Merge "Cosmetic changes for alerts"
diff --git a/.kitchen.yml b/.kitchen.yml
index b2395a4..b479c60 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -47,4 +47,9 @@
pillars-from-files:
apache.sls: tests/pillar/apache_server_php7.sls
+ - name: apache_server_php7_ssl
+ provisioner:
+ pillars-from-files:
+ apache.sls: tests/pillar/apache_server_php7_ssl.sls
+
# vim: ft=yaml sw=2 ts=2 sts=2 tw=125
diff --git a/.travis.yml b/.travis.yml
index 2735f98..36eea65 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -20,8 +20,11 @@
- PLATFORM=epcim/salt:saltstack-ubuntu-trusty-salt-2016.3 SUITE=apache-server-php5
- PLATFORM=epcim/salt:saltstack-ubuntu-trusty-salt-2017.7 SUITE=apache-server-php5
- PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2016.3 SUITE=apache-server-php7
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2016.3 SUITE=apache-server-php7-ssl
- PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 SUITE=apache-server-php7
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2017.7 SUITE=apache-server-php7-ssl
- PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 SUITE=apache-server-php7
+ - PLATFORM=epcim/salt:saltstack-ubuntu-xenial-salt-2018.3 SUITE=apache-server-php7-ssl
# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2017.7 SUITE=apache-server-php7
# - PLATFORM=epcim/salt:saltstack-ubuntu-bionic-salt-2018.3 SUITE=apache-server-php7
diff --git a/README.rst b/README.rst
index d01adf8..fcf36ff 100644
--- a/README.rst
+++ b/README.rst
@@ -234,6 +234,164 @@
prefer_server_ciphers: 'on'
...
+Advanced SSL configuration, more information about SSL options can be found
+at https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
+!Please note that if mode = 'secure' or mode = 'normal' and 'ciphers' or 'protocols' are set - they should have
+type "string", if mode = 'manual', their type should be "dict" (like shown below)
+
+SSL settings on SITE level:
+
+.. code-block:: yaml
+
+ parameters:
+ apache:
+ server:
+ enabled: true
+ site:
+ example:
+ enabled: true
+ ssl:
+ enabled: true
+ engine: salt
+ authority: "${_param:salt_minion_ca_authority}"
+ key_file: "/etc/ssl/private/internal_proxy.key"
+ cert_file: "/etc/ssl/certs/internal_proxy.crt"
+ chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
+ mode: 'strict'
+ session_timeout: '300'
+ protocols:
+ TLS1:
+ name: 'TLSv1'
+ enabled: True
+ TLS1_1:
+ name: 'TLSv1.1'
+ enabled: True
+ TLS1_2:
+ name: 'TLSv1.2'
+ enabled: False
+ ciphers:
+ ECDHE_RSA_AES256_GCM_SHA384:
+ name: 'ECDHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE_ECDSA_AES256_GCM_SHA384:
+ name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
+ enabled: True
+ prefer_server_ciphers: "off"
+ dhparam:
+ enabled: True
+ numbits: 2048
+ ecdh_curve:
+ secp384r1:
+ name: 'secp384r1'
+ enabled: False
+ secp521r1:
+ name: 'secp521r1'
+ enabled: True
+ ticket_key:
+ enabled: True
+ numbytes: 48
+ session_tickets: 'on'
+ stapling: 'off'
+ crl:
+ file: '/etc/ssl/crl/crl.pem'
+ path: '/etc/ssl/crl'
+ value: 'chain'
+ enabled: False
+ verify_client: 'none'
+ client_certificate:
+ file: '/etc/ssl/client_cert.pem'
+ enabled: False
+ compression: 'off'
+ ssl_engine: 'on'
+ insecure_renegotiation: 'off'
+ ocsp:
+ default_responder: 'http://responder.example.com:8888/responder'
+ ocsp_enable: 'off'
+ override_responder: 'off'
+ responder_timeout: '50'
+ max_age: '300'
+ time_skew: '300'
+ nonce: 'on'
+ enabled: True
+ conf_cmd:
+ sessionticket:
+ command_name: 'Options'
+ command_value: '-SessionTicket'
+ enabled: True
+ serverpreference:
+ command_name: 'Options'
+ command_value: '-ServerPreference'
+ enabled: False
+ ssl_options:
+ fakebasicauth:
+ option: '+FakeBasicAuth'
+ enabled: 'True'
+ strictrequire:
+ option: '-StrictRequire'
+ enabled: True
+ proxy:
+ ca_cert_file: '/etc/ssl/client_cert.pem'
+ ca_cert_path: '/etc/ssl/client/'
+ crl:
+ file: '/etc/ssl/crl/crl.pem'
+ path: '/etc/ssl/crl'
+ value: 'chain'
+ enabled: False
+ check_peer_cn: 'off'
+ check_peer_expire: 'off'
+ check_peer_name: 'off'
+ ciphers:
+ ECDHE_RSA_AES256_GCM_SHA384:
+ name: 'ECDHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE_ECDSA_AES256_GCM_SHA384:
+ name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
+ enabled: False
+ ssl_engine: 'on'
+ proxy_chain_file: '/etc/ssl/proxy_chain.pem'
+ proxy_cert_file: '/etc/ssl/proxy.pem'
+ proxy_cert_path: '/etc/ssl/proxy'
+ verify: 'none'
+ verify_depth: '1'
+ srp_unknown_seed: 'secret_string'
+ srp_verifier_file: '/path/to/file.srpv'
+ ssl_stapling:
+ error_cache_timeout: '600'
+ fake_try_later: 'off'
+ stapling_responder: 'http://responder.example.com:8888/responder'
+ responder_timeout: '600'
+ response_max_age: '300'
+ response_time_skew: '300'
+ responder_errors: 'off'
+ standard_cache_timeout: '600'
+ sniv_host_check: 'off'
+ verify_depth: '1'
+
+SSL settings on SERVER level:
+
+.. code-block:: yaml
+
+ apache:
+ server:
+ ssl:
+ enabled: True
+ crypto_device: 'rdrand'
+ fips: 'off'
+ passphrase: 'builtin'
+ random_seed:
+ seed1:
+ context: 'startup'
+ source: 'file:/dev/urandom 256'
+ enabled: True
+ seed2:
+ context: 'connect'
+ source: 'builtin'
+ enabled: True
+ session_cache: 'none'
+ stapling_cache: 'default'
+ ssl_user_name: 'SSL_CLIENT_S_DN_CN'
+
+
Roundcube webmail, postfixadmin and mailman
.. code-block:: yaml
diff --git a/apache/files/_ssl.conf b/apache/files/_ssl.conf
index 7247732..7500261 100644
--- a/apache/files/_ssl.conf
+++ b/apache/files/_ssl.conf
@@ -46,8 +46,119 @@
{%- if site.ssl.prefer_server_ciphers is defined %}
SSLHonorCipherOrder {{ site.ssl.prefer_server_ciphers }}
{%- endif %}
+ {%- if site.ssl.get('crl', {'enabled': False}).enabled %}
+ {%- if site.ssl.crl.value is defined %}
+ SSLCARevocationCheck {{ site.ssl.crl.value }}
+ {%- endif %}
+ {%- if site.ssl.crl.file is defined %}
+ SSLCARevocationFile {{ site.ssl.crl.file }}
+ {%- endif %}
+ {%- if site.ssl.crl.path is defined %}
+ SSLCARevocationPath {{ site.ssl.crl.path }}
+ {%- endif %}
+ {%- endif %}
+ {%- if site.ssl.compression is defined %}
+ SSLCompression {{ site.ssl.compression }}
+ {%- endif %}
+ {%- if site.ssl.ssl_engine is defined %}
+ SSLEngine {{ site.ssl.ssl_engine }}
+ {%- endif %}
+ {%- if site.ssl.insecure_renegotiation is defined %}
