cookbook 'apache2', '= 5.2.1'
apache2
(126) Versions
5.2.1
-
-
9.3.4
-
9.3.3
-
9.3.2
-
9.3.1
-
9.3.0
-
9.2.0
-
9.1.1
-
9.1.0
-
9.0.6
-
9.0.5
-
9.0.4
-
9.0.3
-
9.0.2
-
9.0.1
-
9.0.0
-
8.15.10
-
8.15.9
-
8.15.5
-
8.15.4
-
8.15.3
-
8.15.2
-
8.15.1
-
8.15.0
-
8.14.7
-
8.14.6
-
8.14.5
-
8.14.4
-
8.14.3
-
8.14.2
-
8.14.1
-
8.14.0
-
8.13.1
-
8.13.0
-
8.12.0
-
8.11.2
-
8.11.1
-
8.11.0
-
8.10.0
-
8.9.1
-
8.9.0
-
8.8.0
-
8.7.0
-
8.6.0
-
8.5.1
-
8.5.0
-
8.4.0
-
8.3.0
-
8.2.1
-
8.2.0
-
8.1.2
-
8.1.1
-
8.1.0
-
8.0.2
-
8.0.1
-
8.0.0
-
7.1.1
-
7.1.0
-
7.0.0
-
6.0.0
-
5.2.1
-
5.2.0
-
5.0.1
-
5.0.0
-
4.0.0
-
3.3.1
-
3.3.0
-
3.2.2
-
3.2.1
-
3.2.0
-
3.1.0
-
3.0.1
-
3.0.0
-
2.0.0
-
1.11.0
-
1.10.5
-
1.10.4
-
1.10.2
-
1.10.0
-
1.9.6
-
1.9.4
-
1.9.1
-
1.9.0
-
1.8.14
-
1.8.12
-
1.8.10
-
1.8.8
-
1.8.6
-
1.8.4
-
1.8.2
-
1.8.0
-
1.7.0
-
1.6.6
-
1.6.2
-
1.6.0
-
1.5.0
-
1.4.2
-
1.4.0
-
1.3.2
-
1.3.0
-
1.2.0
-
1.1.16
-
1.1.12
-
1.1.10
-
1.1.8
-
1.1.6
-
1.1.4
-
1.1.2
-
1.1.0
-
1.0.8
-
1.0.6
-
1.0.4
-
1.0.2
-
1.0.0
-
0.99.4
-
0.99.3
-
0.99.2
-
0.99.1
-
0.99.0
-
0.12.3
-
0.12.2
-
0.12.1
-
0.12.0
-
0.11.0
-
0.10.1
-
0.10.0
-
0.9.1
Follow661
- 9.3.4
- 9.3.3
- 9.3.2
- 9.3.1
- 9.3.0
- 9.2.0
- 9.1.1
- 9.1.0
- 9.0.6
- 9.0.5
- 9.0.4
- 9.0.3
- 9.0.2
- 9.0.1
- 9.0.0
- 8.15.10
- 8.15.9
- 8.15.5
- 8.15.4
- 8.15.3
- 8.15.2
- 8.15.1
- 8.15.0
- 8.14.7
- 8.14.6
- 8.14.5
- 8.14.4
- 8.14.3
- 8.14.2
- 8.14.1
- 8.14.0
- 8.13.1
- 8.13.0
- 8.12.0
- 8.11.2
- 8.11.1
- 8.11.0
- 8.10.0
- 8.9.1
- 8.9.0
- 8.8.0
- 8.7.0
- 8.6.0
- 8.5.1
- 8.5.0
- 8.4.0
- 8.3.0
- 8.2.1
- 8.2.0
- 8.1.2
- 8.1.1
- 8.1.0
- 8.0.2
- 8.0.1
- 8.0.0
- 7.1.1
- 7.1.0
- 7.0.0
- 6.0.0
- 5.2.1
- 5.2.0
- 5.0.1
- 5.0.0
- 4.0.0
- 3.3.1
- 3.3.0
- 3.2.2
- 3.2.1
- 3.2.0
- 3.1.0
- 3.0.1
- 3.0.0
- 2.0.0
- 1.11.0
- 1.10.5
- 1.10.4
- 1.10.2
- 1.10.0
- 1.9.6
- 1.9.4
- 1.9.1
- 1.9.0
- 1.8.14
- 1.8.12
- 1.8.10
- 1.8.8
- 1.8.6
- 1.8.4
- 1.8.2
- 1.8.0
- 1.7.0
- 1.6.6
- 1.6.2
- 1.6.0
- 1.5.0
- 1.4.2
- 1.4.0
- 1.3.2
- 1.3.0
- 1.2.0
- 1.1.16
- 1.1.12
- 1.1.10
- 1.1.8
- 1.1.6
- 1.1.4
- 1.1.2
- 1.1.0
- 1.0.8
- 1.0.6
- 1.0.4
- 1.0.2
- 1.0.0
- 0.99.4
- 0.99.3
- 0.99.2
- 0.99.1
- 0.99.0
- 0.12.3
- 0.12.2
- 0.12.1
- 0.12.0
- 0.11.0
- 0.10.1
- 0.10.0
- 0.9.1
Installs and configures apache2
cookbook 'apache2', '= 5.2.1', :supermarket
knife supermarket install apache2
knife supermarket download apache2
apache2 Cookbook
This cookbook provides a complete Debian/Ubuntu style Apache HTTPD configuration. Non-Debian based distributions such as Red Hat/CentOS, ArchLinux and others supported by this cookbook will have a configuration that mimics Debian/Ubuntu style as it is easier to manage with Chef.
Debian-style Apache configuration uses scripts to manage modules and sites (vhosts). The scripts are:
- a2ensite
- a2dissite
- a2enmod
- a2dismod
- a2enconf
- a2disconf
This cookbook ships with templates of these scripts for non Debian/Ubuntu platforms. The scripts are used in the Definitions below.
Cookbooks:
This cookbook has no direct external dependencies.
Depending on your OS configuration and security policy, you may need additional recipes or cookbooks for this cookbook's recipes to converge on the node. In particular, the following Operating System settings may affect the behavior of this cookbook:
- apt cache outdated
- SELinux enabled
- firewalls (such as iptables, ufw, etc.)
- Compile tools
- 3rd party repositories
On Ubuntu/Debian, use apt cookbook to ensure the package cache is updated so Chef can install packages, or consider putting apt-get in your bootstrap process or knife bootstrap template
On RHEL, SELinux is enabled by default. The selinux cookbook contains a permissive
recipe that can be used to set SELinux to "Permissive" state. Otherwise, additional recipes need to be created by the user to address SELinux permissions.
To deal with firewalls Chef Software does provide an iptables and ufw cookbook but is migrating from the approach used there to a more robust solution utilizing the general firewall cookbook to setup rules. See those cookbooks' READMEs for documentation.
