Mercurial > repos > other > Puppet
diff modules/apache/manifests/vhost.pp @ 275:d9352a684e62
Mass update of modules to remove deprecation warnings
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sun, 26 Jan 2020 11:36:07 +0000 |
| parents | 675c1cc61eaf |
| children | b8d6ada284dd |
line wrap: on
line diff
--- a/modules/apache/manifests/vhost.pp Sat Jan 04 11:42:45 2020 +0000 +++ b/modules/apache/manifests/vhost.pp Sun Jan 26 11:36:07 2020 +0000 @@ -1,176 +1,1862 @@ -# See README.md for usage information +# @summary +# Allows specialised configurations for virtual hosts that possess requirements +# outside of the defaults. +# +# The apache module allows a lot of flexibility in the setup and configuration of virtual hosts. +# This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache +# to evaluate it multiple times with different parameters.<br /> +# The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts +# that have requirements outside the defaults. You can set up a default virtual host within +# the base `::apache` class, as well as set a customized virtual host as the default. +# Customized virtual hosts have a lower numeric `priority` than the base class's, causing +# Apache to process the customized virtual host first.<br /> +# The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To +# inject custom fragments for pieces of the configuration that the defined type doesn't +# inherently support, add a custom fragment.<br /> +# For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples +# of 10, so any `order` that isn't a multiple of 10 should work.<br /> +# > **Note:** When creating an `apache::vhost`, it cannot be named `default` or `default-ssl`, +# because vhosts with these titles are always managed by the module. This means that you cannot +# override `Apache::Vhost['default']` or `Apache::Vhost['default-ssl]` resources. An optional +# workaround is to create a vhost named something else, such as `my default`, and ensure that the +# `default` and `default_ssl` vhosts are set to `false`: +# +# @example +# class { 'apache': +# default_vhost => false, +# default_ssl_vhost => false, +# } +# +# @param apache_version +# Apache's version number as a string, such as '2.2' or '2.4'. +# +# @param access_log +# Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). +# +# @param access_log_env_var +# Specifies that only requests with particular environment variables be logged. +# +# @param access_log_file +# Sets the filename of the `*_access.log` placed in `logroot`. Given a virtual host ---for +# instance, example.com--- it defaults to 'example.com_ssl.log' for +# [SSL-encrypted](https://httpd.apache.org/docs/current/ssl/index.html) virtual hosts and +# `example.com_access.log` for unencrypted virtual hosts. +# +# @param access_log_format +# Specifies the use of either a `LogFormat` nickname or a custom-formatted string for the +# access log. +# +# @param access_log_pipe +# Specifies a pipe where Apache sends access log messages. +# +# @param access_log_syslog +# Sends all access log messages to syslog. +# +# @param access_logs +# Allows you to give a hash that specifies the state of each of the `access_log_*` +# directives shown above, i.e. `access_log_pipe` and `access_log_syslog`. +# +# @param add_default_charset +# Sets a default media charset value for the `AddDefaultCharset` directive, which is +# added to `text/plain` and `text/html` responses. +# +# @param add_listen +# Determines whether the virtual host creates a `Listen` statement.<br /> +# Setting `add_listen` to `false` prevents the virtual host from creating a `Listen` +# statement. This is important when combining virtual hosts that aren't passed an `ip` +# parameter with those that are. +# +# @param use_optional_includes +# Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for +# `additional_includes` in Apache 2.4 or newer. +# +# @param additional_includes +# Specifies paths to additional static, virtual host-specific Apache configuration files. +# You can use this parameter to implement a unique, custom configuration not supported by +# this module. +# +# @param aliases +# Passes a list of [hashes][hash] to the virtual host to create `Alias`, `AliasMatch`, +# `ScriptAlias` or `ScriptAliasMatch` directives as per the `mod_alias` documentation.<br /> +# For example: +# ``` puppet +# aliases => [ +# { aliasmatch => '^/image/(.*)\.jpg$', +# path => '/files/jpg.images/$1.jpg', +# }, +# { alias => '/image', +# path => '/ftp/pub/image', +# }, +# { scriptaliasmatch => '^/cgi-bin(.*)', +# path => '/usr/local/share/cgi-bin$1', +# }, +# { scriptalias => '/nagios/cgi-bin/', +# path => '/usr/lib/nagios/cgi-bin/', +# }, +# { alias => '/nagios', +# path => '/usr/share/nagios/html', +# }, +# ], +# ``` +# For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs +# a corresponding context, such as `<Directory /path/to/directory>` or +# `<Location /some/location/here>`. Puppet creates the directives in the order specified in +# the `aliases` parameter. As described in the `mod_alias` documentation, add more specific +# `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more +# general ones to avoid shadowing.<BR /> +# > **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because +# you can precisely control the order of various alias directives. Defining `ScriptAliases` +# using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after +# *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` +# directives. This often causes problems; for example, this could cause problems with Nagios.<BR /> +# If `apache::mod::passenger` is loaded and `PassengerHighPerformance` is `true`, the `Alias` +# directive might not be able to honor the `PassengerEnabled => off` statement. See +# [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. +# +# @param allow_encoded_slashes +# Sets the `AllowEncodedSlashes` declaration for the virtual host, overriding the server +# default. This modifies the virtual host responses to URLs with `\` and `/` characters. The +# default setting omits the declaration from the server configuration and selects the +# Apache default setting of `Off`. +# +# @param block +# Specifies the list of things to which Apache blocks access. Valid options are: `scm` (which +# blocks web access to `.svn`), `.git`, and `.bzr` directories. +# +# @param cas_attribute_prefix +# Adds a header with the value of this header being the attribute values when SAML +# validation is enabled. +# +# @param cas_attribute_delimiter +# Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`. +# +# @param cas_login_url +# Sets the URL to which the module redirects users when they attempt to access a +# CAS-protected resource and don't have an active session. +# +# @param cas_root_proxied_as +# Sets the URL end users see when access to this Apache server is proxied per vhost. +# This URL should not include a trailing slash. +# +# @param cas_scrub_request_headers +# Remove inbound request headers that may have special meaning within mod_auth_cas. +# +# @param cas_sso_enabled +# Enables experimental support for single sign out (may mangle POST data). +# +# @param cas_validate_saml +# Parse response from CAS server for SAML. +# +# @param cas_validate_url +# Sets the URL to use when validating a client-presented ticket in an HTTP query string. +# +# @param comment +# Adds comments to the header of the configuration file. Pass as string or an array of strings. +# For example: +# ``` puppet +# comment => "Account number: 123B", +# ``` +# Or: +# ``` puppet +# comment => [ +# "Customer: X", +# "Frontend domain: x.example.org", +# ] +# ``` +# +# @param custom_fragment +# Passes a string of custom configuration directives to place at the end of the virtual +# host configuration. +# +# @param default_vhost +# Sets a given `apache::vhost` defined type as the default to serve requests that do not +# match any other `apache::vhost` defined types. +# +# @param directoryindex +# Sets the list of resources to look for when a client requests an index of the directory +# by specifying a '/' at the end of the directory name. See the `DirectoryIndex` directive +# documentation for details. +# +# @param docroot +# **Required**.<br /> +# Sets the `DocumentRoot` location, from which Apache serves files.<br /> +# If `docroot` and `manage_docroot` are both set to `false`, no `DocumentRoot` will be set +# and the accompanying `<Directory /path/to/directory>` block will not be created. +# +# @param docroot_group +# Sets group access to the `docroot` directory. +# +# @param docroot_owner +# Sets individual user access to the `docroot` directory. +# +# @param docroot_mode +# Sets access permissions for the `docroot` directory, in numeric notation. +# +# @param manage_docroot +# Determines whether Puppet manages the `docroot` directory. +# +# @param error_log +# Specifies whether `*_error.log` directives should be configured. +# +# @param error_log_file +# Points the virtual host's error logs to a `*_error.log` file. If this parameter is +# undefined, Puppet checks for values in `error_log_pipe`, then `error_log_syslog`.<br /> +# If none of these parameters is set, given a virtual host `example.com`, Puppet defaults +# to `$logroot/example.com_error_ssl.log` for SSL virtual hosts and +# `$logroot/example.com_error.log` for non-SSL virtual hosts. +# +# @param error_log_pipe +# Specifies a pipe to send error log messages to.<br /> +# This parameter has no effect if the `error_log_file` parameter has a value. If neither +# this parameter nor `error_log_file` has a value, Puppet then checks `error_log_syslog`. +# +# @param error_log_syslog +# Determines whether to send all error log messages to syslog. +# This parameter has no effect if either of the `error_log_file` or `error_log_pipe` +# parameters has a value. If none of these parameters has a value, given a virtual host +# `example.com`, Puppet defaults to `$logroot/example.com_error_ssl.log` for SSL virtual +# hosts and `$logroot/example.com_error.log` for non-SSL virtual hosts. +# +# @param error_documents +# A list of hashes which can be used to override the +# [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) +# settings for this virtual host.<br /> +# For example: +# ``` puppet +# apache::vhost { 'sample.example.net': +# error_documents => [ +# { 'error_code' => '503', 'document' => '/service-unavail' }, +# { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, +# ], +# } +# ``` +# +# @param ensure +# Specifies if the virtual host is present or absent.