Initial commit

This commit is contained in:
Weidong Shao 2013-12-12 01:33:01 +00:00
parent a18af0e8b4
commit 7d1e1fb149
1569 changed files with 105354 additions and 0 deletions

View File

@ -0,0 +1,183 @@
## v1.7.0:
### Improvement
- [COOK-3073]: make access.log location configurable per-platform
- [COOK-3074]: don't hardcode the error.log location in the default site config
- [COOK-3268]: don't hardcode DocumentRoot and cgi-bin locations in `default_site`
### New Feature
- [COOK-3184]: Add `mod_filter` recipe to Apache2-cookbook
- [COOK-3236]: Add `mod_action` recipe to Apache2-cookbook
## v1.6.6:
1.6.4 had a missed step in the automated release, long live 1.6.6.
### Bug
- [COOK-3018]: apache2_module does duplicate delayed restart of
apache2 service when conf = true
- [COOK-3027]: Default site enable true, then false, does not disable
default site
- [COOK-3109]: fix apache lib_dir arch attribute regexp
## v1.6.2
* [COOK-2535] - `mod_auth_openid` requires libtool to run autogen.sh
* [COOK-2667] - Typo in usage documentation
* [COOK-2461] - `apache2::mod_auth_openid` fails on some ubuntu systems
* [COOK-2720] - Apache2 minitest helper function `ran_recipe` is not
portable
## v1.6.0:
* [COOK-2372] - apache2 mpm_worker: add ServerLimit attribute (default
to 16)
## v1.5.0:
**NOTE** The `mod_auth_openid` attributes are changed. The upstream
maintainer deprecated the older release versions, and the source
repository has releases available at specific SHA1SUM references.
The new attribute, `node['apache']['mod_auth_openid']['ref']` is
used to set this.
* [COOK-2198] - `apache::mod_auth_openid` compiles from source, but
does not install make on debian/ubuntu
* [COOK-2224] - version conflict between cucumber and other gems
* [COOK-2248] - `apache2::mod_php5` uses `not_if` "which php" without
ensuring package 'which' is installed
* [COOK-2269] - Set allow list for mod_status incase external monitor scripts need
* [COOK-2276] - cookbook apache2 documentation regarding listening
ports doesn't match default attributes
* [COOK-2296] - `mod_auth_openid` doesn't have tags/releases for the
version I need for features and fixes
* [COOK-2323] - Add Oracle linux support
## v1.4.2:
* [COOK-1721] - fix logrotate recipe
## v1.4.0:
* [COOK-1456] - iptables enhancements
* [COOK-1473] - apache2 does not disable default site when setting
"`default_site_enabled`" back to false
* [COOK-1824] - the apache2 cookbook needs to specify which binary is
used on rhel platform
* [COOK-1916] - Download location wrong for apache2 `mod_auth_openid`
>= 0.7
* [COOK-1917] - Improve `mod_auth_openid` recipe to handle module
upgrade more gracefully
* [COOK-2029] - apache2 restarts on every run on RHEL and friends,
generate-module-list on every run.
* [COOK-2036] - apache2: Cookbook style
## v1.3.2:
* [COOK-1804] - fix `web_app` definition parameter so site can be
disabled.
## v1.3.0:
* [COOK-1738] - Better configuration for `mod_include` and some
overrides in `web_app` definition
* [COOK-1470] - Change SSL Ciphers to Mitigate BEAST attack
## v1.2.0:
* [COOK-692] - delete package conf.d files in module recipes, for EL
* [COOK-1693] - Foodcritic finding for unnecessary string interpolation
* [COOK-1757] - platform_family and better style / usage practices
## v1.1.16:
re-releasing as .16 due to error on tag 1.1.14
* [COOK-1466] - add `mod_auth_cas` recipe
* [COOK-1609] - apache2 changes ports.conf twice per run when using
apache2::mod_ssl
## v1.1.12:
* [COOK-1436] - restore apache2 web_app definition
* [COOK-1356] - allow ExtendedStatus via attribute
* [COOK-1403] - add mod_fastcgi recipe
## v1.1.10:
* [COOK-1315] - allow the default site to not be enabled
* [COOK-1328] - cookbook tests (minitest, cucumber)
## v1.1.8:
* Some platforms with minimal installations that don't have perl won't
have a `node['languages']['perl']` attribute, so remove the
conditional and rely on the power of idempotence in the package
resource.
* [COOK-1214] - address foodcritic warnings
* [COOK-1180] - add `mod_logio` and fix `mod_proxy`
## v1.1.6:
FreeBSD users: This release requires the `freebsd` cookbook. See README.md.
* [COOK-1025] - freebsd support in mod_php5 recipe
## v1.1.4:
* [COOK-1100] - support amazon linux
## v1.1.2:
* [COOK-996] - apache2::mod_php5 can cause PHP and module API mismatches
* [COOK-1083] - return string for v_f_p and use correct value for
default
## v1.1.0:
* [COOK-861] - Add `mod_perl` and apreq2
* [COOK-941] - fix `mod_auth_openid` on FreeBSD
* [COOK-1021] - add a commented-out LoadModule directive to keep apxs happy
* [COOK-1022] - consistency for icondir attribute
* [COOK-1023] - fix platform test for attributes
* [COOK-1024] - fix a2enmod script so it runs cleanly on !bash
* [COOK-1026] - fix `error_log` location on FreeBSD
## v1.0.8:
* COOK-548 - directory resource doesn't have backup parameter
## v1.0.6:
* COOK-915 - update to `mod_auth_openid` version 0.6, see __Recipes/mod_auth_openid__ below.
* COOK-548 - Add support for FreeBSD.
## v1.0.4:
* COOK-859 - don't hardcode module paths
## v1.0.2
* Tickets resolved in this release: COOK-788, COOK-782, COOK-780
## v1.0.0
* Red Hat family support is greatly improved, all recipes except `god_monitor` converge.
* Recipe `mod_auth_openid` now works on RHEL family distros
* Recipe `mod_php5` will now remove config from package on RHEL family so it doesn't conflict with the cookbook's.
* Added `php5.conf.erb` template for `mod_php5` recipe.
* Create the run state directory for `mod_fcgid` to prevent a startup error on RHEL version 6.
* New attribute `node['apache']['lib_dir']` to handle lib vs lib64 on RHEL family distributions.
* New attribute `node['apache']['group']`.
* Scientific Linux support added.
* Use a file resource instead of the generate-module-list executed perl script on RHEL family.
* "default" site can now be disabled.
* web_app now has an "enable" parameter.
* Support for dav_fs apache module.
* Tickets resolved in this release: COOK-754, COOK-753, COOK-665, COOK-624, COOK-579, COOK-519, COOK-518
* Fix node references in template for a2dissite
* Use proper user and group attributes on files and templates.
* Replace the anemic README.rdoc with this new and improved superpowered README.md :).

View File

@ -0,0 +1,257 @@
# Contributing to Opscode Cookbooks
We are glad you want to contribute to Opscode Cookbooks! The first
step is the desire to improve the project.
You can find the answers to additional frequently asked questions
[on the wiki](http://wiki.opscode.com/display/chef/How+to+Contribute).
You can find additional information about
[contributing to cookbooks](http://wiki.opscode.com/display/chef/How+to+Contribute+to+Opscode+Cookbooks)
on the wiki as well.
## Quick-contribute
* Create an account on our [bug tracker](http://tickets.opscode.com)
* Sign our contributor agreement (CLA)
[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L)
(keep reading if you're contributing on behalf of your employer)
* Create a ticket for your change on the
[bug tracker](http://tickets.opscode.com)
* Link to your patch as a rebased git branch or pull request from the
ticket
* Resolve the ticket as fixed
We regularly review contributions and will get back to you if we have
any suggestions or concerns.
## The Apache License and the CLA/CCLA
Licensing is very important to open source projects, it helps ensure
the software continues to be available under the terms that the author
desired. Chef uses the Apache 2.0 license to strike a balance between
open contribution and allowing you to use the software however you
would like to.
The license tells you what rights you have that are provided by the
copyright holder. It is important that the contributor fully
understands what rights they are licensing and agrees to them.
Sometimes the copyright holder isn't the contributor, most often when
the contributor is doing work for a company.
To make a good faith effort to ensure these criteria are met, Opscode
requires a Contributor License Agreement (CLA) or a Corporate
Contributor License Agreement (CCLA) for all contributions. This is
without exception due to some matters not being related to copyright
and to avoid having to continually check with our lawyers about small
patches.
It only takes a few minutes to complete a CLA, and you retain the
copyright to your contribution.
You can complete our contributor agreement (CLA)
[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L).
If you're contributing on behalf of your employer, have your employer
fill out our
[Corporate CLA](https://secure.echosign.com/public/hostedForm?formid=PIE6C7AX856)
instead.
## Ticket Tracker (JIRA)
The [ticket tracker](http://tickets.opscode.com) is the most important
documentation for the code base. It provides significant historical
information, such as:
* Which release a bug fix is included in
* Discussion regarding the design and merits of features
* Error output to aid in finding similar bugs
Each ticket should aim to fix one bug or add one feature.
## Using git
You can get a quick copy of the repository for this cookbook by
running `git clone
git://github.com/opscode-coobkooks/COOKBOOKNAME.git`.
For collaboration purposes, it is best if you create a Github account
and fork the repository to your own account. Once you do this you will
be able to push your changes to your Github repository for others to
see and use.
If you have another repository in your GitHub account named the same
as the cookbook, we suggest you suffix the repository with -cookbook.
### Branches and Commits
You should submit your patch as a git branch named after the ticket,
such as COOK-1337. This is called a _topic branch_ and allows users to
associate a branch of code with the ticket.
It is a best practice to have your commit message have a _summary
line_ that includes the ticket number, followed by an empty line and
then a brief description of the commit. This also helps other
contributors understand the purpose of changes to the code.
[COOK-1757] - platform_family and style
* use platform_family for platform checking
* update notifies syntax to "resource_type[resource_name]" instead of
resources() lookup
* COOK-692 - delete config files dropped off by packages in conf.d
* dropped debian 4 support because all other platforms have the same
values, and it is older than "old stable" debian release
Remember that not all users use Chef in the same way or on the same
operating systems as you, so it is helpful to be clear about your use
case and change so they can understand it even when it doesn't apply
to them.
### Github and Pull Requests
All of Opscode's open source cookbook projects are available on
[Github](http://www.github.com/opscode-cookbooks).
We don't require you to use Github, and we will even take patch diffs
attached to tickets on the tracker. However Github has a lot of
convenient features, such as being able to see a diff of changes
between a pull request and the main repository quickly without
downloading the branch.
If you do choose to use a pull request, please provide a link to the
pull request from the ticket __and__ a link to the ticket from the
pull request. Because pull requests only have two states, open and
closed, we can't easily filter pull requests that are waiting for a
reply from the author for various reasons.
### More information
Additional help with git is available on the
[Working with Git](http://wiki.opscode.com/display/chef/Working+with+Git)
wiki page.
## Functional and Unit Tests
This cookbook is set up to run tests under
[Opscode's test-kitchen](https://github.com/opscode/test-kitchen). It
uses minitest-chef to run integration tests after the node has been
converged to verify that the state of the node.
Test kitchen should run completely without exception using the default
[baseboxes provided by Opscode](https://github.com/opscode/bento).
Because Test Kitchen creates VirtualBox machines and runs through
every configuration in the Kitchenfile, it may take some time for
these tests to complete.
If your changes are only for a specific recipe, run only its
configuration with Test Kitchen. If you are adding a new recipe, or
other functionality such as a LWRP or definition, please add
appropriate tests and ensure they run with Test Kitchen.
If any don't pass, investigate them before submitting your patch.
Any new feature should have unit tests included with the patch with
good code coverage to help protect it from future changes. Similarly,
patches that fix a bug or regression should have a _regression test_.
Simply put, this is a test that would fail without your patch but
passes with it. The goal is to ensure this bug doesn't regress in the
future. Consider a regular expression that doesn't match a certain
pattern that it should, so you provide a patch and a test to ensure
that the part of the code that uses this regular expression works as
expected. Later another contributor may modify this regular expression
in a way that breaks your use cases. The test you wrote will fail,
signalling to them to research your ticket and use case and accounting
for it.
If you need help writing tests, please ask on the Chef Developer's
mailing list, or the #chef-hacking IRC channel.
## Code Review
Opscode regularly reviews code contributions and provides suggestions
for improvement in the code itself or the implementation.
We find contributions by searching the ticket tracker for _resolved_
tickets with a status of _fixed_. If we have feedback we will reopen
the ticket and you should resolve it again when you've made the
changes or have a response to our feedback. When we believe the patch
is ready to be merged, we will tag the _Code Reviewed_ field with
_Reviewed_.
Depending on the project, these tickets are then merged within a week
or two, depending on the current release cycle.
## Release Cycle
The versioning for Opscode Cookbook projects is X.Y.Z.
* X is a major release, which may not be fully compatible with prior
major releases
* Y is a minor release, which adds both new features and bug fixes
* Z is a patch release, which adds just bug fixes
A released version of a cookbook will end in an even number, e.g.
"1.2.4" or "0.8.0". When development for the next version of the
cookbook begins, the "Z" patch number is incremented to the next odd
number, however the next release of the cookbook may be a major or
minor incrementing version.
Releases of Opscode's cookbooks are usually announced on the Chef user
mailing list. Releases of several cookbooks may be batched together
and announced on the [Opscode Blog](http://www.opscode.com/blog).
## Working with the community
These resources will help you learn more about Chef and connect to
other members of the Chef community:
* [chef](http://lists.opscode.com/sympa/info/chef) and
[chef-dev](http://lists.opscode.com/sympa/info/chef-dev) mailing
lists
* #chef and #chef-hacking IRC channels on irc.freenode.net
* [Community Cookbook site](http://community.opscode.com)
* [Chef wiki](http://wiki.opscode.com/display/chef)
* Opscode Chef [product page](http://www.opscode.com/chef)
## Cookbook Contribution Do's and Don't's
Please do include tests for your contribution. If you need help, ask
on the
[chef-dev mailing list](http://lists.opscode.com/sympa/info/chef-dev)
or the
[#chef-hacking IRC channel](http://community.opscode.com/chat/chef-hacking).
Not all platforms that a cookbook supports may be supported by Test
Kitchen. Please provide evidence of testing your contribution if it
isn't trivial so we don't have to duplicate effort in testing. Chef
10.14+ "doc" formatted output is sufficient.
Please do indicate new platform (families) or platform versions in the
commit message, and update the relevant ticket.
If a contribution adds new platforms or platform versions, indicate
such in the body of the commit message(s), and update the relevant
COOK ticket. When writing commit messages, it is helpful for others if
you indicate the COOK ticket. For example:
git commit -m '[COOK-1041] - Updated pool resource to correctly
delete.'
Please do use [foodcritic](http://acrmp.github.com/foodcritic) to
lint-check the cookbook. Except FC007, it should pass all correctness
rules. FC007 is okay as long as the dependent cookbooks are *required*
for the default behavior of the cookbook, such as to support an
uncommon platform, secondary recipe, etc.
Please do ensure that your changes do not break or modify behavior for
other platforms supported by the cookbook. For example if your changes
are for Debian, make sure that they do not break on CentOS.
Please do not modify the version number in the metadata.rb, Opscode
will select the appropriate version based on the release cycle
information above.
Please do not update the CHANGELOG.md for a new version. Not all
changes to a cookbook may be merged and released in the same versions.
Opscode will update the CHANGELOG.md when releasing a new version of
the cookbook.

