other/Puppet: modules/apache/manifests/vhost.pp comparison

comparison modules/apache/manifests/vhost.pp @ 275:d9352a684e62

Mass update of modules to remove deprecation warnings

author	IBBoard <dev@ibboard.co.uk>
date	Sun, 26 Jan 2020 11:36:07 +0000
parents	675c1cc61eaf
children	b8d6ada284dd

comparison

equal deleted inserted replaced

-:b2571c28fc27
+:d9352a684e62
-# See README.md for usage information
+# @summary
+#   Allows specialised configurations for virtual hosts that possess requirements
+#   outside of the defaults.
+#
+# The apache module allows a lot of flexibility in the setup and configuration of virtual hosts.
+# This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache
+# to evaluate it multiple times with different parameters.<br />
+# The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts
+# that have requirements outside the defaults. You can set up a default virtual host within
+# the base `::apache` class, as well as set a customized virtual host as the default.
+# Customized virtual hosts have a lower numeric `priority` than the base class's, causing
+# Apache to process the customized virtual host first.<br />
+# The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To
+# inject custom fragments for pieces of the configuration that the defined type doesn't
+# inherently support, add a custom fragment.<br />
+# For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples
+# of 10, so any `order` that isn't a multiple of 10 should work.<br />
+# > **Note:** When creating an `apache::vhost`, it cannot be named `default` or `default-ssl`,
+# because vhosts with these titles are always managed by the module. This means that you cannot
+# override `Apache::Vhost['default']`  or `Apache::Vhost['default-ssl]` resources. An optional
+# workaround is to create a vhost named something else, such as `my default`, and ensure that the
+# `default` and `default_ssl` vhosts are set to `false`:
+#
+# @example
+#   class { 'apache':
+#     default_vhost     => false,
+#     default_ssl_vhost => false,
+#   }
+#
+# @param apache_version
+#   Apache's version number as a string, such as '2.2' or '2.4'.
+#
+# @param access_log
+#   Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`).
+#
+# @param access_log_env_var
+#   Specifies that only requests with particular environment variables be logged.
+#
+# @param access_log_file
+#   Sets the filename of the `*_access.log` placed in `logroot`. Given a virtual host ---for
+#   instance, example.com--- it defaults to 'example.com_ssl.log' for
+#   [SSL-encrypted](https://httpd.apache.org/docs/current/ssl/index.html) virtual hosts and
+#   `example.com_access.log` for unencrypted virtual hosts.
+#
+# @param access_log_format
+#   Specifies the use of either a `LogFormat` nickname or a custom-formatted string for the
+#   access log.
+#
+# @param access_log_pipe
+#   Specifies a pipe where Apache sends access log messages.
+#
+# @param access_log_syslog
+#   Sends all access log messages to syslog.
+#
+# @param access_logs
+#   Allows you to give a hash that specifies the state of each of the `access_log_*`
+#   directives shown above, i.e. `access_log_pipe` and `access_log_syslog`.
+#
+# @param add_default_charset
+#   Sets a default media charset value for the `AddDefaultCharset` directive, which is
+#   added to `text/plain` and `text/html` responses.
+#
+# @param add_listen
+#   Determines whether the virtual host creates a `Listen` statement.<br />
+#   Setting `add_listen` to `false` prevents the virtual host from creating a `Listen`
+#   statement. This is important when combining virtual hosts that aren't passed an `ip`
+#   parameter with those that are.
+#
+# @param use_optional_includes
+#   Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for
+#   `additional_includes` in Apache 2.4 or newer.
+#
+# @param additional_includes
+#   Specifies paths to additional static, virtual host-specific Apache configuration files.
+#   You can use this parameter to implement a unique, custom configuration not supported by
+#   this module.
+#
+# @param aliases
+#   Passes a list of [hashes][hash] to the virtual host to create `Alias`, `AliasMatch`,
+#   `ScriptAlias` or `ScriptAliasMatch` directives as per the `mod_alias` documentation.<br />
+#   For example:
+#   ``` puppet
+#   aliases => [
+#     { aliasmatch       => '^/image/(.*)\.jpg$',
+#       path             => '/files/jpg.images/$1.jpg',
+#     },
+#     { alias            => '/image',
+#       path             => '/ftp/pub/image',
+#     },
+#     { scriptaliasmatch => '^/cgi-bin(.*)',
+#       path             => '/usr/local/share/cgi-bin$1',
+#     },
+#     { scriptalias      => '/nagios/cgi-bin/',
+#       path             => '/usr/lib/nagios/cgi-bin/',
+#     },
+#     { alias            => '/nagios',
+#       path             => '/usr/share/nagios/html',
+#     },
+#   ],
+#   ```
+#   For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs
+#   a corresponding context, such as `<Directory /path/to/directory>` or
+#   `<Location /some/location/here>`. Puppet creates the directives in the order specified in
+#   the `aliases` parameter. As described in the `mod_alias` documentation, add more specific
+#   `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more
+#   general ones to avoid shadowing.<BR />
+#   > **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because
+#   you can precisely control the order of various alias directives. Defining `ScriptAliases`
+#   using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after
+#   *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias`
+#   directives. This often causes problems; for example, this could cause problems with Nagios.<BR />
+#   If `apache::mod::passenger` is loaded and `PassengerHighPerformance` is `true`, the `Alias`
+#   directive might not be able to honor the `PassengerEnabled => off` statement. See
+#   [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details.
+#
+# @param allow_encoded_slashes
+#   Sets the `AllowEncodedSlashes` declaration for the virtual host, overriding the server
+#   default. This modifies the virtual host responses to URLs with `\` and `/` characters. The
+#   default setting omits the declaration from the server configuration and selects the
+#   Apache default setting of `Off`.
+#
+# @param block
+#   Specifies the list of things to which Apache blocks access. Valid options are: `scm` (which
+#   blocks web access to `.svn`), `.git`, and `.bzr` directories.
+#
+# @param cas_attribute_prefix
+#   Adds a header with the value of this header being the attribute values when SAML
+#   validation is enabled.
+#
+# @param cas_attribute_delimiter
+#   Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
+#
+# @param cas_login_url
+#   Sets the URL to which the module redirects users when they attempt to access a
+#   CAS-protected resource and don't have an active session.
+#
+# @param cas_root_proxied_as
+#   Sets the URL end users see when access to this Apache server is proxied per vhost.
+#   This URL should not include a trailing slash.
+#
+# @param cas_scrub_request_headers
+#   Remove inbound request headers that may have special meaning within mod_auth_cas.
+#
+# @param cas_sso_enabled
+#   Enables experimental support for single sign out (may mangle POST data).
+#
+# @param cas_validate_saml
+#   Parse response from CAS server for SAML.
+#
+# @param cas_validate_url
+#   Sets the URL to use when validating a client-presented ticket in an HTTP query string.
+#
+# @param comment
+#   Adds comments to the header of the configuration file. Pass as string or an array of strings.
+#   For example:
+#   ``` puppet
+#   comment => "Account number: 123B",
+#   ```
+#   Or:
+#   ``` puppet
+#   comment => [
+#     "Customer: X",
+#     "Frontend domain: x.example.org",
+#   ]
+#   ```
+#
+# @param custom_fragment
+#   Passes a string of custom configuration directives to place at the end of the virtual
+#   host configuration.
+#
+# @param default_vhost
+#   Sets a given `apache::vhost` defined type as the default to serve requests that do not
+#   match any other `apache::vhost` defined types.
+#
+# @param directoryindex
+#   Sets the list of resources to look for when a client requests an index of the directory
+#   by specifying a '/' at the end of the directory name. See the `DirectoryIndex` directive
+#   documentation for details.
+#
+# @param docroot
+#   **Required**.<br />
+#   Sets the `DocumentRoot` location, from which Apache serves files.<br />
+#   If `docroot` and `manage_docroot` are both set to `false`, no `DocumentRoot` will be set
+#   and the accompanying `<Directory /path/to/directory>` block will not be created.
+#
+# @param docroot_group
+#   Sets group access to the `docroot` directory.
+#
+# @param docroot_owner
+#   Sets individual user access to the `docroot` directory.
+#
+# @param docroot_mode
+#   Sets access permissions for the `docroot` directory, in numeric notation.
+#
+# @param manage_docroot
+#   Determines whether Puppet manages the `docroot` directory.
+#
+# @param error_log
+#   Specifies whether `*_error.log` directives should be configured.
+#
+# @param error_log_file
+#   Points the virtual host's error logs to a `*_error.log` file. If this parameter is
+#   undefined, Puppet checks for values in `error_log_pipe`, then `error_log_syslog`.<br />
+#   If none of these parameters is set, given a virtual host `example.com`, Puppet defaults
+#   to `$logroot/example.com_error_ssl.log` for SSL virtual hosts and
+#   `$logroot/example.com_error.log` for non-SSL virtual hosts.
+#
+# @param error_log_pipe
+#   Specifies a pipe to send error log messages to.<br />
+#   This parameter has no effect if the `error_log_file` parameter has a value. If neither
+#   this parameter nor `error_log_file` has a value, Puppet then checks `error_log_syslog`.
+#
+# @param error_log_syslog
+#   Determines whether to send all error log messages to syslog.
+#   This parameter has no effect if either of the `error_log_file` or `error_log_pipe`
+#   parameters has a value. If none of these parameters has a value, given a virtual host
+#   `example.com`, Puppet defaults to `$logroot/example.com_error_ssl.log` for SSL virtual
+#   hosts and `$logroot/example.com_error.log` for non-SSL virtual hosts.
+#
+# @param error_documents
+#   A list of hashes which can be used to override the
+#   [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument)
+#   settings for this virtual host.<br />
+#   For example:
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     error_documents => [
+#       { 'error_code' => '503', 'document' => '/service-unavail' },
+#       { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },
+#     ],
+#   }
+#   ```
+#
+# @param ensure
+#   Specifies if the virtual host is present or absent.<br />
+#
+# @param fallbackresource
+#   Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource)
+#   directive, which specifies an action to take for any URL that doesn't map to anything in
+#   your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin
+#   with a `/` or be `disabled`.
+#
+# @param fastcgi_server
+#   Specify an external FastCGI server to manage a connection to.
+#
+# @param fastcgi_socket
+#   Specify the socket that will be used to communicate with an external FastCGI server.
+#
+# @param fastcgi_idle_timeout
+#   If using fastcgi, this option sets the timeout for the server to respond.
+#
+# @param fastcgi_dir
+#   Specify an internal FastCGI directory that is to be managed.
+#
+# @param filters
+#   [Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart,
+#   context-sensitive configuration of output content filters.
+#   ``` puppet
+#   apache::vhost { "$::fqdn":
+#     filters => [
+#       'FilterDeclare   COMPRESS',
+#       'FilterProvider  COMPRESS DEFLATE resp=Content-Type $text/html',
+#       'FilterChain     COMPRESS',
+#       'FilterProtocol  COMPRESS DEFLATE change=yes;byteranges=no',
+#     ],
+#   }
+#   ```
+#
+# @param h2_copy_files
+#   Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles)
+#   directive which influences how the requestion process pass files to the main connection.
+#
+# @param h2_direct
+#   Sets the [H2Direct](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2direct)
+#   directive which toggles the usage of the HTTP/2 Direct Mode.
+#
+# @param h2_early_hints
+#   Sets the [H2EarlyHints](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2earlyhints)
+#   directive which controls if HTTP status 103 interim responses are forwarded to
+#   the client or not.
+#
+# @param h2_max_session_streams
+#   Sets the [H2MaxSessionStreams](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2maxsessionstreams)
+#   directive which sets the maximum number of active streams per HTTP/2 session
+#   that the server allows.
+#
+# @param h2_modern_tls_only
+#   Sets the [H2ModernTLSOnly](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2moderntlsonly)
+#   directive which toggles the security checks on HTTP/2 connections in TLS mode.
+#
+# @param h2_push
+#   Sets the [H2Push](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2push)
+#   directive which toggles the usage of the HTTP/2 server push protocol feature.