<br /> +# +# @param fallbackresource +# Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) +# directive, which specifies an action to take for any URL that doesn't map to anything in +# your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin +# with a `/` or be `disabled`. +# +# @param fastcgi_server +# Specify an external FastCGI server to manage a connection to. +# +# @param fastcgi_socket +# Specify the socket that will be used to communicate with an external FastCGI server. +# +# @param fastcgi_idle_timeout +# If using fastcgi, this option sets the timeout for the server to respond. +# +# @param fastcgi_dir +# Specify an internal FastCGI directory that is to be managed. +# +# @param filters +# [Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart, +# context-sensitive configuration of output content filters. +# ``` puppet +# apache::vhost { "$::fqdn": +# filters => [ +# 'FilterDeclare COMPRESS', +# 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', +# 'FilterChain COMPRESS', +# 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', +# ], +# } +# ``` +# +# @param h2_copy_files +# Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) +# directive which influences how the requestion process pass files to the main connection. +# +# @param h2_direct +# Sets the [H2Direct](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2direct) +# directive which toggles the usage of the HTTP/2 Direct Mode. +# +# @param h2_early_hints +# Sets the [H2EarlyHints](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2earlyhints) +# directive which controls if HTTP status 103 interim responses are forwarded to +# the client or not. +# +# @param h2_max_session_streams +# Sets the [H2MaxSessionStreams](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2maxsessionstreams) +# directive which sets the maximum number of active streams per HTTP/2 session +# that the server allows. +# +# @param h2_modern_tls_only +# Sets the [H2ModernTLSOnly](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2moderntlsonly) +# directive which toggles the security checks on HTTP/2 connections in TLS mode. +# +# @param h2_push +# Sets the [H2Push](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2push) +# directive which toggles the usage of the HTTP/2 server push protocol feature. +# +# @param h2_push_diary_size +# Sets the [H2PushDiarySize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushdiarysize) +# directive which toggles the maximum number of HTTP/2 server pushes that are +# remembered per HTTP/2 connection. +# +# @param h2_push_priority +# Sets the [H2PushPriority](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushpriority) +# directive which defines the priority handling of pushed responses based on the +# content-type of the response. +# +# @param h2_push_resource +# Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) +# directive which declares resources for early pushing to the client. +# +# @param h2_serialize_headers +# Sets the [H2SerializeHeaders](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2serializeheaders) +# directive which toggles if HTTP/2 requests are serialized in HTTP/1.1 +# format for processing by httpd core. +# +# @param h2_stream_max_mem_size +# Sets the [H2StreamMaxMemSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2streammaxmemsize) +# directive which sets the maximum number of outgoing data bytes buffered in +# memory for an active stream. +# +# @param h2_tls_cool_down_secs +# Sets the [H2TLSCoolDownSecs](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlscooldownsecs) +# directive which sets the number of seconds of idle time on a TLS connection +# before the TLS write size falls back to a small (~1300 bytes) length. +# +# @param h2_tls_warm_up_size +# Sets the [H2TLSWarmUpSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlswarmupsize) +# directive which sets the number of bytes to be sent in small TLS records (~1300 +# bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections. +# +# @param h2_upgrade +# Sets the [H2Upgrade](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2upgrade) +# directive which toggles the usage of the HTTP/1.1 Upgrade method for switching +# to HTTP/2. +# +# @param h2_window_size +# Sets the [H2WindowSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2windowsize) +# directive which sets the size of the window that is used for flow control from +# client to server and limits the amount of data the server has to buffer. +# +# @param headers +# Adds lines to replace, merge, or remove response headers. See +# [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. +# +# @param ip +# Sets the IP address the virtual host listens on. By default, uses Apache's default behavior +# of listening on all IPs. +# +# @param ip_based +# Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual +# host. This parameter inhibits the creation of a NameVirtualHost directive, since those are +# used to funnel requests to name-based virtual hosts. +# +# @param itk +# Configures [ITK](http://mpm-itk.sesse.net/) in a hash.<br /> +# Usage typically looks something like: +# ``` puppet +# apache::vhost { 'sample.example.net': +# docroot => '/path/to/directory', +# itk => { +# user => 'someuser', +# group => 'somegroup', +# }, +# } +# ``` +# Valid values are: a hash, which can include the keys: +# * `user` + `group` +# * `assignuseridexpr` +# * `assigngroupidexpr` +# * `maxclientvhost` +# * `nice` +# * `limituidrange` (Linux 3.5.0 or newer) +# * `limitgidrange` (Linux 3.5.0 or newer) +# +# @param action +# Specifies whether you wish to configure mod_actions action directive which will +# activate cgi-script when triggered by a request. +# +# @param jk_mounts +# Sets up a virtual host with `JkMount` and `JkUnMount` directives to handle the paths +# for URL mapping between Tomcat and Apache.<br /> +# The parameter must be an array of hashes where each hash must contain the `worker` +# and either the `mount` or `unmount` keys.<br /> +# Usage typically looks like: +# ``` puppet +# apache::vhost { 'sample.example.net': +# jk_mounts => [ +# { mount => '/*', worker => 'tcnode1', }, +# { unmount => '/*.jpg', worker => 'tcnode1', }, +# ], +# } +# ``` +# +# @param http_protocol_options +# Specifies the strictness of HTTP protocol checks. +# +# @param keepalive +# Determines whether to enable persistent HTTP connections with the `KeepAlive` directive +# for the virtual host. By default, the global, server-wide `KeepAlive` setting is in effect.<br /> +# Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options +# for the virtual host. +# +# @param keepalive_timeout +# Sets the `KeepAliveTimeout` directive for the virtual host, which determines the amount +# of time to wait for subsequent requests on a persistent HTTP connection. By default, the +# global, server-wide `KeepAlive` setting is in effect.<br /> +# This parameter is only relevant if either the global, server-wide `keepalive` parameter or +# the per-vhost `keepalive` parameter is enabled. +# +# @param max_keepalive_requests +# Limits the number of requests allowed per connection to the virtual host. By default, +# the global, server-wide `KeepAlive` setting is in effect.<br /> +# This parameter is only relevant if either the global, server-wide `keepalive` parameter or +# the per-vhost `keepalive` parameter is enabled. +# +# @param auth_kerb +# Enable `mod_auth_kerb` parameters for a virtual host.<br /> +# Usage typically looks like: +# ``` puppet +# apache::vhost { 'sample.example.net': +# auth_kerb => `true`, +# krb_method_negotiate => 'on', +# krb_auth_realms => ['EXAMPLE.ORG'], +# krb_local_user_mapping => 'on', +# directories => { +# path => '/var/www/html', +# auth_name => 'Kerberos Login', +# auth_type => 'Kerberos', +# auth_require => 'valid-user', +# }, +# } +# ``` +# +# @param krb_method_negotiate +# Determines whether to use the Negotiate method. +# +# @param krb_method_k5passwd +# Determines whether to use password-based authentication for Kerberos v5. +# +# @param krb_authoritative +# If set to `off`, authentication controls can be passed on to another module. +# +# @param krb_auth_realms +# Specifies an array of Kerberos realms to use for authentication. +# +# @param krb_5keytab +# Specifies the Kerberos v5 keytab file's location. +# +# @param krb_local_user_mapping +# Strips @REALM from usernames for further use. +# +# @param krb_verify_kdc +# This option can be used to disable the verification tickets against local keytab to prevent +# KDC spoofing attacks. +# +# @param krb_servicename +# Specifies the service name that will be used by Apache for authentication. Corresponding +# key of this name must be stored in the keytab. +# +# @param krb_save_credentials +# This option enables credential saving functionality. +# +# @param logroot +# Specifies the location of the virtual host's logfiles. +# +# @param logroot_ensure +# Determines whether or not to remove the logroot directory for a virtual host. +# +# @param logroot_mode +# Overrides the mode the logroot directory is set to. Do *not* grant write access to the +# directory the logs are stored in without being aware of the consequences; for more +# information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security). +# +# @param logroot_owner +# Sets individual user access to the logroot directory. +# +# @param logroot_group +# Sets group access to the `logroot` directory. +# +# @param log_level +# Specifies the verbosity of the error log. +# +# @param modsec_body_limit +# Configures the maximum request body size (in bytes) ModSecurity accepts for buffering. +# +# @param modsec_disable_vhost +# Disables `mod_security` on a virtual host. Only valid if `apache::mod::security` is included. +# +# @param modsec_disable_ids +# Removes `mod_security` IDs from the virtual host.<br /> +# Also takes a hash allowing removal of an ID from a specific location. +# ``` puppet +# apache::vhost { 'sample.example.net': +# modsec_disable_ids => [ 90015, 90016 ], +# } +# ``` +# +# ``` puppet +# apache::vhost { 'sample.example.net': +# modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, +# } +# ``` +# +# @param modsec_disable_ips +# Specifies an array of IP addresses to exclude from `mod_security` rule matching. +# +# @param modsec_disable_msgs +# Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing +# removal of an Msg from a specific location. +# ``` puppet +# apache::vhost { 'sample.example.net': +# modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'], +# } +# ``` +# ``` puppet +# apache::vhost { 'sample.example.net': +# modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] }, +# } +# ``` +# +# @param modsec_disable_tags +# Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing +# removal of an Tag from a specific location. +# ``` puppet +# apache::vhost { 'sample.example.net': +# modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'], +# } +# ``` +# ``` puppet +# apache::vhost { 'sample.example.net': +# modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] }, +# } +# ``` +# +# @param modsec_audit_log_file +# If set, it is relative to `logroot`.<br /> +# One of the parameters that determines how to send `mod_security` audit +# log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)). +# If none of those parameters are set, the global audit log is used +# (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ). +# +# @param modsec_audit_log_pipe +# If `modsec_audit_log_pipe` is set, it should start with a pipe. Example +# `|/path/to/mlogc /path/to/mlogc.conf`.<br /> +# One of the parameters that determines how to send `mod_security` audit +# log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)). +# If none of those parameters are set, the global audit log is used +# (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ). +# +# @param modsec_audit_log +# If `modsec_audit_log` is `true`, given a virtual host ---for instance, example.com--- it +# defaults to `example.com\_security\_ssl.log` for SSL-encrypted virtual hosts +# and `example.com\_security.log` for unencrypted virtual hosts.<br /> +# One of the parameters that determines how to send `mod_security` audit +# log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).<br /> +# If none of those parameters are set, the global audit log is used +# (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ). +# +# @param no_proxy_uris +# Specifies URLs you do not want to proxy. This parameter is meant to be used in combination +# with [`proxy_dest`](#proxy_dest). +# +# @param no_proxy_uris_match +# This directive is equivalent to `no_proxy_uris`, but takes regular expressions. +# +# @param proxy_preserve_host +# Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost).<br /> +# Setting this parameter to `true` enables the `Host:` line from an incoming request to be +# proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'. +# +# @param proxy_add_headers +# Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders).<br /> +# This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For, +# X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server. +# +# @param proxy_error_override +# Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). +# This directive controls whether Apache should override error pages for proxied content. +# +# @param options +# Sets the `Options` for the specified virtual host. For example: +# ``` puppet +# apache::vhost { 'site.name.fdqn': +# … +# options => ['Indexes','FollowSymLinks','MultiViews'], +# } +# ``` +# > **Note**: If you use the `directories` parameter of `apache::vhost`, 'Options', +# 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. +# +# @param override +# Sets the overrides for the specified virtual host. Accepts an array of +# [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. +# +# @param passenger_enabled +# Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) +# directive to `on` or `off`. Requires `apache::mod::passenger` to be included. +# ``` puppet +# apache::vhost { 'sample.example.net': +# docroot => '/path/to/directory', +# directories => [ +# { path => '/path/to/directory', +# passenger_enabled => 'on', +# }, +# ], +# } +# ``` +# > **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) +# using the PassengerEnabled directive with the PassengerHighPerformance directive. +# +# @param passenger_base_uri +# Sets [PassengerBaseURI](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbase_rui), +# to specify that the given URI is a distinct application served by Passenger. +# +# @param passenger_ruby +# Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby), +# specifying the Ruby interpreter to use when serving the relevant web applications. +# +# @param passenger_python +# Sets [PassengerPython](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpython), +# specifying the Python interpreter to use when serving the relevant web applications. +# +# @param passenger_nodejs +# Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#passengernodejs), +# specifying Node.js command to use when serving the relevant web applications. +# +# @param passenger_meteor_app_settings +# Sets [PassengerMeteorAppSettings](https://www.phusionpassenger.com/library/config/apache/reference/#passengermeteorappsettings), +# specifying a JSON file with settings for the application when using a Meteor +# application in non-bundled mode. +# +# @param passenger_app_env +# Sets [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv), +# the environment for the Passenger application. If not specified, defaults to the global +# setting or 'production'. +# +# @param passenger_app_root +# Sets [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot), +# the location of the Passenger application root if different from the DocumentRoot. +# +# @param passenger_app_group_name +# Sets [PassengerAppGroupName](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappgroupname), +# the name of the application group that the current application should belong to. +# +# @param passenger_app_type +# Sets [PassengerAppType](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapptype), +# to force Passenger to recognize the application as a specific type. +# +# @param passenger_startup_file +# Sets the [PassengerStartupFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile) +# path. This path is relative to the application root. +# +# @param passenger_restart_dir +# Sets the [PassengerRestartDir](https://www.phusionpassenger.com/library/config/apache/reference/#passengerrestartdir) +# to customize the directory in which `restart.txt` is searched for. +# +# @param passenger_spawn_method +# Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/library/config/apache/reference/#passengerspawnmethod), +# whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism. +# +# @param passenger_load_shell_envvars +# Sets [PassengerLoadShellEnvvars](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloadshellenvvars), +# to enable or disable the loading of shell environment variables before spawning the application. +# +# @param passenger_rolling_restarts +# Sets [PassengerRollingRestarts](https://www.phusionpassenger.com/library/config/apache/reference/#passengerrollingrestarts), +# to enable or disable support for zero-downtime application restarts through `restart.txt`. +# +# @param passenger_resist_deployment_errors +# Sets [PassengerResistDeploymentErrors](https://www.phusionpassenger.com/library/config/apache/reference/#passengerresistdeploymenterrors), +# to enable or disable resistance against deployment errors. +# +# @param passenger_user +# Sets [PassengerUser](https://www.phusionpassenger.com/library/config/apache/reference/#passengeruser), +# the running user for sandboxing applications. +# +# @param passenger_group +# Sets [PassengerGroup](https://www.phusionpassenger.com/library/config/apache/reference/#passengergroup), +# the running group for sandboxing applications. +# +# @param passenger_friendly_error_pages +# Sets [PassengerFriendlyErrorPages](https://www.phusionpassenger.com/library/config/apache/reference/#passengerfriendlyerrorpages), +# which can display friendly error pages whenever an application fails to start. This +# friendly error page presents the startup error message, some suggestions for solving +# the problem, a backtrace and a dump of the environment variables. +# +# @param passenger_min_instances +# Sets [PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances), +# the minimum number of application processes to run. +# +# @param passenger_max_instances +# Sets [PassengerMaxInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstances), +# the maximum number of application processes to run. +# +# @param passenger_max_preloader_idle_time +# Sets [PassengerMaxPreloaderIdleTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpreloaderidletime), +# the maximum amount of time the preloader waits before shutting down an idle process. +# +# @param passenger_force_max_concurrent_requests_per_process +# Sets [PassengerForceMaxConcurrentRequestsPerProcess](https://www.phusionpassenger.com/library/config/apache/reference/#passengerforcemaxconcurrentrequestsperprocess), +# the maximum amount of concurrent requests the application can handle per process. +# +# @param passenger_start_timeout +# Sets [PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout), +# the timeout for the application startup. +# +# @param passenger_concurrency_model +# Sets [PassengerConcurrencyModel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerconcurrencyodel), +# to specify the I/O concurrency model that should be used for Ruby application processes. +# Passenger supports two concurrency models:<br /> +# * `process` – single-threaded, multi-processed I/O concurrency. +# * `thread` – multi-threaded, multi-processed I/O concurrency. +# +# @param passenger_thread_count +# Sets [PassengerThreadCount](https://www.phusionpassenger.com/library/config/apache/reference/#passengerthreadcount), +# the number of threads that Passenger should spawn per Ruby application process.<br /> +# This option only has effect if PassengerConcurrencyModel is `thread`. +# +# @param passenger_max_requests +# Sets [PassengerMaxRequests](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests), +# the maximum number of requests an application process will process. +# +# @param passenger_max_request_time +# Sets [PassengerMaxRequestTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequesttime), +# the maximum amount of time, in seconds, that an application process may take to +# process a request. +# +# @param passenger_memory_limit +# Sets [PassengerMemoryLimit](https://www.phusionpassenger.com/library/config/apache/reference/#passengermemorylimit), +# the maximum amount of memory that an application process may use, in megabytes. +# +# @param passenger_stat_throttle_rate +# Sets [PassengerStatThrottleRate](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstatthrottlerate), +# to set a limit, in seconds, on how often Passenger will perform it's filesystem checks. +# +# @param passenger_pre_start +# Sets [PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/reference/#passengerprestart), +# the URL of the application if pre-starting is required. +# +# @param passenger_high_performance +# Sets [PassengerHighPerformance](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance), +# to enhance performance in return for reduced compatibility. +# +# @param passenger_buffer_upload +# Sets [PassengerBufferUpload](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbufferupload), +# to buffer HTTP client request bodies before they are sent to the application. +# +# @param passenger_buffer_response +# Sets [PassengerBufferResponse](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbufferresponse), +# to buffer Happlication-generated responses. +# +# @param passenger_error_override +# Sets [PassengerErrorOverride](https://www.phusionpassenger.com/library/config/apache/reference/#passengererroroverride), +# to specify whether Apache will intercept and handle response with HTTP status codes of +# 400 and higher. +# +# @param passenger_max_request_queue_size +# Sets [PassengerMaxRequestQueueSize](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize), +# to specify the maximum amount of requests that are allowed to queue whenever the maximum +# concurrent request limit is reached. If the queue is already at this specified limit, then +# Passenger immediately sends a "503 Service Unavailable" error to any incoming requests.<br /> +# A value of 0 means that the queue size is unbounded. +# +# @param passenger_max_request_queue_time +# Sets [PassengerMaxRequestQueueTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuetime), +# to specify the maximum amount of time that requests are allowed to stay in the queue +# whenever the maximum concurrent request limit is reached. If a request reaches this specified +# limit, then Passenger immeaditly sends a "504 Gateway Timeout" error for that request.<br /> +# A value of 0 means that the queue time is unbounded. +# +# @param passenger_sticky_sessions +# Sets [PassengerStickySessions](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions), +# to specify that, whenever possible, all requests sent by a client will be routed to the same +# originating application process. +# +# @param passenger_sticky_sessions_cookie_name +# Sets [PassengerStickySessionsCookieName](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessionscookiename), +# to specify the name of the sticky sessions cookie. +# +# @param passenger_allow_encoded_slashes +# Sets [PassengerAllowEncodedSlashes](https://www.phusionpassenger.com/library/config/apache/reference/#passengerallowencodedslashes), +# to allow URLs with encoded slashes. Please note that this feature will not work properly +# unless Apache's `AllowEncodedSlashes` is also enabled. +# +# @param passenger_debugger +# Sets [PassengerDebugger](https://www.phusionpassenger.com/library/config/apache/reference/#passengerdebugger), +# to turn support for Ruby application debugging on or off. +# +# @param passenger_lve_min_uid +# Sets [PassengerLveMinUid](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlveminuid), +# to only allow the spawning of application processes with UIDs equal to, or higher than, this +# specified value on LVE-enabled kernels. +# +# @param php_values +# Allows per-virtual host setting [`php_value`s](http://php.net/manual/en/configuration.changes.php). +# These flags or values can be overwritten by a user or an application. +# Within a vhost declaration: +# ``` puppet +# php_values => [ 'include_path ".:/usr/local/example-app/include"' ], +# ``` +# +# @param php_flags +# Allows per-virtual host setting [`php_flags\``](http://php.net/manual/en/configuration.changes.php). +# These flags or values can be overwritten by a user or an application. +# +# @param php_admin_values +# Allows per-virtual host setting [`php_admin_value`](http://php.net/manual/en/configuration.changes.php). +# These flags or values cannot be overwritten by a user or an application. +# +# @param php_admin_flags +# Allows per-virtual host setting [`php_admin_flag`](http://php.net/manual/en/configuration.changes.php). +# These flags or values cannot be overwritten by a user or an application. +# +# @param port +# Sets the port the host is configured on. The module's defaults ensure the host listens +# on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only +# listens on the port set in this parameter. +# +# @param priority +# Sets the relative load-order for Apache HTTPD VirtualHost configuration files.