+ SSLInsecureRenegotiation {{ site.ssl.insecure_renegotiation }}
+ {%- endif %}
+ {%- if site.ssl.get('ocsp', {'enabled': False}).enabled %}
+ {%- if site.ssl.ocsp.default_responder is defined %}
+ SSLOCSPDefaultResponder {{ site.ssl.ocsp.default_responder }}
+ {%- endif %}
+ {%- if site.ssl.ocsp.ocsp_enable is defined %}
+ SSLOCSPEnable {{ site.ssl.ocsp.ocsp_enable }}
+ {%- endif %}
+ {%- if site.ssl.ocsp.noverify is defined %}
+ SSLOCSPNoverify {{ site.ssl.ocsp.noverify }}
+ {%- endif %}
+ {%- if site.ssl.ocsp.proxy_url is defined %}
+ SSLOCSPProxyURL {{ site.ssl.ocsp.proxy_url }}
+ {%- endif %}
+ {%- if site.ssl.ocsp.override_responder is defined %}
+ SSLOCSPOverrideResponder {{ site.ssl.ocsp.override_responder }}
+ {%- endif %}
+ {%- if site.ssl.ocsp.cert_file is defined %}
+ SSLOCSPResponderCertificateFile {{ site.ssl.ocsp.cert_file }}
+ {%- endif %}
+ {%- if site.ssl.ocsp.responder_timeout is defined %}
+ SSLOCSPResponderTimeout {{ site.ssl.ocsp.responder_timeout }}
+ {%- endif %}
+ {%- if site.ssl.ocsp.max_age is defined %}
+ SSLOCSPResponseMaxAge {{ site.ssl.ocsp.max_age }}
+ {%- endif %}
+ {%- if site.ssl.ocsp.time_skew is defined %}
+ SSLOCSPResponseTimeSkew {{ site.ssl.ocsp.time_skew }}
+ {%- endif %}
+ {%- if site.ssl.ocsp.nonce is defined %}
+ SSLOCSPUseRequestNonce {{ site.ssl.ocsp.nonce }}
+ {%- endif %}
+ {%- endif %}
+ {%- if site.ssl.get('dhparam', {'enabled': False}).enabled %}
+ SSLOpenSSLConfCmd DHParameters "/etc/ssl/dhparams_apache_{{ site_name }}.pem"
+ {%- endif %}
+ {%- if site.ssl.ecdh_curve is defined %}
+ {%- set _ecdh_curve = [] %}
+ {%- for ecdh_curve_name, ecdh_curve in site.ssl.get('ecdh_curve', {}).iteritems() %}
+ {%- if ecdh_curve.get('enabled', False) %}
+ {%- do _ecdh_curve.append(ecdh_curve.name) %}
+ {%- endif %}
+ {%- endfor %}
+ SSLOpenSSLConfCmd Curves {{ ':'.join(_ecdh_curve) }}
+ {%- endif %}
+ {%- if site.ssl.conf_cmd is defined %}
+ {%- for conf_cmd_name, conf_cmd in site.ssl.get('conf_cmd', {}).iteritems() %}
+ {%- if conf_cmd.get('enabled', False) %}
+ SSLOpenSSLConfCmd {{ conf_cmd.command_name }} {{conf_cmd.command_value }}
+ {%- endif %}
+ {%- endfor %}
+ {%- endif %}
+ {%- if site.ssl.ssl_options is defined %}
+ {%- for ssl_options_name, ssl_options in site.ssl.get('ssl_options', {}).iteritems() %}
+ {%- if ssl_options.get('enabled', False) %}
+ SSLOptions {{ ssl_options.option }}
+ {%- endif %}
+ {%- endfor %}
+ {%- endif %}
+ {%- if site.ssl.proxy is defined %}
+ {%- include "apache/files/_ssl_proxy.conf" %}
+ {%- endif %}
+ {%- if site.ssl.session_timeout is defined %}
+ SSLSessionCacheTimeout {{ site.ssl.session_timeout }}
+ {%- endif %}
+ {%- if site.ssl.get('ticket_key', {'enabled': False}).enabled %}
+ SSLSessionTicketKeyFile /etc/ssl/ticket_apache_{{ site_name }}.key
+ {%- endif %}
+ {%- if site.ssl.session_tickets is defined %}
+ SSLSessionTickets {{ site.ssl.session_tickets }}
+ {%- endif %}
+ {%- if site.ssl.srp_unknown_seed is defined %}
+ SSLSRPUnknownUserSeed {{ site.ssl.srp_unknown_seed }}
+ {%- endif %}
+ {%- if site.ssl.srp_verifier_file is defined %}
+ SSLSRPVerifierFile {{ site.ssl.srp_verifier_file }}
+ {%- endif %}
+ {%- if site.ssl.ssl_stapling is defined %}
+ {%- include "apache/files/_ssl_stapling.conf" %}
+ {%- endif %}
+ {%- if site.ssl.sniv_host_check is defined %}
+ SSLStrictSNIVHostCheck {{ site.ssl.sniv_host_check }}
+ {%- endif %}
+ {%- if site.ssl.stapling is defined %}
+ SSLUseStapling {{ site.ssl.stapling}}
+ {%- endif %}
+ {%- if site.ssl.verify_client is defined %}
+ SSLVerifyClient {{ site.ssl.verify_client }}
+ {%- endif %}
+ {%- if site.ssl.verify_depth is defined %}
+ SSLVerifyDepth {{ site.ssl.verify_depth }}
+ {%- endif %}
{%- else %}
{%- include "apache/files/_ssl_"+ssl_mode+".conf" %}
{%- endif %}
{%- endif %}
- {%- endif %}
\ No newline at end of file
+ {%- endif %}
diff --git a/apache/files/_ssl_proxy.conf b/apache/files/_ssl_proxy.conf
new file mode 100644
index 0000000..3ab3292
--- /dev/null
+++ b/apache/files/_ssl_proxy.conf
@@ -0,0 +1,47 @@
+ {%- if site.ssl.proxy.ca_cert_file is defined %}
+ SSLProxyCACertificateFile {{ site.ssl.proxy.ca_cert_file }}
+ {%- endif %}
+ {%- if site.ssl.proxy.ca_cert_path is defined %}
+ SSLProxyCACertificatePath {{ site.ssl.proxy.ca_cert_path }}
+ {%- endif %}
+ {%- if site.ssl.proxy.get('crl', {'enabled': False}).enabled %}
+ {%- if site.ssl.proxy.crl.value is defined %}
+ SSLProxyCARevocationCheck {{ site.ssl.proxy.crl.value }}
+ {%- endif %}
+ {%- if site.ssl.proxy.crl.file is defined %}
+ SSLProxyCARevocationFile {{ site.ssl.proxy.crl.file }}
+ {%- endif %}
+ {%- if site.ssl.proxy.crl.path is defined %}
+ SSLProxyCARevocationPath {{ site.ssl.proxy.crl.path }}
+ {%- endif %}
+ {%- endif %}
+ {%- if site.ssl.proxy.check_peer_cn is defined %}
+ SSLProxyCheckPeerCN {{ site.ssl.proxy.check_peer_cn }}
+ {%- endif %}
+ {%- if site.ssl.proxy.check_peer_expire is defined %}
+ SSLProxyCheckPeerExpire {{ site.ssl.proxy.check_peer_expire }}
+ {%- endif %}
+ {%- if site.ssl.proxy.check_peer_name is defined %}
+ SSLProxyCheckPeerName {{ site.ssl.proxy.check_peer_name }}
+ {%- endif %}
+ {%- if site.ssl.proxy.ciphers is defined %}
+ {%- set __ciphers = [] %}
+ {%- for cipher_name, ciphers in site.ssl.proxy.get('ciphers', {}).iteritems() %}
+ {%- if ciphers.get('enabled', False) %}
+ {%- do __ciphers.append(ciphers.name) %}
+ {%- endif %}
+ {%- endfor %}
+ SSLProxyCipherSuite {{ ':'.join(__ciphers) }}
+ {%- endif %}
+ {%- if site.ssl.proxy.ssl_engine is defined %}
+ SSLProxyEngine {{ site.ssl.proxy.ssl_engine }}
+ {%- endif %}
+ {%- if site.ssl.proxy.proxy_chain_file is defined %}
+ SSLProxyMachineCertificateChainFile {{ site.ssl.proxy.proxy_chain_file }}
+ {%- endif %}
+ {%- if site.ssl.proxy.proxy_cert_file is defined %}
+ SSLProxyMachineCertificateFile {{ site.ssl.proxy.proxy_cert_file }}
+ {%- endif %}
+ {%- if site.ssl.proxy.proxy_cert_path is defined %}
+ SSLProxyMachineCertificatePath {{ site.ssl.proxy.proxy_cert_path }}
+ {%- endif %}
diff --git a/apache/files/_ssl_stapling.conf b/apache/files/_ssl_stapling.conf
new file mode 100644
index 0000000..7a6584d
--- /dev/null
+++ b/apache/files/_ssl_stapling.conf
@@ -0,0 +1,24 @@
+ {%- if site.ssl.ssl_stapling.error_cache_timeout is defined %}