+#
+# @param h2_push_diary_size
+#   Sets the [H2PushDiarySize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushdiarysize)
+#   directive which toggles the maximum number of HTTP/2 server pushes that are
+#   remembered per HTTP/2 connection.
+#
+# @param h2_push_priority
+#   Sets the [H2PushPriority](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushpriority)
+#   directive which defines the priority handling of pushed responses based on the
+#   content-type of the response.
+#
+# @param h2_push_resource
+#   Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource)
+#   directive which declares resources for early pushing to the client.
+#
+# @param h2_serialize_headers
+#   Sets the [H2SerializeHeaders](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2serializeheaders)
+#   directive which toggles if HTTP/2 requests are serialized in HTTP/1.1
+#   format for processing by httpd core.
+#
+# @param h2_stream_max_mem_size
+#   Sets the [H2StreamMaxMemSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2streammaxmemsize)
+#   directive which sets the maximum number of outgoing data bytes buffered in
+#   memory for an active stream.
+#
+# @param h2_tls_cool_down_secs
+#   Sets the [H2TLSCoolDownSecs](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlscooldownsecs)
+#   directive which sets the number of seconds of idle time on a TLS connection
+#   before the TLS write size falls back to a small (~1300 bytes) length.
+#
+# @param h2_tls_warm_up_size
+#   Sets the [H2TLSWarmUpSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlswarmupsize)
+#   directive which sets the number of bytes to be sent in small TLS records (~1300
+#   bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections.
+#
+# @param h2_upgrade
+#   Sets the [H2Upgrade](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2upgrade)
+#   directive which toggles the usage of the HTTP/1.1 Upgrade method for switching
+#   to HTTP/2.
+#
+# @param h2_window_size
+#   Sets the [H2WindowSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2windowsize)
+#   directive which sets the size of the window that is used for flow control from
+#   client to server and limits the amount of data the server has to buffer.
+#
+# @param headers
+#   Adds lines to replace, merge, or remove response headers. See
+#   [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information.
+#
+# @param ip
+#   Sets the IP address the virtual host listens on. By default, uses Apache's default behavior
+#   of listening on all IPs.
+#
+# @param ip_based
+#   Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual
+#   host. This parameter inhibits the creation of a NameVirtualHost directive, since those are
+#   used to funnel requests to name-based virtual hosts.
+#
+# @param itk
+#   Configures [ITK](http://mpm-itk.sesse.net/) in a hash.<br />
+#   Usage typically looks something like:
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     docroot => '/path/to/directory',
+#     itk     => {
+#       user  => 'someuser',
+#       group => 'somegroup',
+#     },
+#   }
+#   ```
+#   Valid values are: a hash, which can include the keys:
+#   * `user` + `group`
+#   * `assignuseridexpr`
+#   * `assigngroupidexpr`
+#   * `maxclientvhost`
+#   * `nice`
+#   * `limituidrange` (Linux 3.5.0 or newer)
+#   * `limitgidrange` (Linux 3.5.0 or newer)
+#
+# @param action
+#   Specifies whether you wish to configure mod_actions action directive which will
+#   activate cgi-script when triggered by a request.
+#
+# @param jk_mounts
+#   Sets up a virtual host with `JkMount` and `JkUnMount` directives to handle the paths
+#   for URL mapping between Tomcat and Apache.<br />
+#   The parameter must be an array of hashes where each hash must contain the `worker`
+#   and either the `mount` or `unmount` keys.<br />
+#   Usage typically looks like:
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     jk_mounts => [
+#       { mount   => '/*',     worker => 'tcnode1', },
+#       { unmount => '/*.jpg', worker => 'tcnode1', },
+#     ],
+#   }
+#   ```
+#
+# @param http_protocol_options
+#   Specifies the strictness of HTTP protocol checks.
+#
+# @param keepalive
+#   Determines whether to enable persistent HTTP connections with the `KeepAlive` directive
+#   for the virtual host. By default, the global, server-wide `KeepAlive` setting is in effect.<br />
+#   Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options
+#   for the virtual host.
+#
+# @param keepalive_timeout
+#   Sets the `KeepAliveTimeout` directive for the virtual host, which determines the amount
+#   of time to wait for subsequent requests on a persistent HTTP connection. By default, the
+#   global, server-wide `KeepAlive` setting is in effect.<br />
+#   This parameter is only relevant if either the global, server-wide `keepalive` parameter or
+#   the per-vhost `keepalive` parameter is enabled.
+#
+# @param max_keepalive_requests
+#   Limits the number of requests allowed per connection to the virtual host. By default,
+#   the global, server-wide `KeepAlive` setting is in effect.<br />
+#   This parameter is only relevant if either the global, server-wide `keepalive` parameter or
+#   the per-vhost `keepalive` parameter is enabled.
+#
+# @param auth_kerb
+#   Enable `mod_auth_kerb` parameters for a virtual host.<br />
+#   Usage typically looks like:
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     auth_kerb              => `true`,
+#     krb_method_negotiate   => 'on',
+#     krb_auth_realms        => ['EXAMPLE.ORG'],
+#     krb_local_user_mapping => 'on',
+#     directories            => {
+#       path         => '/var/www/html',
+#       auth_name    => 'Kerberos Login',
+#       auth_type    => 'Kerberos',
+#       auth_require => 'valid-user',
+#     },
+#   }
+#   ```
+#
+# @param krb_method_negotiate
+#   Determines whether to use the Negotiate method.
+#
+# @param krb_method_k5passwd
+#   Determines whether to use password-based authentication for Kerberos v5.
+#
+# @param krb_authoritative
+#   If set to `off`, authentication controls can be passed on to another module.
+#
+# @param krb_auth_realms
+#   Specifies an array of Kerberos realms to use for authentication.
+#
+# @param krb_5keytab
+#   Specifies the Kerberos v5 keytab file's location.
+#
+# @param krb_local_user_mapping
+#   Strips @REALM from usernames for further use.
+#
+# @param krb_verify_kdc
+#   This option can be used to disable the verification tickets against local keytab to prevent
+#   KDC spoofing attacks.
+#
+# @param krb_servicename
+#   Specifies the service name that will be used by Apache for authentication. Corresponding
+#   key of this name must be stored in the keytab.
+#
+# @param krb_save_credentials
+#   This option enables credential saving functionality.
+#
+# @param logroot
+#   Specifies the location of the virtual host's logfiles.
+#
+# @param logroot_ensure
+#   Determines whether or not to remove the logroot directory for a virtual host.
+#
+# @param logroot_mode
+#   Overrides the mode the logroot directory is set to. Do *not* grant write access to the
+#   directory the logs are stored in without being aware of the consequences; for more
+#   information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security).
+#
+# @param logroot_owner
+#   Sets individual user access to the logroot directory.
+#
+# @param logroot_group
+#   Sets group access to the `logroot` directory.
+#
+# @param log_level
+#   Specifies the verbosity of the error log.
+#
+# @param modsec_body_limit
+#   Configures the maximum request body size (in bytes) ModSecurity accepts for buffering.
+#
+# @param modsec_disable_vhost
+#   Disables `mod_security` on a virtual host. Only valid if `apache::mod::security` is included.
+#
+# @param modsec_disable_ids
+#   Removes `mod_security` IDs from the virtual host.<br />
+#   Also takes a hash allowing removal of an ID from a specific location.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     modsec_disable_ids => [ 90015, 90016 ],
+#   }
+#   ```
+#
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     modsec_disable_ids => { '/location1' => [ 90015, 90016 ] },
+#   }
+#   ```
+#
+# @param modsec_disable_ips
+#   Specifies an array of IP addresses to exclude from `mod_security` rule matching.
+#
+# @param modsec_disable_msgs
+#   Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing
+#   removal of an Msg from a specific location.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'],
+#   }
+#   ```
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] },
+#   }
+#   ```
+#
+# @param modsec_disable_tags
+#   Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing
+#   removal of an Tag from a specific location.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'],
+#   }
+#   ```
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] },
+#   }
+#   ```
+#
+# @param modsec_audit_log_file
+#   If set, it is relative to `logroot`.<br />
+#   One of the parameters that determines how to send `mod_security` audit
+#   log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
+#   If none of those parameters are set, the global audit log is used
+#   (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
+#
+# @param modsec_audit_log_pipe
+#   If `modsec_audit_log_pipe` is set, it should start with a pipe. Example
+#   `|/path/to/mlogc /path/to/mlogc.conf`.<br />
+#   One of the parameters that determines how to send `mod_security` audit
+#   log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
+#   If none of those parameters are set, the global audit log is used
+#   (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
+#
+# @param modsec_audit_log
+#   If `modsec_audit_log` is `true`, given a virtual host ---for instance, example.com--- it
+#   defaults to `example.com\_security\_ssl.log` for SSL-encrypted virtual hosts
+#   and `example.com\_security.log` for unencrypted virtual hosts.<br />
+#   One of the parameters that determines how to send `mod_security` audit
+#   log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).<br />
+#   If none of those parameters are set, the global audit log is used
+#   (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
+#
+# @param no_proxy_uris
+#   Specifies URLs you do not want to proxy. This parameter is meant to be used in combination
+#   with [`proxy_dest`](#proxy_dest).
+#
+# @param no_proxy_uris_match
+#   This directive is equivalent to `no_proxy_uris`, but takes regular expressions.
+#
+# @param proxy_preserve_host
+#   Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost).<br />
+#   Setting this parameter to `true` enables the `Host:` line from an incoming request to be
+#   proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'.
+#
+# @param proxy_add_headers
+#   Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders).<br />
+#   This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For,
+#   X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server.
+#
+# @param proxy_error_override
+#   Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride).
+#   This directive controls whether Apache should override error pages for proxied content.
+#
+# @param options
+#   Sets the `Options` for the specified virtual host. For example:
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     …
+#     options => ['Indexes','FollowSymLinks','MultiViews'],
+#   }
+#   ```
+#   > **Note**: If you use the `directories` parameter of `apache::vhost`, 'Options',
+#   'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`.
+#
+# @param override
+#   Sets the overrides for the specified virtual host. Accepts an array of
+#   [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments.
+#
+# @param passenger_enabled
+#   Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled)
+#   directive to `on` or `off`. Requires `apache::mod::passenger` to be included.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     docroot     => '/path/to/directory',
+#     directories => [
+#       { path              => '/path/to/directory',
+#         passenger_enabled => 'on',
+#       },
+#     ],
+#   }
+#   ```
+#   > **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html)
+#   using the PassengerEnabled directive with the PassengerHighPerformance directive.
+#
+# @param passenger_base_uri
+#   Sets [PassengerBaseURI](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbase_rui),
+#    to specify that the given URI is a distinct application served by Passenger.
+#
+# @param passenger_ruby
+#   Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby),
+#   specifying the Ruby interpreter to use when serving the relevant web applications.
+#
+# @param passenger_python
+#   Sets [PassengerPython](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpython),
+#   specifying the Python interpreter to use when serving the relevant web applications.
+#
+# @param passenger_nodejs
+#   Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#passengernodejs),
+#   specifying Node.js command to use when serving the relevant web applications.
+#
+# @param passenger_meteor_app_settings
+#   Sets [PassengerMeteorAppSettings](https://www.phusionpassenger.com/library/config/apache/reference/#passengermeteorappsettings),
+#   specifying a JSON file with settings for the application when using a Meteor
+#   application in non-bundled mode.
+#
+# @param passenger_app_env
+#   Sets [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv),
+#   the environment for the Passenger application. If not specified, defaults to the global
+#   setting or 'production'.
+#
+# @param passenger_app_root
+#   Sets [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot),
+#   the location of the Passenger application root if different from the DocumentRoot.
+#
+# @param passenger_app_group_name
+#   Sets [PassengerAppGroupName](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappgroupname),
+#    the name of the application group that the current application should belong to.
+#
+# @param passenger_app_type
+#   Sets [PassengerAppType](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapptype),
+#    to force Passenger to recognize the application as a specific type.
+#
+# @param passenger_startup_file
+#   Sets the [PassengerStartupFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile)
+#   path. This path is relative to the application root.