Build/compile tools may not be installed on the system by default. Some recipes (e.g., apache2::mod_auth_openid
) build the module from source. Use the build-essential cookbook to get essential build packages installed.
On ArchLinux, if you are using the apache2::mod_auth_openid
recipe, you also need the pacman cookbook for the pacman_aur
LWRP. Put recipe[pacman]
on the node's expanded run list (on the node or in a role). This is not an explicit dependency because it is only required for this single recipe and platform; the pacman default recipe performs pacman -Sy
to keep pacman's package cache updated.
Platforms:
The following platforms and versions are tested and supported using test-kitchen
- Amazon Linux 2013.09+
- Ubuntu 14.04 / 16.04
- Debian 8/9
- CentOS 7
- Fedora
- OpenSUSE Leap
Notes for RHEL Family:
On Red Hat Enterprise Linux and derivatives, the EPEL repository may be necessary to install packages used in certain recipes. The apache2::default
recipe, however, does not require any additional repositories. The yum-epel cookbook can be used to add the EPEL repository. See Examples for more information.
Usage
Using this cookbook is relatively straightforward. It is recommended to create a project or organization specific wrapper cookbook and add the desired recipes to the run list of a node, or create a role. Depending on your environment, you may have multiple roles that use different recipes from this cookbook. Adjust any attributes as desired. For example, to create a basic role for web servers that provide both HTTP and HTTPS:
% cat roles/webserver.rb name "webserver" description "Systems that serve HTTP and HTTPS" run_list( "recipe[apache2]", "recipe[apache2::mod_ssl]" ) default_attributes( "apache" => { "listen" => ["*:80", "*:443"] } )
For examples of using the definitions in your own recipes, see their respective sections below.
Attributes
This cookbook uses many attributes, broken up into a few different kinds.
Platform specific
In order to support the broadest number of platforms, several attributes are determined based on the node's platform. See the attributes/default.rb file for default values in the case statement at the top of the file.
-
node['apache']['package']
- Package name for Apache2 -
node['apache']['perl_pkg']
- Package name for Perl -
node['apache']['dir']
- Location for the Apache configuration -
node['apache']['log_dir']
- Location for Apache logs -
node['apache']['error_log']
- Location for the default error log -
node['apache']['access_log']
- Location for the default access log -
node['apache']['user']
- User Apache runs as -
node['apache']['group']
- Group Apache runs as -
node['apache']['binary']
- Apache httpd server daemon -
node['apache']['conf_dir']
- Location for the main config file (e.g apache2.conf or httpd.conf) -
node['apache']['docroot_dir']
- Location for docroot -
node['apache']['cgibin_dir']
- Location for cgi-bin -
node['apache']['icondir']
- Location for icons -
node['apache']['cache_dir']
- Location for cached files used by Apache itself or recipes -
node['apache']['pid_file']
- Location of the PID file for Apache httpd -
node['apache']['lib_dir']
- Location for shared libraries -
node['apache']['default_site_enabled']
- Default site enabled. Default is false. -
node['apache']['ext_status']
- if true, enables ExtendedStatus formod_status
-
node['apache']['locale']
- Locale to set in sysconfig or envvars and used for subprocesses and modules (like mod_dav and mod_wsgi). On debian systems Uses system-local if set to 'system', defaults to 'C'.
General settings
These are general settings used in recipes and templates. Default values are noted.
-
node['apache']['listen']
- Array of address:port combinations that httpd should listen on. Default is any address and port 80 (["*:80"]
). -
node['apache']['contact']
- Value for ServerAdmin directive. Default "ops@example.com". -
node['apache']['timeout']
- Value for the Timeout directive. Default is 300. -
node['apache']['keepalive']
- Value for the KeepAlive directive. Default is On. -
node['apache']['keepaliverequests']
- Value for MaxKeepAliveRequests. Default is 100. -
node['apache']['keepalivetimeout']
- Value for the KeepAliveTimeout directive. Default is 5. -
node['apache']['sysconfig_additional_params']
- Additionals variables set in sysconfig file. Default is empty. -
node['apache']['log_level']
- Value for LogLevel directive. Default is 'warn'. -
node['apache']['default_modules']
- Array of module names. Can take "mod_FOO" or "FOO" as names, where FOO is the apache module, e.g. "mod_status
" or "status
". -
node['apache']['mpm']
- With apache.version 2.4, specifies what Multi-Processing Module to enable. Defaults to platform default, otherwise it is "prefork"
The modules listed in default_modules
will be included as recipes in recipe[apache::default]
.
Prefork attributes
Prefork attributes are used for tuning the Apache HTTPD prefork MPM configuration.
-
node['apache']['prefork']['startservers']
- initial number of server processes to start. Default is 16. -
node['apache']['prefork']['minspareservers']
- minimum number of spare server processes. Default 16. -
node['apache']['prefork']['maxspareservers']
- maximum number of spare server processes. Default 32. -
node['apache']['prefork']['serverlimit']
- upper limit on configurable server processes. Default 256. -
node['apache']['prefork']['maxrequestworkers']
- Maximum number of connections that will be processed simultaneously. Default 256. -
node['apache']['prefork']['maxconnectionsperchild']
- Maximum number of request a child process will handle. Default 10000.
Worker attributes
Worker attributes are used for tuning the Apache HTTPD worker MPM configuration.
-
node['apache']['worker']['startservers']
- Initial number of server processes to start. Default 4 -
node['apache']['worker']['serverlimit']
- Upper limit on configurable server processes. Default 16. -
node['apache']['worker']['minsparethreads']
- Minimum number of spare worker threads. Default 64 -
node['apache']['worker']['maxsparethreads']
- Maximum number of spare worker threads. Default 192. -
node['apache']['worker']['maxrequestworkers']
- Maximum number of simultaneous connections. Default 1024. -
node['apache']['worker']['maxconnectionsperchild']
- Limit on the number of connections that an individual child server will handle during its life.
Event attributes
Event attributes are used for tuning the Apache HTTPD event MPM configuration.
-
node['apache']['event']['startservers']
- Initial number of child server processes created at startup. Default 4. -
node['apache']['event']['serverlimit']
- Upper limit on configurable number of processes. Default 16. -
node['apache']['event']['minsparethreads']
- Minimum number of spare worker threads. Default 64 -
node['apache']['event']['maxsparethreads']
- Maximum number of spare worker threads. Default 192. -
node['apache']['event']['threadlimit']
- Upper limit on the configurable number of threads per child process. Default 192. -
node['apache']['event']['threadsperchild']
- Number of threads created by each child process. Default 64. -
node['apache']['event']['maxrequestworkers']
- Maximum number of connections that will be processed simultaneously. -
node['apache']['event']['maxconnectionsperchild']
- Limit on the number of connections that an individual child server will handle during its life.