+ SSLStaplingErrorCacheTimeout {{ site.ssl.ssl_stapling.error_cache_timeout }}
+ {%- endif %}
+ {%- if site.ssl.ssl_stapling.fake_try_later is defined %}
+ SSLStaplingFakeTryLater {{ site.ssl.ssl_stapling.fake_try_later }}
+ {%- endif %}
+ {%- if site.ssl.ssl_stapling.stapling_responder is defined %}
+ SSLStaplingForceURL {{ site.ssl.ssl_stapling.stapling_responder }}
+ {%- endif %}
+ {%- if site.ssl.ssl_stapling.responder_timeout is defined %}
+ SSLStaplingResponderTimeout {{ site.ssl.ssl_stapling.responder_timeout }}
+ {%- endif %}
+ {%- if site.ssl.ssl_stapling.response_max_age is defined %}
+ SSLStaplingResponseMaxAge {{ site.ssl.ssl_stapling.response_max_age }}
+ {%- endif %}
+ {%- if site.ssl.ssl_stapling.response_time_skew is defined %}
+ SSLStaplingResponseTimeSkew {{ site.ssl.ssl_stapling.response_time_skew }}
+ {%- endif %}
+ {%- if site.ssl.ssl_stapling.responder_errors is defined %}
+ SSLStaplingReturnResponderErrors {{ site.ssl.ssl_stapling.responder_errors }}
+ {%- endif %}
+ {%- if site.ssl.ssl_stapling.standard_cache_timeout is defined %}
+ SSLStaplingStandardCacheTimeout {{ site.ssl.ssl_stapling.standard_cache_timeout }}
+ {%- endif %}
diff --git a/apache/files/grafana_dashboards/apache_prometheus.json b/apache/files/grafana_dashboards/apache_prometheus.json
index ad9043c..fba99b1 100644
--- a/apache/files/grafana_dashboards/apache_prometheus.json
+++ b/apache/files/grafana_dashboards/apache_prometheus.json
@@ -1,579 +1,1104 @@
{% raw %}
{
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": "default",
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "limit": 100,
+ "name": "Annotations & Alerts",
+ "showIn": 0,
+ "type": "dashboard"
+ }
+ ]
+ },
"description": "Monitors Apache cluster using Prometheus. Shows overall cluster processes and usage.",
"editable": true,
"gnetId": null,
"graphTooltip": 1,
- "hideControls": false,
"id": null,
+ "iteration": 1528367815107,
"links": [],
- "refresh": "1m",
- "rows": [
+ "panels": [
{
- "collapse": false,
- "editable": true,
- "height": "250px",
- "panels": [
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 44,
+ "panels": [],
+ "title": "Cluster status",
+ "type": "row"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": true,
+ "colorValue": false,
+ "colors": [
+ "#d44a3a",
+ "rgba(237, 129, 40, 0.89)",
+ "#299c46"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 4,
+ "x": 0,
+ "y": 1
+ },
+ "id": 46,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
{
- "aliasColors": {},
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "prometheus",
- "decimals": 0,
- "fill": 1,
- "id": 1,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": true,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "null",
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "span": 6,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "expr": "irate(apache_TotalAccesses{host=~\"$host\"}[1m])",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "{{ host }}",
- "refId": "A",
- "step": 2
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeShift": null,
- "title": "Number of requests",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "ops",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": "0",
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ]
+ "name": "value to text",
+ "value": 1
},
{
- "aliasColors": {},
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "prometheus",
- "decimals": 2,
- "fill": 1,
- "id": 2,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": true,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "null",
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "span": 6,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "expr": "irate(apache_TotalkBytes{host=~\"$host\"}[1m])",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "{{ host }}",
- "refId": "A",
- "step": 2
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeShift": null,
- "title": "Bytes transmitted",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "KBs",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": "0",
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ]
- },
- {
- "aliasColors": {},
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "prometheus",
- "decimals": 0,
- "fill": 1,
- "id": 3,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": true,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "null",
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "span": 9,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "expr": "apache_BusyWorkers{host=~\"$host\"}",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "{{ host }}",
- "refId": "A",
- "step": 2
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeShift": null,
- "title": "Number of connections",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": "0",
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ]
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": false,
- "colors": [
- "rgba(245, 54, 54, 0.9)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(50, 172, 45, 0.97)"
- ],
- "datasource": "prometheus",
- "decimals": 0,
- "format": "none",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": false,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "id": 4,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "span": 3,
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": false,
- "lineColor": "rgb(31, 120, 193)",
- "show": true
- },
- "tableColumn": "",
- "targets": [
- {
- "expr": "sum(apache_BusyWorkers{host=~\"$host\"})",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "",
- "refId": "A",
- "step": 20
- }
- ],
- "thresholds": "",
- "title": "Current connections",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "aliasColors": {},
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "prometheus",
- "decimals": 0,
- "fill": 1,
- "id": 5,
- "legend": {
- "avg": false,
- "current": false,
- "max": false,
- "min": false,
- "show": true,
- "total": false,
- "values": false
- },
- "lines": true,
- "linewidth": 1,
- "links": [],
- "nullPointMode": "null",
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "span": 9,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "expr": "apache_scboard_closing{host=~\"$host\"}",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "closing {{ host }}",
