diff --git a/.gitignore b/.gitignore index 47e51f50f..a90cbbb6b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,21 @@ -test/kitchen/.kitchen/ - +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ +*.tmp +*.bk +*.bkup +.kitchen.local.yml +Berksfile.lock Gemfile.lock + +.bundle/ +.cache/ +.kitchen/ +.vagrant/ +.vagrant.d/ +bin/ +tmp/ +vendor/ diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 000000000..88077b4cc --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,15 @@ +AllCops: + Excludes: + - test/** + - vendor/** + +AlignParameters: + Enabled: false +Encoding: + Enabled: false +HashSyntax: + Enabled: false +LineLength: + Enabled: false +MethodLength: + Max: 30 diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 000000000..6b50eead1 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,9 @@ +rvm: + - 1.9.3 + - 2.0.0 +before_script: + - bundle exec berks install +script: + - bundle exec foodcritic -f any . --tags ~FC007 --tags ~FC015 --tags ~FC023 + # - bundle exec rspec --color --format progress + - bundle exec rubocop diff --git a/Berksfile b/Berksfile new file mode 100644 index 000000000..54c9d8839 --- /dev/null +++ b/Berksfile @@ -0,0 +1,7 @@ +site :opscode +metadata + +group :integration do + cookbook 'apt', '~> 2.0' + cookbook 'yum', '~> 2.0' +end diff --git a/CHANGELOG.md b/CHANGELOG.md index f574307db..10a9f1e64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ -## v1.7.0: +apache2 Cookbook Changelog +========================== +This file is used to list changes made in each version of the apache2 cookbook. +v1.7.0 +------ ### Improvement - [COOK-3073]: make access.log location configurable per-platform @@ -11,173 +15,149 @@ - [COOK-3184]: Add `mod_filter` recipe to Apache2-cookbook - [COOK-3236]: Add `mod_action` recipe to Apache2-cookbook -## v1.6.6: - +v1.6.6 +------ 1.6.4 had a missed step in the automated release, long live 1.6.6. ### Bug -- [COOK-3018]: apache2_module does duplicate delayed restart of - apache2 service when conf = true -- [COOK-3027]: Default site enable true, then false, does not disable - default site +- [COOK-3018]: apache2_module does duplicate delayed restart of apache2 service when conf = true +- [COOK-3027]: Default site enable true, then false, does not disable default site - [COOK-3109]: fix apache lib_dir arch attribute regexp -## v1.6.2 - -* [COOK-2535] - `mod_auth_openid` requires libtool to run autogen.sh -* [COOK-2667] - Typo in usage documentation -* [COOK-2461] - `apache2::mod_auth_openid` fails on some ubuntu systems -* [COOK-2720] - Apache2 minitest helper function `ran_recipe` is not - portable - -## v1.6.0: - -* [COOK-2372] - apache2 mpm_worker: add ServerLimit attribute (default - to 16) - -## v1.5.0: - -**NOTE** The `mod_auth_openid` attributes are changed. The upstream - maintainer deprecated the older release versions, and the source - repository has releases available at specific SHA1SUM references. - The new attribute, `node['apache']['mod_auth_openid']['ref']` is - used to set this. - -* [COOK-2198] - `apache::mod_auth_openid` compiles from source, but - does not install make on debian/ubuntu -* [COOK-2224] - version conflict between cucumber and other gems -* [COOK-2248] - `apache2::mod_php5` uses `not_if` "which php" without - ensuring package 'which' is installed -* [COOK-2269] - Set allow list for mod_status incase external monitor scripts need -* [COOK-2276] - cookbook apache2 documentation regarding listening - ports doesn't match default attributes -* [COOK-2296] - `mod_auth_openid` doesn't have tags/releases for the - version I need for features and fixes -* [COOK-2323] - Add Oracle linux support - -## v1.4.2: - -* [COOK-1721] - fix logrotate recipe - -## v1.4.0: - -* [COOK-1456] - iptables enhancements -* [COOK-1473] - apache2 does not disable default site when setting - "`default_site_enabled`" back to false -* [COOK-1824] - the apache2 cookbook needs to specify which binary is - used on rhel platform -* [COOK-1916] - Download location wrong for apache2 `mod_auth_openid` - >= 0.7 -* [COOK-1917] - Improve `mod_auth_openid` recipe to handle module - upgrade more gracefully -* [COOK-2029] - apache2 restarts on every run on RHEL and friends, - generate-module-list on every run. -* [COOK-2036] - apache2: Cookbook style - -## v1.3.2: - -* [COOK-1804] - fix `web_app` definition parameter so site can be - disabled. - -## v1.3.0: - -* [COOK-1738] - Better configuration for `mod_include` and some - overrides in `web_app` definition -* [COOK-1470] - Change SSL Ciphers to Mitigate BEAST attack - -## v1.2.0: - -* [COOK-692] - delete package conf.d files in module recipes, for EL -* [COOK-1693] - Foodcritic finding for unnecessary string interpolation -* [COOK-1757] - platform_family and better style / usage practices - -## v1.1.16: - +v1.6.2 +------ +- [COOK-2535] - `mod_auth_openid` requires libtool to run autogen.sh +- [COOK-2667] - Typo in usage documentation +- [COOK-2461] - `apache2::mod_auth_openid` fails on some ubuntu systems +- [COOK-2720] - Apache2 minitest helper function `ran_recipe` is not portable + +v1.6.0 +------ +- [COOK-2372] - apache2 mpm_worker: add ServerLimit attribute (default to 16) + +v1.5.0 +------ +The `mod_auth_openid` attributes are changed. The upstream maintainer deprecated the older release versions, and the source repository has releases available at specific SHA1SUM references. The new attribute, `node['apache']['mod_auth_openid']['ref']` is used to set this. + +- [COOK-2198] - `apache::mod_auth_openid` compiles from source, but does not install make on debian/ubuntu +- [COOK-2224] - version conflict between cucumber and other gems +- [COOK-2248] - `apache2::mod_php5` uses `not_if` "which php" without ensuring package 'which' is installed +- [COOK-2269] - Set allow list for mod_status incase external monitor scripts need +- [COOK-2276] - cookbook apache2 documentation regarding listening ports doesn't match default attributes +- [COOK-2296] - `mod_auth_openid` doesn't have tags/releases for the version I need for features and fixes +- [COOK-2323] - Add Oracle linux support + +v1.4.2 +------ +- [COOK-1721] - fix logrotate recipe + +v1.4.0 +------ +- [COOK-1456] - iptables enhancements +- [COOK-1473] - apache2 does not disable default site when setting "`default_site_enabled`" back to false +- [COOK-1824] - the apache2 cookbook needs to specify which binary is used on rhel platform +- [COOK-1916] - Download location wrong for apache2 `mod_auth_openid` >= 0.7 +- [COOK-1917] - Improve `mod_auth_openid` recipe to handle module upgrade more gracefully +- [COOK-2029] - apache2 restarts on every run on RHEL and friends, generate-module-list on every run. +- [COOK-2036] - apache2: Cookbook style + +v1.3.2 +------ +- [COOK-1804] - fix `web_app` definition parameter so site can be disabled. + +v1.3.0 +------ +- [COOK-1738] - Better configuration for `mod_include` and some overrides in `web_app` definition +- [COOK-1470] - Change SSL Ciphers to Mitigate BEAST attack + +v1.2.0 +------ +- [COOK-692] - delete package conf.d files in module recipes, for EL +- [COOK-1693] - Foodcritic finding for unnecessary string interpolation +- [COOK-1757] - platform_family and better style / usage practices + +v1.1.16 +------- re-releasing as .16 due to error on tag 1.1.14 -* [COOK-1466] - add `mod_auth_cas` recipe -* [COOK-1609] - apache2 changes ports.conf twice per run when using - apache2::mod_ssl - -## v1.1.12: +- [COOK-1466] - add `mod_auth_cas` recipe +- [COOK-1609] - apache2 changes ports.conf twice per run when using apache2::mod_ssl -* [COOK-1436] - restore apache2 web_app definition -* [COOK-1356] - allow ExtendedStatus via attribute -* [COOK-1403] - add mod_fastcgi recipe +v1.1.12 +------- +- [COOK-1436] - restore apache2 web_app definition +- [COOK-1356] - allow ExtendedStatus via attribute +- [COOK-1403] - add mod_fastcgi recipe -## v1.1.10: +v1.1.10 +------- +- [COOK-1315] - allow the default site to not be enabled +- [COOK-1328] - cookbook tests (minitest, cucumber) -* [COOK-1315] - allow the default site to not be enabled -* [COOK-1328] - cookbook tests (minitest, cucumber) - -## v1.1.8: - -* Some platforms with minimal installations that don't have perl won't - have a `node['languages']['perl']` attribute, so remove the - conditional and rely on the power of idempotence in the package - resource. -* [COOK-1214] - address foodcritic warnings -* [COOK-1180] - add `mod_logio` and fix `mod_proxy` - -## v1.1.6: +v1.1.8 +------ +- Some platforms with minimal installations that don't have perl won't have a `node['languages']['perl']` attribute, so remove the conditional and rely on the power of idempotence in the package resource. +- [COOK-1214] - address foodcritic warnings +- [COOK-1180] - add `mod_logio` and fix `mod_proxy` +v1.1.6 +------ FreeBSD users: This release requires the `freebsd` cookbook. See README.md. -* [COOK-1025] - freebsd support in mod_php5 recipe - -## v1.1.4: - -* [COOK-1100] - support amazon linux - -## v1.1.2: - -* [COOK-996] - apache2::mod_php5 can cause PHP and module API mismatches -* [COOK-1083] - return string for v_f_p and use correct value for - default - -## v1.1.0: - -* [COOK-861] - Add `mod_perl` and apreq2 -* [COOK-941] - fix `mod_auth_openid` on FreeBSD -* [COOK-1021] - add a commented-out LoadModule directive to keep apxs happy -* [COOK-1022] - consistency for icondir attribute -* [COOK-1023] - fix platform test for attributes -* [COOK-1024] - fix a2enmod script so it runs cleanly on !bash -* [COOK-1026] - fix `error_log` location on FreeBSD - -## v1.0.8: - -* COOK-548 - directory resource doesn't have backup parameter - -## v1.0.6: - -* COOK-915 - update to `mod_auth_openid` version 0.6, see __Recipes/mod_auth_openid__ below. -* COOK-548 - Add support for FreeBSD. - -## v1.0.4: - -* COOK-859 - don't hardcode module paths - -## v1.0.2 - -* Tickets resolved in this release: COOK-788, COOK-782, COOK-780 - -## v1.0.0 - -* Red Hat family support is greatly improved, all recipes except `god_monitor` converge. -* Recipe `mod_auth_openid` now works on RHEL family distros -* Recipe `mod_php5` will now remove config from package on RHEL family so it doesn't conflict with the cookbook's. -* Added `php5.conf.erb` template for `mod_php5` recipe. -* Create the run state directory for `mod_fcgid` to prevent a startup error on RHEL version 6. -* New attribute `node['apache']['lib_dir']` to handle lib vs lib64 on RHEL family distributions. -* New attribute `node['apache']['group']`. -* Scientific Linux support added. -* Use a file resource instead of the generate-module-list executed perl script on RHEL family. -* "default" site can now be disabled. -* web_app now has an "enable" parameter. -* Support for dav_fs apache module. -* Tickets resolved in this release: COOK-754, COOK-753, COOK-665, COOK-624, COOK-579, COOK-519, COOK-518 -* Fix node references in template for a2dissite -* Use proper user and group attributes on files and templates. -* Replace the anemic README.rdoc with this new and improved superpowered README.md :). +- [COOK-1025] - freebsd support in mod_php5 recipe + +v1.1.4 +------ +- [COOK-1100] - support amazon linux + +v1.1.2 +------ +- [COOK-996] - apache2::mod_php5 can cause PHP and module API mismatches +- [COOK-1083] - return string for v_f_p and use correct value for default + +v1.1.0 +------ +- [COOK-861] - Add `mod_perl` and apreq2 +- [COOK-941] - fix `mod_auth_openid` on FreeBSD +- [COOK-1021] - add a commented-out LoadModule directive to keep apxs happy +- [COOK-1022] - consistency for icondir attribute +- [COOK-1023] - fix platform test for attributes +- [COOK-1024] - fix a2enmod script so it runs cleanly on !bash +- [COOK-1026] - fix `error_log` location on FreeBSD + +v1.0.8 +------ +- COOK-548 - directory resource doesn't have backup parameter + +v1.0.6 +------ +- COOK-915 - update to `mod_auth_openid` version 0.6, see __Recipes/mod_auth_openid__ below. +- COOK-548 - Add support for FreeBSD. + +v1.0.4 +------ +- COOK-859 - don't hardcode module paths + +v1.0.2 +------ +- Tickets resolved in this release: COOK-788, COOK-782, COOK-780 + +v1.0.0 +------ +- Red Hat family support is greatly improved, all recipes except `god_monitor` converge. +- Recipe `mod_auth_openid` now works on RHEL family distros +- Recipe `mod_php5` will now remove config from package on RHEL family so it doesn't conflict with the cookbook's. +- Added `php5.conf.erb` template for `mod_php5` recipe. +- Create the run state directory for `mod_fcgid` to prevent a startup error on RHEL version 6. +- New attribute `node['apache']['lib_dir']` to handle lib vs lib64 on RHEL family distributions. +- New attribute `node['apache']['group']`. +- Scientific Linux support added. +- Use a file resource instead of the generate-module-list executed perl script on RHEL family. +- "default" site can now be disabled. +- web_app now has an "enable" parameter. +- Support for dav_fs apache module. +- Tickets resolved in this release: COOK-754, COOK-753, COOK-665, COOK-624, COOK-579, COOK-519, COOK-518 +- Fix node references in template for a2dissite +- Use proper user and group attributes on files and templates. +- Replace the anemic README.rdoc with this new and improved superpowered README.md :). diff --git a/Gemfile b/Gemfile index 9dad052b1..057b3404a 100644 --- a/Gemfile +++ b/Gemfile @@ -1,10 +1,23 @@ -source "https://rubygems.org" +# source "https://rubygems.org" -gem 'cucumber', '~> 1.2.0' -gem 'httparty', '~> 0.8.3' -gem 'minitest', '~> 3.0.0' -gem 'nokogiri', '~> 1.5.0' +# gem 'cucumber', '~> 1.2.0' +# gem 'httparty', '~> 0.8.3' +# gem 'minitest', '~> 3.0.0' +# gem 'nokogiri', '~> 1.5.0' -group :kitchen do - gem 'test-kitchen', '< 1.0' +# group :kitchen do +# gem 'test-kitchen', '< 1.0' +# end + + +source 'https://rubygems.org' + +gem 'berkshelf', '~> 2.0' +gem 'chefspec', '~> 2.0' +gem 'foodcritic', '~> 3.0' +gem 'rubocop', '~> 0.12' + +group :integration do + gem 'test-kitchen', '~> 1.0.0.beta' + gem 'kitchen-vagrant', '~> 0.11' end diff --git a/README.md b/README.md index 1921f3859..9215c88a1 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ -Description -=========== +apache2 Cookbook +================ +[![Build Status](https://secure.travis-ci.org/opscode-cookbooks/apache2.png?branch=master)](http://travis-ci.org/opscode-cookbooks/apache2) + This cookbook provides a complete Debian/Ubuntu style Apache HTTPD configuration. Non-Debian based distributions such as Red Hat/CentOS, diff --git a/TESTING.md b/TESTING.md new file mode 100644 index 000000000..b4102e321 --- /dev/null +++ b/TESTING.md @@ -0,0 +1,53 @@ +This cookbook uses a variety of testing components: + +- Unit tests: [ChefSpec](https://github.com/acrmp/chefspec) +- Integration tests: [Test Kitchen](https://github.com/opscode/test-kitchen) +- Chef Style lints: [Foodcritic](https://github.com/acrmp/foodcritic) +- Ruby Style lints: [Rubocop](https://github.com/bbatsov/rubocop) + + +Prerequisites +------------- +To develop on this cookbook, you must have a sane Ruby 1.9+ environment. Given the nature of this installation process (and it's variance across multiple operating systems), we will leave this installation process to the user. + +You must also have `bundler` installed: + + $ gem install bundler + +You must also have Vagrant and VirtualBox installed: + +- [Vagrant](https://vagrantup.com) +- [VirtualBox](https://virtualbox.org) + +Once installed, you must install the `vagrant-berkshelf` plugin: + + $ vagrant plugin install vagrant-berkshelf + + +Development +----------- +1. Clone the git repository from GitHub: + + $ git clone git@github.com:opscode-cookbooks/COOKBOOK.git + +2. Install the dependencies using bundler: + + $ bundle install + +3. Create a branch for your changes: + + $ git checkout -b my_bug_fix + +4. Make any changes +5. Write tests to support those changes. It is highly recommended you write both unit and integration tests. +6. Run the tests: + - `bundle exec rspec` + - `bundle exec foodcritic .