Other/Unsupported MPM
To use the cookbook with an unsupported mpm (other than prefork, event or worker):
- set
node['apache']['mpm']
to the name of the module (e.g.itk
) - in your cookbook, after
include_recipe 'apache2'
use theapache_module
definition to enable/disable the required module(s)
Module specific attributes
Some module recipes have their own attributes that can be used to alter and modify the behavior of this cookbook. Please see the sections for the indivual modules below for more information on those attributes.
Recipes
Most of the recipes in the cookbook are for enabling Apache modules. Where additional configuration or behavior is used, it is documented below in more detail.
The following recipes merely enable the specified module: mod_actions
, mod_alias
, mod_auth_basic
, mod_auth_digest
, mod_authn_file
, mod_authnz_ldap
, mod_authz_default
, mod_authz_groupfile
, mod_authz_host
, mod_authz_user
, mod_autoindex
, mod_cgi
, mod_dav_fs
, mod_dav_svn
, mod_deflate
, mod_dir
, mod_env
, mod_expires
, mod_headers
, mod_ldap
, mod_log_config
, mod_mime
, mod_negotiation
, mod_proxy
, mod_proxy_ajp
, mod_proxy_balancer
, mod_proxy_connect
, mod_proxy_http
, mod_python
, mod_rewrite
, mod_setenvif
, mod_status
, mod_wsgi
, mod_xsendfile
.
On RHEL Family distributions, certain modules ship with a config file with the package. The recipes here may delete those configuration files to ensure they don't conflict with the settings from the cookbook, which will use per-module configuration in /etc/httpd/mods-enabled
.
default
The default recipe does a number of things to set up Apache HTTPd. It also includes a number of modules based on the attribute node['apache']['default_modules']
as recipes.
mod_auth_cas
This recipe installs the proper package and enables the auth_cas
module. It can install from source or package. Package is the default, set the attribute node['apache']['mod_auth_cas']['from_source']
to true to enable source installation. Modify the version to install by changing the attribute node['apache']['mod_auth_cas']['source_revision']
. It is a version tag by default, but could be master, or another tag, or branch.
The module configuration is written out with the CASCookiePath
set, otherwise an error loading the module may cause Apache to not start.
Note: This recipe does not work on EL 6 platforms unless epel-testing repository is enabled (outside the scope of this cookbook), or the package version 1.0.8.1-3.el6 or higher is otherwise available to the system due to this bug:
https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=708550
mod_auth_openid
This recipe compiles the module from source. In addition to build-essential
, some other packages are included for installation like the GNU C++ compiler and development headers.
To use the module in your own cookbooks to authenticate systems using OpenIDs, specify an array of OpenIDs that are allowed to authenticate with the attribute node['apache']['allowed_openids']
. Use the following in a vhost to protect with OpenID authentication:
AuthType OpenID require user <%= node['apache']['allowed_openids'].join(' ') %>
AuthOpenIDDBLocation <%= node['apache']['mod_auth_openid']['dblocation'] %>
Change the DBLocation with the attribute as required; this file is in a different location than previous versions, see below. It should be a sane default for most platforms, though, see attributes/mod_auth_openid.rb
.
The following attributes are in the attributes/mod_auth_openid.rb
file.
-
node['apache']['mod_auth_openid']['checksum']
- sha256sum of the tarball containing the source. -
node['apache']['mod_auth_openid']['ref']
- Any sha, tag, or branch found from https://github.com/bmuller/mod_auth_openid -
node['apache']['mod_auth_openid']['version']
- directory name version within the tarball -
node['apache']['mod_auth_openid']['cache_dir']
- the cache directory is where the sqlite3 database is stored. It is separate so it can be managed as a directory resource. -
node['apache']['mod_auth_openid']['dblocation']
- filename of the sqlite3 database used for directiveAuthOpenIDDBLocation
, stored in thecache_dir
by default. -
node['apache']['mod_auth_openid']['configure_flags']
- optional array of configure flags passed to the./configure
step in the compilation of the module.
mod_fastcgi
Install the fastcgi package and enable the module.
Note: In Ubuntu 14.04, the libapache2-mod-fastcgi
module is not available by default due to the Multiverse repositories. You need to enable the multiverse repositories either from /etc/apt/sources.list
or use the apt cookbook.
mod_fcgid
Installs the fcgi package and enables the module. Requires EPEL on RHEL family.
mod_php
Simply installs the appropriate package and enables the module
-
node['apache']['mod_php']['install_method']
- defaultpackage
can be overridden to avoid package installs.
mod_ssl
Besides installing and enabling mod_ssl
, this recipe will append port 443 to the node['apache']['listen']
attributes for all addresses and update the ports.conf.
-
node['apache']['mod_ssl']['cipher_suite']
- sets the SSLCiphersuite value to the specified string. The default is considered "sane" but you may need to change it for your local security policy, e.g. if you have PCI-DSS requirements. Additional commentary on the original pull request. -
node['apache']['mod_ssl']['honor_cipher_order']
- Option to prefer the server's cipher preference order. Default 'On'. -
node['apache']['mod_ssl']['insecure_renegotiation']
- Option to enable support for insecure renegotiation. Default 'Off'. -
node['apache']['mod_ssl']['strict_sni_vhost_check']
- Whether to allow non-SNI clients to access a name-based virtual host. Default 'Off'. -
node['apache']['mod_ssl']['session_cache']
- Configures the OCSP stapling cache. Defaultshmcb:/var/run/apache2/ssl_scache
-
node['apache']['mod_ssl']['session_cache_timeout']
- Number of seconds before an SSL session expires in the Session Cache. Default 300. -
node['apache']['mod_ssl']['compression']
- Enable compression on the SSL level. Default 'Off'. -
node['apache']['mod_ssl']['use_stapling']
- Enable stapling of OCSP responses in the TLS handshake. Default 'Off'. -
node['apache']['mod_ssl']['stapling_responder_timeout']
- Timeout for OCSP stapling queries. Default 5 -
node['apache']['mod_ssl']['stapling_return_responder_errors']
- Pass stapling related OCSP errors on to client. Default 'Off' -
node['apache']['mod_ssl']['stapling_cache']
- Configures the OCSP stapling cache. Defaultshmcb:/var/run/ocsp(128000)
-
node['apache']['mod_ssl']['pass_phrase_dialog']
- Configures SSLPassPhraseDialog. Defaultbuiltin
-
node['apache']['mod_ssl']['mutex']
- Configures SSLMutex. Defaultfile:/var/run/apache2/ssl_mutex
-
node['apache']['mod_ssl']['directives']
- Hash for add any custom directive.
For general information on these attributes see http://httpd.apache.org/docs/current/mod/mod_ssl.html
For more information on these directives and how to best secure your site see
- https://bettercrypto.org/
- https://wiki.mozilla.org/Security/Server_Side_TLS
- https://www.insecure.ws/linux/apache_ssl.html
- https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
- https://istlsfastyet.com/
- https://www.ssllabs.com/projects/best-practices/
Definitions
The cookbook provides a few definitions. At some point in the future these definitions will be refactored into custom resources see issue 414.
apache_conf
Writes conf files to the conf-available
folder, and passes enabled values to apache_config
.
