diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp
index 083f1bccd3..68bf56ac53 100644
--- a/manifests/default_mods.pp
+++ b/manifests/default_mods.pp
@@ -157,8 +157,7 @@
}
include apache::mod::authz_user
-
- ::apache::mod { 'authz_groupfile': }
+ include apache::mod::authz_groupfile
include apache::mod::env
} elsif $mods {
::apache::default_mods::load { $mods: }
diff --git a/manifests/mod/authz_groupfile.pp b/manifests/mod/authz_groupfile.pp
new file mode 100644
index 0000000000..6e8d81aae1
--- /dev/null
+++ b/manifests/mod/authz_groupfile.pp
@@ -0,0 +1,9 @@
+# @summary
+# Installs `mod_authz_groupfile`
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_authz_user.html for additional documentation.
+#
+class apache::mod::authz_groupfile {
+ include apache
+ apache::mod { 'authz_groupfile': }
+}
diff --git a/manifests/mod/proxy_ajp.pp b/manifests/mod/proxy_ajp.pp
index ff14f0a0b4..66b520c397 100644
--- a/manifests/mod/proxy_ajp.pp
+++ b/manifests/mod/proxy_ajp.pp
@@ -4,6 +4,6 @@
# @see https://httpd.apache.org/docs/current/mod/mod_proxy_ajp.html for additional documentation.
#
class apache::mod::proxy_ajp {
- Class['apache::mod::proxy'] -> Class['apache::mod::proxy_ajp']
+ require apache::mod::proxy
::apache::mod { 'proxy_ajp': }
}
diff --git a/manifests/mod/proxy_balancer.pp b/manifests/mod/proxy_balancer.pp
index 74f35ba46e..1616f69d84 100644
--- a/manifests/mod/proxy_balancer.pp
+++ b/manifests/mod/proxy_balancer.pp
@@ -21,14 +21,12 @@
Array $allow_from = ['127.0.0.1','::1'],
Optional[String] $apache_version = $apache::apache_version,
) {
- include apache::mod::proxy
- include apache::mod::proxy_http
+ require apache::mod::proxy
+ require apache::mod::proxy_http
if versioncmp($apache_version, '2.4') >= 0 {
::apache::mod { 'slotmem_shm': }
}
- Class['apache::mod::proxy'] -> Class['apache::mod::proxy_balancer']
- Class['apache::mod::proxy_http'] -> Class['apache::mod::proxy_balancer']
::apache::mod { 'proxy_balancer': }
if $manager {
include apache::mod::status
diff --git a/manifests/mod/proxy_connect.pp b/manifests/mod/proxy_connect.pp
index 5ece8d4666..5134639700 100644
--- a/manifests/mod/proxy_connect.pp
+++ b/manifests/mod/proxy_connect.pp
@@ -4,6 +4,6 @@
#
class apache::mod::proxy_connect {
include apache
- Class['apache::mod::proxy'] -> Class['apache::mod::proxy_connect']
+ require apache::mod::proxy
apache::mod { 'proxy_connect': }
}
diff --git a/manifests/mod/proxy_fcgi.pp b/manifests/mod/proxy_fcgi.pp
index 3196f5b68d..467bdbef3e 100644
--- a/manifests/mod/proxy_fcgi.pp
+++ b/manifests/mod/proxy_fcgi.pp
@@ -4,6 +4,6 @@
# @see https://httpd.apache.org/docs/current/mod/mod_proxy_fcgi.html for additional documentation.
#
class apache::mod::proxy_fcgi {
- Class['apache::mod::proxy'] -> Class['apache::mod::proxy_fcgi']
+ require apache::mod::proxy
::apache::mod { 'proxy_fcgi': }
}
diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp
index 881d7e87b3..da57b5dbcf 100644
--- a/manifests/mod/proxy_html.pp
+++ b/manifests/mod/proxy_html.pp
@@ -5,8 +5,8 @@
#
class apache::mod::proxy_html {
include apache
- Class['apache::mod::proxy'] -> Class['apache::mod::proxy_html']
- Class['apache::mod::proxy_http'] -> Class['apache::mod::proxy_html']
+ require apache::mod::proxy
+ require apache::mod::proxy_http
# Add libxml2
case $facts['os']['family'] {
diff --git a/manifests/mod/proxy_http.pp b/manifests/mod/proxy_http.pp
index 76b7667ea2..54ad8af43c 100644
--- a/manifests/mod/proxy_http.pp
+++ b/manifests/mod/proxy_http.pp
@@ -4,6 +4,6 @@
# @see https://httpd.apache.org/docs/current/mod/mod_proxy_http.html for additional documentation.
#
class apache::mod::proxy_http {
- Class['apache::mod::proxy'] -> Class['apache::mod::proxy_http']
+ require apache::mod::proxy
::apache::mod { 'proxy_http': }
}
diff --git a/manifests/mod/proxy_wstunnel.pp b/manifests/mod/proxy_wstunnel.pp
index 1d12c6b465..c57db79387 100644
--- a/manifests/mod/proxy_wstunnel.pp
+++ b/manifests/mod/proxy_wstunnel.pp
@@ -4,7 +4,7 @@
# @see https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html for additional documentation.
#
class apache::mod::proxy_wstunnel {
- include apache, apache::mod::proxy
- Class['apache::mod::proxy'] -> Class['apache::mod::proxy_wstunnel']
+ include apache
+ require apache::mod::proxy
::apache::mod { 'proxy_wstunnel': }
}
diff --git a/manifests/vhost.pp b/manifests/vhost.pp
index c9e4873ec0..09c3100a6e 100644
--- a/manifests/vhost.pp
+++ b/manifests/vhost.pp
@@ -32,20 +32,20 @@
#
# @param access_log
# Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`).
-#
+#
# @param access_log_env_var
# Specifies that only requests with particular environment variables be logged.
-#
+#
# @param access_log_file
# Sets the filename of the `*_access.log` placed in `logroot`. Given a virtual host ---for
# instance, example.com--- it defaults to 'example.com_ssl.log' for
# [SSL-encrypted](https://httpd.apache.org/docs/current/ssl/index.html) virtual hosts and
# `example.com_access.log` for unencrypted virtual hosts.
-#
+#
# @param access_log_format
# Specifies the use of either a `LogFormat` nickname or a custom-formatted string for the
# access log.
-#
+#
# @param access_log_pipe
# Specifies a pipe where Apache sends access log messages.
#
@@ -55,21 +55,21 @@
# @param access_logs
# Allows you to give a hash that specifies the state of each of the `access_log_*`
# directives shown above, i.e. `access_log_pipe` and `access_log_syslog`.
-#
+#
# @param add_default_charset
# Sets a default media charset value for the `AddDefaultCharset` directive, which is
# added to `text/plain` and `text/html` responses.
-#
+#
# @param add_listen
# Determines whether the virtual host creates a `Listen` statement.
# Setting `add_listen` to `false` prevents the virtual host from creating a `Listen`
# statement. This is important when combining virtual hosts that aren't passed an `ip`
# parameter with those that are.
-#
+#
# @param use_optional_includes
# Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for
# `additional_includes` in Apache 2.4 or newer.
-#
+#
# @param aliases
# Passes a list of [hashes][hash] to the virtual host to create `Alias`, `AliasMatch`,
# `ScriptAlias` or `ScriptAliasMatch` directives as per the `mod_alias` documentation.
@@ -107,44 +107,44 @@
# If `apache::mod::passenger` is loaded and `PassengerHighPerformance` is `true`, the `Alias`
# directive might not be able to honor the `PassengerEnabled => off` statement. See
# [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details.
-#
+#
# @param allow_encoded_slashes
# Sets the `AllowEncodedSlashes` declaration for the virtual host, overriding the server
# default. This modifies the virtual host responses to URLs with `\` and `/` characters. The
# default setting omits the declaration from the server configuration and selects the
# Apache default setting of `Off`.
-#
+#
# @param block
# Specifies the list of things to which Apache blocks access. Valid options are: `scm` (which
# blocks web access to `.svn`), `.git`, and `.bzr` directories.
-#
+#
# @param cas_attribute_prefix
# Adds a header with the value of this header being the attribute values when SAML
# validation is enabled.
-#
+#
# @param cas_attribute_delimiter
# Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
-#
+#
# @param cas_login_url
# Sets the URL to which the module redirects users when they attempt to access a
# CAS-protected resource and don't have an active session.
-#
+#
# @param cas_root_proxied_as
# Sets the URL end users see when access to this Apache server is proxied per vhost.
# This URL should not include a trailing slash.
-#
+#
# @param cas_scrub_request_headers
# Remove inbound request headers that may have special meaning within mod_auth_cas.
-#
+#
# @param cas_sso_enabled
# Enables experimental support for single sign out (may mangle POST data).
-#
+#
# @param cas_validate_saml
# Parse response from CAS server for SAML.
-#
+#
# @param cas_validate_url
# Sets the URL to use when validating a client-presented ticket in an HTTP query string.
-#
+#
# @param cas_cookie_path
# Sets the location where information on the current session should be stored. This should
# be writable by the web server only.
@@ -162,49 +162,49 @@
# "Frontend domain: x.example.org",
# ]
# ```
-#
+#
# @param default_vhost
# Sets a given `apache::vhost` defined type as the default to serve requests that do not
# match any other `apache::vhost` defined types.
-#
+#
# @param directoryindex
# Sets the list of resources to look for when a client requests an index of the directory
# by specifying a '/' at the end of the directory name. See the `DirectoryIndex` directive
# documentation for details.
-#
+#
# @param docroot
# **Required**.
# Sets the `DocumentRoot` location, from which Apache serves files.
# If `docroot` and `manage_docroot` are both set to `false`, no `DocumentRoot` will be set
# and the accompanying `` block will not be created.
-#
+#
# @param docroot_group
# Sets group access to the `docroot` directory.
-#
+#
# @param docroot_owner
# Sets individual user access to the `docroot` directory.
-#
+#
# @param docroot_mode
# Sets access permissions for the `docroot` directory, in numeric notation.
-#
+#
# @param manage_docroot
# Determines whether Puppet manages the `docroot` directory.
-#
+#
# @param error_log
# Specifies whether `*_error.log` directives should be configured.
-#
+#
# @param error_log_file
# Points the virtual host's error logs to a `*_error.log` file. If this parameter is
# undefined, Puppet checks for values in `error_log_pipe`, then `error_log_syslog`.
# If none of these parameters is set, given a virtual host `example.com`, Puppet defaults
# to `$logroot/example.com_error_ssl.log` for SSL virtual hosts and
# `$logroot/example.com_error.log` for non-SSL virtual hosts.
-#
+#
# @param error_log_pipe
# Specifies a pipe to send error log messages to.
# This parameter has no effect if the `error_log_file` parameter has a value. If neither
# this parameter nor `error_log_file` has a value, Puppet then checks `error_log_syslog`.
-#
+#
# @param error_log_syslog
# Determines whether to send all error log messages to syslog.
# This parameter has no effect if either of the `error_log_file` or `error_log_pipe`
@@ -228,7 +228,7 @@
# ],
# }
# ```
-#
+#
# @param error_documents
# A list of hashes which can be used to override the
# [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument)
@@ -242,28 +242,28 @@
# ],
# }
# ```
-#
+#
# @param ensure
# Specifies if the virtual host is present or absent.
-#
+#
# @param fallbackresource
# Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource)