View File

@ -0,0 +1,10 @@
source "https://rubygems.org"
gem 'cucumber', '~> 1.2.0'
gem 'httparty', '~> 0.8.3'
gem 'minitest', '~> 3.0.0'
gem 'nokogiri', '~> 1.5.0'
group :kitchen do
gem 'test-kitchen', '< 1.0'
end

View File

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View File

@ -0,0 +1,583 @@
Description
===========
This cookbook provides a complete Debian/Ubuntu style Apache HTTPD
configuration. Non-Debian based distributions such as Red Hat/CentOS,
ArchLinux and others supported by this cookbook will have a
configuration that mimics Debian/Ubuntu style as it is easier to
manage with Chef.
Debian-style Apache configuration uses scripts to manage modules and
sites (vhosts). The scripts are:
* a2ensite
* a2dissite
* a2enmod
* a2dismod
This cookbook ships with templates of these scripts for non
Debian/Ubuntu platforms. The scripts are used in the __Definitions__
below.
Requirements
============
## Ohai and Chef:
* Ohai: 0.6.12+
* Chef: 0.10.10+
As of v1.2.0, this cookbook makes use of `node['platform_family']` to
simplify platform selection logic. This attribute was introduced in
Ohai v0.6.12. The recipe methods were introduced in Chef v0.10.10. If
you must run an older version of Chef or Ohai, use [version 1.1.16 of
this cookbook](http://community.opscode.com/cookbooks/apache2/versions/1_1_16/downloads).
## Cookbooks:
This cookbook doesn't have direct dependencies on other cookbooks, as
none are needed for the default recipe or the general use cases.
Depending on your OS configuration and security policy, you may need
additional recipes or cookbooks for this cookbook's recipes to
converge on the node. In particular, the following Operating System
settings may affect the behavior of this cookbook:
* apt cache outdated
* SELinux enabled
* IPtables
* Compile tools
* 3rd party repositories
On Ubuntu/Debian, use Opscode's `apt` cookbook to ensure the package
cache is updated so Chef can install packages, or consider putting
apt-get in your bootstrap process or
[knife bootstrap template](http://wiki.opscode.com/display/chef/Knife+Bootstrap).
On RHEL, SELinux is enabled by default. The `selinux` cookbook
contains a `permissive` recipe that can be used to set SELinux to
"Permissive" state. Otherwise, additional recipes need to be created
by the user to address SELinux permissions.
The easiest but **certainly not ideal way** to deal with IPtables is
to flush all rules. Opscode does provide an `iptables` cookbook but is
migrating from the approach used there to a more robust solution
utilizing a general "firewall" LWRP that would have an "iptables"
provider. Alternately, you can use ufw, with Opscode's `ufw` and
`firewall` cookbooks to set up rules. See those cookbooks' READMEs for
documentation.
Build/compile tools may not be installed on the system by default.
Some recipes (e.g., `apache2::mod_auth_openid`) build the module from
source. Use Opscode's `build-essential` cookbook to get essential
build packages installed.
On ArchLinux, if you are using the `apache2::mod_auth_openid` recipe,
you also need the `pacman` cookbook for the `pacman_aur` LWRP. Put
`recipe[pacman]` on the node's expanded run list (on the node or in a
role). This is not an explicit dependency because it is only required
for this single recipe and platform; the pacman default recipe
performs `pacman -Sy` to keep pacman's package cache updated.
The `apache2::god_monitor` recipe uses a definition from the `god`
cookbook. Include `recipe[god]` in the node's expanded run list to
ensure that the cookbook is available to the node, and to set up `god`.
## Platforms:
The following platforms and versions are tested and supported using
Opscode's [test-kitchen](http://github.com/opscode/test-kitchen).
* Ubuntu 10.04, 12.04
* CentOS 5.8, 6.3
The following platform families are supported in the code, and are
assumed to work based on the successful testing on Ubuntu and CentOS.
* Debian
* Red Hat (rhel)
* Fedora
* Amazon Linux
The following platforms are also supported in the code, have been
tested manually but are not tested under test-kitchen.
* SUSE/OpenSUSE
* ArchLinux
* FreeBSD
### Notes for RHEL Family:
On Red Hat Enterprise Linux and derivatives, the EPEL repository may
be necessary to install packages used in certain recipes. The
`apache2::default` recipe, however, does not require any additional
repositories. Opscode's `yum` cookbook contains a recipe to add the
EPEL repository. See __Examples__ for more information.
### Notes for FreeBSD:
The `apache2::mod_php5` recipe depends on the `freebsd` cookbook,
which it uses to set the correct options for compiling the `php5` port
from sources. You need to ensure the `freebsd` is in the expanded run
list, or this recipe will fail. We don't set an explicit dependency
because we feel the `freebsd` cookbook is something users would want
on their nodes, and due to the generality of this cookbook we don't
want additional specific dependencies.
Tests
=====
This cookbook in the
[source repository](https://github.com/opscode-cookbooks/apache2)
contains minitest and cucumber tests. This is an initial proof of
concept that will be fleshed out with more supporting infrastructure
at a future time.
Please see the CONTRIBUTING file for information on how to add tests
for your contributions.
Attributes
==========
This cookbook uses many attributes, broken up into a few different
kinds.
Platform specific
-----------------
In order to support the broadest number of platforms, several
attributes are determined based on the node's platform. See the
attributes/default.rb file for default values in the case statement at
the top of the file.
* `node['apache']['dir']` - Location for the Apache configuration
* `node['apache']['log_dir']` - Location for Apache logs
* `node['apache']['error_log']` - Location for the default error log
* `node['apache']['access_log']` - Location for the default access log
* `node['apache']['user']` - User Apache runs as
* `node['apache']['group']` - Group Apache runs as
* `node['apache']['binary']` - Apache httpd server daemon
* `node['apache']['icondir']` - Location for icons
* `node['apache']['cache_dir']` - Location for cached files used by Apache itself or recipes
* `node['apache']['pid_file']` - Location of the PID file for Apache httpd
* `node['apache']['lib_dir']` - Location for shared libraries
* `node['apache']['default_site_enabled']` - Default site enabled. Defaults to true on redhat-family platforms
* `node['apache']['ext_status']` - if true, enables ExtendedStatus for `mod_status`
General settings
----------------
These are general settings used in recipes and templates. Default
values are noted.
* `node['apache']['listen_ports']` - Ports that httpd should listen on. Default is port 80.
* `node['apache']['contact']` - Value for ServerAdmin directive. Default "ops@example.com".
* `node['apache']['timeout']` - Value for the Timeout directive. Default is 300.
* `node['apache']['keepalive']` - Value for the KeepAlive directive. Default is On.
* `node['apache']['keepaliverequests']` - Value for MaxKeepAliveRequests. Default is 100.
* `node['apache']['keepalivetimeout']` - Value for the KeepAliveTimeout directive. Default is 5.
* `node['apache']['default_modules']` - Array of module names. Can take "mod_FOO" or "FOO" as names, where FOO is the apache module, e.g. "`mod_status`" or "`status`".
The modules listed in `default_modules` will be included as recipes in `recipe[apache::default]`.
Prefork attributes
------------------
Prefork attributes are used for tuning the Apache HTTPD prefork MPM
configuration.
* `node['apache']['prefork']['startservers']` - initial number of server processes to start. Default is 16.
* `node['apache']['prefork']['minspareservers']` - minimum number of spare server processes. Default 16.
* `node['apache']['prefork']['maxspareservers']` - maximum number of spare server processes. Default 32.
* `node['apache']['prefork']['serverlimit']` - upper limit on configurable server processes. Default 400.
* `node['apache']['prefork']['maxclients']` - Maximum number of simultaneous connections.
* `node['apache']['prefork']['maxrequestsperchild']` - Maximum number of request a child process will handle. Default 10000.
Worker attributes
-----------------
Worker attributes are used for tuning the Apache HTTPD worker MPM
configuration.
* `node['apache']['worker']['startservers']` - Initial number of server processes to start. Default 4
* `node['apache']['worker']['serverlimit']` - upper limit on configurable server processes. Default 16.
* `node['apache']['worker']['maxclients']` - Maximum number of simultaneous connections. Default 1024.
* `node['apache']['worker']['minsparethreads']` - Minimum number of spare worker threads. Default 64
* `node['apache']['worker']['maxsparethreads']` - Maximum number of spare worker threads. Default 192.
* `node['apache']['worker']['maxrequestsperchild']` - Maximum number of requests a child process will handle.
mod\_auth\_openid attributes
----------------------------
The following attributes are in the `attributes/mod_auth_openid.rb`
file. Like all Chef attributes files, they are loaded as well, but
they're logistically unrelated to the others, being specific to the
`mod_auth_openid` recipe.
* `node['apache']['mod_auth_openid']['checksum']` - sha256sum of the tarball containing the source.
* `node['apache']['mod_auth_openid']['ref']` - Any sha, tag, or branch found from https://github.com/bmuller/mod_auth_openid
* `node['apache']['mod_auth_openid']['cache_dir']` - the cache directory is where the sqlite3 database is stored. It is separate so it can be managed as a directory resource.
* `node['apache']['mod_auth_openid']['dblocation']` - filename of the sqlite3 database used for directive `AuthOpenIDDBLocation`, stored in the `cache_dir` by default.
* `node['apache']['mod_auth_openid']['configure_flags']` - optional array of configure flags passed to the `./configure` step in the compilation of the module.
mod\_ssl attributes
-------------------
* `node['apache']['mod_ssl']['cipher_suite']` - sets the
SSLCiphersuite value to the specified string. The default is
considered "sane" but you may need to change it for your local
security policy, e.g. if you have PCI-DSS requirements. Additional
commentary on the
[original pull request](https://github.com/opscode-cookbooks/apache2/pull/15#commitcomment-1605406).
Recipes
=======
Most of the recipes in the cookbook are for enabling Apache modules.
Where additional configuration or behavior is used, it is documented
below in more detail.
The following recipes merely enable the specified module: `mod_alias`,
`mod_basic`, `mod_digest`, `mod_authn_file`, `mod_authnz_ldap`,
`mod_authz_default`, `mod_authz_groupfile`, `mod_authz_host`,
`mod_authz_user`, `mod_autoindex`, `mod_cgi`, `mod_dav_fs`,
`mod_dav_svn`, `mod_deflate`, `mod_dir`, `mod_env`, `mod_expires`,
`mod_headers`, `mod_ldap`, `mod_log_config`, `mod_mime`,
`mod_negotiation`, `mod_proxy`, `mod_proxy_ajp`, `mod_proxy_balancer`,