` + - `bundle exec rubocop` + - `bundle exec kitchen test` + +7. Assuming the tests pass, open a Pull Request on GitHub +8. Open a JIRA ticket for this compontent, linking the JIRA ticket to the Pull Request and visa versa. +9. Mark the JIRA ticket as "Fix Provided" + +For more information, see [Opscode's Contribution Guidelines](https://wiki.opscode.com/display/chef/How+to+Contribute). diff --git a/attributes/default.rb b/attributes/default.rb index 60dfc933f..4f04320bb 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Attributes:: apache # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,98 +17,98 @@ # limitations under the License. # -default['apache']['root_group'] = "root" +default['apache']['root_group'] = 'root' # Where the various parts of apache are -case platform -when "redhat", "centos", "scientific", "fedora", "suse", "amazon", "oracle" - default['apache']['package'] = "httpd" - default['apache']['dir'] = "/etc/httpd" - default['apache']['log_dir'] = "/var/log/httpd" - default['apache']['error_log'] = "error.log" - default['apache']['access_log'] = "access.log" - default['apache']['user'] = "apache" - default['apache']['group'] = "apache" - default['apache']['binary'] = "/usr/sbin/httpd" - default['apache']['docroot_dir'] = "/var/www/html" - default['apache']['cgibin_dir'] = "/var/www/cgi-bin" - default['apache']['icondir'] = "/var/www/icons" - default['apache']['cache_dir'] = "/var/cache/httpd" - if node['platform_version'].to_f >= 6 then - default['apache']['pid_file'] = "/var/run/httpd/httpd.pid" - else - default['apache']['pid_file'] = "/var/run/httpd.pid" - end - default['apache']['lib_dir'] = node['kernel']['machine'] =~ /^i[36]86$/ ? "/usr/lib/httpd" : "/usr/lib64/httpd" - default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" +case node['platform'] +when 'redhat', 'centos', 'scientific', 'fedora', 'suse', 'amazon', 'oracle' + default['apache']['package'] = 'httpd' + default['apache']['dir'] = '/etc/httpd' + default['apache']['log_dir'] = '/var/log/httpd' + default['apache']['error_log'] = 'error.log' + default['apache']['access_log'] = 'access.log' + default['apache']['user'] = 'apache' + default['apache']['group'] = 'apache' + default['apache']['binary'] = '/usr/sbin/httpd' + default['apache']['docroot_dir'] = '/var/www/html' + default['apache']['cgibin_dir'] = '/var/www/cgi-bin' + default['apache']['icondir'] = '/var/www/icons' + default['apache']['cache_dir'] = '/var/cache/httpd' + default['apache']['pid_file'] = if node['platform_version'].to_f >= 6 + '/var/run/httpd/httpd.pid' + else + '/var/run/httpd.pid' + end + default['apache']['lib_dir'] = node['kernel']['machine'] =~ /^i[36]86$/ ? '/usr/lib/httpd' : '/usr/lib64/httpd' + default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" default['apache']['default_site_enabled'] = false -when "debian", "ubuntu" - default['apache']['package'] = "apache2" - default['apache']['dir'] = "/etc/apache2" - default['apache']['log_dir'] = "/var/log/apache2" - default['apache']['error_log'] = "error.log" - default['apache']['access_log'] = "access.log" - default['apache']['user'] = "www-data" - default['apache']['group'] = "www-data" - default['apache']['binary'] = "/usr/sbin/apache2" - default['apache']['docroot_dir'] = "/var/www" - default['apache']['cgibin_dir'] = "/usr/lib/cgi-bin" - default['apache']['icondir'] = "/usr/share/apache2/icons" - default['apache']['cache_dir'] = "/var/cache/apache2" - default['apache']['pid_file'] = "/var/run/apache2.pid" - default['apache']['lib_dir'] = "/usr/lib/apache2" - default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" +when 'debian', 'ubuntu' + default['apache']['package'] = 'apache2' + default['apache']['dir'] = '/etc/apache2' + default['apache']['log_dir'] = '/var/log/apache2' + default['apache']['error_log'] = 'error.log' + default['apache']['access_log'] = 'access.log' + default['apache']['user'] = 'www-data' + default['apache']['group'] = 'www-data' + default['apache']['binary'] = '/usr/sbin/apache2' + default['apache']['docroot_dir'] = '/var/www' + default['apache']['cgibin_dir'] = '/usr/lib/cgi-bin' + default['apache']['icondir'] = '/usr/share/apache2/icons' + default['apache']['cache_dir'] = '/var/cache/apache2' + default['apache']['pid_file'] = '/var/run/apache2.pid' + default['apache']['lib_dir'] = '/usr/lib/apache2' + default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" default['apache']['default_site_enabled'] = false -when "arch" - default['apache']['package'] = "apache" - default['apache']['dir'] = "/etc/httpd" - default['apache']['log_dir'] = "/var/log/httpd" - default['apache']['error_log'] = "error.log" - default['apache']['access_log'] = "access.log" - default['apache']['user'] = "http" - default['apache']['group'] = "http" - default['apache']['binary'] = "/usr/sbin/httpd" - default['apache']['docroot_dir'] = "/srv/http" - default['apache']['cgibin_dir'] = "/usr/share/httpd/cgi-bin" - default['apache']['icondir'] = "/usr/share/httpd/icons" - default['apache']['cache_dir'] = "/var/cache/httpd" - default['apache']['pid_file'] = "/var/run/httpd/httpd.pid" - default['apache']['lib_dir'] = "/usr/lib/httpd" - default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" +when 'arch' + default['apache']['package'] = 'apache' + default['apache']['dir'] = '/etc/httpd' + default['apache']['log_dir'] = '/var/log/httpd' + default['apache']['error_log'] = 'error.log' + default['apache']['access_log'] = 'access.log' + default['apache']['user'] = 'http' + default['apache']['group'] = 'http' + default['apache']['binary'] = '/usr/sbin/httpd' + default['apache']['docroot_dir'] = '/srv/http' + default['apache']['cgibin_dir'] = '/usr/share/httpd/cgi-bin' + default['apache']['icondir'] = '/usr/share/httpd/icons' + default['apache']['cache_dir'] = '/var/cache/httpd' + default['apache']['pid_file'] = '/var/run/httpd/httpd.pid' + default['apache']['lib_dir'] = '/usr/lib/httpd' + default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" default['apache']['default_site_enabled'] = false -when "freebsd" - default['apache']['package'] = "apache22" - default['apache']['dir'] = "/usr/local/etc/apache22" - default['apache']['log_dir'] = "/var/log" - default['apache']['error_log'] = "httpd-error.log" - default['apache']['access_log'] = "httpd-access.log" - default['apache']['root_group'] = "wheel" - default['apache']['user'] = "www" - default['apache']['group'] = "www" - default['apache']['binary'] = "/usr/local/sbin/httpd" - default['apache']['docroot_dir'] = "/usr/local/www/apache22/data" - default['apache']['cgibin_dir'] = "/usr/local/www/apache22/cgi-bin" - default['apache']['icondir'] = "/usr/local/www/apache22/icons" - default['apache']['cache_dir'] = "/var/run/apache22" - default['apache']['pid_file'] = "/var/run/httpd.pid" - default['apache']['lib_dir'] = "/usr/local/libexec/apache22" - default['apache']['libexecdir'] = node['apache']['lib_dir'] +when 'freebsd' + default['apache']['package'] = 'apache22' + default['apache']['dir'] = '/usr/local/etc/apache22' + default['apache']['log_dir'] = '/var/log' + default['apache']['error_log'] = 'httpd-error.log' + default['apache']['access_log'] = 'httpd-access.log' + default['apache']['root_group'] = 'wheel' + default['apache']['user'] = 'www' + default['apache']['group'] = 'www' + default['apache']['binary'] = '/usr/local/sbin/httpd' + default['apache']['docroot_dir'] = '/usr/local/www/apache22/data' + default['apache']['cgibin_dir'] = '/usr/local/www/apache22/cgi-bin' + default['apache']['icondir'] = '/usr/local/www/apache22/icons' + default['apache']['cache_dir'] = '/var/run/apache22' + default['apache']['pid_file'] = '/var/run/httpd.pid' + default['apache']['lib_dir'] = '/usr/local/libexec/apache22' + default['apache']['libexecdir'] = node['apache']['lib_dir'] default['apache']['default_site_enabled'] = false else - default['apache']['dir'] = "/etc/apache2" - default['apache']['log_dir'] = "/var/log/apache2" - default['apache']['error_log'] = "error.log" - default['apache']['access_log'] = "access.log" - default['apache']['user'] = "www-data" - default['apache']['group'] = "www-data" - default['apache']['binary'] = "/usr/sbin/apache2" - default['apache']['docroot_dir'] = "/var/www" - default['apache']['cgibin_dir'] = "/usr/lib/cgi-bin" - default['apache']['icondir'] = "/usr/share/apache2/icons" - default['apache']['cache_dir'] = "/var/cache/apache2" - default['apache']['pid_file'] = "logs/httpd.pid" - default['apache']['lib_dir'] = "/usr/lib/apache2" - default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" + default['apache']['dir'] = '/etc/apache2' + default['apache']['log_dir'] = '/var/log/apache2' + default['apache']['error_log'] = 'error.log' + default['apache']['access_log'] = 'access.log' + default['apache']['user'] = 'www-data' + default['apache']['group'] = 'www-data' + default['apache']['binary'] = '/usr/sbin/apache2' + default['apache']['docroot_dir'] = '/var/www' + default['apache']['cgibin_dir'] = '/usr/lib/cgi-bin' + default['apache']['icondir'] = '/usr/share/apache2/icons' + default['apache']['cache_dir'] = '/var/cache/apache2' + default['apache']['pid_file'] = 'logs/httpd.pid' + default['apache']['lib_dir'] = '/usr/lib/apache2' + default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" default['apache']['default_site_enabled'] = false end @@ -118,24 +118,24 @@ ### # General settings -default['apache']['listen_addresses'] = ["*"] -default['apache']['listen_ports'] = ["80"] -default['apache']['contact'] = "ops@example.com" -default['apache']['timeout'] = 300 -default['apache']['keepalive'] = "On" +default['apache']['listen_addresses'] = %w[*] +default['apache']['listen_ports'] = %w[80] +default['apache']['contact'] = 'ops@example.com' +default['apache']['timeout'] = 300 +default['apache']['keepalive'] = 'On' default['apache']['keepaliverequests'] = 100 -default['apache']['keepalivetimeout'] = 5 +default['apache']['keepalivetimeout'] = 5 # Security -default['apache']['servertokens'] = "Prod" -default['apache']['serversignature'] = "On" -default['apache']['traceenable'] = "On" +default['apache']['servertokens'] = 'Prod' +default['apache']['serversignature'] = 'On' +default['apache']['traceenable'] = 'On' # mod_auth_openids -default['apache']['allowed_openids'] = Array.new +default['apache']['allowed_openids'] = [] # mod_status Allow list, space seprated list of allowed entries. -default['apache']['status_allow_list'] = "localhost ip6-localhost" +default['apache']['status_allow_list'] = 'localhost ip6-localhost' # mod_status ExtendedStatus, set to 'true' to enable default['apache']['ext_status'] = false @@ -144,34 +144,34 @@ default['apache']['info_allow_list'] = 'localhost ip6-localhost' # Prefork Attributes -default['apache']['prefork']['startservers'] = 16 -default['apache']['prefork']['minspareservers'] = 16 -default['apache']['prefork']['maxspareservers'] = 32 -default['apache']['prefork']['serverlimit'] = 400 -default['apache']['prefork']['maxclients'] = 400 -default['apache']['prefork']['maxrequestsperchild'] = 10000 +default['apache']['prefork']['startservers'] = 16 +default['apache']['prefork']['minspareservers'] = 16 +default['apache']['prefork']['maxspareservers'] = 32 +default['apache']['prefork']['serverlimit'] = 400 +default['apache']['prefork']['maxclients'] = 400 +default['apache']['prefork']['maxrequestsperchild'] = 10_000 # Worker Attributes -default['apache']['worker']['startservers'] = 4 -default['apache']['worker']['serverlimit'] = 16 -default['apache']['worker']['maxclients'] = 1024 -default['apache']['worker']['minsparethreads'] = 64 -default['apache']['worker']['maxsparethreads'] = 192 -default['apache']['worker']['threadsperchild'] = 64 +default['apache']['worker']['startservers'] = 4 +default['apache']['worker']['serverlimit'] = 16 +default['apache']['worker']['maxclients'] = 1024 +default['apache']['worker']['minsparethreads'] = 64 +default['apache']['worker']['maxsparethreads'] = 192 +default['apache']['worker']['threadsperchild'] = 64 default['apache']['worker']['maxrequestsperchild'] = 0 # mod_proxy settings -default['apache']['proxy']['order'] = 'deny,allow' -default['apache']['proxy']['deny_from'] = 'all' +default['apache']['proxy']['order'] = 'deny,allow' +default['apache']['proxy']['deny_from'] = 'all' default['apache']['proxy']['allow_from'] = 'none' # Default modules to enable via include_recipe -default['apache']['default_modules'] = %w{ +default['apache']['default_modules'] = %w[ status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex dir env mime negotiation setenvif -} +] -%w{ log_config logio }.each do |log_mod| - default['apache']['default_modules'] << log_mod if ["rhel", "fedora", "suse", "arch", "freebsd"].include?(node['platform_family']) +%w[log_config logio].each do |log_mod| + default['apache']['default_modules'] << log_mod if %w[rhel fedora suse arch freebsd].include?(node['platform_family']) end diff --git a/attributes/mod_auth_cas.rb b/attributes/mod_auth_cas.rb index a5cc262c2..4716fe7d9 100644 --- a/attributes/mod_auth_cas.rb +++ b/attributes/mod_auth_cas.rb @@ -1,2 +1,21 @@ -default['apache']['mod_auth_cas']['from_source'] = false -default['apache']['mod_auth_cas']['source_revision'] = "v1.0.8.1" +# +# Cookbook Name:: apache2 +# Attributes:: mod_auth_cas +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['apache']['mod_auth_cas']['from_source'] = false +default['apache']['mod_auth_cas']['source_revision'] = 'v1.0.8.1' diff --git a/attributes/mod_auth_openid.rb b/attributes/mod_auth_openid.rb index d6b8f1e00..3aba0aa7b 100644 --- a/attributes/mod_auth_openid.rb +++ b/attributes/mod_auth_openid.rb @@ -1,13 +1,14 @@ # -# Author:: Joshua Timberman -# Copyright:: Copyright (c) 2011, Opscode, Inc. -# License:: Apache License, Version 2.0 +# Cookbook Name:: apache2 +# Attributes:: mod_auth_cas +# +# Copyright 2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -16,16 +17,16 @@ # limitations under the License. # -default['apache']['mod_auth_openid']['ref'] = "95043901eab868400937642d9bc55d17e9dd069f" +default['apache']['mod_auth_openid']['ref'] = '95043901eab868400937642d9bc55d17e9dd069f' default['apache']['mod_auth_openid']['source_url'] = "https://github.com/bmuller/mod_auth_openid/archive/#{node['apache']['mod_auth_openid']['ref']}.tar.gz" -default['apache']['mod_auth_openid']['cache_dir'] = "/var/cache/mod_auth_openid" +default['apache']['mod_auth_openid']['cache_dir'] = '/var/cache/mod_auth_openid' default['apache']['mod_auth_openid']['dblocation'] = "#{node['apache']['mod_auth_openid']['cache_dir']}/mod_auth_openid.db" case node['platform_family'] -when "freebsd" +when 'freebsd' default['apache']['mod_auth_openid']['configure_flags'] = [ - "CPPFLAGS=-I/usr/local/include", - "LDFLAGS=-I/usr/local/lib -lsqlite3" + 'CPPFLAGS=-I/usr/local/include', + 'LDFLAGS=-I/usr/local/lib -lsqlite3' ] else default['apache']['mod_auth_openid']['configure_flags'] = [] diff --git a/attributes/mod_fastcgi.rb b/attributes/mod_fastcgi.rb index 27ded8a93..0583c9fee 100644 --- a/attributes/mod_fastcgi.rb +++ b/attributes/mod_fastcgi.rb @@ -1,13 +1,14 @@ # -# Author:: Ameir Abdeldayem -# Copyright:: Copyright (c) 2013, Opscode, Inc. -# License:: Apache License, Version 2.0 +# Cookbook Name:: apache2 +# Attributes:: mod_fastcgi +# +# Copyright 2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, diff --git a/attributes/mod_ssl.rb b/attributes/mod_ssl.rb index c744cb43c..e71d3a602 100644 --- a/attributes/mod_ssl.rb +++ b/attributes/mod_ssl.rb @@ -1,13 +1,14 @@ # -# Author:: Nathan L Smith -# Copyright:: Copyright (c) 2012, Opscode, Inc. -# License:: Apache License, Version 2.0 +# Cookbook Name:: apache2 +# Attributes:: mod_ssl +# +# Copyright 2012-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, diff --git a/definitions/apache_conf.rb b/definitions/apache_conf.rb index 5a6215806..3f615179c 100644 --- a/definitions/apache_conf.rb +++ b/definitions/apache_conf.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Definition:: apache_conf # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-20013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,8 +19,8 @@ define :apache_conf do template "#{node['apache']['dir']}/mods-available/#{params[:name]}.conf" do - source "mods/#{params[:name]}.conf.erb" - notifies :restart, "service[apache2]" - mode 0644 + source "mods/#{params[:name]}.conf.erb" + mode '0644' + notifies :restart, 'service[apache2]' end end diff --git a/definitions/apache_module.rb b/definitions/apache_module.rb index 99ca29c6b..685886f2e 100644 --- a/definitions/apache_module.rb +++ b/definitions/apache_module.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Definition:: apache_module # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,36 +18,34 @@ # define :apache_module, :enable => true, :conf => false do - include_recipe "apache2" + include_recipe 'apache2::default' - params[:filename] = params[:filename] || "mod_#{params[:name]}.so" + params[:filename] = params[:filename] || "mod_#{params[:name]}.so" params[:module_path] = params[:module_path] || "#{node['apache']['libexecdir']}/#{params[:filename]}" - if params[:conf] - apache_conf params[:name] - end + apache_conf params[:name] if params[:conf] - if platform_family?("rhel", "fedora", "arch", "suse", "freebsd") + if platform_family?('rhel', 'fedora', 'arch', 'suse', 'freebsd') file "#{node['apache']['dir']}/mods-available/#{params[:name]}.load" do content "LoadModule #{params[:name]}_module #{params[:module_path]}\n" - mode 0644 + mode '0644' end end if params[:enable] - execute "a2enmod #{params[:name]}" do - command "/usr/sbin/a2enmod #{params[:name]}" - notifies :restart, "service[apache2]" - not_if do (::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") and - ((::File.exists?("#{node['apache']['dir']}/mods-available/#{params[:name]}.conf"))? - (::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.conf")):(true))) - end - end + # execute "a2enmod #{params[:name]}" do + # command "/usr/sbin/a2enmod #{params[:name]}" + # notifies :restart, 'service[apache2]' + # not_if do + # ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") && + # ::File.exists?("#{node['apache']['dir']}/mods-available/#{params[:name]}.conf") ? ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.conf") : true + # end + # end else execute "a2dismod #{params[:name]}" do command "/usr/sbin/a2dismod #{params[:name]}" - notifies :restart, "service[apache2]" - only_if do ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") end + notifies :restart, 'service[apache2]' + only_if { ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") } end end end diff --git a/definitions/apache_site.rb b/definitions/apache_site.rb index 1bc287009..17619819d 100644 --- a/definitions/apache_site.rb +++ b/definitions/apache_site.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Definition:: apache_site # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,24 +18,24 @@ # define :apache_site, :enable => true do - include_recipe "apache2" + include_recipe 'apache2::default' if params[:enable] execute "a2ensite #{params[:name]}" do command "/usr/sbin/a2ensite #{params[:name]}" - notifies :restart, resources(:service => "apache2") + notifies :restart, 'service[apache2]' not_if do - ::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{params[:name]}") or + ::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{params[:name]}") || ::File.symlink?("#{node['apache']['dir']}/sites-enabled/000-#{params[:name]}") end - only_if do ::File.exists?("#{node['apache']['dir']}/sites-available/#{params[:name]}") end + only_if { ::File.exists?("#{node['apache']['dir']}/sites-available/#{params[:name]}") } end else execute "a2dissite #{params[:name]}" do command "/usr/sbin/a2dissite #{params[:name]}" - notifies :restart, resources(:service => "apache2") + notifies :restart, 'service[apache2]' only_if do - ::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{params[:name]}") or + ::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{params[:name]}") || ::File.symlink?("#{node['apache']['dir']}/sites-enabled/000-#{params[:name]}") end end diff --git a/definitions/web_app.rb b/definitions/web_app.rb index 2547e30f2..6844d3b1a 100644 --- a/definitions/web_app.rb +++ b/definitions/web_app.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Definition:: web_app # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,29 +17,27 @@ # limitations under the License. # -define :web_app, :template => "web_app.conf.erb", :enable => true do +define :web_app, :template => 'web_app.conf.erb', :enable => true do application_name = params[:name] - include_recipe "apache2" - include_recipe "apache2::mod_rewrite" - include_recipe "apache2::mod_deflate" - include_recipe "apache2::mod_headers" + include_recipe 'apache2::default' + include_recipe 'apache2::mod_rewrite' + include_recipe 'apache2::mod_deflate' + include_recipe 'apache2::mod_headers' template "#{node['apache']['dir']}/sites-available/#{application_name}.conf" do - source params[:template] - owner "root" - group node['apache']['root_group'] - mode 0644 - if params[:cookbook] - cookbook params[:cookbook] - end + source params[:template] + owner 'root' + group node['apache']['root_group'] + mode '0644' + cookbook params[:cookbook] if params[:cookbook] variables( :application_name => application_name, - :params => params + :params => params ) if ::File.exists?