summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDanilo Ramalho <dramalho@thoughtworks.com>2015-09-28 17:13:14 -0300
committerBruno Tavares <btavare@thoughtworks.com>2015-10-19 17:48:54 +0000
commitbf7ce40e2fe7e28dab11ee2fb0ae26a50b5fa8bd (patch)
tree49f381e4131456998ea51fc80e8aea5e5cf74e5b
parentfaf9d932ba96ff22c5826e4b7a4dba46c6f6fd4f (diff)
Grant access for vhosts on Apache >= 2.4
Apache's configuration for access control has changed on 2.4. To allow access to served directories we need to include the new directive "Require grant all". We scoped the configuration to only be applied on Apache 2.4. More information can be viewed on the Apache's upgrade document[1]. The tests were changed to ensure that the configuration is working without any extra override, as the extra test vhost is on a custom directory that requires the template to grant access to it. [1] http://httpd.apache.org/docs/trunk/upgrading.html Change-Id: I898ca049c5b3592cb70ad8c22eba8d4c681f3b22 Co-Authored-By: Bruno Tavares <btavare@thoughtworks.com>
Notes
Notes (review): Verified+2: Jenkins Code-Review+2: yolanda.robla <info@ysoft.biz> Workflow+1: yolanda.robla <info@ysoft.biz> Code-Review+2: Joshua Hesketh <joshua.hesketh@rackspace.com> Code-Review+1: Mikhail S Medvedev <mihailmed@gmail.com> Code-Review+1: Clint Adams <clint@gcfm.net> Code-Review+1: Glauco Oliveira <gvinici@thoughtworks.com> Submitted-by: Jenkins Submitted-at: Tue, 20 Oct 2015 08:38:58 +0000 Reviewed-on: https://review.openstack.org/228604 Project: openstack-infra/puppet-httpd Branch: refs/heads/master
-rw-r--r--spec/acceptance/fixtures/default.pp6
-rw-r--r--templates/vhost-default.conf.erb3
-rw-r--r--templates/vhost-proxy.conf.erb3
3 files changed, 6 insertions, 6 deletions
diff --git a/spec/acceptance/fixtures/default.pp b/spec/acceptance/fixtures/default.pp
index ebd192d..5b7ef43 100644
--- a/spec/acceptance/fixtures/default.pp
+++ b/spec/acceptance/fixtures/default.pp
@@ -13,12 +13,6 @@ httpd::vhost { 'localhost':
13# Enable a secondary port to test proxy and redirect modules 13# Enable a secondary port to test proxy and redirect modules
14$override = ' 14$override = '
15Listen 8080 15Listen 8080
16<Directory "/html">
17 Options All
18 AllowOverride All
19 Require all granted
20 Allow from all
21</Directory>
22' 16'
23file { "${::httpd::params::vdir}override.conf": 17file { "${::httpd::params::vdir}override.conf":
24 content => $override, 18 content => $override,
diff --git a/templates/vhost-default.conf.erb b/templates/vhost-default.conf.erb
index fdc8336..f960f79 100644
--- a/templates/vhost-default.conf.erb
+++ b/templates/vhost-default.conf.erb
@@ -18,6 +18,9 @@ NameVirtualHost <%= @vhost_name %>:<%= @port %>
18 Order allow,deny 18 Order allow,deny
19 allow from all 19 allow from all
20 Satisfy any 20 Satisfy any
21 <IfVersion >= 2.4>
22 Require all granted
23 </IfVersion>
21 </Directory> 24 </Directory>
22 ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log 25 ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_error.log
23 LogLevel warn 26 LogLevel warn
diff --git a/templates/vhost-proxy.conf.erb b/templates/vhost-proxy.conf.erb
index 05c6a8a..b40f8b3 100644
--- a/templates/vhost-proxy.conf.erb
+++ b/templates/vhost-proxy.conf.erb
@@ -15,6 +15,9 @@ NameVirtualHost <%= @vhost_name %>:<%= @port %>
15 <Proxy *> 15 <Proxy *>
16 Order deny,allow 16 Order deny,allow
17 Allow from all 17 Allow from all
18 <IfVersion >= 2.4>
19 Require all granted
20 </IfVersion>
18 </Proxy> 21 </Proxy>
19 ProxyPass / <%= @dest %>/ 22 ProxyPass / <%= @dest %>/
20 ProxyPassReverse / <%= @dest %>/ 23 ProxyPassReverse / <%= @dest %>/