`mod_proxy_connect`, `mod_proxy_http`, `mod_python`, `mod_rewrite`,
`mod_setenvif`, `mod_status`, `mod_wsgi`, `mod_xsendfile`.
On RHEL Family distributions, certain modules ship with a config file
with the package. The recipes here may delete those configuration
files to ensure they don't conflict with the settings from the
cookbook, which will use per-module configuration in
`/etc/httpd/mods-enabled`.
default
-------
The default recipe does a number of things to set up Apache HTTPd. It
also includes a number of modules based on the attribute
`node['apache']['default_modules']` as recipes.
logrotate
---------
Logrotate adds a logrotate entry for your apache2 logs. This recipe
requires the `logrotate` cookbook; ensure that `recipe[logrotate]` is
in the node's expanded run list.
mod\_auth\_cas
--------------
This recipe installs the proper package and enables the `auth_cas`
module. It can install from source or package. Package is the default,
set the attribute `node['apache']['mod_auth_cas']['from_source']` to
true to enable source installation. Modify the version to install by
changing the attribute
`node['apache']['mod_auth_cas']['source_revision']`. It is a version
tag by default, but could be master, or another tag, or branch.
The module configuration is written out with the `CASCookiePath` set,
otherwise an error loading the module may cause Apache to not start.
**Note**: This recipe does not work on EL 6 platforms unless
epel-testing repository is enabled (outside the scope of this
cookbook), or the package version 1.0.8.1-3.el6 or higher is otherwise
available to the system due to this bug:
https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=708550
mod\_auth\_openid
-----------------
**Changed via COOK-915**
This recipe compiles the module from source. In addition to
`build-essential`, some other packages are included for installation
like the GNU C++ compiler and development headers.
To use the module in your own cookbooks to authenticate systems using
OpenIDs, specify an array of OpenIDs that are allowed to authenticate
with the attribute `node['apache']['allowed_openids']`. Use the
following in a vhost to protect with OpenID authentication:
AuthType OpenID require user <%= node['apache']['allowed_openids'].join(' ') %>
AuthOpenIDDBLocation <%= node['apache']['mod_auth_openid']['dblocation'] %>
Change the DBLocation with the attribute as required; this file is in
a different location than previous versions, see below. It should be a
sane default for most platforms, though, see
`attributes/mod_auth_openid.rb`.
### Changes from COOK-915:
* `AuthType OpenID` instead of `AuthOpenIDEnabled On`.
* `require user` instead of `AuthOpenIDUserProgram`.
* A bug(?) in `mod_auth_openid` causes it to segfault when attempting
to update the database file if the containing directory is not
writable by the HTTPD process owner (e.g., www-data), even if the
file is writable. In order to not interfere with other settings from
the default recipe in this cookbook, the db file is moved.
mod\_fastcgi
------------
Install the fastcgi package and enable the module.
Only work on Debian/Ubuntu
mod\_fcgid
----------
Installs the fcgi package and enables the module. Requires EPEL on
RHEL family.
On RHEL family, this recipe will delete the fcgid.conf and on version
6+, create the /var/run/httpd/mod_fcgid` directory, which prevents the
emergency error:
[emerg] (2)No such file or directory: mod_fcgid: Can't create shared memory for size XX bytes
mod\_php5
--------
Simply installs the appropriate package on Debian, Ubuntu and
ArchLinux.
On Red Hat family distributions including Fedora, the php.conf that
comes with the package is removed. On RHEL platforms less than v6, the
`php53` package is used.
mod\_ssl
--------
Besides installing and enabling `mod_ssl`, this recipe will append
port 443 to the `node['apache']['listen_ports']` attribute array and
update the ports.conf.
god\_monitor
------------
Sets up a `god` monitor for Apache. External requirements are the
`god` and `runit` cookbooks from Opscode. When using this recipe,
include `recipe[god]` in the node's expanded run list to ensure the
client downloads it; `god` depends on runit so that will also be
downloaded.
**Note** This recipe is not tested under test-kitchen yet and is
pending fix in COOK-744.
Definitions
===========
The cookbook provides a few definitions. At some point in the future
these definitions may be refactored into lightweight resources and
providers as suggested by
[foodcritic rule FC015](http://acrmp.github.com/foodcritic/#FC015).
apache\_conf
------------
Sets up configuration file for an Apache module from a template. The
template should be in the same cookbook where the definition is used.
This is used by the `apache_module` definition and is not often used
directly.
This will use a template resource to write the module's configuration
file in the `mods-available` under the Apache configuration directory
(`node['apache']['dir']`). This is a platform-dependent location. See
__apache\_module__.
### Parameters:
* `name` - Name of the template. When used from the `apache_module`,
it will use the same name as the module.
### Examples:
Create `#{node['apache']['dir']}/mods-available/alias.conf`.
apache_conf "alias"
apache\_module
--------------
Enable or disable an Apache module in
`#{node['apache']['dir']}/mods-available` by calling `a2enmod` or
`a2dismod` to manage the symbolic link in
`#{node['apache']['dir']}/mods-enabled`. If the module has a
configuration file, a template should be created in the cookbook where
the definition is used. See __Examples__.
### Parameters:
* `name` - Name of the module enabled or disabled with the `a2enmod` or `a2dismod` scripts.
* `enable` - Default true, which uses `a2enmod` to enable the module. If false, the module will be disabled with `a2dismod`.
* `conf` - Default false. Set to true if the module has a config file, which will use `apache_conf` for the file.
* `filename` - specify the full name of the file, e.g.
### Examples:
Enable the ssl module, which also has a configuration template in `templates/default/ssl.conf.erb`.
apache_module "ssl" do
conf true
end
Enable the php5 module, which has a different filename than the module default:
apache_module "php5" do
filename "libphp5.so"
end
Disable a module:
apache_module "disabled_module" do
enable false
end
See the recipes directory for many more examples of `apache_module`.
apache\_site
------------
Enable or disable a VirtualHost in
`#{node['apache']['dir']}/sites-available` by calling a2ensite or
a2dissite to manage the symbolic link in
`#{node['apache']['dir']}/sites-enabled`.
The template for the site must be managed as a separate resource. To
combine the template with enabling a site, see `web_app`.
### Parameters:
* `name` - Name of the site.
* `enable` - Default true, which uses `a2ensite` to enable the site. If false, the site will be disabled with `a2dissite`.
web\_app
--------
Manage a template resource for a VirtualHost site, and enable it with
`apache_site`. This is commonly done for managing web applications
such as Ruby on Rails, PHP or Django, and the default behavior
reflects that. However it is flexible.
This definition includes some recipes to make sure the system is
configured to have Apache and some sane default modules:
* `apache2`
* `apache2::mod_rewrite`
* `apache2::mod_deflate`
* `apache2::mod_headers`
It will then configure the template (see __Parameters__ and
__Examples__ below), and enable or disable the site per the `enable`
parameter.
### Parameters:
Current parameters used by the definition:
* `name` - The name of the site. The template will be written to
`#{node['apache']['dir']}/sites-available/#{params['name']}.conf`
* `cookbook` - Optional. Cookbook where the source template is. If
this is not defined, Chef will use the named template in the
cookbook where the definition is used.
* `template` - Default `web_app.conf.erb`, source template file.
* `enable` - Default true. Passed to the `apache_site` definition.
Additional parameters can be defined when the definition is called in
a recipe, see __Examples__.
### Examples:
All parameters are passed into the template. You can use whatever you
like. The apache2 cookbook comes with a `web_app.conf.erb` template as
an example. The following parameters are used in the template:
* `server_name` - ServerName directive.
* `server_aliases` - ServerAlias directive. Must be an array of aliases.
* `docroot` - DocumentRoot directive.
* `application_name` - Used in RewriteLog directive. Will be set to the `name` parameter.
* `directory_index` - Allow overriding the default DirectoryIndex setting, optional
* `directory_options` - Override Options on the docroot, for example to add parameters like Includes or Indexes, optional.
* `allow_override` - Modify the AllowOverride directive on the docroot to support apps that need .htaccess to modify configuration or require authentication.
To use the default web_app, for example:
web_app "my_site" do
server_name node['hostname']
server_aliases [node['fqdn'], "my-site.example.com"]
docroot "/srv/www/my_site"
end
The parameters specified will be used as:
* `@params[:server_name]`
* `@params[:server_aliases]`
* `@params[:docroot]`
In the template. When you write your own, the `@` is significant.
For more information about Definitions and parameters, see the
[Chef Wiki](http://wiki.opscode.com/display/chef/Definitions)
Usage
=====
Using this cookbook is relatively straightforward. Add the desired
recipes to the run list of a node, or create a role. Depending on your
environment, you may have multiple roles that use different recipes
from this cookbook. Adjust any attributes as desired. For example, to
create a basic role for web servers that provide both HTTP and HTTPS:
% cat roles/webserver.rb
name "webserver"
description "Systems that serve HTTP and HTTPS"
run_list(
"recipe[apache2]",
"recipe[apache2::mod_ssl]"
)
default_attributes(
"apache" => {
"listen_ports" => ["80", "443"]
}
)
For examples of using the definitions in your own recipes, see their
respective sections above.
License and Authors
===================
* Author:: Adam Jacob <adam@opscode.com>
* Author:: Joshua Timberman <joshua@opscode.com>
* Author:: Bryan McLellan <bryanm@widemile.com>
* Author:: Dave Esposito <esposito@espolinux.corpnet.local>
* Author:: David Abdemoulaie <github@hobodave.com>
* Author:: Edmund Haselwanter <edmund@haselwanter.com>
* Author:: Eric Rochester <err8n@virginia.edu>
* Author:: Jim Browne <jbrowne@42lines.net>
* Author:: Matthew Kent <mkent@magoazul.com>
* Author:: Nathen Harvey <nharvey@customink.com>
* Author:: Ringo De Smet <ringo.de.smet@amplidata.com>
* Author:: Sean OMeara <someara@opscode.com>
* Author:: Seth Chisamore <schisamo@opscode.com>
* Author:: Gilles Devaux <gilles@peerpong.com>
* Copyright:: 2009-2012, Opscode, Inc
* Copyright:: 2011, Atriso
* Copyright:: 2011, CustomInk, LLC.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View File

