1 # Class: apache::params
3 # This class manages Apache parameters
6 # - The $user that Apache runs as
7 # - The $group that Apache runs as
8 # - The $apache_name is the name of the package and service on the relevant
10 # - The $php_package is the name of the package that provided PHP
11 # - The $ssl_package is the name of the Apache SSL package
12 # - The $apache_dev is the name of the Apache development libraries package
13 # - The $conf_contents is the contents of the Apache configuration file
21 class apache::params inherits ::apache::version {
25 $servername = $::hostname
28 # The default error log level
30 $use_optional_includes = false
32 if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' {
33 $verify_command = '/usr/sbin/apache2ctl -t'
35 $verify_command = '/usr/sbin/apachectl -t'
37 if $::osfamily == 'RedHat' or $::operatingsystem == 'amazon' {
41 $apache_name = 'httpd'
42 $service_name = 'httpd'
43 $httpd_dir = '/etc/httpd'
44 $server_root = '/etc/httpd'
45 $conf_dir = "${httpd_dir}/conf"
46 $confd_dir = "${httpd_dir}/conf.d"
47 $mod_dir = "${httpd_dir}/conf.d"
48 $mod_enable_dir = undef
49 $vhost_dir = "${httpd_dir}/conf.d"
50 $vhost_enable_dir = undef
51 $conf_file = 'httpd.conf'
52 $ports_file = "${conf_dir}/ports.conf"
53 $logroot = '/var/log/httpd'
56 $mpm_module = 'prefork'
57 $dev_packages = 'httpd-devel'
58 $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt'
59 $default_ssl_key = '/etc/pki/tls/private/localhost.key'
60 $ssl_certs_dir = '/etc/pki/tls/certs'
61 $passenger_conf_file = 'passenger_extra.conf'
62 $passenger_conf_package_file = 'passenger.conf'
63 $passenger_root = undef
64 $passenger_ruby = undef
65 $passenger_default_ruby = undef
66 $suphp_addhandler = 'php5-script'
68 $suphp_configpath = undef
69 # NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide
70 # NOTE: The auth_cas module isn't available to RH/CentOS without enabling EPEL.
72 'auth_cas' => 'mod_auth_cas',
73 'auth_kerb' => 'mod_auth_kerb',
74 'authnz_ldap' => $::apache::version::distrelease ? {
76 default => 'mod_authz_ldap',
78 'fastcgi' => 'mod_fastcgi',
79 'fcgid' => 'mod_fcgid',
80 'geoip' => 'mod_geoip',
81 'ldap' => $::apache::version::distrelease ? {
85 'pagespeed' => 'mod-pagespeed-stable',
86 'passenger' => 'mod_passenger',
88 'php5' => $::apache::version::distrelease ? {
92 'proxy_html' => 'mod_proxy_html',
93 'python' => 'mod_python',
94 'security' => 'mod_security',
95 'shibboleth' => 'shibboleth',
98 'dav_svn' => 'mod_dav_svn',
99 'suphp' => 'mod_suphp',
100 'xsendfile' => 'mod_xsendfile',
102 'shib2' => 'shibboleth',
105 'php5' => 'libphp5.so',
106 'nss' => 'libmodnss.so',
108 $conf_template = 'apache/httpd.conf.erb'
110 $keepalive_timeout = 15
111 $max_keepalive_requests = 100
112 $fastcgi_lib_path = undef
113 $mime_support_package = 'mailcap'
114 $mime_types_config = '/etc/mime.types'
115 $docroot = '/var/www/html'
116 $error_documents_path = $::apache::version::distrelease ? {
117 '7' => '/usr/share/httpd/error',
118 default => '/var/www/error'
120 if $::osfamily == 'RedHat' {
121 $wsgi_socket_prefix = '/var/run/wsgi'
123 $wsgi_socket_prefix = undef
125 $cas_cookie_path = '/var/cache/mod_auth_cas/'
126 $modsec_crs_package = 'mod_security_crs'
127 $modsec_crs_path = '/usr/lib/modsecurity.d'
128 $modsec_dir = '/etc/httpd/modsecurity.d'
129 $modsec_default_rules = [
130 'base_rules/modsecurity_35_bad_robots.data',
131 'base_rules/modsecurity_35_scanners.data',
132 'base_rules/modsecurity_40_generic_attacks.data',
133 'base_rules/modsecurity_41_sql_injection_attacks.data',
134 'base_rules/modsecurity_50_outbound.data',
135 'base_rules/modsecurity_50_outbound_malware.data',
136 'base_rules/modsecurity_crs_20_protocol_violations.conf',
137 'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
138 'base_rules/modsecurity_crs_23_request_limits.conf',
139 'base_rules/modsecurity_crs_30_http_policy.conf',
140 'base_rules/modsecurity_crs_35_bad_robots.conf',
141 'base_rules/modsecurity_crs_40_generic_attacks.conf',
142 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
143 'base_rules/modsecurity_crs_41_xss_attacks.conf',
144 'base_rules/modsecurity_crs_42_tight_security.conf',
145 'base_rules/modsecurity_crs_45_trojans.conf',
146 'base_rules/modsecurity_crs_47_common_exceptions.conf',