+#
+# @param passenger_restart_dir
+#   Sets the [PassengerRestartDir](https://www.phusionpassenger.com/library/config/apache/reference/#passengerrestartdir)
+#    to customize the directory in which `restart.txt` is searched for.
+#
+# @param passenger_spawn_method
+#   Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/library/config/apache/reference/#passengerspawnmethod),
+#   whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.
+#
+# @param passenger_load_shell_envvars
+#   Sets [PassengerLoadShellEnvvars](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloadshellenvvars),
+#   to enable or disable the loading of shell environment variables before spawning the application.
+#
+# @param passenger_rolling_restarts
+#   Sets [PassengerRollingRestarts](https://www.phusionpassenger.com/library/config/apache/reference/#passengerrollingrestarts),
+#   to enable or disable support for zero-downtime application restarts through `restart.txt`.
+#
+# @param passenger_resist_deployment_errors
+#   Sets [PassengerResistDeploymentErrors](https://www.phusionpassenger.com/library/config/apache/reference/#passengerresistdeploymenterrors),
+#   to enable or disable resistance against deployment errors.
+#
+# @param passenger_user
+#   Sets [PassengerUser](https://www.phusionpassenger.com/library/config/apache/reference/#passengeruser),
+#   the running user for sandboxing applications.
+#
+# @param passenger_group
+#   Sets [PassengerGroup](https://www.phusionpassenger.com/library/config/apache/reference/#passengergroup),
+#   the running group for sandboxing applications.
+#
+# @param passenger_friendly_error_pages
+#   Sets [PassengerFriendlyErrorPages](https://www.phusionpassenger.com/library/config/apache/reference/#passengerfriendlyerrorpages),
+#   which can display friendly error pages whenever an application fails to start. This
+#   friendly error page presents the startup error message, some suggestions for solving
+#   the problem, a backtrace and a dump of the environment variables.
+#
+# @param passenger_min_instances
+#   Sets [PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances),
+#   the minimum number of application processes to run.
+#
+# @param passenger_max_instances
+#   Sets [PassengerMaxInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstances),
+#   the maximum number of application processes to run.
+#
+# @param passenger_max_preloader_idle_time
+#   Sets [PassengerMaxPreloaderIdleTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpreloaderidletime),
+#   the maximum amount of time the preloader waits before shutting down an idle process.
+#
+# @param passenger_force_max_concurrent_requests_per_process
+#   Sets [PassengerForceMaxConcurrentRequestsPerProcess](https://www.phusionpassenger.com/library/config/apache/reference/#passengerforcemaxconcurrentrequestsperprocess),
+#   the maximum amount of concurrent requests the application can handle per process.
+#
+# @param passenger_start_timeout
+#   Sets [PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout),
+#   the timeout for the application startup.
+#
+# @param passenger_concurrency_model
+#   Sets [PassengerConcurrencyModel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerconcurrencyodel),
+#   to specify the I/O concurrency model that should be used for Ruby application processes.
+#   Passenger supports two concurrency models:<br />
+#   * `process` – single-threaded, multi-processed I/O concurrency.
+#   * `thread` – multi-threaded, multi-processed I/O concurrency.
+#
+# @param passenger_thread_count
+#   Sets [PassengerThreadCount](https://www.phusionpassenger.com/library/config/apache/reference/#passengerthreadcount),
+#   the number of threads that Passenger should spawn per Ruby application process.<br />
+#   This option only has effect if PassengerConcurrencyModel is `thread`.
+#
+# @param passenger_max_requests
+#   Sets [PassengerMaxRequests](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests),
+#   the maximum number of requests an application process will process.
+#
+# @param passenger_max_request_time
+#   Sets [PassengerMaxRequestTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequesttime),
+#   the maximum amount of time, in seconds, that an application process may take to
+#   process a request.
+#
+# @param passenger_memory_limit
+#   Sets [PassengerMemoryLimit](https://www.phusionpassenger.com/library/config/apache/reference/#passengermemorylimit),
+#   the maximum amount of memory that an application process may use, in megabytes.
+#
+# @param passenger_stat_throttle_rate
+#   Sets [PassengerStatThrottleRate](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstatthrottlerate),
+#   to set a limit, in seconds, on how often Passenger will perform it's filesystem checks.
+#
+# @param passenger_pre_start
+#   Sets [PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/reference/#passengerprestart),
+#   the URL of the application if pre-starting is required.
+#
+# @param passenger_high_performance
+#   Sets [PassengerHighPerformance](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance),
+#   to enhance performance in return for reduced compatibility.
+#
+# @param passenger_buffer_upload
+#   Sets [PassengerBufferUpload](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbufferupload),
+#   to buffer HTTP client request bodies before they are sent to the application.
+#
+# @param passenger_buffer_response
+#   Sets [PassengerBufferResponse](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbufferresponse),
+#   to buffer Happlication-generated responses.
+#
+# @param passenger_error_override
+#   Sets [PassengerErrorOverride](https://www.phusionpassenger.com/library/config/apache/reference/#passengererroroverride),
+#   to specify whether Apache will intercept and handle response with HTTP status codes of
+#   400 and higher.
+#
+# @param passenger_max_request_queue_size
+#   Sets [PassengerMaxRequestQueueSize](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize),
+#   to specify the maximum amount of requests that are allowed to queue whenever the maximum
+#   concurrent request limit is reached. If the queue is already at this specified limit, then
+#   Passenger immediately sends a "503 Service Unavailable" error to any incoming requests.<br />
+#   A value of 0 means that the queue size is unbounded.
+#
+# @param passenger_max_request_queue_time
+#   Sets [PassengerMaxRequestQueueTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuetime),
+#   to specify the maximum amount of time that requests are allowed to stay in the queue
+#   whenever the maximum concurrent request limit is reached. If a request reaches this specified
+#   limit, then Passenger immeaditly sends a "504 Gateway Timeout" error for that request.<br />
+#   A value of 0 means that the queue time is unbounded.
+#
+# @param passenger_sticky_sessions
+#   Sets [PassengerStickySessions](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions),
+#   to specify that, whenever possible, all requests sent by a client will be routed to the same
+#   originating application process.
+#
+# @param passenger_sticky_sessions_cookie_name
+#   Sets [PassengerStickySessionsCookieName](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessionscookiename),
+#   to specify the name of the sticky sessions cookie.
+#
+# @param passenger_allow_encoded_slashes
+#   Sets [PassengerAllowEncodedSlashes](https://www.phusionpassenger.com/library/config/apache/reference/#passengerallowencodedslashes),
+#   to allow URLs with encoded slashes. Please note that this feature will not work properly
+#   unless Apache's `AllowEncodedSlashes` is also enabled.
+#
+# @param passenger_debugger
+#   Sets [PassengerDebugger](https://www.phusionpassenger.com/library/config/apache/reference/#passengerdebugger),
+#   to turn support for Ruby application debugging on or off.
+#
+# @param passenger_lve_min_uid
+#   Sets [PassengerLveMinUid](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlveminuid),
+#   to only allow the spawning of application processes with UIDs equal to, or higher than, this
+#   specified value on LVE-enabled kernels.
+#
+# @param php_values
+#   Allows per-virtual host setting [`php_value`s](http://php.net/manual/en/configuration.changes.php).
+#   These flags or values can be overwritten by a user or an application.
+#   Within a vhost declaration:
+#   ``` puppet
+#     php_values    => [ 'include_path ".:/usr/local/example-app/include"' ],
+#   ```
+#
+# @param php_flags
+#   Allows per-virtual host setting [`php_flags\``](http://php.net/manual/en/configuration.changes.php).
+#   These flags or values can be overwritten by a user or an application.
+#
+# @param php_admin_values
+#   Allows per-virtual host setting [`php_admin_value`](http://php.net/manual/en/configuration.changes.php).
+#   These flags or values cannot be overwritten by a user or an application.
+#
+# @param php_admin_flags
+#   Allows per-virtual host setting [`php_admin_flag`](http://php.net/manual/en/configuration.changes.php).
+#   These flags or values cannot be overwritten by a user or an application.
+#
+# @param port
+#   Sets the port the host is configured on. The module's defaults ensure the host listens
+#   on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only
+#   listens on the port set in this parameter.
+#
+# @param priority
+#   Sets the relative load-order for Apache HTTPD VirtualHost configuration files.<br />
+#   If nothing matches the priority, the first name-based virtual host is used. Likewise,
+#   passing a higher priority causes the alphabetically first name-based virtual host to be
+#   used if no other names match.<br />
+#   > **Note:** You should not need to use this parameter. However, if you do use it, be
+#   aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'.<br />
+#   To omit the priority prefix in file names, pass a priority of `false`.
+#
+# @param protocols
+#   Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols)
+#   directive, which lists available protocols for the virutal host.
+#
+# @param protocols_honor_order
+#   Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder)
+#   directive which determines wether the order of Protocols sets precedence during negotiation.
+#
+# @param proxy_dest
+#   Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration.
+#
+# @param proxy_pass
+#   Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass)
+#   configuration. Optionally, parameters can be added as an array.
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     …
+#     proxy_pass => [
+#       { 'path' => '/a', 'url' => 'http://backend-a/' },
+#       { 'path' => '/b', 'url' => 'http://backend-b/' },
+#       { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}},
+#       { 'path' => '/l', 'url' => 'http://backend-xy',
+#         'reverse_urls' => ['http://backend-x', 'http://backend-y'] },
+#       { 'path' => '/d', 'url' => 'http://backend-a/d',
+#         'params' => { 'retry' => '0', 'timeout' => '5' }, },
+#       { 'path' => '/e', 'url' => 'http://backend-a/e',
+#         'keywords' => ['nocanon', 'interpolate'] },
+#       { 'path' => '/f', 'url' => 'http://backend-f/',
+#         'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']},
+#       { 'path' => '/g', 'url' => 'http://backend-g/',
+#         'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], },
+#       { 'path' => '/h', 'url' => 'http://backend-h/h',
+#         'no_proxy_uris' => ['/h/admin', '/h/server-status'] },
+#     ],
+#   }
+#   ```
+#   * `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string.
+#   * `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`.
+#   * `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings.
+#   * `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array.
+#
+# @param proxy_dest_match
+#   This directive is equivalent to `proxy_dest`, but takes regular expressions, see
+#   [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)
+#   for details.
+#
+# @param proxy_dest_reverse_match
+#   Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See
+#   [ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse)
+#   for details.
+#
+# @param proxy_pass_match
+#   This directive is equivalent to `proxy_pass`, but takes regular expressions, see
+#   [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)
+#   for details.
+#
+# @param redirect_dest
+#   Specifies the address to redirect to.
+#
+# @param redirect_source
+#   Specifies the source URIs that redirect to the destination specified in `redirect_dest`.
+#   If more than one item for redirect is supplied, the source and destination must be the same
+#   length, and the items are order-dependent.
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     …
+#     redirect_source => ['/images','/downloads'],
+#     redirect_dest   => ['http://img.example.com/','http://downloads.example.com/'],
+#   }
+#   ```
+#
+# @param redirect_status
+#   Specifies the status to append to the redirect.
+#   ``` puppet
+#     apache::vhost { 'site.name.fdqn':
+#     …
+#     redirect_status => ['temp','permanent'],
+#   }
+#   ```
+#
+# @param redirectmatch_regexp
+#   Determines which server status should be raised for a given regular expression
+#   and where to forward the user to. Entered as an array alongside redirectmatch_status
+#   and redirectmatch_dest.
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     …
+#     redirectmatch_status => ['404','404'],
+#     redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
+#     redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
+#   }
+#   ```
+#
+# @param redirectmatch_status
+#   Determines which server status should be raised for a given regular expression
+#   and where to forward the user to. Entered as an array alongside redirectmatch_regexp
+#   and redirectmatch_dest.
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     …
+#     redirectmatch_status => ['404','404'],
+#     redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
+#     redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
+#   }
+#   ```
+#
+# @param redirectmatch_dest
+#   Determines which server status should be raised for a given regular expression
+#   and where to forward the user to. Entered as an array alongside redirectmatch_status
+#   and redirectmatch_regexp.