@ -0,0 +1,168 @@
#
# Cookbook Name:: apache2
# Attributes:: apache
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['apache']['root_group'] = "root"
# Where the various parts of apache are
case platform
when "redhat", "centos", "scientific", "fedora", "suse", "amazon", "oracle"
default['apache']['package'] = "httpd"
default['apache']['dir'] = "/etc/httpd"
default['apache']['log_dir'] = "/var/log/httpd"
default['apache']['error_log'] = "error.log"
default['apache']['access_log'] = "access.log"
default['apache']['user'] = "apache"
default['apache']['group'] = "apache"
default['apache']['binary'] = "/usr/sbin/httpd"
default['apache']['docroot_dir'] = "/var/www/html"
default['apache']['cgibin_dir'] = "/var/www/cgi-bin"
default['apache']['icondir'] = "/var/www/icons"
default['apache']['cache_dir'] = "/var/cache/httpd"
if node['platform_version'].to_f >= 6 then
default['apache']['pid_file'] = "/var/run/httpd/httpd.pid"
else
default['apache']['pid_file'] = "/var/run/httpd.pid"
end
default['apache']['lib_dir'] = node['kernel']['machine'] =~ /^i[36]86$/ ? "/usr/lib/httpd" : "/usr/lib64/httpd"
default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules"
default['apache']['default_site_enabled'] = false
when "debian", "ubuntu"
default['apache']['package'] = "apache2"
default['apache']['dir'] = "/etc/apache2"
default['apache']['log_dir'] = "/var/log/apache2"
default['apache']['error_log'] = "error.log"
default['apache']['access_log'] = "access.log"
default['apache']['user'] = "www-data"
default['apache']['group'] = "www-data"
default['apache']['binary'] = "/usr/sbin/apache2"
default['apache']['docroot_dir'] = "/var/www"
default['apache']['cgibin_dir'] = "/usr/lib/cgi-bin"
default['apache']['icondir'] = "/usr/share/apache2/icons"
default['apache']['cache_dir'] = "/var/cache/apache2"
default['apache']['pid_file'] = "/var/run/apache2.pid"
default['apache']['lib_dir'] = "/usr/lib/apache2"
default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules"
default['apache']['default_site_enabled'] = false
when "arch"
default['apache']['package'] = "apache"
default['apache']['dir'] = "/etc/httpd"
default['apache']['log_dir'] = "/var/log/httpd"
default['apache']['error_log'] = "error.log"
default['apache']['access_log'] = "access.log"
default['apache']['user'] = "http"
default['apache']['group'] = "http"
default['apache']['binary'] = "/usr/sbin/httpd"
default['apache']['docroot_dir'] = "/srv/http"
default['apache']['cgibin_dir'] = "/usr/share/httpd/cgi-bin"
default['apache']['icondir'] = "/usr/share/httpd/icons"
default['apache']['cache_dir'] = "/var/cache/httpd"
default['apache']['pid_file'] = "/var/run/httpd/httpd.pid"
default['apache']['lib_dir'] = "/usr/lib/httpd"
default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules"
default['apache']['default_site_enabled'] = false
when "freebsd"
default['apache']['package'] = "apache22"
default['apache']['dir'] = "/usr/local/etc/apache22"
default['apache']['log_dir'] = "/var/log"
default['apache']['error_log'] = "httpd-error.log"
default['apache']['access_log'] = "httpd-access.log"
default['apache']['root_group'] = "wheel"
default['apache']['user'] = "www"
default['apache']['group'] = "www"
default['apache']['binary'] = "/usr/local/sbin/httpd"
default['apache']['docroot_dir'] = "/usr/local/www/apache22/data"
default['apache']['cgibin_dir'] = "/usr/local/www/apache22/cgi-bin"
default['apache']['icondir'] = "/usr/local/www/apache22/icons"
default['apache']['cache_dir'] = "/var/run/apache22"
default['apache']['pid_file'] = "/var/run/httpd.pid"
default['apache']['lib_dir'] = "/usr/local/libexec/apache22"
default['apache']['libexecdir'] = node['apache']['lib_dir']
default['apache']['default_site_enabled'] = false
else
default['apache']['dir'] = "/etc/apache2"
default['apache']['log_dir'] = "/var/log/apache2"
default['apache']['error_log'] = "error.log"
default['apache']['access_log'] = "access.log"
default['apache']['user'] = "www-data"
default['apache']['group'] = "www-data"
default['apache']['binary'] = "/usr/sbin/apache2"
default['apache']['docroot_dir'] = "/var/www"
default['apache']['cgibin_dir'] = "/usr/lib/cgi-bin"
default['apache']['icondir'] = "/usr/share/apache2/icons"
default['apache']['cache_dir'] = "/var/cache/apache2"
default['apache']['pid_file'] = "logs/httpd.pid"
default['apache']['lib_dir'] = "/usr/lib/apache2"
default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules"
default['apache']['default_site_enabled'] = false
end
###
# These settings need the unless, since we want them to be tunable,
# and we don't want to override the tunings.
###
# General settings
default['apache']['listen_ports'] = ["80"]
default['apache']['contact'] = "ops@example.com"
default['apache']['timeout'] = 300
default['apache']['keepalive'] = "On"
default['apache']['keepaliverequests'] = 100
default['apache']['keepalivetimeout'] = 5
# Security
default['apache']['servertokens'] = "Prod"
default['apache']['serversignature'] = "On"
default['apache']['traceenable'] = "On"
# mod_auth_openids
default['apache']['allowed_openids'] = Array.new
# mod_status Allow list, space seprated list of allowed entries.
default['apache']['status_allow_list'] = "localhost ip6-localhost"
# mod_status ExtendedStatus, set to 'true' to enable
default['apache']['ext_status'] = false
# Prefork Attributes
default['apache']['prefork']['startservers'] = 16
default['apache']['prefork']['minspareservers'] = 16
default['apache']['prefork']['maxspareservers'] = 32
default['apache']['prefork']['serverlimit'] = 400
default['apache']['prefork']['maxclients'] = 400
default['apache']['prefork']['maxrequestsperchild'] = 10000
# Worker Attributes
default['apache']['worker']['startservers'] = 4
default['apache']['worker']['serverlimit'] = 16
default['apache']['worker']['maxclients'] = 1024
default['apache']['worker']['minsparethreads'] = 64
default['apache']['worker']['maxsparethreads'] = 192
default['apache']['worker']['threadsperchild'] = 64
default['apache']['worker']['maxrequestsperchild'] = 0
# Default modules to enable via include_recipe
default['apache']['default_modules'] = %w{
status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex
dir env mime negotiation setenvif
}
%w{ log_config logio }.each do |log_mod|
default['apache']['default_modules'] << log_mod if ["rhel", "fedora", "suse", "arch", "freebsd"].include?(node['platform_family'])
end

View File

@ -0,0 +1,2 @@
default['apache']['mod_auth_cas']['from_source'] = false
default['apache']['mod_auth_cas']['source_revision'] = "v1.0.8.1"

View File

@ -0,0 +1,32 @@
#
# Author:: Joshua Timberman <joshua@opscode.com>
# Copyright:: Copyright (c) 2011, Opscode, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['apache']['mod_auth_openid']['ref'] = "95043901eab868400937642d9bc55d17e9dd069f"
default['apache']['mod_auth_openid']['source_url'] = "https://github.com/bmuller/mod_auth_openid/archive/#{node['apache']['mod_auth_openid']['ref']}.tar.gz"
default['apache']['mod_auth_openid']['cache_dir'] = "/var/cache/mod_auth_openid"
default['apache']['mod_auth_openid']['dblocation'] = "#{node['apache']['mod_auth_openid']['cache_dir']}/mod_auth_openid.db"
case node['platform_family']
when "freebsd"
default['apache']['mod_auth_openid']['configure_flags'] = [
"CPPFLAGS=-I/usr/local/include",
"LDFLAGS=-I/usr/local/lib -lsqlite3"
]
else
default['apache']['mod_auth_openid']['configure_flags'] = []
end

View File

@ -0,0 +1,19 @@
#
# Author:: Nathan L Smith <nlloyds@gmail.com>
# Copyright:: Copyright (c) 2012, Opscode, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['apache']['mod_ssl']['cipher_suite'] = 'RC4-SHA:HIGH:!ADH'

View File

@ -0,0 +1,26 @@
#
# Cookbook Name:: apache2
# Definition:: apache_conf
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
define :apache_conf do
template "#{node['apache']['dir']}/mods-available/#{params[:name]}.conf" do
source "mods/#{params[:name]}.conf.erb"
notifies :restart, "service[apache2]"
mode 0644
end
end

View File

@ -0,0 +1,53 @@
#
# Cookbook Name:: apache2
# Definition:: apache_module
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
define :apache_module, :enable => true, :conf => false do
include_recipe "apache2"
params[:filename] = params[:filename] || "mod_#{params[:name]}.so"
params[:module_path] = params[:module_path] || "#{node['apache']['libexecdir']}/#{params[:filename]}"
if params[:conf]
apache_conf params[:name]
end
if platform_family?("rhel", "fedora", "arch", "suse", "freebsd")
file "#{node['apache']['dir']}/mods-available/#{params[:name]}.load" do
content "LoadModule #{params[:name]}_module #{params[:module_path]}\n"
mode 0644
end
end
if params[:enable]
execute "a2enmod #{params[:name]}" do
command "/usr/sbin/a2enmod #{params[:name]}"
notifies :restart, "service[apache2]"
not_if do (::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") and
((::File.exists?("#{node['apache']['dir']}/mods-available/#{params[:name]}.conf"))?
(::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.conf")):(true)))
end
end
else
execute "a2dismod #{params[:name]}" do
command "/usr/sbin/a2dismod #{params[:name]}"
notifies :restart, "service[apache2]"
only_if do ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") end
end
end
end

View File

@ -0,0 +1,43 @@
#
# Cookbook Name:: apache2
# Definition:: apache_site
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
define :apache_site, :enable => true do
include_recipe "apache2"
if params[:enable]
execute "a2ensite #{params[:name]}" do
command "/usr/sbin/a2ensite #{params[:name]}"
notifies :restart, resources(:service => "apache2")
not_if do
::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{params[:name]}") or
::File.symlink?("#{node['apache']['dir']}/sites-enabled/000-#{params[:name]}")
end
only_if do ::File.exists?("#{node['apache']['dir']}/sites-available/#{params[:name]}") end
end
else
execute "a2dissite #{params[:name]}" do
command "/usr/sbin/a2dissite #{params[:name]}"
notifies :restart, resources(:service => "apache2")
only_if do
::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{params[:name]}") or
::File.symlink?("#{node['apache']['dir']}/sites-enabled/000-#{params[:name]}")
end
end
end
end

View File

@ -0,0 +1,50 @@
#
# Cookbook Name:: apache2
# Definition:: web_app
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
define :web_app, :template => "web_app.conf.erb", :enable => true do
application_name = params[:name]
include_recipe "apache2"
include_recipe "apache2::mod_rewrite"
include_recipe "apache2::mod_deflate"
include_recipe "apache2::mod_headers"
template "#{node['apache']['dir']}/sites-available/#{application_name}.conf" do
source params[:template]
owner "root"
group node['apache']['root_group']
mode 0644
if params[:cookbook]
cookbook params[:cookbook]
end
variables(
:application_name => application_name,
:params => params
)
if ::File.exists?("#{node['apache']['dir']}/sites-enabled/#{application_name}.conf")
notifies :reload, resources(:service => "apache2"), :delayed
end
end
site_enabled = params[:enable]
apache_site "#{params[:name]}.conf" do
enable site_enabled
end
end

View File

@ -0,0 +1,41 @@
#!/usr/bin/perl
=begin
Generates Ubuntu style module.load files.
./apache2_module_conf_generate.pl /usr/lib64/httpd/modules /etc/httpd/mods-available
ARGV[0] is the apache modules directory, ARGV[1] is where you want 'em.
=cut
use File::Find;
use strict;
use warnings;
die "Must have '/path/to/modules' and '/path/to/modules.load'"
unless $ARGV[0] && $ARGV[1];
find(
{
wanted => sub {
return 1 if $File::Find::name !~ /\.so$/;
my $modfile = $_;
$modfile =~ /(lib|mod_)(.+)\.so$/;
my $modname = $2;
my $filename = "$ARGV[1]/$modname.load";
unless ( -f $filename ) {
open( FILE, ">", $filename ) or die "Cannot open $filename";
print FILE "LoadModule " . $modname . "_module $File::Find::name\n";
close(FILE);
}
},
follow => 1,
},
$ARGV[0]
);
exit 0;

View File

@ -0,0 +1,77 @@
require File.expand_path('../support/helpers', __FILE__)
describe 'apache2::default' do
include Helpers::Apache
it 'installs apache' do
package(node['apache']['package']).must_be_installed
end
it 'starts apache' do
apache_service.must_be_running
end
it 'enables apache' do
apache_service.must_be_enabled
end
it 'creates the conf.d directory' do
directory("#{node['apache']['dir']}/conf.d").must_exist.with(:mode, "755")
end
it 'creates the logs directory' do
directory(node['apache']['log_dir']).must_exist
end
it 'enables the default site unless it is disabled' do
skip unless node['apache']['default_site_enabled']
file("#{node['apache']['dir']}/sites-enabled/000-default").must_exist
file("#{node['apache']['dir']}/sites-available/default").must_exist
end
it 'ensures the debian-style apache module scripts are present' do
%w{a2ensite a2dissite a2enmod a2dismod}.each do |mod_script|
file("/usr/sbin/#{mod_script}").must_exist
end
end
it 'reports server name only, not detailed version info' do
assert_match(/^ServerTokens Prod *$/, File.read("#{node['apache']['dir']}/conf.d/security"))
end
it 'listens on port 80' do
apache_configured_ports.must_include(80)
end
it 'only listens on port 443 when SSL is enabled' do
unless ran_recipe?('apache2::mod_ssl')
apache_configured_ports.wont_include(443)
end
end
it 'reports server name only, not detailed version info' do
file("#{node['apache']['dir']}/conf.d/security").must_match(/^ServerTokens Prod *$/)
end
it "enables default_modules" do
node['apache']['default_modules'].each do |a2mod|
apache_enabled_modules.must_include "#{a2mod}_module"
end
end
describe 'centos' do
it 'ensures no modules are loaded in conf.d' do
Dir["#{node['apache']['dir']}/conf.d/*"].each do |f|
file(f).wont_include 'LoadModule'
end
end
end
describe 'configuration' do
it { config.must_include '# Generated by Chef' }
it { config.must_include %Q{ServerRoot "#{node['apache']['dir']}"} }
it { config.must_include "Include #{node['apache']['dir']}/conf.d/" }
it { apache_config_parses? }
end
end