147 'base_rules/modsecurity_crs_49_inbound_blocking.conf',
148 'base_rules/modsecurity_crs_50_outbound.conf',
149 'base_rules/modsecurity_crs_59_outbound_blocking.conf',
150 'base_rules/modsecurity_crs_60_correlation.conf'
152 } elsif $::osfamily == 'Debian' {
156 $apache_name = 'apache2'
157 $service_name = 'apache2'
158 $httpd_dir = '/etc/apache2'
159 $server_root = '/etc/apache2'
160 $conf_dir = $httpd_dir
161 $confd_dir = "${httpd_dir}/conf.d"
162 $mod_dir = "${httpd_dir}/mods-available"
163 $mod_enable_dir = "${httpd_dir}/mods-enabled"
164 $vhost_dir = "${httpd_dir}/sites-available"
165 $vhost_enable_dir = "${httpd_dir}/sites-enabled"
166 $conf_file = 'apache2.conf'
167 $ports_file = "${conf_dir}/ports.conf"
168 $logroot = '/var/log/apache2'
169 $logroot_mode = undef
170 $lib_path = '/usr/lib/apache2/modules'
171 $mpm_module = 'worker'
172 $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
173 $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key'
174 $ssl_certs_dir = '/etc/ssl/certs'
175 $suphp_addhandler = 'x-httpd-php'
176 $suphp_engine = 'off'
177 $suphp_configpath = '/etc/php5/apache2'
179 'auth_cas' => 'libapache2-mod-auth-cas',
180 'auth_kerb' => 'libapache2-mod-auth-kerb',
181 'dav_svn' => 'libapache2-svn',
182 'fastcgi' => 'libapache2-mod-fastcgi',
183 'fcgid' => 'libapache2-mod-fcgid',
184 'nss' => 'libapache2-mod-nss',
185 'pagespeed' => 'mod-pagespeed-stable',
186 'passenger' => 'libapache2-mod-passenger',
187 'perl' => 'libapache2-mod-perl2',
188 'php5' => 'libapache2-mod-php5',
189 'proxy_html' => 'libapache2-mod-proxy-html',
190 'python' => 'libapache2-mod-python',
191 'rpaf' => 'libapache2-mod-rpaf',
192 'security' => 'libapache2-modsecurity',
193 'suphp' => 'libapache2-mod-suphp',
194 'wsgi' => 'libapache2-mod-wsgi',
195 'xsendfile' => 'libapache2-mod-xsendfile',
196 'shib2' => 'libapache2-mod-shib2',
199 'php5' => 'libphp5.so',
201 $conf_template = 'apache/httpd.conf.erb'
203 $keepalive_timeout = 15
204 $max_keepalive_requests = 100
205 $fastcgi_lib_path = '/var/lib/apache2/fastcgi'
206 $mime_support_package = 'mime-support'
207 $mime_types_config = '/etc/mime.types'
208 $docroot = '/var/www'
209 $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/'
210 $modsec_crs_package = 'modsecurity-crs'
211 $modsec_crs_path = '/usr/share/modsecurity-crs'
212 $modsec_dir = '/etc/modsecurity'
213 $modsec_default_rules = [
214 'base_rules/modsecurity_35_bad_robots.data',
215 'base_rules/modsecurity_35_scanners.data',
216 'base_rules/modsecurity_40_generic_attacks.data',
217 'base_rules/modsecurity_41_sql_injection_attacks.data',
218 'base_rules/modsecurity_50_outbound.data',
219 'base_rules/modsecurity_50_outbound_malware.data',
220 'base_rules/modsecurity_crs_20_protocol_violations.conf',
221 'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
222 'base_rules/modsecurity_crs_23_request_limits.conf',
223 'base_rules/modsecurity_crs_30_http_policy.conf',
224 'base_rules/modsecurity_crs_35_bad_robots.conf',
225 'base_rules/modsecurity_crs_40_generic_attacks.conf',
226 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
227 'base_rules/modsecurity_crs_41_xss_attacks.conf',
228 'base_rules/modsecurity_crs_42_tight_security.conf',
229 'base_rules/modsecurity_crs_45_trojans.conf',
230 'base_rules/modsecurity_crs_47_common_exceptions.conf',
231 'base_rules/modsecurity_crs_49_inbound_blocking.conf',
232 'base_rules/modsecurity_crs_50_outbound.conf',
233 'base_rules/modsecurity_crs_59_outbound_blocking.conf',
234 'base_rules/modsecurity_crs_60_correlation.conf'
236 $error_documents_path = '/usr/share/apache2/error'
237 if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) {
238 $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev']
240 $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev']
244 # Passenger-specific settings
247 $passenger_conf_file = 'passenger.conf'
248 $passenger_conf_package_file = undef
250 case $::operatingsystem {
252 case $::lsbdistrelease {
254 $passenger_root = '/usr'
255 $passenger_ruby = '/usr/bin/ruby'
256 $passenger_default_ruby = undef
259 $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
260 $passenger_ruby = undef
261 $passenger_default_ruby = '/usr/bin/ruby'
264 # The following settings may or may not work on Ubuntu releases not
265 # supported by this module.
