3 # Standard apache config debian.org hosts
9 # @param smaller_number_of_threads by default the worker config is geared towards
10 # serving static/cheap content. If the host is very
11 # script heavy (say the bug tracking system), set this
12 # to reduce the number of worker threads.
13 # @param rlimitnproc A resource limit for number of processes. The default is usually fine.
15 Boolean $smaller_number_of_threads = false,
16 Integer $rlimitnproc = 256,
26 require => Package['apache2'],
29 apache2::module { 'reqtimeout': }
30 apache2::module { 'info': }
31 apache2::module { 'status': }
32 apache2::module { 'headers': }
33 apache2::module { 'macro': }
35 apache2::site { '00-default':
36 site => 'default-debian.org',
37 content => template('apache2/default-debian.org.erb'),
39 apache2::site { 'xx-default-ssl':
40 site => 'default-debian.org-ssl',
41 content => template('apache2/default-debian.org-ssl.erb'),
44 apache2::site { '000-default':
48 apache2::config { 'serve-cgi-bin':
53 $memlimit = 512 * 1024 * 1024
54 } elsif has_role('dgit_git') {
55 $memlimit = 512 * 1024 * 1024
56 } elsif has_role('sso') {
57 $memlimit = 512 * 1024 * 1024
58 } elsif has_role('popcon') {
59 $memlimit = 512 * 1024 * 1024
60 } elsif has_role('qamaster') {
61 $memlimit = 300 * 1024 * 1024
63 $memlimit = 192 * 1024 * 1024
66 apache2::config { 'resource-limits':
67 content => template('apache2/resource-limits.erb'),
70 apache2::config { 'security':
71 source => 'puppet:///modules/apache2/security',
74 apache2::config { 'logformat-privacy':
75 source => 'puppet:///modules/apache2/logformat-privacy',
78 apache2::config { 'local-serverinfo':
79 source => 'puppet:///modules/apache2/local-serverinfo',
82 apache2::config { 'server-status':
83 source => 'puppet:///modules/apache2/server-status',
86 apache2::config { 'puppet-ssl-macros':
87 source => 'puppet:///modules/apache2/puppet-ssl-macros',
90 apache2::config { 'puppet-ftp-macros':
91 source => 'puppet:///modules/apache2/puppet-ftp-macros',
94 apache2::config { 'puppet-config':
95 content => template('apache2/puppet-config.erb'),
98 apache2::config { 'headers':
99 source => 'puppet:///modules/apache2/headers',
102 apache2::config { 'disabled-service':
103 source => 'puppet:///modules/apache2/disabled-service',
106 apache2::module { 'mpm_event': ensure => absent }
107 if has_role('apache_prefork') {
108 apache2::module { 'mpm_worker': ensure => absent }
109 apache2::module { 'mpm_prefork': }
111 apache2::module { 'mpm_prefork': ensure => absent }
112 apache2::module { 'mpm_worker': }
114 file { '/etc/apache2/mods-available/mpm_worker.conf':
115 content => template('apache2/mpm_worker.erb'),
118 file { '/etc/logrotate.d/apache2':
119 source => 'puppet:///modules/apache2/apache2.logrotate',
122 file { '/var/log/apache2':
126 file { '/var/log/apache2/.nobackup':
131 munin::check { 'apache_accesses': }
132 munin::check { 'apache_processes': }
133 munin::check { 'apache_volume': }
134 munin::check { 'apache_servers': }
135 munin::check { 'ps_apache2':
138 # The munin script needs this
139 package { 'libwww-perl':
143 if (! has_role('apache_not_public')) {
144 if has_role('apache_ratelimited') {
145 include apache2::dynamic
147 ferm::rule { 'dsa-http':
149 description => 'Allow web access',
150 rule => '&SERVICE(tcp, (http https))'
153 ferm::rule { 'dsa-http-v6':
156 description => 'Allow web access',
157 rule => '&SERVICE(tcp, (http https))'
162 exec { 'service apache2 reload':
163 path => '/usr/bin:/usr/sbin:/bin:/sbin',
164 command => 'service apache2 reload',
166 require => Package['apache2'],
169 apache2::config { 'puppet-ssl-key-pins':
170 content => template('apache2/ssl-key-pins.erb'),
171 notify => Exec['service apache2 reload'],
174 apache2::config { 'local-scheduled-shutdown':
175 source => 'puppet:///modules/apache2/local-scheduled-shutdown',