array.
+
+## 2013-07-26 Release 0.8.1
+#### Bugfixes:
+- Update `apache::mpm_module` detection for worker/prefork
+- Update `apache::mod::cgi` and `apache::mod::cgid` detection for
+worker/prefork
+
+## 2013-07-16 Release 0.8.0
+#### Features:
+- Add `servername` parameter to `apache` class
+- Add `proxy_set` parameter to `apache::balancer` define
+
+#### Bugfixes:
+- Fix ordering for multiple `apache::balancer` clusters
+- Fix symlinking for sites-available on Debian-based OSs
+- Fix dependency ordering for recursive confdir management
+- Fix `apache::mod::*` to notify the service on config change
+- Documentation updates
+
+## 2013-07-09 Release 0.7.0
+#### Changes:
+- Essentially rewrite the module -- too many to list
+- `apache::vhost` has many abilities -- see README.md for details
+- `apache::mod::*` classes provide httpd mod-loading capabilities
+- `apache` base class is much more configurable
+
+#### Bugfixes:
+- Many. And many more to come
+
+## 2013-03-2 Release 0.6.0
+- update travis tests (add more supported versions)
+- add access log_parameter
+- make purging of vhost dir configurable
+
+## 2012-08-24 Release 0.4.0
+#### Changes:
+- `include apache` is now required when using `apache::mod::*`
+
+#### Bugfixes:
+- Fix syntax for validate_re
+- Fix formatting in vhost template
+- Fix spec tests such that they pass
+
+##2012-05-08 Puppet Labs <info@puppetlabs.com> - 0.0.4
+* e62e362 Fix broken tests for ssl, vhost, vhost::*
+* 42c6363 Changes to match style guide and pass puppet-lint without error
+* 42bc8ba changed name => path for file resources in order to name namevar by it's name
+* 72e13de One end too much
+* 0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc.
+* 273f94d fix tests
+* a35ede5 (#13860) Make a2enmod/a2dismo commands optional
+* 98d774e (#13860) Autorequire Package['httpd']
+* 05fcec5 (#13073) Add missing puppet spec tests
+* 541afda (#6899) Remove virtual a2mod definition
+* 976cb69 (#13072) Move mod python and wsgi package names to params
+* 323915a (#13060) Add .gitignore to repo
+* fdf40af (#13060) Remove pkg directory from source tree
+* fd90015 Add LICENSE file and update the ModuleFile
+* d3d0d23 Re-enable local php class
+* d7516c7 Make management of firewalls configurable for vhosts
+* 60f83ba Explicitly lookup scope of apache_name in templates.
+* f4d287f (#12581) Add explicit ordering for vdir directory
+* 88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall
+* a776a8b (#11071) Fix to work with latest firewall module
+* 2b79e8b (#11070) Add support for Scientific Linux
+* 405b3e9 Fix for a2mod
+* 57b9048 Commit apache::vhost::redirect Manifest
+* 8862d01 Commit apache::vhost::proxy Manifest
+* d5c1fd0 Commit apache::mod::wsgi Manifest
+* a825ac7 Commit apache::mod::python Manifest
+* b77062f Commit Templates
+* 9a51b4a Vhost File Declarations
+* 6cf7312 Defaults for Parameters
+* 6a5b11a Ensure installed
+* f672e46 a2mod fix
+* 8a56ee9 add pthon support to apache
--- /dev/null
+Checklist (and a short version for the impatient)
+=================================================
+
+ * Commits:
+
+ - Make commits of logical units.
+
+ - Check for unnecessary whitespace with "git diff --check" before
+ committing.
+
+ - Commit using Unix line endings (check the settings around "crlf" in
+ git-config(1)).
+
+ - Do not check in commented out code or unneeded files.
+
+ - The first line of the commit message should be a short
+ description (50 characters is the soft limit, excluding ticket
+ number(s)), and should skip the full stop.
+
+ - Associate the issue in the message. The first line should include
+ the issue number in the form "(#XXXX) Rest of message".
+
+ - The body should provide a meaningful commit message, which:
+
+ - uses the imperative, present tense: "change", not "changed" or
+ "changes".
+
+ - includes motivation for the change, and contrasts its
+ implementation with the previous behavior.
+
+ - Make sure that you have tests for the bug you are fixing, or
+ feature you are adding.
+
+ - Make sure the test suites passes after your commit:
+ `bundle exec rspec spec/acceptance` More information on [testing](#Testing) below
+
+ - When introducing a new feature, make sure it is properly
+ documented in the README.md
+
+ * Submission:
+
+ * Pre-requisites:
+
+ - Make sure you have a [GitHub account](https://github.com/join)
+
+ - [Create a ticket](https://tickets.puppetlabs.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppetlabs.com/browse/) you are patching for.
+
+ * Preferred method:
+
+ - Fork the repository on GitHub.
+
+ - Push your changes to a topic branch in your fork of the
+ repository. (the format ticket/1234-short_description_of_change is
+ usually preferred for this project).
+
+ - Submit a pull request to the repository in the puppetlabs
+ organization.
+
+The long version
+================
+
+ 1. Make separate commits for logically separate changes.
+
+ Please break your commits down into logically consistent units
+ which include new or changed tests relevant to the rest of the
+ change. The goal of doing this is to make the diff easier to
+ read for whoever is reviewing your code. In general, the easier
+ your diff is to read, the more likely someone will be happy to
+ review it and get it into the code base.
+
+ If you are going to refactor a piece of code, please do so as a
+ separate commit from your feature or bug fix changes.
+
+ We also really appreciate changes that include tests to make
+ sure the bug is not re-introduced, and that the feature is not
+ accidentally broken.
+
+ Describe the technical detail of the change(s). If your
+ description starts to get too long, that is a good sign that you
+ probably need to split up your commit into more finely grained
+ pieces.
+
+ Commits which plainly describe the things which help
+ reviewers check the patch and future developers understand the
+ code are much more likely to be merged in with a minimum of
+ bike-shedding or requested changes. Ideally, the commit message
+ would include information, and be in a form suitable for
+ inclusion in the release notes for the version of Puppet that
+ includes them.
+
+ Please also check that you are not introducing any trailing
+ whitespace or other "whitespace errors". You can do this by
+ running "git diff --check" on your changes before you commit.
+
+ 2. Sending your patches
+
+ To submit your changes via a GitHub pull request, we _highly_
+ recommend that you have them on a topic branch, instead of
+ directly on "master".
+ It makes things much easier to keep track of, especially if
+ you decide to work on another thing before your first change
+ is merged in.
+
+ GitHub has some pretty good
+ [general documentation](http://help.github.com/) on using
+ their site. They also have documentation on
+ [creating pull requests](http://help.github.com/send-pull-requests/).
+
+ In general, after pushing your topic branch up to your
+ repository on GitHub, you can switch to the branch in the
+ GitHub UI and click "Pull Request" towards the top of the page
+ in order to open a pull request.
+
+
+ 3. Update the related GitHub issue.
+
+ If there is a GitHub issue associated with the change you
+ submitted, then you should update the ticket to include the
+ location of your branch, along with any other commentary you
+ may wish to make.
+
+Testing
+=======
+
+Getting Started
+---------------
+
+Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby
+package manager such as [bundler](http://bundler.io/) what Ruby packages,
+or Gems, are required to build, develop, and test this software.
+
+Please make sure you have [bundler installed](http://bundler.io/#getting-started)
+on your system, then use it to install all dependencies needed for this project,
+by running
+
+```shell
+% bundle install
+Fetching gem metadata from https://rubygems.org/........
+Fetching gem metadata from https://rubygems.org/..
+Using rake (10.1.0)
+Using builder (3.2.2)
+-- 8><-- many more --><8 --
+Using rspec-system-puppet (2.2.0)
+Using serverspec (0.6.3)
+Using rspec-system-serverspec (1.0.0)
+Using bundler (1.3.5)
+Your bundle is complete!
+Use `bundle show [gemname]` to see where a bundled gem is installed.
+```
+
+NOTE some systems may require you to run this command with sudo.
+
+If you already have those gems installed, make sure they are up-to-date:
+
+```shell
+% bundle update
+```
+
+With all dependencies in place and up-to-date we can now run the tests:
+
+```shell
+% rake spec
+```
+
+This will execute all the [rspec tests](http://rspec-puppet.com/) tests
+under [spec/defines](./spec/defines), [spec/classes](./spec/classes),
+and so on. rspec tests may have the same kind of dependencies as the
+module they are testing. While the module defines in its [Modulefile](./Modulefile),
+rspec tests define them in [.fixtures.yml](./fixtures.yml).
+
+Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker)
+tests. These tests spin up a virtual machine under
+[VirtualBox](https://www.virtualbox.org/)) with, controlling it with
+[Vagrant](http://www.vagrantup.com/) to actually simulate scripted test
+scenarios. In order to run these, you will need both of those tools
+installed on your system.
+
+You can run them by issuing the following command
+
+```shell
+% rake spec_clean
+% rspec spec/acceptance
+```
+
+This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml),
+install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb)
+and then run all the tests under [spec/acceptance](./spec/acceptance).
+
+Writing Tests
+-------------
+
+XXX getting started writing tests.
+
+If you have commit access to the repository
+===========================================
+
+Even if you have commit access to the repository, you will still need to
+go through the process above, and have someone else review and merge
+in your changes. The rule is that all changes must be reviewed by a
+developer on the project (that did not write the code) to ensure that
+all changes go through a code review process.
+
+Having someone other than the author of the topic branch recorded as
+performing the merge is the record that they performed the code
+review.
+
+
+Additional Resources
+====================
+
+* [Getting additional help](http://puppetlabs.com/community/get-help)
+
+* [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests)
+
+* [Patchwork](https://patchwork.puppetlabs.com)
+
+* [General GitHub documentation](http://help.github.com/)
+
+* [GitHub pull request documentation](http://help.github.com/send-pull-requests/)
+
--- /dev/null
+source ENV['GEM_SOURCE'] || "https://rubygems.org"
+
+def location_for(place, fake_version = nil)
+ if place =~ /^(git:[^#]*)#(.*)/
+ [fake_version, { :git => $1, :branch => $2, :require => false }].compact
+ elsif place =~ /^file:\/\/(.*)/
+ ['>= 0', { :path => File.expand_path($1), :require => false }]
+ else
+ [place, { :require => false }]
+ end
+end
+
+group :development, :unit_tests do
+ gem 'rspec-core', '3.1.7', :require => false
+ gem 'puppetlabs_spec_helper', :require => false
+ gem 'simplecov', :require => false
+ gem 'puppet_facts', :require => false
+ gem 'json', :require => false
+end
+
+group :system_tests do
+ if beaker_version = ENV['BEAKER_VERSION']
+ gem 'beaker', *location_for(beaker_version)
+ end
+ if beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION']
+ gem 'beaker-rspec', *location_for(beaker_rspec_version)
+ else
+ gem 'beaker-rspec', :require => false
+ end
+ gem 'serverspec', :require => false
+end
+
+
+
+if facterversion = ENV['FACTER_GEM_VERSION']
+ gem 'facter', facterversion, :require => false
+else
+ gem 'facter', :require => false
+end
+
+if puppetversion = ENV['PUPPET_GEM_VERSION']
+ gem 'puppet', puppetversion, :require => false
+else
+ gem 'puppet', :require => false
+end
+
+# vim:ft=ruby
--- /dev/null
+Copyright (C) 2012 Puppet Labs Inc
+
+Puppet Labs can be contacted at: info@puppetlabs.com
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
--- /dev/null
+#apache
+
+####Table of Contents
+
+1. [Overview - What is the apache module?](#overview)
+2. [Module Description - What does the module do?](#module-description)
+3. [Setup - The basics of getting started with apache](#setup)
+ * [Beginning with apache - Installation](#beginning-with-apache)
+ * [Configure a virtual host - Basic options for getting started](#configure-a-virtual-host)
+4. [Usage - The classes and defined types available for configuration](#usage)
+ * [Classes and Defined Types](#classes-and-defined-types)
+ * [Class: apache](#class-apache)
+ * [Defined Type: apache::custom_config](#defined-type-apachecustom_config)
+ * [Class: apache::default_mods](#class-apachedefault_mods)
+ * [Defined Type: apache::mod](#defined-type-apachemod)
+ * [Classes: apache::mod::*](#classes-apachemodname)
+ * [Class: apache::mod::alias](#class-apachemodalias)
+ * [Class: apache::mod::event](#class-apachemodevent)
+ * [Class: apache::mod::geoip](#class-apachemodgeoip)
+ * [Class: apache::mod::info](#class-apachemodinfo)
+ * [Class: apache::mod::pagespeed](#class-apachemodpagespeed)
+ * [Class: apache::mod::php](#class-apachemodphp)
+ * [Class: apache::mod::ssl](#class-apachemodssl)
+ * [Class: apache::mod::status](#class-apachemodstatus)
+ * [Class: apache::mod::expires](#class-apachemodexpires)
+ * [Class: apache::mod::wsgi](#class-apachemodwsgi)
+ * [Class: apache::mod::fcgid](#class-apachemodfcgid)
+ * [Class: apache::mod::negotiation](#class-apachemodnegotiation)
+ * [Class: apache::mod::deflate](#class-apachemoddeflate)
+ * [Class: apache::mod::reqtimeout](#class-apachemodreqtimeout)
+ * [Class: apache::mod::security](#class-modsecurity)
+ * [Class: apache::mod::version](#class-apachemodversion)
+ * [Defined Type: apache::vhost](#defined-type-apachevhost)
+ * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost)
+ * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost)
+ * [Defined Type: apache::fastcgi::server](#defined-type-fastcgi-server)
+ * [Virtual Host Examples - Demonstrations of some configuration options](#virtual-host-examples)
+ * [Load Balancing](#load-balancing)
+ * [Defined Type: apache::balancer](#defined-type-apachebalancer)
+ * [Defined Type: apache::balancermember](#defined-type-apachebalancermember)
+ * [Examples - Load balancing with exported and non-exported resources](#examples)
+5. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
+ * [Classes](#classes)
+ * [Public Classes](#public-classes)
+ * [Private Classes](#private-classes)
+ * [Defined Types](#defined-types)
+ * [Public Defined Types](#public-defined-types)
+ * [Private Defined Types](#private-defined-types)
+ * [Templates](#templates)
+6. [Limitations - OS compatibility, etc.](#limitations)
+7. [Development - Guide for contributing to the module](#development)
+ * [Contributing to the apache module](#contributing)
+ * [Running tests - A quick guide](#running-tests)
+
+##Overview
+
+The apache module allows you to set up virtual hosts and manage web services with minimal effort.
+
+##Module Description
+
+Apache is a widely-used web server, and this module provides a simplified way of creating configurations to manage your infrastructure. This includes the ability to configure and manage a range of different virtual host setups, as well as a streamlined way to install and configure Apache modules.
+
+##Setup
+
+**What apache affects:**
+
+* configuration files and directories (created and written to)
+ * **WARNING**: Configurations that are *not* managed by Puppet will be purged.
+* package/service/configuration files for Apache
+* Apache modules
+* virtual hosts
+* listened-to ports
+* `/etc/make.conf` on FreeBSD and Gentoo
+* depends on module 'gentoo/puppet-portage' for Gentoo
+
+###Beginning with Apache
+
+To install Apache with the default parameters
+
+```puppet
+ class { 'apache': }
+```
+
+The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, and RedHat systems have another, as do FreeBSD and Gentoo systems). These defaults work well in a testing environment, but are not suggested for production. To establish customized parameters
+
+```puppet
+ class { 'apache':
+ default_mods => false,
+ default_confd_files => false,
+ }
+```
+
+###Configure a virtual host
+
+Declaring the `apache` class creates a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving `$apache::docroot`.
+
+```puppet
+ class { 'apache': }
+```
+
+To configure a very basic, name-based virtual host
+
+```puppet
+ apache::vhost { 'first.example.com':
+ port => '80',
+ docroot => '/var/www/first',
+ }
+```
+
+*Note:* The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost is used. This is also true if you pass a higher priority and no names match anything else.
+
+A slightly more complicated example, changes the docroot owner/group from the default 'root'
+
+```puppet
+ apache::vhost { 'second.example.com':
+ port => '80',
+ docroot => '/var/www/second',
+ docroot_owner => 'third',
+ docroot_group => 'third',
+ }
+```
+
+To set up a virtual host with SSL and default SSL certificates
+
+```puppet
+ apache::vhost { 'ssl.example.com':
+ port => '443',
+ docroot => '/var/www/ssl',
+ ssl => true,
+ }
+```
+
+To set up a virtual host with SSL and specific SSL certificates
+
+```puppet
+ apache::vhost { 'fourth.example.com':
+ port => '443',
+ docroot => '/var/www/fourth',
+ ssl => true,
+ ssl_cert => '/etc/ssl/fourth.example.com.cert',
+ ssl_key => '/etc/ssl/fourth.example.com.key',
+ }
+```
+
+Virtual hosts listen on '*' by default. To listen on a specific IP address
+
+```puppet
+ apache::vhost { 'subdomain.example.com':
+ ip => '127.0.0.1',
+ port => '80',
+ docroot => '/var/www/subdomain',
+ }
+```
+
+To set up a virtual host with a wildcard alias for the subdomain mapped to a same-named directory, for example: `http://example.com.loc` to `/var/www/example.com`
+
+```puppet
+ apache::vhost { 'subdomain.loc':
+ vhost_name => '*',
+ port => '80',
+ virtual_docroot => '/var/www/%-2+',
+ docroot => '/var/www',
+ serveraliases => ['*.loc',],
+ }
+```
+
+To set up a virtual host with suPHP
+
+```puppet
+ apache::vhost { 'suphp.example.com':
+ port => '80',
+ docroot => '/home/appuser/myphpapp',
+ suphp_addhandler => 'x-httpd-php',
+ suphp_engine => 'on',
+ suphp_configpath => '/etc/php5/apache2',
+ directories => { path => '/home/appuser/myphpapp',
+ 'suphp' => { user => 'myappuser', group => 'myappgroup' },
+ }
+ }
+```
+
+To set up a virtual host with WSGI
+
+```puppet
+ apache::vhost { 'wsgi.example.com':
+ port => '80',
+ docroot => '/var/www/pythonapp',
+ wsgi_application_group => '%{GLOBAL}',
+ wsgi_daemon_process => 'wsgi',
+ wsgi_daemon_process_options => {
+ processes => '2',
+ threads => '15',
+ display-name => '%{GROUP}',
+ },
+ wsgi_import_script => '/var/www/demo.wsgi',
+ wsgi_import_script_options =>
+ { process-group => 'wsgi', application-group => '%{GLOBAL}' },
+ wsgi_process_group => 'wsgi',
+ wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },
+ }
+```
+
+Starting in Apache 2.2.16, HTTPD supports [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource), a simple replacement for common RewriteRules.
+
+```puppet
+ apache::vhost { 'wordpress.example.com':
+ port => '80',
+ docroot => '/var/www/wordpress',
+ fallbackresource => '/index.php',
+ }
+```
+
+Please note that the 'disabled' argument to FallbackResource is only supported since Apache 2.2.24.
+
+See a list of all [virtual host parameters](#defined-type-apachevhost). See an extensive list of [virtual host examples](#virtual-host-examples).
+
+##Usage
+
+###Classes and Defined Types
+
+This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-Puppet configuration files can cause unexpected failures.
+
+It is possible to temporarily disable full Puppet management by setting the [`purge_configs`](#purge_configs) parameter within the base `apache` class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations. See the [`purge_configs` parameter](#purge_configs) for more information.
+
+####Class: `apache`
+
+The apache module's primary class, `apache`, guides the basic setup of Apache on your system.
+
+You can establish a default vhost in this class, the `vhost` class, or both. You can add additional vhost configurations for specific virtual hosts using a declaration of the `vhost` type.
+
+**Parameters within `apache`:**
+
+#####`allow_encoded_slashes`
+
+This sets the server default for the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) which modifies the responses to URLs with `\` and `/` characters. The default is undefined, which omits the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`.
+
+#####`apache_version`
+
+Configures the behavior of the module templates, package names, and default mods by setting the Apache version. Default is determined by the class `apache::version` using the OS family and release. It should not be configured manually without special reason.
+
+#####`conf_dir`
+
+Changes the location of the configuration directory the main configuration file is placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2' on Gentoo.
+
+#####`confd_dir`
+
+Changes the location of the configuration directory your custom configuration files are placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2/conf.d' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2/conf.d' on Gentoo.
+
+#####`conf_template`
+
+Overrides the template used for the main apache configuration file. Defaults to 'apache/httpd.conf.erb'.
+
+*Note:* Using this parameter is potentially risky, as the module has been built for a minimal configuration file with the configuration primarily coming from conf.d/ entries.
+
+#####`default_charset`
+
+If defined, the value will be set as `AddDefaultCharset` in the main configuration file. It is undefined by default.
+
+#####`default_confd_files`
+
+Generates default set of include-able Apache configuration files under `${apache::confd_dir}` directory. These configuration files correspond to what is usually installed with the Apache package on a given platform.
+
+#####`default_mods`
+
+Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names.
+
+Defaults to 'true', which includes the default [HTTPD mods](https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp).
+
+If false, it only includes the mods required to make HTTPD work, and any other mods can be declared on their own.
+
+If an array, the apache module includes the array of mods listed.
+
+#####`default_ssl_ca`
+
+The default certificate authority, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production.
+
+#####`default_ssl_cert`
+
+The default SSL certification, which is automatically set based on your operating system ('/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, '/usr/local/etc/apache22/server.crt' for FreeBSD, and '/etc/ssl/apache2/server.crt' for Gentoo). This default works out of the box but must be updated with your specific certificate information before being used in production.
+
+#####`default_ssl_chain`
+
+The default SSL chain, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production.
+
+#####`default_ssl_crl`
+
+The default certificate revocation list to use, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production.
+
+#####`default_ssl_crl_path`
+
+The default certificate revocation list path, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production.
+
+#####`default_ssl_crl_check`
+
+Sets the default certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), which is automatically set to 'undef'. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher, the value is ignored on older versions.
+
+#####`default_ssl_key`
+
+The default SSL key, which is automatically set based on your operating system ('/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, '/usr/local/etc/apache22/server.key' for FreeBSD, and '/etc/ssl/apache2/server.key' for Gentoo). This default works out of the box but must be updated with your specific certificate information before being used in production.
+
+#####`default_ssl_vhost`
+
+Sets up a default SSL virtual host. Defaults to 'false'. If set to 'true', sets up the following vhost:
+
+```puppet
+ apache::vhost { 'default-ssl':
+ port => 443,
+ ssl => true,
+ docroot => $docroot,
+ scriptalias => $scriptalias,
+ serveradmin => $serveradmin,
+ access_log_file => "ssl_${access_log_file}",
+ }
+```
+
+SSL vhosts only respond to HTTPS queries.
+
+#####`default_type`
+
+(Apache httpd 2.2 only) MIME content-type that will be sent if the server cannot determine a type in any other way. This directive has been deprecated in Apache httpd 2.4, and only exists there for backwards compatibility of configuration files.
+
+#####`default_vhost`
+
+Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [customized virtual hosts](#configure-a-virtual-host).
+
+#####`docroot`
+
+Changes the location of the default [Documentroot](https://httpd.apache.org/docs/current/mod/core.html#documentroot). Defaults to '/var/www/html' on RedHat, '/var/www' on Debian, '/usr/local/www/apache22/data' on FreeBSD, and '/var/www/localhost/htdocs' on Gentoo.
+
+#####`error_documents`
+
+Enables custom error documents. Defaults to 'false'.
+
+#####`group`
+
+Changes the group that Apache will answer requests as. The parent process will continue to be run as root, but resource accesses by child processes will be done under this group. By default, puppet will attempt to manage this group as a resource under `::apache`. If this is not what you want, set [`manage_group`](#manage_group) to 'false'. Defaults to the OS-specific default user for apache, as detected in `::apache::params`.
+
+#####`httpd_dir`
+
+Changes the base location of the configuration directories used for the apache service. This is useful for specially repackaged HTTPD builds, but might have unintended consequences when used in combination with the default distribution packages. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2' on Gentoo.
+
+#####`keepalive`
+
+Enables persistent connections.
+
+#####`keepalive_timeout`
+
+Sets the amount of time the server waits for subsequent requests on a persistent connection. Defaults to '15'.
+
+#####`max_keepalive_requests`
+
+Sets the limit of the number of requests allowed per connection when KeepAlive is on. Defaults to '100'.
+
+#####`lib_path`
+
+Specifies the location where apache module files are stored. It should not be configured manually without special reason.
+
+#####`loadfile_name`
+
+Sets the file name for the module loadfile. Should be in the format \*.load. This can be used to set the module load order.
+
+#####`log_level`
+
+Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info', or 'debug'.
+
+#####`log_formats`
+
+Define additional [LogFormats](https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat). This is done in a Hash:
+
+```puppet
+ $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' }
+```
+
+There are a number of predefined LogFormats in the httpd.conf that Puppet writes out:
+
+```httpd
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+```
+
+If your `$log_formats` contains one of those, they will be overwritten with **your** definition.
+
+#####`logroot`
+
+Changes the directory where Apache log files for the virtual host are placed. Defaults to '/var/log/httpd' on RedHat, '/var/log/apache2' on Debian, '/var/log/apache22' on FreeBSD, and '/var/log/apache2' on Gentoo.
+
+#####`logroot_mode`
+
+Overrides the mode the default logroot directory is set to ($::apache::logroot). Defaults to undef. Do NOT give people write access to the directory the logs are stored
+in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details.
+
+#####`manage_group`
+
+Setting this to 'false' stops the group resource from being created. This is for when you have a group, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established group would result in a duplicate resource error.
+
+#####`manage_user`
+
+Setting this to 'false' stops the user resource from being created. This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error.
+
+#####`mod_dir`
+
+Changes the location of the configuration directory your Apache modules configuration files are placed in. Defaults to '/etc/httpd/conf.d' for RedHat, '/etc/apache2/mods-available' for Debian, '/usr/local/etc/apache22/Modules' for FreeBSD, and '/etc/apache2/modules.d' on Gentoo.
+
+#####`mpm_module`
+
+Determines which MPM is loaded and configured for the HTTPD process. Valid values are 'event', 'itk', 'peruser', 'prefork', 'worker', or 'false'. Defaults to 'prefork' on RedHat, FreeBSD and Gentoo, and 'worker' on Debian. Must be set to 'false' to explicitly declare the following classes with custom parameters:
+
+* `apache::mod::event`
+* `apache::mod::itk`
+* `apache::mod::peruser`
+* `apache::mod::prefork`
+* `apache::mod::worker`
+
+*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache.
+
+#####`package_ensure`
+
+Allows control over the package ensure attribute. Can be 'present','absent', or a version string.
+
+#####`ports_file`
+
+Changes the name of the file containing Apache ports configuration. Default is `${conf_dir}/ports.conf`.
+
+#####`purge_configs`
+
+Removes all other Apache configs and vhosts, defaults to 'true'. Setting this to 'false' is a stopgap measure to allow the apache module to coexist with existing or otherwise-managed configuration. It is recommended that you move your configuration entirely to resources within this module.
+
+#####`purge_vhost_configs`
+
+If `vhost_dir` != `confd_dir`, this controls the removal of any configurations that are not managed by Puppet within `vhost_dir`. It defaults to the value of `purge_configs`. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`
+
+#####`sendfile`
+
+Makes Apache use the Linux kernel sendfile to serve static files. Defaults to 'On'.
+
+#####`serveradmin`
+
+Sets the server administrator. Defaults to 'root@localhost'.
+
+#####`servername`
+
+Sets the server name. Defaults to `fqdn` provided by Facter.
+
+#####`server_root`
+
+Sets the root directory in which the server resides. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, '/usr/local' on FreeBSD, and '/var/www' on Gentoo.
+
+#####`server_signature`
+
+Configures a trailing footer line under server-generated documents. More information about [ServerSignature](http://httpd.apache.org/docs/current/mod/core.html#serversignature). Defaults to 'On'.
+
+#####`server_tokens`
+
+Controls how much information Apache sends to the browser about itself and the operating system. More information about [ServerTokens](http://httpd.apache.org/docs/current/mod/core.html#servertokens). Defaults to 'OS'.
+
+#####`service_enable`
+
+Determines whether the HTTPD service is enabled when the machine is booted. Defaults to 'true'.
+
+#####`service_ensure`
+
+Determines whether the service should be running. Valid values are 'true', 'false', 'running', or 'stopped' when Puppet should manage the service. Any other value sets ensure to 'false' for the Apache service, which is useful when you want to let the service be managed by some other application like Pacemaker. Defaults to 'running'.
+
+#####`service_name`
+
+Name of the Apache service to run. Defaults to: 'httpd' on RedHat, 'apache2' on Debian and Gentoo, and 'apache22' on FreeBSD.
+
+#####`service_manage`
+
+Determines whether the HTTPD service state is managed by Puppet . Defaults to 'true'.
+
+#####`service_restart`
+
+Determines whether the HTTPD service restart command should be anything other than the default managed by Puppet. Defaults to undef.
+
+
+#####`trace_enable`
+
+Controls how TRACE requests per RFC 2616 are handled. More information about [TraceEnable](http://httpd.apache.org/docs/current/mod/core.html#traceenable). Defaults to 'On'.
+
+#####`vhost_dir`
+
+Changes the location of the configuration directory your virtual host configuration files are placed in. Defaults to 'etc/httpd/conf.d' on RedHat, '/etc/apache2/sites-available' on Debian, '/usr/local/etc/apache22/Vhosts' on FreeBSD, and '/etc/apache2/vhosts.d' on Gentoo.
+
+#####`user`
+
+Changes the user that Apache will answer requests as. The parent process will continue to be run as root, but resource accesses by child processes will be done under this user. By default, puppet will attept to manage this user as a resource under `::apache`. If this is not what you want, set [`manage_user`](#manage_user) to 'false'. Defaults to the OS-specific default user for apache, as detected in `::apache::params`.
+
+#####`apache_name`
+
+The name of the Apache package to install. This is automatically detected in `::apache::params`. You might need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections.
+
+####Defined Type: `apache::custom_config`
+
+Allows you to create custom configs for Apache. The configuration files are only added to the Apache confd dir if the file is valid. An error is raised during the Puppet run if the file is invalid and `$verify_config` is `true`.
+
+```puppet
+ apache::custom_config { 'test':
+ content => '# Test',
+ }
+```
+
+**Parameters within `apache::custom_config`:**
+
+#####`ensure`
+
+Specify whether the configuration file is present or absent. Defaults to 'present'. Valid values are 'present' and 'absent'.
+
+#####`confdir`
+
+The directory to place the configuration file in. Defaults to `$::apache::confd_dir`.
+
+#####`content`
+
+The content of the configuration file. Only one of `$content` and `$source` can be specified.
+
+#####`priority`
+
+The priority of the configuration file, used for ordering. Defaults to '25'.
+
+Pass priority `false` to omit the priority prefix in file names.
+
+#####`source`
+
+The source of the configuration file. Only one of `$content` and `$source` can be specified.
+
+#####`verify_command`
+
+The command to use to verify the configuration file. It should use a fully qualified command. Defaults to '/usr/sbin/apachectl -t'. The `$verify_command` is only used if `$verify_config` is `true`. If the `$verify_command` fails, the configuration file is deleted, the Apache service is not notified, and an error is raised during the Puppet run.
+
+#####`verify_config`
+
+Boolean to specify whether the configuration file should be validated before the Apache service is notified. Defaults to `true`.
+
+####Class: `apache::default_mods`
+
+Installs default Apache modules based on what OS you are running.
+
+```puppet
+ class { 'apache::default_mods': }
+```
+
+####Defined Type: `apache::mod`
+
+Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. The `apache::mod` defined type also installs the required packages to enable the module, if any.
+
+```puppet
+ apache::mod { 'rewrite': }
+ apache::mod { 'ldap': }
+```
+
+####Classes: `apache::mod::[name]`
+
+There are many `apache::mod::[name]` classes within this module that can be declared using `include`:
+
+* `actions`
+* `alias`(see [`apache::mod::alias`](#class-apachemodalias) below)
+* `auth_basic`
+* `auth_cas`* (see [`apache::mod::auth_cas`](#class-apachemodauthcas) below)
+* `auth_kerb`
+* `authn_core`
+* `authn_file`
+* `authnz_ldap`*
+* `authz_default`
+* `authz_user`
+* `autoindex`
+* `cache`
+* `cgi`
+* `cgid`
+* `dav`
+* `dav_fs`
+* `dav_svn`*
+* `deflate`
+* `dev`
+* `dir`*
+* `disk_cache`
+* `event`(see [`apache::mod::event`](#class-apachemodevent) below)
+* `expires`
+* `fastcgi`
+* `fcgid`
+* `filter`
+* `headers`
+* `include`
+* `info`*
+* `itk`
+* `ldap`
+* `mime`
+* `mime_magic`*
+* `negotiation`
+* `nss`*
+* `pagespeed` (see [`apache::mod::pagespeed`](#class-apachemodpagespeed) below)
+* `passenger`*
+* `perl`
+* `peruser`
+* `php` (requires [`mpm_module`](#mpm_module) set to `prefork`)
+* `prefork`*
+* `proxy`*
+* `proxy_ajp`
+* `proxy_balancer`
+* `proxy_html`
+* `proxy_http`
+* `python`
+* `reqtimeout`
+* `remoteip`*
+* `rewrite`
+* `rpaf`*
+* `setenvif`
+* `security`
+* `shib`* (see [`apache::mod::shib`](#class-apachemodshib) below)
+* `speling`
+* `ssl`* (see [`apache::mod::ssl`](#class-apachemodssl) below)
+* `status`* (see [`apache::mod::status`](#class-apachemodstatus) below)
+* `suphp`
+* `userdir`*
+* `vhost_alias`
+* `worker`*
+* `wsgi` (see [`apache::mod::wsgi`](#class-apachemodwsgi) below)
+* `xsendfile`
+
+Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters do not require any configuration or attention.
+
+The modules mentioned above, and other Apache modules that have templates, cause template files to be dropped along with the mod install. The module will not work without the template. Any module without a template installs the package but drops no files.
+
+###Class: `apache::mod::alias`
+
+Installs and manages the alias module.
+
+Full Documentation for alias is available from [Apache](https://httpd.apache.org/docs/current/mod/mod_alias.html).
+
+To disable directory listing for the icons directory:
+```puppet
+ class { 'apache::mod::alias':
+ icons_options => 'None',
+ }
+```
+
+####Class: `apache::mod::event`
+
+Installs and manages mpm_event module.
+
+Full Documentation for mpm_event is available from [Apache](https://httpd.apache.org/docs/current/mod/event.html).
+
+To configure the event thread limit:
+
+```puppet
+ class {'apache::mod::event':
+ $threadlimit => '128',
+ }
+```
+
+####Class: `apache::mod::auth_cas`
+
+Installs and manages mod_auth_cas. The parameters `cas_login_url` and `cas_validate_url` are required.
+
+Full documentation on mod_auth_cas is available from [JASIG](https://github.com/Jasig/mod_auth_cas).
+
+####Class: `apache::mod::geoip`
+
+Installs and manages mod_geoip.
+
+Full documentation on mod_geoip is available from [MaxMind](http://dev.maxmind.com/geoip/legacy/mod_geoip2/).
+
+These are the default settings:
+
+```puppet
+ class {'apache::mod::geoip':
+ $enable => false,
+ $db_file => '/usr/share/GeoIP/GeoIP.dat',
+ $flag => 'Standard',
+ $output => 'All',
+ }
+```
+
+The parameter `db_file` can be a single directory or a hash of directories.
+
+####Class: `apache::mod::info`
+
+Installs and manages mod_info which provides a comprehensive overview of the server configuration.
+
+Full documentation for mod_info is available from [Apache](https://httpd.apache.org/docs/current/mod/mod_info.html).
+
+These are the default settings:
+
+```puppet
+ $allow_from = ['127.0.0.1','::1'],
+ $apache_version = $::apache::apache_version,
+ $restrict_access = true,
+```
+
+To set the addresses that are allowed to access /server-info add the following:
+
+```puppet
+ class {'apache::mod::info':
+ allow_from => [
+ '10.10.36',
+ '10.10.38',
+ '127.0.0.1',
+ ],
+ }
+```
+
+To disable the access restrictions add the following:
+
+```puppet
+ class {'apache::mod::info':
+ restrict_access => false,
+ }
+```
+
+It is not recommended to leave this set to false though it can be very useful for testing. For this reason, you can insert this setting in your normal code to temporarily disable the restrictions like so:
+
+```puppet
+ class {'apache::mod::info':
+ restrict_access => false, # false disables the block below
+ allow_from => [
+ '10.10.36',
+ '10.10.38',
+ '127.0.0.1',
+ ],
+ }
+```
+
+####Class: `apache::mod::pagespeed`
+
+Installs and manages mod_pagespeed, which is a Google module that rewrites web pages to reduce latency and bandwidth.
+
+This module does *not* manage the software repositories needed to automatically install the
+mod-pagespeed-stable package. The module does however require that the package be installed,
+or be installable using the system's default package provider. You should ensure that this
+pre-requisite is met or declaring `apache::mod::pagespeed` causes the Puppet run to fail.
+
+These are the defaults:
+
+```puppet
+ class { 'apache::mod::pagespeed':
+ inherit_vhost_config => 'on',
+ filter_xhtml => false,
+ cache_path => '/var/cache/mod_pagespeed/',
+ log_dir => '/var/log/pagespeed',
+ memcache_servers => [],
+ rewrite_level => 'CoreFilters',
+ disable_filters => [],
+ enable_filters => [],
+ forbid_filters => [],
+ rewrite_deadline_per_flush_ms => 10,
+ additional_domains => undef,
+ file_cache_size_kb => 102400,
+ file_cache_clean_interval_ms => 3600000,
+ lru_cache_per_process => 1024,
+ lru_cache_byte_limit => 16384,
+ css_flatten_max_bytes => 2048,
+ css_inline_max_bytes => 2048,
+ css_image_inline_max_bytes => 2048,
+ image_inline_max_bytes => 2048,
+ js_inline_max_bytes => 2048,
+ css_outline_min_bytes => 3000,
+ js_outline_min_bytes => 3000,
+ inode_limit => 500000,
+ image_max_rewrites_at_once => 8,
+ num_rewrite_threads => 4,
+ num_expensive_rewrite_threads => 4,
+ collect_statistics => 'on',
+ statistics_logging => 'on',
+ allow_view_stats => [],
+ allow_pagespeed_console => [],
+ allow_pagespeed_message => [],
+ message_buffer_size => 100000,
+ additional_configuration => { }
+ }
+```
+
+Full documentation for mod_pagespeed is available from [Google](http://modpagespeed.com).
+
+####Class: `apache::mod::php`
+
+Installs and configures mod_php. The defaults are OS-dependant.
+
+Overriding the package name:
+```puppet
+ class {'::apache::mod::php':
+ package_name => "php54-php",
+ path => "${::apache::params::lib_path}/libphp54-php5.so",
+ }
+```
+
+Overriding the default configuartion:
+```puppet
+ class {'::apache::mod::php':
+ source => 'puppet:///modules/apache/my_php.conf',
+ }
+```
+
+or
+```puppet
+ class {'::apache::mod::php':
+ template => 'apache/php.conf.erb',
+ }
+```
+
+or
+
+```puppet
+ class {'::apache::mod::php':
+ content => '
+AddHandler php5-script .php
+AddType text/html .php',
+ }
+```
+####Class: `apache::mod::shib`
+
+Installs the [Shibboleth](http://shibboleth.net/) module for Apache which allows the use of SAML2 Single-Sign-On (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. This class only installs and configures the Apache components of a Shibboleth Service Provider (a web application that consumes Shibboleth SSO identities). The Shibboleth configuration can be managed manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth).
+
+Defining this class enables the Shibboleth specific parameters in `apache::vhost` instances.
+
+####Class: `apache::mod::ssl`
+
+Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are the defaults:
+
+```puppet
+ class { 'apache::mod::ssl':
+ ssl_compression => false,
+ ssl_cryptodevice => 'builtin',
+ ssl_options => [ 'StdEnvVars' ],
+ ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5',
+ ssl_honorcipherorder => 'On',
+ ssl_protocol => [ 'all', '-SSLv2', '-SSLv3' ],
+ ssl_pass_phrase_dialog => 'builtin',
+ ssl_random_seed_bytes => '512',
+ ssl_sessioncachetimeout => '300',
+ }
+```
+
+To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` parameter in `::apache` to 'true' or set the `ssl` parameter in `apache::vhost` to 'true'.
+
+####Class: `apache::mod::status`
+
+Installs Apache mod_status and uses the status.conf.erb template. These are the defaults:
+
+```puppet
+ class { 'apache::mod::status':
+ allow_from => ['127.0.0.1','::1'],
+ extended_status => 'On',
+ status_path => '/server-status',
+){
+
+
+ }
+```
+
+####Class: `apache::mod::expires`
+
+Installs Apache mod_expires and uses the expires.conf.erb template. These are the defaults:
+
+```puppet
+ class { 'apache::mod::expires':
+ expires_active => true,
+ expires_default => undef,
+ expires_by_type => undef,
+){
+
+
+ }
+```
+
+`expires_by_type` is an array of Hashes, describing a set of types and their expire times:
+
+```puppet
+ class { 'apache::mod::expires':
+ expires_by_type => [
+ { 'text/json' => 'access plus 1 month' },
+ { 'text/html' => 'access plus 1 year' },
+ ]
+ }
+```
+
+####Class: `apache::mod::wsgi`
+
+Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`.
+
+For customized parameters, which tell Apache how Python is currently configured on the operating system,
+
+```puppet
+ class { 'apache::mod::wsgi':
+ wsgi_socket_prefix => "\${APACHE_RUN_DIR}WSGI",
+ wsgi_python_home => '/path/to/venv',
+ wsgi_python_path => '/path/to/venv/site-packages',
+ }
+```
+
+To specify an alternate mod\_wsgi package name to install and the name of the module .so it provides,
+(e.g. a "python27-mod\_wsgi" package that provides "python27-mod_wsgi.so" in the default module directory):
+
+```puppet
+ class { 'apache::mod::wsgi':
+ wsgi_socket_prefix => "\${APACHE_RUN_DIR}WSGI",
+ wsgi_python_home => '/path/to/venv',
+ wsgi_python_path => '/path/to/venv/site-packages',
+ package_name => 'python27-mod_wsgi',
+ mod_path => 'python27-mod_wsgi.so',
+ }
+```
+
+If ``mod_path`` does not contain "/", it will be prefixed by the default module path
+for your OS; otherwise, it will be used literally.
+
+More information about [WSGI](http://modwsgi.readthedocs.org/en/latest/).
+
+####Class: `apache::mod::fcgid`
+
+Installs and configures mod_fcgid.
+
+The class makes no effort to list all available options, but rather uses an options hash to allow for ultimate flexibility:
+
+```puppet
+ class { 'apache::mod::fcgid':
+ options => {
+ 'FcgidIPCDir' => '/var/run/fcgidsock',
+ 'SharememPath' => '/var/run/fcgid_shm',
+ 'AddHandler' => 'fcgid-script .fcgi',
+ },
+ }
+```
+
+For a full list op options, see the [official mod_fcgid documentation](https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html).
+
+It is also possible to set the FcgidWrapper per directory per vhost. You must ensure the fcgid module is loaded because there is no auto loading.
+
+```puppet
+ include apache::mod::fcgid
+ apache::vhost { 'example.org':
+ docroot => '/var/www/html',
+ directories => {
+ path => '/var/www/html',
+ fcgiwrapper => {
+ command => '/usr/local/bin/fcgiwrapper',
+ }
+ },
+ }
+```
+
+See [FcgidWrapper documentation](https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#fcgidwrapper) for more information.
+
+####Class: `apache::mod::negotiation`
+
+Installs and configures mod_negotiation. If there are not provided any
+parameter, default apache mod_negotiation configuration is done.
+
+```puppet
+ class { '::apache::mod::negotiation':
+ force_language_priority => 'Prefer',
+ language_priority => [ 'es', 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo' ],
+ }
+```
+
+**Parameters within `apache::mod::negotiation`:**
+
+#####`force_language_priority`
+
+A string that sets the `ForceLanguagePriority` option. Defaults to `Prefer Fallback`.
+
+#####`language_priority`
+
+An array of languages to set the `LanguagePriority` option of the module.
+
+####Class: `apache::mod::deflate`
+
+Installs and configures mod_deflate. If no parameters are provided, a default configuration is applied.
+
+```puppet
+ class { '::apache::mod::deflate':
+ types => [ 'text/html', 'text/css' ],
+ notes => {
+ 'Input' => 'instream',
+ 'Ratio' => 'ratio',
+ },
+ }
+```
+
+#####`types`
+
+An array of mime types to be deflated.
+
+#####`notes`
+
+A hash where the key represents the type and the value represents the note name.
+
+
+####Class: `apache::mod::reqtimeout`
+
+Installs and configures mod_reqtimeout. Defaults to recommended apache
+mod_reqtimeout configuration.
+
+```puppet
+ class { '::apache::mod::reqtimeout':
+ timeouts => ['header=20-40,MinRate=500', 'body=20,MinRate=500'],
+ }
+```
+
+####Class: `apache::mod::version`
+
+This wrapper around mod_version warns on Debian and Ubuntu systems with Apache httpd 2.4
+about loading mod_version, as on these platforms it's already built-in.
+
+```puppet
+ include '::apache::mod::version'
+```
+
+#####`timeouts`
+
+A string or an array that sets the `RequestReadTimeout` option. Defaults to
+`['header=20-40,MinRate=500', 'body=20,MinRate=500']`.
+
+
+####Class: `apache::mod::security`
+
+Installs and configures mod_security. Defaults to enabled and running on all
+vhosts.
+
+```puppet
+ include '::apache::mod::security'
+```
+
+#####`crs_package`
+
+Name of package to install containing crs rules
+
+#####`modsec_dir`
+
+Directory to install the modsec configuration and activated rules links into
+
+#####`activated_rules`
+
+Array of rules from the modsec_crs_path to activate by symlinking to
+${modsec_dir}/activated_rules.
+
+#####`allowed_methods`
+
+HTTP methods allowed by mod_security
+
+#####`content_types`
+
+Content-types allowed by mod_security
+
+#####`restricted_extensions`
+
+Extensions prohibited by mod_security
+
+#####`restricted_headers`
+
+Headers restricted by mod_security
+
+
+####Defined Type: `apache::vhost`
+
+The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows it to be evaluated multiple times with different parameters.
+
+The `vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default vhost within the base `::apache` class, as well as set a customized vhost as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15).
+
+The `vhost` defined type uses `concat::fragment` to build the configuration file, so if you want to inject custom fragments for pieces of the configuration not supported by default by the defined type, you can add a custom fragment. For the `order` parameter for the custom fragment, the `vhost` defined type uses multiples of 10, so any order that isn't a multiple of 10 should work.
+
+```puppet
+ apache::vhost { "example.com":
+ docroot => '/var/www/html',
+ priority => '25',
+ }
+ concat::fragment { "example.com-my_custom_fragment":
+ target => '25-example.com.conf',
+ order => 11,
+ content => '# my custom comment',
+ }
+```
+
+If you have a series of specific configurations and do not want a base `::apache` class default vhost, make sure to set the base class `default_vhost` to 'false'.
+
+```puppet
+ class { 'apache':
+ default_vhost => false,
+ }
+```
+
+**Parameters within `apache::vhost`:**
+
+#####`access_log`
+
+Specifies whether `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`) should be configured. Setting the value to 'false' chooses none. Defaults to 'true'.
+
+#####`access_log_file`
+
+Sets the `*_access.log` filename that is placed in `$logroot`. Given a vhost, example.com, it defaults to 'example.com_ssl.log' for SSL vhosts and 'example.com_access.log' for non-SSL vhosts.
+
+#####`access_log_pipe`
+
+Specifies a pipe to send access log messages to. Defaults to 'undef'.
+
+#####`access_log_syslog`
+
+Sends all access log messages to syslog. Defaults to 'undef'.
+
+#####`access_log_format`
+
+Specifies the use of either a LogFormat nickname or a custom format string for the access log. Defaults to 'combined'. See [these examples](http://httpd.apache.org/docs/current/mod/mod_log_config.html).
+
+#####`access_log_env_var`
+
+Specifies that only requests with particular environment variables be logged. Defaults to 'undef'.
+
+#####`add_default_charset`
+
+Sets [AddDefaultCharset](http://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset), a default value for the media charset, which is added to text/plain and text/html responses.
+
+#####`add_listen`
+
+Determines whether the vhost creates a Listen statement. The default value is 'true'.
+
+Setting `add_listen` to 'false' stops the vhost from creating a Listen statement, and this is important when you combine vhosts that are not passed an `ip` parameter with vhosts that *are* passed the `ip` parameter.
+
+#####`use_optional_includes`
+
+Specifies if for apache > 2.4 it should use IncludeOptional instead of Include for `additional_includes`. Defaults to 'false'.
+
+#####`additional_includes`
+
+Specifies paths to additional static, vhost-specific Apache configuration files. Useful for implementing a unique, custom configuration not supported by this module. Can be an array. Defaults to '[]'.
+
+#####`aliases`
+
+Passes a list of hashes to the vhost to create Alias, AliasMatch, ScriptAlias or ScriptAliasMatch directives as per the [mod_alias documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows:
+
+```puppet
+aliases => [
+ { aliasmatch => '^/image/(.*)\.jpg$',
+ path => '/files/jpg.images/$1.jpg',
+ },
+ { alias => '/image',
+ path => '/ftp/pub/image',
+ },
+ { scriptaliasmatch => '^/cgi-bin(.*)',
+ path => '/usr/local/share/cgi-bin$1',
+ },
+ { scriptalias => '/nagios/cgi-bin/',
+ path => '/usr/lib/nagios/cgi-bin/',
+ },
+ { alias => '/nagios',
+ path => '/usr/share/nagios/html',
+ },
+],
+```
+
+For `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` to work, each needs a corresponding context, such as `<Directory /path/to/directory>` or `<Location /some/location/here>`. The directives are created in the order specified in the `aliases` parameter. As described in the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html), more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters should come before the more general ones to avoid shadowing.
+
+*Note*: Using the `aliases` parameter is preferred over the `scriptaliases` parameter since here the order of the various alias directives among each other can be controlled precisely. Defining ScriptAliases using the `scriptaliases` parameter means *all* ScriptAlias directives will come after *all* Alias directives, which can lead to Alias directives shadowing ScriptAlias directives. This is often problematic, for example in case of Nagios.
+
+*Note:* If `apache::mod::passenger` is loaded and `PassengerHighPerformance => true` is set, then Alias might have issues honoring the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details.
+
+#####`allow_encoded_slashes`
+
+This sets the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) for the vhost, overriding the server default. This modifies the vhost responses to URLs with `\` and `/` characters. The default is undefined, which omits the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`.
+
+#####`block`
+
+Specifies the list of things Apache blocks access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories.
+
+#####`custom_fragment`
+
+Passes a string of custom configuration directives to be placed at the end of the vhost configuration. Defaults to 'undef'.
+
+#####`default_vhost`
+
+Sets a given `apache::vhost` as the default to serve requests that do not match any other `apache::vhost` definitions. The default value is 'false'.
+
+#####`directories`
+
+See the [`directories` section](#parameter-directories-for-apachevhost).
+
+#####`directoryindex`
+
+Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. [DirectoryIndex](http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex) has more information. Defaults to 'undef'.
+
+#####`docroot`
+
+Provides the
+[DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot)
+directive, which identifies the directory Apache serves files from. Required.
+
+#####`docroot_group`
+
+Sets group access to the docroot directory. Defaults to 'root'.
+
+#####`docroot_owner`
+
+Sets individual user access to the docroot directory. Defaults to 'root'.
+
+#####`docroot_mode`
+
+Sets access permissions of the docroot directory. Defaults to 'undef'.
+
+#####`manage_docroot`
+
+Whether to manage to docroot directory at all. Defaults to 'true'.
+
+#####`error_log`
+
+Specifies whether `*_error.log` directives should be configured. Defaults to 'true'.
+
+#####`error_log_file`
+
+Points to the `*_error.log` file. Given a vhost, example.com, it defaults to 'example.com_ssl_error.log' for SSL vhosts and 'example.com_access_error.log' for non-SSL vhosts.
+
+#####`error_log_pipe`
+
+Specifies a pipe to send error log messages to. Defaults to 'undef'.
+
+#####`error_log_syslog`
+
+Sends all error log messages to syslog. Defaults to 'undef'.
+
+#####`error_documents`
+
+A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this vhost. Defaults to '[]'. Example:
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ error_documents => [
+ { 'error_code' => '503', 'document' => '/service-unavail' },
+ { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },
+ ],
+ }
+```
+
+#####`ensure`
+
+Specifies if the vhost file is present or absent. Defaults to 'present'.
+
+#####`fallbackresource`
+
+Sets the [FallbackResource](http://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Valid values must either begin with a / or be 'disabled'. Defaults to 'undef'.
+
+#####`headers`
+
+Adds lines to replace, merge, or remove response headers. See [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Can be an array. Defaults to 'undef'.
+
+#####`ip`
+
+Sets the IP address the vhost listens on. Defaults to listen on all IPs.
+
+#####`ip_based`
+
+Enables an [IP-based](http://httpd.apache.org/docs/current/vhosts/ip-based.html) vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'.
+
+#####`itk`
+
+Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys can be:
+
+* user + group
+* `assignuseridexpr`
+* `assigngroupidexpr`
+* `maxclientvhost`
+* `nice`
+* `limituidrange` (Linux 3.5.0 or newer)
+* `limitgidrange` (Linux 3.5.0 or newer)
+
+Usage typically looks like:
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ itk => {
+ user => 'someuser',
+ group => 'somegroup',
+ },
+ }
+```
+
+#####`logroot`
+
+Specifies the location of the virtual host's logfiles. Defaults to '/var/log/<apache log location>/'.
+
+#####`$logroot_ensure`
+
+Determines whether or not to remove the logroot directory for a virtual host. Valid values are 'directory', or 'absent'.
+
+#####`logroot_mode`
+
+Overrides the mode the logroot directory is set to. Defaults to undef. Do NOT give people write access to the directory the logs are stored
+in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details.
+
+#####`log_level`
+
+Specifies the verbosity of the error log. Defaults to 'warn' for the global server configuration and can be overridden on a per-vhost basis. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'.
+
+######`modsec_body_limit`
+
+Configures the maximum request body size (in bytes) ModSecurity will accept for buffering
+
+######`modsec_disable_vhost`
+
+Boolean. Only valid if apache::mod::security is included. Used to disable mod_security on an individual vhost. Only relevant if apache::mod::security is included.
+
+######`modsec_disable_ids`
+
+Array of mod_security IDs to remove from the vhost. Also takes a hash allowing removal of an ID from a specific location.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ modsec_disable_ids => [ 90015, 90016 ],
+ }
+```
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ modsec_disable_ids => { '/location1' => [ 90015, 90016 ] },
+ }
+```
+
+######`modsec_disable_ips`
+
+Array of IPs to exclude from mod_security rule matching
+
+#####`no_proxy_uris`
+
+Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest).
+
+#####`no_proxy_uris_match`
+
+This directive is equivalent to `no_proxy_uris`, but takes regular expressions.
+
+#####`proxy_preserve_host`
+
+Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost). true Enables the Host: line from an incoming request to be proxied to the host instead of hostname . false sets this option to off (default).
+
+#####`proxy_error_override`
+
+Sets the [ProxyErrorOverride Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyerroroverride). This directive controls whether apache should override error pages for proxied content. This option is off by default.
+
+#####`options`
+
+Sets the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the specified virtual host. Defaults to '['Indexes','FollowSymLinks','MultiViews']', as demonstrated below:
+
+```puppet
+ apache::vhost { 'site.name.fdqn':
+ …
+ options => ['Indexes','FollowSymLinks','MultiViews'],
+ }
+```
+
+*Note:* If you use [`directories`](#parameter-directories-for-apachevhost), 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`.
+
+#####`override`
+
+Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. Defaults to '[none]'.
+
+#####`passenger_app_root`
+
+Sets [PassengerRoot](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppRoot), the location of the Passenger application root if different from the DocumentRoot.
+
+#####`passenger_app_env`
+
+Sets [PassengerAppEnv](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppEnv), the environment for the Passenger application. If not specifies, defaults to the global setting or 'production'.
+
+#####`passenger_ruby`
+
+Sets [PassengerRuby](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerRuby) on this virtual host, the Ruby interpreter to use for the application.
+
+#####`passenger_min_instances`
+
+Sets [PassengerMinInstances](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerMinInstances), the minimum number of application processes to run.
+
+#####`passenger_start_timeout`
+
+Sets [PassengerStartTimeout](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#_passengerstarttimeout_lt_seconds_gt), the timeout for the application startup.
+
+#####`passenger_pre_start`
+
+Sets [PassengerPreStart](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerPreStart), the URL of the application if pre-starting is required.
+
+#####`php_flags & values`
+
+Allows per-vhost setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Defaults to '{}'.
+
+#####`php_admin_flags & values`
+
+Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '{}'.
+
+#####`port`
+
+Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL vhosts and port 443 for SSL vhosts. The host only listens on the port set in this parameter.
+
+#####`priority`
+
+Sets the relative load-order for Apache HTTPD VirtualHost configuration files. Defaults to '25'.
+
+If nothing matches the priority, the first name-based vhost is used. Likewise, passing a higher priority causes the alphabetically first name-based vhost to be used if no other names match.
+
+*Note:* You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'.
+
+Pass priority `false` to omit the priority prefix in file names.
+
+#####`proxy_dest`
+
+Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'.
+
+#####`proxy_pass`
+
+Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters can be added as an array.
+
+```puppet
+apache::vhost { 'site.name.fdqn':
+ …
+ proxy_pass => [
+ { 'path' => '/a', 'url' => 'http://backend-a/' },
+ { 'path' => '/b', 'url' => 'http://backend-b/' },
+ { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}},
+ { 'path' => '/l', 'url' => 'http://backend-xy',
+ 'reverse_urls' => ['http://backend-x', 'http://backend-y'] },
+ { 'path' => '/d', 'url' => 'http://backend-a/d',
+ 'params' => { 'retry' => '0', 'timeout' => '5' }, },
+ { 'path' => '/e', 'url' => 'http://backend-a/e',
+ 'keywords' => ['nocanon', 'interpolate'] },
+ { 'path' => '/f', 'url' => 'http://backend-f/',
+ 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']},
+ ],
+}
+```
+
+`reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`.
+`params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings).
+`setenv` is optional and is an array to set environment variables for the proxy directive, for details see http://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings
+
+#####`proxy_dest_match`
+
+This directive is equivalent to proxy_dest, but takes regular expressions, see [ProxyPassMatch](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details.
+
+#####`proxy_dest_reverse_match`
+
+Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See [ProxyPassReverse](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) for details.
+
+#####`proxy_pass_match`
+
+This directive is equivalent to proxy_pass, but takes regular expressions, see [ProxyPassMatch](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details.
+
+#####`rack_base_uris`
+
+Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Defaults to 'undef'.
+
+#####`redirect_dest`
+
+Specifies the address to redirect to. Defaults to 'undef'.
+
+#####`redirect_source`
+
+Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent.
+
+```puppet
+ apache::vhost { 'site.name.fdqn':
+ …
+ redirect_source => ['/images','/downloads'],
+ redirect_dest => ['http://img.example.com/','http://downloads.example.com/'],
+ }
+```
+
+#####`redirect_status`
+
+Specifies the status to append to the redirect. Defaults to 'undef'.
+
+```puppet
+ apache::vhost { 'site.name.fdqn':
+ …
+ redirect_status => ['temp','permanent'],
+ }
+```
+
+#####`redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest`
+
+Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Defaults to 'undef'.
+
+```puppet
+ apache::vhost { 'site.name.fdqn':
+ …
+ redirectmatch_status => ['404','404'],
+ redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
+ redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'],
+ }
+```
+
+#####`request_headers`
+
+Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, etc. Defaults to 'undef'.
+
+```puppet
+ apache::vhost { 'site.name.fdqn':
+ …
+ request_headers => [
+ 'append MirrorID "mirror 12"',
+ 'unset MirrorID',
+ ],
+ }
+```
+
+#####`rewrites`
+
+Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. Defaults to 'undef'.
+
+For example, you can specify that anyone trying to access index.html is served welcome.html
+
+```puppet
+ apache::vhost { 'site.name.fdqn':
+ …
+ rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ]
+ }
+```
+
+The parameter allows rewrite conditions that, when true, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE
+
+```puppet
+ apache::vhost { 'site.name.fdqn':
+ …
+ rewrites => [
+ {
+ comment => 'redirect IE',
+ rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
+ rewrite_rule => ['^index\.html$ welcome.html'],
+ },
+ ],
+ }
+```
+
+You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2)
+
+```puppet
+ apache::vhost { 'site.name.fdqn':
+ …
+ rewrites => [
+ {
+ comment => 'Lynx or Mozilla v1/2',
+ rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
+ rewrite_rule => ['^index\.html$ welcome.html'],
+ },
+ ],
+ }
+```
+
+Multiple rewrites and conditions are also possible
+
+```puppet
+ apache::vhost { 'site.name.fdqn':
+ …
+ rewrites => [
+ {
+ comment => 'Lynx or Mozilla v1/2',
+ rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
+ rewrite_rule => ['^index\.html$ welcome.html'],
+ },
+ {
+ comment => 'Internet Explorer',
+ rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
+ rewrite_rule => ['^index\.html$ /index.IE.html [L]'],
+ },
+ {
+ rewrite_base => /apps/,
+ rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'],
+ },
+ { comment => 'Rewrite to lower case',
+ rewrite_cond => ['%{REQUEST_URI} [A-Z]'],
+ rewrite_map => ['lc int:tolower'],
+ rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'],
+ },
+ ],
+ }
+```
+
+Refer to the [`mod_rewrite` documentation](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) for more details on what is possible with rewrite rules and conditions.
+
+#####`scriptalias`
+
+Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', for example: '/usr/scripts'. Defaults to 'undef'.
+
+#####`scriptaliases`
+
+*Note*: This parameter is deprecated in favour of the `aliases` parameter.
+
+Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAliasMatch statements as per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows:
+
+```puppet
+ scriptaliases => [
+ {
+ alias => '/myscript',
+ path => '/usr/share/myscript',
+ },
+ {
+ aliasmatch => '^/foo(.*)',
+ path => '/usr/share/fooscripts$1',
+ },
+ {
+ aliasmatch => '^/bar/(.*)',
+ path => '/usr/share/bar/wrapper.sh/$1',
+ },
+ {
+ alias => '/neatscript',
+ path => '/usr/share/neatscript',
+ },
+ ]
+```
+
+The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, more specific aliases should come before more general ones to avoid shadowing.
+
+#####`serveradmin`
+
+Specifies the email address Apache displays when it renders one of its error pages. Defaults to 'undef'.
+
+#####`serveraliases`
+
+Sets the [ServerAliases](http://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site. Defaults to '[]'.
+
+#####`servername`
+
+Sets the servername corresponding to the hostname you connect to the virtual host at. Defaults to the title of the resource.
+
+#####`setenv`
+
+Used by HTTPD to set environment variables for vhosts. Defaults to '[]'.
+
+Example:
+
+```puppet
+ apache::vhost { 'setenv.example.com':
+ setenv => ['SPECIAL_PATH /foo/bin'],
+ }
+```
+
+#####`setenvif`
+
+Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'.
+
+#####`suphp_addhandler`, `suphp_configpath`, & `suphp_engine`
+
+Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG).
+
+`suphp_addhandler` defaults to 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian and Gentoo.
+
+`suphp_configpath` defaults to 'undef' on RedHat and FreeBSD, and '/etc/php5/apache2' on Debian and Gentoo.
+
+`suphp_engine` allows values 'on' or 'off'. Defaults to 'off'
+
+To set up a virtual host with suPHP
+
+```puppet
+ apache::vhost { 'suphp.example.com':
+ port => '80',
+ docroot => '/home/appuser/myphpapp',
+ suphp_addhandler => 'x-httpd-php',
+ suphp_engine => 'on',
+ suphp_configpath => '/etc/php5/apache2',
+ directories => { path => '/home/appuser/myphpapp',
+ 'suphp' => { user => 'myappuser', group => 'myappgroup' },
+ }
+ }
+```
+
+#####`vhost_name`
+
+Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '*'.
+
+#####`virtual_docroot`
+
+Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'.
+
+```puppet
+ apache::vhost { 'subdomain.loc':
+ vhost_name => '*',
+ port => '80',
+ virtual_docroot' => '/var/www/%-2+',
+ docroot => '/var/www',
+ serveraliases => ['*.loc',],
+ }
+```
+
+#####`wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization`
+
+Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/).
+
+`wsgi_daemon_process` sets the name of the WSGI daemon. It is a hash, accepting [these keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html), and it defaults to 'undef'.
+
+`wsgi_daemon_process_options` is optional and defaults to 'undef'.
+
+`wsgi_process_group` sets the group ID the virtual host runs under. Defaults to 'undef'.
+
+`wsgi_script_aliases` requires a hash of web paths to filesystem .wsgi paths. Defaults to 'undef'.
+
+`wsgi_pass_authorization` the WSGI application handles authorisation instead of Apache when set to 'On'. For more information see [here] (http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Defaults to 'undef' where apache sets the defaults setting to 'Off'.
+
+`wsgi_chunked_request` enables support for chunked requests. Defaults to 'undef'.
+
+To set up a virtual host with WSGI
+
+```puppet
+ apache::vhost { 'wsgi.example.com':
+ port => '80',
+ docroot => '/var/www/pythonapp',
+ wsgi_daemon_process => 'wsgi',
+ wsgi_daemon_process_options =>
+ { processes => '2',
+ threads => '15',
+ display-name => '%{GROUP}',
+ },
+ wsgi_process_group => 'wsgi',
+ wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },
+ wsgi_chunked_request => 'On',
+ }
+```
+
+####Parameter `directories` for `apache::vhost`
+
+The `directories` parameter within the `apache::vhost` class passes an array of hashes to the vhost to create [Directory](http://httpd.apache.org/docs/current/mod/core.html#directory), [File](http://httpd.apache.org/docs/current/mod/core.html#files), and [Location](http://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'.
+
+The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys.
+
+The `provider` key is optional. If missing, this key defaults to 'directory'. Valid values for `provider` are 'directory', 'files', 'location', 'directorymatch', 'filesmatch', or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file.
+
+General `directories` usage looks something like
+
+```puppet
+ apache::vhost { 'files.example.net':
+ docroot => '/var/www/files',
+ directories => [
+ { 'path' => '/var/www/files',
+ 'provider' => 'files',
+ 'deny' => 'from all'
+ },
+ ],
+ }
+```
+
+*Note:* At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter.
+
+Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [ { path => '/path/to/directory', handler => value } ],
+}
+```
+
+Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are:
+
+######`addhandlers`
+
+Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}],
+ },
+ ],
+ }
+```
+
+######`allow`
+
+Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ allow => 'from example.org',
+ },
+ ],
+ }
+```
+
+######`allow_override`
+
+Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ allow_override => ['AuthConfig', 'Indexes'],
+ },
+ ],
+ }
+```
+
+######`auth_basic_authoritative`
+
+Sets the value for [AuthBasicAuthoritative](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicauthoritative), which determines whether authorization and authentication are passed to lower level Apache modules.
+
+######`auth_basic_fake`
+
+Sets the value for [AuthBasicFake](http://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block.
+
+######`auth_basic_provider`
+
+Sets the value for [AuthBasicProvider] (http://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location.
+
+######`auth_digest_algorithm`
+
+Sets the value for [AuthDigestAlgorithm](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes.
+
+######`auth_digest_domain`
+
+Sets the value for [AuthDigestDomain](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication.
+
+######`auth_digest_nonce_lifetime`
+
+Sets the value for [AuthDigestNonceLifetime](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid.
+
+######`auth_digest_provider`
+
+Sets the value for [AuthDigestProvider](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location.
+
+######`auth_digest_qop`
+
+Sets the value for [AuthDigestQop](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication.
+
+######`auth_digest_shmem_size`
+
+Sets the value for [AuthAuthDigestShmemSize](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients.
+
+######`auth_group_file`
+
+Sets the value for [AuthGroupFile](https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html#authgroupfile), which sets the name of the text file containing the list of user groups for authorization.
+
+######`auth_name`
+
+Sets the value for [AuthName](http://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname), which sets the name of the authorization realm.
+
+######`auth_require`
+
+Sets the entity name you're requiring to allow access. Read more about [Require](http://httpd.apache.org/docs/current/mod/mod_authz_host.html#requiredirectives).
+
+######`auth_type`
+
+Sets the value for [AuthType](http://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication.
+
+######`auth_user_file`
+
+Sets the value for [AuthUserFile](http://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication.
+
+######`custom_fragment`
+
+Pass a string of custom configuration directives to be placed at the end of the directory configuration.
+
+```puppet
+ apache::vhost { 'monitor':
+ …
+ directories => [
+ {
+ path => '/path/to/directory',
+ custom_fragment => '
+ <Location /balancer-manager>
+ SetHandler balancer-manager
+ Order allow,deny
+ Allow from all
+ </Location>
+ <Location /server-status>
+ SetHandler server-status
+ Order allow,deny
+ Allow from all
+ </Location>
+ ProxyStatus On',
+ },
+ ]
+ }
+```
+
+######`deny`
+
+Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ deny => 'from example.org',
+ },
+ ],
+ }
+```
+
+######`error_documents`
+
+An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ directories => [
+ { path => '/srv/www',
+ error_documents => [
+ { 'error_code' => '503',
+ 'document' => '/service-unavail',
+ },
+ ],
+ },
+ ],
+ }
+```
+
+######`geoip_enable`
+
+Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration) directive.
+Note that you must declare `class {'apache::mod::geoip': }` before using this directive.
+
+```puppet
+ apache::vhost { 'first.example.com':
+ docroot => '/var/www/first',
+ directories => [
+ { path => '/var/www/first',
+ geoip_enable => true,
+ },
+ ],
+ }
+```
+
+######`headers`
+
+Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => {
+ path => '/path/to/directory',
+ headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
+ },
+ }
+```
+
+######`index_options`
+
+Allows configuration settings for [directory indexing](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions).
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work
+ options => ['Indexes','FollowSymLinks','MultiViews'],
+ index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'],
+ },
+ ],
+ }
+```
+
+######`index_order_default`
+
+Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ order => 'Allow,Deny',
+ index_order_default => ['Descending', 'Date'],
+ },
+ ],
+ }
+```
+
+######`index_style_sheet`
+
+Sets the [IndexStyleSheet](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet) which adds a CSS stylesheet to the directory index.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ options => ['Indexes','FollowSymLinks','MultiViews'],
+ index_options => ['FancyIndexing'],
+ index_style_sheet => '/styles/style.css',
+ },
+ ],
+ }
+```
+
+######`options`
+
+Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ options => ['Indexes','FollowSymLinks','MultiViews'],
+ },
+ ],
+ }
+```
+
+######`order`
+
+Sets the order of processing Allow and Deny statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ order => 'Allow,Deny',
+ },
+ ],
+ }
+```
+
+######`passenger_enabled`
+
+Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directory to 'on' or 'off'. Requires `apache::mod::passenger` to be included.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ passenger_enabled => 'on',
+ },
+ ],
+ }
+```
+
+*Note:* Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive.
+
+######`php_value` and `php_flag`
+
+`php_value` sets the value of the directory, and `php_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php).
+
+######`php_admin_value` and `php_admin_flag`
+
+`php_admin_value` sets the value of the directory, and `php_admin_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php).
+
+
+######`satisfy`
+
+Sets a `Satisfy` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ satisfy => 'Any',
+ }
+ ],
+ }
+```
+
+######`sethandler`
+
+Sets a `SetHandler` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). An example:
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ sethandler => 'None',
+ }
+ ],
+ }
+```
+
+######`rewrites`
+
+Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'.
+
+```puppet
+ apache::vhost { 'secure.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ rewrites => [ { comment => 'Permalink Rewrites',
+ rewrite_base => '/'
+ },
+ { rewrite_rule => [ '^index\.php$ - [L]' ]
+ },
+ { rewrite_cond => [ '%{REQUEST_FILENAME} !-f',
+ '%{REQUEST_FILENAME} !-d',
+ ],
+ rewrite_rule => [ '. /index.php [L]' ],
+ }
+ ],
+ },
+ ],
+ }
+```
+
+***Note*** If you include rewrites in your directories make sure you are also including `apache::mod::rewrite`. You may also want to consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories.
+
+######`shib_request_setting`
+
+Allows an valid content setting to be set or altered for the application request. This command takes two parameters, the name of the content setting, and the value to set it to.Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details.
+
+```puppet
+ apache::vhost { 'secure.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ shib_require_setting => 'requiresession 1',
+ shib_use_headers => 'On',
+ },
+ ],
+ }
+```
+
+######`shib_use_headers`
+
+When set to 'On' this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details.
+
+######`ssl_options`
+
+String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost.
+
+```puppet
+ apache::vhost { 'secure.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ ssl_options => '+ExportCertData',
+ },
+ { path => '/path/to/different/dir',
+ ssl_options => [ '-StdEnvVars', '+ExportCertData'],
+ },
+ ],
+ }
+```
+
+######`suphp`
+
+A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the vhost declaration, and can only be passed within `directories`.
+
+```puppet
+ apache::vhost { 'secure.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ suphp =>
+ { user => 'myappuser',
+ group => 'myappgroup',
+ },
+ },
+ ],
+ }
+```
+
+####SSL parameters for `apache::vhost`
+
+All of the SSL parameters for `::vhost` default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific vhosts.
+
+#####`ssl`
+
+Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'.
+
+#####`ssl_ca`
+
+Specifies the SSL certificate authority. Defaults to 'undef'.
+
+#####`ssl_cert`
+
+Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, '/usr/local/etc/apache22/server.crt' for FreeBSD, and '/etc/ssl/apache2/server.crt' on Gentoo.
+
+#####`ssl_protocol`
+
+Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array of accepted protocols. Defaults to 'all', '-SSLv2', '-SSLv3'.
+
+#####`ssl_cipher`
+
+Specifies [SSLCipherSuite](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Defaults to 'HIGH:MEDIUM:!aNULL:!MD5'.
+
+#####`ssl_honorcipherorder`
+
+Sets [SSLHonorCipherOrder](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), which is used to prefer the server's cipher preference order. Defaults to 'On' in the base `apache` config.
+
+#####`ssl_certs_dir`
+
+Specifies the location of the SSL certification directory. Defaults to '/etc/ssl/certs' on Debian, '/etc/pki/tls/certs' on RedHat, '/usr/local/etc/apache22' on FreeBSD, and '/etc/ssl/apache2' on Gentoo.
+
+#####`ssl_chain`
+
+Specifies the SSL chain. Defaults to 'undef'. (This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production.)
+
+#####`ssl_crl`
+
+Specifies the certificate revocation list to use. Defaults to 'undef'. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.)
+
+#####`ssl_crl_path`
+
+Specifies the location of the certificate revocation list. Defaults to 'undef'. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.)
+
+#####`ssl_crl_check`
+
+Sets the certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), defaults to 'undef'. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions.
+
+#####`ssl_key`
+
+Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, '/usr/local/etc/apache22/server.key' for FreeBSD, and '/etc/ssl/apache2/server.key' on Gentoo. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.)
+
+#####`ssl_verify_client`
+
+Sets the [SSLVerifyClient](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Valid values are: 'none', 'optional', 'require', and 'optional_no_ca'. Defaults to 'undef'.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ …
+ ssl_verify_client => 'optional',
+ }
+```
+
+#####`ssl_verify_depth`
+
+Sets the [SSLVerifyDepth](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. Defaults to 'undef'.