This definition should generally be called over apache_config
.
Parameters:
-
name
- Name of the config placed and enabled or disabled with thea2enconf
ora2disconf
scripts. -
enable
- Default true, which usesa2enconf
to enable the config. If false, the config will be disabled witha2disconf
. -
conf_path
- path to put the config in if you need to override the defaultconf-available
. -
source
- The source configuration template name. The default value isparams[:name].conf.erb
-
cookbook
- The cookbook in which the configuration template is located. The default value is the current cookbook.
Examples:
Place and enable the example conf:
apache_conf 'example' do enable true end
Place and disable (or never enable to begin with) the example conf:
apache_conf 'example' do enable false end
Place the example conf, which has a different path than the default (conf-*):
apache_conf 'example' do conf_path '/random/example/path' enable false end
apache_config (internal)
Sets up configuration file for Apache from a template. The template should be in the same cookbook where the definition is used. This is used by the apache_conf
definition and should not be used directly.
It will use a2enconf
and a2disconf
to control the symlinking of configuration files between conf-available
and conf-enabled
.
Enable or disable an Apache config file in #{node['apache']['dir']}/conf-available
by calling a2enconf
or a2disconf
to manage the symbolic link in #{node['apache']['dir']}/conf-enabled
. These config files should be created in your cookbook, and placed on the system using apache_conf
Parameters:
-
name
- Name of the config enabled or disabled with thea2enconf
ora2disconf
scripts. -
source
- The location of a template file. The defaultname.erb
. -
cookbook
- The cookbook in which the configuration template is located (if it is not located in the current cookbook). The default value is the current cookbook. -
enable
- Default true, which usesa2enconf
to enable the config. If false, the config will be disabled witha2disconf
.
Examples:
Enable the example config.
apache_config 'example' do enable true end
Disable a module:
apache_config 'disabled_example' do enable false end
See the recipes directory for many more examples of apache_config
.
apache_module
Enable or disable an Apache module in #{node['apache']['dir']}/mods-available
by calling a2enmod
or a2dismod
to manage the symbolic link in #{node['apache']['dir']}/mods-enabled
. If the module has a configuration file, a template should be created in the cookbook where the definition is used. See Examples.
Parameters:
-
name
- Name of the module enabled or disabled with thea2enmod
ora2dismod
scripts. -
identifier
- String to identify the module for theLoadModule
directive. Not typically needed, defaults to#{name}_module
-
enable
- Default true, which usesa2enmod
to enable the module. If false, the module will be disabled witha2dismod
. -
conf
- Default false. Set to true if the module has a config file, which will useapache_mod
for the file. -
filename
- specify the full name of the file, e.g.
Examples:
Enable the ssl module, which also has a configuration template in templates/default/mods/ssl.conf.erb
.
apache_module "ssl" do conf true end
Enable the php5 module, which has a different filename than the module default:
apache_module "php5" do filename "libphp5.so" end
Disable a module:
apache_module "disabled_module" do enable false end
See the recipes directory for many more examples of apache_module
.
apache_mod (internal)
Sets up configuration file for an Apache module from a template. The template should be in the same cookbook where the definition is used. This is used by the apache_module
definition and is not often used directly.
This will use a template resource to write the module's configuration file in the mods-available
under the Apache configuration directory (node['apache']['dir']
). This is a platform-dependent location. See apache_module.
Parameters:
-
name
- Name of the template. When used from theapache_module
, it will use the same name as the module.
Examples:
Create #{node['apache']['dir']}/mods-available/alias.conf
.
apache_mod "alias"
apache_site
Enable or disable a VirtualHost in #{node['apache']['dir']}/sites-available
by calling a2ensite or a2dissite to manage the symbolic link in #{node['apache']['dir']}/sites-enabled
.
The template for the site must be managed as a separate resource. To combine the template with enabling a site, see web_app
.
Parameters:
-
name
- Name of the site. -
enable
- Default true, which usesa2ensite
to enable the site. If false, the site will be disabled witha2dissite
.
web_app
Manage a template resource for a VirtualHost site, and enable it with apache_site
. This is commonly done for managing web applications such as Ruby on Rails, PHP or Django, and the default behavior reflects that. However it is flexible.
This definition includes some recipes to make sure the system is configured to have Apache and some sane default modules:
apache2
apache2::mod_rewrite
apache2::mod_deflate
apache2::mod_headers
It will then configure the template (see Parameters and Examples below), and enable or disable the site per the enable
parameter.
Parameters:
Current parameters used by the definition:
-
name
- The name of the site. The template will be written to#{node['apache']['dir']}/sites-available/#{params['name']}.conf
-
cookbook
- Optional. Cookbook where the source template is. If this is not defined, Chef will use the named template in the cookbook where the definition is used. -
template
- Defaultweb_app.conf.erb
, source template file. -
enable
- Default true. Passed to theapache_site
definition.
Additional parameters can be defined when the definition is called in a recipe, see Examples.
Examples:
The recommended way to use the web_app
definition is in a application specific cookbook named "my_app". The following example would look for a template named 'web_app.conf.erb' in your cookbook containing the apache httpd directives defining the VirtualHost
that would serve up "my_app".
web_app "my_app" do template 'web_app.conf.erb' server_name node['my_app']['hostname'] end
All parameters are passed into the template. You can use whatever you like. The apache2 cookbook comes with a web_app.conf.erb
template as an example. The following parameters are used in the template:
-
server_name
- ServerName directive. -
server_aliases
- ServerAlias directive. Must be an array of aliases. -
docroot
- DocumentRoot directive. -
application_name
- Used in RewriteLog directive. Will be set to thename
parameter. -
directory_index
- Allow overriding the default DirectoryIndex setting, optional -
directory_options
- Override Options on the docroot, for example to add parameters like Includes or Indexes, optional. -
allow_override
- Modify the AllowOverride directive on the docroot to support apps that need .htaccess to modify configuration or require authentication.
To use the default web_app, for example:
web_app "my_site" do server_name node['hostname'] server_aliases [node['fqdn'], "my-site.example.com"] docroot "/srv/www/my_site" cookbook 'apache2' end
The parameters specified will be used as:
@params[:server_name]
@params[:server_aliases]
@params[:docroot]
In the template. When you write your own, the @
is significant.