# directive, which specifies an action to take for any URL that doesn't map to anything in
# your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin
# with a `/` or be `disabled`.
-#
+#
# @param fastcgi_server
# Specify an external FastCGI server to manage a connection to.
-#
+#
# @param fastcgi_socket
# Specify the socket that will be used to communicate with an external FastCGI server.
-#
+#
# @param fastcgi_idle_timeout
# If using fastcgi, this option sets the timeout for the server to respond.
-#
+#
# @param fastcgi_dir
# Specify an internal FastCGI directory that is to be managed.
-#
+#
# @param filters
# [Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart,
# context-sensitive configuration of output content filters.
@@ -277,86 +277,86 @@
# ],
# }
# ```
-#
+#
# @param h2_copy_files
# Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles)
# directive which influences how the requestion process pass files to the main connection.
-#
+#
# @param h2_direct
# Sets the [H2Direct](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2direct)
# directive which toggles the usage of the HTTP/2 Direct Mode.
-#
+#
# @param h2_early_hints
# Sets the [H2EarlyHints](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2earlyhints)
# directive which controls if HTTP status 103 interim responses are forwarded to
# the client or not.
-#
+#
# @param h2_max_session_streams
# Sets the [H2MaxSessionStreams](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2maxsessionstreams)
# directive which sets the maximum number of active streams per HTTP/2 session
# that the server allows.
-#
+#
# @param h2_modern_tls_only
# Sets the [H2ModernTLSOnly](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2moderntlsonly)
# directive which toggles the security checks on HTTP/2 connections in TLS mode.
-#
+#
# @param h2_push
# Sets the [H2Push](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2push)
# directive which toggles the usage of the HTTP/2 server push protocol feature.
-#
+#
# @param h2_push_diary_size
# Sets the [H2PushDiarySize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushdiarysize)
# directive which toggles the maximum number of HTTP/2 server pushes that are
# remembered per HTTP/2 connection.
-#
+#
# @param h2_push_priority
# Sets the [H2PushPriority](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushpriority)
# directive which defines the priority handling of pushed responses based on the
# content-type of the response.
-#
+#
# @param h2_push_resource
# Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource)
# directive which declares resources for early pushing to the client.
-#
+#
# @param h2_serialize_headers
# Sets the [H2SerializeHeaders](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2serializeheaders)
# directive which toggles if HTTP/2 requests are serialized in HTTP/1.1
# format for processing by httpd core.
-#
+#
# @param h2_stream_max_mem_size
# Sets the [H2StreamMaxMemSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2streammaxmemsize)
# directive which sets the maximum number of outgoing data bytes buffered in
# memory for an active stream.
-#
+#
# @param h2_tls_cool_down_secs
# Sets the [H2TLSCoolDownSecs](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlscooldownsecs)
# directive which sets the number of seconds of idle time on a TLS connection
# before the TLS write size falls back to a small (~1300 bytes) length.
-#
+#
# @param h2_tls_warm_up_size
# Sets the [H2TLSWarmUpSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlswarmupsize)
# directive which sets the number of bytes to be sent in small TLS records (~1300
# bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections.
-#
+#
# @param h2_upgrade
# Sets the [H2Upgrade](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2upgrade)
# directive which toggles the usage of the HTTP/1.1 Upgrade method for switching
# to HTTP/2.
-#
+#
# @param h2_window_size
# Sets the [H2WindowSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2windowsize)
# directive which sets the size of the window that is used for flow control from
# client to server and limits the amount of data the server has to buffer.
-#
+#
# @param ip
# Sets the IP address the virtual host listens on. By default, uses Apache's default behavior
# of listening on all IPs.
-#
+#
# @param ip_based
# Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual
# host. This parameter inhibits the creation of a NameVirtualHost directive, since those are
# used to funnel requests to name-based virtual hosts.
-#
+#
# @param itk
# Configures [ITK](http://mpm-itk.sesse.net/) in a hash.
# Usage typically looks something like:
@@ -377,11 +377,11 @@
# * `nice`
# * `limituidrange` (Linux 3.5.0 or newer)
# * `limitgidrange` (Linux 3.5.0 or newer)
-#
+#
# @param action
# Specifies whether you wish to configure mod_actions action directive which will
# activate cgi-script when triggered by a request.
-#
+#
# @param jk_mounts
# Sets up a virtual host with `JkMount` and `JkUnMount` directives to handle the paths
# for URL mapping between Tomcat and Apache.
@@ -396,29 +396,29 @@
# ],
# }
# ```
-#
+#
# @param http_protocol_options
# Specifies the strictness of HTTP protocol checks.
-#
+#
# @param keepalive
# Determines whether to enable persistent HTTP connections with the `KeepAlive` directive
# for the virtual host. By default, the global, server-wide `KeepAlive` setting is in effect.
# Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options
# for the virtual host.
-#
+#
# @param keepalive_timeout
# Sets the `KeepAliveTimeout` directive for the virtual host, which determines the amount
# of time to wait for subsequent requests on a persistent HTTP connection. By default, the
# global, server-wide `KeepAlive` setting is in effect.
# This parameter is only relevant if either the global, server-wide `keepalive` parameter or
# the per-vhost `keepalive` parameter is enabled.
-#
+#
# @param max_keepalive_requests
# Limits the number of requests allowed per connection to the virtual host. By default,
# the global, server-wide `KeepAlive` setting is in effect.
# This parameter is only relevant if either the global, server-wide `keepalive` parameter or
# the per-vhost `keepalive` parameter is enabled.
-#
+#
# @param auth_kerb
# Enable `mod_auth_kerb` parameters for a virtual host.
# Usage typically looks like:
@@ -428,70 +428,72 @@
# krb_method_negotiate => 'on',
# krb_auth_realms => ['EXAMPLE.ORG'],
# krb_local_user_mapping => 'on',
-# directories => {
-# path => '/var/www/html',
-# auth_name => 'Kerberos Login',
-# auth_type => 'Kerberos',
-# auth_require => 'valid-user',
-# },
+# directories => [
+# {
+# path => '/var/www/html',
+# auth_name => 'Kerberos Login',
+# auth_type => 'Kerberos',
+# auth_require => 'valid-user',
+# },
+# ],
# }
# ```
-#
+#
# @param krb_method_negotiate
# Determines whether to use the Negotiate method.
-#
+#
# @param krb_method_k5passwd
# Determines whether to use password-based authentication for Kerberos v5.
-#
+#
# @param krb_authoritative
# If set to `off`, authentication controls can be passed on to another module.
-#
+#
# @param krb_auth_realms
# Specifies an array of Kerberos realms to use for authentication.
-#
+#
# @param krb_5keytab
# Specifies the Kerberos v5 keytab file's location.
-#
+#
# @param krb_local_user_mapping
# Strips @REALM from usernames for further use.
-#
+#
# @param krb_verify_kdc
# This option can be used to disable the verification tickets against local keytab to prevent
# KDC spoofing attacks.
-#
+#
# @param krb_servicename
# Specifies the service name that will be used by Apache for authentication. Corresponding
# key of this name must be stored in the keytab.
-#
+#
# @param krb_save_credentials
# This option enables credential saving functionality.
-#
+#
# @param logroot
# Specifies the location of the virtual host's logfiles.
-#
+#
# @param logroot_ensure
# Determines whether or not to remove the logroot directory for a virtual host.
-#
+#
# @param logroot_mode
# Overrides the mode the logroot directory is set to. Do *not* grant write access to the
# directory the logs are stored in without being aware of the consequences; for more
# information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security).
-#
+#
# @param logroot_owner
# Sets individual user access to the logroot directory.
-#
+#
# @param logroot_group
# Sets group access to the `logroot` directory.
-#
+#
# @param log_level
# Specifies the verbosity of the error log.
-#
+#
# @param modsec_body_limit
# Configures the maximum request body size (in bytes) ModSecurity accepts for buffering.
-#
+#
# @param modsec_disable_vhost
# Disables `mod_security` on a virtual host. Only valid if `apache::mod::security` is included.
-#
+#
# @param modsec_disable_ids
# Removes `mod_security` IDs from the virtual host.
# Also takes a hash allowing removal of an ID from a specific location.
@@ -500,16 +502,16 @@
# modsec_disable_ids => [ 90015, 90016 ],
# }
# ```
-#
+#
# ``` puppet
# apache::vhost { 'sample.example.net':
# modsec_disable_ids => { '/location1' => [ 90015, 90016 ] },
# }
# ```
-#
+#
# @param modsec_disable_ips
# Specifies an array of IP addresses to exclude from `mod_security` rule matching.
-#
+#
# @param modsec_disable_msgs
# Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing
# removal of an Msg from a specific location.
@@ -523,7 +525,7 @@
# modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] },
# }
# ```
-#
+#
# @param modsec_disable_tags
# Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing
# removal of an Tag from a specific location.
@@ -537,14 +539,14 @@
# modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] },
# }
# ```
-#
+#
# @param modsec_audit_log_file
# If set, it is relative to `logroot`.
# One of the parameters that determines how to send `mod_security` audit
# log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
# If none of those parameters are set, the global audit log is used
# (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
-#
+#
# @param modsec_audit_log_pipe
# If `modsec_audit_log_pipe` is set, it should start with a pipe. Example
# `|/path/to/mlogc /path/to/mlogc.conf`.
@@ -552,7 +554,7 @@
# log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
# If none of those parameters are set, the global audit log is used
# (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
-#
+#
# @param modsec_audit_log
# If `modsec_audit_log` is `true`, given a virtual host ---for instance, example.com--- it
# defaults to `example.com\_security\_ssl.log` for SSL-encrypted virtual hosts
@@ -561,28 +563,28 @@
# log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
# If none of those parameters are set, the global audit log is used
# (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
-#
+#
# @param no_proxy_uris
# Specifies URLs you do not want to proxy. This parameter is meant to be used in combination
# with [`proxy_dest`](#proxy_dest).
-#
+#
# @param no_proxy_uris_match
# This directive is equivalent to `no_proxy_uris`, but takes regular expressions.
-#
+#
# @param proxy_preserve_host
# Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost).
# Setting this parameter to `true` enables the `Host:` line from an incoming request to be
# proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'.
-#
+#
# @param proxy_add_headers
# Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders).
# This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For,
# X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server.
-#
+#
# @param proxy_error_override
# Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride).
# This directive controls whether Apache should override error pages for proxied content.
-#
+#
# @param options
# Sets the [`Options`](https://httpd.apache.org/docs/current/mod/core.html#options) for the specified virtual host. For example:
