|
1 # See README.md for usage information |
|
2 define apache::vhost( |
|
3 $docroot, |
|
4 $manage_docroot = true, |
|
5 $virtual_docroot = false, |
|
6 $port = undef, |
|
7 $ip = undef, |
|
8 $ip_based = false, |
|
9 $add_listen = true, |
|
10 $docroot_owner = 'root', |
|
11 $docroot_group = $::apache::params::root_group, |
|
12 $docroot_mode = undef, |
|
13 $serveradmin = undef, |
|
14 $ssl = false, |
|
15 $ssl_cert = $::apache::default_ssl_cert, |
|
16 $ssl_key = $::apache::default_ssl_key, |
|
17 $ssl_chain = $::apache::default_ssl_chain, |
|
18 $ssl_ca = $::apache::default_ssl_ca, |
|
19 $ssl_crl_path = $::apache::default_ssl_crl_path, |
|
20 $ssl_crl = $::apache::default_ssl_crl, |
|
21 $ssl_crl_check = $::apache::default_ssl_crl_check, |
|
22 $ssl_certs_dir = $::apache::params::ssl_certs_dir, |
|
23 $ssl_protocol = undef, |
|
24 $ssl_cipher = undef, |
|
25 $ssl_honorcipherorder = undef, |
|
26 $ssl_verify_client = undef, |
|
27 $ssl_verify_depth = undef, |
|
28 $ssl_proxy_machine_cert = undef, |
|
29 $ssl_options = undef, |
|
30 $ssl_openssl_conf_cmd = undef, |
|
31 $ssl_proxyengine = false, |
|
32 $priority = undef, |
|
33 $default_vhost = false, |
|
34 $servername = $name, |
|
35 $serveraliases = [], |
|
36 $options = ['Indexes','FollowSymLinks','MultiViews'], |
|
37 $override = ['None'], |
|
38 $directoryindex = '', |
|
39 $vhost_name = '*', |
|
40 $logroot = $::apache::logroot, |
|
41 $logroot_ensure = 'directory', |
|
42 $logroot_mode = undef, |
|
43 $log_level = undef, |
|
44 $access_log = true, |
|
45 $access_log_file = false, |
|
46 $access_log_pipe = false, |
|
47 $access_log_syslog = false, |
|
48 $access_log_format = false, |
|
49 $access_log_env_var = false, |
|
50 $access_logs = undef, |
|
51 $aliases = undef, |
|
52 $directories = undef, |
|
53 $error_log = true, |
|
54 $error_log_file = undef, |
|
55 $error_log_pipe = undef, |
|
56 $error_log_syslog = undef, |
|
57 $error_documents = [], |
|
58 $fallbackresource = undef, |
|
59 $scriptalias = undef, |
|
60 $scriptaliases = [], |
|
61 $proxy_dest = undef, |
|
62 $proxy_dest_match = undef, |
|
63 $proxy_dest_reverse_match = undef, |
|
64 $proxy_pass = undef, |
|
65 $proxy_pass_match = undef, |
|
66 $suphp_addhandler = $::apache::params::suphp_addhandler, |
|
67 $suphp_engine = $::apache::params::suphp_engine, |
|
68 $suphp_configpath = $::apache::params::suphp_configpath, |
|
69 $php_flags = {}, |
|
70 $php_values = {}, |
|
71 $php_admin_flags = {}, |
|
72 $php_admin_values = {}, |
|
73 $no_proxy_uris = [], |
|
74 $no_proxy_uris_match = [], |
|
75 $proxy_preserve_host = false, |
|
76 $proxy_error_override = false, |
|
77 $redirect_source = '/', |
|
78 $redirect_dest = undef, |
|
79 $redirect_status = undef, |
|
80 $redirectmatch_status = undef, |
|
81 $redirectmatch_regexp = undef, |
|
82 $redirectmatch_dest = undef, |
|
83 $rack_base_uris = undef, |
|
84 $passenger_base_uris = undef, |
|
85 $headers = undef, |
|
86 $request_headers = undef, |
|
87 $filters = undef, |
|
88 $rewrites = undef, |
|
89 $rewrite_base = undef, |
|
90 $rewrite_rule = undef, |
|
91 $rewrite_cond = undef, |
|
92 $setenv = [], |
|
93 $setenvif = [], |
|
94 $block = [], |
|
95 $ensure = 'present', |
|
96 $wsgi_application_group = undef, |
|
97 $wsgi_daemon_process = undef, |
|
98 $wsgi_daemon_process_options = undef, |
|
99 $wsgi_import_script = undef, |
|
100 $wsgi_import_script_options = undef, |
|
101 $wsgi_process_group = undef, |
|
102 $wsgi_script_aliases = undef, |
|
103 $wsgi_pass_authorization = undef, |
|
104 $wsgi_chunked_request = undef, |
|
105 $custom_fragment = undef, |
|
106 $itk = undef, |
|
107 $action = undef, |
|
108 $fastcgi_server = undef, |
|
109 $fastcgi_socket = undef, |
|
110 $fastcgi_dir = undef, |
|
111 $additional_includes = [], |
|
112 $use_optional_includes = $::apache::use_optional_includes, |
|
113 $apache_version = $::apache::apache_version, |
|
114 $allow_encoded_slashes = undef, |
|
