346 lines
8.4 KiB
CFEngine3
346 lines
8.4 KiB
CFEngine3
#
|
|
# Install and configure Apache with SSL and certbot
|
|
#
|
|
# Use:
|
|
# usebundle => install_apache;
|
|
# usebundle => apache_vhost(site_data);
|
|
#
|
|
#
|
|
|
|
bundle agent apache
|
|
{
|
|
vars:
|
|
"admin_email" string => "[]",unless => isvariable( $(this.promiser) ) ;
|
|
|
|
freebsd::
|
|
"pkgs" slist => {
|
|
"apache24",
|
|
};
|
|
"log_dir" string =>"/var/log/httpd";
|
|
"log_dir_owner" string => "root";
|
|
"log_dir_group" string => "wheel";
|
|
|
|
"service_name" string => "apache24";
|
|
"www_user" string => "www";
|
|
"www_group" string => "www";
|
|
"mime_types" string => "/usr/local/etc/apache24/mime.types";
|
|
"service_name" string => "apache24";
|
|
"restart_cmd" string => "/usr/sbin/service $(service_name) restart";
|
|
"etc_dir" string => "/usr/local/etc";
|
|
"cfg_dir" string => "$(etc_dir)/apache24";
|
|
"main_cfg" string => "$(cfg_dir)/httpd.conf";
|
|
"libexec_dir" string => "libexec/apache24";
|
|
"www_dir" string => "/usr/local/www",unless => isvariable( $(this.promiser) ) ;
|
|
"default_html_dir" string => "$(www_dir)/apache24";
|
|
"server_root" string => "/usr/local";
|
|
"modules" data => '[
|
|
{m: "autoindex",f:"mod_autoindex"},
|
|
{m: "log_config",f:"mod_log_config"},
|
|
{m: "version",f:"mod_version"},
|
|
{m: "unixd",f:"mod_unixd"},
|
|
{m: "$(php.apache_m)",f:"$(php.apache_f)"},
|
|
{m: "ssl",f:"mod_ssl"}
|
|
]';
|
|
|
|
|
|
debian::
|
|
"pkgs" slist => {
|
|
"apache2",
|
|
"libapache2-mod-svn",
|
|
};
|
|
"log_dir" string =>"/var/log/apache2";
|
|
"log_dir_owner" string => "root";
|
|
"log_dir_group" string => "adm";
|
|
"service_name" string => "apache2";
|
|
"restart_cmd" string => "/usr/bin/systemctl restart $(service_name)";
|
|
"www_user" string => "www-data";
|
|
"www_group" string => "www-data";
|
|
"mime_types" string => "/etc/mime.types";
|
|
"www_dir" string => "/var/www",unless => isvariable( $(this.promiser) ) ;
|
|
"default_html_dir" string => "$(www_dir)/html";
|
|
"etc_dir" string => "/etc";
|
|
"cfg_dir" string => "$(etc_dir)/apache2";
|
|
"main_cfg" string => "$(cfg_dir)/apache2.conf";
|
|
"libexec_dir" string => "lib/apache2/modules";
|
|
"server_root" string => "/usr";
|
|
|
|
"modules" data => '[
|
|
{m:"php",f:"libphp8.2"},
|
|
{m:"ssl",f:"mod_ssl"},
|
|
{m:"proxy",f:"mod_proxy"},
|
|
{m:"proxy_fcgi",f:"mod_proxy_fcgi"}
|
|
]';
|
|
|
|
|
|
centos::
|
|
"pkgs" slist => {
|
|
"httpd",
|
|
"mod_ssl",
|
|
"libapache2-mod-svn",
|
|
};
|
|
fedora::
|
|
"pkgs" slist => {
|
|
"httpd",
|
|
# "mod_ssl",
|
|
};
|
|
fedora|centos::
|
|
"log_dir" string =>"/var/log/httpd";
|
|
"log_dir_owner" string => "root";
