Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / apache / cbd44a5ae05242ef30ea8a66025c22b5c71d2620 / . / README.rst
blob: f7dea0b0302b4dab1623138cf7d38943d433a057 [file] [log] [blame]
Filip Pytloun410abc42015-10-06 16:28:31 +0200[diff] [blame]1======
2Apache
3======
4
5Install and configure Apache webserver
6
7Available states
8================
9
10.. contents::
11 :local:
12
13``apache.server``
14--------------------
15
16Setup apache server
17
18Available metadata
19==================
20
21.. contents::
22 :local:
23
24``metadata.apache.server.single``
25--------------------------
26
27Setup basic server
28
29Configuration parameters
30========================
31
32
33Example reclass
34===============
35
36Simple Apache proxy
37
38.. code-block:: yaml
39
40 apache:
41 server:
42 enabled: true
43 bind:
44 address: '0.0.0.0'
45 ports:
46 - 80
47 modules:
48 - proxy
49 - proxy_http
50 - proxy_balancer
51
52
53Apache plain static sites (eg. sphinx generated, from git/hg sources)
54
55.. code-block:: yaml
56
57 apache:
58 server:
59 enabled: true
60 bind:
61 address: '0.0.0.0'
62 ports:
63 - 80
64 modules:
65 - rewrite
66 - status
67 site:
68 - enabled: true
69 name: 'sphinxdoc'
70 type: 'static'
71 host:
72 name: 'doc.domain.com'
73 port: 80
74 source:
75 engine: local
76 - enabled: true
77 name: 'impressjs'
78 type: 'static'
79 host:
80 name: 'pres.domain.com'
81 port: 80
82 source:
83 engine: git
84 address: 'git@repo1.domain.cz:impress/billometer.git'
85 revision: 'master'
86
Filip Pytlounc135fa52015-11-25 12:28:45 +0100[diff] [blame]87Tune settings of mpm_prefork
88
89.. code-block:: yaml
90
91 parameters:
92 apache:
93 mpm:
94 prefork:
95 max_clients: 250
96 servers:
97 min: 32
98 max: 64
99 max_requests: 4000
100
Filip Pytloun590b5792016-01-27 11:24:29 +0100[diff] [blame]101Apache kerberos authentication:
102
103.. code-block:: yaml
104
105 parameters
106 apache:
107 server:
108 site:
109 auth:
110 engine: kerberos
111 name: "Kerberos Authentication"
112 require:
113 - "ldap-attribute memberOf='cn=somegroup,cn=groups,cn=accounts,dc=example,dc=com'"
114
115 kerberos:
116 realms:
117 - EXAMPLE.COM
118 # Bellow is optional
119 keytab: /etc/apache2/ipa.keytab
120 service: HTTP
121 method:
122 negotiate: true
123 k5passwd: true
124
125 ldap:
126 url: "ldaps://idm01.example.com/dc=example,dc=com?krbPrincipalName"
127 # mech is optional
128 mech: GSSAPI
129
Filip Pytloun3179bca2016-02-22 13:39:58 +0100[diff] [blame]130Tune security settings (these are default):
131
132.. code-block:: yaml
133
134 parameters:
135 apache:
136 server:
137 # ServerTokens
138 tokens: Prod
Filip Pytlounaffb18d2016-02-22 13:58:27 +0100[diff] [blame]139 # ServerSignature, can be also set per-site
140 signature: false
141 # TraceEnable, can be also set per-site
142 trace: false
143 # Deny access to .git, .svn, .hg directories
144 secure_scm: true
145 # Required for settings bellow
146 modules:
147 - headers
148 # Set X-Content-Type-Options
149 content_type_options: nosniff
150 # Set X-Frame-Options
151 frame_options: sameorigin
Filip Pytloun3179bca2016-02-22 13:39:58 +0100[diff] [blame]152
Simon Pasquierd9912952017-01-19 10:34:25 +0100[diff] [blame]153Tune the log configuration:
154
155.. code-block:: yaml
156
157 parameters:
158 apache:
159 server:
160 site:
161 foo:
162 enabled: true
163 type: static
164 log:
165 custom:
166 enabled: true
167 file: /var/log/apache2/mylittleponysitecustom.log
168 format: >-
169 %{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"
170 error:
171 enabled: false
172 file: /var/log/apache2/foo.error.log
173 level: notice
174
Filip Pytloun410abc42015-10-06 16:28:31 +0200[diff] [blame]175Example pillar
176==============
177
178Roundcube webmail, postfixadmin and mailman
179
180.. code-block:: yaml
181
182 classes:
183 - service.apache.server.single
184 parameters:
185 apache:
186 server:
jan kaufman75aae5c2016-01-26 14:49:12 +0100[diff] [blame]187 enabled: true
Filip Pytloun410abc42015-10-06 16:28:31 +0200[diff] [blame]188 modules:
189 - cgi
190 - php
191 site:
192 roundcube:
193 enabled: true
194 type: static
195 name: roundcube
196 root: /usr/share/roundcube
197 locations:
198 - uri: /admin
199 path: /usr/share/postfixadmin
200 - uri: /mailman
201 path: /usr/lib/cgi-bin/mailman
202 script: true
203 - uri: /pipermail
204 path: /var/lib/mailman/archives/public
205 - uri: /images/mailman
206 path: /usr/share/images/mailman
207 host:
208 name: mail.example.com
209 aliases:
210 - mail.example.com
211 - lists.example.com
212 - mail01.example.com
213 - mail01
214
215Read more
216=========
217
218* https://httpd.apache.org/docs/
Filip Pytloun87d08142017-02-02 12:52:21 +0100[diff] [blame]219
220Documentation and Bugs
221======================
222
223To learn how to install and update salt-formulas, consult the documentation
224available online at:
225
226 http://salt-formulas.readthedocs.io/
227
228In the unfortunate event that bugs are discovered, they should be reported to
229the appropriate issue tracker. Use Github issue tracker for specific salt
230formula:
231
232 https://github.com/salt-formulas/salt-formula-apache/issues
233
234For feature requests, bug reports or blueprints affecting entire ecosystem,
235use Launchpad salt-formulas project:
236
237 https://launchpad.net/salt-formulas
238
239You can also join salt-formulas-users team and subscribe to mailing list:
240
241 https://launchpad.net/~salt-formulas-users
242
243Developers wishing to work on the salt-formulas projects should always base
244their work on master branch and submit pull request against specific formula.
245
246 https://github.com/salt-formulas/salt-formula-apache
247
248Any questions or feedback is always welcome so feel free to join our IRC
249channel:
250
251 #salt-formulas @ irc.freenode.net