Set security options
diff --git a/README.rst b/README.rst
index 822dea5..179de58 100644
--- a/README.rst
+++ b/README.rst
@@ -127,6 +127,20 @@
# mech is optional
mech: GSSAPI
+Tune security settings (these are default):
+
+.. code-block:: yaml
+
+ parameters:
+ apache:
+ server:
+ # ServerTokens
+ tokens: Prod
+ # ServerSignature
+ signature: False
+ # TraceEnable
+ trace: False
+
Example pillar
==============
diff --git a/apache/files/_name.conf b/apache/files/_name.conf
index 4f023e9..82f10a2 100644
--- a/apache/files/_name.conf
+++ b/apache/files/_name.conf
@@ -1,5 +1,8 @@
+{%- from "apache/map.jinja" import server with context -%}
{%- if site.host.admin is defined %}
ServerAdmin {{ site.host.admin }}
+ {%- elif server.admin is defined %}
+ ServerAdmin {{ server.admin }}
{%- endif %}
{%- if site.host is defined and site.host.name is defined %}
@@ -8,3 +11,7 @@
{%- if site.host.aliases is defined %}
ServerAlias {{ site.host.aliases|join(' ') }}
{%- endif %}
+
+ ServerSignature {% if site.get('signature', server.get('signature', False)) %}On{% else %}Off{% endif %}
+ ServerTokens {{ site.get('tokens', server.get('tokens', 'Prod')) }}
+ TraceEnable {% if site.get('trace', server.get('trace', False)) %}On{% else %}Off{% endif %}
diff --git a/apache/files/proxy.conf b/apache/files/proxy.conf
index ec2769a..bd63a77 100644
--- a/apache/files/proxy.conf
+++ b/apache/files/proxy.conf
@@ -4,10 +4,6 @@
{%- include "apache/files/_ssl.conf" %}
{%- include "apache/files/_log.conf" %}
- {%- if site.host.admin is defined %}
- ServerAdmin {{ site.host.admin }}
- {%- endif %}
- ServerSignature Off
DocumentRoot /var/www
{%- if site.proxy.get('initial_pooled', True) == False %}