115 $suexec_user_group = undef, |
|
116 $passenger_app_root = undef, |
|
117 $passenger_app_env = undef, |
|
118 $passenger_ruby = undef, |
|
119 $passenger_min_instances = undef, |
|
120 $passenger_start_timeout = undef, |
|
121 $passenger_pre_start = undef, |
|
122 $add_default_charset = undef, |
|
123 $modsec_disable_vhost = undef, |
|
124 $modsec_disable_ids = undef, |
|
125 $modsec_disable_ips = undef, |
|
126 $modsec_body_limit = undef, |
|
127 $auth_kerb = false, |
|
128 $krb_method_negotiate = 'on', |
|
129 $krb_method_k5passwd = 'on', |
|
130 $krb_authoritative = 'on', |
|
131 $krb_auth_realms = [], |
|
132 $krb_5keytab = undef, |
|
133 $krb_local_user_mapping = undef, |
|
134 $limit_request_field_size = undef, |
|
135 ) { |
|
136 # The base class must be included first because it is used by parameter defaults |
|
137 if ! defined(Class['apache']) { |
|
138 fail('You must include the apache base class before using any apache defined resources') |
|
139 } |
|
140 |
|
141 $apache_name = $::apache::apache_name |
|
142 |
|
143 validate_re($ensure, '^(present|absent)$', |
|
144 "${ensure} is not supported for ensure. |
|
145 Allowed values are 'present' and 'absent'.") |
|
146 validate_re($suphp_engine, '^(on|off)$', |
|
147 "${suphp_engine} is not supported for suphp_engine. |
|
148 Allowed values are 'on' and 'off'.") |
|
149 validate_bool($ip_based) |
|
150 validate_bool($access_log) |
|
151 validate_bool($error_log) |
|
152 validate_bool($ssl) |
|
153 validate_bool($default_vhost) |
|
154 validate_bool($ssl_proxyengine) |
|
155 if $rewrites { |
|
156 validate_array($rewrites) |
|
157 validate_hash($rewrites[0]) |
|
158 } |
|
159 |
|
160 # Input validation begins |
|
161 |
|
162 if $suexec_user_group { |
|
163 validate_re($suexec_user_group, '^[\w-]+ [\w-]+$', |
|
164 "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") |
|
165 } |
|
166 |
|
167 if $wsgi_pass_authorization { |
|
168 validate_re(downcase($wsgi_pass_authorization), '^(on|off)$', |
|
169 "${wsgi_pass_authorization} is not supported for wsgi_pass_authorization. |
|
170 Allowed values are 'on' and 'off'.") |
|
171 } |
|
172 |
|
173 # Deprecated backwards-compatibility |
|
174 if $rewrite_base { |
|
175 warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites') |
|
176 } |
|
177 if $rewrite_rule { |
|
178 warning('Apache::Vhost: parameter rewrite_rule is deprecated in favor of rewrites') |
|
179 } |
|
180 if $rewrite_cond { |
|
181 warning('Apache::Vhost parameter rewrite_cond is deprecated in favor of rewrites') |
|
182 } |
|
183 |
|
184 if $wsgi_script_aliases { |
|
185 validate_hash($wsgi_script_aliases) |
|
186 } |
|
187 if $wsgi_daemon_process_options { |
|
188 validate_hash($wsgi_daemon_process_options) |
|
189 } |
|
190 if $wsgi_import_script_options { |
|
191 validate_hash($wsgi_import_script_options) |
|
192 } |
|
193 if $itk { |
|
194 validate_hash($itk) |
|
195 } |
|
196 |
|
197 validate_re($logroot_ensure, '^(directory|absent)$', |
|
198 "${logroot_ensure} is not supported for logroot_ensure. |
|
199 Allowed values are 'directory' and 'absent'.") |
|
200 |
|
201 if $log_level { |
|
202 validate_apache_log_level($log_level) |
|
203 } |
|
204 |
|
205 if $access_log_file and $access_log_pipe { |
|
206 fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time") |
|
207 } |
|
208 |
|
209 if $error_log_file and $error_log_pipe { |
|
210 fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time") |
|
211 } |
|
212 |
|
213 if $fallbackresource { |
|
214 validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")') |
|
215 } |
|
216 |
|
217 if $custom_fragment { |
|
218 validate_string($custom_fragment) |
|
219 } |
|
220 |
|
221 if $allow_encoded_slashes { |
|
222 validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") |
|
223 } |
|
224 |
|
225 validate_bool($auth_kerb) |
|
226 |
|
227 if $limit_request_field_size { |
|
228 validate_integer($limit_request_field_size) |
|
229 } |
|
