# # Install and configure Apache with SSL and certbot # # Use: # usebundle => install_apache; # usebundle => apache_vhost(site_data); # # bundle agent apache { vars: freebsd:: "pkgs" slist => { "apache24", "mod_php74" }; "log_dir" string =>"/var/log/httpd"; "service_name" string => "apache24"; "www_user" string => "www"; "www_group" string => "www"; "mime_types" string => "/usr/local/etc/apache24/mime.types"; "service_name" string => "apache24"; "restart_cmd" string => "/usr/sbin/service $(service_name) restart"; "etc_dir" string => "/usr/local/etc"; "cfg_dir" string => "$(etc_dir)/apache24"; "main_cfg" string => "$(cfg_dir)/httpd.conf"; "libexec_dir" string => "libexec/apache24"; "www_dir" string => "/usr/local/www",unless => isvariable( $(this.promiser) ) ; "default_html_dir" string => "$(www_dir)/apache24"; "server_root" string => "/usr/local"; "modules" data => '[ {m: "autoindex",f:"mod_autoindex"}, {m: "log_config",f:"mod_log_config"}, {m: "version",f:"mod_version"}, {m: "unixd",f:"mod_unixd"}, {m: "php7",f:"libphp7"}, {m: "ssl",f:"mod_ssl"} ]'; debian:: "pkgs" slist => { "apache2", "libapache2-mod-php", "libapache2-mod-svn", }; "log_dir" string =>"/var/log/apache2"; "service_name" string => "apache2"; "restart_cmd" string => "/usr/bin/systemctl restart $(service_name)"; "www_user" string => "www-data"; "www_group" string => "www-data"; "mime_types" string => "/etc/mime.types"; "www_dir" string => "/var/www",unless => isvariable( $(this.promiser) ) ; "default_html_dir" string => "$(www_dir)/html"; "etc_dir" string => "/etc"; "cfg_dir" string => "$(etc_dir)/apache2"; "main_cfg" string => "$(cfg_dir)/apache2.conf"; "libexec_dir" string => "lib/apache2/modules"; "server_root" string => "/usr"; "modules" data => '[ {m:"php",f:"libphp8.2"}, {m:"ssl",f:"mod_ssl"}, ]'; centos:: "pkgs" slist => { "httpd", "mod_ssl", "libapache2-mod-php", "libapache2-mod-svn", }; fedora:: "pkgs" slist => { "httpd", # "mod_ssl", }; fedora|centos:: "log_dir" string =>"/var/log/httpd"; "service_name" string => "httpd"; "restart_cmd" string => "/usr/bin/systemctl restart $(service_name)"; "www_user" string => "apache"; "www_group" string => "apache"; "mime_types" string => "/etc/mime.types"; "www_dir" string => "/var/www",unless => isvariable( $(this.promiser) ) ; "default_html_dir" string => "$(www_dir)/html"; "etc_dir" string => "/etc"; "cfg_dir" string => "$(etc_dir)/httpd"; "main_cfg" string => "$(cfg_dir)/conf/httpd.conf"; "libexec_dir" string => "$(cfg_dir)/modules"; "server_root" string => "/var"; "modules" data => '[ {m: "autoindex",f:"mod_autoindex"}, {m: "log_config",f:"mod_log_config"}, {m: "version",f:"mod_version"}, {m: "unixd",f:"mod_unixd"}, ]'; # {m: "php",f:"libphp8"}, ubuntu_20:: "phpm" string => "php7"; ubuntu_22:: "phpm" string => "php"; ubuntu:: "modules" data => '[ {m:"$(phpm)",f:"libphp$(install_php.version)"}, {m:"proxy",f:"mod_proxy"}, {m:"proxy_http",f:"mod_proxy_http"}, {m: "autoindex",f:"mod_autoindex"}, {m: "dav",f:"mod_dav"}, {m: "dav_svn", f:"mod_dav_svn"}, {m: "authz_svn", f:"mod_authz_svn"}, {m: "ssl",f:"mod_ssl"} ]'; } bundle agent install_apache(raw) { classes: packages: freebsd:: "$(apache.pkgs)" policy => "present", package_module => pkg, classes => if_repaired(apache_changed); debian:: "$(apache.pkgs)" policy => "present", package_module => apt_get, classes => if_repaired(apache_changed); fedora|centos:: "$(apache.pkgs)" policy => "present", package_module => yum, classes => if_repaired(apache_changed); commands: freebsd:: "/usr/sbin/sysrc" handle => "apache_editrc", args => "apache24_enable=yes", inform=>"false"; debian|centos:: "/bin/true" handle => "apache_editrc", inform => "false"; files: "$(apache.www_dir)/." create=>"true", perms => uperm("root","root","755"), handle => "apache_www_dir_created"; "$(apache.default_html_dir)/." create=>"true", perms => uperm("$(apache.www_user)","$(apache.www_group)","755"), depends_on => {"apache_www_dir_created"}, handle=>"apache_default_html_dir_created"; "$(apache.cfg_dir)/Vhosts/dummy.conf" create=>"true", content=>"", perms => uperm("root","root","644"), handle=> "apache_vhost_dir_created"; "$(apache.main_cfg)" create => "true", edit_template => "$(sys.workdir)/inputs/$(def.mfdomain)/templates/httpd.conf.mustache", template_method => "mustache", handle => "apache_main_cfg_crreated", classes => if_repaired(apache_changed); services: "$(apache.service_name)" depends_on => {"apache_editrc","apache_vhost_dir_created","apache_www_dir_created","apache_main_cfg_crreated"}, service_policy => "start", handle => "apache_running"; "php_changed|apache_changed":: "$(apache.service_name)" depends_on => {"apache_vhost_dir_created","apache_www_dir_created","apache_main_cfg_crreated"}, service_policy => "restart"; } bundle agent restart_apache(arg) { commands: "/bin/sh -c " args => "'/bin/echo $(arg) > /dev/null && /usr/bin/systemctl restart $(apache.service_name)'"; } bundle agent apache_vhost (site_param) { classes: "delete" expression => $(site[disable]); "use_ssl" expression => $(site[ssl]); "use_certbot" expression => strcmp("certbot","$(site[ssl_cert])"); vars: "site_defaults" data => ' { "aliases":[], "ssl_cert":"certbot", "email":"$(apache.admin_email)" } '; "site" data => mergedata(site_defaults,site_param); "cert_file" string => "$(certbot.certbot_dir)/live/$(site[domain])"; "template_file" string => "$(sys.workdir)/inputs/$(def.mfdomain)/templates/httpd-vhost.conf.mustache"; "domain_file" string => "$(apache.cfg_dir)/Vhosts/$(site[domain]).conf"; "domain_dir" string => "$(apache.www_dir)/$(site[domain])/"; "ssl_cert" string => ifelse( use_certbot, "$(certbot.certbot_dir)/live/$(site[domain])/fullchain.pem", "$(site[ssl_cert])"); "ssl_key" string => ifelse( use_certbot, "$(certbot.certbot_dir)/live/$(site[domain])/privkey.pem", "$(site[ssl_key])"); use_ssl&(use_certbot):: "vhostdeps" slist => {"apache_ssl_created$(site[domain])"}; (!use_ssl)|(!use_certbot):: "vhostdeps" slist => {}; files: delete:: "$(domain_file)" delete => tidy, classes => if_repaired(apache_restart); !delete:: "$(domain_file)" perms => uperm("$(apache.www_user)","$(apache.www_group)","644"), create => "true", edit_template => "$(template_file)", template_method => "mustache", handle => "vhost_cfg_done$(site[domain])", depends_on => @(vhostdeps), classes => if_repaired("apache_vhost_restart"); "$(domain_dir)." create => "true", perms => uperm("$(apache.www_user)","$(apache.www_group)","750"); methods: use_ssl&use_certbot:: "any" usebundle => certbot_cert(@(site),"$(apache.default_html_dir)"), #,"$(site[domain])"), handle => "apache_ssl_created$(site[domain])"; "apache_vhost_restart":: "any" usebundle => restart_apache("$(site[domain])"), depends_on => {"vhost_cfg_done$(site[domain])","apache_ssl_created$(site[domain])" }; (!use_ssl)|(!use_certbot):: "apache_vhost_restart":: "any" usebundle => restart_apache("$(site[domain])"), depends_on => {"vhost_cfg_done$(site[domain])" }; reports: # "SSL_CERT: $(ssl_cert) $(ssl_key) "; # use_ssl:: # "USE SSL"; # !use_ssl:: # "NOT USE_SSL"; # "RAW: $(site[raw])"; } bundle agent apache_vhosts(sites) { vars: "idx" slist => getindices(@(sites)); methods: "any" usebundle => apache_vhost(@(sites[$(idx)])); reports: # "IDXE $(idx)"; }