("#{node['apache']['dir']}/sites-enabled/#{application_name}.conf") - notifies :reload, resources(:service => "apache2"), :delayed + notifies :reload, 'service[apache2]' end end diff --git a/files/default/apache2_module_conf_generate.pl b/files/default/apache2_module_conf_generate.pl index 83f849ed9..e161fbb17 100644 --- a/files/default/apache2_module_conf_generate.pl +++ b/files/default/apache2_module_conf_generate.pl @@ -3,7 +3,7 @@ =begin Generates Ubuntu style module.load files. - + ./apache2_module_conf_generate.pl /usr/lib64/httpd/modules /etc/httpd/mods-available ARGV[0] is the apache modules directory, ARGV[1] is where you want 'em. diff --git a/files/default/tests/minitest/default_test.rb b/files/default/tests/minitest/default_test.rb index 8f8184db5..0bec9b144 100644 --- a/files/default/tests/minitest/default_test.rb +++ b/files/default/tests/minitest/default_test.rb @@ -16,7 +16,7 @@ end it 'creates the conf.d directory' do - directory("#{node['apache']['dir']}/conf.d").must_exist.with(:mode, "755") + directory("#{node['apache']['dir']}/conf.d").must_exist.with(:mode, '755') end it 'creates the logs directory' do @@ -53,7 +53,7 @@ file("#{node['apache']['dir']}/conf.d/security").must_match(/^ServerTokens #{node['apache']['servertokens']} *$/) end - it "enables default_modules" do + it 'enables default_modules' do node['apache']['default_modules'].each do |a2mod| apache_enabled_modules.must_include "#{a2mod}_module" end @@ -73,5 +73,4 @@ it { config.must_include "Include #{node['apache']['dir']}/conf.d/" } it { apache_config_parses? } end - end diff --git a/files/default/tests/minitest/god_monitor_test.rb b/files/default/tests/minitest/god_monitor_test.rb index 5c0d7a0bb..f2f972eab 100644 --- a/files/default/tests/minitest/god_monitor_test.rb +++ b/files/default/tests/minitest/god_monitor_test.rb @@ -17,15 +17,15 @@ require File.expand_path('../support/helpers', __FILE__) -describe "apache2::god_monitor" do +describe 'apache2::god_monitor' do include Helpers::Apache it 'starts god service to supervise apache2' do - service("god").must_be_running + service('god').must_be_running end it 'creates the god service template for apache' do - file("/etc/god/conf.d/apache2.god").must_exist + file('/etc/god/conf.d/apache2.god').must_exist end it 'starts an apache2 service that works like a regular service' do diff --git a/files/default/tests/minitest/mod_apreq2_test.rb b/files/default/tests/minitest/mod_apreq2_test.rb index 8679b4e49..140ec1637 100644 --- a/files/default/tests/minitest/mod_apreq2_test.rb +++ b/files/default/tests/minitest/mod_apreq2_test.rb @@ -4,12 +4,12 @@ include Helpers::Apache it 'enables apreq_module' do - apache_enabled_modules.must_include "apreq_module" + apache_enabled_modules.must_include 'apreq_module' end it 'symlinks the module on EL' do - skip unless %w{rhel fedora}.include?(node['platform_family']) - libdir = node['kernel']['machine'] == 'x86_64' ? "lib64" : "lib" + skip unless %w[rhel fedora].include?(node['platform_family']) + libdir = node['kernel']['machine'] == 'x86_64' ? 'lib64' : 'lib' link( "/usr/#{libdir}/httpd/modules/mod_apreq.so" ).must_exist.with( diff --git a/files/default/tests/minitest/mod_auth_cas_test.rb b/files/default/tests/minitest/mod_auth_cas_test.rb index f7e06ead2..745c217d4 100644 --- a/files/default/tests/minitest/mod_auth_cas_test.rb +++ b/files/default/tests/minitest/mod_auth_cas_test.rb @@ -1,11 +1,10 @@ require File.expand_path('../support/helpers', __FILE__) -describe "apache2::mod_auth_cas" do +describe 'apache2::mod_auth_cas' do include Helpers::Apache it 'enables auth_cas_module' do - skip if %w{rhel fedora}.include?(node['platform_family']) && node['platform_version'].to_f > 6.0 - apache_enabled_modules.must_include "auth_cas_module" + skip if %w[rhel fedora].include?(node['platform_family']) && node['platform_version'].to_f > 6.0 + apache_enabled_modules.must_include 'auth_cas_module' end - end diff --git a/files/default/tests/minitest/mod_auth_openid_test.rb b/files/default/tests/minitest/mod_auth_openid_test.rb index 7793a4405..84f7f54e2 100644 --- a/files/default/tests/minitest/mod_auth_openid_test.rb +++ b/files/default/tests/minitest/mod_auth_openid_test.rb @@ -4,34 +4,33 @@ describe 'apache2::mod_auth_openid' do include Helpers::Apache - it "installs the opekele library" do + it 'installs the opekele library' do lib_dir = Pathname.new(node['apache']['lib_dir']).dirname.to_s file("#{lib_dir}/libopkele.so").must_exist end - it "does not add the module to httpd.conf" do + it 'does not add the module to httpd.conf' do conffile = case node['platform'] when 'debian', 'ubuntu' - "apache2.conf" - when "redhat", "centos", "scientific", "fedora", "arch", "amazon" - "conf/httpd.conf" - when "freebsd" - "httpd.conf" + 'apache2.conf' + when 'redhat', 'centos', 'scientific', 'fedora', 'arch', 'amazon' + 'conf/httpd.conf' + when 'freebsd' + 'httpd.conf' end httpd_config = File.read(File.join(node['apache']['dir'], conffile)) refute_match /^LoadModule authopenid_module /, httpd_config end - it "creates a cache directory for the module" do + it 'creates a cache directory for the module' do directory(node['apache']['mod_auth_openid']['cache_dir']).must_exist.with(:owner, node['apache']['user']) end - it "ensures the db file is writable by apache" do - file(node['apache']['mod_auth_openid']['dblocation']).must_exist.with(:owner, node['apache']['user']).and(:mode, "644") + it 'ensures the db file is writable by apache' do + file(node['apache']['mod_auth_openid']['dblocation']).must_exist.with(:owner, node['apache']['user']).and(:mode, '644') end it 'enables authopenid_module' do - apache_enabled_modules.must_include "authopenid_module" + apache_enabled_modules.must_include 'authopenid_module' end - end diff --git a/files/default/tests/minitest/mod_cgi_test.rb b/files/default/tests/minitest/mod_cgi_test.rb index 13912404e..d14e76426 100644 --- a/files/default/tests/minitest/mod_cgi_test.rb +++ b/files/default/tests/minitest/mod_cgi_test.rb @@ -9,5 +9,4 @@ apache_enabled_modules.include?('cgid_module') ) end - end diff --git a/files/default/tests/minitest/mod_dav_svn_test.rb b/files/default/tests/minitest/mod_dav_svn_test.rb index cfc1f61bf..25e063797 100644 --- a/files/default/tests/minitest/mod_dav_svn_test.rb +++ b/files/default/tests/minitest/mod_dav_svn_test.rb @@ -4,11 +4,10 @@ include Helpers::Apache it 'enables dav_svn_module' do - apache_enabled_modules.must_include "dav_svn_module" + apache_enabled_modules.must_include('dav_svn_module') end it 'enables dav_module' do - apache_enabled_modules.must_include "dav_module" + apache_enabled_modules.must_include('dav_module') end - end diff --git a/files/default/tests/minitest/mod_fastcgi.rb b/files/default/tests/minitest/mod_fastcgi.rb index 1c404f8b1..6dfb34ce3 100644 --- a/files/default/tests/minitest/mod_fastcgi.rb +++ b/files/default/tests/minitest/mod_fastcgi.rb @@ -1,11 +1,10 @@ require File.expand_path('../support/helpers', __FILE__) -describe "apache2::mod_fastcgi" do +describe 'apache2::mod_fastcgi' do include Helpers::Apache it 'enables fastcgi_module' do skip if %w{rhel fedora}.include?(node['platform_family']) - apache_enabled_modules.must_include "fastcgi_module" + apache_enabled_modules.must_include 'fastcgi_module' end - end diff --git a/files/default/tests/minitest/mod_include_test.rb b/files/default/tests/minitest/mod_include_test.rb index c0c4944d2..3cc7a2679 100644 --- a/files/default/tests/minitest/mod_include_test.rb +++ b/files/default/tests/minitest/mod_include_test.rb @@ -4,12 +4,11 @@ include Helpers::Apache it 'enables include_module' do - apache_enabled_modules.must_include "include_module" + apache_enabled_modules.must_include 'include_module' end it 'drops off the include module configuration' do assert_match(/AddType text\/html .shtml/, File.read("#{node['apache']['dir']}/mods-enabled/include.conf")) assert_match(/AddOutputFilter INCLUDES .shtml/, File.read("#{node['apache']['dir']}/mods-enabled/include.conf")) end - end diff --git a/files/default/tests/minitest/mod_perl_test.rb b/files/default/tests/minitest/mod_perl_test.rb index c51341abb..f403d9703 100644 --- a/files/default/tests/minitest/mod_perl_test.rb +++ b/files/default/tests/minitest/mod_perl_test.rb @@ -4,7 +4,7 @@ include Helpers::Apache it 'enables perl_module' do - apache_enabled_modules.must_include "perl_module" + apache_enabled_modules.must_include('perl_module') end it 'installs the apache request library' do @@ -14,5 +14,4 @@ end package(req_pkg).must_be_installed end - end diff --git a/files/default/tests/minitest/mod_php5_test.rb b/files/default/tests/minitest/mod_php5_test.rb index 33220b9c5..482cdcd8c 100644 --- a/files/default/tests/minitest/mod_php5_test.rb +++ b/files/default/tests/minitest/mod_php5_test.rb @@ -4,10 +4,10 @@ include Helpers::Apache it 'enables php5_module' do - apache_enabled_modules.must_include "php5_module" + apache_enabled_modules.must_include('php5_module') end - it "deletes the packaged php config if any" do + it 'deletes the packaged php config if any' do file("#{node['apache']['dir']}/conf.d/php.conf").wont_exist end end diff --git a/files/default/tests/minitest/mod_python_test.rb b/files/default/tests/minitest/mod_python_test.rb index 5b5f2b7a7..4ef119c2e 100644 --- a/files/default/tests/minitest/mod_python_test.rb +++ b/files/default/tests/minitest/mod_python_test.rb @@ -4,7 +4,6 @@ include Helpers::Apache it 'enables python_module' do - apache_enabled_modules.must_include "python_module" + apache_enabled_modules.must_include('python_module') end - end diff --git a/files/default/tests/minitest/mod_ssl_test.rb b/files/default/tests/minitest/mod_ssl_test.rb index 035f652f4..49755d4fd 100644 --- a/files/default/tests/minitest/mod_ssl_test.rb +++ b/files/default/tests/minitest/mod_ssl_test.rb @@ -4,19 +4,19 @@ include Helpers::Apache it 'installs the mod_ssl package on RHEL distributions' do - skip unless ["rhel", "fedora"].include? node['platform_family'] - package("mod_ssl").must_be_installed + skip unless %w[rhel fedora].include?(node['platform_family']) + package('mod_ssl').must_be_installed end it 'enables ssl_module' do - apache_enabled_modules.must_include "ssl_module" + apache_enabled_modules.must_include 'ssl_module' end it 'does not store SSL config in conf.d' do file("#{node['apache']['dir']}/conf.d/ssl.conf").wont_exist end - it "is configured to listen on port 443" do + it 'is configured to listen on port 443' do apache_configured_ports.must_include(443) end @@ -24,5 +24,4 @@ assert_match(/^SSLCipherSuite #{node['apache']['mod_ssl']['cipher_suite']}$/, File.read("#{node['apache']['dir']}/mods-enabled/ssl.conf")) end - end diff --git a/files/default/tests/minitest/support/helpers.rb b/files/default/tests/minitest/support/helpers.rb index 707fcf2a4..9d08c91b1 100644 --- a/files/default/tests/minitest/support/helpers.rb +++ b/files/default/tests/minitest/support/helpers.rb @@ -1,4 +1,5 @@ module Helpers + # MiniTest helpers module Apache require 'chef/mixin/shell_out' include Chef::Mixin::ShellOut @@ -30,9 +31,9 @@ def apache_enabled_modules def apache_service service( case node['platform'] - when "debian", "ubuntu" then "apache2" - when "freebsd" then "apache22" - else "httpd" + when 'debian', 'ubuntu' then 'apache2' + when 'freebsd' then 'apache22' + else 'httpd' end ) end @@ -40,23 +41,23 @@ def apache_service def config file( case node['platform'] - when "debian", "ubuntu" then "#{node['apache']['dir']}/apache2.conf" - when "freebsd" then "#{node['apache']['dir']}/httpd.conf" + when 'debian', 'ubuntu' then "#{node['apache']['dir']}/apache2.conf" + when 'freebsd' then "#{node['apache']['dir']}/httpd.conf" else "#{node['apache']['dir']}/conf/httpd.conf" end ) end def ran_recipe?(recipe) - if Chef::VERSION < "11.0" + if Chef::VERSION < '11.0' seen_recipes = node.run_state[:seen_recipes] recipes = seen_recipes.keys.each { |i| i } else recipes = run_context.loaded_recipes end - if recipes.empty? and Chef::Config[:solo] - #If you have roles listed in your run list they are NOT expanded - recipes = node.run_list.map {|item| item.name if item.type == :recipe } + if recipes.empty? && Chef::Config[:solo] + # If you have roles listed in your run list they are NOT expanded + recipes = node.run_list.map { |item| item.name if item.type == :recipe } end recipes.include?(recipe) end diff --git a/metadata.rb b/metadata.rb index 59741f6a1..c187a4d82 100644 --- a/metadata.rb +++ b/metadata.rb @@ -1,219 +1,225 @@ -name "apache2" -maintainer "Opscode, Inc." -maintainer_email "cookbooks@opscode.com" -license "Apache 2.0" -description "Installs and configures all aspects of apache2 using Debian style symlinks with helper definitions" +name 'apache2' +maintainer 'Opscode, Inc.' +maintainer_email 'cookbooks@opscode.com' +license 'Apache 2.0' +description 'Installs and configures all aspects of apache2 using Debian style symlinks with helper definitions' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version "1.7.0" -recipe "apache2", "Main Apache configuration" -recipe "apache2::logrotate", "Rotate apache2 logs. Requires logrotate cookbook" -recipe "apache2::mod_alias", "Apache module 'alias' with config file" -recipe "apache2::mod_apreq2", "Apache module 'apreq'" -recipe "apache2::mod_auth_basic", "Apache module 'auth_basic'" -recipe "apache2::mod_auth_digest", "Apache module 'auth_digest'" -recipe "apache2::mod_auth_openid", "Apache module 'authopenid'" -recipe "apache2::mod_authn_file", "Apache module 'authn_file'" -recipe "apache2::mod_authnz_ldap", "Apache module 'authnz_ldap'" -recipe "apache2::mod_authz_default", "Apache module 'authz_default'" -recipe "apache2::mod_authz_groupfile", "Apache module 'authz_groupfile'" -recipe "apache2::mod_authz_host", "Apache module 'authz_host'" -recipe "apache2::mod_authz_user", "Apache module 'authz_user'" -recipe "apache2::mod_autoindex", "Apache module 'autoindex' with config file" -recipe "apache2::mod_cgi", "Apache module 'cgi'" -recipe "apache2::mod_dav", "Apache module 'dav'" -recipe "apache2::mod_dav_svn", "Apache module 'dav_svn'" -recipe "apache2::mod_deflate", "Apache module 'deflate' with config file" -recipe "apache2::mod_dir", "Apache module 'dir' with config file" -recipe "apache2::mod_env", "Apache module 'env'" -recipe "apache2::mod_expires", "Apache module 'expires'" -recipe "apache2::mod_fcgid", "Apache module 'fcgid', package on ubuntu/debian, rhel/centos, compile source on suse; with config file" -recipe "apache2::mod_headers", "Apache module 'headers'" -recipe "apache2::mod_include", "Apache module 'include'" -recipe "apache2::mod_ldap", "Apache module 'ldap'" -recipe "apache2::mod_log_config", "Apache module 'log_config'" -recipe "apache2::mod_mime", "Apache module 'mime' with config file" -recipe "apache2::mod_negotiation", "Apache module 'negotiation' with config file" -recipe "apache2::mod_perl", "Apache module 'perl'" -recipe "apache2::mod_php5", "Apache module 'php5'" -recipe "apache2::mod_proxy", "Apache module 'proxy' with config file" -recipe "apache2::mod_proxy_ajp", "Apache module 'proxy_ajp'" -recipe "apache2::mod_proxy_balancer", "Apache module 'proxy_balancer'" -recipe "apache2::mod_proxy_connect", "Apache module 'proxy_connect'" -recipe "apache2::mod_proxy_http", "Apache module 'proxy_http'" -recipe "apache2::mod_python", "Apache module 'python'" -recipe "apache2::mod_rewrite", "Apache module 'rewrite'" -recipe "apache2::mod_setenvif", "Apache module 'setenvif' with config file" -recipe "apache2::mod_ssl", "Apache module 'ssl' with config file, adds port 443 to listen_ports" -recipe "apache2::mod_status", "Apache module 'status' with config file" -recipe "apache2::mod_xsendfile", "Apache module 'xsendfile'" - -%w{redhat centos scientific fedora debian ubuntu arch freebsd amazon}.each do |os| - supports os -end - -attribute "apache", - :display_name => "Apache Hash", - :description => "Hash of Apache attributes", - :type => "hash" - -attribute "apache/dir", - :display_name => "Apache Directory", - :description => "Location for Apache configuration", - :default => "/etc/apache2" - -attribute "apache/log_dir", - :display_name => "Apache Log Directory", - :description => "Location for Apache logs", - :default => "/etc/apache2" - -attribute "apache/user", - :display_name => "Apache User", - :description => "User Apache runs as", - :default => "www-data" - -attribute "apache/binary", - :display_name => "Apache Binary", - :description => "Apache server daemon program", - :default => "/usr/sbin/apache2" - -attribute "apache/icondir", - :display_name => "Apache Icondir", - :description => "Directory location for icons", - :default => "/usr/share/apache2/icons" - -attribute "apache/listen_addresses", - :display_name => "Apache Listen Addresses", - :description => "Addresses that Apache should listen on", - :type => "array", - :default => ["*"] - -attribute "apache/listen_ports", - :display_name => "Apache Listen Ports", - :description => "Ports that Apache should listen on", - :type => "array", - :default => ["80", "443"] - -attribute "apache/contact", - :display_name => "Apache Contact", - :description => "Email address of webmaster", - :default => "ops@example.com" - -attribute "apache/timeout", - :display_name => "Apache Timeout", - :description => "Connection timeout value", - :default => "300" - -attribute "apache/keepalive", - :display_name => "Apache Keepalive", - :description => "HTTP persistent connections", - :default => "On" - -attribute "apache/keepaliverequests", - :display_name => "Apache Keepalive Requests", - :description => "Number of requests allowed on a persistent connection", - :default => "100" - -attribute "apache/keepalivetimeout", - :display_name => "Apache Keepalive Timeout", - :description => "Time to wait for requests on persistent connection", - :default => "5" - -attribute "apache/servertokens", - :display_name => "Apache Server Tokens", - :description => "Server response header", - :default => "Prod" - -attribute "apache/serversignature", - :display_name => "Apache Server Signature", - :description => "Configure footer on server-generated documents", - :default => "On" - -attribute "apache/traceenable", - :display_name => "Apache Trace Enable", - :description => "Determine behavior of TRACE requests", - :default => "On" - -attribute "apache/allowed_openids", - :display_name => "Apache Allowed OpenIDs", - :description => "Array of OpenIDs allowed to authenticate", - :default => "" - -attribute "apache/prefork", - :display_name => "Apache Prefork", - :description => "Hash