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     …
+#     redirectmatch_status => ['404','404'],
+#     redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
+#     redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
+#   }
+#   ```
+#
+# @param request_headers
+#   Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader)
+#   in various ways, including adding additional request headers, removing request headers,
+#   and so on.
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     …
+#     request_headers => [
+#       'append MirrorID "mirror 12"',
+#       'unset MirrorID',
+#     ],
+#   }
+#   ```
+#
+# @param rewrites
+#   Creates URL rewrite rules. Expects an array of hashes.<br />
+#   Valid Hash keys include `comment`, `rewrite_base`, `rewrite_cond`, `rewrite_rule`
+#   or `rewrite_map`.<br />
+#   For example, you can specify that anyone trying to access index.html is served welcome.html
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     …
+#     rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ]
+#   }
+#   ```
+#   The parameter allows rewrite conditions that, when `true`, execute the associated rule.
+#   For instance, if you wanted to rewrite URLs only if the visitor is using IE
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     …
+#     rewrites => [
+#       {
+#         comment      => 'redirect IE',
+#         rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
+#         rewrite_rule => ['^index\.html$ welcome.html'],
+#       },
+#     ],
+#   }
+#   ```
+#   You can also apply multiple conditions. For instance, rewrite index.html to welcome.html
+#   only when the browser is Lynx or Mozilla (version 1 or 2)
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     …
+#     rewrites => [
+#       {
+#         comment      => 'Lynx or Mozilla v1/2',
+#         rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
+#         rewrite_rule => ['^index\.html$ welcome.html'],
+#       },
+#     ],
+#   }
+#   ```
+#   Multiple rewrites and conditions are also possible
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     …
+#     rewrites => [
+#       {
+#         comment      => 'Lynx or Mozilla v1/2',
+#         rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
+#         rewrite_rule => ['^index\.html$ welcome.html'],
+#       },
+#       {
+#         comment      => 'Internet Explorer',
+#         rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
+#         rewrite_rule => ['^index\.html$ /index.IE.html [L]'],
+#       },
+#       {
+#         rewrite_base => /apps/,
+#         rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'],
+#       },
+#       { comment      => 'Rewrite to lower case',
+#         rewrite_cond => ['%{REQUEST_URI} [A-Z]'],
+#         rewrite_map  => ['lc int:tolower'],
+#         rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'],
+#       },
+#     ],
+#   }
+#   ```
+#   Refer to the [`mod_rewrite` documentation](https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html)
+#   for more details on what is possible with rewrite rules and conditions.<br />
+#   > **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite`
+#   and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather
+#   than setting the rewrites in the virtual host's directories.
+#
+# @param rewrite_base
+#   The parameter [`rewrite_base`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase)
+#   specifies the URL prefix to be used for per-directory (htaccess) RewriteRule directives
+#   that substitue a relative path.
+#
+# @param rewrite_rule
+#   The parameter [`rewrite_rile`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule)
+#   allows the user to define the rules that will be used by the rewrite engine.
+#
+# @param rewrite_cond
+#   The parameter [`rewrite_cond`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond)
+#   defines a rule condition, that when satisfied will implement that rule within the
+#   rewrite engine.
+#
+# @param rewrite_inherit
+#   Determines whether the virtual host inherits global rewrite rules.<br />
+#   Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or
+#   inside the virtual host `.conf` file. By default, virtual hosts do not inherit
+#   global settings. To activate inheritance, specify the `rewrites` parameter and set
+#   `rewrite_inherit` parameter to `true`:
+#   ``` puppet
+#   apache::vhost { 'site.name.fdqn':
+#     …
+#     rewrites => [
+#       <rules>,
+#     ],
+#     rewrite_inherit => `true`,
+#   }
+#   ```
+#   > **Note**: The `rewrites` parameter is **required** for this to have effect<br />
+#   Apache activates global `Rewrite` rules inheritance if the virtual host files contains
+#   the following directives:
+#   ``` ApacheConf
+#   RewriteEngine On
+#   RewriteOptions Inherit
+#   ```
+#   Refer to the official [`mod_rewrite`](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html)
+#   documentation, section "Rewriting in Virtual Hosts".
+#
+# @param scriptalias
+#   Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as
+#   '/usr/scripts'.
+#
+# @param scriptaliases
+#   > **Note**: This parameter is deprecated in favor of the `aliases` parameter.<br />
+#   Passes an array of hashes to the virtual host to create either ScriptAlias or
+#   ScriptAliasMatch statements per the `mod_alias` documentation.
+#   ``` puppet
+#   scriptaliases => [
+#     {
+#       alias => '/myscript',
+#       path  => '/usr/share/myscript',
+#     },
+#     {
+#       aliasmatch => '^/foo(.*)',
+#       path       => '/usr/share/fooscripts$1',
+#     },
+#     {
+#       aliasmatch => '^/bar/(.*)',
+#       path       => '/usr/share/bar/wrapper.sh/$1',
+#     },
+#     {
+#       alias => '/neatscript',
+#       path  => '/usr/share/neatscript',
+#     },
+#   ]
+#   ```
+#   The ScriptAlias and ScriptAliasMatch directives are created in the order specified.
+#   As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases
+#   before more general ones to avoid shadowing.
+#
+# @param serveradmin
+#   Specifies the email address Apache displays when it renders one of its error pages.
+#
+# @param serveraliases
+#   Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias)
+#   of the site.
+#
+# @param servername
+#   Sets the servername corresponding to the hostname you connect to the virtual host at.
+#
+# @param setenv
+#   Used by HTTPD to set environment variables for virtual hosts.<br />
+#   Example:
+#   ``` puppet
+#   apache::vhost { 'setenv.example.com':
+#     setenv => ['SPECIAL_PATH /foo/bin'],
+#   }
+#   ```
+#
+# @param setenvif
+#   Used by HTTPD to conditionally set environment variables for virtual hosts.
+#
+# @param setenvifnocase
+#   Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching).
+#
+# @param suexec_user_group
+#   Allows the spcification of user and group execution privileges for CGI programs through
+#   inclusion of the `mod_suexec` module.
+#
+# @param suphp_addhandler
+#   Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
+#   working together with suphp_configpath and suphp_engine.<br />
+#   An example virtual host configuration with suPHP:
+#   ``` puppet
+#   apache::vhost { 'suphp.example.com':
+#     port             => '80',
+#     docroot          => '/home/appuser/myphpapp',
+#     suphp_addhandler => 'x-httpd-php',
+#     suphp_engine     => 'on',
+#     suphp_configpath => '/etc/php5/apache2',
+#     directories      => { path => '/home/appuser/myphpapp',
+#       'suphp'        => { user => 'myappuser', group => 'myappgroup' },
+#     }
+#   }
+#   ```
+#
+# @param suphp_configpath
+#   Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
+#   working together with suphp_addhandler and suphp_engine.<br />
+#   An example virtual host configuration with suPHP:
+#   ``` puppet
+#   apache::vhost { 'suphp.example.com':
+#     port             => '80',
+#     docroot          => '/home/appuser/myphpapp',
+#     suphp_addhandler => 'x-httpd-php',
+#     suphp_engine     => 'on',
+#     suphp_configpath => '/etc/php5/apache2',
+#     directories      => { path => '/home/appuser/myphpapp',
+#       'suphp'        => { user => 'myappuser', group => 'myappgroup' },
+#     }
+#   }
+#   ```
+#
+# @param suphp_engine
+#   Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
+#   working together with suphp_configpath and suphp_addhandler.<br />
+#   An example virtual host configuration with suPHP:
+#   ``` puppet
+#   apache::vhost { 'suphp.example.com':
+#     port             => '80',
+#     docroot          => '/home/appuser/myphpapp',
+#     suphp_addhandler => 'x-httpd-php',
+#     suphp_engine     => 'on',
+#     suphp_configpath => '/etc/php5/apache2',
+#     directories      => { path => '/home/appuser/myphpapp',
+#       'suphp'        => { user => 'myappuser', group => 'myappgroup' },
+#     }
+#   }
+#   ```
+#
+# @param vhost_name
+#   Enables name-based virtual hosting. If no IP is passed to the virtual host, but the
+#   virtual host is assigned a port, then the virtual host name is `vhost_name:port`.
+#   If the virtual host has no assigned IP or port, the virtual host name is set to the
+#   title of the resource.
+#
+# @param virtual_docroot
+#   Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the
+#   same name. For example, `http://example.com` would map to `/var/www/example.com`.
+#   ``` puppet
+#   apache::vhost { 'subdomain.loc':
+#     vhost_name      => '*',
+#     port            => '80',
+#     virtual_docroot => '/var/www/%-2+',
+#     docroot         => '/var/www',
+#     serveraliases   => ['*.loc',],
+#   }
+#   ```
+#
+# @param wsgi_daemon_process
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process_options, wsgi_process_group,
+#   wsgi_script_aliases and wsgi_pass_authorization.<br />
+#   A hash that sets the name of the WSGI daemon, accepting
+#   [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html).<br />
+#   An example virtual host configuration with WSGI:
+#   ``` puppet
+#   apache::vhost { 'wsgi.example.com':
+#     port                        => '80',
+#     docroot                     => '/var/www/pythonapp',
+#     wsgi_daemon_process         => 'wsgi',
+#     wsgi_daemon_process_options =>
+#       { processes    => '2',
+#         threads      => '15',
+#         display-name => '%{GROUP}',
+#       },
+#     wsgi_process_group          => 'wsgi',
+#     wsgi_script_aliases         => { '/' => '/var/www/demo.wsgi' },
+#     wsgi_chunked_request        => 'On',
+#   }
+#   ```
+#
+# @param wsgi_daemon_process_options
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_process_group,
+#   wsgi_script_aliases and wsgi_pass_authorization.<br />
+#   Sets the group ID that the virtual host runs under.
+#
+# @param wsgi_application_group
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+#   and wsgi_pass_authorization.<br />
+#   This parameter defines the [`WSGIApplicationGroup directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html),
+#   thus allowing you to specify which application group the WSGI application belongs to,
+#   with all WSGI applications within the same group executing within the context of the
+#   same Python sub interpreter.
+#
+# @param wsgi_import_script
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+#   and wsgi_pass_authorization.<br />
+#   This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html),
+#   which can be used in order to specify a script file to be loaded upon a process starting.
+#
+# @param wsgi_import_script_options
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+#   and wsgi_pass_authorization.<br />
+#   This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html),
+#   which can be used in order to specify a script file to be loaded upon a process starting.<br />
+#   Specifies the process and aplication groups of the script.
+#
+# @param wsgi_chunked_request
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+#   and wsgi_pass_authorization.<br />
+#   This parameter defines the [`WSGIChunkedRequest directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIChunkedRequest.html),
+#   allowing you to enable support for chunked request content.<br />
+#   WSGI is technically incapable of supporting chunked request content without all chunked
+#   request content having first been read in and buffered.
+#
+# @param wsgi_process_group
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options,
+#   wsgi_script_aliases and wsgi_pass_authorization.<br />
+#   Requires a hash of web paths to filesystem `.wsgi paths/`.
+#
+# @param wsgi_script_aliases
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+#   and wsgi_pass_authorization.<br />
+#   Uses the WSGI application to handle authorization instead of Apache when set to `On`.<br />
+#   For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).
+#
+# @param wsgi_script_aliases_match
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+#   and wsgi_pass_authorization.<br />
+#   Uses the WSGI application to handle authorization instead of Apache when set to `On`.<br />
+#   This directive is similar to `wsgi_script_aliases`, but makes use of regular expressions
+#   in place of simple prefix matching.<br />
+#   For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).
+#
+# @param wsgi_pass_authorization
+#   Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+#   wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group and
+#   wsgi_script_aliases.<br />
+#   Enables support for chunked requests.
+#
+# @param directories
+#   The `directories` parameter within the `apache::vhost` class passes an array of hashes
+#   to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory),
+#   [File](https://httpd.apache.org/docs/current/mod/core.html#files), and
+#   [Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks.