230 |
|
231 # Validate the docroot as a string if: |
|
232 # - $manage_docroot is true |
|
233 if $manage_docroot { |
|
234 validate_string($docroot) |
|
235 } |
|
236 # Input validation ends |
|
237 |
|
238 if $ssl and $ensure == 'present' { |
|
239 include ::apache::mod::ssl |
|
240 # Required for the AddType lines. |
|
241 include ::apache::mod::mime |
|
242 } |
|
243 |
|
244 if $auth_kerb and $ensure == 'present' { |
|
245 include ::apache::mod::auth_kerb |
|
246 } |
|
247 |
|
248 if $virtual_docroot { |
|
249 include ::apache::mod::vhost_alias |
|
250 } |
|
251 |
|
252 if $wsgi_daemon_process { |
|
253 include ::apache::mod::wsgi |
|
254 } |
|
255 |
|
256 if $suexec_user_group { |
|
257 include ::apache::mod::suexec |
|
258 } |
|
259 |
|
260 if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { |
|
261 include ::apache::mod::passenger |
|
262 } |
|
263 |
|
264 # Configure the defaultness of a vhost |
|
265 if $priority { |
|
266 $priority_real = "${priority}-" |
|
267 } elsif $priority == false { |
|
268 $priority_real = '' |
|
269 } elsif $default_vhost { |
|
270 $priority_real = '10-' |
|
271 } else { |
|
272 $priority_real = '25-' |
|
273 } |
|
274 |
|
275 ## Apache include does not always work with spaces in the filename |
|
276 $filename = regsubst($name, ' ', '_', 'G') |
|
277 |
|
278 # This ensures that the docroot exists |
|
279 # But enables it to be specified across multiple vhost resources |
|
280 if $manage_docroot and $docroot and ! defined(File[$docroot]) { |
|
281 file { $docroot: |
|
282 ensure => directory, |
|
283 owner => $docroot_owner, |
|
284 group => $docroot_group, |
|
285 mode => $docroot_mode, |
|
286 require => Package['httpd'], |
|
287 before => Concat["${priority_real}${filename}.conf"], |
|
288 } |
|
289 } |
|
290 |
|
291 # Same as above, but for logroot |
|
292 if ! defined(File[$logroot]) { |
|
293 file { $logroot: |
|
294 ensure => $logroot_ensure, |
|
295 mode => $logroot_mode, |
|
296 require => Package['httpd'], |
|
297 before => Concat["${priority_real}${filename}.conf"], |
|
298 } |
|
299 } |
|
300 |
|
301 |
|
302 # Is apache::mod::passenger enabled (or apache::mod['passenger']) |
|
303 $passenger_enabled = defined(Apache::Mod['passenger']) |
|
304 |
|
305 # Is apache::mod::shib enabled (or apache::mod['shib2']) |
|
306 $shibboleth_enabled = defined(Apache::Mod['shib2']) |
|
307 |
|
308 if $access_log and !$access_logs { |
|
309 if $access_log_file { |
|
310 $_logs_dest = "${logroot}/${access_log_file}" |
|
311 } elsif $access_log_pipe { |
|
312 $_logs_dest = $access_log_pipe |
|
313 } elsif $access_log_syslog { |
|
314 $_logs_dest = $access_log_syslog |
|
315 } else { |
|
316 $_logs_dest = undef |
|
317 } |
|
318 $_access_logs = [{ |
|
319 'file' => $access_log_file, |
|
320 'pipe' => $access_log_pipe, |
|
321 'syslog' => $access_log_syslog, |
|
322 'format' => $access_log_format, |
|
323 'env' => $access_log_env_var |
|
324 }] |
|
325 } elsif $access_logs { |
|
326 if !is_array($access_logs) { |
|
327 fail("Apache::Vhost[${name}]: access_logs must be an array of hashes") |
|
328 } |
|
329 $_access_logs = $access_logs |
|
330 } |
|
331 |
|
332 if $error_log_file { |
|
333 $error_log_destination = "${logroot}/${error_log_file}" |
|
334 } elsif $error_log_pipe { |
|
335 $error_log_destination = $error_log_pipe |
|
336 } elsif $error_log_syslog { |
|
337 $error_log_destination = $error_log_syslog |
|
338 } else { |
|
339 if $ssl { |
|
340 $error_log_destination = "${logroot}/${name}_error_ssl.log" |
|
341 } else { |
|
342 $error_log_destination = "${logroot}/${name}_error.log" |
|
343 } |
|
344 } |
|
345 |
|
346 if $ip { |
|
347 if $port { |
|
348 $listen_addr_port = suffix(any2array($ip),":${port}") |
|
349 $nvh_addr_port = suffix(any2array($ip),":${port}") |
|
350 } else { |
|
351 $listen_addr_port = undef |
|
352 $nvh_addr_port = $ip |
|
353 if ! $servername and ! $ip_based { |
|
354 fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts") |
