From 0ae79e0106746475d72cedef72486d677f70f708 Mon Sep 17 00:00:00 2001 From: Yolanda Robla Date: Tue, 12 May 2015 19:31:16 +0200 Subject: [PATCH] New Updated config for CentOS 7 and Apache 2.4 This patch takes the original which was reverted and adds mod_version which is needed to parse IfVersion if on a Debian system. When using puppet-cgit under CentOS 7, apache fails because the config file is not working in Apache 2.4 version. Also, as CentOS 7 is starting apache on systemd, it needs to load the systemd apache config under conf.modules.d. Original Patch: I7e0d51ee176c4f27721c16afeaae120eb8edf7ab Change-Id: If3acc672ccd85b5704a2120379b60cb95528b7f7 Co-Authored-By: Yolanda Robla Co-Authored-By: Nicola Heald --- manifests/init.pp | 14 ++++++++++ templates/httpd.conf.erb | 56 ++++++++++++++++++++++++++++++++++++---- templates/ssl.conf.erb | 2 ++ 3 files changed, 67 insertions(+), 5 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 71ef8bc..13dd288 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -165,6 +165,20 @@ class cgit( notify => Service['httpd'], } + if ($::osfamily == 'Debian') { + # httpd_mod is not supported on Centos and mod_version is installed + # by default there so this is not necessary unless on Debian. + httpd_mod { 'version': + ensure => present, + } + } + + if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7') { + package { 'mod_ldap': + ensure => present, + } + } + file { $cgitdir: ensure => directory, owner => 'root', diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 3a82363..104bdb8 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -140,19 +140,38 @@ Listen <%= scope.lookupvar("cgit::http_port") %> # Example: # LoadModule foo_module modules/mod_foo.so # +# The version_module has to be available for IfVersion to be parsed, +# so breaking alphabetical order and loading it first + +LoadModule version_module modules/mod_version.so + LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule authn_file_module modules/mod_authn_file.so +LoadModule cache_module modules/mod_cache.so += 2.4> +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule authz_core_module modules/mod_authz_host.so +LoadModule cache_disk_module modules/mod_cache_disk.so +LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so +LoadModule slotmem_shm_module modules/mod_slotmem_shm.so +LoadModule unixd_module modules/mod_unixd.so + + LoadModule authn_alias_module modules/mod_authn_alias.so +LoadModule authn_default_module modules/mod_authn_default.so +LoadModule authz_default_module modules/mod_authz_default.so +LoadModule disk_cache_module modules/mod_disk_cache.so + LoadModule authn_anon_module modules/mod_authn_anon.so LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_default_module modules/mod_authn_default.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_default_module modules/mod_authz_default.so LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LoadModule include_module modules/mod_include.so @@ -187,11 +206,8 @@ LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule cache_module modules/mod_cache.so LoadModule suexec_module modules/mod_suexec.so -LoadModule disk_cache_module modules/mod_disk_cache.so LoadModule cgi_module modules/mod_cgi.so -LoadModule version_module modules/mod_version.so # # The following modules are not loaded by default: @@ -213,6 +229,10 @@ LoadModule version_module modules/mod_version.so # Include conf.d/*.conf +<% if @operatingsystem == 'CentOS' && @operatingsystemmajrelease.to_i >= 7 -%> +Include conf.modules.d/*.conf +<% end -%> + # # ExtendedStatus controls whether Apache will generate "full" status # information (ExtendedStatus On) or just basic information (ExtendedStatus @@ -333,8 +353,13 @@ DocumentRoot "/var/www/html" # # Controls who can get stuff from this server. # += 2.4> + Require all granted + + Order allow,deny Allow from all + @@ -406,9 +431,14 @@ AccessFileName .htaccess # viewed by Web clients. # + = 2.4> + Require all denied + + Order allow,deny Deny from all Satisfy All + # @@ -546,8 +576,13 @@ Alias /icons/ "/var/www/icons/" Options Indexes MultiViews FollowSymLinks AllowOverride None + = 2.4> + Require all granted + + Order allow,deny Allow from all + # @@ -575,8 +610,13 @@ ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" AllowOverride None Options None + = 2.4> + Require all granted + + Order allow,deny Allow from all + # @@ -854,8 +894,14 @@ Alias /error/ "/var/www/error/" Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var + = 2.4> + Require all granted + + Order allow,deny Allow from all + + LanguagePriority en es de fr ForceLanguagePriority Prefer Fallback diff --git a/templates/ssl.conf.erb b/templates/ssl.conf.erb index b3a88e9..fb38b95 100644 --- a/templates/ssl.conf.erb +++ b/templates/ssl.conf.erb @@ -39,7 +39,9 @@ SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. + SSLMutex default + # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the