- "refId": "A",
- "step": 2
- },
- {
- "expr": "apache_scboard_dnslookup{host=~\"$host\"}",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "dnslookup {{ host }}",
- "refId": "B",
- "step": 2
- },
- {
- "expr": "apache_scboard_finishing{host=~\"$host\"}",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "finishing {{ host }}",
- "refId": "C",
- "step": 2
- },
- {
- "expr": "apache_scboard_idle_cleanup{host=~\"$host\"}",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "dle_cleanup {{ host }}",
- "refId": "D",
- "step": 2
- },
- {
- "expr": "apache_scboard_keepalive{host=~\"$host\"}",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "keepalive {{ host }}",
- "refId": "E",
- "step": 2
- },
- {
- "expr": "apache_scboard_logging{host=~\"$host\"}",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "logging {{ host }}",
- "refId": "F",
- "step": 2
- },
- {
- "expr": "apache_scboard_open{host=~\"$host\"}",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "open {{ host }}",
- "refId": "G",
- "step": 2
- },
- {
- "expr": "apache_scboard_reading{host=~\"$host\"}",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "reading {{ host }}",
- "refId": "H",
- "step": 2
- },
- {
- "expr": "apache_scboard_sending{host=~\"$host\"}",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "sending {{ host }}",
- "refId": "I",
- "step": 2
- },
- {
- "expr": "apache_scboard_starting{host=~\"$host\"}",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "starting {{ host }}",
- "refId": "J",
- "step": 2
- },
- {
- "expr": "apache_scboard_waiting{host=~\"$host\"}",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "waiting {{ host }}",
- "refId": "K",
- "step": 2
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeShift": null,
- "title": "Workers states",
- "tooltip": {
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": "0",
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ]
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": false,
- "colors": [
- "rgba(245, 54, 54, 0.9)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(50, 172, 45, 0.97)"
- ],
- "datasource": "prometheus",
- "decimals": 0,
- "format": "none",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": false,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "id": 6,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "span": 3,
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": false,
- "lineColor": "rgb(31, 120, 193)",
- "show": true
- },
- "tableColumn": "",
- "targets": [
- {
- "expr": "sum(apache_IdleWorkers{host=~\"$host\"})",
- "format": "time_series",
- "intervalFactor": 2,
- "legendFormat": "",
- "refId": "A",
- "step": 20
- }
- ],
- "thresholds": "",
- "title": "Current idle workers",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
+ "name": "range to text",
+ "value": 2
}
],
- "title": "Metrics"
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "% Up",
+ "postfixFontSize": "80%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "100 * sum(apache_up)/count(apache_up)",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "35,70",
+ "title": "Cluster status",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "Bps",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 4,
+ "x": 4,
+ "y": 1
+ },
+ "id": 48,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "sum(apache_BytesPerSec{host=~\"$host\"})",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "title": "Total Bytes per Sec",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 4
+ },
+ "id": 20,
+ "panels": [],
+ "title": "Status",
+ "type": "row"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": true,
+ "colorValue": false,
+ "colors": [
+ "#d44a3a",
+ "rgba(237, 129, 40, 0.89)",
+ "#299c46"
+ ],
+ "datasource": null,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 4,
+ "x": 0,
+ "y": 5
+ },
+ "id": 22,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 3,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": "host",
+ "repeatDirection": "v",
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "apache_up{host=\"$host\"}",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "0.5,1",
+ "title": "Apache@${host}",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ },
+ {
+ "op": "=",
+ "text": "Fail",
+ "value": "0"
+ },
+ {
+ "op": "=",
+ "text": "OK",
+ "value": "1"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#299c46",
+ "rgba(237, 129, 40, 0.89)",
+ "#d44a3a"
+ ],
+ "datasource": null,
+ "format": "percentunit",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": true,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 4,
+ "x": 4,
+ "y": 5
+ },
+ "id": 30,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 1,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": "host",
+ "repeatDirection": "v",
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "apache_CPULoad{host=\"$host\"}",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "70,90",
+ "title": "CPU Load@${host}",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "avg"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#d44a3a",
+ "rgba(237, 129, 40, 0.89)",
+ "#299c46"
+ ],
+ "datasource": null,
+ "format": "s",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 4,
+ "x": 8,
+ "y": 5
+ },
+ "id": 32,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 1,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": "host",
+ "repeatDirection": "v",
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": false
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "apache_Uptime{host=\"$host\"}",
+ "format": "time_series",
+ "intervalFactor": 1,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "title": "Uptime@${host}",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#d44a3a",
+ "rgba(237, 129, 40, 0.89)",
+ "#299c46"
+ ],
+ "datasource": null,
+ "decimals": 0,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 4,
+ "x": 12,
+ "y": 5
+ },
+ "id": 8,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 3,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": "host",
+ "repeatDirection": "v",
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "apache_BusyWorkers{host=~\"$host\"}",
+ "format": "time_series",
+ "interval": "30s",