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ …
+ ssl_verify_depth => 1,
+ }
+```
+
+#####`ssl_options`
+
+Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'.
+
+A string:
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ …
+ ssl_options => '+ExportCertData',
+ }
+```
+
+An array:
+
+```puppet
+ apache::vhost { 'sample.example.net':
+ …
+ ssl_options => [ '+StrictRequire', '+ExportCertData' ],
+ }
+```
+
+#####`ssl_proxyengine`
+
+Specifies whether or not to use [SSLProxyEngine](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid values are 'true' and 'false'. Defaults to 'false'.
+
+####Defined Type: FastCGI Server
+
+This type is intended for use with mod_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types.
+
+Ex:
+
+```puppet
+apache::fastcgi::server { 'php':
+ host => '127.0.0.1:9000',
+ timeout => 15,
+ flush => false,
+ faux_path => '/var/www/php.fcgi',
+ fcgi_alias => '/php.fcgi',
+ file_type => 'application/x-httpd-php'
+}
+```
+
+Within your virtual host, you can then configure the specified file type to be handled by the fastcgi server specified above.
+
+```puppet
+apache::vhost { 'www':
+ ...
+ custom_fragment => 'AddType application/x-httpd-php .php'
+ ...
+}
+```
+
+#####`host`
+
+The hostname or IP address and TCP port number (1-65535) of the FastCGI server.
+
+#####`timeout`
+
+The number of seconds of FastCGI application inactivity allowed before the request is aborted and the event is logged (at the error LogLevel). The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond (by writing and flushing) within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply.
+
+#####`flush`
+
+Force a write to the client as data is received from the application. By default, mod_fastcgi buffers data in order to free the application as quickly as possible.
+
+#####`faux_path`
+
+`faux_path` does not have to exist in the local filesystem. URIs that Apache resolves to this filename are handled by this external FastCGI application.
+
+#####`alias`
+
+A unique alias. This is used internally to link the action with the FastCGI server.
+
+#####`file_type`
+
+The MIME-type of the file to be processed by the FastCGI server.
+
+###Virtual Host Examples
+
+The apache module allows you to set up pretty much any configuration of virtual host you might need. This section addresses some common configurations, but look at the [Tests section](https://github.com/puppetlabs/puppetlabs-apache/tree/master/tests) for even more examples.
+
+Configure a vhost with a server administrator
+
+```puppet
+ apache::vhost { 'third.example.com':
+ port => '80',
+ docroot => '/var/www/third',
+ serveradmin => 'admin@example.com',
+ }
+```
+
+- - -
+
+Set up a vhost with aliased servers
+
+```puppet
+ apache::vhost { 'sixth.example.com':
+ serveraliases => [
+ 'sixth.example.org',
+ 'sixth.example.net',
+ ],
+ port => '80',
+ docroot => '/var/www/fifth',
+ }
+```
+
+- - -
+
+Configure a vhost with a cgi-bin
+
+```puppet
+ apache::vhost { 'eleventh.example.com':
+ port => '80',
+ docroot => '/var/www/eleventh',
+ scriptalias => '/usr/lib/cgi-bin',
+ }
+```
+
+- - -
+
+Set up a vhost with a rack configuration
+
+```puppet
+ apache::vhost { 'fifteenth.example.com':
+ port => '80',
+ docroot => '/var/www/fifteenth',
+ rack_base_uris => ['/rackapp1', '/rackapp2'],
+ }
+```
+
+- - -
+
+Set up a mix of SSL and non-SSL vhosts at the same domain
+
+```puppet
+ #The non-ssl vhost
+ apache::vhost { 'first.example.com non-ssl':
+ servername => 'first.example.com',
+ port => '80',
+ docroot => '/var/www/first',
+ }
+
+ #The SSL vhost at the same domain
+ apache::vhost { 'first.example.com ssl':
+ servername => 'first.example.com',
+ port => '443',
+ docroot => '/var/www/first',
+ ssl => true,
+ }
+```
+
+- - -
+
+Configure a vhost to redirect non-SSL connections to SSL
+
+```puppet
+ apache::vhost { 'sixteenth.example.com non-ssl':
+ servername => 'sixteenth.example.com',
+ port => '80',
+ docroot => '/var/www/sixteenth',
+ redirect_status => 'permanent',
+ redirect_dest => 'https://sixteenth.example.com/'
+ }
+ apache::vhost { 'sixteenth.example.com ssl':
+ servername => 'sixteenth.example.com',
+ port => '443',
+ docroot => '/var/www/sixteenth',
+ ssl => true,
+ }
+```
+
+- - -
+
+Set up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter.
+
+```puppet
+ apache::listen { '80': }
+ apache::listen { '81': }
+```
+
+Then we set up the IP-based vhosts
+
+```puppet
+ apache::vhost { 'first.example.com':
+ ip => '10.0.0.10',
+ docroot => '/var/www/first',
+ ip_based => true,
+ }
+ apache::vhost { 'second.example.com':
+ ip => '10.0.0.11',
+ docroot => '/var/www/second',
+ ip_based => true,
+ }
+```
+
+- - -
+
+Configure a mix of name-based and IP-based vhosts. First, we add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL
+
+```puppet
+ apache::vhost { 'The first IP-based vhost, non-ssl':
+ servername => 'first.example.com',
+ ip => '10.0.0.10',
+ port => '80',
+ ip_based => true,
+ docroot => '/var/www/first',
+ }
+ apache::vhost { 'The first IP-based vhost, ssl':
+ servername => 'first.example.com',
+ ip => '10.0.0.10',
+ port => '443',
+ ip_based => true,
+ docroot => '/var/www/first-ssl',
+ ssl => true,
+ }
+```
+
+Then, we add two name-based vhosts listening on 10.0.0.20
+
+```puppet
+ apache::vhost { 'second.example.com':
+ ip => '10.0.0.20',
+ port => '80',
+ docroot => '/var/www/second',
+ }
+ apache::vhost { 'third.example.com':
+ ip => '10.0.0.20',
+ port => '80',
+ docroot => '/var/www/third',
+ }
+```
+
+If you want to add two name-based vhosts so that they answer on either 10.0.0.10 or 10.0.0.20, you **MUST** declare `add_listen => 'false'` to disable the otherwise automatic 'Listen 80', as it conflicts with the preceding IP-based vhosts.
+
+```puppet
+ apache::vhost { 'fourth.example.com':
+ port => '80',
+ docroot => '/var/www/fourth',
+ add_listen => false,
+ }
+ apache::vhost { 'fifth.example.com':
+ port => '80',
+ docroot => '/var/www/fifth',
+ add_listen => false,
+ }
+```
+
+###Load Balancing
+
+####Defined Type: `apache::balancer`
+
+`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember).
+
+One `apache::balancer` defined resource should be defined for each Apache load balanced set of servers. The `apache::balancermember` resources for all balancer members can be exported and collected on a single Apache load balancer server using exported resources.
+
+**Parameters within `apache::balancer`:**
+
+#####`name`
+
+Sets the balancer cluster's title. This parameter also sets the title of the conf.d file.
+
+#####`proxy_set`
+
+Configures key-value pairs as [ProxySet](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) lines. Accepts a hash, and defaults to '{}'.
+
+#####`collect_exported`
+
+Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'.
+
+If you statically declare all of your backend servers, you should set this to 'false' to rely on existing declared balancer member resources. Also make sure to use `apache::balancermember` with array arguments.
+
+If you wish to dynamically declare your backend servers via [exported resources](http://docs.puppetlabs.com/guides/exported_resources.html) collected on a central node, you must set this parameter to 'true' in order to collect the exported balancer member resources that were exported by the balancer member nodes.
+
+If you choose not to use exported resources, all balancer members will be configured in a single Puppet run. If you are using exported resources, Puppet has to run on the balanced nodes, then run on the balancer.
+
+####Defined Type: `apache::balancermember`
+
+Defines members of [mod_proxy_balancer](http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html), which sets up a balancer member inside a listening service configuration block in etc/apache/apache.cfg on the load balancer.
+
+**Parameters within `apache::balancermember`:**
+
+#####`name`
+
+Sets the title of the resource. This name also sets the name of the concat fragment.
+
+#####`balancer_cluster`
+
+Sets the Apache service's instance name. This must match the name of a declared `apache::balancer` resource. Required.
+
+#####`url`
+
+Specifies the URL used to contact the balancer member server. Defaults to 'http://${::fqdn}/'.
+
+#####`options`
+
+An array of [options](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#balancermember) to be specified after the URL. Accepts any key-value pairs available to [ProxyPass](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass).
+
+####Examples
+
+To load balance with exported resources, export the `balancermember` from the balancer member
+
+```puppet
+ @@apache::balancermember { "${::fqdn}-puppet00":
+ balancer_cluster => 'puppet00',
+ url => "ajp://${::fqdn}:8009"
+ options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
+ }
+```
+
+Then, on the proxy server, create the balancer cluster
+
+```puppet
+ apache::balancer { 'puppet00': }
+```
+
+To load balance without exported resources, declare the following on the proxy
+
+```puppet
+ apache::balancer { 'puppet00': }
+ apache::balancermember { "${::fqdn}-puppet00":
+ balancer_cluster => 'puppet00',
+ url => "ajp://${::fqdn}:8009"
+ options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
+ }
+```
+
+Then declare `apache::balancer` and `apache::balancermember` on the proxy server.
+
+If you need to use ProxySet in the balancer config
+
+```puppet
+ apache::balancer { 'puppet01':
+ proxy_set => {'stickysession' => 'JSESSIONID'},
+ }
+```
+
+##Reference
+
+###Classes
+
+####Public Classes
+
+* [`apache`](#class-apache): Guides the basic setup of Apache.
+* `apache::dev`: Installs Apache development libraries. (*Note:* On FreeBSD, you must declare `apache::package` or `apache` before `apache::dev`.)
+* [`apache::mod::[name]`](#classes-apachemodname): Enables specific Apache HTTPD modules.
+
+####Private Classes
+
+* `apache::confd::no_accf`: Creates the no-accf.conf configuration file in conf.d, required by FreeBSD's Apache 2.4.
+* `apache::default_confd_files`: Includes conf.d files for FreeBSD.
+* `apache::default_mods`: Installs the Apache modules required to run the default configuration.
+* `apache::package`: Installs and configures basic Apache packages.
+* `apache::params`: Manages Apache parameters.
+* `apache::service`: Manages the Apache daemon.
+
+###Defined Types
+
+####Public Defined Types
+
+* `apache::balancer`: Creates an Apache balancer cluster.
+* `apache::balancermember`: Defines members of [mod_proxy_balancer](http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html).
+* `apache::listen`: Based on the title, controls which ports Apache binds to for listening. Adds [Listen](http://httpd.apache.org/docs/current/bind.html) directives to ports.conf in the Apache HTTPD configuration directory. Titles take the form '<port>', '<ipv4>:<port>', or '<ipv6>:<port>'.
+* `apache::mod`: Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class.
+* `apache::namevirtualhost`: Enables name-based hosting of a virtual host. Adds all [NameVirtualHost](http://httpd.apache.org/docs/current/vhosts/name-based.html) directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles take the form '\*', '*:<port>', '\_default_:<port>, '<ip>', or '<ip>:<port>'.
+* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults.
+
+####Private Defined Types
+
+* `apache::peruser::multiplexer`: Enables the [Peruser](http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr) module for FreeBSD only.
+* `apache::peruser::processor`: Enables the [Peruser](http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr) module for FreeBSD only.
+* `apache::security::file_link`: Links the activated_rules from apache::mod::security to the respective CRS rules on disk.
+
+###Templates
+
+The Apache module relies heavily on templates to enable the `vhost` and `apache::mod` defined types. These templates are built based on Facter facts around your operating system. Unless explicitly called out, most templates are not meant for configuration.
+
+##Limitations
+
+###Ubuntu 10.04
+
+The `apache::vhost::WSGIImportScript` parameter creates a statement inside the VirtualHost which is unsupported on older versions of Apache, causing this to fail. This will be remedied in a future refactoring.
+
+###RHEL/CentOS 5
+
+The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages.
+
+###RHEL/CentOS 7
+
+The `apache::mod::passenger` class is untested as the repository does not have packages for EL7 yet. The fact that passenger packages aren't available also makes us unable to test the `rack_base_uri` parameter in `apache::vhost`.
+
+###General
+
+This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet.
+
+The module contains support for other distributions and operating systems, such as FreeBSD, Gentoo and Amazon Linux, but is not formally tested on those and regressions can occur.
+
+###SELinux and Custom Paths
+
+If you are running with SELinux in enforcing mode and want to use custom paths for your `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you need to manage the context for the files yourself.
+
+Something along the lines of:
+
+```puppet
+ exec { 'set_apache_defaults':
+ command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"',
+ path => '/bin:/usr/bin/:/sbin:/usr/sbin',
+ require => Package['policycoreutils-python'],
+ }
+ package { 'policycoreutils-python': ensure => installed }
+ exec { 'restorecon_apache':
+ command => 'restorecon -Rv /apache_spec',
+ path => '/bin:/usr/bin/:/sbin:/usr/sbin',
+ before => Class['Apache::Service'],
+ require => Class['apache'],
+ }
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ file { '/custom/path': ensure => directory, }
+ file { '/custom/path/include': ensure => present, content => '#additional_includes' }
+ apache::vhost { 'test.server':
+ docroot => '/custom/path',
+ additional_includes => '/custom/path/include',
+ }
+```
+
+You need to set the contexts using `semanage fcontext` not `chcon` because `file {...}` resources reset the context to the values in the database if the resource isn't specifying the context.
+
+###FreeBSD
+
+In order to use this module on FreeBSD, you *must* use apache24-2.4.12 (www/apache24) or newer.
+
+##Development
+
+###Contributing
+
+Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.
+
+We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
+
+Read the complete module [contribution guide](https://docs.puppetlabs.com/forge/contributing.html)
+
+###Running tests
+
+This project contains tests for both [rspec-puppet](http://rspec-puppet.com/) and [beaker-rspec](https://github.com/puppetlabs/beaker-rspec) to verify functionality. For in-depth information please see their respective documentation.
+
+Quickstart:
+
+####Ruby > 1.8.7
+
+```
+ gem install bundler
+ bundle install
+ bundle exec rake spec
+ bundle exec rspec spec/acceptance
+ RS_DEBUG=yes bundle exec rspec spec/acceptance
+```
+
+####Ruby = 1.8.7
+
+```
+ gem install bundler
+ bundle install --without system_tests
+ bundle exec rake spec
+```
--- /dev/null
+# Passenger
+
+Just enabling the Passenger module is insufficient for the use of Passenger in
+production. Passenger should be tunable to better fit the environment in which
+it is run while being aware of the resources it required.
+
+To this end the Apache passenger module has been modified to apply system wide
+Passenger tuning declarations to `passenger.conf`. Declarations specific to a
+virtual host should be passed through when defining a `vhost` (e.g.
+`rack_base_uris` parameter on the `apache::vhost` type, check `README.md`).
+
+Also, general apache module loading parameters can be supplied to enable using
+a customized passenger module in place of a default-package-based version of
+the module.
+
+# Operating system support and Passenger versions
+
+The most important configuration directive for the Apache Passenger module is
+`PassengerRoot`. Its value depends on the Passenger version used (2.x, 3.x or
+4.x) and on the operating system package from which the Apache Passenger module
+is installed.
+
+The following table summarises the current *default versions* and
+`PassengerRoot` settings for the operating systems supported by
+puppetlabs-apache:
+
+OS | Passenger version | `PassengerRoot`
+---------------- | ------------------ | ----------------
+Debian 7 | 3.0.13 | /usr
+Debian 8 | 4.0.53 | /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
+Ubuntu 12.04 | 2.2.11 | /usr
+Ubuntu 14.04 | 4.0.37 | /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
+RHEL with EPEL6 | 3.0.21 | /usr/lib/ruby/gems/1.8/gems/passenger-3.0.21
+
+As mentioned in `README.md` there are no compatible packages available for
+RHEL/CentOS 5 or RHEL/CentOS 7.
+
+## Configuration files and locations on RHEL/CentOS
+
+Notice two important points:
+
+1. The Passenger version packaged in the EPEL repositories may change over time.
+2. The value of `PassengerRoot` depends on the Passenger version installed.
+
+To prevent the puppetlabs-apache module from having to keep up with these
+package versions the Passenger configuration files installed by the
+packages are left untouched by this module. All configuration is placed in an
+extra configuration file managed by puppetlabs-apache.
+
+This means '/etc/httpd/conf.d/passenger.conf' is installed by the
+`mod_passenger` package and contains correct values for `PassengerRoot` and
+`PassengerRuby`. Puppet will ignore this file. Additional configuration
+directives as described in the remainder of this document are placed in
+'/etc/httpd/conf.d/passenger_extra.conf', managed by Puppet.
+
+This pertains *only* to RHEL/CentOS, *not* Debian and Ubuntu.
+
+## Third-party and custom Passenger packages and versions
+
+The Passenger version distributed by the default OS packages may be too old to
+be useful. Newer versions may be installed via Gems, from source or from
+third-party OS packages.
+
+Most notably the Passenger developers officially provide Debian packages for a
+variety of Debian and Ubuntu releases in the [Passenger APT
+repository](https://oss-binaries.phusionpassenger.com/apt/passenger). Read more
+about [installing these packages in the offical user
+guide](http://www.modrails.com/documentation/Users%20guide%20Apache.html#install_on_debian_ubuntu).
+
+If you install custom Passenger packages and newer version make sure to set the
+directives `PassengerRoot`, `PassengerRuby` and/or `PassengerDefaultRuby`
+correctly, or Passenger and Apache will fail to function properly.
+
+For Passenger 4.x packages on Debian and Ubuntu the `PassengerRoot` directive
+should almost universally be set to
+`/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini`.
+
+# Parameters for `apache::mod::passenger`
+
+The following class parameters configure Passenger in a global, server-wide
+context.
+
+Example:
+
+```puppet
+class { 'apache::mod::passenger':
+ passenger_root => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
+ passenger_default_ruby => '/usr/bin/ruby1.9.3',
+ passenger_high_performance => 'on',
+ rails_autodetect => 'off',
+ mod_lib_path => '/usr/lib/apache2/custom_modules',
+}
+```
+
+The general form is using the all lower-case version of the configuration
+directive, with underscores instead of CamelCase.
+
+## Parameters used with passenger.conf
+
+If you pass a default value to `apache::mod::passenger` it will be ignored and
+not passed through to the configuration file.
+
+### passenger_root
+
+The location to the Phusion Passenger root directory. This configuration option
+is essential to Phusion Passenger, and allows Phusion Passenger to locate its
+own data files.
+
+The default depends on the Passenger version and the means of installation. See
+the above section on operating system support, versions and packages for more
+information.
+
+http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerroot_lt_directory_gt
+
+### passenger_default_ruby
+
+This option specifies the default Ruby interpreter to use for web apps as well
+as for all sorts of internal Phusion Passenger helper scripts, e.g. the one
+used by PassengerPreStart.
+
+This directive was introduced in Passenger 4.0.0 and will not work in versions
+< 4.x. Do not set this parameter if your Passenger version is older than 4.0.0.
+
+Defaults to `undef` for all operating systems except Ubuntu 14.04, where it is
+set to '/usr/bin/ruby'.
+
+http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerDefaultRuby
+
+### passenger_ruby
+
+This directive is the same as `passenger_default_ruby` for Passenger versions
+< 4.x and must be used instead of `passenger_default_ruby` for such versions.
+
+It makes no sense to set `PassengerRuby` for Passenger >= 4.x. That
+directive should only be used to override the value of `PassengerDefaultRuby`
+on a non-global context, i.e. in `<VirtualHost>`, `<Directory>`, `<Location>`
+and so on.
+
+Defaults to `/usr/bin/ruby` for all supported operating systems except Ubuntu
+14.04, where it is set to `undef`.
+
+http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerRuby
+
+### passenger_high_performance
+
+Default is `off`. When turned `on` Passenger runs in a higher performance mode
+that can be less compatible with other Apache modules.
+
+http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerHighPerformance
+
+### passenger_max_pool_size
+
+Sets the maximum number of Passenger application processes that may
+simultaneously run. The default value is 6.
+
+http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengermaxpoolsize_lt_integer_gt
+
+### passenger_pool_idle_time
+
+The maximum number of seconds a Passenger Application process will be allowed
+to remain idle before being shut down. The default value is 300.
+
+http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerPoolIdleTime
+
+### passenger_max_requests
+
+The maximum number of request a Passenger application will process before being
+restarted. The default value is 0, which indicates that a process will only
+shut down if the Pool Idle Time (see above) expires.
+
+http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMaxRequests
+
+### passenger_stat_throttle_rate
+
+Sets how often Passenger performs file system checks, at most once every _x_
+seconds. Default is 0, which means the checks are performed with every request.
+
+http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerstatthrottlerate_lt_integer_gt
+
+### rack_autodetect
+
+Should Passenger automatically detect if the document root of a virtual host is
+a Rack application. Not set by default (`undef`). Note that this directive has
+been removed in Passenger 4.0.0 and `PassengerEnabled` should be used instead.
+Use this directive only on Passenger < 4.x.
+
+http://www.modrails.com/documentation/Users%20guide%20Apache.html#_rackautodetect_lt_on_off_gt
+
+### rails_autodetect
+
+Should Passenger automatically detect if the document root of a virtual host is
+a Rails application. Not set by default (`undef`). Note that this directive
+has been removed in Passenger 4.0.0 and `PassengerEnabled` should be used
+instead. Use this directive only on Passenger < 4.x.
+
+http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsautodetect_lt_on_off_gt
+
+### passenger_use_global_queue
+
+Allows toggling of PassengerUseGlobalQueue. NOTE: PassengerUseGlobalQueue is
+the default in Passenger 4.x and the versions >= 4.x have disabled this
+configuration option altogether. Use with caution.
+
+### passenger_app_env
+
+Sets the global default `PassengerAppEnv` for Passenger applications. Not set by
+default (`undef`) and thus defaults to Passenger's built-in value of 'production'.
+This directive can be overridden in an `apache::vhost` resource.
+
+https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppEnv
+
+## Parameters used to load the module
+
+Unlike the tuning parameters specified above, the following parameters are only
+used when loading customized passenger modules.
+
+### mod_package
+
+Allows overriding the default package name used for the passenger module
+package.
+
+### mod_package_ensure
+
+Allows overriding the package installation setting used by puppet when
+installing the passenger module. The default is 'present'.
+
+### mod_id
+
+Allows overriding the value used by apache to identify the passenger module.
+The default is 'passenger_module'.
+
+### mod_lib_path
+
+Allows overriding the directory path used by apache when loading the passenger
+module. The default is the value of `$apache::params::lib_path`.
+
+### mod_lib
+
+Allows overriding the library file name used by apache when loading the
+passenger module. The default is 'mod_passenger.so'.
+
+### mod_path
+
+Allows overriding the full path to the library file used by apache when loading
+the passenger module. The default is the concatenation of the `mod_lib_path`
+and `mod_lib` parameters.
+
+# Dependencies
+
+RedHat-based systems will need to configure additional package repositories in
+order to install Passenger, specifically:
+
+* [Extra Packages for Enterprise Linux](https://fedoraproject.org/wiki/EPEL)
+* [Phusion Passenger](http://passenger.stealthymonkeys.com)
+
+Configuration of these repositories is beyond the scope of this module and is
+left to the user.
+
+# Attribution
+
+The Passenger tuning parameters for the `apache::mod::passenger` Puppet class
+was modified by Aaron Hicks (hicksa@landcareresearch.co.nz) for work on the
+NeSI Project and the Tuakiri New Zealand Access Federation as a fork from the
+PuppetLabs Apache module on GitHub.
+
+* https://github.com/puppetlabs/puppetlabs-apache
+* https://github.com/nesi/puppetlabs-apache
+* http://www.nesi.org.nz//
+* https://tuakiri.ac.nz/confluence/display/Tuakiri/Home
+
+# Copyright and License
+
+Copyright (C) 2012 [Puppet Labs](https://www.puppetlabs.com/) Inc
+
+Puppet Labs can be contacted at: info@puppetlabs.com
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
--- /dev/null
+require 'puppetlabs_spec_helper/rake_tasks'
+require 'puppet-lint/tasks/puppet-lint'
+
+PuppetLint.configuration.fail_on_warnings = true
+PuppetLint.configuration.send('relative')
+PuppetLint.configuration.send('disable_80chars')
+PuppetLint.configuration.send('disable_class_inherits_from_params_class')
+PuppetLint.configuration.send('disable_documentation')
+PuppetLint.configuration.send('disable_single_quote_string_with_variables')
+PuppetLint.configuration.send('disable_only_variable_string')
+PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
--- /dev/null
+{
+ "CHANGELOG.md": "ddab29429292bf0d0d5676b62b97e794",
+ "CONTRIBUTING.md": "e2b8e8e433fc76b3798b7fe435f49375",
+ "Gemfile": "e62c96457cdaab2a09f1a37479ea6351",
+ "LICENSE": "b3f8a01d8699078d82e8c3c992307517",
+ "README.md": "5778028848917e410777c5a8e4971882",
+ "README.passenger.md": "1d15d1a56b36de464cb5baf54da9ddec",
+ "Rakefile": "ed3db0e49f5fcb381a19542c08ec473f",
+ "files/httpd": "295f5e924afe6f752d29327e73fe6d0a",
+ "lib/puppet/parser/functions/bool2httpd.rb": "05d5deeb6e0c31acee7c55b249ec8e06",
+ "lib/puppet/parser/functions/validate_apache_log_level.rb": "d75bc4ef17ff5c9a1f94dd3948e733d1",
+ "lib/puppet/provider/a2mod/a2mod.rb": "d986d8e8373f3f31c97359381c180628",
+ "lib/puppet/provider/a2mod/gentoo.rb": "2492d446adbb68f678e86a75eb7ff3bd",
+ "lib/puppet/provider/a2mod/modfix.rb": "b689a1c83c9ccd8590399c67f3e588e5",
+ "lib/puppet/provider/a2mod/redhat.rb": "c39b80e75e7d0666def31c2a6cdedb0b",
+ "lib/puppet/provider/a2mod.rb": "03ed73d680787dd126ea37a03be0b236",
+ "lib/puppet/type/a2mod.rb": "9042ccc045bfeecca28bebb834114f05",
+ "manifests/balancer.pp": "59ae0052030a0b077192f697a5b42e9e",
+ "manifests/balancermember.pp": "8f44f65124330b7e9b49a7100f86fe6d",
+ "manifests/confd/no_accf.pp": "406d0ca41c3b90f83740ca218dc3f484",
+ "manifests/custom_config.pp": "7948ab43ba405cb396f2fd8bb169a1b9",
+ "manifests/default_confd_files.pp": "86fdbe5773abb7c2da26db096973865c",
+ "manifests/default_mods/load.pp": "bc0b3b65edd1ba6178c09672352f9bce",
+ "manifests/default_mods.pp": "1a6b9907cccb539d22a6eeb2c233e572",
+ "manifests/dev.pp": "9329a07cf67feee12f91cb79b8060663",
+ "manifests/fastcgi/server.pp": "a47073f4447baef318c823f93b5f59ee",
+ "manifests/init.pp": "51d8043cbbe0aaed1ad02ef6d4d22b53",
+ "manifests/listen.pp": "f7e224cba3b8021f90511af4f43d8b1f",
+ "manifests/mod/actions.pp": "ec2a5d1cf54790204750f9b67938d230",
+ "manifests/mod/alias.pp": "67c9413d52bf2fbfbf256755477a8c9d",
+ "manifests/mod/auth_basic.pp": "dffef6ff10145393cb78fcaa27220c53",
+ "manifests/mod/auth_cas.pp": "a20c718cc3ffab32f7c72f42160a5602",
+ "manifests/mod/auth_kerb.pp": "08d536cb13281db3b9ed9a966ad431fd",
+ "manifests/mod/authn_core.pp": "4db773ddbc0d875230085782d4521951",
+ "manifests/mod/authn_file.pp": "eeb11513490beee901574746faaeabdf",
+ "manifests/mod/authnz_ldap.pp": "e3f91908be35306a488b44c55608b2a0",
+ "manifests/mod/authz_default.pp": "a3274a3174e79138ca16acd9e653364c",
+ "manifests/mod/authz_user.pp": "d446c90c44304594206bd2a0112be625",
+ "manifests/mod/autoindex.pp": "05112ccb06dc218f9a7b937767a6ea2d",
+ "manifests/mod/cache.pp": "b56d68b9401ba3e02a1f2fe55cdfbcca",
+ "manifests/mod/cgi.pp": "558a0350d1e8634a706543e0c6e28687",
+ "manifests/mod/cgid.pp": "bafc08448218bbb76c85b9ec2de05a98",
+ "manifests/mod/dav.pp": "9df80d36dd609be9032a8260aa9d10c1",
+ "manifests/mod/dav_fs.pp": "4528673b6e8d0af6935d9d630028b9f0",
+ "manifests/mod/dav_svn.pp": "f021fe8048deaa06759cd0b96b450363",
+ "manifests/mod/deflate.pp": "3dc2dbb0dfde703f47d1dc4993ef5b94",
+ "manifests/mod/dev.pp": "42673bab60b6fc0f3aa6e2357ec0a27c",
+ "manifests/mod/dir.pp": "8e577c570ba5e835c4f82232a1c01a4e",
+ "manifests/mod/disk_cache.pp": "379031f640bea89ee0978b0e95bf5ddd",
+ "manifests/mod/event.pp": "0d70f0733492c6c192e5ba6f6b3f3698",
+ "manifests/mod/expires.pp": "069783635a7a4f97af535cc149da6589",
+ "manifests/mod/fastcgi.pp": "237ff6ebc17c35ee2e3c82d2e19cd442",
+ "manifests/mod/fcgid.pp": "61bec2b414dd7e13315c06ff637699fc",
+ "manifests/mod/filter.pp": "b0039f3ae932b1204994ef2180dd76d2",
+ "manifests/mod/geoip.pp": "73f5822a4df6d25c088c9ca4947e25cd",
+ "manifests/mod/headers.pp": "ef3de538a0a4c9406236faf43eb89710",
+ "manifests/mod/include.pp": "a3b66eda88e38d90825c16b834bacd8d",
+ "manifests/mod/info.pp": "bad325232ff8038449dcafc11ff37ca1",
+ "manifests/mod/itk.pp": "5dea86531cd543d26436bfae4a357481",
+ "manifests/mod/ldap.pp": "367f13080f78b3e8527172cbb8a2fd4a",
+ "manifests/mod/mime.pp": "9d13abceb29f36c2f6c3a5a71a77561f",
+ "manifests/mod/mime_magic.pp": "481e016b74b0649bfdcbb32104a62054",
+ "manifests/mod/negotiation.pp": "6860ed514001b9f3f6945c78d250fd32",
+ "manifests/mod/nss.pp": "9d1573a9af62cc17cb9b8e322cf2a2b7",
+ "manifests/mod/pagespeed.pp": "2638c14081f8065bc8940b8d47782cc3",
+ "manifests/mod/passenger.pp": "41ff48aa1b9447d17af693062777744e",
+ "manifests/mod/perl.pp": "0bc488e1ac33e4e8987e0b07aa909682",
+ "manifests/mod/peruser.pp": "70cdb0592f53ec17f06365812e3e59c9",
+ "manifests/mod/php.pp": "628b672c8a28d1ebd43bedde63a5dfd3",
+ "manifests/mod/prefork.pp": "1dd2f9b1dfc702138401ca9b923548b4",
+ "manifests/mod/proxy.pp": "39e224390d43ffe082ff60fba2b97fc4",
+ "manifests/mod/proxy_ajp.pp": "073e2406aea7822750d4c21f02d8ac80",
+ "manifests/mod/proxy_balancer.pp": "6d16440ba6bed5427b331b6c6abf4063",
+ "manifests/mod/proxy_connect.pp": "574df18a67e478a3be903238ade3d334",
+ "manifests/mod/proxy_html.pp": "1a8ef7d17e65954aab303e3547e02f22",
+ "manifests/mod/proxy_http.pp": "0db1b26f8b4036b0d46ba86b7eaac561",
+ "manifests/mod/python.pp": "15f03d79e45737fdf0afca9665706b88",
+ "manifests/mod/remoteip.pp": "7fa5b92322df550f58421b24a53dbb01",
+ "manifests/mod/reqtimeout.pp": "aee3d869e6ca6eed18071c8d2aa97aff",
+ "manifests/mod/rewrite.pp": "292f2d6ce2078fa9df7f686105ea7b95",
+ "manifests/mod/rpaf.pp": "4844d717d6577aee8a788a7fbdc5e8dd",
+ "manifests/mod/security.pp": "9289d90560550a265d290a6fa17a1d76",
+ "manifests/mod/setenvif.pp": "b2ae43541bf1df5374187339e50a081f",
+ "manifests/mod/shib.pp": "3e2d3b5bf864fd292fa30f7c98d449f6",
+ "manifests/mod/speling.pp": "fa89a82933d30d2ebfe11e3ad9966bd1",
+ "manifests/mod/ssl.pp": "ecd2a08d79abf747e0d6aa38fbd9ccb9",
+ "manifests/mod/status.pp": "0b24de931fd8d54b2db0e3d16f0d0d8c",
+ "manifests/mod/suexec.pp": "2a8671856a0ece597e9b57867dc35e76",
+ "manifests/mod/suphp.pp": "6905059571fa21b7de957fd90540acff",
+ "manifests/mod/userdir.pp": "bbe716e8ff38815a51cc4eaaa0c1e4df",
+ "manifests/mod/version.pp": "6cb31057ebffa796f95642cc95f9499d",
+ "manifests/mod/vhost_alias.pp": "ee1225a748daaf50aca39a6d93fb8470",
+ "manifests/mod/worker.pp": "f80e8e73fb24da6e086aa478a0aff88f",
+ "manifests/mod/wsgi.pp": "0377fe287e51f4a396bd15b47f2628cc",
+ "manifests/mod/xsendfile.pp": "fba06f05a19c466654aca5ecaa705bf0",
+ "manifests/mod.pp": "7bd6b6d02b9a390a4021412e6825bfcb",
+ "manifests/mpm.pp": "32ed668ad674ed01a4b1c53e480a34be",
+ "manifests/namevirtualhost.pp": "67618d40112e4ddc1b46f64af2a5e875",
+ "manifests/package.pp": "2fdf95e2b20d6ab17f7adaf36a29ef7f",
+ "manifests/params.pp": "f570751b43092db18ec4dc6e7a6514a6",
+ "manifests/peruser/multiplexer.pp": "0ea75341b7a93e55bcfb431a93b1a6c9",
+ "manifests/peruser/processor.pp": "62f0ad5ed2ec36dadc7f40ad2a9e1bb9",
+ "manifests/php.pp": "9c9d07e12bf5d112b0b54f5bd69046fc",
+ "manifests/proxy.pp": "7c8515b88406922e148322ee15044b29",
+ "manifests/python.pp": "ddef4cd73850fdc2dc126d4579c30adf",
+ "manifests/security/rule_link.pp": "4635131018b0c5cd5f57ecea9f708b65",
+ "manifests/service.pp": "e0821dac17ef2bc00068ceae06bc17d9",
+ "manifests/ssl.pp": "173f3d6a7fd2b5f4100c4ff03d84e13b",
+ "manifests/version.pp": "bcc947740e4357cbdc9a1d54f44305c7",
+ "manifests/vhost.pp": "f028edcda9a1ab5a1e03e09d5c31973a",
+ "metadata.json": "8193f69f2b0ef0bc81ba32ed6240abfe",
+ "spec/acceptance/apache_parameters_spec.rb": "2bf2a24853b723af816d1543b57ec390",
+ "spec/acceptance/apache_ssl_spec.rb": "9813a93162e56c80b9eb6c286084437a",
+ "spec/acceptance/class_spec.rb": "7fc50a2b9f8deb588c1c3bb318a25f53",
+ "spec/acceptance/custom_config_spec.rb": "7982e71cd9a786536cb55fef618ac857",
+ "spec/acceptance/default_mods_spec.rb": "32826e1a7f6b99511b2937ab37b8f5cd",
+ "spec/acceptance/itk_spec.rb": "45401fe10b565ee9bf86900346a51a85",
+ "spec/acceptance/mod_dav_svn_spec.rb": "921cddd8b1f7f506859aaaae6cfd2c8a",
+ "spec/acceptance/mod_deflate_spec.rb": "cc2d1a68c6c53b17b1b9642e3fa2631f",
+ "spec/acceptance/mod_fcgid_spec.rb": "514cfb3b6bc81ddd0417271be8925956",
+ "spec/acceptance/mod_mime_spec.rb": "d753fad7136ef4c4b9034b32f0ddbcf8",
+ "spec/acceptance/mod_negotiation_spec.rb": "9d83d468dc13b179791fd4360c465aaf",
+ "spec/acceptance/mod_pagespeed_spec.rb": "0cc476dde6ba35804bb550b2b6f8e168",
+ "spec/acceptance/mod_passenger_spec.rb": "4b6f750448df7469c84b3cc57418244f",
+ "spec/acceptance/mod_php_spec.rb": "a91b953539eba21e64e9ddeee4a37f21",
+ "spec/acceptance/mod_proxy_html_spec.rb": "649c2bf1f251900fac5e9c81930aa6fd",
+ "spec/acceptance/mod_security_spec.rb": "a0b520040b23cd7591535469dc46b4a9",
+ "spec/acceptance/mod_suphp_spec.rb": "1e675ae7fcdbba8b1abbd1a96b59a060",
+ "spec/acceptance/nodesets/centos-59-x64.yml": "57eb3e471b9042a8ea40978c467f8151",
+ "spec/acceptance/nodesets/centos-64-x64-pe.yml": "ec075d95760df3d4702abea1ce0a829b",
+ "spec/acceptance/nodesets/centos-64-x64.yml": "d65958bdf25fb31eb4838fd984b555df",
+ "spec/acceptance/nodesets/centos-65-x64.yml": "3e5c36e6aa5a690229e720f4048bb8af",
+ "spec/acceptance/nodesets/centos-70-x64.yml": "0ae796256280ca157abc98f7cb492ea4",
+ "spec/acceptance/nodesets/debian-607-x64.yml": "52f42f3b8fc507a5fc825977d62665a3",
+ "spec/acceptance/nodesets/debian-70rc1-x64.yml": "717aa92150ebe3fca718807c7c93126f",
+ "spec/acceptance/nodesets/debian-73-i386.yml": "40aeb7ceab29148bb98a1e2bd51aba86",
+ "spec/acceptance/nodesets/debian-73-x64.yml": "df78f357e1bd0f7f9818d552eeb35026",
+ "spec/acceptance/nodesets/default.yml": "d65958bdf25fb31eb4838fd984b555df",
+ "spec/acceptance/nodesets/fedora-18-x64.yml": "9c907e4416a5fd487ff30a672a6b1c9e",
+ "spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "75e86400b7889888dc0781c0ae1a1297",
+ "spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "d30d73e34cd50b043c7d14e305955269",
+ "spec/acceptance/nodesets/ubuntu-server-1310-x64.yml": "9deb39279e104d765179b471c6ebb3a2",
+ "spec/acceptance/nodesets/ubuntu-server-1404-x64.yml": "5f0aed10098ac5b78e4217bb27c7aaf0",
+ "spec/acceptance/prefork_worker_spec.rb": "0994c75d9f6aab28040c86c2ae4e4eac",
+ "spec/acceptance/service_spec.rb": "24ce3caa9990b2f06ac98c7c438e1d5c",
+ "spec/acceptance/unsupported_spec.rb": "ecb65438d469b70dd7c611414f535771",
+ "spec/acceptance/version.rb": "bedfcffe1a6f47824defd167f1d3330e",
+ "spec/acceptance/vhost_spec.rb": "8ebc59432b65517c52ec44b280b25c75",
+ "spec/classes/apache_spec.rb": "93766ec34eece2ce419dad6d18f55017",
+ "spec/classes/dev_spec.rb": "549f0e09b6b0c2b8f612b44150d8d357",
+ "spec/classes/mod/alias_spec.rb": "cb7fa1744b0624ec6d04d6dba80bccda",
+ "spec/classes/mod/auth_cas_spec.rb": "34af1e2489fe7f805c760c40b2bc3f5b",
+ "spec/classes/mod/auth_kerb_spec.rb": "56066a4060352f76efdad26fe51b2e20",
+ "spec/classes/mod/authnz_ldap_spec.rb": "ce2f5fb517d4cc760c913fe131b1550f",
+ "spec/classes/mod/dav_svn_spec.rb": "6cf5fbd5e73c455f0f5afa01561cc704",
+ "spec/classes/mod/deflate_spec.rb": "a5b6afd416cbad17f21d5c86c83c3485",
+ "spec/classes/mod/dev_spec.rb": "78d215d7ef3a8e2df3e8789eb75fc4ca",
+ "spec/classes/mod/dir_spec.rb": "555e4b21a18422034b8b16560a1034a1",
+ "spec/classes/mod/event_spec.rb": "d8d0bd5dee8a4bf2dcd709326dfdd4e2",
+ "spec/classes/mod/expires_spec.rb": "a9ff97bcca20bb17102efd88ea0462e6",
+ "spec/classes/mod/fastcgi_spec.rb": "76ac8328da6c2fe1e126d8dcdcdb5519",
+ "spec/classes/mod/fcgid_spec.rb": "9868eb000373bdf6c6536ef4a205b62e",
+ "spec/classes/mod/info_spec.rb": "4b829ceca7c9b90c3eefafa391eb8e80",
+ "spec/classes/mod/itk_spec.rb": "437d4e4e776e082db051c99cb05a1058",
+ "spec/classes/mod/mime_magic_spec.rb": "8291c37b89f9d50f58fa94ab9cbb1bfe",
+ "spec/classes/mod/mime_spec.rb": "5e527739b595f9b0638ce384648c3187",
+ "spec/classes/mod/negotiation_spec.rb": "f1b10fe931b96f72f5d0eaf86354fce9",
+ "spec/classes/mod/pagespeed_spec.rb": "482d0dc3ebf002155d3c728d2043bcac",
+ "spec/classes/mod/passenger_spec.rb": "99c37bdde76f36760363a373f00cb72d",
+ "spec/classes/mod/perl_spec.rb": "11fb2ae842e64d467ccf70813ef3de7d",
+ "spec/classes/mod/peruser_spec.rb": "c379ce85a997789856b12c27957bf994",
+ "spec/classes/mod/php_spec.rb": "a88c78ba9bf9dd190c93617257d1ad15",
+ "spec/classes/mod/prefork_spec.rb": "d82f0f25691ba019b912cd000dbb845f",
+ "spec/classes/mod/proxy_connect_spec.rb": "bc0d0d6328288cd91d84ac9de66e9019",
+ "spec/classes/mod/proxy_html_spec.rb": "893bfa8dba37e63a24229e28cc74d073",
+ "spec/classes/mod/python_spec.rb": "45736e6305ca541ba29f997b8e7dd0ef",
+ "spec/classes/mod/remoteip_spec.rb": "e8840c791f3561c6d466040b888551ed",
+ "spec/classes/mod/reqtimeout_spec.rb": "cee7de04531d3fb49d75f8f8a7c2b493",
+ "spec/classes/mod/rpaf_spec.rb": "1845e640c44f8daeeffb13b29a26da84",
+ "spec/classes/mod/security_spec.rb": "a6c7526a69306c1993376e9e0646354f",
+ "spec/classes/mod/shib_spec.rb": "18107e156dd4682f59ddcc33c0dfc0d7",
+ "spec/classes/mod/speling_spec.rb": "4727fbb92f074e0cf3911e6cffe3322f",
+ "spec/classes/mod/ssl_spec.rb": "1a73d2c7a6df42ee0278dbf7c73c2a0b",
+ "spec/classes/mod/status_spec.rb": "1c7520050c8bed47492acd51588be52d",
+ "spec/classes/mod/suphp_spec.rb": "0c4d625a64124e7c9c14ea2b68dc7ebe",
+ "spec/classes/mod/worker_spec.rb": "a9049f0c44ac3593a750eaa6b5c2185c",
+ "spec/classes/mod/wsgi_spec.rb": "532da8779e878372ff29b51dfaefceea",
+ "spec/classes/params_spec.rb": "7bb6270f0338de41e1c34bd77cd844b7",
+ "spec/classes/service_spec.rb": "2d0abb70fc2b14f37121f6f7a683cc68",
+ "spec/defines/balancermember_spec.rb": "6071ddc9a56be6ecccfade6e233fb34b",
+ "spec/defines/custom_config_spec.rb": "a4beeb334685da5ac26bc5673587d0f9",
+ "spec/defines/fastcgi_server_spec.rb": "5798af8e6380d05f3ab38f4788b5c47c",
+ "spec/defines/mod_spec.rb": "a71fbfa5d62e9118a84c08138de9a248",
+ "spec/defines/modsec_link_spec.rb": "3421b21f8234637dd1c32ebcf89e44c3",
+ "spec/defines/vhost_spec.rb": "9da72619300e74e83327e882aa90119e",
+ "spec/spec.opts": "a600ded995d948e393fbe2320ba8e51c",
+ "spec/spec_helper.rb": "eb7ec6afb39e2282e62f2ebf69712707",
+ "spec/spec_helper_acceptance.rb": "8b602f7f655936386092fa12257034f0",
+ "spec/unit/provider/a2mod/gentoo_spec.rb": "8cf6574e75a4a7e8ff5a92d75a8d7ea8",
+ "spec/unit/puppet/parser/functions/bool2httpd_spec.rb": "3c47a968139400e5b81af8650f2d0e21",
+ "spec/unit/puppet/parser/functions/validate_apache_log_level.rb": "8f558fd81d1655e9ab20896152eca512",
+ "templates/confd/no-accf.conf.erb": "a614f28c4b54370e4fa88403dfe93eb0",
+ "templates/fastcgi/server.erb": "482ce7a72a08f21e3592e584178d5917",
+ "templates/httpd.conf.erb": "e468ccb373f653065f9f9296ea963b03",
+ "templates/listen.erb": "6286aa08f9e28caee54b1e1ee031b9d6",
+ "templates/mod/alias.conf.erb": "71028c659b7d1784c0e9f373846c8457",
+ "templates/mod/auth_cas.conf.erb": "74595985c3b0f9df1aaa0ad5dd7a7906",
+ "templates/mod/authnz_ldap.conf.erb": "12c9a1482694ddad3143e5eef03fb531",
+ "templates/mod/autoindex.conf.erb": "2421a3c6df32c7e38c2a7a22afdf5728",
+ "templates/mod/cgid.conf.erb": "f8ce27d60bc495bab16de2696ebb2fd0",
+ "templates/mod/dav_fs.conf.erb": "10c1131168e35319e22b3fbfe51aebfd",
+ "templates/mod/deflate.conf.erb": "e866ecf2bfe8e42ea984267f569723db",
+ "templates/mod/dir.conf.erb": "2485da78a2506c14bf51dde38dd03360",
+ "templates/mod/disk_cache.conf.erb": "7d3e7a5ee3bd7b6a839924b06a60667f",
+ "templates/mod/event.conf.erb": "469ef574b0ae1728203002a52f3d5a3b",
+ "templates/mod/expires.conf.erb": "7a77f8b1d50c53ee77a6cb798c51a2b9",
+ "templates/mod/fastcgi.conf.erb": "ab125b9bfdc494b621eec41587bf6101",
+ "templates/mod/fcgid.conf.erb": "1780c7808bb3811deaf0007c890df4dc",
+ "templates/mod/geoip.conf.erb": "069a4cb95c32f9fb1bc48617c21c1c31",
+ "templates/mod/info.conf.erb": "dd434aca2b3693c425a2c252a2c39f46",
+ "templates/mod/itk.conf.erb": "eff84b78e4f2f8c5c3a2e9fc4b8aad16",
+ "templates/mod/ldap.conf.erb": "57a006daca5fdacc094a872f9f0a4535",
+ "templates/mod/load.erb": "01132434e6101080c41548b0ba7e57d8",
+ "templates/mod/mime.conf.erb": "8f953519790a5900369fb656054cae35",
+ "templates/mod/mime_magic.conf.erb": "db7ac6bbf365d016852744d339c12d16",
+ "templates/mod/mpm_event.conf.erb": "80097a19d063a4f973465d9ef5c0c0bf",
+ "templates/mod/negotiation.conf.erb": "a2f0fb40cd038cb17bedc2b84d9f48ea",
+ "templates/mod/nss.conf.erb": "688c134cb37159a92cf85010ea3c67e6",
+ "templates/mod/pagespeed.conf.erb": "0d1ba456a798d1404205b7fbdee3294e",
+ "templates/mod/passenger.conf.erb": "1ae6254dd2f9c209e4fa373b5eefe804",
+ "templates/mod/peruser.conf.erb": "c4f4054aee899249ea6fef5a9e5c14ff",
+ "templates/mod/php5.conf.erb": "e92f4b41e71318d35f44859b71999887",
+ "templates/mod/prefork.conf.erb": "f9ec5a7eaea78a19b04fa69f8acd8a84",
+ "templates/mod/proxy.conf.erb": "7eef34af57278ea572b267cff9fb6631",
+ "templates/mod/proxy_html.conf.erb": "69c9ce9b7f24e1337065f1ce26b057a0",
+ "templates/mod/remoteip.conf.erb": "5e3fae3bb4532d351d3860652215af92",
+ "templates/mod/reqtimeout.conf.erb": "314ef068b786ae5afded290a8b6eab15",
+ "templates/mod/rpaf.conf.erb": "5447539c083ae54f3a9e93c1ac8c988b",
+ "templates/mod/security.conf.erb": "1bd891bb3ed76e493a48c06b53a468f5",
+ "templates/mod/security_crs.conf.erb": "0533f947d1d418774213bc9eb0444358",
+ "templates/mod/setenvif.conf.erb": "c7ede4173da1915b7ec088201f030c28",
+ "templates/mod/ssl.conf.erb": "312a0337c1f6ae1af80ddbd08177ef69",
+ "templates/mod/status.conf.erb": "9e959900ac58c8de34783886efeebce7",
+ "templates/mod/suphp.conf.erb": "05bb7b3ea23976b032ce405bfd4edd18",
+ "templates/mod/userdir.conf.erb": "ae083ac8bf569a3db2a01ba8ecf30790",
+ "templates/mod/worker.conf.erb": "a590811ec67bb7c8a3d3dcf7b442e226",
+ "templates/mod/wsgi.conf.erb": "9a416fa3b71be0795679069809686300",
+ "templates/namevirtualhost.erb": "fbfca19a639e18e6c477e191344ac8ae",
+ "templates/ports_header.erb": "afe35cb5747574b700ebaa0f0b3a626e",
+ "templates/vhost/_access_log.erb": "a0c804cb6fc03e5c573f9bfbcf73d9c6",
+ "templates/vhost/_action.erb": "a004dfcac2e63cef65cf8aa0e270b636",
+ "templates/vhost/_additional_includes.erb": "630083ded68174663e79eadf0491c0a8",
+ "templates/vhost/_aliases.erb": "6412f695e911feac18986da38f290dae",
+ "templates/vhost/_allow_encoded_slashes.erb": "37dee0b6fe9287342a10b533955dff81",
+ "templates/vhost/_block.erb": "cab4365316621b4e06cd1258abeb1d23",
+ "templates/vhost/_charsets.erb": "d152b6a7815e9edc0fe9bf9acbe2f1ec",
+ "templates/vhost/_custom_fragment.erb": "67a4475275ec9208e6421b047b9ed7f4",
+ "templates/vhost/_directories.erb": "a586e7cffdb3de18cf54752bbe36f23f",
+ "templates/vhost/_docroot.erb": "1cd82546a85458b1e117ca24f06d4691",
+ "templates/vhost/_error_document.erb": "81d3007c1301a5c5f244c082cfee9de2",
+ "templates/vhost/_fallbackresource.erb": "e6c103bee7f6f76b10f244fc9fd1cd3b",
+ "templates/vhost/_fastcgi.erb": "d07c41eae32671b38b5dba14724c14cc",
+ "templates/vhost/_file_footer.erb": "e27b2525783e590ca1820f1e2118285d",
+ "templates/vhost/_file_header.erb": "9502d6f3c9cc29c66c08ef94eb27f9fb",
+ "templates/vhost/_header.erb": "9eb9d4075f288183d8224ddec5b2f126",
+ "templates/vhost/_itk.erb": "8bf90b9855a9277f7a665b10f6c57fe9",
+ "templates/vhost/_logging.erb": "5bc4cbb1bc8a292acc0ba0420f96ca4e",
+ "templates/vhost/_passenger.erb": "6b8f937fffe27e65f9aa72e950c4dbfc",
+ "templates/vhost/_php.erb": "0be13b20951791db0f09c328e13b7eaf",
+ "templates/vhost/_php_admin.erb": "107a57e9e7b3f86d1abcf743f672a292",
+ "templates/vhost/_proxy.erb": "08406c6676346d26b2a8d93b20884858",
+ "templates/vhost/_rack.erb": "ebe187c1bdc81eec9c8e0d9026120b18",
+ "templates/vhost/_redirect.erb": "639e170cafa9e703ab38797c8fc3030b",
+ "templates/vhost/_requestheader.erb": "db1b0cdda069ae809b5b83b0871ef991",
+ "templates/vhost/_rewrite.erb": "63a86545cd1c1a8e9e8518dd270deb3e",
+ "templates/vhost/_scriptalias.erb": "98713f33cca15b22c749bd35ea9a7b41",
+ "templates/vhost/_security.erb": "58cd0f606e104be456dea0b5d52212e8",
+ "templates/vhost/_serveralias.erb": "95fed45853629924467aefc271d5b396",
+ "templates/vhost/_serversignature.erb": "9bf5a458783ab459e5043e1cdf671fa7",
+ "templates/vhost/_setenv.erb": "818f65d2936be12a24e59079e28f8f47",
+ "templates/vhost/_ssl.erb": "af6a1e1b3811a59e19ca11856511d032",
+ "templates/vhost/_suexec.erb": "f2b3f9b9ff8fbac4e468e02cd824675a",
+ "templates/vhost/_suphp.erb": "a1c4a5e4461adbfce870df0abd158b59",
+ "templates/vhost/_wsgi.erb": "c4ea9a97580489edc6b589ac46816462",
+ "tests/apache.pp": "819cf9116ffd349e6757e1926d11ca2f",
+ "tests/dev.pp": "9f5727f69f536538f8d840fad0852308",
+ "tests/init.pp": "4eac4a7ef68499854c54a78879e25535",
+ "tests/mod_load_params.pp": "5981af4d625a906fce1cedeb3f70cb90",
+ "tests/mods.pp": "0085911ba562b7e56ad8d793099c9240",
+ "tests/mods_custom.pp": "9afd068edce0538b5c55a3bc19f9c24a",
+ "tests/php.pp": "60e7939034d531dd6b95af35338bcbe7",
+ "tests/vhost.pp": "eafb5f9d792b110921879a648b506796",
+ "tests/vhost_directories.pp": "b4e6b5a596e5bae122233652b9a33e32",
+ "tests/vhost_ip_based.pp": "7d9f7b6976de7488ab6ff0a6e647fc73",
+ "tests/vhost_proxypass.pp": "59b87f88943aa809578288e26b41aade",
+ "tests/vhost_ssl.pp": "9f3716bc15a9a6760f1d6cc3bf8ce8ac",
+ "tests/vhosts_without_listen.pp": "a6692104056a56517b4365bcc816e7f4"
+}
\ No newline at end of file
--- /dev/null
+# Configuration file for the httpd service.
+
+#
+# The default processing model (MPM) is the process-based
+# 'prefork' model. A thread-based model, 'worker', is also
+# available, but does not work with some modules (such as PHP).
+# The service must be stopped before changing this variable.
+#
+#HTTPD=/usr/sbin/httpd.worker
+
+#
+# To pass additional options (for instance, -D definitions) to the
+# httpd binary at startup, set OPTIONS here.
+#
+#OPTIONS=
+#OPTIONS=-DDOWN
+
+#
+# By default, the httpd process is started in the C locale; to
+# change the locale in which the server runs, the HTTPD_LANG
+# variable can be set.
+#
+#HTTPD_LANG=C
+export SHORTHOST=`hostname -s`
--- /dev/null
+Puppet::Parser::Functions::newfunction(:bool2httpd, :type => :rvalue, :doc => <<-EOS
+Transform a supposed boolean to On or Off. Pass all other values through.
+Given a nil value (undef), bool2httpd will return 'Off'
+
+Example:
+
+ $trace_enable = false
+ $server_signature = 'mail'
+
+ bool2httpd($trace_enable)
+ # => 'Off'
+ bool2httpd($server_signature)
+ # => 'mail'
+ bool2httpd(undef)
+ # => 'Off'
+
+EOS
+) do |args|
+ raise(Puppet::ParseError, "bool2httpd() wrong number of arguments. Given: #{args.size} for 1)") if args.size != 1
+
+ arg = args[0]
+
+ if arg.nil? or arg == false or arg =~ /false/i or arg == :undef
+ return 'Off'
+ elsif arg == true or arg =~ /true/i
+ return 'On'
+ end
+
+ return arg.to_s
+end
--- /dev/null
+module Puppet::Parser::Functions
+ newfunction(:validate_apache_log_level, :doc => <<-'ENDHEREDOC') do |args|
+ Perform simple validation of a string against the list of known log
+ levels as per http://httpd.apache.org/docs/current/mod/core.html#loglevel
+ validate_apache_loglevel('info')
+
+ Modules maybe specified with their own levels like these:
+ validate_apache_loglevel('warn ssl:info')
+ validate_apache_loglevel('warn mod_ssl.c:info')
+ validate_apache_loglevel('warn ssl_module:info')
+
+ Expected to be used from the main or vhost.
+
+ Might be used from directory too later as apaceh supports that
+
+ ENDHEREDOC
+ if (args.size != 1) then
+ raise Puppet::ParseError, ("validate_apache_loglevel(): wrong number of arguments (#{args.length}; must be 1)")
+ end
+
+ log_level = args[0]
+ msg = "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels."
+
+ raise Puppet::ParseError, (msg) unless log_level =~ Regexp.compile('(emerg|alert|crit|error|warn|notice|info|debug|trace[1-8])')
+
+ end
+end
--- /dev/null
+class Puppet::Provider::A2mod < Puppet::Provider
+ def self.prefetch(mods)
+ instances.each do |prov|
+ if mod = mods[prov.name]
+ mod.provider = prov
+ end
+ end
+ end
+
+ def flush
+ @property_hash.clear
+ end
+
+ def properties
+ if @property_hash.empty?
+ @property_hash = query || {:ensure => :absent}
+ @property_hash[:ensure] = :absent if @property_hash.empty?
+ end
+ @property_hash.dup
+ end
+
+ def query
+ self.class.instances.each do |mod|
+ if mod.name == self.name or mod.name.downcase == self.name
+ return mod.properties
+ end
+ end
+ nil
+ end
+
+ def exists?
+ properties[:ensure] != :absent
+ end
+end
--- /dev/null
+require 'puppet/provider/a2mod'
+
+Puppet::Type.type(:a2mod).provide(:a2mod, :parent => Puppet::Provider::A2mod) do
+ desc "Manage Apache 2 modules on Debian and Ubuntu"
+
+ optional_commands :encmd => "a2enmod"
+ optional_commands :discmd => "a2dismod"
+ commands :apache2ctl => "apache2ctl"
+
+ confine :osfamily => :debian
+ defaultfor :operatingsystem => [:debian, :ubuntu]
+
+ def self.instances
+ modules = apache2ctl("-M").lines.collect { |line|
+ m = line.match(/(\w+)_module \(shared\)$/)
+ m[1] if m
+ }.compact
+
+ modules.map do |mod|
+ new(
+ :name => mod,
+ :ensure => :present,
+ :provider => :a2mod
+ )
+ end
+ end
+
+ def create
+ encmd resource[:name]
+ end
+
+ def destroy
+ discmd resource[:name]
+ end
+end
--- /dev/null
+require 'puppet/util/filetype'
+Puppet::Type.type(:a2mod).provide(:gentoo, :parent => Puppet::Provider) do
+ desc "Manage Apache 2 modules on Gentoo"
+
+ confine :operatingsystem => :gentoo
+ defaultfor :operatingsystem => :gentoo
+
+ attr_accessor :property_hash
+
+ def create
+ @property_hash[:ensure] = :present
+ end
+
+ def exists?
+ (!(@property_hash[:ensure].nil?) and @property_hash[:ensure] == :present)
+ end
+
+ def destroy
+ @property_hash[:ensure] = :absent
+ end
+
+ def flush
+ self.class.flush
+ end
+
+ class << self
+ attr_reader :conf_file
+ end
+
+ def self.clear
+ @mod_resources = []
+ @modules = []
+ @other_args = ""
+ end
+
+ def self.initvars
+ @conf_file = "/etc/conf.d/apache2"
+ @filetype = Puppet::Util::FileType.filetype(:flat).new(conf_file)
+ @mod_resources = []
+ @modules = []
+ @other_args = ""
+ end
+
+ self.initvars
+
+ # Retrieve an array of all existing modules
+ def self.modules
+ if @modules.length <= 0
+ # Locate the APACHE_OPTS variable
+ records = filetype.read.split(/\n/)
+ apache2_opts = records.grep(/^\s*APACHE2_OPTS=/).first
+
+ # Extract all defines
+ while apache2_opts.sub!(/-D\s+(\w+)/, '')
+ @modules << $1.downcase
+ end
+
+ # Hang on to any remaining options.
+ if apache2_opts.match(/APACHE2_OPTS="(.+)"/)
+ @other_args = $1.strip
+ end
+
+ @modules.sort!.uniq!
+ end
+
+ @modules
+ end
+
+ def self.prefetch(resources={})
+ # Match resources with existing providers
+ instances.each do |provider|
+ if resource = resources[provider.name]
+ resource.provider = provider
+ end
+ end
+
+ # Store all resources using this provider for flushing
+ resources.each do |name, resource|
+ @mod_resources << resource
+ end
+ end
+
+ def self.instances
+ modules.map {|mod| new(:name => mod, :provider => :gentoo, :ensure => :present)}
+ end
+
+ def self.flush
+
+ mod_list = modules
+ mods_to_remove = @mod_resources.select {|mod| mod.should(:ensure) == :absent}.map {|mod| mod[:name]}
+ mods_to_add = @mod_resources.select {|mod| mod.should(:ensure) == :present}.map {|mod| mod[:name]}
+
+ mod_list -= mods_to_remove
+ mod_list += mods_to_add
+ mod_list.sort!.uniq!
+
+ if modules != mod_list
+ opts = @other_args + " "
+ opts << mod_list.map {|mod| "-D #{mod.upcase}"}.join(" ")
+ opts.strip!
+ opts.gsub!(/\s+/, ' ')
+
+ apache2_opts = %Q{APACHE2_OPTS="#{opts}"}
+ Puppet.debug("Writing back \"#{apache2_opts}\" to #{conf_file}")
+
+ records = filetype.read.split(/\n/)
+
+ opts_index = records.find_index {|i| i.match(/^\s*APACHE2_OPTS/)}
+ records[opts_index] = apache2_opts
+
+ filetype.backup
+ filetype.write(records.join("\n"))
+ @modules = mod_list
+ end
+ end
+end
--- /dev/null
+Puppet::Type.type(:a2mod).provide :modfix do
+ desc "Dummy provider for A2mod.
+
+ Fake nil resources when there is no crontab binary available. Allows
+ puppetd to run on a bootstrapped machine before a Cron package has been
+ installed. Workaround for: http://projects.puppetlabs.com/issues/2384
+ "
+
+ def self.instances
+ []
+ end
+end
\ No newline at end of file
--- /dev/null
+require 'puppet/provider/a2mod'
+
+Puppet::Type.type(:a2mod).provide(:redhat, :parent => Puppet::Provider::A2mod) do
+ desc "Manage Apache 2 modules on RedHat family OSs"
+
+ commands :apachectl => "apachectl"
+
+ confine :osfamily => :redhat
+ defaultfor :osfamily => :redhat
+
+ require 'pathname'
+
+ # modpath: Path to default apache modules directory /etc/httpd/mod.d
+ # modfile: Path to module load configuration file; Default: resides under modpath directory
+ # libfile: Path to actual apache module library. Added in modfile LoadModule
+
+ attr_accessor :modfile, :libfile
+ class << self
+ attr_accessor :modpath
+ def preinit
+ @modpath = "/etc/httpd/mod.d"
+ end
+ end
+
+ self.preinit
+
+ def create
+ File.open(modfile,'w') do |f|
+ f.puts "LoadModule #{resource[:identifier]} #{libfile}"
+ end
+ end
+
+ def destroy
+ File.delete(modfile)
+ end
+
+ def self.instances
+ modules = apachectl("-M").lines.collect { |line|
+ m = line.match(/(\w+)_module \(shared\)$/)
+ m[1] if m
+ }.compact
+
+ modules.map do |mod|
+ new(
+ :name => mod,
+ :ensure => :present,
+ :provider => :redhat
+ )
+ end
+ end
+
+ def modfile
+ modfile ||= "#{self.class.modpath}/#{resource[:name]}.load"
+ end
+
+ # Set libfile path: If absolute path is passed, then maintain it. Else, make it default from 'modules' dir.
+ def libfile
+ libfile = Pathname.new(resource[:lib]).absolute? ? resource[:lib] : "modules/#{resource[:lib]}"
+ end
+end
--- /dev/null
+Puppet::Type.newtype(:a2mod) do
+ @doc = "Manage Apache 2 modules"
+
+ ensurable
+
+ newparam(:name) do
+ Puppet.warning "The a2mod provider is deprecated, please use apache::mod instead"
+ desc "The name of the module to be managed"
+
+ isnamevar
+
+ end
+
+ newparam(:lib) do
+ desc "The name of the .so library to be loaded"
+
+ defaultto { "mod_#{@resource[:name]}.so" }
+ end
+
+ newparam(:identifier) do
+ desc "Module identifier string used by LoadModule. Default: module-name_module"
+
+ # http://httpd.apache.org/docs/2.2/mod/module-dict.html#ModuleIdentifier
+
+ defaultto { "#{resource[:name]}_module" }
+ end
+
+ autorequire(:package) { catalog.resource(:package, 'httpd')}
+
+end
--- /dev/null
+# == Define Resource Type: apache::balancer
+#
+# This type will create an apache balancer cluster file inside the conf.d
+# directory. Each balancer cluster needs one or more balancer members (that can
+# be declared with the apache::balancermember defined resource type). Using
+# storeconfigs, you can export the apache::balancermember resources on all
+# balancer members, and then collect them on a single apache load balancer
+# server.
+#
+# === Requirement/Dependencies:
+#
+# Currently requires the puppetlabs/concat module on the Puppet Forge and uses
+# storeconfigs on the Puppet Master to export/collect resources from all
+# balancer members.
+#
+# === Parameters
+#
+# [*name*]
+# The namevar of the defined resource type is the balancer clusters name.
+# This name is also used in the name of the conf.d file
+#
+# [*proxy_set*]
+# Hash, default empty. If given, each key-value pair will be used as a ProxySet
+# line in the configuration.
+#
+# [*collect_exported*]
+# Boolean, default 'true'. True means 'collect exported @@balancermember
+# resources' (for the case when every balancermember node exports itself),
+# false means 'rely on the existing declared balancermember resources' (for the
+# case when you know the full set of balancermembers in advance and use
+# apache::balancermember with array arguments, which allows you to deploy
+# everything in 1 run)
+#
+#
+# === Examples
+#
+# Exporting the resource for a balancer member:
+#
+# apache::balancer { 'puppet00': }
+#
+define apache::balancer (
+ $proxy_set = {},
+ $collect_exported = true,
+) {
+ include ::apache::mod::proxy_balancer
+
+ $target = "${::apache::params::confd_dir}/balancer_${name}.conf"
+
+ concat { $target:
+ owner => '0',
+ group => '0',
+ mode => '0644',
+ notify => Class['Apache::Service'],
+ }
+
+ concat::fragment { "00-${name}-header":
+ ensure => present,
+ target => $target,
+ order => '01',
+ content => "<Proxy balancer://${name}>\n",
+ }
+
+ if $collect_exported {
+ Apache::Balancermember <<| balancer_cluster == $name |>>
+ }
+ # else: the resources have been created and they introduced their
+ # concat fragments. We don't have to do anything about them.
+
+ concat::fragment { "01-${name}-proxyset":
+ ensure => present,
+ target => $target,
+ order => '19',
+ content => inline_template("<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\n<% end %>"),
+ }
+
+ concat::fragment { "01-${name}-footer":
+ ensure => present,
+ target => $target,
+ order => '20',
+ content => "</Proxy>\n",
+ }
+}
--- /dev/null
+# == Define Resource Type: apache::balancermember
+#
+# This type will setup a balancer member inside a listening service
+# configuration block in /etc/apache/apache.cfg on the load balancer.
+# currently it only has the ability to specify the instance name, url and an
+# array of options. More features can be added as needed. The best way to
+# implement this is to export this resource for all apache balancer member
+# servers, and then collect them on the main apache load balancer.
+#
+# === Requirement/Dependencies:
+#
+# Currently requires the puppetlabs/concat module on the Puppet Forge and
+# uses storeconfigs on the Puppet Master to export/collect resources
+# from all balancer members.
+#
+# === Parameters
+#
+# [*name*]
+# The title of the resource is arbitrary and only utilized in the concat
+# fragment name.
+#
+# [*balancer_cluster*]
+# The apache service's instance name (or, the title of the apache::balancer
+# resource). This must match up with a declared apache::balancer resource.
+#
+# [*url*]
+# The url used to contact the balancer member server.
+#
+# [*options*]
+# An array of options to be specified after the url.
+#
+# === Examples
+#
+# Exporting the resource for a balancer member:
+#
+# @@apache::balancermember { 'apache':
+# balancer_cluster => 'puppet00',
+# url => "ajp://${::fqdn}:8009"
+# options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
+# }
+#
+define apache::balancermember(
+ $balancer_cluster,
+ $url = "http://${::fqdn}/",
+ $options = [],
+) {
+
+ concat::fragment { "BalancerMember ${name}":
+ ensure => present,
+ target => "${::apache::params::confd_dir}/balancer_${balancer_cluster}.conf",
+ content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"),
+ }
+}
--- /dev/null
+class apache::confd::no_accf {
+ # Template uses no variables
+ file { 'no-accf.conf':
+ ensure => 'file',
+ path => "${::apache::confd_dir}/no-accf.conf",
+ content => template('apache/confd/no-accf.conf.erb'),
+ require => Exec["mkdir ${::apache::confd_dir}"],
+ before => File[$::apache::confd_dir],
+ }
+}
--- /dev/null
+# See README.md for usage information
+define apache::custom_config (
+ $ensure = 'present',
+ $confdir = $::apache::confd_dir,
+ $content = undef,
+ $priority = '25',
+ $source = undef,
+ $verify_command = $::apache::params::verify_command,
+ $verify_config = true,
+) {
+
+ if $content and $source {
+ fail('Only one of $content and $source can be specified.')
+ }
+
+ if $ensure == 'present' and ! $content and ! $source {
+ fail('One of $content and $source must be specified.')
+ }
+
+ validate_re($ensure, '^(present|absent)$',
+ "${ensure} is not supported for ensure.
+ Allowed values are 'present' and 'absent'.")
+
+ validate_bool($verify_config)
+
+ if $priority {
+ $priority_prefix = "${priority}-"
+ } else {
+ $priority_prefix = ''
+ }
+
+ ## Apache include does not always work with spaces in the filename
+ $filename_middle = regsubst($name, ' ', '_', 'G')
+ $filename = "${priority_prefix}${filename_middle}.conf"
+
+ if ! $verify_config or $ensure == 'absent' {
+ $notifies = Class['Apache::Service']
+ } else {
+ $notifies = undef
+ }
+
+ file { "apache_${name}":
+ ensure => $ensure,
+ path => "${confdir}/${filename}",
+ content => $content,
+ source => $source,
+ require => Package['httpd'],
+ notify => $notifies,
+ }
+
+ if $ensure == 'present' and $verify_config {
+ exec { "service notify for ${name}":
+ command => $verify_command,
+ subscribe => File["apache_${name}"],
+ refreshonly => true,
+ notify => Class['Apache::Service'],
+ before => Exec["remove ${name} if invalid"],
+ }
+
+ exec { "remove ${name} if invalid":
+ command => "/bin/rm ${confdir}/${filename}",
+ unless => $verify_command,
+ subscribe => File["apache_${name}"],
+ refreshonly => true,
+ }
+ }
+}
--- /dev/null
+class apache::default_confd_files (
+ $all = true,
+) {
+ # The rest of the conf.d/* files only get loaded if we want them
+ if $all {
+ case $::osfamily {
+ 'freebsd': {
+ include ::apache::confd::no_accf
+ }
+ default: {
+ # do nothing
+ }
+ }
+ }
+}
--- /dev/null
+class apache::default_mods (
+ $all = true,
+ $mods = undef,
+ $apache_version = $::apache::apache_version
+) {
+ # These are modules required to run the default configuration.
+ # They are not configurable at this time, so we just include
+ # them to make sure it works.
+ case $::osfamily {
+ 'redhat': {
+ ::apache::mod { 'log_config': }
+ if versioncmp($apache_version, '2.4') >= 0 {
+ # Lets fork it
+ # Do not try to load mod_systemd on RHEL/CentOS 6 SCL.