|
355 } |
|
356 } |
|
357 } else { |
|
358 if $port { |
|
359 $listen_addr_port = $port |
|
360 $nvh_addr_port = "${vhost_name}:${port}" |
|
361 } else { |
|
362 $listen_addr_port = undef |
|
363 $nvh_addr_port = $name |
|
364 if ! $servername { |
|
365 fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter") |
|
366 } |
|
367 } |
|
368 } |
|
369 if $add_listen { |
|
370 if $ip and defined(Apache::Listen["${port}"]) { |
|
371 fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") |
|
372 } |
|
373 if $listen_addr_port and $ensure == 'present' { |
|
374 ensure_resource('apache::listen', $listen_addr_port) |
|
375 } |
|
376 } |
|
377 if ! $ip_based { |
|
378 if $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) { |
|
379 ensure_resource('apache::namevirtualhost', $nvh_addr_port) |
|
380 } |
|
381 } |
|
382 |
|
383 # Load mod_rewrite if needed and not yet loaded |
|
384 if $rewrites or $rewrite_cond { |
|
385 if ! defined(Class['apache::mod::rewrite']) { |
|
386 include ::apache::mod::rewrite |
|
387 } |
|
388 } |
|
389 |
|
390 # Load mod_alias if needed and not yet loaded |
|
391 if ($scriptalias or $scriptaliases != []) or ($aliases and $aliases != []) or ($redirect_source and $redirect_dest) { |
|
392 if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') { |
|
393 include ::apache::mod::alias |
|
394 } |
|
395 } |
|
396 |
|
397 # Load mod_proxy if needed and not yet loaded |
|
398 if ($proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match) { |
|
399 if ! defined(Class['apache::mod::proxy']) { |
|
400 include ::apache::mod::proxy |
|
401 } |
|
402 if ! defined(Class['apache::mod::proxy_http']) { |
|
403 include ::apache::mod::proxy_http |
|
404 } |
|
405 } |
|
406 |
|
407 # Load mod_passenger if needed and not yet loaded |
|
408 if $rack_base_uris { |
|
409 if ! defined(Class['apache::mod::passenger']) { |
|
410 include ::apache::mod::passenger |
|
411 } |
|
412 } |
|
413 |
|
414 # Load mod_passenger if needed and not yet loaded |
|
415 if $passenger_base_uris { |
|
416 include ::apache::mod::passenger |
|
417 } |
|
418 |
|
419 # Load mod_fastci if needed and not yet loaded |
|
420 if $fastcgi_server and $fastcgi_socket { |
|
421 if ! defined(Class['apache::mod::fastcgi']) { |
|
422 include ::apache::mod::fastcgi |
|
423 } |
|
424 } |
|
425 |
|
426 # Check if mod_headers is required to process $headers/$request_headers |
|
427 if $headers or $request_headers { |
|
428 if ! defined(Class['apache::mod::headers']) { |
|
429 include ::apache::mod::headers |
|
430 } |
|
431 } |
|
432 |
|
433 # Check if mod_filter is required to process $filters |
|
434 if $filters { |
|
435 if ! defined(Class['apache::mod::filter']) { |
|
436 include ::apache::mod::filter |
|
437 } |
|
438 } |
|
439 |
|
440 if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { |
|
441 if ! defined(Class['apache::mod::setenvif']) { |
|
442 include ::apache::mod::setenvif |
|
443 } |
|
444 } |
|
445 |
|
446 ## Create a default directory list if none defined |
|
447 if $directories { |
|
448 if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) { |
|
449 fail("Apache::Vhost[${name}]: 'directories' must be either a Hash or an Array of Hashes") |
|
450 } |
|
451 $_directories = $directories |
|
452 } elsif $docroot { |
|
453 $_directory = { |
|
454 provider => 'directory', |
|
455 path => $docroot, |
|
456 options => $options, |
|
457 allow_override => $override, |
|
458 directoryindex => $directoryindex, |
|
459 } |
|
460 |
|
461 if versioncmp($apache_version, '2.4') >= 0 { |
|
462 $_directory_version = { |
|
463 require => 'all granted', |
|
464 } |
|
465 } else { |
|
466 $_directory_version = { |
|
467 order => 'allow,deny', |
|
468 allow => 'from all', |
|
469 } |
|
470 } |
|
471 |
|
472 $_directories = [ merge($_directory, $_directory_version) ] |
|
473 } |
|
474 |
|
475 ## Create a global LocationMatch if locations aren't defined |
|
476 if $modsec_disable_ids { |