|
|
"log_dir_group" string => "wheel";
|
|
|
|
"service_name" string => "httpd";
|
|
"restart_cmd" string => "/usr/bin/systemctl restart $(service_name)";
|
|
"www_user" string => "apache";
|
|
"www_group" string => "apache";
|
|
"mime_types" string => "/etc/mime.types";
|
|
"www_dir" string => "/var/www",unless => isvariable( $(this.promiser) ) ;
|
|
"default_html_dir" string => "$(www_dir)/html";
|
|
"etc_dir" string => "/etc";
|
|
"cfg_dir" string => "$(etc_dir)/httpd";
|
|
|
|
"main_cfg" string => "$(cfg_dir)/conf/httpd.conf";
|
|
"libexec_dir" string => "$(cfg_dir)/modules";
|
|
"server_root" string => "/var";
|
|
|
|
"modules" data => '[
|
|
{m: "autoindex",f:"mod_autoindex"},
|
|
{m: "log_config",f:"mod_log_config"},
|
|
{m: "version",f:"mod_version"},
|
|
{m: "unixd",f:"mod_unixd"},
|
|
]';
|
|
# {m: "php",f:"libphp8"},
|
|
|
|
|
|
|
|
ubuntu_20::
|
|
"phpm" string => "php7";
|
|
ubuntu_22::
|
|
"phpm" string => "php";
|
|
|
|
ubuntu::
|
|
"log_dir_owner" string => "root";
|
|
"log_dir_group" string => "adm";
|
|
|
|
"modules" data => '[
|
|
{m:"$(phpm)",f:"libphp$(install_php.version)"},
|
|
{m:"proxy",f:"mod_proxy"},
|
|
{m:"proxy_http",f:"mod_proxy_http"},
|
|
{m: "autoindex",f:"mod_autoindex"},
|
|
{m: "dav",f:"mod_dav"},
|
|
{m: "dav_svn", f:"mod_dav_svn"},
|
|
{m: "authz_svn", f:"mod_authz_svn"},
|
|
{m: "ssl",f:"mod_ssl"}
|
|
]';
|
|
}
|
|
|
|
|
|
bundle agent install_apache_php
|
|
{
|
|
vars:
|
|
freebsd::
|
|
"pkgs" slist => {"mod_php$(php.bsdvs)"};
|
|
debian::
|
|
"pkgs" slist => {"libapache2-mod-php$(php.version)"};
|
|
centos::
|
|
"pkgs" slist => {"libapache2-mod-php"};
|
|
|
|
methods:
|
|
"any" usebundle => wmde_install_packages(@(pkgs),"apache_php"),
|
|
handle => "apache_php_installed";
|
|
|
|
commands:
|
|
debian|ubuntu::
|
|
"/bin/sh"
|
|
args => "-c '/usr/sbin/a2dismod mpm_event > /dev/null'",
|
|
inform=>"false",
|
|
handle => "apache_mpm_event_disabled";
|
|
}
|
|
|
|
bundle agent install_apache(raw)
|
|
{
|
|
|
|
methods:
|
|
|
|
"any" usebundle => wmde_install_packages(@(apache.pkgs),"apache");
|
|
|
|
"any" usebundle => install_apache_php,
|
|
depends_on => { "apache_pkgs_installed" };
|
|
|
|
#services:
|
|
## apache_kept::
|
|
# "$(apache.service_name)"
|
|
# service_policy => "start";
|
|
|
|
|
|
|
|
reports:
|
|
|
|
|
|
files:
|
|
"$(apache.log_dir)/."
|
|
create=>"true",
|
|
perms=>mog("750","$(apache.log_dir_owner)","$(apache.log_dir_group)"),
|
|
handle => "apache_log_dir_created";
|
|
|
|
"$(apache.www_dir)/."
|
|
create=>"true",
|
|
perms => m("755"),
|
|
depends_on => { "apache_pkgs_installed" },
|
|
handle => "apache_www_dir_created";
|
|
|
|
"$(apache.default_html_dir)/."