View File

@ -0,0 +1,34 @@
#
# Author:: Joshua Timberman <joshua@opscode.com>
# Copyright:: Copyright (c) 2012, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require File.expand_path('../support/helpers', __FILE__)
describe "apache2::god_monitor" do
include Helpers::Apache
it 'starts god service to supervise apache2' do
service("god").must_be_running
end
it 'creates the god service template for apache' do
file("/etc/god/conf.d/apache2.god").must_exist
end
it 'starts an apache2 service that works like a regular service' do
# to be implemented when COOK-744 is fixed
end
end

View File

@ -0,0 +1,19 @@
require File.expand_path('../support/helpers', __FILE__)
describe 'apache2::mod_apreq2' do
include Helpers::Apache
it 'enables apreq_module' do
apache_enabled_modules.must_include "apreq_module"
end
it 'symlinks the module on EL' do
skip unless %w{rhel fedora}.include?(node['platform_family'])
libdir = node['kernel']['machine'] == 'x86_64' ? "lib64" : "lib"
link(
"/usr/#{libdir}/httpd/modules/mod_apreq.so"
).must_exist.with(
:link_type, :symbolic).and(:to, "/usr/#{libdir}/httpd/modules/mod_apreq2.so"
)
end
end

View File

@ -0,0 +1,11 @@
require File.expand_path('../support/helpers', __FILE__)
describe "apache2::mod_auth_cas" do
include Helpers::Apache
it 'enables auth_cas_module' do
skip if %w{rhel fedora}.include?(node['platform_family']) && node['platform_version'].to_f > 6.0
apache_enabled_modules.must_include "auth_cas_module"
end
end

View File

@ -0,0 +1,37 @@
require File.expand_path('../support/helpers', __FILE__)
require 'pathname'
describe 'apache2::mod_auth_openid' do
include Helpers::Apache
it "installs the opekele library" do
lib_dir = Pathname.new(node['apache']['lib_dir']).dirname.to_s
file("#{lib_dir}/libopkele.so").must_exist
end
it "does not add the module to httpd.conf" do
conffile = case node['platform']
when 'debian', 'ubuntu'
"apache2.conf"
when "redhat", "centos", "scientific", "fedora", "arch", "amazon"
"conf/httpd.conf"
when "freebsd"
"httpd.conf"
end
httpd_config = File.read(File.join(node['apache']['dir'], conffile))
refute_match /^LoadModule authopenid_module /, httpd_config
end
it "creates a cache directory for the module" do
directory(node['apache']['mod_auth_openid']['cache_dir']).must_exist.with(:owner, node['apache']['user'])
end
it "ensures the db file is writable by apache" do
file(node['apache']['mod_auth_openid']['dblocation']).must_exist.with(:owner, node['apache']['user']).and(:mode, "644")
end
it 'enables authopenid_module' do
apache_enabled_modules.must_include "authopenid_module"
end
end

View File

@ -0,0 +1,13 @@
require File.expand_path('../support/helpers', __FILE__)
describe 'apache2::mod_cgi' do
include Helpers::Apache
# the cgi module can be either cgi or cgid
it 'enables cgi or cgid_module' do
assert(apache_enabled_modules.include?('cgi_module') ||
apache_enabled_modules.include?('cgid_module')
)
end
end

View File

@ -0,0 +1,14 @@
require File.expand_path('../support/helpers', __FILE__)
describe 'apache2::mod_dav_svn' do
include Helpers::Apache
it 'enables dav_svn_module' do
apache_enabled_modules.must_include "dav_svn_module"
end
it 'enables dav_module' do
apache_enabled_modules.must_include "dav_module"
end
end

View File

@ -0,0 +1,11 @@
require File.expand_path('../support/helpers', __FILE__)
describe "apache2::mod_fastcgi" do
include Helpers::Apache
it 'enables fastcgi_module' do
skip if %w{rhel fedora}.include?(node['platform_family'])
apache_enabled_modules.must_include "fastcgi_module"
end
end

View File

@ -0,0 +1,15 @@
require File.expand_path('../support/helpers', __FILE__)
describe 'apache2::mod_include' do
include Helpers::Apache
it 'enables include_module' do
apache_enabled_modules.must_include "include_module"
end
it 'drops off the include module configuration' do
assert_match(/AddType text\/html .shtml/, File.read("#{node['apache']['dir']}/mods-enabled/include.conf"))
assert_match(/AddOutputFilter INCLUDES .shtml/, File.read("#{node['apache']['dir']}/mods-enabled/include.conf"))
end
end

View File

@ -0,0 +1,18 @@
require File.expand_path('../support/helpers', __FILE__)
describe 'apache2::mod_perl' do
include Helpers::Apache
it 'enables perl_module' do
apache_enabled_modules.must_include "perl_module"
end
it 'installs the apache request library' do
req_pkg = case node['platform']
when 'debian', 'ubuntu' then 'libapache2-request-perl'
else 'perl-libapreq2'
end
package(req_pkg).must_be_installed
end
end

View File

@ -0,0 +1,13 @@
require File.expand_path('../support/helpers', __FILE__)
describe 'apache2::mod_php5' do
include Helpers::Apache
it 'enables php5_module' do
apache_enabled_modules.must_include "php5_module"
end
it "deletes the packaged php config if any" do
file("#{node['apache']['dir']}/conf.d/php.conf").wont_exist
end
end

View File

@ -0,0 +1,10 @@
require File.expand_path('../support/helpers', __FILE__)
describe 'apache2::mod_python' do
include Helpers::Apache
it 'enables python_module' do
apache_enabled_modules.must_include "python_module"
end
end

View File

@ -0,0 +1,28 @@
require File.expand_path('../support/helpers', __FILE__)
describe 'apache2::mod_ssl' do
include Helpers::Apache
it 'installs the mod_ssl package on RHEL distributions' do
skip unless ["rhel", "fedora"].include? node['platform_family']
package("mod_ssl").must_be_installed
end
it 'enables ssl_module' do
apache_enabled_modules.must_include "ssl_module"
end
it 'does not store SSL config in conf.d' do
file("#{node['apache']['dir']}/conf.d/ssl.conf").wont_exist
end
it "is configured to listen on port 443" do
apache_configured_ports.must_include(443)
end
it 'configures SSLCiphersuit from an attribute' do
assert_match(/^SSLCipherSuite #{node['apache']['mod_ssl']['cipher_suite']}$/,
File.read("#{node['apache']['dir']}/mods-enabled/ssl.conf"))
end
end

View File

@ -0,0 +1,65 @@
module Helpers
module Apache
require 'chef/mixin/shell_out'
include Chef::Mixin::ShellOut
include MiniTest::Chef::Assertions
include MiniTest::Chef::Context
include MiniTest::Chef::Resources
def apache_config_parses?
acp = shell_out("#{node['apache']['binary']} -t")
acp.exitstatus == 0
end
def apache_configured_ports
port_config = File.read("#{node['apache']['dir']}/ports.conf")
port_config.scan(/^Listen ([0-9]+)/).flatten.map { |p| p.to_i }
end
def apache_enabled_modules
apache_modules = shell_out("#{node['apache']['binary']} -M")
apache_modules.send(
if node['platform_family'] == 'rhel' && node['platform_version'].to_f < 6.0
:stderr
else
:stdout
end
).split.select! { |i| i =~ /_module$/ }
end
def apache_service
service(
case node['platform']
when "debian", "ubuntu" then "apache2"
when "freebsd" then "apache22"
else "httpd"
end
)
end
def config
file(
case node['platform']
when "debian", "ubuntu" then "#{node['apache']['dir']}/apache2.conf"
when "freebsd" then "#{node['apache']['dir']}/httpd.conf"
else "#{node['apache']['dir']}/conf/httpd.conf"
end
)
end
def ran_recipe?(recipe)
if Chef::VERSION < "11.0"
seen_recipes = node.run_state[:seen_recipes]
recipes = seen_recipes.keys.each { |i| i }
else
recipes = run_context.loaded_recipes
end
if recipes.empty? and Chef::Config[:solo]
#If you have roles listed in your run list they are NOT expanded
recipes = node.run_list.map {|item| item.name if item.type == :recipe }
end
recipes.include?(recipe)
end
end
end

View File

@ -0,0 +1,213 @@
name "apache2"
maintainer "Opscode, Inc."
maintainer_email "cookbooks@opscode.com"
license "Apache 2.0"
description "Installs and configures all aspects of apache2 using Debian style symlinks with helper definitions"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version "1.7.0"
recipe "apache2", "Main Apache configuration"
recipe "apache2::logrotate", "Rotate apache2 logs. Requires logrotate cookbook"
recipe "apache2::mod_alias", "Apache module 'alias' with config file"
recipe "apache2::mod_apreq2", "Apache module 'apreq'"
recipe "apache2::mod_auth_basic", "Apache module 'auth_basic'"
recipe "apache2::mod_auth_digest", "Apache module 'auth_digest'"
recipe "apache2::mod_auth_openid", "Apache module 'authopenid'"
recipe "apache2::mod_authn_file", "Apache module 'authn_file'"
recipe "apache2::mod_authnz_ldap", "Apache module 'authnz_ldap'"
recipe "apache2::mod_authz_default", "Apache module 'authz_default'"
recipe "apache2::mod_authz_groupfile", "Apache module 'authz_groupfile'"
recipe "apache2::mod_authz_host", "Apache module 'authz_host'"
recipe "apache2::mod_authz_user", "Apache module 'authz_user'"
recipe "apache2::mod_autoindex", "Apache module 'autoindex' with config file"
recipe "apache2::mod_cgi", "Apache module 'cgi'"
recipe "apache2::mod_dav", "Apache module 'dav'"
recipe "apache2::mod_dav_svn", "Apache module 'dav_svn'"
recipe "apache2::mod_deflate", "Apache module 'deflate' with config file"
recipe "apache2::mod_dir", "Apache module 'dir' with config file"
recipe "apache2::mod_env", "Apache module 'env'"
recipe "apache2::mod_expires", "Apache module 'expires'"
recipe "apache2::mod_fcgid", "Apache module 'fcgid', package on ubuntu/debian, rhel/centos, compile source on suse; with config file"
recipe "apache2::mod_headers", "Apache module 'headers'"
recipe "apache2::mod_include", "Apache module 'include'"
recipe "apache2::mod_ldap", "Apache module 'ldap'"
recipe "apache2::mod_log_config", "Apache module 'log_config'"
recipe "apache2::mod_mime", "Apache module 'mime' with config file"
recipe "apache2::mod_negotiation", "Apache module 'negotiation' with config file"
recipe "apache2::mod_perl", "Apache module 'perl'"
recipe "apache2::mod_php5", "Apache module 'php5'"
recipe "apache2::mod_proxy", "Apache module 'proxy' with config file"
recipe "apache2::mod_proxy_ajp", "Apache module 'proxy_ajp'"
recipe "apache2::mod_proxy_balancer", "Apache module 'proxy_balancer'"
recipe "apache2::mod_proxy_connect", "Apache module 'proxy_connect'"
recipe "apache2::mod_proxy_http", "Apache module 'proxy_http'"
recipe "apache2::mod_python", "Apache module 'python'"
recipe "apache2::mod_rewrite", "Apache module 'rewrite'"
recipe "apache2::mod_setenvif", "Apache module 'setenvif' with config file"
recipe "apache2::mod_ssl", "Apache module 'ssl' with config file, adds port 443 to listen_ports"
recipe "apache2::mod_status", "Apache module 'status' with config file"
recipe "apache2::mod_xsendfile", "Apache module 'xsendfile'"
%w{redhat centos scientific fedora debian ubuntu arch freebsd amazon}.each do |os|
supports os
end
attribute "apache",
:display_name => "Apache Hash",
:description => "Hash of Apache attributes",
:type => "hash"
attribute "apache/dir",
:display_name => "Apache Directory",
:description => "Location for Apache configuration",
:default => "/etc/apache2"
attribute "apache/log_dir",
:display_name => "Apache Log Directory",
:description => "Location for Apache logs",
:default => "/etc/apache2"
attribute "apache/user",
:display_name => "Apache User",
:description => "User Apache runs as",
:default => "www-data"
attribute "apache/binary",
:display_name => "Apache Binary",
:description => "Apache server daemon program",
:default => "/usr/sbin/apache2"
attribute "apache/icondir",
:display_name => "Apache Icondir",
:description => "Directory location for icons",
:default => "/usr/share/apache2/icons"
attribute "apache/listen_ports",
:display_name => "Apache Listen Ports",
:description => "Ports that Apache should listen on",
:type => "array",
:default => ["80", "443"]
attribute "apache/contact",
:display_name => "Apache Contact",
:description => "Email address of webmaster",
:default => "ops@example.com"
attribute "apache/timeout",
:display_name => "Apache Timeout",
:description => "Connection timeout value",
:default => "300"
attribute "apache/keepalive",
:display_name => "Apache Keepalive",
:description => "HTTP persistent connections",
:default => "On"
attribute "apache/keepaliverequests",
:display_name => "Apache Keepalive Requests",
:description => "Number of requests allowed on a persistent connection",
:default => "100"
attribute "apache/keepalivetimeout",
:display_name => "Apache Keepalive Timeout",
:description => "Time to wait for requests on persistent connection",
:default => "5"
attribute "apache/servertokens",
:display_name => "Apache Server Tokens",
:description => "Server response header",
:default => "Prod"
attribute "apache/serversignature",
:display_name => "Apache Server Signature",
:description => "Configure footer on server-generated documents",
:default => "On"
attribute "apache/traceenable",
:display_name => "Apache Trace Enable",
:description => "Determine behavior of TRACE requests",
:default => "On"
attribute "apache/allowed_openids",
:display_name => "Apache Allowed OpenIDs",
:description => "Array of OpenIDs allowed to authenticate",
:default => ""
attribute "apache/prefork",
:display_name => "Apache Prefork",
:description => "Hash of Apache prefork tuning attributes.",
:type => "hash"
attribute "apache/prefork/startservers",
:display_name => "Apache Prefork MPM StartServers",
:description => "Number of MPM servers to start",
:default => "16"
attribute "apache/prefork/minspareservers",
:display_name => "Apache Prefork MPM MinSpareServers",
:description => "Minimum number of spare server processes",
:default => "16"
attribute "apache/prefork/maxspareservers",
:display_name => "Apache Prefork MPM MaxSpareServers",
:description => "Maximum number of spare server processes",
:default => "32"
attribute "apache/prefork/serverlimit",
:display_name => "Apache Prefork MPM ServerLimit",
:description => "Upper limit on configurable server processes",
:default => "400"
attribute "apache/prefork/maxclients",
:display_name => "Apache Prefork MPM MaxClients",
:description => "Maximum number of simultaneous connections",
:default => "400"
attribute "apache/prefork/maxrequestsperchild",
:display_name => "Apache Prefork MPM MaxRequestsPerChild",
:description => "Maximum number of request a child process will handle",
:default => "10000"
attribute "apache/worker",
:display_name => "Apache Worker",
:description => "Hash of Apache prefork tuning attributes.",
:type => "hash"
attribute "apache/worker/startservers",
:display_name => "Apache Worker MPM StartServers",
:description => "Initial number of server processes to start",
:default => "4"
attribute "apache/worker/maxclients",
:display_name => "Apache Worker MPM MaxClients",
:description => "Maximum number of simultaneous connections",
:default => "1024"
attribute "apache/worker/minsparethreads",
:display_name => "Apache Worker MPM MinSpareThreads",
:description => "Minimum number of spare worker threads",
:default => "64"
attribute "apache/worker/maxsparethreads",
:display_name => "Apache Worker MPM MaxSpareThreads",
:description => "Maximum number of spare worker threads",
:default => "192"
attribute "apache/worker/threadsperchild",
:display_name => "Apache Worker MPM ThreadsPerChild",
:description => "Constant number of worker threads in each server process",
:default => "64"
attribute "apache/worker/maxrequestsperchild",
:display_name => "Apache Worker MPM MaxRequestsPerChild",
:description => "Maximum number of request a child process will handle",
:default => "0"
attribute "apache/default_modules",
:display_name => "Apache Default Modules",
:description => "Default modules to enable via recipes",
:default => "status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex dir env mime negotiation setenvif"
attribute "apache/mod_ssl/cipher_suite",
:display_name => "Apache mod_ssl Cipher Suite",
:description => "String of SSL ciphers to use for SSLCipherSuite",
:default => "RC4-SHA:HIGH:!ADH"

