3 # Standard apache config debian.org hosts
9 # @param smaller_number_of_threads by default the worker config is geared towards
10 # serving static/cheap content. If the host is very
11 # script heavy (say the bug tracking system), set this
12 # to reduce the number of worker threads.
13 # @param rlimitnproc A resource limit for number of processes. The default is usually fine.
14 # @param rlimitmem A resource limit for memory usage. The default is usually fine.
15 # @param public Whether this host's apache should be accessible from the public internet.
16 # Sets appropriate firewall rules and optionally rate limits.
18 Boolean $smaller_number_of_threads = false,
19 Integer $rlimitnproc = 256,
20 Integer $rlimitmem = 192 * 1024 * 1024,
21 Boolean $public = true,
31 require => Package['apache2'],
34 apache2::module { 'reqtimeout': }
35 apache2::module { 'info': }
36 apache2::module { 'status': }
37 apache2::module { 'headers': }
38 apache2::module { 'macro': }
40 apache2::site { '00-default':
41 site => 'default-debian.org',
42 content => template('apache2/default-debian.org.erb'),
44 apache2::site { 'xx-default-ssl':
45 site => 'default-debian.org-ssl',
46 content => template('apache2/default-debian.org-ssl.erb'),
49 apache2::site { '000-default':
53 apache2::config { 'serve-cgi-bin':
58 $memlimit = 512 * 1024 * 1024
59 } elsif has_role('popcon') {
60 $memlimit = 512 * 1024 * 1024
62 $memlimit = $rlimitmem
65 apache2::config { 'resource-limits':
66 content => template('apache2/resource-limits.erb'),
69 apache2::config { 'security':
70 source => 'puppet:///modules/apache2/security',
73 apache2::config { 'logformat-privacy':
74 source => 'puppet:///modules/apache2/logformat-privacy',
77 apache2::config { 'local-serverinfo':
78 source => 'puppet:///modules/apache2/local-serverinfo',
81 apache2::config { 'server-status':
82 source => 'puppet:///modules/apache2/server-status',
85 apache2::config { 'puppet-ssl-macros':
86 source => 'puppet:///modules/apache2/puppet-ssl-macros',
89 apache2::config { 'puppet-ftp-macros':
90 source => 'puppet:///modules/apache2/puppet-ftp-macros',
93 apache2::config { 'puppet-config':
94 content => template('apache2/puppet-config.erb'),
97 apache2::config { 'headers':
98 source => 'puppet:///modules/apache2/headers',
101 apache2::config { 'disabled-service':
102 source => 'puppet:///modules/apache2/disabled-service',
105 apache2::module { 'mpm_event': ensure => absent }
106 if has_role('apache_prefork') {
107 apache2::module { 'mpm_worker': ensure => absent }
108 apache2::module { 'mpm_prefork': }
110 apache2::module { 'mpm_prefork': ensure => absent }
111 apache2::module { 'mpm_worker': }
113 file { '/etc/apache2/mods-available/mpm_worker.conf':
114 content => template('apache2/mpm_worker.erb'),
117 file { '/etc/logrotate.d/apache2':
118 source => 'puppet:///modules/apache2/apache2.logrotate',
121 file { '/var/log/apache2':
125 file { '/var/log/apache2/.nobackup':
130 munin::check { 'apache_accesses': }
131 munin::check { 'apache_processes': }
132 munin::check { 'apache_volume': }
133 munin::check { 'apache_servers': }
134 munin::check { 'ps_apache2':
137 # The munin script needs this
138 package { 'libwww-perl':
143 if has_role('apache_ratelimited') {
144 include apache2::dynamic
146 ferm::rule { 'dsa-http':
147 domain => '(ip ip6)',
149 description => 'Allow web access',
150 rule => '&SERVICE(tcp, (http https))'
155 exec { 'service apache2 reload':
156 path => '/usr/bin:/usr/sbin:/bin:/sbin',
157 command => 'service apache2 reload',
159 require => Package['apache2'],
162 apache2::config { 'puppet-ssl-key-pins':
163 content => template('apache2/ssl-key-pins.erb'),
164 notify => Exec['service apache2 reload'],
167 apache2::config { 'local-scheduled-shutdown':
168 source => 'puppet:///modules/apache2/local-scheduled-shutdown',