# ``` puppet
@@ -593,7 +595,7 @@
# ```
# > **Note**: If you use the `directories` parameter of `apache::vhost`, 'Options',
# 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`.
-#
+#
# @param override
# Sets the overrides for the specified virtual host. Accepts an array of
# [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments.
@@ -613,41 +615,41 @@
# ```
# > **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html)
# using the PassengerEnabled directive with the PassengerHighPerformance directive.
-#
+#
# @param passenger_base_uri
# Sets [PassengerBaseURI](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbase_rui),
# to specify that the given URI is a distinct application served by Passenger.
-#
+#
# @param passenger_ruby
# Sets [PassengerRuby](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerruby),
# specifying the Ruby interpreter to use when serving the relevant web applications.
-#
+#
# @param passenger_python
# Sets [PassengerPython](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerpython),
# specifying the Python interpreter to use when serving the relevant web applications.
-#
+#
# @param passenger_nodejs
# Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengernodejs),
# specifying Node.js command to use when serving the relevant web applications.
-#
+#
# @param passenger_meteor_app_settings
# Sets [PassengerMeteorAppSettings](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermeteorappsettings),
# specifying a JSON file with settings for the application when using a Meteor
# application in non-bundled mode.
-#
+#
# @param passenger_app_env
# Sets [PassengerAppEnv](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappenv),
# the environment for the Passenger application. If not specified, defaults to the global
# setting or 'production'.
-#
+#
# @param passenger_app_root
# Sets [PassengerRoot](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapproot),
# the location of the Passenger application root if different from the DocumentRoot.
-#
+#
# @param passenger_app_group_name
# Sets [PassengerAppGroupName](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappgroupname),
# the name of the application group that the current application should belong to.
-#
+#
# @param passenger_app_start_command
# Sets [PassengerAppStartCommand](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappstartcommand),
# how Passenger should start your app on a specific port.
@@ -655,19 +657,19 @@
# @param passenger_app_type
# Sets [PassengerAppType](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapptype),
# to force Passenger to recognize the application as a specific type.
-#
+#
# @param passenger_startup_file
# Sets the [PassengerStartupFile](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstartupfile),
# path. This path is relative to the application root.
-#
+#
# @param passenger_restart_dir
# Sets the [PassengerRestartDir](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerrestartdir),
# to customize the directory in which `restart.txt` is searched for.
-#
+#
# @param passenger_spawn_method
# Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerspawnmethod),
# whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.
-#
+#
# @param passenger_load_shell_envvars
# Sets [PassengerLoadShellEnvvars](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerloadshellenvvars),
# to enable or disable the loading of shell environment variables before spawning the application.
@@ -675,118 +677,118 @@
# @param passenger_preload_bundler
# Sets [PassengerPreloadBundler](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerpreloadbundler),
# to enable or disable the loading of bundler before loading the application.
-#
+#
# @param passenger_rolling_restarts
# Sets [PassengerRollingRestarts](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerrollingrestarts),
# to enable or disable support for zero-downtime application restarts through `restart.txt`.
-#
+#
# @param passenger_resist_deployment_errors
# Sets [PassengerResistDeploymentErrors](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerresistdeploymenterrors),
# to enable or disable resistance against deployment errors.
-#
+#
# @param passenger_user
# Sets [PassengerUser](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengeruser),
# the running user for sandboxing applications.
-#
+#
# @param passenger_group
# Sets [PassengerGroup](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengergroup),
# the running group for sandboxing applications.
-#
+#
# @param passenger_friendly_error_pages
# Sets [PassengerFriendlyErrorPages](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerfriendlyerrorpages),
# which can display friendly error pages whenever an application fails to start. This
# friendly error page presents the startup error message, some suggestions for solving
# the problem, a backtrace and a dump of the environment variables.
-#
+#
# @param passenger_min_instances
# Sets [PassengerMinInstances](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermininstances),
# the minimum number of application processes to run.
-#
+#
# @param passenger_max_instances
# Sets [PassengerMaxInstances](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxinstances),
# the maximum number of application processes to run.
-#
+#
# @param passenger_max_preloader_idle_time
# Sets [PassengerMaxPreloaderIdleTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxpreloaderidletime),
# the maximum amount of time the preloader waits before shutting down an idle process.
-#
+#
# @param passenger_force_max_concurrent_requests_per_process
# Sets [PassengerForceMaxConcurrentRequestsPerProcess](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerforcemaxconcurrentrequestsperprocess),
# the maximum amount of concurrent requests the application can handle per process.
-#
+#
# @param passenger_start_timeout
# Sets [PassengerStartTimeout](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstarttimeout),
# the timeout for the application startup.
-#
+#
# @param passenger_concurrency_model
# Sets [PassengerConcurrencyModel](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerconcurrencyodel),
# to specify the I/O concurrency model that should be used for Ruby application processes.
# Passenger supports two concurrency models:
# * `process` - single-threaded, multi-processed I/O concurrency.
# * `thread` - multi-threaded, multi-processed I/O concurrency.
-#
+#
# @param passenger_thread_count
# Sets [PassengerThreadCount](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerthreadcount),
# the number of threads that Passenger should spawn per Ruby application process.
# This option only has effect if PassengerConcurrencyModel is `thread`.
-#
+#
# @param passenger_max_requests
# Sets [PassengerMaxRequests](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequests),
# the maximum number of requests an application process will process.
-#
+#
# @param passenger_max_request_time
# Sets [PassengerMaxRequestTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequesttime),
# the maximum amount of time, in seconds, that an application process may take to
# process a request.
-#
+#
# @param passenger_memory_limit
# Sets [PassengerMemoryLimit](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermemorylimit),
# the maximum amount of memory that an application process may use, in megabytes.
-#
+#
# @param passenger_stat_throttle_rate
# Sets [PassengerStatThrottleRate](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstatthrottlerate),
# to set a limit, in seconds, on how often Passenger will perform it's filesystem checks.
-#
+#
# @param passenger_pre_start
# Sets [PassengerPreStart](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerprestart),
# the URL of the application if pre-starting is required.
-#
+#
# @param passenger_high_performance
# Sets [PassengerHighPerformance](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerhighperformance),
# to enhance performance in return for reduced compatibility.
-#
+#
# @param passenger_buffer_upload
# Sets [PassengerBufferUpload](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbufferupload),
# to buffer HTTP client request bodies before they are sent to the application.
-#
+#
# @param passenger_buffer_response
# Sets [PassengerBufferResponse](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbufferresponse),
# to buffer Happlication-generated responses.
-#
+#
# @param passenger_error_override
# Sets [PassengerErrorOverride](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengererroroverride),
# to specify whether Apache will intercept and handle response with HTTP status codes of
# 400 and higher.
-#
+#
# @param passenger_max_request_queue_size
# Sets [PassengerMaxRequestQueueSize](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequestqueuesize),
# to specify the maximum amount of requests that are allowed to queue whenever the maximum
# concurrent request limit is reached. If the queue is already at this specified limit, then
# Passenger immediately sends a "503 Service Unavailable" error to any incoming requests.
# A value of 0 means that the queue size is unbounded.
-#
+#
# @param passenger_max_request_queue_time
# Sets [PassengerMaxRequestQueueTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequestqueuetime),
# to specify the maximum amount of time that requests are allowed to stay in the queue
# whenever the maximum concurrent request limit is reached. If a request reaches this specified
# limit, then Passenger immeaditly sends a "504 Gateway Timeout" error for that request.
# A value of 0 means that the queue time is unbounded.
-#
+#
# @param passenger_sticky_sessions
# Sets [PassengerStickySessions](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessions),
# to specify that, whenever possible, all requests sent by a client will be routed to the same
# originating application process.
-#
+#
# @param passenger_sticky_sessions_cookie_name
# Sets [PassengerStickySessionsCookieName](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessionscookiename),
# to specify the name of the sticky sessions cookie.
@@ -794,12 +796,12 @@
# @param passenger_sticky_sessions_cookie_attributes
# Sets [PassengerStickySessionsCookieAttributes](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessionscookieattributes),
# the attributes of the sticky sessions cookie.
-#
+#
# @param passenger_allow_encoded_slashes
# Sets [PassengerAllowEncodedSlashes](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerallowencodedslashes),
# to allow URLs with encoded slashes. Please note that this feature will not work properly
# unless Apache's `AllowEncodedSlashes` is also enabled.
-#
+#
# @param passenger_app_log_file
# Sets [PassengerAppLogFile](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapplogfile),
# app specific messages logged to a different file in addition to Passenger log file.
@@ -807,12 +809,12 @@
# @param passenger_debugger
# Sets [PassengerDebugger](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerdebugger),
# to turn support for Ruby application debugging on or off.
-#
+#
# @param passenger_lve_min_uid
# Sets [PassengerLveMinUid](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerlveminuid),
# to only allow the spawning of application processes with UIDs equal to, or higher than, this
# specified value on LVE-enabled kernels.
-#
+#
# @param php_values
# Allows per-virtual host setting [`php_value`s](http://php.net/manual/en/configuration.changes.php).
# These flags or values can be overwritten by a user or an application.
@@ -1056,11 +1058,11 @@
# The parameter [`rewrite_base`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase)
# specifies the URL prefix to be used for per-directory (htaccess) RewriteRule directives
# that substitue a relative path.
-#
+#
# @param rewrite_rule
# The parameter [`rewrite_rile`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule)
# allows the user to define the rules that will be used by the rewrite engine.
-#
+#
# @param rewrite_cond
# The parameter [`rewrite_cond`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond)
# defines a rule condition, that when satisfied will implement that rule within the
@@ -1151,7 +1153,7 @@
# @param suexec_user_group
# Allows the spcification of user and group execution privileges for CGI programs through
# inclusion of the `mod_suexec` module.
-#
+#
# @param suphp_addhandler
# Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
# working together with suphp_configpath and suphp_engine.
@@ -1163,9 +1165,12 @@
# suphp_addhandler => 'x-httpd-php',
# suphp_engine => 'on',
# suphp_configpath => '/etc/php5/apache2',
-# directories => { path => '/home/appuser/myphpapp',
-# 'suphp' => { user => 'myappuser', group => 'myappgroup' },
-# }
+# directories => [
+# {
+# 'path' => '/home/appuser/myphpapp',
+# 'suphp' => { user => 'myappuser', group => 'myappgroup' },
+# },
+# ],
# }
# ```
#
@@ -1180,9 +1185,12 @@
# suphp_addhandler => 'x-httpd-php',
# suphp_engine => 'on',
# suphp_configpath => '/etc/php5/apache2',
-# directories => { path => '/home/appuser/myphpapp',
-# 'suphp' => { user => 'myappuser', group => 'myappgroup' },
-# }
+# directories => [
+# {
+# 'path' => '/home/appuser/myphpapp',
+# 'suphp' => { user => 'myappuser', group => 'myappgroup' },
+# },
+# ],
# }
# ```
#
@@ -1197,9 +1205,12 @@
# suphp_addhandler => 'x-httpd-php',
# suphp_engine => 'on',
# suphp_configpath => '/etc/php5/apache2',
-# directories => { path => '/home/appuser/myphpapp',
-# 'suphp' => { user => 'myappuser', group => 'myappgroup' },
-# }
+# directories => [
+# {
+# 'path' => '/home/appuser/myphpapp',
+# 'suphp' => { user => 'myappuser', group => 'myappgroup' },
+# },
+# ],
# }
# ```
#
@@ -1223,7 +1234,7 @@
# serveraliases => ['*.loc',],
# }
# ```
-#
+#
# @param virtual_use_default_docroot
# By default, when using `virtual_docroot`, the value of `docroot` is ignored. Setting this
# to `true` will mean both directives will be added to the configuration.
@@ -1321,7 +1332,7 @@
# This directive is similar to `wsgi_script_aliases`, but makes use of regular expressions
# in place of simple prefix matching.
# For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).
-#
+#
# @param wsgi_pass_authorization
# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group and
@@ -1407,13 +1418,15 @@
# ``` puppet
# apache::vhost { 'sample.example.net':
# docroot => '/path/to/directory',
-# directories => {
-# path => '/path/to/directory',
-# headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
-# },
+# directories => [
+# {
+# path => '/path/to/directory',
+# headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
+# },
+# ],
# }
# ```
-#
+#
# @param shib_compat_valid_user
# Default is Off, matching the behavior prior to this command's existence. Addresses a conflict
# when using Shibboleth in conjunction with other auth/auth modules by restoring `standard`
@@ -1453,11 +1466,10 @@
# ],
# }
# ```
-#
+#
# @param gssapi
-# Specfies mod_auth_gssapi parameters for particular directories in a virtual host directory
-# ```puppet
-# include apache::mod::auth_gssapi
+# Specfies mod_auth_gssapi parameters for particular directories in a virtual host directory
+# ```puppet
# apache::vhost { 'sample.example.net':
# docroot => '/path/to/directory',
# directories => [
@@ -1669,7 +1681,7 @@
# @param use_canonical_name
# Specifies whether to use the [`UseCanonicalName directive`](https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname),
# which allows you to configure how the server determines it's own name and port.
-#
+#
# @param define
# this lets you define configuration variables inside a vhost using [`Define`](https://httpd.apache.org/docs/2.4/mod/core.html#define),