+ if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon') ) {
+ ::apache::mod { 'systemd': }
+ }
+ ::apache::mod { 'unixd': }
+ }
+ }
+ 'freebsd': {
+ ::apache::mod { 'log_config': }
+ ::apache::mod { 'unixd': }
+ }
+ 'Suse': {
+ ::apache::mod { 'log_config': }
+ }
+ default: {}
+ }
+ case $::osfamily {
+ 'gentoo': {}
+ default: {
+ ::apache::mod { 'authz_host': }
+ }
+ }
+ # The rest of the modules only get loaded if we want all modules enabled
+ if $all {
+ case $::osfamily {
+ 'debian': {
+ include ::apache::mod::authn_core
+ include ::apache::mod::reqtimeout
+ }
+ 'redhat': {
+ include ::apache::mod::actions
+ include ::apache::mod::authn_core
+ include ::apache::mod::cache
+ include ::apache::mod::mime
+ include ::apache::mod::mime_magic
+ include ::apache::mod::rewrite
+ include ::apache::mod::speling
+ include ::apache::mod::suexec
+ include ::apache::mod::version
+ include ::apache::mod::vhost_alias
+ ::apache::mod { 'auth_digest': }
+ ::apache::mod { 'authn_anon': }
+ ::apache::mod { 'authn_dbm': }
+ ::apache::mod { 'authz_dbm': }
+ ::apache::mod { 'authz_owner': }
+ ::apache::mod { 'expires': }
+ ::apache::mod { 'ext_filter': }
+ ::apache::mod { 'include': }
+ ::apache::mod { 'logio': }
+ ::apache::mod { 'substitute': }
+ ::apache::mod { 'usertrack': }
+
+ if versioncmp($apache_version, '2.4') < 0 {
+ ::apache::mod { 'authn_alias': }
+ ::apache::mod { 'authn_default': }
+ }
+ }
+ 'freebsd': {
+ include ::apache::mod::actions
+ include ::apache::mod::authn_core
+ include ::apache::mod::cache
+ include ::apache::mod::disk_cache
+ include ::apache::mod::headers
+ include ::apache::mod::info
+ include ::apache::mod::mime_magic
+ include ::apache::mod::reqtimeout
+ include ::apache::mod::rewrite
+ include ::apache::mod::userdir
+ include ::apache::mod::version
+ include ::apache::mod::vhost_alias
+ include ::apache::mod::speling
+ include ::apache::mod::filter
+
+ ::apache::mod { 'asis': }
+ ::apache::mod { 'auth_digest': }
+ ::apache::mod { 'auth_form': }
+ ::apache::mod { 'authn_anon': }
+ ::apache::mod { 'authn_dbm': }
+ ::apache::mod { 'authn_socache': }
+ ::apache::mod { 'authz_dbd': }
+ ::apache::mod { 'authz_dbm': }
+ ::apache::mod { 'authz_owner': }
+ ::apache::mod { 'dumpio': }
+ ::apache::mod { 'expires': }
+ ::apache::mod { 'file_cache': }
+ ::apache::mod { 'imagemap':}
+ ::apache::mod { 'include': }
+ ::apache::mod { 'logio': }
+ ::apache::mod { 'request': }
+ ::apache::mod { 'session': }
+ ::apache::mod { 'unique_id': }
+ }
+ default: {}
+ }
+ case $::apache::mpm_module {
+ 'prefork': {
+ include ::apache::mod::cgi
+ }
+ 'worker': {
+ include ::apache::mod::cgid
+ }
+ default: {
+ # do nothing
+ }
+ }
+ include ::apache::mod::alias
+ include ::apache::mod::authn_file
+ include ::apache::mod::autoindex
+ include ::apache::mod::dav
+ include ::apache::mod::dav_fs
+ include ::apache::mod::deflate
+ include ::apache::mod::dir
+ include ::apache::mod::mime
+ include ::apache::mod::negotiation
+ include ::apache::mod::setenvif
+ ::apache::mod { 'auth_basic': }
+
+ if versioncmp($apache_version, '2.4') >= 0 {
+ # filter is needed by mod_deflate
+ include ::apache::mod::filter
+
+ # authz_core is needed for 'Require' directive
+ ::apache::mod { 'authz_core':
+ id => 'authz_core_module',
+ }
+
+ # lots of stuff seems to break without access_compat
+ ::apache::mod { 'access_compat': }
+ } else {
+ include ::apache::mod::authz_default
+ }
+
+ include ::apache::mod::authz_user
+
+ ::apache::mod { 'authz_groupfile': }
+ ::apache::mod { 'env': }
+ } elsif $mods {
+ ::apache::default_mods::load { $mods: }
+
+ if versioncmp($apache_version, '2.4') >= 0 {
+ # authz_core is needed for 'Require' directive
+ ::apache::mod { 'authz_core':
+ id => 'authz_core_module',
+ }
+
+ # filter is needed by mod_deflate
+ include ::apache::mod::filter
+ }
+ } else {
+ if versioncmp($apache_version, '2.4') >= 0 {
+ # authz_core is needed for 'Require' directive
+ ::apache::mod { 'authz_core':
+ id => 'authz_core_module',
+ }
+
+ # filter is needed by mod_deflate
+ include ::apache::mod::filter
+ }
+ }
+}
--- /dev/null
+# private define
+define apache::default_mods::load ($module = $title) {
+ if defined("apache::mod::${module}") {
+ include "::apache::mod::${module}"
+ } else {
+ ::apache::mod { $module: }
+ }
+}
--- /dev/null
+class apache::dev {
+ include ::apache::params
+ $packages = $::apache::params::dev_packages
+ if $packages { # FreeBSD doesn't have dev packages to install
+ package { $packages:
+ ensure => present,
+ require => Package['httpd'],
+ }
+ }
+}
--- /dev/null
+define apache::fastcgi::server (
+ $host = '127.0.0.1:9000',
+ $timeout = 15,
+ $flush = false,
+ $faux_path = "/var/www/${name}.fcgi",
+ $fcgi_alias = "/${name}.fcgi",
+ $file_type = 'application/x-httpd-php'
+) {
+ include apache::mod::fastcgi
+
+ Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server[$title]
+
+ file { "fastcgi-pool-${name}.conf":
+ ensure => present,
+ path => "${::apache::confd_dir}/fastcgi-pool-${name}.conf",
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ content => template('apache/fastcgi/server.erb'),
+ require => Exec["mkdir ${::apache::confd_dir}"],
+ before => File[$::apache::confd_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+# Class: apache
+#
+# This class installs Apache
+#
+# Parameters:
+#
+# Actions:
+# - Install Apache
+# - Manage Apache service
+#
+# Requires:
+#
+# Sample Usage:
+#
+class apache (
+ $apache_name = $::apache::params::apache_name,
+ $service_name = $::apache::params::service_name,
+ $default_mods = true,
+ $default_vhost = true,
+ $default_charset = undef,
+ $default_confd_files = true,
+ $default_ssl_vhost = false,
+ $default_ssl_cert = $::apache::params::default_ssl_cert,
+ $default_ssl_key = $::apache::params::default_ssl_key,
+ $default_ssl_chain = undef,
+ $default_ssl_ca = undef,
+ $default_ssl_crl_path = undef,
+ $default_ssl_crl = undef,
+ $default_ssl_crl_check = undef,
+ $default_type = 'none',
+ $ip = undef,
+ $service_enable = true,
+ $service_manage = true,
+ $service_ensure = 'running',
+ $service_restart = undef,
+ $purge_configs = true,
+ $purge_vhost_dir = undef,
+ $purge_vdir = false,
+ $serveradmin = 'root@localhost',
+ $sendfile = 'On',
+ $error_documents = false,
+ $timeout = '120',
+ $httpd_dir = $::apache::params::httpd_dir,
+ $server_root = $::apache::params::server_root,
+ $conf_dir = $::apache::params::conf_dir,
+ $confd_dir = $::apache::params::confd_dir,
+ $vhost_dir = $::apache::params::vhost_dir,
+ $vhost_enable_dir = $::apache::params::vhost_enable_dir,
+ $mod_dir = $::apache::params::mod_dir,
+ $mod_enable_dir = $::apache::params::mod_enable_dir,
+ $mpm_module = $::apache::params::mpm_module,
+ $lib_path = $::apache::params::lib_path,
+ $conf_template = $::apache::params::conf_template,
+ $servername = $::apache::params::servername,
+ $manage_user = true,
+ $manage_group = true,
+ $user = $::apache::params::user,
+ $group = $::apache::params::group,
+ $keepalive = $::apache::params::keepalive,
+ $keepalive_timeout = $::apache::params::keepalive_timeout,
+ $max_keepalive_requests = $::apache::params::max_keepalive_requests,
+ $logroot = $::apache::params::logroot,
+ $logroot_mode = $::apache::params::logroot_mode,
+ $log_level = $::apache::params::log_level,
+ $log_formats = {},
+ $ports_file = $::apache::params::ports_file,
+ $docroot = $::apache::params::docroot,
+ $apache_version = $::apache::version::default,
+ $server_tokens = 'OS',
+ $server_signature = 'On',
+ $trace_enable = 'On',
+ $allow_encoded_slashes = undef,
+ $package_ensure = 'installed',
+ $use_optional_includes = $::apache::params::use_optional_includes,
+) inherits ::apache::params {
+ validate_bool($default_vhost)
+ validate_bool($default_ssl_vhost)
+ validate_bool($default_confd_files)
+ # true/false is sufficient for both ensure and enable
+ validate_bool($service_enable)
+ validate_bool($service_manage)
+ validate_bool($use_optional_includes)
+
+ $valid_mpms_re = $apache_version ? {
+ '2.4' => '(event|itk|peruser|prefork|worker)',
+ default => '(event|itk|prefork|worker)'
+ }
+
+ if $mpm_module {
+ validate_re($mpm_module, $valid_mpms_re)
+ }
+
+ if $allow_encoded_slashes {
+ validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.")
+ }
+
+ # NOTE: on FreeBSD it's mpm module's responsibility to install httpd package.
+ # NOTE: the same strategy may be introduced for other OSes. For this, you
+ # should delete the 'if' block below and modify all MPM modules' manifests
+ # such that they include apache::package class (currently event.pp, itk.pp,
+ # peruser.pp, prefork.pp, worker.pp).
+ if $::osfamily != 'FreeBSD' {
+ package { 'httpd':
+ ensure => $package_ensure,
+ name => $apache_name,
+ notify => Class['Apache::Service'],
+ }
+ }
+ validate_re($sendfile, [ '^[oO]n$' , '^[oO]ff$' ])
+
+ # declare the web server user and group
+ # Note: requiring the package means the package ought to create them and not puppet
+ validate_bool($manage_user)
+ if $manage_user {
+ user { $user:
+ ensure => present,
+ gid => $group,
+ require => Package['httpd'],
+ }
+ }
+ validate_bool($manage_group)
+ if $manage_group {
+ group { $group:
+ ensure => present,
+ require => Package['httpd']
+ }
+ }
+
+ validate_apache_log_level($log_level)
+
+ class { '::apache::service':
+ service_name => $service_name,
+ service_enable => $service_enable,
+ service_manage => $service_manage,
+ service_ensure => $service_ensure,
+ service_restart => $service_restart,
+ }
+
+ # Deprecated backwards-compatibility
+ if $purge_vdir {
+ warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs')
+ $purge_confd = $purge_vdir
+ } else {
+ $purge_confd = $purge_configs
+ }
+
+ # Set purge vhostd appropriately
+ if $purge_vhost_dir == undef {
+ $purge_vhostd = $purge_confd
+ } else {
+ $purge_vhostd = $purge_vhost_dir
+ }
+
+ Exec {
+ path => '/bin:/sbin:/usr/bin:/usr/sbin',
+ }
+
+ exec { "mkdir ${confd_dir}":
+ creates => $confd_dir,
+ require => Package['httpd'],
+ }
+ file { $confd_dir:
+ ensure => directory,
+ recurse => true,
+ purge => $purge_confd,
+ notify => Class['Apache::Service'],
+ require => Package['httpd'],
+ }
+
+ if ! defined(File[$mod_dir]) {
+ exec { "mkdir ${mod_dir}":
+ creates => $mod_dir,
+ require => Package['httpd'],
+ }
+ # Don't purge available modules if an enable dir is used
+ $purge_mod_dir = $purge_configs and !$mod_enable_dir
+ file { $mod_dir:
+ ensure => directory,
+ recurse => true,
+ purge => $purge_mod_dir,
+ notify => Class['Apache::Service'],
+ require => Package['httpd'],
+ }
+ }
+
+ if $mod_enable_dir and ! defined(File[$mod_enable_dir]) {
+ $mod_load_dir = $mod_enable_dir
+ exec { "mkdir ${mod_enable_dir}":
+ creates => $mod_enable_dir,
+ require => Package['httpd'],
+ }
+ file { $mod_enable_dir:
+ ensure => directory,
+ recurse => true,
+ purge => $purge_configs,
+ notify => Class['Apache::Service'],
+ require => Package['httpd'],
+ }
+ } else {
+ $mod_load_dir = $mod_dir
+ }
+
+ if ! defined(File[$vhost_dir]) {
+ exec { "mkdir ${vhost_dir}":
+ creates => $vhost_dir,
+ require => Package['httpd'],
+ }
+ file { $vhost_dir:
+ ensure => directory,
+ recurse => true,
+ purge => $purge_vhostd,
+ notify => Class['Apache::Service'],
+ require => Package['httpd'],
+ }
+ }
+
+ if $vhost_enable_dir and ! defined(File[$vhost_enable_dir]) {
+ $vhost_load_dir = $vhost_enable_dir
+ exec { "mkdir ${vhost_load_dir}":
+ creates => $vhost_load_dir,
+ require => Package['httpd'],
+ }
+ file { $vhost_enable_dir:
+ ensure => directory,
+ recurse => true,
+ purge => $purge_vhostd,
+ notify => Class['Apache::Service'],
+ require => Package['httpd'],
+ }
+ } else {
+ $vhost_load_dir = $vhost_dir
+ }
+
+ concat { $ports_file:
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ notify => Class['Apache::Service'],
+ require => Package['httpd'],
+ }
+ concat::fragment { 'Apache ports header':
+ ensure => present,
+ target => $ports_file,
+ content => template('apache/ports_header.erb')
+ }
+
+ if $::apache::conf_dir and $::apache::params::conf_file {
+ case $::osfamily {
+ 'debian': {
+ $pidfile = "\${APACHE_PID_FILE}"
+ $error_log = 'error.log'
+ $scriptalias = '/usr/lib/cgi-bin'
+ $access_log_file = 'access.log'
+ }
+ 'redhat': {
+ $pidfile = 'run/httpd.pid'
+ $error_log = 'error_log'
+ $scriptalias = '/var/www/cgi-bin'
+ $access_log_file = 'access_log'
+ }
+ 'freebsd': {
+ $pidfile = '/var/run/httpd.pid'
+ $error_log = 'httpd-error.log'
+ $scriptalias = '/usr/local/www/apache24/cgi-bin'
+ $access_log_file = 'httpd-access.log'
+ } 'gentoo': {
+ $pidfile = '/run/apache2.pid'
+ $error_log = 'error.log'
+ $error_documents_path = '/usr/share/apache2/error'
+ $scriptalias = '/var/www/localhost/cgi-bin'
+ $access_log_file = 'access.log'
+
+ ::portage::makeconf { 'apache2_modules':
+ content => $default_mods,
+ }
+ file { [
+ '/etc/apache2/modules.d/.keep_www-servers_apache-2',
+ '/etc/apache2/vhosts.d/.keep_www-servers_apache-2'
+ ]:
+ ensure => absent,
+ require => Package['httpd'],
+ }
+ }
+ 'Suse': {
+ $pidfile = '/var/run/httpd2.pid'
+ $error_log = 'error.log'
+ $scriptalias = '/usr/lib/cgi-bin'
+ $access_log_file = 'access.log'
+ }
+ default: {
+ fail("Unsupported osfamily ${::osfamily}")
+ }
+ }
+
+ $apxs_workaround = $::osfamily ? {
+ 'freebsd' => true,
+ default => false
+ }
+
+ # Template uses:
+ # - $pidfile
+ # - $user
+ # - $group
+ # - $logroot
+ # - $error_log
+ # - $sendfile
+ # - $mod_dir
+ # - $ports_file
+ # - $confd_dir
+ # - $vhost_dir
+ # - $error_documents
+ # - $error_documents_path
+ # - $apxs_workaround
+ # - $keepalive
+ # - $keepalive_timeout
+ # - $max_keepalive_requests
+ # - $server_root
+ # - $server_tokens
+ # - $server_signature
+ # - $trace_enable
+ file { "${::apache::conf_dir}/${::apache::params::conf_file}":
+ ensure => file,
+ content => template($conf_template),
+ notify => Class['Apache::Service'],
+ require => Package['httpd'],
+ }
+
+ # preserve back-wards compatibility to the times when default_mods was
+ # only a boolean value. Now it can be an array (too)
+ if is_array($default_mods) {
+ class { '::apache::default_mods':
+ all => false,
+ mods => $default_mods,
+ }
+ } else {
+ class { '::apache::default_mods':
+ all => $default_mods,
+ }
+ }
+ class { '::apache::default_confd_files':
+ all => $default_confd_files
+ }
+ if $mpm_module {
+ class { "::apache::mod::${mpm_module}": }
+ }
+
+ $default_vhost_ensure = $default_vhost ? {
+ true => 'present',
+ false => 'absent'
+ }
+ $default_ssl_vhost_ensure = $default_ssl_vhost ? {
+ true => 'present',
+ false => 'absent'
+ }
+
+ ::apache::vhost { 'default':
+ ensure => $default_vhost_ensure,
+ port => 80,
+ docroot => $docroot,
+ scriptalias => $scriptalias,
+ serveradmin => $serveradmin,
+ access_log_file => $access_log_file,
+ priority => '15',
+ ip => $ip,
+ logroot_mode => $logroot_mode,
+ manage_docroot => $default_vhost,
+ }
+ $ssl_access_log_file = $::osfamily ? {
+ 'freebsd' => $access_log_file,
+ default => "ssl_${access_log_file}",
+ }
+ ::apache::vhost { 'default-ssl':
+ ensure => $default_ssl_vhost_ensure,
+ port => 443,
+ ssl => true,
+ docroot => $docroot,
+ scriptalias => $scriptalias,
+ serveradmin => $serveradmin,
+ access_log_file => $ssl_access_log_file,
+ priority => '15',
+ ip => $ip,
+ logroot_mode => $logroot_mode,
+ manage_docroot => $default_ssl_vhost,
+ }
+ }
+}
--- /dev/null
+define apache::listen {
+ $listen_addr_port = $name
+
+ # Template uses: $listen_addr_port
+ concat::fragment { "Listen ${listen_addr_port}":
+ ensure => present,
+ target => $::apache::ports_file,
+ content => template('apache/listen.erb'),
+ }
+}
--- /dev/null
+define apache::mod (
+ $package = undef,
+ $package_ensure = 'present',
+ $lib = undef,
+ $lib_path = $::apache::lib_path,
+ $id = undef,
+ $path = undef,
+ $loadfile_name = undef,
+ $loadfiles = undef,
+) {
+ if ! defined(Class['apache']) {
+ fail('You must include the apache base class before using any apache defined resources')
+ }
+
+ $mod = $name
+ #include apache #This creates duplicate resources in rspec-puppet
+ $mod_dir = $::apache::mod_dir
+
+ # Determine if we have special lib
+ $mod_libs = $::apache::params::mod_libs
+ if $lib {
+ $_lib = $lib
+ } elsif has_key($mod_libs, $mod) { # 2.6 compatibility hack
+ $_lib = $mod_libs[$mod]
+ } else {
+ $_lib = "mod_${mod}.so"
+ }
+
+ # Determine if declaration specified a path to the module
+ if $path {
+ $_path = $path
+ } else {
+ $_path = "${lib_path}/${_lib}"
+ }
+
+ if $id {
+ $_id = $id
+ } else {
+ $_id = "${mod}_module"
+ }
+
+ if $loadfile_name {
+ $_loadfile_name = $loadfile_name
+ } else {
+ $_loadfile_name = "${mod}.load"
+ }
+
+ # Determine if we have a package
+ $mod_packages = $::apache::params::mod_packages
+ if $package {
+ $_package = $package
+ } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack
+ $_package = $mod_packages[$mod]
+ } else {
+ $_package = undef
+ }
+ if $_package and ! defined(Package[$_package]) {
+ # note: FreeBSD/ports uses apxs tool to activate modules; apxs clutters
+ # httpd.conf with 'LoadModule' directives; here, by proper resource
+ # ordering, we ensure that our version of httpd.conf is reverted after
+ # the module gets installed.
+ $package_before = $::osfamily ? {
+ 'freebsd' => [
+ File[$_loadfile_name],
+ File["${::apache::conf_dir}/${::apache::params::conf_file}"]
+ ],
+ default => File[$_loadfile_name],
+ }
+ # if there are any packages, they should be installed before the associated conf file
+ Package[$_package] -> File<| title == "${mod}.conf" |>
+ # $_package may be an array
+ package { $_package:
+ ensure => $package_ensure,
+ require => Package['httpd'],
+ before => $package_before,
+ }
+ }
+
+ file { $_loadfile_name:
+ ensure => file,
+ path => "${mod_dir}/${_loadfile_name}",
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ content => template('apache/mod/load.erb'),
+ require => [
+ Package['httpd'],
+ Exec["mkdir ${mod_dir}"],
+ ],
+ before => File[$mod_dir],
+ notify => Class['apache::service'],
+ }
+
+ if $::osfamily == 'Debian' {
+ $enable_dir = $::apache::mod_enable_dir
+ file{ "${_loadfile_name} symlink":
+ ensure => link,
+ path => "${enable_dir}/${_loadfile_name}",
+ target => "${mod_dir}/${_loadfile_name}",
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ require => [
+ File[$_loadfile_name],
+ Exec["mkdir ${enable_dir}"],
+ ],
+ before => File[$enable_dir],
+ notify => Class['apache::service'],
+ }
+ # Each module may have a .conf file as well, which should be
+ # defined in the class apache::mod::module
+ # Some modules do not require this file.
+ if defined(File["${mod}.conf"]) {
+ file{ "${mod}.conf symlink":
+ ensure => link,
+ path => "${enable_dir}/${mod}.conf",
+ target => "${mod_dir}/${mod}.conf",
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ require => [
+ File["${mod}.conf"],
+ Exec["mkdir ${enable_dir}"],
+ ],
+ before => File[$enable_dir],
+ notify => Class['apache::service'],
+ }
+ }
+ } elsif $::osfamily == 'Suse' {
+ $enable_dir = $::apache::mod_enable_dir
+ file{ "${_loadfile_name} symlink":
+ ensure => link,
+ path => "${enable_dir}/${_loadfile_name}",
+ target => "${mod_dir}/${_loadfile_name}",
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ require => [
+ File[$_loadfile_name],
+ Exec["mkdir ${enable_dir}"],
+ ],
+ before => File[$enable_dir],
+ notify => Class['apache::service'],
+ }
+ # Each module may have a .conf file as well, which should be
+ # defined in the class apache::mod::module
+ # Some modules do not require this file.
+ if defined(File["${mod}.conf"]) {
+ file{ "${mod}.conf symlink":
+ ensure => link,
+ path => "${enable_dir}/${mod}.conf",
+ target => "${mod_dir}/${mod}.conf",
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ require => [
+ File["${mod}.conf"],
+ Exec["mkdir ${enable_dir}"],
+ ],
+ before => File[$enable_dir],
+ notify => Class['apache::service'],
+ }
+ }
+ }
+}
--- /dev/null
+class apache::mod::actions {
+ apache::mod { 'actions': }
+}
--- /dev/null
+class apache::mod::alias(
+ $apache_version = $apache::apache_version,
+ $icons_options = 'Indexes MultiViews',
+) {
+ $ver24 = versioncmp($apache_version, '2.4') >= 0
+
+ $icons_path = $::osfamily ? {
+ 'debian' => '/usr/share/apache2/icons',
+ 'Suse' => '/usr/share/apache2/icons',
+ 'redhat' => $ver24 ? {
+ true => '/usr/share/httpd/icons',
+ default => '/var/www/icons',
+ },
+ 'freebsd' => '/usr/local/www/apache24/icons',
+ 'gentoo' => '/usr/share/apache2/icons',
+ }
+ apache::mod { 'alias': }
+ # Template uses $icons_path
+ file { 'alias.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/alias.conf",
+ content => template('apache/mod/alias.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::auth_basic {
+ ::apache::mod { 'auth_basic': }
+}
--- /dev/null
+class apache::mod::auth_cas (
+ $cas_login_url,
+ $cas_validate_url,
+ $cas_cookie_path = $::apache::params::cas_cookie_path,
+ $cas_version = 2,
+ $cas_debug = 'Off',
+ $cas_validate_depth = undef,
+ $cas_certificate_path = undef,
+ $cas_proxy_validate_url = undef,
+ $cas_root_proxied_as = undef,
+ $cas_cookie_entropy = undef,
+ $cas_timeout = undef,
+ $cas_idle_timeout = undef,
+ $cas_cache_clean_interval = undef,
+ $cas_cookie_domain = undef,
+ $cas_cookie_http_only = undef,
+ $cas_authoritative = undef,
+ $suppress_warning = false,
+) {
+
+ validate_string($cas_login_url, $cas_validate_url, $cas_cookie_path)
+
+ if $::osfamily == 'RedHat' and ! $suppress_warning {
+ warning('RedHat distributions do not have Apache mod_auth_cas in their default package repositories.')
+ }
+
+ ::apache::mod { 'auth_cas': }
+
+ file { $cas_cookie_path:
+ ensure => directory,
+ before => File['auth_cas.conf'],
+ mode => '0750',
+ owner => $apache::user,
+ group => $apache::group,
+ }
+
+ # Template uses
+ # - All variables beginning with cas_
+ file { 'auth_cas.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/auth_cas.conf",
+ content => template('apache/mod/auth_cas.conf.erb'),
+ require => [ Exec["mkdir ${::apache::mod_dir}"], ],
+ before => File[$::apache::mod_dir],
+ notify => Class['Apache::Service'],
+ }
+
+}
--- /dev/null
+class apache::mod::auth_kerb {
+ ::apache::mod { 'auth_kerb': }
+}
+
+
--- /dev/null
+class apache::mod::authn_core(
+ $apache_version = $::apache::apache_version
+) {
+ if versioncmp($apache_version, '2.4') >= 0 {
+ ::apache::mod { 'authn_core': }
+ }
+}
--- /dev/null
+class apache::mod::authn_file {
+ ::apache::mod { 'authn_file': }
+}
--- /dev/null
+class apache::mod::authnz_ldap (
+ $verifyServerCert = true,
+) {
+ include '::apache::mod::ldap'
+ ::apache::mod { 'authnz_ldap': }
+
+ validate_bool($verifyServerCert)
+
+ # Template uses:
+ # - $verifyServerCert
+ file { 'authnz_ldap.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/authnz_ldap.conf",
+ content => template('apache/mod/authnz_ldap.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::authz_default {
+ ::apache::mod { 'authz_default': }
+}
--- /dev/null
+class apache::mod::authz_user {
+ ::apache::mod { 'authz_user': }
+}
--- /dev/null
+class apache::mod::autoindex {
+ ::apache::mod { 'autoindex': }
+ # Template uses no variables
+ file { 'autoindex.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/autoindex.conf",
+ content => template('apache/mod/autoindex.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::cache {
+ ::apache::mod { 'cache': }
+}
--- /dev/null
+class apache::mod::cgi {
+ case $::osfamily {
+ 'FreeBSD': {}
+ default: {
+ Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi']
+ }
+ }
+
+ ::apache::mod { 'cgi': }
+}
--- /dev/null
+class apache::mod::cgid {
+ case $::osfamily {
+ 'FreeBSD': {}
+ default: {
+ Class['::apache::mod::worker'] -> Class['::apache::mod::cgid']
+ }
+ }
+
+ # Debian specifies it's cgid sock path, but RedHat uses the default value
+ # with no config file
+ $cgisock_path = $::osfamily ? {
+ 'debian' => "\${APACHE_RUN_DIR}/cgisock",
+ 'freebsd' => 'cgisock',
+ default => undef,
+ }
+ ::apache::mod { 'cgid': }
+ if $cgisock_path {
+ # Template uses $cgisock_path
+ file { 'cgid.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/cgid.conf",
+ content => template('apache/mod/cgid.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+ }
+}
--- /dev/null
+class apache::mod::dav {
+ ::apache::mod { 'dav': }
+}
--- /dev/null
+class apache::mod::dav_fs {
+ $dav_lock = $::osfamily ? {
+ 'debian' => "\${APACHE_LOCK_DIR}/DAVLock",
+ 'freebsd' => '/usr/local/var/DavLock',
+ default => '/var/lib/dav/lockdb',
+ }
+
+ Class['::apache::mod::dav'] -> Class['::apache::mod::dav_fs']
+ ::apache::mod { 'dav_fs': }
+
+ # Template uses: $dav_lock
+ file { 'dav_fs.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/dav_fs.conf",
+ content => template('apache/mod/dav_fs.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::dav_svn (
+ $authz_svn_enabled = false,
+) {
+ Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn']
+ include ::apache::mod::dav
+ ::apache::mod { 'dav_svn': }
+
+ if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04' and $::operatingsystemrelease != '10.04') {
+ $loadfile_name = undef
+ } else {
+ $loadfile_name = 'dav_svn_authz_svn.load'
+ }
+
+ if $authz_svn_enabled {
+ ::apache::mod { 'authz_svn':
+ loadfile_name => $loadfile_name,
+ require => Apache::Mod['dav_svn'],
+ }
+ }
+}
--- /dev/null
+class apache::mod::deflate (
+ $types = [
+ 'text/html text/plain text/xml',
+ 'text/css',
+ 'application/x-javascript application/javascript application/ecmascript',
+ 'application/rss+xml'
+ ],
+ $notes = {
+ 'Input' => 'instream',
+ 'Output' => 'outstream',
+ 'Ratio' => 'ratio'
+ }
+) {
+ ::apache::mod { 'deflate': }
+
+ file { 'deflate.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/deflate.conf",
+ content => template('apache/mod/deflate.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::dev {
+ # Development packages are not apache modules
+ warning('apache::mod::dev is deprecated; please use apache::dev')
+ include ::apache::dev
+}
--- /dev/null
+# Note: this sets the global DirectoryIndex directive, it may be necessary to consider being able to modify the apache::vhost to declare DirectoryIndex statements in a vhost configuration
+# Parameters:
+# - $indexes provides a string for the DirectoryIndex directive http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex
+class apache::mod::dir (
+ $dir = 'public_html',
+ $indexes = ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'],
+) {
+ validate_array($indexes)
+ ::apache::mod { 'dir': }
+
+ # Template uses
+ # - $indexes
+ file { 'dir.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/dir.conf",
+ content => template('apache/mod/dir.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::disk_cache {
+ $cache_root = $::osfamily ? {
+ 'debian' => '/var/cache/apache2/mod_disk_cache',
+ 'redhat' => '/var/cache/mod_proxy',
+ 'freebsd' => '/var/cache/mod_disk_cache',
+ 'gentoo' => '/var/cache/apache2/mod_disk_cache',
+ }
+
+ $mod_name = $::osfamily ? {
+ 'FreeBSD' => 'cache_disk',
+ default => 'disk_cache',
+ }
+
+ if $::osfamily != 'FreeBSD' {
+ # FIXME: investigate why disk_cache was dependent on proxy
+ # NOTE: on FreeBSD disk_cache is compiled by default but proxy is not
+ Class['::apache::mod::proxy'] -> Class['::apache::mod::disk_cache']
+ }
+ Class['::apache::mod::cache'] -> Class['::apache::mod::disk_cache']
+
+ apache::mod { $mod_name: }
+ # Template uses $cache_proxy
+ file { 'disk_cache.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/disk_cache.conf",
+ content => template('apache/mod/disk_cache.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::event (
+ $startservers = '2',
+ $maxclients = '150',
+ $minsparethreads = '25',
+ $maxsparethreads = '75',
+ $threadsperchild = '25',
+ $maxrequestsperchild = '0',
+ $serverlimit = '25',
+ $apache_version = $::apache::apache_version,
+ $threadlimit = '64',
+ $listenbacklog = '511',
+ $maxrequestworkers = '250',
+ $maxconnectionsperchild = '0',
+) {
+ if defined(Class['apache::mod::itk']) {
+ fail('May not include both apache::mod::event and apache::mod::itk on the same node')
+ }
+ if defined(Class['apache::mod::peruser']) {
+ fail('May not include both apache::mod::event and apache::mod::peruser on the same node')
+ }
+ if defined(Class['apache::mod::prefork']) {
+ fail('May not include both apache::mod::event and apache::mod::prefork on the same node')
+ }
+ if defined(Class['apache::mod::worker']) {
+ fail('May not include both apache::mod::event and apache::mod::worker on the same node')
+ }
+ File {
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ }
+
+ # Template uses:
+ # - $startservers
+ # - $maxclients
+ # - $minsparethreads
+ # - $maxsparethreads
+ # - $threadsperchild
+ # - $maxrequestsperchild
+ # - $serverlimit
+ file { "${::apache::mod_dir}/event.conf":
+ ensure => file,
+ content => template('apache/mod/event.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+
+ case $::osfamily {
+ 'redhat': {
+ if versioncmp($apache_version, '2.4') >= 0 {
+ apache::mpm{ 'event':
+ apache_version => $apache_version,
+ }
+ }
+ }
+ 'debian','freebsd' : {
+ apache::mpm{ 'event':
+ apache_version => $apache_version,
+ }
+ }
+ 'gentoo': {
+ ::portage::makeconf { 'apache2_mpms':
+ content => 'event',
+ }
+ }
+ default: {
+ fail("Unsupported osfamily ${::osfamily}")
+ }
+ }
+}
--- /dev/null
+class apache::mod::expires (
+ $expires_active = true,
+ $expires_default = undef,
+ $expires_by_type = undef,
+) {
+ ::apache::mod { 'expires': }
+
+ # Template uses
+ # $expires_active
+ # $expires_default
+ # $expires_by_type
+ file { 'expires.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/expires.conf",
+ content => template('apache/mod/expires.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::fastcgi {
+
+ # Debian specifies it's fastcgi lib path, but RedHat uses the default value
+ # with no config file
+ $fastcgi_lib_path = $::apache::params::fastcgi_lib_path
+
+ ::apache::mod { 'fastcgi': }
+
+ if $fastcgi_lib_path {
+ # Template uses:
+ # - $fastcgi_server
+ # - $fastcgi_socket
+ # - $fastcgi_dir
+ file { 'fastcgi.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/fastcgi.conf",
+ content => template('apache/mod/fastcgi.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+ }
+
+}
--- /dev/null
+class apache::mod::fcgid(
+ $options = {},
+) {
+ if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' {
+ $loadfile_name = 'unixd_fcgid.load'
+ } else {
+ $loadfile_name = undef
+ }
+
+ ::apache::mod { 'fcgid':
+ loadfile_name => $loadfile_name
+ }
+
+ # Template uses:
+ # - $options
+ file { 'fcgid.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/fcgid.conf",
+ content => template('apache/mod/fcgid.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::filter {
+ ::apache::mod { 'filter': }
+}
--- /dev/null
+class apache::mod::geoip (
+ $enable = false,
+ $db_file = '/usr/share/GeoIP/GeoIP.dat',
+ $flag = 'Standard',
+ $output = 'All',
+ $enable_utf8 = undef,
+ $scan_proxy_headers = undef,
+ $use_last_xforwarededfor_ip = undef,
+) {
+ ::apache::mod { 'geoip': }
+
+ # Template uses:
+ # - enable
+ # - db_file
+ # - flag
+ # - output
+ # - enable_utf8
+ # - scan_proxy_headers
+ # - use_last_xforwarededfor_ip
+ file { 'geoip.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/geoip.conf",
+ content => template('apache/mod/geoip.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+
+}
--- /dev/null
+class apache::mod::headers {
+ ::apache::mod { 'headers': }
+}
--- /dev/null
+class apache::mod::include {
+ ::apache::mod { 'include': }
+}
--- /dev/null
+class apache::mod::info (
+ $allow_from = ['127.0.0.1','::1'],
+ $apache_version = $::apache::apache_version,
+ $restrict_access = true,
+){
+ apache::mod { 'info': }
+ # Template uses
+ # $allow_from
+ # $apache_version
+ file { 'info.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/info.conf",
+ content => template('apache/mod/info.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::itk (
+ $startservers = '8',
+ $minspareservers = '5',
+ $maxspareservers = '20',
+ $serverlimit = '256',
+ $maxclients = '256',
+ $maxrequestsperchild = '4000',
+ $apache_version = $::apache::apache_version,
+) {
+ if defined(Class['apache::mod::event']) {
+ fail('May not include both apache::mod::itk and apache::mod::event on the same node')
+ }
+ if defined(Class['apache::mod::peruser']) {
+ fail('May not include both apache::mod::itk and apache::mod::peruser on the same node')
+ }
+ if versioncmp($apache_version, '2.4') < 0 {
+ if defined(Class['apache::mod::prefork']) {
+ fail('May not include both apache::mod::itk and apache::mod::prefork on the same node')
+ }
+ }
+ if defined(Class['apache::mod::worker']) {
+ fail('May not include both apache::mod::itk and apache::mod::worker on the same node')
+ }
+ File {
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ }
+
+ # Template uses:
+ # - $startservers
+ # - $minspareservers
+ # - $maxspareservers
+ # - $serverlimit
+ # - $maxclients
+ # - $maxrequestsperchild
+ file { "${::apache::mod_dir}/itk.conf":
+ ensure => file,
+ content => template('apache/mod/itk.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+
+ case $::osfamily {
+ 'debian', 'freebsd': {
+ apache::mpm{ 'itk':
+ apache_version => $apache_version,
+ }
+ }
+ 'gentoo': {
+ ::portage::makeconf { 'apache2_mpms':
+ content => 'itk',
+ }
+ }
+ default: {
+ fail("Unsupported osfamily ${::osfamily}")
+ }
+ }
+}
--- /dev/null
+class apache::mod::ldap (
+ $apache_version = $::apache::apache_version,
+){
+ ::apache::mod { 'ldap': }
+ # Template uses $apache_version
+ file { 'ldap.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/ldap.conf",
+ content => template('apache/mod/ldap.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::mime (
+ $mime_support_package = $::apache::params::mime_support_package,
+ $mime_types_config = $::apache::params::mime_types_config,
+) {
+ apache::mod { 'mime': }
+ # Template uses $mime_types_config
+ file { 'mime.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/mime.conf",
+ content => template('apache/mod/mime.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+ if $mime_support_package {
+ package { $mime_support_package:
+ ensure => 'installed',
+ before => File['mime.conf'],
+ }
+ }
+}
--- /dev/null
+class apache::mod::mime_magic (
+ $magic_file = "${::apache::conf_dir}/magic"
+) {
+ apache::mod { 'mime_magic': }
+ # Template uses $magic_file
+ file { 'mime_magic.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/mime_magic.conf",
+ content => template('apache/mod/mime_magic.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::negotiation (
+ $force_language_priority = 'Prefer Fallback',
+ $language_priority = [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et',
+ 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn',
+ 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN',
+ 'zh-TW' ],
+) {
+ if !is_array($force_language_priority) and !is_string($force_language_priority) {
+ fail('force_languague_priority must be a string or array of strings')
+ }
+ if !is_array($language_priority) and !is_string($language_priority) {
+ fail('force_languague_priority must be a string or array of strings')
+ }
+
+ ::apache::mod { 'negotiation': }
+ # Template uses no variables
+ file { 'negotiation.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/negotiation.conf",
+ content => template('apache/mod/negotiation.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::nss (
+ $transfer_log = "${::apache::params::logroot}/access.log",
+ $error_log = "${::apache::params::logroot}/error.log",
+ $passwd_file = undef
+) {
+ include ::apache::mod::mime
+
+ apache::mod { 'nss': }
+
+ $httpd_dir = $::apache::httpd_dir
+
+ # Template uses:
+ # $transfer_log
+ # $error_log
+ # $http_dir
+ # passwd_file
+ file { 'nss.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/nss.conf",
+ content => template('apache/mod/nss.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::pagespeed (
+ $inherit_vhost_config = 'on',
+ $filter_xhtml = false,
+ $cache_path = '/var/cache/mod_pagespeed/',
+ $log_dir = '/var/log/pagespeed',
+ $memcache_servers = [],
+ $rewrite_level = 'CoreFilters',
+ $disable_filters = [],
+ $enable_filters = [],
+ $forbid_filters = [],
+ $rewrite_deadline_per_flush_ms = 10,
+ $additional_domains = undef,
+ $file_cache_size_kb = 102400,
+ $file_cache_clean_interval_ms = 3600000,
+ $lru_cache_per_process = 1024,
+ $lru_cache_byte_limit = 16384,
+ $css_flatten_max_bytes = 2048,
+ $css_inline_max_bytes = 2048,
+ $css_image_inline_max_bytes = 2048,
+ $image_inline_max_bytes = 2048,
+ $js_inline_max_bytes = 2048,
+ $css_outline_min_bytes = 3000,
+ $js_outline_min_bytes = 3000,
+ $inode_limit = 500000,
+ $image_max_rewrites_at_once = 8,
+ $num_rewrite_threads = 4,
+ $num_expensive_rewrite_threads = 4,
+ $collect_statistics = 'on',
+ $statistics_logging = 'on',
+ $allow_view_stats = [],
+ $allow_pagespeed_console = [],
+ $allow_pagespeed_message = [],
+ $message_buffer_size = 100000,
+ $additional_configuration = {},
+ $apache_version = $::apache::apache_version,
+){
+
+ $_lib = $::apache::apache_version ? {
+ '2.4' => 'mod_pagespeed_ap24.so',
+ default => undef
+ }
+
+ apache::mod { 'pagespeed':
+ lib => $_lib,
+ }
+
+ file { 'pagespeed.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/pagespeed.conf",
+ content => template('apache/mod/pagespeed.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::passenger (
+ $passenger_conf_file = $::apache::params::passenger_conf_file,
+ $passenger_conf_package_file = $::apache::params::passenger_conf_package_file,
+ $passenger_high_performance = undef,
+ $passenger_pool_idle_time = undef,
+ $passenger_max_requests = undef,
+ $passenger_stat_throttle_rate = undef,
+ $rack_autodetect = undef,
+ $rails_autodetect = undef,
+ $passenger_root = $::apache::params::passenger_root,
+ $passenger_ruby = $::apache::params::passenger_ruby,
+ $passenger_default_ruby = $::apache::params::passenger_default_ruby,
+ $passenger_max_pool_size = undef,
+ $passenger_min_instances = undef,
+ $passenger_use_global_queue = undef,
+ $passenger_app_env = undef,
+ $mod_package = undef,
+ $mod_package_ensure = undef,
+ $mod_lib = undef,
+ $mod_lib_path = undef,
+ $mod_id = undef,
+ $mod_path = undef,
+) {
+ # Managed by the package, but declare it to avoid purging
+ if $passenger_conf_package_file {
+ file { 'passenger_package.conf':
+ path => "${::apache::mod_dir}/${passenger_conf_package_file}",
+ }
+ }
+
+ $_package = $mod_package
+ $_package_ensure = $mod_package_ensure
+ $_lib = $mod_lib
+ if $::osfamily == 'FreeBSD' {
+ if $mod_lib_path {
+ $_lib_path = $mod_lib_path
+ } else {
+ $_lib_path = "${passenger_root}/buildout/apache2"
+ }
+ } else {
+ $_lib_path = $mod_lib_path
+ }
+
+ $_id = $mod_id
+ $_path = $mod_path
+ ::apache::mod { 'passenger':
+ package => $_package,
+ package_ensure => $_package_ensure,
+ lib => $_lib,
+ lib_path => $_lib_path,
+ id => $_id,
+ path => $_path,
+ loadfile_name => 'zpassenger.load',
+ }
+
+ # Template uses:
+ # - $passenger_root
+ # - $passenger_ruby
+ # - $passenger_default_ruby
+ # - $passenger_max_pool_size
+ # - $passenger_min_instances
+ # - $passenger_high_performance
+ # - $passenger_max_requests
+ # - $passenger_stat_throttle_rate
+ # - $passenger_use_global_queue
+ # - $passenger_app_env
+ # - $rack_autodetect
+ # - $rails_autodetect
+ file { 'passenger.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/${passenger_conf_file}",
+ content => template('apache/mod/passenger.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::perl {
+ ::apache::mod { 'perl': }
+}
--- /dev/null
+class apache::mod::peruser (
+ $minspareprocessors = '2',
+ $minprocessors = '2',
+ $maxprocessors = '10',
+ $maxclients = '150',
+ $maxrequestsperchild = '1000',
+ $idletimeout = '120',
+ $expiretimeout = '120',
+ $keepalive = 'Off',
+) {
+
+ case $::osfamily {
+ 'freebsd' : {
+ fail("Unsupported osfamily ${::osfamily}")
+ }
+ default: {
+ if $::osfamily == 'gentoo' {
+ ::portage::makeconf { 'apache2_mpms':
+ content => 'peruser',
+ }
+ }
+
+ if defined(Class['apache::mod::event']) {
+ fail('May not include both apache::mod::peruser and apache::mod::event on the same node')
+ }
+ if defined(Class['apache::mod::itk']) {
+ fail('May not include both apache::mod::peruser and apache::mod::itk on the same node')
+ }
+ if defined(Class['apache::mod::prefork']) {
+ fail('May not include both apache::mod::peruser and apache::mod::prefork on the same node')
+ }
+ if defined(Class['apache::mod::worker']) {
+ fail('May not include both apache::mod::peruser and apache::mod::worker on the same node')
+ }
+ File {
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ }
+
+ $mod_dir = $::apache::mod_dir
+
+ # Template uses:
+ # - $minspareprocessors
+ # - $minprocessors
+ # - $maxprocessors
+ # - $maxclients
+ # - $maxrequestsperchild
+ # - $idletimeout
+ # - $expiretimeout
+ # - $keepalive
+ # - $mod_dir
+ file { "${::apache::mod_dir}/peruser.conf":
+ ensure => file,
+ content => template('apache/mod/peruser.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+ file { "${::apache::mod_dir}/peruser":
+ ensure => directory,
+ require => File[$::apache::mod_dir],
+ }
+ file { "${::apache::mod_dir}/peruser/multiplexers":
+ ensure => directory,
+ require => File["${::apache::mod_dir}/peruser"],
+ }
+ file { "${::apache::mod_dir}/peruser/processors":
+ ensure => directory,
+ require => File["${::apache::mod_dir}/peruser"],
+ }
+
+ ::apache::peruser::multiplexer { '01-default': }
+ }
+ }
+}
--- /dev/null
+class apache::mod::php (
+ $package_name = undef,
+ $package_ensure = 'present',
+ $path = undef,
+ $extensions = ['.php'],
+ $content = undef,
+ $template = 'apache/mod/php5.conf.erb',
+ $source = undef,
+ $root_group = $::apache::params::root_group,
+) inherits apache::params {
+
+ if defined(Class['::apache::mod::prefork']) {
+ Class['::apache::mod::prefork']->File['php5.conf']
+ }
+ elsif defined(Class['::apache::mod::itk']) {
+ Class['::apache::mod::itk']->File['php5.conf']
+ }
+ else {
+ fail('apache::mod::php requires apache::mod::prefork or apache::mod::itk; please enable mpm_module => \'prefork\' or mpm_module => \'itk\' on Class[\'apache\']')
+ }
+ validate_array($extensions)
+
+ if $source and ($content or $template != 'apache/mod/php5.conf.erb') {
+ warning('source and content or template parameters are provided. source parameter will be used')
+ } elsif $content and $template != 'apache/mod/php5.conf.erb' {
+ warning('content and template parameters are provided. content parameter will be used')
+ }
+
+ $manage_content = $source ? {
+ undef => $content ? {
+ undef => template($template),
+ default => $content,
+ },
+ default => undef,
+ }
+
+ ::apache::mod { 'php5':
+ package => $package_name,
+ package_ensure => $package_ensure,
+ path => $path,
+ }
+
+ include ::apache::mod::mime
+ include ::apache::mod::dir
+ Class['::apache::mod::mime'] -> Class['::apache::mod::dir'] -> Class['::apache::mod::php']
+
+ # Template uses $extensions
+ file { 'php5.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/php5.conf",
+ owner => 'root',
+ group => $root_group,
+ mode => '0644',
+ content => $manage_content,
+ source => $source,
+ require => [
+ Exec["mkdir ${::apache::mod_dir}"],
+ ],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::prefork (
+ $startservers = '8',
+ $minspareservers = '5',
+ $maxspareservers = '20',
+ $serverlimit = '256',
+ $maxclients = '256',
+ $maxrequestsperchild = '4000',
+ $apache_version = $::apache::apache_version,
+) {
+ if defined(Class['apache::mod::event']) {
+ fail('May not include both apache::mod::prefork and apache::mod::event on the same node')
+ }
+ if versioncmp($apache_version, '2.4') < 0 {
+ if defined(Class['apache::mod::itk']) {
+ fail('May not include both apache::mod::prefork and apache::mod::itk on the same node')
+ }
+ }
+ if defined(Class['apache::mod::peruser']) {
+ fail('May not include both apache::mod::prefork and apache::mod::peruser on the same node')
+ }
+ if defined(Class['apache::mod::worker']) {
+ fail('May not include both apache::mod::prefork and apache::mod::worker on the same node')
+ }
+ File {
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ }
+
+ # Template uses:
+ # - $startservers
+ # - $minspareservers
+ # - $maxspareservers
+ # - $serverlimit
+ # - $maxclients
+ # - $maxrequestsperchild
+ file { "${::apache::mod_dir}/prefork.conf":
+ ensure => file,
+ content => template('apache/mod/prefork.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+
+ case $::osfamily {
+ 'redhat': {
+ if versioncmp($apache_version, '2.4') >= 0 {
+ ::apache::mpm{ 'prefork':
+ apache_version => $apache_version,
+ }
+ }
+ else {
+ file_line { '/etc/sysconfig/httpd prefork enable':
+ ensure => present,
+ path => '/etc/sysconfig/httpd',
+ line => '#HTTPD=/usr/sbin/httpd.worker',
+ match => '#?HTTPD=/usr/sbin/httpd.worker',
+ require => Package['httpd'],
+ notify => Class['apache::service'],
+ }
+ }
+ }
+ 'debian', 'freebsd', 'Suse' : {
+ ::apache::mpm{ 'prefork':
+ apache_version => $apache_version,
+ }
+ }
+ 'gentoo': {
+ ::portage::makeconf { 'apache2_mpms':
+ content => 'prefork',
+ }
+ }
+ default: {
+ fail("Unsupported osfamily ${::osfamily}")
+ }
+ }
+}
--- /dev/null
+class apache::mod::proxy (
+ $proxy_requests = 'Off',
+ $allow_from = undef,
+ $apache_version = $::apache::apache_version,
+) {
+ ::apache::mod { 'proxy': }
+ # Template uses $proxy_requests, $apache_version
+ file { 'proxy.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/proxy.conf",
+ content => template('apache/mod/proxy.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::proxy_ajp {
+ Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_ajp']
+ ::apache::mod { 'proxy_ajp': }
+}
--- /dev/null
+class apache::mod::proxy_balancer {
+
+ include ::apache::mod::proxy
+ include ::apache::mod::proxy_http
+
+ Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_balancer']
+ Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_balancer']
+ ::apache::mod { 'proxy_balancer': }
+
+}
--- /dev/null
+class apache::mod::proxy_connect (
+ $apache_version = $::apache::apache_version,
+) {
+ if versioncmp($apache_version, '2.2') >= 0 {
+ Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_connect']
+ ::apache::mod { 'proxy_connect': }
+ }
+}
--- /dev/null
+class apache::mod::proxy_html {
+ Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_html']
+ Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_html']
+
+ # Add libxml2
+ case $::osfamily {
+ /RedHat|FreeBSD|Gentoo/: {
+ ::apache::mod { 'xml2enc': }
+ $loadfiles = undef
+ }
+ 'Debian': {
+ $gnu_path = $::hardwaremodel ? {
+ 'i686' => 'i386',
+ default => $::hardwaremodel,
+ }
+ $loadfiles = $::apache::params::distrelease ? {
+ '6' => ['/usr/lib/libxml2.so.2'],
+ '10' => ['/usr/lib/libxml2.so.2'],
+ default => ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"],
+ }
+ }
+ }
+
+ ::apache::mod { 'proxy_html':
+ loadfiles => $loadfiles,
+ }
+
+ # Template uses $icons_path
+ file { 'proxy_html.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/proxy_html.conf",
+ content => template('apache/mod/proxy_html.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::proxy_http {
+ Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_http']
+ ::apache::mod { 'proxy_http': }
+}
--- /dev/null
+class apache::mod::python {
+ ::apache::mod { 'python': }
+}
+
+
--- /dev/null
+class apache::mod::remoteip (
+ $header = 'X-Forwarded-For',
+ $proxy_ips = [ '127.0.0.1' ],
+ $proxies_header = undef,
+ $trusted_proxy_ips = undef,
+ $apache_version = $::apache::apache_version
+) {
+ if versioncmp($apache_version, '2.4') < 0 {
+ fail('mod_remoteip is only available in Apache 2.4')
+ }
+
+ ::apache::mod { 'remoteip': }
+
+ # Template uses:
+ # - $header
+ # - $proxy_ips
+ # - $proxies_header
+ # - $trusted_proxy_ips
+ file { 'remoteip.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/remoteip.conf",
+ content => template('apache/mod/remoteip.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Service['httpd'],
+ }
+}
--- /dev/null
+class apache::mod::reqtimeout (
+ $timeouts = ['header=20-40,minrate=500', 'body=10,minrate=500']
+){
+ ::apache::mod { 'reqtimeout': }
+ # Template uses no variables
+ file { 'reqtimeout.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/reqtimeout.conf",
+ content => template('apache/mod/reqtimeout.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::rewrite {
+ include ::apache::params
+ ::apache::mod { 'rewrite': }
+}
--- /dev/null
+class apache::mod::rpaf (
+ $sethostname = true,
+ $proxy_ips = [ '127.0.0.1' ],
+ $header = 'X-Forwarded-For'
+) {
+ ::apache::mod { 'rpaf': }
+
+ # Template uses:
+ # - $sethostname
+ # - $proxy_ips
+ # - $header
+ file { 'rpaf.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/rpaf.conf",
+ content => template('apache/mod/rpaf.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::security (
+ $crs_package = $::apache::params::modsec_crs_package,
+ $activated_rules = $::apache::params::modsec_default_rules,
+ $modsec_dir = $::apache::params::modsec_dir,
+ $allowed_methods = 'GET HEAD POST OPTIONS',
+ $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf',
+ $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/',
+ $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/',
+){
+
+ if $::osfamily == 'FreeBSD' {
+ fail('FreeBSD is not currently supported')
+ }
+
+ ::apache::mod { 'security':
+ id => 'security2_module',
+ lib => 'mod_security2.so',
+ }
+
+ ::apache::mod { 'unique_id_module':
+ id => 'unique_id_module',
+ lib => 'mod_unique_id.so',
+ }
+
+ if $crs_package {
+ package { $crs_package:
+ ensure => 'latest',
+ before => File['security.conf'],
+ }
+ }
+
+ # Template uses:
+ # - $modsec_dir
+ file { 'security.conf':
+ ensure => file,
+ content => template('apache/mod/security.conf.erb'),
+ path => "${::apache::mod_dir}/security.conf",
+ owner => $::apache::params::user,
+ group => $::apache::params::group,
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+
+ file { $modsec_dir:
+ ensure => directory,
+ owner => $::apache::params::user,
+ group => $::apache::params::group,
+ mode => '0555',
+ purge => true,
+ force => true,
+ recurse => true,
+ }
+
+ file { "${modsec_dir}/activated_rules":
+ ensure => directory,
+ owner => $::apache::params::user,
+ group => $::apache::params::group,
+ mode => '0555',
+ purge => true,
+ force => true,
+ recurse => true,
+ notify => Class['apache::service'],
+ }
+
+ file { "${modsec_dir}/security_crs.conf":
+ ensure => file,
+ content => template('apache/mod/security_crs.conf.erb'),
+ require => File[$modsec_dir],
+ notify => Class['apache::service'],
+ }
+
+ apache::security::rule_link { $activated_rules: }
+
+}
--- /dev/null
+class apache::mod::setenvif {
+ ::apache::mod { 'setenvif': }
+ # Template uses no variables
+ file { 'setenvif.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/setenvif.conf",
+ content => template('apache/mod/setenvif.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::shib (
+ $suppress_warning = false,
+) {
+
+ if $::osfamily == 'RedHat' and ! $suppress_warning {
+ warning('RedHat distributions do not have Apache mod_shib in their default package repositories.')
+ }
+
+ $mod_shib = 'shib2'
+
+ apache::mod {$mod_shib:
+ id => 'mod_shib',
+ }
+
+}
\ No newline at end of file
--- /dev/null
+class apache::mod::speling {
+ ::apache::mod { 'speling': }
+}
--- /dev/null
+class apache::mod::ssl (
+ $ssl_compression = false,
+ $ssl_cryptodevice = 'builtin',
+ $ssl_options = [ 'StdEnvVars' ],
+ $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5',
+ $ssl_honorcipherorder = 'On',
+ $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ],
+ $ssl_pass_phrase_dialog = 'builtin',
+ $ssl_random_seed_bytes = '512',
+ $ssl_sessioncachetimeout = '300',
+ $apache_version = $::apache::apache_version,
+ $package_name = undef,
+) {
+ $session_cache = $::osfamily ? {
+ 'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)",
+ 'redhat' => '/var/cache/mod_ssl/scache(512000)',
+ 'freebsd' => '/var/run/ssl_scache(512000)',
+ 'gentoo' => '/var/run/ssl_scache(512000)',
+ }
+
+ case $::osfamily {
+ 'debian': {
+ if versioncmp($apache_version, '2.4') >= 0 {
+ $ssl_mutex = 'default'
+ } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' {
+ $ssl_mutex = 'file:/var/run/apache2/ssl_mutex'
+ } else {
+ $ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex"
+ }
+ }
+ 'redhat': {
+ $ssl_mutex = 'default'
+ }
+ 'freebsd': {
+ $ssl_mutex = 'default'
+ }
+ 'gentoo': {
+ $ssl_mutex = 'default'
+ }
+ default: {
+ fail("Unsupported osfamily ${::osfamily}")
+ }
+ }
+
+ ::apache::mod { 'ssl':
+ package => $package_name,
+ }
+
+ if versioncmp($apache_version, '2.4') >= 0 {
+ ::apache::mod { 'socache_shmcb': }
+ }
+
+ # Template uses
+ #
+ # $ssl_compression
+ # $ssl_cryptodevice
+ # $ssl_cipher
+ # $ssl_honorcipherorder
+ # $ssl_options
+ # $session_cache
+ # $ssl_mutex
+ # $ssl_random_seed_bytes
+ # $ssl_sessioncachetimeout
+ # $apache_version
+ #
+ file { 'ssl.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/ssl.conf",
+ content => template('apache/mod/ssl.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+# Class: apache::mod::status
+#
+# This class enables and configures Apache mod_status
+# See: http://httpd.apache.org/docs/current/mod/mod_status.html
+#
+# Parameters:
+# - $allow_from is an array of hosts, ip addresses, partial network numbers
+# or networks in CIDR notation specifying what hosts can view the special
+# /server-status URL. Defaults to ['127.0.0.1', '::1'].
+# - $extended_status track and display extended status information. Valid
+# values are 'On' or 'Off'. Defaults to 'On'.
+# - $status_path is the path assigned to the Location directive which
+# defines the URL to access the server status. Defaults to '/server-status'.
+#
+# Actions:
+# - Enable and configure Apache mod_status
+#
+# Requires:
+# - The apache class
+#
+# Sample Usage:
+#
+# # Simple usage allowing access from localhost and a private subnet
+# class { 'apache::mod::status':
+# $allow_from => ['127.0.0.1', '10.10.10.10/24'],
+# }
+#
+class apache::mod::status (
+ $allow_from = ['127.0.0.1','::1'],
+ $extended_status = 'On',
+ $apache_version = $::apache::apache_version,
+ $status_path = '/server-status',
+){
+ validate_array($allow_from)
+ validate_re(downcase($extended_status), '^(on|off)$', "${extended_status} is not supported for extended_status. Allowed values are 'On' and 'Off'.")
+ ::apache::mod { 'status': }
+ # Template uses $allow_from, $extended_status, $apache_version, $status_path
+ file { 'status.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/status.conf",
+ content => template('apache/mod/status.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::suexec {
+ ::apache::mod { 'suexec': }
+}
--- /dev/null
+class apache::mod::suphp (
+){
+ ::apache::mod { 'suphp': }
+
+ file {'suphp.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/suphp.conf",
+ content => template('apache/mod/suphp.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
+
--- /dev/null
+class apache::mod::userdir (
+ $home = '/home',
+ $dir = 'public_html',
+ $disable_root = true,
+ $apache_version = $::apache::apache_version,
+ $options = [ 'MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec' ],
+) {
+ ::apache::mod { 'userdir': }
+
+ # Template uses $home, $dir, $disable_root, $apache_version
+ file { 'userdir.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/userdir.conf",
+ content => template('apache/mod/userdir.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+class apache::mod::version(
+ $apache_version = $::apache::apache_version
+) {
+
+ if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) {
+ warning("${module_name}: module version_module is built-in and can't be loaded")
+ } else {
+ ::apache::mod { 'version': }
+ }
+}
--- /dev/null
+class apache::mod::vhost_alias {
+ ::apache::mod { 'vhost_alias': }
+}
--- /dev/null
+class apache::mod::worker (
+ $startservers = '2',
+ $maxclients = '150',
+ $minsparethreads = '25',
+ $maxsparethreads = '75',
+ $threadsperchild = '25',
+ $maxrequestsperchild = '0',
+ $serverlimit = '25',
+ $threadlimit = '64',
+ $apache_version = $::apache::apache_version,
+) {
+ if defined(Class['apache::mod::event']) {
+ fail('May not include both apache::mod::worker and apache::mod::event on the same node')
+ }
+ if defined(Class['apache::mod::itk']) {
+ fail('May not include both apache::mod::worker and apache::mod::itk on the same node')
+ }
+ if defined(Class['apache::mod::peruser']) {
+ fail('May not include both apache::mod::worker and apache::mod::peruser on the same node')
+ }
+ if defined(Class['apache::mod::prefork']) {
+ fail('May not include both apache::mod::worker and apache::mod::prefork on the same node')
+ }
+ File {
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ }
+
+ # Template uses:
+ # - $startservers
+ # - $maxclients
+ # - $minsparethreads
+ # - $maxsparethreads
+ # - $threadsperchild
+ # - $maxrequestsperchild
+ # - $serverlimit
+ # - $threadLimit
+ file { "${::apache::mod_dir}/worker.conf":
+ ensure => file,
+ content => template('apache/mod/worker.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+
+ case $::osfamily {
+ 'redhat': {
+ if versioncmp($apache_version, '2.4') >= 0 {
+ ::apache::mpm{ 'worker':
+ apache_version => $apache_version,
+ }
+ }
+ else {
+ file_line { '/etc/sysconfig/httpd worker enable':
+ ensure => present,
+ path => '/etc/sysconfig/httpd',
+ line => 'HTTPD=/usr/sbin/httpd.worker',
+ match => '#?HTTPD=/usr/sbin/httpd.worker',
+ require => Package['httpd'],
+ notify => Class['apache::service'],
+ }
+ }
+ }
+ 'debian', 'freebsd', 'Suse': {
+ ::apache::mpm{ 'worker':
+ apache_version => $apache_version,
+ }
+ }
+ 'gentoo': {
+ ::portage::makeconf { 'apache2_mpms':
+ content => 'worker',
+ }
+ }
+ default: {
+ fail("Unsupported osfamily ${::osfamily}")
+ }
+ }
+}
--- /dev/null
+class apache::mod::wsgi (
+ $wsgi_socket_prefix = $::apache::params::wsgi_socket_prefix,
+ $wsgi_python_path = undef,
+ $wsgi_python_home = undef,
+ $package_name = undef,
+ $mod_path = undef,
+){
+
+ if ($package_name != undef and $mod_path == undef) or ($package_name == undef and $mod_path != undef) {
+ fail('apache::mod::wsgi - both package_name and mod_path must be specified!')
+ }
+
+ if $package_name != undef {
+ if $mod_path =~ /\// {
+ $_mod_path = $mod_path
+ } else {
+ $_mod_path = "${::apache::lib_path}/${mod_path}"
+ }
+ ::apache::mod { 'wsgi':
+ package => $package_name,
+ path => $_mod_path,
+ }
+ }
+ else {
+ ::apache::mod { 'wsgi': }
+ }
+
+ # Template uses:
+ # - $wsgi_socket_prefix
+ # - $wsgi_python_path
+ # - $wsgi_python_home
+ file {'wsgi.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/wsgi.conf",
+ content => template('apache/mod/wsgi.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
+
--- /dev/null
+class apache::mod::xsendfile {
+ include ::apache::params
+ ::apache::mod { 'xsendfile': }
+}
--- /dev/null
+define apache::mpm (
+ $lib_path = $::apache::lib_path,
+ $apache_version = $::apache::apache_version,
+) {
+ if ! defined(Class['apache']) {
+ fail('You must include the apache base class before using any apache defined resources')
+ }
+
+ $mpm = $name
+ $mod_dir = $::apache::mod_dir
+
+ $_lib = "mod_mpm_${mpm}.so"
+ $_path = "${lib_path}/${_lib}"
+ $_id = "mpm_${mpm}_module"
+
+ if versioncmp($apache_version, '2.4') >= 0 {
+ file { "${mod_dir}/${mpm}.load":
+ ensure => file,
+ path => "${mod_dir}/${mpm}.load",
+ content => "LoadModule ${_id} ${_path}\n",
+ require => [
+ Package['httpd'],
+ Exec["mkdir ${mod_dir}"],
+ ],
+ before => File[$mod_dir],
+ notify => Class['apache::service'],
+ }
+ }
+
+ case $::osfamily {
+ 'debian': {
+ file { "${::apache::mod_enable_dir}/${mpm}.conf":
+ ensure => link,
+ target => "${::apache::mod_dir}/${mpm}.conf",
+ require => Exec["mkdir ${::apache::mod_enable_dir}"],
+ before => File[$::apache::mod_enable_dir],
+ notify => Class['apache::service'],
+ }
+
+ if versioncmp($apache_version, '2.4') >= 0 {
+ file { "${::apache::mod_enable_dir}/${mpm}.load":
+ ensure => link,
+ target => "${::apache::mod_dir}/${mpm}.load",
+ require => Exec["mkdir ${::apache::mod_enable_dir}"],
+ before => File[$::apache::mod_enable_dir],
+ notify => Class['apache::service'],
+ }
+
+ if $mpm == 'itk' {
+ file { "${lib_path}/mod_mpm_itk.so":
+ ensure => link,
+ target => "${lib_path}/mpm_itk.so"
+ }
+ }
+ }
+
+ if versioncmp($apache_version, '2.4') < 0 {
+ package { "apache2-mpm-${mpm}":
+ ensure => present,
+ }
+ }
+ }
+ 'freebsd': {
+ class { '::apache::package':
+ mpm_module => $mpm
+ }
+ }
+ 'redhat': {
+ # so we don't fail
+ }
+ 'Suse': {
+ file { "${::apache::mod_enable_dir}/${mpm}.conf":
+ ensure => link,
+ target => "${::apache::mod_dir}/${mpm}.conf",
+ require => Exec["mkdir ${::apache::mod_enable_dir}"],
+ before => File[$::apache::mod_enable_dir],
+ notify => Class['apache::service'],
+ }
+
+ if versioncmp($apache_version, '2.4') >= 0 {
+ file { "${::apache::mod_enable_dir}/${mpm}.load":
+ ensure => link,
+ target => "${::apache::mod_dir}/${mpm}.load",
+ require => Exec["mkdir ${::apache::mod_enable_dir}"],
+ before => File[$::apache::mod_enable_dir],
+ notify => Class['apache::service'],
+ }
+
+ if $mpm == 'itk' {
+ file { "${lib_path}/mod_mpm_itk.so":
+ ensure => link,
+ target => "${lib_path}/mpm_itk.so"
+ }
+ }
+ }
+
+ if versioncmp($apache_version, '2.4') < 0 {
+ package { "apache2-${mpm}":
+ ensure => present,
+ }
+ }
+ }
+ default: {
+ fail("Unsupported osfamily ${::osfamily}")
+ }
+ }
+}
--- /dev/null
+define apache::namevirtualhost {
+ $addr_port = $name
+
+ # Template uses: $addr_port
+ concat::fragment { "NameVirtualHost ${addr_port}":
+ ensure => present,
+ target => $::apache::ports_file,
+ content => template('apache/namevirtualhost.erb'),
+ }
+}
--- /dev/null
+class apache::package (
+ $ensure = 'present',
+ $mpm_module = $::apache::params::mpm_module,
+) inherits ::apache::params {
+
+ # The base class must be included first because it is used by parameter defaults
+ if ! defined(Class['apache']) {
+ fail('You must include the apache base class before using any apache defined resources')
+ }
+
+ case $::osfamily {
+ 'FreeBSD': {
+ case $mpm_module {
+ 'prefork': {
+ $set = 'MPM_PREFORK'
+ $unset = 'MPM_WORKER MPM_EVENT'
+ }
+ 'worker': {
+ $set = 'MPM_WORKER'
+ $unset = 'MPM_PERFORK MPM_EVENT'
+ }
+ 'event': {
+ $set = 'MPM_EVENT'
+ $unset = 'MPM_PERFORK MPM_WORKER'
+ }
+ 'itk': {
+ $set = undef
+ $unset = undef
+ package { 'www/mod_mpm_itk':
+ ensure => installed,
+ }
+ }
+ default: { fail("MPM module ${mpm_module} not supported on FreeBSD") }
+ }
+
+ # Configure ports to have apache build options set correctly
+ if $set {
+ file_line { 'apache SET options in /etc/make.conf':
+ ensure => $ensure,
+ path => '/etc/make.conf',
+ line => "apache24_SET_FORCE=${set}",
+ match => '^apache24_SET_FORCE=.*',
+ before => Package['httpd'],
+ }
+ file_line { 'apache UNSET options in /etc/make.conf':
+ ensure => $ensure,
+ path => '/etc/make.conf',
+ line => "apache24_UNSET_FORCE=${unset}",
+ match => '^apache24_UNSET_FORCE=.*',
+ before => Package['httpd'],
+ }
+ }
+ $apache_package = $::apache::apache_name
+ }
+ default: {
+ $apache_package = $::apache::apache_name
+ }
+ }
+
+ package { 'httpd':
+ ensure => $ensure,
+ name => $apache_package,
+ notify => Class['Apache::Service'],
+ }
+}
--- /dev/null
+# Class: apache::params
+#
+# This class manages Apache parameters
+#
+# Parameters:
+# - The $user that Apache runs as
+# - The $group that Apache runs as
+# - The $apache_name is the name of the package and service on the relevant
+# distribution
+# - The $php_package is the name of the package that provided PHP
+# - The $ssl_package is the name of the Apache SSL package
+# - The $apache_dev is the name of the Apache development libraries package
+# - The $conf_contents is the contents of the Apache configuration file
+#
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+class apache::params inherits ::apache::version {
+ if($::fqdn) {
+ $servername = $::fqdn
+ } else {
+ $servername = $::hostname
+ }
+
+ # The default error log level
+ $log_level = 'warn'
+ $use_optional_includes = false
+
+ if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' {
+ $verify_command = '/usr/sbin/apache2ctl -t'
+ } else {
+ $verify_command = '/usr/sbin/apachectl -t'
+ }
+ if $::osfamily == 'RedHat' or $::operatingsystem == 'amazon' {
+ $user = 'apache'
+ $group = 'apache'
+ $root_group = 'root'
+ $apache_name = 'httpd'
+ $service_name = 'httpd'
+ $httpd_dir = '/etc/httpd'
+ $server_root = '/etc/httpd'
+ $conf_dir = "${httpd_dir}/conf"
+ $confd_dir = "${httpd_dir}/conf.d"
+ $mod_dir = "${httpd_dir}/conf.d"
+ $mod_enable_dir = undef
+ $vhost_dir = "${httpd_dir}/conf.d"
+ $vhost_enable_dir = undef
+ $conf_file = 'httpd.conf'
+ $ports_file = "${conf_dir}/ports.conf"
+ $logroot = '/var/log/httpd'
+ $logroot_mode = undef
+ $lib_path = 'modules'
+ $mpm_module = 'prefork'
+ $dev_packages = 'httpd-devel'
+ $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt'
+ $default_ssl_key = '/etc/pki/tls/private/localhost.key'
+ $ssl_certs_dir = '/etc/pki/tls/certs'
+ $passenger_conf_file = 'passenger_extra.conf'
+ $passenger_conf_package_file = 'passenger.conf'
+ $passenger_root = undef
+ $passenger_ruby = undef
+ $passenger_default_ruby = undef
+ $suphp_addhandler = 'php5-script'
+ $suphp_engine = 'off'
+ $suphp_configpath = undef
+ # NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide
+ # NOTE: The auth_cas module isn't available to RH/CentOS without enabling EPEL.
