3 # Standard apache config debian.org hosts
9 # @param smaller_number_of_threads by default the worker config is geared towards
10 # serving static/cheap content. If the host is very
11 # script heavy (say the bug tracking system), set this
12 # to reduce the number of worker threads.
13 # @param rlimitnproc A resource limit for number of processes. The default is usually fine.
14 # @param rlimitmem A resource limit for memory usage. The default is usually fine.
15 # @param public Whether this host's apache should be accessible from the public internet.
16 # Sets appropriate firewall rules and optionally rate limits.
17 # @param mpm Which Multi-Processing Modules to use. Defaults to worker;
18 # the alternative is prefork.
20 Boolean $smaller_number_of_threads = false,
21 Integer $rlimitnproc = 256,
22 Integer $rlimitmem = 192 * 1024 * 1024,
23 Boolean $public = true,
24 Enum['prefork','worker'] $mpm = 'worker',
34 require => Package['apache2'],
37 apache2::module { 'reqtimeout': }
38 apache2::module { 'info': }
39 apache2::module { 'status': }
40 apache2::module { 'headers': }
41 apache2::module { 'macro': }
43 apache2::site { '00-default':
44 site => 'default-debian.org',
45 content => template('apache2/default-debian.org.erb'),
47 apache2::site { 'xx-default-ssl':
48 site => 'default-debian.org-ssl',
49 content => template('apache2/default-debian.org-ssl.erb'),
52 apache2::site { '000-default':
56 apache2::config { 'serve-cgi-bin':
61 $memlimit = 512 * 1024 * 1024
62 } elsif has_role('popcon') {
63 $memlimit = 512 * 1024 * 1024
65 $memlimit = $rlimitmem
68 apache2::config { 'resource-limits':
69 content => template('apache2/resource-limits.erb'),
72 apache2::config { 'security':
73 source => 'puppet:///modules/apache2/security',
76 apache2::config { 'logformat-privacy':
77 source => 'puppet:///modules/apache2/logformat-privacy',
80 apache2::config { 'local-serverinfo':
81 source => 'puppet:///modules/apache2/local-serverinfo',
84 apache2::config { 'server-status':
85 source => 'puppet:///modules/apache2/server-status',
88 apache2::config { 'puppet-ssl-macros':
89 source => 'puppet:///modules/apache2/puppet-ssl-macros',
92 apache2::config { 'puppet-ftp-macros':
93 source => 'puppet:///modules/apache2/puppet-ftp-macros',
96 apache2::config { 'puppet-config':
97 content => template('apache2/puppet-config.erb'),
100 apache2::config { 'headers':
101 source => 'puppet:///modules/apache2/headers',
104 apache2::config { 'disabled-service':
105 source => 'puppet:///modules/apache2/disabled-service',
108 apache2::module { 'mpm_event': ensure => absent }
109 apache2::module { 'mpm_worker' : ensure => ($mpm == 'worker' ) ? { true => 'present', default => absent } }
110 apache2::module { 'mpm_prefork': ensure => ($mpm == 'prefork') ? { true => 'present', default => absent } }
112 file { '/etc/apache2/mods-available/mpm_worker.conf':
113 content => template('apache2/mpm_worker.erb'),
116 file { '/etc/logrotate.d/apache2':
117 source => 'puppet:///modules/apache2/apache2.logrotate',
120 file { '/var/log/apache2':
124 file { '/var/log/apache2/.nobackup':
129 munin::check { 'apache_accesses': }
130 munin::check { 'apache_processes': }
131 munin::check { 'apache_volume': }
132 munin::check { 'apache_servers': }
133 munin::check { 'ps_apache2':
136 # The munin script needs this
137 package { 'libwww-perl':
142 if has_role('apache_ratelimited') {
143 include apache2::dynamic
145 ferm::rule { 'dsa-http':
146 domain => '(ip ip6)',
148 description => 'Allow web access',
149 rule => '&SERVICE(tcp, (http https))'
154 exec { 'service apache2 reload':
155 path => '/usr/bin:/usr/sbin:/bin:/sbin',
156 command => 'service apache2 reload',
158 require => Package['apache2'],
161 apache2::config { 'puppet-ssl-key-pins':
162 content => template('apache2/ssl-key-pins.erb'),
163 notify => Exec['service apache2 reload'],
166 apache2::config { 'local-scheduled-shutdown':
167 source => 'puppet:///modules/apache2/local-scheduled-shutdown',