License and Authors
* Author:: Adam Jacob <adam@chef.io> * Author:: Joshua Timberman <joshua@chef.io> * Author:: Bryan McLellan <btm@chef.io> * Author:: Dave Esposito <esposito@espolinux.corpnet.local> * Author:: David Abdemoulaie <github@hobodave.com> * Author:: Edmund Haselwanter <edmund@haselwanter.com> * Author:: Eric Rochester <err8n@virginia.edu> * Author:: Jim Browne <jbrowne@42lines.net> * Author:: Matthew Kent <mkent@magoazul.com> * Author:: Nathen Harvey <nharvey@chef.io> * Author:: Ringo De Smet <ringo.de.smet@amplidata.com> * Author:: Sean OMeara <sean@sean.io> * Author:: Seth Chisamore <schisamo@chef.io> * Author:: Gilles Devaux <gilles@peerpong.com> * Author:: Sander van Zoest <sander+cookbooks@vanzoest.com> * Author:: Taylor Price <tayworm@gmail.com> * Author:: Ben Dean <ben.dean@ontariosystems.com> * Copyright:: 2009-2017, Chef Software, Inc * Copyright:: 2011, Atriso * Copyright:: 2011, CustomInk, LLC. * Copyright:: 2013-2014, OneHealth Solutions, Inc. * Copyright:: 2014, Viverae, Inc. * Copyright:: 2015-2016, Alexander van Zoest * Copyright:: 2015, Ontario Systems, LLC Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
apache2 Cookbook Changelog
This file is used to list changes made in each version of the apache2 cookbook.
v5.2.1 (04-09-2018)
- Revert ports.conf fix (ports.conf that gets installed by package conflicts.
v5.2.0 (26-08-2018)
- Drop Chef 12 support
- Add Danger and CircleCI support
- Move apache binary detection to the helpers file
- Adds apache_service, apache_platform_service_name, apache_dir ,apache_conf_dir helpers
- Update kitchen configuration
- Fix ports.conf location and how its set up (#550, skadz)
- Allow httpd -t timeout to be configurable (#547, skadz)
v5.0.1 (2017-09-01)
- Test using dokken-images in kitchen-dokken
- Fix readme section for mod_php
- Replace the existing testing.md contents with a link to the Chef testing docs
- Fix mod_ldap failing on non-RHEL platforms
- Fix mod_dav_svn to install the correct packages on Debian 8/9
v5.0.0 (2017-07-13)
Breaking changes
- Support for Apache 2.2 has been fully removed so we can focus on providing a solid experience for Apache 2.4 and above. This removes support for RHEL 6, SLES 11, and Debian 7
Other changes
- Fixed openSUSE support in multiple places and added integration testing for openSUSE in Travis
v4.0.0 (2017-07-10)
Breaking changes
- This cookbook now requires Chef 12.1 or later
- Support for Apache 2.2 on FreeBSD has been removed
- Support for Amazon Linux < 2013.09 has been removed
- Support for end of life releases of Fedora (< 24), CentOS (5), Debian (6), Linux Mint (17), and Ubuntu (12.04) have been removed
- Removed the deprecated recipes for mod_authz_default and mod_php5
Other changes
- Switched many package resources to Chef 12+ multipackage style to speed up Chef converges and reduce log clutter
- mod_cache is now enabled when using mod_cache_disk and mod_cache_socache
- The mod_cloudflare recipe now sets up the Apt repo with https
- Improved support for Amazon Linux on Chef 13 and added Test Kitchen amazon testing
- Improved support for Debian and RHEL derivative platforms
- Improved Fedora support in multiple modules
- Improved error logging for unsupported platforms in the mod_negotiation and mod_unixd recipes
- Switched from Rake for testing to Delivery local mode
- Setup integration testing with kitchen-dokken for core platforms in Travis so that every PR is now fully tested
- Removed the EC2 and Docker kitchen files now that we have kitchen-dokken setup
- Removed apt, pacman, yum, and zypper from the Berksfile as they're no longer needed for testing
- Removed testing dependencies from the Gemfile as we're testing using ChefDK
- Added integration testing for new Debian releases
v3.3.1 (2017-07-06)
- [GH-489] Fix OpenSuse service guard
v3.3.0 (2017-04-11)
- [GH-478] Added support for the amazon platform_family, outside of RHEL
- [GH-474] Update Berksfile to allow fetching of newer
- [GH-473] Update copyright header format
- [GH-472] foodcritic: add sous-chefs rules
- add CODE_OF_CONDUCT
- [GH-471] FCGI paths should not be messed with on RHEL/CentOS 7. CentOS 7 (and recent Fedoras) have Apache 2.4, where FCGI socket path and shared memory path is managed adequately without further involvement necessary (subdirectory is created under /var/run/httpd).
- [GH-470] Remove support for EOL Fedora < 18 / FreeBSD 9
- [GH-465] Testing updates
- [GH-469] Use the default cookbook style rules
- [GH-460] ServerSpec to InSpec migration
- [GH-461] Update comment header format & other Cookstyle fixes
- [GH-454] Test in Travis with Chef-DK and a Rakefile
- [GH-455] openSUSE Leap has it's own platform name
- [GH-279] leave stubs for rhel family
conf.d
files to avoid conflicts on package upgrade; no longer removeconf.d
, just don't use it - [GH-427] Add option to configure custom log level
- [GH-450] Ensure the lock_dir is owned by www-data for Apache 2.2 and 2.4 on Debian/Ubuntu
- Remove mod_auth_openid tests, as it is not part of the ASF release and plan to drop support for it and right now it is failing our tests
- [GH-440] Update default values in
apache.prefork
section of README - [GH-443] fixed typo in copyright year
- Test on the latest chef with chef-zero
- Update supported platforms to Ubuntu 16.04, Debian 8.4, CentOS 7.2; deprecating Ubuntu 12.04
- [GH-422] Fix uniq for nil:NilClass error introduced in 3.2.2
- [GH-423] allow for apache 2.4 usage on RHEL < 7.0
- Cookbook is now part of the sous-chefs, but still maintained by the same folks
- mod_perl: No longer install libapache2-mpm-prefork
- mod_php: renamed mod_php5 to more generic mod_php; using php 7.0 where available
v3.2.2 (2016-04-13)
- [GH-420] Allow auto-conversion if either of
apache.listen_ports
orapache.listen_addresses
are set rather than '&&'. This ensures conversion occurs if only one of the two is set.
v3.2.1 (2016-04-11)
- [GH-225] notify
restart
instead ofreload
service onapache_conf
,apache_config
- Update to foodcritic 6
v3.2.0 (2016-03-26)
- [GH-378] Deprecates
apache.listen_addresses
andapache.listen_ports
in favor of [GH-409] - [GH-409]
apache.listen
now accepts an array ofaddr:port
strings - [GH-358] FreeBSD: Update 10.1 support; Adds php 5.6 in collaboration with chef-cookbooks/php#119
- [GH-394] Have
apache.prefork.serverlimit
set ServerLimit directive on 2.4 - [GH-363] Escape '.' in regex for .htaccess/.htpasswd files
- [GH-365] Force log directory creation to be recursive
- [GH-368] Change the service creation to use the
apache.service_name
attribute throughout - [GH-374] Make metadata.rb compatible with chef versions < 12.