+ "intervalFactor": 2,
+ "legendFormat": "",
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "title": "Current connections for Apache@${host}",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "cacheTimeout": null,
+ "colorBackground": false,
+ "colorValue": false,
+ "colors": [
+ "#d44a3a",
+ "rgba(237, 129, 40, 0.89)",
+ "#299c46"
+ ],
+ "datasource": null,
+ "decimals": 0,
+ "format": "none",
+ "gauge": {
+ "maxValue": 100,
+ "minValue": 0,
+ "show": false,
+ "thresholdLabels": false,
+ "thresholdMarkers": true
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 4,
+ "x": 16,
+ "y": 5
+ },
+ "id": 12,
+ "interval": null,
+ "links": [],
+ "mappingType": 1,
+ "mappingTypes": [
+ {
+ "name": "value to text",
+ "value": 1
+ },
+ {
+ "name": "range to text",
+ "value": 2
+ }
+ ],
+ "maxDataPoints": 100,
+ "minSpan": 3,
+ "nullPointMode": "connected",
+ "nullText": null,
+ "postfix": "",
+ "postfixFontSize": "50%",
+ "prefix": "",
+ "prefixFontSize": "50%",
+ "rangeMaps": [
+ {
+ "from": "null",
+ "text": "N/A",
+ "to": "null"
+ }
+ ],
+ "repeat": "host",
+ "repeatDirection": "v",
+ "sparkline": {
+ "fillColor": "rgba(31, 118, 189, 0.18)",
+ "full": false,
+ "lineColor": "rgb(31, 120, 193)",
+ "show": true
+ },
+ "tableColumn": "",
+ "targets": [
+ {
+ "expr": "apache_IdleWorkers{host=~\"$host\"}",
+ "format": "time_series",
+ "interval": "30s",
+ "intervalFactor": 2,
+ "refId": "A"
+ }
+ ],
+ "thresholds": "",
+ "title": "Current idle workers for Apache@${host}",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+ {
+ "op": "=",
+ "text": "N/A",
+ "value": "null"
+ }
+ ],
+ "valueName": "current"
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 8
+ },
+ "id": 18,
+ "panels": [],
+ "title": "Series",
+ "type": "row"
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 6,
+ "w": 12,
+ "x": 0,
+ "y": 9
+ },
+ "id": 2,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {}
+ ],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "irate(apache_TotalAccesses{host=~\"$host\"}[1m])",
+ "format": "time_series",
+ "intervalFactor": 10,
+ "legendFormat": "{{ host }}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Number of requests",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "ops",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "decimals": 2,
+ "fill": 1,
+ "gridPos": {
+ "h": 6,
+ "w": 12,
+ "x": 12,
+ "y": 9
+ },
+ "id": 4,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "irate(apache_TotalkBytes{host=~\"$host\"}[1m])",
+ "format": "time_series",
+ "intervalFactor": 10,
+ "legendFormat": "{{ host }}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Bytes transmitted",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "KBs",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "decimals": 0,
+ "fill": 1,
+ "gridPos": {
+ "h": 6,
+ "w": 12,
+ "x": 0,
+ "y": 15
+ },
+ "id": 6,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": true,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "apache_BusyWorkers{host=~\"$host\"}",
+ "format": "time_series",
+ "intervalFactor": 10,
+ "legendFormat": "{{ host }}",
+ "refId": "A"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Number of connections",
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "decimals": 0,
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": "0",
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
+ },
+ {
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
+ "datasource": null,
+ "fill": 1,
+ "gridPos": {
+ "h": 6,
+ "w": 12,
+ "x": 12,
+ "y": 15
+ },
+ "id": 10,
+ "legend": {
+ "alignAsTable": true,
+ "avg": false,
+ "current": true,
+ "hideEmpty": true,
+ "hideZero": true,
+ "max": false,
+ "min": false,
+ "rightSide": true,
+ "show": true,
+ "sort": "current",
+ "sortDesc": true,
+ "total": false,
+ "values": true
+ },
+ "lines": true,
+ "linewidth": 2,
+ "links": [],
+ "nullPointMode": "null",
+ "percentage": false,
+ "pointradius": 5,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
+ "targets": [
+ {
+ "expr": "apache_scboard_closing{host=~\"$host\"}",
+ "format": "time_series",
+ "interval": "15s",
+ "intervalFactor": 10,
+ "legendFormat": "closing {{ host }}",
+ "refId": "A"
+ },
+ {
+ "expr": "apache_scboard_dnslookup{host=~\"$host\"}",
+ "format": "time_series",
+ "interval": "15s",
+ "intervalFactor": 10,
+ "legendFormat": "dnslookup {{ host }}",
+ "refId": "B"
+ },
+ {
+ "expr": "apache_scboard_finishing{host=~\"$host\"}",
+ "format": "time_series",
+ "interval": "15s",
+ "intervalFactor": 10,
+ "legendFormat": "finishing {{ host }}",
+ "refId": "C"
+ },
+ {
+ "expr": "apache_scboard_idle_cleanup{host=~\"$host\"}",
+ "format": "time_series",
+ "interval": "15s",
+ "intervalFactor": 10,
+ "legendFormat": "dle_cleanup {{ host }}",
+ "refId": "D"
+ },
+ {
+ "expr": "apache_scboard_keepalive{host=~\"$host\"}",
+ "format": "time_series",
+ "interval": "15s",
+ "intervalFactor": 10,
+ "legendFormat": "keepalive {{ host }}",
+ "refId": "E"
+ },
+ {
+ "expr": "apache_scboard_logging{host=~\"$host\"}",
+ "format": "time_series",
+ "interval": "15s",
+ "intervalFactor": 10,
+ "legendFormat": "logging {{ host }}",
+ "refId": "F"
+ },
+ {
+ "expr": "apache_scboard_open{host=~\"$host\"}",
+ "format": "time_series",
+ "interval": "15s",
+ "intervalFactor": 10,
+ "legendFormat": "open {{ host }}",
+ "refId": "G"
+ },
+ {
+ "expr": "apache_scboard_reading{host=~\"$host\"}",
+ "format": "time_series",
+ "interval": "15s",
+ "intervalFactor": 10,
+ "legendFormat": "reading {{ host }}",
+ "refId": "H"
+ },
+ {
+ "expr": "apache_scboard_sending{host=~\"$host\"}",
+ "format": "time_series",
+ "interval": "15s",
+ "intervalFactor": 10,
+ "legendFormat": "sending {{ host }}",
+ "refId": "I"
+ },
+ {
+ "expr": "apache_scboard_starting{host=~\"$host\"}",
+ "format": "time_series",
+ "interval": "15s",
+ "intervalFactor": 10,
+ "legendFormat": "starting {{ host }}",
+ "refId": "J"
+ },
+ {
+ "expr": "apache_scboard_waiting{host=~\"$host\"}",
+ "format": "time_series",
+ "interval": "15s",
+ "intervalFactor": 10,
+ "legendFormat": "waiting {{ host }}",
+ "refId": "K"
+ }
+ ],
+ "thresholds": [],
+ "timeFrom": null,
+ "timeShift": null,
+ "title": "Worker states",
+ "tooltip": {
+ "shared": true,