|
477 if is_hash($modsec_disable_ids) { |
|
478 $_modsec_disable_ids = $modsec_disable_ids |
|
479 } elsif is_array($modsec_disable_ids) { |
|
480 $_modsec_disable_ids = { '.*' => $modsec_disable_ids } |
|
481 } else { |
|
482 fail("Apache::Vhost[${name}]: 'modsec_disable_ids' must be either a Hash of location/IDs or an Array of IDs") |
|
483 } |
|
484 } |
|
485 |
|
486 concat { "${priority_real}${filename}.conf": |
|
487 ensure => $ensure, |
|
488 path => "${::apache::vhost_dir}/${priority_real}${filename}.conf", |
|
489 owner => 'root', |
|
490 group => $::apache::params::root_group, |
|
491 mode => '0644', |
|
492 order => 'numeric', |
|
493 require => Package['httpd'], |
|
494 notify => Class['apache::service'], |
|
495 } |
|
496 if $::apache::vhost_enable_dir { |
|
497 $vhost_enable_dir = $::apache::vhost_enable_dir |
|
498 $vhost_symlink_ensure = $ensure ? { |
|
499 present => link, |
|
500 default => $ensure, |
|
501 } |
|
502 file{ "${priority_real}${filename}.conf symlink": |
|
503 ensure => $vhost_symlink_ensure, |
|
504 path => "${vhost_enable_dir}/${priority_real}${filename}.conf", |
|
505 target => "${::apache::vhost_dir}/${priority_real}${filename}.conf", |
|
506 owner => 'root', |
|
507 group => $::apache::params::root_group, |
|
508 mode => '0644', |
|
509 require => Concat["${priority_real}${filename}.conf"], |
|
510 notify => Class['apache::service'], |
|
511 } |
|
512 } |
|
513 |
|
514 # Template uses: |
|
515 # - $nvh_addr_port |
|
516 # - $servername |
|
517 # - $serveradmin |
|
518 concat::fragment { "${name}-apache-header": |
|
519 target => "${priority_real}${filename}.conf", |
|
520 order => 0, |
|
521 content => template('apache/vhost/_file_header.erb'), |
|
522 } |
|
523 |
|
524 # Template uses: |
|
525 # - $virtual_docroot |
|
526 # - $docroot |
|
527 if $docroot { |
|
528 concat::fragment { "${name}-docroot": |
|
529 target => "${priority_real}${filename}.conf", |
|
530 order => 10, |
|
531 content => template('apache/vhost/_docroot.erb'), |
|
532 } |
|
533 } |
|
534 |
|
535 # Template uses: |
|
536 # - $aliases |
|
537 if $aliases and ! empty($aliases) { |
|
538 concat::fragment { "${name}-aliases": |
|
539 target => "${priority_real}${filename}.conf", |
|
540 order => 20, |
|
541 content => template('apache/vhost/_aliases.erb'), |
|
542 } |
|
543 } |
|
544 |
|
545 # Template uses: |
|
546 # - $itk |
|
547 # - $::kernelversion |
|
548 if $itk and ! empty($itk) { |
|
549 concat::fragment { "${name}-itk": |
|
550 target => "${priority_real}${filename}.conf", |
|
551 order => 30, |
|
552 content => template('apache/vhost/_itk.erb'), |
|
553 } |
|
554 } |
|
555 |
|
556 # Template uses: |
|
557 # - $fallbackresource |
|
558 if $fallbackresource { |
|
559 concat::fragment { "${name}-fallbackresource": |
|
560 target => "${priority_real}${filename}.conf", |
|
561 order => 40, |
|
562 content => template('apache/vhost/_fallbackresource.erb'), |
|
563 } |
|
564 } |
|
565 |
|
566 # Template uses: |
|
567 # - $allow_encoded_slashes |
|
568 if $allow_encoded_slashes { |
|
569 concat::fragment { "${name}-allow_encoded_slashes": |
|
570 target => "${priority_real}${filename}.conf", |
|
571 order => 50, |
|
572 content => template('apache/vhost/_allow_encoded_slashes.erb'), |
|
573 } |
|
574 } |
|
575 |
|
576 # Template uses: |
|
577 # - $_directories |
|
578 # - $docroot |
|
579 # - $apache_version |
|
580 # - $suphp_engine |
|
581 # - $shibboleth_enabled |
|
582 if $_directories and ! empty($_directories) { |
|
583 concat::fragment { "${name}-directories": |
|
584 target => "${priority_real}${filename}.conf", |
|
585 order => 60, |
|
586 content => template('apache/vhost/_directories.erb'), |
|
587 } |
|
588 } |
|
589 |
|
590 # Template uses: |
|
591 # - $additional_includes |
|
592 if $additional_includes and ! empty($additional_includes) { |
|
593 concat::fragment { "${name}-additional_includes": |
|
594 target => "${priority_real}${filename}.conf", |