<br /> +# If nothing matches the priority, the first name-based virtual host is used. Likewise, +# passing a higher priority causes the alphabetically first name-based virtual host to be +# used if no other names match.<br /> +# > **Note:** You should not need to use this parameter. However, if you do use it, be +# aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'.<br /> +# To omit the priority prefix in file names, pass a priority of `false`. +# +# @param protocols +# Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols) +# directive, which lists available protocols for the virutal host. +# +# @param protocols_honor_order +# Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder) +# directive which determines wether the order of Protocols sets precedence during negotiation. +# +# @param proxy_dest +# Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. +# +# @param proxy_pass +# Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) +# configuration. Optionally, parameters can be added as an array. +# ``` puppet +# apache::vhost { 'site.name.fdqn': +# … +# proxy_pass => [ +# { 'path' => '/a', 'url' => 'http://backend-a/' }, +# { 'path' => '/b', 'url' => 'http://backend-b/' }, +# { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}}, +# { 'path' => '/l', 'url' => 'http://backend-xy', +# 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, +# { 'path' => '/d', 'url' => 'http://backend-a/d', +# 'params' => { 'retry' => '0', 'timeout' => '5' }, }, +# { 'path' => '/e', 'url' => 'http://backend-a/e', +# 'keywords' => ['nocanon', 'interpolate'] }, +# { 'path' => '/f', 'url' => 'http://backend-f/', +# 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, +# { 'path' => '/g', 'url' => 'http://backend-g/', +# 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], }, +# { 'path' => '/h', 'url' => 'http://backend-h/h', +# 'no_proxy_uris' => ['/h/admin', '/h/server-status'] }, +# ], +# } +# ``` +# * `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string. +# * `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`. +# * `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings. +# * `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array. +# +# @param proxy_dest_match +# This directive is equivalent to `proxy_dest`, but takes regular expressions, see +# [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) +# for details. +# +# @param proxy_dest_reverse_match +# Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See +# [ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) +# for details. +# +# @param proxy_pass_match +# This directive is equivalent to `proxy_pass`, but takes regular expressions, see +# [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) +# for details. +# +# @param redirect_dest +# Specifies the address to redirect to. +# +# @param redirect_source +# Specifies the source URIs that redirect to the destination specified in `redirect_dest`. +# If more than one item for redirect is supplied, the source and destination must be the same +# length, and the items are order-dependent. +# ``` puppet +# apache::vhost { 'site.name.fdqn': +# … +# redirect_source => ['/images','/downloads'], +# redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], +# } +# ``` +# +# @param redirect_status +# Specifies the status to append to the redirect. +# ``` puppet +# apache::vhost { 'site.name.fdqn': +# … +# redirect_status => ['temp','permanent'], +# } +# ``` +# +# @param redirectmatch_regexp +# Determines which server status should be raised for a given regular expression +# and where to forward the user to. Entered as an array alongside redirectmatch_status +# and redirectmatch_dest. +# ``` puppet +# apache::vhost { 'site.name.fdqn': +# … +# redirectmatch_status => ['404','404'], +# redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], +# redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], +# } +# ``` +# +# @param redirectmatch_status +# Determines which server status should be raised for a given regular expression +# and where to forward the user to. Entered as an array alongside redirectmatch_regexp +# and redirectmatch_dest. +# ``` puppet +# apache::vhost { 'site.name.fdqn': +# … +# redirectmatch_status => ['404','404'], +# redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], +# redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], +# } +# ``` +# +# @param redirectmatch_dest +# Determines which server status should be raised for a given regular expression +# and where to forward the user to. Entered as an array alongside redirectmatch_status +# and redirectmatch_regexp. +# ``` puppet +# apache::vhost { 'site.name.fdqn': +# … +# redirectmatch_status => ['404','404'], +# redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], +# redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], +# } +# ``` +# +# @param request_headers +# Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) +# in various ways, including adding additional request headers, removing request headers, +# and so on. +# ``` puppet +# apache::vhost { 'site.name.fdqn': +# … +# request_headers => [ +# 'append MirrorID "mirror 12"', +# 'unset MirrorID', +# ], +# } +# ``` +# +# @param rewrites +# Creates URL rewrite rules. Expects an array of hashes.<br /> +# Valid Hash keys include `comment`, `rewrite_base`, `rewrite_cond`, `rewrite_rule` +# or `rewrite_map`.<br /> +# For example, you can specify that anyone trying to access index.html is served welcome.html +# ``` puppet +# apache::vhost { 'site.name.fdqn': +# … +# rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] +# } +# ``` +# The parameter allows rewrite conditions that, when `true`, execute the associated rule. +# For instance, if you wanted to rewrite URLs only if the visitor is using IE +# ``` puppet +# apache::vhost { 'site.name.fdqn': +# … +# rewrites => [ +# { +# comment => 'redirect IE', +# rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], +# rewrite_rule => ['^index\.html$ welcome.html'], +# }, +# ], +# } +# ``` +# You can also apply multiple conditions. For instance, rewrite index.html to welcome.html +# only when the browser is Lynx or Mozilla (version 1 or 2) +# ``` puppet +# apache::vhost { 'site.name.fdqn': +# … +# rewrites => [ +# { +# comment => 'Lynx or Mozilla v1/2', +# rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], +# rewrite_rule => ['^index\.html$ welcome.html'], +# }, +# ], +# } +# ``` +# Multiple rewrites and conditions are also possible +# ``` puppet +# apache::vhost { 'site.name.fdqn': +# … +# rewrites => [ +# { +# comment => 'Lynx or Mozilla v1/2', +# rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], +# rewrite_rule => ['^index\.html$ welcome.html'], +# }, +# { +# comment => 'Internet Explorer', +# rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], +# rewrite_rule => ['^index\.html$ /index.IE.html [L]'], +# }, +# { +# rewrite_base => /apps/, +# rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], +# }, +# { comment => 'Rewrite to lower case', +# rewrite_cond => ['%{REQUEST_URI} [A-Z]'], +# rewrite_map => ['lc int:tolower'], +# rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], +# }, +# ], +# } +# ``` +# Refer to the [`mod_rewrite` documentation](https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html) +# for more details on what is possible with rewrite rules and conditions.<br /> +# > **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` +# and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather +# than setting the rewrites in the virtual host's directories. +# +# @param rewrite_base +# The parameter [`rewrite_base`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase) +# specifies the URL prefix to be used for per-directory (htaccess) RewriteRule directives +# that substitue a relative path. +# +# @param rewrite_rule +# The parameter [`rewrite_rile`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule) +# allows the user to define the rules that will be used by the rewrite engine. +# +# @param rewrite_cond +# The parameter [`rewrite_cond`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond) +# defines a rule condition, that when satisfied will implement that rule within the +# rewrite engine. +# +# @param rewrite_inherit +# Determines whether the virtual host inherits global rewrite rules.<br /> +# Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or +# inside the virtual host `.conf` file. By default, virtual hosts do not inherit +# global settings. To activate inheritance, specify the `rewrites` parameter and set +# `rewrite_inherit` parameter to `true`: +# ``` puppet +# apache::vhost { 'site.name.fdqn': +# … +# rewrites => [ +# <rules>, +# ], +# rewrite_inherit => `true`, +# } +# ``` +# > **Note**: The `rewrites` parameter is **required** for this to have effect<br /> +# Apache activates global `Rewrite` rules inheritance if the virtual host files contains +# the following directives: +# ``` ApacheConf +# RewriteEngine On +# RewriteOptions Inherit +# ``` +# Refer to the official [`mod_rewrite`](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html) +# documentation, section "Rewriting in Virtual Hosts". +# +# @param scriptalias +# Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as +# '/usr/scripts'. +# +# @param scriptaliases +# > **Note**: This parameter is deprecated in favor of the `aliases` parameter.<br /> +# Passes an array of hashes to the virtual host to create either ScriptAlias or +# ScriptAliasMatch statements per the `mod_alias` documentation. +# ``` puppet +# scriptaliases => [ +# { +# alias => '/myscript', +# path => '/usr/share/myscript', +# }, +# { +# aliasmatch => '^/foo(.*)', +# path => '/usr/share/fooscripts$1', +# }, +# { +# aliasmatch => '^/bar/(.*)', +# path => '/usr/share/bar/wrapper.sh/$1', +# }, +# { +# alias => '/neatscript', +# path => '/usr/share/neatscript', +# }, +# ] +# ``` +# The ScriptAlias and ScriptAliasMatch directives are created in the order specified. +# As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases +# before more general ones to avoid shadowing. +# +# @param serveradmin +# Specifies the email address Apache displays when it renders one of its error pages. +# +# @param serveraliases +# Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias) +# of the site. +# +# @param servername +# Sets the servername corresponding to the hostname you connect to the virtual host at. +# +# @param setenv +# Used by HTTPD to set environment variables for virtual hosts.<br /> +# Example: +# ``` puppet +# apache::vhost { 'setenv.example.com': +# setenv => ['SPECIAL_PATH /foo/bin'], +# } +# ``` +# +# @param setenvif +# Used by HTTPD to conditionally set environment variables for virtual hosts. +# +# @param setenvifnocase +# Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching). +# +# @param suexec_user_group +# Allows the spcification of user and group execution privileges for CGI programs through +# inclusion of the `mod_suexec` module. +# +# @param suphp_addhandler +# Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG) +# working together with suphp_configpath and suphp_engine.<br /> +# An example virtual host configuration with suPHP: +# ``` puppet +# apache::vhost { 'suphp.example.com': +# port => '80', +# docroot => '/home/appuser/myphpapp', +# suphp_addhandler => 'x-httpd-php', +# suphp_engine => 'on', +# suphp_configpath => '/etc/php5/apache2', +# directories => { path => '/home/appuser/myphpapp', +# 'suphp' => { user => 'myappuser', group => 'myappgroup' }, +# } +# } +# ``` +# +# @param suphp_configpath +# Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG) +# working together with suphp_addhandler and suphp_engine.