+ "sort": 2,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "buckets": null,
+ "mode": "time",
+ "name": null,
+ "show": true,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ },
+ {
+ "format": "short",
+ "label": null,
+ "logBase": 1,
+ "max": null,
+ "min": null,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false,
+ "alignLevel": null
+ }
}
],
- "schemaVersion": 14,
- "sharedCrosshair": true,
+ "schemaVersion": 16,
"style": "dark",
"tags": [
"apache"
],
"templating": {
"list": [
- {
+ {
"allValue": ".*",
"current": {},
- "datasource": "prometheus",
+ "datasource": null,
"hide": 0,
"includeAll": true,
"label": null,
@@ -582,7 +1107,6 @@
"options": [],
"query": "label_values(apache_up,host)",
"refresh": 1,
- "refresh_on_load": true,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
@@ -590,11 +1114,11 @@
"tagsQuery": "",
"type": "query",
"useTags": false
- }
+ }
]
},
"time": {
- "from": "now-1h",
+ "from": "now-7d",
"to": "now"
},
"timepicker": {
@@ -624,6 +1148,7 @@
},
"timezone": "browser",
"title": "Apache",
+ "uid": "",
"version": 1
}
{% endraw %}
diff --git a/apache/files/httpd_ssl.conf b/apache/files/httpd_ssl.conf
new file mode 100644
index 0000000..2c8bb01
--- /dev/null
+++ b/apache/files/httpd_ssl.conf
@@ -0,0 +1,30 @@
+{%- from "apache/map.jinja" import server with context -%}
+ {%- if server.ssl is defined %}
+ {%- if server.get('ssl', {'enabled': False}).enabled %}
+ {%- if server.ssl.crypto_device is defined %}
+SSLCryptoDevice {{ server.ssl.crypto_device }}
+ {%- endif %}
+ {%- if server.ssl.fips is defined %}
+SSLFIPS {{ server.ssl.fips }}
+ {%- endif %}
+ {%- if server.ssl.passphrase is defined %}
+SSLPassPhraseDialog {{ server.ssl.passphrase }}
+ {%- endif %}
+ {%- if server.ssl.random_seed is defined %}
+ {%- for random_seed_name, random_seed in server.ssl.get('random_seed', {}).iteritems() %}
+ {%- if random_seed.get('enabled', False) %}
+SSLRandomSeed {{ random_seed.context }} {{ random_seed.source }}
+ {%- endif %}
+ {%- endfor %}
+ {%- endif %}
+ {%- if server.ssl.session_cache is defined %}
+SSLSessionCache {{ server.ssl.session_cache }}
+ {%- endif %}
+ {%- if server.ssl.stapling_cache is defined %}
+SSLStaplingCache {{ server.ssl.stapling_cache }}
+ {%- endif %}
+ {%- if server.ssl.ssl_user_name is defined %}
+SSLUserName {{ server.ssl.ssl_user_name }}
+ {%- endif %}
+ {%- endif %}
+ {%- endif %}
diff --git a/apache/map.jinja b/apache/map.jinja
index 8d89577..c53253f 100644
--- a/apache/map.jinja
+++ b/apache/map.jinja
@@ -1,7 +1,7 @@
{% set server = salt['grains.filter_by']({
'Debian': {
- 'pkgs': ['apache2'],
+ 'pkgs': ['apache2', 'openssl'],
'service': 'apache2',
'mod_wsgi': 'libapache2-mod-wsgi',
'mod_php': 'libapache2-mod-php5',
@@ -22,7 +22,7 @@
},
},
'Arch': {
- 'pkgs': ['apache'],
+ 'pkgs': ['apache', 'openssl'],
'service': 'httpd',
'mod_wsgi': 'wsgi-apache',
'mod_php': 'php-apache',
@@ -36,7 +36,7 @@
'service_group': 'apache',
},
'RedHat': {
- 'pkgs': ['httpd'],
+ 'pkgs': ['httpd', 'openssl'],
'service': 'httpd',
'mod_wsgi': 'mod_wsgi',
'vhost_dir': '/etc/httpd/conf.d',
@@ -49,7 +49,7 @@
'service_group': 'apache',
},
'FreeBSD': {
- 'pkgs': ['apache22'],
+ 'pkgs': ['apache22', 'openssl'],
'service': 'apache22',
'mod_wsgi': 'ap22-mod_wsgi3',
'vhost_dir': '/usr/local/etc/apache22/Includes',
@@ -63,7 +63,7 @@
},
}, merge=salt['grains.filter_by']({
'trusty': {
- 'pkgs': ['apache2', 'apache2-utils'],
+ 'pkgs': ['apache2', 'apache2-utils', 'openssl'],
'service': 'apache2',
'mod_wsgi': 'libapache2-mod-wsgi',
'mod_php': 'libapache2-mod-php5',
@@ -85,7 +85,7 @@
},
},
'xenial': {
- 'pkgs': ['apache2'],
+ 'pkgs': ['apache2', 'openssl'],
'service': 'apache2',
'mod_wsgi': 'libapache2-mod-wsgi',
'mod_php': 'libapache2-mod-php7.0',
diff --git a/apache/server/service/init.sls b/apache/server/service/init.sls
index c11beb0..80ad43f 100644
--- a/apache/server/service/init.sls
+++ b/apache/server/service/init.sls
@@ -34,6 +34,30 @@
- watch_in:
- service: apache_service
+ {%- if server.ssl is defined %}
+ {%- if server.get('ssl', {'enabled': False}).enabled %}
+apache_httpd_ssl_config:
+ file.managed:
+ - name: {{ server.conf_dir }}/httpd_ssl.conf
+ - source: salt://apache/files/httpd_ssl.conf
+ - template: jinja
+ - require:
+ - pkg: apache_packages
+ - watch_in:
+ - service: apache_service
+
+ {%- if grains.os_family == "Debian" %}
+apache_httpd_ssl_config_enable:
+ cmd.run:
+ - name: "a2enconf httpd_ssl"
+ - require:
+ - pkg: apache_packages
+ - watch_in:
+ - service: apache_service
+ {%- endif %}
+ {%- endif %}
+ {%- endif %}
+
{%- if grains.os_family == "Debian" %}
/etc/apache2/conf-enabled/security.conf:
file.symlink:
diff --git a/apache/server/site.sls b/apache/server/site.sls
index 64a2857..7b8e560 100644
--- a/apache/server/site.sls
+++ b/apache/server/site.sls
@@ -8,6 +8,30 @@
{% if site.enabled or site.get('available', False) %}
+ {%- if site.get('ssl', {'enabled': False}).enabled %}
+ {%- if site.ssl.get('dhparam', {'enabled': False}).enabled %}
+apache_generate_{{ site_name }}_dhparams:
+ cmd.run:
+ - name: openssl dhparam -out /etc/ssl/dhparams_apache_{{ site_name }}.pem {% if site.ssl.dhparam.numbits is defined %}{{ site.ssl.dhparam.numbits }}{% else %}2048{% endif %}
+ - unless: "test -f /etc/ssl/dhparams_apache_{{ site_name }}.pem && [ $(openssl dhparam -inform PEM -in /etc/ssl/dhparams_apache_{{ site_name }}.pem -check -text | grep -Po 'DH Parameters: \\(\\K[0-9]+') = {% if site.ssl.dhparam.numbits is defined %}{{ site.ssl.dhparam.numbits }}{% else %}2048{% endif %} ]"
+ - require:
+ - pkg: apache_packages
+ - watch_in:
+ - service: apache_service
+ {% endif %}
+
+ {%- if site.ssl.get('ticket_key', {'enabled': False}).enabled %}
+apache_generate_{{ site_name }}_ticket_key:
+ cmd.run:
+ - name: openssl rand {% if site.ssl.ticket_key.numbytes is defined %}{{ site.ssl.ticket_key.numbytes }}{% else %}48{% endif %} > /etc/ssl/ticket_apache_{{ site_name }}.key
+ - unless: "test -f /etc/ssl/ticket_apache_{{ site_name }}.key && [ $(wc -c < /etc/ssl/ticket_apache_{{ site_name }}.key) = {% if site.ssl.ticket_key.numbytes is defined %}{{ site.ssl.ticket_key.numbytes }}{% else %}48{% endif %} ]"
+ - require:
+ - pkg: apache_packages
+ - watch_in:
+ - service: apache_service
+ {% endif %}
+ {% endif %}