|
595 order => 70, |
|
596 content => template('apache/vhost/_additional_includes.erb'), |
|
597 } |
|
598 } |
|
599 |
|
600 # Template uses: |
|
601 # - $error_log |
|
602 # - $log_level |
|
603 # - $error_log_destination |
|
604 # - $log_level |
|
605 if $error_log or $log_level { |
|
606 concat::fragment { "${name}-logging": |
|
607 target => "${priority_real}${filename}.conf", |
|
608 order => 80, |
|
609 content => template('apache/vhost/_logging.erb'), |
|
610 } |
|
611 } |
|
612 |
|
613 # Template uses no variables |
|
614 concat::fragment { "${name}-serversignature": |
|
615 target => "${priority_real}${filename}.conf", |
|
616 order => 90, |
|
617 content => template('apache/vhost/_serversignature.erb'), |
|
618 } |
|
619 |
|
620 # Template uses: |
|
621 # - $access_log |
|
622 # - $_access_log_env_var |
|
623 # - $access_log_destination |
|
624 # - $_access_log_format |
|
625 # - $_access_log_env_var |
|
626 # - $access_logs |
|
627 if $access_log or $access_logs { |
|
628 concat::fragment { "${name}-access_log": |
|
629 target => "${priority_real}${filename}.conf", |
|
630 order => 100, |
|
631 content => template('apache/vhost/_access_log.erb'), |
|
632 } |
|
633 } |
|
634 |
|
635 # Template uses: |
|
636 # - $action |
|
637 if $action { |
|
638 concat::fragment { "${name}-action": |
|
639 target => "${priority_real}${filename}.conf", |
|
640 order => 110, |
|
641 content => template('apache/vhost/_action.erb'), |
|
642 } |
|
643 } |
|
644 |
|
645 # Template uses: |
|
646 # - $block |
|
647 # - $apache_version |
|
648 if $block and ! empty($block) { |
|
649 concat::fragment { "${name}-block": |
|
650 target => "${priority_real}${filename}.conf", |
|
651 order => 120, |
|
652 content => template('apache/vhost/_block.erb'), |
|
653 } |
|
654 } |
|
655 |
|
656 # Template uses: |
|
657 # - $error_documents |
|
658 if $error_documents and ! empty($error_documents) { |
|
659 concat::fragment { "${name}-error_document": |
|
660 target => "${priority_real}${filename}.conf", |
|
661 order => 130, |
|
662 content => template('apache/vhost/_error_document.erb'), |
|
663 } |
|
664 } |
|
665 |
|
666 # Template uses: |
|
667 # - $proxy_dest |
|
668 # - $proxy_pass |
|
669 # - $proxy_pass_match |
|
670 # - $proxy_preserve_host |
|
671 # - $no_proxy_uris |
|
672 if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match { |
|
673 concat::fragment { "${name}-proxy": |
|
674 target => "${priority_real}${filename}.conf", |
|
675 order => 140, |
|
676 content => template('apache/vhost/_proxy.erb'), |
|
677 } |
|
678 } |
|
679 |
|
680 # Template uses: |
|
681 # - $rack_base_uris |
|
682 if $rack_base_uris { |
|
683 concat::fragment { "${name}-rack": |
|
684 target => "${priority_real}${filename}.conf", |
|
685 order => 150, |
|
686 content => template('apache/vhost/_rack.erb'), |
|
687 } |
|
688 } |
|
689 |
|
690 # Template uses: |
|
691 # - $passenger_base_uris |
|
692 if $passenger_base_uris { |
|
693 concat::fragment { "${name}-passenger_uris": |
|
694 target => "${priority_real}${filename}.conf", |
|
695 order => 155, |
|
696 content => template('apache/vhost/_passenger_base_uris.erb'), |
|
697 } |
|
698 } |
|
699 |
|
700 # Template uses: |
|
701 # - $redirect_source |
|
702 # - $redirect_dest |
|
703 # - $redirect_status |
|
704 # - $redirect_dest_a |
|
705 # - $redirect_source_a |
|
706 # - $redirect_status_a |
|
707 # - $redirectmatch_status |
|
708 # - $redirectmatch_regexp |
|
709 # - $redirectmatch_dest |
|
710 # - $redirectmatch_status_a |
|
711 # - $redirectmatch_regexp_a |
|
712 # - $redirectmatch_dest |
|
713 if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { |
|
714 concat::fragment { "${name}-redirect": |
|
715 target => "${priority_real}${filename}.conf", |
|
716 order => 160, |
|
717 content => template('apache/vhost/_redirect.erb'), |
|
718 } |
|
719 } |
|
720 |
|
721 # Template uses: |
|
722 # - $rewrites |
|
723 # - $rewrite_base |