266 $passenger_root = '/usr'
267 $passenger_ruby = '/usr/bin/ruby'
268 $passenger_default_ruby = undef
273 case $::lsbdistcodename {
275 $passenger_root = '/usr'
276 $passenger_ruby = '/usr/bin/ruby'
277 $passenger_default_ruby = undef
280 $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
281 $passenger_ruby = undef
282 $passenger_default_ruby = '/usr/bin/ruby'
285 # The following settings may or may not work on Debian releases not
286 # supported by this module.
287 $passenger_root = '/usr'
288 $passenger_ruby = '/usr/bin/ruby'
289 $passenger_default_ruby = undef
294 $wsgi_socket_prefix = undef
295 } elsif $::osfamily == 'FreeBSD' {
298 $root_group = 'wheel'
299 $apache_name = 'apache24'
300 $service_name = 'apache24'
301 $httpd_dir = '/usr/local/etc/apache24'
302 $server_root = '/usr/local'
303 $conf_dir = $httpd_dir
304 $confd_dir = "${httpd_dir}/Includes"
305 $mod_dir = "${httpd_dir}/Modules"
306 $mod_enable_dir = undef
307 $vhost_dir = "${httpd_dir}/Vhosts"
308 $vhost_enable_dir = undef
309 $conf_file = 'httpd.conf'
310 $ports_file = "${conf_dir}/ports.conf"
311 $logroot = '/var/log/apache24'
312 $logroot_mode = undef
313 $lib_path = '/usr/local/libexec/apache24'
314 $mpm_module = 'prefork'
315 $dev_packages = undef
316 $default_ssl_cert = '/usr/local/etc/apache24/server.crt'
317 $default_ssl_key = '/usr/local/etc/apache24/server.key'
318 $ssl_certs_dir = '/usr/local/etc/apache24'
319 $passenger_conf_file = 'passenger.conf'
320 $passenger_conf_package_file = undef
321 $passenger_root = '/usr/local/lib/ruby/gems/2.0/gems/passenger-4.0.58'
322 $passenger_ruby = '/usr/local/bin/ruby'
323 $passenger_default_ruby = undef
324 $suphp_addhandler = 'php5-script'
325 $suphp_engine = 'off'
326 $suphp_configpath = undef
328 # NOTE: I list here only modules that are not included in www/apache24
329 # NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config
330 # NOTE: 'php' needs to enable APACHE option in make config
331 # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config
332 # NOTE: not sure where the shibboleth should come from
333 'auth_kerb' => 'www/mod_auth_kerb2',
334 'fcgid' => 'www/mod_fcgid',
335 'passenger' => 'www/rubygem-passenger',
336 'perl' => 'www/mod_perl2',
337 'php5' => 'www/mod_php5',
338 'proxy_html' => 'www/mod_proxy_html',
339 'python' => 'www/mod_python3',
340 'wsgi' => 'www/mod_wsgi',
341 'dav_svn' => 'devel/subversion',
342 'xsendfile' => 'www/mod_xsendfile',
343 'rpaf' => 'www/mod_rpaf2',
344 'shib2' => 'security/shibboleth2-sp',
347 'php5' => 'libphp5.so',
349 $conf_template = 'apache/httpd.conf.erb'
351 $keepalive_timeout = 15
352 $max_keepalive_requests = 100
353 $fastcgi_lib_path = undef # TODO: revisit
354 $mime_support_package = 'misc/mime-support'
355 $mime_types_config = '/usr/local/etc/mime.types'
356 $wsgi_socket_prefix = undef
357 $docroot = '/usr/local/www/apache24/data'
358 $error_documents_path = '/usr/local/www/apache24/error'
359 } elsif $::osfamily == 'Gentoo' {
362 $root_group = 'wheel'
363 $apache_name = 'www-servers/apache'
364 $service_name = 'apache2'
365 $httpd_dir = '/etc/apache2'
366 $server_root = '/var/www'
367 $conf_dir = $httpd_dir
368 $confd_dir = "${httpd_dir}/conf.d"
369 $mod_dir = "${httpd_dir}/modules.d"
370 $mod_enable_dir = undef
371 $vhost_dir = "${httpd_dir}/vhosts.d"
372 $vhost_enable_dir = undef
373 $conf_file = 'httpd.conf'
374 $ports_file = "${conf_dir}/ports.conf"
375 $logroot = '/var/log/apache2'
