Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / apache / 5d81fbf01ea050a7f1e5f6168a16af6fb720ddeb / . / README.rst
blob: 6bd29ce8eb512142601ea78667ba20d1107b2922 [file] [log] [blame]
Aleš Komárek3a3de6e2017-04-11 13:41:09 +0200[diff] [blame]1==============
2Apache Formula
3==============
Filip Pytloun410abc42015-10-06 16:28:31 +0200[diff] [blame]4
5Install and configure Apache webserver
6
Aleš Komárek3a3de6e2017-04-11 13:41:09 +0200[diff] [blame]7Sample Pillars
8==============
Filip Pytloun410abc42015-10-06 16:28:31 +0200[diff] [blame]9
10Simple Apache proxy
11
12.. code-block:: yaml
13
14 apache:
15 server:
16 enabled: true
17 bind:
18 address: '0.0.0.0'
19 ports:
20 - 80
21 modules:
22 - proxy
23 - proxy_http
24 - proxy_balancer
25
26
27Apache plain static sites (eg. sphinx generated, from git/hg sources)
28
29.. code-block:: yaml
30
31 apache:
32 server:
33 enabled: true
34 bind:
35 address: '0.0.0.0'
36 ports:
37 - 80
38 modules:
39 - rewrite
40 - status
41 site:
42 - enabled: true
43 name: 'sphinxdoc'
44 type: 'static'
45 host:
46 name: 'doc.domain.com'
47 port: 80
48 source:
49 engine: local
50 - enabled: true
51 name: 'impressjs'
52 type: 'static'
53 host:
54 name: 'pres.domain.com'
55 port: 80
56 source:
57 engine: git
58 address: 'git@repo1.domain.cz:impress/billometer.git'
59 revision: 'master'
60
Filip Pytlounc135fa52015-11-25 12:28:45 +0100[diff] [blame]61Tune settings of mpm_prefork
62
63.. code-block:: yaml
64
65 parameters:
66 apache:
67 mpm:
68 prefork:
69 max_clients: 250
70 servers:
71 min: 32
72 max: 64
73 max_requests: 4000
74
Filip Pytloun590b5792016-01-27 11:24:29 +0100[diff] [blame]75Apache kerberos authentication:
76
77.. code-block:: yaml
78
79 parameters
80 apache:
81 server:
82 site:
83 auth:
84 engine: kerberos
85 name: "Kerberos Authentication"
86 require:
87 - "ldap-attribute memberOf='cn=somegroup,cn=groups,cn=accounts,dc=example,dc=com'"
88
89 kerberos:
90 realms:
91 - EXAMPLE.COM
92 # Bellow is optional
93 keytab: /etc/apache2/ipa.keytab
94 service: HTTP
95 method:
96 negotiate: true
97 k5passwd: true
98
99 ldap:
100 url: "ldaps://idm01.example.com/dc=example,dc=com?krbPrincipalName"
101 # mech is optional
102 mech: GSSAPI
103
Filip Pytloun3179bca2016-02-22 13:39:58 +0100[diff] [blame]104Tune security settings (these are default):
105
106.. code-block:: yaml
107
108 parameters:
109 apache:
110 server:
111 # ServerTokens
112 tokens: Prod
Filip Pytlounaffb18d2016-02-22 13:58:27 +0100[diff] [blame]113 # ServerSignature, can be also set per-site
114 signature: false
115 # TraceEnable, can be also set per-site
116 trace: false
117 # Deny access to .git, .svn, .hg directories
118 secure_scm: true
119 # Required for settings bellow
120 modules:
121 - headers
122 # Set X-Content-Type-Options
123 content_type_options: nosniff
124 # Set X-Frame-Options
125 frame_options: sameorigin
Filip Pytloun3179bca2016-02-22 13:39:58 +0100[diff] [blame]126
Aleš Komárek3a3de6e2017-04-11 13:41:09 +0200[diff] [blame]127Tuned up log configuration.
Simon Pasquierd9912952017-01-19 10:34:25 +0100[diff] [blame]128
129.. code-block:: yaml
130
131 parameters:
132 apache:
133 server:
134 site:
135 foo:
136 enabled: true
137 type: static
138 log:
139 custom:
140 enabled: true
141 file: /var/log/apache2/mylittleponysitecustom.log
142 format: >-
143 %{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"
144 error:
145 enabled: false
146 file: /var/log/apache2/foo.error.log
147 level: notice
148
Filip Pytloun410abc42015-10-06 16:28:31 +0200[diff] [blame]149Roundcube webmail, postfixadmin and mailman
150
151.. code-block:: yaml
152
153 classes:
154 - service.apache.server.single
155 parameters:
156 apache:
157 server:
jan kaufman75aae5c2016-01-26 14:49:12 +0100[diff] [blame]158 enabled: true
Filip Pytloun410abc42015-10-06 16:28:31 +0200[diff] [blame]159 modules:
160 - cgi
161 - php
162 site:
163 roundcube:
164 enabled: true
165 type: static
166 name: roundcube
167 root: /usr/share/roundcube
168 locations:
169 - uri: /admin
170 path: /usr/share/postfixadmin
171 - uri: /mailman
172 path: /usr/lib/cgi-bin/mailman
173 script: true
174 - uri: /pipermail
175 path: /var/lib/mailman/archives/public
176 - uri: /images/mailman
177 path: /usr/share/images/mailman
178 host:
179 name: mail.example.com
180 aliases:
181 - mail.example.com
182 - lists.example.com
183 - mail01.example.com
184 - mail01
185
Aleš Komárek3a3de6e2017-04-11 13:41:09 +0200[diff] [blame]186
187More Information
188================
Filip Pytloun410abc42015-10-06 16:28:31 +0200[diff] [blame]189
190* https://httpd.apache.org/docs/
Filip Pytloun87d08142017-02-02 12:52:21 +0100[diff] [blame]191
Aleš Komárek3a3de6e2017-04-11 13:41:09 +0200[diff] [blame]192
Filip Pytloun87d08142017-02-02 12:52:21 +0100[diff] [blame]193Documentation and Bugs
194======================
195
196To learn how to install and update salt-formulas, consult the documentation
197available online at:
198
199 http://salt-formulas.readthedocs.io/
200
201In the unfortunate event that bugs are discovered, they should be reported to
202the appropriate issue tracker. Use Github issue tracker for specific salt
203formula:
204
205 https://github.com/salt-formulas/salt-formula-apache/issues
206
207For feature requests, bug reports or blueprints affecting entire ecosystem,
208use Launchpad salt-formulas project:
209
210 https://launchpad.net/salt-formulas
211
212You can also join salt-formulas-users team and subscribe to mailing list:
213
214 https://launchpad.net/~salt-formulas-users
215
216Developers wishing to work on the salt-formulas projects should always base
217their work on master branch and submit pull request against specific formula.
218
219 https://github.com/salt-formulas/salt-formula-apache
220
221Any questions or feedback is always welcome so feel free to join our IRC
222channel:
223
224 #salt-formulas @ irc.freenode.net