- [GH-382] Fixed typo in node['platform_family'] for NameError in
mod_proxy_html
- [GH-369] README: Added on Ubuntu
mod_fastcgi
requiresmultiverse
apt repository to enabled. - [GH-381] README: Add missing backtick
- [GH-384] README: Fix names for a2enconf and a2disconf
- [GH-393] README: mention availability of
mod_actions
support - [GH-383] Debian: Add possibility to use other releases via
apache.default_release
- [GH-377] Restart service when including
mod_headers
to allow healing of failed service because of missing directives. - [GH-416] Change the default of
apache.mod_fastcgi.install_method
to 'package' all platforms, assource
is no longer available. - [GH-401] Move
mod_deflate
toapache.default_modules
and no longer force installation ondebian
families. - [GH-386] Do not install an extra mod_ssl package on SUSE Linux Enterprise
- [GH-335] Do not hardcoded reload/restart on more modern rhel platforms, allowing systemd on CentOS 7
- [GH-375] Install package
mod_ldap
on CentOS 7 (triggered byapache.version
== 2.4) - Update
apache.mod_ssl.cipher_suite
to latest from https://bettercrypto.org/ - README: Re-organize README to make it easier to find usage and remove old references.
-
Added new standard and missing modules (Note: these may not be available natively on all operating systems)
- mod_http2 - Support for the HTTP/2 transport layer. (available since 2.4.17)
- mod_authnz_fcgi - Enable FastCGI authorizer applications to authenticate and/or authorize clients. (available since 2.4.10)
- mod_cern_meta - CERN httpd metafile semantics
- mod_ident - RFC 1413 ident lookups
- mod_privileges - Support for Solaris privileges and for running virtual hosts under different user IDs.
- mod_socache_dc - Distcache based shared object cache provider.
- mod_version - Version dependent configuration
- mod_watchdog - Provides infrastructure for other modules to periodically run tasks
v3.1.0 (2015-05-25)
- [GH-315] Fix
apache.default_site_name
.conf extension references to ensure deletion - [GH-258] Use
apache.default_site_name
for consistency, minimize hardcoding of filenames - [GH-259] Add
&& sleep 1
to end of apache restart command on rhel-based systems using apache2.2 - [GH-271] Remove FreeBSD 9.x, Red Hat and CentOS 5.x and OpenSUSE 11.x Series from tests and focus on newer releases
- [GH-276] Add psych gem to development gems
- [GH-293] Add
apache.mod_fastcgi.install_method
flag to allow install of mod_fastcgi from source (even on Debian family) - [GH-285] Made
apache.devel_package
configurable based on platform, including support for Amazon Linux. - [GH-316] Update Opscode references to Chef
- [GH-318] Apply default recipe in all definitions
- [GH-320] Add attribute to adjust
apache.default_site_port
- [GH-321] Fix issue with default_site name in not_if guards
- [GH-322] Add
apache.mod_ssl.pkg_name
to allow custom mod_ssl package names. Set defaults for supported platforms including Amazon Linux - [GH-323] Don't create the default site configuration file in
sites-available
unless it is enabled. - [GH-324] Add
apache.mod_ssl.port
to set the default ssl port to something other than 443 - [GH-328] Add the ability to pass in a pipe as to log
- [GH-332]
SSLStrictSNIVHostCheck
is only written to config if enabled to avoid breaking apache prior to 2.2.12. - [GH-334] Removed
iptables
,god-monitor
, andlogrotate
recipes to avoid having external dependencies. These services should be managed in a wrapper cookbook going forward. - [GH-339] Allow custom names for php so_filename (
node['apache']['mod_php5']['so_filename']
)
v3.0.1 (2015-02-11)
- [GH-310] Ubuntu Apache 2.2 requires the lock_dir to be owned by www-data
- [GH-309] Clarify that apache.version is a string
- [GH-305] Restart service after MPM changes
- [GH-304] Don't install systemd module on Amazon Linux
- [GH-298] Add non-threaded MPM break notice for PHP users
- [GH-296] Create lock_dir automatically
v3.0.0 (2014-11-30)
Major version update because of SSL Improvements and new platform MPM and Version defaults.
- [GH-286] Refactor MPM and Apache version defaults: default is now apache 2.4
- Note: set
apache.mpm
toprefork
if you are usingmod_php
in Ubuntu >=14.04 - [GH-281] mod_ssl: Disable SSLv3 by default to protect against POODLE attack (CVE-2014-3566)
-
[GH-280] mod_ssl: Major update with modern Cipher Suite, and best practices. Updated to a more modern default
apache.mod_ssl.cipher_suite
. Added the following additional mod_ssl attributesapache.mod_ssl.honor_cipher_order
apache.mod_ssl.insecure_renegotiation
apache.mod_ssl.strict_sni_vhost_check
apache.mod_ssl.session_cache_timeout
apache.mod_ssl.compression
apache.mod_ssl.use_stapling
apache.mod_ssl.stapling_responder_timeout
apache.mod_ssl.stapling_return_responder_errors
apache.mod_ssl.stapling_cache
apache.mod_ssl.pass_phrase_dialog
apache.mod_ssl.mutex
apache.mod_ssl.directives
[GH-278] Improved chefspec tests execution time
[GH-277] Optimize files watching for Guard on Win32 platform
[GH-270] Don't attempt start until after configuration is written
[GH-268] Now uses chefspec 4.1
[GH-267] Use Supermarket as the Berkshelf 3 source
[GH-266] Rubocop based ruby style/syntax improvements
[GH-264] mod_ssl: Add new attribute for to be ready to any custom directive
[GH-249] Don't prepend Apache log path when requesting error logging to syslog
[GH-247] Explicitly include mod_ldap before mod_authnz_ldap
[GH-243] Expand mpm options for different distros/versions.
[GH-239] Added
apache.mod_php5.install_method
attribute defaults topackage
. Install packages unless PHP is compiled from source.OneHealth Solutions was acquired by Viverae
Remove ArchLinux pacman as a dependency and handle similar to apt, yum, zypper
Adjust ubuntu apache 2.4 docroot_dir to match package (from /var/www to /var/www/html)
[GH-238] Bump service config syntax check guard timeout to 10 seconds
[GH-235] Removed
apache2::mpm_itk
which is not part of core and therefore should be its own cookbook[GH-234] /var/run/httpd/mod_fcgid directory now belongs to apache on Fedora/RHEL systems.
[GH-233] Default web_app template should return 503 status code when maintenance file is present
[GH-232] Cookbook now deletes a2* if they are symlinks before dropping template versions
[GH-222] Set TraceEnable to off by default.
[GH-213] Adjust chefspec to use the package resource on FreeBSD (previously freebsd_package)
[GH-212] New attribute apache.locale which sets LANG. defaults to 'C'
[GH-210] Clarify web_app definition usage around configuration templates.
[GH-208]
apache_conf
now acceptssource
andcookbook
parameters.
v2.0.0 (2014-08-06)
Major version update because of major overhaul to support Apache 2.4 and a2enconf and a2endisconf changes.
- [GH-204] mod_auth_openid: Added
apache.mod_auth_openid.version
attribute - FreeBSD support has been improved with the release of chef 11.14.2, portsnap is no longer used in favor of pkgng.