of Apache prefork tuning attributes.", - :type => "hash" - -attribute "apache/prefork/startservers", - :display_name => "Apache Prefork MPM StartServers", - :description => "Number of MPM servers to start", - :default => "16" - -attribute "apache/prefork/minspareservers", - :display_name => "Apache Prefork MPM MinSpareServers", - :description => "Minimum number of spare server processes", - :default => "16" - -attribute "apache/prefork/maxspareservers", - :display_name => "Apache Prefork MPM MaxSpareServers", - :description => "Maximum number of spare server processes", - :default => "32" - -attribute "apache/prefork/serverlimit", - :display_name => "Apache Prefork MPM ServerLimit", - :description => "Upper limit on configurable server processes", - :default => "400" - -attribute "apache/prefork/maxclients", - :display_name => "Apache Prefork MPM MaxClients", - :description => "Maximum number of simultaneous connections", - :default => "400" - -attribute "apache/prefork/maxrequestsperchild", - :display_name => "Apache Prefork MPM MaxRequestsPerChild", - :description => "Maximum number of request a child process will handle", - :default => "10000" - -attribute "apache/worker", - :display_name => "Apache Worker", - :description => "Hash of Apache prefork tuning attributes.", - :type => "hash" - -attribute "apache/worker/startservers", - :display_name => "Apache Worker MPM StartServers", - :description => "Initial number of server processes to start", - :default => "4" - -attribute "apache/worker/maxclients", - :display_name => "Apache Worker MPM MaxClients", - :description => "Maximum number of simultaneous connections", - :default => "1024" - -attribute "apache/worker/minsparethreads", - :display_name => "Apache Worker MPM MinSpareThreads", - :description => "Minimum number of spare worker threads", - :default => "64" - -attribute "apache/worker/maxsparethreads", - :display_name => "Apache Worker MPM MaxSpareThreads", - :description => "Maximum number of spare worker threads", - :default => "192" - -attribute "apache/worker/threadsperchild", - :display_name => "Apache Worker MPM ThreadsPerChild", - :description => "Constant number of worker threads in each server process", - :default => "64" - -attribute "apache/worker/maxrequestsperchild", - :display_name => "Apache Worker MPM MaxRequestsPerChild", - :description => "Maximum number of request a child process will handle", - :default => "0" - -attribute "apache/default_modules", - :display_name => "Apache Default Modules", - :description => "Default modules to enable via recipes", - :default => "status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex dir env mime negotiation setenvif" - -attribute "apache/mod_ssl/cipher_suite", - :display_name => "Apache mod_ssl Cipher Suite", - :description => "String of SSL ciphers to use for SSLCipherSuite", - :default => "RC4-SHA:HIGH:!ADH" +version '1.7.0' +recipe 'apache2', 'Main Apache configuration' +recipe 'apache2::logrotate', 'Rotate apache2 logs. Requires logrotate cookbook' +recipe 'apache2::mod_alias', 'Apache module "alias" with config file' +recipe 'apache2::mod_apreq2', 'Apache module "apreq"' +recipe 'apache2::mod_auth_basic', 'Apache module "auth_basic"' +recipe 'apache2::mod_auth_digest', 'Apache module "auth_digest"' +recipe 'apache2::mod_auth_openid', 'Apache module "authopenid"' +recipe 'apache2::mod_authn_file', 'Apache module "authn_file"' +recipe 'apache2::mod_authnz_ldap', 'Apache module "authnz_ldap"' +recipe 'apache2::mod_authz_default', 'Apache module "authz_default"' +recipe 'apache2::mod_authz_groupfile', 'Apache module "authz_groupfile"' +recipe 'apache2::mod_authz_host', 'Apache module "authz_host"' +recipe 'apache2::mod_authz_user', 'Apache module "authz_user"' +recipe 'apache2::mod_autoindex', 'Apache module "autoindex" with config file' +recipe 'apache2::mod_cgi', 'Apache module "cgi"' +recipe 'apache2::mod_dav', 'Apache module "dav"' +recipe 'apache2::mod_dav_svn', 'Apache module "dav_svn"' +recipe 'apache2::mod_deflate', 'Apache module "deflate" with config file' +recipe 'apache2::mod_dir', 'Apache module "dir" with config file' +recipe 'apache2::mod_env', 'Apache module "env"' +recipe 'apache2::mod_expires', 'Apache module "expires"' +recipe 'apache2::mod_fcgid', 'Apache module "fcgid", package on ubuntu/debian, rhel/centos, compile source on suse; with config file' +recipe 'apache2::mod_headers', 'Apache module "headers"' +recipe 'apache2::mod_include', 'Apache module "include"' +recipe 'apache2::mod_ldap', 'Apache module "ldap"' +recipe 'apache2::mod_log_config', 'Apache module "log_config"' +recipe 'apache2::mod_mime', 'Apache module "mime" with config file' +recipe 'apache2::mod_negotiation', 'Apache module "negotiation" with config file' +recipe 'apache2::mod_perl', 'Apache module "perl"' +recipe 'apache2::mod_php5', 'Apache module "php5"' +recipe 'apache2::mod_proxy', 'Apache module "proxy" with config file' +recipe 'apache2::mod_proxy_ajp', 'Apache module "proxy_ajp"' +recipe 'apache2::mod_proxy_balancer', 'Apache module "proxy_balancer"' +recipe 'apache2::mod_proxy_connect', 'Apache module "proxy_connect"' +recipe 'apache2::mod_proxy_http', 'Apache module "proxy_http"' +recipe 'apache2::mod_python', 'Apache module "python"' +recipe 'apache2::mod_rewrite', 'Apache module "rewrite"' +recipe 'apache2::mod_setenvif', 'Apache module "setenvif" with config file' +recipe 'apache2::mod_ssl', 'Apache module "ssl" with config file, adds port 443 to listen_ports' +recipe 'apache2::mod_status', 'Apache module "status" with config file' +recipe 'apache2::mod_xsendfile', 'Apache module "xsendfile"' + +supports 'amazon' +supports 'arch' +supports 'centos' +supports 'debian' +supports 'fedora' +supports 'freebsd' +supports 'redhat' +supports 'scientific' +supports 'ubuntu' + +attribute 'apache', + :display_name => 'Apache Hash', + :description => 'Hash of Apache attributes', + :type => 'hash' + +attribute 'apache/dir', + :display_name => 'Apache Directory', + :description => 'Location for Apache configuration', + :default => '/etc/apache2' + +attribute 'apache/log_dir', + :display_name => 'Apache Log Directory', + :description => 'Location for Apache logs', + :default => '/etc/apache2' + +attribute 'apache/user', + :display_name => 'Apache User', + :description => 'User Apache runs as', + :default => 'www-data' + +attribute 'apache/binary', + :display_name => 'Apache Binary', + :description => 'Apache server daemon program', + :default => '/usr/sbin/apache2' + +attribute 'apache/icondir', + :display_name => 'Apache Icondir', + :description => 'Directory location for icons', + :default => '/usr/share/apache2/icons' + +attribute 'apache/listen_addresses', + :display_name => 'Apache Listen Addresses', + :description => 'Addresses that Apache should listen on', + :type => 'array', + :default => %w[*] + +attribute 'apache/listen_ports', + :display_name => 'Apache Listen Ports', + :description => 'Ports that Apache should listen on', + :type => 'array', + :default => %w[80 443] + +attribute 'apache/contact', + :display_name => 'Apache Contact', + :description => 'Email address of webmaster', + :default => 'ops@example.com' + +attribute 'apache/timeout', + :display_name => 'Apache Timeout', + :description => 'Connection timeout value', + :default => '300' + +attribute 'apache/keepalive', + :display_name => 'Apache Keepalive', + :description => 'HTTP persistent connections', + :default => 'On' + +attribute 'apache/keepaliverequests', + :display_name => 'Apache Keepalive Requests', + :description => 'Number of requests allowed on a persistent connection', + :default => '100' + +attribute 'apache/keepalivetimeout', + :display_name => 'Apache Keepalive Timeout', + :description => 'Time to wait for requests on persistent connection', + :default => '5' + +attribute 'apache/servertokens', + :display_name => 'Apache Server Tokens', + :description => 'Server response header', + :default => 'Prod' + +attribute 'apache/serversignature', + :display_name => 'Apache Server Signature', + :description => 'Configure footer on server-generated documents', + :default => 'On' + +attribute 'apache/traceenable', + :display_name => 'Apache Trace Enable', + :description => 'Determine behavior of TRACE requests', + :default => 'On' + +attribute 'apache/allowed_openids', + :display_name => 'Apache Allowed OpenIDs', + :description => 'Array of OpenIDs allowed to authenticate', + :default => '' + +attribute 'apache/prefork', + :display_name => 'Apache Prefork', + :description => 'Hash of Apache prefork tuning attributes.', + :type => 'hash' + +attribute 'apache/prefork/startservers', + :display_name => 'Apache Prefork MPM StartServers', + :description => 'Number of MPM servers to start', + :default => '16' + +attribute 'apache/prefork/minspareservers', + :display_name => 'Apache Prefork MPM MinSpareServers', + :description => 'Minimum number of spare server processes', + :default => '16' + +attribute 'apache/prefork/maxspareservers', + :display_name => 'Apache Prefork MPM MaxSpareServers', + :description => 'Maximum number of spare server processes', + :default => '32' + +attribute 'apache/prefork/serverlimit', + :display_name => 'Apache Prefork MPM ServerLimit', + :description => 'Upper limit on configurable server processes', + :default => '400' + +attribute 'apache/prefork/maxclients', + :display_name => 'Apache Prefork MPM MaxClients', + :description => 'Maximum number of simultaneous connections', + :default => '400' + +attribute 'apache/prefork/maxrequestsperchild', + :display_name => 'Apache Prefork MPM MaxRequestsPerChild', + :description => 'Maximum number of request a child process will handle', + :default => '10000' + +attribute 'apache/worker', + :display_name => 'Apache Worker', + :description => 'Hash of Apache prefork tuning attributes.', + :type => 'hash' + +attribute 'apache/worker/startservers', + :display_name => 'Apache Worker MPM StartServers', + :description => 'Initial number of server processes to start', + :default => '4' + +attribute 'apache/worker/maxclients', + :display_name => 'Apache Worker MPM MaxClients', + :description => 'Maximum number of simultaneous connections', + :default => '1024' + +attribute 'apache/worker/minsparethreads', + :display_name => 'Apache Worker MPM MinSpareThreads', + :description => 'Minimum number of spare worker threads', + :default => '64' + +attribute 'apache/worker/maxsparethreads', + :display_name => 'Apache Worker MPM MaxSpareThreads', + :description => 'Maximum number of spare worker threads', + :default => '192' + +attribute 'apache/worker/threadsperchild', + :display_name => 'Apache Worker MPM ThreadsPerChild', + :description => 'Constant number of worker threads in each server process', + :default => '64' + +attribute 'apache/worker/maxrequestsperchild', + :display_name => 'Apache Worker MPM MaxRequestsPerChild', + :description => 'Maximum number of request a child process will handle', + :default => '0' + +attribute 'apache/default_modules', + :display_name => 'Apache Default Modules', + :description => 'Default modules to enable via recipes', + :default => 'status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex dir env mime negotiation setenvif' + +attribute 'apache/mod_ssl/cipher_suite', + :display_name => 'Apache mod_ssl Cipher Suite', + :description => 'String of SSL ciphers to use for SSLCipherSuite', + :default => 'RC4-SHA:HIGH:!ADH' diff --git a/recipes/default.rb b/recipes/default.rb index e7974a0f6..14ca97b86 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: default # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,70 +17,70 @@ # limitations under the License. # -package "apache2" do +package 'apache2' do package_name node['apache']['package'] end -service "apache2" do +service 'apache2' do case node['platform_family'] - when "rhel", "fedora", "suse" - service_name "httpd" + when 'rhel', 'fedora', 'suse' + service_name 'httpd' # If restarted/reloaded too quickly httpd has a habit of failing. # This may happen with multiple recipes notifying apache to restart - like # during the initial bootstrap. - restart_command "/sbin/service httpd restart && sleep 1" - reload_command "/sbin/service httpd reload && sleep 1" - when "debian" - service_name "apache2" - restart_command "/usr/sbin/invoke-rc.d apache2 restart && sleep 1" - reload_command "/usr/sbin/invoke-rc.d apache2 reload && sleep 1" - when "arch" - service_name "httpd" - when "freebsd" - service_name "apache22" + restart_command '/sbin/service httpd restart && sleep 1' + reload_command '/sbin/service httpd reload && sleep 1' + when 'debian' + service_name 'apache2' + restart_command '/usr/sbin/invoke-rc.d apache2 restart && sleep 1' + reload_command '/usr/sbin/invoke-rc.d apache2 reload && sleep 1' + when 'arch' + service_name 'httpd' + when 'freebsd' + service_name 'apache22' end supports [:restart, :reload, :status] action :enable end -if platform_family?("rhel", "fedora", "arch", "suse", "freebsd") +if platform_family?('rhel', 'fedora', 'arch', 'suse', 'freebsd') directory node['apache']['log_dir'] do - mode 00755 + mode '0755' end - package "perl" + package 'perl' - cookbook_file "/usr/local/bin/apache2_module_conf_generate.pl" do - source "apache2_module_conf_generate.pl" - mode 00755 - owner "root" - group node['apache']['root_group'] + cookbook_file '/usr/local/bin/apache2_module_conf_generate.pl' do + source 'apache2_module_conf_generate.pl' + mode '0755' + owner 'root' + group node['apache']['root_group'] end - %w{sites-available sites-enabled mods-available mods-enabled}.each do |dir| + %w[sites-available sites-enabled mods-available mods-enabled].each do |dir| directory "#{node['apache']['dir']}/#{dir}" do - mode 00755 - owner "root" + mode '0755' + owner 'root' group node['apache']['root_group'] end end - execute "generate-module-list" do + execute 'generate-module-list' do command "/usr/local/bin/apache2_module_conf_generate.pl #{node['apache']['lib_dir']} #{node['apache']['dir']}/mods-available" - action :nothing + action :nothing end - %w{a2ensite a2dissite a2enmod a2dismod}.each do |modscript| + %w[a2ensite a2dissite a2enmod a2dismod].each do |modscript| template "/usr/sbin/#{modscript}" do source "#{modscript}.erb" - mode 00700 - owner "root" + mode '0700' + owner 'root' group node['apache']['root_group'] end end # installed by default on centos/rhel, remove in favour of mods-enabled - %w{ proxy_ajp auth_pam authz_ldap webalizer ssl welcome }.each do |f| + %w[proxy_ajp auth_pam authz_ldap webalizer ssl welcome].each do |f| file "#{node['apache']['dir']}/conf.d/#{f}.conf" do action :delete backup false @@ -94,11 +94,10 @@ end # enable mod_deflate for consistency across distributions - include_recipe "apache2::mod_deflate" + include_recipe 'apache2::mod_deflate' end -if platform_family?("freebsd") - +if platform_family?('freebsd') file "#{node['apache']['dir']}/Includes/no-accf.conf" do action :delete backup false @@ -108,108 +107,99 @@ action :delete end - %w{ + %w[ httpd-autoindex.conf httpd-dav.conf httpd-default.conf httpd-info.conf httpd-languages.conf httpd-manual.conf httpd-mpm.conf httpd-multilang-errordoc.conf httpd-ssl.conf httpd-userdir.conf httpd-vhosts.conf - }.each do |f| - + ].each do |f| file "#{node['apache']['dir']}/extra/#{f}" do action :delete backup false end - end directory "#{node['apache']['dir']}/extra" do action :delete end - end -directory "#{node['apache']['dir']}/ssl" do - mode 00755 - owner "root" - group node['apache']['root_group'] -end - -directory "#{node['apache']['dir']}/conf.d" do - mode 00755 - owner "root" - group node['apache']['root_group'] -end - -directory node['apache']['cache_dir'] do - mode 00755 - owner "root" - group node['apache']['root_group'] +%W[ + #{node['apache']['dir']}/ssl + #{node['apache']['dir']}/conf.d + #{node['apache']['cache_dir']} +].each do |path| + directory path do + mode '0755' + owner 'root' + group node['apache']['root_group'] + end end # Set the preferred execution binary - prefork or worker -template "/etc/sysconfig/httpd" do - source "etc-sysconfig-httpd.erb" - owner "root" - group node['apache']['root_group'] - mode 00644 - notifies :restart, "service[apache2]" - only_if { platform_family?("rhel", "fedora") } +template '/etc/sysconfig/httpd' do + source 'etc-sysconfig-httpd.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + notifies :restart, 'service[apache2]' + only_if { platform_family?('rhel', 'fedora') } end -template "apache2.conf" do +template 'apache2.conf' do case node['platform_family'] - when "rhel", "fedora", "arch" + when 'rhel', 'fedora', 'arch' path "#{node['apache']['dir']}/conf/httpd.conf" - when "debian" + when 'debian' path "#{node['apache']['dir']}/apache2.conf" - when "freebsd" + when 'freebsd' path "#{node['apache']['dir']}/httpd.conf" end - source "apache2.conf.erb" - owner "root" - group node['apache']['root_group'] - mode 00644 - notifies :restart, "service[apache2]" + source 'apache2.conf.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + notifies :restart, 'service[apache2]' end -template "apache2-conf-security" do - path "#{node['apache']['dir']}/conf.d/security.conf" - source "security.erb" - owner "root" - group node['apache']['root_group'] - mode 00644 - backup false - notifies :restart, "service[apache2]" +template 'apache2-conf-security' do + path "#{node['apache']['dir']}/conf.d/security.conf" + source 'security.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + backup false + notifies :restart, 'service[apache2]' end -template "apache2-conf-charset" do - path "#{node['apache']['dir']}/conf.d/charset.conf" - source "charset.erb" - owner "root" - group node['apache']['root_group'] - mode 00644 - backup false - notifies :restart, "service[apache2]" +template 'apache2-conf-charset' do + path "#{node['apache']['dir']}/conf.d/charset.conf" + source 'charset.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + backup false + notifies :restart, 'service[apache2]' end template "#{node['apache']['dir']}/ports.conf" do - source "ports.conf.erb" - owner "root" - group node['apache']['root_group'] + source 'ports.conf.erb' + owner 'root' + group node['apache']['root_group'] variables( - :apache_listen_addresses => node['apache']['listen_addresses'].uniq, - :apache_listen_ports => node['apache']['listen_ports'].map { |p| p.to_i }.uniq + :apache_listen_addresses => node['apache']['listen_addresses'].uniq, + :apache_listen_ports => node['apache']['listen_ports'].map { |p| p.to_i }.uniq ) - mode 00644 - notifies :restart, "service[apache2]" + mode '0644' + notifies :restart, 'service[apache2]' end template "#{node['apache']['dir']}/sites-available/default" do - source "default-site.erb" - owner "root" - group node['apache']['root_group'] - mode 00644 - notifies :restart, "service[apache2]" + source 'default-site.