376 $logroot_mode = undef
377 $lib_path = '/usr/lib/apache2/modules'
378 $mpm_module = 'prefork'
379 $dev_packages = undef
380 $default_ssl_cert = '/etc/ssl/apache2/server.crt'
381 $default_ssl_key = '/etc/ssl/apache2/server.key'
382 $ssl_certs_dir = '/etc/ssl/apache2'
383 $passenger_root = '/usr'
384 $passenger_ruby = '/usr/bin/ruby'
385 $passenger_conf_file = 'passenger.conf'
386 $passenger_conf_package_file = undef
387 $passenger_default_ruby = undef
388 $suphp_addhandler = 'x-httpd-php'
389 $suphp_engine = 'off'
390 $suphp_configpath = '/etc/php5/apache2'
392 # NOTE: I list here only modules that are not included in www-servers/apache
393 'auth_kerb' => 'www-apache/mod_auth_kerb',
394 'fcgid' => 'www-apache/mod_fcgid',
395 'passenger' => 'www-apache/passenger',
396 'perl' => 'www-apache/mod_perl',
397 'php5' => 'dev-lang/php',
398 'proxy_html' => 'www-apache/mod_proxy_html',
399 'proxy_fcgi' => 'www-apache/mod_proxy_fcgi',
400 'python' => 'www-apache/mod_python',
401 'wsgi' => 'www-apache/mod_wsgi',
402 'dav_svn' => 'dev-vcs/subversion',
403 'xsendfile' => 'www-apache/mod_xsendfile',
404 'rpaf' => 'www-apache/mod_rpaf',
405 'xml2enc' => 'www-apache/mod_xml2enc',
408 'php5' => 'libphp5.so',
410 $conf_template = 'apache/httpd.conf.erb'
412 $keepalive_timeout = 15
413 $max_keepalive_requests = 100
414 $fastcgi_lib_path = undef # TODO: revisit
415 $mime_support_package = 'app-misc/mime-types'
416 $mime_types_config = '/etc/mime.types'
417 $wsgi_socket_prefix = undef
418 $docroot = '/var/www/localhost/htdocs'
419 $error_documents_path = '/usr/share/apache2/error'
420 } elsif $::osfamily == 'Suse' {
424 $apache_name = 'apache2'
425 $service_name = 'apache2'
426 $httpd_dir = '/etc/apache2'
427 $server_root = '/etc/apache2'
428 $conf_dir = $httpd_dir
429 $confd_dir = "${httpd_dir}/conf.d"
430 $mod_dir = "${httpd_dir}/mods-available"
431 $mod_enable_dir = "${httpd_dir}/mods-enabled"
432 $vhost_dir = "${httpd_dir}/sites-available"
433 $vhost_enable_dir = "${httpd_dir}/sites-enabled"
434 $conf_file = 'httpd.conf'
435 $ports_file = "${conf_dir}/ports.conf"
436 $logroot = '/var/log/apache2'
437 $logroot_mode = undef
438 $lib_path = '/usr/lib64/apache2-prefork/'
439 $mpm_module = 'prefork'
440 $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
441 $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key'
442 $ssl_certs_dir = '/etc/ssl/certs'
443 $suphp_addhandler = 'x-httpd-php'
444 $suphp_engine = 'off'
445 $suphp_configpath = '/etc/php5/apache2'
447 'auth_kerb' => 'apache2-mod_auth_kerb',
448 'fcgid' => 'apache2-mod_fcgid',
449 'perl' => 'apache2-mod_perl',
450 'php5' => 'apache2-mod_php53',
451 'python' => 'apache2-mod_python',
454 'php5' => 'libphp5.so',
456 $conf_template = 'apache/httpd.conf.erb'
458 $keepalive_timeout = 15
459 $max_keepalive_requests = 100
460 $fastcgi_lib_path = '/var/lib/apache2/fastcgi'
461 $mime_support_package = 'aaa_base'
462 $mime_types_config = '/etc/mime.types'
463 $docroot = '/srv/www'
464 $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/'
465 $error_documents_path = '/usr/share/apache2/error'
466 $dev_packages = ['libapr-util1-devel', 'libapr1-devel']
469 # Passenger-specific settings
472 $passenger_conf_file = 'passenger.conf'
473 $passenger_conf_package_file = undef
475 $passenger_root = '/usr'
476 $passenger_ruby = '/usr/bin/ruby'
477 $passenger_default_ruby = undef
478 $wsgi_socket_prefix = undef
481 fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}")