View File

@ -0,0 +1,223 @@
#
# Cookbook Name:: apache2
# Recipe:: default
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
package "apache2" do
package_name node['apache']['package']
end
service "apache2" do
case node['platform_family']
when "rhel", "fedora", "suse"
service_name "httpd"
# If restarted/reloaded too quickly httpd has a habit of failing.
# This may happen with multiple recipes notifying apache to restart - like
# during the initial bootstrap.
restart_command "/sbin/service httpd restart && sleep 1"
reload_command "/sbin/service httpd reload && sleep 1"
when "debian"
service_name "apache2"
restart_command "/usr/sbin/invoke-rc.d apache2 restart && sleep 1"
reload_command "/usr/sbin/invoke-rc.d apache2 reload && sleep 1"
when "arch"
service_name "httpd"
when "freebsd"
service_name "apache22"
end
supports [:restart, :reload, :status]
action :enable
end
if platform_family?("rhel", "fedora", "arch", "suse", "freebsd")
directory node['apache']['log_dir'] do
mode 00755
end
package "perl"
cookbook_file "/usr/local/bin/apache2_module_conf_generate.pl" do
source "apache2_module_conf_generate.pl"
mode 00755
owner "root"
group node['apache']['root_group']
end
%w{sites-available sites-enabled mods-available mods-enabled}.each do |dir|
directory "#{node['apache']['dir']}/#{dir}" do
mode 00755
owner "root"
group node['apache']['root_group']
end
end
execute "generate-module-list" do
command "/usr/local/bin/apache2_module_conf_generate.pl #{node['apache']['lib_dir']} #{node['apache']['dir']}/mods-available"
action :nothing
end
%w{a2ensite a2dissite a2enmod a2dismod}.each do |modscript|
template "/usr/sbin/#{modscript}" do
source "#{modscript}.erb"
mode 00700
owner "root"
group node['apache']['root_group']
end
end
# installed by default on centos/rhel, remove in favour of mods-enabled
%w{ proxy_ajp auth_pam authz_ldap webalizer ssl welcome }.each do |f|
file "#{node['apache']['dir']}/conf.d/#{f}.conf" do
action :delete
backup false
end
end
# installed by default on centos/rhel, remove in favour of mods-enabled
file "#{node['apache']['dir']}/conf.d/README" do
action :delete
backup false
end
# enable mod_deflate for consistency across distributions
include_recipe "apache2::mod_deflate"
end
if platform_family?("freebsd")
file "#{node['apache']['dir']}/Includes/no-accf.conf" do
action :delete
backup false
end
directory "#{node['apache']['dir']}/Includes" do
action :delete
end
%w{
httpd-autoindex.conf httpd-dav.conf httpd-default.conf httpd-info.conf
httpd-languages.conf httpd-manual.conf httpd-mpm.conf
httpd-multilang-errordoc.conf httpd-ssl.conf httpd-userdir.conf
httpd-vhosts.conf
}.each do |f|
file "#{node['apache']['dir']}/extra/#{f}" do
action :delete
backup false
end
end
directory "#{node['apache']['dir']}/extra" do
action :delete
end
end
directory "#{node['apache']['dir']}/ssl" do
mode 00755
owner "root"
group node['apache']['root_group']
end
directory "#{node['apache']['dir']}/conf.d" do
mode 00755
owner "root"
group node['apache']['root_group']
end
directory node['apache']['cache_dir'] do
mode 00755
owner "root"
group node['apache']['root_group']
end
# Set the preferred execution binary - prefork or worker
template "/etc/sysconfig/httpd" do
source "etc-sysconfig-httpd.erb"
owner "root"
group node['apache']['root_group']
mode 00644
notifies :restart, "service[apache2]"
only_if { platform_family?("rhel", "fedora") }
end
template "apache2.conf" do
case node['platform_family']
when "rhel", "fedora", "arch"
path "#{node['apache']['dir']}/conf/httpd.conf"
when "debian"
path "#{node['apache']['dir']}/apache2.conf"
when "freebsd"
path "#{node['apache']['dir']}/httpd.conf"
end
source "apache2.conf.erb"
owner "root"
group node['apache']['root_group']
mode 00644
notifies :restart, "service[apache2]"
end
template "apache2-conf-security" do
path "#{node['apache']['dir']}/conf.d/security"
source "security.erb"
owner "root"
group node['apache']['root_group']
mode 00644
backup false
notifies :restart, "service[apache2]"
end
template "apache2-conf-charset" do
path "#{node['apache']['dir']}/conf.d/charset"
source "charset.erb"
owner "root"
group node['apache']['root_group']
mode 00644
backup false
notifies :restart, "service[apache2]"
end
template "#{node['apache']['dir']}/ports.conf" do
source "ports.conf.erb"
owner "root"
group node['apache']['root_group']
variables :apache_listen_ports => node['apache']['listen_ports'].map { |p| p.to_i }.uniq
mode 00644
notifies :restart, "service[apache2]"
end
template "#{node['apache']['dir']}/sites-available/default" do
source "default-site.erb"
owner "root"
group node['apache']['root_group']
mode 00644
notifies :restart, "service[apache2]"
end
node['apache']['default_modules'].each do |mod|
module_recipe_name = mod =~ /^mod_/ ? mod : "mod_#{mod}"
include_recipe "apache2::#{module_recipe_name}"
end
apache_site "default" do
enable node['apache']['default_site_enabled']
end
service "apache2" do
action :start
end

View File

@ -0,0 +1,33 @@
#
# Cookbook Name:: apache2
# Recipe:: god_monitor
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_service = service "apache2" do
action :nothing
end
start_command = apache_service.start_command
stop_command = apache_service.stop_command
restart_command = apache_service.restart_command
god_monitor "apache2" do
config "apache2.god.erb"
start (start_command)?start_command : "/etc/init.d/#{apache_service.service_name} start"
restart (restart_command)?restart_command : "/etc/init.d/#{apache_service.service_name} restart"
stop (stop_command)?stop_command : "/etc/init.d/#{apache_service.service_name} stop"
end

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: iptables
#
# Copyright 2012, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
iptables_rule "port_apache"

View File

@ -0,0 +1,31 @@
#
# Cookbook Name:: apache2
# Recipe:: logrotate
#
# Copyright 2012, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_service = service "apache2" do
action :nothing
end
begin
include_recipe 'logrotate'
rescue
Chef::Log.warn("The apache::logrotate recipe requires the logrotate cookbook. Install the cookbook with `knife cookbook site install logrotate`.")
end
logrotate_app apache_service.service_name do
path node['apache']['log_dir']
end

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: actions
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "actions"

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: alias
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "alias" do
conf true
end

View File

@ -0,0 +1,54 @@
#
# Cookbook Name:: apache2
# Recipe:: apreq2
#
# modified from the python recipe by Jeremy Bingham
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe "apache2"
case node['platform_family']
when "debian"
package "libapache2-mod-apreq2"
when "rhel", "fedora"
package "libapreq2" do
notifies :run, "execute[generate-module-list]", :immediately
end
# seems that the apreq lib is weirdly broken or something - it needs to be
# loaded as "apreq", but on RHEL & derivitatives the file needs a symbolic
# link to mod_apreq.so.
link "/usr/lib64/httpd/modules/mod_apreq.so" do
to "/usr/lib64/httpd/modules/mod_apreq2.so"
only_if "test -f /usr/lib64/httpd/modules/mod_apreq2.so"
end
link "/usr/lib/httpd/modules/mod_apreq.so" do
to "/usr/lib/httpd/modules/mod_apreq2.so"
only_if "test -f /usr/lib/httpd/modules/mod_apreq2.so"
end
end
file "#{node['apache']['dir']}/conf.d/apreq.conf" do
action :delete
backup false
end
apache_module "apreq"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: auth_basic
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "auth_basic"

View File

@ -0,0 +1,59 @@
include_recipe "apache2"
if node['apache']['mod_auth_cas']['from_source']
package "httpd-devel" do
package_name value_for_platform_family(
["rhel", "fedora", "suse"] => "httpd-devel",
"debian" => "apache2-dev"
)
end
git '/tmp/mod_auth_cas' do
repository 'git://github.com/Jasig/mod_auth_cas.git'
revision node['apache']['mod_auth_cas']['source_revision']
notifies :run, 'execute[compile mod_auth_cas]', :immediately
end
execute 'compile mod_auth_cas' do
command './configure && make && make install'
cwd '/tmp/mod_auth_cas'
not_if "test -f #{node['apache']['libexecdir']}/mod_auth_cas.so"
end
template "#{node['apache']['dir']}/mods-available/auth_cas.load" do
source 'mods/auth_cas.load.erb'
owner 'root'
group node['apache']['root_group']
mode 00644
end
else
case node['platform_family']
when "debian"
package "libapache2-mod-auth-cas"
when "rhel", "fedora"
yum_package "mod_auth_cas" do
notifies :run, "execute[generate-module-list]", :immediately
end
file "#{node['apache']['dir']}/conf.d/auth_cas.conf" do
action :delete
backup false
end
end
end
apache_module 'auth_cas' do
conf true
end
directory "#{node['apache']['cache_dir']}/mod_auth_cas" do
owner node['apache']['user']
group node['apache']['group']
mode 00700
end