+ $mod_packages = {
+ 'auth_cas' => 'mod_auth_cas',
+ 'auth_kerb' => 'mod_auth_kerb',
+ 'authnz_ldap' => $::apache::version::distrelease ? {
+ '7' => 'mod_ldap',
+ default => 'mod_authz_ldap',
+ },
+ 'fastcgi' => 'mod_fastcgi',
+ 'fcgid' => 'mod_fcgid',
+ 'geoip' => 'mod_geoip',
+ 'ldap' => $::apache::version::distrelease ? {
+ '7' => 'mod_ldap',
+ default => undef,
+ },
+ 'pagespeed' => 'mod-pagespeed-stable',
+ 'passenger' => 'mod_passenger',
+ 'perl' => 'mod_perl',
+ 'php5' => $::apache::version::distrelease ? {
+ '5' => 'php53',
+ default => 'php',
+ },
+ 'proxy_html' => 'mod_proxy_html',
+ 'python' => 'mod_python',
+ 'security' => 'mod_security',
+ 'shibboleth' => 'shibboleth',
+ 'ssl' => 'mod_ssl',
+ 'wsgi' => 'mod_wsgi',
+ 'dav_svn' => 'mod_dav_svn',
+ 'suphp' => 'mod_suphp',
+ 'xsendfile' => 'mod_xsendfile',
+ 'nss' => 'mod_nss',
+ 'shib2' => 'shibboleth',
+ }
+ $mod_libs = {
+ 'php5' => 'libphp5.so',
+ 'nss' => 'libmodnss.so',
+ }
+ $conf_template = 'apache/httpd.conf.erb'
+ $keepalive = 'Off'
+ $keepalive_timeout = 15
+ $max_keepalive_requests = 100
+ $fastcgi_lib_path = undef
+ $mime_support_package = 'mailcap'
+ $mime_types_config = '/etc/mime.types'
+ $docroot = '/var/www/html'
+ $error_documents_path = $::apache::version::distrelease ? {
+ '7' => '/usr/share/httpd/error',
+ default => '/var/www/error'
+ }
+ if $::osfamily == 'RedHat' {
+ $wsgi_socket_prefix = '/var/run/wsgi'
+ } else {
+ $wsgi_socket_prefix = undef
+ }
+ $cas_cookie_path = '/var/cache/mod_auth_cas/'
+ $modsec_crs_package = 'mod_security_crs'
+ $modsec_crs_path = '/usr/lib/modsecurity.d'
+ $modsec_dir = '/etc/httpd/modsecurity.d'
+ $modsec_default_rules = [
+ 'base_rules/modsecurity_35_bad_robots.data',
+ 'base_rules/modsecurity_35_scanners.data',
+ 'base_rules/modsecurity_40_generic_attacks.data',
+ 'base_rules/modsecurity_41_sql_injection_attacks.data',
+ 'base_rules/modsecurity_50_outbound.data',
+ 'base_rules/modsecurity_50_outbound_malware.data',
+ 'base_rules/modsecurity_crs_20_protocol_violations.conf',
+ 'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
+ 'base_rules/modsecurity_crs_23_request_limits.conf',
+ 'base_rules/modsecurity_crs_30_http_policy.conf',
+ 'base_rules/modsecurity_crs_35_bad_robots.conf',
+ 'base_rules/modsecurity_crs_40_generic_attacks.conf',
+ 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
+ 'base_rules/modsecurity_crs_41_xss_attacks.conf',
+ 'base_rules/modsecurity_crs_42_tight_security.conf',
+ 'base_rules/modsecurity_crs_45_trojans.conf',
+ 'base_rules/modsecurity_crs_47_common_exceptions.conf',
+ 'base_rules/modsecurity_crs_49_inbound_blocking.conf',
+ 'base_rules/modsecurity_crs_50_outbound.conf',
+ 'base_rules/modsecurity_crs_59_outbound_blocking.conf',
+ 'base_rules/modsecurity_crs_60_correlation.conf'
+ ]
+ } elsif $::osfamily == 'Debian' {
+ $user = 'www-data'
+ $group = 'www-data'
+ $root_group = 'root'
+ $apache_name = 'apache2'
+ $service_name = 'apache2'
+ $httpd_dir = '/etc/apache2'
+ $server_root = '/etc/apache2'
+ $conf_dir = $httpd_dir
+ $confd_dir = "${httpd_dir}/conf.d"
+ $mod_dir = "${httpd_dir}/mods-available"
+ $mod_enable_dir = "${httpd_dir}/mods-enabled"
+ $vhost_dir = "${httpd_dir}/sites-available"
+ $vhost_enable_dir = "${httpd_dir}/sites-enabled"
+ $conf_file = 'apache2.conf'
+ $ports_file = "${conf_dir}/ports.conf"
+ $logroot = '/var/log/apache2'
+ $logroot_mode = undef
+ $lib_path = '/usr/lib/apache2/modules'
+ $mpm_module = 'worker'
+ $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+ $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key'
+ $ssl_certs_dir = '/etc/ssl/certs'
+ $suphp_addhandler = 'x-httpd-php'
+ $suphp_engine = 'off'
+ $suphp_configpath = '/etc/php5/apache2'
+ $mod_packages = {
+ 'auth_cas' => 'libapache2-mod-auth-cas',
+ 'auth_kerb' => 'libapache2-mod-auth-kerb',
+ 'dav_svn' => 'libapache2-svn',
+ 'fastcgi' => 'libapache2-mod-fastcgi',
+ 'fcgid' => 'libapache2-mod-fcgid',
+ 'nss' => 'libapache2-mod-nss',
+ 'pagespeed' => 'mod-pagespeed-stable',
+ 'passenger' => 'libapache2-mod-passenger',
+ 'perl' => 'libapache2-mod-perl2',
+ 'php5' => 'libapache2-mod-php5',
+ 'proxy_html' => 'libapache2-mod-proxy-html',
+ 'python' => 'libapache2-mod-python',
+ 'rpaf' => 'libapache2-mod-rpaf',
+ 'security' => 'libapache2-modsecurity',
+ 'suphp' => 'libapache2-mod-suphp',
+ 'wsgi' => 'libapache2-mod-wsgi',
+ 'xsendfile' => 'libapache2-mod-xsendfile',
+ 'shib2' => 'libapache2-mod-shib2',
+ }
+ $mod_libs = {
+ 'php5' => 'libphp5.so',
+ }
+ $conf_template = 'apache/httpd.conf.erb'
+ $keepalive = 'Off'
+ $keepalive_timeout = 15
+ $max_keepalive_requests = 100
+ $fastcgi_lib_path = '/var/lib/apache2/fastcgi'
+ $mime_support_package = 'mime-support'
+ $mime_types_config = '/etc/mime.types'
+ $docroot = '/var/www'
+ $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/'
+ $modsec_crs_package = 'modsecurity-crs'
+ $modsec_crs_path = '/usr/share/modsecurity-crs'
+ $modsec_dir = '/etc/modsecurity'
+ $modsec_default_rules = [
+ 'base_rules/modsecurity_35_bad_robots.data',
+ 'base_rules/modsecurity_35_scanners.data',
+ 'base_rules/modsecurity_40_generic_attacks.data',
+ 'base_rules/modsecurity_41_sql_injection_attacks.data',
+ 'base_rules/modsecurity_50_outbound.data',
+ 'base_rules/modsecurity_50_outbound_malware.data',
+ 'base_rules/modsecurity_crs_20_protocol_violations.conf',
+ 'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
+ 'base_rules/modsecurity_crs_23_request_limits.conf',
+ 'base_rules/modsecurity_crs_30_http_policy.conf',
+ 'base_rules/modsecurity_crs_35_bad_robots.conf',
+ 'base_rules/modsecurity_crs_40_generic_attacks.conf',
+ 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
+ 'base_rules/modsecurity_crs_41_xss_attacks.conf',
+ 'base_rules/modsecurity_crs_42_tight_security.conf',
+ 'base_rules/modsecurity_crs_45_trojans.conf',
+ 'base_rules/modsecurity_crs_47_common_exceptions.conf',
+ 'base_rules/modsecurity_crs_49_inbound_blocking.conf',
+ 'base_rules/modsecurity_crs_50_outbound.conf',
+ 'base_rules/modsecurity_crs_59_outbound_blocking.conf',
+ 'base_rules/modsecurity_crs_60_correlation.conf'
+ ]
+ $error_documents_path = '/usr/share/apache2/error'
+ if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) {
+ $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev']
+ } else {
+ $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev']
+ }
+
+ #
+ # Passenger-specific settings
+ #
+
+ $passenger_conf_file = 'passenger.conf'
+ $passenger_conf_package_file = undef
+
+ case $::operatingsystem {
+ 'Ubuntu': {
+ case $::lsbdistrelease {
+ '12.04': {
+ $passenger_root = '/usr'
+ $passenger_ruby = '/usr/bin/ruby'
+ $passenger_default_ruby = undef
+ }
+ '14.04': {
+ $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
+ $passenger_ruby = undef
+ $passenger_default_ruby = '/usr/bin/ruby'
+ }
+ default: {
+ # The following settings may or may not work on Ubuntu releases not
+ # supported by this module.
+ $passenger_root = '/usr'
+ $passenger_ruby = '/usr/bin/ruby'
+ $passenger_default_ruby = undef
+ }
+ }
+ }
+ 'Debian': {
+ case $::lsbdistcodename {
+ 'wheezy': {
+ $passenger_root = '/usr'
+ $passenger_ruby = '/usr/bin/ruby'
+ $passenger_default_ruby = undef
+ }
+ 'jessie': {
+ $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
+ $passenger_ruby = undef
+ $passenger_default_ruby = '/usr/bin/ruby'
+ }
+ default: {
+ # The following settings may or may not work on Debian releases not
+ # supported by this module.
+ $passenger_root = '/usr'
+ $passenger_ruby = '/usr/bin/ruby'
+ $passenger_default_ruby = undef
+ }
+ }
+ }
+ }
+ $wsgi_socket_prefix = undef
+ } elsif $::osfamily == 'FreeBSD' {
+ $user = 'www'
+ $group = 'www'
+ $root_group = 'wheel'
+ $apache_name = 'apache24'
+ $service_name = 'apache24'
+ $httpd_dir = '/usr/local/etc/apache24'
+ $server_root = '/usr/local'
+ $conf_dir = $httpd_dir
+ $confd_dir = "${httpd_dir}/Includes"
+ $mod_dir = "${httpd_dir}/Modules"
+ $mod_enable_dir = undef
+ $vhost_dir = "${httpd_dir}/Vhosts"
+ $vhost_enable_dir = undef
+ $conf_file = 'httpd.conf'
+ $ports_file = "${conf_dir}/ports.conf"
+ $logroot = '/var/log/apache24'
+ $logroot_mode = undef
+ $lib_path = '/usr/local/libexec/apache24'
+ $mpm_module = 'prefork'
+ $dev_packages = undef
+ $default_ssl_cert = '/usr/local/etc/apache24/server.crt'
+ $default_ssl_key = '/usr/local/etc/apache24/server.key'
+ $ssl_certs_dir = '/usr/local/etc/apache24'
+ $passenger_conf_file = 'passenger.conf'
+ $passenger_conf_package_file = undef
+ $passenger_root = '/usr/local/lib/ruby/gems/2.0/gems/passenger-4.0.58'
+ $passenger_ruby = '/usr/local/bin/ruby'
+ $passenger_default_ruby = undef
+ $suphp_addhandler = 'php5-script'
+ $suphp_engine = 'off'
+ $suphp_configpath = undef
+ $mod_packages = {
+ # NOTE: I list here only modules that are not included in www/apache24
+ # NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config
+ # NOTE: 'php' needs to enable APACHE option in make config
+ # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config
+ # NOTE: not sure where the shibboleth should come from
+ 'auth_kerb' => 'www/mod_auth_kerb2',
+ 'fcgid' => 'www/mod_fcgid',
+ 'passenger' => 'www/rubygem-passenger',
+ 'perl' => 'www/mod_perl2',
+ 'php5' => 'www/mod_php5',
+ 'proxy_html' => 'www/mod_proxy_html',
+ 'python' => 'www/mod_python3',
+ 'wsgi' => 'www/mod_wsgi',
+ 'dav_svn' => 'devel/subversion',
+ 'xsendfile' => 'www/mod_xsendfile',
+ 'rpaf' => 'www/mod_rpaf2',
+ 'shib2' => 'security/shibboleth2-sp',
+ }
+ $mod_libs = {
+ 'php5' => 'libphp5.so',
+ }
+ $conf_template = 'apache/httpd.conf.erb'
+ $keepalive = 'Off'
+ $keepalive_timeout = 15
+ $max_keepalive_requests = 100
+ $fastcgi_lib_path = undef # TODO: revisit
+ $mime_support_package = 'misc/mime-support'
+ $mime_types_config = '/usr/local/etc/mime.types'
+ $wsgi_socket_prefix = undef
+ $docroot = '/usr/local/www/apache24/data'
+ $error_documents_path = '/usr/local/www/apache24/error'
+ } elsif $::osfamily == 'Gentoo' {
+ $user = 'apache'
+ $group = 'apache'
+ $root_group = 'wheel'
+ $apache_name = 'www-servers/apache'
+ $service_name = 'apache2'
+ $httpd_dir = '/etc/apache2'
+ $server_root = '/var/www'
+ $conf_dir = $httpd_dir
+ $confd_dir = "${httpd_dir}/conf.d"
+ $mod_dir = "${httpd_dir}/modules.d"
+ $mod_enable_dir = undef
+ $vhost_dir = "${httpd_dir}/vhosts.d"
+ $vhost_enable_dir = undef
+ $conf_file = 'httpd.conf'
+ $ports_file = "${conf_dir}/ports.conf"
+ $logroot = '/var/log/apache2'
+ $logroot_mode = undef
+ $lib_path = '/usr/lib/apache2/modules'
+ $mpm_module = 'prefork'
+ $dev_packages = undef
+ $default_ssl_cert = '/etc/ssl/apache2/server.crt'
+ $default_ssl_key = '/etc/ssl/apache2/server.key'
+ $ssl_certs_dir = '/etc/ssl/apache2'
+ $passenger_root = '/usr'
+ $passenger_ruby = '/usr/bin/ruby'
+ $passenger_conf_file = 'passenger.conf'
+ $passenger_conf_package_file = undef
+ $passenger_default_ruby = undef
+ $suphp_addhandler = 'x-httpd-php'
+ $suphp_engine = 'off'
+ $suphp_configpath = '/etc/php5/apache2'
+ $mod_packages = {
+ # NOTE: I list here only modules that are not included in www-servers/apache
+ 'auth_kerb' => 'www-apache/mod_auth_kerb',
+ 'fcgid' => 'www-apache/mod_fcgid',
+ 'passenger' => 'www-apache/passenger',
+ 'perl' => 'www-apache/mod_perl',
+ 'php5' => 'dev-lang/php',
+ 'proxy_html' => 'www-apache/mod_proxy_html',
+ 'proxy_fcgi' => 'www-apache/mod_proxy_fcgi',
+ 'python' => 'www-apache/mod_python',
+ 'wsgi' => 'www-apache/mod_wsgi',
+ 'dav_svn' => 'dev-vcs/subversion',
+ 'xsendfile' => 'www-apache/mod_xsendfile',
+ 'rpaf' => 'www-apache/mod_rpaf',
+ 'xml2enc' => 'www-apache/mod_xml2enc',
+ }
+ $mod_libs = {
+ 'php5' => 'libphp5.so',
+ }
+ $conf_template = 'apache/httpd.conf.erb'
+ $keepalive = 'Off'
+ $keepalive_timeout = 15
+ $max_keepalive_requests = 100
+ $fastcgi_lib_path = undef # TODO: revisit
+ $mime_support_package = 'app-misc/mime-types'
+ $mime_types_config = '/etc/mime.types'
+ $wsgi_socket_prefix = undef
+ $docroot = '/var/www/localhost/htdocs'
+ $error_documents_path = '/usr/share/apache2/error'
+ } elsif $::osfamily == 'Suse' {
+ $user = 'wwwrun'
+ $group = 'wwwrun'
+ $root_group = 'root'
+ $apache_name = 'apache2'
+ $service_name = 'apache2'
+ $httpd_dir = '/etc/apache2'
+ $server_root = '/etc/apache2'
+ $conf_dir = $httpd_dir
+ $confd_dir = "${httpd_dir}/conf.d"
+ $mod_dir = "${httpd_dir}/mods-available"
+ $mod_enable_dir = "${httpd_dir}/mods-enabled"
+ $vhost_dir = "${httpd_dir}/sites-available"
+ $vhost_enable_dir = "${httpd_dir}/sites-enabled"
+ $conf_file = 'httpd.conf'
+ $ports_file = "${conf_dir}/ports.conf"
+ $logroot = '/var/log/apache2'
+ $logroot_mode = undef
+ $lib_path = '/usr/lib64/apache2-prefork/'
+ $mpm_module = 'prefork'
+ $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+ $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key'
+ $ssl_certs_dir = '/etc/ssl/certs'
+ $suphp_addhandler = 'x-httpd-php'
+ $suphp_engine = 'off'
+ $suphp_configpath = '/etc/php5/apache2'
+ $mod_packages = {
+ 'auth_kerb' => 'apache2-mod_auth_kerb',
+ 'fcgid' => 'apache2-mod_fcgid',
+ 'perl' => 'apache2-mod_perl',
+ 'php5' => 'apache2-mod_php53',
+ 'python' => 'apache2-mod_python',
+ }
+ $mod_libs = {
+ 'php5' => 'libphp5.so',
+ }
+ $conf_template = 'apache/httpd.conf.erb'
+ $keepalive = 'Off'
+ $keepalive_timeout = 15
+ $max_keepalive_requests = 100
+ $fastcgi_lib_path = '/var/lib/apache2/fastcgi'
+ $mime_support_package = 'aaa_base'
+ $mime_types_config = '/etc/mime.types'
+ $docroot = '/srv/www'
+ $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/'
+ $error_documents_path = '/usr/share/apache2/error'
+ $dev_packages = ['libapr-util1-devel', 'libapr1-devel']
+
+ #
+ # Passenger-specific settings
+ #
+
+ $passenger_conf_file = 'passenger.conf'
+ $passenger_conf_package_file = undef
+
+ $passenger_root = '/usr'
+ $passenger_ruby = '/usr/bin/ruby'
+ $passenger_default_ruby = undef
+ $wsgi_socket_prefix = undef
+
+ } else {
+ fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}")
+ }
+}
--- /dev/null
+define apache::peruser::multiplexer (
+ $user = $::apache::user,
+ $group = $::apache::group,
+ $file = undef,
+) {
+ if ! $file {
+ $filename = "${name}.conf"
+ } else {
+ $filename = $file
+ }
+ file { "${::apache::mod_dir}/peruser/multiplexers/${filename}":
+ ensure => file,
+ content => "Multiplexer ${user} ${group}\n",
+ require => File["${::apache::mod_dir}/peruser/multiplexers"],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+define apache::peruser::processor (
+ $user,
+ $group,
+ $file = undef,
+) {
+ if ! $file {
+ $filename = "${name}.conf"
+ } else {
+ $filename = $file
+ }
+ file { "${::apache::mod_dir}/peruser/processors/${filename}":
+ ensure => file,
+ content => "Processor ${user} ${group}\n",
+ require => File["${::apache::mod_dir}/peruser/processors"],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+# Class: apache::php
+#
+# This class installs PHP for Apache
+#
+# Parameters:
+# - $php_package
+#
+# Actions:
+# - Install Apache PHP package
+#
+# Requires:
+#
+# Sample Usage:
+#
+class apache::php {
+ warning('apache::php is deprecated; please use apache::mod::php')
+ include ::apache::mod::php
+}
--- /dev/null
+# Class: apache::proxy
+#
+# This class enabled the proxy module for Apache
+#
+# Actions:
+# - Enables Apache Proxy module
+#
+# Requires:
+#
+# Sample Usage:
+#
+class apache::proxy {
+ warning('apache::proxy is deprecated; please use apache::mod::proxy')
+ include ::apache::mod::proxy
+}
--- /dev/null
+# Class: apache::python
+#
+# This class installs Python for Apache
+#
+# Parameters:
+# - $php_package
+#
+# Actions:
+# - Install Apache Python package
+#
+# Requires:
+#
+# Sample Usage:
+#
+class apache::python {
+ warning('apache::python is deprecated; please use apache::mod::python')
+ include ::apache::mod::python
+}
--- /dev/null
+define apache::security::rule_link () {
+
+ $parts = split($title, '/')
+ $filename = $parts[-1]
+
+ file { $filename:
+ ensure => 'link',
+ path => "${::apache::mod::security::modsec_dir}/activated_rules/${filename}",
+ target => "${::apache::params::modsec_crs_path}/${title}",
+ require => File["${::apache::mod::security::modsec_dir}/activated_rules"],
+ notify => Class['apache::service'],
+ }
+}
--- /dev/null
+# Class: apache::service
+#
+# Manages the Apache daemon
+#
+# Parameters:
+#
+# Actions:
+# - Manage Apache service
+#
+# Requires:
+#
+# Sample Usage:
+#
+# sometype { 'foo':
+# notify => Class['apache::service'],
+# }
+#
+#
+class apache::service (
+ $service_name = $::apache::params::service_name,
+ $service_enable = true,
+ $service_ensure = 'running',
+ $service_manage = true,
+ $service_restart = undef
+) {
+ # The base class must be included first because parameter defaults depend on it
+ if ! defined(Class['apache::params']) {
+ fail('You must include the apache::params class before using any apache defined resources')
+ }
+ validate_bool($service_enable)
+ validate_bool($service_manage)
+
+ case $service_ensure {
+ true, false, 'running', 'stopped': {
+ $_service_ensure = $service_ensure
+ }
+ default: {
+ $_service_ensure = undef
+ }
+ }
+ if $service_manage {
+ service { 'httpd':
+ ensure => $_service_ensure,
+ name => $service_name,
+ enable => $service_enable,
+ restart => $service_restart
+ }
+ }
+}
--- /dev/null
+# Class: apache::ssl
+#
+# This class installs Apache SSL capabilities
+#
+# Parameters:
+# - The $ssl_package name from the apache::params class
+#
+# Actions:
+# - Install Apache SSL capabilities
+#
+# Requires:
+#
+# Sample Usage:
+#
+class apache::ssl {
+ warning('apache::ssl is deprecated; please use apache::mod::ssl')
+ include ::apache::mod::ssl
+}
--- /dev/null
+# Class: apache::version
+#
+# Try to automatically detect the version by OS
+#
+class apache::version {
+ # This will be 5 or 6 on RedHat, 6 or wheezy on Debian, 12 or quantal on Ubuntu, etc.
+ $osr_array = split($::operatingsystemrelease,'[\/\.]')
+ $distrelease = $osr_array[0]
+ if ! $distrelease {
+ fail("Class['apache::version']: Unparsable \$::operatingsystemrelease: ${::operatingsystemrelease}")
+ }
+
+ case $::osfamily {
+ 'RedHat': {
+ if ($::operatingsystem == 'Amazon') {
+ $default = '2.2'
+ } elsif ($::operatingsystem == 'Fedora' and versioncmp($distrelease, '18') >= 0) or ($::operatingsystem != 'Fedora' and versioncmp($distrelease, '7') >= 0) {
+ $default = '2.4'
+ } else {
+ $default = '2.2'
+ }
+ }
+ 'Debian': {
+ if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0 {
+ $default = '2.4'
+ } elsif $::operatingsystem == 'Debian' and versioncmp($distrelease, '8') >= 0 {
+ $default = '2.4'
+ } else {
+ $default = '2.2'
+ }
+ }
+ 'FreeBSD': {
+ $default = '2.4'
+ }
+ 'Gentoo': {
+ $default = '2.4'
+ }
+ 'Suse': {
+ $default = '2.2'
+ }
+ default: {
+ fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}")
+ }
+ }
+}
--- /dev/null
+# See README.md for usage information
+define apache::vhost(
+ $docroot,
+ $manage_docroot = true,
+ $virtual_docroot = false,
+ $port = undef,
+ $ip = undef,
+ $ip_based = false,
+ $add_listen = true,
+ $docroot_owner = 'root',
+ $docroot_group = $::apache::params::root_group,
+ $docroot_mode = undef,
+ $serveradmin = undef,
+ $ssl = false,
+ $ssl_cert = $::apache::default_ssl_cert,
+ $ssl_key = $::apache::default_ssl_key,
+ $ssl_chain = $::apache::default_ssl_chain,
+ $ssl_ca = $::apache::default_ssl_ca,
+ $ssl_crl_path = $::apache::default_ssl_crl_path,
+ $ssl_crl = $::apache::default_ssl_crl,
+ $ssl_crl_check = $::apache::default_ssl_crl_check,
+ $ssl_certs_dir = $::apache::params::ssl_certs_dir,
+ $ssl_protocol = undef,
+ $ssl_cipher = undef,
+ $ssl_honorcipherorder = undef,
+ $ssl_verify_client = undef,
+ $ssl_verify_depth = undef,
+ $ssl_options = undef,
+ $ssl_proxyengine = false,
+ $priority = undef,
+ $default_vhost = false,
+ $servername = $name,
+ $serveraliases = [],
+ $options = ['Indexes','FollowSymLinks','MultiViews'],
+ $override = ['None'],
+ $directoryindex = '',
+ $vhost_name = '*',
+ $logroot = $::apache::logroot,
+ $logroot_ensure = 'directory',
+ $logroot_mode = undef,
+ $log_level = undef,
+ $access_log = true,
+ $access_log_file = false,
+ $access_log_pipe = false,
+ $access_log_syslog = false,
+ $access_log_format = false,
+ $access_log_env_var = false,
+ $access_logs = undef,
+ $aliases = undef,
+ $directories = undef,
+ $error_log = true,
+ $error_log_file = undef,
+ $error_log_pipe = undef,
+ $error_log_syslog = undef,
+ $error_documents = [],
+ $fallbackresource = undef,
+ $scriptalias = undef,
+ $scriptaliases = [],
+ $proxy_dest = undef,
+ $proxy_dest_match = undef,
+ $proxy_dest_reverse_match = undef,
+ $proxy_pass = undef,
+ $proxy_pass_match = undef,
+ $suphp_addhandler = $::apache::params::suphp_addhandler,
+ $suphp_engine = $::apache::params::suphp_engine,
+ $suphp_configpath = $::apache::params::suphp_configpath,
+ $php_flags = {},
+ $php_values = {},
+ $php_admin_flags = {},
+ $php_admin_values = {},
+ $no_proxy_uris = [],
+ $no_proxy_uris_match = [],
+ $proxy_preserve_host = false,
+ $proxy_error_override = false,
+ $redirect_source = '/',
+ $redirect_dest = undef,
+ $redirect_status = undef,
+ $redirectmatch_status = undef,
+ $redirectmatch_regexp = undef,
+ $redirectmatch_dest = undef,
+ $rack_base_uris = undef,
+ $headers = undef,
+ $request_headers = undef,
+ $rewrites = undef,
+ $rewrite_base = undef,
+ $rewrite_rule = undef,
+ $rewrite_cond = undef,
+ $setenv = [],
+ $setenvif = [],
+ $block = [],
+ $ensure = 'present',
+ $wsgi_application_group = undef,
+ $wsgi_daemon_process = undef,
+ $wsgi_daemon_process_options = undef,
+ $wsgi_import_script = undef,
+ $wsgi_import_script_options = undef,
+ $wsgi_process_group = undef,
+ $wsgi_script_aliases = undef,
+ $wsgi_pass_authorization = undef,
+ $wsgi_chunked_request = undef,
+ $custom_fragment = undef,
+ $itk = undef,
+ $action = undef,
+ $fastcgi_server = undef,
+ $fastcgi_socket = undef,
+ $fastcgi_dir = undef,
+ $additional_includes = [],
+ $apache_version = $::apache::apache_version,
+ $allow_encoded_slashes = undef,
+ $suexec_user_group = undef,
+ $passenger_app_root = undef,
+ $passenger_app_env = undef,
+ $passenger_ruby = undef,
+ $passenger_min_instances = undef,
+ $passenger_start_timeout = undef,
+ $passenger_pre_start = undef,
+ $add_default_charset = undef,
+ $modsec_disable_vhost = undef,
+ $modsec_disable_ids = undef,
+ $modsec_disable_ips = undef,
+ $modsec_body_limit = undef,
+) {
+ # The base class must be included first because it is used by parameter defaults
+ if ! defined(Class['apache']) {
+ fail('You must include the apache base class before using any apache defined resources')
+ }
+
+ $apache_name = $::apache::apache_name
+
+ validate_re($ensure, '^(present|absent)$',
+ "${ensure} is not supported for ensure.
+ Allowed values are 'present' and 'absent'.")
+ validate_re($suphp_engine, '^(on|off)$',
+ "${suphp_engine} is not supported for suphp_engine.
+ Allowed values are 'on' and 'off'.")
+ validate_bool($ip_based)
+ validate_bool($access_log)
+ validate_bool($error_log)
+ validate_bool($ssl)
+ validate_bool($default_vhost)
+ validate_bool($ssl_proxyengine)
+ if $rewrites {
+ validate_array($rewrites)
+ validate_hash($rewrites[0])
+ }
+
+ # Input validation begins
+
+ if $suexec_user_group {
+ validate_re($suexec_user_group, '^\w+ \w+$',
+ "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.")
+ }
+
+ if $wsgi_pass_authorization {
+ validate_re(downcase($wsgi_pass_authorization), '^(on|off)$',
+ "${wsgi_pass_authorization} is not supported for wsgi_pass_authorization.
+ Allowed values are 'on' and 'off'.")
+ }
+
+ # Deprecated backwards-compatibility
+ if $rewrite_base {
+ warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites')
+ }
+ if $rewrite_rule {
+ warning('Apache::Vhost: parameter rewrite_rule is deprecated in favor of rewrites')
+ }
+ if $rewrite_cond {
+ warning('Apache::Vhost parameter rewrite_cond is deprecated in favor of rewrites')
+ }
+
+ if $wsgi_script_aliases {
+ validate_hash($wsgi_script_aliases)
+ }
+ if $wsgi_daemon_process_options {
+ validate_hash($wsgi_daemon_process_options)
+ }
+ if $wsgi_import_script_options {
+ validate_hash($wsgi_import_script_options)
+ }
+ if $itk {
+ validate_hash($itk)
+ }
+
+ validate_re($logroot_ensure, '^(directory|absent)$',
+ "${logroot_ensure} is not supported for logroot_ensure.
+ Allowed values are 'directory' and 'absent'.")
+
+ if $log_level {
+ validate_apache_log_level($log_level)
+ }
+
+ if $access_log_file and $access_log_pipe {
+ fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time")
+ }
+
+ if $error_log_file and $error_log_pipe {
+ fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time")
+ }
+
+ if $fallbackresource {
+ validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")')
+ }
+
+ if $custom_fragment {
+ validate_string($custom_fragment)
+ }
+
+ if $allow_encoded_slashes {
+ validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.")
+ }
+
+ # Input validation ends
+
+ if $ssl and $ensure == 'present' {
+ include ::apache::mod::ssl
+ # Required for the AddType lines.
+ include ::apache::mod::mime
+ }
+
+ if $virtual_docroot {
+ include ::apache::mod::vhost_alias
+ }
+
+ if $wsgi_daemon_process {
+ include ::apache::mod::wsgi
+ }
+
+ if $suexec_user_group {
+ include ::apache::mod::suexec
+ }
+
+ if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start {
+ include ::apache::mod::passenger
+ }
+
+ # Configure the defaultness of a vhost
+ if $priority {
+ $priority_real = "${priority}-"
+ } elsif $priority == false {
+ $priority_real = ''
+ } elsif $default_vhost {
+ $priority_real = '10-'
+ } else {
+ $priority_real = '25-'
+ }
+
+ ## Apache include does not always work with spaces in the filename
+ $filename = regsubst($name, ' ', '_', 'G')
+
+ # This ensures that the docroot exists
+ # But enables it to be specified across multiple vhost resources
+ if ! defined(File[$docroot]) and $manage_docroot {
+ file { $docroot:
+ ensure => directory,
+ owner => $docroot_owner,
+ group => $docroot_group,
+ mode => $docroot_mode,
+ require => Package['httpd'],
+ before => Concat["${priority_real}${filename}.conf"],
+ }
+ }
+
+ # Same as above, but for logroot
+ if ! defined(File[$logroot]) {
+ file { $logroot:
+ ensure => $logroot_ensure,
+ mode => $logroot_mode,
+ require => Package['httpd'],
+ before => Concat["${priority_real}${filename}.conf"],
+ }
+ }
+
+
+ # Is apache::mod::passenger enabled (or apache::mod['passenger'])
+ $passenger_enabled = defined(Apache::Mod['passenger'])
+
+ # Is apache::mod::shib enabled (or apache::mod['shib2'])
+ $shibboleth_enabled = defined(Apache::Mod['shib2'])
+
+ if $access_log and !$access_logs {
+ if $access_log_file {
+ $_logs_dest = "${logroot}/${access_log_file}"
+ } elsif $access_log_pipe {
+ $_logs_dest = $access_log_pipe
+ } elsif $access_log_syslog {
+ $_logs_dest = $access_log_syslog
+ } else {
+ $_logs_dest = undef
+ }
+ $_access_logs = [{
+ 'file' => $access_log_file,
+ 'pipe' => $access_log_pipe,
+ 'syslog' => $access_log_syslog,
+ 'format' => $access_log_format,
+ 'env' => $access_log_env_var
+ }]
+ } elsif $access_logs {
+ if !is_array($access_logs) {
+ fail("Apache::Vhost[${name}]: access_logs must be an array of hashes")
+ }
+ $_access_logs = $access_logs
+ }
+
+ if $error_log_file {
+ $error_log_destination = "${logroot}/${error_log_file}"
+ } elsif $error_log_pipe {
+ $error_log_destination = $error_log_pipe
+ } elsif $error_log_syslog {
+ $error_log_destination = $error_log_syslog
+ } else {
+ if $ssl {
+ $error_log_destination = "${logroot}/${name}_error_ssl.log"
+ } else {
+ $error_log_destination = "${logroot}/${name}_error.log"
+ }
+ }
+
+ if $ip {
+ if $port {
+ $listen_addr_port = "${ip}:${port}"
+ $nvh_addr_port = "${ip}:${port}"
+ } else {
+ $listen_addr_port = undef
+ $nvh_addr_port = $ip
+ if ! $servername and ! $ip_based {
+ fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts")
+ }
+ }
+ } else {
+ if $port {
+ $listen_addr_port = $port
+ $nvh_addr_port = "${vhost_name}:${port}"
+ } else {
+ $listen_addr_port = undef
+ $nvh_addr_port = $name
+ if ! $servername {
+ fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter")
+ }
+ }
+ }
+ if $add_listen {
+ if $ip and defined(Apache::Listen["${port}"]) {
+ fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this")
+ }
+ if ! defined(Apache::Listen["${listen_addr_port}"]) and $listen_addr_port and $ensure == 'present' {
+ ::apache::listen { "${listen_addr_port}": }
+ }
+ }
+ if ! $ip_based {
+ if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) and $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) {
+ ::apache::namevirtualhost { $nvh_addr_port: }
+ }
+ }
+
+ # Load mod_rewrite if needed and not yet loaded
+ if $rewrites or $rewrite_cond {
+ if ! defined(Class['apache::mod::rewrite']) {
+ include ::apache::mod::rewrite
+ }
+ }
+
+ # Load mod_alias if needed and not yet loaded
+ if ($scriptalias or $scriptaliases != []) or ($redirect_source and $redirect_dest) {
+ if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') {
+ include ::apache::mod::alias
+ }
+ }
+
+ # Load mod_proxy if needed and not yet loaded
+ if ($proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match) {
+ if ! defined(Class['apache::mod::proxy']) {
+ include ::apache::mod::proxy
+ }
+ if ! defined(Class['apache::mod::proxy_http']) {
+ include ::apache::mod::proxy_http
+ }
+ }
+
+ # Load mod_passenger if needed and not yet loaded
+ if $rack_base_uris {
+ if ! defined(Class['apache::mod::passenger']) {
+ include ::apache::mod::passenger
+ }
+ }
+
+ # Load mod_fastci if needed and not yet loaded
+ if $fastcgi_server and $fastcgi_socket {
+ if ! defined(Class['apache::mod::fastcgi']) {
+ include ::apache::mod::fastcgi
+ }
+ }
+
+ # Check if mod_headers is required to process $headers/$request_headers
+ if $headers or $request_headers {
+ if ! defined(Class['apache::mod::headers']) {
+ include ::apache::mod::headers
+ }
+ }
+
+ if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) {
+ if ! defined(Class['apache::mod::setenvif']) {
+ include ::apache::mod::setenvif
+ }
+ }
+
+ ## Create a default directory list if none defined
+ if $directories {
+ if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) {
+ fail("Apache::Vhost[${name}]: 'directories' must be either a Hash or an Array of Hashes")
+ }
+ $_directories = $directories
+ } else {
+ $_directory = {
+ provider => 'directory',
+ path => $docroot,
+ options => $options,
+ allow_override => $override,
+ directoryindex => $directoryindex,
+ }
+
+ if versioncmp($apache_version, '2.4') >= 0 {
+ $_directory_version = {
+ require => 'all granted',
+ }
+ } else {
+ $_directory_version = {
+ order => 'allow,deny',
+ allow => 'from all',
+ }
+ }
+
+ $_directories = [ merge($_directory, $_directory_version) ]
+ }
+
+ ## Create a global LocationMatch if locations aren't defined
+ if $modsec_disable_ids {
+ if is_hash($modsec_disable_ids) {
+ $_modsec_disable_ids = $modsec_disable_ids
+ } elsif is_array($modsec_disable_ids) {
+ $_modsec_disable_ids = { '.*' => $modsec_disable_ids }
+ } else {
+ fail("Apache::Vhost[${name}]: 'modsec_disable_ids' must be either a Hash of location/IDs or an Array of IDs")
+ }
+ }
+
+ concat { "${priority_real}${filename}.conf":
+ ensure => $ensure,
+ path => "${::apache::vhost_dir}/${priority_real}${filename}.conf",
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ order => 'numeric',
+ require => Package['httpd'],
+ notify => Class['apache::service'],
+ }
+ if $::apache::vhost_enable_dir {
+ $vhost_enable_dir = $::apache::vhost_enable_dir
+ $vhost_symlink_ensure = $ensure ? {
+ present => link,
+ default => $ensure,
+ }
+ file{ "${priority_real}${filename}.conf symlink":
+ ensure => $vhost_symlink_ensure,
+ path => "${vhost_enable_dir}/${priority_real}${filename}.conf",
+ target => "${::apache::vhost_dir}/${priority_real}${filename}.conf",
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ require => Concat["${priority_real}${filename}.conf"],
+ notify => Class['apache::service'],
+ }
+ }
+
+ # Template uses:
+ # - $nvh_addr_port
+ # - $servername
+ # - $serveradmin
+ concat::fragment { "${name}-apache-header":
+ target => "${priority_real}${filename}.conf",
+ order => 0,
+ content => template('apache/vhost/_file_header.erb'),
+ }
+
+ # Template uses:
+ # - $virtual_docroot
+ # - $docroot
+ concat::fragment { "${name}-docroot":
+ target => "${priority_real}${filename}.conf",
+ order => 10,
+ content => template('apache/vhost/_docroot.erb'),
+ }
+
+ # Template uses:
+ # - $aliases
+ if $aliases and ! empty($aliases) {
+ concat::fragment { "${name}-aliases":
+ target => "${priority_real}${filename}.conf",
+ order => 20,
+ content => template('apache/vhost/_aliases.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $itk
+ # - $::kernelversion
+ if $itk and ! empty($itk) {
+ concat::fragment { "${name}-itk":
+ target => "${priority_real}${filename}.conf",
+ order => 30,
+ content => template('apache/vhost/_itk.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $fallbackresource
+ if $fallbackresource {
+ concat::fragment { "${name}-fallbackresource":
+ target => "${priority_real}${filename}.conf",
+ order => 40,
+ content => template('apache/vhost/_fallbackresource.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $allow_encoded_slashes
+ if $allow_encoded_slashes {
+ concat::fragment { "${name}-allow_encoded_slashes":
+ target => "${priority_real}${filename}.conf",
+ order => 50,
+ content => template('apache/vhost/_allow_encoded_slashes.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $_directories
+ # - $docroot
+ # - $apache_version
+ # - $suphp_engine
+ # - $shibboleth_enabled
+ if $_directories and ! empty($_directories) {
+ concat::fragment { "${name}-directories":
+ target => "${priority_real}${filename}.conf",
+ order => 60,
+ content => template('apache/vhost/_directories.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $additional_includes
+ if $additional_includes and ! empty($additional_includes) {
+ concat::fragment { "${name}-additional_includes":
+ target => "${priority_real}${filename}.conf",
+ order => 70,
+ content => template('apache/vhost/_additional_includes.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $error_log
+ # - $log_level
+ # - $error_log_destination
+ # - $log_level
+ if $error_log or $log_level {
+ concat::fragment { "${name}-logging":
+ target => "${priority_real}${filename}.conf",
+ order => 80,
+ content => template('apache/vhost/_logging.erb'),
+ }
+ }
+
+ # Template uses no variables
+ concat::fragment { "${name}-serversignature":
+ target => "${priority_real}${filename}.conf",
+ order => 90,
+ content => template('apache/vhost/_serversignature.erb'),
+ }
+
+ # Template uses:
+ # - $access_log
+ # - $_access_log_env_var
+ # - $access_log_destination
+ # - $_access_log_format
+ # - $_access_log_env_var
+ # - $access_logs
+ if $access_log or $access_logs {
+ concat::fragment { "${name}-access_log":
+ target => "${priority_real}${filename}.conf",
+ order => 100,
+ content => template('apache/vhost/_access_log.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $action
+ if $action {
+ concat::fragment { "${name}-action":
+ target => "${priority_real}${filename}.conf",
+ order => 110,
+ content => template('apache/vhost/_action.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $block
+ # - $apache_version
+ if $block and ! empty($block) {
+ concat::fragment { "${name}-block":
+ target => "${priority_real}${filename}.conf",
+ order => 120,
+ content => template('apache/vhost/_block.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $error_documents
+ if $error_documents and ! empty($error_documents) {
+ concat::fragment { "${name}-error_document":
+ target => "${priority_real}${filename}.conf",
+ order => 130,
+ content => template('apache/vhost/_error_document.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $proxy_dest
+ # - $proxy_pass
+ # - $proxy_pass_match
+ # - $proxy_preserve_host
+ # - $no_proxy_uris
+ if $proxy_dest or $proxy_pass or $proxy_pass_match {
+ concat::fragment { "${name}-proxy":
+ target => "${priority_real}${filename}.conf",
+ order => 140,
+ content => template('apache/vhost/_proxy.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $rack_base_uris
+ if $rack_base_uris {
+ concat::fragment { "${name}-rack":
+ target => "${priority_real}${filename}.conf",
+ order => 150,
+ content => template('apache/vhost/_rack.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $redirect_source
+ # - $redirect_dest
+ # - $redirect_status
+ # - $redirect_dest_a
+ # - $redirect_source_a
+ # - $redirect_status_a
+ # - $redirectmatch_status
+ # - $redirectmatch_regexp
+ # - $redirectmatch_dest
+ # - $redirectmatch_status_a
+ # - $redirectmatch_regexp_a
+ # - $redirectmatch_dest
+ if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) {
+ concat::fragment { "${name}-redirect":
+ target => "${priority_real}${filename}.conf",
+ order => 160,
+ content => template('apache/vhost/_redirect.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $rewrites
+ # - $rewrite_base
+ # - $rewrite_rule
+ # - $rewrite_cond
+ # - $rewrite_map
+ if $rewrites or $rewrite_rule {
+ concat::fragment { "${name}-rewrite":
+ target => "${priority_real}${filename}.conf",
+ order => 170,
+ content => template('apache/vhost/_rewrite.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $scriptaliases
+ # - $scriptalias
+ if ( $scriptalias or $scriptaliases != [] ) {
+ concat::fragment { "${name}-scriptalias":
+ target => "${priority_real}${filename}.conf",
+ order => 180,
+ content => template('apache/vhost/_scriptalias.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $serveraliases
+ if $serveraliases and ! empty($serveraliases) {
+ concat::fragment { "${name}-serveralias":
+ target => "${priority_real}${filename}.conf",
+ order => 190,
+ content => template('apache/vhost/_serveralias.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $setenv
+ # - $setenvif
+ if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) {
+ concat::fragment { "${name}-setenv":
+ target => "${priority_real}${filename}.conf",
+ order => 200,
+ content => template('apache/vhost/_setenv.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $ssl
+ # - $ssl_cert
+ # - $ssl_key
+ # - $ssl_chain
+ # - $ssl_certs_dir
+ # - $ssl_ca
+ # - $ssl_crl_path
+ # - $ssl_crl
+ # - $ssl_crl_check
+ # - $ssl_proxyengine
+ # - $ssl_protocol
+ # - $ssl_cipher
+ # - $ssl_honorcipherorder
+ # - $ssl_verify_client
+ # - $ssl_verify_depth
+ # - $ssl_options
+ # - $apache_version
+ if $ssl {
+ concat::fragment { "${name}-ssl":
+ target => "${priority_real}${filename}.conf",
+ order => 210,
+ content => template('apache/vhost/_ssl.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $suphp_engine
+ # - $suphp_addhandler
+ # - $suphp_configpath
+ if $suphp_engine == 'on' {
+ concat::fragment { "${name}-suphp":
+ target => "${priority_real}${filename}.conf",
+ order => 220,
+ content => template('apache/vhost/_suphp.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $php_values
+ # - $php_flags
+ if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) {
+ concat::fragment { "${name}-php":
+ target => "${priority_real}${filename}.conf",
+ order => 220,
+ content => template('apache/vhost/_php.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $php_admin_values
+ # - $php_admin_flags
+ if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) {
+ concat::fragment { "${name}-php_admin":
+ target => "${priority_real}${filename}.conf",
+ order => 230,
+ content => template('apache/vhost/_php_admin.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $headers
+ if $headers and ! empty($headers) {
+ concat::fragment { "${name}-header":
+ target => "${priority_real}${filename}.conf",
+ order => 240,
+ content => template('apache/vhost/_header.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $request_headers
+ if $request_headers and ! empty($request_headers) {
+ concat::fragment { "${name}-requestheader":
+ target => "${priority_real}${filename}.conf",
+ order => 250,
+ content => template('apache/vhost/_requestheader.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $wsgi_application_group
+ # - $wsgi_daemon_process
+ # - $wsgi_daemon_process_options
+ # - $wsgi_import_script
+ # - $wsgi_import_script_options
+ # - $wsgi_process_group
+ # - $wsgi_script_aliases
+ # - $wsgi_pass_authorization
+ if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization {
+ concat::fragment { "${name}-wsgi":
+ target => "${priority_real}${filename}.conf",
+ order => 260,
+ content => template('apache/vhost/_wsgi.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $custom_fragment
+ if $custom_fragment {
+ concat::fragment { "${name}-custom_fragment":
+ target => "${priority_real}${filename}.conf",
+ order => 270,
+ content => template('apache/vhost/_custom_fragment.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $fastcgi_server
+ # - $fastcgi_socket
+ # - $fastcgi_dir
+ # - $apache_version
+ if $fastcgi_server or $fastcgi_dir {
+ concat::fragment { "${name}-fastcgi":
+ target => "${priority_real}${filename}.conf",
+ order => 280,
+ content => template('apache/vhost/_fastcgi.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $suexec_user_group
+ if $suexec_user_group {
+ concat::fragment { "${name}-suexec":
+ target => "${priority_real}${filename}.conf",
+ order => 290,
+ content => template('apache/vhost/_suexec.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $passenger_app_root
+ # - $passenger_app_env
+ # - $passenger_ruby
+ # - $passenger_min_instances
+ # - $passenger_start_timeout
+ # - $passenger_pre_start
+ if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start {
+ concat::fragment { "${name}-passenger":
+ target => "${priority_real}${filename}.conf",
+ order => 300,
+ content => template('apache/vhost/_passenger.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $add_default_charset
+ if $add_default_charset {
+ concat::fragment { "${name}-charsets":
+ target => "${priority_real}${filename}.conf",
+ order => 310,
+ content => template('apache/vhost/_charsets.erb'),
+ }
+ }
+
+ # Template uses:
+ # - $modsec_disable_vhost
+ # - $modsec_disable_ids
+ # - $modsec_disable_ips
+ # - $modsec_body_limit
+ if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips {
+ concat::fragment { "${name}-security":
+ target => "${priority_real}${filename}.conf",
+ order => 320,
+ content => template('apache/vhost/_security.erb')
+ }
+ }
+
+ # Template uses no variables
+ concat::fragment { "${name}-file_footer":
+ target => "${priority_real}${filename}.conf",
+ order => 999,
+ content => template('apache/vhost/_file_footer.erb'),
+ }
+}
--- /dev/null
+{
+ "name": "puppetlabs-apache",
+ "version": "1.5.0",
+ "author": "puppetlabs",
+ "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.",
+ "license": "Apache-2.0",
+ "source": "git://github.com/puppetlabs/puppetlabs-apache.git",
+ "project_page": "https://github.com/puppetlabs/puppetlabs-apache",
+ "issues_url": "https://tickets.puppetlabs.com/browse/MODULES",
+ "operatingsystem_support": [
+ {
+ "operatingsystem": "RedHat",
+ "operatingsystemrelease": [
+ "5",
+ "6",
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "CentOS",
+ "operatingsystemrelease": [
+ "5",
+ "6",
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "OracleLinux",
+ "operatingsystemrelease": [
+ "6",
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "Scientific",
+ "operatingsystemrelease": [
+ "5",
+ "6",
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "Debian",
+ "operatingsystemrelease": [
+ "6",
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "SLES",
+ "operatingsystemrelease": [
+ "11 SP1"
+ ]
+ },
+ {
+ "operatingsystem": "Ubuntu",
+ "operatingsystemrelease": [
+ "10.04",
+ "12.04",
+ "14.04"
+ ]
+ }
+ ],
+ "requirements": [
+ {
+ "name": "pe",
+ "version_requirement": ">= 3.7.0 < 4.0.0"
+ },
+ {
+ "name": "puppet",
+ "version_requirement": "3.x"
+ }
+ ],
+ "description": "Module for Apache configuration",
+ "dependencies": [
+ {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"},
+ {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 2.0.0"}
+ ]
+}
--- /dev/null
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache parameters', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ # Currently this test only does something on FreeBSD.
+ describe 'default_confd_files => false' do
+ it 'doesnt do anything' do
+ pp = "class { 'apache': default_confd_files => false }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ if fact('osfamily') == 'FreeBSD'
+ describe file("#{$confd_dir}/no-accf.conf.erb") do
+ it { is_expected.not_to be_file }
+ end
+ end
+ end
+ describe 'default_confd_files => true' do
+ it 'copies conf.d files' do
+ pp = "class { 'apache': default_confd_files => true }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ if fact('osfamily') == 'FreeBSD'
+ describe file("#{$confd_dir}/no-accf.conf.erb") do
+ it { is_expected.to be_file }
+ end
+ end
+ end
+
+ describe 'when set adds a listen statement' do
+ it 'applys cleanly' do
+ pp = "class { 'apache': ip => '10.1.1.1', service_ensure => stopped }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file($ports_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'Listen 10.1.1.1' }
+ end
+ end
+
+ describe 'service tests => true' do
+ it 'starts the service' do
+ pp = <<-EOS
+ class { 'apache':
+ service_enable => true,
+ service_manage => true,
+ service_ensure => running,
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service($service_name) do
+ it { is_expected.to be_running }
+ it { is_expected.to be_enabled }
+ end
+ end
+
+ describe 'service tests => false' do
+ it 'stops the service' do
+ pp = <<-EOS
+ class { 'apache':
+ service_enable => false,
+ service_ensure => stopped,
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service($service_name) do
+ it { is_expected.not_to be_running }
+ it { is_expected.not_to be_enabled }
+ end
+ end
+
+ describe 'service manage => false' do
+ it 'we dont manage the service, so it shouldnt start the service' do
+ pp = <<-EOS
+ class { 'apache':
+ service_enable => true,
+ service_manage => false,
+ service_ensure => true,
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service($service_name) do
+ it { is_expected.not_to be_running }
+ it { is_expected.not_to be_enabled }
+ end
+ end
+
+ describe 'purge parameters => false' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache':
+ purge_configs => false,
+ purge_vhost_dir => false,
+ vhost_dir => "#{$confd_dir}.vhosts"
+ }
+ EOS
+ shell("touch #{$confd_dir}/test.conf")
+ shell("mkdir -p #{$confd_dir}.vhosts && touch #{$confd_dir}.vhosts/test.conf")
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ # Ensure the files didn't disappear.
+ describe file("#{$confd_dir}/test.conf") do
+ it { is_expected.to be_file }
+ end
+ describe file("#{$confd_dir}.vhosts/test.conf") do
+ it { is_expected.to be_file }
+ end
+ end
+
+ if fact('osfamily') != 'Debian'
+ describe 'purge parameters => true' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache':
+ purge_configs => true,
+ purge_vhost_dir => true,
+ vhost_dir => "#{$confd_dir}.vhosts"
+ }
+ EOS
+ shell("touch #{$confd_dir}/test.conf")
+ shell("mkdir -p #{$confd_dir}.vhosts && touch #{$confd_dir}.vhosts/test.conf")
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ # File should be gone
+ describe file("#{$confd_dir}/test.conf") do
+ it { is_expected.not_to be_file }
+ end
+ describe file("#{$confd_dir}.vhosts/test.conf") do
+ it { is_expected.not_to be_file }
+ end
+ end
+ end
+
+ describe 'serveradmin' do
+ it 'applies cleanly' do
+ pp = "class { 'apache': serveradmin => 'test@example.com' }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file($vhost) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'ServerAdmin test@example.com' }
+ end
+ end
+
+ describe 'sendfile' do
+ describe 'setup' do
+ it 'applies cleanly' do
+ pp = "class { 'apache': sendfile => 'On' }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ describe file($conf_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'EnableSendfile On' }
+ end
+
+ describe 'setup' do
+ it 'applies cleanly' do
+ pp = "class { 'apache': sendfile => 'Off' }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ describe file($conf_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'Sendfile Off' }
+ end
+ end
+
+ describe 'error_documents' do
+ describe 'setup' do
+ it 'applies cleanly' do
+ pp = "class { 'apache': error_documents => true }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ describe file($conf_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'Alias /error/' }
+ end
+ end
+
+ describe 'timeout' do
+ describe 'setup' do
+ it 'applies cleanly' do
+ pp = "class { 'apache': timeout => '1234' }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ describe file($conf_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'Timeout 1234' }
+ end
+ end
+
+ describe 'httpd_dir' do
+ describe 'setup' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped }
+ include 'apache::mod::mime'
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ describe file("#{$mod_dir}/mime.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'AddLanguage eo .eo' }
+ end
+ end
+
+ describe 'server_root' do
+ describe 'setup' do
+ it 'applies cleanly' do
+ pp = "class { 'apache': server_root => '/tmp/root', service_ensure => stopped }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ describe file($conf_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'ServerRoot "/tmp/root"' }
+ end
+ end
+
+ describe 'confd_dir' do
+ describe 'setup' do
+ it 'applies cleanly' do
+ pp = "class { 'apache': confd_dir => '/tmp/root', service_ensure => stopped, use_optional_includes => true }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ if $apache_version == '2.4'
+ describe file($conf_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'IncludeOptional "/tmp/root/*.conf"' }
+ end
+ else
+ describe file($conf_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'Include "/tmp/root/*.conf"' }
+ end
+ end
+ end
+
+ describe 'conf_template' do
+ describe 'setup' do
+ it 'applies cleanly' do
+ pp = "class { 'apache': conf_template => 'another/test.conf.erb', service_ensure => stopped }"
+ shell("mkdir -p #{default['distmoduledir']}/another/templates")
+ shell("echo 'testcontent' >> #{default['distmoduledir']}/another/templates/test.conf.erb")
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ describe file($conf_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'testcontent' }
+ end
+ end
+
+ describe 'servername' do
+ describe 'setup' do
+ it 'applies cleanly' do
+ pp = "class { 'apache': servername => 'test.server', service_ensure => stopped }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ describe file($conf_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'ServerName "test.server"' }
+ end
+ end
+
+ describe 'user' do
+ describe 'setup' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache':
+ manage_user => true,
+ manage_group => true,
+ user => 'testweb',
+ group => 'testweb',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ describe user('testweb') do
+ it { is_expected.to exist }
+ it { is_expected.to belong_to_group 'testweb' }
+ end
+
+ describe group('testweb') do
+ it { is_expected.to exist }
+ end
+ end
+
+ describe 'logformats' do
+ describe 'setup' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache':
+ log_formats => {
+ 'vhost_common' => '%v %h %l %u %t \\\"%r\\\" %>s %b',
+ 'vhost_combined' => '%v %h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\"',
+ }
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ describe file($conf_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common' }
+ it { is_expected.to contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined' }
+ end
+ end
+
+
+ describe 'keepalive' do
+ describe 'setup' do
+ it 'applies cleanly' do
+ pp = "class { 'apache': keepalive => 'On', keepalive_timeout => '30', max_keepalive_requests => '200' }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ describe file($conf_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'KeepAlive On' }
+ it { is_expected.to contain 'KeepAliveTimeout 30' }
+ it { is_expected.to contain 'MaxKeepAliveRequests 200' }
+ end
+ end
+
+ describe 'logging' do
+ describe 'setup' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ if $::osfamily == 'RedHat' and $::selinux {
+ $semanage_package = $::operatingsystemmajrelease ? {
+ '5' => 'policycoreutils',
+ default => 'policycoreutils-python',
+ }
+
+ package { $semanage_package: ensure => installed }
+ exec { 'set_apache_defaults':
+ command => 'semanage fcontext -a -t httpd_log_t "/apache_spec(/.*)?"',
+ path => '/bin:/usr/bin/:/sbin:/usr/sbin',
+ require => Package[$semanage_package],
+ }
+ exec { 'restorecon_apache':
+ command => 'restorecon -Rv /apache_spec',
+ path => '/bin:/usr/bin/:/sbin:/usr/sbin',
+ before => Service['httpd'],
+ require => Class['apache'],
+ }
+ }
+ file { '/apache_spec': ensure => directory, }
+ class { 'apache': logroot => '/apache_spec' }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ describe file("/apache_spec/#{$error_log}") do
+ it { is_expected.to be_file }
+ end
+ end
+
+ describe 'ports_file' do
+ it 'applys cleanly' do
+ pp = <<-EOS
+ file { '/apache_spec': ensure => directory, }
+ class { 'apache':
+ ports_file => '/apache_spec/ports_file',
+ ip => '10.1.1.1',
+ service_ensure => stopped
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file('/apache_spec/ports_file') do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'Listen 10.1.1.1' }
+ end
+ end
+
+ describe 'server_tokens' do
+ it 'applys cleanly' do
+ pp = <<-EOS
+ class { 'apache':
+ server_tokens => 'Minor',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file($conf_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'ServerTokens Minor' }
+ end
+ end
+
+ describe 'server_signature' do
+ it 'applys cleanly' do
+ pp = <<-EOS
+ class { 'apache':
+ server_signature => 'testsig',
+ service_ensure => stopped,
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file($conf_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'ServerSignature testsig' }
+ end
+ end
+
+ describe 'trace_enable' do
+ it 'applys cleanly' do
+ pp = <<-EOS
+ class { 'apache':
+ trace_enable => 'Off',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file($conf_file) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'TraceEnable Off' }
+ end
+ end
+
+ describe 'package_ensure' do
+ it 'applys cleanly' do
+ pp = <<-EOS
+ class { 'apache':
+ package_ensure => present,
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe package($package_name) do
+ it { is_expected.to be_installed }
+ end
+ end
+
+end
--- /dev/null
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+case fact('osfamily')
+when 'RedHat'
+ vhostd = '/etc/httpd/conf.d'
+when 'Debian'
+ vhostd = '/etc/apache2/sites-available'
+end
+
+describe 'apache ssl', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ describe 'ssl parameters' do
+ it 'runs without error' do
+ pp = <<-EOS
+ class { 'apache':
+ service_ensure => stopped,
+ default_ssl_vhost => true,
+ default_ssl_cert => '/tmp/ssl_cert',
+ default_ssl_key => '/tmp/ssl_key',
+ default_ssl_chain => '/tmp/ssl_chain',
+ default_ssl_ca => '/tmp/ssl_ca',
+ default_ssl_crl_path => '/tmp/ssl_crl_path',
+ default_ssl_crl => '/tmp/ssl_crl',
+ default_ssl_crl_check => 'chain',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{vhostd}/15-default-ssl.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' }
+ it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' }
+ it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' }
+ it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' }
+ it { is_expected.to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' }
+ it { is_expected.to contain 'SSLCARevocationFile "/tmp/ssl_crl"' }
+ if $apache_version == '2.4'
+ it { is_expected.to contain 'SSLCARevocationCheck "chain"' }
+ else
+ it { is_expected.not_to contain 'SSLCARevocationCheck' }
+ end
+ end
+ end
+
+ describe 'vhost ssl parameters' do
+ it 'runs without error' do
+ pp = <<-EOS
+ class { 'apache':
+ service_ensure => stopped,
+ }
+
+ apache::vhost { 'test_ssl':
+ docroot => '/tmp/test',
+ ssl => true,
+ ssl_cert => '/tmp/ssl_cert',
+ ssl_key => '/tmp/ssl_key',
+ ssl_chain => '/tmp/ssl_chain',
+ ssl_ca => '/tmp/ssl_ca',
+ ssl_crl_path => '/tmp/ssl_crl_path',
+ ssl_crl => '/tmp/ssl_crl',
+ ssl_crl_check => 'chain',
+ ssl_certs_dir => '/tmp',
+ ssl_protocol => 'test',
+ ssl_cipher => 'test',
+ ssl_honorcipherorder => 'test',
+ ssl_verify_client => 'test',
+ ssl_verify_depth => 'test',
+ ssl_options => ['test', 'test1'],
+ ssl_proxyengine => true,
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{vhostd}/25-test_ssl.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' }
+ it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' }
+ it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' }
+ it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' }
+ it { is_expected.to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' }
+ it { is_expected.to contain 'SSLCARevocationFile "/tmp/ssl_crl"' }
+ it { is_expected.to contain 'SSLProxyEngine On' }
+ it { is_expected.to contain 'SSLProtocol test' }
+ it { is_expected.to contain 'SSLCipherSuite test' }
+ it { is_expected.to contain 'SSLHonorCipherOrder test' }
+ it { is_expected.to contain 'SSLVerifyClient test' }
+ it { is_expected.to contain 'SSLVerifyDepth test' }
+ it { is_expected.to contain 'SSLOptions test test1' }
+ if $apache_version == '2.4'
+ it { is_expected.to contain 'SSLCARevocationCheck "chain"' }
+ else
+ it { is_expected.not_to contain 'SSLCARevocationCheck' }
+ end
+ end
+ end
+
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'apache class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ case fact('osfamily')
+ when 'RedHat'
+ package_name = 'httpd'
+ service_name = 'httpd'
+ when 'Debian'
+ package_name = 'apache2'
+ service_name = 'apache2'
+ when 'FreeBSD'
+ package_name = 'apache24'
+ service_name = 'apache24'
+ when 'Gentoo'
+ package_name = 'www-servers/apache'
+ service_name = 'apache2'
+ end
+
+ context 'default parameters' do
+ it 'should work with no errors' do
+ pp = <<-EOS
+ class { 'apache': }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+ end
+
+ describe package(package_name) do
+ it { is_expected.to be_installed }
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ describe port(80) do
+ it { should be_listening }
+ end
+ end
+
+ context 'custom site/mod dir parameters' do
+ # Using puppet_apply as a helper
+ it 'should work with no errors' do
+ pp = <<-EOS
+ if $::osfamily == 'RedHat' and $::selinux {
+ $semanage_package = $::operatingsystemmajrelease ? {
+ '5' => 'policycoreutils',
+ default => 'policycoreutils-python',
+ }
+
+ package { $semanage_package: ensure => installed }
+ exec { 'set_apache_defaults':
+ command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"',
+ path => '/bin:/usr/bin/:/sbin:/usr/sbin',
+ subscribe => Package[$semanage_package],
+ refreshonly => true,
+ }
+ exec { 'restorecon_apache':
+ command => 'restorecon -Rv /apache_spec',
+ path => '/bin:/usr/bin/:/sbin:/usr/sbin',
+ before => Service['httpd'],
+ require => Class['apache'],
+ subscribe => Exec['set_apache_defaults'],
+ refreshonly => true,
+ }
+ }
+ file { '/apache_spec': ensure => directory, }
+ file { '/apache_spec/apache_custom': ensure => directory, }
+ class { 'apache':
+ mod_dir => '/apache_spec/apache_custom/mods',
+ vhost_dir => '/apache_spec/apache_custom/vhosts',
+ }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache::custom_config define', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ context 'invalid config' do
+ it 'should not add the config' do
+ pp = <<-EOS
+ class { 'apache': }
+ apache::custom_config { 'acceptance_test':
+ content => 'INVALID',
+ }
+ EOS
+
+ apply_manifest(pp, :expect_failures => true)
+ end
+
+ describe file("#{$confd_dir}/25-acceptance_test.conf") do
+ it { is_expected.not_to be_file }
+ end
+ end
+
+ context 'valid config' do
+ it 'should add the config' do
+ pp = <<-EOS
+ class { 'apache': }
+ apache::custom_config { 'acceptance_test':
+ content => '# just a comment',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$confd_dir}/25-acceptance_test.conf") do
+ it { is_expected.to contain '# just a comment' }
+ end
+ end
+
+ describe 'custom_config without priority prefix' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ apache::custom_config { 'prefix_test':
+ priority => false,
+ content => '# just a comment',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$confd_dir}/prefix_test.conf") do
+ it { is_expected.to be_file }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+case fact('osfamily')
+when 'RedHat'
+ mod_dir = '/etc/httpd/conf.d'
+ servicename = 'httpd'
+when 'Debian'
+ mod_dir = '/etc/apache2/mods-available'
+ servicename = 'apache2'
+when 'FreeBSD'
+ mod_dir = '/usr/local/etc/apache24/Modules'
+ servicename = 'apache24'
+when 'Gentoo'
+ mod_dir = '/etc/apache2/modules.d'
+ servicename = 'apache2'
+end
+
+describe 'apache::default_mods class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ describe 'no default mods' do
+ # Using puppet_apply as a helper
+ it 'should apply with no errors' do
+ pp = <<-EOS
+ class { 'apache':
+ default_mods => false,
+ }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+ end
+
+ describe service(servicename) do
+ it { is_expected.to be_running }
+ end
+ end
+
+ describe 'no default mods and failing' do
+ # Using puppet_apply as a helper
+ it 'should apply with errors' do
+ pp = <<-EOS
+ class { 'apache':
+ default_mods => false,
+ }
+ apache::vhost { 'defaults.example.com':
+ docroot => '/var/www/defaults',
+ aliases => {
+ alias => '/css',
+ path => '/var/www/css',
+ },
+ setenv => 'TEST1 one',
+ }
+ EOS
+
+ apply_manifest(pp, { :expect_failures => true })
+ end
+
+ # Are these the same?