+#   These blocks take the form, `< Directory /path/to/directory>...< /Directory>`.<br />
+#   The `path` key sets the path for the directory, files, and location blocks. Its value
+#   must be a path for the `directory`, `files`, and `location` providers, or a regex for
+#   the `directorymatch`, `filesmatch`, or `locationmatch` providers. Each hash passed to
+#   `directories` **must** contain `path` as one of the keys.<br />
+#   The `provider` key is optional. If missing, this key defaults to `directory`.
+#    Values: `directory`, `files`, `proxy`, `location`, `directorymatch`, `filesmatch`,
+#   `proxymatch` or `locationmatch`. If you set `provider` to `directorymatch`, it
+#   uses the keyword `DirectoryMatch` in the Apache config file.<br />
+#   An example use of `directories`:
+#   ``` puppet
+#   apache::vhost { 'files.example.net':
+#     docroot     => '/var/www/files',
+#     directories => [
+#       { 'path'     => '/var/www/files',
+#         'provider' => 'files',
+#         'deny'     => 'from all',
+#       },
+#     ],
+#   }
+#   ```
+#   > **Note:** At least one directory should match the `docroot` parameter. After you
+#   start declaring directories, `apache::vhost` assumes that all required Directory blocks
+#   will be declared. If not defined, a single default Directory block is created that matches
+#   the `docroot` parameter.<br />
+#   Available handlers, represented as keys, should be placed within the `directory`,
+#   `files`, or `location` hashes. This looks like
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     docroot     => '/path/to/directory',
+#     directories => [ { path => '/path/to/directory', handler => value } ],
+#   }
+#   ```
+#   Any handlers you do not set in these hashes are considered `undefined` within Puppet and
+#   are not added to the virtual host, resulting in the module using their default values.
+#
+# @param custom_fragment
+#   Pass a string of custom configuration directives to be placed at the end of the directory
+#   configuration.
+#   ``` puppet
+#   apache::vhost { 'monitor':
+#     …
+#     directories => [
+#       {
+#         path => '/path/to/directory',
+#         custom_fragment => '
+#   <Location /balancer-manager>
+#     SetHandler balancer-manager
+#     Order allow,deny
+#     Allow from all
+#   </Location>
+#   <Location /server-status>
+#     SetHandler server-status
+#     Order allow,deny
+#     Allow from all
+#   </Location>
+#   ProxyStatus On',
+#       },
+#     ]
+#   }
+#   ```
+#
+# @param error_documents
+#   An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument)
+#   settings for the directory.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     directories => [
+#       { path            => '/srv/www',
+#         error_documents => [
+#           { 'error_code' => '503',
+#             'document'   => '/service-unavail',
+#           },
+#         ],
+#       },
+#     ],
+#   }
+#   ```
+#
+# @param h2_copy_files
+#   Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive.<br />
+#   Note that you must declare `class {'apache::mod::http2': }` before using this directive.
+#
+# @param h2_push_resource
+#   Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive.<br />
+#   Note that you must declare `class {'apache::mod::http2': }` before using this directive.
+#
+# @param headers
+#   Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     docroot     => '/path/to/directory',
+#     directories => {
+#       path    => '/path/to/directory',
+#       headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
+#     },
+#   }
+#   ```
+#
+# @param options
+#   Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the
+#   given Directory block.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     docroot     => '/path/to/directory',
+#     directories => [
+#       { path    => '/path/to/directory',
+#         options => ['Indexes','FollowSymLinks','MultiViews'],
+#       },
+#     ],
+#   }
+#   ```
+#
+# @param shib_compat_valid_user
+#   Default is Off, matching the behavior prior to this command's existence. Addresses a conflict
+#   when using Shibboleth in conjunction with other auth/auth modules by restoring `standard`
+#   Apache behavior when processing the `valid-user` and `user` Require rules. See the
+#   [`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions),
+#   and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess)
+#   topic for more details. This key is disabled if `apache::mod::shib` is not defined.
+#
+# @param ssl_options
+#   String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions),
+#   which configure SSL engine run-time options. This handler takes precedence over SSLOptions
+#   set in the parent block of the virtual host.
+#   ``` puppet
+#   apache::vhost { 'secure.example.net':
+#     docroot     => '/path/to/directory',
+#     directories => [
+#       { path        => '/path/to/directory',
+#         ssl_options => '+ExportCertData',
+#       },
+#       { path        => '/path/to/different/dir',
+#         ssl_options => ['-StdEnvVars', '+ExportCertData'],
+#       },
+#     ],
+#   }
+#   ```
+#
+# @param additional_includes
+#   Specifies paths to additional static, specific Apache configuration files in virtual
+#   host directories.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     docroot     => '/path/to/directory',
+#     directories => [
+#       { path  => '/path/to/different/dir',
+#         additional_includes => ['/custom/path/includes', '/custom/path/another_includes',],
+#       },
+#     ],
+#   }
+#   ```
+#
+# @param ssl
+#   Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries.
+#
+# @param ssl_ca
+#   Specifies the SSL certificate authority to be used to verify client certificates used
+#   for authentication. You must also set `ssl_verify_client` to use this.
+#
+# @param ssl_cert
+#   Specifies the SSL certification.
+#
+# @param ssl_protocol
+#   Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol).
+#   Expects an array or space separated string of accepted protocols.
+#
+# @param ssl_cipher
+#   Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite).
+#
+# @param ssl_honorcipherorder
+#   Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder),
+#   to cause Apache to use the server's preferred order of ciphers rather than the client's
+#   preferred order.
+#
+# @param ssl_certs_dir
+#   Specifies the location of the SSL certification directory to verify client certs. Will not
+#   be used unless `ssl_verify_client` is also set (see below).
+#
+# @param ssl_chain
+#   Specifies the SSL chain. This default works out of the box, but it must be updated in
+#   the base `apache` class with your specific certificate information before being used in
+#   production.
+#
+# @param ssl_crl
+#   Specifies the certificate revocation list to use. (This default works out of the box but
+#   must be updated in the base `apache` class with your specific certificate information
+#   before being used in production.)
+#
+# @param ssl_crl_path
+#   Specifies the location of the certificate revocation list to verify certificates for
+#   client authentication with. (This default works out of the box but must be updated in
+#   the base `apache` class with your specific certificate information before being used in
+#   production.)
+#
+# @param ssl_crl_check
+#   Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck)
+#   for ssl client authentication. The default works out of the box but must be specified when
+#   using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on
+#   older versions.
+#
+# @param ssl_key
+#   Specifies the SSL key.<br />
+#   Defaults are based on your operating system. Default work out of the box but must be
+#   updated in the base `apache` class with your specific certificate information before
+#   being used in production.
+#
+# @param ssl_verify_client
+#   Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient)
+#   directive, which sets the certificate verification level for client authentication.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     …
+#     ssl_verify_client => 'optional',
+#   }
+#   ```
+#
+# @param ssl_verify_depth
+#   Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth)
+#   directive, which specifies the maximum depth of CA certificates in client certificate
+#   verification. You must set `ssl_verify_client` for it to take effect.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     …
+#     ssl_verify_client => 'require',
+#     ssl_verify_depth => 1,
+#   }
+#   ```
+#
+# @param ssl_proxy_protocol
+#   Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol)
+#   directive, which controls which SSL protocol flavors `mod_ssl` should use when establishing
+#   its server environment for proxy. It connects to servers using only one of the provided
+#   protocols.
+#
+# @param ssl_proxy_verify
+#   Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify)
+#   directive, which configures certificate verification of the remote server when a proxy is
+#   configured to forward requests to a remote SSL server.
+#
+# @param ssl_proxy_verify_depth
+#   Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth)
+#   directive, which configures how deeply mod_ssl should verify before deciding that the
+#   remote server does not have a valid certificate.<br />
+#   A depth of 0 means that only self-signed remote server certificates are accepted,
+#   the default depth of 1 means the remote server certificate can be self-signed or
+#   signed by a CA that is directly known to the server.
+#
+# @param ssl_proxy_cipher_suite
+#   Sets the [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite)
+#   directive, which controls cipher suites supported for ssl proxy traffic.
+#
+# @param ssl_proxy_ca_cert
+#   Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile)
+#   directive, which specifies an all-in-one file where you can assemble the Certificates
+#   of Certification Authorities (CA) whose remote servers you deal with. These are used
+#   for Remote Server Authentication. This file should be a concatenation of the PEM-encoded
+#   certificate files in order of preference.
+#
+# @param ssl_proxy_machine_cert
+#   Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile)
+#   directive, which specifies an all-in-one file where you keep the certs and keys used
+#   for this server to authenticate itself to remote servers. This file should be a
+#   concatenation of the PEM-encoded certificate files in order of preference.
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     …
+#     ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem',
+#   }
+#   ```
+#
+# @param ssl_proxy_check_peer_cn
+#   Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn)
+#   directive, which specifies whether the remote server certificate's CN field is compared
+#   against the hostname of the request URL.
+#
+# @param ssl_proxy_check_peer_name
+#   Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername)
+#   directive, which specifies whether the remote server certificate's CN field is compared
+#   against the hostname of the request URL.
+#
+# @param ssl_proxy_check_peer_expire
+#   Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire)
+#   directive, which specifies whether the remote server certificate is checked for expiration
+#   or not.
+#
+# @param ssl_options
+#   Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions)
+#   directive, which configures various SSL engine run-time options. This is the global
+#   setting for the given virtual host and can be a string or an array.<br />
+#   A string:
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     …
+#     ssl_options => '+ExportCertData',
+#   }
+#   ```
+#   An array:
+#   ``` puppet
+#   apache::vhost { 'sample.example.net':
+#     …
+#     ssl_options => ['+StrictRequire', '+ExportCertData'],
+#   }
+#   ```
+#
+# @param ssl_openssl_conf_cmd
+#   Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd)
+#   directive, which provides direct configuration of OpenSSL parameters.
+#
+# @param ssl_proxyengine
+#   Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine).
+#
+# @param ssl_stapling
+#   Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling).
+#   By default, uses what is set globally.<br />
+#   This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+#
+# @param ssl_stapling_timeout
+#   Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive.<br />
+#   This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+#
+# @param ssl_stapling_return_errors
+#   Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.<br />
+#   This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+#
+# @param use_canonical_name
+#   Specifies whether to use the [`UseCanonicalName directive`](https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname),
+#   which allows you to configure how the server determines it's own name and port.
+#
+# @param define
+#   this lets you define configuration variables inside a vhost using [`Define`](https://httpd.apache.org/docs/2.4/mod/core.html#define),
+#   these can then be used to replace configuration values. All Defines are Undefined at the end of the VirtualHost.