<br /> +# An example virtual host configuration with suPHP: +# ``` puppet +# apache::vhost { 'suphp.example.com': +# port => '80', +# docroot => '/home/appuser/myphpapp', +# suphp_addhandler => 'x-httpd-php', +# suphp_engine => 'on', +# suphp_configpath => '/etc/php5/apache2', +# directories => { path => '/home/appuser/myphpapp', +# 'suphp' => { user => 'myappuser', group => 'myappgroup' }, +# } +# } +# ``` +# +# @param suphp_engine +# Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG) +# working together with suphp_configpath and suphp_addhandler.<br /> +# An example virtual host configuration with suPHP: +# ``` puppet +# apache::vhost { 'suphp.example.com': +# port => '80', +# docroot => '/home/appuser/myphpapp', +# suphp_addhandler => 'x-httpd-php', +# suphp_engine => 'on', +# suphp_configpath => '/etc/php5/apache2', +# directories => { path => '/home/appuser/myphpapp', +# 'suphp' => { user => 'myappuser', group => 'myappgroup' }, +# } +# } +# ``` +# +# @param vhost_name +# Enables name-based virtual hosting. If no IP is passed to the virtual host, but the +# virtual host is assigned a port, then the virtual host name is `vhost_name:port`. +# If the virtual host has no assigned IP or port, the virtual host name is set to the +# title of the resource. +# +# @param virtual_docroot +# Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the +# same name. For example, `http://example.com` would map to `/var/www/example.com`. +# ``` puppet +# apache::vhost { 'subdomain.loc': +# vhost_name => '*', +# port => '80', +# virtual_docroot => '/var/www/%-2+', +# docroot => '/var/www', +# serveraliases => ['*.loc',], +# } +# ``` +# +# @param wsgi_daemon_process +# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside +# wsgi_daemon_process_options, wsgi_process_group, +# wsgi_script_aliases and wsgi_pass_authorization.<br /> +# A hash that sets the name of the WSGI daemon, accepting +# [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html).<br /> +# An example virtual host configuration with WSGI: +# ``` puppet +# apache::vhost { 'wsgi.example.com': +# port => '80', +# docroot => '/var/www/pythonapp', +# wsgi_daemon_process => 'wsgi', +# wsgi_daemon_process_options => +# { processes => '2', +# threads => '15', +# display-name => '%{GROUP}', +# }, +# wsgi_process_group => 'wsgi', +# wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, +# wsgi_chunked_request => 'On', +# } +# ``` +# +# @param wsgi_daemon_process_options +# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside +# wsgi_daemon_process, wsgi_process_group, +# wsgi_script_aliases and wsgi_pass_authorization.<br /> +# Sets the group ID that the virtual host runs under. +# +# @param wsgi_application_group +# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside +# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, +# and wsgi_pass_authorization.<br /> +# This parameter defines the [`WSGIApplicationGroup directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html), +# thus allowing you to specify which application group the WSGI application belongs to, +# with all WSGI applications within the same group executing within the context of the +# same Python sub interpreter. +# +# @param wsgi_import_script +# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside +# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, +# and wsgi_pass_authorization.<br /> +# This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html), +# which can be used in order to specify a script file to be loaded upon a process starting. +# +# @param wsgi_import_script_options +# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside +# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, +# and wsgi_pass_authorization.<br /> +# This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html), +# which can be used in order to specify a script file to be loaded upon a process starting.<br /> +# Specifies the process and aplication groups of the script. +# +# @param wsgi_chunked_request +# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside +# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, +# and wsgi_pass_authorization.<br /> +# This parameter defines the [`WSGIChunkedRequest directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIChunkedRequest.html), +# allowing you to enable support for chunked request content.<br /> +# WSGI is technically incapable of supporting chunked request content without all chunked +# request content having first been read in and buffered. +# +# @param wsgi_process_group +# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside +# wsgi_daemon_process, wsgi_daemon_process_options, +# wsgi_script_aliases and wsgi_pass_authorization.<br /> +# Requires a hash of web paths to filesystem `.wsgi paths/`. +# +# @param wsgi_script_aliases +# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside +# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, +# and wsgi_pass_authorization.<br /> +# Uses the WSGI application to handle authorization instead of Apache when set to `On`.<br /> +# For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). +# +# @param wsgi_script_aliases_match +# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside +# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group, +# and wsgi_pass_authorization.<br /> +# Uses the WSGI application to handle authorization instead of Apache when set to `On`.<br /> +# This directive is similar to `wsgi_script_aliases`, but makes use of regular expressions +# in place of simple prefix matching.<br /> +# For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). +# +# @param wsgi_pass_authorization +# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside +# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group and +# wsgi_script_aliases.<br /> +# Enables support for chunked requests. +# +# @param directories +# The `directories` parameter within the `apache::vhost` class passes an array of hashes +# to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory), +# [File](https://httpd.apache.org/docs/current/mod/core.html#files), and +# [Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. +# These blocks take the form, `< Directory /path/to/directory>...< /Directory>`.<br /> +# The `path` key sets the path for the directory, files, and location blocks. Its value +# must be a path for the `directory`, `files`, and `location` providers, or a regex for +# the `directorymatch`, `filesmatch`, or `locationmatch` providers. Each hash passed to +# `directories` **must** contain `path` as one of the keys.<br /> +# The `provider` key is optional. If missing, this key defaults to `directory`. +# Values: `directory`, `files`, `proxy`, `location`, `directorymatch`, `filesmatch`, +# `proxymatch` or `locationmatch`. If you set `provider` to `directorymatch`, it +# uses the keyword `DirectoryMatch` in the Apache config file.<br /> +# An example use of `directories`: +# ``` puppet +# apache::vhost { 'files.example.net': +# docroot => '/var/www/files', +# directories => [ +# { 'path' => '/var/www/files', +# 'provider' => 'files', +# 'deny' => 'from all', +# }, +# ], +# } +# ``` +# > **Note:** At least one directory should match the `docroot` parameter. After you +# start declaring directories, `apache::vhost` assumes that all required Directory blocks +# will be declared. If not defined, a single default Directory block is created that matches +# the `docroot` parameter.<br /> +# Available handlers, represented as keys, should be placed within the `directory`, +# `files`, or `location` hashes. This looks like +# ``` puppet +# apache::vhost { 'sample.example.net': +# docroot => '/path/to/directory', +# directories => [ { path => '/path/to/directory', handler => value } ], +# } +# ``` +# Any handlers you do not set in these hashes are considered `undefined` within Puppet and +# are not added to the virtual host, resulting in the module using their default values. +# +# @param custom_fragment +# Pass a string of custom configuration directives to be placed at the end of the directory +# configuration. +# ``` puppet +# apache::vhost { 'monitor': +# … +# directories => [ +# { +# path => '/path/to/directory', +# custom_fragment => ' +# <Location /balancer-manager> +# SetHandler balancer-manager +# Order allow,deny +# Allow from all +# </Location> +# <Location /server-status> +# SetHandler server-status +# Order allow,deny +# Allow from all +# </Location> +# ProxyStatus On', +# }, +# ] +# } +# ``` +# +# @param error_documents +# An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) +# settings for the directory. +# ``` puppet +# apache::vhost { 'sample.example.net': +# directories => [ +# { path => '/srv/www', +# error_documents => [ +# { 'error_code' => '503', +# 'document' => '/service-unavail', +# }, +# ], +# }, +# ], +# } +# ``` +# +# @param h2_copy_files +# Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive.<br /> +# Note that you must declare `class {'apache::mod::http2': }` before using this directive. +# +# @param h2_push_resource +# Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive.<br /> +# Note that you must declare `class {'apache::mod::http2': }` before using this directive. +# +# @param headers +# Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. +# ``` puppet +# apache::vhost { 'sample.example.net': +# docroot => '/path/to/directory', +# directories => { +# path => '/path/to/directory', +# headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', +# }, +# } +# ``` +# +# @param options +# Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the +# given Directory block. +# ``` puppet +# apache::vhost { 'sample.example.net': +# docroot => '/path/to/directory', +# directories => [ +# { path => '/path/to/directory', +# options => ['Indexes','FollowSymLinks','MultiViews'], +# }, +# ], +# } +# ``` +# +# @param shib_compat_valid_user +# Default is Off, matching the behavior prior to this command's existence. Addresses a conflict +# when using Shibboleth in conjunction with other auth/auth modules by restoring `standard` +# Apache behavior when processing the `valid-user` and `user` Require rules. See the +# [`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions), +# and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess) +# topic for more details. This key is disabled if `apache::mod::shib` is not defined. +# +# @param ssl_options +# String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), +# which configure SSL engine run-time options. This handler takes precedence over SSLOptions +# set in the parent block of the virtual host. +# ``` puppet +# apache::vhost { 'secure.example.net': +# docroot => '/path/to/directory', +# directories => [ +# { path => '/path/to/directory', +# ssl_options => '+ExportCertData', +# }, +# { path => '/path/to/different/dir', +# ssl_options => ['-StdEnvVars', '+ExportCertData'], +# }, +# ], +# } +# ``` +# +# @param additional_includes +# Specifies paths to additional static, specific Apache configuration files in virtual +# host directories. +# ``` puppet +# apache::vhost { 'sample.example.net': +# docroot => '/path/to/directory', +# directories => [ +# { path => '/path/to/different/dir', +# additional_includes => ['/custom/path/includes', '/custom/path/another_includes',], +# }, +# ], +# } +# ``` +# +# @param ssl +# Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. +# +# @param ssl_ca +# Specifies the SSL certificate authority to be used to verify client certificates used +# for authentication. You must also set `ssl_verify_client` to use this. +# +# @param ssl_cert +# Specifies the SSL certification. +# +# @param ssl_protocol +# Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). +# Expects an array or space separated string of accepted protocols. +# +# @param ssl_cipher +# Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). +# +# @param ssl_honorcipherorder +# Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), +# to cause Apache to use the server's preferred order of ciphers rather than the client's +# preferred order. +# +# @param ssl_certs_dir +# Specifies the location of the SSL certification directory to verify client certs. Will not +# be used unless `ssl_verify_client` is also set (see below). +# +# @param ssl_chain +# Specifies the SSL chain. This default works out of the box, but it must be updated in +# the base `apache` class with your specific certificate information before being used in +# production. +# +# @param ssl_crl +# Specifies the certificate revocation list to use. (This default works out of the box but +# must be updated in the base `apache` class with your specific certificate information +# before being used in production.) +# +# @param ssl_crl_path +# Specifies the location of the certificate revocation list to verify certificates for +# client authentication with. (This default works out of the box but must be updated in +# the base `apache` class with your specific certificate information before being used in +# production.) +# +# @param ssl_crl_check +# Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck) +# for ssl client authentication. The default works out of the box but must be specified when +# using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on +# older versions. +# +# @param ssl_key +# Specifies the SSL key.