+ describe service(servicename) do
+ it { is_expected.not_to be_running }
+ end
+ describe "service #{servicename}" do
+ it 'should not be running' do
+ shell("pidof #{servicename}", {:acceptable_exit_codes => 1})
+ end
+ end
+ end
+
+ describe 'alternative default mods' do
+ # Using puppet_apply as a helper
+ it 'should apply with no errors' do
+ pp = <<-EOS
+ class { 'apache':
+ default_mods => [
+ 'info',
+ 'alias',
+ 'mime',
+ 'env',
+ 'expires',
+ ],
+ }
+ apache::vhost { 'defaults.example.com':
+ docroot => '/var/www/defaults',
+ aliases => {
+ alias => '/css',
+ path => '/var/www/css',
+ },
+ setenv => 'TEST1 one',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ shell('sleep 10')
+ expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+ end
+
+ describe service(servicename) do
+ it { is_expected.to be_running }
+ end
+ end
+
+ describe 'change loadfile name' do
+ it 'should apply with no errors' do
+ pp = <<-EOS
+ class { 'apache': default_mods => false }
+ ::apache::mod { 'auth_basic':
+ loadfile_name => 'zz_auth_basic.load',
+ }
+ EOS
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+ end
+
+ describe service(servicename) do
+ it { is_expected.to be_running }
+ end
+
+ describe file("#{mod_dir}/zz_auth_basic.load") do
+ it { is_expected.to be_file }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+case fact('osfamily')
+when 'Debian'
+ service_name = 'apache2'
+when 'FreeBSD'
+ service_name = 'apache24'
+else
+ # Not implemented yet
+ service_name = :skip
+end
+
+describe 'apache::mod::itk class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or service_name.equal? :skip do
+ describe 'running puppet code' do
+ # Using puppet_apply as a helper
+ it 'should work with no errors' do
+ pp = <<-EOS
+ class { 'apache':
+ mpm_module => 'itk',
+ }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+ end
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_running }
+ it { is_expected.to be_enabled }
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'apache::mod::dav_svn class', :unless => (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7') do
+ case fact('osfamily')
+ when 'Debian'
+ mod_dir = '/etc/apache2/mods-available'
+ service_name = 'apache2'
+ if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' or fact('operatingsystemrelease') == '10.04'
+ authz_svn_load_file = 'dav_svn_authz_svn.load'
+ else
+ authz_svn_load_file = 'authz_svn.load'
+ end
+ when 'RedHat'
+ mod_dir = '/etc/httpd/conf.d'
+ service_name = 'httpd'
+ authz_svn_load_file = 'dav_svn_authz_svn.load'
+ when 'FreeBSD'
+ mod_dir = '/usr/local/etc/apache24/Modules'
+ service_name = 'apache24'
+ authz_svn_load_file = 'dav_svn_authz_svn.load'
+ end
+
+ context "default dav_svn config" do
+ it 'succeeds in puppeting dav_svn' do
+ pp= <<-EOS
+ class { 'apache': }
+ include apache::mod::dav_svn
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ describe file("#{mod_dir}/dav_svn.load") do
+ it { is_expected.to contain "LoadModule dav_svn_module" }
+ end
+ end
+
+ context "dav_svn with enabled authz_svn config" do
+ it 'succeeds in puppeting dav_svn' do
+ pp= <<-EOS
+ class { 'apache': }
+ class { 'apache::mod::dav_svn':
+ authz_svn_enabled => true,
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ describe file("#{mod_dir}/#{authz_svn_load_file}") do
+ it { is_expected.to contain "LoadModule authz_svn_module" }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'apache::mod::deflate class' do
+ case fact('osfamily')
+ when 'Debian'
+ mod_dir = '/etc/apache2/mods-available'
+ service_name = 'apache2'
+ when 'RedHat'
+ mod_dir = '/etc/httpd/conf.d'
+ service_name = 'httpd'
+ when 'FreeBSD'
+ mod_dir = '/usr/local/etc/apache24/Modules'
+ service_name = 'apache24'
+ when 'Gentoo'
+ mod_dir = '/etc/apache2/modules.d'
+ service_name = 'apache2'
+ end
+
+ context "default deflate config" do
+ it 'succeeds in puppeting deflate' do
+ pp= <<-EOS
+ class { 'apache': }
+ include apache::mod::deflate
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ describe file("#{mod_dir}/deflate.conf") do
+ it { is_expected.to contain "AddOutputFilterByType DEFLATE text/html text/plain text/xml" }
+ it { is_expected.to contain "AddOutputFilterByType DEFLATE text/css" }
+ it { is_expected.to contain "AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript" }
+ it { is_expected.to contain "AddOutputFilterByType DEFLATE application/rss+xml" }
+ it { is_expected.to contain "DeflateFilterNote Input instream" }
+ it { is_expected.to contain "DeflateFilterNote Output outstream" }
+ it { is_expected.to contain "DeflateFilterNote Ratio ratio" }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'apache::mod::fcgid class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7')) do
+ context "default fcgid config", :if => (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') do
+ it 'succeeds in puppeting fcgid' do
+ pp = <<-EOS
+ class { 'epel': } # mod_fcgid lives in epel
+ class { 'apache': }
+ class { 'apache::mod::php': } # For /usr/bin/php-cgi
+ class { 'apache::mod::fcgid':
+ options => {
+ 'FcgidIPCDir' => '/var/run/fcgidsock',
+ },
+ }
+ apache::vhost { 'fcgid.example.com':
+ port => '80',
+ docroot => '/var/www/fcgid',
+ directories => {
+ path => '/var/www/fcgid',
+ options => '+ExecCGI',
+ addhandlers => {
+ handler => 'fcgid-script',
+ extensions => '.php',
+ },
+ fcgiwrapper => {
+ command => '/usr/bin/php-cgi',
+ suffix => '.php',
+ }
+ },
+ }
+ file { '/var/www/fcgid/index.php':
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ content => "<?php echo 'Hello world'; ?>\\n",
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service('httpd') do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ it 'should answer to fcgid.example.com' do
+ shell("/usr/bin/curl -H 'Host: fcgid.example.com' 127.0.0.1:80") do |r|
+ expect(r.stdout).to match(/^Hello world$/)
+ expect(r.exit_code).to eq(0)
+ end
+ end
+
+ it 'should run a php-cgi process' do
+ shell("pgrep -u apache php-cgi", :acceptable_exit_codes => [0])
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'apache::mod::mime class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ case fact('osfamily')
+ when 'Debian'
+ mod_dir = '/etc/apache2/mods-available'
+ service_name = 'apache2'
+ when 'RedHat'
+ mod_dir = '/etc/httpd/conf.d'
+ service_name = 'httpd'
+ when 'FreeBSD'
+ mod_dir = '/usr/local/etc/apache24/Modules'
+ service_name = 'apache24'
+ when 'Gentoo'
+ mod_dir = '/etc/apache2/modules.d'
+ service_name = 'apache2'
+ end
+
+ context "default mime config" do
+ it 'succeeds in puppeting mime' do
+ pp= <<-EOS
+ class { 'apache': }
+ include apache::mod::mime
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ describe file("#{mod_dir}/mime.conf") do
+ it { is_expected.to contain "AddType application/x-compress .Z" }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'apache::mod::negotiation class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ case fact('osfamily')
+ when 'Debian'
+ vhost_dir = '/etc/apache2/sites-enabled'
+ mod_dir = '/etc/apache2/mods-available'
+ service_name = 'apache2'
+ when 'RedHat'
+ vhost_dir = '/etc/httpd/conf.d'
+ mod_dir = '/etc/httpd/conf.d'
+ service_name = 'httpd'
+ when 'FreeBSD'
+ vhost_dir = '/usr/local/etc/apache24/Vhosts'
+ mod_dir = '/usr/local/etc/apache24/Modules'
+ service_name = 'apache24'
+ when 'Gentoo'
+ vhost_dir = '/etc/apache2/vhosts.d'
+ mod_dir = '/etc/apache2/modules.d'
+ service_name = 'apache2'
+ end
+
+ context "default negotiation config" do
+ it 'succeeds in puppeting negotiation' do
+ pp= <<-EOS
+ class { '::apache': default_mods => false }
+ class { '::apache::mod::negotiation': }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{mod_dir}/negotiation.conf") do
+ it { should contain "LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
+ForceLanguagePriority Prefer Fallback" }
+ end
+
+ describe service(service_name) do
+ it { should be_enabled }
+ it { should be_running }
+ end
+ end
+
+ context "with alternative force_language_priority" do
+ it 'succeeds in puppeting negotiation' do
+ pp= <<-EOS
+ class { '::apache': default_mods => false }
+ class { '::apache::mod::negotiation':
+ force_language_priority => 'Prefer',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{mod_dir}/negotiation.conf") do
+ it { should contain "ForceLanguagePriority Prefer" }
+ end
+
+ describe service(service_name) do
+ it { should be_enabled }
+ it { should be_running }
+ end
+ end
+
+ context "with alternative language_priority" do
+ it 'succeeds in puppeting negotiation' do
+ pp= <<-EOS
+ class { '::apache': default_mods => false }
+ class { '::apache::mod::negotiation':
+ language_priority => [ 'en', 'es' ],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{mod_dir}/negotiation.conf") do
+ it { should contain "LanguagePriority en es" }
+ end
+
+ describe service(service_name) do
+ it { should be_enabled }
+ it { should be_running }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'apache::mod::pagespeed class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ case fact('osfamily')
+ when 'Debian'
+ vhost_dir = '/etc/apache2/sites-enabled'
+ mod_dir = '/etc/apache2/mods-available'
+ service_name = 'apache2'
+ when 'RedHat'
+ vhost_dir = '/etc/httpd/conf.d'
+ mod_dir = '/etc/httpd/conf.d'
+ service_name = 'httpd'
+ when 'FreeBSD'
+ vhost_dir = '/usr/local/etc/apache24/Vhosts'
+ mod_dir = '/usr/local/etc/apache24/Modules'
+ service_name = 'apache24'
+ when 'Gentoo'
+ vhost_dir = '/etc/apache2/vhosts.d'
+ mod_dir = '/etc/apache2/modules.d'
+ service_name = 'apache2'
+ end
+
+ context "default pagespeed config" do
+ it 'succeeds in puppeting pagespeed' do
+ pp= <<-EOS
+ if $::osfamily == 'Debian' {
+ class { 'apt': }
+
+ apt::source { 'mod-pagespeed':
+ key => '7FAC5991',
+ key_server => 'pgp.mit.edu',
+ location => 'http://dl.google.com/linux/mod-pagespeed/deb/',
+ release => 'stable',
+ repos => 'main',
+ include_src => false,
+ before => Class['apache'],
+ }
+ } elsif $::osfamily == 'RedHat' {
+ yumrepo { 'mod-pagespeed':
+ baseurl => "http://dl.google.com/linux/mod-pagespeed/rpm/stable/$::architecture",
+ enabled => 1,
+ gpgcheck => 1,
+ gpgkey => 'https://dl-ssl.google.com/linux/linux_signing_key.pub',
+ before => Class['apache'],
+ }
+ }
+
+ class { 'apache':
+ mpm_module => 'prefork',
+ }
+ class { 'apache::mod::pagespeed':
+ enable_filters => ['remove_comments'],
+ disable_filters => ['extend_cache'],
+ forbid_filters => ['rewrite_javascript'],
+ }
+ apache::vhost { 'pagespeed.example.com':
+ port => '80',
+ docroot => '/var/www/pagespeed',
+ }
+ host { 'pagespeed.example.com': ip => '127.0.0.1', }
+ file { '/var/www/pagespeed/index.html':
+ ensure => file,
+ content => "<html>\n<!-- comment -->\n<body>\n<p>Hello World!</p>\n</body>\n</html>",
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ describe file("#{mod_dir}/pagespeed.conf") do
+ it { is_expected.to contain "AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html" }
+ it { is_expected.to contain "ModPagespeedEnableFilters remove_comments" }
+ it { is_expected.to contain "ModPagespeedDisableFilters extend_cache" }
+ it { is_expected.to contain "ModPagespeedForbidFilters rewrite_javascript" }
+ end
+
+ it 'should answer to pagespeed.example.com and include <head/> and be stripped of comments by mod_pagespeed' do
+ shell("/usr/bin/curl pagespeed.example.com:80") do |r|
+ expect(r.stdout).to match(/<head\/>/)
+ expect(r.stdout).not_to match(/<!-- comment -->/)
+ expect(r.exit_code).to eq(0)
+ end
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'apache::mod::passenger class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ case fact('osfamily')
+ when 'Debian'
+ service_name = 'apache2'
+ mod_dir = '/etc/apache2/mods-available/'
+ conf_file = "#{mod_dir}passenger.conf"
+ load_file = "#{mod_dir}zpassenger.load"
+
+ case fact('operatingsystem')
+ when 'Ubuntu'
+ case fact('lsbdistrelease')
+ when '10.04'
+ passenger_root = '/usr'
+ passenger_ruby = '/usr/bin/ruby'
+ when '12.04'
+ passenger_root = '/usr'
+ passenger_ruby = '/usr/bin/ruby'
+ when '14.04'
+ passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
+ passenger_ruby = '/usr/bin/ruby'
+ passenger_default_ruby = '/usr/bin/ruby'
+ else
+ # This may or may not work on Ubuntu releases other than the above
+ passenger_root = '/usr'
+ passenger_ruby = '/usr/bin/ruby'
+ end
+ when 'Debian'
+ case fact('lsbdistcodename')
+ when 'wheezy'
+ passenger_root = '/usr'
+ passenger_ruby = '/usr/bin/ruby'
+ when 'jessie'
+ passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
+ passenger_ruby = '/usr/bin/ruby'
+ passenger_default_ruby = '/usr/bin/ruby'
+ else
+ # This may or may not work on Debian releases other than the above
+ passenger_root = '/usr'
+ passenger_ruby = '/usr/bin/ruby'
+ end
+ end
+
+ passenger_module_path = '/usr/lib/apache2/modules/mod_passenger.so'
+ rackapp_user = 'www-data'
+ rackapp_group = 'www-data'
+ when 'RedHat'
+ service_name = 'httpd'
+ mod_dir = '/etc/httpd/conf.d/'
+ conf_file = "#{mod_dir}passenger.conf"
+ load_file = "#{mod_dir}zpassenger.load"
+ # sometimes installs as 3.0.12, sometimes as 3.0.19 - so just check for the stable part
+ passenger_root = '/usr/lib/ruby/gems/1.8/gems/passenger-3.0.1'
+ passenger_ruby = '/usr/bin/ruby'
+ passenger_tempdir = '/var/run/rubygem-passenger'
+ passenger_module_path = 'modules/mod_passenger.so'
+ rackapp_user = 'apache'
+ rackapp_group = 'apache'
+ end
+
+ pp_rackapp = <<-EOS
+ /* a simple ruby rack 'hellow world' app */
+ file { '/var/www/passenger':
+ ensure => directory,
+ owner => '#{rackapp_user}',
+ group => '#{rackapp_group}',
+ require => Class['apache::mod::passenger'],
+ }
+ file { '/var/www/passenger/config.ru':
+ ensure => file,
+ owner => '#{rackapp_user}',
+ group => '#{rackapp_group}',
+ content => "app = proc { |env| [200, { \\"Content-Type\\" => \\"text/html\\" }, [\\"hello <b>world</b>\\"]] }\\nrun app",
+ require => File['/var/www/passenger'] ,
+ }
+ apache::vhost { 'passenger.example.com':
+ port => '80',
+ docroot => '/var/www/passenger/public',
+ docroot_group => '#{rackapp_group}' ,
+ docroot_owner => '#{rackapp_user}' ,
+ custom_fragment => "PassengerRuby #{passenger_ruby}\\nRailsEnv development" ,
+ require => File['/var/www/passenger/config.ru'] ,
+ }
+ host { 'passenger.example.com': ip => '127.0.0.1', }
+ EOS
+
+ case fact('osfamily')
+ when 'Debian'
+ context "default passenger config" do
+ it 'succeeds in puppeting passenger' do
+ pp = <<-EOS
+ /* stock apache and mod_passenger */
+ class { 'apache': }
+ class { 'apache::mod::passenger': }
+ #{pp_rackapp}
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ describe file(conf_file) do
+ it { is_expected.to contain "PassengerRoot \"#{passenger_root}\"" }
+
+ case fact('operatingsystem')
+ when 'Ubuntu'
+ case fact('lsbdistrelease')
+ when '10.04'
+ it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" }
+ it { is_expected.not_to contain "/PassengerDefaultRuby/" }
+ when '12.04'
+ it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" }
+ it { is_expected.not_to contain "/PassengerDefaultRuby/" }
+ when '14.04'
+ it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" }
+ it { is_expected.not_to contain "/PassengerRuby/" }
+ else
+ # This may or may not work on Ubuntu releases other than the above
+ it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" }
+ it { is_expected.not_to contain "/PassengerDefaultRuby/" }
+ end
+ when 'Debian'
+ case fact('lsbdistcodename')
+ when 'wheezy'
+ it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" }
+ it { is_expected.not_to contain "/PassengerDefaultRuby/" }
+ when 'jessie'
+ it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" }
+ it { is_expected.not_to contain "/PassengerRuby/" }
+ else
+ # This may or may not work on Debian releases other than the above
+ it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" }
+ it { is_expected.not_to contain "/PassengerDefaultRuby/" }
+ end
+ end
+ end
+
+ describe file(load_file) do
+ it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" }
+ end
+
+ it 'should output status via passenger-memory-stats' do
+ shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-memory-stats") do |r|
+ expect(r.stdout).to match(/Apache processes/)
+ expect(r.stdout).to match(/Nginx processes/)
+ expect(r.stdout).to match(/Passenger processes/)
+
+ # passenger-memory-stats output on newer Debian/Ubuntu verions do not contain
+ # these two lines
+ unless ((fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') or
+ (fact('operatingsystem') == 'Debian' && fact('operatingsystemrelease') == '8.0'))
+ expect(r.stdout).to match(/### Processes: [0-9]+/)
+ expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/)
+ end
+
+ expect(r.exit_code).to eq(0)
+ end
+ end
+
+ # passenger-status fails under stock ubuntu-server-12042-x64 + mod_passenger,
+ # even when the passenger process is successfully installed and running
+ unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04'
+ it 'should output status via passenger-status' do
+ # xml output not available on ubunutu <= 10.04, so sticking with default pool output
+ shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-status") do |r|
+ # spacing may vary
+ expect(r.stdout).to match(/[\-]+ General information [\-]+/)
+ if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04'
+ expect(r.stdout).to match(/Max pool size[ ]+: [0-9]+/)
+ expect(r.stdout).to match(/Processes[ ]+: [0-9]+/)
+ expect(r.stdout).to match(/Requests in top-level queue[ ]+: [0-9]+/)
+ else
+ expect(r.stdout).to match(/max[ ]+= [0-9]+/)
+ expect(r.stdout).to match(/count[ ]+= [0-9]+/)
+ expect(r.stdout).to match(/active[ ]+= [0-9]+/)
+ expect(r.stdout).to match(/inactive[ ]+= [0-9]+/)
+ expect(r.stdout).to match(/Waiting on global queue: [0-9]+/)
+ end
+
+ expect(r.exit_code).to eq(0)
+ end
+ end
+ end
+
+ it 'should answer to passenger.example.com' do
+ shell("/usr/bin/curl passenger.example.com:80") do |r|
+ expect(r.stdout).to match(/^hello <b>world<\/b>$/)
+ expect(r.exit_code).to eq(0)
+ end
+ end
+
+ end
+
+ when 'RedHat'
+ # no fedora 18 passenger package yet, and rhel5 packages only exist for ruby 1.8.5
+ unless (fact('operatingsystem') == 'Fedora' and fact('operatingsystemrelease').to_f >= 18) or (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5' and fact('rubyversion') != '1.8.5')
+
+ if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7'
+ pending('test passenger - RHEL7 packages don\'t exist')
+ else
+ context "default passenger config" do
+ it 'succeeds in puppeting passenger' do
+ pp = <<-EOS
+ /* EPEL and passenger repositories */
+ class { 'epel': }
+ exec { 'passenger.repo GPG key':
+ command => '/usr/bin/curl -o /etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc',
+ creates => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc',
+ }
+ file { 'passenger.repo GPG key':
+ ensure => file,
+ path => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc',
+ require => Exec['passenger.repo GPG key'],
+ }
+ epel::rpm_gpg_key { 'passenger.stealthymonkeys.com':
+ path => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc',
+ require => [
+ Class['epel'],
+ File['passenger.repo GPG key'],
+ ]
+ }
+ $releasever_string = $operatingsystem ? {
+ 'Scientific' => '6',
+ default => '$releasever',
+ }
+ yumrepo { 'passenger':
+ baseurl => "http://passenger.stealthymonkeys.com/rhel/${releasever_string}/\\$basearch" ,
+ descr => "Red Hat Enterprise ${releasever_string} - Phusion Passenger",
+ enabled => 1,
+ gpgcheck => 1,
+ gpgkey => 'http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc',
+ mirrorlist => 'http://passenger.stealthymonkeys.com/rhel/mirrors',
+ require => [
+ Epel::Rpm_gpg_key['passenger.stealthymonkeys.com'],
+ ],
+ }
+ /* apache and mod_passenger */
+ class { 'apache':
+ require => [
+ Class['epel'],
+ ],
+ }
+ class { 'apache::mod::passenger':
+ require => [
+ Yumrepo['passenger']
+ ],
+ }
+ #{pp_rackapp}
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ describe file(conf_file) do
+ it { is_expected.to contain "PassengerRoot #{passenger_root}" }
+ it { is_expected.to contain "PassengerRuby #{passenger_ruby}" }
+ it { is_expected.to contain "PassengerTempDir #{passenger_tempdir}" }
+ end
+
+ describe file(load_file) do
+ it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" }
+ end
+
+ it 'should output status via passenger-memory-stats' do
+ shell("/usr/bin/passenger-memory-stats", :pty => true) do |r|
+ expect(r.stdout).to match(/Apache processes/)
+ expect(r.stdout).to match(/Nginx processes/)
+ expect(r.stdout).to match(/Passenger processes/)
+ expect(r.stdout).to match(/### Processes: [0-9]+/)
+ expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/)
+
+ expect(r.exit_code).to eq(0)
+ end
+ end
+
+ it 'should output status via passenger-status' do
+ shell("PASSENGER_TMPDIR=/var/run/rubygem-passenger /usr/bin/passenger-status") do |r|
+ # spacing may vary
+ r.stdout.should =~ /[\-]+ General information [\-]+/
+ r.stdout.should =~ /max[ ]+= [0-9]+/
+ r.stdout.should =~ /count[ ]+= [0-9]+/
+ r.stdout.should =~ /active[ ]+= [0-9]+/
+ r.stdout.should =~ /inactive[ ]+= [0-9]+/
+ r.stdout.should =~ /Waiting on global queue: [0-9]+/
+
+ r.exit_code.should == 0
+ end
+ end
+
+ it 'should answer to passenger.example.com' do
+ shell("/usr/bin/curl passenger.example.com:80") do |r|
+ r.stdout.should =~ /^hello <b>world<\/b>$/
+ r.exit_code.should == 0
+ end
+ end
+ end
+ end
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'apache::mod::php class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ case fact('osfamily')
+ when 'Debian'
+ vhost_dir = '/etc/apache2/sites-enabled'
+ mod_dir = '/etc/apache2/mods-available'
+ service_name = 'apache2'
+ when 'RedHat'
+ vhost_dir = '/etc/httpd/conf.d'
+ mod_dir = '/etc/httpd/conf.d'
+ service_name = 'httpd'
+ when 'FreeBSD'
+ vhost_dir = '/usr/local/etc/apache24/Vhosts'
+ mod_dir = '/usr/local/etc/apache24/Modules'
+ service_name = 'apache24'
+ when 'Gentoo'
+ vhost_dir = '/etc/apache2/vhosts.d'
+ mod_dir = '/etc/apache2/modules.d'
+ service_name = 'apache2'
+ end
+
+ context "default php config" do
+ it 'succeeds in puppeting php' do
+ pp= <<-EOS
+ class { 'apache':
+ mpm_module => 'prefork',
+ }
+ class { 'apache::mod::php': }
+ apache::vhost { 'php.example.com':
+ port => '80',
+ docroot => '/var/www/php',
+ }
+ host { 'php.example.com': ip => '127.0.0.1', }
+ file { '/var/www/php/index.php':
+ ensure => file,
+ content => "<?php phpinfo(); ?>\\n",
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ describe file("#{mod_dir}/php5.conf") do
+ it { is_expected.to contain "DirectoryIndex index.php" }
+ end
+
+ it 'should answer to php.example.com' do
+ shell("/usr/bin/curl php.example.com:80") do |r|
+ expect(r.stdout).to match(/PHP Version/)
+ expect(r.exit_code).to eq(0)
+ end
+ end
+ end
+
+ context "custom extensions, php_flag, php_value, php_admin_flag, and php_admin_value" do
+ it 'succeeds in puppeting php' do
+ pp= <<-EOS
+ class { 'apache':
+ mpm_module => 'prefork',
+ }
+ class { 'apache::mod::php':
+ extensions => ['.php','.php5'],
+ }
+ apache::vhost { 'php.example.com':
+ port => '80',
+ docroot => '/var/www/php',
+ php_values => { 'include_path' => '.:/usr/share/pear:/usr/bin/php', },
+ php_flags => { 'display_errors' => 'on', },
+ php_admin_values => { 'open_basedir' => '/var/www/php/:/usr/share/pear/', },
+ php_admin_flags => { 'engine' => 'on', },
+ }
+ host { 'php.example.com': ip => '127.0.0.1', }
+ file { '/var/www/php/index.php5':
+ ensure => file,
+ content => "<?php phpinfo(); ?>\\n",
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ describe file("#{vhost_dir}/25-php.example.com.conf") do
+ it { is_expected.to contain " php_flag display_errors on" }
+ it { is_expected.to contain " php_value include_path .:/usr/share/pear:/usr/bin/php" }
+ it { is_expected.to contain " php_admin_flag engine on" }
+ it { is_expected.to contain " php_admin_value open_basedir /var/www/php/:/usr/share/pear/" }
+ end
+
+ it 'should answer to php.example.com' do
+ shell("/usr/bin/curl php.example.com:80") do |r|
+ expect(r.stdout).to match(/\/usr\/share\/pear\//)
+ expect(r.exit_code).to eq(0)
+ end
+ end
+ end
+
+ context "provide custom config file" do
+ it 'succeeds in puppeting php' do
+ pp= <<-EOS
+ class {'apache':
+ mpm_module => 'prefork',
+ }
+ class {'apache::mod::php':
+ content => '# somecontent',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{mod_dir}/php5.conf") do
+ it { should contain "# somecontent" }
+ end
+ end
+
+ context "provide content and template config file" do
+ it 'succeeds in puppeting php' do
+ pp= <<-EOS
+ class {'apache':
+ mpm_module => 'prefork',
+ }
+ class {'apache::mod::php':
+ content => '# somecontent',
+ template => 'apache/mod/php5.conf.erb',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{mod_dir}/php5.conf") do
+ it { should contain "# somecontent" }
+ end
+ end
+
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'apache::mod::proxy_html class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ case fact('osfamily')
+ when 'Debian'
+ service_name = 'apache2'
+ when 'RedHat'
+ service_name = 'httpd'
+ when 'FreeBSD'
+ service_name = 'apache24'
+ when 'Gentoo'
+ service_name = 'apache2'
+ end
+
+ context "default proxy_html config" do
+ if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/
+ it 'adds epel' do
+ pp = "class { 'epel': }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ it 'succeeds in puppeting proxy_html' do
+ pp= <<-EOS
+ class { 'apache': }
+ class { 'apache::mod::proxy': }
+ class { 'apache::mod::proxy_http': }
+ # mod_proxy_html doesn't exist in RHEL5
+ if $::osfamily == 'RedHat' and $::operatingsystemmajrelease != '5' {
+ class { 'apache::mod::proxy_html': }
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'apache::mod::security class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise'))) do
+ case fact('osfamily')
+ when 'Debian'
+ mod_dir = '/etc/apache2/mods-available'
+ service_name = 'apache2'
+ package_name = 'apache2'
+ when 'RedHat'
+ mod_dir = '/etc/httpd/conf.d'
+ service_name = 'httpd'
+ package_name = 'httpd'
+ end
+
+ context "default mod_security config" do
+ if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/
+ it 'adds epel' do
+ pp = "class { 'epel': }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ it 'succeeds in puppeting mod_security' do
+ pp= <<-EOS
+ host { 'modsec.example.com': ip => '127.0.0.1', }
+ class { 'apache': }
+ class { 'apache::mod::security': }
+ apache::vhost { 'modsec.example.com':
+ port => '80',
+ docroot => '/var/www/html',
+ }
+ file { '/var/www/html/index.html':
+ ensure => file,
+ content => 'Index page',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ describe package(package_name) do
+ it { is_expected.to be_installed }
+ end
+
+ describe file("#{mod_dir}/security.conf") do
+ it { is_expected.to contain "mod_security2.c" }
+ end
+
+ it 'should return index page' do
+ shell('/usr/bin/curl -A beaker modsec.example.com:80') do |r|
+ expect(r.stdout).to match(/Index page/)
+ expect(r.exit_code).to eq(0)
+ end
+ end
+
+ it 'should block query with SQL' do
+ shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22]
+ end
+
+ end #default mod_security config
+
+ context "mod_security should allow disabling by vhost" do
+ it 'succeeds in puppeting mod_security' do
+ pp= <<-EOS
+ host { 'modsec.example.com': ip => '127.0.0.1', }
+ class { 'apache': }
+ class { 'apache::mod::security': }
+ apache::vhost { 'modsec.example.com':
+ port => '80',
+ docroot => '/var/www/html',
+ }
+ file { '/var/www/html/index.html':
+ ensure => file,
+ content => 'Index page',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ describe file("#{mod_dir}/security.conf") do
+ it { is_expected.to contain "mod_security2.c" }
+ end
+
+ it 'should block query with SQL' do
+ shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22]
+ end
+
+ it 'should disable mod_security per vhost' do
+ pp= <<-EOS
+ class { 'apache': }
+ class { 'apache::mod::security': }
+ apache::vhost { 'modsec.example.com':
+ port => '80',
+ docroot => '/var/www/html',
+ modsec_disable_vhost => true,
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ it 'should return index page' do
+ shell('/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r|
+ expect(r.stdout).to match(/Index page/)
+ expect(r.exit_code).to eq(0)
+ end
+ end
+ end #mod_security should allow disabling by vhost
+
+ context "mod_security should allow disabling by ip" do
+ it 'succeeds in puppeting mod_security' do
+ pp= <<-EOS
+ host { 'modsec.example.com': ip => '127.0.0.1', }
+ class { 'apache': }
+ class { 'apache::mod::security': }
+ apache::vhost { 'modsec.example.com':
+ port => '80',
+ docroot => '/var/www/html',
+ }
+ file { '/var/www/html/index.html':
+ ensure => file,
+ content => 'Index page',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ describe file("#{mod_dir}/security.conf") do
+ it { is_expected.to contain "mod_security2.c" }
+ end
+
+ it 'should block query with SQL' do
+ shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22]
+ end
+
+ it 'should disable mod_security per vhost' do
+ pp= <<-EOS
+ class { 'apache': }
+ class { 'apache::mod::security': }
+ apache::vhost { 'modsec.example.com':
+ port => '80',
+ docroot => '/var/www/html',
+ modsec_disable_ips => [ '127.0.0.1' ],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ it 'should return index page' do
+ shell('/usr/bin/curl -A beaker modsec.example.com:80') do |r|
+ expect(r.stdout).to match(/Index page/)
+ expect(r.exit_code).to eq(0)
+ end
+ end
+ end #mod_security should allow disabling by ip
+
+ context "mod_security should allow disabling by id" do
+ it 'succeeds in puppeting mod_security' do
+ pp= <<-EOS
+ host { 'modsec.example.com': ip => '127.0.0.1', }
+ class { 'apache': }
+ class { 'apache::mod::security': }
+ apache::vhost { 'modsec.example.com':
+ port => '80',
+ docroot => '/var/www/html',
+ }
+ file { '/var/www/html/index.html':
+ ensure => file,
+ content => 'Index page',
+ }
+ file { '/var/www/html/index2.html':
+ ensure => file,
+ content => 'Page 2',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service(service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ describe file("#{mod_dir}/security.conf") do
+ it { is_expected.to contain "mod_security2.c" }
+ end
+
+ it 'should block query with SQL' do
+ shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22]
+ end
+
+ it 'should disable mod_security per vhost' do
+ pp= <<-EOS
+ class { 'apache': }
+ class { 'apache::mod::security': }
+ apache::vhost { 'modsec.example.com':
+ port => '80',
+ docroot => '/var/www/html',
+ modsec_disable_ids => [ '950007' ],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ it 'should return index page' do
+ shell('/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r|
+ expect(r.stdout).to match(/Index page/)
+ expect(r.exit_code).to eq(0)
+ end
+ end
+
+ end #mod_security should allow disabling by id
+
+
+end #apache::mod::security class
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'apache::mod::suphp class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ case fact('operatingsystem')
+ when 'Ubuntu'
+ context "default suphp config" do
+ it 'succeeds in puppeting suphp' do
+ pp = <<-EOS
+class { 'apache':
+ mpm_module => 'prefork',
+}
+host { 'suphp.example.com': ip => '127.0.0.1', }
+apache::vhost { 'suphp.example.com':
+ port => '80',
+ docroot => '/var/www/suphp',
+}
+file { '/var/www/suphp/index.php':
+ ensure => file,
+ owner => 'daemon',
+ group => 'daemon',
+ content => "<?php echo get_current_user(); ?>\\n",
+ require => File['/var/www/suphp'],
+ before => Class['apache::mod::php'],
+}
+class { 'apache::mod::php': }
+class { 'apache::mod::suphp': }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service('apache2') do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ it 'should answer to suphp.example.com' do
+ timeout = 0
+ loop do
+ r = shell('curl suphp.example.com:80')
+ timeout += 1
+ break if r.stdout =~ /^daemon$/
+ if timeout > 40
+ expect(timeout < 40).to be true
+ break
+ end
+ sleep(1)
+ end
+ shell("/usr/bin/curl suphp.example.com:80") do |r|
+ expect(r.stdout).to match(/^daemon$/)
+ expect(r.exit_code).to eq(0)
+ end
+ end
+ end
+ end
+end
--- /dev/null
+HOSTS:
+ centos-59-x64:
+ roles:
+ - master
+ platform: el-5-x86_64
+ box : centos-59-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: git
--- /dev/null
+HOSTS:
+ centos-64-x64:
+ roles:
+ - master
+ - database
+ - dashboard
+ platform: el-6-x86_64
+ box : centos-64-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: pe
--- /dev/null
+HOSTS:
+ centos-64-x64:
+ roles:
+ - master
+ platform: el-6-x86_64
+ box : centos-64-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ log_level: debug
+ type: git
--- /dev/null
+HOSTS:
+ centos-65-x64:
+ roles:
+ - master
+ platform: el-6-x86_64
+ box : centos-65-x64-vbox436-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: foss
--- /dev/null
+HOSTS:
+ centos-70-x64:
+ roles:
+ - master
+ platform: el-7-x86_64
+ box : puppetlabs/centos-7.0-64-nocm
+ box_url : https://vagrantcloud.com/puppetlabs/boxes/centos-7.0-64-nocm
+ hypervisor : vagrant
+CONFIG:
+ log_level: verbose
+ type: foss
--- /dev/null
+HOSTS:
+ debian-607-x64:
+ roles:
+ - master
+ platform: debian-6-amd64
+ box : debian-607-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-607-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ log_level: debug
+ type: git
--- /dev/null
+HOSTS:
+ debian-70rc1-x64:
+ roles:
+ - master
+ platform: debian-7-amd64
+ box : debian-70rc1-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-70rc1-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ log_level: debug
+ type: git
--- /dev/null
+HOSTS:
+ debian-73-i386:
+ roles:
+ - master
+ platform: debian-7-i386
+ box : debian-73-i386-virtualbox-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-73-i386-virtualbox-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ log_level: debug
+ type: git
--- /dev/null
+HOSTS:
+ debian-73-x64:
+ roles:
+ - master
+ platform: debian-7-amd64
+ box : debian-73-x64-virtualbox-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-73-x64-virtualbox-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ log_level: debug
+ type: git
--- /dev/null
+HOSTS:
+ centos-64-x64:
+ roles:
+ - master
+ platform: el-6-x86_64
+ box : centos-64-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ log_level: debug
+ type: git
--- /dev/null
+HOSTS:
+ fedora-18-x64:
+ roles:
+ - master
+ platform: fedora-18-x86_64
+ box : fedora-18-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/fedora-18-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ log_level: debug
+ type: git
--- /dev/null
+HOSTS:
+ ubuntu-server-10044-x64:
+ roles:
+ - master
+ platform: ubuntu-10.04-amd64
+ box : ubuntu-server-10044-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: foss
--- /dev/null
+HOSTS:
+ ubuntu-server-12042-x64:
+ roles:
+ - master
+ platform: ubuntu-12.04-amd64
+ box : ubuntu-server-12042-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: foss
--- /dev/null
+HOSTS:
+ ubuntu-server-1310-x64:
+ roles:
+ - master
+ platform: ubuntu-13.10-amd64
+ box : ubuntu-server-1310-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-1310-x64-virtualbox-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ log_level : debug
+ type: git
--- /dev/null
+HOSTS:
+ ubuntu-server-1404-x64:
+ roles:
+ - master
+ platform: ubuntu-14.04-amd64
+ box : puppetlabs/ubuntu-14.04-64-nocm
+ box_url : https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
+ hypervisor : vagrant
+CONFIG:
+ log_level : debug
+ type: git
--- /dev/null
+require 'spec_helper_acceptance'
+
+case fact('osfamily')
+when 'RedHat'
+ servicename = 'httpd'
+when 'Debian'
+ servicename = 'apache2'
+when 'FreeBSD'
+ servicename = 'apache24'
+when 'Gentoo'
+ servicename = 'apache2'
+end
+
+case fact('osfamily')
+when 'FreeBSD'
+ describe 'apache::mod::event class' do
+ describe 'running puppet code' do
+ # Using puppet_apply as a helper
+ it 'should work with no errors' do
+ pp = <<-EOS
+ class { 'apache':
+ mpm_module => 'event',
+ }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+ end
+ end
+
+ describe service(servicename) do
+ it { is_expected.to be_running }
+ it { is_expected.to be_enabled }
+ end
+ end
+end
+
+describe 'apache::mod::worker class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ describe 'running puppet code' do
+ # Using puppet_apply as a helper
+ it 'should work with no errors' do
+ pp = <<-EOS
+ class { 'apache':
+ mpm_module => 'worker',
+ }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+ end
+ end
+
+ describe service(servicename) do
+ it { is_expected.to be_running }
+ it { is_expected.to be_enabled }
+ end
+end
+
+describe 'apache::mod::prefork class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ describe 'running puppet code' do
+ # Using puppet_apply as a helper
+ it 'should work with no errors' do
+ pp = <<-EOS
+ class { 'apache':
+ mpm_module => 'prefork',
+ }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+ end
+ end
+
+ describe service(servicename) do
+ it { is_expected.to be_running }
+ it { is_expected.to be_enabled }
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'apache::service class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ describe 'adding dependencies in between the base class and service class' do
+ it 'should work with no errors' do
+ pp = <<-EOS
+ class { 'apache': }
+ file { '/tmp/test':
+ require => Class['apache'],
+ notify => Class['apache::service'],
+ }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe 'unsupported distributions and OSes', :if => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ it 'should fail' do
+ pp = <<-EOS
+ class { 'apache': }
+ apache::vhost { 'test.lan':
+ docroot => '/var/www',
+ }
+ EOS
+ expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/unsupported/i)
+ end
+end
--- /dev/null
+_osfamily = fact('osfamily')
+_operatingsystem = fact('operatingsystem')
+_operatingsystemrelease = fact('operatingsystemrelease').to_f
+
+case _osfamily
+when 'RedHat'
+ $confd_dir = '/etc/httpd/conf.d'
+ $mod_dir = '/etc/httpd/conf.d'
+ $conf_file = '/etc/httpd/conf/httpd.conf'
+ $ports_file = '/etc/httpd/conf/ports.conf'
+ $vhost_dir = '/etc/httpd/conf.d'
+ $vhost = '/etc/httpd/conf.d/15-default.conf'
+ $run_dir = '/var/run/httpd'
+ $service_name = 'httpd'
+ $package_name = 'httpd'
+ $error_log = 'error_log'
+ $suphp_handler = 'php5-script'
+ $suphp_configpath = 'undef'
+
+ if (_operatingsystem == 'Fedora' and _operatingsystemrelease >= 18) or (_operatingsystem != 'Fedora' and _operatingsystemrelease >= 7)
+ $apache_version = '2.4'
+ else
+ $apache_version = '2.2'
+ end
+when 'Debian'
+ $confd_dir = '/etc/apache2/conf.d'
+ $mod_dir = '/etc/apache2/mods-available'
+ $conf_file = '/etc/apache2/apache2.conf'
+ $ports_file = '/etc/apache2/ports.conf'
+ $vhost = '/etc/apache2/sites-available/15-default.conf'
+ $vhost_dir = '/etc/apache2/sites-enabled'
+ $run_dir = '/var/run/apache2'
+ $service_name = 'apache2'
+ $package_name = 'apache2'
+ $error_log = 'error.log'
+ $suphp_handler = 'x-httpd-php'
+ $suphp_configpath = '/etc/php5/apache2'
+
+ if _operatingsystem == 'Ubuntu' and _operatingsystemrelease >= 13.10
+ $apache_version = '2.4'
+ elsif _operatingsystem == 'Debian' and _operatingsystemrelease >= 8.0
+ $apache_version = '2.4'
+ else
+ $apache_version = '2.2'
+ end
+when 'FreeBSD'
+ $confd_dir = '/usr/local/etc/apache24/Includes'
+ $mod_dir = '/usr/local/etc/apache24/Modules'
+ $conf_file = '/usr/local/etc/apache24/httpd.conf'
+ $ports_file = '/usr/local/etc/apache24/Includes/ports.conf'
+ $vhost = '/usr/local/etc/apache24/Vhosts/15-default.conf'
+ $vhost_dir = '/usr/local/etc/apache24/Vhosts'
+ $run_dir = '/var/run/apache24'
+ $service_name = 'apache24'
+ $package_name = 'apache24'
+ $error_log = 'http-error.log'
+
+ $apache_version = '2.2'
+when 'Gentoo'
+ $confd_dir = '/etc/apache2/conf.d'
+ $mod_dir = '/etc/apache2/modules.d'
+ $conf_file = '/etc/apache2/httpd.conf'
+ $ports_file = '/etc/apache2/ports.conf'
+ $vhost = '/etc/apache2/vhosts.d/15-default.conf'
+ $vhost_dir = '/etc/apache2/vhosts.d'
+ $run_dir = '/var/run/apache2'
+ $service_name = 'apache2'
+ $package_name = 'www-servers/apache'
+ $error_log = 'http-error.log'
+
+ $apache_version = '2.4'
+else
+ $apache_version = '0'
+end
+
--- /dev/null
+require 'spec_helper_acceptance'
+require_relative './version.rb'
+
+describe 'apache::vhost define', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ context 'no default vhosts' do
+ it 'should create no default vhosts' do
+ pp = <<-EOS
+ class { 'apache':
+ default_vhost => false,
+ default_ssl_vhost => false,
+ service_ensure => stopped
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/15-default.conf") do
+ it { is_expected.not_to be_file }
+ end
+
+ describe file("#{$vhost_dir}/15-default-ssl.conf") do
+ it { is_expected.not_to be_file }
+ end
+ end
+
+ context "default vhost without ssl" do
+ it 'should create a default vhost config' do
+ pp = <<-EOS
+ class { 'apache': }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/15-default.conf") do
+ it { is_expected.to contain '<VirtualHost \*:80>' }
+ end
+
+ describe file("#{$vhost_dir}/15-default-ssl.conf") do
+ it { is_expected.not_to be_file }
+ end
+ end
+
+ context 'default vhost with ssl' do
+ it 'should create default vhost configs' do
+ pp = <<-EOS
+ file { '#{$run_dir}':
+ ensure => 'directory',
+ recurse => true,
+ }
+
+ class { 'apache':
+ default_ssl_vhost => true,
+ require => File['#{$run_dir}'],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/15-default.conf") do
+ it { is_expected.to contain '<VirtualHost \*:80>' }
+ end
+
+ describe file("#{$vhost_dir}/15-default-ssl.conf") do
+ it { is_expected.to contain '<VirtualHost \*:443>' }
+ it { is_expected.to contain "SSLEngine on" }
+ end
+ end
+
+ context 'new vhost on port 80' do
+ it 'should configure an apache vhost' do
+ pp = <<-EOS
+ class { 'apache': }
+ file { '#{$run_dir}':
+ ensure => 'directory',
+ recurse => true,
+ }
+
+ apache::vhost { 'first.example.com':
+ port => '80',
+ docroot => '/var/www/first',
+ require => File['#{$run_dir}'],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-first.example.com.conf") do
+ it { is_expected.to contain '<VirtualHost \*:80>' }
+ it { is_expected.to contain "ServerName first.example.com" }
+ end
+ end
+
+ context 'new proxy vhost on port 80' do
+ it 'should configure an apache proxy vhost' do
+ pp = <<-EOS
+ class { 'apache': }
+ apache::vhost { 'proxy.example.com':
+ port => '80',
+ docroot => '/var/www/proxy',
+ proxy_pass => [
+ { 'path' => '/foo', 'url' => 'http://backend-foo/'},
+ ],
+ proxy_preserve_host => true,
+ proxy_error_override => true,
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-proxy.example.com.conf") do
+ it { is_expected.to contain '<VirtualHost \*:80>' }
+ it { is_expected.to contain "ServerName proxy.example.com" }
+ it { is_expected.to contain "ProxyPass" }
+ it { is_expected.to contain "ProxyPreserveHost On" }
+ it { is_expected.to contain "ProxyErrorOverride On" }
+ it { is_expected.not_to contain "<Proxy \*>" }
+ end
+ end
+
+ context 'new proxy vhost on port 80' do
+ it 'should configure an apache proxy vhost' do
+ pp = <<-EOS
+ class { 'apache': }
+ apache::vhost { 'proxy.example.com':
+ port => '80',
+ docroot => '/var/www/proxy',
+ proxy_pass_match => [
+ { 'path' => '/foo', 'url' => 'http://backend-foo/'},
+ ],
+ proxy_preserve_host => true,
+ proxy_error_override => true,
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-proxy.example.com.conf") do
+ it { is_expected.to contain '<VirtualHost \*:80>' }
+ it { is_expected.to contain "ServerName proxy.example.com" }
+ it { is_expected.to contain "ProxyPassMatch /foo http://backend-foo/" }
+ it { is_expected.to contain "ProxyPreserveHost On" }
+ it { is_expected.to contain "ProxyErrorOverride On" }
+ it { is_expected.not_to contain "<Proxy \*>" }
+ end
+ end
+
+ context 'new vhost on port 80' do
+ it 'should configure two apache vhosts' do
+ pp = <<-EOS
+ class { 'apache': }
+ apache::vhost { 'first.example.com':
+ port => '80',
+ docroot => '/var/www/first',
+ }
+ host { 'first.example.com': ip => '127.0.0.1', }
+ file { '/var/www/first/index.html':
+ ensure => file,
+ content => "Hello from first\\n",
+ }
+ apache::vhost { 'second.example.com':
+ port => '80',
+ docroot => '/var/www/second',
+ }
+ host { 'second.example.com': ip => '127.0.0.1', }
+ file { '/var/www/second/index.html':
+ ensure => file,
+ content => "Hello from second\\n",
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service($service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ it 'should answer to first.example.com' do
+ shell("/usr/bin/curl first.example.com:80", {:acceptable_exit_codes => 0}) do |r|
+ expect(r.stdout).to eq("Hello from first\n")
+ end
+ end
+
+ it 'should answer to second.example.com' do
+ shell("/usr/bin/curl second.example.com:80", {:acceptable_exit_codes => 0}) do |r|
+ expect(r.stdout).to eq("Hello from second\n")
+ end
+ end
+ end
+
+ context 'apache_directories' do
+ describe 'readme example, adapted' do
+ it 'should configure a vhost with Files' do
+ pp = <<-EOS
+ class { 'apache': }
+
+ if versioncmp($apache::apache_version, '2.4') >= 0 {
+ $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'require' => 'all denied', }
+ } else {
+ $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'deny' => 'from all', }
+ }
+
+ $_directories = [
+ { 'path' => '/var/www/files', },
+ $_files_match_directory,
+ ]
+
+ apache::vhost { 'files.example.net':
+ docroot => '/var/www/files',
+ directories => $_directories,
+ }
+ file { '/var/www/files/index.html':
+ ensure => file,
+ content => "Hello World\\n",
+ }
+ file { '/var/www/files/index.html.bak':
+ ensure => file,
+ content => "Hello World\\n",
+ }
+ host { 'files.example.net': ip => '127.0.0.1', }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service($service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ it 'should answer to files.example.net' do
+ expect(shell("/usr/bin/curl -sSf files.example.net:80/index.html").stdout).to eq("Hello World\n")
+ expect(shell("/usr/bin/curl -sSf files.example.net:80/index.html.bak", {:acceptable_exit_codes => 22}).stderr).to match(/curl: \(22\) The requested URL returned error: 403/)
+ end
+ end
+
+ describe 'other Directory options' do
+ it 'should configure a vhost with multiple Directory sections' do
+ pp = <<-EOS
+ class { 'apache': }
+
+ if versioncmp($apache::apache_version, '2.4') >= 0 {
+ $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'require' => 'all denied' }
+ } else {
+ $_files_match_directory = [
+ { 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' },
+ { 'path' => '/bar/bar.html', 'provider' => 'location', allow => [ 'from 127.0.0.1', ] },
+ ]
+ }
+
+ $_directories = [
+ { 'path' => '/var/www/files', },
+ { 'path' => '/foo/', 'provider' => 'location', 'directoryindex' => 'notindex.html', },
+ $_files_match_directory,
+ ]
+
+ apache::vhost { 'files.example.net':
+ docroot => '/var/www/files',
+ directories => $_directories,
+ }
+ file { '/var/www/files/foo':
+ ensure => directory,
+ }
+ file { '/var/www/files/foo/notindex.html':
+ ensure => file,
+ content => "Hello Foo\\n",
+ }
+ file { '/var/www/files/private.html':
+ ensure => file,
+ content => "Hello World\\n",
+ }
+ file { '/var/www/files/bar':
+ ensure => directory,
+ }
+ file { '/var/www/files/bar/bar.html':
+ ensure => file,
+ content => "Hello Bar\\n",
+ }
+ host { 'files.example.net': ip => '127.0.0.1', }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service($service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ it 'should answer to files.example.net' do
+ expect(shell("/usr/bin/curl -sSf files.example.net:80/").stdout).to eq("Hello World\n")
+ expect(shell("/usr/bin/curl -sSf files.example.net:80/foo/").stdout).to eq("Hello Foo\n")
+ expect(shell("/usr/bin/curl -sSf files.example.net:80/private.html", {:acceptable_exit_codes => 22}).stderr).to match(/curl: \(22\) The requested URL returned error: 403/)
+ expect(shell("/usr/bin/curl -sSf files.example.net:80/bar/bar.html").stdout).to eq("Hello Bar\n")
+ end
+ end
+
+ describe 'SetHandler directive' do
+ it 'should configure a vhost with a SetHandler directive' do
+ pp = <<-EOS
+ class { 'apache': }
+ apache::mod { 'status': }
+ host { 'files.example.net': ip => '127.0.0.1', }
+ apache::vhost { 'files.example.net':
+ docroot => '/var/www/files',
+ directories => [
+ { path => '/var/www/files', },
+ { path => '/server-status', provider => 'location', sethandler => 'server-status', },
+ ],
+ }
+ file { '/var/www/files/index.html':
+ ensure => file,
+ content => "Hello World\\n",
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service($service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ it 'should answer to files.example.net' do
+ expect(shell("/usr/bin/curl -sSf files.example.net:80/index.html").stdout).to eq("Hello World\n")
+ expect(shell("/usr/bin/curl -sSf files.example.net:80/server-status?auto").stdout).to match(/Scoreboard: /)
+ end
+ end
+
+ describe 'Satisfy and Auth directive', :unless => $apache_version == '2.4' do
+ it 'should configure a vhost with Satisfy and Auth directive' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'files.example.net': ip => '127.0.0.1', }
+ apache::vhost { 'files.example.net':
+ docroot => '/var/www/files',
+ directories => [
+ {
+ path => '/var/www/files/foo',
+ auth_type => 'Basic',
+ auth_name => 'Basic Auth',
+ auth_user_file => '/var/www/htpasswd',
+ auth_require => "valid-user",
+ },
+ {
+ path => '/var/www/files/bar',
+ auth_type => 'Basic',
+ auth_name => 'Basic Auth',
+ auth_user_file => '/var/www/htpasswd',
+ auth_require => 'valid-user',
+ satisfy => 'Any',
+ },
+ {
+ path => '/var/www/files/baz',
+ allow => 'from 10.10.10.10',
+ auth_type => 'Basic',
+ auth_name => 'Basic Auth',
+ auth_user_file => '/var/www/htpasswd',
+ auth_require => 'valid-user',
+ satisfy => 'Any',
+ },
+ ],
+ }
+ file { '/var/www/files/foo':
+ ensure => directory,
+ }
+ file { '/var/www/files/bar':
+ ensure => directory,
+ }
+ file { '/var/www/files/baz':
+ ensure => directory,
+ }
+ file { '/var/www/files/foo/index.html':
+ ensure => file,
+ content => "Hello World\\n",
+ }
+ file { '/var/www/files/bar/index.html':
+ ensure => file,
+ content => "Hello World\\n",
+ }
+ file { '/var/www/files/baz/index.html':
+ ensure => file,
+ content => "Hello World\\n",
+ }
+ file { '/var/www/htpasswd':
+ ensure => file,
+ content => "login:IZ7jMcLSx0oQk", # "password" as password
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service($service_name) do
+ it { should be_enabled }
+ it { should be_running }
+ end
+
+ it 'should answer to files.example.net' do
+ shell("/usr/bin/curl -sSf files.example.net:80/foo/index.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: \(22\) The requested URL returned error: 401/)
+ shell("/usr/bin/curl -sSf -u login:password files.example.net:80/foo/index.html").stdout.should eq("Hello World\n")
+ shell("/usr/bin/curl -sSf files.example.net:80/bar/index.html").stdout.should eq("Hello World\n")
+ shell("/usr/bin/curl -sSf -u login:password files.example.net:80/bar/index.html").stdout.should eq("Hello World\n")
+ shell("/usr/bin/curl -sSf files.example.net:80/baz/index.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: \(22\) The requested URL returned error: 401/)
+ shell("/usr/bin/curl -sSf -u login:password files.example.net:80/baz/index.html").stdout.should eq("Hello World\n")
+ end
+ end
+ end
+
+ case fact('lsbdistcodename')
+ when 'precise', 'wheezy'
+ context 'vhost fallbackresource example' do
+ it 'should configure a vhost with Fallbackresource' do
+ pp = <<-EOS
+ class { 'apache': }
+ apache::vhost { 'fallback.example.net':
+ docroot => '/var/www/fallback',
+ fallbackresource => '/index.html'
+ }
+ file { '/var/www/fallback/index.html':
+ ensure => file,
+ content => "Hello World\\n",
+ }
+ host { 'fallback.example.net': ip => '127.0.0.1', }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service($service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ it 'should answer to fallback.example.net' do
+ shell("/usr/bin/curl fallback.example.net:80/Does/Not/Exist") do |r|
+ expect(r.stdout).to eq("Hello World\n")
+ end
+ end
+
+ end
+ else
+ # The current stable RHEL release (6.4) comes with Apache httpd 2.2.15
+ # That was released March 6, 2010.
+ # FallbackResource was backported to 2.2.16, and released July 25, 2010.
+ # Ubuntu Lucid (10.04) comes with apache2 2.2.14, released October 3, 2009.
+ # https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS
+ end
+
+ context 'virtual_docroot hosting separate sites' do
+ it 'should configure a vhost with VirtualDocumentRoot' do
+ pp = <<-EOS
+ class { 'apache': }
+ apache::vhost { 'virt.example.com':
+ vhost_name => '*',
+ serveraliases => '*virt.example.com',
+ port => '80',
+ docroot => '/var/www/virt',
+ virtual_docroot => '/var/www/virt/%1',
+ }
+ host { 'virt.example.com': ip => '127.0.0.1', }
+ host { 'a.virt.example.com': ip => '127.0.0.1', }
+ host { 'b.virt.example.com': ip => '127.0.0.1', }
+ file { [ '/var/www/virt/a', '/var/www/virt/b', ]: ensure => directory, }
+ file { '/var/www/virt/a/index.html': ensure => file, content => "Hello from a.virt\\n", }
+ file { '/var/www/virt/b/index.html': ensure => file, content => "Hello from b.virt\\n", }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe service($service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ it 'should answer to a.virt.example.com' do
+ shell("/usr/bin/curl a.virt.example.com:80", {:acceptable_exit_codes => 0}) do |r|
+ expect(r.stdout).to eq("Hello from a.virt\n")
+ end
+ end
+
+ it 'should answer to b.virt.example.com' do
+ shell("/usr/bin/curl b.virt.example.com:80", {:acceptable_exit_codes => 0}) do |r|
+ expect(r.stdout).to eq("Hello from b.virt\n")
+ end
+ end
+ end
+
+ context 'proxy_pass for alternative vhost' do
+ it 'should configure a local vhost and a proxy vhost' do
+ apply_manifest(%{
+ class { 'apache': default_vhost => false, }
+ apache::vhost { 'localhost':
+ docroot => '/var/www/local',
+ ip => '127.0.0.1',
+ port => '8888',
+ }
+ apache::listen { '*:80': }
+ apache::vhost { 'proxy.example.com':
+ docroot => '/var/www',
+ port => '80',
+ add_listen => false,
+ proxy_pass => {
+ 'path' => '/',
+ 'url' => 'http://localhost:8888/subdir/',
+ },
+ }
+ host { 'proxy.example.com': ip => '127.0.0.1', }
+ file { ['/var/www/local', '/var/www/local/subdir']: ensure => directory, }
+ file { '/var/www/local/subdir/index.html':
+ ensure => file,
+ content => "Hello from localhost\\n",
+ }
+ }, :catch_failures => true)
+ end
+
+ describe service($service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ it 'should get a response from the back end' do
+ shell("/usr/bin/curl --max-redirs 0 proxy.example.com:80") do |r|
+ expect(r.stdout).to eq("Hello from localhost\n")
+ expect(r.exit_code).to eq(0)
+ end
+ end
+ end
+
+ context 'proxy_pass_match for alternative vhost' do
+ it 'should configure a local vhost and a proxy vhost' do
+ apply_manifest(%{
+ class { 'apache': default_vhost => false, }
+ apache::vhost { 'localhost':
+ docroot => '/var/www/local',
+ ip => '127.0.0.1',
+ port => '8888',
+ }
+ apache::listen { '*:80': }
+ apache::vhost { 'proxy.example.com':
+ docroot => '/var/www',
+ port => '80',
+ add_listen => false,
+ proxy_pass_match => {
+ 'path' => '/',
+ 'url' => 'http://localhost:8888/subdir/',
+ },
+ }
+ host { 'proxy.example.com': ip => '127.0.0.1', }
+ file { ['/var/www/local', '/var/www/local/subdir']: ensure => directory, }
+ file { '/var/www/local/subdir/index.html':
+ ensure => file,
+ content => "Hello from localhost\\n",
+ }
+ }, :catch_failures => true)
+ end
+
+ describe service($service_name) do
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+ end
+
+ it 'should get a response from the back end' do
+ shell("/usr/bin/curl --max-redirs 0 proxy.example.com:80") do |r|
+ expect(r.stdout).to eq("Hello from localhost\n")
+ expect(r.exit_code).to eq(0)
+ end
+ end
+ end
+
+ describe 'ip_based' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ ip_based => true,
+ servername => 'test.server',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file($ports_file) do
+ it { is_expected.to be_file }
+ it { is_expected.not_to contain 'NameVirtualHost test.server' }
+ end
+ end
+
+ describe 'add_listen' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': default_vhost => false }
+ host { 'testlisten.server': ip => '127.0.0.1' }
+ apache::listen { '81': }
+ apache::vhost { 'testlisten.server':
+ docroot => '/tmp',
+ port => '80',
+ add_listen => false,
+ servername => 'testlisten.server',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file($ports_file) do
+ it { is_expected.to be_file }
+ it { is_expected.not_to contain 'Listen 80' }
+ it { is_expected.to contain 'Listen 81' }
+ end
+ end
+
+ describe 'docroot' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ user { 'test_owner': ensure => present, }
+ group { 'test_group': ensure => present, }
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp/test',
+ docroot_owner => 'test_owner',
+ docroot_group => 'test_group',
+ docroot_mode => '0750',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file('/tmp/test') do
+ it { is_expected.to be_directory }
+ it { is_expected.to be_owned_by 'test_owner' }
+ it { is_expected.to be_grouped_into 'test_group' }
+ it { is_expected.to be_mode 750 }
+ end
+ end
+
+ describe 'default_vhost' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ default_vhost => true,
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file($ports_file) do
+ it { is_expected.to be_file }
+ if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7'
+ it { is_expected.not_to contain 'NameVirtualHost test.server' }
+ elsif fact('operatingsystem') == 'Ubuntu' and fact('operatingsystemrelease') =~ /(14\.04|13\.10)/
+ it { is_expected.not_to contain 'NameVirtualHost test.server' }
+ else
+ it { is_expected.to contain 'NameVirtualHost test.server' }
+ end
+ end
+
+ describe file("#{$vhost_dir}/10-test.server.conf") do
+ it { is_expected.to be_file }
+ end
+ end
+
+ describe 'options' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ options => ['Indexes','FollowSymLinks', 'ExecCGI'],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'Options Indexes FollowSymLinks ExecCGI' }
+ end
+ end
+
+ describe 'override' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ override => ['All'],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'AllowOverride All' }
+ end
+ end
+
+ describe 'logroot' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ logroot => '/tmp',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain ' CustomLog "/tmp' }
+ end
+ end
+
+ ['access', 'error'].each do |logtype|
+ case logtype
+ when 'access'
+ logname = 'CustomLog'
+ when 'error'
+ logname = 'ErrorLog'
+ end
+
+ describe "#{logtype}_log" do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ logroot => '/tmp',
+ #{logtype}_log => false,
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.not_to contain " #{logname} \"/tmp" }
+ end
+ end
+
+ describe "#{logtype}_log_pipe" do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ logroot => '/tmp',
+ #{logtype}_log_pipe => '|/bin/sh',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain " #{logname} \"|/bin/sh" }
+ end
+ end
+
+ describe "#{logtype}_log_syslog" do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ logroot => '/tmp',
+ #{logtype}_log_syslog => 'syslog',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain " #{logname} \"syslog\"" }
+ end
+ end
+ end
+
+ describe 'access_log_format' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ logroot => '/tmp',
+ access_log_syslog => 'syslog',
+ access_log_format => '%h %l',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'CustomLog "syslog" "%h %l"' }
+ end
+ end
+
+ describe 'access_log_env_var' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ logroot => '/tmp',
+ access_log_syslog => 'syslog',
+ access_log_env_var => 'admin',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'CustomLog "syslog" combined env=admin' }
+ end
+ end
+
+ describe 'multiple access_logs' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ logroot => '/tmp',
+ access_logs => [
+ {'file' => 'log1'},
+ {'file' => 'log2', 'env' => 'admin' },
+ {'file' => '/var/tmp/log3', 'format' => '%h %l'},
+ {'syslog' => 'syslog' }
+ ]
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'CustomLog "/tmp/log1" combined' }
+ it { is_expected.to contain 'CustomLog "/tmp/log2" combined env=admin' }
+ it { is_expected.to contain 'CustomLog "/var/tmp/log3" "%h %l"' }
+ it { is_expected.to contain 'CustomLog "syslog" combined' }
+ end
+ end
+
+ describe 'aliases' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ aliases => [
+ { alias => '/image' , path => '/ftp/pub/image' } ,
+ { scriptalias => '/myscript' , path => '/usr/share/myscript' }
+ ],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'Alias /image "/ftp/pub/image"' }
+ it { is_expected.to contain 'ScriptAlias /myscript "/usr/share/myscript"' }
+ end
+ end
+
+ describe 'scriptaliases' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ scriptaliases => [{ alias => '/myscript', path => '/usr/share/myscript', }],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'ScriptAlias /myscript "/usr/share/myscript"' }
+ end
+ end
+
+ describe 'proxy' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': service_ensure => stopped, }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ proxy_dest => 'test2',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'ProxyPass / test2/' }
+ end
+ end
+
+ describe 'actions' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ action => 'php-fastcgi',
+ }
+ EOS
+ pp = pp + "\nclass { 'apache::mod::actions': }" if fact('osfamily') == 'Debian'
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'Action php-fastcgi /cgi-bin virtual' }
+ end
+ end
+
+ describe 'suphp' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': service_ensure => stopped, }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ suphp_addhandler => '#{$suphp_handler}',
+ suphp_engine => 'on',
+ suphp_configpath => '#{$suphp_configpath}',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain "suPHP_AddHandler #{$suphp_handler}" }
+ it { is_expected.to contain 'suPHP_Engine on' }
+ it { is_expected.to contain "suPHP_ConfigPath \"#{$suphp_configpath}\"" }
+ end
+ end
+
+ describe 'no_proxy_uris' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': service_ensure => stopped, }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ proxy_dest => 'http://test2',
+ no_proxy_uris => [ 'http://test2/test' ],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'ProxyPass / http://test2/' }
+ it { is_expected.to contain 'ProxyPass http://test2/test !' }
+ end
+ end
+
+ describe 'redirect' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ redirect_source => ['/images'],
+ redirect_dest => ['http://test.server/'],
+ redirect_status => ['permanent'],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'Redirect permanent /images http://test.server/' }
+ end
+ end
+
+ # Passenger isn't even in EPEL on el-5
+ if default['platform'] !~ /^el-5/
+ if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7'
+ pending('Since we don\'t have passenger on RHEL7 rack_base_uris tests will fail')
+ else
+ describe 'rack_base_uris' do
+ if fact('osfamily') == 'RedHat'
+ it 'adds epel' do
+ pp = "class { 'epel': }"
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ rack_base_uris => ['/test'],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'RackBaseURI /test' }
+ end
+ end
+ end
+ end
+
+
+ describe 'request_headers' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ request_headers => ['append MirrorID "mirror 12"'],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'append MirrorID "mirror 12"' }
+ end
+ end
+
+ describe 'rewrite rules' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ rewrites => [
+ { comment => 'test',
+ rewrite_cond => '%{HTTP_USER_AGENT} ^Lynx/ [OR]',
+ rewrite_rule => ['^index\.html$ welcome.html'],
+ rewrite_map => ['lc int:tolower'],
+ }
+ ],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain '#test' }
+ it { is_expected.to contain 'RewriteCond %{HTTP_USER_AGENT} ^Lynx/ [OR]' }
+ it { is_expected.to contain 'RewriteRule ^index.html$ welcome.html' }
+ it { is_expected.to contain 'RewriteMap lc int:tolower' }
+ end
+ end
+
+ describe 'directory rewrite rules' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ if ! defined(Class['apache::mod::rewrite']) {
+ include ::apache::mod::rewrite
+ }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ directories => [
+ {
+ path => '/tmp',
+ rewrites => [
+ {
+ comment => 'Permalink Rewrites',
+ rewrite_base => '/',
+ },
+ { rewrite_rule => [ '^index\\.php$ - [L]' ] },
+ { rewrite_cond => [
+ '%{REQUEST_FILENAME} !-f',
+ '%{REQUEST_FILENAME} !-d', ], rewrite_rule => [ '. /index.php [L]' ], }
+ ],
+ },
+ ],
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { should be_file }
+ it { should contain '#Permalink Rewrites' }
+ it { should contain 'RewriteEngine On' }
+ it { should contain 'RewriteBase /' }
+ it { should contain 'RewriteRule ^index\.php$ - [L]' }
+ it { should contain 'RewriteCond %{REQUEST_FILENAME} !-f' }
+ it { should contain 'RewriteCond %{REQUEST_FILENAME} !-d' }
+ it { should contain 'RewriteRule . /index.php [L]' }
+ end
+ end
+
+ describe 'setenv/setenvif' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ setenv => ['TEST /test'],
+ setenvif => ['Request_URI "\.gif$" object_is_image=gif']
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'SetEnv TEST /test' }
+ it { is_expected.to contain 'SetEnvIf Request_URI "\.gif$" object_is_image=gif' }
+ end
+ end
+
+ describe 'block' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ block => 'scm',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain '<DirectoryMatch .*\.(svn|git|bzr)/.*>' }
+ end
+ end
+
+ describe 'wsgi' do
+ it 'import_script applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ class { 'apache::mod::wsgi': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ wsgi_application_group => '%{GLOBAL}',
+ wsgi_daemon_process => 'wsgi',
+ wsgi_daemon_process_options => {processes => '2'},
+ wsgi_process_group => 'nobody',
+ wsgi_script_aliases => { '/test' => '/test1' },
+ wsgi_pass_authorization => 'On',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ it 'import_script applies cleanly', :unless => (fact('lsbdistcodename') == 'lucid' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do
+ pp = <<-EOS
+ class { 'apache': }
+ class { 'apache::mod::wsgi': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ wsgi_application_group => '%{GLOBAL}',
+ wsgi_daemon_process => 'wsgi',
+ wsgi_daemon_process_options => {processes => '2'},
+ wsgi_import_script => '/test1',
+ wsgi_import_script_options => { application-group => '%{GLOBAL}', process-group => 'wsgi' },
+ wsgi_process_group => 'nobody',
+ wsgi_script_aliases => { '/test' => '/test1' },
+ wsgi_pass_authorization => 'On',
+ wsgi_chunked_request => 'On',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf"), :unless => (fact('lsbdistcodename') == 'lucid' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'WSGIApplicationGroup %{GLOBAL}' }
+ it { is_expected.to contain 'WSGIDaemonProcess wsgi processes=2' }
+ it { is_expected.to contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' }
+ it { is_expected.to contain 'WSGIProcessGroup nobody' }
+ it { is_expected.to contain 'WSGIScriptAlias /test "/test1"' }
+ it { is_expected.to contain 'WSGIPassAuthorization On' }
+ it { is_expected.to contain 'WSGIChunkedRequest On' }
+ end
+ end
+
+ describe 'custom_fragment' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ custom_fragment => inline_template('#weird test string'),
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain '#weird test string' }
+ end
+ end
+
+ describe 'itk' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ itk => { user => 'nobody', group => 'nobody' }
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'AssignUserId nobody nobody' }
+ end
+ end
+
+ # So what does this work on?
+ if default['platform'] !~ /^(debian-(6|7)|el-(5|6|7))/
+ describe 'fastcgi' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ class { 'apache::mod::fastcgi': }
+ host { 'test.server': ip => '127.0.0.1' }
+ apache::vhost { 'test.server':
+ docroot => '/tmp',
+ fastcgi_server => 'localhost',
+ fastcgi_socket => '/tmp/fast/1234',
+ fastcgi_dir => '/tmp/fast',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'FastCgiExternalServer localhost -socket /tmp/fast/1234' }
+ it { is_expected.to contain '<Directory "/tmp/fast">' }
+ end
+ end
+ end
+
+ describe 'additional_includes' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ if $::osfamily == 'RedHat' and $::selinux {
+ $semanage_package = $::operatingsystemmajrelease ? {
+ '5' => 'policycoreutils',
+ default => 'policycoreutils-python',
+ }
+ exec { 'set_apache_defaults':
+ command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"',
+ path => '/bin:/usr/bin/:/sbin:/usr/sbin',
+ require => Package[$semanage_package],
+ }
+ package { $semanage_package: ensure => installed }
+ exec { 'restorecon_apache':
+ command => 'restorecon -Rv /apache_spec',
+ path => '/bin:/usr/bin/:/sbin:/usr/sbin',
+ before => Service['httpd'],
+ require => Class['apache'],
+ }
+ }
+ class { 'apache': }
+ host { 'test.server': ip => '127.0.0.1' }
+ file { '/apache_spec': ensure => directory, }
+ file { '/apache_spec/include': ensure => present, content => '#additional_includes' }
+ apache::vhost { 'test.server':
+ docroot => '/apache_spec',
+ additional_includes => '/apache_spec/include',
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/25-test.server.conf") do
+ it { is_expected.to be_file }
+ it { is_expected.to contain 'Include "/apache_spec/include"' }
+ end
+ end
+
+ describe 'virtualhost without priority prefix' do
+ it 'applies cleanly' do
+ pp = <<-EOS
+ class { 'apache': }
+ apache::vhost { 'test.server':
+ priority => false,
+ docroot => '/tmp'
+ }
+ EOS
+ apply_manifest(pp, :catch_failures => true)
+ end
+
+ describe file("#{$vhost_dir}/test.server.conf") do
+ it { is_expected.to be_file }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache', :type => :class do
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :lsbdistcodename => 'squeeze',
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_package("httpd").with(
+ 'notify' => 'Class[Apache::Service]',
+ 'ensure' => 'installed'
+ )
+ }
+ it { is_expected.to contain_user("www-data") }
+ it { is_expected.to contain_group("www-data") }
+ it { is_expected.to contain_class("apache::service") }
+ it { is_expected.to contain_file("/var/www").with(
+ 'ensure' => 'directory'
+ )
+ }
+ it { is_expected.to contain_file("/etc/apache2/sites-enabled").with(
+ 'ensure' => 'directory',
+ 'recurse' => 'true',
+ 'purge' => 'true',
+ 'notify' => 'Class[Apache::Service]',
+ 'require' => 'Package[httpd]'
+ )
+ }
+ it { is_expected.to contain_file("/etc/apache2/mods-enabled").with(
+ 'ensure' => 'directory',
+ 'recurse' => 'true',
+ 'purge' => 'true',
+ 'notify' => 'Class[Apache::Service]',
+ 'require' => 'Package[httpd]'
+ )
+ }
+ it { is_expected.to contain_file("/etc/apache2/mods-available").with(
+ 'ensure' => 'directory',
+ 'recurse' => 'true',
+ 'purge' => 'false',
+ 'notify' => 'Class[Apache::Service]',
+ 'require' => 'Package[httpd]'
+ )
+ }
+ it { is_expected.to contain_concat("/etc/apache2/ports.conf").with(
+ 'owner' => 'root',
+ 'group' => 'root',
+ 'mode' => '0644',
+ 'notify' => 'Class[Apache::Service]'
+ )
+ }
+ # Assert that load files are placed and symlinked for these mods, but no conf file.
+ [
+ 'auth_basic',
+ 'authn_file',
+ 'authz_default',
+ 'authz_groupfile',
+ 'authz_host',
+ 'authz_user',
+ 'dav',
+ 'env'
+ ].each do |modname|
+ it { is_expected.to contain_file("#{modname}.load").with(
+ 'path' => "/etc/apache2/mods-available/#{modname}.load",
+ 'ensure' => 'file'
+ ) }
+ it { is_expected.to contain_file("#{modname}.load symlink").with(
+ 'path' => "/etc/apache2/mods-enabled/#{modname}.load",
+ 'ensure' => 'link',
+ 'target' => "/etc/apache2/mods-available/#{modname}.load"
+ ) }
+ it { is_expected.not_to contain_file("#{modname}.conf") }
+ it { is_expected.not_to contain_file("#{modname}.conf symlink") }
+ end
+
+ context "with Apache version < 2.4" do
+ let :params do
+ { :apache_version => '2.2' }
+ end
+
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^Include "/etc/apache2/conf\.d/\*\.conf"$} }
+ end
+
+ context "with Apache version >= 2.4" do
+ let :params do
+ {
+ :apache_version => '2.4',
+ :use_optional_includes => true
+ }
+ end
+
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} }
+ end
+
+ context "when specifying slash encoding behaviour" do
+ let :params do
+ { :allow_encoded_slashes => 'nodecode' }
+ end
+
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AllowEncodedSlashes nodecode$} }
+ end
+
+ context "when specifying default character set" do
+ let :params do
+ { :default_charset => 'none' }
+ end
+
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AddDefaultCharset none$} }
+ end
+
+ # Assert that both load files and conf files are placed and symlinked for these mods
+ [
+ 'alias',
+ 'autoindex',
+ 'dav_fs',
+ 'deflate',
+ 'dir',
+ 'mime',
+ 'negotiation',
+ 'setenvif',
+ ].each do |modname|
+ it { is_expected.to contain_file("#{modname}.load").with(
+ 'path' => "/etc/apache2/mods-available/#{modname}.load",
+ 'ensure' => 'file'
+ ) }
+ it { is_expected.to contain_file("#{modname}.load symlink").with(
+ 'path' => "/etc/apache2/mods-enabled/#{modname}.load",
+ 'ensure' => 'link',
+ 'target' => "/etc/apache2/mods-available/#{modname}.load"
+ ) }
+ it { is_expected.to contain_file("#{modname}.conf").with(
+ 'path' => "/etc/apache2/mods-available/#{modname}.conf",
+ 'ensure' => 'file'
+ ) }
+ it { is_expected.to contain_file("#{modname}.conf symlink").with(
+ 'path' => "/etc/apache2/mods-enabled/#{modname}.conf",
+ 'ensure' => 'link',
+ 'target' => "/etc/apache2/mods-available/#{modname}.conf"
+ ) }
+ end
+
+ describe "Check default type" do
+ context "with Apache version < 2.4" do
+ let :params do
+ {
+ :apache_version => '2.2',
+ }
+ end
+
+ context "when default_type => 'none'" do
+ let :params do
+ { :default_type => 'none' }
+ end
+
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^DefaultType none$} }
+ end
+ context "when default_type => 'text/plain'" do
+ let :params do
+ { :default_type => 'text/plain' }
+ end
+
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^DefaultType text/plain$} }
+ end
+ end
+
+ context "with Apache version >= 2.4" do
+ let :params do
+ {
+ :apache_version => '2.4',
+ }
+ end
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^DefaultType [.]*$} }
+ end
+ end
+
+ describe "Don't create user resource" do
+ context "when parameter manage_user is false" do
+ let :params do
+ { :manage_user => false }
+ end
+
+ it { is_expected.not_to contain_user('www-data') }
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^User www-data\n} }
+ end
+ end
+ describe "Don't create group resource" do
+ context "when parameter manage_group is false" do
+ let :params do
+ { :manage_group => false }
+ end
+
+ it { is_expected.not_to contain_group('www-data') }
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^Group www-data\n} }
+ end
+ end
+
+ describe "Add extra LogFormats" do
+ context "When parameter log_formats is a hash" do
+ let :params do
+ { :log_formats => {
+ 'vhost_common' => "%v %h %l %u %t \"%r\" %>s %b",
+ 'vhost_combined' => "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
+ } }
+ end
+
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} }
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" vhost_combined\n} }
+ end
+ end
+
+ describe "Override existing LogFormats" do
+ context "When parameter log_formats is a hash" do
+ let :params do
+ { :log_formats => {
+ 'common' => "%v %h %l %u %t \"%r\" %>s %b",
+ 'combined' => "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
+ } }
+ end
+
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" common\n} }
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^LogFormat "%h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} }
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" common\n} }
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} }
+ it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^LogFormat "%h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} }
+ end
+ end
+
+ context "on Ubuntu" do
+ let :facts do
+ super().merge({
+ :operatingsystem => 'Ubuntu'
+ })
+ end
+
+ context "13.10" do
+ let :facts do
+ super().merge({
+ :lsbdistrelease => '13.10',
+ :operatingsystemrelease => '13.10'
+ })
+ end
+ it { is_expected.to contain_class('apache').with_apache_version('2.4') }
+ end
+ context "12.04" do
+ let :facts do
+ super().merge({
+ :lsbdistrelease => '12.04',
+ :operatingsystemrelease => '12.04'
+ })
+ end
+ it { is_expected.to contain_class('apache').with_apache_version('2.2') }
+ end
+ context "13.04" do
+ let :facts do
+ super().merge({
+ :lsbdistrelease => '13.04',
+ :operatingsystemrelease => '13.04'
+ })
+ end
+ it { is_expected.to contain_class('apache').with_apache_version('2.2') }
+ end
+ end
+ end
+ context "on a RedHat 5 OS" do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '5',
+ :concat_basedir => '/dne',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_package("httpd").with(
+ 'notify' => 'Class[Apache::Service]',
+ 'ensure' => 'installed'
+ )
+ }
+ it { is_expected.to contain_user("apache") }
+ it { is_expected.to contain_group("apache") }
+ it { is_expected.to contain_class("apache::service") }
+ it { is_expected.to contain_file("/var/www/html").with(
+ 'ensure' => 'directory'
+ )
+ }
+ it { is_expected.to contain_file("/etc/httpd/conf.d").with(
+ 'ensure' => 'directory',
+ 'recurse' => 'true',
+ 'purge' => 'true',
+ 'notify' => 'Class[Apache::Service]',
+ 'require' => 'Package[httpd]'
+ )
+ }
+ it { is_expected.to contain_concat("/etc/httpd/conf/ports.conf").with(
+ 'owner' => 'root',
+ 'group' => 'root',
+ 'mode' => '0644',
+ 'notify' => 'Class[Apache::Service]'
+ )
+ }
+ describe "Alternate confd/mod/vhosts directory" do
+ let :params do
+ {
+ :vhost_dir => '/etc/httpd/site.d',
+ :confd_dir => '/etc/httpd/conf.d',
+ :mod_dir => '/etc/httpd/mod.d',
+ }
+ end
+
+ ['mod.d','site.d','conf.d'].each do |dir|
+ it { is_expected.to contain_file("/etc/httpd/#{dir}").with(
+ 'ensure' => 'directory',
+ 'recurse' => 'true',
+ 'purge' => 'true',
+ 'notify' => 'Class[Apache::Service]',
+ 'require' => 'Package[httpd]'
+ ) }
+ end
+
+ # Assert that load files are placed for these mods, but no conf file.
+ [
+ 'auth_basic',
+ 'authn_file',
+ 'authz_default',
+ 'authz_groupfile',
+ 'authz_host',
+ 'authz_user',
+ 'dav',
+ 'env',
+ ].each do |modname|
+ it { is_expected.to contain_file("#{modname}.load").with_path(
+ "/etc/httpd/mod.d/#{modname}.load"
+ ) }
+ it { is_expected.not_to contain_file("#{modname}.conf").with_path(
+ "/etc/httpd/mod.d/#{modname}.conf"
+ ) }
+ end
+
+ # Assert that both load files and conf files are placed for these mods
+ [
+ 'alias',
+ 'autoindex',
+ 'dav_fs',
+ 'deflate',
+ 'dir',
+ 'mime',
+ 'negotiation',
+ 'setenvif',
+ ].each do |modname|
+ it { is_expected.to contain_file("#{modname}.load").with_path(
+ "/etc/httpd/mod.d/#{modname}.load"
+ ) }
+ it { is_expected.to contain_file("#{modname}.conf").with_path(
+ "/etc/httpd/mod.d/#{modname}.conf"
+ ) }
+ end
+
+ context "with Apache version < 2.4" do
+ let :params do
+ { :apache_version => '2.2' }
+ end
+
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/conf\.d/\*\.conf"$} }
+ end
+
+ context "with Apache version >= 2.4" do
+ let :params do
+ {
+ :apache_version => '2.4',
+ :use_optional_includes => true
+ }
+ end
+
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} }
+ end
+
+ context "when specifying slash encoding behaviour" do
+ let :params do
+ { :allow_encoded_slashes => 'nodecode' }
+ end
+
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AllowEncodedSlashes nodecode$} }
+ end
+
+ context "when specifying default character set" do
+ let :params do
+ { :default_charset => 'none' }
+ end
+
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AddDefaultCharset none$} }
+ end
+
+ context "with Apache version < 2.4" do
+ let :params do
+ {
+ :apache_version => '2.2',
+ }
+ end
+
+ context "when default_type => 'none'" do
+ let :params do
+ { :default_type => 'none' }
+ end
+
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^DefaultType none$} }
+ end
+ context "when default_type => 'text/plain'" do
+ let :params do
+ { :default_type => 'text/plain' }
+ end
+
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^DefaultType text/plain$} }
+ end
+ end
+
+ context "with Apache version >= 2.4" do
+ let :params do
+ {
+ :apache_version => '2.4',
+ }
+ end
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^DefaultType [.]*$} }
+ end
+
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*"$} }
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} }
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} }
+ end
+
+ describe "Alternate conf directory" do
+ let :params do
+ { :conf_dir => '/opt/rh/root/etc/httpd/conf' }
+ end
+
+ it { is_expected.to contain_file("/opt/rh/root/etc/httpd/conf/httpd.conf").with(
+ 'ensure' => 'file',
+ 'notify' => 'Class[Apache::Service]',
+ 'require' => 'Package[httpd]'
+ ) }
+ end
+
+ describe "Alternate conf.d directory" do
+ let :params do
+ { :confd_dir => '/etc/httpd/special_conf.d' }
+ end
+
+ it { is_expected.to contain_file("/etc/httpd/special_conf.d").with(
+ 'ensure' => 'directory',
+ 'recurse' => 'true',
+ 'purge' => 'true',
+ 'notify' => 'Class[Apache::Service]',
+ 'require' => 'Package[httpd]'
+ ) }
+ end
+
+ describe "Alternate mpm_modules" do
+ context "when declaring mpm_module is false" do
+ let :params do
+ { :mpm_module => false }
+ end
+ it 'should not declare mpm modules' do
+ is_expected.not_to contain_class('apache::mod::event')
+ is_expected.not_to contain_class('apache::mod::itk')
+ is_expected.not_to contain_class('apache::mod::peruser')
+ is_expected.not_to contain_class('apache::mod::prefork')
+ is_expected.not_to contain_class('apache::mod::worker')
+ end
+ end
+ context "when declaring mpm_module => prefork" do
+ let :params do
+ { :mpm_module => 'prefork' }
+ end
+ it { is_expected.to contain_class('apache::mod::prefork') }
+ it { is_expected.not_to contain_class('apache::mod::event') }
+ it { is_expected.not_to contain_class('apache::mod::itk') }
+ it { is_expected.not_to contain_class('apache::mod::peruser') }
+ it { is_expected.not_to contain_class('apache::mod::worker') }
+ end
+ context "when declaring mpm_module => worker" do
+ let :params do
+ { :mpm_module => 'worker' }
+ end
+ it { is_expected.to contain_class('apache::mod::worker') }
+ it { is_expected.not_to contain_class('apache::mod::event') }
+ it { is_expected.not_to contain_class('apache::mod::itk') }
+ it { is_expected.not_to contain_class('apache::mod::peruser') }
+ it { is_expected.not_to contain_class('apache::mod::prefork') }
+ end
+ context "when declaring mpm_module => breakme" do
+ let :params do
+ { :mpm_module => 'breakme' }
+ end
+ it { expect { catalogue }.to raise_error Puppet::Error, /does not match/ }
+ end
+ end
+
+ describe "different templates for httpd.conf" do
+ context "with default" do
+ let :params do
+ { :conf_template => 'apache/httpd.conf.erb' }
+ end
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^# Security\n} }
+ end
+ context "with non-default" do
+ let :params do
+ { :conf_template => 'site_apache/fake.conf.erb' }
+ end
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Fake template for rspec.$} }
+ end
+ end
+
+ describe "default mods" do
+ context "without" do
+ let :params do
+ { :default_mods => false }
+ end
+
+ it { is_expected.to contain_apache__mod('authz_host') }
+ it { is_expected.not_to contain_apache__mod('env') }
+ end
+ context "custom" do
+ let :params do
+ { :default_mods => [
+ 'info',
+ 'alias',
+ 'mime',
+ 'env',
+ 'setenv',
+ 'expires',
+ ]}
+ end
+
+ it { is_expected.to contain_apache__mod('authz_host') }
+ it { is_expected.to contain_apache__mod('env') }
+ it { is_expected.to contain_class('apache::mod::info') }
+ it { is_expected.to contain_class('apache::mod::mime') }
+ end
+ end
+ describe "Don't create user resource" do
+ context "when parameter manage_user is false" do
+ let :params do
+ { :manage_user => false }
+ end
+
+ it { is_expected.not_to contain_user('apache') }
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^User apache\n} }
+ end
+ end
+ describe "Don't create group resource" do
+ context "when parameter manage_group is false" do
+ let :params do
+ { :manage_group => false }
+ end
+
+ it { is_expected.not_to contain_group('apache') }
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Group apache\n} }
+
+ end
+ end
+ describe "sendfile" do
+ context "with invalid value" do
+ let :params do
+ { :sendfile => 'foo' }
+ end
+ it "should fail" do
+ expect do
+ catalogue
+ end.to raise_error(Puppet::Error, /"foo" does not match/)
+ end
+ end
+ context "On" do
+ let :params do
+ { :sendfile => 'On' }
+ end
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile On\n} }
+ end
+ context "Off" do
+ let :params do
+ { :sendfile => 'Off' }
+ end
+ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile Off\n} }
+ end
+ end
+ context "on Fedora" do
+ let :facts do
+ super().merge({
+ :operatingsystem => 'Fedora'
+ })
+ end
+
+ context "21" do
+ let :facts do
+ super().merge({
+ :lsbdistrelease => '21',
+ :operatingsystemrelease => '21'
+ })
+ end
+ it { is_expected.to contain_class('apache').with_apache_version('2.4') }
+ end
+ context "Rawhide" do
+ let :facts do
+ super().merge({
+ :lsbdistrelease => 'Rawhide',
+ :operatingsystemrelease => 'Rawhide'
+ })
+ end
+ it { is_expected.to contain_class('apache').with_apache_version('2.4') }
+ end
+ # kinda obsolete
+ context "17" do
+ let :facts do
+ super().merge({
+ :lsbdistrelease => '17',
+ :operatingsystemrelease => '17'
+ })
+ end
+ it { is_expected.to contain_class('apache').with_apache_version('2.2') }
+ end
+ end
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :osfamily => 'FreeBSD',
+ :operatingsystem => 'FreeBSD',
+ :operatingsystemrelease => '10',
+ :concat_basedir => '/dne',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_class("apache::package").with({'ensure' => 'present'}) }
+ it { is_expected.to contain_user("www") }
+ it { is_expected.to contain_group("www") }
+ it { is_expected.to contain_class("apache::service") }
+ it { is_expected.to contain_file("/usr/local/www/apache24/data").with(
+ 'ensure' => 'directory'
+ )
+ }
+ it { is_expected.to contain_file("/usr/local/etc/apache24/Vhosts").with(
+ 'ensure' => 'directory',
+ 'recurse' => 'true',
+ 'purge' => 'true',
+ 'notify' => 'Class[Apache::Service]',
+ 'require' => 'Package[httpd]'
+ ) }
+ it { is_expected.to contain_file("/usr/local/etc/apache24/Modules").with(
+ 'ensure' => 'directory',
+ 'recurse' => 'true',
+ 'purge' => 'true',
+ 'notify' => 'Class[Apache::Service]',
+ 'require' => 'Package[httpd]'
+ ) }
+ it { is_expected.to contain_concat("/usr/local/etc/apache24/ports.conf").with(
+ 'owner' => 'root',
+ 'group' => 'wheel',
+ 'mode' => '0644',
+ 'notify' => 'Class[Apache::Service]'
+ ) }
+ # Assert that load files are placed for these mods, but no conf file.