+#
 define apache::vhost(
-$docroot,
+Variant[Boolean,String] $docroot,
-$manage_docroot              = true,
+$manage_docroot                                                                   = true,
-$virtual_docroot             = false,
+$virtual_docroot                                                                  = false,
-$port                        = undef,
+$port                                                                             = undef,
-$ip                          = undef,
+$ip                                                                               = undef,
-$ip_based                    = false,
+Boolean $ip_based                                                                 = false,
-$add_listen                  = true,
+$add_listen                                                                       = true,
-$docroot_owner               = 'root',
+$docroot_owner                                                                    = 'root',
-$docroot_group               = $::apache::params::root_group,
+$docroot_group                                                                    = $::apache::params::root_group,
-$docroot_mode                = undef,
+$docroot_mode                                                                     = undef,
-$serveradmin                 = undef,
+Array[Enum['h2', 'h2c', 'http/1.1']] $protocols                                   = [],
-$ssl                         = false,
+Optional[Boolean] $protocols_honor_order                                          = undef,
-$ssl_cert                    = $::apache::default_ssl_cert,
+$serveradmin                                                                      = undef,
-$ssl_key                     = $::apache::default_ssl_key,
+Boolean $ssl                                                                      = false,
-$ssl_chain                   = $::apache::default_ssl_chain,
+$ssl_cert                                                                         = $::apache::default_ssl_cert,
-$ssl_ca                      = $::apache::default_ssl_ca,
+$ssl_key                                                                          = $::apache::default_ssl_key,
-$ssl_crl_path                = $::apache::default_ssl_crl_path,
+$ssl_chain                                                                        = $::apache::default_ssl_chain,
-$ssl_crl                     = $::apache::default_ssl_crl,
+$ssl_ca                                                                           = $::apache::default_ssl_ca,
-$ssl_crl_check               = $::apache::default_ssl_crl_check,
+$ssl_crl_path                                                                     = $::apache::default_ssl_crl_path,
-$ssl_certs_dir               = $::apache::params::ssl_certs_dir,
+$ssl_crl                                                                          = $::apache::default_ssl_crl,
-$ssl_protocol                = undef,
+$ssl_crl_check                                                                    = $::apache::default_ssl_crl_check,
-$ssl_cipher                  = undef,
+$ssl_certs_dir                                                                    = $::apache::params::ssl_certs_dir,
-$ssl_honorcipherorder        = undef,
+$ssl_protocol                                                                     = undef,
-$ssl_verify_client           = undef,
+$ssl_cipher                                                                       = undef,
-$ssl_verify_depth            = undef,
+$ssl_honorcipherorder                                                             = undef,
-$ssl_proxy_verify            = undef,
+$ssl_verify_client                                                                = undef,
-$ssl_proxy_check_peer_cn     = undef,
+$ssl_verify_depth                                                                 = undef,
-$ssl_proxy_check_peer_name   = undef,
+Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_proxy_verify = undef,
-$ssl_proxy_check_peer_expire = undef,
+Optional[Integer[0]] $ssl_proxy_verify_depth                                      = undef,
-$ssl_proxy_machine_cert      = undef,
+$ssl_proxy_ca_cert                                                                = undef,
-$ssl_proxy_protocol          = undef,
+Optional[Enum['on', 'off']] $ssl_proxy_check_peer_cn                              = undef,
-$ssl_options                 = undef,
+Optional[Enum['on', 'off']] $ssl_proxy_check_peer_name                            = undef,
-$ssl_openssl_conf_cmd        = undef,
+Optional[Enum['on', 'off']] $ssl_proxy_check_peer_expire                          = undef,
-$ssl_proxyengine             = false,
+$ssl_proxy_machine_cert                                                           = undef,
-$ssl_stapling                = undef,
+$ssl_proxy_cipher_suite                                                           = undef,
-$ssl_stapling_timeout        = undef,
+$ssl_proxy_protocol                                                               = undef,
-$ssl_stapling_return_errors  = undef,
+$ssl_options                                                                      = undef,
-$priority                    = undef,
+$ssl_openssl_conf_cmd                                                             = undef,
-$default_vhost               = false,
+Boolean $ssl_proxyengine                                                          = false,
-$servername                  = $name,
+Optional[Boolean] $ssl_stapling                                                   = undef,
-$serveraliases               = [],
+$ssl_stapling_timeout                                                             = undef,
-$options                     = ['Indexes','FollowSymLinks','MultiViews'],
+$ssl_stapling_return_errors                                                       = undef,
-$override                    = ['None'],
+$priority                                                                         = undef,
-$directoryindex              = '',
+Boolean $default_vhost                                                            = false,
-$vhost_name                  = '*',
+$servername                                                                       = $name,
-$logroot                     = $::apache::logroot,
+$serveraliases                                                                    = [],
-$logroot_ensure              = 'directory',
+$options                                                                          = ['Indexes','FollowSymLinks','MultiViews'],
-$logroot_mode                = undef,
+$override                                                                         = ['None'],
-$logroot_owner               = undef,
+$directoryindex                                                                   = '',
-$logroot_group               = undef,
+$vhost_name                                                                       = '*',
-$log_level                   = undef,
+$logroot                                                                          = $::apache::logroot,
-$access_log                  = true,
+Enum['directory', 'absent'] $logroot_ensure                                       = 'directory',
-$access_log_file             = false,
+$logroot_mode                                                                     = undef,
-$access_log_pipe             = false,
+$logroot_owner                                                                    = undef,
-$access_log_syslog           = false,
+$logroot_group                                                                    = undef,
-$access_log_format           = false,
+$log_level                                                                        = undef,
-$access_log_env_var          = false,
+Boolean $access_log                                                               = true,
-$access_logs                 = undef,
+$access_log_file                                                                  = false,
-$aliases                     = undef,
+$access_log_pipe                                                                  = false,
-$directories                 = undef,
+$access_log_syslog                                                                = false,
-$error_log                   = true,
+$access_log_format                                                                = false,
-$error_log_file              = undef,
+$access_log_env_var                                                               = false,
-$error_log_pipe              = undef,
+Optional[Array] $access_logs                                                      = undef,
-$error_log_syslog            = undef,
+$aliases                                                                          = undef,
-$modsec_audit_log            = undef,
+Optional[Variant[Hash, Array[Variant[Array,Hash]]]] $directories                  = undef,
-$modsec_audit_log_file       = undef,
+Boolean $error_log                                                                = true,
-$modsec_audit_log_pipe       = undef,
+$error_log_file                                                                   = undef,
-$error_documents             = [],
+$error_log_pipe                                                                   = undef,
-$fallbackresource            = undef,
+$error_log_syslog                                                                 = undef,
-$scriptalias                 = undef,
+Optional[Pattern[/^((Strict|Unsafe)?\s*(\b(Registered|Lenient)Methods)?\s*(\b(Allow0\.9|Require1\.0))?)$/]] $http_protocol_options = undef,
-$scriptaliases               = [],
+$modsec_audit_log                                                                 = undef,
-$proxy_dest                  = undef,
+$modsec_audit_log_file                                                            = undef,
-$proxy_dest_match            = undef,
+$modsec_audit_log_pipe                                                            = undef,
-$proxy_dest_reverse_match    = undef,
+$error_documents                                                                  = [],
-$proxy_pass                  = undef,
+Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]] $fallbackresource       = undef,
-$proxy_pass_match            = undef,
+$scriptalias                                                                      = undef,
-$suphp_addhandler            = $::apache::params::suphp_addhandler,
+$scriptaliases                                                                    = [],
-$suphp_engine                = $::apache::params::suphp_engine,
+$proxy_dest                                                                       = undef,
-$suphp_configpath            = $::apache::params::suphp_configpath,
+$proxy_dest_match                                                                 = undef,
-$php_flags                   = {},
+$proxy_dest_reverse_match                                                         = undef,
-$php_values                  = {},
+$proxy_pass                                                                       = undef,
-$php_admin_flags             = {},
+$proxy_pass_match                                                                 = undef,
-$php_admin_values            = {},
+Boolean $proxy_requests                                                           = false,
-$no_proxy_uris               = [],
+$suphp_addhandler                                                                 = $::apache::params::suphp_addhandler,
-$no_proxy_uris_match         = [],
+Enum['on', 'off'] $suphp_engine                                                   = $::apache::params::suphp_engine,
-$proxy_preserve_host         = false,
+$suphp_configpath                                                                 = $::apache::params::suphp_configpath,
-$proxy_add_headers           = undef,
+$php_flags                                                                        = {},
-$proxy_error_override        = false,
+$php_values                                                                       = {},
-$redirect_source             = '/',
+$php_admin_flags                                                                  = {},
-$redirect_dest               = undef,
+$php_admin_values                                                                 = {},
-$redirect_status             = undef,
+$no_proxy_uris                                                                    = [],
-$redirectmatch_status        = undef,
+$no_proxy_uris_match                                                              = [],
-$redirectmatch_regexp        = undef,
+$proxy_preserve_host                                                              = false,
-$redirectmatch_dest          = undef,
+$proxy_add_headers                                                                = undef,
-$rack_base_uris              = undef,
+$proxy_error_override                                                             = false,
-$passenger_base_uris         = undef,
+$redirect_source                                                                  = '/',
-$headers                     = undef,
+$redirect_dest                                                                    = undef,
-$request_headers             = undef,
+$redirect_status                                                                  = undef,
-$filters                     = undef,
+$redirectmatch_status                                                             = undef,
-$rewrites                    = undef,
+$redirectmatch_regexp                                                             = undef,
-$rewrite_base                = undef,
+$redirectmatch_dest                                                               = undef,
-$rewrite_rule                = undef,
+$headers                                                                          = undef,
-$rewrite_cond                = undef,
+$request_headers                                                                  = undef,
-$rewrite_inherit             = false,
+$filters                                                                          = undef,
-$setenv                      = [],
+Optional[Array] $rewrites                                                         = undef,
-$setenvif                    = [],
+$rewrite_base                                                                     = undef,
-$setenvifnocase              = [],
+$rewrite_rule                                                                     = undef,
-$block                       = [],
+$rewrite_cond                                                                     = undef,
-$ensure                      = 'present',
+$rewrite_inherit                                                                  = false,
-$wsgi_application_group      = undef,
+$setenv                                                                           = [],
-$wsgi_daemon_process         = undef,
+$setenvif                                                                         = [],
-$wsgi_daemon_process_options = undef,
+$setenvifnocase                                                                   = [],
-$wsgi_import_script          = undef,
+$block                                                                            = [],
-$wsgi_import_script_options  = undef,
+Enum['absent', 'present'] $ensure                                                 = 'present',
-$wsgi_process_group          = undef,
+$wsgi_application_group                                                           = undef,
-$wsgi_script_aliases_match   = undef,
+Optional[Variant[String,Hash]] $wsgi_daemon_process                               = undef,
-$wsgi_script_aliases         = undef,
+Optional[Hash] $wsgi_daemon_process_options                                       = undef,
-$wsgi_pass_authorization     = undef,
+$wsgi_import_script                                                               = undef,
-$wsgi_chunked_request        = undef,
+Optional[Hash] $wsgi_import_script_options                                        = undef,
-$custom_fragment             = undef,