|
724 # - $rewrite_rule |
|
725 # - $rewrite_cond |
|
726 # - $rewrite_map |
|
727 if $rewrites or $rewrite_rule { |
|
728 concat::fragment { "${name}-rewrite": |
|
729 target => "${priority_real}${filename}.conf", |
|
730 order => 170, |
|
731 content => template('apache/vhost/_rewrite.erb'), |
|
732 } |
|
733 } |
|
734 |
|
735 # Template uses: |
|
736 # - $scriptaliases |
|
737 # - $scriptalias |
|
738 if ( $scriptalias or $scriptaliases != [] ) { |
|
739 concat::fragment { "${name}-scriptalias": |
|
740 target => "${priority_real}${filename}.conf", |
|
741 order => 180, |
|
742 content => template('apache/vhost/_scriptalias.erb'), |
|
743 } |
|
744 } |
|
745 |
|
746 # Template uses: |
|
747 # - $serveraliases |
|
748 if $serveraliases and ! empty($serveraliases) { |
|
749 concat::fragment { "${name}-serveralias": |
|
750 target => "${priority_real}${filename}.conf", |
|
751 order => 190, |
|
752 content => template('apache/vhost/_serveralias.erb'), |
|
753 } |
|
754 } |
|
755 |
|
756 # Template uses: |
|
757 # - $setenv |
|
758 # - $setenvif |
|
759 if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { |
|
760 concat::fragment { "${name}-setenv": |
|
761 target => "${priority_real}${filename}.conf", |
|
762 order => 200, |
|
763 content => template('apache/vhost/_setenv.erb'), |
|
764 } |
|
765 } |
|
766 |
|
767 # Template uses: |
|
768 # - $ssl |
|
769 # - $ssl_cert |
|
770 # - $ssl_key |
|
771 # - $ssl_chain |
|
772 # - $ssl_certs_dir |
|
773 # - $ssl_ca |
|
774 # - $ssl_crl_path |
|
775 # - $ssl_crl |
|
776 # - $ssl_crl_check |
|
777 # - $ssl_proxyengine |
|
778 # - $ssl_protocol |
|
779 # - $ssl_cipher |
|
780 # - $ssl_honorcipherorder |
|
781 # - $ssl_verify_client |
|
782 # - $ssl_verify_depth |
|
783 # - $ssl_proxy_machine_cert |
|
784 # - $ssl_options |
|
785 # - $ssl_openssl_conf_cmd |
|
786 # - $apache_version |
|
787 if $ssl { |
|
788 concat::fragment { "${name}-ssl": |
|
789 target => "${priority_real}${filename}.conf", |
|
790 order => 210, |
|
791 content => template('apache/vhost/_ssl.erb'), |
|
792 } |
|
793 } |
|
794 |
|
795 # Template uses: |
|
796 # - $auth_kerb |
|
797 # - $krb_method_negotiate |
|
798 # - $krb_method_k5passwd |
|
799 # - $krb_authoritative |
|
800 # - $krb_auth_realms |
|
801 # - $krb_5keytab |
|
802 # - $krb_local_user_mapping |
|
803 if $auth_kerb { |
|
804 concat::fragment { "${name}-auth_kerb": |
|
805 target => "${priority_real}${filename}.conf", |
|
806 order => 210, |
|
807 content => template('apache/vhost/_auth_kerb.erb'), |
|
808 } |
|
809 } |
|
810 |
|
811 # Template uses: |
|
812 # - $suphp_engine |
|
813 # - $suphp_addhandler |
|
814 # - $suphp_configpath |
|
815 if $suphp_engine == 'on' { |
|
816 concat::fragment { "${name}-suphp": |
|
817 target => "${priority_real}${filename}.conf", |
|
818 order => 220, |
|
819 content => template('apache/vhost/_suphp.erb'), |
|
820 } |
|
821 } |
|
822 |
|
823 # Template uses: |
|
824 # - $php_values |
|
825 # - $php_flags |
|
826 if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) { |
|
827 concat::fragment { "${name}-php": |
|
828 target => "${priority_real}${filename}.conf", |
|
829 order => 220, |
|
830 content => template('apache/vhost/_php.erb'), |
|
831 } |
|
832 } |
|
833 |
|
834 # Template uses: |
|
835 # - $php_admin_values |
|
836 # - $php_admin_flags |
|
837 if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { |
|
838 concat::fragment { "${name}-php_admin": |
|
839 target => "${priority_real}${filename}.conf", |
|
840 order => 230, |
|
841 content => template('apache/vhost/_php_admin.erb'), |
|
842 } |
|
843 } |
|
844 |
|
845 # Template uses: |
|
846 # - $headers |
|
847 if $headers and ! empty($headers) { |
|
848 concat::fragment { "${name}-header": |
|
849 target => "${priority_real}${filename}.conf", |
|
850 order => 240, |
|
851 content => template('apache/vhost/_header.erb'), |
|
852 } |
|
853 } |
|
854 |
|
855 # Template uses: |
|