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + notifies :restart, 'service[apache2]' end node['apache']['default_modules'].each do |mod| @@ -217,10 +207,10 @@ include_recipe "apache2::#{module_recipe_name}" end -apache_site "default" do +apache_site 'default' do enable node['apache']['default_site_enabled'] end -service "apache2" do +service 'apache2' do action :start end diff --git a/recipes/god_monitor.rb b/recipes/god_monitor.rb index b3c49ebff..f597b9c34 100644 --- a/recipes/god_monitor.rb +++ b/recipes/god_monitor.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: god_monitor # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,17 +17,17 @@ # limitations under the License. # -apache_service = service "apache2" do +apache_service = service 'apache2' do action :nothing end -start_command = apache_service.start_command -stop_command = apache_service.stop_command +start_command = apache_service.start_command +stop_command = apache_service.stop_command restart_command = apache_service.restart_command -god_monitor "apache2" do - config "apache2.god.erb" - start (start_command)?start_command : "/etc/init.d/#{apache_service.service_name} start" - restart (restart_command)?restart_command : "/etc/init.d/#{apache_service.service_name} restart" - stop (stop_command)?stop_command : "/etc/init.d/#{apache_service.service_name} stop" +god_monitor 'apache2' do + config 'apache2.god.erb' + start start_command || "/etc/init.d/#{apache_service.service_name} start" + restart restart_command || "/etc/init.d/#{apache_service.service_name} restart" + stop stop_command || "/etc/init.d/#{apache_service.service_name} stop" end diff --git a/recipes/iptables.rb b/recipes/iptables.rb index fbf1eba42..ae0bbb229 100644 --- a/recipes/iptables.rb +++ b/recipes/iptables.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: iptables # -# Copyright 2012, Opscode, Inc. +# Copyright 2012-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -iptables_rule "port_apache" +iptables_rule 'port_apache' diff --git a/recipes/logrotate.rb b/recipes/logrotate.rb index d90b0fb3e..723241b2b 100644 --- a/recipes/logrotate.rb +++ b/recipes/logrotate.rb @@ -17,14 +17,14 @@ # limitations under the License. # -apache_service = service "apache2" do +apache_service = service 'apache2' do action :nothing end begin include_recipe 'logrotate' rescue - Chef::Log.warn("The apache::logrotate recipe requires the logrotate cookbook. Install the cookbook with `knife cookbook site install logrotate`.") + Chef::Log.warn('The apache::logrotate recipe requires the logrotate cookbook. Install the cookbook with `knife cookbook site install logrotate`.') end logrotate_app apache_service.service_name do path node['apache']['log_dir'] diff --git a/recipes/mod_actions.rb b/recipes/mod_actions.rb index da13b7738..2d9336e98 100644 --- a/recipes/mod_actions.rb +++ b/recipes/mod_actions.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: actions # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "actions" +apache_module 'actions' diff --git a/recipes/mod_alias.rb b/recipes/mod_alias.rb index a4618ed8d..4825f7fd4 100644 --- a/recipes/mod_alias.rb +++ b/recipes/mod_alias.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: alias +# Recipe:: alias # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +17,6 @@ # limitations under the License. # -apache_module "alias" do +apache_module 'alias' do conf true end diff --git a/recipes/mod_apreq2.rb b/recipes/mod_apreq2.rb index c13ca107b..c08f7e268 100644 --- a/recipes/mod_apreq2.rb +++ b/recipes/mod_apreq2.rb @@ -4,7 +4,7 @@ # # modified from the python recipe by Jeremy Bingham # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,30 +19,27 @@ # limitations under the License. # -include_recipe "apache2" +include_recipe 'apache2::default' case node['platform_family'] -when "debian" - - package "libapache2-mod-apreq2" - -when "rhel", "fedora" - - package "libapreq2" do - notifies :run, "execute[generate-module-list]", :immediately +when 'debian' + package 'libapache2-mod-apreq2' +when 'rhel', 'fedora' + package 'libapreq2' do + notifies :run, 'execute[generate-module-list]', :immediately end # seems that the apreq lib is weirdly broken or something - it needs to be - # loaded as "apreq", but on RHEL & derivitatives the file needs a symbolic + # loaded as 'apreq', but on RHEL & derivitatives the file needs a symbolic # link to mod_apreq.so. - link "/usr/lib64/httpd/modules/mod_apreq.so" do - to "/usr/lib64/httpd/modules/mod_apreq2.so" - only_if "test -f /usr/lib64/httpd/modules/mod_apreq2.so" + link '/usr/lib64/httpd/modules/mod_apreq.so' do + to '/usr/lib64/httpd/modules/mod_apreq2.so' + only_if 'test -f /usr/lib64/httpd/modules/mod_apreq2.so' end - link "/usr/lib/httpd/modules/mod_apreq.so" do - to "/usr/lib/httpd/modules/mod_apreq2.so" - only_if "test -f /usr/lib/httpd/modules/mod_apreq2.so" + link '/usr/lib/httpd/modules/mod_apreq.so' do + to '/usr/lib/httpd/modules/mod_apreq2.so' + only_if 'test -f /usr/lib/httpd/modules/mod_apreq2.so' end end @@ -51,4 +48,4 @@ backup false end -apache_module "apreq" +apache_module 'apreq' diff --git a/recipes/mod_auth_basic.rb b/recipes/mod_auth_basic.rb index d30264f9c..65a2cc46a 100644 --- a/recipes/mod_auth_basic.rb +++ b/recipes/mod_auth_basic.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: auth_basic +# Recipe:: auth_basic # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "auth_basic" +apache_module 'auth_basic' diff --git a/recipes/mod_auth_cas.rb b/recipes/mod_auth_cas.rb index 87096d778..7743d0e19 100644 --- a/recipes/mod_auth_cas.rb +++ b/recipes/mod_auth_cas.rb @@ -1,50 +1,64 @@ -include_recipe "apache2" +# +# Cookbook Name:: apache2 +# Recipe:: auth_basic +# +# Copyright 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# -if node['apache']['mod_auth_cas']['from_source'] +include_recipe 'apache2::default' - package "httpd-devel" do +if node['apache']['mod_auth_cas']['from_source'] + package 'httpd-devel' do package_name value_for_platform_family( - ["rhel", "fedora", "suse"] => "httpd-devel", - "debian" => "apache2-dev" + %w[rhel fedora suse] => 'httpd-devel', + 'debian' => 'apache2-dev' ) end git '/tmp/mod_auth_cas' do repository 'git://github.com/Jasig/mod_auth_cas.git' - revision node['apache']['mod_auth_cas']['source_revision'] - notifies :run, 'execute[compile mod_auth_cas]', :immediately + revision node['apache']['mod_auth_cas']['source_revision'] + notifies :run, 'execute[compile mod_auth_cas]', :immediately end execute 'compile mod_auth_cas' do command './configure && make && make install' - cwd '/tmp/mod_auth_cas' - not_if "test -f #{node['apache']['libexecdir']}/mod_auth_cas.so" + cwd '/tmp/mod_auth_cas' + not_if "test -f #{node['apache']['libexecdir']}/mod_auth_cas.so" end template "#{node['apache']['dir']}/mods-available/auth_cas.load" do source 'mods/auth_cas.load.erb' - owner 'root' - group node['apache']['root_group'] - mode 00644 + owner 'root' + group node['apache']['root_group'] + mode '0644' end - else case node['platform_family'] - when "debian" + when 'debian' + package 'libapache2-mod-auth-cas' - package "libapache2-mod-auth-cas" - - when "rhel", "fedora" - - yum_package "mod_auth_cas" do - notifies :run, "execute[generate-module-list]", :immediately + when 'rhel', 'fedora' + yum_package 'mod_auth_cas' do + notifies :run, 'execute[generate-module-list]', :immediately end file "#{node['apache']['dir']}/conf.d/auth_cas.conf" do action :delete backup false end - end end @@ -55,5 +69,5 @@ directory "#{node['apache']['cache_dir']}/mod_auth_cas" do owner node['apache']['user'] group node['apache']['group'] - mode 00700 + mode '0700' end diff --git a/recipes/mod_auth_digest.rb b/recipes/mod_auth_digest.rb index 5aef92604..ba91defb0 100644 --- a/recipes/mod_auth_digest.rb +++ b/recipes/mod_auth_digest.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: auth_digest +# Recipe:: auth_digest # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "auth_digest" +apache_module 'auth_digest' diff --git a/recipes/mod_auth_openid.rb b/recipes/mod_auth_openid.rb index f0805eeda..0faecfde2 100644 --- a/recipes/mod_auth_openid.rb +++ b/recipes/mod_auth_openid.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_auth_openid # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,46 +18,44 @@ # openid_dev_pkgs = value_for_platform_family( - ["debian"] => %w{automake make g++ apache2-prefork-dev libopkele-dev libopkele3 libtool}, - ["rhel", "fedora"] => %w{gcc-c++ httpd-devel curl-devel libtidy libtidy-devel sqlite-devel pcre-devel openssl-devel make libtool}, - "arch" => ["libopkele"], - "freebsd" => %w{libopkele pcre sqlite3} + 'debian' => %w[automake make g++ apache2-prefork-dev libopkele-dev libopkele3 libtool], + %w[rhel fedora] => %w[gcc-c++ httpd-devel curl-devel libtidy libtidy-devel sqlite-devel pcre-devel openssl-devel make libtool], + 'arch' => %w[libopkele], + 'freebsd' => %w[libopkele pcre sqlite3] ) make_cmd = value_for_platform_family( - "freebsd" => { "default" => "gmake" }, - "default" => "make" + 'freebsd' => { 'default' => 'gmake' }, + 'default' => 'make' ) case node['platform_family'] -when "arch" +when 'arch' + include_recipe 'pacman::default' + + package 'tidyhtml' - include_recipe "pacman" - package "tidyhtml" pacman_aur openid_dev_pkgs.first do action [:build, :install] end - else openid_dev_pkgs.each do |pkg| - package pkg - end end case node['platform_family'] -when "rhel", "fedora" +when 'rhel', 'fedora' remote_file "#{Chef::Config['file_cache_path']}/libopkele-2.0.4.tar.gz" do - source "http://kin.klever.net/dist/libopkele-2.0.4.tar.gz" - mode 00644 - checksum "57a5bc753b7e80c5ece1e5968b2051b0ce7ed9ce4329d17122c61575a9ea7648" + source 'http://kin.klever.net/dist/libopkele-2.0.4.tar.gz' + mode '0644' + checksum '57a5bc753b7e80c5ece1e5968b2051b0ce7ed9ce4329d17122c61575a9ea7648' end - bash "install libopkele" do + bash 'install libopkele' do cwd Chef::Config['file_cache_path'] # Ruby 1.8.6 does not have rpartition, unfortunately - syslibdir = node['apache']['lib_dir'][0..node['apache']['lib_dir'].rindex("/")] + syslibdir = node['apache']['lib_dir'][0..node['apache']['lib_dir'].rindex('/')] code <<-EOH tar zxvf libopkele-2.0.4.tar.gz cd libopkele-2.0.4 && ./configure --prefix=/usr --libdir=#{syslibdir} @@ -72,17 +70,17 @@ remote_file "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}.tar.gz" do source node['apache']['mod_auth_openid']['source_url'] - mode 00644 + mode '0644' action :create_if_missing end directory node['apache']['mod_auth_openid']['cache_dir'] do owner node['apache']['user'] group node['apache']['group'] - mode 00700 + mode '0700' end -bash "untar mod_auth_openid" do +bash 'untar mod_auth_openid' do cwd Chef::Config['file_cache_path'] code <<-EOH tar zxvf mod_auth_openid-#{version}.tar.gz @@ -90,7 +88,7 @@ creates "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}/src/types.h" end -bash "compile mod_auth_openid" do +bash 'compile mod_auth_openid' do cwd "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}" code <<-EOH ./autogen.sh @@ -99,27 +97,27 @@ #{make_cmd} EOH creates "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}/src/.libs/mod_auth_openid.so" - notifies :run, "bash[install-mod_auth_openid]", :immediately + notifies :run, 'bash[install-mod_auth_openid]', :immediately not_if "test -f #{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}/src/.libs/mod_auth_openid.so" end -bash "install-mod_auth_openid" do +bash 'install-mod_auth_openid' do cwd "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}" code <<-EOH #{make_cmd} install EOH creates "#{node['apache']['libexecdir']}/mod_auth_openid.so" - notifies :restart, "service[apache2]" + notifies :restart, 'service[apache2]' not_if "test -f #{node['apache']['libexecdir']}/mod_auth_openid.so" end template "#{node['apache']['dir']}/mods-available/authopenid.load" do - source "mods/authopenid.load.erb" - owner "root" - group node['apache']['root_group'] - mode 00644 + source 'mods/authopenid.load.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' end -apache_module "authopenid" do - filename "mod_auth_openid.so" +apache_module 'authopenid' do + filename 'mod_auth_openid.so' end diff --git a/recipes/mod_authn_file.rb b/recipes/mod_authn_file.rb index 872caa73e..88dbed6d2 100644 --- a/recipes/mod_authn_file.rb +++ b/recipes/mod_authn_file.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: authn_file +# Recipe:: authn_file # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "authn_file" +apache_module 'authn_file' diff --git a/recipes/mod_authnz_ldap.rb b/recipes/mod_authnz_ldap.rb index 0310d2430..2e93fe27e 100644 --- a/recipes/mod_authnz_ldap.rb +++ b/recipes/mod_authnz_ldap.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: authnz_ldap +# Recipe:: authnz_ldap # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "authnz_ldap" +apache_module 'authnz_ldap' diff --git a/recipes/mod_authz_default.rb b/recipes/mod_authz_default.rb index 123536d04..2fe45f45b 100644 --- a/recipes/mod_authz_default.rb +++ b/recipes/mod_authz_default.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: authz_default +# Recipe:: authz_default # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "authz_default" +apache_module 'authz_default' diff --git a/recipes/mod_authz_groupfile.rb b/recipes/mod_authz_groupfile.rb index b2833b21d..a2cb7bb92 100644 --- a/recipes/mod_authz_groupfile.rb +++ b/recipes/mod_authz_groupfile.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: authz_groupfile +# Recipe:: authz_groupfile # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "authz_groupfile" +apache_module 'authz_groupfile' diff --git a/recipes/mod_authz_host.rb b/recipes/mod_authz_host.rb index 87c1a4b03..08e0effc0 100644 --- a/recipes/mod_authz_host.rb +++ b/recipes/mod_authz_host.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: authz_host +# Recipe:: authz_host # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "authz_host" +apache_module 'authz_host' diff --git a/recipes/mod_authz_user.rb b/recipes/mod_authz_user.rb index 8dd46dfab..a54b79856 100644 --- a/recipes/mod_authz_user.rb +++ b/recipes/mod_authz_user.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: authz_user +# Recipe:: authz_user # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "authz_user" +apache_module 'authz_user' diff --git a/recipes/mod_autoindex.rb b/recipes/mod_autoindex.rb index 622a66e9d..1ec58a66c 100644 --- a/recipes/mod_autoindex.rb +++ b/recipes/mod_autoindex.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: autoindex +# Recipe:: autoindex # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +17,6 @@ # limitations under the License. # -apache_module "autoindex" do +apache_module 'autoindex' do conf true end diff --git a/recipes/mod_cgi.rb b/recipes/mod_cgi.rb index a151d0778..c67aa74c7 100644 --- a/recipes/mod_cgi.rb +++ b/recipes/mod_cgi.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: cgi # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "cgi" +apache_module 'cgi' diff --git a/recipes/mod_cloudflare.rb b/recipes/mod_cloudflare.rb index d0a9e1167..87a23ef92 100644 --- a/recipes/mod_cloudflare.rb +++ b/recipes/mod_cloudflare.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: cloudflare # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,14 +17,14 @@ # limitations under the License. # -apt_repository "cloudflare" do - uri "http://pkg.cloudflare.com" +apt_repository 'cloudflare' do + uri 'http://pkg.cloudflare.com' distribution node['lsb']['codename'] - components ["main"] - key "http://pkg.cloudflare.com/pubkey.gpg" - action :add + components ['main'] + key 'http://pkg.cloudflare.com/pubkey.gpg' + action :add end -package "libapache2-mod-cloudflare" do - notifies :restart, "service[apache2]" +package 'libapache2-mod-cloudflare' do + notifies :restart, 'service[apache2]' end diff --git a/recipes/mod_dav.rb b/recipes/mod_dav.rb index 94f7c1ab8..504c255ad 100644 --- a/recipes/mod_dav.rb +++ b/recipes/mod_dav.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: dav # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "dav" +apache_module 'dav' diff --git a/recipes/mod_dav_fs.rb b/recipes/mod_dav_fs.rb index bd3e74b46..939594b6c 100644 --- a/recipes/mod_dav_fs.rb +++ b/recipes/mod_dav_fs.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: dav_fs # -# Copyright 2011, Atriso +# Copyright 2011-2013, Atriso # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,5 +17,5 @@ # limitations under the License. # -include_recipe "apache2::mod_dav" -apache_module "dav_fs" +include_recipe 'apache2::mod_dav' +apache_module 'dav_fs' diff --git a/recipes/mod_dav_svn.rb b/recipes/mod_dav_svn.rb index 0fea5dea4..bcd8b002d 100644 --- a/recipes/mod_dav_svn.rb +++ b/recipes/mod_dav_svn.rb @@ -17,25 +17,23 @@ # limitations under the License. # -include_recipe "apache2::mod_dav" +include_recipe 'apache2::mod_dav' -package "libapache2-svn" do +package 'libapache2-svn' do case node['platform_family'] - when "rhel", "fedora", "suse" - package_name "mod_dav_svn" + when 'rhel', 'fedora', 'suse' + package_name 'mod_dav_svn' else - package_name "libapache2-svn" + package_name 'libapache2-svn' end end case node['platform_family'] -when "rhel", "fedora", "suse" - +when 'rhel', 'fedora', 'suse' file "#{node['apache']['dir']}/conf.d/subversion.conf" do action :delete backup false end - end -apache_module "dav_svn" +apache_module 'dav_svn' diff --git a/recipes/mod_deflate.rb b/recipes/mod_deflate.rb index b568f305a..c87608642 100644 --- a/recipes/mod_deflate.rb +++ b/recipes/mod_deflate.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: deflate +# Recipe:: deflate # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +17,6 @@ # limitations under the License. # -apache_module "deflate" do +apache_module 'deflate' do conf true end diff --git a/recipes/mod_dir.rb b/recipes/mod_dir.rb index e59b36bda..f2a33c80e 100644 --- a/recipes/mod_dir.rb +++ b/recipes/mod_dir.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: dir +# Recipe:: dir # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +17,6 @@ # limitations under the License. # -apache_module "dir" do +apache_module 'dir' do conf true end diff --git a/recipes/mod_env.rb b/recipes/mod_env.rb index d34550312..10a8029fe 100644 --- a/recipes/mod_env.rb +++ b/recipes/mod_env.