Skip to content
/ hx_apache Public

Module to set default options for the Apache web server. Uses puppetlabs-apache.

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pieterdp/hx_apache

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
manifests
manifests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
metadata.json
metadata.json
 
 

Repository files navigation

hx_apache

Table of Contents

  1. Description
  2. Setup
  3. Usage
  4. Reference
  5. Limitations
  6. Development

Description

This module preconfigures the Apache HTTP Web Server using puppetlabs-apache so the server runs both HTTP and HTTPS, supports proxying and uses a secure set of SSL ciphers and protocols.

Setup

What hx_apache affects

  • This module uses the puppetlabs-apache-module, so it will automatically purge all (Apache) configuration files not managed by Puppet.

Beginning with hx_apache

The most simple configuration is:

class {'hx_apache': }

Usage

Default configuration

The module itself will automatically set the following parameters:

  • Enable both HTTP (port 80) and HTTPS (port 443).
  • Enable the proxy modules mod_proxy, mod_proxy_http (HTTP) and mod_proxy_connect (HTTPS).
  • Deny access to any .git directory in the _DocumentRoot_s of all configured websites.

Options

By changing the parameters to hx_apache, you can influence the following settings:

  • ssl_cipher: provide a list of ciphers the server will support. The server will chose one from the list starting at the leftmost cipher. Separate ciphers with a colon (:).

  • ssl_protocol: provide an array of supported protocols. Uses the same syntax as the Apache configuration file (e.g. -SSLv2 is supported).

  • default_mods: list of modules that will be loaded by default. See the puppetlabs-apache documentation for the correct syntax.

Reference

Class hx_apache

The base class.

Parameters

  • ssl_cipher: string of supported SSL ciphers. Uses the same syntax as the Apache configuration file. Default value is ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256.

  • ssl_protocol: array of supported SSL protocols. Uses the same syntax as the Apache configuration file. Default value is ['all', '-SSLv2', '-SSLv3' '-TLSv1', '-TLSv1.1'].

  • default_mods: array of modules that are loaded by default. Uses puppetlabs-apache syntax. By default set to ['auth_basic', 'setenvif', 'headers', 'env', 'authz_user', 'alias', 'autoindex', 'mime', 'rewrite', 'authn_file', 'negotiation', 'access_compat', 'deflate', 'authn_core', 'dir'].

  • server_admin: configure the ServerAdmin setting. Set to hostname@domain by default (e.g. s1@example.org).

Limitations

This module was tested on Ubuntu 14.04, but should work with all Ubuntu versions. Only works for Apache >= 2.4. RedHat-based systems are also supported.

Development

Pull requests welcome at https://github.com/pieterdp/hx_apache.

About

Module to set default options for the Apache web server. Uses puppetlabs-apache.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages