feat(webserver): "Apache2" support added

Resolves #40

.overcommit.yml

@@ -6,13 +6,6 @@ PreCommit:
     enabled: true
   BundleAudit:
     enabled: true
-    description: 'Run bundle-audit'
-    required_executable: './bin/bundle-audit'
-    flags: ['check', '--update']
-    install_command: 'gem install bundler-audit'
-    include:
-      - 'Gemfile'
-      - 'Gemfile.lock'
   BundleCheck:
     enabled: true
   CaseConflicts:

Berksfile

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 source 'https://supermarket.chef.io'
+solver :ruby, :required
 
 metadata

Gemfile.lock

@@ -194,7 +194,7 @@ GEM
       plist (~> 3.1)
       systemu (~> 2.6.4)
       wmi-lite (~> 1.0)
-    overcommit (0.34.2)
+    overcommit (0.36.0)
       childprocess (~> 0.5.8)
       iniparse (~> 1.4)
     parser (2.3.1.2)

README.md

@@ -32,6 +32,7 @@ then [add recipes to the corresponding OpsWorks actions](#recipes).
   * Unicorn
 * Web server
   * Null (no webserver)
+  * Apache2
   * nginx
 * Worker
   * Null (no worker)
@@ -41,7 +42,6 @@ then [add recipes to the corresponding OpsWorks actions](#recipes).
 
 ### Cookbooks
 
-* [build-essential (~> 2.0)](https://supermarket.chef.io/cookbooks/build-essential)
 * [deployer](https://supermarket.chef.io/cookbooks/deployer)
 * [ruby-ng](https://supermarket.chef.io/cookbooks/ruby-ng)
 * [nginx (~> 2.7)](https://supermarket.chef.io/cookbooks/nginx)
@@ -234,14 +234,49 @@ and `Puma` are supported.
 ### webserver
 
 Webserver configuration. Proxy passing to application is handled out-of-the-box.
-Currently only nginx is supported.
+Currently Apache2 and nginx is supported.
 
 * `app['webserver']['adapter']`
   * **Default:** `nginx`
-  * **Supported values:** `nginx`, `null`
+  * **Supported values:** `apache2`, `nginx`, `null`
   * Webserver in front of the instance. It runs on port 80,
     and receives all requests from Load Balancer/Internet.
     `null` means no webserver enabled.
+* `app['webserver']['dhparams']`
+  * If you wish to use custom generated DH primes, instead of common ones
+    (which is a very good practice), put the contents (not file name) of the
+    `dhparams.pem` file into this attribute. [Read more here.](https://weakdh.org/sysadmin.html)
+* `app['webserver']['ssl_for_legacy_browsers']`
+  * **Supported values:** `true`, `false`
+  * **Default:** `false`
+  * By default webserver is configured to follow strict SSL security standards,
+    [covered in this article](https://cipherli.st/). However, old browsers
+    (like IE < 9 or Android < 2.2) wouldn't work with this configuration very
+    well. If your application needs a support for those browsers, set this
+    parameter to `true`.
+
+#### apache
+
+* `app['webserver']['extra_config']`
+  * Raw Apache2 configuration, which will be inserted into `<Virtualhost *:80>`
+    section of the application.
+* `app['webserver']['extra_config_ssl']`
+  * Raw Apache2 configuration, which will be inserted into `<Virtualhost *:443>`
+    section of the application. If set to `true`, the `extra_config` will be copied.
+* [`app['webserver']['limit_request_body']`](https://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody)
+  * **Default**: `1048576`
+* [`app['webserver']['keepalive_timeout']`](https://httpd.apache.org/docs/2.4/mod/core.html#keepalivetimeout)
+  * **Default**: `15`
+* [`app['webserver']['log_level']`](https://httpd.apache.org/docs/2.4/mod/core.html#loglevel)
+  * **Default**: `info`
+* `app['webserver']['log_dir']`
+  * **Default**: `/var/log/apache2` (debian) or `/var/log/httpd` (rhel)
+  * A place to store application-related Apache2 logs.
+* [`app['webserver']['proxy_timeout']`](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxytimeout)
+  * **Default**: `60`
+
+#### nginx
+
 * `app['webserver']['build_type']`
   * **Supported values:** `default` or `source`
   * **Default:** `default`
@@ -255,35 +290,23 @@ Currently only nginx is supported.
   * **Default:** `12`
 * [`app['webserver']['client_max_body_size']`](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size)
   * **Default:** `10m`
-* `app['webserver']['dhparams']`
-  * If you wish to use custom generated DH primes, instead of common ones
-    (which is a very good practice), put the contents (not file name) of the
-    `dhparams.pem` file into this attribute. [Read more here.](https://weakdh.org/sysadmin.html)
 * `app['webserver']['extra_config']`
   * Raw nginx configuration, which will be inserted into `server` section of the
     application for HTTP port.
 * `app['webserver']['extra_config_ssl']`
   * Raw nginx configuration, which will be inserted into `server` section of the
     application for HTTPS port. If set to `true`, the `extra_config` will be copied.
-* [`app['webserver']['keepalive_timeout']`](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout)
-  * **Default**: `15`
 * `app['webserver']['log_dir']`
   * **Default**: `/var/log/nginx`
   * A place to store application-related nginx logs.
+* [`app['webserver']['keepalive_timeout']`](http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout)
+  * **Default**: `15`
 * [`app['webserver']['proxy_read_timeout']`](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout)
   * **Default**: `60`
 * [`app['webserver']['proxy_send_timeout']`](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_send_timeout)
   * **Default**: `60`
 * [`app['webserver']['send_timeout']`](http://nginx.org/en/docs/http/ngx_http_core_module.html#send_timeout)
   * **Default**: `10`
-* `app['webserver']['ssl_for_legacy_browsers']`
-  * **Supported values:** `true`, `false`
-  * **Default:** `false`
-  * By default nginx is configured to follow strict SSL security standards,
-    [covered in this article](https://cipherli.st/). However, old browsers
-    (like IE < 9 or Android < 2.2) wouldn't work with this configuration very
-    well. If your application needs a support for those browsers, set this
-    parameter to `true`.
 