+$wsgi_process_group                                                               = undef,
-$itk                         = undef,
+Optional[Hash] $wsgi_script_aliases_match                                         = undef,
-$action                      = undef,
+Optional[Hash] $wsgi_script_aliases                                               = undef,
-$fastcgi_server              = undef,
+Optional[Enum['on', 'off', 'On', 'Off']] $wsgi_pass_authorization                 = undef,
-$fastcgi_socket              = undef,
+$wsgi_chunked_request                                                             = undef,
-$fastcgi_dir                 = undef,
+Optional[String] $custom_fragment                                                 = undef,
-$fastcgi_idle_timeout        = undef,
+Optional[Hash] $itk                                                               = undef,
-$additional_includes         = [],
+$action                                                                           = undef,
-$use_optional_includes       = $::apache::use_optional_includes,
+$fastcgi_server                                                                   = undef,
-$apache_version              = $::apache::apache_version,
+$fastcgi_socket                                                                   = undef,
-$allow_encoded_slashes       = undef,
+$fastcgi_dir                                                                      = undef,
-$suexec_user_group           = undef,
+$fastcgi_idle_timeout                                                             = undef,
-$passenger_app_root          = undef,
+$additional_includes                                                              = [],
-$passenger_app_env           = undef,
+$use_optional_includes                                                            = $::apache::use_optional_includes,
-$passenger_ruby              = undef,
+$apache_version                                                                   = $::apache::apache_version,
-$passenger_min_instances     = undef,
+Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes                    = undef,
-$passenger_start_timeout     = undef,
+Optional[Pattern[/^[\w-]+ [\w-]+$/]] $suexec_user_group                           = undef,
-$passenger_pre_start         = undef,
-$passenger_user              = undef,
+Optional[Boolean] $h2_copy_files                                                  = undef,
-$passenger_high_performance  = undef,
+Optional[Boolean] $h2_direct                                                      = undef,
-$passenger_nodejs            = undef,
+Optional[Boolean] $h2_early_hints                                                 = undef,
-$passenger_sticky_sessions   = undef,
+Optional[Integer] $h2_max_session_streams                                         = undef,
-$passenger_startup_file      = undef,
+Optional[Boolean] $h2_modern_tls_only                                             = undef,
-$add_default_charset         = undef,
+Optional[Boolean] $h2_push                                                        = undef,
-$modsec_disable_vhost        = undef,
+Optional[Integer] $h2_push_diary_size                                             = undef,
-$modsec_disable_ids          = undef,
+Array[String]     $h2_push_priority                                               = [],
-$modsec_disable_ips          = undef,
+Array[String]     $h2_push_resource                                               = [],
-$modsec_disable_msgs         = undef,
+Optional[Boolean] $h2_serialize_headers                                           = undef,
-$modsec_disable_tags         = undef,
+Optional[Integer] $h2_stream_max_mem_size                                         = undef,
-$modsec_body_limit           = undef,
+Optional[Integer] $h2_tls_cool_down_secs                                          = undef,
-$jk_mounts                   = undef,
+Optional[Integer] $h2_tls_warm_up_size                                            = undef,
-$auth_kerb                   = false,
+Optional[Boolean] $h2_upgrade                                                     = undef,
-$krb_method_negotiate        = 'on',
+Optional[Integer] $h2_window_size                                                 = undef,
-$krb_method_k5passwd         = 'on',
-$krb_authoritative           = 'on',
+Optional[Boolean] $passenger_enabled                                              = undef,
-$krb_auth_realms             = [],
+Optional[String] $passenger_base_uri                                              = undef,
-$krb_5keytab                 = undef,
+Optional[Stdlib::Absolutepath] $passenger_ruby                                    = undef,
-$krb_local_user_mapping      = undef,
+Optional[Stdlib::Absolutepath] $passenger_python                                  = undef,
-$krb_verify_kdc              = 'on',
+Optional[Stdlib::Absolutepath] $passenger_nodejs                                  = undef,
-$krb_servicename             = 'HTTP',
+Optional[String] $passenger_meteor_app_settings                                   = undef,
-$krb_save_credentials        = 'off',
+Optional[String] $passenger_app_env                                               = undef,
-$keepalive                   = undef,
+Optional[Stdlib::Absolutepath] $passenger_app_root                                = undef,
-$keepalive_timeout           = undef,
+Optional[String] $passenger_app_group_name                                        = undef,
-$max_keepalive_requests      = undef,
+Optional[Enum['meteor', 'node', 'rack', 'wsgi']] $passenger_app_type              = undef,
-$cas_attribute_prefix        = undef,
+Optional[String] $passenger_startup_file                                          = undef,
-$cas_attribute_delimiter     = undef,
+Optional[String] $passenger_restart_dir                                           = undef,
-$cas_scrub_request_headers   = undef,
+Optional[Enum['direct', 'smart']] $passenger_spawn_method                         = undef,
-$cas_sso_enabled             = undef,
+Optional[Boolean] $passenger_load_shell_envvars                                   = undef,
-$cas_login_url               = undef,
+Optional[Boolean] $passenger_rolling_restarts                                     = undef,
-$cas_validate_url            = undef,
+Optional[Boolean] $passenger_resist_deployment_errors                             = undef,
-$cas_validate_saml           = undef,
+Optional[String] $passenger_user                                                  = undef,
+Optional[String] $passenger_group                                                 = undef,
+Optional[Boolean] $passenger_friendly_error_pages                                 = undef,
+Optional[Integer] $passenger_min_instances                                        = undef,
+Optional[Integer] $passenger_max_instances                                        = undef,
+Optional[Integer] $passenger_max_preloader_idle_time                              = undef,
+Optional[Integer] $passenger_force_max_concurrent_requests_per_process            = undef,
+Optional[Integer] $passenger_start_timeout                                        = undef,
+Optional[Enum['process', 'thread']] $passenger_concurrency_model                  = undef,
+Optional[Integer] $passenger_thread_count                                         = undef,
+Optional[Integer] $passenger_max_requests                                         = undef,
+Optional[Integer] $passenger_max_request_time                                     = undef,
+Optional[Integer] $passenger_memory_limit                                         = undef,
+Optional[Integer] $passenger_stat_throttle_rate                                   = undef,
+Optional[Variant[String,Array[String]]] $passenger_pre_start                      = undef,
+Optional[Boolean] $passenger_high_performance                                     = undef,
+Optional[Boolean] $passenger_buffer_upload                                        = undef,
+Optional[Boolean] $passenger_buffer_response                                      = undef,
+Optional[Boolean] $passenger_error_override                                       = undef,
+Optional[Integer] $passenger_max_request_queue_size                               = undef,
+Optional[Integer] $passenger_max_request_queue_time                               = undef,
+Optional[Boolean] $passenger_sticky_sessions                                      = undef,
+Optional[String] $passenger_sticky_sessions_cookie_name                           = undef,
+Optional[Boolean] $passenger_allow_encoded_slashes                                = undef,
+Optional[Boolean] $passenger_debugger                                             = undef,
+Optional[Integer] $passenger_lve_min_uid                                          = undef,
+$add_default_charset                                                              = undef,
+$modsec_disable_vhost                                                             = undef,
+Optional[Variant[Hash, Array]] $modsec_disable_ids                                = undef,
+$modsec_disable_ips                                                               = undef,
+Optional[Variant[Hash, Array]] $modsec_disable_msgs                               = undef,
+Optional[Variant[Hash, Array]] $modsec_disable_tags                               = undef,
+$modsec_body_limit                                                                = undef,
+$jk_mounts                                                                        = undef,
+Boolean $auth_kerb                                                                = false,
+$krb_method_negotiate                                                             = 'on',
+$krb_method_k5passwd                                                              = 'on',
+$krb_authoritative                                                                = 'on',
+$krb_auth_realms                                                                  = [],
+$krb_5keytab                                                                      = undef,
+$krb_local_user_mapping                                                           = undef,
+$krb_verify_kdc                                                                   = 'on',
+$krb_servicename                                                                  = 'HTTP',
+$krb_save_credentials                                                             = 'off',
+Optional[Enum['on', 'off']] $keepalive                                            = undef,
+$keepalive_timeout                                                                = undef,
+$max_keepalive_requests                                                           = undef,
+$cas_attribute_prefix                                                             = undef,
+$cas_attribute_delimiter                                                          = undef,
+$cas_root_proxied_as                                                              = undef,
+$cas_scrub_request_headers                                                        = undef,
+$cas_sso_enabled                                                                  = undef,
+$cas_login_url                                                                    = undef,
+$cas_validate_url                                                                 = undef,
+$cas_validate_saml                                                                = undef,
+Optional[String] $shib_compat_valid_user                                          = undef,
+Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']] $use_canonical_name        = undef,
+Optional[Variant[String,Array[String]]] $comment                                  = undef,
+Hash $define                                                                      = {},
 ) {
 # The base class must be included first because it is used by parameter defaults
 if ! defined(Class['apache']) {
 fail('You must include the apache base class before using any apache defined resources')
 }
 $apache_name = $::apache::apache_name
-validate_re($ensure, '^(present|absent)$',
-"${ensure} is not supported for ensure.
-Allowed values are 'present' and 'absent'.")
-validate_re($suphp_engine, '^(on|off)$',
-"${suphp_engine} is not supported for suphp_engine.
-Allowed values are 'on' and 'off'.")
-validate_bool($ip_based)
-validate_bool($access_log)
-validate_bool($error_log)
-if $modsec_audit_log != undef {
-validate_bool($modsec_audit_log)
-}
-validate_bool($ssl)
-validate_bool($default_vhost)
-validate_bool($ssl_proxyengine)
-if $ssl_stapling != undef {
-validate_bool($ssl_stapling)
-}
 if $rewrites {
-validate_array($rewrites)
 unless empty($rewrites) {
 $rewrites_flattened = delete_undef_values(flatten([$rewrites]))
-validate_hash($rewrites_flattened[0])
+assert_type(Array[Hash], $rewrites_flattened)
 }
 }
 # Input validation begins
-if $suexec_user_group {
-validate_re($suexec_user_group, '^[\w-]+ [\w-]+$',
-"${suexec_user_group} is not supported for suexec_user_group.  Must be 'user group'.")
-}
-if $wsgi_pass_authorization {
-validate_re(downcase($wsgi_pass_authorization), '^(on|off)$',
-"${wsgi_pass_authorization} is not supported for wsgi_pass_authorization.
-Allowed values are 'on' and 'off'.")
-}
-if $wsgi_chunked_request {
-validate_re(downcase($wsgi_chunked_request), '^(on|off)$',
-"${wsgi_chunked_request} is not supported for wsgi_chunked_request.
-Allowed values are 'on' and 'off'.")
-}
-# Deprecated backwards-compatibility
-if $rewrite_base {
-warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites')
-}
-if $rewrite_rule {
-warning('Apache::Vhost: parameter rewrite_rule is deprecated in favor of rewrites')
-}
-if $rewrite_cond {
-warning('Apache::Vhost parameter rewrite_cond is deprecated in favor of rewrites')
-}
-if $wsgi_script_aliases {
-validate_hash($wsgi_script_aliases)
-}
-if $wsgi_script_aliases_match {
-validate_hash($wsgi_script_aliases_match)
-}
-if $wsgi_daemon_process_options {
-validate_hash($wsgi_daemon_process_options)
-}
-if $wsgi_import_script_options {
-validate_hash($wsgi_import_script_options)
-}
-if $itk {
-validate_hash($itk)
-}
-validate_re($logroot_ensure, '^(directory|absent)$',
-"${logroot_ensure} is not supported for logroot_ensure.
-Allowed values are 'directory' and 'absent'.")
 if $log_level {
-validate_apache_log_level($log_level)
+apache::validate_apache_log_level($log_level)
 }
 if $access_log_file and $access_log_pipe {
 fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time")
 }
 fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time")
 }
 if $modsec_audit_log_file and $modsec_audit_log_pipe {
 fail("Apache::Vhost[${name}]: 'modsec_audit_log_file' and 'modsec_audit_log_pipe' cannot be defined at the same time")
-}
-if $fallbackresource {
-validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")')
-}
-if $custom_fragment {
-validate_string($custom_fragment)
-}
-if $allow_encoded_slashes {
-validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.")
-}
-validate_bool($auth_kerb)
-# Validate the docroot as a string if:
-# - $manage_docroot is true
-if $manage_docroot {
-validate_string($docroot)
-}
-if $ssl_proxy_verify {
-validate_re($ssl_proxy_verify,'^(none|optional|require|optional_no_ca)$',"${ssl_proxy_verify} is not permitted for ssl_proxy_verify. Allowed values are 'none', 'optional', 'require' or 'optional_no_ca'.")
-}
-if $ssl_proxy_check_peer_cn {
-validate_re($ssl_proxy_check_peer_cn,'(^on$|^off$)',"${ssl_proxy_check_peer_cn} is not permitted for ssl_proxy_check_peer_cn. Allowed values are 'on' or 'off'.")
-}
-if $ssl_proxy_check_peer_name {
-validate_re($ssl_proxy_check_peer_name,'(^on$|^off$)',"${ssl_proxy_check_peer_name} is not permitted for ssl_proxy_check_peer_name. Allowed values are 'on' or 'off'.")
-}
-if $ssl_proxy_check_peer_expire {
-validate_re($ssl_proxy_check_peer_expire,'(^on$|^off$)',"${ssl_proxy_check_peer_expire} is not permitted for ssl_proxy_check_peer_expire. Allowed values are 'on' or 'off'.")
-}
-if $keepalive {
-validate_re($keepalive,'(^on$|^off$)',"${keepalive} is not permitted for keepalive. Allowed values are 'on' or 'off'.")