+ [
+ 'auth_basic',
+ 'authn_core',
+ 'authn_file',
+ 'authz_groupfile',
+ 'authz_host',
+ 'authz_user',
+ 'dav',
+ 'env'
+ ].each do |modname|
+ it { is_expected.to contain_file("#{modname}.load").with(
+ 'path' => "/usr/local/etc/apache24/Modules/#{modname}.load",
+ 'ensure' => 'file'
+ ) }
+ it { is_expected.not_to contain_file("#{modname}.conf") }
+ end
+
+ # Assert that both load files and conf files are placed for these mods
+ [
+ 'alias',
+ 'autoindex',
+ 'dav_fs',
+ 'deflate',
+ 'dir',
+ 'mime',
+ 'negotiation',
+ 'setenvif',
+ ].each do |modname|
+ it { is_expected.to contain_file("#{modname}.load").with(
+ 'path' => "/usr/local/etc/apache24/Modules/#{modname}.load",
+ 'ensure' => 'file'
+ ) }
+ it { is_expected.to contain_file("#{modname}.conf").with(
+ 'path' => "/usr/local/etc/apache24/Modules/#{modname}.conf",
+ 'ensure' => 'file'
+ ) }
+ end
+ end
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_user("apache") }
+ it { is_expected.to contain_group("apache") }
+ it { is_expected.to contain_class("apache::service") }
+ it { is_expected.to contain_file("/var/www/localhost/htdocs").with(
+ 'ensure' => 'directory'
+ )
+ }
+ it { is_expected.to contain_file("/etc/apache2/vhosts.d").with(
+ 'ensure' => 'directory',
+ 'recurse' => 'true',
+ 'purge' => 'true',
+ 'notify' => 'Class[Apache::Service]',
+ 'require' => 'Package[httpd]'
+ ) }
+ it { is_expected.to contain_file("/etc/apache2/modules.d").with(
+ 'ensure' => 'directory',
+ 'recurse' => 'true',
+ 'purge' => 'true',
+ 'notify' => 'Class[Apache::Service]',
+ 'require' => 'Package[httpd]'
+ ) }
+ it { is_expected.to contain_concat("/etc/apache2/ports.conf").with(
+ 'owner' => 'root',
+ 'group' => 'wheel',
+ 'mode' => '0644',
+ 'notify' => 'Class[Apache::Service]'
+ ) }
+ end
+ context 'on all OSes' do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ context 'with a custom apache_name parameter' do
+ let :params do {
+ :apache_name => 'httpd24-httpd'
+ }
+ end
+ it { is_expected.to contain_package("httpd").with(
+ 'notify' => 'Class[Apache::Service]',
+ 'ensure' => 'installed',
+ 'name' => 'httpd24-httpd'
+ )
+ }
+ end
+ context 'default vhost defaults' do
+ it { is_expected.to contain_apache__vhost('default').with_ensure('present') }
+ it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('absent') }
+ end
+ context 'without default non-ssl vhost' do
+ let :params do {
+ :default_vhost => false
+ }
+ end
+ it { is_expected.to contain_apache__vhost('default').with_ensure('absent') }
+ it { is_expected.not_to contain_file('/var/www/html') }
+ end
+ context 'with default ssl vhost' do
+ let :params do {
+ :default_ssl_vhost => true
+ }
+ end
+ it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('present') }
+ it { is_expected.to contain_file('/var/www/html') }
+ end
+ end
+ context 'with unsupported osfamily' do
+ let :facts do
+ { :osfamily => 'Darwin',
+ :operatingsystemrelease => '13.1.0',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+
+ it do
+ expect {
+ catalogue
+ }.to raise_error(Puppet::Error, /Unsupported osfamily/)
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::dev', :type => :class do
+ let(:pre_condition) {[
+ 'include apache'
+ ]}
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :lsbdistcodename => 'squeeze',
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6',
+ :is_pe => false,
+ :concat_basedir => '/foo',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin',
+ :kernel => 'Linux'
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_package("libaprutil1-dev") }
+ it { is_expected.to contain_package("libapr1-dev") }
+ it { is_expected.to contain_package("apache2-prefork-dev") }
+ end
+ context "on an Ubuntu 14 OS" do
+ let :facts do
+ {
+ :lsbdistrelease => '14.04',
+ :lsbdistcodename => 'trusty',
+ :osfamily => 'Debian',
+ :operatingsystem => 'Ubuntu',
+ :operatingsystemrelease => '14.04',
+ :is_pe => false,
+ :concat_basedir => '/foo',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin',
+ :kernel => 'Linux'
+ }
+ end
+ it { is_expected.to contain_package("apache2-dev") }
+ end
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '6',
+ :is_pe => false,
+ :concat_basedir => '/foo',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin',
+ :kernel => 'Linux'
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_package("httpd-devel") }
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystem => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :is_pe => false,
+ :concat_basedir => '/foo',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin',
+ :kernel => 'FreeBSD'
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ end
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ :concat_basedir => '/foo',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin',
+ :kernel => 'Linux'
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::alias', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+ context "on a Debian OS", :compile do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :lsbdistcodename => 'squeeze',
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_apache__mod("alias") }
+ it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/apache2\/icons\/"/) }
+ end
+ context "on a RedHat 6-based OS", :compile do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '6',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_apache__mod("alias") }
+ it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/var\/www\/icons\/"/) }
+ end
+ context "on a RedHat 7-based OS", :compile do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '7',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_apache__mod("alias") }
+ it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/httpd\/icons\/"/) }
+ end
+ context "with icons options", :compile do
+ let :pre_condition do
+ 'class { apache: default_mods => false }'
+ end
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '7',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ let :params do
+ {
+ 'icons_options' => 'foo'
+ }
+ end
+ it { is_expected.to contain_apache__mod("alias") }
+ it { is_expected.to contain_file("alias.conf").with(:content => /Options foo/) }
+ end
+ context "on a FreeBSD OS", :compile do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :osfamily => 'FreeBSD',
+ :operatingsystem => 'FreeBSD',
+ :operatingsystemrelease => '10',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_apache__mod("alias") }
+ it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/local\/www\/apache24\/icons\/"/) }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::auth_cas', :type => :class do
+ let :params do
+ {
+ :cas_login_url => 'https://cas.example.com/login',
+ :cas_validate_url => 'https://cas.example.com/validate',
+ }
+ end
+
+ let :pre_condition do
+ 'include ::apache'
+ end
+
+ context "on a Debian OS", :compile do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :lsbdistcodename => 'squeeze',
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod("auth_cas") }
+ it { is_expected.to contain_package("libapache2-mod-auth-cas") }
+ it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/apache2/mods-available/auth_cas.conf') }
+ it { is_expected.to contain_file("/var/cache/apache2/mod_auth_cas/").with_owner('www-data') }
+ end
+ context "on a RedHat OS", :compile do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '6',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod("auth_cas") }
+ it { is_expected.to contain_package("mod_auth_cas") }
+ it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/httpd/conf.d/auth_cas.conf') }
+ it { is_expected.to contain_file("/var/cache/mod_auth_cas/").with_owner('apache') }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::auth_kerb', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+ context "on a Debian OS", :compile do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :lsbdistcodename => 'squeeze',
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod("auth_kerb") }
+ it { is_expected.to contain_package("libapache2-mod-auth-kerb") }
+ end
+ context "on a RedHat OS", :compile do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '6',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod("auth_kerb") }
+ it { is_expected.to contain_package("mod_auth_kerb") }
+ end
+ context "on a FreeBSD OS", :compile do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :osfamily => 'FreeBSD',
+ :operatingsystem => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod("auth_kerb") }
+ it { is_expected.to contain_package("www/mod_auth_kerb2") }
+ end
+ context "on a Gentoo OS", :compile do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod("auth_kerb") }
+ it { is_expected.to contain_package("www-apache/mod_auth_kerb") }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::authnz_ldap', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :lsbdistcodename => 'squeeze',
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :operatingsystem => 'Debian',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_class("apache::mod::ldap") }
+ it { is_expected.to contain_apache__mod('authnz_ldap') }
+
+ context 'default verifyServerCert' do
+ it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) }
+ end
+
+ context 'verifyServerCert = false' do
+ let(:params) { { :verifyServerCert => false } }
+ it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) }
+ end
+
+ context 'verifyServerCert = wrong' do
+ let(:params) { { :verifyServerCert => 'wrong' } }
+ it 'should raise an error' do
+ expect { is_expected.to raise_error Puppet::Error }
+ end
+ end
+ end #Debian
+
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :operatingsystem => 'RedHat',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_class("apache::mod::ldap") }
+ it { is_expected.to contain_apache__mod('authnz_ldap') }
+
+ context 'default verifyServerCert' do
+ it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) }
+ end
+
+ context 'verifyServerCert = false' do
+ let(:params) { { :verifyServerCert => false } }
+ it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) }
+ end
+
+ context 'verifyServerCert = wrong' do
+ let(:params) { { :verifyServerCert => 'wrong' } }
+ it 'should raise an error' do
+ expect { is_expected.to raise_error Puppet::Error }
+ end
+ end
+ end # Redhat
+
+end
+
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::dav_svn', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :lsbdistcodename => 'squeeze',
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :operatingsystemmajrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('dav_svn') }
+ it { is_expected.to contain_package("libapache2-svn") }
+ end
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :operatingsystemmajrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('dav_svn') }
+ it { is_expected.to contain_package("mod_dav_svn") }
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :operatingsystemmajrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('dav_svn') }
+ it { is_expected.to contain_package("devel/subversion") }
+ end
+ context "on a Gentoo OS", :compile do
+ let :facts do
+ {
+ :id => 'root',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :kernel => 'Linux',
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('dav_svn') }
+ it { is_expected.to contain_package("dev-vcs/subversion") }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+# This function is called inside the OS specific contexts
+def general_deflate_specs
+ it { is_expected.to contain_apache__mod("deflate") }
+
+ it do
+ is_expected.to contain_file("deflate.conf").with_content(
+ "AddOutputFilterByType DEFLATE text/css\n"\
+ "AddOutputFilterByType DEFLATE text/html\n"\
+ "\n"\
+ "DeflateFilterNote Input instream\n"\
+ "DeflateFilterNote Ratio ratio\n"
+ )
+ end
+end
+
+describe 'apache::mod::deflate', :type => :class do
+ let :pre_condition do
+ 'class { "apache":
+ default_mods => false,
+ }
+ class { "apache::mod::deflate":
+ types => [ "text/html", "text/css" ],
+ notes => {
+ "Input" => "instream",
+ "Ratio" => "ratio",
+ }
+ }
+ '
+ end
+
+ context "On a Debian OS with default params" do
+ let :facts do
+ {
+ :id => 'root',
+ :lsbdistcodename => 'squeeze',
+ :kernel => 'Linux',
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+
+ # Load the more generic tests for this context
+ general_deflate_specs()
+
+ it { is_expected.to contain_file("deflate.conf").with({
+ :ensure => 'file',
+ :path => '/etc/apache2/mods-available/deflate.conf',
+ } ) }
+ it { is_expected.to contain_file("deflate.conf symlink").with({
+ :ensure => 'link',
+ :path => '/etc/apache2/mods-enabled/deflate.conf',
+ } ) }
+ end
+
+ context "on a RedHat OS with default params" do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '6',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+
+ # Load the more generic tests for this context
+ general_deflate_specs()
+
+ it { is_expected.to contain_file("deflate.conf").with_path("/etc/httpd/conf.d/deflate.conf") }
+ end
+
+ context "On a FreeBSD OS with default params" do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :osfamily => 'FreeBSD',
+ :operatingsystem => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+
+ # Load the more generic tests for this context
+ general_deflate_specs()
+
+ it { is_expected.to contain_file("deflate.conf").with({
+ :ensure => 'file',
+ :path => '/usr/local/etc/apache24/Modules/deflate.conf',
+ } ) }
+ end
+
+ context "On a Gentoo OS with default params" do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+
+ # Load the more generic tests for this context
+ general_deflate_specs()
+
+ it { is_expected.to contain_file("deflate.conf").with({
+ :ensure => 'file',
+ :path => '/etc/apache2/modules.d/deflate.conf',
+ } ) }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::dev', :type => :class do
+ let(:pre_condition) {[
+ 'include apache'
+ ]}
+ [
+ ['RedHat', '6', 'Santiago', 'Linux'],
+ ['Debian', '6', 'squeeze', 'Linux'],
+ ['FreeBSD', '9', 'FreeBSD', 'FreeBSD'],
+ ].each do |osfamily, operatingsystemrelease, lsbdistcodename, kernel|
+ context "on a #{osfamily} OS" do
+ let :facts do
+ {
+ :lsbdistcodename => lsbdistcodename,
+ :osfamily => osfamily,
+ :operatingsystem => osfamily,
+ :operatingsystemrelease => operatingsystemrelease,
+ :is_pe => false,
+ :concat_basedir => '/foo',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin',
+ :kernel => kernel
+ }
+ end
+ it { is_expected.to contain_class('apache::dev') }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::dir', :type => :class do
+ let :pre_condition do
+ 'class { "apache":
+ default_mods => false,
+ }'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :lsbdistcodename => 'squeeze',
+ :is_pe => false,
+ }
+ end
+ context "passing no parameters" do
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('dir') }
+ it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) }
+ end
+ context "passing indexes => ['example.txt','fearsome.aspx']" do
+ let :params do
+ {:indexes => ['example.txt','fearsome.aspx']}
+ end
+ it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) }
+ end
+ end
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'Redhat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ context "passing no parameters" do
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('dir') }
+ it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) }
+ end
+ context "passing indexes => ['example.txt','fearsome.aspx']" do
+ let :params do
+ {:indexes => ['example.txt','fearsome.aspx']}
+ end
+ it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) }
+ end
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ context "passing no parameters" do
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('dir') }
+ it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) }
+ end
+ context "passing indexes => ['example.txt','fearsome.aspx']" do
+ let :params do
+ {:indexes => ['example.txt','fearsome.aspx']}
+ end
+ it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) }
+ end
+ end
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ context "passing no parameters" do
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('dir') }
+ it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) }
+ end
+ context "passing indexes => ['example.txt','fearsome.aspx']" do
+ let :params do
+ {:indexes => ['example.txt','fearsome.aspx']}
+ end
+ it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) }
+ it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::event', :type => :class do
+ let :pre_condition do
+ 'class { "apache": mpm_module => false, }'
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('event') }
+ it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/event.conf").with_ensure('file') }
+ end
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('event') }
+ it { is_expected.to contain_file("/etc/apache2/modules.d/event.conf").with_ensure('file') }
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :lsbdistcodename => 'squeeze',
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('event') }
+ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file') }
+ it { is_expected.to contain_file("/etc/apache2/mods-enabled/event.conf").with_ensure('link') }
+
+ context "Test mpm_event params" do
+ let :params do
+ {
+ :serverlimit => '0',
+ :startservers => '1',
+ :maxclients => '2',
+ :minsparethreads => '3',
+ :maxsparethreads => '4',
+ :threadsperchild => '5',
+ :maxrequestsperchild => '6',
+ :threadlimit => '7',
+ :listenbacklog => '8',
+ :maxrequestworkers => '9',
+ :maxconnectionsperchild => '10',
+ }
+ end
+
+ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ServerLimit\s*0/) }
+ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*StartServers\s*1/) }
+ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxClients\s*2/) }
+ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MinSpareThreads\s*3/) }
+ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxSpareThreads\s*4/) }
+ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadsPerChild\s*5/) }
+ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestsPerChild\s*6/) }
+ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadLimit\s*7/) }
+ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ListenBacklog\s*8/) }
+ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestWorkers\s*9/) }
+ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxConnectionsPerChild\s*10/) }
+ end
+
+ context "with Apache version < 2.4" do
+ let :params do
+ {
+ :apache_version => '2.2',
+ }
+ end
+
+ it { is_expected.not_to contain_file("/etc/apache2/mods-available/event.load") }
+ it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/event.load") }
+
+ it { is_expected.to contain_package("apache2-mpm-event") }
+ end
+
+ context "with Apache version >= 2.4" do
+ let :params do
+ {
+ :apache_version => '2.4',
+ }
+ end
+
+ it { is_expected.to contain_file("/etc/apache2/mods-available/event.load").with({
+ 'ensure' => 'file',
+ 'content' => "LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so\n"
+ })
+ }
+ it { is_expected.to contain_file("/etc/apache2/mods-enabled/event.load").with_ensure('link') }
+ end
+ end
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ context "with Apache version >= 2.4" do
+ let :params do
+ {
+ :apache_version => '2.4',
+ }
+ end
+
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('worker') }
+ it { is_expected.not_to contain_apache__mod('prefork') }
+
+ it { is_expected.to contain_file("/etc/httpd/conf.d/event.conf").with_ensure('file') }
+
+ it { is_expected.to contain_file("/etc/httpd/conf.d/event.load").with({
+ 'ensure' => 'file',
+ 'content' => "LoadModule mpm_event_module modules/mod_mpm_event.so\n",
+ })
+ }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::expires', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+ context "with expires active", :compile do
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :lsbdistcodename => 'squeeze',
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_apache__mod("expires") }
+ it { is_expected.to contain_file("expires.conf").with(:content => /ExpiresActive On\n/) }
+ end
+ context "with expires default", :compile do
+ let :pre_condition do
+ 'class { apache: default_mods => false }'
+ end
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '7',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ let :params do
+ {
+ 'expires_default' => 'access plus 1 month'
+ }
+ end
+ it { is_expected.to contain_apache__mod("expires") }
+ it { is_expected.to contain_file("expires.conf").with_content(
+ "ExpiresActive On\n" \
+ "ExpiresDefault \"access plus 1 month\"\n"
+ )
+ }
+ end
+ context "with expires by type", :compile do
+ let :pre_condition do
+ 'class { apache: default_mods => false }'
+ end
+ let :facts do
+ {
+ :id => 'root',
+ :kernel => 'Linux',
+ :osfamily => 'RedHat',
+ :operatingsystem => 'RedHat',
+ :operatingsystemrelease => '7',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :concat_basedir => '/dne',
+ :is_pe => false,
+ }
+ end
+ let :params do
+ {
+ 'expires_by_type' => [
+ { 'text/json' => 'mod plus 1 day' },
+ { 'text/html' => 'access plus 1 year' },
+ ]
+ }
+ end
+ it { is_expected.to contain_apache__mod("expires") }
+ it { is_expected.to contain_file("expires.conf").with_content(
+ "ExpiresActive On\n" \
+ "ExpiresByType text/json \"mod plus 1 day\"\n" \
+ "ExpiresByType text/html \"access plus 1 year\"\n"
+ )
+ }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::fastcgi', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('fastcgi') }
+ it { is_expected.to contain_package("libapache2-mod-fastcgi") }
+ it { is_expected.to contain_file('fastcgi.conf') }
+ end
+
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('fastcgi') }
+ it { is_expected.to contain_package("mod_fastcgi") }
+ it { is_expected.not_to contain_file('fastcgi.conf') }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::fcgid', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :operatingsystemmajrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('fcgid') }
+ it { is_expected.to contain_package("libapache2-mod-fcgid") }
+ end
+
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :operatingsystemmajrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ describe 'without parameters' do
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('fcgid') }
+ it { is_expected.to contain_package("mod_fcgid") }
+ end
+
+ describe 'with parameters' do
+ let :params do {
+ :options => {
+ 'FcgidIPCDir' => '/var/run/fcgidsock',
+ 'SharememPath' => '/var/run/fcgid_shm',
+ 'FcgidMinProcessesPerClass' => '0',
+ 'AddHandler' => 'fcgid-script .fcgi',
+ }
+ } end
+
+ it 'should contain the correct config' do
+ content = catalogue.resource('file', 'fcgid.conf').send(:parameters)[:content]
+ expect(content.split("\n").reject { |c| c =~ /(^#|^$)/ }).to eq([
+ '<IfModule mod_fcgid.c>',
+ ' AddHandler fcgid-script .fcgi',
+ ' FcgidIPCDir /var/run/fcgidsock',
+ ' FcgidMinProcessesPerClass 0',
+ ' SharememPath /var/run/fcgid_shm',
+ '</IfModule>',
+ ])
+ end
+ end
+ end
+
+ context "on RHEL7" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '7',
+ :operatingsystemmajrelease => '7',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ describe 'without parameters' do
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('fcgid').with({
+ 'loadfile_name' => 'unixd_fcgid.load'
+ })
+ }
+ it { is_expected.to contain_package("mod_fcgid") }
+ end
+ end
+
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :operatingsystemmajrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('fcgid') }
+ it { is_expected.to contain_package("www/mod_fcgid") }
+ end
+
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('fcgid') }
+ it { is_expected.to contain_package("www-apache/mod_fcgid") }
+ end
+end
--- /dev/null
+# This function is called inside the OS specific contexts
+def general_info_specs_22
+ it { is_expected.to contain_apache__mod('info') }
+
+ context 'passing no parameters' do
+ it {
+ is_expected.to contain_file('info.conf').with_content(
+ "<Location /server-info>\n"\
+ " SetHandler server-info\n"\
+ " Order deny,allow\n"\
+ " Deny from all\n"\
+ " Allow from 127.0.0.1\n"\
+ " Allow from ::1\n"\
+ "</Location>\n"
+ )
+ }
+ end
+ context 'passing restrict_access => false' do
+ let :params do {
+ :restrict_access => false
+ }
+ end
+ it {
+ is_expected.to contain_file('info.conf').with_content(
+ "<Location /server-info>\n"\
+ " SetHandler server-info\n"\
+ "</Location>\n"
+ )
+ }
+ end
+ context "passing allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']" do
+ let :params do
+ {:allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']}
+ end
+ it {
+ is_expected.to contain_file('info.conf').with_content(
+ "<Location /server-info>\n"\
+ " SetHandler server-info\n"\
+ " Order deny,allow\n"\
+ " Deny from all\n"\
+ " Allow from 10.10.1.2\n"\
+ " Allow from 192.168.1.2\n"\
+ " Allow from 127.0.0.1\n"\
+ "</Location>\n"
+ )
+ }
+ end
+ context 'passing both restrict_access and allow_from' do
+ let :params do
+ {
+ :restrict_access => false,
+ :allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']
+ }
+ end
+ it {
+ is_expected.to contain_file('info.conf').with_content(
+ "<Location /server-info>\n"\
+ " SetHandler server-info\n"\
+ "</Location>\n"
+ )
+ }
+ end
+end
+
+def general_info_specs_24
+ it { is_expected.to contain_apache__mod('info') }
+
+ context 'passing no parameters' do
+ it {
+ is_expected.to contain_file('info.conf').with_content(
+ "<Location /server-info>\n"\
+ " SetHandler server-info\n"\
+ " Require ip 127.0.0.1 ::1\n"\
+ "</Location>\n"
+ )
+ }
+ end
+ context 'passing restrict_access => false' do
+ let :params do {
+ :restrict_access => false
+ }
+ end
+ it {
+ is_expected.to contain_file('info.conf').with_content(
+ "<Location /server-info>\n"\
+ " SetHandler server-info\n"\
+ "</Location>\n"
+ )
+ }
+ end
+ context "passing allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']" do
+ let :params do
+ {:allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']}
+ end
+ it {
+ is_expected.to contain_file('info.conf').with_content(
+ "<Location /server-info>\n"\
+ " SetHandler server-info\n"\
+ " Require ip 10.10.1.2 192.168.1.2 127.0.0.1\n"\
+ "</Location>\n"
+ )
+ }
+ end
+ context 'passing both restrict_access and allow_from' do
+ let :params do
+ {
+ :restrict_access => false,
+ :allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']
+ }
+ end
+ it {
+ is_expected.to contain_file('info.conf').with_content(
+ "<Location /server-info>\n"\
+ " SetHandler server-info\n"\
+ "</Location>\n"
+ )
+ }
+ end
+end
+
+describe 'apache::mod::info', :type => :class do
+ let :pre_condition do
+ "class { 'apache': default_mods => false, }"
+ end
+
+ context 'On a Debian OS' do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ # Load the more generic tests for this context
+ general_info_specs_22()
+
+ it { is_expected.to contain_file('info.conf').with({
+ :ensure => 'file',
+ :path => '/etc/apache2/mods-available/info.conf',
+ } ) }
+ it { is_expected.to contain_file('info.conf symlink').with({
+ :ensure => 'link',
+ :path => '/etc/apache2/mods-enabled/info.conf',
+ } ) }
+ end
+
+ context 'on a RedHat OS' do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ # Load the more generic tests for this context
+ general_info_specs_22()
+
+ it { is_expected.to contain_file('info.conf').with({
+ :ensure => 'file',
+ :path => '/etc/httpd/conf.d/info.conf',
+ } ) }
+ end
+
+ context 'on a FreeBSD OS' do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '10',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ # Load the more generic tests for this context
+ general_info_specs_24()
+
+ it { is_expected.to contain_file('info.conf').with({
+ :ensure => 'file',
+ :path => '/usr/local/etc/apache24/Modules/info.conf',
+ } ) }
+ end
+
+ context 'on a Gentoo OS' do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+
+ # Load the more generic tests for this context
+ general_info_specs_24()
+
+ it { is_expected.to contain_file('info.conf').with({
+ :ensure => 'file',
+ :path => '/etc/apache2/modules.d/info.conf',
+ } ) }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::itk', :type => :class do
+ let :pre_condition do
+ 'class { "apache": mpm_module => false, }'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('itk') }
+ it { is_expected.to contain_file("/etc/apache2/mods-available/itk.conf").with_ensure('file') }
+ it { is_expected.to contain_file("/etc/apache2/mods-enabled/itk.conf").with_ensure('link') }
+
+ context "with Apache version < 2.4" do
+ let :params do
+ {
+ :apache_version => '2.2',
+ }
+ end
+
+ it { is_expected.not_to contain_file("/etc/apache2/mods-available/itk.load") }
+ it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/itk.load") }
+
+ it { is_expected.to contain_package("apache2-mpm-itk") }
+ end
+
+ context "with Apache version >= 2.4" do
+ let :params do
+ {
+ :apache_version => '2.4',
+ }
+ end
+
+ it { is_expected.to contain_file("/etc/apache2/mods-available/itk.load").with({
+ 'ensure' => 'file',
+ 'content' => "LoadModule mpm_itk_module /usr/lib/apache2/modules/mod_mpm_itk.so\n"
+ })
+ }
+ it { is_expected.to contain_file("/etc/apache2/mods-enabled/itk.load").with_ensure('link') }
+ end
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '10',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ :mpm_module => 'itk',
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('itk') }
+ it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/itk.conf").with_ensure('file') }
+ it { is_expected.to contain_package("www/mod_mpm_itk") }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+# This function is called inside the OS specific contexts
+def general_mime_magic_specs
+ it { is_expected.to contain_apache__mod("mime_magic") }
+end
+
+describe 'apache::mod::mime_magic', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+
+ context "On a Debian OS with default params" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ general_mime_magic_specs()
+
+ it do
+ is_expected.to contain_file("mime_magic.conf").with_content(
+ "MIMEMagicFile \"/etc/apache2/magic\"\n"
+ )
+ end
+
+ it { is_expected.to contain_file("mime_magic.conf").with({
+ :ensure => 'file',
+ :path => '/etc/apache2/mods-available/mime_magic.conf',
+ } ) }
+ it { is_expected.to contain_file("mime_magic.conf symlink").with({
+ :ensure => 'link',
+ :path => '/etc/apache2/mods-enabled/mime_magic.conf',
+ } ) }
+
+ context "with magic_file => /tmp/Debian_magic" do
+ let :params do
+ { :magic_file => "/tmp/Debian_magic" }
+ end
+
+ it do
+ is_expected.to contain_file("mime_magic.conf").with_content(
+ "MIMEMagicFile \"/tmp/Debian_magic\"\n"
+ )
+ end
+ end
+
+ end
+
+ context "on a RedHat OS with default params" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ general_mime_magic_specs()
+
+ it do
+ is_expected.to contain_file("mime_magic.conf").with_content(
+ "MIMEMagicFile \"/etc/httpd/conf/magic\"\n"
+ )
+ end
+
+ it { is_expected.to contain_file("mime_magic.conf").with_path("/etc/httpd/conf.d/mime_magic.conf") }
+
+ end
+
+ context "with magic_file => /tmp/magic" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ let :params do
+ { :magic_file => "/tmp/magic" }
+ end
+
+ it do
+ is_expected.to contain_file("mime_magic.conf").with_content(
+ "MIMEMagicFile \"/tmp/magic\"\n"
+ )
+ end
+ end
+
+
+end
--- /dev/null
+require 'spec_helper'
+
+# This function is called inside the OS specific conte, :compilexts
+def general_mime_specs
+ it { is_expected.to contain_apache__mod("mime") }
+end
+
+describe 'apache::mod::mime', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+
+ context "On a Debian OS with default params", :compile do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ general_mime_specs()
+
+ it { is_expected.to contain_file("mime.conf").with_path('/etc/apache2/mods-available/mime.conf') }
+
+ end
+
+ context "on a RedHat OS with default params", :compile do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ general_mime_specs()
+
+ it { is_expected.to contain_file("mime.conf").with_path("/etc/httpd/conf.d/mime.conf") }
+
+ end
+
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::negotiation', :type => :class do
+ describe "OS independent tests" do
+
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :kernel => 'Linux',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ context "default params" do
+ let :pre_condition do
+ 'class {"::apache": }'
+ end
+ it { should contain_class("apache") }
+ it do
+ should contain_file('negotiation.conf').with( {
+ :ensure => 'file',
+ :content => 'LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
+ForceLanguagePriority Prefer Fallback
+',
+ } )
+ end
+ end
+
+ context 'with force_language_priority parameter' do
+ let :pre_condition do
+ 'class {"::apache": default_mods => ["negotiation"]}'
+ end
+ let :params do
+ { :force_language_priority => 'Prefer' }
+ end
+ it do
+ should contain_file('negotiation.conf').with( {
+ :ensure => 'file',
+ :content => /^ForceLanguagePriority Prefer$/,
+ } )
+ end
+ end
+
+ context 'with language_priority parameter' do
+ let :pre_condition do
+ 'class {"::apache": default_mods => ["negotiation"]}'
+ end
+ let :params do
+ { :language_priority => [ 'en', 'es' ] }
+ end
+ it do
+ should contain_file('negotiation.conf').with( {
+ :ensure => 'file',
+ :content => /^LanguagePriority en es$/,
+ } )
+ end
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::pagespeed', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('pagespeed') }
+ it { is_expected.to contain_package("mod-pagespeed-stable") }
+ it { is_expected.to contain_file('pagespeed.conf') }
+ end
+
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('pagespeed') }
+ it { is_expected.to contain_package("mod-pagespeed-stable") }
+ it { is_expected.to contain_file('pagespeed.conf') }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::passenger', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :kernel => 'Linux',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('passenger') }
+ it { is_expected.to contain_package("libapache2-mod-passenger") }
+ it { is_expected.to contain_file('zpassenger.load').with({
+ 'path' => '/etc/apache2/mods-available/zpassenger.load',
+ }) }
+ it { is_expected.to contain_file('passenger.conf').with({
+ 'path' => '/etc/apache2/mods-available/passenger.conf',
+ }) }
+ describe "with passenger_root => '/usr/lib/example'" do
+ let :params do
+ { :passenger_root => '/usr/lib/example' }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/example"}) }
+ end
+ describe "with passenger_ruby => /usr/lib/example/ruby" do
+ let :params do
+ { :passenger_ruby => '/usr/lib/example/ruby' }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby"}) }
+ end
+ describe "with passenger_default_ruby => /usr/lib/example/ruby1.9.3" do
+ let :params do
+ { :passenger_ruby => '/usr/lib/example/ruby1.9.3' }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby1.9.3"}) }
+ end
+ describe "with passenger_high_performance => on" do
+ let :params do
+ { :passenger_high_performance => 'on' }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerHighPerformance on$/) }
+ end
+ describe "with passenger_pool_idle_time => 1200" do
+ let :params do
+ { :passenger_pool_idle_time => 1200 }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerPoolIdleTime 1200$/) }
+ end
+ describe "with passenger_max_requests => 20" do
+ let :params do
+ { :passenger_max_requests => 20 }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMaxRequests 20$/) }
+ end
+ describe "with passenger_stat_throttle_rate => 10" do
+ let :params do
+ { :passenger_stat_throttle_rate => 10 }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerStatThrottleRate 10$/) }
+ end
+ describe "with passenger_max_pool_size => 16" do
+ let :params do
+ { :passenger_max_pool_size => 16 }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMaxPoolSize 16$/) }
+ end
+ describe "with passenger_min_instances => 5" do
+ let :params do
+ { :passenger_min_instances => 5 }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMinInstances 5$/) }
+ end
+ describe "with rack_autodetect => on" do
+ let :params do
+ { :rack_autodetect => 'on' }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(/^ RackAutoDetect on$/) }
+ end
+ describe "with rails_autodetect => on" do
+ let :params do
+ { :rails_autodetect => 'on' }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(/^ RailsAutoDetect on$/) }
+ end
+ describe "with passenger_use_global_queue => on" do
+ let :params do
+ { :passenger_use_global_queue => 'on' }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerUseGlobalQueue on$/) }
+ end
+ describe "with passenger_app_env => 'foo'" do
+ let :params do
+ { :passenger_app_env => 'foo' }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerAppEnv foo$/) }
+ end
+ describe "with mod_path => '/usr/lib/foo/mod_foo.so'" do
+ let :params do
+ { :mod_path => '/usr/lib/foo/mod_foo.so' }
+ end
+ it { is_expected.to contain_file('zpassenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_foo\.so$/) }
+ end
+ describe "with mod_lib_path => '/usr/lib/foo'" do
+ let :params do
+ { :mod_lib_path => '/usr/lib/foo' }
+ end
+ it { is_expected.to contain_file('zpassenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_passenger\.so$/) }
+ end
+ describe "with mod_lib => 'mod_foo.so'" do
+ let :params do
+ { :mod_lib => 'mod_foo.so' }
+ end
+ it { is_expected.to contain_file('zpassenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/apache2\/modules\/mod_foo\.so$/) }
+ end
+ describe "with mod_id => 'mod_foo'" do
+ let :params do
+ { :mod_id => 'mod_foo' }
+ end
+ it { is_expected.to contain_file('zpassenger.load').with_content(/^LoadModule mod_foo \/usr\/lib\/apache2\/modules\/mod_passenger\.so$/) }
+ end
+
+ context "with Ubuntu 12.04 defaults" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '12.04',
+ :kernel => 'Linux',
+ :operatingsystem => 'Ubuntu',
+ :lsbdistrelease => '12.04',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr"}) }
+ it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/bin/ruby"}) }
+ it { is_expected.to contain_file('passenger.conf').without_content(/PassengerDefaultRuby/) }
+ end
+
+ context "with Ubuntu 14.04 defaults" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '14.04',
+ :operatingsystem => 'Ubuntu',
+ :kernel => 'Linux',
+ :lsbdistrelease => '14.04',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) }
+ it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) }
+ it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) }
+ end
+
+ context "with Debian 7 defaults" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '7.3',
+ :operatingsystem => 'Debian',
+ :kernel => 'Linux',
+ :lsbdistcodename => 'wheezy',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr"}) }
+ it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/bin/ruby"}) }
+ it { is_expected.to contain_file('passenger.conf').without_content(/PassengerDefaultRuby/) }
+ end
+
+ context "with Debian 8 defaults" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '8.0',
+ :operatingsystem => 'Debian',
+ :kernel => 'Linux',
+ :lsbdistcodename => 'jessie',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) }
+ it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) }
+ it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) }
+ end
+ end
+
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('passenger') }
+ it { is_expected.to contain_package("mod_passenger") }
+ it { is_expected.to contain_file('passenger_package.conf').with({
+ 'path' => '/etc/httpd/conf.d/passenger.conf',
+ }) }
+ it { is_expected.to contain_file('passenger_package.conf').without_content }
+ it { is_expected.to contain_file('passenger_package.conf').without_source }
+ it { is_expected.to contain_file('zpassenger.load').with({
+ 'path' => '/etc/httpd/conf.d/zpassenger.load',
+ }) }
+ it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRoot/) }
+ it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) }
+ describe "with passenger_root => '/usr/lib/example'" do
+ let :params do
+ { :passenger_root => '/usr/lib/example' }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/example"$/) }
+ end
+ describe "with passenger_ruby => /usr/lib/example/ruby" do
+ let :params do
+ { :passenger_ruby => '/usr/lib/example/ruby' }
+ end
+ it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/lib\/example\/ruby"$/) }
+ end
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('passenger') }
+ it { is_expected.to contain_package("www/rubygem-passenger") }
+ end
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('passenger') }
+ it { is_expected.to contain_package("www-apache/passenger") }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::perl', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('perl') }
+ it { is_expected.to contain_package("libapache2-mod-perl2") }
+ end
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('perl') }
+ it { is_expected.to contain_package("mod_perl") }
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('perl') }
+ it { is_expected.to contain_package("www/mod_perl2") }
+ end
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'Gentoo',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('perl') }
+ it { is_expected.to contain_package("www-apache/mod_perl") }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::peruser', :type => :class do
+ let :pre_condition do
+ 'class { "apache": mpm_module => false, }'
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '10',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it do
+ expect {
+ catalogue
+ }.to raise_error(Puppet::Error, /Unsupported osfamily FreeBSD/)
+ end
+ end
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('peruser') }
+ it { is_expected.to contain_file("/etc/apache2/modules.d/peruser.conf").with_ensure('file') }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::php', :type => :class do
+ describe "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ context "with mpm_module => prefork" do
+ let :pre_condition do
+ 'class { "apache": mpm_module => prefork, }'
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_class("apache::mod::prefork") }
+ it { is_expected.to contain_apache__mod('php5') }
+ it { is_expected.to contain_package("libapache2-mod-php5") }
+ it { is_expected.to contain_file("php5.load").with(
+ :content => "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n"
+ ) }
+ end
+ context "with mpm_module => itk" do
+ let :pre_condition do
+ 'class { "apache": mpm_module => itk, }'
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_class("apache::mod::itk") }
+ it { is_expected.to contain_apache__mod('php5') }
+ it { is_expected.to contain_package("libapache2-mod-php5") }
+ it { is_expected.to contain_file("php5.load").with(
+ :content => "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n"
+ ) }
+ end
+ end
+ describe "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ context "with default params" do
+ let :pre_condition do
+ 'class { "apache": }'
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('php5') }
+ it { is_expected.to contain_package("php") }
+ it { is_expected.to contain_file("php5.load").with(
+ :content => "LoadModule php5_module modules/libphp5.so\n"
+ ) }
+ end
+ context "with alternative package name" do let :pre_condition do
+ 'class { "apache": }'
+ end
+ let :params do
+ { :package_name => 'php54'}
+ end
+ it { is_expected.to contain_package("php54") }
+ end
+ context "with alternative path" do let :pre_condition do
+ 'class { "apache": }'
+ end
+ let :params do
+ { :path => 'alternative-path'}
+ end
+ it { is_expected.to contain_file("php5.load").with(
+ :content => "LoadModule php5_module alternative-path\n"
+ ) }
+ end
+ context "with alternative extensions" do let :pre_condition do
+ 'class { "apache": }'
+ end
+ let :params do
+ { :extensions => ['.php','.php5']}
+ end
+ it { is_expected.to contain_file("php5.conf").with_content(/AddHandler php5-script .php .php5\n/) }
+ end
+ context "with specific version" do
+ let :pre_condition do
+ 'class { "apache": }'
+ end
+ let :params do
+ { :package_ensure => '5.3.13'}
+ end
+ it { is_expected.to contain_package("php").with(
+ :ensure => '5.3.13'
+ ) }
+ end
+ context "with mpm_module => prefork" do
+ let :pre_condition do
+ 'class { "apache": mpm_module => prefork, }'
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_class("apache::mod::prefork") }
+ it { is_expected.to contain_apache__mod('php5') }
+ it { is_expected.to contain_package("php") }
+ it { is_expected.to contain_file("php5.load").with(
+ :content => "LoadModule php5_module modules/libphp5.so\n"
+ ) }
+ end
+ context "with mpm_module => itk" do
+ let :pre_condition do
+ 'class { "apache": mpm_module => itk, }'
+ end
+ it 'should raise an error' do
+ expect { expect(subject).to contain_class("apache::mod::itk") }.to raise_error Puppet::Error, /Unsupported osfamily RedHat/
+ end
+ end
+ end
+ describe "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '10',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ context "with mpm_module => prefork" do
+ let :pre_condition do
+ 'class { "apache": mpm_module => prefork, }'
+ end
+ it { is_expected.to contain_class('apache::params') }
+ it { is_expected.to contain_apache__mod('php5') }
+ it { is_expected.to contain_package("www/mod_php5") }
+ it { is_expected.to contain_file('php5.load') }
+ end
+ context "with mpm_module => itk" do
+ let :pre_condition do
+ 'class { "apache": mpm_module => itk, }'
+ end
+ it { is_expected.to contain_class('apache::params') }
+ it { is_expected.to contain_class('apache::mod::itk') }
+ it { is_expected.to contain_apache__mod('php5') }
+ it { is_expected.to contain_package("www/mod_php5") }
+ it { is_expected.to contain_file('php5.load') }
+ end
+ end
+ describe "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ context "with mpm_module => prefork" do
+ let :pre_condition do
+ 'class { "apache": mpm_module => prefork, }'
+ end
+ it { is_expected.to contain_class('apache::params') }
+ it { is_expected.to contain_apache__mod('php5') }
+ it { is_expected.to contain_package("dev-lang/php") }
+ it { is_expected.to contain_file('php5.load') }
+ end
+ context "with mpm_module => itk" do
+ let :pre_condition do
+ 'class { "apache": mpm_module => itk, }'
+ end
+ it { is_expected.to contain_class('apache::params') }
+ it { is_expected.to contain_class('apache::mod::itk') }
+ it { is_expected.to contain_apache__mod('php5') }
+ it { is_expected.to contain_package("dev-lang/php") }
+ it { is_expected.to contain_file('php5.load') }
+ end
+ end
+ describe "OS independent tests" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6',
+ :kernel => 'Linux',
+ :lsbdistcodename => 'squeeze',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ context 'with content param' do
+ let :pre_condition do
+ 'class { "apache": mpm_module => prefork, }'
+ end
+ let :params do
+ { :content => 'somecontent' }
+ end
+ it { should contain_file('php5.conf').with(
+ :content => 'somecontent'
+ ) }
+ end
+ context 'with template param' do
+ let :pre_condition do
+ 'class { "apache": mpm_module => prefork, }'
+ end
+ let :params do
+ { :template => 'apache/mod/php5.conf.erb' }
+ end
+ it { should contain_file('php5.conf').with(
+ :content => /^# PHP is an HTML-embedded scripting language which attempts to make it/
+ ) }
+ end
+ context 'with source param' do
+ let :pre_condition do
+ 'class { "apache": mpm_module => prefork, }'
+ end
+ let :params do
+ { :source => 'some-path' }
+ end
+ it { should contain_file('php5.conf').with(
+ :source => 'some-path'
+ ) }
+ end
+ context 'content has priority over template' do
+ let :pre_condition do
+ 'class { "apache": mpm_module => prefork, }'
+ end
+ let :params do
+ {
+ :template => 'apache/mod/php5.conf.erb',
+ :content => 'somecontent'
+ }
+ end
+ it { should contain_file('php5.conf').with(
+ :content => 'somecontent'
+ ) }
+ end
+ context 'source has priority over template' do
+ let :pre_condition do
+ 'class { "apache": mpm_module => prefork, }'
+ end
+ let :params do
+ {
+ :template => 'apache/mod/php5.conf.erb',
+ :source => 'some-path'
+ }
+ end
+ it { should contain_file('php5.conf').with(
+ :source => 'some-path'
+ ) }
+ end
+ context 'source has priority over content' do
+ let :pre_condition do
+ 'class { "apache": mpm_module => prefork, }'
+ end
+ let :params do
+ {
+ :content => 'somecontent',
+ :source => 'some-path'
+ }
+ end
+ it { should contain_file('php5.conf').with(
+ :source => 'some-path'
+ ) }
+ end
+ context 'with mpm_module => worker' do
+ let :pre_condition do
+ 'class { "apache": mpm_module => worker, }'
+ end
+ it 'should raise an error' do
+ expect { expect(subject).to contain_apache__mod('php5') }.to raise_error Puppet::Error, /mpm_module => 'prefork' or mpm_module => 'itk'/
+ end
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::prefork', :type => :class do
+ let :pre_condition do
+ 'class { "apache": mpm_module => false, }'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('prefork') }
+ it { is_expected.to contain_file("/etc/apache2/mods-available/prefork.conf").with_ensure('file') }
+ it { is_expected.to contain_file("/etc/apache2/mods-enabled/prefork.conf").with_ensure('link') }
+
+ context "with Apache version < 2.4" do
+ let :params do
+ {
+ :apache_version => '2.2',
+ }
+ end
+
+ it { is_expected.not_to contain_file("/etc/apache2/mods-available/prefork.load") }
+ it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/prefork.load") }
+
+ it { is_expected.to contain_package("apache2-mpm-prefork") }
+ end
+
+ context "with Apache version >= 2.4" do
+ let :params do
+ {
+ :apache_version => '2.4',
+ }
+ end
+
+ it { is_expected.to contain_file("/etc/apache2/mods-available/prefork.load").with({
+ 'ensure' => 'file',
+ 'content' => "LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so\n"
+ })
+ }
+ it { is_expected.to contain_file("/etc/apache2/mods-enabled/prefork.load").with_ensure('link') }
+ end
+ end
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('prefork') }
+ it { is_expected.to contain_file("/etc/httpd/conf.d/prefork.conf").with_ensure('file') }
+
+ context "with Apache version < 2.4" do
+ let :params do
+ {
+ :apache_version => '2.2',
+ }
+ end
+
+ it { is_expected.to contain_file_line("/etc/sysconfig/httpd prefork enable").with({
+ 'require' => 'Package[httpd]',
+ })
+ }
+ end
+
+ context "with Apache version >= 2.4" do
+ let :params do
+ {
+ :apache_version => '2.4',
+ }
+ end
+
+ it { is_expected.not_to contain_apache__mod('event') }
+
+ it { is_expected.to contain_file("/etc/httpd/conf.d/prefork.load").with({
+ 'ensure' => 'file',
+ 'content' => "LoadModule mpm_prefork_module modules/mod_mpm_prefork.so\n",
+ })
+ }
+ end
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('prefork') }
+ it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/prefork.conf").with_ensure('file') }
+ end
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('prefork') }
+ it { is_expected.to contain_file("/etc/apache2/modules.d/prefork.conf").with_ensure('file') }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::proxy_connect', :type => :class do
+ let :pre_condition do
+ [
+ 'include apache',
+ 'include apache::mod::proxy',
+ ]
+ end
+ context 'on a Debian OS' do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ context 'with Apache version < 2.2' do
+ let :facts do
+ super().merge({
+ :operatingsystemrelease => '7.0',
+ :lsbdistcodename => 'wheezy',
+ })
+ end
+ let :params do
+ {
+ :apache_version => '2.1',
+ }
+ end
+ it { is_expected.not_to contain_apache__mod('proxy_connect') }
+ end
+ context 'with Apache version = 2.2' do
+ let :facts do
+ super().merge({
+ :operatingsystemrelease => '7.0',
+ :lsbdistcodename => 'wheezy',
+ })
+ end
+ let :params do
+ {
+ :apache_version => '2.2',
+ }
+ end
+ it { is_expected.to contain_apache__mod('proxy_connect') }
+ end
+ context 'with Apache version >= 2.4' do
+ let :facts do
+ super().merge({
+ :operatingsystemrelease => '8.0',
+ :lsbdistcodename => 'jessie',
+ })
+ end
+ let :params do
+ {
+ :apache_version => '2.4',
+ }
+ end
+ it { is_expected.to contain_apache__mod('proxy_connect') }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::proxy_html', :type => :class do
+ let :pre_condition do
+ [
+ 'include apache',
+ 'include apache::mod::proxy',
+ 'include apache::mod::proxy_http',
+ ]
+ end
+ context "on a Debian OS" do
+ shared_examples "debian" do |loadfiles|
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => loadfiles) }
+ it { is_expected.to contain_package("libapache2-mod-proxy-html") }
+ end
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :concat_basedir => '/dne',
+ :architecture => 'i386',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :hardwaremodel => 'i386',
+ :is_pe => false,
+ }
+ end
+
+ context "on squeeze" do
+ let(:facts) { super().merge({ :operatingsystemrelease => '6' }) }
+ it_behaves_like "debian", ['/usr/lib/libxml2.so.2']
+ end
+ context "on wheezy" do
+ let(:facts) { super().merge({ :operatingsystemrelease => '7' }) }
+ context "i386" do
+ let(:facts) { super().merge({
+ :hardwaremodel => 'i686',
+ :architecture => 'i386'
+ })}
+ it_behaves_like "debian", ["/usr/lib/i386-linux-gnu/libxml2.so.2"]
+ end
+ context "x64" do
+ let(:facts) { super().merge({
+ :hardwaremodel => 'x86_64',
+ :architecture => 'amd64'
+ })}
+ it_behaves_like "debian", ["/usr/lib/x86_64-linux-gnu/libxml2.so.2"]
+ end
+ end
+ end
+ context "on a RedHat OS", :compile do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) }
+ it { is_expected.to contain_package("mod_proxy_html") }
+ end
+ context "on a FreeBSD OS", :compile do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) }
+ it { is_expected.to contain_package("www/mod_proxy_html") }
+ end
+ context "on a Gentoo OS", :compile do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) }
+ it { is_expected.to contain_package("www-apache/mod_proxy_html") }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::python', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod("python") }
+ it { is_expected.to contain_package("libapache2-mod-python") }
+ end
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod("python") }
+ it { is_expected.to contain_package("mod_python") }
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod("python") }
+ it { is_expected.to contain_package("www/mod_python3") }
+ end
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod("python") }
+ it { is_expected.to contain_package("www-apache/mod_python") }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::remoteip', :type => :class do
+ let :pre_condition do
+ [
+ 'include apache',
+ ]
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '8',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'jessie',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ }
+ end
+ let :params do
+ { :apache_version => '2.4' }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('remoteip') }
+ it { is_expected.to contain_file('remoteip.conf').with({
+ 'path' => '/etc/apache2/mods-available/remoteip.conf',
+ }) }
+
+ describe "with header X-Forwarded-For" do
+ let :params do
+ { :header => 'X-Forwarded-For' }
+ end
+ it { is_expected.to contain_file('remoteip.conf').with_content(/^RemoteIPHeader X-Forwarded-For$/) }
+ end
+ describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do
+ let :params do
+ { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] }
+ end
+ it { is_expected.to contain_file('remoteip.conf').with_content(/^RemoteIPInternalProxy 10.42.17.8$/) }
+ it { is_expected.to contain_file('remoteip.conf').with_content(/^RemoteIPInternalProxy 10.42.18.99$/) }
+ end
+ describe "with Apache version < 2.4" do
+ let :params do
+ { :apache_version => '2.2' }
+ end
+ it 'should fail' do
+ expect { catalogue }.to raise_error(Puppet::Error, /mod_remoteip is only available in Apache 2.4/)
+ end
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::reqtimeout', :type => :class do
+ let :pre_condition do
+ 'class { "apache":
+ default_mods => false,
+ }'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :lsbdistcodename => 'squeeze',
+ :is_pe => false,
+ }
+ end
+ context "passing no parameters" do
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('reqtimeout') }
+ it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) }
+ end
+ context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do
+ let :params do
+ {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']}
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('reqtimeout') }
+ it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) }
+ end
+ context "passing timeouts => 'header=20-60,minrate=600'" do
+ let :params do
+ {:timeouts => 'header=20-60,minrate=600'}
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('reqtimeout') }
+ it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) }
+ end
+ end
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'Redhat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ context "passing no parameters" do
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('reqtimeout') }
+ it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) }
+ end
+ context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do
+ let :params do
+ {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']}
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('reqtimeout') }
+ it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) }
+ end
+ context "passing timeouts => 'header=20-60,minrate=600'" do
+ let :params do
+ {:timeouts => 'header=20-60,minrate=600'}
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('reqtimeout') }
+ it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) }
+ end
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ context "passing no parameters" do
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('reqtimeout') }
+ it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) }
+ end
+ context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do
+ let :params do
+ {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']}
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('reqtimeout') }
+ it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) }
+ end
+ context "passing timeouts => 'header=20-60,minrate=600'" do
+ let :params do
+ {:timeouts => 'header=20-60,minrate=600'}
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('reqtimeout') }
+ it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) }
+ end
+ end
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ context "passing no parameters" do
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('reqtimeout') }
+ it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) }
+ end
+ context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do
+ let :params do
+ {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']}
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('reqtimeout') }
+ it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) }
+ end
+ context "passing timeouts => 'header=20-60,minrate=600'" do
+ let :params do
+ {:timeouts => 'header=20-60,minrate=600'}
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('reqtimeout') }
+ it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::rpaf', :type => :class do
+ let :pre_condition do
+ [
+ 'include apache',
+ ]
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('rpaf') }
+ it { is_expected.to contain_package("libapache2-mod-rpaf") }
+ it { is_expected.to contain_file('rpaf.conf').with({
+ 'path' => '/etc/apache2/mods-available/rpaf.conf',
+ }) }
+ it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) }
+
+ describe "with sethostname => true" do
+ let :params do
+ { :sethostname => 'true' }
+ end
+ it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) }
+ end
+ describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do
+ let :params do
+ { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] }
+ end
+ it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) }
+ end
+ describe "with header => X-Real-IP" do
+ let :params do
+ { :header => 'X-Real-IP' }
+ end
+ it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) }
+ end
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('rpaf') }
+ it { is_expected.to contain_package("www/mod_rpaf2") }
+ it { is_expected.to contain_file('rpaf.conf').with({
+ 'path' => '/usr/local/etc/apache24/Modules/rpaf.conf',
+ }) }
+ it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) }
+
+ describe "with sethostname => true" do
+ let :params do
+ { :sethostname => 'true' }
+ end
+ it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) }
+ end
+ describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do
+ let :params do
+ { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] }
+ end
+ it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) }
+ end
+ describe "with header => X-Real-IP" do
+ let :params do
+ { :header => 'X-Real-IP' }
+ end
+ it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) }
+ end
+ end
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__mod('rpaf') }
+ it { is_expected.to contain_package("www-apache/mod_rpaf") }
+ it { is_expected.to contain_file('rpaf.conf').with({
+ 'path' => '/etc/apache2/modules.d/rpaf.conf',
+ }) }
+ it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) }
+
+ describe "with sethostname => true" do
+ let :params do
+ { :sethostname => 'true' }
+ end
+ it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) }
+ end
+ describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do
+ let :params do
+ { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] }
+ end
+ it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) }
+ end
+ describe "with header => X-Real-IP" do
+ let :params do
+ { :header => 'X-Real-IP' }
+ end
+ it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::security', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+
+ context "on RedHat based systems" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'CentOS',
+ :operatingsystemrelease => '7',
+ :kernel => 'Linux',
+ :id => 'root',
+ :concat_basedir => '/',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { should contain_apache__mod('security').with(
+ :id => 'security2_module',
+ :lib => 'mod_security2.so'
+ ) }
+ it { should contain_apache__mod('unique_id_module').with(
+ :id => 'unique_id_module',
+ :lib => 'mod_unique_id.so'
+ ) }
+ it { should contain_package('mod_security_crs') }
+ it { should contain_file('security.conf').with(
+ :path => '/etc/httpd/conf.d/security.conf'
+ ) }
+ it { should contain_file('/etc/httpd/modsecurity.d').with(
+ :ensure => 'directory',
+ :path => '/etc/httpd/modsecurity.d',
+ :owner => 'apache',
+ :group => 'apache'
+ ) }
+ it { should contain_file('/etc/httpd/modsecurity.d/activated_rules').with(
+ :ensure => 'directory',
+ :path => '/etc/httpd/modsecurity.d/activated_rules',
+ :owner => 'apache',
+ :group => 'apache'
+ ) }
+ it { should contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with(
+ :path => '/etc/httpd/modsecurity.d/security_crs.conf'
+ ) }
+ it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') }
+ end
+
+ context "on Debian based systems" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/',
+ :lsbdistcodename => 'squeeze',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :kernel => 'Linux',
+ :is_pe => false,
+ }
+ end
+ it { should contain_apache__mod('security').with(
+ :id => 'security2_module',
+ :lib => 'mod_security2.so'
+ ) }
+ it { should contain_apache__mod('unique_id_module').with(
+ :id => 'unique_id_module',
+ :lib => 'mod_unique_id.so'
+ ) }
+ it { should contain_package('modsecurity-crs') }
+ it { should contain_file('security.conf').with(
+ :path => '/etc/apache2/mods-available/security.conf'
+ ) }
+ it { should contain_file('/etc/modsecurity').with(
+ :ensure => 'directory',
+ :path => '/etc/modsecurity',
+ :owner => 'www-data',
+ :group => 'www-data'
+ ) }
+ it { should contain_file('/etc/modsecurity/activated_rules').with(
+ :ensure => 'directory',
+ :path => '/etc/modsecurity/activated_rules',
+ :owner => 'www-data',
+ :group => 'www-data'
+ ) }
+ it { should contain_file('/etc/modsecurity/security_crs.conf').with(
+ :path => '/etc/modsecurity/security_crs.conf'
+ ) }
+ it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') }
+ end
+
+end
--- /dev/null
+describe 'apache::mod::shib', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :fqdn => 'test.example.com',
+ :is_pe => false,
+ }
+ end
+ describe 'with no parameters' do
+ it { should contain_apache__mod('shib2').with_id('mod_shib') }
+ end
+ end
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :fqdn => 'test.example.com',
+ :is_pe => false,
+ }
+ end
+ describe 'with no parameters' do
+ it { should contain_apache__mod('shib2').with_id('mod_shib') }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::speling', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_apache__mod('speling') }
+ end
+
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_apache__mod('speling') }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::ssl', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+ context 'on an unsupported OS' do
+ let :facts do
+ {
+ :osfamily => 'Magic',
+ :operatingsystemrelease => '0',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'Magic',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { expect { catalogue }.to raise_error(Puppet::Error, /Unsupported osfamily:/) }
+ end
+
+ context 'on a RedHat OS' do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class('apache::params') }
+ it { is_expected.to contain_apache__mod('ssl') }
+ it { is_expected.to contain_package('mod_ssl') }
+ context 'with a custom package_name parameter' do
+ let :params do
+ { :package_name => 'httpd24-mod_ssl' }
+ end
+ it { is_expected.to contain_class('apache::params') }
+ it { is_expected.to contain_apache__mod('ssl') }
+ it { is_expected.to contain_package('httpd24-mod_ssl') }
+ it { is_expected.not_to contain_package('mod_ssl') }
+ end
+ end
+
+ context 'on a Debian OS' do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class('apache::params') }
+ it { is_expected.to contain_apache__mod('ssl') }
+ it { is_expected.not_to contain_package('libapache2-mod-ssl') }
+ end
+
+ context 'on a FreeBSD OS' do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class('apache::params') }
+ it { is_expected.to contain_apache__mod('ssl') }
+ end
+
+ context 'on a Gentoo OS' do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class('apache::params') }
+ it { is_expected.to contain_apache__mod('ssl') }
+ end
+
+ # Template config doesn't vary by distro
+ context "on all distros" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'CentOS',
+ :operatingsystemrelease => '6',
+ :kernel => 'Linux',
+ :id => 'root',
+ :concat_basedir => '/dne',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ context 'not setting ssl_pass_phrase_dialog' do
+ it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog builtin$/)}
+ end
+
+ context 'setting ssl_pass_phrase_dialog' do
+ let :params do
+ {
+ :ssl_pass_phrase_dialog => 'exec:/path/to/program',
+ }
+ end
+ it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog exec:\/path\/to\/program$/)}
+ end
+
+ context 'setting ssl_random_seed_bytes' do
+ let :params do
+ {
+ :ssl_random_seed_bytes => '1024',
+ }
+ end
+ it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLRandomSeed startup file:/dev/urandom 1024$})}
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+# Helper function for testing the contents of `status.conf`
+def status_conf_spec(allow_from, extended_status, status_path)
+ it do
+ is_expected.to contain_file("status.conf").with_content(
+ "<Location #{status_path}>\n"\
+ " SetHandler server-status\n"\
+ " Order deny,allow\n"\
+ " Deny from all\n"\
+ " Allow from #{Array(allow_from).join(' ')}\n"\
+ "</Location>\n"\
+ "ExtendedStatus #{extended_status}\n"\
+ "\n"\
+ "<IfModule mod_proxy.c>\n"\
+ " # Show Proxy LoadBalancer status in mod_status\n"\
+ " ProxyStatus On\n"\
+ "</IfModule>\n"
+ )
+ end
+end
+
+describe 'apache::mod::status', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+
+ context "on a Debian OS with default params" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ it { is_expected.to contain_apache__mod("status") }
+
+ status_conf_spec(["127.0.0.1", "::1"], "On", "/server-status")
+
+ it { is_expected.to contain_file("status.conf").with({
+ :ensure => 'file',
+ :path => '/etc/apache2/mods-available/status.conf',
+ } ) }
+
+ it { is_expected.to contain_file("status.conf symlink").with({
+ :ensure => 'link',
+ :path => '/etc/apache2/mods-enabled/status.conf',
+ } ) }
+
+ end
+
+ context "on a RedHat OS with default params" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ it { is_expected.to contain_apache__mod("status") }
+
+ status_conf_spec(["127.0.0.1", "::1"], "On", "/server-status")
+
+ it { is_expected.to contain_file("status.conf").with_path("/etc/httpd/conf.d/status.conf") }
+
+ end
+
+ context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off', $status_path => '/custom-status'" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ let :params do
+ {
+ :allow_from => ['10.10.10.10','11.11.11.11'],
+ :extended_status => 'Off',
+ :status_path => '/custom-status',
+ }
+ end
+
+ status_conf_spec(["10.10.10.10", "11.11.11.11"], "Off", "/custom-status")
+
+ end
+
+ context "with valid parameter type $allow_from => ['10.10.10.10']" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ let :params do
+ { :allow_from => ['10.10.10.10'] }
+ end
+ it 'should expect to succeed array validation' do
+ expect {
+ is_expected.to contain_file("status.conf")
+ }.not_to raise_error()
+ end
+ end
+
+ context "with invalid parameter type $allow_from => '10.10.10.10'" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ let :params do
+ { :allow_from => '10.10.10.10' }
+ end
+ it 'should expect to fail array validation' do
+ expect {
+ is_expected.to contain_file("status.conf")
+ }.to raise_error(Puppet::Error)
+ end
+ end
+
+ # Only On or Off are valid options
+ ['On', 'Off'].each do |valid_param|
+ context "with valid value $extended_status => '#{valid_param}'" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ let :params do
+ { :extended_status => valid_param }
+ end
+ it 'should expect to succeed regular expression validation' do
+ expect {
+ is_expected.to contain_file("status.conf")
+ }.not_to raise_error()
+ end
+ end
+ end
+
+ ['Yes', 'No'].each do |invalid_param|
+ context "with invalid value $extended_status => '#{invalid_param}'" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ let :params do
+ { :extended_status => invalid_param }
+ end
+ it 'should expect to fail regular expression validation' do
+ expect {
+ is_expected.to contain_file("status.conf")
+ }.to raise_error(Puppet::Error)
+ end
+ end
+ end
+
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::suphp', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_package("libapache2-mod-suphp") }
+ end
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_package("mod_suphp") }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::worker', :type => :class do
+ let :pre_condition do
+ 'class { "apache": mpm_module => false, }'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('worker') }
+ it { is_expected.to contain_file("/etc/apache2/mods-available/worker.conf").with_ensure('file') }
+ it { is_expected.to contain_file("/etc/apache2/mods-enabled/worker.conf").with_ensure('link') }
+
+ context "with Apache version < 2.4" do
+ let :params do
+ {
+ :apache_version => '2.2',
+ }
+ end
+
+ it { is_expected.not_to contain_file("/etc/apache2/mods-available/worker.load") }
+ it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/worker.load") }
+
+ it { is_expected.to contain_package("apache2-mpm-worker") }
+ end
+
+ context "with Apache version >= 2.4" do
+ let :params do
+ {
+ :apache_version => '2.4',
+ }
+ end
+
+ it { is_expected.to contain_file("/etc/apache2/mods-available/worker.load").with({
+ 'ensure' => 'file',
+ 'content' => "LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so\n"
+ })
+ }
+ it { is_expected.to contain_file("/etc/apache2/mods-enabled/worker.load").with_ensure('link') }
+ end
+ end
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('worker') }
+ it { is_expected.to contain_file("/etc/httpd/conf.d/worker.conf").with_ensure('file') }
+
+ context "with Apache version < 2.4" do
+ let :params do
+ {
+ :apache_version => '2.2',
+ }
+ end
+
+ it { is_expected.to contain_file_line("/etc/sysconfig/httpd worker enable").with({
+ 'require' => 'Package[httpd]',
+ })
+ }
+ end
+
+ context "with Apache version >= 2.4" do
+ let :params do
+ {
+ :apache_version => '2.4',
+ }
+ end
+
+ it { is_expected.not_to contain_apache__mod('event') }
+
+ it { is_expected.to contain_file("/etc/httpd/conf.d/worker.load").with({
+ 'ensure' => 'file',
+ 'content' => "LoadModule mpm_worker_module modules/mod_mpm_worker.so\n",
+ })
+ }
+ end
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('worker') }
+ it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/worker.conf").with_ensure('file') }
+ end
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.not_to contain_apache__mod('worker') }
+ it { is_expected.to contain_file("/etc/apache2/modules.d/worker.conf").with_ensure('file') }
+ end
+
+ # Template config doesn't vary by distro
+ context "on all distros" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'CentOS',
+ :operatingsystemrelease => '6',
+ :kernel => 'Linux',
+ :id => 'root',
+ :concat_basedir => '/dne',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ context 'defaults' do
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^<IfModule mpm_worker_module>$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ServerLimit\s+25$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+StartServers\s+2$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxClients\s+150$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MinSpareThreads\s+25$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxSpareThreads\s+75$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadsPerChild\s+25$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxRequestsPerChild\s+0$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadLimit\s+64$/) }
+ end
+
+ context 'setting params' do
+ let :params do
+ {
+ :serverlimit => 10,
+ :startservers => 11,
+ :maxclients => 12,
+ :minsparethreads => 13,
+ :maxsparethreads => 14,
+ :threadsperchild => 15,
+ :maxrequestsperchild => 16,
+ :threadlimit => 17
+ }
+ end
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^<IfModule mpm_worker_module>$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ServerLimit\s+10$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+StartServers\s+11$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxClients\s+12$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MinSpareThreads\s+13$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxSpareThreads\s+14$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadsPerChild\s+15$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxRequestsPerChild\s+16$/) }
+ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadLimit\s+17$/) }
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod::wsgi', :type => :class do
+ let :pre_condition do
+ 'include apache'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_class('apache::mod::wsgi').with(
+ 'wsgi_socket_prefix' => nil
+ )
+ }
+ it { is_expected.to contain_package("libapache2-mod-wsgi") }
+ end
+ context "on a RedHat OS" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_class('apache::mod::wsgi').with(
+ 'wsgi_socket_prefix' => '/var/run/wsgi'
+ )
+ }
+ it { is_expected.to contain_package("mod_wsgi") }
+
+ describe "with custom WSGISocketPrefix" do
+ let :params do
+ { :wsgi_socket_prefix => 'run/wsgi' }
+ end
+ it {is_expected.to contain_file('wsgi.conf').with_content(/^ WSGISocketPrefix run\/wsgi$/)}
+ end
+ describe "with custom WSGIPythonHome" do