- [GH-157] - Apache will only be started when a configuration test passes, this allows the chef run to fix any broken configuration without failing the chef run.
-
apache.log_dir
directory is now 0755 on all platforms (including the debian platform family) - [GH-166, GH-173] -
conf.d
is no longer used and replaced byconf-available
andconf-enabled
managed via thea2enconf
anda2disconf
scripts - [GH-166, GH-173] - All configuration files need to end in
.conf
for them to be loaded - [GH-173] - Perl is a required package on all platforms to support the a2* scripts as we now use the debian versions directly.
- [GH-193] - per MPM settings:
maxclients
is nowmaxrequestworkers
- [GH-194] - per MPM settings:
maxrequestsperchild
is nowmaxconnectionsperchild
- [GH-161] - Added support for CentOS 7
- [GH-180] - Improved SuSE support
-
[GH-100] - Apache HTTP 2.4 support This provides Apache 2.4 support in a backwards compatible way. It adds the following new attributes:
-
apache.version
- This defaults to2.2
and if changed to2.4
; it triggers and assumes 2.4 packages will be installed. -
apache.mpm
- In 2.4 mode, this specifies which mpm to install. Default isprefork
. apache.run_dir
apache.lock_dir
-
apache.libexec_dir
replacesapache.libexecdir
-
apache.prefork.maxrequestworkers
replacesapache.prefork.maxclients
-
apache.prefork.maxconnectionsperchild
replacesapache.prefork.maxrequestsperchild
apache.worker.threadlimit
-
apache.worker.maxrequestworkers
replacesapache.worker.maxclients
-
apache.worker.maxconnectionsperchild
replacesapache.worker.maxrequestsperchild
apache.event.startservers
apache.event.serverlimit
apache.event.minsparethreads
apache.event.maxsparethreads
apache.event.threadlimit
apache.event.threadsperchild
apache.event.maxrequestworkers
apache.event.maxconnectionsperchild
apache.itk.startservers
apache.itk.minspareservers
apache.itk.maxspareservers
apache.itk.maxrequestworkers
apache.itk.maxconnectionsperchild
-
Apache 2.4 Upgrade Notes:
Since the changes between apache 2.2 and apache 2.4 are pretty significant, we are unable to account for all changes needed for your upgrade. Please take a moment to familiarize yourself with the Apache Software Foundation provided upgrade documentation before attempting to use this cookbook with apache 2.4. See http://httpd.apache.org/docs/current/upgrading.html
- This cookbook does not automatically specify which version of apache to install. We are at the mercy of the
package
provider. It is important, however, to make sure that you configure theapache.version
attribute to match. For your convenience, we try to set reasonable defaults based on different platforms in our test suite. -
mod_proxy
- In 2.4 mode,apache.proxy.order
,apache.proxy.deny_from
,apache.proxy.allow_from
are ignored, as the attributes can not be supported in a backwards compatible way. Please useapache.proxy.require
instead.
v1.11.0 (2014-07-25)
- [GH-152] - Checking if server_aliases is defined in example
- [GH-106] - Only turn rewrite on once in web_app.conf.erb
- [GH-156] - Correct mod_basic/digest recipe names in README
- Recipe iptables now includes the iptables::default recipe
- Upgrade test-kitchen to latest version
- Replaced minitest integration tests with serverspec tests
- Added chefspec tests
v1.10.4 (2014-04-23)
- [COOK-4249] mod_proxy_http requires mod_proxy
v1.10.2 (2014-04-09)
- [COOK-4490] - Fix minitest
apache_configured_ports
helper - [COOK-4491] - Fix minitest: escape regex interpolation
- [COOK-4492] - Fix service[apache2] CHEF-3694 duplication
- [COOK-4493] - Fix template[ports.conf] CHEF-3694 duplication
As of 2014-04-04 and per Community Cookbook Diversification this cookbook now maintained by OneHealth Solutions. Please be patient as we get into the swing of things.
v1.10.0 (2014-03-28)
- [COOK-3990] - Fix minitest failures on EL5
- [COOK-4416] - Support the ability to point to local apache configs
- [COOK-4469] - Use reload instead of restart on RHEL
v1.9.6 (2014-02-28)
[COOK-4391] - uncommenting the PIDFILE line
v1.9.4 (2014-02-27)
Bumping version for toolchain
v1.9.1 (2014-02-27)
[COOK-4348] Allow arbitrary params in sysconfig
v1.9.0 (2014-02-21)
Improvement
- COOK-4076 - foodcritic: dependencies are not defined properly
- COOK-2572 - Add mod_pagespeed recipe to apache2
Bug
- COOK-4043 - apache2 cookbook does not depend on 'iptables'
- COOK-3919 - Move the default pidfile for apache2 on Ubuntu 13.10 or greater
- COOK-3863 - Add recipe for mod_jk
- COOK-3804 - Fix incorrect datatype for apache/default_modules, use recipes option in metadata
- COOK-3800 - Cannot load modules that use non-standard module identifiers
- COOK-1689 - The perl package name should be configurable
v1.8.14
Version bump for toolchain sanity
v1.8.12
Fixing various style issues for travis
v1.8.10
fixing metadata version error. locking to 3.0"
v1.8.8
Version bump for toolchain sanity
v1.8.6
Locking yum dependency to '< 3'
v1.8.4
Bug
-
COOK-3769 - Fix a critical bug where the
apache_module
could not enable modules
v1.8.2
Bug
-
COOK-3766 - Fix an issue where the
mod_ssl
recipe fails due to a missing attribute
v1.8.0
Bug
- COOK-3680 - Update template paths
- COOK-3570 - Apache cookbook breaks on RHEL / CentOS 6
- COOK-2944 - Fix foodcritic failures
- COOK-2893 - Improve mod_auth_openid recipe with guards and idempotency
- COOK-2758 - Fix use of non-existent attribute
New Feature
- COOK-3665 - Add recipe for mod_userdir
- COOK-3646 - Add recipe for mod_cloudflare
- COOK-3213 - Add recipe for mod_info
Improvement
- COOK-3656 - Parameterize apache2 binary
- COOK-3562 - Allow mod_proxy settings to be configured as attributes
- COOK-3326 - Fix default_test to use ServerTokens attribute
- COOK-2635 - Add support for SVG mime types
- COOK-2598 - FastCGI Module only works on Debian-based platforms
- COOK-1984 - Add option to configure the address apache listens to
v1.7.0
Improvement
- [COOK-3073]: make access.log location configurable per-platform
- [COOK-3074]: don't hardcode the error.log location in the default site config
- [COOK-3268]: don't hardcode DocumentRoot and cgi-bin locations in
default_site
New Feature
- [COOK-3184]: Add
mod_filter
recipe to Apache2-cookbook - [COOK-3236]: Add
mod_action
recipe to Apache2-cookbook
v1.6.6
1.6.4 had a missed step in the automated release, long live 1.6.6.