856 # - $request_headers |
|
857 if $request_headers and ! empty($request_headers) { |
|
858 concat::fragment { "${name}-requestheader": |
|
859 target => "${priority_real}${filename}.conf", |
|
860 order => 250, |
|
861 content => template('apache/vhost/_requestheader.erb'), |
|
862 } |
|
863 } |
|
864 |
|
865 # Template uses: |
|
866 # - $wsgi_application_group |
|
867 # - $wsgi_daemon_process |
|
868 # - $wsgi_daemon_process_options |
|
869 # - $wsgi_import_script |
|
870 # - $wsgi_import_script_options |
|
871 # - $wsgi_process_group |
|
872 # - $wsgi_script_aliases |
|
873 # - $wsgi_pass_authorization |
|
874 if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { |
|
875 concat::fragment { "${name}-wsgi": |
|
876 target => "${priority_real}${filename}.conf", |
|
877 order => 260, |
|
878 content => template('apache/vhost/_wsgi.erb'), |
|
879 } |
|
880 } |
|
881 |
|
882 # Template uses: |
|
883 # - $custom_fragment |
|
884 if $custom_fragment { |
|
885 concat::fragment { "${name}-custom_fragment": |
|
886 target => "${priority_real}${filename}.conf", |
|
887 order => 270, |
|
888 content => template('apache/vhost/_custom_fragment.erb'), |
|
889 } |
|
890 } |
|
891 |
|
892 # Template uses: |
|
893 # - $fastcgi_server |
|
894 # - $fastcgi_socket |
|
895 # - $fastcgi_dir |
|
896 # - $apache_version |
|
897 if $fastcgi_server or $fastcgi_dir { |
|
898 concat::fragment { "${name}-fastcgi": |
|
899 target => "${priority_real}${filename}.conf", |
|
900 order => 280, |
|
901 content => template('apache/vhost/_fastcgi.erb'), |
|
902 } |
|
903 } |
|
904 |
|
905 # Template uses: |
|
906 # - $suexec_user_group |
|
907 if $suexec_user_group { |
|
908 concat::fragment { "${name}-suexec": |
|
909 target => "${priority_real}${filename}.conf", |
|
910 order => 290, |
|
911 content => template('apache/vhost/_suexec.erb'), |
|
912 } |
|
913 } |
|
914 |
|
915 # Template uses: |
|
916 # - $passenger_app_root |
|
917 # - $passenger_app_env |
|
918 # - $passenger_ruby |
|
919 # - $passenger_min_instances |
|
920 # - $passenger_start_timeout |
|
921 # - $passenger_pre_start |
|
922 if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { |
|
923 concat::fragment { "${name}-passenger": |
|
924 target => "${priority_real}${filename}.conf", |
|
925 order => 300, |
|
926 content => template('apache/vhost/_passenger.erb'), |
|
927 } |
|
928 } |
|
929 |
|
930 # Template uses: |
|
931 # - $add_default_charset |
|
932 if $add_default_charset { |
|
933 concat::fragment { "${name}-charsets": |
|
934 target => "${priority_real}${filename}.conf", |
|
935 order => 310, |
|
936 content => template('apache/vhost/_charsets.erb'), |
|
937 } |
|
938 } |
|
939 |
|
940 # Template uses: |
|
941 # - $modsec_disable_vhost |
|
942 # - $modsec_disable_ids |
|
943 # - $modsec_disable_ips |
|
944 # - $modsec_body_limit |
|
945 if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips { |
|
946 concat::fragment { "${name}-security": |
|
947 target => "${priority_real}${filename}.conf", |
|
948 order => 320, |
|
949 content => template('apache/vhost/_security.erb') |
|
950 } |
|
951 } |
|
952 |
|
953 # Template uses: |
|
954 # - $filters |
|
955 if $filters and ! empty($filters) { |
|
956 concat::fragment { "${name}-filters": |
|
957 target => "${priority_real}${filename}.conf", |
|
958 order => 330, |
|
959 content => template('apache/vhost/_filters.erb'), |
|
960 } |
|
961 } |
|
962 # Template uses: |
|
963 # - $limit_request_field_size |
|
964 if $limit_request_field_size { |
|
965 concat::fragment { "${name}-limits": |
|
966 target => "${priority_real}${filename}.conf", |
|
967 order => 330, |
|
968 content => template('apache/vhost/_limits.erb'), |
|
969 } |
|
970 } |
|
971 |
|
972 # Template uses no variables |
|
973 concat::fragment { "${name}-file_footer": |
|
974 target => "${priority_real}${filename}.conf", |
|
975 order => 999, |
|
976 content => template('apache/vhost/_file_footer.erb'), |
|
977 } |
|
978 } |