aneesh-apache

Release 5.0.1

Repository Puppet HTML Download

Keywords
apache, web, proxy, apache2, httpd, modsecurity, modevasive
License
Apache-2.0
Install
puppet module install aneesh-apache --version 5.0.1

Documentation

APACHE Module

Overview

This module install and configure apache web server.

Usage

Default configuration:

include apache

Change configuration file settings:

class { 'apache':
    serverroot                  => '"/etc/httpd"',
    listen                      => [ '80' ],
    user                        => 'apache',
    group                       => 'apache',
    serveradmin                 => 'root@localhost',
    servername                  => 'www.example.com',
    directory                   => {
      '/' => [
        'AllowOverride none',
        'Require all denied'
      ],
      '"/var/www"' => [
        'AllowOverride None',
        'Require all granted'
      ],
      '"/var/www/html"' => [
        'Options Indexes FollowSymLinks',
        'AllowOverride None',
        'Require all granted'
      ],
      '"/var/www/cgi-bin"' => [
        'AllowOverride None',
        'Options None',
        'Require all granted'
      ],
      '"/usr/share/httpd/icons"' => [
        'Options Indexes MultiViews FollowSymlinks',
        'AllowOverride None',
        'Require all granted'
      ],
      '"/home/*/public_html"' => [
        'AllowOverride FileInfo AuthConfig Limit Indexes',
        'Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec',
        'Require method GET POST OPTIONS'
      ]
    },
    documentroot                => '"/var/www/html"',
    directoryindex              => 'index.html',
    files                       => {
      '".ht*"' => [
        'Require all denied'
      ]
    },
    errorlog                    => '"logs/error_log"',
    log_level                   => 'warn',
    logformat                   => [ '"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined', '"%h %l %u %t \"%r\" %>s %b" common', '"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio' ],
    customlog                   => '"logs/access_log" combined',
    alias                       => '/icons/ "/usr/share/httpd/icons/"',
    scriptalias                 => '/cgi-bin/ "/var/www/cgi-bin/"',
    typesconfig                 => '/etc/mime.types',
    addtype                     => [ 'application/x-compress .Z', 'application/x-gzip .gz .tgz', 'text/html .shtml' ],
    addoutputfilter             => 'INCLUDES .shtml',
    adddefaultcharset           => 'UTF-8',
    mimemagicfile               => 'conf/magic',
    enablesendfile              => 'on',
    servertokens                => 'Prod',
    timeout                     => '60',
    keepalivetimeout            => '15',
    userdir                     => 'disabled',
    serversignature             => 'Off',
    addiconbyencoding           => '(CMP,/icons/compressed.gif) x-compress x-gzip',
    addiconbytype               => [ '(TXT,/icons/text.gif) text/*', '(IMG,/icons/image2.gif) image/*', '(SND,/icons/sound2.gif) audio/*', '(VID,/icons/movie.gif) video/*' ],
    addicon                     => [ '/icons/binary.gif .bin .exe', '/icons/binhex.gif .hqx', '/icons/tar.gif .tar', '/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv', '/icons/compressed.gif .Z .z .tgz .gz .zip', '/icons/a.gif .ps .ai .eps', '/icons/layout.gif .html .shtml .htm .pdf', '/icons/text.gif .txt', '/icons/c.gif .c', '/icons/p.gif .pl .py', '/icons/f.gif .for', '/icons/dvi.gif .dvi', '/icons/uuencoded.gif .uu', '/icons/script.gif .conf .sh .shar .csh .ksh .tcl', '/icons/tex.gif .tex', '/icons/bomb.gif /core', '/icons/bomb.gif */core.*', '/icons/back.gif ..', '/icons/hand.right.gif README', '/icons/folder.gif ^^DIRECTORY^^', '/icons/blank.gif ^^BLANKICON^^' ],
    defaulticon                 => '/icons/unknown.gif',
    readmename                  => 'README.html',
    headername                  => 'HEADER.html',
    indexignore                 => '.??* *~ *# HEADER* README* RCS CVS *,v *,t',
    fileetag                    => 'None',
    include                     => [ 'conf.modules.d/*.conf' ],
    includeoptional             => [ 'conf.d/*.conf', 'sites-enabled/*.conf' ],
}

Create virtualhost:

apache::virtualhost { 'example.com.conf':
    filename              => 'example.com.conf',
    listen                => '*:80',
    serveradmin           => 'admin@example.com',
    documentroot          => '/var/www/example.com/public_html/',
    servername            => 'example.com',
    serveralias           => 'www.example.com',
    errorlog              => 'logs/example.com-error.log',
    customlog             => 'logs/example.com-access.log combined',
}

Modsecurity customisation:

class { 'apache::modsecurity':
    includeoptional             => [ 'modsecurity.d/*.conf', 'modsecurity.d/activated_rules/*.conf' ],
    secruleengine               => 'On',
    secrequestbodyaccess        => 'On',
    secrequestbodylimit         => '13107200',
    secrequestbodynofileslimit  => '131072',
    secrequestbodyinmemorylimit => '131072',
    secrequestbodylimitaction   => 'Reject',
    secpcrematchlimit           => '1000',
    secpcrematchlimitrecursion  => '1000',
    secresponsebodyaccess       => 'On',
    secdebuglog                 => '/var/log/httpd/modsec_debug.log',
    secdebugloglevel            => '0',
    secauditengine              => 'RelevantOnly',
    secauditlogrelevantstatus   => '"^(?:5|4(?!04))"',
    secauditlogparts            => 'ABIJDEFHZ',
    secauditlogtype             => 'Serial',
    secauditlog                 => '/var/log/httpd/modsec_audit.log',
    secargumentseparator        => '&',
    seccookieformat             => '0',
    sectmpdir                   => '/var/lib/mod_security',
    secdatadir                  => '/tmp',
    secresponsebodymimetype     => 'text/plain text/html text/xml application/octet-stream',
}

Modevasive customisation:

class { 'apache::modevasive':
    dosemailnotify         => 'admin@example.com',
    dospagecount           => '2',
    dossitecount           => '50',
    dosblockingperiod      => '10',
    doslogdir              => '/var/log/mod_evasive',
    doswhitelist           => [ '127.0.0.1', '192.168.0.*' ],
}

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
22
Latest release
First release
Stars
0
Forks
0
Watchers
0
Contributors
1
Repository size
33.2 KB
SourceRank
9

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

6.0.0
5.0.1
5.0.0
4.0.0
3.0.0
2.0.0
1.9.0
1.8.0
1.7.1
1.7.0
See all 22 releases

Contributors

Aneesh C


See all contributors

Login to resync this project