-}
-if $passenger_sticky_sessions {
-validate_bool($passenger_sticky_sessions)
 }
 # Input validation ends
 if $ssl and $ensure == 'present' {
 if $virtual_docroot {
 include ::apache::mod::vhost_alias
 }
-if $wsgi_daemon_process {
+if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization {
 include ::apache::mod::wsgi
 }
 if $suexec_user_group {
 include ::apache::mod::suexec
 }
-if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_high_performance or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file {
+if $passenger_spawn_method or $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_max_requests or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_group or $passenger_high_performance or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file {
 include ::apache::mod::passenger
 }
 # Configure the defaultness of a vhost
 if $priority {
 owner   => $logroot_owner,
 group   => $logroot_group,
 mode    => $logroot_mode,
 require => Package['httpd'],
 before  => Concat["${priority_real}${filename}.conf"],
-}
+notify  => Class['Apache::Service'],
 }
+}
-# Is apache::mod::passenger enabled (or apache::mod['passenger'])
-$passenger_enabled = defined(Apache::Mod['passenger'])
 # Is apache::mod::shib enabled (or apache::mod['shib2'])
 $shibboleth_enabled = defined(Apache::Mod['shib2'])
 # Is apache::mod::cas enabled (or apache::mod['cas'])
 $cas_enabled = defined(Apache::Mod['auth_cas'])
 if $access_log and !$access_logs {
-if $access_log_file {
-$_logs_dest = "${logroot}/${access_log_file}"
-} elsif $access_log_pipe {
-$_logs_dest = $access_log_pipe
-} elsif $access_log_syslog {
-$_logs_dest = $access_log_syslog
-} else {
-$_logs_dest = undef
-}
 $_access_logs = [{
 'file'        => $access_log_file,
 'pipe'        => $access_log_pipe,
 'syslog'      => $access_log_syslog,
 'format'      => $access_log_format,
 'env'         => $access_log_env_var
 }]
 } elsif $access_logs {
-if !is_array($access_logs) {
-fail("Apache::Vhost[${name}]: access_logs must be an array of hashes")
-}
 $_access_logs = $access_logs
 }
 if $error_log_file {
-$error_log_destination = "${logroot}/${error_log_file}"
+if $error_log_file =~ /^\// {
+# Absolute path provided - don't prepend $logroot
+$error_log_destination = $error_log_file
+} else {
+$error_log_destination = "${logroot}/${error_log_file}"
+}
 } elsif $error_log_pipe {
 $error_log_destination = $error_log_pipe
 } elsif $error_log_syslog {
 $error_log_destination = $error_log_syslog
 } else {
 $modsec_audit_log_destination = undef
 }
 if $ip {
-$_ip = enclose_ipv6($ip)
+$_ip = any2array(enclose_ipv6($ip))
 if $port {
-$listen_addr_port = suffix(any2array($_ip),":${port}")
+$_port = any2array($port)
-$nvh_addr_port = suffix(any2array($_ip),":${port}")
+$listen_addr_port = split(inline_template("<%= @_ip.product(@_port).map {|x| x.join(':')  }.join(',')%>"), ',')
+$nvh_addr_port = split(inline_template("<%= @_ip.product(@_port).map {|x| x.join(':')  }.join(',')%>"), ',')
 } else {
 $listen_addr_port = undef
 $nvh_addr_port = $_ip
 if ! $servername and ! $ip_based {
 fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts")
 }
 }
 } else {
 if $port {
 $listen_addr_port = $port
-$nvh_addr_port = "${vhost_name}:${port}"
+$nvh_addr_port = prefix(any2array($port),"${vhost_name}:")
 } else {
 $listen_addr_port = undef
 $nvh_addr_port = $name
 if ! $servername and $servername != '' {
 fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter")
 }
 }
 }
 if $add_listen {
-if $ip and defined(Apache::Listen["${port}"]) {
+if $ip and defined(Apache::Listen[String($port)]) {
 fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this")
 }
 if $listen_addr_port and $ensure == 'present' {
 ensure_resource('apache::listen', $listen_addr_port)
 }
 include ::apache::mod::rewrite
 }
 }
 # Load mod_alias if needed and not yet loaded
-if ($scriptalias or $scriptaliases != []) or ($aliases and $aliases != []) or ($redirect_source and $redirect_dest) {
+if ($scriptalias or $scriptaliases != [])
+or ($aliases and $aliases != [])
+or ($redirect_source and $redirect_dest)
+or ($redirectmatch_regexp or $redirectmatch_status or $redirectmatch_dest){
 if ! defined(Class['apache::mod::alias'])  and ($ensure == 'present') {
 include ::apache::mod::alias
 }
 }
 if ! defined(Class['apache::mod::proxy_http']) {
 include ::apache::mod::proxy_http
 }
 }
-# Load mod_passenger if needed and not yet loaded
+# Load mod_fastcgi if needed and not yet loaded
-if $rack_base_uris {
-if ! defined(Class['apache::mod::passenger']) {
-include ::apache::mod::passenger
-}
-}
-# Load mod_passenger if needed and not yet loaded
-if $passenger_base_uris {
-include ::apache::mod::passenger
-}
-# Load mod_fastci if needed and not yet loaded
 if $fastcgi_server and $fastcgi_socket {
 if ! defined(Class['apache::mod::fastcgi']) {
 include ::apache::mod::fastcgi
 }
 }
 }
 }
 ## Create a default directory list if none defined
 if $directories {
-if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) {
-fail("Apache::Vhost[${name}]: 'directories' must be either a Hash or an Array of Hashes")
-}
 $_directories = $directories
 } elsif $docroot {
 $_directory = {
 provider       => 'directory',
 path           => $docroot,
 $_directories = undef
 }
 ## Create a global LocationMatch if locations aren't defined
 if $modsec_disable_ids {
-if is_hash($modsec_disable_ids) {
+if $modsec_disable_ids =~ Array {
-$_modsec_disable_ids = $modsec_disable_ids
-} elsif is_array($modsec_disable_ids) {
 $_modsec_disable_ids = { '.*' => $modsec_disable_ids }
 } else {
-fail("Apache::Vhost[${name}]: 'modsec_disable_ids' must be either a Hash of location/IDs or an Array of IDs")
+$_modsec_disable_ids = $modsec_disable_ids
 }
 }
 if $modsec_disable_msgs {
-if is_hash($modsec_disable_msgs) {
+if $modsec_disable_msgs =~ Array {
-$_modsec_disable_msgs = $modsec_disable_msgs
-} elsif is_array($modsec_disable_msgs) {
 $_modsec_disable_msgs = { '.*' => $modsec_disable_msgs }
 } else {
-fail("Apache::Vhost[${name}]: 'modsec_disable_msgs' must be either a Hash of location/Msgs or an Array of Msgs")
+$_modsec_disable_msgs = $modsec_disable_msgs
 }
 }
 if $modsec_disable_tags {
-if is_hash($modsec_disable_tags) {
+if $modsec_disable_tags =~ Array {
-$_modsec_disable_tags = $modsec_disable_tags
-} elsif is_array($modsec_disable_tags) {
 $_modsec_disable_tags = { '.*' => $modsec_disable_tags }
 } else {
-fail("Apache::Vhost[${name}]: 'modsec_disable_tags' must be either a Hash of location/Tags or an Array of Tags")
+$_modsec_disable_tags = $modsec_disable_tags
 }
 }
 concat { "${priority_real}${filename}.conf":
 ensure  => $ensure,
 notify  => Class['apache::service'],
 }
 }
 # Template uses:
+# - $comment
 # - $nvh_addr_port
 # - $servername
 # - $serveradmin
+# - $protocols
+# - $protocols_honor_order
+# - $apache_version
 concat::fragment { "${name}-apache-header":
 target  => "${priority_real}${filename}.conf",
 order   => 0,
 content => template('apache/vhost/_file_header.erb'),
 }
 # - $proxy_pass
 # - $proxy_pass_match
 # - $proxy_preserve_host
 # - $proxy_add_headers
 # - $no_proxy_uris
-if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match {
+if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match or $proxy_preserve_host {
 concat::fragment { "${name}-proxy":
 target  => "${priority_real}${filename}.conf",
 order   => 160,
 content => template('apache/vhost/_proxy.erb'),
-}
-}
-# Template uses:
-# - $rack_base_uris
-if $rack_base_uris {
-concat::fragment { "${name}-rack":
-target  => "${priority_real}${filename}.conf",
-order   => 170,
-content => template('apache/vhost/_rack.erb'),
-}
-}
-# Template uses:
-# - $passenger_base_uris
-if $passenger_base_uris {
-concat::fragment { "${name}-passenger_uris":
-target  => "${priority_real}${filename}.conf",
-order   => 175,
-content => template('apache/vhost/_passenger_base_uris.erb'),
 }
 }
 # Template uses:
 # - $redirect_source
 }
 # Template uses:
 # - $ssl_proxyengine
 # - $ssl_proxy_verify
+# - $ssl_proxy_verify_depth
+# - $ssl_proxy_ca_cert
 # - $ssl_proxy_check_peer_cn
 # - $ssl_proxy_check_peer_name
 # - $ssl_proxy_check_peer_expire
 # - $ssl_proxy_machine_cert
 # - $ssl_proxy_protocol
 # - $wsgi_import_script
 # - $wsgi_import_script_options
 # - $wsgi_process_group
 # - $wsgi_script_aliases
 # - $wsgi_pass_authorization
+if $wsgi_daemon_process_options {
+deprecation('apache::vhost::wsgi_daemon_process_options', 'This parameter is deprecated. Please add values inside Hash `wsgi_daemon_process`.')
+}
 if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization {
 concat::fragment { "${name}-wsgi":
 target  => "${priority_real}${filename}.conf",
 order   => 260,
 content => template('apache/vhost/_wsgi.erb'),
 order   => 290,
 content => template('apache/vhost/_suexec.erb'),
 }
 }
-# Template uses:
+if $h2_copy_files != undef or $h2_direct != undef or $h2_early_hints != undef or $h2_max_session_streams != undef or $h2_modern_tls_only != undef or $h2_push != undef or $h2_push_diary_size != undef or $h2_push_priority != [] or $h2_push_resource != [] or $h2_serialize_headers != undef or $h2_stream_max_mem_size != undef or $h2_tls_cool_down_secs != undef or $h2_tls_warm_up_size != undef or $h2_upgrade != undef or $h2_window_size != undef {
+include ::apache::mod::http2
+concat::fragment { "${name}-http2":
+target  => "${priority_real}${filename}.conf",
+order   => 300,
+content => template('apache/vhost/_http2.erb'),
+}
+}
+# Template uses:
+# - $passenger_spawn_method
 # - $passenger_app_root
 # - $passenger_app_env
 # - $passenger_ruby
 # - $passenger_min_instances
+# - $passenger_max_requests
 # - $passenger_start_timeout
-# - $passenger_pre_start
 # - $passenger_user
+# - $passenger_group
 # - $passenger_nodejs
 # - $passenger_sticky_sessions
 # - $passenger_startup_file
-if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file{
+if $passenger_spawn_method or $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_user or $passenger_group or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file{
 concat::fragment { "${name}-passenger":
 target  => "${priority_real}${filename}.conf",
 order   => 300,
 content => template('apache/vhost/_passenger.erb'),
 }
 order   => 350,
 content => template('apache/vhost/_auth_cas.erb'),
 }
 }
+# Template uses:
+# - $http_protocol_options
+if $http_protocol_options {
+concat::fragment { "${name}-http_protocol_options":
+target  => "${priority_real}${filename}.conf",
+order   => 350,
+content => template('apache/vhost/_http_protocol_options.erb'),
+}
+}
+# Template uses:
+# - $shib_compat_valid_user
+if $shibboleth_enabled {
+concat::fragment { "${name}-shibboleth":
+target  => "${priority_real}${filename}.conf",
+order   => 370,
+content => template('apache/vhost/_shib.erb'),
+}
+}
+# - $use_canonical_name
+if $use_canonical_name {
+concat::fragment { "${name}-use_canonical_name":
+target  => "${priority_real}${filename}.conf",
+order   => 360,
+content => template('apache/vhost/_use_canonical_name.erb'),
+}
+}
 # Template uses no variables
 concat::fragment { "${name}-file_footer":
 target  => "${priority_real}${filename}.conf",
 order   => 999,
 content => template('apache/vhost/_file_footer.erb'),

Mercurial > repos > other > Puppet

comparison modules/apache/manifests/vhost.pp @ 275:d9352a684e62