Bug
- [COOK-3018]: apache2_module does duplicate delayed restart of apache2 service when conf = true
- [COOK-3027]: Default site enable true, then false, does not disable default site
- [COOK-3109]: fix apache lib_dir arch attribute regexp
v1.6.2
- [COOK-2535] -
mod_auth_openid
requires libtool to run autogen.sh - [COOK-2667] - Typo in usage documentation
- [COOK-2461] -
apache2::mod_auth_openid
fails on some ubuntu systems - [COOK-2720] - Apache2 minitest helper function
ran_recipe
is not portable
v1.6.0
- [COOK-2372] - apache2 mpm_worker: add ServerLimit attribute (default to 16)
v1.5.0
The mod_auth_openid
attributes are changed. The upstream maintainer deprecated the older release versions, and the source repository has releases available at specific SHA1SUM references. The new attribute, node['apache']['mod_auth_openid']['ref']
is used to set this.
- [COOK-2198] -
apache::mod_auth_openid
compiles from source, but does not install make on debian/ubuntu - [COOK-2224] - version conflict between cucumber and other gems
- [COOK-2248] -
apache2::mod_php5
usesnot_if
"which php" without ensuring package 'which' is installed - [COOK-2269] - Set allow list for mod_status incase external monitor scripts need
- [COOK-2276] - cookbook apache2 documentation regarding listening ports doesn't match default attributes
- [COOK-2296] -
mod_auth_openid
doesn't have tags/releases for the version I need for features and fixes - [COOK-2323] - Add Oracle linux support
v1.4.2
- [COOK-1721] - fix logrotate recipe
v1.4.0
- [COOK-1456] - iptables enhancements
- [COOK-1473] - apache2 does not disable default site when setting "
default_site_enabled
" back to false - [COOK-1824] - the apache2 cookbook needs to specify which binary is used on rhel platform
- [COOK-1916] - Download location wrong for apache2
mod_auth_openid
>= 0.7 - [COOK-1917] - Improve
mod_auth_openid
recipe to handle module upgrade more gracefully - [COOK-2029] - apache2 restarts on every run on RHEL and friends, generate-module-list on every run.
- [COOK-2036] - apache2: Cookbook style
v1.3.2
- [COOK-1804] - fix
web_app
definition parameter so site can be disabled.
v1.3.0
- [COOK-1738] - Better configuration for
mod_include
and some overrides inweb_app
definition - [COOK-1470] - Change SSL Ciphers to Mitigate BEAST attack
v1.2.0
- [COOK-692] - delete package conf.d files in module recipes, for EL
- [COOK-1693] - Foodcritic finding for unnecessary string interpolation
- [COOK-1757] - platform_family and better style / usage practices
v1.1.16
re-releasing as .16 due to error on tag 1.1.14
- [COOK-1466] - add
mod_auth_cas
recipe - [COOK-1609] - apache2 changes ports.conf twice per run when using apache2::mod_ssl
v1.1.12
- [COOK-1436] - restore apache2 web_app definition
- [COOK-1356] - allow ExtendedStatus via attribute
- [COOK-1403] - add mod_fastcgi recipe
v1.1.10
- [COOK-1315] - allow the default site to not be enabled
- [COOK-1328] - cookbook tests (minitest, cucumber)
v1.1.8
- Some platforms with minimal installations that don't have perl won't have a
node['languages']['perl']
attribute, so remove the conditional and rely on the power of idempotence in the package resource. - [COOK-1214] - address foodcritic warnings
- [COOK-1180] - add
mod_logio
and fixmod_proxy
v1.1.6
FreeBSD users: This release requires the freebsd
cookbook. See README.md.
- [COOK-1025] - freebsd support in mod_php5 recipe
v1.1.4
- [COOK-1100] - support amazon linux
v1.1.2
- [COOK-996] - apache2::mod_php5 can cause PHP and module API mismatches
- [COOK-1083] - return string for v_f_p and use correct value for default
v1.1.0
- [COOK-861] - Add
mod_perl
and apreq2 - [COOK-941] - fix
mod_auth_openid
on FreeBSD - [COOK-1021] - add a commented-out LoadModule directive to keep apxs happy
- [COOK-1022] - consistency for icondir attribute
- [COOK-1023] - fix platform test for attributes
- [COOK-1024] - fix a2enmod script so it runs cleanly on !bash
- [COOK-1026] - fix
error_log
location on FreeBSD
v1.0.8
- COOK-548 - directory resource doesn't have backup parameter
v1.0.6
- COOK-915 - update to
mod_auth_openid
version 0.6, see Recipes/mod_auth_openid below. - COOK-548 - Add support for FreeBSD.
v1.0.4
- COOK-859 - don't hardcode module paths
v1.0.2
- Tickets resolved in this release: COOK-788, COOK-782, COOK-780
v1.0.0
- Red Hat family support is greatly improved, all recipes except
god_monitor
converge. - Recipe
mod_auth_openid
now works on RHEL family distros - Recipe
mod_php5
will now remove config from package on RHEL family so it doesn't conflict with the cookbook's. - Added
php5.conf.erb
template formod_php5
recipe. - Create the run state directory for
mod_fcgid
to prevent a startup error on RHEL version 6. - New attribute
node['apache']['lib_dir']
to handle lib vs lib64 on RHEL family distributions. - New attribute
node['apache']['group']
. - Scientific Linux support added.
- Use a file resource instead of the generate-module-list executed perl script on RHEL family.
- "default" site can now be disabled.
- web_app now has an "enable" parameter.
- Support for dav_fs apache module.
- Tickets resolved in this release: COOK-754, COOK-753, COOK-665, COOK-624, COOK-579, COOK-519, COOK-518
- Fix node references in template for a2dissite
- Use proper user and group attributes on files and templates.
- Replace the anemic README.rdoc with this new and improved superpowered README.md :).
Collaborator Number Metric
5.2.1 passed this metric
Contributing File Metric
5.2.1 passed this metric
Foodcritic Metric
5.2.1 failed this metric
FC009: Resource attribute not recognised: apache2/recipes/default.rb:21
Run with Foodcritic Version 14.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
5.2.1 passed this metric
Testing File Metric
5.2.1 passed this metric
Version Tag Metric
5.2.1 passed this metric
5.2.1 passed this metric
5.2.1 passed this metric
Foodcritic Metric
5.2.1 failed this metric
FC009: Resource attribute not recognised: apache2/recipes/default.rb:21
Run with Foodcritic Version 14.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
5.2.1 passed this metric
Testing File Metric
5.2.1 passed this metric
Version Tag Metric
5.2.1 passed this metric
5.2.1 failed this metric
Run with Foodcritic Version 14.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
5.2.1 passed this metric
Testing File Metric
5.2.1 passed this metric
Version Tag Metric
5.2.1 passed this metric
5.2.1 passed this metric
5.2.1 passed this metric