| Aleš Komárek | 3a3de6e | 2017-04-11 13:41:09 +0200 | [diff] [blame] | 1 | ============== |
| 2 | Apache Formula |
| 3 | ============== |
| Filip Pytloun | 410abc4 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 4 | |
| 5 | Install and configure Apache webserver |
| 6 | |
| Aleš Komárek | 3a3de6e | 2017-04-11 13:41:09 +0200 | [diff] [blame] | 7 | Sample Pillars |
| 8 | ============== |
| Filip Pytloun | 410abc4 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 9 | |
| 10 | Simple Apache proxy |
| 11 | |
| 12 | .. code-block:: yaml |
| 13 | |
| 14 | apache: |
| 15 | server: |
| 16 | enabled: true |
| 17 | bind: |
| 18 | address: '0.0.0.0' |
| 19 | ports: |
| 20 | - 80 |
| 21 | modules: |
| 22 | - proxy |
| 23 | - proxy_http |
| 24 | - proxy_balancer |
| 25 | |
| 26 | |
| 27 | Apache plain static sites (eg. sphinx generated, from git/hg sources) |
| 28 | |
| 29 | .. code-block:: yaml |
| 30 | |
| 31 | apache: |
| 32 | server: |
| 33 | enabled: true |
| 34 | bind: |
| 35 | address: '0.0.0.0' |
| 36 | ports: |
| 37 | - 80 |
| 38 | modules: |
| 39 | - rewrite |
| 40 | - status |
| 41 | site: |
| 42 | - enabled: true |
| 43 | name: 'sphinxdoc' |
| 44 | type: 'static' |
| 45 | host: |
| 46 | name: 'doc.domain.com' |
| 47 | port: 80 |
| 48 | source: |
| 49 | engine: local |
| 50 | - enabled: true |
| 51 | name: 'impressjs' |
| 52 | type: 'static' |
| 53 | host: |
| 54 | name: 'pres.domain.com' |
| 55 | port: 80 |
| 56 | source: |
| 57 | engine: git |
| 58 | address: 'git@repo1.domain.cz:impress/billometer.git' |
| 59 | revision: 'master' |
| 60 | |
| Filip Pytloun | c135fa5 | 2015-11-25 12:28:45 +0100 | [diff] [blame] | 61 | Tune settings of mpm_prefork |
| 62 | |
| 63 | .. code-block:: yaml |
| 64 | |
| 65 | parameters: |
| 66 | apache: |
| 67 | mpm: |
| 68 | prefork: |
| 69 | max_clients: 250 |
| 70 | servers: |
| 71 | min: 32 |
| 72 | max: 64 |
| 73 | max_requests: 4000 |
| 74 | |
| Filip Pytloun | 590b579 | 2016-01-27 11:24:29 +0100 | [diff] [blame] | 75 | Apache kerberos authentication: |
| 76 | |
| 77 | .. code-block:: yaml |
| 78 | |
| 79 | parameters |
| 80 | apache: |
| 81 | server: |
| 82 | site: |
| 83 | auth: |
| 84 | engine: kerberos |
| 85 | name: "Kerberos Authentication" |
| 86 | require: |
| 87 | - "ldap-attribute memberOf='cn=somegroup,cn=groups,cn=accounts,dc=example,dc=com'" |
| 88 | |
| 89 | kerberos: |
| 90 | realms: |
| 91 | - EXAMPLE.COM |
| 92 | # Bellow is optional |
| 93 | keytab: /etc/apache2/ipa.keytab |
| 94 | service: HTTP |
| 95 | method: |
| 96 | negotiate: true |
| 97 | k5passwd: true |
| 98 | |
| 99 | ldap: |
| 100 | url: "ldaps://idm01.example.com/dc=example,dc=com?krbPrincipalName" |
| 101 | # mech is optional |
| 102 | mech: GSSAPI |
| 103 | |
| Filip Pytloun | 3179bca | 2016-02-22 13:39:58 +0100 | [diff] [blame] | 104 | Tune security settings (these are default): |
| 105 | |
| 106 | .. code-block:: yaml |
| 107 | |
| 108 | parameters: |
| 109 | apache: |
| 110 | server: |
| 111 | # ServerTokens |
| 112 | tokens: Prod |
| Filip Pytloun | affb18d | 2016-02-22 13:58:27 +0100 | [diff] [blame] | 113 | # ServerSignature, can be also set per-site |