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: env +# Recipe:: env # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "env" +apache_module 'env' diff --git a/recipes/mod_expires.rb b/recipes/mod_expires.rb index 9e5042e36..52a637e0c 100644 --- a/recipes/mod_expires.rb +++ b/recipes/mod_expires.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: expires +# Recipe:: expires # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "expires" +apache_module 'expires' diff --git a/recipes/mod_fastcgi.rb b/recipes/mod_fastcgi.rb index f1892dde4..d53cbf07c 100644 --- a/recipes/mod_fastcgi.rb +++ b/recipes/mod_fastcgi.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: fastcgi # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,44 +17,36 @@ # limitations under the License. # -if platform_family?("debian") - package "libapache2-mod-fastcgi" - - apache_module "fastcgi" do - conf true - end - -elsif platform_family?("rhel") - - packages = %w{gcc make libtool httpd-devel apr-devel apr} - packages.each do |package| - yum_package package do - action :upgrade - end - end - - src_filepath = "#{Chef::Config['file_cache_path']}/fastcgi.tar.gz" - remote_file "download fastcgi source" do - source node['apache']['mod_fastcgi']['download_url'] - path src_filepath - backup false +if platform_family?('debian') + package 'libapache2-mod-fastcgi' +elsif platform_family?('rhel') + %w[gcc make libtool httpd-devel apr-devel apr].each do |package| + yum_package package do + action :upgrade end + end - top_dir = node['apache']['lib_dir'] - bash "compile fastcgi source" do - notifies :run, "execute[generate-module-list]", :immediately - not_if "test -f #{node['apache']['dir']}/mods-available/fastcgi.conf" - cwd ::File.dirname(src_filepath) - code <<-EOH - tar zxf #{::File.basename(src_filepath)} && - cd mod_fastcgi-* && - cp Makefile.AP2 Makefile && - make top_dir=#{top_dir} && make install top_dir=#{top_dir} - EOH - end + src_filepath = "#{Chef::Config['file_cache_path']}/fastcgi.tar.gz" + remote_file 'download fastcgi source' do + source node['apache']['mod_fastcgi']['download_url'] + path src_filepath + backup false + end - apache_module "fastcgi" do - conf true - end + top_dir = node['apache']['lib_dir'] + bash 'compile fastcgi source' do + notifies :run, 'execute[generate-module-list]', :immediately + not_if "test -f #{node['apache']['dir']}/mods-available/fastcgi.conf" + cwd ::File.dirname(src_filepath) + code <<-EOH + tar zxf #{::File.basename(src_filepath)} && + cd mod_fastcgi-* && + cp Makefile.AP2 Makefile && + make top_dir=#{top_dir} && make install top_dir=#{top_dir} + EOH end end + +apache_module 'fastcgi' do + conf true +end diff --git a/recipes/mod_fcgid.rb b/recipes/mod_fcgid.rb index b82dc9514..dcb81a4d5 100644 --- a/recipes/mod_fcgid.rb +++ b/recipes/mod_fcgid.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: fcgid # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,12 +17,11 @@ # limitations under the License. # -if platform_family?("debian") - package "libapache2-mod-fcgid" -elsif platform_family?("rhel", "fedora") - - package "mod_fcgid" do - notifies :run, resources(:execute => "generate-module-list"), :immediately +if platform_family?('debian') + package 'libapache2-mod-fcgid' +elsif platform_family?('rhel', 'fedora') + package 'mod_fcgid' do + notifies :run, 'execute[generate-module-list]', :immediately end file "#{node['apache']['dir']}/conf.d/fcgid.conf" do @@ -30,17 +29,16 @@ backup false end - directory "/var/run/httpd/mod_fcgid" do + directory '/var/run/httpd/mod_fcgid' do recursive true only_if { node['platform_version'].to_i >= 6 } end - -elsif platform_family?("suse") +elsif platform_family?('suse') apache_lib_path = node['apache']['lib_dir'] - package "httpd-devel" + package 'httpd-devel' - bash "install-fcgid" do + bash 'install-fcgid' do code <<-EOH (cd #{Chef::Config['file_cache_path']}; wget http://superb-east.dl.sourceforge.net/sourceforge/mod-fcgid/mod_fcgid.2.2.tgz) (cd #{Chef::Config['file_cache_path']}; tar zxvf mod_fcgid.2.2.tgz) @@ -50,6 +48,6 @@ end end -apache_module "fcgid" do +apache_module 'fcgid' do conf true end diff --git a/recipes/mod_filter.rb b/recipes/mod_filter.rb index 148ef7db4..cf1f00ea7 100644 --- a/recipes/mod_filter.rb +++ b/recipes/mod_filter.rb @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "filter" +apache_module 'filter' diff --git a/recipes/mod_headers.rb b/recipes/mod_headers.rb index 5e6b94d1f..8aa985056 100644 --- a/recipes/mod_headers.rb +++ b/recipes/mod_headers.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: headers +# Recipe:: headers # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "headers" +apache_module 'headers' diff --git a/recipes/mod_include.rb b/recipes/mod_include.rb index e46d81f24..237270cf3 100644 --- a/recipes/mod_include.rb +++ b/recipes/mod_include.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: include # -# Copyright 2012, Opscode, Inc. +# Copyright 2012-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +17,6 @@ # limitations under the License. # -apache_module "include" do +apache_module 'include' do conf true end diff --git a/recipes/mod_ldap.rb b/recipes/mod_ldap.rb index 0877694a9..ec624664c 100644 --- a/recipes/mod_ldap.rb +++ b/recipes/mod_ldap.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: ldap +# Recipe:: ldap # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "ldap" +apache_module 'ldap' diff --git a/recipes/mod_log_config.rb b/recipes/mod_log_config.rb index 4ab653f25..529c5f574 100644 --- a/recipes/mod_log_config.rb +++ b/recipes/mod_log_config.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: log_config # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,8 +17,8 @@ # limitations under the License. # -if platform_family?("rhel", "fedora", "suse", "arch", "freebsd") - apache_module "log_config" +if platform_family?('rhel', 'fedora', 'suse', 'arch', 'freebsd') + apache_module 'log_config' else - include_recipe "apache2" + include_recipe 'apache2::default' end diff --git a/recipes/mod_logio.rb b/recipes/mod_logio.rb index 74f135039..efdf512b8 100644 --- a/recipes/mod_logio.rb +++ b/recipes/mod_logio.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: logio # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,8 +17,8 @@ # limitations under the License. # -if platform_family?("rhel", "fedora", "suse", "arch", "freebsd") - apache_module "logio" +if platform_family?('rhel', 'fedora', 'suse', 'arch', 'freebsd') + apache_module 'logio' else - include_recipe "apache2" + include_recipe 'apache2::default' end diff --git a/recipes/mod_mime.rb b/recipes/mod_mime.rb index 16aee1ad6..17272776f 100644 --- a/recipes/mod_mime.rb +++ b/recipes/mod_mime.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: mime +# Recipe:: mime # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +17,6 @@ # limitations under the License. # -apache_module "mime" do +apache_module 'mime' do conf true end diff --git a/recipes/mod_negotiation.rb b/recipes/mod_negotiation.rb index 348e11f10..68a856c22 100644 --- a/recipes/mod_negotiation.rb +++ b/recipes/mod_negotiation.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: negotiation +# Recipe:: negotiation # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +17,6 @@ # limitations under the License. # -apache_module "negotiation" do +apache_module 'negotiation' do conf true end diff --git a/recipes/mod_perl.rb b/recipes/mod_perl.rb index b4d2a74e9..23bad4af4 100644 --- a/recipes/mod_perl.rb +++ b/recipes/mod_perl.rb @@ -4,7 +4,7 @@ # # adapted from the mod_python recipe by Jeremy Bingham # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,20 +20,16 @@ # case node['platform_family'] -when "debian" - %w{libapache2-mod-perl2 libapache2-request-perl apache2-mpm-prefork}.each do |pkg| - +when 'debian' + %w[libapache2-mod-perl2 libapache2-request-perl apache2-mpm-prefork].each do |pkg| package pkg - end -when "rhel", "fedora" - - package "mod_perl" do - notifies :run, "execute[generate-module-list]", :immediately +when 'rhel', 'fedora' + package 'mod_perl' do + notifies :run, 'execute[generate-module-list]', :immediately end - package "perl-libapreq2" - + package 'perl-libapreq2' end file "#{node['apache']['dir']}/conf.d/perl.conf" do @@ -41,4 +37,4 @@ backup false end -apache_module "perl" +apache_module 'perl' diff --git a/recipes/mod_php5.rb b/recipes/mod_php5.rb index 63cc0ce2e..d5dee6d54 100644 --- a/recipes/mod_php5.rb +++ b/recipes/mod_php5.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: php5 # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,50 +18,41 @@ # case node['platform_family'] -when "debian" - - package "libapache2-mod-php5" - -when "arch" - - package "php-apache" do - notifies :run, "execute[generate-module-list]", :immediately +when 'debian' + package 'libapache2-mod-php5' +when 'arch' + package 'php-apache' do + notifies :run, 'execute[generate-module-list]', :immediately end +when 'rhel' + package 'which' -when "rhel" - - package "which" - package "php package" do + package 'php package' do if node['platform_version'].to_f < 6.0 - package_name "php53" + package_name 'php53' else - package_name "php" + package_name 'php' end - notifies :run, "execute[generate-module-list]", :immediately - not_if "which php" + notifies :run, 'execute[generate-module-list]', :immediately + not_if 'which php' end - -when "fedora" - - package "php package" do - package_name "php" - notifies :run, "execute[generate-module-list]", :immediately - not_if "which php" +when 'fedora' + package 'php package' do + package_name 'php' + notifies :run, 'execute[generate-module-list]', :immediately + not_if 'which php' end - -when "freebsd" - - freebsd_port_options "php5" do - options "APACHE" => true +when 'freebsd' + freebsd_port_options 'php5' do + options 'APACHE' => true action :create end - package "php package" do - package_name "php5" - source "ports" - notifies :run, "execute[generate-module-list]", :immediately + package 'php package' do + package_name 'php5' + source 'ports' + notifies :run, 'execute[generate-module-list]', :immediately end - end file "#{node['apache']['dir']}/conf.d/php.conf" do @@ -69,10 +60,10 @@ backup false end -apache_module "php5" do +apache_module 'php5' do case node['platform_family'] - when "rhel", "fedora", "freebsd" + when 'rhel', 'fedora', 'freebsd' conf true - filename "libphp5.so" + filename 'libphp5.so' end end diff --git a/recipes/mod_proxy.rb b/recipes/mod_proxy.rb index fff7627b6..8cb5554c9 100644 --- a/recipes/mod_proxy.rb +++ b/recipes/mod_proxy.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: proxy +# Recipe:: proxy # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +17,6 @@ # limitations under the License. # -apache_module "proxy" do +apache_module 'proxy' do conf true end diff --git a/recipes/mod_proxy_ajp.rb b/recipes/mod_proxy_ajp.rb index 61bc07865..0d80bbed6 100644 --- a/recipes/mod_proxy_ajp.rb +++ b/recipes/mod_proxy_ajp.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: proxy +# Recipe:: proxy # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,5 +17,5 @@ # limitations under the License. # -include_recipe "apache2::mod_proxy" -apache_module "proxy_ajp" +include_recipe 'apache2::mod_proxy' +apache_module 'proxy_ajp' diff --git a/recipes/mod_proxy_balancer.rb b/recipes/mod_proxy_balancer.rb index dc62a710d..85646e7cd 100644 --- a/recipes/mod_proxy_balancer.rb +++ b/recipes/mod_proxy_balancer.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: proxy +# Recipe:: proxy # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "proxy_balancer" +apache_module 'proxy_balancer' diff --git a/recipes/mod_proxy_connect.rb b/recipes/mod_proxy_connect.rb index f41954f13..bece09995 100644 --- a/recipes/mod_proxy_connect.rb +++ b/recipes/mod_proxy_connect.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: proxy +# Recipe:: proxy # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "proxy_connect" +apache_module 'proxy_connect' diff --git a/recipes/mod_proxy_http.rb b/recipes/mod_proxy_http.rb index ddff3eaf3..2929e2108 100644 --- a/recipes/mod_proxy_http.rb +++ b/recipes/mod_proxy_http.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: proxy_http +# Recipe:: proxy_http # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "proxy_http" +apache_module 'proxy_http' diff --git a/recipes/mod_python.rb b/recipes/mod_python.rb index bfa684a1f..5f5048552 100644 --- a/recipes/mod_python.rb +++ b/recipes/mod_python.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: python # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,14 +18,11 @@ # case node['platform_family'] -when "debian" - - package "libapache2-mod-python" - -when "rhel", "fedora" - - package "mod_python" do - notifies :run, "execute[generate-module-list]", :immediately +when 'debian' + package 'libapache2-mod-python' +when 'rhel', 'fedora' + package 'mod_python' do + notifies :run, 'execute[generate-module-list]', :immediately end end @@ -34,4 +31,4 @@ backup false end -apache_module "python" +apache_module 'python' diff --git a/recipes/mod_rewrite.rb b/recipes/mod_rewrite.rb index df388a672..651fadf38 100644 --- a/recipes/mod_rewrite.rb +++ b/recipes/mod_rewrite.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: rewrite +# Recipe:: rewrite # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "rewrite" +apache_module 'rewrite' diff --git a/recipes/mod_setenvif.rb b/recipes/mod_setenvif.rb index 4048a5f94..fab981991 100644 --- a/recipes/mod_setenvif.rb +++ b/recipes/mod_setenvif.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: setenvif +# Recipe:: setenvif # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +17,6 @@ # limitations under the License. # -apache_module "setenvif" do +apache_module 'setenvif' do conf true end diff --git a/recipes/mod_ssl.rb b/recipes/mod_ssl.rb index d5095ec22..ec10b85d5 100644 --- a/recipes/mod_ssl.rb +++ b/recipes/mod_ssl.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: ssl # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,16 +16,15 @@ # See the License for the specific language governing permissions and # limitations under the License. # -unless node['apache']['listen_ports'].include?("443") - node.set['apache']['listen_ports'] = node['apache']['listen_ports'] + ["443"] +unless node['apache']['listen_ports'].include?('443') + node.set['apache']['listen_ports'] = node['apache']['listen_ports'] + ['443'] end ports = node['apache']['listen_ports'] -if platform_family?("rhel", "fedora", "suse") - - package "mod_ssl" do - notifies :run, "execute[generate-module-list]", :immediately +if platform_family?('rhel', 'fedora', 'suse') + package 'mod_ssl' do + notifies :run, 'execute[generate-module-list]', :immediately end file "#{node['apache']['dir']}/conf.d/ssl.conf" do @@ -35,12 +34,12 @@ end template "#{node['apache']['dir']}/ports.conf" do - source "ports.conf.erb" - variables :apache_listen_ports => ports.map { |p| p.to_i }.uniq - notifies :restart, "service[apache2]" - mode 00644 + source 'ports.conf.erb' + mode '0644' + variables(:apache_listen_ports => ports.map { |p| p.to_i }.uniq) + notifies :restart, 'service[apache2]' end -apache_module "ssl" do +apache_module 'ssl' do conf true end diff --git a/recipes/mod_status.rb b/recipes/mod_status.rb index 3e7172740..2f1cc2a97 100644 --- a/recipes/mod_status.rb +++ b/recipes/mod_status.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: status +# Recipe:: status # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2012, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +17,6 @@ # limitations under the License. # -apache_module "status" do +apache_module 'status' do conf true end diff --git a/recipes/mod_userdir.rb b/recipes/mod_userdir.rb index 8bfc45ac5..8ad4f8261 100644 --- a/recipes/mod_userdir.rb +++ b/recipes/mod_userdir.rb @@ -17,4 +17,4 @@ # limitations under the License. # -apache_module "userdir" +apache_module 'userdir' diff --git a/recipes/mod_wsgi.rb b/recipes/mod_wsgi.rb index fef91bb4d..6f9fc46c1 100644 --- a/recipes/mod_wsgi.rb +++ b/recipes/mod_wsgi.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_wsgi # -# Copyright 2008-2012, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,16 +18,12 @@ # case node['platform_family'] -when "debian" - - package "libapache2-mod-wsgi" - -when "rhel", "fedora", "arch" - - package "mod_wsgi" do - notifies :run, "execute[generate-module-list]", :immediately +when 'debian' + package 'libapache2-mod-wsgi' +when 'rhel', 'fedora', 'arch' + package 'mod_wsgi' do + notifies :run, 'execute[generate-module-list]', :immediately end - end file "#{node['apache']['dir']}/conf.d/wsgi.conf" do @@ -35,4 +31,4 @@ backup false end -apache_module "wsgi" +apache_module 'wsgi' diff --git a/recipes/mod_xsendfile.rb b/recipes/mod_xsendfile.rb index 9d4c60fea..1ed99e89e 100644 --- a/recipes/mod_xsendfile.rb +++ b/recipes/mod_xsendfile.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_xsendfile # -# Copyright 2011, CustomInk, LLC. +# Copyright 2011-2013, CustomInk, LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,16 +18,12 @@ # case node['platform_family'] -when "debian" - - package "libapache2-mod-xsendfile" - -when "rhel", "fedora" - - package "mod_xsendfile" do - notifies :run, "execute[generate-module-list]", :immediately +when 'debian' + package 'libapache2-mod-xsendfile' +when 'rhel', 'fedora' + package 'mod_xsendfile' do + notifies :run, 'execute[generate-module-list]', :immediately end - end file "#{node['apache']['dir']}/conf.d/xsendfile.conf" do @@ -35,4 +31,4 @@ backup false end -apache_module "xsendfile" +apache_module 'xsendfile' diff --git a/templates/default/apache2.conf.erb b/templates/default/apache2.conf.erb index 0daa15c34..5bc6d3cda 100644 --- a/templates/default/apache2.conf.erb +++ b/templates/default/apache2.conf.erb @@ -8,9 +8,9 @@ ServerRoot "<%= node['apache']['dir'] %>" # # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. # -<% if %w{debian}.include?(node['platform_family']) -%> +<% if %w[debian].include?(node['platform_family']) -%> LockFile /var/lock/apache2/accept.lock -<% elsif %w{freebsd}.include?(node['platform_family']) -%> +<% elsif %w[freebsd].include?(node['platform_family']) -%> LockFile /var/log/accept.lock <% else %> LockFile logs/accept.lock @@ -48,7 +48,7 @@ KeepAliveTimeout <%= node['apache']['keepalivetimeout'] %> ## ## Server-Pool Size Regulation (MPM specific) -## +## # prefork MPM # StartServers: number of server processes to start @@ -94,8 +94,8 @@ Group <%= node['apache']['group'] %> AccessFileName .htaccess # -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. # Order allow,deny @@ -146,7 +146,7 @@ LogLevel warn Include <%= node['apache']['dir'] %>/mods-enabled/*.load Include <%= node['apache']['dir'] %>/mods-enabled/*.conf -<% if %w{freebsd}.include?