3 # Standard apache config debian.org hosts
9 # @param smaller_number_of_threads by default the worker config is geared towards
10 # serving static/cheap content. If the host is very
11 # script heavy (say the bug tracking system), set this
12 # to reduce the number of worker threads.
14 Boolean $smaller_number_of_threads = false
24 require => Package['apache2'],
27 apache2::module { 'reqtimeout': }
28 apache2::module { 'info': }
29 apache2::module { 'status': }
30 apache2::module { 'headers': }
31 apache2::module { 'macro': }
33 apache2::site { '00-default':
34 site => 'default-debian.org',
35 content => template('apache2/default-debian.org.erb'),
37 apache2::site { 'xx-default-ssl':
38 site => 'default-debian.org-ssl',
39 content => template('apache2/default-debian.org-ssl.erb'),
42 apache2::site { '000-default':
46 apache2::config { 'serve-cgi-bin':
51 $memlimit = 512 * 1024 * 1024
52 } elsif has_role('dgit_git') {
53 $memlimit = 512 * 1024 * 1024
54 } elsif has_role('sso') {
55 $memlimit = 512 * 1024 * 1024
56 } elsif has_role('popcon') {
57 $memlimit = 512 * 1024 * 1024
58 } elsif has_role('qamaster') {
59 $memlimit = 300 * 1024 * 1024
61 $memlimit = 192 * 1024 * 1024
63 # debbugs cgis like to fork and don't deal well with EAGAIN
64 if has_role('bugs_base') {
70 apache2::config { 'resource-limits':
71 content => template('apache2/resource-limits.erb'),
74 apache2::config { 'security':
75 source => 'puppet:///modules/apache2/security',
78 apache2::config { 'logformat-privacy':
79 source => 'puppet:///modules/apache2/logformat-privacy',
82 apache2::config { 'local-serverinfo':
83 source => 'puppet:///modules/apache2/local-serverinfo',
86 apache2::config { 'server-status':
87 source => 'puppet:///modules/apache2/server-status',
90 apache2::config { 'puppet-ssl-macros':
91 source => 'puppet:///modules/apache2/puppet-ssl-macros',
94 apache2::config { 'puppet-ftp-macros':
95 source => 'puppet:///modules/apache2/puppet-ftp-macros',
98 apache2::config { 'puppet-config':
99 content => template('apache2/puppet-config.erb'),
102 apache2::config { 'headers':
103 source => 'puppet:///modules/apache2/headers',
106 apache2::config { 'disabled-service':
107 source => 'puppet:///modules/apache2/disabled-service',
110 apache2::module { 'mpm_event': ensure => absent }
111 if has_role('apache_prefork') {
112 apache2::module { 'mpm_worker': ensure => absent }
113 apache2::module { 'mpm_prefork': }
115 apache2::module { 'mpm_prefork': ensure => absent }
116 apache2::module { 'mpm_worker': }
118 file { '/etc/apache2/mods-available/mpm_worker.conf':
119 content => template('apache2/mpm_worker.erb'),
122 file { '/etc/logrotate.d/apache2':
123 source => 'puppet:///modules/apache2/apache2.logrotate',
126 file { '/var/log/apache2':
130 file { '/var/log/apache2/.nobackup':
135 munin::check { 'apache_accesses': }
136 munin::check { 'apache_processes': }
137 munin::check { 'apache_volume': }
138 munin::check { 'apache_servers': }
139 munin::check { 'ps_apache2':
142 # The munin script needs this
143 package { 'libwww-perl':
147 if (! has_role('apache_not_public')) {
148 if has_role('apache_ratelimited') {
149 include apache2::dynamic
151 ferm::rule { 'dsa-http':
153 description => 'Allow web access',
154 rule => '&SERVICE(tcp, (http https))'
157 ferm::rule { 'dsa-http-v6':
160 description => 'Allow web access',
161 rule => '&SERVICE(tcp, (http https))'
166 exec { 'service apache2 reload':
167 path => '/usr/bin:/usr/sbin:/bin:/sbin',
168 command => 'service apache2 reload',
170 require => Package['apache2'],
173 apache2::config { 'puppet-ssl-key-pins':
174 content => template('apache2/ssl-key-pins.erb'),
175 notify => Exec['service apache2 reload'],
178 apache2::config { 'local-scheduled-shutdown':
179 source => 'puppet:///modules/apache2/local-scheduled-shutdown',