| 114 | signature: false |
| 115 | # TraceEnable, can be also set per-site |
| 116 | trace: false |
| 117 | # Deny access to .git, .svn, .hg directories |
| 118 | secure_scm: true |
| 119 | # Required for settings bellow |
| 120 | modules: |
| 121 | - headers |
| 122 | # Set X-Content-Type-Options |
| 123 | content_type_options: nosniff |
| 124 | # Set X-Frame-Options |
| 125 | frame_options: sameorigin |
| Filip Pytloun | 3179bca | 2016-02-22 13:39:58 +0100 | [diff] [blame] | 126 | |
| Aleš Komárek | 3a3de6e | 2017-04-11 13:41:09 +0200 | [diff] [blame] | 127 | Tuned up log configuration. |
| Simon Pasquier | d991295 | 2017-01-19 10:34:25 +0100 | [diff] [blame] | 128 | |
| 129 | .. code-block:: yaml |
| 130 | |
| 131 | parameters: |
| 132 | apache: |
| 133 | server: |
| 134 | site: |
| 135 | foo: |
| 136 | enabled: true |
| 137 | type: static |
| 138 | log: |
| 139 | custom: |
| 140 | enabled: true |
| 141 | file: /var/log/apache2/mylittleponysitecustom.log |
| 142 | format: >- |
| 143 | %{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\" |
| 144 | error: |
| 145 | enabled: false |
| 146 | file: /var/log/apache2/foo.error.log |
| 147 | level: notice |
| 148 | |
| Vasyl Saienko | baf3dde | 2018-01-31 00:28:29 +0200 | [diff] [blame] | 149 | Apache wsgi application. |
| 150 | |
| 151 | .. code-block:: yaml |
| 152 | |
| 153 | apache: |
| 154 | server: |
| 155 | enabled: true |
| 156 | default_mpm: event |
| 157 | site: |
| 158 | manila: |
| 159 | enabled: false |
| 160 | available: true |
| 161 | type: wsgi |
| 162 | name: manila |
| 163 | wsgi: |
| 164 | daemon_process: manila-api |
| 165 | threads: 2 |
| 166 | user: manila |
| 167 | group: manila |
| 168 | display_name: '%{GROUP}' |
| 169 | script_alias: '/ /usr/bin/manila-wsgi' |
| 170 | application_group: '%{GLOBAL}' |
| 171 | authorization: 'On' |
| 172 | limits: |
| 173 | request_body: 114688 |
| 174 | |
| Dzmitry Stremkouski | 8d25a0e | 2018-05-09 18:44:18 +0200 | [diff] [blame^] | 175 | Apache ssl cipher management |
| 176 | |
| 177 | .. code-block:: yaml |
| 178 | |
| 179 | parameters: |
| 180 | apache: |
| 181 | server: |
| 182 | enabled: true |
| 183 | site: |
| 184 | example: |
| 185 | enabled: true |
| 186 | ssl: |
| 187 | enabled: true |
| 188 | mode: secure |
| 189 | ... |
| 190 | |
| 191 | .. code-block:: yaml |
| 192 | |
| 193 | parameters: |
| 194 | apache: |
| 195 | server: |
| 196 | enabled: true |
| 197 | site: |
| 198 | example: |
| 199 | enabled: true |
| 200 | ssl: |
| 201 | enabled: true |
| 202 | mode: normal |
| 203 | ... |
| 204 | |
| 205 | .. code-block:: yaml |
| 206 | |
| 207 | parameters: |
| 208 | apache: |
| 209 | server: |
| 210 | enabled: true |
| 211 | site: |
| 212 | example: |
| 213 | enabled: true |
| 214 | ssl: |
| 215 | enabled: true |
| 216 | mode: strict |
| 217 | ciphers: |
| 218 | ECDHE_RSA_AES256_GCM_SHA384: |
| 219 | name: 'ECDHE-RSA-AES256-GCM-SHA384' |
| 220 | enabled: True |
| 221 | ECDHE_ECDSA_AES256_GCM_SHA384: |
| 222 | name: 'ECDHE-ECDSA-AES256-GCM-SHA384' |
| 223 | enabled: True |
| 224 | protocols: |
| 225 | TLS1: |
| 226 | name: 'TLSv1' |
| 227 | enabled: True |
| 228 | TLS1_1: |
| 229 | name: 'TLSv1.1' |
| 230 | enabled: True |
| 231 | TLS1_2: |
| 232 | name: 'TLSv1.2' |
| 233 | enabled: False |
| 234 | prefer_server_ciphers: 'on' |
| 235 | ... |
| 236 | |
| Filip Pytloun | 410abc4 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 237 | Roundcube webmail, postfixadmin and mailman |
| 238 | |
| 239 | .. code-block:: yaml |
| 240 | |
| 241 | classes: |
| 242 | - service.apache.server.single |
| 243 | parameters: |
| 244 | apache: |
| 245 | server: |
| jan kaufman | 75aae5c | 2016-01-26 14:49:12 +0100 | [diff] [blame] | 246 | enabled: true |
| Filip Pytloun | 410abc4 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 247 | modules: |
| 248 | - cgi |
| 249 | - php |
| 250 | site: |
| 251 | roundcube: |
| 252 | enabled: true |
| 253 | type: static |
| 254 | name: roundcube |
| 255 | root: /usr/share/roundcube |
| 256 | locations: |
| 257 | - uri: /admin |
| 258 | path: /usr/share/postfixadmin |
| 259 | - uri: /mailman |
| 260 | path: /usr/lib/cgi-bin/mailman |
| 261 | script: true |
| 262 | - uri: /pipermail |
| 263 | path: /var/lib/mailman/archives/public |
| 264 | - uri: /images/mailman |
| 265 | path: /usr/share/images/mailman |
| 266 | host: |
| 267 | name: mail.example.com |
| 268 | aliases: |
| 269 | - mail.example.com |
| 270 | - lists.example.com |
| 271 | - mail01.example.com |
| 272 | - mail01 |
| 273 | |
| Aleš Komárek | 3a3de6e | 2017-04-11 13:41:09 +0200 | [diff] [blame] | 274 | |
| 275 | More Information |
| 276 | ================ |
| Filip Pytloun | 410abc4 | 2015-10-06 16:28:31 +0200 | [diff] [blame] | 277 | |
| 278 | * https://httpd.apache.org/docs/ |
| Filip Pytloun | 87d0814 | 2017-02-02 12:52:21 +0100 | [diff] [blame] | 279 | |
| Aleš Komárek | 3a3de6e | 2017-04-11 13:41:09 +0200 | [diff] [blame] | 280 | |
| Filip Pytloun | 87d0814 | 2017-02-02 12:52:21 +0100 | [diff] [blame] | 281 | Documentation and Bugs |
| 282 | ====================== |
| 283 | |
| 284 | To learn how to install and update salt-formulas, consult the documentation |
| 285 | available online at: |
| 286 | |
| 287 | http://salt-formulas.readthedocs.io/ |
| 288 | |
| 289 | In the unfortunate event that bugs are discovered, they should be reported to |
| 290 | the appropriate issue tracker. Use Github issue tracker for specific salt |
| 291 | formula: |
| 292 | |
| 293 | https://github.com/salt-formulas/salt-formula-apache/issues |
| 294 | |
| 295 | For feature requests, bug reports or blueprints affecting entire ecosystem, |
| 296 | use Launchpad salt-formulas project: |
| 297 | |
| 298 | https://launchpad.net/salt-formulas |
| 299 | |
| 300 | You can also join salt-formulas-users team and subscribe to mailing list: |
| 301 | |
| 302 | https://launchpad.net/~salt-formulas-users |
| 303 | |
| 304 | Developers wishing to work on the salt-formulas projects should always base |
| 305 | their work on master branch and submit pull request against specific formula. |
| 306 | |
| 307 | https://github.com/salt-formulas/salt-formula-apache |
| 308 | |
| 309 | Any questions or feedback is always welcome so feel free to join our IRC |
| 310 | channel: |
| 311 | |
| 312 | #salt-formulas @ irc.freenode.net |