(node['platform_family']) -%> +<% if %w[freebsd].include?(node['platform_family']) -%> AcceptFilter http none AcceptFilter https none @@ -181,7 +181,7 @@ LogFormat "%{User-agent}i" agent # Putting this all together, we can internationalize error responses. # # We use Alias to redirect any /error/HTTP_.html.var response to -# our collection of by-error message multi-language collections. We use +# our collection of by-error message multi-language collections. We use # includes to substitute the appropriate text. # # You can modify the messages' appearance without changing any of the @@ -190,7 +190,7 @@ LogFormat "%{User-agent}i" agent # Alias /error/include/ "/your/include/path/" # # which allows you to create your own set of files by starting with the -# /usr/share/apache2/error/include/ files and copying them to /your/include/path/, +# /usr/share/apache2/error/include/ files and copying them to /your/include/path/, # even on a per-VirtualHost basis. The default include files will display # your Apache version number and your ServerAdmin email address regardless # of the setting of ServerSignature. diff --git a/templates/default/default-site.erb b/templates/default/default-site.erb index a65ab533a..b1344373d 100644 --- a/templates/default/default-site.erb +++ b/templates/default/default-site.erb @@ -1,57 +1,55 @@ - ServerAdmin <%= node['apache']['contact'] %> - - DocumentRoot <%= node['apache']['docroot_dir'] %>/ - - Options FollowSymLinks - AllowOverride None - - /> - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Order allow,deny - allow from all - # This directive allows us to have apache2's default start page - # in /apache2-default/, but still have / go to the right place - #RedirectMatch ^/$ /apache2-default/ - - - ScriptAlias /cgi-bin/ <%= node['apache']['cgibin_dir'] %>/ - "> - AllowOverride None - Options ExecCGI -MultiViews +SymLinksIfOwnerMatch - Order allow,deny - Allow from all - - - ErrorLog <%= node['apache']['log_dir'] %>/<%= node['apache']['error_log'] %> - - # Possible values include: debug, info, notice, warn, error, crit, - # alert, emerg. - LogLevel warn - - CustomLog <%= node['apache']['log_dir'] %>/<%= node['apache']['access_log'] %> combined - ServerSignature On - - Alias /doc/ "/usr/share/doc/" - - Options Indexes MultiViews FollowSymLinks - AllowOverride None - Order deny,allow - Deny from all - Allow from 127.0.0.0/255.0.0.0 ::1/128 - - - <% if %w{ rhel fedora }.include?(node['platform_family']) -%> - # - # This configuration file enables the default "Welcome" - # page if there is no default index page present for - # the root URL. To disable the Welcome page, comment - # out all the lines below. - # - - Options -Indexes - ErrorDocument 403 /error/noindex.html - - <% end -%> + ServerAdmin <%= node['apache']['contact'] %> + + DocumentRoot <%= node['apache']['docroot_dir'] %>/ + + Options FollowSymLinks + AllowOverride None + + + /> + Options Indexes FollowSymLinks MultiViews + AllowOverride None + Order allow,deny + Allow from all + + + ScriptAlias /cgi-bin/ <%= node['apache']['cgibin_dir'] %>/ + "> + AllowOverride None + Options ExecCGI -MultiViews +SymLinksIfOwnerMatch + Order allow,deny + Allow from all + + + ErrorLog <%= node['apache']['log_dir'] %>/<%= node['apache']['error_log'] %> + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + CustomLog <%= node['apache']['log_dir'] %>/<%= node['apache']['access_log'] %> combined + ServerSignature On + + Alias /doc/ "/usr/share/doc/" + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order deny,allow + Deny from all + Allow from 127.0.0.0/255.0.0.0 ::1/128 + + + <% if %w[rhel fedora].include?(node['platform_family']) -%> + # + # This configuration file enables the default "Welcome" + # page if there is no default index page present for + # the root URL. To disable the Welcome page, comment + # out all the lines below. + # + + Options -Indexes + ErrorDocument 403 /error/noindex.html + + <% end -%> diff --git a/templates/default/mods/alias.conf.erb b/templates/default/mods/alias.conf.erb index 5ab139ec4..8d8c2ec0f 100644 --- a/templates/default/mods/alias.conf.erb +++ b/templates/default/mods/alias.conf.erb @@ -1,24 +1,23 @@ -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/". If the fakename is slash-terminated, then the -# realname must also be slash terminated, and if the fakename omits the -# trailing slash, the realname must also omit it. -# -# We include the /icons/ alias for FancyIndexed directory listings. If -# you do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "<%= node['apache']['icondir'] %>/" + # + # Aliases: Add here as many aliases as you need (with no limit). The format is + # Alias fakename realname + # + # Note that if you include a trailing / on fakename then the server will + # require it to be present in the URL. So "/icons" isn't aliased in this + # example, only "/icons/". If the fakename is slash-terminated, then the + # realname must also be slash terminated, and if the fakename omits the + # trailing slash, the realname must also omit it. + # + # We include the /icons/ alias for FancyIndexed directory listings. If + # you do not use FancyIndexing, you may comment this out. + # + Alias /icons/ "<%= node['apache']['icondir'] %>/" -"> + "> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all - - + diff --git a/templates/default/mods/auth_cas.conf.erb b/templates/default/mods/auth_cas.conf.erb index 80efafebd..1f23f8eaf 100644 --- a/templates/default/mods/auth_cas.conf.erb +++ b/templates/default/mods/auth_cas.conf.erb @@ -1 +1 @@ -CASCookiePath <%= node['apache']['cache_dir'] %>/mod_auth_cas/ \ No newline at end of file +CASCookiePath <%= node['apache']['cache_dir'] %>/mod_auth_cas/ diff --git a/templates/default/mods/autoindex.conf.erb b/templates/default/mods/autoindex.conf.erb index 38390938a..5f866146b 100644 --- a/templates/default/mods/autoindex.conf.erb +++ b/templates/default/mods/autoindex.conf.erb @@ -1,101 +1,100 @@ -# -# Directives controlling the display of server-generated directory listings. -# + # + # Directives controlling the display of server-generated directory listings. + # -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames. -# -IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8 + # + # IndexOptions: Controls the appearance of server-generated directory + # listings. + # Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames. + # + IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8 -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2 + # + # AddIcon* directives tell the server which icon to show for different + # files or filename extensions. These are only displayed for + # FancyIndexed directories. + # + AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2 -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* + AddIconByType (TXT,/icons/text.gif) text/* + AddIconByType (IMG,/icons/image2.gif) image/* + AddIconByType (SND,/icons/sound2.gif) audio/* + AddIconByType (VID,/icons/movie.gif) video/* -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -# It's a suffix rule, so simply matching "core" matches "score" as well ! -AddIcon /icons/bomb.gif /core -AddIcon (SND,/icons/sound2.gif) .ogg -AddIcon (VID,/icons/movie.gif) .ogm + AddIcon /icons/binary.gif .bin .exe + AddIcon /icons/binhex.gif .hqx + AddIcon /icons/tar.gif .tar + AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv + AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip + AddIcon /icons/a.gif .ps .ai .eps + AddIcon /icons/layout.gif .html .shtml .htm .pdf + AddIcon /icons/text.gif .txt + AddIcon /icons/c.gif .c + AddIcon /icons/p.gif .pl .py + AddIcon /icons/f.gif .for + AddIcon /icons/dvi.gif .dvi + AddIcon /icons/uuencoded.gif .uu + AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl + AddIcon /icons/tex.gif .tex + # It's a suffix rule, so simply matching "core" matches "score" as well ! + AddIcon /icons/bomb.gif /core + AddIcon (SND,/icons/sound2.gif) .ogg + AddIcon (VID,/icons/movie.gif) .ogm -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ + AddIcon /icons/back.gif .. + AddIcon /icons/hand.right.gif README + AddIcon /icons/folder.gif ^^DIRECTORY^^ + AddIcon /icons/blank.gif ^^BLANKICON^^ -# Default icons for OpenDocument format -AddIcon /icons/odf6odt-20x22.png .odt -AddIcon /icons/odf6ods-20x22.png .ods -AddIcon /icons/odf6odp-20x22.png .odp -AddIcon /icons/odf6odg-20x22.png .odg -AddIcon /icons/odf6odc-20x22.png .odc -AddIcon /icons/odf6odf-20x22.png .odf -AddIcon /icons/odf6odb-20x22.png .odb -AddIcon /icons/odf6odi-20x22.png .odi -AddIcon /icons/odf6odm-20x22.png .odm + # Default icons for OpenDocument format + AddIcon /icons/odf6odt-20x22.png .odt + AddIcon /icons/odf6ods-20x22.png .ods + AddIcon /icons/odf6odp-20x22.png .odp + AddIcon /icons/odf6odg-20x22.png .odg + AddIcon /icons/odf6odc-20x22.png .odc + AddIcon /icons/odf6odf-20x22.png .odf + AddIcon /icons/odf6odb-20x22.png .odb + AddIcon /icons/odf6odi-20x22.png .odi + AddIcon /icons/odf6odm-20x22.png .odm -AddIcon /icons/odf6ott-20x22.png .ott -AddIcon /icons/odf6ots-20x22.png .ots -AddIcon /icons/odf6otp-20x22.png .otp -AddIcon /icons/odf6otg-20x22.png .otg -AddIcon /icons/odf6otc-20x22.png .otc -AddIcon /icons/odf6otf-20x22.png .otf -AddIcon /icons/odf6oti-20x22.png .oti -AddIcon /icons/odf6oth-20x22.png .oth + AddIcon /icons/odf6ott-20x22.png .ott + AddIcon /icons/odf6ots-20x22.png .ots + AddIcon /icons/odf6otp-20x22.png .otp + AddIcon /icons/odf6otg-20x22.png .otg + AddIcon /icons/odf6otc-20x22.png .otc + AddIcon /icons/odf6otf-20x22.png .otf + AddIcon /icons/odf6oti-20x22.png .oti + AddIcon /icons/odf6oth-20x22.png .oth -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif + # + # DefaultIcon is which icon to show for files which do not have an icon + # explicitly set. + # + DefaultIcon /icons/unknown.gif -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz + # + # AddDescription allows you to place a short description after a file in + # server-generated indexes. These are only displayed for FancyIndexed + # directories. + # Format: AddDescription "description" filename + # + #AddDescription "GZIP compressed document" .gz + #AddDescription "tar archive" .tar + #AddDescription "GZIP compressed tar archive" .tgz -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# RCS CVS *,v *,t + # + # ReadmeName is the name of the README file the server will look for by + # default, and append to directory listings. + # + # HeaderName is the name of a file which should be prepended to + # directory indexes. + ReadmeName README.html + HeaderName HEADER.html + # + # IndexIgnore is a set of filenames which directory indexing should ignore + # and not include in the listing. Shell-style wildcarding is permitted. + # + IndexIgnore .??* *~ *# RCS CVS *,v *,t diff --git a/templates/default/mods/deflate.conf.erb b/templates/default/mods/deflate.conf.erb index 2e41975fa..4a312b21d 100644 --- a/templates/default/mods/deflate.conf.erb +++ b/templates/default/mods/deflate.conf.erb @@ -1,16 +1,16 @@ - AddOutputFilterByType DEFLATE text/html - AddOutputFilterByType DEFLATE text/css - AddOutputFilterByType DEFLATE text/plain - AddOutputFilterByType DEFLATE text/xml - AddOutputFilterByType DEFLATE application/xhtml+xml - AddOutputFilterByType DEFLATE application/xml - AddOutputFilterByType DEFLATE image/svg+xml - AddOutputFilterByType DEFLATE application/rss+xml - AddOutputFilterByType DEFLATE application/atom_xml - AddOutputFilterByType DEFLATE application/javascript - AddOutputFilterByType DEFLATE application/x-javascript - AddOutputFilterByType DEFLATE application/x-httpd-php - AddOutputFilterByType DEFLATE application/x-httpd-fastphp - AddOutputFilterByType DEFLATE application/x-httpd-eruby + AddOutputFilterByType DEFLATE text/html + AddOutputFilterByType DEFLATE text/css + AddOutputFilterByType DEFLATE text/plain + AddOutputFilterByType DEFLATE text/xml + AddOutputFilterByType DEFLATE application/xhtml+xml + AddOutputFilterByType DEFLATE application/xml + AddOutputFilterByType DEFLATE image/svg+xml + AddOutputFilterByType DEFLATE application/rss+xml + AddOutputFilterByType DEFLATE application/atom_xml + AddOutputFilterByType DEFLATE application/javascript + AddOutputFilterByType DEFLATE application/x-javascript + AddOutputFilterByType DEFLATE application/x-httpd-php + AddOutputFilterByType DEFLATE application/x-httpd-fastphp + AddOutputFilterByType DEFLATE application/x-httpd-eruby diff --git a/templates/default/mods/dir.conf.erb b/templates/default/mods/dir.conf.erb index e16fcb390..dd6cea1f3 100644 --- a/templates/default/mods/dir.conf.erb +++ b/templates/default/mods/dir.conf.erb @@ -1,5 +1,3 @@ - - DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm - + DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm diff --git a/templates/default/mods/fcgid.conf.erb b/templates/default/mods/fcgid.conf.erb index b314292dd..d13e8a6bf 100644 --- a/templates/default/mods/fcgid.conf.erb +++ b/templates/default/mods/fcgid.conf.erb @@ -3,7 +3,7 @@ IPCConnectTimeout 20 -<% if %w{ rhel fedora }.include?(node['platform_family']) -%> +<% if %w[rhel fedora].include?(node['platform_family']) -%> # Sane place to put sockets and shared memory file SocketPath run/mod_fcgid SharememPath run/mod_fcgid/fcgid_shm diff --git a/templates/default/mods/info.conf.erb b/templates/default/mods/info.conf.erb index 7c84a5826..1d0e7ea68 100644 --- a/templates/default/mods/info.conf.erb +++ b/templates/default/mods/info.conf.erb @@ -1,14 +1,14 @@ -# -# Allow server info reports generated by mod_info, -# with the URL of http://servername/server-info -# Uncomment and change the ".example.com" to allow -# access from other hosts. -# - + # + # Allow server info reports generated by mod_info, + # with the URL of http://servername/server-info + # Uncomment and change the ".example.com" to allow + # access from other hosts. + # + SetHandler server-info Order deny,allow Deny from all Allow from <%= node['apache']['info_allow_list'] %> - + diff --git a/templates/default/mods/mime.conf.erb b/templates/default/mods/mime.conf.erb index 3dd668682..56d1fcaed 100644 --- a/templates/default/mods/mime.conf.erb +++ b/templates/default/mods/mime.conf.erb @@ -1,201 +1,199 @@ + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + <% case node['platform_family'] -%> + <% when 'arch' -%> + TypesConfig <%= node['apache']['dir'] %>/conf/mime.types + <% when 'freebsd' -%> + TypesConfig <%= node['apache']['dir'] %>/mime.types + <% else -%> + TypesConfig /etc/mime.types + <% end -%> -# -# TypesConfig points to the file containing the list of mappings from -# filename extension to MIME-type. -# -<% case node['platform_family'] -%> -<% when "arch" -%> -TypesConfig <%= node['apache']['dir'] %>/conf/mime.types -<% when "freebsd" -%> -TypesConfig <%= node['apache']['dir'] %>/mime.types -<% else -%> -TypesConfig /etc/mime.types -<% end -%> + # + # AddType allows you to add to or override the MIME configuration + # file mime.types for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # Despite the name similarity, the following Add* directives have + # nothing to do with the FancyIndexing customization directives above. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + #AddEncoding x-bzip2 .bz2 + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + AddType application/x-bzip2 .bz2 -# -# AddType allows you to add to or override the MIME configuration -# file mime.types for specific file types. -# -#AddType application/x-gzip .tgz -# -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have -# nothing to do with the FancyIndexing customization directives above. -# -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz -#AddEncoding x-bzip2 .bz2 -# -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -# -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz -AddType application/x-bzip2 .bz2 + AddType image/svg+xml svg svgz + AddEncoding gzip svgz -AddType image/svg+xml svg svgz -AddEncoding gzip svgz + # + # DefaultLanguage and AddLanguage allows you to specify the language of + # a document. You can then use content negotiation to give a browser a + # file in a language the user can understand. + # + # Specify a default language. This means that all data + # going out without a specific language tag (see below) will + # be marked with this one. You probably do NOT want to set + # this unless you are sure it is correct for all cases. + # + # * It is generally better to not mark a page as + # * being a certain language than marking it with the wrong + # * language! + # + # DefaultLanguage nl + # + # Note 1: The suffix does not have to be the same as the language + # keyword --- those with documents in Polish (whose net-standard + # language code is pl) may wish to use "AddLanguage pl .po" to + # avoid the ambiguity with the common suffix for perl scripts. + # + # Note 2: The example entries below illustrate that in some cases + # the two character 'Language' abbreviation is not identical to + # the two character 'Country' code for its country, + # E.g. 