# these can then be used to replace configuration values. All Defines are Undefined at the end of the VirtualHost.
@@ -1804,7 +1816,7 @@
Boolean $use_servername_for_filenames = false,
Boolean $use_port_for_filenames = false,
Array[Hash[String[1], String[1]]] $aliases = [],
- Optional[Variant[Hash, Array[Variant[Array,Hash]]]] $directories = undef,
+ Optional[Array[Hash]] $directories = undef,
Boolean $error_log = true,
Optional[String] $error_log_file = undef,
Optional[String] $error_log_pipe = undef,
@@ -2353,7 +2365,41 @@
# - $apache_version
# - $suphp_engine
# - $shibboleth_enabled
- if $_directories and ! empty($_directories) {
+ if $_directories and ! empty($_directories) and $ensure == 'present' {
+ $_directories.each |Hash $directory| {
+ if 'auth_basic_authoritative' in $directory or 'auth_basic_fake' in $directory or 'auth_basic_provider' in $directory {
+ include apache::mod::auth_basic
+ }
+
+ if 'auth_user_file' in $directory {
+ include apache::mod::authn_file
+ }
+
+ if 'auth_group_file' in $directory {
+ include apache::mod::authz_groupfile
+ }
+
+ if 'gssapi' in $directory {
+ include apache::mod::auth_gssapi
+ }
+
+ if $directory['provider'] and $directory['provider'] =~ 'location' and ('proxy_pass' in $directory or 'proxy_pass_match' in $directory) {
+ include apache::mod::proxy_http
+ }
+
+ if 'request_headers' in $directory {
+ include apache::mod::headers
+ }
+
+ if 'rewrites' in $directory {
+ include apache::mod::rewrite
+ }
+
+ if 'setenv' in $directory {
+ include apache::mod::env
+ }
+ }
+
concat::fragment { "${name}-directories":
target => "${priority_real}${filename}.conf",
order => 60,
@@ -2488,7 +2534,6 @@
# - $proxy_add_headers
# - $no_proxy_uris
if ($proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match or $proxy_preserve_host) and $ensure == 'present' {
- include apache::mod::proxy
include apache::mod::proxy_http
concat::fragment { "${name}-proxy":
diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb
index 8e38d98f0f..1694b94c92 100644
--- a/spec/acceptance/default_mods_spec.rb
+++ b/spec/acceptance/default_mods_spec.rb
@@ -22,47 +22,6 @@ class { 'apache':
end
end
- unless os[:family] == 'sles' && os[:release].to_i >= 12
- describe 'no default mods and failing' do
- before :all do
- pp = <<-PP
- include apache::params
- class { 'apache': default_mods => false, service_ensure => stopped, }
- PP
- apply_manifest(pp)
- end
- # Using puppet_apply as a helper
- pp = <<-MANIFEST
- class { 'apache':
- default_mods => false,
- }
- apache::vhost { 'defaults.example.com':
- docroot => '#{apache_hash['doc_root']}/defaults',
- aliases => [
- {
- alias => '/css',
- path => '#{apache_hash['doc_root']}/css',
- },
- ],
- directories => [
- {
- 'path' => "#{apache_hash['doc_root']}/admin",
- 'auth_basic_fake' => 'demo demopass',
- }
- ],
- setenv => 'TEST1 one',
- }
- MANIFEST
- it 'applies with errors' do
- apply_manifest(pp, expect_failures: true)
- end
- end
-
- describe service(apache_hash['service_name']) do
- it { is_expected.not_to be_running }
- end
- end
-
describe 'alternative default mods' do
# Using puppet_apply as a helper
let(:pp) do
diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb
index a5b54f635d..b2dcc11f11 100644
--- a/spec/acceptance/vhost_spec.rb
+++ b/spec/acceptance/vhost_spec.rb
@@ -327,7 +327,7 @@ class { 'apache': }
class { 'apache': }
if versioncmp($apache_version, '2.4') >= 0 {
- $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'require' => 'all denied' }
+ $_files_match_directory = [{ 'path' => 'private.html$', 'provider' => 'filesmatch', 'require' => 'all denied' }]
} else {
$_files_match_directory = [
{ 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' },
@@ -338,8 +338,7 @@ class { 'apache': }
$_directories = [
{ 'path' => '/var/www/files', },
{ 'path' => '/foo/', 'provider' => 'location', 'directoryindex' => 'notindex.html', },
- $_files_match_directory,
- ]
+ ] + $_files_match_directory
apache::vhost { 'files.example.net':
docroot => '/var/www/files',
diff --git a/spec/classes/mod/authz_groupfile_spec.rb b/spec/classes/mod/authz_groupfile_spec.rb
new file mode 100644
index 0000000000..dbab5e7392
--- /dev/null
+++ b/spec/classes/mod/authz_groupfile_spec.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'apache::mod::authz_groupfile' do
+ it_behaves_like 'a mod class, without including apache'
+
+ context 'default configuration with parameters' do
+ context 'on a Debian OS' do
+ include_examples 'Debian 11'
+
+ it { is_expected.to contain_apache__mod('authz_groupfile') }
+ end
+ end
+end
diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb
index f0efb63f4f..1a7f23316e 100644
--- a/spec/defines/vhost_spec.rb
+++ b/spec/defines/vhost_spec.rb
@@ -171,6 +171,20 @@
'set_output_filter' => 'output_filter' },
{ 'path' => '/var/www/files/input_filtered',
'set_input_filter' => 'input_filter' },
+ {
+ 'path' => '/var/www/foo',
+ 'provider' => 'files',
+ 'allow' => 'from 127.0.0.5',
+ 'deny' => 'from all',
+ 'order' => 'deny,allow',
+ },
+ {
+ 'path' => '/var/www/protected-files',
+ 'provider' => 'files',
+ 'allow' => ['from 127.0.0.1', 'from 127.0.0.2'],
+ 'deny' => ['from 127.0.0.3', 'from 127.0.0.4'],
+ 'satisfy' => 'any',
+ },
{ 'path' => '/var/www/files',
'provider' => 'location',
'limit' => [
@@ -199,6 +213,10 @@
'path' => '/',
'provider' => 'location',
'auth_ldap_referrals' => 'off',
+ 'auth_basic_fake' => 'demo demopass',
+ 'auth_user_file' => '/path/to/authz_user_file',
+ 'auth_group_file' => '/path/to/authz_group_file',
+ 'setenv' => ['SPECIAL_PATH /foo/bin'],
},
{
'path' => '/proxy',
@@ -467,1258 +485,476 @@
'/js/main.js',
],
'h2_serialize_headers' => false,
- 'h2_stream_max_mem_size' => 65_536,
- 'h2_tls_cool_down_secs' => 1,
- 'h2_tls_warm_up_size' => 1_048_576,
- 'h2_upgrade' => true,
- 'h2_window_size' => 65_535,
-
- 'passenger_enabled' => false,
- 'passenger_base_uri' => '/app',
- 'passenger_ruby' => '/usr/bin/ruby1.9.1',
- 'passenger_python' => '/usr/local/bin/python',
- 'passenger_nodejs' => '/usr/bin/node',
- 'passenger_meteor_app_settings' => '/path/to/some/file.json',
- 'passenger_app_env' => 'test',
- 'passenger_app_root' => '/usr/share/myapp',
- 'passenger_app_group_name' => 'app_customer',
- 'passenger_app_start_command' => 'start-my-app',
- 'passenger_app_type' => 'rack',
- 'passenger_startup_file' => 'bin/www',
- 'passenger_restart_dir' => 'tmp',
- 'passenger_spawn_method' => 'direct',
- 'passenger_load_shell_envvars' => false,
- 'passenger_preload_bundler' => false,
- 'passenger_rolling_restarts' => false,
- 'passenger_resist_deployment_errors' => true,
- 'passenger_user' => 'sandbox',
- 'passenger_group' => 'sandbox',
- 'passenger_friendly_error_pages' => false,
- 'passenger_min_instances' => 1,
- 'passenger_max_instances' => 30,
- 'passenger_max_preloader_idle_time' => 600,
- 'passenger_force_max_concurrent_requests_per_process' => 10,
- 'passenger_start_timeout' => 600,
- 'passenger_concurrency_model' => 'thread',
- 'passenger_thread_count' => 5,
- 'passenger_max_requests' => 1000,
- 'passenger_max_request_time' => 2,
- 'passenger_memory_limit' => 64,
- 'passenger_stat_throttle_rate' => 5,
- 'passenger_pre_start' => 'http://localhost/myapp',
- 'passenger_high_performance' => true,
- 'passenger_buffer_upload' => false,
- 'passenger_buffer_response' => false,
- 'passenger_error_override' => true,
- 'passenger_max_request_queue_size' => 10,
- 'passenger_max_request_queue_time' => 2,
- 'passenger_sticky_sessions' => true,
- 'passenger_sticky_sessions_cookie_name' => '_nom_nom_nom',
- 'passenger_sticky_sessions_cookie_attributes' => 'Nom=nom; Secure;',
- 'passenger_allow_encoded_slashes' => true,
- 'passenger_app_log_file' => '/app/log/file',
- 'passenger_debugger' => true,
- 'passenger_lve_min_uid' => 500,
- 'add_default_charset' => 'UTF-8',
- 'jk_mounts' => [
- { 'mount' => '/*', 'worker' => 'tcnode1' },
- { 'unmount' => '/*.jpg', 'worker' => 'tcnode1' },
- ],
- 'auth_kerb' => true,
- 'krb_method_negotiate' => 'off',
- 'krb_method_k5passwd' => 'off',
- 'krb_authoritative' => 'off',
- 'krb_auth_realms' => ['EXAMPLE.ORG', 'EXAMPLE.NET'],
- 'krb_5keytab' => '/tmp/keytab5',
- 'krb_local_user_mapping' => 'off',
- 'http_protocol_options' => 'Strict LenientMethods Allow0.9',
- 'keepalive' => 'on',
- 'keepalive_timeout' => '100',
- 'max_keepalive_requests' => '1000',
- 'protocols' => ['h2', 'http/1.1'],
- 'protocols_honor_order' => true,
- 'auth_oidc' => true,
- 'oidc_settings' => { 'ProviderMetadataURL' => 'https://login.example.com/.well-known/openid-configuration',
- 'ClientID' => 'test',
- 'RedirectURI' => 'https://login.example.com/redirect_uri',
- 'ProviderTokenEndpointAuth' => 'client_secret_basic',
- 'RemoteUserClaim' => 'sub',
- 'ClientSecret' => 'aae053a9-4abf-4824-8956-e94b2af335c8',
- 'CryptoPassphrase' => '4ad1bb46-9979-450e-ae58-c696967df3cd' },
- 'mdomain' => 'example.com example.net auto',
- 'userdir' => 'disabled',
- }
- end
-
- it { is_expected.to compile }
- it { is_expected.not_to contain_file('/var/www/foo') }
- it { is_expected.to contain_class('apache::mod::ssl') }
- it {
- is_expected.to contain_file('ssl.conf').with(
- content: %r{^\s+SSLHonorCipherOrder On$},
- )
- }
- it {
- is_expected.to contain_file('ssl.conf').with(
- content: %r{^\s+SSLPassPhraseDialog builtin$},
- )
- }
- it {
- is_expected.to contain_file('ssl.conf').with(
- content: %r{^\s+SSLSessionCacheTimeout 300$},
- )
- }
- it { is_expected.to contain_file('rspec.example.com_ssl_cert') }
- it { is_expected.to contain_file('rspec.example.com_ssl_key') }
- it { is_expected.to contain_file('rspec.example.com_ssl_chain') }
- it { is_expected.to contain_file('rspec.example.com_ssl_foo.crl') }
- it { is_expected.to contain_class('apache::mod::mime') }
- it { is_expected.to contain_class('apache::mod::vhost_alias') }
- it { is_expected.to contain_class('apache::mod::wsgi') }
- it { is_expected.to contain_class('apache::mod::suexec') }
- it { is_expected.to contain_class('apache::mod::passenger') }
- it {
- is_expected.to contain_file('/var/www/logs').with('ensure' => 'directory',
- 'mode' => '0600')
- }
- it { is_expected.to contain_class('apache::mod::rewrite') }
- it { is_expected.to contain_class('apache::mod::alias') }
- it { is_expected.to contain_class('apache::mod::proxy') }
- it { is_expected.to contain_class('apache::mod::proxy_http') }
- it { is_expected.to contain_class('apache::mod::fastcgi') }
- it { is_expected.to contain_class('apache::mod::headers') }
- it { is_expected.to contain_class('apache::mod::filter') }
- it { is_expected.to contain_class('apache::mod::env') }
- it { is_expected.to contain_class('apache::mod::setenvif') }
- it {
- is_expected.to contain_concat('30-rspec.example.com.conf').with('owner' => 'root',
- 'mode' => '0644',
- 'require' => 'Package[httpd]',
- 'notify' => 'Class[Apache::Service]')
- }
- if facts[:os]['release']['major'].to_i >= 18 && facts[:os]['name'] == 'Ubuntu'
- it {
- is_expected.to contain_file('30-rspec.example.com.conf symlink').with('ensure' => 'link',
- 'path' => "/etc/#{apache_name}/sites-enabled/30-rspec.example.com.conf")
- }
- end
- it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with(
- content: %r{^\s+LimitRequestFieldSize 8190$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with(
- content: %r{^\s+LimitRequestFields 100$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with(
- content: %r{^\s+LimitRequestLine 8190$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with(
- content: %r{^\s+LimitRequestBody 0$},
- )
- }