+
{{ server.vhost_dir }}/{{ site.type }}_{{ site.name }}{{ server.conf_ext }}:
file.managed:
{%- if site.type in ['proxy', 'redirect', 'static', 'stats', 'wsgi' ] %}
diff --git a/tests/pillar/apache_server_php7_ssl.sls b/tests/pillar/apache_server_php7_ssl.sls
new file mode 100644
index 0000000..e803587
--- /dev/null
+++ b/tests/pillar/apache_server_php7_ssl.sls
@@ -0,0 +1,328 @@
+apache:
+ server:
+ ssl:
+ enabled: True
+ crypto_device: 'builtin'
+ fips: 'off'
+ passphrase: 'builtin'
+ random_seed:
+ seed1:
+ context: 'startup'
+ source: 'file:/dev/urandom 256'
+ enabled: True
+ seed2:
+ context: 'connect'
+ source: 'builtin'
+ enabled: True
+ session_cache: 'none'
+ stapling_cache: 'default'
+ ssl_user_name: 'SSL_CLIENT_S_DN_CN'
+ enabled: true
+ modules:
+ - cgi
+ - php
+ - auth_kerb
+ - headers
+ - rewrite
+ - authnz_ldap
+ - dav
+ - dav_fs
+ - ssl
+ module_php: php7.0
+ user:
+ cloudlab:
+ enabled: true
+ password: cloudlab
+ htpasswd: cloudlab.htpasswd
+ robots:
+ default:
+ all:
+ disallow:
+ - /
+ site:
+ roundcube:
+ enabled: true
+ ssl:
+ enabled: true
+ mode: strict
+ ciphers:
+ ECDHE_RSA_AES256_GCM_SHA384:
+ name: 'ECDHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE_ECDSA_AES256_GCM_SHA384:
+ name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
+ enabled: True
+ protocols:
+ TLS1:
+ name: 'TLSv1'
+ enabled: True
+ TLS1_1:
+ name: 'TLSv1.1'
+ enabled: True
+ TLS1_2:
+ name: 'TLSv1.2'
+ enabled: False
+ prefer_server_ciphers: 'on'
+ key: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIG4wIBAAKCAYEAq5spAL9CIZbe687oudIttun6ciXynqHmVb0wqpvKF7SwwrOh
+ AMINZG7rqUYK+LAtbfk53yr8nKaIf8CfGfVPInSgKiA/cW67kXUJ9jQ9VgnE8Hlo
+ Itj3ExmYKoQpMR9zQLHVo6Qzzend1MD+LoS0Gusw2hJEM46bO3RRd6uYFt5oxiTY
+ VVll651kUURVbuTn22xZAeif7Swh4zKzn8jJ0Wha9P+oDJNo74U2k5oRnRBqUxhg
+ s7eZbpzSPZ2AobSB5d+PmlXr8oHBGHTIJ67oCJVpn8LbtE4Rfsk2/s/mhufhXRNf
+ dyj+XZ8TX2Y7mZ86F8iZdLhMEXEkagji0+lumFgtUhqYaLRU40lDr1ifwrOCmFx2
+ q4Jkjl9bbDZ+ckua3uPar7/0JS2ZGW17mU/T6nrf2UxNa7/r6jS5XKCMRLmTH7mh
+ 21PXpDuFursnAVpOiZRks840KvjdIwX8bHVFd+E45nLDhjWNhRjsvRymZfQ3dRoO
+ MFHP/eoOuzQnxG7xAgMBAAECggGAJX8RxogD+zLsIrpjP7cdJgqaHrcL/H2Dxtg/
+ +gdwcR2aQfDeDTxZkMhr1eDoJM7aHl2Gt6y85b29taxxF0ryr6SsGohRVIfNlEru
+ kk132YTo82KTzol580J0bVXTalhk5o31EHyglS20uvgwkhmNARTC5+N1444VfTg9
+ VNi5ssWGP0Vtv7h4/LK3aMp1oHWD8/4ItNIPn9M01GAPv6ov7wHOXho+rgDHvQ5u
+ jnHrx1X+5Yk+GAbWD8VUawIvSSYXoHhKxDYjT8KYEtVZFgP12NIoWp+THczK6JMh
+ dYuSSXXOTlPTfec9/OmJ5eMXCWYS0Ns7J9U0/oG6unfiEVzgcKmz6hBMKQMkVwsR
+ POUbtopQqs6sdekZGq5SuuDvtDENkhwbC0DTmrr2PMinZag+F62cg0TBxQQt+RkS
+ EKJwKalOLH3svsY9bsmXKKBMsl7hIHjslVp3h5Es314q8Vqp3QhwqpD72owuARVo
+ i81S7WeQTmxKWSZquNnSHDtJn1XBAoHBANRFpCF1j9MjqLZ3tXSiT/wP6wW65GK4
+ 8yXfRFW8pZjvMeT0IN9ClHZHB3G1kO/8H4Ksex+IJzieJnp+4UhhN97WBRf5FTXV
+ shftb7V2ZLFWbn2KwnbOSjLcT9UoEVOhwp+TCgV3QIqGHvSLj45pB0uERNoUts5I
+ 5+VnXNDzw2AFqnH3KLgKIRDTEj1okaJrkqyb2EKFDybo3lsCPcqO8qclvKvMv7y4
+ +vqBgV17RoR6vQIXaLgdOHJYo45Z0kV2lwKBwQDO9PawowOh+rOaGOQoqWoOGDVv
+ RTe5INVQFPWm1wvsZYZ+FzP6rP6RHQB/VcNTBUfwGnk8lSulN8vyo4Zipe3UgBK1
+ DM6LjXMhdyOjGiOw3M6BzZHMxiQD2lTvqURpTf8XYlBj/lpw6z/w2B9F1LZPzw7T
+ JTEvPFNMeH77bvy8M+lu5uucOgyU/6gUgEDxdfcVbQRSRJ+wGVrf2BVPIsMWxPcr
+ dY9ziG7WCxdCEGDVRgiAOo1YcSlvdJ6NlCauv7cCgcB70N9K0PsCijM3s525GZAU
+ E+jfn8LlvsG9Hn0KkY36JdNxm+CsuXZFg2rZLbIL+YEbxKXQn6dZBA6ntuiLQoHH
+ TgkMkbKIg0xtXoahTxyuwB6UxeJmUC/BePZr/AIXSSxvzeGzjHquEktuExW6WJLz
+ voQ2vIxgyO/SxLbD/tvAX62q6iLrLqVY3fUuspb4KU0Vt5WuP1S2OnCwnx8Rzs3F
+ J2Lkxvo0B6YFhpLBx007qygiVysy8YBiWkeUmdnnwKMCgcBoMzRFyT3Z/2UQUDoI
+ Mwxf3laBGKOuxVZBhNwOTbYGJzPpJnuYWiOuIqEOe7rlgQIwZNPn6d9Yx1gbabQO
+ 1SaC2J0SpUkVQHnYPqklxNJ1iSc8ealQJe8aNYKQTHRSZN/sASciwXz936SI+ff8
+ 69WDJ2h6bP5vnvr9xKmCpOYBSE3e9ctpFF0jY/lXoR+Rs2hdVE9ZsI2KV6nGjIBm
+ IMWDIFamfgFlFStg/6KNM7vdhe5fyZtDDW7kXB48gHxdfc8CgcEAgnqyIL940xfG
+ BndbV0yWBI6VsmeaQdB/xaJetAMENUZlT/3CP4XecHMBDXhGv1p8nAqfLhlLfpus
+ aJUpSXB+aXz8ftR1Y7efLMKAW2IKs4+U5Fx4S99Ui71vgWYl8sJOqS+1jijSqZ0K
+ JzLO4lnAYfwV5mve8JB5NmGffOaPrBvfiY9Q6/pZ4kHEZAJBr6Nn7tFp8LyRewxM
+ FLDC6kPWlj/qE92b4zsc6DvAW3M/kIsqATRPijLuqyKDfgQ+QAYn
+ -----END RSA PRIVATE KEY-----
+ cert: |
+ -----BEGIN CERTIFICATE-----
+ MIIE3jCCA0agAwIBAgIMWQmRtQWP7bWTfSYmMA0GCSqGSIb3DQEBCwUAMEgxFTAT
+ BgNVBAMTDGNsb3VkIGRldm9wczERMA8GA1UEChMIbWlyYW50aXMxDzANBgNVBAgT
+ BlByYWd1ZTELMAkGA1UEBhMCQ1owHhcNMTcwNTAzMDgxNTQ5WhcNMjcwNTAxMDgx
+ NTQ5WjBVMREwDwYDVQQDEwh3aWxkY2FyZDEPMA0GA1UECxMGZGV2b3BzMREwDwYD
+ VQQKEwhtaXJhbnRpczEPMA0GA1UECBMGUHJhZ3VlMQswCQYDVQQGEwJDWjCCAaIw
+ DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKubKQC/QiGW3uvO6LnSLbbp+nIl
+ 8p6h5lW9MKqbyhe0sMKzoQDCDWRu66lGCviwLW35Od8q/JymiH/Anxn1TyJ0oCog
+ P3Fuu5F1CfY0PVYJxPB5aCLY9xMZmCqEKTEfc0Cx1aOkM83p3dTA/i6EtBrrMNoS
+ RDOOmzt0UXermBbeaMYk2FVZZeudZFFEVW7k59tsWQHon+0sIeMys5/IydFoWvT/
+ qAyTaO+FNpOaEZ0QalMYYLO3mW6c0j2dgKG0geXfj5pV6/KBwRh0yCeu6AiVaZ/C
+ 27ROEX7JNv7P5obn4V0TX3co/l2fE19mO5mfOhfImXS4TBFxJGoI4tPpbphYLVIa
+ mGi0VONJQ69Yn8KzgphcdquCZI5fW2w2fnJLmt7j2q+/9CUtmRlte5lP0+p639lM
+ TWu/6+o0uVygjES5kx+5odtT16Q7hbq7JwFaTomUZLPONCr43SMF/Gx1RXfhOOZy
+ w4Y1jYUY7L0cpmX0N3UaDjBRz/3qDrs0J8Ru8QIDAQABo4G6MIG3MAwGA1UdEwEB
+ /wQCMAAwQQYDVR0RBDowOIIHKi5sb2NhbIIKKi5jaS5sb2NhbIIIKi5jaS5kZXaC
+ CSouY2kudGVzdIIMKi5jaS5zdGFnaW5nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G
+ A1UdDwEB/wQFAwMHIAAwHQYDVR0OBBYEFGtBfuF1lejUs6Bh87nkCgrjv3UuMB8G
+ A1UdIwQYMBaAFIrt2HX5Q/vHJHZpGDTbhUoF09qfMA0GCSqGSIb3DQEBCwUAA4IB
+ gQAud7sUeG4nCAY9GaeswvRQL58GqJEkfYFXSzWcxwluyTsz/z/7CQiNG77/jHPs
+ IvJBt79uFQWL8YINrdzMIGRpHLpTT6g7hRDtx0T0tzj28bu4twayu9ePMPQIgh/3
+ ISJBIIeJIKQ/EWCm+3ePKKZWp3OscxPUdSLNf+3dmvSWmjdazhq5F/d5i4u5Fqur
+ iHaw6P/bGd2yqSiiYC1Csr1+Rfe+ulyk1NUBtpewX/96KjWNlU7q9F3RxiTNxh7x
+ CDJf5DBHIQP/KCquq8T3uZAOV2sN+HGvO4OzelisnzmRuRm8Lk4ZYNPXFTugdysY
+ HZk3aBIfowkAbNGsGOaiLkc80GxDwXXGCvTLHUXtPYH+Dkw1PRZkP+UhxT9b70El
+ qaZkfvfWEum90BH0km+1dPB/mBMqoTRXVmRyrc2QFsxRGenDbM5RhcT4HfgxCyzC
+ J2EGz8Wzf1bn2kRR4uomSzcoLe8lCM79M+DY21dxP0V8dq2sNvHOqP/0HT62BlEq
+ XtI=
+ -----END CERTIFICATE-----
+ chain: |
+ -----BEGIN CERTIFICATE-----
+ MIIE3jCCA0agAwIBAgIMWQmRtQWP7bWTfSYmMA0GCSqGSIb3DQEBCwUAMEgxFTAT
+ BgNVBAMTDGNsb3VkIGRldm9wczERMA8GA1UEChMIbWlyYW50aXMxDzANBgNVBAgT
+ BlByYWd1ZTELMAkGA1UEBhMCQ1owHhcNMTcwNTAzMDgxNTQ5WhcNMjcwNTAxMDgx
+ NTQ5WjBVMREwDwYDVQQDEwh3aWxkY2FyZDEPMA0GA1UECxMGZGV2b3BzMREwDwYD
+ VQQKEwhtaXJhbnRpczEPMA0GA1UECBMGUHJhZ3VlMQswCQYDVQQGEwJDWjCCAaIw
+ DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKubKQC/QiGW3uvO6LnSLbbp+nIl
+ 8p6h5lW9MKqbyhe0sMKzoQDCDWRu66lGCviwLW35Od8q/JymiH/Anxn1TyJ0oCog
+ P3Fuu5F1CfY0PVYJxPB5aCLY9xMZmCqEKTEfc0Cx1aOkM83p3dTA/i6EtBrrMNoS
+ RDOOmzt0UXermBbeaMYk2FVZZeudZFFEVW7k59tsWQHon+0sIeMys5/IydFoWvT/
+ qAyTaO+FNpOaEZ0QalMYYLO3mW6c0j2dgKG0geXfj5pV6/KBwRh0yCeu6AiVaZ/C
+ 27ROEX7JNv7P5obn4V0TX3co/l2fE19mO5mfOhfImXS4TBFxJGoI4tPpbphYLVIa
+ mGi0VONJQ69Yn8KzgphcdquCZI5fW2w2fnJLmt7j2q+/9CUtmRlte5lP0+p639lM
+ TWu/6+o0uVygjES5kx+5odtT16Q7hbq7JwFaTomUZLPONCr43SMF/Gx1RXfhOOZy
+ w4Y1jYUY7L0cpmX0N3UaDjBRz/3qDrs0J8Ru8QIDAQABo4G6MIG3MAwGA1UdEwEB
+ /wQCMAAwQQYDVR0RBDowOIIHKi5sb2NhbIIKKi5jaS5sb2NhbIIIKi5jaS5kZXaC
+ CSouY2kudGVzdIIMKi5jaS5zdGFnaW5nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G
+ A1UdDwEB/wQFAwMHIAAwHQYDVR0OBBYEFGtBfuF1lejUs6Bh87nkCgrjv3UuMB8G
+ A1UdIwQYMBaAFIrt2HX5Q/vHJHZpGDTbhUoF09qfMA0GCSqGSIb3DQEBCwUAA4IB
+ gQAud7sUeG4nCAY9GaeswvRQL58GqJEkfYFXSzWcxwluyTsz/z/7CQiNG77/jHPs
+ IvJBt79uFQWL8YINrdzMIGRpHLpTT6g7hRDtx0T0tzj28bu4twayu9ePMPQIgh/3
+ ISJBIIeJIKQ/EWCm+3ePKKZWp3OscxPUdSLNf+3dmvSWmjdazhq5F/d5i4u5Fqur
+ iHaw6P/bGd2yqSiiYC1Csr1+Rfe+ulyk1NUBtpewX/96KjWNlU7q9F3RxiTNxh7x
+ CDJf5DBHIQP/KCquq8T3uZAOV2sN+HGvO4OzelisnzmRuRm8Lk4ZYNPXFTugdysY
+ HZk3aBIfowkAbNGsGOaiLkc80GxDwXXGCvTLHUXtPYH+Dkw1PRZkP+UhxT9b70El
+ qaZkfvfWEum90BH0km+1dPB/mBMqoTRXVmRyrc2QFsxRGenDbM5RhcT4HfgxCyzC
+ J2EGz8Wzf1bn2kRR4uomSzcoLe8lCM79M+DY21dxP0V8dq2sNvHOqP/0HT62BlEq
+ XtI=
+ -----END CERTIFICATE-----
+ -----BEGIN CERTIFICATE-----
+ MIIEWTCCAsGgAwIBAgIMWQmRjiv/O7NwT3AxMA0GCSqGSIb3DQEBCwUAMEgxFTAT
+ BgNVBAMTDGNsb3VkIGRldm9wczERMA8GA1UEChMIbWlyYW50aXMxDzANBgNVBAgT
+ BlByYWd1ZTELMAkGA1UEBhMCQ1owHhcNMTcwNTAzMDgxNTEwWhcNMjcwNTAxMDgx
+ NTEwWjBIMRUwEwYDVQQDEwxjbG91ZCBkZXZvcHMxETAPBgNVBAoTCG1pcmFudGlz
+ MQ8wDQYDVQQIEwZQcmFndWUxCzAJBgNVBAYTAkNaMIIBojANBgkqhkiG9w0BAQEF
+ AAOCAY8AMIIBigKCAYEAyIW/3H2CIvnkflCm4bc9im8TeoE+s/W/OI80d1cgfnVY
+ VRvQMuhfKMV9Ec83qaMoT/VD2TLGoaLTKxvn05jpYd7lFf+ekZXPC1tK+Wgj5w38
+ c/V+tux6uYMPDo9XoHkGqakqE0Y9PkiUcsiOhCXMzrr3SkkpHqLV32kEKz711ibi
+ h4ATeYou7Q0hsRqRfjRj/JAr+nVQiZM39jm1OvA7VYgIrppu2rSSJwsOhneG2dhP
+ EEhpTSWB/kMPmxMQygKGZc08noZsReC7U5F+n2+DDkhdvQtQUqN2UZ4iCWt1aMxd
+ FDYmXm0uB6utJCsxy3uf4Mkfb86RBI5owECel4ASTQcAIRQNsFcaQg408c+sXTuB
+ 44RZBgJY6re2UEGGUiZ0i7mAR07Ava3dve2Rm24t2Lg17WIuIQC+kqIbgvnj9KtS
+ w00JyXFCrbiYmxpx286X27ca7sLGZZnpSNfoGvfX1UFlmmK/89klR+kMktgGdka6
+ pnfbGDLfS5h7AkZnjzAnAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0P
+ AQH/BAUDAwcGADAdBgNVHQ4EFgQUiu3YdflD+8ckdmkYNNuFSgXT2p8wDQYJKoZI
+ hvcNAQELBQADggGBAGkWleGTCwl5v9DyL+ReQ7cIsZp2FZCPATWjrlY69QNpa7s/
+ h7gS0Lx1bmwSVyM/A7DrmHUz2ScUjJJeZuOAt2LaKl8rnMJMSRIj4WosIB886bOw
+ d6polbiVWRFUGEaD/X9L4AJFLE3X8ITuwd4ukwCB4IvEuPLhDVIFHFIk2ur7n0HF
+ XsE/SNmsRuULMXLEqguWmCXhHqsbFoBrmUdUIyVPav9j/XFc/3jG5kAn25Qz9LfV
+ cX1LJihPbtCrc1LtBqV0LrV6aFwcl8c9JFR3qha19za/Fk/JnKz1E6CbVWMLLSOo
+ +fTGf4nvof/jJS61vKwRE3lyxZNciiXQV4fGVRIrVkbULbNSgmQaFtNFBwQ07w61
+ 5ks8/gGnwHKnNc9kQdPm8nNjY7Jqp9XI8RaLoLvqaTAqcempwiyPYT8qu3JE79Dl
+ 6Jw10sI4/PqU5XVTqSCrvmICOOgZbFRWgCLwJzp5rq0cWvJH0N5PyATL6FfhDGm0
+ myUGszN7wRKeJqKa1w==
+ -----END CERTIFICATE-----
+ session_timeout: '300'
+ dhparam:
+ enabled: False
+ numbits: 1024
+ ecdh_curve:
+ secp384r1:
+ name: 'secp384r1'
+ enabled: False
+ secp521r1:
+ name: 'secp521r1'
+ enabled: True
+ ticket_key:
+ enabled: True
+ numbytes: 48
+ session_tickets: 'on'
+ stapling: 'off'
+ crl:
+ file: '/etc/ssl/crl/crl.pem'
+ path: '/etc/ssl/crl'
+ value: 'chain'
+ enabled: False
+ verify_client: 'none'
+ client_certificate:
+ file: '/etc/ssl/client_cert.pem'
+ enabled: False
+ compression: 'off'
+ ssl_engine: 'on'
+ insecure_renegotiation: 'off'
+ ocsp:
+ default_responder: 'http://responder.example.com:8888/responder'
+ ocsp_enable: 'off'
+ override_responder: 'off'
+ responder_timeout: '50'
+ max_age: '300'
+ time_skew: '300'
+ nonce: 'on'
+ enabled: True
+ conf_cmd:
+ sessionticket:
+ command_name: 'Options'
+ command_value: '-SessionTicket'
+ enabled: True
+ serverpreference:
+ command_name: 'Options'
+ command_value: '-ServerPreference'
+ enabled: False
+ ssl_options:
+ fakebasicauth:
+ option: '+FakeBasicAuth'
+ enabled: 'True'
+ strictrequire:
+ option: '-StrictRequire'
+ enabled: True
+ proxy:
+ crl:
+ file: '/etc/ssl/crl/crl.pem'
+ path: '/etc/ssl/crl'
+ value: 'chain'
+ enabled: False
+ check_peer_cn: 'off'
+ check_peer_expire: 'off'
+ check_peer_name: 'off'
+ ciphers:
+ ECDHE_RSA_AES256_GCM_SHA384:
+ name: 'ECDHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE_ECDSA_AES256_GCM_SHA384:
+ name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
+ enabled: False
+ ssl_engine: 'on'
+ verify: 'none'
+ verify_depth: '1'
+ ssl_stapling:
+ error_cache_timeout: '600'
+ fake_try_later: 'off'
+ stapling_responder: 'http://responder.example.com:8888/responder'
+ responder_timeout: '600'
+ response_max_age: '300'
+ response_time_skew: '300'
+ responder_errors: 'off'
+ standard_cache_timeout: '600'
+ sniv_host_check: 'off'
+ verify_depth: '1'
+ type: static
+ name: roundcube
+ root: /usr/share/roundcube
+ robots: default
+ locations:
+ - uri: /admin
+ path: /usr/share/postfixadmin
+ auth:
+ engine: kerberos
+ name: "Kerberos Authentication"
+ require:
+ - "ldap-attribute memberOf='cn=jenkins,cn=groups,cn=accounts,dc=example,dc=eu'"
+ kerberos:
+ realms:
+ - EXAMPLE.EU
+ keytab: /etc/apache2/ipa.keytab
+ service: HTTP
+ method:
+ negotiate: true
+ k5passwd: true
+ - uri: /mailman
+ path: /usr/lib/cgi-bin/mailman
+ script: true
+ auth:
+ engine: basic
+ htpasswd: cloudlab.htpasswd
+ - uri: /pipermail
+ path: /var/lib/mailman/archives/public
+ webdav:
+ enabled: true
+ - uri: /images/mailman
+ path: /usr/share/images/mailman
+ host:
+ name: mail.example.com
+ aliases:
+ - mail.example.com
+ - lists.example.com
+ - mail01.example.com
+ - mail01
+ default_mpm: prefork
+ mpm:
+ prefork:
+ enabled: true
+ servers:
+ start: 5
+ spare:
+ min: ${apache:server:mpm:prefork:servers:start}
+ max: 10
+ # Avoid memory leakage by restarting workers every x requests
+ max_requests: 0
+ # Should be 80% of server memory / average memory usage of one worker
+ max_clients: 150
+ # Should be same or more than max clients
+ limit: ${apache:server:mpm:prefork:max_clients}