Skip to content
Module to set default options for the Apache web server. Uses puppetlabs-apache.
Puppet
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
manifests
.gitignore
LICENSE
README.md
metadata.json

README.md

hx_apache

Table of Contents

  1. Description
  2. Setup
  3. Usage
  4. Reference
  5. Limitations
  6. Development

Description

This module preconfigures the Apache HTTP Web Server using puppetlabs-apache so the server runs both HTTP and HTTPS, supports proxying and uses a secure set of SSL ciphers and protocols.

Setup

What hx_apache affects

  • This module uses the puppetlabs-apache-module, so it will automatically purge all (Apache) configuration files not managed by Puppet.

Beginning with hx_apache

The most simple configuration is:

class {'hx_apache': }

Usage

Default configuration

The module itself will automatically set the following parameters:

  • Enable both HTTP (port 80) and HTTPS (port 443).
  • Enable the proxy modules mod_proxy, mod_proxy_http (HTTP) and mod_proxy_connect (HTTPS).
  • Deny access to any .git directory in the _DocumentRoot_s of all configured websites.

Options

By changing the parameters to hx_apache, you can influence the following settings:

  • ssl_cipher: provide a list of ciphers the server will support. The server will chose one from the list starting at the leftmost cipher. Separate ciphers with a colon (:).

  • ssl_protocol: provide an array of supported protocols. Uses the same syntax as the Apache configuration file (e.g. -SSLv2 is supported).

  • default_mods: list of modules that will be loaded by default. See the puppetlabs-apache documentation for the correct syntax.

Reference

Class hx_apache

The base class.

Parameters

  • ssl_cipher: string of supported SSL ciphers. Uses the same syntax as the Apache configuration file. Default value is ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256.

  • ssl_protocol: array of supported SSL protocols. Uses the same syntax as the Apache configuration file. Default value is ['all', '-SSLv2', '-SSLv3' '-TLSv1', '-TLSv1.1'].

  • default_mods: array of modules that are loaded by default. Uses puppetlabs-apache syntax. By default set to ['auth_basic', 'setenvif', 'headers', 'env', 'authz_user', 'alias', 'autoindex', 'mime', 'rewrite', 'authn_file', 'negotiation', 'access_compat', 'deflate', 'authn_core', 'dir'].

  • server_admin: configure the ServerAdmin setting. Set to hostname@domain by default (e.g. s1@example.org).

Limitations

This module was tested on Ubuntu 14.04, but should work with all Ubuntu versions. Only works for Apache >= 2.4. RedHat-based systems are also supported.

Development

Pull requests welcome at https://github.com/pieterdp/hx_apache.

You can’t perform that action at this time.