- it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-aliases').with(
- content: %r{^\s+Alias /image "/rspec/image"$},
- )
- }
- it { is_expected.to contain_concat__fragment('rspec.example.com-itk') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-fallbackresource') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-directories') }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Include\s'\/custom\/path\/includes'$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Include\s'\/custom\/path\/another_includes'$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+H2CopyFiles\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+H2PushResource\s/foo.css$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+H2PushResource\s/foo.js$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Require valid-user$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Require all denied$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Require all granted$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+<\/RequireAll>$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Require all-valid1$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Require all-valid2$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+<\/RequireNone>$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Require none-valid1$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Require none-valid2$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+<\/RequireAny>$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Require any-valid1$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Require any-valid2$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+LDAPReferrals off$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+ProxyPass http://backend-b/ retry=0 timeout=5 noquery interpolate$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+ProxyPassMatch http://backend-b/ retry=0 timeout=5 noquery interpolate$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Options\sIndexes\sFollowSymLinks\sMultiViews$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+IndexOptions\sFancyIndexing$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+IndexStyleSheet\s'\/styles\/style\.css'$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+DirectoryIndex\sdisabled$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+SetOutputFilter\soutput_filter$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+SetInputFilter\sinput_filter$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{\s+\s*Require valid-user\s*<\/Limit>}m,
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{\s+\s*Require valid-user\s*<\/LimitExcept>}m,
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Dav\sfilesystem$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+DavDepthInfinity\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+DavMinTimeout\s600$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerEnabled\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerBaseURI\s/app$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerRuby\s/path/to/ruby$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerPython\s/path/to/python$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerNodejs\s/path/to/nodejs$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerMeteorAppSettings\s/path/to/file\.json$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerAppEnv\sdemo$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerAppRoot\s/var/www/node-app$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerAppGroupName\sfoo_bar$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerAppType\snode$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerStartupFile\sstart\.js$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerRestartDir\stemp$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerLoadShellEnvvars\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerPreloadBundler\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerRollingRestarts\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerResistDeploymentErrors\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerUser\snodeuser$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerGroup\snodegroup$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerFriendlyErrorPages\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerMinInstances\s7$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerMaxInstances\s9$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerForceMaxConcurrentRequestsPerProcess\s12$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerStartTimeout\s10$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerConcurrencyModel\sthread$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerThreadCount\s20$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerMaxRequests\s2000$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerMaxRequestTime\s1$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerMemoryLimit\s32$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerHighPerformance\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerBufferUpload\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerBufferResponse\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerErrorOverride\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerMaxRequestQueueSize\s120$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerMaxRequestQueueTime\s5$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerStickySessions\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerStickySessionsCookieName\s_delicious_cookie$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerAllowEncodedSlashes\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+PassengerDebugger\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiAcceptorName\s{HOSTNAME}$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiAllowedMech\skrb5$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiAllowedMech\siakerb$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiAllowedMech\sntlmssp$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiBasicAuth\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiBasicAuthMech\skrb5$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiBasicAuthMech\siakerb$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiBasicAuthMech\sntlmssp$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiBasicTicketTimeout\s300$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiConnectionBound\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiCredStore\sccache:FILE:/path/to/directory$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiCredStore\sclient_keytab:/path/to/example\.keytab$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiCredStore\skeytab:/path/to/example\.keytab$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiDelegCcacheDir\s/path/to/directory$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiDelegCcacheEnvVar\sKRB5CCNAME$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiDelegCcachePerms\smode:0600\suid:example-user\sgid:example-group$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiDelegCcacheUnique\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiImpersonate\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiLocalName\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiNameAttributes\sjson$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiNegotiateOnce\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiPublishErrors\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiPublishMech\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiRequiredNameAttributes\s"auth-indicators=high"$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiSessionKey\sfile:/path/to/example\.key$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiSignalPersistentAuth\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiSSLonly\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiUseS4U2Proxy\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+GssapiUseSessions\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+SSLVerifyClient\soptional$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+SSLVerifyDepth\s10$},
- )
- }
- it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-logging') }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-logging')
- .with_content(%r{^\s+ErrorLogFormat "\[%t\] \[%l\] %7F: %E: \[client\\ %a\] %M% ,\\ referer\\ %\{Referer\}i"$})
- }
- it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') }
- it { is_expected.not_to contain_concat__fragment('rspec.example.com-access_log') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-action') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-block') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
- %r{retry=0},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
- %r{timeout=5},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
- %r{SetEnv force-proxy-request-1.0 1},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
- %r{SetEnv proxy-nokeepalive 1},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
- %r{noquery interpolate},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
- %r{ProxyPreserveHost On},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
- %r{ProxyAddHeaders On},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
- %r{ProxyPassReverseCookiePath\s+\/a\s+http:\/\/},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(
- %r{ProxyPassReverseCookieDomain\s+foo\s+http:\/\/foo},
- )
- }
- it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-rewrite').with(
- content: %r{^\s+RewriteOptions Inherit$},
- )
- }
- it { is_expected.to contain_concat__fragment('rspec.example.com-scriptalias') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content(
- %r{SetEnv FOO=/bin/true},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content(
- %r{SetEnvIf Request_URI "\\.gif\$" object_is_image=gif},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content(
- %r{SetEnvIfNoCase REMOTE_ADDR \^127.0.0.1 localhost=true},
- )
- }
- it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-ssl').with(
- content: %r{^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-ssl').with(
- content: %r{^\s+SSLHonorCipherOrder\s+Off$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-ssl').with(
- content: %r{^\s+SSLUserName\s+SSL_CLIENT_S_DN_CN$},
- )
- }
- it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy') }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with(
- content: %r{^\s+SSLProxyEngine On$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with(
- content: %r{^\s+SSLProxyCheckPeerCN\s+on$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with(
- content: %r{^\s+SSLProxyCheckPeerName\s+on$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with(
- content: %r{^\s+SSLProxyCheckPeerExpire\s+on$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with(
- content: %r{^\s+SSLProxyCipherSuite\s+HIGH$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with(
- content: %r{^\s+SSLProxyProtocol\s+TLSv1.2$},
- )
- }
- it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-header') }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-filters').with(
- content: %r{^\s+FilterDeclare COMPRESS$},
- )
- }
- it { is_expected.to contain_concat__fragment('rspec.example.com-requestheader') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-wsgi') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-fastcgi') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-suexec') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-allow_encoded_slashes') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') }