'Danmark/dk' versus 'Danish/da'. + # + # Note 3: In the case of 'ltz' we violate the RFC by using a three char + # specifier. There is 'work in progress' to fix this and get + # the reference data for rfc1766 cleaned up. + # + # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) + # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) + # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) + # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) + # Norwegian (no) - Polish (pl) - Portugese (pt) + # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) + # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) + # + AddLanguage ca .ca + AddLanguage cs .cz .cs + AddLanguage da .dk + AddLanguage de .de + AddLanguage el .el + AddLanguage en .en + AddLanguage eo .eo + # See README.Debian for Spanish + AddLanguage es .es + AddLanguage et .et + AddLanguage fr .fr + AddLanguage he .he + AddLanguage hr .hr + AddLanguage it .it + AddLanguage ja .ja + AddLanguage ko .ko + AddLanguage ltz .ltz + AddLanguage nl .nl + AddLanguage nn .nn + AddLanguage no .no + AddLanguage pl .po + AddLanguage pt .pt + AddLanguage pt-BR .pt-br + AddLanguage ru .ru + AddLanguage sv .sv + # See README.Debian for Turkish + AddLanguage tr .tr + AddLanguage zh-CN .zh-cn + AddLanguage zh-TW .zh-tw -# -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -# See README.Debian for Spanish -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -# See README.Debian for Turkish -AddLanguage tr .tr -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw + # + # Commonly used filename extensions to character sets. You probably + # want to avoid clashes with the language extensions, unless you + # are good at carefully testing your setup after each change. + # See http://www.iana.org/assignments/character-sets for the + # official list of charset names and their respective RFCs. + # + AddCharset us-ascii .ascii .us-ascii + AddCharset ISO-8859-1 .iso8859-1 .latin1 + AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen + AddCharset ISO-8859-3 .iso8859-3 .latin3 + AddCharset ISO-8859-4 .iso8859-4 .latin4 + AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru + AddCharset ISO-8859-6 .iso8859-6 .arb .arabic + AddCharset ISO-8859-7 .iso8859-7 .grk .greek + AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew + AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk + AddCharset ISO-8859-10 .iso8859-10 .latin6 + AddCharset ISO-8859-13 .iso8859-13 + AddCharset ISO-8859-14 .iso8859-14 .latin8 + AddCharset ISO-8859-15 .iso8859-15 .latin9 + AddCharset ISO-8859-16 .iso8859-16 .latin10 + AddCharset ISO-2022-JP .iso2022-jp .jis + AddCharset ISO-2022-KR .iso2022-kr .kis + AddCharset ISO-2022-CN .iso2022-cn .cis + AddCharset Big5 .Big5 .big5 .b5 + AddCharset cn-Big5 .cn-big5 + # For russian, more than one charset is used (depends on client, mostly): + AddCharset WINDOWS-1251 .cp-1251 .win-1251 + AddCharset CP866 .cp866 + AddCharset KOI8 .koi8 + AddCharset KOI8-E .koi8-e + AddCharset KOI8-r .koi8-r .koi8-ru + AddCharset KOI8-U .koi8-u + AddCharset KOI8-ru .koi8-uk .ua + AddCharset ISO-10646-UCS-2 .ucs2 + AddCharset ISO-10646-UCS-4 .ucs4 + AddCharset UTF-7 .utf7 + AddCharset UTF-8 .utf8 + AddCharset UTF-16 .utf16 + AddCharset UTF-16BE .utf16be + AddCharset UTF-16LE .utf16le + AddCharset UTF-32 .utf32 + AddCharset UTF-32BE .utf32be + AddCharset UTF-32LE .utf32le + AddCharset euc-cn .euc-cn + AddCharset euc-gb .euc-gb + AddCharset euc-jp .euc-jp + AddCharset euc-kr .euc-kr + #Not sure how euc-tw got in - IANA doesn't list it??? + AddCharset EUC-TW .euc-tw + AddCharset gb2312 .gb2312 .gb + AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 + AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 + AddCharset shift_jis .shift_jis .sjis -# -# Commonly used filename extensions to character sets. You probably -# want to avoid clashes with the language extensions, unless you -# are good at carefully testing your setup after each change. -# See http://www.iana.org/assignments/character-sets for the -# official list of charset names and their respective RFCs. -# -AddCharset us-ascii .ascii .us-ascii -AddCharset ISO-8859-1 .iso8859-1 .latin1 -AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen -AddCharset ISO-8859-3 .iso8859-3 .latin3 -AddCharset ISO-8859-4 .iso8859-4 .latin4 -AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru -AddCharset ISO-8859-6 .iso8859-6 .arb .arabic -AddCharset ISO-8859-7 .iso8859-7 .grk .greek -AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew -AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk -AddCharset ISO-8859-10 .iso8859-10 .latin6 -AddCharset ISO-8859-13 .iso8859-13 -AddCharset ISO-8859-14 .iso8859-14 .latin8 -AddCharset ISO-8859-15 .iso8859-15 .latin9 -AddCharset ISO-8859-16 .iso8859-16 .latin10 -AddCharset ISO-2022-JP .iso2022-jp .jis -AddCharset ISO-2022-KR .iso2022-kr .kis -AddCharset ISO-2022-CN .iso2022-cn .cis -AddCharset Big5 .Big5 .big5 .b5 -AddCharset cn-Big5 .cn-big5 -# For russian, more than one charset is used (depends on client, mostly): -AddCharset WINDOWS-1251 .cp-1251 .win-1251 -AddCharset CP866 .cp866 -AddCharset KOI8 .koi8 -AddCharset KOI8-E .koi8-e -AddCharset KOI8-r .koi8-r .koi8-ru -AddCharset KOI8-U .koi8-u -AddCharset KOI8-ru .koi8-uk .ua -AddCharset ISO-10646-UCS-2 .ucs2 -AddCharset ISO-10646-UCS-4 .ucs4 -AddCharset UTF-7 .utf7 -AddCharset UTF-8 .utf8 -AddCharset UTF-16 .utf16 -AddCharset UTF-16BE .utf16be -AddCharset UTF-16LE .utf16le -AddCharset UTF-32 .utf32 -AddCharset UTF-32BE .utf32be -AddCharset UTF-32LE .utf32le -AddCharset euc-cn .euc-cn -AddCharset euc-gb .euc-gb -AddCharset euc-jp .euc-jp -AddCharset euc-kr .euc-kr -#Not sure how euc-tw got in - IANA doesn't list it??? -AddCharset EUC-TW .euc-tw -AddCharset gb2312 .gb2312 .gb -AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 -AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 -AddCharset shift_jis .shift_jis .sjis + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi -# -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) -# -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -# -#AddHandler cgi-script .cgi + # + # For files that include their own HTTP headers: + # + #AddHandler send-as-is asis -# -# For files that include their own HTTP headers: -# -#AddHandler send-as-is asis + # + # For server-parsed imagemap files: + # + #AddHandler imap-file map -# -# For server-parsed imagemap files: -# -#AddHandler imap-file map - -# -# For type maps (negotiated resources): -# (This is enabled by default to allow the Apache "It Worked" page -# to be distributed in multiple languages.) -# -AddHandler type-map var - -# -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -# -AddType text/html .shtml -AddOutputFilter INCLUDES .shtml + # + # For type maps (negotiated resources): + # (This is enabled by default to allow the Apache "It Worked" page + # to be distributed in multiple languages.) + # + AddHandler type-map var + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml diff --git a/templates/default/mods/negotiation.conf.erb b/templates/default/mods/negotiation.conf.erb index 0e3455bd0..6bea05fce 100644 --- a/templates/default/mods/negotiation.conf.erb +++ b/templates/default/mods/negotiation.conf.erb @@ -1,18 +1,17 @@ -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback + # + # LanguagePriority allows you to give precedence to some languages + # in case of a tie during content negotiation. + # + # Just list the languages in decreasing order of preference. We have + # more or less alphabetized them here. You probably want to change this. + # + LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW + # + # ForceLanguagePriority allows you to serve a result page rather than + # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) + # [in case no accepted languages matched the available variants] + # + ForceLanguagePriority Prefer Fallback diff --git a/templates/default/mods/proxy.conf.erb b/templates/default/mods/proxy.conf.erb index 4ad7c55a0..553a3ca50 100644 --- a/templates/default/mods/proxy.conf.erb +++ b/templates/default/mods/proxy.conf.erb @@ -1,19 +1,19 @@ - #turning ProxyRequests on and allowing proxying from all may allow - #spammers to use your proxy to send email. + #turning ProxyRequests on and allowing proxying from all may allow + #spammers to use your proxy to send email. - ProxyRequests Off + ProxyRequests Off - - AddDefaultCharset off - Order <%= node['apache']['proxy']['order'] %> - Deny from <%= node['apache']['proxy']['deny_from'] %> - Allow from <%= node['apache']['proxy']['allow_from'] %> - + + AddDefaultCharset off + Order <%= node['apache']['proxy']['order'] %> + Deny from <%= node['apache']['proxy']['deny_from'] %> + Allow from <%= node['apache']['proxy']['allow_from'] %> + - # Enable/disable the handling of HTTP/1.1 "Via:" headers. - # ("Full" adds the server version; "Block" removes all outgoing Via: headers) - # Set to one of: Off | On | Full | Block + # Enable/disable the handling of HTTP/1.1 "Via:" headers. + # ("Full" adds the server version; "Block" removes all outgoing Via: headers) + # Set to one of: Off | On | Full | Block - ProxyVia On + ProxyVia On diff --git a/templates/default/mods/setenvif.conf.erb b/templates/default/mods/setenvif.conf.erb index 6b7d6e2f6..832fb1b33 100644 --- a/templates/default/mods/setenvif.conf.erb +++ b/templates/default/mods/setenvif.conf.erb @@ -1,28 +1,26 @@ + # + # The following directives modify normal HTTP response behavior to + # handle known problems with browser implementations. + # + BrowserMatch "Mozilla/2" nokeepalive + BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 + BrowserMatch "RealPlayer 4\.0" force-response-1.0 + BrowserMatch "Java/1\.0" force-response-1.0 + BrowserMatch "JDK/1\.0" force-response-1.0 -# -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 - -# -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully - + # + # The following directive disables redirects on non-GET requests for + # a directory that does not include the trailing slash. This fixes a + # problem with Microsoft WebFolders which does not appropriately handle + # redirects for folders with DAV methods. + # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. + # + BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully + BrowserMatch "MS FrontPage" redirect-carefully + BrowserMatch "^WebDrive" redirect-carefully + BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully + BrowserMatch "^gnome-vfs/1.0" redirect-carefully + BrowserMatch "^XML Spy" redirect-carefully + BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully diff --git a/templates/default/mods/ssl.conf.erb b/templates/default/mods/ssl.conf.erb index 2582f3062..6154b64f7 100644 --- a/templates/default/mods/ssl.conf.erb +++ b/templates/default/mods/ssl.conf.erb @@ -1,77 +1,76 @@ -# -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the SSL library. -# The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -# -SSLRandomSeed startup builtin -SSLRandomSeed startup file:/dev/urandom 512 -SSLRandomSeed connect builtin -SSLRandomSeed connect file:/dev/urandom 512 + # + # Pseudo Random Number Generator (PRNG): + # Configure one or more sources to seed the PRNG of the SSL library. + # The seed data should be of good random quality. + # WARNING! On some platforms /dev/random blocks if not enough entropy + # is available. This means you then cannot use the /dev/random device + # because it would lead to very long connection times (as long as + # it requires to make more entropy available). But usually those + # platforms additionally provide a /dev/urandom device which doesn't + # block. So, if available, use this one instead. Read the mod_ssl User + # Manual for more details. + # + SSLRandomSeed startup builtin + SSLRandomSeed startup file:/dev/urandom 512 + SSLRandomSeed connect builtin + SSLRandomSeed connect file:/dev/urandom 512 -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## + ## + ## SSL Global Context + ## + ## All SSL configuration in this context applies both to + ## the main server and all SSL-enabled virtual hosts. + ## -# -# Some MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl + # + # Some MIME-types for downloading Certificates and CRLs + # + AddType application/x-x509-ca-cert .crt + AddType application/x-pkcs7-crl .crl -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin + # Pass Phrase Dialog: + # Configure the pass phrase gathering process. + # The filtering dialog program (`builtin' is a internal + # terminal dialog) has to provide the pass phrase on stdout. + SSLPassPhraseDialog builtin -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -#SSLSessionCache dbm:/var/run/apache2/ssl_scache -<% if %w{ rhel fedora suse }.include?(node['platform_family']) -%> -SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) -<% elsif %w{ freebsd }.include?(node['platform_family']) -%> -SSLSessionCache shmcb:/var/run/ssl_scache(512000) -<% else -%> -SSLSessionCache shmcb:/var/run/apache2/ssl_scache -<% end -%> -SSLSessionCacheTimeout 300 + # Inter-Process Session Cache: + # Configure the SSL Session Cache: First the mechanism + # to use and second the expiring timeout (in seconds). + #SSLSessionCache dbm:/var/run/apache2/ssl_scache + <% if %w[rhel fedora suse].include?(node['platform_family']) -%> + SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) + <% elsif %w[freebsd].include?(node['platform_family']) -%> + SSLSessionCache shmcb:/var/run/ssl_scache(512000) + <% else -%> + SSLSessionCache shmcb:/var/run/apache2/ssl_scache + <% end -%> + SSLSessionCacheTimeout 300 -# Semaphore: -# Configure the path to the mutual exclusion semaphore the -# SSL engine uses internally for inter-process synchronization. -<% if %w{ rhel fedora suse }.include?(node['platform_family']) -%> -SSLMutex default -<% elsif %w{ freebsd }.include?(node['platform_family']) -%> -SSLMutex file:/var/run/ssl_mutex -<% else -%> -SSLMutex file:/var/run/apache2/ssl_mutex -<% end -%> + # Semaphore: + # Configure the path to the mutual exclusion semaphore the + # SSL engine uses internally for inter-process synchronization. + <% if %w[rhel fedora suse].include?(node['platform_family']) -%> + SSLMutex default + <% elsif %w[freebsd].include?(node['platform_family']) -%> + SSLMutex file:/var/run/ssl_mutex + <% else -%> + SSLMutex file:/var/run/apache2/ssl_mutex + <% end -%> -SSLHonorCipherOrder On -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -# enable only secure ciphers: -SSLCipherSuite <%= node['apache']['mod_ssl']['cipher_suite'] %> -# Use this instead if you want to allow cipher upgrades via SGC facility. -# In this case you also have to use something like -# SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 -# see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html.en#upgradeenc -#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - -# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2 -SSLProtocol all -SSLv2 + SSLHonorCipherOrder On + # SSL Cipher Suite: + # List the ciphers that the client is permitted to negotiate. + # See the mod_ssl documentation for a complete list. + # enable only secure ciphers: + SSLCipherSuite <%= node['apache']['mod_ssl']['cipher_suite'] %> + # Use this instead if you want to allow cipher upgrades via SGC facility. + # In this case you also have to use something like + # SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 + # see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html.en#upgradeenc + #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + # enable only secure protocols: SSLv3 and TLSv1, but not SSLv2 + SSLProtocol all -SSLv2 diff --git a/templates/default/mods/status.conf.erb b/templates/default/mods/status.conf.erb index 8bafc5247..a279f9ce3 100644 --- a/templates/default/mods/status.conf.erb +++ b/templates/default/mods/status.conf.erb @@ -1,26 +1,25 @@ -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Uncomment and change the ".example.com" to allow -# access from other hosts. -# - + # + # Allow server status reports generated by mod_status, + # with the URL of http://servername/server-status + # Uncomment and change the ".example.com" to allow + # access from other hosts. + # + SetHandler server-status Order deny,allow Deny from all - Allow from <%=node['apache']['status_allow_list']%> -# Allow from .example.com - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -<% if node['apache']['ext_status'] %> -ExtendedStatus On -<% else -%> -ExtendedStatus Off -<% end -%> -# + Allow from <%= node['apache']['status_allow_list'] %> + + + # + # ExtendedStatus controls whether Apache will generate "full" status + # information (ExtendedStatus On) or just basic information (ExtendedStatus + # Off) when the "server-status" handler is called. The default is Off. + # + <% if node['apache']['ext_status'] -%> + ExtendedStatus On + <% else -%> + ExtendedStatus Off + <% end -%> diff --git a/templates/default/ports.conf.erb b/templates/default/ports.conf.erb index 64bbe07c8..beed2ff44 100644 --- a/templates/default/ports.conf.erb +++ b/templates/default/ports.conf.erb @@ -3,7 +3,7 @@ <% @apache_listen_ports.each do |port| -%> <% @apache_listen_addresses.each do |address| -%> -Listen <%= address.length > 0 ? "#{address}:" : "" %><%= port %> +Listen <%= address.length > 0 ? "#{address}:" : '' %><%= port %> <% end -%> NameVirtualHost *:<%= port %> <% end -%> diff --git a/templates/default/security.erb b/templates/default/security.erb index d40dbb486..d26e1722b 100644 --- a/templates/default/security.erb +++ b/templates/default/security.erb @@ -11,7 +11,6 @@ # Deny from all # - # Changing the following options will not really affect the security of the # server, but might make attacks slightly more difficult in some cases. @@ -23,8 +22,7 @@ # Set to one of: Full | OS | Minimal | Minor | Major | Prod # where Full conveys the most information, and Prod the least. # -#ServerTokens Minimal -ServerTokens <%= node['apache']['servertokens'] %> +ServerTokens <%= node['apache']['servertokens'] %> # # Optionally add a line containing the server version and virtual host @@ -34,8 +32,7 @@ ServerTokens <%= node['apache']['servertokens'] %> # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail # -#ServerSignature Off -ServerSignature <%= node['apache']['serversignature'] %> +ServerSignature <%= node['apache']['serversignature'] %> # # Allow TRACE method @@ -45,6 +42,5 @@ ServerSignature <%= node['apache']['serversignature'] %> # # Set to one of: On | Off | extended # -#TraceEnable Off -TraceEnable <%= node['apache']['traceenable'] %> +TraceEnable <%= node['apache']['traceenable'] %> diff --git a/test/features/step_definitions/webserver_steps.rb b/test/features/step_definitions/webserver_steps.rb index f743189a5..40ed439fd 100644 --- a/test/features/step_definitions/webserver_steps.rb +++ b/test/features/step_definitions/webserver_steps.rb @@ -8,9 +8,9 @@ When /^a request is made to a (CGI|Java|Perl|Python|PHP) (?:script|application) that generates a list of (?:environment variables|request parameters)$/ do |script_type| http_request case script_type - when 'CGI' then '/cgi-bin/env' - when 'Python' then '/env/python.py' - else "/env/#{script_type.downcase}" + when 'CGI' then '/cgi-bin/env' + when 'Python' then '/env/python.py' + else "/env/#{script_type.downcase}" end end @@ -48,8 +48,10 @@ When /^the authenticated user is (not )?listed (?:in the directory )(?:in the file|as authorized)$/ do |not_listed| http_request '/secure/', - :basic_auth => {:username => not_listed ? 'meatballs' : 'bork', - :password => 'secret'} + :basic_auth => { + :username => not_listed ? 'meatballs' : 'bork', + :password => 'secret' + } end When 'the browser requests a page specifying that it does not support compression' do @@ -65,8 +67,10 @@ end When /^the user requests the secure page authenticating with (in)?valid credentials over (basic|digest) auth$/ do |invalid, auth_type| - http_request '/secure/', "#{auth_type}_auth".to_sym => {:username => 'bork', - :password => invalid ? 'squirrel' : 'secret'} + http_request '/secure/', "#{auth_type}_auth".to_sym => { + :username => 'bork', + :password => invalid ? 'squirrel' : 'secret' + } end When 'the user requests the secure page with no credentials' do