+ let :params do
+ { :wsgi_python_home => '/path/to/virtenv' }
+ end
+ it {is_expected.to contain_file('wsgi.conf').with_content(/^ WSGIPythonHome "\/path\/to\/virtenv"$/)}
+ end
+ describe "with custom package_name and mod_path" do
+ let :params do
+ {
+ :package_name => 'mod_wsgi_package',
+ :mod_path => '/foo/bar/baz',
+ }
+ end
+ it { is_expected.to contain_apache__mod('wsgi').with({
+ 'package' => 'mod_wsgi_package',
+ 'path' => '/foo/bar/baz',
+ })
+ }
+ it { is_expected.to contain_package("mod_wsgi_package") }
+ it { is_expected.to contain_file('wsgi.load').with_content(%r"LoadModule wsgi_module /foo/bar/baz") }
+ end
+ describe "with custom mod_path not containing /" do
+ let :params do
+ {
+ :package_name => 'mod_wsgi_package',
+ :mod_path => 'wsgi_mod_name.so',
+ }
+ end
+ it { is_expected.to contain_apache__mod('wsgi').with({
+ 'path' => 'modules/wsgi_mod_name.so',
+ 'package' => 'mod_wsgi_package',
+ })
+ }
+ it { is_expected.to contain_file('wsgi.load').with_content(%r"LoadModule wsgi_module modules/wsgi_mod_name.so") }
+
+ end
+ describe "with package_name but no mod_path" do
+ let :params do
+ {
+ :mod_path => '/foo/bar/baz',
+ }
+ end
+ it { expect { catalogue }.to raise_error Puppet::Error, /apache::mod::wsgi - both package_name and mod_path must be specified!/ }
+ end
+ describe "with mod_path but no package_name" do
+ let :params do
+ {
+ :package_name => '/foo/bar/baz',
+ }
+ end
+ it { expect { catalogue }.to raise_error Puppet::Error, /apache::mod::wsgi - both package_name and mod_path must be specified!/ }
+ end
+ end
+ context "on a FreeBSD OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_class('apache::mod::wsgi').with(
+ 'wsgi_socket_prefix' => nil
+ )
+ }
+ it { is_expected.to contain_package("www/mod_wsgi") }
+ end
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_class('apache::mod::wsgi').with(
+ 'wsgi_socket_prefix' => nil
+ )
+ }
+ it { is_expected.to contain_package("www-apache/mod_wsgi") }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::params', :type => :class do
+ context "On a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_apache__params }
+
+ it "Should not contain any resources" do
+ should have_resource_count(0)
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::service', :type => :class do
+ let :pre_condition do
+ 'include apache::params'
+ end
+ context "on a Debian OS" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_service("httpd").with(
+ 'name' => 'apache2',
+ 'ensure' => 'running',
+ 'enable' => 'true'
+ )
+ }
+
+ context "with $service_name => 'foo'" do
+ let (:params) {{ :service_name => 'foo' }}
+ it { is_expected.to contain_service("httpd").with(
+ 'name' => 'foo'
+ )
+ }
+ end
+
+ context "with $service_enable => true" do
+ let (:params) {{ :service_enable => true }}
+ it { is_expected.to contain_service("httpd").with(
+ 'name' => 'apache2',
+ 'ensure' => 'running',
+ 'enable' => 'true'
+ )
+ }
+ end
+
+ context "with $service_enable => false" do
+ let (:params) {{ :service_enable => false }}
+ it { is_expected.to contain_service("httpd").with(
+ 'name' => 'apache2',
+ 'ensure' => 'running',
+ 'enable' => 'false'
+ )
+ }
+ end
+
+ context "$service_enable must be a bool" do
+ let (:params) {{ :service_enable => 'not-a-boolean' }}
+
+ it 'should fail' do
+ expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/)
+ end
+ end
+
+ context "$service_manage must be a bool" do
+ let (:params) {{ :service_manage => 'not-a-boolean' }}
+
+ it 'should fail' do
+ expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/)
+ end
+ end
+
+ context "with $service_ensure => 'running'" do
+ let (:params) {{ :service_ensure => 'running', }}
+ it { is_expected.to contain_service("httpd").with(
+ 'ensure' => 'running',
+ 'enable' => 'true'
+ )
+ }
+ end
+
+ context "with $service_ensure => 'stopped'" do
+ let (:params) {{ :service_ensure => 'stopped', }}
+ it { is_expected.to contain_service("httpd").with(
+ 'ensure' => 'stopped',
+ 'enable' => 'true'
+ )
+ }
+ end
+
+ context "with $service_ensure => 'UNDEF'" do
+ let (:params) {{ :service_ensure => 'UNDEF' }}
+ it { is_expected.to contain_service("httpd").without_ensure }
+ end
+
+ context "with $service_restart unset" do
+ it { is_expected.to contain_service("httpd").without_restart }
+ end
+
+ context "with $service_restart => '/usr/sbin/apachectl graceful'" do
+ let (:params) {{ :service_restart => '/usr/sbin/apachectl graceful' }}
+ it { is_expected.to contain_service("httpd").with(
+ 'restart' => '/usr/sbin/apachectl graceful'
+ )
+ }
+ end
+ end
+
+
+ context "on a RedHat 5 OS, do not manage service" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '5',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ let(:params) do
+ {
+ 'service_ensure' => 'running',
+ 'service_name' => 'httpd',
+ 'service_manage' => false
+ }
+ end
+ it 'should not manage the httpd service' do
+ subject.should_not contain_service('httpd')
+ end
+ end
+
+ context "on a FreeBSD 5 OS" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_service("httpd").with(
+ 'name' => 'apache24',
+ 'ensure' => 'running',
+ 'enable' => 'true'
+ )
+ }
+ end
+
+ context "on a Gentoo OS" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ it { is_expected.to contain_service("httpd").with(
+ 'name' => 'apache2',
+ 'ensure' => 'running',
+ 'enable' => 'true'
+ )
+ }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::balancermember', :type => :define do
+ let :pre_condition do
+ 'include apache
+ apache::balancer {"balancer":}
+ apache::balancer {"balancer-external":}
+ apache::balancermember {"http://127.0.0.1:8080-external": url => "http://127.0.0.1:8080/", balancer_cluster => "balancer-external"}
+ '
+ end
+ let :title do
+ 'http://127.0.0.1:8080/'
+ end
+ let :params do
+ {
+ :options => [],
+ :url => 'http://127.0.0.1:8080/',
+ :balancer_cluster => 'balancer-internal'
+ }
+ end
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6',
+ :lsbdistcodename => 'squeeze',
+ :id => 'root',
+ :concat_basedir => '/dne',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :kernel => 'Linux',
+ :is_pe => false,
+ }
+ end
+ describe "allows multiple balancermembers with the same url" do
+ it { should contain_concat__fragment('BalancerMember http://127.0.0.1:8080/') }
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::custom_config', :type => :define do
+ let :pre_condition do
+ 'class { "apache": }'
+ end
+ let :title do
+ 'rspec'
+ end
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ context 'defaults with content' do
+ let :params do
+ {
+ 'content' => '# Test',
+ }
+ end
+ it { is_expected.to contain_exec("service notify for rspec").with({
+ 'refreshonly' => 'true',
+ 'subscribe' => 'File[apache_rspec]',
+ 'command' => '/usr/sbin/apachectl -t',
+ 'notify' => 'Class[Apache::Service]',
+ 'before' => 'Exec[remove rspec if invalid]',
+ })
+ }
+ it { is_expected.to contain_exec("remove rspec if invalid").with({
+ 'unless' => '/usr/sbin/apachectl -t',
+ 'subscribe' => 'File[apache_rspec]',
+ 'refreshonly' => 'true',
+ })
+ }
+ it { is_expected.to contain_file("apache_rspec").with({
+ 'ensure' => 'present',
+ 'content' => '# Test',
+ 'require' => 'Package[httpd]',
+ })
+ }
+ end
+ context 'set everything with source' do
+ let :params do
+ {
+ 'confdir' => '/dne',
+ 'priority' => '30',
+ 'source' => 'puppet:///modules/apache/test',
+ 'verify_command' => '/bin/true',
+ }
+ end
+ it { is_expected.to contain_exec("service notify for rspec").with({
+ 'command' => '/bin/true',
+ })
+ }
+ it { is_expected.to contain_exec("remove rspec if invalid").with({
+ 'command' => '/bin/rm /dne/30-rspec.conf',
+ 'unless' => '/bin/true',
+ })
+ }
+ it { is_expected.to contain_file("apache_rspec").with({
+ 'path' => '/dne/30-rspec.conf',
+ 'ensure' => 'present',
+ 'source' => 'puppet:///modules/apache/test',
+ 'require' => 'Package[httpd]',
+ })
+ }
+ end
+ context 'verify_config => false' do
+ let :params do
+ {
+ 'content' => '# test',
+ 'verify_config' => false,
+ }
+ end
+ it { is_expected.to_not contain_exec('service notify for rspec') }
+ it { is_expected.to_not contain_exec('remove rspec if invalid') }
+ it { is_expected.to contain_file('apache_rspec').with({
+ 'notify' => 'Class[Apache::Service]'
+ })
+ }
+ end
+ context 'ensure => absent' do
+ let :params do
+ {
+ 'ensure' => 'absent'
+ }
+ end
+ it { is_expected.to_not contain_exec('service notify for rspec') }
+ it { is_expected.to_not contain_exec('remove rspec if invalid') }
+ it { is_expected.to contain_file('apache_rspec').with({
+ 'ensure' => 'absent',
+ })
+ }
+ end
+ describe 'validation' do
+ context 'both content and source' do
+ let :params do
+ {
+ 'content' => 'foo',
+ 'source' => 'bar',
+ }
+ end
+ it do
+ expect {
+ catalogue
+ }.to raise_error(Puppet::Error, /Only one of \$content and \$source can be specified\./)
+ end
+ end
+ context 'neither content nor source' do
+ it do
+ expect {
+ catalogue
+ }.to raise_error(Puppet::Error, /One of \$content and \$source must be specified\./)
+ end
+ end
+ context 'bad ensure' do
+ let :params do
+ {
+ 'content' => 'foo',
+ 'ensure' => 'foo',
+ }
+ end
+ it do
+ expect {
+ catalogue
+ }.to raise_error(Puppet::Error, /is not supported for ensure/)
+ end
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::fastcgi::server', :type => :define do
+ let :pre_condition do
+ 'include apache'
+ end
+ let :title do
+ 'www'
+ end
+ describe 'os-dependent items' do
+ context "on RedHat based systems" do
+ let :default_facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'CentOS',
+ :operatingsystemrelease => '6',
+ :kernel => 'Linux',
+ :id => 'root',
+ :concat_basedir => '/dne',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ let :facts do default_facts end
+ it { should contain_class("apache") }
+ it { should contain_class("apache::mod::fastcgi") }
+ it { should contain_file("fastcgi-pool-#{title}.conf").with(
+ :ensure => 'present',
+ :path => "/etc/httpd/conf.d/fastcgi-pool-#{title}.conf"
+ ) }
+ end
+ context "on Debian based systems" do
+ let :default_facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6',
+ :lsbdistcodename => 'squeeze',
+ :kernel => 'Linux',
+ :id => 'root',
+ :concat_basedir => '/dne',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ let :facts do default_facts end
+ it { should contain_class("apache") }
+ it { should contain_class("apache::mod::fastcgi") }
+ it { should contain_file("fastcgi-pool-#{title}.conf").with(
+ :ensure => 'present',
+ :path => "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf"
+ ) }
+ end
+ context "on FreeBSD systems" do
+ let :default_facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystem => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :kernel => 'FreeBSD',
+ :id => 'root',
+ :concat_basedir => '/dne',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ let :facts do default_facts end
+ it { should contain_class("apache") }
+ it { should contain_class("apache::mod::fastcgi") }
+ it { should contain_file("fastcgi-pool-#{title}.conf").with(
+ :ensure => 'present',
+ :path => "/usr/local/etc/apache24/Includes/fastcgi-pool-#{title}.conf"
+ ) }
+ end
+ context "on Gentoo systems" do
+ let :default_facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :kernel => 'Linux',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ let :facts do default_facts end
+ it { should contain_class("apache") }
+ it { should contain_class("apache::mod::fastcgi") }
+ it { should contain_file("fastcgi-pool-#{title}.conf").with(
+ :ensure => 'present',
+ :path => "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf"
+ ) }
+ end
+ end
+ describe 'os-independent items' do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6',
+ :lsbdistcodename => 'squeeze',
+ :kernel => 'Linux',
+ :id => 'root',
+ :concat_basedir => '/dne',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ describe ".conf content" do
+ let :params do
+ {
+ :host => '127.0.0.1:9001',
+ :timeout => 30,
+ :flush => true,
+ :faux_path => '/var/www/php-www.fcgi',
+ :fcgi_alias => '/php-www.fcgi',
+ :file_type => 'application/x-httpd-php'
+ }
+ end
+ let :expected do
+'FastCGIExternalServer /var/www/php-www.fcgi -idle-timeout 30 -flush -host 127.0.0.1:9001
+Alias /php-www.fcgi /var/www/php-www.fcgi
+Action application/x-httpd-php /php-www.fcgi
+'
+ end
+ it do
+ should contain_file("fastcgi-pool-www.conf").with_content(expected)
+ end
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::mod', :type => :define do
+ let :pre_condition do
+ 'include apache'
+ end
+ context "on a RedHat osfamily" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ describe "for non-special modules" do
+ let :title do
+ 'spec_m'
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it "should manage the module load file" do
+ is_expected.to contain_file('spec_m.load').with({
+ :path => '/etc/httpd/conf.d/spec_m.load',
+ :content => "LoadModule spec_m_module modules/mod_spec_m.so\n",
+ :owner => 'root',
+ :group => 'root',
+ :mode => '0644',
+ } )
+ end
+ end
+
+ describe "with shibboleth module and package param passed" do
+ # name/title for the apache::mod define
+ let :title do
+ 'xsendfile'
+ end
+ # parameters
+ let(:params) { {:package => 'mod_xsendfile'} }
+
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_package('mod_xsendfile') }
+ end
+ end
+
+ context "on a Debian osfamily" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ describe "for non-special modules" do
+ let :title do
+ 'spec_m'
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it "should manage the module load file" do
+ is_expected.to contain_file('spec_m.load').with({
+ :path => '/etc/apache2/mods-available/spec_m.load',
+ :content => "LoadModule spec_m_module /usr/lib/apache2/modules/mod_spec_m.so\n",
+ :owner => 'root',
+ :group => 'root',
+ :mode => '0644',
+ } )
+ end
+ it "should link the module load file" do
+ is_expected.to contain_file('spec_m.load symlink').with({
+ :path => '/etc/apache2/mods-enabled/spec_m.load',
+ :target => '/etc/apache2/mods-available/spec_m.load',
+ :owner => 'root',
+ :group => 'root',
+ :mode => '0644',
+ } )
+ end
+ end
+ end
+
+ context "on a FreeBSD osfamily" do
+ let :facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+
+ describe "for non-special modules" do
+ let :title do
+ 'spec_m'
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it "should manage the module load file" do
+ is_expected.to contain_file('spec_m.load').with({
+ :path => '/usr/local/etc/apache24/Modules/spec_m.load',
+ :content => "LoadModule spec_m_module /usr/local/libexec/apache24/mod_spec_m.so\n",
+ :owner => 'root',
+ :group => 'wheel',
+ :mode => '0644',
+ } )
+ end
+ end
+ end
+
+ context "on a Gentoo osfamily" do
+ let :facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+
+ describe "for non-special modules" do
+ let :title do
+ 'spec_m'
+ end
+ it { is_expected.to contain_class("apache::params") }
+ it "should manage the module load file" do
+ is_expected.to contain_file('spec_m.load').with({
+ :path => '/etc/apache2/modules.d/spec_m.load',
+ :content => "LoadModule spec_m_module /usr/lib/apache2/modules/mod_spec_m.so\n",
+ :owner => 'root',
+ :group => 'wheel',
+ :mode => '0644',
+ } )
+ end
+ end
+ end
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::security::rule_link', :type => :define do
+ let :pre_condition do
+ 'class { "apache": }
+ class { "apache::mod::security": activated_rules => [] }
+ '
+ end
+
+ let :title do
+ 'base_rules/modsecurity_35_bad_robots.data'
+ end
+
+ context "on RedHat based systems" do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystem => 'CentOS',
+ :operatingsystemrelease => '7',
+ :kernel => 'Linux',
+ :id => 'root',
+ :concat_basedir => '/',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ it { should contain_file('modsecurity_35_bad_robots.data').with(
+ :path => '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data',
+ :target => '/usr/lib/modsecurity.d/base_rules/modsecurity_35_bad_robots.data'
+ ) }
+ end
+
+ context "on Debian based systems" do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystem => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/',
+ :lsbdistcodename => 'squeeze',
+ :id => 'root',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :kernel => 'Linux',
+ :is_pe => false,
+ }
+ end
+ it { should contain_file('modsecurity_35_bad_robots.data').with(
+ :path => '/etc/modsecurity/activated_rules/modsecurity_35_bad_robots.data',
+ :target => '/usr/share/modsecurity-crs/base_rules/modsecurity_35_bad_robots.data'
+ ) }
+ end
+
+end
--- /dev/null
+require 'spec_helper'
+
+describe 'apache::vhost', :type => :define do
+ let :pre_condition do
+ 'class { "apache": default_vhost => false, default_mods => false, vhost_enable_dir => "/etc/apache2/sites-enabled"}'
+ end
+ let :title do
+ 'rspec.example.com'
+ end
+ let :default_params do
+ {
+ :docroot => '/rspec/docroot',
+ :port => '84',
+ }
+ end
+ describe 'os-dependent items' do
+ context "on RedHat based systems" do
+ let :default_facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ let :params do default_params end
+ let :facts do default_facts end
+ it { is_expected.to contain_class("apache") }
+ it { is_expected.to contain_class("apache::params") }
+ end
+ context "on Debian based systems" do
+ let :default_facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ let :params do default_params end
+ let :facts do default_facts end
+ it { is_expected.to contain_class("apache") }
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_file("25-rspec.example.com.conf").with(
+ :ensure => 'present',
+ :path => '/etc/apache2/sites-available/25-rspec.example.com.conf'
+ ) }
+ it { is_expected.to contain_file("25-rspec.example.com.conf symlink").with(
+ :ensure => 'link',
+ :path => '/etc/apache2/sites-enabled/25-rspec.example.com.conf',
+ :target => '/etc/apache2/sites-available/25-rspec.example.com.conf'
+ ) }
+ end
+ context "on FreeBSD systems" do
+ let :default_facts do
+ {
+ :osfamily => 'FreeBSD',
+ :operatingsystemrelease => '9',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'FreeBSD',
+ :id => 'root',
+ :kernel => 'FreeBSD',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ let :params do default_params end
+ let :facts do default_facts end
+ it { is_expected.to contain_class("apache") }
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_file("25-rspec.example.com.conf").with(
+ :ensure => 'present',
+ :path => '/usr/local/etc/apache24/Vhosts/25-rspec.example.com.conf'
+ ) }
+ end
+ context "on Gentoo systems" do
+ let :default_facts do
+ {
+ :osfamily => 'Gentoo',
+ :operatingsystem => 'Gentoo',
+ :operatingsystemrelease => '3.16.1-gentoo',
+ :concat_basedir => '/dne',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
+ :is_pe => false,
+ }
+ end
+ let :params do default_params end
+ let :facts do default_facts end
+ it { is_expected.to contain_class("apache") }
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_file("25-rspec.example.com.conf").with(
+ :ensure => 'present',
+ :path => '/etc/apache2/vhosts.d/25-rspec.example.com.conf'
+ ) }
+ end
+ end
+ describe 'os-independent items' do
+ let :facts do
+ {
+ :osfamily => 'Debian',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :lsbdistcodename => 'squeeze',
+ :operatingsystem => 'Debian',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ describe 'basic assumptions' do
+ let :params do default_params end
+ it { is_expected.to contain_class("apache") }
+ it { is_expected.to contain_class("apache::params") }
+ it { is_expected.to contain_apache__listen(params[:port]) }
+ it { is_expected.to contain_apache__namevirtualhost("*:#{params[:port]}") }
+ end
+ context 'set everything!' do
+ let :params do
+ {
+ 'docroot' => '/var/www/foo',
+ 'manage_docroot' => false,
+ 'virtual_docroot' => true,
+ 'port' => '8080',
+ 'ip' => '127.0.0.1',
+ 'ip_based' => true,
+ 'add_listen' => false,
+ 'docroot_owner' => 'user',
+ 'docroot_group' => 'wheel',
+ 'docroot_mode' => '0664',
+ 'serveradmin' => 'foo@localhost',
+ 'ssl' => true,
+ 'ssl_cert' => '/ssl/cert',
+ 'ssl_key' => '/ssl/key',
+ 'ssl_chain' => '/ssl/chain',
+ 'ssl_crl_path' => '/ssl/crl',
+ 'ssl_crl' => 'foo.crl',
+ 'ssl_certs_dir' => '/ssl/certs',
+ 'ssl_protocol' => 'SSLv2',
+ 'ssl_cipher' => 'HIGH',
+ 'ssl_honorcipherorder' => 'Off',
+ 'ssl_verify_client' => 'optional',
+ 'ssl_verify_depth' => '3',
+ 'ssl_options' => '+ExportCertData',
+ 'ssl_proxyengine' => true,
+ 'priority' => '30',
+ 'default_vhost' => true,
+ 'servername' => 'example.com',
+ 'serveraliases' => ['test-example.com'],
+ 'options' => ['MultiView'],
+ 'override' => ['All'],
+ 'directoryindex' => 'index.html',
+ 'vhost_name' => 'test',
+ 'logroot' => '/var/www/logs',
+ 'logroot_ensure' => 'directory',
+ 'logroot_mode' => '0600',
+ 'log_level' => 'crit',
+ 'access_log' => false,
+ 'access_log_file' => 'httpd_access_log',
+ 'access_log_syslog' => true,
+ 'access_log_format' => '%h %l %u %t \"%r\" %>s %b',
+ 'access_log_env_var' => '',
+ 'aliases' => '/image',
+ 'directories' => [
+ {
+ 'path' => '/var/www/files',
+ 'provider' => 'files',
+ 'require' => [ 'valid-user', 'all denied', ],
+ },
+ {
+ 'path' => '/var/www/files',
+ 'provider' => 'files',
+ 'require' => 'all granted',
+ },
+ { 'path' => '/var/www/files/indexed_directory',
+ 'directoryindex' => 'disabled',
+ 'options' => ['Indexes','FollowSymLinks','MultiViews'],
+ 'index_options' => ['FancyIndexing'],
+ 'index_style_sheet' => '/styles/style.css',
+ },
+ ],
+ 'error_log' => false,
+ 'error_log_file' => 'httpd_error_log',
+ 'error_log_syslog' => true,
+ 'error_documents' => 'true',
+ 'fallbackresource' => '/index.php',
+ 'scriptalias' => '/usr/lib/cgi-bin',
+ 'scriptaliases' => [
+ {
+ 'alias' => '/myscript',
+ 'path' => '/usr/share/myscript',
+ },
+ {
+ 'aliasmatch' => '^/foo(.*)',
+ 'path' => '/usr/share/fooscripts$1',
+ },
+ ],
+ 'proxy_dest' => '/',
+ 'proxy_pass' => [
+ {
+ 'path' => '/a',
+ 'url' => 'http://backend-a/',
+ 'keywords' => ['noquery', 'interpolate'],
+ 'params' => {
+ 'retry' => '0',
+ 'timeout' => '5'
+ },
+ 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1'],
+ }
+ ],
+ 'proxy_pass_match' => [
+ {
+ 'path' => '/a',
+ 'url' => 'http://backend-a/',
+ 'keywords' => ['noquery', 'interpolate'],
+ 'params' => {
+ 'retry' => '0',
+ 'timeout' => '5'
+ },
+ 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1'],
+ }
+ ],
+ 'suphp_addhandler' => 'foo',
+ 'suphp_engine' => 'on',
+ 'suphp_configpath' => '/var/www/html',
+ 'php_admin_flags' => ['foo', 'bar'],
+ 'php_admin_values' => ['true', 'false'],
+ 'no_proxy_uris' => '/foo',
+ 'no_proxy_uris_match' => '/foomatch',
+ 'proxy_preserve_host' => true,
+ 'proxy_error_override' => true,
+ 'redirect_source' => '/bar',
+ 'redirect_dest' => '/',
+ 'redirect_status' => 'temp',
+ 'redirectmatch_status' => ['404'],
+ 'redirectmatch_regexp' => ['\.git$'],
+ 'redirectmatch_dest' => ['http://www.example.com'],
+ 'rack_base_uris' => ['/rackapp1'],
+ 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
+ 'request_headers' => ['append MirrorID "mirror 12"'],
+ 'rewrites' => [
+ {
+ 'rewrite_rule' => ['^index\.html$ welcome.html']
+ }
+ ],
+ 'rewrite_base' => '/',
+ 'rewrite_rule' => '^index\.html$ welcome.html',
+ 'rewrite_cond' => '%{HTTP_USER_AGENT} ^MSIE',
+ 'setenv' => ['FOO=/bin/true'],
+ 'setenvif' => 'Request_URI "\.gif$" object_is_image=gif',
+ 'block' => 'scm',
+ 'wsgi_application_group' => '%{GLOBAL}',
+ 'wsgi_daemon_process' => 'wsgi',
+ 'wsgi_daemon_process_options' => {
+ 'processes' => '2',
+ 'threads' => '15',
+ 'display-name' => '%{GROUP}',
+ },
+ 'wsgi_import_script' => '/var/www/demo.wsgi',
+ 'wsgi_import_script_options' => {
+ 'process-group' => 'wsgi',
+ 'application-group' => '%{GLOBAL}'
+ },
+ 'wsgi_process_group' => 'wsgi',
+ 'wsgi_script_aliases' => {
+ '/' => '/var/www/demo.wsgi'
+ },
+ 'wsgi_pass_authorization' => 'On',
+ 'custom_fragment' => '#custom string',
+ 'itk' => {
+ 'user' => 'someuser',
+ 'group' => 'somegroup'
+ },
+ 'wsgi_chunked_request' => 'On',
+ 'action' => 'foo',
+ 'fastcgi_server' => 'localhost',
+ 'fastcgi_socket' => '/tmp/fastcgi.socket',
+ 'fastcgi_dir' => '/tmp',
+ 'additional_includes' => '/custom/path/includes',
+ 'apache_version' => '2.4',
+ 'suexec_user_group' => 'root root',
+ 'allow_encoded_slashes' => 'nodecode',
+ 'passenger_app_root' => '/usr/share/myapp',
+ 'passenger_app_env' => 'test',
+ 'passenger_ruby' => '/usr/bin/ruby1.9.1',
+ 'passenger_min_instances' => '1',
+ 'passenger_start_timeout' => '600',
+ 'passenger_pre_start' => 'http://localhost/myapp',
+ 'add_default_charset' => 'UTF-8',
+ }
+ end
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '7',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :kernelversion => '3.6.2',
+ :is_pe => false,
+ }
+ end
+
+ it { is_expected.to compile }
+ it { is_expected.to_not contain_file('/var/www/foo') }
+ it { is_expected.to contain_class('apache::mod::ssl') }
+ it { is_expected.to contain_file('ssl.conf').with(
+ :content => /^\s+SSLHonorCipherOrder On$/ ) }
+ it { is_expected.to contain_file('ssl.conf').with(
+ :content => /^\s+SSLPassPhraseDialog builtin$/ ) }
+ it { is_expected.to contain_file('ssl.conf').with(
+ :content => /^\s+SSLSessionCacheTimeout 300$/ ) }
+ it { is_expected.to contain_class('apache::mod::mime') }
+ it { is_expected.to contain_class('apache::mod::vhost_alias') }
+ it { is_expected.to contain_class('apache::mod::wsgi') }
+ it { is_expected.to contain_class('apache::mod::suexec') }
+ it { is_expected.to contain_class('apache::mod::passenger') }
+ it { is_expected.to contain_file('/var/www/logs').with({
+ 'ensure' => 'directory',
+ 'mode' => '0600',
+ })
+ }
+ it { is_expected.to contain_class('apache::mod::rewrite') }
+ it { is_expected.to contain_class('apache::mod::alias') }
+ it { is_expected.to contain_class('apache::mod::proxy') }
+ it { is_expected.to contain_class('apache::mod::proxy_http') }
+ it { is_expected.to contain_class('apache::mod::passenger') }
+ it { is_expected.to contain_class('apache::mod::passenger') }
+ it { is_expected.to contain_class('apache::mod::fastcgi') }
+ it { is_expected.to contain_class('apache::mod::headers') }
+ it { is_expected.to contain_class('apache::mod::setenvif') }
+ it { is_expected.to contain_concat('30-rspec.example.com.conf').with({
+ 'owner' => 'root',
+ 'mode' => '0644',
+ 'require' => 'Package[httpd]',
+ 'notify' => 'Class[Apache::Service]',
+ })
+ }
+ it { is_expected.to contain_file('30-rspec.example.com.conf symlink').with({
+ 'ensure' => 'link',
+ 'path' => '/etc/apache2/sites-enabled/30-rspec.example.com.conf',
+ })
+ }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-aliases') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-itk') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-fallbackresource') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+Require valid-user$/ ) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+Require all denied$/ ) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+Require all granted$/ ) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+Options\sIndexes\sFollowSymLinks\sMultiViews$/ ) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+IndexOptions\sFancyIndexing$/ ) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+IndexStyleSheet\s'\/styles\/style\.css'$/ ) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+DirectoryIndex\sdisabled$/ ) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-logging') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-access_log') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-action') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-block') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+ /retry=0/) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+ /timeout=5/) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+ /SetEnv force-proxy-request-1.0 1/) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+ /SetEnv proxy-nokeepalive 1/) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
+ /noquery interpolate/) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-rack') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-scriptalias') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-setenv') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-header') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-requestheader') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-wsgi') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-fastcgi') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-suexec') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-allow_encoded_slashes') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') }
+ end
+ context 'not everything can be set together...' do
+ let :params do
+ {
+ 'access_log_pipe' => '/dev/null',
+ 'error_log_pipe' => '/dev/null',
+ 'docroot' => '/var/www/foo',
+ 'ensure' => 'absent',
+ 'manage_docroot' => true,
+ 'logroot' => '/tmp/logroot',
+ 'logroot_ensure' => 'absent',
+ 'directories' => [
+ {
+ 'path' => '/var/www/files',
+ 'provider' => 'files',
+ 'allow' => [ 'from 127.0.0.1', 'from 127.0.0.2', ],
+ 'deny' => [ 'from 127.0.0.3', 'from 127.0.0.4', ],
+ 'satisfy' => 'any',
+ },
+ {
+ 'path' => '/var/www/foo',
+ 'provider' => 'files',
+ 'allow' => 'from 127.0.0.5',
+ 'deny' => 'from all',
+ 'order' => 'deny,allow',
+ },
+ ],
+
+ }
+ end
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :kernelversion => '3.6.2',
+ :is_pe => false,
+ }
+ end
+
+ it { is_expected.to compile }
+ it { is_expected.to_not contain_class('apache::mod::ssl') }
+ it { is_expected.to_not contain_class('apache::mod::mime') }
+ it { is_expected.to_not contain_class('apache::mod::vhost_alias') }
+ it { is_expected.to_not contain_class('apache::mod::wsgi') }
+ it { is_expected.to_not contain_class('apache::mod::passenger') }
+ it { is_expected.to_not contain_class('apache::mod::suexec') }
+ it { is_expected.to_not contain_class('apache::mod::rewrite') }
+ it { is_expected.to_not contain_class('apache::mod::alias') }
+ it { is_expected.to_not contain_class('apache::mod::proxy') }
+ it { is_expected.to_not contain_class('apache::mod::proxy_http') }
+ it { is_expected.to_not contain_class('apache::mod::passenger') }
+ it { is_expected.to_not contain_class('apache::mod::headers') }
+ it { is_expected.to contain_file('/var/www/foo') }
+ it { is_expected.to contain_file('/tmp/logroot').with({
+ 'ensure' => 'absent',
+ })
+ }
+ it { is_expected.to contain_concat('25-rspec.example.com.conf').with({
+ 'ensure' => 'absent',
+ })
+ }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-aliases') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-itk') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-fallbackresource') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+Allow from 127\.0\.0\.1$/ ) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+Allow from 127\.0\.0\.2$/ ) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+Allow from 127\.0\.0\.5$/ ) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+Deny from 127\.0\.0\.3$/ ) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+Deny from 127\.0\.0\.4$/ ) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+Deny from all$/ ) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+Satisfy any$/ ) }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+ :content => /^\s+Order deny,allow$/ ) }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-additional_includes') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-logging') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-access_log') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-action') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-block') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-error_document') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-proxy') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-rack') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-redirect') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-rewrite') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-scriptalias') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-serveralias') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-setenv') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-ssl') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-suphp') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-php_admin') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-header') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-requestheader') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-wsgi') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-custom_fragment') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-fastcgi') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-suexec') }
+ it { is_expected.to_not contain_concat__fragment('rspec.example.com-charsets') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') }
+ end
+ end
+ describe 'access logs' do
+ let :facts do
+ {
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '6',
+ :concat_basedir => '/dne',
+ :operatingsystem => 'RedHat',
+ :id => 'root',
+ :kernel => 'Linux',
+ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+ :is_pe => false,
+ }
+ end
+ context 'single log file' do
+ let(:params) do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'access_log_file' => 'my_log_file',
+ }
+ end
+ it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with(
+ :content => /^\s+CustomLog.*my_log_file" combined\s*$/
+ )}
+ end
+ context 'single log file with environment' do
+ let(:params) do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'access_log_file' => 'my_log_file',
+ 'access_log_env_var' => 'prod'
+ }
+ end
+ it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with(
+ :content => /^\s+CustomLog.*my_log_file" combined\s+env=prod$/
+ )}
+ end
+ context 'multiple log files' do
+ let(:params) do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'access_logs' => [
+ { 'file' => '/tmp/log1', 'env' => 'dev' },
+ { 'file' => 'log2' },
+ { 'syslog' => 'syslog', 'format' => '%h %l' }
+ ],
+ }
+ end
+ it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with(
+ :content => /^\s+CustomLog "\/tmp\/log1"\s+combined\s+env=dev$/
+ )}
+ it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with(
+ :content => /^\s+CustomLog "\/var\/log\/httpd\/log2"\s+combined\s*$/
+ )}
+ it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with(
+ :content => /^\s+CustomLog "syslog" "%h %l"\s*$/
+ )}
+ end
+ end # access logs
+ describe 'validation' do
+ context 'bad ensure' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'ensure' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad suphp_engine' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'suphp_engine' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad ip_based' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'ip_based' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad access_log' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'access_log' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad error_log' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'error_log' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad_ssl' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'ssl' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad default_vhost' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'default_vhost' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad ssl_proxyengine' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'ssl_proxyengine' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad rewrites' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'rewrites' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad rewrites 2' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'rewrites' => ['bogus'],
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad suexec_user_group' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'suexec_user_group' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad wsgi_script_alias' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'wsgi_script_alias' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad wsgi_daemon_process_options' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'wsgi_daemon_process_options' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad wsgi_import_script_alias' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'wsgi_import_script_alias' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad itk' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'itk' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad logroot_ensure' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'log_level' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad log_level' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'log_level' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'access_log_file and access_log_pipe' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'access_log_file' => 'bogus',
+ 'access_log_pipe' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'error_log_file and error_log_pipe' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'error_log_file' => 'bogus',
+ 'error_log_pipe' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad fallbackresource' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'fallbackresource' => 'bogus',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad custom_fragment' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'custom_fragment' => true,
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ context 'bad access_logs' do
+ let :params do
+ {
+ 'docroot' => '/rspec/docroot',
+ 'access_logs' => '/var/log/somewhere',
+ }
+ end
+ let :facts do default_facts end
+ it { expect { is_expected.to compile }.to raise_error }
+ end
+ end
+end
--- /dev/null
+--format
+s
+--colour
+--loadby
+mtime
+--backtrace
--- /dev/null
+require 'puppetlabs_spec_helper/module_spec_helper'
+
+RSpec.configure do |c|
+ c.treat_symbols_as_metadata_keys_with_true_values = true
+
+ c.before :each do
+ # Ensure that we don't accidentally cache facts and environment
+ # between test cases.
+ Facter::Util::Loader.any_instance.stubs(:load_all)
+ Facter.clear
+ Facter.clear_messages
+
+ # Store any environment variables away to be restored later
+ @old_env = {}
+ ENV.each_key {|k| @old_env[k] = ENV[k]}
+
+ if ENV['STRICT_VARIABLES'] == 'yes'
+ Puppet.settings[:strict_variables]=true
+ end
+ end
+end
+
+shared_examples :compile, :compile => true do
+ it { should compile.with_all_deps }
+end
--- /dev/null
+require 'beaker-rspec/spec_helper'
+require 'beaker-rspec/helpers/serverspec'
+
+
+unless ENV['RS_PROVISION'] == 'no'
+ # This will install the latest available package on el and deb based
+ # systems fail on windows and osx, and install via gem on other *nixes
+ foss_opts = { :default_action => 'gem_install' }
+
+ if default.is_pe?; then install_pe; else install_puppet( foss_opts ); end
+
+ hosts.each do |host|
+ if host['platform'] =~ /debian/
+ on host, 'echo \'export PATH=/var/lib/gems/1.8/bin/:${PATH}\' >> ~/.bashrc'
+ end
+
+ on host, "mkdir -p #{host['distmoduledir']}"
+ end
+end
+
+UNSUPPORTED_PLATFORMS = ['Suse','windows','AIX','Solaris']
+
+RSpec.configure do |c|
+ # Project root
+ proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
+
+ # Readable test descriptions
+ c.formatter = :documentation
+
+ # Configure all nodes in nodeset
+ c.before :suite do
+ # Install module and dependencies
+ hosts.each do |host|
+ copy_module_to(host, :source => proj_root, :module_name => 'apache')
+ # Required for mod_passenger tests.
+ if fact('osfamily') == 'RedHat'
+ on host, puppet('module','install','stahnma/epel'), { :acceptable_exit_codes => [0,1] }
+ end
+ # Required for manifest to make mod_pagespeed repository available
+ if fact('osfamily') == 'Debian'
+ on host, puppet('module','install','puppetlabs-apt', '--version 1.8.0', '--force'), { :acceptable_exit_codes => [0,1] }
+ end
+ on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] }
+ on host, puppet('module','install','puppetlabs-concat', '--version 1.1.1', '--force'), { :acceptable_exit_codes => [0,1] }
+
+ # Make sure selinux is disabled before each test or apache won't work.
+ if ! UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))
+ on host, puppet('apply', '-e',
+ %{"exec { 'setenforce 0': path => '/bin:/sbin:/usr/bin:/usr/sbin', onlyif => 'which setenforce && getenforce | grep Enforcing', }"}),
+ { :acceptable_exit_codes => [0] }
+ end
+ end
+ end
+end
--- /dev/null
+#!/usr/bin/env rspec
+
+require 'spec_helper'
+
+provider_class = Puppet::Type.type(:a2mod).provider(:gentoo)
+
+describe provider_class do
+ before :each do
+ provider_class.clear
+ end
+
+ [:conf_file, :instances, :modules, :initvars, :conf_file, :clear].each do |method|
+ it "should respond to the class method #{method}" do
+ expect(provider_class).to respond_to(method)
+ end
+ end
+
+ describe "when fetching modules" do
+ before do
+ @filetype = mock()
+ end
+
+ it "should return a sorted array of the defined parameters" do
+ @filetype.expects(:read).returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n})
+ provider_class.expects(:filetype).returns(@filetype)
+
+ expect(provider_class.modules).to eq(%w{bar baz foo})
+ end
+
+ it "should cache the module list" do
+ @filetype.expects(:read).once.returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n})
+ provider_class.expects(:filetype).once.returns(@filetype)
+
+ 2.times { expect(provider_class.modules).to eq(%w{bar baz foo}) }
+ end
+
+ it "should normalize parameters" do
+ @filetype.expects(:read).returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAR"\n})
+ provider_class.expects(:filetype).returns(@filetype)
+
+ expect(provider_class.modules).to eq(%w{bar foo})
+ end
+ end
+
+ describe "when prefetching" do
+ it "should match providers to resources" do
+ provider = mock("ssl_provider", :name => "ssl")
+ resource = mock("ssl_resource")
+ resource.expects(:provider=).with(provider)
+
+ provider_class.expects(:instances).returns([provider])
+ provider_class.prefetch("ssl" => resource)
+ end
+ end
+
+ describe "when flushing" do
+ before :each do
+ @filetype = mock()
+ @filetype.stubs(:backup)
+ provider_class.expects(:filetype).at_least_once.returns(@filetype)
+
+ @info = mock()
+ @info.stubs(:[]).with(:name).returns("info")
+ @info.stubs(:provider=)
+
+ @mpm = mock()
+ @mpm.stubs(:[]).with(:name).returns("mpm")
+ @mpm.stubs(:provider=)
+
+ @ssl = mock()
+ @ssl.stubs(:[]).with(:name).returns("ssl")
+ @ssl.stubs(:provider=)
+ end
+
+ it "should add modules whose ensure is present" do
+ @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""})
+ @filetype.expects(:write).with(%Q{APACHE2_OPTS="-D INFO"})
+
+ @info.stubs(:should).with(:ensure).returns(:present)
+ provider_class.prefetch("info" => @info)
+
+ provider_class.flush
+ end
+
+ it "should remove modules whose ensure is present" do
+ @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-D INFO"})
+ @filetype.expects(:write).with(%Q{APACHE2_OPTS=""})
+
+ @info.stubs(:should).with(:ensure).returns(:absent)
+ @info.stubs(:provider=)
+ provider_class.prefetch("info" => @info)
+
+ provider_class.flush
+ end
+
+ it "should not modify providers without resources" do
+ @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-D INFO -D MPM"})
+ @filetype.expects(:write).with(%Q{APACHE2_OPTS="-D MPM -D SSL"})
+
+ @info.stubs(:should).with(:ensure).returns(:absent)
+ provider_class.prefetch("info" => @info)
+
+ @ssl.stubs(:should).with(:ensure).returns(:present)
+ provider_class.prefetch("ssl" => @ssl)
+
+ provider_class.flush
+ end
+
+ it "should write the modules in sorted order" do
+ @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""})
+ @filetype.expects(:write).with(%Q{APACHE2_OPTS="-D INFO -D MPM -D SSL"})
+
+ @mpm.stubs(:should).with(:ensure).returns(:present)
+ provider_class.prefetch("mpm" => @mpm)
+ @info.stubs(:should).with(:ensure).returns(:present)
+ provider_class.prefetch("info" => @info)
+ @ssl.stubs(:should).with(:ensure).returns(:present)
+ provider_class.prefetch("ssl" => @ssl)
+
+ provider_class.flush
+ end
+
+ it "should write the records back once" do
+ @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""})
+ @filetype.expects(:write).once.with(%Q{APACHE2_OPTS="-D INFO -D SSL"})
+
+ @info.stubs(:should).with(:ensure).returns(:present)
+ provider_class.prefetch("info" => @info)
+
+ @ssl.stubs(:should).with(:ensure).returns(:present)
+ provider_class.prefetch("ssl" => @ssl)
+
+ provider_class.flush
+ end
+
+ it "should only modify the line containing APACHE2_OPTS" do
+ @filetype.expects(:read).at_least_once.returns(%Q{# Comment\nAPACHE2_OPTS=""\n# Another comment})
+ @filetype.expects(:write).once.with(%Q{# Comment\nAPACHE2_OPTS="-D INFO"\n# Another comment})
+
+ @info.stubs(:should).with(:ensure).returns(:present)
+ provider_class.prefetch("info" => @info)
+ provider_class.flush
+ end
+
+ it "should restore any arbitrary arguments" do
+ @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-Y -D MPM -X"})
+ @filetype.expects(:write).once.with(%Q{APACHE2_OPTS="-Y -X -D INFO -D MPM"})
+
+ @info.stubs(:should).with(:ensure).returns(:present)
+ provider_class.prefetch("info" => @info)
+ provider_class.flush
+ end
+
+ it "should backup the file once if changes were made" do
+ @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""})
+ @filetype.expects(:write).once.with(%Q{APACHE2_OPTS="-D INFO -D SSL"})
+
+ @info.stubs(:should).with(:ensure).returns(:present)
+ provider_class.prefetch("info" => @info)
+
+ @ssl.stubs(:should).with(:ensure).returns(:present)
+ provider_class.prefetch("ssl" => @ssl)
+
+ @filetype.unstub(:backup)
+ @filetype.expects(:backup)
+ provider_class.flush
+ end
+
+ it "should not write the file or run backups if no changes were made" do
+ @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-X -D INFO -D SSL -Y"})
+ @filetype.expects(:write).never
+
+ @info.stubs(:should).with(:ensure).returns(:present)
+ provider_class.prefetch("info" => @info)
+
+ @ssl.stubs(:should).with(:ensure).returns(:present)
+ provider_class.prefetch("ssl" => @ssl)
+
+ @filetype.unstub(:backup)
+ @filetype.expects(:backup).never
+ provider_class.flush
+ end
+ end
+end
--- /dev/null
+#! /usr/bin/env ruby -S rspec
+require 'spec_helper'
+
+describe "the bool2httpd function" do
+ let(:scope) { PuppetlabsSpec::PuppetInternals.scope }
+
+ it "should exist" do
+ expect(Puppet::Parser::Functions.function("bool2httpd")).to eq("function_bool2httpd")
+ end
+
+ it "should raise a ParseError if there is less than 1 arguments" do
+ expect { scope.function_bool2httpd([]) }.to( raise_error(Puppet::ParseError))
+ end
+
+ it "should convert true to 'On'" do
+ result = scope.function_bool2httpd([true])
+ expect(result).to(eq('On'))
+ end
+
+ it "should convert true to a string" do
+ result = scope.function_bool2httpd([true])
+ expect(result.class).to(eq(String))
+ end
+
+ it "should convert false to 'Off'" do
+ result = scope.function_bool2httpd([false])
+ expect(result).to(eq('Off'))
+ end
+
+ it "should convert false to a string" do
+ result = scope.function_bool2httpd([false])
+ expect(result.class).to(eq(String))
+ end
+
+ it "should accept (and return) any string" do
+ result = scope.function_bool2httpd(["mail"])
+ expect(result).to(eq('mail'))
+ end
+
+ it "should accept a nil value (and return Off)" do
+ result = scope.function_bool2httpd([nil])
+ expect(result).to(eq('Off'))
+ end
+
+ it "should accept an undef value (and return 'Off')" do
+ result = scope.function_bool2httpd([:undef])
+ expect(result).to(eq('Off'))
+ end
+
+ it "should return a default value on non-matches" do
+ result = scope.function_bool2httpd(['foo'])
+ expect(result).to(eq('foo'))
+ end
+end
--- /dev/null
+#! /usr/bin/env ruby -S rspec
+require 'spec_helper'
+
+describe "the validate_apache_log_level function" do
+ let(:scope) { PuppetlabsSpec::PuppetInternals.scope }
+
+ it "should exist" do
+ expect(Puppet::Parser::Functions.function("validate_apache_log_level")).to eq("function_validate_apache_log_level")
+ end
+
+ it "should raise a ParseError if there is less than 1 arguments" do
+ expect { scope.function_validate_apache_log_level([]) }.to( raise_error(Puppet::ParseError) )
+ end
+
+ it "should raise a ParseError when given garbage" do
+ expect { scope.function_validate_apache_log_level(['garbage']) }.to( raise_error(Puppet::ParseError) )
+ end
+
+ it "should not raise a ParseError when given a plain log level" do
+ expect { scope.function_validate_apache_log_level(['info']) }.to_not raise_error
+ end
+
+ it "should not raise a ParseError when given a log level and module log level" do
+ expect { scope.function_validate_apache_log_level(['warn ssl:info']) }.to_not raise_error
+ end
+
+ it "should not raise a ParseError when given a log level and module log level" do
+ expect { scope.function_validate_apache_log_level(['warn mod_ssl.c:info']) }.to_not raise_error
+ end
+
+ it "should not raise a ParseError when given a log level and module log level" do
+ expect { scope.function_validate_apache_log_level(['warn ssl_module:info']) }.to_not raise_error
+ end
+
+ it "should not raise a ParseError when given a trace level" do
+ expect { scope.function_validate_apache_log_level(['trace4']) }.to_not raise_error
+ end
+
+end
--- /dev/null
+<IfDefine NOHTTPACCEPT>
+ AcceptFilter http none
+ AcceptFilter https none
+</IfDefine>
--- /dev/null
+FastCGIExternalServer <%= @faux_path %> -idle-timeout <%= @timeout %> <%= if @flush then '-flush' end %> -host <%= @host %>
+Alias <%= @fcgi_alias %> <%= @faux_path %>
+Action <%= @file_type %> <%= @fcgi_alias %>
--- /dev/null
+# Security
+ServerTokens <%= @server_tokens %>
+ServerSignature <%= scope.function_bool2httpd([@server_signature]) %>
+TraceEnable <%= scope.function_bool2httpd([@trace_enable]) %>
+
+ServerName "<%= @servername %>"
+ServerRoot "<%= @server_root %>"
+PidFile <%= @pidfile %>
+Timeout <%= @timeout %>
+KeepAlive <%= @keepalive %>
+MaxKeepAliveRequests <%= @max_keepalive_requests %>
+KeepAliveTimeout <%= @keepalive_timeout %>
+
+User <%= @user %>
+Group <%= @group %>
+
+AccessFileName .htaccess
+<FilesMatch "^\.ht">
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Require all denied
+<%- else -%>
+ Order allow,deny
+ Deny from all
+ Satisfy all
+<%- end -%>
+</FilesMatch>
+
+<Directory />
+ Options FollowSymLinks
+ AllowOverride None
+</Directory>
+
+<% if @default_charset -%>
+AddDefaultCharset <%= @default_charset %>
+<% end -%>
+
+<%- if scope.function_versioncmp([@apache_version, '2.4']) < 0 -%>
+DefaultType <%= @default_type %>
+<%- end -%>
+HostnameLookups Off
+ErrorLog "<%= @logroot %>/<%= @error_log %>"
+LogLevel <%= @log_level %>
+EnableSendfile <%= @sendfile %>
+<%- if @allow_encoded_slashes -%>
+AllowEncodedSlashes <%= @allow_encoded_slashes %>
+<%- end -%>
+
+#Listen 80
+
+<% if @apxs_workaround -%>
+# Workaround: without this hack apxs would be confused about where to put
+# LoadModule directives and fail entire procedure of apache package
+# installation/reinstallation. This problem was observed on FreeBSD (apache22).
+#LoadModule fake_module libexec/apache22/mod_fake.so
+<% end -%>
+
+Include "<%= @mod_load_dir %>/*.load"
+<% if @mod_load_dir != @confd_dir and @mod_load_dir != @vhost_load_dir -%>
+Include "<%= @mod_load_dir %>/*.conf"
+<% end -%>
+Include "<%= @ports_file %>"
+
+<% unless @log_formats.has_key?('combined') -%>
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+<% end -%>
+<% unless @log_formats.has_key?('common') -%>
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+<% end -%>
+<% unless @log_formats.has_key?('referer') -%>
+LogFormat "%{Referer}i -> %U" referer
+<% end -%>
+<% unless @log_formats.has_key?('agent') -%>
+LogFormat "%{User-agent}i" agent
+<% end -%>
+<% if @log_formats and !@log_formats.empty? -%>
+ <%- @log_formats.sort.each do |nickname,format| -%>
+LogFormat "<%= format -%>" <%= nickname %>
+ <%- end -%>
+<% end -%>
+
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+IncludeOptional "<%= @confd_dir %>/*.conf"
+<%- else -%>
+Include "<%= @confd_dir %>/*.conf"
+<%- end -%>
+<% if @vhost_load_dir != @confd_dir -%>
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+IncludeOptional "<%= @vhost_load_dir %>/*"
+<%- else -%>
+Include "<%= @vhost_load_dir %>/*"
+<%- end -%>
+<% end -%>
+
+<% if @error_documents -%>
+# /usr/share/apache2/error on debian
+Alias /error/ "<%= @error_documents_path %>/"
+
+<Directory "<%= @error_documents_path %>">
+ AllowOverride None
+ Options IncludesNoExec
+ AddOutputFilter Includes html
+ AddHandler type-map var
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Require all granted
+<%- else -%>
+ Order allow,deny
+ Allow from all
+<%- end -%>
+ LanguagePriority en cs de es fr it nl sv pt-br ro
+ ForceLanguagePriority Prefer Fallback
+</Directory>
+
+ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+ErrorDocument 410 /error/HTTP_GONE.html.var
+ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+<% end -%>
--- /dev/null
+<%# Listen should always be one of:
+ - <port>
+ - <ipv4>:<port>
+ - [<ipv6]:<port>
+-%>
+Listen <%= @listen_addr_port %>
--- /dev/null
+<IfModule alias_module>
+Alias /icons/ "<%= @icons_path %>/"
+<Directory "<%= @icons_path %>">
+ Options <%= @icons_options %>
+ AllowOverride None
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Require all granted
+<%- else -%>
+ Order allow,deny
+ Allow from all
+<%- end -%>
+</Directory>
+</IfModule>
--- /dev/null
+CASCookiePath <%= @cas_cookie_path %>
+CASLoginURL <%= @cas_login_url %>
+CASValidateURL <%= @cas_validate_url %>
+
+CASVersion <%= @cas_version %>
+CASDebug <%= @cas_debug %>
+
+<% if @cas_certificate_path -%>
+CASCertificatePath <%= @cas_certificate_path %>
+<% end -%>
+<% if @cas_proxy_validate_url -%>
+CASProxyValidateURL <%= @cas_proxy_validate_url %>
+<% end -%>
+<% if @cas_validate_depth -%>
+CASValidateDepth <%= @cas_validate_depth %>
+<% end -%>
+<% if @cas_root_proxied_as -%>
+CASRootProxiedAs <%= @cas_root_proxied_as %>
+<% end -%>
+<% if @cas_cookie_entropy -%>
+CASCookieEntropy <%= @cas_cookie_entropy %>
+<% end -%>
+<% if @cas_timeout -%>
+CASTimeout <%= @cas_timeout %>
+<% end -%>
+<% if @cas_idle_timeout -%>
+CASIdleTimeout <%= @cas_idle_timeout %>
+<% end -%>
+<% if @cas_cache_clean_interval -%>
+CASCacheCleanInterval <%= @cas_cache_clean_interval %>
+<% end -%>
+<% if @cas_cookie_domain -%>
+CASCookieDomain <%= @cas_cookie_domain %>
+<% end -%>
+<% if @cas_cookie_http_only -%>
+CASCookieHttpOnly <%= @cas_cookie_http_only %>
+<% end -%>
+<% if @cas_authoritative -%>
+CASAuthoritative <%= @cas_authoritative %>
+<% end -%>
--- /dev/null
+<% if @verifyServerCert == true -%>
+LDAPVerifyServerCert On
+<% else -%>
+LDAPVerifyServerCert Off
+<% end -%>
--- /dev/null
+IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif /core
+AddIcon (SND,/icons/sound2.gif) .ogg
+AddIcon (VID,/icons/movie.gif) .ogm
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+AddIcon /icons/odf6odt-20x22.png .odt
+AddIcon /icons/odf6ods-20x22.png .ods
+AddIcon /icons/odf6odp-20x22.png .odp
+AddIcon /icons/odf6odg-20x22.png .odg
+AddIcon /icons/odf6odc-20x22.png .odc
+AddIcon /icons/odf6odf-20x22.png .odf
+AddIcon /icons/odf6odb-20x22.png .odb
+AddIcon /icons/odf6odi-20x22.png .odi
+AddIcon /icons/odf6odm-20x22.png .odm
+
+AddIcon /icons/odf6ott-20x22.png .ott
+AddIcon /icons/odf6ots-20x22.png .ots
+AddIcon /icons/odf6otp-20x22.png .otp
+AddIcon /icons/odf6otg-20x22.png .otg
+AddIcon /icons/odf6otc-20x22.png .otc
+AddIcon /icons/odf6otf-20x22.png .otf
+AddIcon /icons/odf6oti-20x22.png .oti
+AddIcon /icons/odf6oth-20x22.png .oth
+
+DefaultIcon /icons/unknown.gif
+ReadmeName README.html
+HeaderName HEADER.html
+
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
--- /dev/null
+ScriptSock "<%= @cgisock_path %>"
--- /dev/null
+DAVLockDB "<%= @dav_lock %>"
--- /dev/null
+<%- @types.sort.each do |type| -%>
+AddOutputFilterByType DEFLATE <%= type %>
+<%- end -%>
+
+<%- @notes.sort.each do |type,note| -%>
+DeflateFilterNote <%= type %> <%=note %>
+<%- end -%>
--- /dev/null
+DirectoryIndex <%= @indexes.join(' ') %>
--- /dev/null
+<IfModule mod_proxy.c>
+ <IfModule mod_disk_cache.c>
+ CacheEnable disk /
+ CacheRoot "<%= @cache_root %>"
+ CacheDirLevels 2
+ CacheDirLength 1
+ </IfModule>
+</IfModule>
--- /dev/null
+<IfModule mpm_event_module>
+ ServerLimit <%= @serverlimit %>
+ StartServers <%= @startservers %>
+ MaxClients <%= @maxclients %>
+ MinSpareThreads <%= @minsparethreads %>
+ MaxSpareThreads <%= @maxsparethreads %>
+ ThreadsPerChild <%= @threadsperchild %>
+ MaxRequestsPerChild <%= @maxrequestsperchild %>
+ ThreadLimit <%= @threadlimit %>
+ ListenBacklog <%= @listenbacklog %>
+ MaxRequestWorkers <%= @maxrequestworkers %>
+ MaxConnectionsPerChild <%= @maxconnectionsperchild %>
+</IfModule>
--- /dev/null
+ExpiresActive <%= scope.function_bool2httpd([@expires_active]) %>
+<%- if ! @expires_default.nil? and ! @expires_default.empty? -%>
+ExpiresDefault "<%= @expires_default %>"
+<%- end -%>
+<%- if ! @expires_by_type.nil? and ! @expires_by_type.empty? -%>
+<%- [@expires_by_type].flatten.each do |line| -%>
+<%- line.map do |type, seconds| -%>
+ExpiresByType <%= type %> "<%= seconds -%>"
+<%- end -%>
+<%- end -%>
+<%- end -%>
--- /dev/null
+# The Fastcgi Apache module configuration file is being
+# managed by Puppet and changes will be overwritten.
+<IfModule mod_fastcgi.c>
+ AddHandler fastcgi-script .fcgi
+ FastCgiIpcDir "<%= @fastcgi_lib_path %>"
+</IfModule>
--- /dev/null
+<IfModule mod_fcgid.c>
+<% @options.sort_by {|key, value| key}.each do |key, value| -%>
+ <%= key %> <%= value %>
+<% end -%>
+</IfModule>
--- /dev/null
+GeoIPEnable <%= scope.function_bool2httpd([@enable]) %>
+
+<%- if @db_file and ! [ false, 'false', '' ].include?(@db_file) -%>
+ <%- if @db_file.kind_of?(Array) -%>
+ <%- Array(@db_file).each do |file| -%>
+GeoIPDBFile <%= file %> <%= @flag %>
+ <%- end -%>
+ <%- else -%>
+GeoIPDBFile <%= @db_file %> <%= @flag %>
+ <%- end -%>
+<%- end -%>
+GeoIPOutput <%= @output %>
+<% if ! @enable_utf8.nil? -%>
+GeoIPEnableUTF8 <%= scope.function_bool2httpd([@enable_utf8]) %>
+<% end -%>
+<% if ! @scan_proxy_headers.nil? -%>
+GeoIPScanProxyHeaders <%= scope.function_bool2httpd([@scan_proxy_headers]) %>
+<% end -%>
+<% if ! @use_last_xforwarededfor_ip.nil? -%>
+GeoIPUseLastXForwardedForIP <%= scope.function_bool2httpd([@use_last_xforwarededfor_ip]) %>
+<% end -%>
+
--- /dev/null
+<Location /server-info>
+ SetHandler server-info
+<%- if @restrict_access -%>
+ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Require ip <%= Array(@allow_from).join(" ") %>
+ <%- else -%>
+ Order deny,allow
+ Deny from all
+ <%- if @allow_from and ! @allow_from.empty? -%>
+ <%- @allow_from.each do |allowed| -%>
+ Allow from <%= allowed %>
+ <%- end -%>
+ <%- else -%>
+ Allow from 127.0.0.1
+ Allow from ::1
+ <%- end -%>
+ <%- end -%>
+<%- end -%>
+</Location>
--- /dev/null
+<IfModule mpm_itk_module>
+ StartServers <%= @startservers %>
+ MinSpareServers <%= @minspareservers %>
+ MaxSpareServers <%= @maxspareservers %>
+ ServerLimit <%= @serverlimit %>
+ MaxClients <%= @maxclients %>
+ MaxRequestsPerChild <%= @maxrequestsperchild %>
+</IfModule>
--- /dev/null
+<Location /ldap-status>
+ SetHandler ldap-status
+ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Require ip 127.0.0.1 ::1
+ <%- else -%>
+ Order deny,allow
+ Deny from all
+ Allow from 127.0.0.1 ::1
+ Satisfy all
+ <%- end -%>
+</Location>
--- /dev/null
+<% if @loadfiles -%>
+<% Array(@loadfiles).each do |loadfile| -%>
+LoadFile <%= loadfile %>
+<% end -%>
+
+<% end -%>
+LoadModule <%= @_id %> <%= @_path %>
--- /dev/null
+TypesConfig <%= @mime_types_config %>
+
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+AddType application/x-bzip2 .bz2
+
+AddLanguage ca .ca
+AddLanguage cs .cz .cs
+AddLanguage da .dk
+AddLanguage de .de
+AddLanguage el .el
+AddLanguage en .en
+AddLanguage eo .eo
+AddLanguage es .es
+AddLanguage et .et
+AddLanguage fr .fr
+AddLanguage he .he
+AddLanguage hr .hr
+AddLanguage it .it
+AddLanguage ja .ja
+AddLanguage ko .ko
+AddLanguage ltz .ltz
+AddLanguage nl .nl
+AddLanguage nn .nn
+AddLanguage no .no
+AddLanguage pl .po
+AddLanguage pt .pt
+AddLanguage pt-BR .pt-br
+AddLanguage ru .ru
+AddLanguage sv .sv
+AddLanguage zh-CN .zh-cn
+AddLanguage zh-TW .zh-tw
+
+AddHandler type-map var
+AddType text/html .shtml
+AddOutputFilter INCLUDES .shtml
--- /dev/null
+MIMEMagicFile "<%= @magic_file %>"
--- /dev/null
+<IfModule mpm_event_module>
+ StartServers 2
+ MinSpareThreads 25
+ MaxSpareThreads 75
+ ThreadLimit 64
+ ThreadsPerChild 25
+ MaxClients 150
+ MaxRequestsPerChild 0
+</IfModule>
--- /dev/null
+LanguagePriority <%= Array(@language_priority).join(' ') %>
+ForceLanguagePriority <%= Array(@force_language_priority).join(' ') %>
--- /dev/null
+#
+# This is the Apache server configuration file providing SSL support using.
+# the mod_nss plugin. It contains the configuration directives to instruct
+# the server how to serve pages over an https connection.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do. They're here only as hints or reminders. If you are unsure
+# consult the online docs. You have been warned.
+#
+
+#LoadModule nss_module modules/libmodnss.so
+
+#
+# When we also provide SSL we have to listen to the
+# standard HTTP port (see above) and to the HTTPS port
+#
+# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
+# Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:443"
+#
+Listen 8443
+
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+#
+# Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl .crl
+
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is a internal
+# terminal dialog) has to provide the pass phrase on stdout.
+<% if @passwd_file -%>
+NSSPassPhraseDialog "file:<%= @passwd_file %>"
+<% else -%>
+NSSPassPhraseDialog builtin
+<% end -%>
+
+# Pass Phrase Helper:
+# This helper program stores the token password pins between
+# restarts of Apache.
+NSSPassPhraseHelper /usr/sbin/nss_pcache
+
+# Configure the SSL Session Cache.
+# NSSSessionCacheSize is the number of entries in the cache.
+# NSSSessionCacheTimeout is the SSL2 session timeout (in seconds).
+# NSSSession3CacheTimeout is the SSL3/TLS session timeout (in seconds).
+NSSSessionCacheSize 10000
+NSSSessionCacheTimeout 100
+NSSSession3CacheTimeout 86400
+
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. Those platforms usually also provide a non-blocking
+# device, /dev/urandom, which may be used instead.
+#
+# This does not support seeding the RNG with each connection.
+
+NSSRandomSeed startup builtin
+#NSSRandomSeed startup file:/dev/random 512
+#NSSRandomSeed startup file:/dev/urandom 512
+
+#
+# TLS Negotiation configuration under RFC 5746
+#
+# Only renegotiate if the peer's hello bears the TLS renegotiation_info
+# extension. Default off.
+NSSRenegotiation off
+
+# Peer must send Signaling Cipher Suite Value (SCSV) or
+# Renegotiation Info (RI) extension in ALL handshakes. Default: off
+NSSRequireSafeNegotiation off
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:8443>
+
+# General setup for the virtual host
+#DocumentRoot "/etc/httpd/htdocs"
+#ServerName www.example.com:8443
+#ServerAdmin you@example.com
+
+# mod_nss can log to separate log files, you can choose to do that if you'd like
+# LogLevel is not inherited from httpd.conf.
+ErrorLog "<%= @error_log %>"
+TransferLog "<%= @transfer_log %>"
+LogLevel warn
+
+# SSL Engine Switch:
+# Enable/Disable SSL for this virtual host.
+NSSEngine on
+
+# SSL Cipher Suite:
+# List the ciphers that the client is permitted to negotiate.
+# See the mod_nss documentation for a complete list.
+
+# SSL 3 ciphers. SSL 2 is disabled by default.
+NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
+
+# SSL 3 ciphers + ECC ciphers. SSL 2 is disabled by default.
+#
+# Comment out the NSSCipherSuite line above and use the one below if you have
+# ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography
+#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha
+
+# SSL Protocol:
+# Cryptographic protocols that provide communication security.
+# NSS handles the specified protocols as "ranges", and automatically
+# negotiates the use of the strongest protocol for a connection starting
+# with the maximum specified protocol and downgrading as necessary to the
+# minimum specified protocol that can be used between two processes.
+# Since all protocol ranges are completely inclusive, and no protocol in the
+# middle of a range may be excluded, the entry "NSSProtocol SSLv3,TLSv1.1"
+# is identical to the entry "NSSProtocol SSLv3,TLSv1.0,TLSv1.1".
+NSSProtocol SSLv3,TLSv1.0,TLSv1.1
+
+# SSL Certificate Nickname:
+# The nickname of the RSA server certificate you are going to use.
+NSSNickname Server-Cert
+
+# SSL Certificate Nickname:
+# The nickname of the ECC server certificate you are going to use, if you
+# have an ECC-enabled version of NSS and mod_nss
+#NSSECCNickname Server-Cert-ecc
+
+# Server Certificate Database:
+# The NSS security database directory that holds the certificates and
+# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
+# Provide the directory that these files exist.
+NSSCertificateDatabase "<%= @httpd_dir -%>/alias"
+
+# Database Prefix:
+# In order to be able to store multiple NSS databases in one directory
+# they need unique names. This option sets the database prefix used for
+# cert8.db and key3.db.
+#NSSDBPrefix my-prefix-
+
+# Client Authentication (Type):
+# Client certificate verification type. Types are none, optional and
+# require.
+#NSSVerifyClient none
+
+#
+# Online Certificate Status Protocol (OCSP).
+# Verify that certificates have not been revoked before accepting them.
+#NSSOCSP off
+
+#
+# Use a default OCSP responder. If enabled this will be used regardless
+# of whether one is included in a client certificate. Note that the
+# server certificate is verified during startup.
+#
+# NSSOCSPDefaultURL defines the service URL of the OCSP responder
+# NSSOCSPDefaultName is the nickname of the certificate to trust to
+# sign the OCSP responses.
+#NSSOCSPDefaultResponder on
+#NSSOCSPDefaultURL http://example.com/ocsp/status
+#NSSOCSPDefaultName ocsp-nickname
+
+# Access Control:
+# With SSLRequire you can do per-directory access control based
+# on arbitrary complex boolean expressions containing server
+# variable checks and other lookup directives. The syntax is a
+# mixture between C and Perl. See the mod_nss documentation
+# for more details.
+#<Location />
+#NSSRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+# SSL Engine Options:
+# Set various options for the SSL engine.
+# o FakeBasicAuth:
+# Translate the client X.509 into a Basic Authorisation. This means that
+# the standard Auth/DBMAuth methods can be used for access control. The
+# user name is the `one line' version of the client's X.509 certificate.
+# Note that no password is obtained from the user. Every entry in the user
+# file needs this password: `xxj31ZMTZzkVA'.
+# o ExportCertData:
+# This exports two additional environment variables: SSL_CLIENT_CERT and
+# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+# server (always existing) and the client (only existing when client
+# authentication is used). This can be used to import the certificates
+# into CGI scripts.
+# o StdEnvVars:
+# This exports the standard SSL/TLS related `SSL_*' environment variables.
+# Per default this exportation is switched off for performance reasons,
+# because the extraction step is an expensive operation and is usually
+# useless for serving static content. So one usually enables the
+# exportation for CGI and SSI requests only.
+# o StrictRequire:
+# This denies access when "NSSRequireSSL" or "NSSRequire" applied even
+# under a "Satisfy any" situation, i.e. when it applies access is denied
+# and no other module can change it.
+# o OptRenegotiate:
+# This enables optimized SSL connection renegotiation handling when SSL
+# directives are used in per-directory context.
+#NSSOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
+<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
+ NSSOptions +StdEnvVars
+</FilesMatch>
+<Directory "/var/www/cgi-bin">
+ NSSOptions +StdEnvVars
+</Directory>
+
+# Per-Server Logging:
+# The home of a custom SSL log file. Use this when you want a
+# compact non-error SSL logfile on a virtual host basis.
+#CustomLog /home/rcrit/redhat/apache/logs/ssl_request_log \
+# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>
+
--- /dev/null
+ModPagespeed on
+
+ModPagespeedInheritVHostConfig <%= @inherit_vhost_config %>
+AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html
+<% if @filter_xhtml -%>
+AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER application/xhtml+xml
+<% end -%>
+ModPagespeedFileCachePath "<%= @cache_path %>"
+ModPagespeedLogDir "<%= @log_dir %>"
+
+<% @memcache_servers.each do |server| -%>
+ModPagespeedMemcachedServers <%= server %>
+<% end -%>
+
+ModPagespeedRewriteLevel <%= @rewrite_level -%>
+
+<% @disable_filters.each do |filter| -%>
+ModPagespeedDisableFilters <%= filter %>
+<% end -%>
+
+<% @enable_filters.each do |filter| -%>
+ModPagespeedEnableFilters <%= filter %>
+<% end -%>
+
+<% @forbid_filters.each do |filter| -%>
+ModPagespeedForbidFilters <%= filter %>
+<% end -%>
+
+ModPagespeedRewriteDeadlinePerFlushMs <%= @rewrite_deadline_per_flush_ms %>
+
+<% if @additional_domains -%>
+ModPagespeedDomain <%= @additional_domains -%>
+<% end -%>
+
+ModPagespeedFileCacheSizeKb <%= @file_cache_size_kb %>
+ModPagespeedFileCacheCleanIntervalMs <%= @file_cache_clean_interval_ms %>
+ModPagespeedLRUCacheKbPerProcess <%= @lru_cache_per_process %>
+ModPagespeedLRUCacheByteLimit <%= @lru_cache_byte_limit %>
+ModPagespeedCssFlattenMaxBytes <%= @css_flatten_max_bytes %>
+ModPagespeedCssInlineMaxBytes <%= @css_inline_max_bytes %>
+ModPagespeedCssImageInlineMaxBytes <%= @css_image_inline_max_bytes %>
+ModPagespeedImageInlineMaxBytes <%= @image_inline_max_bytes %>
+ModPagespeedJsInlineMaxBytes <%= @js_inline_max_bytes %>
+ModPagespeedCssOutlineMinBytes <%= @css_outline_min_bytes %>
+ModPagespeedJsOutlineMinBytes <%= @js_outline_min_bytes %>
+
+
+ModPagespeedFileCacheInodeLimit <%= @inode_limit %>
+ModPagespeedImageMaxRewritesAtOnce <%= @image_max_rewrites_at_once %>
+
+ModPagespeedNumRewriteThreads <%= @num_rewrite_threads %>
+ModPagespeedNumExpensiveRewriteThreads <%= @num_expensive_rewrite_threads %>
+
+ModPagespeedStatistics <%= @collect_statistics %>
+
+<Location /mod_pagespeed_statistics>
+ # You may insert other "Allow from" lines to add hosts you want to
+ # allow to look at generated statistics. Another possibility is
+ # to comment out the "Order" and "Allow" options from the config
+ # file, to allow any client that can reach your server to examine
+ # statistics. This might be appropriate in an experimental setup or
+ # if the Apache server is protected by a reverse proxy that will
+ # filter URLs in some fashion.
+ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Require ip 127.0.0.1 ::1 <%= Array(@allow_view_stats).join(" ") %>
+ <%- else -%>
+ Order allow,deny
+ Allow from 127.0.0.1 ::1 <%= Array(@allow_view_stats).join(" ") %>
+ <%- end -%>
+ SetHandler mod_pagespeed_statistics
+</Location>
+
+ModPagespeedStatisticsLogging <%= @statistics_logging %>
+<Location /pagespeed_console>
+ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Require ip 127.0.0.1 ::1 <%= Array(@allow_pagespeed_console).join(" ") %>
+ <%- else -%>
+ Order allow,deny
+ Allow from 127.0.0.1 ::1 <%= Array(@allow_pagespeed_console).join(" ") %>
+ <%- end -%>
+ SetHandler pagespeed_console
+</Location>
+
+ModPagespeedMessageBufferSize <%= @message_buffer_size %>
+
+<Location /mod_pagespeed_message>
+ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Require ip 127.0.0.1 ::1 <%= Array(@allow_pagespeed_message).join(" ") %>
+ <%- else -%>
+ Order allow,deny
+ Allow from 127.0.0.1 ::1 <%= Array(@allow_pagespeed_message).join(" ") %>
+ <%- end -%>
+ SetHandler mod_pagespeed_message
+</Location>
+
+<% @additional_configuration.each_pair do |key, value| -%>
+<%= key %> <%= value %>
+<% end -%>
--- /dev/null
+# The Passenger Apache module configuration file is being
+# managed by Puppet and changes will be overwritten.
+<IfModule mod_passenger.c>
+ <%- if @passenger_root -%>
+ PassengerRoot "<%= @passenger_root %>"
+ <%- end -%>
+ <%- if @passenger_ruby -%>
+ PassengerRuby "<%= @passenger_ruby %>"
+ <%- end -%>
+ <%- if @passenger_default_ruby -%>
+ PassengerDefaultRuby "<%= @passenger_default_ruby %>"
+ <%- end -%>
+ <%- if @passenger_high_performance -%>
+ PassengerHighPerformance <%= @passenger_high_performance %>
+ <%- end -%>
+ <%- if @passenger_max_pool_size -%>
+ PassengerMaxPoolSize <%= @passenger_max_pool_size %>
+ <%- end -%>
+ <%- if @passenger_min_instances -%>
+ PassengerMinInstances <%= @passenger_min_instances %>
+ <%- end -%>
+ <%- if @passenger_pool_idle_time -%>
+ PassengerPoolIdleTime <%= @passenger_pool_idle_time %>
+ <%- end -%>
+ <%- if @passenger_max_requests -%>
+ PassengerMaxRequests <%= @passenger_max_requests %>
+ <%- end -%>
+ <%- if @passenger_stat_throttle_rate -%>
+ PassengerStatThrottleRate <%= @passenger_stat_throttle_rate %>
+ <%- end -%>
+ <%- if @rack_autodetect -%>
+ RackAutoDetect <%= @rack_autodetect %>
+ <%- end -%>
+ <%- if @rails_autodetect -%>
+ RailsAutoDetect <%= @rails_autodetect %>
+ <%- end -%>
+ <%- if @passenger_use_global_queue -%>
+ PassengerUseGlobalQueue <%= @passenger_use_global_queue %>
+ <%- end -%>
+ <%- if @passenger_app_env -%>
+ PassengerAppEnv <%= @passenger_app_env %>
+ <%- end -%>
+</IfModule>
--- /dev/null
+<IfModule mpm_peruser_module>
+ MinSpareProcessors <%= @minspareprocessors %>
+ MinProcessors <%= @minprocessors %>
+ MaxProcessors <%= @maxprocessors %>
+ MaxClients <%= @maxclients %>
+ MaxRequestsPerChild <%= @maxrequestsperchild %>
+ IdleTimeout <%= @idletimeout %>
+ ExpireTimeout <%= @expiretimeout %>
+ KeepAlive <%= @keepalive %>
+ Include "<%= @mod_dir %>/peruser/multiplexers/*.conf"
+ Include "<%= @mod_dir %>/peruser/processors/*.conf"
+</IfModule>
--- /dev/null
+#
+# PHP is an HTML-embedded scripting language which attempts to make it
+# easy for developers to write dynamically generated webpages.
+#
+#<IfModule prefork.c>
+# LoadModule php5_module modules/libphp5.so
+#</IfModule>
+#<IfModule worker.c>
+# # Use of the "ZTS" build with worker is experimental, and no shared
+# # modules are supported.
+# LoadModule php5_module modules/libphp5-zts.so
+#</IfModule>
+
+#
+# Cause the PHP interpreter to handle files with a .php extension.
+#
+AddHandler php5-script <%= @extensions.flatten.compact.join(' ') %>
+AddType text/html .php
+
+#
+# Add index.php to the list of files that will be served as directory
+# indexes.
+#
+DirectoryIndex index.php
+
+#
+# Uncomment the following line to allow PHP to pretty-print .phps
+# files as PHP source code:
+#
+#AddType application/x-httpd-php-source .phps
--- /dev/null
+<IfModule mpm_prefork_module>
+ StartServers <%= @startservers %>
+ MinSpareServers <%= @minspareservers %>
+ MaxSpareServers <%= @maxspareservers %>
+ ServerLimit <%= @serverlimit %>
+ MaxClients <%= @maxclients %>
+ MaxRequestsPerChild <%= @maxrequestsperchild %>
+</IfModule>
--- /dev/null
+#
+# Proxy Server directives. Uncomment the following lines to
+# enable the proxy server:
+#
+<IfModule mod_proxy.c>
+ # Do not enable proxying with ProxyRequests until you have secured your
+ # server. Open proxy servers are dangerous both to your network and to the
+ # Internet at large.
+ ProxyRequests <%= @proxy_requests %>
+
+ <% if @proxy_requests != 'Off' or ( @allow_from and ! @allow_from.empty? ) -%>
+ <Proxy *>
+ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Require ip <%= Array(@allow_from).join(" ") %>
+ <%- else -%>
+ Order deny,allow
+ Deny from all
+ Allow from <%= Array(@allow_from).join(" ") %>
+ <%- end -%>
+ </Proxy>
+ <% end -%>
+
+ # Enable/disable the handling of HTTP/1.1 "Via:" headers.
+ # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+ # Set to one of: Off | On | Full | Block
+ ProxyVia On
+</IfModule>
--- /dev/null
+ProxyHTMLLinks a href
+ProxyHTMLLinks area href
+ProxyHTMLLinks link href
+ProxyHTMLLinks img src longdesc usemap
+ProxyHTMLLinks object classid codebase data usemap
+ProxyHTMLLinks q cite
+ProxyHTMLLinks blockquote cite
+ProxyHTMLLinks ins cite
+ProxyHTMLLinks del cite
+ProxyHTMLLinks form action
+ProxyHTMLLinks input src usemap
+ProxyHTMLLinks head profileProxyHTMLLinks base href
+ProxyHTMLLinks script src for
+
+ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \
+ onmouseover onmousemove onmouseout onkeypress \
+ onkeydown onkeyup onfocus onblur onload \
+ onunload onsubmit onreset onselect onchange
--- /dev/null
+# Declare the header field which should be parsed for useragent IP addresses
+RemoteIPHeader <%= @header %>
+
+<%- if @proxy_ips -%>
+# Declare client intranet IP addresses trusted to present
+#Â the RemoteIPHeader value
+<%- [@proxy_ips].flatten.each do |proxy| -%>
+RemoteIPInternalProxy <%= proxy %>
+<%- end -%>
+<%- end -%>
+
+<%- if @proxies_header -%>
+# Declare the header field which will record all intermediate IP addresses
+RemoteIPProxiesHeader <%= @proxies_header %>
+<%- end -%>
+
+<%- if @trusted_proxy_ips -%>
+# Declare client intranet IP addresses trusted to present
+# the RemoteIPHeader value
+ <%- [@trusted_proxy_ips].flatten.each do |proxy| -%>
+RemoteIPTrustedProxy <%= proxy %>
+ <%- end -%>
+<%- end -%>
--- /dev/null
+<% Array(@timeouts).each do |timeout| -%>
+RequestReadTimeout <%= timeout %>
+<%- end -%>
--- /dev/null
+# Enable reverse proxy add forward
+RPAFenable On
+# RPAFsethostname will, when enabled, take the incoming X-Host header and
+# update the virtual host settings accordingly. This allows to have the same
+# hostnames as in the "real" configuration for the forwarding proxy.
+<% if @sethostname -%>
+RPAFsethostname On
+<% else -%>
+RPAFsethostname Off
+<% end -%>
+# Which IPs are forwarding requests to us
+RPAFproxy_ips <%= Array(@proxy_ips).join(" ") %>
+# Setting RPAFheader allows you to change the header name to parse from the
+# default X-Forwarded-For to something of your choice.
+RPAFheader <%= @header %>
--- /dev/null
+<IfModule mod_security2.c>
+ # ModSecurity Core Rules Set configuration
+<%- if scope.function_versioncmp([scope.lookupvar('::apache::apache_version'), '2.4']) >= 0 -%>
+ IncludeOptional <%= @modsec_dir %>/*.conf
+ IncludeOptional <%= @modsec_dir %>/activated_rules/*.conf
+<%- else -%>
+ Include <%= @modsec_dir %>/*.conf
+ Include <%= @modsec_dir %>/activated_rules/*.conf
+<%- end -%>
+
+ # Default recommended configuration
+ SecRuleEngine On
+ SecRequestBodyAccess On
+ SecRule REQUEST_HEADERS:Content-Type "text/xml" \
+ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+ SecRequestBodyLimit 13107200
+ SecRequestBodyNoFilesLimit 131072
+ SecRequestBodyInMemoryLimit 131072
+ SecRequestBodyLimitAction Reject
+ SecRule REQBODY_ERROR "!@eq 0" \
+ "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+ SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
+ "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: \
+ PE %{REQBODY_PROCESSOR_ERROR}, \
+ BQ %{MULTIPART_BOUNDARY_QUOTED}, \
+ BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
+ DB %{MULTIPART_DATA_BEFORE}, \
+ DA %{MULTIPART_DATA_AFTER}, \
+ HF %{MULTIPART_HEADER_FOLDING}, \
+ LF %{MULTIPART_LF_LINE}, \
+ SM %{MULTIPART_MISSING_SEMICOLON}, \
+ IQ %{MULTIPART_INVALID_QUOTING}, \
+ IP %{MULTIPART_INVALID_PART}, \
+ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
+ FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
+
+ SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
+ "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
+
+ SecPcreMatchLimit 1000
+ SecPcreMatchLimitRecursion 1000
+
+ SecRule TX:/^MSC_/ "!@streq 0" \
+ "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
+
+ SecResponseBodyAccess Off
+ SecResponseBodyMimeType text/plain text/html text/xml
+ SecResponseBodyLimit 524288
+ SecResponseBodyLimitAction ProcessPartial
+ SecDebugLogLevel 0
+ SecAuditEngine RelevantOnly
+ SecAuditLogRelevantStatus "^(?:5|4(?!04))"
+ SecAuditLogParts ABIJDEFHZ
+ SecAuditLogType Serial
+ SecArgumentSeparator &
+ SecCookieFormat 0
+<%- if scope.lookupvar('::osfamily') == 'Debian' -%>
+ SecDebugLog /var/log/apache2/modsec_debug.log
+ SecAuditLog /var/log/apache2/modsec_audit.log
+ SecTmpDir /var/cache/modsecurity
+ SecDataDir /var/cache/modsecurity
+<% else -%>
+ SecDebugLog /var/log/httpd/modsec_debug.log
+ SecAuditLog /var/log/httpd/modsec_audit.log
+ SecTmpDir /var/lib/mod_security
+ SecDataDir /var/lib/mod_security
+<% end -%>
+</IfModule>
--- /dev/null
+# ---------------------------------------------------------------
+# Core ModSecurity Rule Set ver.2.2.6
+# Copyright (C) 2006-2012 Trustwave All rights reserved.
+#
+# The OWASP ModSecurity Core Rule Set is distributed under
+# Apache Software License (ASL) version 2
+# Please see the enclosed LICENCE file for full details.
+# ---------------------------------------------------------------
+
+
+#
+# -- [[ Recommended Base Configuration ]] -------------------------------------------------
+#
+# The configuration directives/settings in this file are used to control
+# the OWASP ModSecurity CRS. These settings do **NOT** configure the main
+# ModSecurity settings such as:
+#
+# - SecRuleEngine
+# - SecRequestBodyAccess
+# - SecAuditEngine
+# - SecDebugLog
+#
+# You should use the modsecurity.conf-recommended file that comes with the
+# ModSecurity source code archive.
+#
+# Ref: http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/modsecurity.conf-recommended
+#
+
+
+#
+# -- [[ Rule Version ]] -------------------------------------------------------------------
+#
+# Rule version data is added to the "Producer" line of Section H of the Audit log:
+#
+# - Producer: ModSecurity for Apache/2.7.0-rc1 (http://www.modsecurity.org/); OWASP_CRS/2.2.4.
+#
+# Ref: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecComponentSignature
+#
+SecComponentSignature "OWASP_CRS/2.2.6"
+
+
+#
+# -- [[ Modes of Operation: Self-Contained vs. Collaborative Detection ]] -----------------
+#
+# Each detection rule uses the "block" action which will inherit the SecDefaultAction
+# specified below. Your settings here will determine which mode of operation you use.
+#
+# -- [[ Self-Contained Mode ]] --
+# Rules inherit the "deny" disruptive action. The first rule that matches will block.
+#
+# -- [[ Collaborative Detection Mode ]] --
+# This is a "delayed blocking" mode of operation where each matching rule will inherit
+# the "pass" action and will only contribute to anomaly scores. Transactional blocking
+# can be applied
+#
+# -- [[ Alert Logging Control ]] --
+# You have three options -
+#
+# - To log to both the Apache error_log and ModSecurity audit_log file use: "log"
+# - To log *only* to the ModSecurity audit_log file use: "nolog,auditlog"
+# - To log *only* to the Apache error_log file use: "log,noauditlog"
+#
+# Ref: http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html
+# Ref: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecDefaultAction
+#
+SecDefaultAction "phase:1,deny,log"
+
+
+#
+# -- [[ Collaborative Detection Severity Levels ]] ----------------------------------------
+#
+# These are the default scoring points for each severity level. You may
+# adjust these to you liking. These settings will be used in macro expansion
+# in the rules to increment the anomaly scores when rules match.
+#
+# These are the default Severity ratings (with anomaly scores) of the individual rules -
+#
+# - 2: Critical - Anomaly Score of 5.
+# Is the highest severity level possible without correlation. It is
+# normally generated by the web attack rules (40 level files).
+# - 3: Error - Anomaly Score of 4.
+# Is generated mostly from outbound leakage rules (50 level files).
+# - 4: Warning - Anomaly Score of 3.
+# Is generated by malicious client rules (35 level files).
+# - 5: Notice - Anomaly Score of 2.
+# Is generated by the Protocol policy and anomaly files.
+#
+SecAction \
+ "id:'900001', \
+ phase:1, \
+ t:none, \
+ setvar:tx.critical_anomaly_score=5, \
+ setvar:tx.error_anomaly_score=4, \
+ setvar:tx.warning_anomaly_score=3, \
+ setvar:tx.notice_anomaly_score=2, \
+ nolog, \
+ pass"
+
+
+#
+# -- [[ Collaborative Detection Scoring Threshold Levels ]] ------------------------------
+#
+# These variables are used in macro expansion in the 49 inbound blocking and 59
+# outbound blocking files.
+#
+# **MUST HAVE** ModSecurity v2.5.12 or higher to use macro expansion in numeric
+# operators. If you have an earlier version, edit the 49/59 files directly to
+# set the appropriate anomaly score levels.
+#
+# You should set the score to the proper threshold you would prefer. If set to "5"
+# it will work similarly to previous Mod CRS rules and will create an event in the error_log
+# file if there are any rules that match. If you would like to lessen the number of events
+# generated in the error_log file, you should increase the anomaly score threshold to
+# something like "20". This would only generate an event in the error_log file if
+# there are multiple lower severity rule matches or if any 1 higher severity item matches.
+#
+SecAction \
+ "id:'900002', \
+ phase:1, \
+ t:none, \
+ setvar:tx.inbound_anomaly_score_level=5, \
+ nolog, \
+ pass"
+
+
+SecAction \
+ "id:'900003', \
+ phase:1, \
+ t:none, \
+ setvar:tx.outbound_anomaly_score_level=4, \
+ nolog, \
+ pass"
+
+
+#
+# -- [[ Collaborative Detection Blocking ]] -----------------------------------------------
+#
+# This is a collaborative detection mode where each rule will increment an overall
+# anomaly score for the transaction. The scores are then evaluated in the following files:
+#
+# Inbound anomaly score - checked in the modsecurity_crs_49_inbound_blocking.conf file
+# Outbound anomaly score - checked in the modsecurity_crs_59_outbound_blocking.conf file
+#
+# If you want to use anomaly scoring mode, then uncomment this line.
+#
+#SecAction \
+ "id:'900004', \
+ phase:1, \
+ t:none, \
+ setvar:tx.anomaly_score_blocking=on, \
+ nolog, \
+ pass"
+
+
+#
+# -- [[ GeoIP Database ]] -----------------------------------------------------------------
+#
+# There are some rulesets that need to inspect the GEO data of the REMOTE_ADDR data.
+#
+# You must first download the MaxMind GeoIP Lite City DB -
+#
+# http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
+#
+# You then need to define the proper path for the SecGeoLookupDb directive
+#
+# Ref: http://blog.spiderlabs.com/2010/10/detecting-malice-with-modsecurity-geolocation-data.html
+# Ref: http://blog.spiderlabs.com/2010/11/detecting-malice-with-modsecurity-ip-forensics.html
+#
+#SecGeoLookupDb /opt/modsecurity/lib/GeoLiteCity.dat
+
+#
+# -- [[ Regression Testing Mode ]] --------------------------------------------------------
+#
+# If you are going to run the regression testing mode, you should uncomment the
+# following rule. It will enable DetectionOnly mode for the SecRuleEngine and
+# will enable Response Header tagging so that the client testing script can see
+# which rule IDs have matched.
+#
+# You must specify the your source IP address where you will be running the tests
+# from.
+#
+#SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" \
+ "id:'900005', \
+ phase:1, \
+ t:none, \
+ ctl:ruleEngine=DetectionOnly, \
+ setvar:tx.regression_testing=1, \
+ nolog, \
+ pass"
+
+
+#
+# -- [[ HTTP Policy Settings ]] ----------------------------------------------------------
+#
+# Set the following policy settings here and they will be propagated to the 23 rules
+# file (modsecurity_common_23_request_limits.conf) by using macro expansion.
+# If you run into false positives, you can adjust the settings here.
+#
+# Only the max number of args is uncommented by default as there are a high rate
+# of false positives. Uncomment the items you wish to set.
+#
+#
+# -- Maximum number of arguments in request limited
+SecAction \
+ "id:'900006', \
+ phase:1, \
+ t:none, \
+ setvar:tx.max_num_args=255, \
+ nolog, \
+ pass"
+
+#
+# -- Limit argument name length
+#SecAction \
+ "id:'900007', \
+ phase:1, \
+ t:none, \
+ setvar:tx.arg_name_length=100, \
+ nolog, \
+ pass"
+
+#
+# -- Limit value name length
+#SecAction \
+ "id:'900008', \
+ phase:1, \
+ t:none, \
+ setvar:tx.arg_length=400, \
+ nolog, \
+ pass"
+
+#
+# -- Limit arguments total length
+#SecAction \
+ "id:'900009', \
+ phase:1, \
+ t:none, \
+ setvar:tx.total_arg_length=64000, \
+ nolog, \
+ pass"
+
+#
+# -- Individual file size is limited
+#SecAction \
+ "id:'900010', \
+ phase:1, \
+ t:none, \
+ setvar:tx.max_file_size=1048576, \
+ nolog, \
+ pass"
+
+#
+# -- Combined file size is limited
+#SecAction \
+ "id:'900011', \
+ phase:1, \
+ t:none, \
+ setvar:tx.combined_file_sizes=1048576, \
+ nolog, \
+ pass"
+
+
+#
+# Set the following policy settings here and they will be propagated to the 30 rules
+# file (modsecurity_crs_30_http_policy.conf) by using macro expansion.
+# If you run into false positves, you can adjust the settings here.
+#
+SecAction \
+ "id:'900012', \
+ phase:1, \
+ t:none, \
+ setvar:'tx.allowed_methods=<%= @allowed_methods -%>', \
+ setvar:'tx.allowed_request_content_type=<%= @content_types -%>', \
+ setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \
+ setvar:'tx.restricted_extensions=<%= @restricted_extensions -%>', \
+ setvar:'tx.restricted_headers=<%= @restricted_headers -%>', \
+ nolog, \
+ pass"
+
+
+#
+# -- [[ Content Security Policy (CSP) Settings ]] -----------------------------------------
+#
+# The purpose of these settings is to send CSP response headers to
+# Mozilla FireFox users so that you can enforce how dynamic content
+# is used. CSP usage helps to prevent XSS attacks against your users.
+#
+# Reference Link:
+#
+# https://developer.mozilla.org/en/Security/CSP
+#
+# Uncomment this SecAction line if you want use CSP enforcement.
+# You need to set the appropriate directives and settings for your site/domain and
+# and activate the CSP file in the experimental_rules directory.
+#
+# Ref: http://blog.spiderlabs.com/2011/04/modsecurity-advanced-topic-of-the-week-integrating-content-security-policy-csp.html
+#
+#SecAction \
+ "id:'900013', \
+ phase:1, \
+ t:none, \
+ setvar:tx.csp_report_only=1, \
+ setvar:tx.csp_report_uri=/csp_violation_report, \
+ setenv:'csp_policy=allow \'self\'; img-src *.yoursite.com; media-src *.yoursite.com; style-src *.yoursite.com; frame-ancestors *.yoursite.com; script-src *.yoursite.com; report-uri %{tx.csp_report_uri}', \
+ nolog, \
+ pass"
+
+
+#
+# -- [[ Brute Force Protection ]] ---------------------------------------------------------
+#
+# If you are using the Brute Force Protection rule set, then uncomment the following
+# lines and set the following variables:
+# - Protected URLs: resources to protect (e.g. login pages) - set to your login page
+# - Burst Time Slice Interval: time interval window to monitor for bursts
+# - Request Threshold: request # threshold to trigger a burst
+# - Block Period: temporary block timeout
+#
+#SecAction \
+ "id:'900014', \
+ phase:1, \
+ t:none, \
+ setvar:'tx.brute_force_protected_urls=/login.jsp /partner_login.php', \
+ setvar:'tx.brute_force_burst_time_slice=60', \
+ setvar:'tx.brute_force_counter_threshold=10', \
+ setvar:'tx.brute_force_block_timeout=300', \
+ nolog, \
+ pass"
+
+
+#
+# -- [[ DoS Protection ]] ----------------------------------------------------------------
+#
+# If you are using the DoS Protection rule set, then uncomment the following
+# lines and set the following variables:
+# - Burst Time Slice Interval: time interval window to monitor for bursts
+# - Request Threshold: request # threshold to trigger a burst
+# - Block Period: temporary block timeout
+#
+#SecAction \
+ "id:'900015', \
+ phase:1, \
+ t:none, \
+ setvar:'tx.dos_burst_time_slice=60', \
+ setvar:'tx.dos_counter_threshold=100', \
+ setvar:'tx.dos_block_timeout=600', \
+ nolog, \
+ pass"
+
+
+#
+# -- [[ Check UTF enconding ]] -----------------------------------------------------------
+#
+# We only want to apply this check if UTF-8 encoding is actually used by the site, otherwise
+# it will result in false positives.
+#
+# Uncomment this line if your site uses UTF8 encoding
+#SecAction \
+ "id:'900016', \
+ phase:1, \
+ t:none, \
+ setvar:tx.crs_validate_utf8_encoding=1, \
+ nolog, \
+ pass"
+
+
+#
+# -- [[ Enable XML Body Parsing ]] -------------------------------------------------------
+#
+# The rules in this file will trigger the XML parser upon an XML request
+#
+# Initiate XML Processor in case of xml content-type
+#
+SecRule REQUEST_HEADERS:Content-Type "text/xml" \
+ "id:'900017', \
+ phase:1, \
+ t:none,t:lowercase, \
+ nolog, \
+ pass, \
+ chain"
+ SecRule REQBODY_PROCESSOR "!@streq XML" \
+ "ctl:requestBodyProcessor=XML"
+
+
+#
+# -- [[ Global and IP Collections ]] -----------------------------------------------------
+#
+# Create both Global and IP collections for rules to use
+# There are some CRS rules that assume that these two collections
+# have already been initiated.
+#
+SecRule REQUEST_HEADERS:User-Agent "^(.*)$" \
+ "id:'900018', \
+ phase:1, \
+ t:none,t:sha1,t:hexEncode, \
+ setvar:tx.ua_hash=%{matched_var}, \
+ nolog, \
+ pass"
+
+
+SecRule REQUEST_HEADERS:x-forwarded-for "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" \
+ "id:'900019', \
+ phase:1, \
+ t:none, \
+ capture, \
+ setvar:tx.real_ip=%{tx.1}, \
+ nolog, \
+ pass"
+
+
+SecRule &TX:REAL_IP "!@eq 0" \
+ "id:'900020', \
+ phase:1, \
+ t:none, \
+ initcol:global=global, \
+ initcol:ip=%{tx.real_ip}_%{tx.ua_hash}, \
+ nolog, \
+ pass"
+
+
+SecRule &TX:REAL_IP "@eq 0" \
+ "id:'900021', \
+ phase:1, \
+ t:none, \
+ initcol:global=global, \
+ initcol:ip=%{remote_addr}_%{tx.ua_hash}, \
+ nolog, \
+ pass"
--- /dev/null
+#
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+
+#
+# The following directive disables redirects on non-GET requests for
+# a directory that does not include the trailing slash. This fixes a
+# problem with Microsoft WebFolders which does not appropriately handle
+# redirects for folders with DAV methods.
+# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+#
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
+BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+BrowserMatch "^gvfs/1" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+BrowserMatch " Konqueror/4" redirect-carefully
+
+<IfModule mod_ssl.c>
+ BrowserMatch "MSIE [2-6]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+</IfModule>
--- /dev/null
+<IfModule mod_ssl.c>
+ SSLRandomSeed startup builtin
+ SSLRandomSeed startup file:/dev/urandom <%= @ssl_random_seed_bytes %>
+ SSLRandomSeed connect builtin
+ SSLRandomSeed connect file:/dev/urandom <%= @ssl_random_seed_bytes %>
+
+ AddType application/x-x509-ca-cert .crt
+ AddType application/x-pkcs7-crl .crl
+
+ SSLPassPhraseDialog <%= @ssl_pass_phrase_dialog %>
+ SSLSessionCache "shmcb:<%= @session_cache %>"
+ SSLSessionCacheTimeout <%= @ssl_sessioncachetimeout %>
+<% if @ssl_compression -%>
+ SSLCompression On
+<% end -%>
+ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Mutex <%= @ssl_mutex %>
+ <%- else -%>
+ SSLMutex <%= @ssl_mutex %>
+ <%- end -%>
+ SSLCryptoDevice <%= @ssl_cryptodevice %>
+ SSLHonorCipherOrder <%= @ssl_honorcipherorder %>
+ SSLCipherSuite <%= @ssl_cipher %>
+ SSLProtocol <%= @ssl_protocol.compact.join(' ') %>
+<% if @ssl_options -%>
+ SSLOptions <%= @ssl_options.compact.join(' ') %>
+<% end -%>
+</IfModule>
--- /dev/null
+<Location <%= @status_path %>>
+ SetHandler server-status
+ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Require ip <%= Array(@allow_from).join(" ") %>
+ <%- else -%>
+ Order deny,allow
+ Deny from all
+ Allow from <%= Array(@allow_from).join(" ") %>
+ <%- end -%>
+</Location>
+ExtendedStatus <%= @extended_status %>
+
+<IfModule mod_proxy.c>
+ # Show Proxy LoadBalancer status in mod_status
+ ProxyStatus On
+</IfModule>
--- /dev/null
+<IfModule mod_suphp.c>
+ AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
+ suPHP_AddHandler application/x-httpd-suphp
+
+ <Directory />
+ suPHP_Engine on
+ </Directory>
+
+ # By default, disable suPHP for debian packaged web applications as files
+ # are owned by root and cannot be executed by suPHP because of min_uid.
+ <Directory /usr/share>
+ suPHP_Engine off
+ </Directory>
+
+# # Use a specific php config file (a dir which contains a php.ini file)
+# suPHP_ConfigPath /etc/php4/cgi/suphp/
+# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
+# suPHP_RemoveHandler <mime-type>
+</IfModule>
--- /dev/null
+<IfModule mod_userdir.c>
+<% if @disable_root -%>
+ UserDir disabled root
+<% end -%>
+ UserDir <%= @dir %>
+
+ <Directory "<%= @home %>/*/<%= @dir %>">
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options <%= @options.join(' ') %>
+ <Limit GET POST OPTIONS>
+ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Require all granted
+ <%- else -%>
+ Order allow,deny
+ Allow from all
+ <%- end -%>
+ </Limit>
+ <LimitExcept GET POST OPTIONS>
+ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Require all granted
+ <%- else -%>
+ Order allow,deny
+ Allow from all
+ <%- end -%>
+ </LimitExcept>
+ </Directory>
+</IfModule>
--- /dev/null
+<IfModule mpm_worker_module>
+ ServerLimit <%= @serverlimit %>
+ StartServers <%= @startservers %>
+ MaxClients <%= @maxclients %>
+ MinSpareThreads <%= @minsparethreads %>
+ MaxSpareThreads <%= @maxsparethreads %>
+ ThreadsPerChild <%= @threadsperchild %>
+ MaxRequestsPerChild <%= @maxrequestsperchild %>
+ ThreadLimit <%= @threadlimit %>
+</IfModule>
--- /dev/null
+# The WSGI Apache module configuration file is being
+# managed by Puppet an changes will be overwritten.
+<IfModule mod_wsgi.c>
+ <%- if @wsgi_socket_prefix -%>
+ WSGISocketPrefix <%= @wsgi_socket_prefix %>
+ <%- end -%>
+ <%- if @wsgi_python_home -%>
+ WSGIPythonHome "<%= @wsgi_python_home %>"
+ <%- end -%>
+ <%- if @wsgi_python_path -%>
+ WSGIPythonPath "<%= @wsgi_python_path %>"
+ <%- end -%>
+</IfModule>
--- /dev/null
+<%# NameVirtualHost should always be one of:
+ - *
+ - *:<port>
+ - _default_:<port>
+ - <ip>
+ - <ip>:<port>
+-%>
+NameVirtualHost <%= @addr_port %>
--- /dev/null
+# ************************************
+# Listen & NameVirtualHost resources in module puppetlabs-apache
+# Managed by Puppet
+# ************************************
+
--- /dev/null
+<% @_access_logs.each do |log| -%>
+<% env ||= "env=#{log['env']}" if log['env'] -%>
+<% env ||= '' -%>
+<% format ||= "\"#{log['format']}\"" if log['format'] -%>
+<% format ||= 'combined' -%>
+<% if log['file'] -%>
+<% if log['file'].chars.first == '/' -%>
+<% destination = "#{log['file']}" -%>
+<% else -%>
+<% destination = "#{@logroot}/#{log['file']}" -%>
+<% end -%>
+<% elsif log['syslog'] -%>
+<% destination = "syslog" -%>
+<% elsif log['pipe'] -%>
+<% destination = log['pipe'] -%>
+<% else -%>
+<% destination ||= "#{@logroot}/#{@name}_access_ssl.log" if @ssl -%>
+<% destination ||= "#{@logroot}/#{@name}_access.log" -%>
+<% end -%>
+ CustomLog "<%= destination %>" <%= format %> <%= env %>
+<% end -%>
--- /dev/null
+<% if @action -%>
+
+ Action <%= @action %> /cgi-bin virtual
+<% end -%>
--- /dev/null
+<% Array(@additional_includes).each do |include| -%>
+
+ ## Load additional static includes
+<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 && @use_optional_includes -%>
+IncludeOptional "<%= include %>"
+<%- else -%>
+Include "<%= include %>"
+<%- end -%>
+
+<% end -%>
--- /dev/null
+<% if @aliases and ! @aliases.empty? -%>
+ ## Alias declarations for resources outside the DocumentRoot
+ <%- [@aliases].flatten.compact.each do |alias_statement| -%>
+ <%- if alias_statement["path"] != '' -%>
+ <%- if alias_statement["alias"] and alias_statement["alias"] != '' -%>
+ Alias <%= alias_statement["alias"] %> "<%= alias_statement["path"] %>"
+ <%- elsif alias_statement["aliasmatch"] and alias_statement["aliasmatch"] != '' -%>
+ AliasMatch <%= alias_statement["aliasmatch"] %> "<%= alias_statement["path"] %>"
+ <%- elsif alias_statement["scriptalias"] and alias_statement["scriptalias"] != '' -%>
+ ScriptAlias <%= alias_statement["scriptalias"] %> "<%= alias_statement["path"] %>"
+ <%- elsif alias_statement["scriptaliasmatch"] and alias_statement["scriptaliasmatch"] != '' -%>
+ ScriptAliasMatch <%= alias_statement["scriptaliasmatch"] %> "<%= alias_statement["path"] %>"
+ <%- end -%>
+ <%- end -%>
+ <%- end -%>
+<% end -%>
--- /dev/null
+<%- if @allow_encoded_slashes -%>
+
+ AllowEncodedSlashes <%= @allow_encoded_slashes %>
+<%- end -%>
--- /dev/null
+<% if @block and ! @block.empty? -%>
+
+ ## Block access statements
+<% if @block.include? 'scm' -%>
+ # Block access to SCM directories.
+ <DirectoryMatch .*\.(svn|git|bzr)/.*>
+ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Require all denied
+ <%- else -%>
+ Deny From All
+ <%- end -%>
+ </DirectoryMatch>
+<% end -%>
+<% end -%>
--- /dev/null
+<% if @add_default_charset -%>
+
+ AddDefaultCharset <%= @add_default_charset %>
+<% end -%>
--- /dev/null
+<% if @custom_fragment -%>
+
+ ## Custom fragment
+<%= @custom_fragment %>
+<% end -%>
--- /dev/null
+<% if @_directories and ! @_directories.empty? -%>
+
+ ## Directories, there should at least be a declaration for <%= @docroot %>
+ <%- [@_directories].flatten.compact.each do |directory| -%>
+ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%>
+ <%- scope.function_warning(["Apache::Vhost: Using allow is deprecated in your Apache version"]) -%>
+ <%- end -%>
+ <%- if directory['deny'] and ! [ false, 'false', '' ].include?(directory['deny']) -%>
+ <%- scope.function_warning(["Apache::Vhost: Using deny is deprecated in your Apache version"]) -%>
+ <%- end -%>
+ <%- if directory['order'] and ! [ false, 'false', '' ].include?(directory['order']) -%>
+ <%- scope.function_warning(["Apache::Vhost: Using order is deprecated in your Apache version"]) -%>
+ <%- end -%>
+ <%- if directory['satisfy'] and ! [ false, 'false', '' ].include?(directory['satisfy']) -%>
+ <%- scope.function_warning(["Apache::Vhost: Using satisfy is deprecated in your Apache version"]) -%>
+ <%- end -%>
+ <%- end -%>
+ <%- if directory['path'] and directory['path'] != '' -%>
+ <%- if directory['provider'] and directory['provider'].match('(directory|location|files)') -%>
+ <%- if /^(.*)match$/ =~ directory['provider'] -%>
+ <%- provider = $1.capitalize + 'Match' -%>
+ <%- else -%>
+ <%- provider = directory['provider'].capitalize -%>
+ <%- end -%>
+ <%- else -%>
+ <%- provider = 'Directory' -%>
+ <%- end -%>
+ <%- path = directory['path'] -%>
+
+ <<%= provider %> "<%= path %>">
+ <%- if directory['headers'] -%>
+ <%- Array(directory['headers']).each do |header| -%>
+ Header <%= header %>
+ <%- end -%>
+ <%- end -%>
+ <%- if ! directory['geoip_enable'].nil? -%>
+ GeoIPEnable <%= scope.function_bool2httpd([directory['geoip_enable']]) %>
+ <%- end -%>
+ <%- if directory['options'] -%>
+ Options <%= Array(directory['options']).join(' ') %>
+ <%- end -%>
+ <%- if provider == 'Directory' -%>
+ <%- if directory['index_options'] -%>
+ IndexOptions <%= Array(directory['index_options']).join(' ') %>
+ <%- end -%>
+ <%- if directory['index_order_default'] -%>
+ IndexOrderDefault <%= Array(directory['index_order_default']).join(' ') %>
+ <%- end -%>
+ <%- if directory['index_style_sheet'] -%>
+ IndexStyleSheet '<%= directory['index_style_sheet'] %>'
+ <%- end -%>
+ <%- if directory['allow_override'] -%>
+ AllowOverride <%= Array(directory['allow_override']).join(' ') %>
+ <%- elsif provider == 'Directory' -%>
+ AllowOverride None
+ <%- end -%>
+ <%- end -%>
+ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ <%- if directory['require'] and directory['require'] != '' -%>
+ <%- Array(directory['require']).each do |req| -%>
+ Require <%= req %>
+ <%- end -%>
+ <%- end -%>
+ <%- if directory['auth_require'] -%>
+ Require <%= directory['auth_require'] %>
+ <%- end -%>
+ <%- if !(directory['require'] and directory['require'] != '') && !(directory['auth_require']) -%>
+ Require all granted
+ <%- end -%>
+ <%- else -%>
+ <%- if directory['auth_require'] -%>
+ Require <%= directory['auth_require'] %>
+ <%- end -%>
+ <%- if directory['order'] and directory['order'] != '' -%>
+ Order <%= Array(directory['order']).join(',') %>
+ <%- else -%>
+ Order allow,deny
+ <%- end -%>
+ <%- if directory['deny'] and ! [ false, 'false', '' ].include?(directory['deny']) -%>
+ <%- if directory['deny'].kind_of?(Array) -%>
+ <%- Array(directory['deny']).each do |restrict| -%>
+ Deny <%= restrict %>
+ <%- end -%>
+ <%- else -%>
+ Deny <%= directory['deny'] %>
+ <%- end -%>
+ <%- end -%>
+ <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%>
+ <%- if directory['allow'].kind_of?(Array) -%>
+ <%- Array(directory['allow']).each do |access| -%>
+ Allow <%= access %>
+ <%- end -%>
+ <%- else -%>
+ Allow <%= directory['allow'] %>
+ <%- end -%>
+ <%- elsif [ 'from all', 'from All' ].include?(directory['deny']) -%>
+ <%- elsif ! directory['deny'] and [ false, 'false', '' ].include?(directory['allow']) -%>
+ Deny from all
+ <%- else -%>
+ Allow from all
+ <%- end -%>
+ <%- if directory['satisfy'] and directory['satisfy'] != '' -%>
+ Satisfy <%= directory['satisfy'] %>
+ <%- end -%>
+ <%- end -%>
+ <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%>
+ <%- [directory['addhandlers']].flatten.compact.each do |addhandler| -%>
+ AddHandler <%= addhandler['handler'] %> <%= Array(addhandler['extensions']).join(' ') %>
+ <%- end -%>
+ <%- end -%>
+ <%- if directory['sethandler'] and directory['sethandler'] != '' -%>
+ SetHandler <%= directory['sethandler'] %>
+ <%- end -%>
+ <%- if directory['passenger_enabled'] and directory['passenger_enabled'] != '' -%>
+ PassengerEnabled <%= directory['passenger_enabled'] %>
+ <%- end -%>
+ <%- if directory['php_flags'] and ! directory['php_flags'].empty? -%>
+ <%- directory['php_flags'].sort.each do |flag,value| -%>
+ <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%>
+ php_flag <%= "#{flag} #{value}" %>
+ <%- end -%>
+ <%- end -%>
+ <%- if directory['php_values'] and ! directory['php_values'].empty? -%>
+ <%- directory['php_values'].sort.each do |key,value| -%>
+ php_value <%= "#{key} #{value}" %>
+ <%- end -%>
+ <%- end -%>
+ <%- if directory['php_admin_flags'] and ! directory['php_admin_flags'].empty? -%>
+ <%- directory['php_admin_flags'].sort.each do |flag,value| -%>
+ <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%>
+ php_admin_flag <%= "#{flag} #{value}" %>
+ <%- end -%>
+ <%- end -%>
+ <%- if directory['php_admin_values'] and ! directory['php_admin_values'].empty? -%>
+ <%- directory['php_admin_values'].sort.each do |key,value| -%>
+ php_admin_value <%= "#{key} #{value}" %>
+ <%- end -%>
+ <%- end -%>
+ <%- if directory['directoryindex'] and directory['directoryindex'] != '' -%>
+ DirectoryIndex <%= directory['directoryindex'] %>
+ <%- end -%>
+ <%- if directory['error_documents'] and ! directory['error_documents'].empty? -%>
+ <%- [directory['error_documents']].flatten.compact.each do |error_document| -%>
+ ErrorDocument <%= error_document['error_code'] %> <%= error_document['document'] %>
+ <%- end -%>
+ <%- end -%>
+ <%- if directory['auth_type'] -%>
+ AuthType <%= directory['auth_type'] %>
+ <%- end -%>
+ <%- if directory['auth_name'] -%>
+ AuthName "<%= directory['auth_name'] %>"
+ <%- end -%>
+ <%- if directory['auth_digest_algorithm'] -%>
+ AuthDigestAlgorithm <%= directory['auth_digest_algorithm'] %>
+ <%- end -%>
+ <%- if directory['auth_digest_domain'] -%>
+ AuthDigestDomain <%= Array(directory['auth_digest_domain']).join(' ') %>
+ <%- end -%>
+ <%- if directory['auth_digest_nonce_lifetime'] -%>
+ AuthDigestNonceLifetime <%= directory['auth_digest_nonce_lifetime'] %>
+ <%- end -%>
+ <%- if directory['auth_digest_provider'] -%>
+ AuthDigestProvider <%= directory['auth_digest_provider'] %>
+ <%- end -%>
+ <%- if directory['auth_digest_qop'] -%>
+ AuthDigestQop <%= directory['auth_digest_qop'] %>
+ <%- end -%>
+ <%- if directory['auth_digest_shmem_size'] -%>
+ AuthDigestShmemSize <%= directory['auth_digest_shmem_size'] %>
+ <%- end -%>
+ <%- if directory['auth_basic_authoritative'] -%>
+ AuthBasicAuthoritative <%= directory['auth_basic_authoritative'] %>
+ <%- end -%>
+ <%- if directory['auth_basic_fake'] -%>
+ AuthBasicFake <%= directory['auth_basic_fake'] %>
+ <%- end -%>
+ <%- if directory['auth_basic_provider'] -%>
+ AuthBasicProvider <%= directory['auth_basic_provider'] %>
+ <%- end -%>
+ <%- if directory['auth_user_file'] -%>
+ AuthUserFile <%= directory['auth_user_file'] %>
+ <%- end -%>
+ <%- if directory['auth_group_file'] -%>
+ AuthGroupFile <%= directory['auth_group_file'] %>
+ <%- end -%>
+ <%- if directory['fallbackresource'] -%>
+ FallbackResource <%= directory['fallbackresource'] %>
+ <%- end -%>
+ <%- if directory['expires_active'] -%>
+ ExpiresActive <%= directory['expires_active'] %>
+ <%- end -%>
+ <%- if directory['expires_default'] -%>
+ ExpiresDefault <%= directory['expires_default'] %>
+ <%- end -%>
+ <%- if directory['expires_by_type'] -%>
+ <%- Array(directory['expires_by_type']).each do |rule| -%>
+ ExpiresByType <%= rule %>
+ <%- end -%>
+ <%- end -%>
+ <%- if directory['force_type'] -%>
+ ForceType <%= directory['force_type'] %>
+ <%- end -%>
+ <%- if directory['ssl_options'] -%>
+ SSLOptions <%= Array(directory['ssl_options']).join(' ') %>
+ <%- end -%>
+ <%- if directory['suphp'] and @suphp_engine == 'on' -%>
+ suPHP_UserGroup <%= directory['suphp']['user'] %> <%= directory['suphp']['group'] %>
+ <%- end -%>
+ <%- if directory['fcgiwrapper'] -%>
+ FcgidWrapper <%= directory['fcgiwrapper']['command'] %> <%= directory['fcgiwrapper']['suffix'] %> <%= directory['fcgiwrapper']['virtual'] %>
+ <%- end -%>
+ <%- if directory['rewrites'] -%>
+ # Rewrite rules
+ RewriteEngine On
+ <%- directory['rewrites'].flatten.compact.each do |rewrite_details| -%>
+ <%- if rewrite_details['comment'] -%>
+ #<%= rewrite_details['comment'] %>
+ <%- end -%>
+ <%- if rewrite_details['rewrite_base'] -%>
+ RewriteBase <%= rewrite_details['rewrite_base'] %>
+ <%- end -%>
+ <%- if rewrite_details['rewrite_cond'] -%>
+ <%- Array(rewrite_details['rewrite_cond']).each do |commands| -%>
+ <%- Array(commands).each do |command| -%>
+ RewriteCond <%= command %>
+ <%- end -%>
+ <%- end -%>
+ <%- end -%>
+ <%- Array(rewrite_details['rewrite_rule']).each do |commands| -%>
+ <%- Array(commands).each do |command| -%>
+ RewriteRule <%= command %>
+ <%- end -%>
+ <%- end -%>
+ <%- end -%>
+ <%- end -%>
+ <%- if directory['setenv'] -%>
+ <%- Array(directory['setenv']).each do |setenv| -%>
+ SetEnv <%= setenv %>
+ <%- end -%>
+ <%- end -%>
+ <%- if @shibboleth_enabled -%>
+ <%- if directory['shib_require_session'] and ! directory['shib_require_session'].empty? -%>
+ ShibRequireSession <%= directory['shib_require_session'] %>
+ <%- end -%>
+ <%- if directory['shib_request_settings'] and ! directory['shib_request_settings'].empty? -%>
+ <%- directory['shib_request_settings'].each do |key,value| -%>
+ ShibRequestSetting <%= key %> <%= value %>
+ <%- end -%>
+ <%- end -%>
+ <%- if directory['shib_use_headers'] and ! directory['shib_use_headers'].empty? -%>
+ ShibUseHeaders <%= directory['shib_use_headers'] %>
+ <%- end -%>
+ <%- end -%>
+ <%- if directory['custom_fragment'] -%>
+ <%= directory['custom_fragment'] %>
+ <%- end -%>
+ </<%= provider %>>
+ <%- end -%>
+ <%- end -%>
+<% end -%>
--- /dev/null
+
+ ## Vhost docroot
+<% if @virtual_docroot -%>
+ VirtualDocumentRoot "<%= @virtual_docroot %>"
+<% else -%>
+ DocumentRoot "<%= @docroot %>"
+<% end -%>
--- /dev/null
+<% if @error_documents and ! @error_documents.empty? -%>
+ <%- [@error_documents].flatten.compact.each do |error_document| -%>
+ <%- if error_document["error_code"] != '' and error_document["document"] != '' -%>
+ ErrorDocument <%= error_document["error_code"] %> <%= error_document["document"] %>
+ <%- end -%>
+ <%- end -%>
+<% end -%>
--- /dev/null
+<% if @fallbackresource -%>
+
+ FallbackResource <%= @fallbackresource %>
+<% end -%>
--- /dev/null
+<% if @fastcgi_server -%>
+
+ FastCgiExternalServer <%= @fastcgi_server %> -socket <%= @fastcgi_socket %>
+<% end -%>
+<% if @fastcgi_dir -%>
+
+ <Directory "<%= @fastcgi_dir %>">
+ Options +ExecCGI
+ AllowOverride All
+ SetHandler fastcgi-script
+ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ Require all granted
+ <%- else -%>
+ Order allow,deny
+ Allow From All
+ <%- end -%>
+ AuthBasicAuthoritative Off
+ </Directory>
+
+ AllowEncodedSlashes On
+ ServerSignature Off
+<% end -%>
--- /dev/null
+</VirtualHost>
--- /dev/null
+# ************************************
+# Vhost template in module puppetlabs-apache
+# Managed by Puppet
+# ************************************
+
+<VirtualHost <%= @nvh_addr_port %>>
+ ServerName <%= @servername %>
+<% if @serveradmin -%>
+ ServerAdmin <%= @serveradmin %>
+<% end -%>
--- /dev/null
+<% if @headers and ! @headers.empty? -%>
+
+ ## Header rules
+ ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header
+ <%- Array(@headers).each do |header_statement| -%>
+ <%- if header_statement != '' -%>
+ Header <%= header_statement %>
+ <%- end -%>
+ <%- end -%>
+<% end -%>
--- /dev/null
+<% if @itk and ! @itk.empty? -%>
+
+ ## ITK statement
+ <IfModule mpm_itk_module>
+ <%- if @itk["user"] and @itk["group"] -%>
+ AssignUserId <%= @itk["user"] %> <%= @itk["group"] %>
+ <%- end -%>
+ <%- if @itk["assignuseridexpr"] -%>
+ AssignUserIdExpr <%= @itk["assignuseridexpr"] %>
+ <%- end -%>
+ <%- if @itk["assigngroupidexpr"] -%>
+ AssignGroupIdExpr <%= @itk["assigngroupidexpr"] %>
+ <%- end -%>
+ <%- if @itk["maxclientvhost"] -%>
+ MaxClientsVHost <%= @itk["maxclientvhost"] %>
+ <%- end -%>
+ <%- if @itk["nice"] -%>
+ NiceValue <%= @itk["nice"] %>
+ <%- end -%>
+ <%- if @kernelversion >= '3.5.0' -%>
+ <%- if @itk["limituidrange"] -%>
+ LimitUIDRange <%= @itk["limituidrange"] %>
+ <%- end -%>
+ <%- if @itk["limitgidrange"] -%>
+ LimitGIDRange <%= @itk["limitgidrange"] %>
+ <%- end -%>
+ <%- end -%>
+ </IfModule>
+<% end -%>
--- /dev/null
+<% if @error_log or @log_level -%>
+
+ ## Logging
+<% end -%>
+<% if @error_log -%>
+ ErrorLog "<%= @error_log_destination %>"
+<% end -%>
+<% if @log_level -%>
+ LogLevel <%= @log_level %>
+<% end -%>
--- /dev/null
+<% if @passenger_app_root -%>
+ PassengerAppRoot <%= @passenger_app_root %>
+<% end -%>
+<% if @passenger_app_env -%>
+ PassengerAppEnv <%= @passenger_app_env %>
+<% end -%>
+<% if @passenger_ruby -%>
+ PassengerRuby <%= @passenger_ruby %>
+<% end -%>
+<% if @passenger_min_instances -%>
+ PassengerMinInstances <%= @passenger_min_instances %>
+<% end -%>
+<% if @passenger_start_timeout -%>
+ PassengerStartTimeout <%= @passenger_start_timeout %>
+<% end -%>
+<% if @passenger_pre_start -%>
+ PassengerPreStart <%= @passenger_pre_start %>
+<% end -%>
--- /dev/null
+<% if @php_values and not @php_values.empty? -%>
+ <%- @php_values.sort.each do |key,value| -%>
+ php_value <%= key %> <%= value %>
+ <%- end -%>
+<% end -%>
+<% if @php_flags and not @php_flags.empty? -%>
+ <%- @php_flags.sort.each do |key,flag| -%>
+ <%-# normalize flag -%>
+ <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%>
+ php_flag <%= key %> <%= flag %>
+ <%- end -%>
+<% end -%>
\ No newline at end of file
--- /dev/null
+<% if @php_admin_values and not @php_admin_values.empty? -%>
+ <%- @php_admin_values.sort.each do |key,value| -%>
+ php_admin_value <%= key %> <%= value %>
+ <%- end -%>
+<% end -%>
+<% if @php_admin_flags and not @php_admin_flags.empty? -%>
+ <%- @php_admin_flags.sort.each do |key,flag| -%>
+ <%-# normalize flag -%>
+ <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%>
+ php_admin_flag <%= key %> <%= flag %>
+ <%- end -%>
+<% end -%>
--- /dev/null
+<% if @proxy_dest or @proxy_pass -%>
+
+ ## Proxy rules
+ ProxyRequests Off
+<%- end -%>
+<% if @proxy_preserve_host -%>
+ ProxyPreserveHost On
+<%- end -%>
+<% if @proxy_error_override -%>
+ ProxyErrorOverride On
+<%- end -%>
+<%- [@proxy_pass].flatten.compact.each do |proxy| -%>
+ ProxyPass <%= proxy['path'] %> <%= proxy['url'] -%>
+ <%- if proxy['params'] -%>
+ <%- proxy['params'].each_pair do |key, value| -%> <%= key %>=<%= value -%>
+ <%- end -%>
+ <%- end -%>
+ <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%>
+ <%- end %>
+ <Location <%= proxy['path']%>>
+ <%- if proxy['reverse_urls'].nil? -%>
+ ProxyPassReverse <%= proxy['url'] %>
+ <%- else -%>
+ <%- Array(proxy['reverse_urls']).each do |reverse_url| -%>
+ ProxyPassReverse <%= reverse_url %>
+ <%- end -%>
+ <%- end -%>
+ <%- if proxy['setenv'] -%>
+ <%- Array(proxy['setenv']).each do |setenv_var| -%>
+ SetEnv <%= setenv_var %>
+ <%- end -%>
+ <%- end -%>
+ </Location>
+<% end -%>
+<% [@proxy_pass_match].flatten.compact.each do |proxy| %>
+ ProxyPassMatch <%= proxy['path'] %> <%= proxy['url'] %>
+ <%- if proxy['params'] -%>
+ <%- proxy['params'].each_pair do |key, value| -%> <%= key %>=<%= value -%>
+ <%- end -%>
+ <%- end -%>
+ <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%>
+ <%- end %>
+ <Location <%= proxy['path']%>>
+ <%- if proxy['reverse_urls'].nil? -%>
+ ProxyPassReverse <%= proxy['url'] %>
+ <%- else -%>
+ <%- Array(proxy['reverse_urls']).each do |reverse_url| -%>
+ ProxyPassReverse <%= reverse_url %>
+ <%- end -%>
+ <%- end -%>
+ <%- if proxy['setenv'] -%>
+ <%- Array(proxy['setenv']).each do |setenv_var| -%>
+ SetEnv <%= setenv_var -%>
+ <%- end -%>
+ <%- end -%>
+ </Location>
+<% end -%>
+<% if @proxy_dest -%>
+<%- Array(@no_proxy_uris).each do |uri| -%>
+ ProxyPass <%= uri %> !
+<% end -%>
+ ProxyPass / <%= @proxy_dest %>/
+ <Location />
+ ProxyPassReverse <%= @proxy_dest %>/
+ </Location>
+<% end -%>
+<% if @proxy_dest_match -%>
+<%- Array(@no_proxy_uris_match).each do |uri| -%>
+ ProxyPassMatch <%= uri %> !
+<% end -%>
+ ProxyPassMatch / <%= @proxy_dest_match %>/
+ <Location />
+ ProxyPassReverse <%= @proxy_dest_reverse_match %>/
+ </Location>
+<% end -%>
--- /dev/null
+<% if @rack_base_uris -%>
+
+ ## Enable rack
+<% Array(@rack_base_uris).each do |uri| -%>
+ RackBaseURI <%= uri %>
+<% end -%>
+<% end -%>
--- /dev/null
+<% if @redirect_source and @redirect_dest -%>
+<% @redirect_dest_a = Array(@redirect_dest) -%>
+<% @redirect_source_a = Array(@redirect_source) -%>
+<% @redirect_status_a = Array(@redirect_status) -%>
+
+ ## Redirect rules
+ <%- @redirect_source_a.each_with_index do |source, i| -%>
+<% @redirect_dest_a[i] ||= @redirect_dest_a[0] -%>
+<% @redirect_status_a[i] ||= @redirect_status_a[0] -%>
+ Redirect <%= "#{@redirect_status_a[i]} " %><%= source %> <%= @redirect_dest_a[i] %>
+ <%- end -%>
+<% end -%>
+<%- if @redirectmatch_status and @redirectmatch_regexp and @redirectmatch_dest -%>
+<% @redirectmatch_status_a = Array(@redirectmatch_status) -%>
+<% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%>
+<% @redirectmatch_dest_a = Array(@redirectmatch_dest) -%>
+
+ ## RedirectMatch rules
+ <%- @redirectmatch_status_a.each_with_index do |status, i| -%>
+<% @redirectmatch_status_a[i] ||= @redirectmatch_status_a[0] -%>
+<% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%>
+<% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%>
+ RedirectMatch <%= "#{@redirectmatch_status_a[i]} " %> <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %>
+ <%- end -%>
+<% end -%>
--- /dev/null
+<% if @request_headers and ! @request_headers.empty? -%>
+
+ ## Request header rules
+ ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
+ <%- Array(@request_headers).each do |request_statement| -%>
+ <%- if request_statement != '' -%>
+ RequestHeader <%= request_statement %>
+ <%- end -%>
+ <%- end -%>
+<% end -%>
--- /dev/null
+<%- if @rewrites -%>
+ ## Rewrite rules
+ RewriteEngine On
+ <%- if @rewrite_base -%>
+ RewriteBase <%= @rewrite_base %>
+ <%- end -%>
+
+ <%- [@rewrites].flatten.compact.each do |rewrite_details| -%>
+ <%- if rewrite_details['comment'] -%>
+ #<%= rewrite_details['comment'] %>
+ <%- end -%>
+ <%- if rewrite_details['rewrite_base'] -%>
+ RewriteBase <%= rewrite_details['rewrite_base'] %>
+ <%- end -%>
+ <%- if rewrite_details['rewrite_cond'] -%>
+ <%- Array(rewrite_details['rewrite_cond']).each do |commands| -%>
+ <%- Array(commands).each do |command| -%>
+ RewriteCond <%= command %>
+ <%- end -%>
+ <%- end -%>
+ <%- end -%>
+ <%- if rewrite_details['rewrite_map'] -%>
+ <%- Array(rewrite_details['rewrite_map']).each do |commands| -%>
+ <%- Array(commands).each do |command| -%>
+ RewriteMap <%= command %>
+ <%- end -%>
+ <%- end -%>
+ <%- end -%>
+ <%- Array(rewrite_details['rewrite_rule']).each do |commands| -%>
+ <%- Array(commands).each do |command| -%>
+ RewriteRule <%= command %>
+ <%- end -%>
+
+ <%- end -%>
+ <%- end -%>
+<%- end -%>
+<%# reverse compatibility -%>
+<% if @rewrite_rule and !@rewrites -%>
+ ## Rewrite rules
+ RewriteEngine On
+ <%- if @rewrite_base -%>
+ RewriteBase <%= @rewrite_base %>
+ <%- end -%>
+ <%- if @rewrite_cond -%>
+ <%- Array(@rewrite_cond).each do |cond| -%>
+ RewriteCond <%= cond %>
+ <%- end -%>
+ <%- end -%>
+ RewriteRule <%= @rewrite_rule %>
+<%- end -%>
--- /dev/null
+<%- if @scriptaliases.is_a?(Array) -%>
+<%- aliases = @scriptaliases -%>
+<%- elsif @scriptaliases.is_a?(Hash) -%>
+<%- aliases = [@scriptaliases] -%>
+<%- else -%>
+<%- # Nothing to do with any other data type -%>
+<%- aliases = [] -%>
+<%- end -%>
+<%- if @scriptalias or !aliases.empty? -%>
+ ## Script alias directives
+<%# Combine scriptalais and scriptaliases into a single data structure -%>
+<%# for backward compatibility and ease of implementation -%>
+<%- aliases << { 'alias' => '/cgi-bin', 'path' => @scriptalias } if @scriptalias -%>
+<%- aliases.flatten.compact! -%>
+<%- aliases.each do |salias| -%>
+ <%- if salias["path"] != '' -%>
+ <%- if salias["alias"] and salias["alias"] != '' -%>
+ ScriptAlias <%= salias['alias'] %> "<%= salias['path'] %>"
+ <%- elsif salias["aliasmatch"] and salias["aliasmatch"] != '' -%>
+ ScriptAliasMatch <%= salias['aliasmatch'] %> "<%= salias['path'] %>"
+ <%- end -%>
+ <%- end -%>
+<%- end -%>
+<%- end -%>
--- /dev/null
+<% if @modsec_disable_vhost -%>
+ SecRuleEngine Off
+<% end -%>
+<% if @_modsec_disable_ids.is_a?(Hash) -%>
+<% @_modsec_disable_ids.each do |location,rules| -%>
+ <LocationMatch <%= location %>>
+<% Array(rules).each do |rule| -%>
+ SecRuleRemoveById <%= rule %>
+<% end -%>
+ </LocationMatch>
+<% end -%>
+<% end -%>
+<% ips = Array(@modsec_disable_ips).join(',') %>
+<% if ips != '' %>
+ SecRule REMOTE_ADDR "<%= ips %>" "nolog,allow,id:1234123455"
+ SecAction "phase:2,pass,nolog,id:1234123456"
+<% end -%>
+<% if @modsec_body_limit -%>
+ SecRequestBodyLimit <%= @modsec_body_limit %>
+<% end -%>
--- /dev/null
+<% if @serveraliases and ! @serveraliases.empty? -%>
+
+ ## Server aliases
+ <%- Array(@serveraliases).each do |serveralias| -%>
+ ServerAlias <%= serveralias %>
+ <%- end -%>
+<% end -%>
--- /dev/null
+ ServerSignature Off
--- /dev/null
+<% if @setenv and ! @setenv.empty? -%>
+
+ ## SetEnv/SetEnvIf for environment variables
+ <%- Array(@setenv).each do |envvar| -%>
+ SetEnv <%= envvar %>
+ <%- end -%>
+<% end -%>
+<% if @setenvif and ! @setenvif.empty? -%>
+ <%- Array(@setenvif).each do |envifvar| -%>
+ SetEnvIf <%= envifvar %>
+ <%- end -%>
+<% end -%>
--- /dev/null
+<% if @ssl -%>
+
+ ## SSL directives
+ SSLEngine on
+ SSLCertificateFile "<%= @ssl_cert %>"
+ SSLCertificateKeyFile "<%= @ssl_key %>"
+ <%- if @ssl_chain -%>
+ SSLCertificateChainFile "<%= @ssl_chain %>"
+ <%- end -%>
+ <%- if @ssl_certs_dir && @ssl_certs_dir != '' -%>
+ SSLCACertificatePath "<%= @ssl_certs_dir %>"
+ <%- end -%>
+ <%- if @ssl_ca -%>
+ SSLCACertificateFile "<%= @ssl_ca %>"
+ <%- end -%>
+ <%- if @ssl_crl_path -%>
+ SSLCARevocationPath "<%= @ssl_crl_path %>"
+ <%- end -%>
+ <%- if @ssl_crl -%>
+ SSLCARevocationFile "<%= @ssl_crl %>"
+ <%- end -%>
+ <%- if @ssl_crl_check && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+ SSLCARevocationCheck "<%= @ssl_crl_check %>"
+ <%- end -%>
+ <%- if @ssl_proxyengine -%>
+ SSLProxyEngine On
+ <%- end -%>
+ <%- if @ssl_protocol -%>
+ SSLProtocol <%= @ssl_protocol %>
+ <%- end -%>
+ <%- if @ssl_cipher -%>
+ SSLCipherSuite <%= @ssl_cipher %>
+ <%- end -%>
+ <%- if @ssl_honorcipherorder -%>
+ SSLHonorCipherOrder <%= @ssl_honorcipherorder %>
+ <%- end -%>
+ <%- if @ssl_verify_client -%>
+ SSLVerifyClient <%= @ssl_verify_client %>
+ <%- end -%>
+ <%- if @ssl_verify_depth -%>
+ SSLVerifyDepth <%= @ssl_verify_depth %>
+ <%- end -%>
+ <%- if @ssl_options -%>
+ SSLOptions <%= Array(@ssl_options).join(' ') %>
+ <%- end -%>
+<% end -%>
--- /dev/null
+<% if @suexec_user_group -%>
+
+ SuexecUserGroup <%= @suexec_user_group %>
+<% end -%>
--- /dev/null
+<% if @suphp_engine == 'on' -%>
+ <%- if @suphp_addhandler -%>
+ suPHP_AddHandler <%= @suphp_addhandler %>
+ <%- end -%>
+ <%- if @suphp_engine -%>
+ suPHP_Engine <%= @suphp_engine %>
+ <%- end -%>
+ <%- if @suphp_configpath -%>
+ suPHP_ConfigPath "<%= @suphp_configpath %>"
+ <%- end -%>
+<% end -%>
--- /dev/null
+<% if @wsgi_application_group -%>
+ WSGIApplicationGroup <%= @wsgi_application_group %>
+<% end -%>
+<% if @wsgi_daemon_process and @wsgi_daemon_process_options -%>
+ WSGIDaemonProcess <%= @wsgi_daemon_process %> <%= @wsgi_daemon_process_options.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %>
+<% elsif @wsgi_daemon_process and !@wsgi_daemon_process_options -%>
+ WSGIDaemonProcess <%= @wsgi_daemon_process %>
+<% end -%>
+<% if @wsgi_import_script and @wsgi_import_script_options -%>
+ WSGIImportScript <%= @wsgi_import_script %> <%= @wsgi_import_script_options.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %>
+<% end -%>
+<% if @wsgi_process_group -%>
+ WSGIProcessGroup <%= @wsgi_process_group %>
+<% end -%>
+<% if @wsgi_script_aliases and ! @wsgi_script_aliases.empty? -%>
+ <%- @wsgi_script_aliases.keys.sort.each do |key| -%>
+ <%- if key != '' and @wsgi_script_aliases[key] != ''-%>
+ WSGIScriptAlias <%= key %> "<%= @wsgi_script_aliases[key] %>"
+ <%- end -%>
+ <%- end -%>
+<% end -%>
+<% if @wsgi_pass_authorization -%>
+ WSGIPassAuthorization <%= @wsgi_pass_authorization %>
+<% end -%>
+<% if @wsgi_chunked_request -%>
+ WSGIChunkedRequest <%= @wsgi_chunked_request %>
+<% end -%>
--- /dev/null
+include apache
+include apache::mod::php
+include apache::mod::cgi
+include apache::mod::userdir
+include apache::mod::disk_cache
+include apache::mod::proxy_http
--- /dev/null
+include apache::mod::dev
--- /dev/null
+include apache
--- /dev/null
+# Tests the path and identifier parameters for the apache::mod class
+
+# Base class for clarity:
+class { 'apache': }
+
+
+# Exaple parameter usage:
+apache::mod { 'testmod':
+ path => '/usr/some/path/mod_testmod.so',
+ id => 'testmod_custom_name',
+}
--- /dev/null
+## Default mods
+
+# Base class. Declares default vhost on port 80 and default ssl
+# vhost on port 443 listening on all interfaces and serving
+# $apache::docroot, and declaring our default set of modules.
+class { 'apache':
+ default_mods => true,
+}
+
--- /dev/null
+## custom mods
+
+# Base class. Declares default vhost on port 80 and default ssl
+# vhost on port 443 listening on all interfaces and serving
+# $apache::docroot, and declaring a custom set of modules.
+class { 'apache':
+ default_mods => [
+ 'info',
+ 'alias',
+ 'mime',
+ 'env',
+ 'setenv',
+ 'expires',
+ ],
+}
+
--- /dev/null
+class { 'apache':
+ mpm_module => 'prefork',
+}
+include apache::mod::php
--- /dev/null
+## Default vhosts, and custom vhosts
+# NB: Please see the other vhost_*.pp example files for further
+# examples.
+
+# Base class. Declares default vhost on port 80 and default ssl
+# vhost on port 443 listening on all interfaces and serving
+# $apache::docroot
+class { 'apache': }
+
+# Most basic vhost
+apache::vhost { 'first.example.com':
+ port => '80',
+ docroot => '/var/www/first',
+}
+
+# Vhost with different docroot owner/group/mode
+apache::vhost { 'second.example.com':
+ port => '80',
+ docroot => '/var/www/second',
+ docroot_owner => 'third',
+ docroot_group => 'third',
+ docroot_mode => '0770',
+}
+
+# Vhost with serveradmin
+apache::vhost { 'third.example.com':
+ port => '80',
+ docroot => '/var/www/third',
+ serveradmin => 'admin@example.com',
+}
+
+# Vhost with ssl (uses default ssl certs)
+apache::vhost { 'ssl.example.com':
+ port => '443',
+ docroot => '/var/www/ssl',
+ ssl => true,
+}
+
+# Vhost with ssl and specific ssl certs
+apache::vhost { 'fourth.example.com':
+ port => '443',
+ docroot => '/var/www/fourth',
+ ssl => true,
+ ssl_cert => '/etc/ssl/fourth.example.com.cert',
+ ssl_key => '/etc/ssl/fourth.example.com.key',
+}
+
+# Vhost with english title and servername parameter
+apache::vhost { 'The fifth vhost':
+ servername => 'fifth.example.com',
+ port => '80',
+ docroot => '/var/www/fifth',
+}
+
+# Vhost with server aliases
+apache::vhost { 'sixth.example.com':
+ serveraliases => [
+ 'sixth.example.org',
+ 'sixth.example.net',
+ ],
+ port => '80',
+ docroot => '/var/www/fifth',
+}
+
+# Vhost with alternate options
+apache::vhost { 'seventh.example.com':
+ port => '80',
+ docroot => '/var/www/seventh',
+ options => [
+ 'Indexes',
+ 'MultiViews',
+ ],
+}
+
+# Vhost with AllowOverride for .htaccess
+apache::vhost { 'eighth.example.com':
+ port => '80',
+ docroot => '/var/www/eighth',
+ override => 'All',
+}
+
+# Vhost with access and error logs disabled
+apache::vhost { 'ninth.example.com':
+ port => '80',
+ docroot => '/var/www/ninth',
+ access_log => false,
+ error_log => false,
+}
+
+# Vhost with custom access and error logs and logroot
+apache::vhost { 'tenth.example.com':
+ port => '80',
+ docroot => '/var/www/tenth',
+ access_log_file => 'tenth_vhost.log',
+ error_log_file => 'tenth_vhost_error.log',
+ logroot => '/var/log',
+}
+
+# Vhost with a cgi-bin
+apache::vhost { 'eleventh.example.com':
+ port => '80',
+ docroot => '/var/www/eleventh',
+ scriptalias => '/usr/lib/cgi-bin',
+}
+
+# Vhost with a proxypass configuration
+apache::vhost { 'twelfth.example.com':
+ port => '80',
+ docroot => '/var/www/twelfth',
+ proxy_dest => 'http://internal.example.com:8080/twelfth',
+ no_proxy_uris => ['/login','/logout'],
+}
+
+# Vhost to redirect /login and /logout
+apache::vhost { 'thirteenth.example.com':
+ port => '80',
+ docroot => '/var/www/thirteenth',
+ redirect_source => [
+ '/login',
+ '/logout',
+ ],
+ redirect_dest => [
+ 'http://10.0.0.10/login',
+ 'http://10.0.0.10/logout',
+ ],
+}
+
+# Vhost to permamently redirect
+apache::vhost { 'fourteenth.example.com':
+ port => '80',
+ docroot => '/var/www/fourteenth',
+ redirect_source => '/blog',
+ redirect_dest => 'http://blog.example.com',
+ redirect_status => 'permanent',
+}
+
+# Vhost with a rack configuration
+apache::vhost { 'fifteenth.example.com':
+ port => '80',
+ docroot => '/var/www/fifteenth',
+ rack_base_uris => ['/rackapp1', '/rackapp2'],
+}
+
+# Vhost to redirect non-ssl to ssl
+apache::vhost { 'sixteenth.example.com non-ssl':
+ servername => 'sixteenth.example.com',
+ port => '80',
+ docroot => '/var/www/sixteenth',
+ rewrites => [
+ {
+ comment => 'redirect non-SSL traffic to SSL site',
+ rewrite_cond => ['%{HTTPS} off'],
+ rewrite_rule => ['(.*) https://%{HTTPS_HOST}%{REQUEST_URI}'],
+ }
+ ]
+}
+
+# Rewrite a URL to lower case
+apache::vhost { 'sixteenth.example.com non-ssl':
+ servername => 'sixteenth.example.com',
+ port => '80',
+ docroot => '/var/www/sixteenth',
+ rewrites => [
+ { comment => 'Rewrite to lower case',
+ rewrite_cond => ['%{REQUEST_URI} [A-Z]'],
+ rewrite_map => ['lc int:tolower'],
+ rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'],
+ }
+ ]
+}
+
+apache::vhost { 'sixteenth.example.com ssl':
+ servername => 'sixteenth.example.com',
+ port => '443',
+ docroot => '/var/www/sixteenth',
+ ssl => true,
+}
+
+# Vhost to redirect non-ssl to ssl using old rewrite method
+apache::vhost { 'sixteenth.example.com non-ssl old rewrite':
+ servername => 'sixteenth.example.com',
+ port => '80',
+ docroot => '/var/www/sixteenth',
+ rewrite_cond => '%{HTTPS} off',
+ rewrite_rule => '(.*) https://%{HTTPS_HOST}%{REQUEST_URI}',
+}
+apache::vhost { 'sixteenth.example.com ssl old rewrite':
+ servername => 'sixteenth.example.com',
+ port => '443',
+ docroot => '/var/www/sixteenth',
+ ssl => true,
+}
+
+# Vhost to block repository files
+apache::vhost { 'seventeenth.example.com':
+ port => '80',
+ docroot => '/var/www/seventeenth',
+ block => 'scm',
+}
+
+# Vhost with special environment variables
+apache::vhost { 'eighteenth.example.com':
+ port => '80',
+ docroot => '/var/www/eighteenth',
+ setenv => ['SPECIAL_PATH /foo/bin','KILROY was_here'],
+}
+
+apache::vhost { 'nineteenth.example.com':
+ port => '80',
+ docroot => '/var/www/nineteenth',
+ setenvif => 'Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1',
+}
+
+# Vhost with additional include files
+apache::vhost { 'twentyieth.example.com':
+ port => '80',
+ docroot => '/var/www/twelfth',
+ additional_includes => ['/tmp/proxy_group_a','/tmp/proxy_group_b'],
+}
+
+# Vhost with alias for subdomain mapped to same named directory
+# http://example.com.loc => /var/www/example.com
+apache::vhost { 'subdomain.loc':
+ vhost_name => '*',
+ port => '80',
+ virtual_docroot => '/var/www/%-2+',
+ docroot => '/var/www',
+ serveraliases => ['*.loc',],
+}
+
+# Vhost with SSLProtocol,SSLCipherSuite, SSLHonorCipherOrder
+apache::vhost { 'securedomain.com':
+ priority => '10',
+ vhost_name => 'www.securedomain.com',
+ port => '443',
+ docroot => '/var/www/secure',
+ ssl => true,
+ ssl_cert => '/etc/ssl/securedomain.cert',
+ ssl_key => '/etc/ssl/securedomain.key',
+ ssl_chain => '/etc/ssl/securedomain.crt',
+ ssl_protocol => '-ALL +SSLv3 +TLSv1',
+ ssl_cipher => 'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM',
+ ssl_honorcipherorder => 'On',
+ add_listen => false,
+}
+
+# Vhost with access log environment variables writing control
+apache::vhost { 'twentyfirst.example.com':
+ port => '80',
+ docroot => '/var/www/twentyfirst',
+ access_log_env_var => 'admin',
+}
+
--- /dev/null
+# Base class. Declares default vhost on port 80 and default ssl
+# vhost on port 443 listening on all interfaces and serving
+# $apache::docroot
+class { 'apache': }
+
+# Example from README adapted.
+apache::vhost { 'readme.example.net':
+ docroot => '/var/www/readme',
+ directories => [
+ {
+ 'path' => '/var/www/readme',
+ 'ServerTokens' => 'prod' ,
+ },
+ {
+ 'path' => '/usr/share/empty',
+ 'allow' => 'from all',
+ },
+ ],
+}
+
+# location test
+apache::vhost { 'location.example.net':
+ docroot => '/var/www/location',
+ directories => [
+ {
+ 'path' => '/location',
+ 'provider' => 'location',
+ 'ServerTokens' => 'prod'
+ },
+ ],
+}
+
+# files test, curedly disable access to accidental backup files.
+apache::vhost { 'files.example.net':
+ docroot => '/var/www/files',
+ directories => [
+ {
+ 'path' => '(\.swp|\.bak|~)$',
+ 'provider' => 'filesmatch',
+ 'deny' => 'from all'
+ },
+ ],
+}
+
--- /dev/null
+## IP-based vhosts on any listen port
+# IP-based vhosts respond to requests on specific IP addresses.
+
+# Base class. Turn off the default vhosts; we will be declaring
+# all vhosts below.
+class { 'apache':
+ default_vhost => false,
+}
+
+# Listen on port 80 and 81; required because the following vhosts
+# are not declared with a port parameter.
+apache::listen { '80': }
+apache::listen { '81': }
+
+# IP-based vhosts
+apache::vhost { 'first.example.com':
+ ip => '10.0.0.10',
+ docroot => '/var/www/first',
+ ip_based => true,
+}
+apache::vhost { 'second.example.com':
+ ip => '10.0.0.11',
+ docroot => '/var/www/second',
+ ip_based => true,
+}
--- /dev/null
+## vhost with proxyPass directive
+# NB: Please see the other vhost_*.pp example files for further
+# examples.
+
+# Base class. Declares default vhost on port 80 and default ssl
+# vhost on port 443 listening on all interfaces and serving
+# $apache::docroot
+class { 'apache': }
+
+# Most basic vhost with proxy_pass
+apache::vhost { 'first.example.com':
+ port => 80,
+ docroot => '/var/www/first',
+ proxy_pass => [
+ {
+ 'path' => '/first',
+ 'url' => 'http://localhost:8080/first'
+ },
+ ],
+}
+
+# vhost with proxy_pass and parameters
+apache::vhost { 'second.example.com':
+ port => 80,
+ docroot => '/var/www/second',
+ proxy_pass => [
+ {
+ 'path' => '/second',
+ 'url' => 'http://localhost:8080/second',
+ 'params' => {
+ 'retry' => '0',
+ 'timeout' => '5'
+ }
+ },
+ ],
+}
+
+# vhost with proxy_pass and keywords
+apache::vhost { 'third.example.com':
+ port => 80,
+ docroot => '/var/www/third',
+ proxy_pass => [
+ {
+ 'path' => '/third',
+ 'url' => 'http://localhost:8080/third',
+ 'keywords' => ['noquery', 'interpolate']
+ },
+ ],
+}
+
+# vhost with proxy_pass, parameters and keywords
+apache::vhost { 'fourth.example.com':
+ port => 80,
+ docroot => '/var/www/fourth',
+ proxy_pass => [
+ {
+ 'path' => '/fourth',
+ 'url' => 'http://localhost:8080/fourth',
+ 'params' => {
+ 'retry' => '0',
+ 'timeout' => '5'
+ },
+ 'keywords' => ['noquery', 'interpolate']
+ },
+ ],
+}
--- /dev/null
+## SSL-enabled vhosts
+# SSL-enabled vhosts respond only to HTTPS queries.
+
+# Base class. Turn off the default vhosts; we will be declaring
+# all vhosts below.
+class { 'apache':
+ default_vhost => false,
+}
+
+# Non-ssl vhost
+apache::vhost { 'first.example.com non-ssl':
+ servername => 'first.example.com',
+ port => '80',
+ docroot => '/var/www/first',
+}
+
+# SSL vhost at the same domain
+apache::vhost { 'first.example.com ssl':
+ servername => 'first.example.com',
+ port => '443',
+ docroot => '/var/www/first',
+ ssl => true,
+}
--- /dev/null
+## Declare ip-based and name-based vhosts
+# Mixing Name-based vhost with IP-specific vhosts requires `add_listen =>
+# 'false'` on the non-IP vhosts
+
+# Base class. Turn off the default vhosts; we will be declaring
+# all vhosts below.
+class { 'apache':
+ default_vhost => false,
+}
+
+
+# Add two an IP-based vhost on 10.0.0.10, ssl and non-ssl
+apache::vhost { 'The first IP-based vhost, non-ssl':
+ servername => 'first.example.com',
+ ip => '10.0.0.10',
+ port => '80',
+ ip_based => true,
+ docroot => '/var/www/first',
+}
+apache::vhost { 'The first IP-based vhost, ssl':
+ servername => 'first.example.com',
+ ip => '10.0.0.10',
+ port => '443',
+ ip_based => true,
+ docroot => '/var/www/first-ssl',
+ ssl => true,
+}
+
+# Two name-based vhost listening on 10.0.0.20
+apache::vhost { 'second.example.com':
+ ip => '10.0.0.20',
+ port => '80',
+ docroot => '/var/www/second',
+}
+apache::vhost { 'third.example.com':
+ ip => '10.0.0.20',
+ port => '80',
+ docroot => '/var/www/third',
+}
+
+# Two name-based vhosts without IPs specified, so that they will answer on either 10.0.0.10 or 10.0.0.20 . It is requried to declare
+# `add_listen => 'false'` to disable declaring "Listen 80" which will conflict
+# with the IP-based preceeding vhosts.
+apache::vhost { 'fourth.example.com':
+ port => '80',
+ docroot => '/var/www/fourth',
+ add_listen => false,
+}
+apache::vhost { 'fifth.example.com':
+ port => '80',
+ docroot => '/var/www/fifth',
+ add_listen => false,
+}
--- /dev/null
+Subproject commit 318bf8cd862144f483e515fd8e85f1b54d717df3
--- /dev/null
+Subproject commit a56c42fe59a65da729e5497fd83b9c430a197714
--- /dev/null
+Subproject commit 920421a70d33e751c4ec1a665e74819d1c1354d0
--- /dev/null
+Subproject commit 32ca5213d5efe0042b9e7f7fe1f0b874a4107155
--- /dev/null
+Subproject commit 8458b4695495aa5509e29f0919feb01099b726d7
projects / dsa-puppet.git / commitdiff