- it { is_expected.not_to contain_concat__fragment('rspec.example.com-security') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-jk_mounts').with(
- content: %r{^\s+JkMount\s+\/\*\s+tcnode1$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-jk_mounts').with(
- content: %r{^\s+JkUnMount\s+\/\*\.jpg\s+tcnode1$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
- content: %r{^\s+KrbMethodNegotiate\soff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
- content: %r{^\s+KrbAuthoritative\soff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
- content: %r{^\s+KrbAuthRealms\sEXAMPLE.ORG\sEXAMPLE.NET$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
- content: %r{^\s+Krb5Keytab\s\/tmp\/keytab5$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
- content: %r{^\s+KrbLocalUserMapping\soff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
- content: %r{^\s+KrbServiceName\sHTTP$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
- content: %r{^\s+KrbSaveCredentials\soff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with(
- content: %r{^\s+KrbVerifyKDC\son$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http_protocol_options').with(
- content: %r{^\s*HttpProtocolOptions\s+Strict\s+LenientMethods\s+Allow0\.9$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with(
- content: %r{^\s+KeepAlive\son$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with(
- content: %r{^\s+KeepAliveTimeout\s100$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with(
- content: %r{^\s+MaxKeepAliveRequests\s1000$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with(
- content: %r{^\s+Protocols\sh2 http/1.1$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with(
- content: %r{^\s+ProtocolsHonorOrder\sOn$},
- )
- }
-
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2CopyFiles\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2Direct\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2EarlyHints\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2MaxSessionStreams\s100$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2ModernTLSOnly\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2Push\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2PushDiarySize\s256$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2PushPriority\sapplication/json 32$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2PushResource\s/css/main.css$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2PushResource\s/js/main.js$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2SerializeHeaders\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2StreamMaxMemSize\s65536$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2TLSCoolDownSecs\s1$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2TLSWarmUpSize\s1048576$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2Upgrade\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-http2').with(
- content: %r{^\s+H2WindowSize\s65535$},
- )
- }
-
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerEnabled\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerBaseURI\s/app$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerRuby\s/usr/bin/ruby1\.9\.1$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerPython\s/usr/local/bin/python$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerNodejs\s/usr/bin/node$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerMeteorAppSettings\s/path/to/some/file.json$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerAppEnv\stest$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerAppRoot\s/usr/share/myapp$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerAppGroupName\sapp_customer$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerAppType\srack$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerStartupFile\sbin/www$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerRestartDir\stmp$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerSpawnMethod\sdirect$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerLoadShellEnvvars\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerPreloadBundler\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerRollingRestarts\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerResistDeploymentErrors\sOn$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerUser\ssandbox$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerGroup\ssandbox$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerFriendlyErrorPages\sOff$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerMinInstances\s1$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerMaxInstances\s30$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerMaxPreloaderIdleTime\s600$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerForceMaxConcurrentRequestsPerProcess\s10$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerStartTimeout\s600$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerConcurrencyModel\sthread$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerThreadCount\s5$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerMaxRequests\s1000$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerMaxRequestTime\s2$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerMemoryLimit\s64$},
- )
- }
+ 'h2_stream_max_mem_size' => 65_536,
+ 'h2_tls_cool_down_secs' => 1,
+ 'h2_tls_warm_up_size' => 1_048_576,
+ 'h2_upgrade' => true,
+ 'h2_window_size' => 65_535,
+
+ 'passenger_enabled' => false,
+ 'passenger_base_uri' => '/app',
+ 'passenger_ruby' => '/usr/bin/ruby1.9.1',
+ 'passenger_python' => '/usr/local/bin/python',
+ 'passenger_nodejs' => '/usr/bin/node',
+ 'passenger_meteor_app_settings' => '/path/to/some/file.json',
+ 'passenger_app_env' => 'test',
+ 'passenger_app_root' => '/usr/share/myapp',
+ 'passenger_app_group_name' => 'app_customer',
+ 'passenger_app_start_command' => 'start-my-app',
+ 'passenger_app_type' => 'rack',
+ 'passenger_startup_file' => 'bin/www',
+ 'passenger_restart_dir' => 'tmp',
+ 'passenger_spawn_method' => 'direct',
+ 'passenger_load_shell_envvars' => false,
+ 'passenger_preload_bundler' => false,
+ 'passenger_rolling_restarts' => false,
+ 'passenger_resist_deployment_errors' => true,
+ 'passenger_user' => 'sandbox',
+ 'passenger_group' => 'sandbox',
+ 'passenger_friendly_error_pages' => false,
+ 'passenger_min_instances' => 1,
+ 'passenger_max_instances' => 30,
+ 'passenger_max_preloader_idle_time' => 600,
+ 'passenger_force_max_concurrent_requests_per_process' => 10,
+ 'passenger_start_timeout' => 600,
+ 'passenger_concurrency_model' => 'thread',
+ 'passenger_thread_count' => 5,
+ 'passenger_max_requests' => 1000,
+ 'passenger_max_request_time' => 2,
+ 'passenger_memory_limit' => 64,
+ 'passenger_stat_throttle_rate' => 5,
+ 'passenger_pre_start' => 'http://localhost/myapp',
+ 'passenger_high_performance' => true,
+ 'passenger_buffer_upload' => false,
+ 'passenger_buffer_response' => false,
+ 'passenger_error_override' => true,
+ 'passenger_max_request_queue_size' => 10,
+ 'passenger_max_request_queue_time' => 2,
+ 'passenger_sticky_sessions' => true,
+ 'passenger_sticky_sessions_cookie_name' => '_nom_nom_nom',
+ 'passenger_sticky_sessions_cookie_attributes' => 'Nom=nom; Secure;',
+ 'passenger_allow_encoded_slashes' => true,
+ 'passenger_app_log_file' => '/app/log/file',
+ 'passenger_debugger' => true,
+ 'passenger_lve_min_uid' => 500,
+ 'add_default_charset' => 'UTF-8',
+ 'jk_mounts' => [
+ { 'mount' => '/*', 'worker' => 'tcnode1' },
+ { 'unmount' => '/*.jpg', 'worker' => 'tcnode1' },
+ ],
+ 'auth_kerb' => true,
+ 'krb_method_negotiate' => 'off',
+ 'krb_method_k5passwd' => 'off',
+ 'krb_authoritative' => 'off',
+ 'krb_auth_realms' => ['EXAMPLE.ORG', 'EXAMPLE.NET'],
+ 'krb_5keytab' => '/tmp/keytab5',
+ 'krb_local_user_mapping' => 'off',
+ 'http_protocol_options' => 'Strict LenientMethods Allow0.9',
+ 'keepalive' => 'on',
+ 'keepalive_timeout' => '100',
+ 'max_keepalive_requests' => '1000',
+ 'protocols' => ['h2', 'http/1.1'],
+ 'protocols_honor_order' => true,
+ 'auth_oidc' => true,
+ 'oidc_settings' => { 'ProviderMetadataURL' => 'https://login.example.com/.well-known/openid-configuration',
+ 'ClientID' => 'test',
+ 'RedirectURI' => 'https://login.example.com/redirect_uri',
+ 'ProviderTokenEndpointAuth' => 'client_secret_basic',
+ 'RemoteUserClaim' => 'sub',
+ 'ClientSecret' => 'aae053a9-4abf-4824-8956-e94b2af335c8',
+ 'CryptoPassphrase' => '4ad1bb46-9979-450e-ae58-c696967df3cd' },
+ 'mdomain' => 'example.com example.net auto',
+ 'userdir' => 'disabled',
+ }
+ end
+
+ it { is_expected.to compile }
+ it { is_expected.not_to contain_file('/var/www/foo') }
+ it { is_expected.to contain_class('apache::mod::ssl') }
it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerStatThrottleRate\s5$},
+ is_expected.to contain_file('ssl.conf').with(
+ content: %r{^\s+SSLHonorCipherOrder On$},
)
}
it {
- is_expected.to contain_concat__fragment('rspec.example.com-file_footer').with(
- content: %r{^PassengerPreStart\shttp://localhost/myapp$},
+ is_expected.to contain_file('ssl.conf').with(
+ content: %r{^\s+SSLPassPhraseDialog builtin$},
)
}
it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerHighPerformance\sOn$},
+ is_expected.to contain_file('ssl.conf').with(
+ content: %r{^\s+SSLSessionCacheTimeout 300$},
)
}
+ it { is_expected.to contain_file('rspec.example.com_ssl_cert') }
+ it { is_expected.to contain_file('rspec.example.com_ssl_key') }
+ it { is_expected.to contain_file('rspec.example.com_ssl_chain') }
+ it { is_expected.to contain_file('rspec.example.com_ssl_foo.crl') }
it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerBufferUpload\sOff$},
- )
+ is_expected.to contain_file('/var/www/logs').with('ensure' => 'directory',
+ 'mode' => '0600')
}
+ it { is_expected.to contain_class('apache::mod::alias') }
+ it { is_expected.to contain_class('apache::mod::auth_basic') }
+ it { is_expected.to contain_class('apache::mod::authn_file') }
+ it { is_expected.to contain_class('apache::mod::authz_groupfile') }
+ it { is_expected.to contain_class('apache::mod::auth_gssapi') }
+ it { is_expected.to contain_class('apache::mod::env') }
+ it { is_expected.to contain_class('apache::mod::fastcgi') }
+ it { is_expected.to contain_class('apache::mod::filter') }
+ it { is_expected.to contain_class('apache::mod::headers') }
+ it { is_expected.to contain_class('apache::mod::mime') }
+ it { is_expected.to contain_class('apache::mod::passenger') }
+ it { is_expected.to contain_class('apache::mod::proxy') }
+ it { is_expected.to contain_class('apache::mod::proxy_http') }
+ it { is_expected.to contain_class('apache::mod::rewrite') }
+ it { is_expected.to contain_class('apache::mod::setenvif') }
+ it { is_expected.to contain_class('apache::mod::suexec') }
+ it { is_expected.to contain_class('apache::mod::vhost_alias') }
+ it { is_expected.to contain_class('apache::mod::wsgi') }
it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerBufferResponse\sOff$},
- )
+ is_expected.to contain_concat('30-rspec.example.com.conf').with('owner' => 'root',
+ 'mode' => '0644',
+ 'require' => 'Package[httpd]',
+ 'notify' => 'Class[Apache::Service]')
}
+ if facts[:os]['release']['major'].to_i >= 18 && facts[:os]['name'] == 'Ubuntu'
+ it {
+ is_expected.to contain_file('30-rspec.example.com.conf symlink').with('ensure' => 'link',
+ 'path' => "/etc/#{apache_name}/sites-enabled/30-rspec.example.com.conf")
+ }
+ end