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: auth_digest
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "auth_digest"

View File

@ -0,0 +1,125 @@
#
# Cookbook Name:: apache2
# Recipe:: mod_auth_openid
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
openid_dev_pkgs = value_for_platform_family(
["debian"] => %w{automake make g++ apache2-prefork-dev libopkele-dev libopkele3 libtool},
["rhel", "fedora"] => %w{gcc-c++ httpd-devel curl-devel libtidy libtidy-devel sqlite-devel pcre-devel openssl-devel make libtool},
"arch" => ["libopkele"],
"freebsd" => %w{libopkele pcre sqlite3}
)
make_cmd = value_for_platform_family(
"freebsd" => { "default" => "gmake" },
"default" => "make"
)
case node['platform_family']
when "arch"
include_recipe "pacman"
package "tidyhtml"
pacman_aur openid_dev_pkgs.first do
action [:build, :install]
end
else
openid_dev_pkgs.each do |pkg|
package pkg
end
end
case node['platform_family']
when "rhel", "fedora"
remote_file "#{Chef::Config['file_cache_path']}/libopkele-2.0.4.tar.gz" do
source "http://kin.klever.net/dist/libopkele-2.0.4.tar.gz"
mode 00644
checksum "57a5bc753b7e80c5ece1e5968b2051b0ce7ed9ce4329d17122c61575a9ea7648"
end
bash "install libopkele" do
cwd Chef::Config['file_cache_path']
# Ruby 1.8.6 does not have rpartition, unfortunately
syslibdir = node['apache']['lib_dir'][0..node['apache']['lib_dir'].rindex("/")]
code <<-EOH
tar zxvf libopkele-2.0.4.tar.gz
cd libopkele-2.0.4 && ./configure --prefix=/usr --libdir=#{syslibdir}
#{make_cmd} && #{make_cmd} install
EOH
creates "#{syslibdir}/libopkele.a"
end
end
version = node['apache']['mod_auth_openid']['ref']
configure_flags = node['apache']['mod_auth_openid']['configure_flags']
remote_file "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}.tar.gz" do
source node['apache']['mod_auth_openid']['source_url']
mode 00644
action :create_if_missing
end
file "mod_auth_openid_dblocation" do
path node['apache']['mod_auth_openid']['dblocation']
action :nothing
end
bash "untar mod_auth_openid" do
cwd Chef::Config['file_cache_path']
code <<-EOH
tar zxvf mod_auth_openid-#{version}.tar.gz
EOH
end
bash "compile mod_auth_openid" do
cwd "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}"
code <<-EOH
./autogen.sh
./configure #{configure_flags.join(' ')}
perl -pi -e "s/-i -a -n 'authopenid'/-i -n 'authopenid'/g" Makefile
#{make_cmd} && #{make_cmd} install
EOH
creates "#{node['apache']['libexecdir']}/mod_auth_openid.so"
notifies :delete, "file[mod_auth_openid_dblocation]", :immediately
notifies :restart, "service[apache2]"
end
directory node['apache']['mod_auth_openid']['cache_dir'] do
owner node['apache']['user']
group node['apache']['group']
mode 00700
end
file node['apache']['mod_auth_openid']['dblocation'] do
owner node['apache']['user']
group node['apache']['group']
mode 00644
end
template "#{node['apache']['dir']}/mods-available/authopenid.load" do
source "mods/authopenid.load.erb"
owner "root"
group node['apache']['root_group']
mode 00644
end
apache_module "authopenid" do
filename "mod_auth_openid.so"
end

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: authn_file
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "authn_file"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: authnz_ldap
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "authnz_ldap"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: authz_default
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "authz_default"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: authz_groupfile
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "authz_groupfile"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: authz_host
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "authz_host"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: authz_user
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "authz_user"

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: autoindex
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "autoindex" do
conf true
end

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: cgi
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "cgi"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: dav
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "dav"

View File

@ -0,0 +1,21 @@
#
# Cookbook Name:: apache2
# Recipe:: dav_fs
#
# Copyright 2011, Atriso
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe "apache2::mod_dav"
apache_module "dav_fs"

View File

@ -0,0 +1,41 @@
#
# Cookbook Name:: apache2
# Recipe:: dav_svn
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe "apache2::mod_dav"
package "libapache2-svn" do
case node['platform_family']
when "rhel", "fedora", "suse"
package_name "mod_dav_svn"
else
package_name "libapache2-svn"
end
end
case node['platform_family']
when "rhel", "fedora", "suse"
file "#{node['apache']['conf']}/conf.d/subversion.conf" do
action :delete
backup false
end
end
apache_module "dav_svn"

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: deflate
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "deflate" do
conf true
end

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: dir
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "dir" do
conf true
end

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: env
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "env"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: expires
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "expires"

View File

@ -0,0 +1,26 @@
#
# Cookbook Name:: apache2
# Recipe:: fastcgi
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if platform_family?("debian")
package "libapache2-mod-fastcgi"
apache_module "fastcgi" do
conf true
end
end

View File

@ -0,0 +1,55 @@
#
# Cookbook Name:: apache2
# Recipe:: fcgid
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if platform_family?("debian")
package "libapache2-mod-fcgid"
elsif platform_family?("rhel", "fedora")
package "mod_fcgid" do
notifies :run, resources(:execute => "generate-module-list"), :immediately
end
file "#{node['apache']['dir']}/conf.d/fcgid.conf" do
action :delete
backup false
end
directory "/var/run/httpd/mod_fcgid" do
recursive true
only_if { node['platform_version'].to_i >= 6 }
end
elsif platform_family?("suse")
apache_lib_path = node['apache']['lib_dir']
package "httpd-devel"
bash "install-fcgid" do
code <<-EOH
(cd #{Chef::Config['file_cache_path']}; wget http://superb-east.dl.sourceforge.net/sourceforge/mod-fcgid/mod_fcgid.2.2.tgz)
(cd #{Chef::Config['file_cache_path']}; tar zxvf mod_fcgid.2.2.tgz)
(cd #{Chef::Config['file_cache_path']}; perl -pi -e 's!/usr/local/apache2!#{apache_lib_path}!g' ./mod_fcgid.2.2/Makefile)
(cd #{Chef::Config['file_cache_path']}/mod_fcgid.2.2; make install)
EOH
end
end
apache_module "fcgid" do
conf true
end

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: filter
#
# Copyright 2008-2013, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "filter"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: headers
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "headers"

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: include
#
# Copyright 2012, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "include" do
conf true
end

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: ldap
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "ldap"

View File

@ -0,0 +1,24 @@
#
# Cookbook Name:: apache2
# Recipe:: log_config
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if platform_family?("rhel", "fedora", "suse", "arch", "freebsd")
apache_module "log_config"
else
include_recipe "apache2"
end

View File

@ -0,0 +1,24 @@
#
# Cookbook Name:: apache2
# Recipe:: logio
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if platform_family?("rhel", "fedora", "suse", "arch", "freebsd")
apache_module "logio"
else
include_recipe "apache2"
end

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: mime
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "mime" do
conf true
end

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: negotiation
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "negotiation" do
conf true
end

View File

@ -0,0 +1,44 @@
#
# Cookbook Name:: apache2
# Recipe:: perl
#
# adapted from the mod_python recipe by Jeremy Bingham
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
case node['platform_family']
when "debian"
%w{libapache2-mod-perl2 libapache2-request-perl apache2-mpm-prefork}.each do |pkg|
package pkg
end
when "rhel", "fedora"
package "mod_perl" do
notifies :run, "execute[generate-module-list]", :immediately
end
package "perl-libapreq2"
end
file "#{node['apache']['dir']}/conf.d/perl.conf" do
action :delete
backup false
end
apache_module "perl"

View File

@ -0,0 +1,78 @@
#
# Cookbook Name:: apache2
# Recipe:: php5
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
case node['platform_family']
when "debian"
package "libapache2-mod-php5"
when "arch"
package "php-apache" do
notifies :run, "execute[generate-module-list]", :immediately
end
when "rhel"
package "which"
package "php package" do
if node['platform_version'].to_f < 6.0
package_name "php53"
else
package_name "php"
end
notifies :run, "execute[generate-module-list]", :immediately
not_if "which php"
end
when "fedora"
package "php package" do
package_name "php"
notifies :run, "execute[generate-module-list]", :immediately
not_if "which php"
end
when "freebsd"
freebsd_port_options "php5" do
options "APACHE" => true
action :create
end
package "php package" do
package_name "php5"
source "ports"
notifies :run, "execute[generate-module-list]", :immediately
end
end
file "#{node['apache']['dir']}/conf.d/php.conf" do
action :delete
backup false
end
apache_module "php5" do
case node['platform_family']
when "rhel", "fedora", "freebsd"
conf true
filename "libphp5.so"
end
end

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: proxy
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "proxy" do
conf true
end

View File

@ -0,0 +1,21 @@
#
# Cookbook Name:: apache2
# Recipe:: proxy
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe "apache2::mod_proxy"
apache_module "proxy_ajp"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: proxy
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "proxy_balancer"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: proxy
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "proxy_connect"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: proxy_http
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "proxy_http"

View File

@ -0,0 +1,37 @@
#
# Cookbook Name:: apache2
# Recipe:: python
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
case node['platform_family']
when "debian"
package "libapache2-mod-python"
when "rhel", "fedora"
package "mod_python" do
notifies :run, "execute[generate-module-list]", :immediately
end
end
file "#{node['apache']['dir']}/conf.d/python.conf" do
action :delete
backup false
end
apache_module "python"

View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: apache2
# Recipe:: rewrite
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "rewrite"

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: setenvif
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "setenvif" do
conf true
end

View File

@ -0,0 +1,46 @@
#
# Cookbook Name:: apache2
# Recipe:: ssl
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unless node['apache']['listen_ports'].include?("443")
node.set['apache']['listen_ports'] = node['apache']['listen_ports'] + ["443"]
end
ports = node['apache']['listen_ports']
if platform_family?("rhel", "fedora", "suse")
package "mod_ssl" do
notifies :run, "execute[generate-module-list]", :immediately
end
file "#{node['apache']['dir']}/conf.d/ssl.conf" do
action :delete
backup false
end
end
template "#{node['apache']['dir']}/ports.conf" do
source "ports.conf.erb"
variables :apache_listen_ports => ports.map { |p| p.to_i }.uniq
notifies :restart, "service[apache2]"
mode 00644
end
apache_module "ssl" do
conf true
end

View File

@ -0,0 +1,22 @@
#
# Cookbook Name:: apache2
# Recipe:: status
#
# Copyright 2008-2009, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module "status" do
conf true
end

View File

@ -0,0 +1,38 @@
#
# Cookbook Name:: apache2
# Recipe:: mod_wsgi
#
# Copyright 2008-2012, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
case node['platform_family']
when "debian"
package "libapache2-mod-wsgi"
when "rhel", "fedora", "arch"
package "mod_wsgi" do
notifies :run, "execute[generate-module-list]", :immediately
end
end
file "#{node['apache']['dir']}/conf.d/wsgi.conf" do
action :delete
backup false
end
apache_module "wsgi"

View File

@ -0,0 +1,38 @@
#
# Cookbook Name:: apache2
# Recipe:: mod_xsendfile
#
# Copyright 2011, CustomInk, LLC.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
case node['platform_family']
when "debian"
package "libapache2-mod-xsendfile"
when "rhel", "fedora"
package "mod_xsendfile" do
notifies :run, "execute[generate-module-list]", :immediately
end
end
file "#{node['apache']['dir']}/conf.d/xsendfile.conf" do
action :delete
backup false
end
apache_module "xsendfile"

View File

@ -0,0 +1,22 @@
#!/bin/sh -e
SYSCONFDIR='<%= node['apache']['dir'] %>'
if [ -z $1 ]; then
echo "Which module would you like to disable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/mods-enabled/*.load | \
sed -e "s,$SYSCONFDIR/mods-enabled/,,g" | sed -e 's/\.load$//g;' | xargs echo
echo -n "Module name? "
read MODNAME
else
MODNAME=$1
fi
if ! [ -e $SYSCONFDIR/mods-enabled/$MODNAME.load ]; then
echo "This module is already disabled, or does not exist!"
exit 1
fi
rm -f $SYSCONFDIR/mods-enabled/$MODNAME.*
echo "Module $MODNAME disabled; reload apache to fully disable."