<br /> +# Defaults are based on your operating system. Default work out of the box but must be +# updated in the base `apache` class with your specific certificate information before +# being used in production. +# +# @param ssl_verify_client +# Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) +# directive, which sets the certificate verification level for client authentication. +# ``` puppet +# apache::vhost { 'sample.example.net': +# … +# ssl_verify_client => 'optional', +# } +# ``` +# +# @param ssl_verify_depth +# Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) +# directive, which specifies the maximum depth of CA certificates in client certificate +# verification. You must set `ssl_verify_client` for it to take effect. +# ``` puppet +# apache::vhost { 'sample.example.net': +# … +# ssl_verify_client => 'require', +# ssl_verify_depth => 1, +# } +# ``` +# +# @param ssl_proxy_protocol +# Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) +# directive, which controls which SSL protocol flavors `mod_ssl` should use when establishing +# its server environment for proxy. It connects to servers using only one of the provided +# protocols. +# +# @param ssl_proxy_verify +# Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) +# directive, which configures certificate verification of the remote server when a proxy is +# configured to forward requests to a remote SSL server. +# +# @param ssl_proxy_verify_depth +# Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth) +# directive, which configures how deeply mod_ssl should verify before deciding that the +# remote server does not have a valid certificate.<br /> +# A depth of 0 means that only self-signed remote server certificates are accepted, +# the default depth of 1 means the remote server certificate can be self-signed or +# signed by a CA that is directly known to the server. +# +# @param ssl_proxy_cipher_suite +# Sets the [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite) +# directive, which controls cipher suites supported for ssl proxy traffic. +# +# @param ssl_proxy_ca_cert +# Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile) +# directive, which specifies an all-in-one file where you can assemble the Certificates +# of Certification Authorities (CA) whose remote servers you deal with. These are used +# for Remote Server Authentication. This file should be a concatenation of the PEM-encoded +# certificate files in order of preference. +# +# @param ssl_proxy_machine_cert +# Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) +# directive, which specifies an all-in-one file where you keep the certs and keys used +# for this server to authenticate itself to remote servers. This file should be a +# concatenation of the PEM-encoded certificate files in order of preference. +# ``` puppet +# apache::vhost { 'sample.example.net': +# … +# ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem', +# } +# ``` +# +# @param ssl_proxy_check_peer_cn +# Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) +# directive, which specifies whether the remote server certificate's CN field is compared +# against the hostname of the request URL. +# +# @param ssl_proxy_check_peer_name +# Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) +# directive, which specifies whether the remote server certificate's CN field is compared +# against the hostname of the request URL. +# +# @param ssl_proxy_check_peer_expire +# Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) +# directive, which specifies whether the remote server certificate is checked for expiration +# or not. +# +# @param ssl_options +# Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) +# directive, which configures various SSL engine run-time options. This is the global +# setting for the given virtual host and can be a string or an array.<br /> +# A string: +# ``` puppet +# apache::vhost { 'sample.example.net': +# … +# ssl_options => '+ExportCertData', +# } +# ``` +# An array: +# ``` puppet +# apache::vhost { 'sample.example.net': +# … +# ssl_options => ['+StrictRequire', '+ExportCertData'], +# } +# ``` +# +# @param ssl_openssl_conf_cmd +# Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) +# directive, which provides direct configuration of OpenSSL parameters. +# +# @param ssl_proxyengine +# Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). +# +# @param ssl_stapling +# Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). +# By default, uses what is set globally.<br /> +# This parameter only applies to Apache 2.4 or higher and is ignored on older versions. +# +# @param ssl_stapling_timeout +# Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive.<br /> +# This parameter only applies to Apache 2.4 or higher and is ignored on older versions. +# +# @param ssl_stapling_return_errors +# Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.<br /> +# This parameter only applies to Apache 2.4 or higher and is ignored on older versions. +# +# @param use_canonical_name +# Specifies whether to use the [`UseCanonicalName directive`](https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname), +# which allows you to configure how the server determines it's own name and port. +# +# @param define +# this lets you define configuration variables inside a vhost using [`Define`](https://httpd.apache.org/docs/2.4/mod/core.html#define), +# these can then be used to replace configuration values. All Defines are Undefined at the end of the VirtualHost. +# define apache::vhost( - $docroot, - $manage_docroot = true, - $virtual_docroot = false, - $port = undef, - $ip = undef, - $ip_based = false, - $add_listen = true, - $docroot_owner = 'root', - $docroot_group = $::apache::params::root_group, - $docroot_mode = undef, - $serveradmin = undef, - $ssl = false, - $ssl_cert = $::apache::default_ssl_cert, - $ssl_key = $::apache::default_ssl_key, - $ssl_chain = $::apache::default_ssl_chain, - $ssl_ca = $::apache::default_ssl_ca, - $ssl_crl_path = $::apache::default_ssl_crl_path, - $ssl_crl = $::apache::default_ssl_crl, - $ssl_crl_check = $::apache::default_ssl_crl_check, - $ssl_certs_dir = $::apache::params::ssl_certs_dir, - $ssl_protocol = undef, - $ssl_cipher = undef, - $ssl_honorcipherorder = undef, - $ssl_verify_client = undef, - $ssl_verify_depth = undef, - $ssl_proxy_verify = undef, - $ssl_proxy_check_peer_cn = undef, - $ssl_proxy_check_peer_name = undef, - $ssl_proxy_check_peer_expire = undef, - $ssl_proxy_machine_cert = undef, - $ssl_proxy_protocol = undef, - $ssl_options = undef, - $ssl_openssl_conf_cmd = undef, - $ssl_proxyengine = false, - $ssl_stapling = undef, - $ssl_stapling_timeout = undef, - $ssl_stapling_return_errors = undef, - $priority = undef, - $default_vhost = false, - $servername = $name, - $serveraliases = [], - $options = ['Indexes','FollowSymLinks','MultiViews'], - $override = ['None'], - $directoryindex = '', - $vhost_name = '*', - $logroot = $::apache::logroot, - $logroot_ensure = 'directory', - $logroot_mode = undef, - $logroot_owner = undef, - $logroot_group = undef, - $log_level = undef, - $access_log = true, - $access_log_file = false, - $access_log_pipe = false, - $access_log_syslog = false, - $access_log_format = false, - $access_log_env_var = false, - $access_logs = undef, - $aliases = undef, - $directories = undef, - $error_log = true, - $error_log_file = undef, - $error_log_pipe = undef, - $error_log_syslog = undef, - $modsec_audit_log = undef, - $modsec_audit_log_file = undef, - $modsec_audit_log_pipe = undef, - $error_documents = [], - $fallbackresource = undef, - $scriptalias = undef, - $scriptaliases = [], - $proxy_dest = undef, - $proxy_dest_match = undef, - $proxy_dest_reverse_match = undef, - $proxy_pass = undef, - $proxy_pass_match = undef, - $suphp_addhandler = $::apache::params::suphp_addhandler, - $suphp_engine = $::apache::params::suphp_engine, - $suphp_configpath = $::apache::params::suphp_configpath, - $php_flags = {}, - $php_values = {}, - $php_admin_flags = {}, - $php_admin_values = {}, - $no_proxy_uris = [], - $no_proxy_uris_match = [], - $proxy_preserve_host = false, - $proxy_add_headers = undef, - $proxy_error_override = false, - $redirect_source = '/', - $redirect_dest = undef, - $redirect_status = undef, - $redirectmatch_status = undef, - $redirectmatch_regexp = undef, - $redirectmatch_dest = undef, - $rack_base_uris = undef, - $passenger_base_uris = undef, - $headers = undef, - $request_headers = undef, - $filters = undef, - $rewrites = undef, - $rewrite_base = undef, - $rewrite_rule = undef, - $rewrite_cond = undef, - $rewrite_inherit = false, - $setenv = [], - $setenvif = [], - $setenvifnocase = [], - $block = [], - $ensure = 'present', - $wsgi_application_group = undef, - $wsgi_daemon_process = undef, - $wsgi_daemon_process_options = undef, - $wsgi_import_script = undef, - $wsgi_import_script_options = undef, - $wsgi_process_group = undef, - $wsgi_script_aliases_match = undef, - $wsgi_script_aliases = undef, - $wsgi_pass_authorization = undef, - $wsgi_chunked_request = undef, - $custom_fragment = undef, - $itk = undef, - $action = undef, - $fastcgi_server = undef, - $fastcgi_socket = undef, - $fastcgi_dir = undef, - $fastcgi_idle_timeout = undef, - $additional_includes = [], - $use_optional_includes = $::apache::use_optional_includes, - $apache_version = $::apache::apache_version, - $allow_encoded_slashes = undef, - $suexec_user_group = undef, - $passenger_app_root = undef, - $passenger_app_env = undef, - $passenger_ruby = undef, - $passenger_min_instances = undef, - $passenger_start_timeout = undef, - $passenger_pre_start = undef, - $passenger_user = undef, - $passenger_high_performance = undef, - $passenger_nodejs = undef, - $passenger_sticky_sessions = undef, - $passenger_startup_file = undef, - $add_default_charset = undef, - $modsec_disable_vhost = undef, - $modsec_disable_ids = undef, - $modsec_disable_ips = undef, - $modsec_disable_msgs = undef, - $modsec_disable_tags = undef, - $modsec_body_limit = undef, - $jk_mounts = undef, - $auth_kerb = false, - $krb_method_negotiate = 'on', - $krb_method_k5passwd = 'on', - $krb_authoritative = 'on', - $krb_auth_realms = [], - $krb_5keytab = undef, - $krb_local_user_mapping = undef, - $krb_verify_kdc = 'on', - $krb_servicename = 'HTTP', - $krb_save_credentials = 'off', - $keepalive = undef, - $keepalive_timeout = undef, - $max_keepalive_requests = undef, - $cas_attribute_prefix = undef, - $cas_attribute_delimiter = undef, - $cas_scrub_request_headers = undef, - $cas_sso_enabled = undef, - $cas_login_url = undef, - $cas_validate_url = undef, - $cas_validate_saml = undef, + Variant[Boolean,String] $docroot, + $manage_docroot = true, + $virtual_docroot = false, + $port = undef, + $ip = undef, + Boolean $ip_based = false, + $add_listen = true, + $docroot_owner = 'root', + $docroot_group = $::apache::params::root_group, + $docroot_mode = undef, + Array[Enum['h2', 'h2c', 'http/1.1']] $protocols = [], + Optional[Boolean] $protocols_honor_order = undef, + $serveradmin = undef, + Boolean $ssl = false, + $ssl_cert = $::apache::default_ssl_cert, + $ssl_key = $::apache::default_ssl_key, + $ssl_chain = $::apache::default_ssl_chain, + $ssl_ca = $::apache::default_ssl_ca, + $ssl_crl_path = $::apache::default_ssl_crl_path, + $ssl_crl = $::apache::default_ssl_crl, + $ssl_crl_check = $::apache::default_ssl_crl_check, + $ssl_certs_dir = $::apache::params::ssl_certs_dir, + $ssl_protocol = undef, + $ssl_cipher = undef, + $ssl_honorcipherorder = undef, + $ssl_verify_client = undef, + $ssl_verify_depth = undef, + Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_proxy_verify = undef, + Optional[Integer[0]] $ssl_proxy_verify_depth = undef, + $ssl_proxy_ca_cert = undef, + Optional[Enum['on', 'off']] $ssl_proxy_check_peer_cn = undef, + Optional[Enum['on', 'off']] $ssl_proxy_check_peer_name = undef, + Optional[Enum['on', 'off']] $ssl_proxy_check_peer_expire = undef, + $ssl_proxy_machine_cert = undef, + $ssl_proxy_cipher_suite = undef, + $ssl_proxy_protocol = undef, + $ssl_options = undef, + $ssl_openssl_conf_cmd = undef, + Boolean $ssl_proxyengine = false, + Optional[Boolean] $ssl_stapling = undef, + $ssl_stapling_timeout = undef, + $ssl_stapling_return_errors = undef, + $priority = undef, + Boolean $default_vhost = false, + $servername = $name, + $serveraliases = [], + $options = ['Indexes','FollowSymLinks','MultiViews'], + $override = ['None'], + $directoryindex = '', + $vhost_name = '*', + $logroot = $::apache::logroot, + Enum['directory', 'absent'] $logroot_ensure = 'directory', + $logroot_mode = undef, + $logroot_owner = undef, + $logroot_group = undef, + $log_level = undef, + Boolean $access_log = true, + $access_log_file = false, + $access_log_pipe = false, + $access_log_syslog = false, + $access_log_format = false, + $access_log_env_var = false, + Optional[Array] $access_logs = undef, + $aliases = undef, + Optional[Variant[Hash, Array[Variant[Array,Hash]]]] $directories = undef, + Boolean $error_log = true, + $error_log_file = undef, + $error_log_pipe = undef, + $error_log_syslog = undef, + Optional[Pattern[/^((Strict|Unsafe)?\s*(\b(Registered|Lenient)Methods)?\s*(\b(Allow0\.9|Require1\.0))?)$/]] $http_protocol_options = undef, + $modsec_audit_log = undef, + $modsec_audit_log_file = undef, + $modsec_audit_log_pipe = undef, + $error_documents = [], + Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]] $fallbackresource = undef, + $scriptalias = undef, + $scriptaliases = [], + $proxy_dest = undef, + $proxy_dest_match = undef, + $proxy_dest_reverse_match = undef, + $proxy_pass = undef, + $proxy_pass_match = undef, + Boolean $proxy_requests = false, + $suphp_addhandler = $::apache::params::suphp_addhandler, + Enum['on', 'off'] $suphp_engine = $::apache::params::suphp_engine, + $suphp_configpath = $::apache::params::suphp_configpath, + $php_flags = {}, + $php_values = {}, + $php_admin_flags = {}, + $php_admin_values = {}, + $no_proxy_uris = [], + $no_proxy_uris_match = [], + $proxy_preserve_host = false, + $proxy_add_headers = undef, + $proxy_error_override = false, + $redirect_source = '/', + $redirect_dest = undef, + $redirect_status = undef, + $redirectmatch_status = undef, + $redirectmatch_regexp = undef, + $redirectmatch_dest = undef, + $headers = undef, + $request_headers = undef, + $filters = undef, + Optional[Array] $rewrites = undef, + $rewrite_base = undef, + $rewrite_rule = undef, + $rewrite_cond = undef, + $rewrite_inherit = false, + $setenv = [], + $setenvif = [], + $setenvifnocase = [], + $block = [], + Enum['absent', 'present'] $ensure = 'present', + $wsgi_application_group = undef, + Optional[Variant[String,Hash]] $wsgi_daemon_process = undef, + Optional[Hash] $wsgi_daemon_process_options = undef, + $wsgi_import_script = undef, + Optional[Hash] $wsgi_import_script_options = undef, + $wsgi_process_group = undef, + Optional[Hash] $wsgi_script_aliases_match = undef, + Optional[Hash] $wsgi_script_aliases = undef, + Optional[Enum['on', 'off', 'On', 'Off']] $wsgi_pass_authorization = undef, + $wsgi_chunked_request = undef, + Optional[String] $custom_fragment = undef, + Optional[Hash] $itk = undef, + $action = undef, + $fastcgi_server = undef, + $fastcgi_socket = undef, + $fastcgi_dir = undef, + $fastcgi_idle_timeout = undef, + $additional_includes = [], + $use_optional_includes = $::apache::use_optional_includes, + $apache_version = $::apache::apache_version, + Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef, + Optional[Pattern[/^[\w-]+ [\w-]+$/]] $suexec_user_group = undef, + + Optional[Boolean] $h2_copy_files = undef, + Optional[Boolean] $h2_direct = undef, + Optional[Boolean] $h2_early_hints = undef, + Optional[Integer] $h2_max_session_streams = undef, + Optional[Boolean] $h2_modern_tls_only = undef, + Optional[Boolean] $h2_push = undef, + Optional[Integer] $h2_push_diary_size = undef, + Array[String] $h2_push_priority = [], + Array[String] $h2_push_resource = [], + Optional[Boolean] $h2_serialize_headers = undef, + Optional[Integer] $h2_stream_max_mem_size = undef, + Optional[Integer] $h2_tls_cool_down_secs = undef, + Optional[Integer] $h2_tls_warm_up_size = undef, + Optional[Boolean] $h2_upgrade = undef, + Optional[Integer] $h2_window_size = undef, + + Optional[Boolean] $passenger_enabled = undef, + Optional[String] $passenger_base_uri = undef, + Optional[Stdlib::Absolutepath] $passenger_ruby = undef, + Optional[Stdlib::Absolutepath] $passenger_python = undef, + Optional[Stdlib::Absolutepath] $passenger_nodejs = undef, + Optional[String] $passenger_meteor_app_settings = undef, + Optional[String] $passenger_app_env = undef, + Optional[Stdlib::Absolutepath] $passenger_app_root = undef, + Optional[String] $passenger_app_group_name = undef, + Optional[Enum['meteor', 'node', 'rack', 'wsgi']] $passenger_app_type = undef, + Optional[String] $passenger_startup_file = undef, + Optional[String] $passenger_restart_dir = undef, + Optional[Enum['direct', 'smart']] $passenger_spawn_method = undef, + Optional[Boolean] $passenger_load_shell_envvars = undef, + Optional[Boolean] $passenger_rolling_restarts = undef, + Optional[Boolean] $passenger_resist_deployment_errors = undef, + Optional[String] $passenger_user = undef, + Optional[String] $passenger_group = undef, + Optional[Boolean] $passenger_friendly_error_pages = undef, + Optional[Integer] $passenger_min_instances = undef, + Optional[Integer] $passenger_max_instances = undef, + Optional[Integer] $passenger_max_preloader_idle_time = undef, + Optional[Integer] $passenger_force_max_concurrent_requests_per_process = undef, + Optional[Integer] $passenger_start_timeout = undef, + Optional[Enum['process', 'thread']] $passenger_concurrency_model = undef, + Optional[Integer] $passenger_thread_count = undef, + Optional[Integer] $passenger_max_requests = undef, + Optional[Integer] $passenger_max_request_time = undef, + Optional[Integer] $passenger_memory_limit = undef, + Optional[Integer] $passenger_stat_throttle_rate = undef, + Optional[Variant[String,Array[String]]] $passenger_pre_start = undef, + Optional[Boolean] $passenger_high_performance = undef, + Optional[Boolean] $passenger_buffer_upload = undef, + Optional[Boolean] $passenger_buffer_response = undef, + Optional[Boolean] $passenger_error_override = undef, + Optional[Integer] $passenger_max_request_queue_size = undef, + Optional[Integer] $passenger_max_request_queue_time = undef, + Optional[Boolean] $passenger_sticky_sessions = undef, + Optional[String] $passenger_sticky_sessions_cookie_name = undef, + Optional[Boolean] $passenger_allow_encoded_slashes = undef, + Optional[Boolean] $passenger_debugger = undef, + Optional[Integer] $passenger_lve_min_uid = undef, + $add_default_charset = undef, + $modsec_disable_vhost = undef, + Optional[Variant[Hash, Array]] $modsec_disable_ids = undef, + $modsec_disable_ips = undef, + Optional[Variant[Hash, Array]] $modsec_disable_msgs = undef, + Optional[Variant[Hash, Array]] $modsec_disable_tags = undef, + $modsec_body_limit = undef, + $jk_mounts = undef, + Boolean $auth_kerb = false, + $krb_method_negotiate = 'on', + $krb_method_k5passwd = 'on', + $krb_authoritative = 'on', + $krb_auth_realms = [], + $krb_5keytab = undef, + $krb_local_user_mapping = undef, + $krb_verify_kdc = 'on', + $krb_servicename = 'HTTP', + $krb_save_credentials = 'off', + Optional[Enum['on', 'off']] $keepalive = undef, + $keepalive_timeout = undef, + $max_keepalive_requests = undef, + $cas_attribute_prefix = undef, + $cas_attribute_delimiter = undef, + $cas_root_proxied_as = undef, + $cas_scrub_request_headers = undef, + $cas_sso_enabled = undef, + $cas_login_url = undef, + $cas_validate_url = undef, + $cas_validate_saml = undef, + Optional[String] $shib_compat_valid_user = undef, + Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']] $use_canonical_name = undef, + Optional[Variant[String,Array[String]]] $comment = undef, + Hash $define = {}, ) { + # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { fail('You must include the apache base class before using any apache defined resources') @@ -178,84 +1864,17 @@ $apache_name = $::apache::apache_name - validate_re($ensure, '^(present|absent)$', - "${ensure} is not supported for ensure. - Allowed values are 'present' and 'absent'.") - validate_re($suphp_engine, '^(on|off)$', - "${suphp_engine} is not supported for suphp_engine. - Allowed values are 'on' and 'off'.") - validate_bool($ip_based) - validate_bool($access_log) - validate_bool($error_log) - if $modsec_audit_log != undef { - validate_bool($modsec_audit_log) - } - validate_bool($ssl) - validate_bool($default_vhost) - validate_bool($ssl_proxyengine) - if $ssl_stapling != undef { - validate_bool($ssl_stapling) - } if $rewrites { - validate_array($rewrites) unless empty($rewrites) { $rewrites_flattened = delete_undef_values(flatten([$rewrites])) - validate_hash($rewrites_flattened[0]) + assert_type(Array[Hash], $rewrites_flattened) } } # Input validation begins - if $suexec_user_group { - validate_re($suexec_user_group, '^[\w-]+ [\w-]+$', - "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") - } - - if $wsgi_pass_authorization { - validate_re(downcase($wsgi_pass_authorization), '^(on|off)$', - "${wsgi_pass_authorization} is not supported for wsgi_pass_authorization. - Allowed values are 'on' and 'off'.") - } - - if $wsgi_chunked_request { - validate_re(downcase($wsgi_chunked_request), '^(on|off)$', - "${wsgi_chunked_request} is not supported for wsgi_chunked_request. - Allowed values are 'on' and 'off'.") - } - - # Deprecated backwards-compatibility - if $rewrite_base { - warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites') - } - if $rewrite_rule { - warning('Apache::Vhost: parameter rewrite_rule is deprecated in favor of rewrites') - } - if $rewrite_cond { - warning('Apache::Vhost parameter rewrite_cond is deprecated in favor of rewrites') - } - - if $wsgi_script_aliases { - validate_hash($wsgi_script_aliases) - } - if $wsgi_script_aliases_match { - validate_hash($wsgi_script_aliases_match) - } - if $wsgi_daemon_process_options { - validate_hash($wsgi_daemon_process_options) - } - if $wsgi_import_script_options { - validate_hash($wsgi_import_script_options) - } - if $itk { - validate_hash($itk) - } - - validate_re($logroot_ensure, '^(directory|absent)$', - "${logroot_ensure} is not supported for logroot_ensure. - Allowed values are 'directory' and 'absent'.") - if $log_level { - validate_apache_log_level($log_level) + apache::validate_apache_log_level($log_level) } if $access_log_file and $access_log_pipe { @@ -270,49 +1889,6 @@ fail("Apache::Vhost[${name}]: 'modsec_audit_log_file' and 'modsec_audit_log_pipe' cannot be defined at the same time") } - if $fallbackresource { - validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")') - } - - if $custom_fragment { - validate_string($custom_fragment) - } - - if $allow_encoded_slashes { - validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") - } - - validate_bool($auth_kerb) - - # Validate the docroot as a string if: - # - $manage_docroot is true - if $manage_docroot { - validate_string($docroot) - } - - if $ssl_proxy_verify { - validate_re($ssl_proxy_verify,'^(none|optional|require|optional_no_ca)$',"${ssl_proxy_verify} is not permitted for ssl_proxy_verify. Allowed values are 'none', 'optional', 'require' or 'optional_no_ca'.") - } - - if $ssl_proxy_check_peer_cn { - validate_re($ssl_proxy_check_peer_cn,'(^on$|^off$)',"${ssl_proxy_check_peer_cn} is not permitted for ssl_proxy_check_peer_cn. Allowed values are 'on' or 'off'.") - } - if $ssl_proxy_check_peer_name { - validate_re($ssl_proxy_check_peer_name,'(^on$|^off$)',"${ssl_proxy_check_peer_name} is not permitted for ssl_proxy_check_peer_name. Allowed values are 'on' or 'off'.") - } - - if $ssl_proxy_check_peer_expire { - validate_re($ssl_proxy_check_peer_expire,'(^on$|^off$)',"${ssl_proxy_check_peer_expire} is not permitted for ssl_proxy_check_peer_expire. Allowed values are 'on' or 'off'.") - } - - if $keepalive { - validate_re($keepalive,'(^on$|^off$)',"${keepalive} is not permitted for keepalive. Allowed values are 'on' or 'off'.") - } - - if $passenger_sticky_sessions { - validate_bool($passenger_sticky_sessions) - } - # Input validation ends if $ssl and $ensure == 'present' { @@ -329,7 +1905,7 @@ include ::apache::mod::vhost_alias } - if $wsgi_daemon_process { + if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { include ::apache::mod::wsgi } @@ -337,7 +1913,7 @@ include ::apache::mod::suexec } - if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_high_performance or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file { + if $passenger_spawn_method or $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_max_requests or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_group or $passenger_high_performance or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file { include ::apache::mod::passenger } @@ -377,13 +1953,10 @@ mode => $logroot_mode, require => Package['httpd'], before => Concat["${priority_real}${filename}.conf"], + notify => Class['Apache::Service'], } } - - # Is apache::mod::passenger enabled (or apache::mod['passenger']) - $passenger_enabled = defined(Apache::Mod['passenger']) - # Is apache::mod::shib enabled (or apache::mod['shib2']) $shibboleth_enabled = defined(Apache::Mod['shib2']) @@ -391,15 +1964,6 @@ $cas_enabled = defined(Apache::Mod['auth_cas']) if $access_log and !$access_logs { - if $access_log_file { - $_logs_dest = "${logroot}/${access_log_file}" - } elsif $access_log_pipe { - $_logs_dest = $access_log_pipe - } elsif $access_log_syslog { - $_logs_dest = $access_log_syslog - } else { - $_logs_dest = undef - } $_access_logs = [{ 'file' => $access_log_file, 'pipe' => $access_log_pipe, @@ -408,14 +1972,16 @@ 'env' => $access_log_env_var }] } elsif $access_logs { - if !is_array($access_logs) { - fail("Apache::Vhost[${name}]: access_logs must be an array of hashes") - } $_access_logs = $access_logs } if $error_log_file { - $error_log_destination = "${logroot}/${error_log_file}" + if $error_log_file =~ /^\// { + # Absolute path provided - don't prepend $logroot + $error_log_destination = $error_log_file + } else { + $error_log_destination = "${logroot}/${error_log_file}" + } } elsif $error_log_pipe { $error_log_destination = $error_log_pipe } elsif $error_log_syslog { @@ -446,10 +2012,11 @@ if $ip { - $_ip = enclose_ipv6($ip) + $_ip = any2array(enclose_ipv6($ip)) if $port { - $listen_addr_port = suffix(any2array($_ip),":${port}") - $nvh_addr_port = suffix(any2array($_ip),":${port}") + $_port = any2array($port) + $listen_addr_port = split(inline_template("<%= @_ip.product(@_port).map {|x| x.join(':') }.join(',')%>"), ',') + $nvh_addr_port = split(inline_template("<%= @_ip.product(@_port).map {|x| x.join(':') }.join(',')%>"), ',') } else { $listen_addr_port = undef $nvh_addr_port = $_ip @@ -460,7 +2027,7 @@ } else { if $port { $listen_addr_port = $port - $nvh_addr_port = "${vhost_name}:${port}" + $nvh_addr_port = prefix(any2array($port),"${vhost_name}:") } else { $listen_addr_port = undef $nvh_addr_port = $name @@ -469,8 +2036,9 @@ } } } + if $add_listen { - if $ip and defined(Apache::Listen["${port}"]) { + if $ip and defined(Apache::Listen[String($port)]) { fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") } if $listen_addr_port and $ensure == 'present' { @@ -491,7 +2059,10 @@ } # Load mod_alias if needed and not yet loaded - if ($scriptalias or $scriptaliases != []) or ($aliases and $aliases != []) or ($redirect_source and $redirect_dest) { + if ($scriptalias or $scriptaliases != []) + or ($aliases and $aliases != []) + or ($redirect_source and $redirect_dest) + or ($redirectmatch_regexp or $redirectmatch_status or $redirectmatch_dest){ if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') { include ::apache::mod::alias } @@ -507,19 +2078,7 @@ } } - # Load mod_passenger if needed and not yet loaded - if $rack_base_uris { - if ! defined(Class['apache::mod::passenger']) { - include ::apache::mod::passenger - } - } - - # Load mod_passenger if needed and not yet loaded - if $passenger_base_uris { - include ::apache::mod::passenger - } - - # Load mod_fastci if needed and not yet loaded + # Load mod_fastcgi if needed and not yet loaded if $fastcgi_server and $fastcgi_socket { if ! defined(Class['apache::mod::fastcgi']) { include ::apache::mod::fastcgi @@ -560,9 +2119,6 @@ ## Create a default directory list if none defined if $directories { - if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) { - fail("Apache::Vhost[${name}]: 'directories' must be either a Hash or an Array of Hashes") - } $_directories = $directories } elsif $docroot { $_directory = { @@ -591,32 +2147,26 @@ ## Create a global LocationMatch if locations aren't defined if $modsec_disable_ids { - if is_hash($modsec_disable_ids) { - $_modsec_disable_ids = $modsec_disable_ids - } elsif is_array($modsec_disable_ids) { + if $modsec_disable_ids =~ Array { $_modsec_disable_ids = { '.*' => $modsec_disable_ids } } else { - fail("Apache::Vhost[${name}]: 'modsec_disable_ids' must be either a Hash of location/IDs or an Array of IDs") + $_modsec_disable_ids = $modsec_disable_ids } } if $modsec_disable_msgs { - if is_hash($modsec_disable_msgs) { - $_modsec_disable_msgs = $modsec_disable_msgs - } elsif is_array($modsec_disable_msgs) { + if $modsec_disable_msgs =~ Array { $_modsec_disable_msgs = { '.*' => $modsec_disable_msgs } } else { - fail("Apache::Vhost[${name}]: 'modsec_disable_msgs' must be either a Hash of location/Msgs or an Array of Msgs") + $_modsec_disable_msgs = $modsec_disable_msgs } } if $modsec_disable_tags { - if is_hash($modsec_disable_tags) { - $_modsec_disable_tags = $modsec_disable_tags - } elsif is_array($modsec_disable_tags) { + if $modsec_disable_tags =~ Array { $_modsec_disable_tags = { '.*' => $modsec_disable_tags } } else { - fail("Apache::Vhost[${name}]: 'modsec_disable_tags' must be either a Hash of location/Tags or an Array of Tags") + $_modsec_disable_tags = $modsec_disable_tags } } @@ -651,9 +2201,13 @@ } # Template uses: + # - $comment # - $nvh_addr_port # - $servername # - $serveradmin + # - $protocols + # - $protocols_honor_order + # - $apache_version concat::fragment { "${name}-apache-header": target => "${priority_real}${filename}.conf", order => 0, @@ -829,7 +2383,7 @@ # - $proxy_preserve_host # - $proxy_add_headers # - $no_proxy_uris - if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match { + if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match or $proxy_preserve_host { concat::fragment { "${name}-proxy": target => "${priority_real}${filename}.conf", order => 160, @@ -838,26 +2392,6 @@ } # Template uses: - # - $rack_base_uris - if $rack_base_uris { - concat::fragment { "${name}-rack": - target => "${priority_real}${filename}.conf", - order => 170, - content => template('apache/vhost/_rack.erb'), - } - } - - # Template uses: - # - $passenger_base_uris - if $passenger_base_uris { - concat::fragment { "${name}-passenger_uris": - target => "${priority_real}${filename}.conf", - order => 175, - content => template('apache/vhost/_passenger_base_uris.erb'), - } - } - - # Template uses: # - $redirect_source # - $redirect_dest # - $redirect_status @@ -954,6 +2488,8 @@ # Template uses: # - $ssl_proxyengine # - $ssl_proxy_verify + # - $ssl_proxy_verify_depth + # - $ssl_proxy_ca_cert # - $ssl_proxy_check_peer_cn # - $ssl_proxy_check_peer_name # - $ssl_proxy_check_peer_expire @@ -1026,6 +2562,9 @@ # - $wsgi_process_group # - $wsgi_script_aliases # - $wsgi_pass_authorization + if $wsgi_daemon_process_options { + deprecation('apache::vhost::wsgi_daemon_process_options', 'This parameter is deprecated. Please add values inside Hash `wsgi_daemon_process`.') + } if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { concat::fragment { "${name}-wsgi": target => "${priority_real}${filename}.conf", @@ -1068,18 +2607,30 @@ } } + if $h2_copy_files != undef or $h2_direct != undef or $h2_early_hints != undef or $h2_max_session_streams != undef or $h2_modern_tls_only != undef or $h2_push != undef or $h2_push_diary_size != undef or $h2_push_priority != [] or $h2_push_resource != [] or $h2_serialize_headers != undef or $h2_stream_max_mem_size != undef or $h2_tls_cool_down_secs != undef or $h2_tls_warm_up_size != undef or $h2_upgrade != undef or $h2_window_size != undef { + include ::apache::mod::http2 + + concat::fragment { "${name}-http2": + target => "${priority_real}${filename}.conf", + order => 300, + content => template('apache/vhost/_http2.erb'), + } + } + # Template uses: + # - $passenger_spawn_method # - $passenger_app_root # - $passenger_app_env # - $passenger_ruby # - $passenger_min_instances + # - $passenger_max_requests # - $passenger_start_timeout - # - $passenger_pre_start # - $passenger_user + # - $passenger_group # - $passenger_nodejs # - $passenger_sticky_sessions # - $passenger_startup_file - if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file{ + if $passenger_spawn_method or $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_user or $passenger_group or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file{ concat::fragment { "${name}-passenger": target => "${priority_real}${filename}.conf", order => 300, @@ -1155,6 +2706,35 @@ } } + # Template uses: + # - $http_protocol_options + if $http_protocol_options { + concat::fragment { "${name}-http_protocol_options": + target => "${priority_real}${filename}.conf", + order => 350, + content => template('apache/vhost/_http_protocol_options.erb'), + } + } + + # Template uses: + # - $shib_compat_valid_user + if $shibboleth_enabled { + concat::fragment { "${name}-shibboleth": + target => "${priority_real}${filename}.conf", + order => 370, + content => template('apache/vhost/_shib.erb'), + } + } + + # - $use_canonical_name + if $use_canonical_name { + concat::fragment { "${name}-use_canonical_name": + target => "${priority_real}${filename}.conf", + order => 360, + content => template('apache/vhost/_use_canonical_name.erb'), + } + } + # Template uses no variables concat::fragment { "${name}-file_footer": target => "${priority_real}${filename}.conf",