it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerErrorOverride\sOn$},
- )
+ is_expected.to contain_concat__fragment('rspec.example.com-apache-header')
+ .with_content(%r{^\s+LimitRequestFieldSize 8190$})
+ .with_content(%r{^\s+LimitRequestFields 100$})
+ .with_content(%r{^\s+LimitRequestLine 8190$})
+ .with_content(%r{^\s+LimitRequestBody 0$})
}
+ it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') }
it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerMaxRequestQueueSize\s10$},
+ is_expected.to contain_concat__fragment('rspec.example.com-aliases').with(
+ content: %r{^\s+Alias /image "/rspec/image"$},
)
}
+ it { is_expected.to contain_concat__fragment('rspec.example.com-itk') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-fallbackresource') }
+
it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerMaxRequestQueueTime\s2$},
- )
+ is_expected.to contain_concat__fragment('rspec.example.com-directories')
+ .with_content(%r{^\s+$})
+ .with_content(%r{^\s+Include\s'\/custom\/path\/includes'$})
+ .with_content(%r{^\s+Include\s'\/custom\/path\/another_includes'$})
+ .with_content(%r{^\s+H2CopyFiles\sOn$})
+ .with_content(%r{^\s+H2PushResource\s/foo.css$})
+ .with_content(%r{^\s+H2PushResource\s/foo.js$})
+ .with_content(%r{^\s+Require valid-user$})
+ .with_content(%r{^\s+Require all denied$})
+ .with_content(%r{^\s+Require all granted$})
+ .with_content(%r{^\s+$})
+ .with_content(%r{^\s+<\/RequireAll>$})
+ .with_content(%r{^\s+Require all-valid1$})
+ .with_content(%r{^\s+Require all-valid2$})
+ .with_content(%r{^\s+$})
+ .with_content(%r{^\s+<\/RequireNone>$})
+ .with_content(%r{^\s+Require none-valid1$})
+ .with_content(%r{^\s+Require none-valid2$})
+ .with_content(%r{^\s+$})
+ .with_content(%r{^\s+<\/RequireAny>$})
+ .with_content(%r{^\s+Require any-valid1$})
+ .with_content(%r{^\s+Require any-valid2$})
+ .with_content(%r{^\s+LDAPReferrals off$})
+ .with_content(%r{^\s+ProxyPass http://backend-b/ retry=0 timeout=5 noquery interpolate$})
+ .with_content(%r{^\s+ProxyPassMatch http://backend-b/ retry=0 timeout=5 noquery interpolate$})
+ .with_content(%r{^\s+Options\sIndexes\sFollowSymLinks\sMultiViews$})
+ .with_content(%r{^\s+IndexOptions\sFancyIndexing$})
+ .with_content(%r{^\s+IndexStyleSheet\s'\/styles\/style\.css'$})
+ .with_content(%r{^\s+DirectoryIndex\sdisabled$})
+ .with_content(%r{^\s+SetOutputFilter\soutput_filter$})
+ .with_content(%r{^\s+SetInputFilter\sinput_filter$})
+ .with_content(%r{^\s+$})
+ .with_content(%r{\s+\s*Require valid-user\s*<\/Limit>}m)
+ .with_content(%r{^\s+$})
+ .with_content(%r{\s+\s*Require valid-user\s*<\/LimitExcept>}m)
+ .with_content(%r{^\s+Dav\sfilesystem$})
+ .with_content(%r{^\s+DavDepthInfinity\sOn$})
+ .with_content(%r{^\s+DavMinTimeout\s600$})
+ .with_content(%r{^\s+PassengerEnabled\sOn$})
+ .with_content(%r{^\s+PassengerBaseURI\s/app$})
+ .with_content(%r{^\s+PassengerRuby\s/path/to/ruby$})
+ .with_content(%r{^\s+PassengerPython\s/path/to/python$})
+ .with_content(%r{^\s+PassengerNodejs\s/path/to/nodejs$})
+ .with_content(%r{^\s+PassengerMeteorAppSettings\s/path/to/file\.json$})
+ .with_content(%r{^\s+PassengerAppEnv\sdemo$})
+ .with_content(%r{^\s+PassengerAppRoot\s/var/www/node-app$})
+ .with_content(%r{^\s+PassengerAppGroupName\sfoo_bar$})
+ .with_content(%r{^\s+PassengerAppType\snode$})
+ .with_content(%r{^\s+PassengerStartupFile\sstart\.js$})
+ .with_content(%r{^\s+PassengerRestartDir\stemp$})
+ .with_content(%r{^\s+PassengerLoadShellEnvvars\sOff$})
+ .with_content(%r{^\s+PassengerPreloadBundler\sOff$})
+ .with_content(%r{^\s+PassengerRollingRestarts\sOff$})
+ .with_content(%r{^\s+PassengerResistDeploymentErrors\sOff$})
+ .with_content(%r{^\s+PassengerUser\snodeuser$})
+ .with_content(%r{^\s+PassengerGroup\snodegroup$})
+ .with_content(%r{^\s+PassengerFriendlyErrorPages\sOn$})
+ .with_content(%r{^\s+PassengerMinInstances\s7$})
+ .with_content(%r{^\s+PassengerMaxInstances\s9$})
+ .with_content(%r{^\s+PassengerForceMaxConcurrentRequestsPerProcess\s12$})
+ .with_content(%r{^\s+PassengerStartTimeout\s10$})
+ .with_content(%r{^\s+PassengerConcurrencyModel\sthread$})
+ .with_content(%r{^\s+PassengerThreadCount\s20$})
+ .with_content(%r{^\s+PassengerMaxRequests\s2000$})
+ .with_content(%r{^\s+PassengerMaxRequestTime\s1$})
+ .with_content(%r{^\s+PassengerMemoryLimit\s32$})
+ .with_content(%r{^\s+PassengerHighPerformance\sOff$})
+ .with_content(%r{^\s+PassengerBufferUpload\sOff$})
+ .with_content(%r{^\s+PassengerBufferResponse\sOff$})
+ .with_content(%r{^\s+PassengerErrorOverride\sOff$})
+ .with_content(%r{^\s+PassengerMaxRequestQueueSize\s120$})
+ .with_content(%r{^\s+PassengerMaxRequestQueueTime\s5$})
+ .with_content(%r{^\s+PassengerStickySessions\sOn$})
+ .with_content(%r{^\s+PassengerStickySessionsCookieName\s_delicious_cookie$})
+ .with_content(%r{^\s+PassengerAllowEncodedSlashes\sOff$})
+ .with_content(%r{^\s+PassengerDebugger\sOff$})
+ .with_content(%r{^\s+GssapiAcceptorName\s{HOSTNAME}$})
+ .with_content(%r{^\s+GssapiAllowedMech\skrb5$})
+ .with_content(%r{^\s+GssapiAllowedMech\siakerb$})
+ .with_content(%r{^\s+GssapiAllowedMech\sntlmssp$})
+ .with_content(%r{^\s+GssapiBasicAuth\sOn$})
+ .with_content(%r{^\s+GssapiBasicAuthMech\skrb5$})
+ .with_content(%r{^\s+GssapiBasicAuthMech\siakerb$})
+ .with_content(%r{^\s+GssapiBasicAuthMech\sntlmssp$})
+ .with_content(%r{^\s+GssapiBasicTicketTimeout\s300$})
+ .with_content(%r{^\s+GssapiConnectionBound\sOn$})
+ .with_content(%r{^\s+GssapiCredStore\sccache:FILE:/path/to/directory$})
+ .with_content(%r{^\s+GssapiCredStore\sclient_keytab:/path/to/example\.keytab$})
+ .with_content(%r{^\s+GssapiCredStore\skeytab:/path/to/example\.keytab$})
+ .with_content(%r{^\s+GssapiDelegCcacheDir\s/path/to/directory$})
+ .with_content(%r{^\s+GssapiDelegCcacheEnvVar\sKRB5CCNAME$})
+ .with_content(%r{^\s+GssapiDelegCcachePerms\smode:0600\suid:example-user\sgid:example-group$})
+ .with_content(%r{^\s+GssapiDelegCcacheUnique\sOn$})
+ .with_content(%r{^\s+GssapiImpersonate\sOn$})
+ .with_content(%r{^\s+GssapiLocalName\sOn$})
+ .with_content(%r{^\s+GssapiNameAttributes\sjson$})
+ .with_content(%r{^\s+GssapiNegotiateOnce\sOn$})
+ .with_content(%r{^\s+GssapiPublishErrors\sOn$})
+ .with_content(%r{^\s+GssapiPublishMech\sOn$})
+ .with_content(%r{^\s+GssapiRequiredNameAttributes\s"auth-indicators=high"$})
+ .with_content(%r{^\s+GssapiSessionKey\sfile:/path/to/example\.key$})
+ .with_content(%r{^\s+GssapiSignalPersistentAuth\sOn$})
+ .with_content(%r{^\s+GssapiSSLonly\sOn$})
+ .with_content(%r{^\s+GssapiUseS4U2Proxy\sOn$})
+ .with_content(%r{^\s+GssapiUseSessions\sOn$})
+ .with_content(%r{^\s+SSLVerifyClient\soptional$})
+ .with_content(%r{^\s+SSLVerifyDepth\s10$})
}
+ # the following style is only present on Apache 2.2
+ # That is used in SLES 11, RHEL6, Amazon Linux
+ if (facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i < 7) ||
+ (facts[:os]['name'] == 'Amazon') ||
+ (facts[:os]['name'] == 'SLES' && facts[:os]['release']['major'].to_i < 12)
+ it {
+ is_expected.to contain_concat__fragment('rspec.example.com-directories')
+ .with_content(%r{^\s+Allow from 127\.0\.0\.1$})
+ .with_content(%r{^\s+Allow from 127\.0\.0\.2$})
+ .with_content(%r{^\s+Allow from 127\.0\.0\.5$})
+ .with_content(%r{^\s+Deny from 127\.0\.0\.3$})
+ .with_content(%r{^\s+Deny from 127\.0\.0\.4$})
+ .with_content(%r{^\s+Deny from all$})
+ .with_content(%r{^\s+Satisfy any$})
+ .with_content(%r{^\s+Order deny,allow$})
+ }
+ end
+
+ it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') }
it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerStickySessions\sOn$},
- )
+ is_expected.to contain_concat__fragment('rspec.example.com-logging')
+ .with_content(%r{^\s+ErrorLogFormat "\[%t\] \[%l\] %7F: %E: \[client\\ %a\] %M% ,\\ referer\\ %\{Referer\}i"$})
}
+ it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') }
+ it { is_expected.not_to contain_concat__fragment('rspec.example.com-access_log') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-action') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-block') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') }
it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerStickySessionsCookieName\s_nom_nom_nom$},
- )
+ is_expected.to contain_concat__fragment('rspec.example.com-proxy')
+ .with_content(%r{retry=0})
+ .with_content(%r{timeout=5})
+ .with_content(%r{SetEnv force-proxy-request-1.0 1})
+ .with_content(%r{SetEnv proxy-nokeepalive 1})
+ .with_content(%r{noquery interpolate})
+ .with_content(%r{ProxyPreserveHost On})
+ .with_content(%r{ProxyAddHeaders On})
+ .with_content(%r{ProxyPassReverseCookiePath\s+\/a\s+http:\/\/})
+ .with_content(%r{ProxyPassReverseCookieDomain\s+foo\s+http:\/\/foo})
}
+ it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') }
it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerAllowEncodedSlashes\sOn$},
+ is_expected.to contain_concat__fragment('rspec.example.com-rewrite').with(
+ content: %r{^\s+RewriteOptions Inherit$},
)
}
+ it { is_expected.to contain_concat__fragment('rspec.example.com-scriptalias') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') }
it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerDebugger\sOn$},
- )
+ is_expected.to contain_concat__fragment('rspec.example.com-setenv')
+ .with_content(%r{SetEnv FOO=/bin/true})
+ .with_content(%r{SetEnvIf Request_URI "\\.gif\$" object_is_image=gif})
+ .with_content(%r{SetEnvIfNoCase REMOTE_ADDR \^127.0.0.1 localhost=true})
}
it {
- is_expected.to contain_concat__fragment('rspec.example.com-passenger').with(
- content: %r{^\s+PassengerLveMinUid\s500$},
- )
+ is_expected.to contain_concat__fragment('rspec.example.com-ssl')
+ .with_content(%r{^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$})
+ .with_content(%r{^\s+SSLHonorCipherOrder\s+Off$})
+ .with_content(%r{^\s+SSLUserName\s+SSL_CLIENT_S_DN_CN$})
}
it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_oidc').with(
- content: %r{^\s+OIDCProviderMetadataURL\shttps:\/\/login.example.com\/\.well-known\/openid-configuration$},
- )
+ is_expected.to contain_concat__fragment('rspec.example.com-sslproxy')
+ .with_content(%r{^\s+SSLProxyEngine On$})
+ .with_content(%r{^\s+SSLProxyCheckPeerCN\s+on$})
+ .with_content(%r{^\s+SSLProxyCheckPeerName\s+on$})
+ .with_content(%r{^\s+SSLProxyCheckPeerExpire\s+on$})
+ .with_content(%r{^\s+SSLProxyCipherSuite\s+HIGH$})
+ .with_content(%r{^\s+SSLProxyProtocol\s+TLSv1.2$})
}
+ it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-header') }
it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_oidc').with(
- content: %r{^\s+OIDCClientID\stest$},
+ is_expected.to contain_concat__fragment('rspec.example.com-filters').with(
+ content: %r{^\s+FilterDeclare COMPRESS$},
)
}
+ it { is_expected.to contain_concat__fragment('rspec.example.com-requestheader') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-wsgi') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-fastcgi') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-suexec') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-allow_encoded_slashes') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') }
+ it { is_expected.not_to contain_concat__fragment('rspec.example.com-security') }
+
it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_oidc').with(
- content: %r{^\s+OIDCRedirectURI\shttps:\/\/login\.example.com\/redirect_uri$},
- )
+ is_expected.to contain_concat__fragment('rspec.example.com-file_footer')
+ .with_content(%r{^PassengerPreStart\shttp://localhost/myapp$})
}
+
it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_oidc').with(
