Apache Formula¶
Install and configure Apache webserver
Sample Pillars¶
Simple Apache proxy
apache:
server:
enabled: true
bind:
address: '0.0.0.0'
ports:
- 80
modules:
- proxy
- proxy_http
- proxy_balancer
Apache plain static sites (eg. sphinx generated, from git/hg sources)
apache:
server:
enabled: true
bind:
address: '0.0.0.0'
ports:
- 80
modules:
- rewrite
- status
site:
- enabled: true
name: 'sphinxdoc'
type: 'static'
host:
name: 'doc.domain.com'
port: 80
source:
engine: local
- enabled: true
name: 'impressjs'
type: 'static'
host:
name: 'pres.domain.com'
port: 80
source:
engine: git
address: 'git@repo1.domain.cz:impress/billometer.git'
revision: 'master'
Tune settings of mpm_prefork
parameters:
apache:
mpm:
prefork:
max_clients: 250
servers:
min: 32
max: 64
max_requests: 4000
Apache kerberos authentication:
parameters
apache:
server:
site:
auth:
engine: kerberos
name: "Kerberos Authentication"
require:
- "ldap-attribute memberOf='cn=somegroup,cn=groups,cn=accounts,dc=example,dc=com'"
kerberos:
realms:
- EXAMPLE.COM
# Bellow is optional
keytab: /etc/apache2/ipa.keytab
service: HTTP
method:
negotiate: true
k5passwd: true
ldap:
url: "ldaps://idm01.example.com/dc=example,dc=com?krbPrincipalName"
# mech is optional
mech: GSSAPI
Tune security settings (these are default):
parameters:
apache:
server:
# ServerTokens
tokens: Prod
# ServerSignature, can be also set per-site
signature: false
# TraceEnable, can be also set per-site
trace: false
# Deny access to .git, .svn, .hg directories
secure_scm: true
# Required for settings bellow
modules:
- headers
# Set X-Content-Type-Options
content_type_options: nosniff
# Set X-Frame-Options
frame_options: sameorigin
Tuned up log configuration.
parameters:
apache:
server:
site:
foo:
enabled: true
type: static
log:
custom:
enabled: true
file: /var/log/apache2/mylittleponysitecustom.log
format: >-
%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"
error:
enabled: false
file: /var/log/apache2/foo.error.log
level: notice
Apache wsgi application.
apache:
server:
enabled: true
default_mpm: event
site:
manila:
enabled: false
available: true
type: wsgi
name: manila
wsgi:
daemon_process: manila-api
threads: 2
user: manila
group: manila
display_name: '%{GROUP}'
script_alias: '/ /usr/bin/manila-wsgi'
application_group: '%{GLOBAL}'
authorization: 'On'
limits:
request_body: 114688
Roundcube webmail, postfixadmin and mailman
classes:
- service.apache.server.single
parameters:
apache:
server:
enabled: true
modules:
- cgi
- php
site:
roundcube:
enabled: true
type: static
name: roundcube
root: /usr/share/roundcube
locations:
- uri: /admin
path: /usr/share/postfixadmin
- uri: /mailman
path: /usr/lib/cgi-bin/mailman
script: true
- uri: /pipermail
path: /var/lib/mailman/archives/public
- uri: /images/mailman
path: /usr/share/images/mailman
host:
name: mail.example.com
aliases:
- mail.example.com
- lists.example.com
- mail01.example.com
- mail01
More Information¶
Documentation and Bugs¶
To learn how to install and update salt-formulas, consult the documentation available online at:
In the unfortunate event that bugs are discovered, they should be reported to the appropriate issue tracker. Use Github issue tracker for specific salt formula:
For feature requests, bug reports or blueprints affecting entire ecosystem, use Launchpad salt-formulas project:
You can also join salt-formulas-users team and subscribe to mailing list:
Developers wishing to work on the salt-formulas projects should always base their work on master branch and submit pull request against specific formula.
Any questions or feedback is always welcome so feel free to join our IRC channel:
#salt-formulas @ irc.freenode.net