 Since this driver is basically a wrapper for [nginx cookbook](https://github.com/miketheman/nginx/tree/2.7.x),
 you can also configure [`node['nginx']` attributes](https://github.com/miketheman/nginx/tree/2.7.x#attributes)

attributes/default.rb

@@ -70,19 +70,26 @@
 default['defaults']['webserver']['ssl_for_legacy_browsers'] = false
 default['defaults']['webserver']['extra_config'] = ''
 default['defaults']['webserver']['extra_config_ssl'] = ''
+default['defaults']['webserver']['keepalive_timeout'] = '15'
+
+## apache2
+
+default['defaults']['webserver']['limit_request_body'] = '1048576'
+default['defaults']['webserver']['log_level'] = 'info'
+default['defaults']['webserver']['proxy_timeout'] = '60'
 
 ## nginx
 
+# These are parameters, directly for the `nginx` cookbook, not the `webserver` part!
+default['nginx']['build_type'] = 'default'
 default['nginx']['default_site_enabled'] = false
-default['defaults']['webserver']['build_type'] = 'default'
-default['nginx']['client_body_timeout'] = default['defaults']['webserver']['client_body_timeout'] = '12'
-default['nginx']['client_header_timeout'] = default['defaults']['webserver']['client_header_timeout'] = '12'
-default['nginx']['client_max_body_size'] = default['defaults']['webserver']['client_max_body_size'] = '10m'
-default['nginx']['keepalive_timeout'] = default['defaults']['webserver']['keepalive_timeout'] = '15'
-default['nginx']['log_dir'] = default['defaults']['webserver']['log_dir'] = '/var/log/nginx'
-default['nginx']['proxy_read_timeout'] = default['defaults']['webserver']['proxy_read_timeout'] = '60'
-default['nginx']['proxy_send_timeout'] = default['defaults']['webserver']['proxy_send_timeout'] = '60'
-default['nginx']['send_timeout'] = default['defaults']['webserver']['send_timeout'] = '10'
+default['nginx']['client_body_timeout'] = '12'
+default['nginx']['client_header_timeout'] = '12'
+default['nginx']['client_max_body_size'] = '10m'
+default['nginx']['log_dir'] = '/var/log/nginx'
+default['nginx']['proxy_read_timeout'] = '60'
+default['nginx']['proxy_send_timeout'] = '60'
+default['nginx']['send_timeout'] = '10'
 
 # framework
 ## common

libraries/drivers_appserver_puma.rb

@@ -7,7 +7,8 @@ class Puma < Drivers::Appserver::Base
       output filter: [:log_requests, :preload_app, :thread_max, :thread_min, :timeout, :worker_processes]
 
       def add_appserver_config(context)
-        opts = { deploy_dir: deploy_dir(app), out: out, deploy_env: globals[:environment] }
+        opts = { deploy_dir: deploy_dir(app), out: out, deploy_env: globals[:environment],
+                 webserver: Drivers::Webserver::Factory.build(app, node).adapter }
 
         context.template File.join(opts[:deploy_dir], File.join('shared', 'config', 'puma.rb')) do
           owner node['deployer']['user']

libraries/drivers_appserver_thin.rb

@@ -7,7 +7,8 @@ class Thin < Drivers::Appserver::Base
       output filter: [:max_connections, :max_persistent_connections, :timeout, :worker_processes]
 
       def add_appserver_config(context)
-        opts = { deploy_dir: deploy_dir(app), out: out, deploy_env: globals[:environment] }
+        opts = { deploy_dir: deploy_dir(app), out: out, deploy_env: globals[:environment],
+                 webserver: Drivers::Webserver::Factory.build(app, node).adapter }
 