- content: %r{^\s+OIDCProviderTokenEndpointAuth\sclient_secret_basic$},
- )
+ is_expected.to contain_concat__fragment('rspec.example.com-jk_mounts')
+ .with_content(%r{^\s+JkMount\s+\/\*\s+tcnode1$})
+ .with_content(%r{^\s+JkUnMount\s+\/\*\.jpg\s+tcnode1$})
}
+
it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_oidc').with(
- content: %r{^\s+OIDCRemoteUserClaim\ssub$},
- )
+ is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb')
+ .with_content(%r{^\s+KrbMethodNegotiate\soff$})
+ .with_content(%r{^\s+KrbAuthoritative\soff$})
+ .with_content(%r{^\s+KrbAuthRealms\sEXAMPLE.ORG\sEXAMPLE.NET$})
+ .with_content(%r{^\s+Krb5Keytab\s\/tmp\/keytab5$})
+ .with_content(%r{^\s+KrbLocalUserMapping\soff$})
+ .with_content(%r{^\s+KrbServiceName\sHTTP$})
+ .with_content(%r{^\s+KrbSaveCredentials\soff$})
+ .with_content(%r{^\s+KrbVerifyKDC\son$})
}
+
it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_oidc').with(
- content: %r{^\s+OIDCClientSecret\saae053a9-4abf-4824-8956-e94b2af335c8$},
+ is_expected.to contain_concat__fragment('rspec.example.com-http_protocol_options').with(
+ content: %r{^\s*HttpProtocolOptions\s+Strict\s+LenientMethods\s+Allow0\.9$},
)
}
+
it {
- is_expected.to contain_concat__fragment('rspec.example.com-auth_oidc').with(
- content: %r{^\s+OIDCCryptoPassphrase\s4ad1bb46-9979-450e-ae58-c696967df3cd$},
- )
+ is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options')
+ .with_content(%r{^\s+KeepAlive\son$})
+ .with_content(%r{^\s+KeepAliveTimeout\s100$})
+ .with_content(%r{^\s+MaxKeepAliveRequests\s1000$})
+ }
+
+ it {
+ is_expected.to contain_concat__fragment('rspec.example.com-apache-header')
+ .with_content(%r{^\s+Protocols\sh2 http/1.1$})
+ .with_content(%r{^\s+ProtocolsHonorOrder\sOn$})
+ }
+
+ it {
+ is_expected.to contain_concat__fragment('rspec.example.com-http2')
+ .with_content(%r{^\s+H2CopyFiles\sOff$})
+ .with_content(%r{^\s+H2Direct\sOn$})
+ .with_content(%r{^\s+H2EarlyHints\sOff$})
+ .with_content(%r{^\s+H2MaxSessionStreams\s100$})
+ .with_content(%r{^\s+H2ModernTLSOnly\sOn$})
+ .with_content(%r{^\s+H2Push\sOn$})
+ .with_content(%r{^\s+H2PushDiarySize\s256$})
+ .with_content(%r{^\s+H2PushPriority\sapplication/json 32$})
+ .with_content(%r{^\s+H2PushResource\s/css/main.css$})
+ .with_content(%r{^\s+H2PushResource\s/js/main.js$})
+ .with_content(%r{^\s+H2SerializeHeaders\sOff$})
+ .with_content(%r{^\s+H2StreamMaxMemSize\s65536$})
+ .with_content(%r{^\s+H2TLSCoolDownSecs\s1$})
+ .with_content(%r{^\s+H2TLSWarmUpSize\s1048576$})
+ .with_content(%r{^\s+H2Upgrade\sOn$})
+ .with_content(%r{^\s+H2WindowSize\s65535$})
+ }
+
+ it {
+ is_expected.to contain_concat__fragment('rspec.example.com-passenger')
+ .with_content(%r{^\s+PassengerEnabled\sOff$})
+ .with_content(%r{^\s+PassengerBaseURI\s/app$})
+ .with_content(%r{^\s+PassengerRuby\s/usr/bin/ruby1\.9\.1$})
+ .with_content(%r{^\s+PassengerPython\s/usr/local/bin/python$})
+ .with_content(%r{^\s+PassengerNodejs\s/usr/bin/node$})
+ .with_content(%r{^\s+PassengerMeteorAppSettings\s/path/to/some/file.json$})
+ .with_content(%r{^\s+PassengerAppEnv\stest$})
+ .with_content(%r{^\s+PassengerAppRoot\s/usr/share/myapp$})
+ .with_content(%r{^\s+PassengerAppGroupName\sapp_customer$})
+ .with_content(%r{^\s+PassengerAppType\srack$})
+ .with_content(%r{^\s+PassengerStartupFile\sbin/www$})
+ .with_content(%r{^\s+PassengerRestartDir\stmp$})
+ .with_content(%r{^\s+PassengerSpawnMethod\sdirect$})
+ .with_content(%r{^\s+PassengerLoadShellEnvvars\sOff$})
+ .with_content(%r{^\s+PassengerPreloadBundler\sOff$})
+ .with_content(%r{^\s+PassengerRollingRestarts\sOff$})
+ .with_content(%r{^\s+PassengerResistDeploymentErrors\sOn$})
+ .with_content(%r{^\s+PassengerUser\ssandbox$})
+ .with_content(%r{^\s+PassengerGroup\ssandbox$})
+ .with_content(%r{^\s+PassengerFriendlyErrorPages\sOff$})
+ .with_content(%r{^\s+PassengerMinInstances\s1$})
+ .with_content(%r{^\s+PassengerMaxInstances\s30$})
+ .with_content(%r{^\s+PassengerMaxPreloaderIdleTime\s600$})
+ .with_content(%r{^\s+PassengerForceMaxConcurrentRequestsPerProcess\s10$})
+ .with_content(%r{^\s+PassengerStartTimeout\s600$})
+ .with_content(%r{^\s+PassengerConcurrencyModel\sthread$})
+ .with_content(%r{^\s+PassengerThreadCount\s5$})
+ .with_content(%r{^\s+PassengerMaxRequests\s1000$})
+ .with_content(%r{^\s+PassengerMaxRequestTime\s2$})
+ .with_content(%r{^\s+PassengerMemoryLimit\s64$})
+ .with_content(%r{^\s+PassengerStatThrottleRate\s5$})
+ .with_content(%r{^\s+PassengerHighPerformance\sOn$})
+ .with_content(%r{^\s+PassengerBufferUpload\sOff$})
+ .with_content(%r{^\s+PassengerBufferResponse\sOff$})
+ .with_content(%r{^\s+PassengerErrorOverride\sOn$})
+ .with_content(%r{^\s+PassengerMaxRequestQueueSize\s10$})
+ .with_content(%r{^\s+PassengerMaxRequestQueueTime\s2$})
+ .with_content(%r{^\s+PassengerStickySessions\sOn$})
+ .with_content(%r{^\s+PassengerStickySessionsCookieName\s_nom_nom_nom$})
+ .with_content(%r{^\s+PassengerAllowEncodedSlashes\sOn$})
+ .with_content(%r{^\s+PassengerDebugger\sOn$})
+ .with_content(%r{^\s+PassengerLveMinUid\s500$})
+ }
+
+ it {
+ is_expected.to contain_concat__fragment('rspec.example.com-auth_oidc')
+ .with_content(%r{^\s+OIDCProviderMetadataURL\shttps:\/\/login.example.com\/\.well-known\/openid-configuration$})
+ .with_content(%r{^\s+OIDCClientID\stest$})
+ .with_content(%r{^\s+OIDCRedirectURI\shttps:\/\/login\.example.com\/redirect_uri$})
+ .with_content(%r{^\s+OIDCProviderTokenEndpointAuth\sclient_secret_basic$})
+ .with_content(%r{^\s+OIDCRemoteUserClaim\ssub$})
+ .with_content(%r{^\s+OIDCClientSecret\saae053a9-4abf-4824-8956-e94b2af335c8$})
+ .with_content(%r{^\s+OIDCCryptoPassphrase\s4ad1bb46-9979-450e-ae58-c696967df3cd$})
}
+
it { is_expected.to contain_class('apache::mod::md') }
it {
is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with(
@@ -2074,23 +1310,6 @@
'manage_docroot' => true,
'logroot' => '/tmp/logroot',
'logroot_ensure' => 'absent',
- 'directories' => [
- {
- 'path' => '/var/www/files',
- 'provider' => 'files',
- 'allow' => ['from 127.0.0.1', 'from 127.0.0.2'],
- 'deny' => ['from 127.0.0.3', 'from 127.0.0.4'],
- 'satisfy' => 'any',
- },
- {
- 'path' => '/var/www/foo',
- 'provider' => 'files',
- 'allow' => 'from 127.0.0.5',
- 'deny' => 'from all',
- 'order' => 'deny,allow',
- },
- ],
-
}
end
@@ -2122,53 +1341,7 @@
it { is_expected.not_to contain_concat__fragment('rspec.example.com-aliases') }
it { is_expected.not_to contain_concat__fragment('rspec.example.com-itk') }
it { is_expected.not_to contain_concat__fragment('rspec.example.com-fallbackresource') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-directories') }
- # the following style is only present on Apache 2.2
- # That is used in SLES 11, RHEL6, Amazon Linux
- if (facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i < 7) ||
- (facts[:os]['name'] == 'Amazon') ||
- (facts[:os]['name'] == 'SLES' && facts[:os]['release']['major'].to_i < 12)
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Allow from 127\.0\.0\.1$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Allow from 127\.0\.0\.2$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Allow from 127\.0\.0\.5$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Deny from 127\.0\.0\.3$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Deny from 127\.0\.0\.4$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Deny from all$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Satisfy any$},
- )
- }
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
- content: %r{^\s+Order deny,allow$},
- )
- }
- end
+ it { is_expected.not_to contain_concat__fragment('rspec.example.com-directories') }
it { is_expected.not_to contain_concat__fragment('rspec.example.com-additional_includes') }
it { is_expected.to contain_concat__fragment('rspec.example.com-logging') }
it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') }
@@ -2486,33 +1659,12 @@
end
it {
- is_expected.to contain_concat__fragment('rspec.example.com-logging').with(
- content: %r{^\s+ErrorLogFormat "\[%\{uc\}t\] \[%-m:%-l\] \[R:%L\] \[C:%\{C\}L\] %7F: %E: %M"$},
- )
- }
-
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-logging').with(
- content: %r{^\s+ErrorLogFormat request "\[%\{uc\}t\] \[R:%L\] Request %k on C:%\{c\}L pid:%P tid:%T"$},
- )
- }
-
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-logging').with(
- content: %r{^\s+ErrorLogFormat request "\[%\{uc\}t\] \[R:%L\] UA:'%\+\{User-Agent\}i'"$},
- )
- }
-
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-logging').with(
- content: %r{^\s+ErrorLogFormat request "\[%\{uc\}t\] \[R:%L\] Referer:'%\+\{Referer\}i'"$},
- )
- }
-
- it {
- is_expected.to contain_concat__fragment('rspec.example.com-logging').with(
- content: %r{^\s+ErrorLogFormat connection "\[%\{uc\}t\] \[C:%\{c\}L\] local\\ %a remote\\ %A"$},
- )
+ is_expected.to contain_concat__fragment('rspec.example.com-logging')
+ .with_content(%r{^\s+ErrorLogFormat "\[%\{uc\}t\] \[%-m:%-l\] \[R:%L\] \[C:%\{C\}L\] %7F: %E: %M"$})
+ .with_content(%r{^\s+ErrorLogFormat request "\[%\{uc\}t\] \[R:%L\] Request %k on C:%\{c\}L pid:%P tid:%T"$})
+ .with_content(%r{^\s+ErrorLogFormat request "\[%\{uc\}t\] \[R:%L\] UA:'%\+\{User-Agent\}i'"$})
+ .with_content(%r{^\s+ErrorLogFormat request "\[%\{uc\}t\] \[R:%L\] Referer:'%\+\{Referer\}i'"$})
+ .with_content(%r{^\s+ErrorLogFormat connection "\[%\{uc\}t\] \[C:%\{c\}L\] local\\ %a remote\\ %A"$})
}
end
end # error logs format
@@ -2604,7 +1756,6 @@
it { is_expected.to compile }
it { is_expected.to contain_concat('25-rspec.example.com.conf') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-directories') }
# this works only with apache 2.4 and newer
if (facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i > 6) ||
(facts[:os]['name'] == 'SLES' && facts[:os]['release']['major'].to_i > 11)
@@ -2613,6 +1764,8 @@
content: %r{^\s+Require all granted$},
)
}
+ else
+ it { is_expected.to contain_concat__fragment('rspec.example.com-directories') }
end
end
context 'require unmanaged' do
@@ -2631,7 +1784,6 @@
it { is_expected.to compile }
it { is_expected.to contain_concat('25-rspec.example.com.conf') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-directories') }
it {
is_expected.not_to contain_concat__fragment('rspec.example.com-directories').with(
content: %r{^\s+Require all granted$},
@@ -2716,8 +1868,11 @@
],
)
- it { is_expected.to contain_concat__fragment('rspec.example.com-apache-userdir').with(content: %r{^\s+UserDir disabled$}) }
- it { is_expected.to contain_concat__fragment('rspec.example.com-apache-userdir').with(content: %r{^\s+UUserDir enabled bob$}) }
+ it {
+ is_expected.to contain_concat__fragment('rspec.example.com-apache-userdir')
+ .with(content: %r{^\s+UserDir disabled$})
+ .with(content: %r{^\s+UUserDir enabled bob$})
+ }
end
end
end
diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb
index 4b5a7523f4..406dd24828 100644
--- a/templates/vhost/_directories.erb
+++ b/templates/vhost/_directories.erb
@@ -1,8 +1,7 @@
-<% if @_directories and ! @_directories.empty? -%>
<%- scope.setvar('_template_scope', {}) -%>
## Directories, there should at least be a declaration for <%= @docroot %>
- <%- [@_directories].flatten.compact.each do |directory| -%>
+ <%- @_directories.each do |directory| -%>
<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
<%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%>
<%- scope.function_warning(["Apache::Vhost: Using allow is deprecated in your Apache version"]) -%>
@@ -520,4 +519,3 @@
>
<%- end -%>
<%- end -%>
-<%- end -%>