View File

@ -0,0 +1,29 @@
#!/bin/sh -e
SYSCONFDIR='<%= node['apache']['dir'] %>'
if [ -z $1 ]; then
echo "Which site would you like to disable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/sites-enabled/* | \
sed -e "s,$SYSCONFDIR/sites-enabled/,,g" | xargs echo
echo -n "Site name? "
read SITENAME
else
SITENAME=$1
fi
if [ $SITENAME = "default" ]; then
PRIORITY="000"
fi
if ! [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
-e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
echo "This site is already disabled, or does not exist!"
exit 1
fi
if ! rm $SYSCONFDIR/sites-enabled/$SITENAME 2>/dev/null; then
rm -f $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
fi
echo "Site $SITENAME disabled; reload apache to disable."

View File

@ -0,0 +1,37 @@
#!/bin/sh -e
SYSCONFDIR='<%= node['apache']['dir'] %>'
if [ -z $1 ]; then
echo "Which module would you like to enable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/mods-available/*.load | \
sed -e "s,$SYSCONFDIR/mods-available/,,g" | sed -e 's/\.load$//g;' | xargs echo
echo -n "Module name? "
read MODNAME
else
MODNAME=$1
fi
#figure out if we're on a prefork or threaded mpm
if [ -x /usr/sbin/apache2 ]; then
PREFORK=`/usr/sbin/apache2 -l | grep prefork || true`
fi
if [ -e $SYSCONFDIR/mods-enabled/$MODNAME.load -a -e $SYSCONFDIR/mods-enabled/$MODNAME.conf ]; then
echo "This module is already enabled!"
exit 0
fi
if ! [ -e $SYSCONFDIR/mods-available/$MODNAME.load ]; then
echo "This module does not exist!"
exit 1
fi
for i in conf load; do
if [ -e $SYSCONFDIR/mods-available/$MODNAME.$i -a ! -e $SYSCONFDIR/mods-enabled/$MODNAME.$i ]; then
ln -sf $SYSCONFDIR/mods-available/$MODNAME.$i $SYSCONFDIR/mods-enabled/$MODNAME.$i;
fi
done
echo "Module $MODNAME installed; reload apache to enable."

View File

@ -0,0 +1,38 @@
#!/bin/sh -e
SYSCONFDIR='<%= node['apache']['dir'] %>'
if [ -z $1 ]; then
echo "Which site would you like to enable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/sites-available/* | \
sed -e "s,$SYSCONFDIR/sites-available/,,g" | xargs echo
echo -n "Site name? "
read SITENAME
else
SITENAME=$1
fi
if [ $SITENAME = "default" ]; then
PRIORITY="000"
fi
if [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
-e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
echo "This site is already enabled!"
exit 0
fi
if ! [ -e $SYSCONFDIR/sites-available/$SITENAME ]; then
echo "This site does not exist!"
exit 1
fi
if [ $SITENAME = "default" ]; then
ln -sf $SYSCONFDIR/sites-available/$SITENAME \
$SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
else
ln -sf $SYSCONFDIR/sites-available/$SITENAME $SYSCONFDIR/sites-enabled/$SITENAME
fi
echo "Site $SITENAME installed; reload apache to enable."

View File

@ -0,0 +1,238 @@
#
# Generated by Chef
#
# Based on the Ubuntu apache2.conf
ServerRoot "<%= node['apache']['dir'] %>"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
<% if %w{debian}.include?(node['platform_family']) -%>
LockFile /var/lock/apache2/accept.lock
<% elsif %w{freebsd}.include?(node['platform_family']) -%>
LockFile /var/log/accept.lock
<% else %>
LockFile logs/accept.lock
<% end -%>
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile <%= node['apache']['pid_file'] %>
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout <%= node['apache']['timeout'] %>
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive <%= node['apache']['keepalive'] %>
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests <%= node['apache']['keepaliverequests'] %>
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout <%= node['apache']['keepalivetimeout'] %>
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
StartServers <%= node['apache']['prefork']['startservers'] %>
MinSpareServers <%= node['apache']['prefork']['minspareservers'] %>
MaxSpareServers <%= node['apache']['prefork']['maxspareservers'] %>
ServerLimit <%= node['apache']['prefork']['serverlimit'] %>
MaxClients <%= node['apache']['prefork']['maxclients'] %>
MaxRequestsPerChild <%= node['apache']['prefork']['maxrequestsperchild'] %>
</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers <%= node['apache']['worker']['startservers'] %>
ServerLimit <%= node['apache']['worker']['serverlimit'] %>
MaxClients <%= node['apache']['worker']['maxclients'] %>
MinSpareThreads <%= node['apache']['worker']['minsparethreads'] %>
MaxSpareThreads <%= node['apache']['worker']['maxsparethreads'] %>
ThreadsPerChild <%= node['apache']['worker']['threadsperchild'] %>
MaxRequestsPerChild <%= node['apache']['worker']['maxrequestsperchild'] %>
</IfModule>
User <%= node['apache']['user'] %>
Group <%= node['apache']['group'] %>
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog <%= node['apache']['log_dir'] %>/<%= node['apache']['error_log'] %>
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
# COOK-1021: Dummy LoadModule directive to aid module installations
#LoadModule dummy_module modules/mod_dummy.so
# Include module configuration:
Include <%= node['apache']['dir'] %>/mods-enabled/*.load
Include <%= node['apache']['dir'] %>/mods-enabled/*.conf
<% if %w{freebsd}.include?(node['platform_family']) -%>
<IfDefine NOHTTPACCEPT>
AcceptFilter http none
AcceptFilter https none
</IfDefine>
<% end %>
# Include ports listing
Include <%= node['apache']['dir'] %>/ports.conf
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
# Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
# even on a per-VirtualHost basis. The default include files will display
# your Apache version number and your ServerAdmin email address regardless
# of the setting of ServerSignature.
#
# The internationalized error documents require mod_alias, mod_include
# and mod_negotiation. To activate them, uncomment the following 30 lines.
# Alias /error/ "/usr/share/apache2/error/"
#
# <Directory "/usr/share/apache2/error">
# AllowOverride None
# Options IncludesNoExec
# AddOutputFilter Includes html
# AddHandler type-map var
# Order allow,deny
# Allow from all
# LanguagePriority en cs de es fr it nl sv pt-br ro
# ForceLanguagePriority Prefer Fallback
# </Directory>
#
# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
# ErrorDocument 410 /error/HTTP_GONE.html.var
# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
# Include generic snippets of statements
Include <%= node['apache']['dir'] %>/conf.d/
# Include the virtual host configurations:
Include <%= node['apache']['dir'] %>/sites-enabled/

View File

@ -0,0 +1,19 @@
God.watch do |w|
w.name = "apache2"
w.interval = 30.seconds # default
w.start = "<%= @params[:start] %>"
w.stop = "<%= @params[:stop] %>"
w.restart = "<%= @params[:restart] %>"
w.start_grace = 10.seconds
w.restart_grace = 10.seconds
w.pid_file = "/var/run/apache2.pid"
w.behavior(:clean_pid_file)
w.start_if do |start|
start.condition(:process_running) do |c|
c.interval = 5.seconds
c.running = false
c.notify = 'admin'
end
end
end

View File

@ -0,0 +1,6 @@
# Read the documentation before enabling AddDefaultCharset.
# In general, it is only a good idea if you know that all your files
# have this encoding. It will override any encoding given in the files
# in meta http-equiv or xml encoding tags.
#AddDefaultCharset UTF-8

View File

@ -0,0 +1,57 @@
<VirtualHost *:80>
ServerAdmin <%= node['apache']['contact'] %>
DocumentRoot <%= node['apache']['docroot_dir'] %>/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory <%= node['apache']['docroot_dir'] %>/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/
</Directory>
ScriptAlias /cgi-bin/ <%= node['apache']['cgibin_dir'] %>/
<Directory "<%= node['apache']['cgibin_dir'] %>">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog <%= node['apache']['log_dir'] %>/<%= node['apache']['error_log'] %>
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog <%= node['apache']['log_dir'] %>/<%= node['apache']['access_log'] %> combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
<% if %w{ rhel fedora }.include?(node['platform_family']) -%>
#
# This configuration file enables the default "Welcome"
# page if there is no default index page present for
# the root URL. To disable the Welcome page, comment
# out all the lines below.
#
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /error/noindex.html
</LocationMatch>
<% end -%>
</VirtualHost>

View File

@ -0,0 +1,31 @@
# This file managed by Chef. Changes will be overwritten.
#
# The default processing model (MPM) is the process-based
# 'prefork' model. A thread-based model, 'worker', is also
# available, but does not work with some modules (such as PHP).
# The service must be stopped before changing this variable.
#
HTTPD=<%= node['apache']['binary'] %>
#
# To pass additional options (for instance, -D definitions) to the
# httpd binary at startup, set OPTIONS here.
#
#OPTIONS=
#
# By default, the httpd process is started in the C locale; to
# change the locale in which the server runs, the HTTPD_LANG
# variable can be set.
#
#HTTPD_LANG=C
#
# By default, the httpd process will create the file
# /var/run/httpd/httpd.pid in which it records its process
# identification number when it starts. If an alternate location is
# specified in httpd.conf (via the PidFile directive), the new
# location needs to be reported in the PIDFILE.
#
#PIDFILE=<%= node['apache']['pid_file'] %>

View File

@ -0,0 +1,2 @@
These configs are taken from a Debian apache2.2-common 2.2.11-3 install. They
work on CentOS 5.3 with a few conditions using erb.

View File

@ -0,0 +1,24 @@
<IfModule alias_module>
#
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings. If
# you do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "<%= node['apache']['icondir'] %>/"
<Directory "<%= node['apache']['icondir'] %>">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</IfModule>

View File

@ -0,0 +1 @@
CASCookiePath <%= node['apache']['cache_dir'] %>/mod_auth_cas/

View File

@ -0,0 +1 @@
LoadModule auth_cas_module <%= node['apache']['libexecdir'] %>/mod_auth_cas.so

View File

@ -0,0 +1 @@
LoadModule authopenid_module <%= node['apache']['libexecdir'] %>/mod_auth_openid.so

View File

@ -0,0 +1,101 @@
<IfModule mod_autoindex.c>
#
# Directives controlling the display of server-generated directory listings.
#
#
# IndexOptions: Controls the appearance of server-generated directory
# listings.
# Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
#
IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
#
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
# It's a suffix rule, so simply matching "core" matches "score" as well !
AddIcon /icons/bomb.gif /core
AddIcon (SND,/icons/sound2.gif) .ogg
AddIcon (VID,/icons/movie.gif) .ogm
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
# Default icons for OpenDocument format
AddIcon /icons/odf6odt-20x22.png .odt
AddIcon /icons/odf6ods-20x22.png .ods
AddIcon /icons/odf6odp-20x22.png .odp
AddIcon /icons/odf6odg-20x22.png .odg
AddIcon /icons/odf6odc-20x22.png .odc
AddIcon /icons/odf6odf-20x22.png .odf
AddIcon /icons/odf6odb-20x22.png .odb
AddIcon /icons/odf6odi-20x22.png .odi
AddIcon /icons/odf6odm-20x22.png .odm
AddIcon /icons/odf6ott-20x22.png .ott
AddIcon /icons/odf6ots-20x22.png .ots
AddIcon /icons/odf6otp-20x22.png .otp
AddIcon /icons/odf6otg-20x22.png .otg
AddIcon /icons/odf6otc-20x22.png .otc
AddIcon /icons/odf6otf-20x22.png .otf
AddIcon /icons/odf6oti-20x22.png .oti
AddIcon /icons/odf6oth-20x22.png .oth
#
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
#
DefaultIcon /icons/unknown.gif
#
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
#
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
ReadmeName README.html
HeaderName HEADER.html
#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
#
IndexIgnore .??* *~ *# RCS CVS *,v *,t
</IfModule>

View File

@ -0,0 +1,16 @@
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/atom_xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/x-httpd-eruby
</IfModule>

View File

@ -0,0 +1,5 @@
<IfModule mod_dir.c>
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
</IfModule>

View File

@ -0,0 +1,5 @@
<IfModule mod_fastcgi.c>
AddHandler fastcgi-script .fcgi
#FastCgiWrapper /usr/lib/apache2/suexec
FastCgiIpcDir /var/lib/apache2/fastcgi
</IfModule>

View File

@ -0,0 +1,10 @@
<IfModule mod_fcgid.c>
AddHandler fcgid-script .fcgi
IPCConnectTimeout 20
</IfModule>
<% if %w{ rhel fedora }.include?(node['platform_family']) -%>
# Sane place to put sockets and shared memory file
SocketPath run/mod_fcgid
SharememPath run/mod_fcgid/fcgid_shm
<% end -%>

View File

@ -0,0 +1,4 @@
<IfModule mod_include.c>
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>

View File

@ -0,0 +1,4 @@
<IfModule mod_include.c>
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>

Some files were not shown because too many files have changed in this diff Show More