         context.template File.join(opts[:deploy_dir], File.join('shared', 'config', 'thin.yml')) do
           owner node['deployer']['user']

libraries/drivers_appserver_unicorn.rb

@@ -11,13 +11,14 @@ class Unicorn < Drivers::Appserver::Base
       def add_appserver_config(context)
         deploy_to = deploy_dir(app)
         output = out
+        webserver = Drivers::Webserver::Factory.build(app, node).adapter
 
         context.template File.join(deploy_to, File.join('shared', 'config', 'unicorn.conf')) do
           owner node['deployer']['user']
           group www_group
           mode '0644'
           source 'unicorn.conf.erb'
-          variables deploy_dir: deploy_to, out: output
+          variables deploy_dir: deploy_to, out: output, webserver: webserver
         end
       end
 

libraries/drivers_dsl_notifies.rb

@@ -14,9 +14,22 @@ def notifies(*options)
         end
       end
 
+      # rubocop:disable Metrics/LineLength
       def notifies
-        self.class.notifies.presence || (self.class.superclass.respond_to?(:notifies) && self.class.superclass.notifies)
+        notifier = self.class.notifies.presence || (self.class.superclass.respond_to?(:notifies) && self.class.superclass.notifies)
+        parsed_notifier = {}
+
+        notifier.each_pair do |action, options|
+          parsed_notifier[action] = options.map do |option|
+            option.merge(
+              resource: option[:resource].is_a?(Hash) ? option[:resource][node['platform_family'].to_sym] : option[:resource]
+            )
+          end
+        end
+
+        parsed_notifier
       end
+      # rubocop:enable Metrics/LineLength
     end
   end
 end

libraries/drivers_webserver_apache2.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+module Drivers
+  module Webserver
+    class Apache2 < Drivers::Webserver::Base
+      adapter :apache2
+      allowed_engines :apache2
+      packages debian: 'apache2', rhel: %w(httpd24 mod24_ssl)
+      output filter: [
+        :dhparams, :keepalive_timeout, :limit_request_body, :log_dir, :log_level, :proxy_timeout,
+        :ssl_for_legacy_browsers, :extra_config, :extra_config_ssl
+      ]
+      notifies :deploy,
+               action: :restart, resource: { debian: 'service[apache2]', rhel: 'service[httpd]' }, timer: :delayed
+      notifies :undeploy,
+               action: :restart, resource: { debian: 'service[apache2]', rhel: 'service[httpd]' }, timer: :delayed
+
+      def raw_out
+        output = node['defaults']['webserver'].merge(
+          node['deploy'][app['shortname']]['webserver'] || {}
+        ).symbolize_keys
+        output[:log_dir] = node['deploy'][app['shortname']]['webserver']['log_dir'] || "/var/log/#{service_name}"
+        output[:extra_config_ssl] = output[:extra_config] if output[:extra_config_ssl] == true
+        output
+      end
+
+      def setup(context)
+        handle_packages(context)
+        enable_modules(context, %w(expires headers lbmethod_byrequests proxy proxy_balancer proxy_http rewrite ssl))
+        add_sites_available_enabled(context)
+        define_service(context, :start)
+      end
+
+      def configure(context)
+        add_ssl_directory(context)
+        add_ssl_item(context, :private_key)
+        add_ssl_item(context, :certificate)
+        add_ssl_item(context, :chain)
+        add_dhparams(context)
+
+        remove_defaults(context)
+        add_appserver_config(context)
+        enable_appserver_config(context)
+      end
+
+      def before_deploy(context)
+        define_service(context)
+      end
+      alias before_undeploy before_deploy
+
+      def conf_dir
+        File.join('/', 'etc', node['platform_family'] == 'debian' ? 'apache2' : 'httpd')
+      end
+
+      def service_name
+        node['platform_family'] == 'debian' ? 'apache2' : 'httpd'
+      end
+
+      private
+
+      def remove_defaults(context)
+        conf_path = conf_dir
+
+        context.execute 'Remove default sites' do
+          command "find #{conf_path}/sites-enabled -maxdepth 1 -mindepth 1 -exec rm -rf {} \\;"
+          user 'root'
+          group 'root'
+        end
+      end
+
+      def add_sites_available_enabled(context)
+        return if node['platform_family'] == 'debian'
+
+        context.directory "#{conf_dir}/sites-available" do
+          mode '0755'
+        end
+        context.directory "#{conf_dir}/sites-enabled" do
+          mode '0755'
+        end
+
+        context.execute 'echo "IncludeOptional sites-enabled/*.conf" >> /etc/httpd/conf/httpd.conf'
+      end
+
+      def enable_modules(context, modules = [])
+        return unless node['platform_family'] == 'debian'
+
+        context.execute 'Enable modules' do
+          command "a2enmod #{modules.join(' ')}"
+          user 'root'
+          group 'root'
+        end
+      end
+    end
+  end
+end