|
|
create=>"true",
|
|
perms => uperm("$(apache.www_user)","$(apache.www_group)","755"),
|
|
depends_on => {"apache_www_dir_created"},
|
|
handle=>"apache_default_html_dir_created";
|
|
|
|
"$(apache.cfg_dir)/Vhosts/dummy.conf"
|
|
create=>"true",
|
|
content=>"",
|
|
perms => m("644"),
|
|
depends_on => { "apache_pkgs_installed" },
|
|
handle=> "apache_vhost_dir_created";
|
|
|
|
"$(apache.main_cfg)"
|
|
create => "true",
|
|
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/httpd.conf.mustache",
|
|
template_method => "mustache",
|
|
handle => "apache_main_cfg_created",
|
|
depends_on => { "apache_pkgs_installed","apache_php_installed" },
|
|
classes => if_repaired(apache_repaired);
|
|
|
|
methods:
|
|
|
|
"any" usebundle => wmde_service("$(apache.service_name)","apache_kept","apache_repaired|php_repaired"),
|
|
depends_on => {
|
|
"apache_pkgs_installed",
|
|
"apache_php_pkgs_installed",
|
|
"apache_www_dir_created",
|
|
"apache_vhost_dir_created",
|
|
"apache_main_cfg_created"
|
|
};
|
|
|
|
#depends_on => {
|
|
# "apache_php_pkgs_installed"
|
|
|
|
#};
|
|
|
|
|
|
}
|
|
|
|
bundle agent restart_apache(arg)
|
|
{
|
|
|
|
methods:
|
|
"any" usebundle => wmde_restart_service("$(apache.service_name)","$(arg)");
|
|
|
|
#commands:
|
|
# "/bin/sh -c "
|
|
# args => "'/bin/echo $(arg) > /dev/null && /usr/bin/systemctl restart $(apache.service_name)'";
|
|
}
|
|
|
|
|
|
bundle agent apache_vhost
|
|
(site_param)
|
|
{
|
|
classes:
|
|
"delete" expression => $(site[disable]);
|
|
"use_ssl" expression => $(site[ssl]);
|
|
"use_certbot" expression => strcmp("certbot","$(site[ssl_cert])");
|
|
|
|
vars:
|
|
# "email":$(apache.admin_email),
|
|
|
|
"site_defaults" data => '
|
|
{
|
|
"aliases":[],
|
|
"ssl_cert":"certbot",
|
|
"doc_root":"$(apache.www_dir)/$(site_param[domain])"
|
|
}
|
|
';
|
|
|
|
"site" data => mergedata(site_defaults,site_param);
|
|
|
|
|
|
"cert_file" string => "$(certbot.certbot_dir)/live/$(site[domain])";
|
|
|
|
"template_file"
|
|
string =>
|
|
"$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/httpd-vhost.conf.mustache";
|
|
|
|
"domain_file" string => "$(apache.cfg_dir)/Vhosts/$(site[domain]).conf";
|
|
"domain_dir" string => "$(apache.www_dir)/$(site[domain])/";
|
|
|
|
"ssl_cert" string => ifelse( use_certbot,
|
|
"$(certbot.certbot_dir)/live/$(site[domain])/fullchain.pem",
|
|
"$(site[ssl_cert])");
|
|
"ssl_key" string => ifelse( use_certbot,
|
|
"$(certbot.certbot_dir)/live/$(site[domain])/privkey.pem",
|
|
"$(site[ssl_key])");
|
|
|
|
use_ssl&(use_certbot)::
|
|
"vhostdeps" slist => {"apache_ssl_created$(site[domain])"};
|
|
(!use_ssl)|(!use_certbot)::
|
|
"vhostdeps" slist => {};
|
|
files:
|
|
|
|
delete::
|
|
"$(domain_file)"
|
|
delete => tidy,
|
|
classes => if_repaired(apache_restart);
|
|
|
|
!delete::
|
|
"$(domain_file)"
|
|
perms => uperm("$(apache.www_user)","$(apache.www_group)","644"),
|
|
create => "true",
|
|
edit_template => "$(template_file)",
|
|
template_method => "mustache",
|
|
handle => "vhost_cfg_done$(site[domain])",
|
|
depends_on => @(vhostdeps),
|
|
classes => if_repaired("apache_vhost_restart");
|
|
|
|
"$(domain_dir)."
|
|
create => "true",
|
|
perms => uperm("$(apache.www_user)","$(apache.www_group)","750");
|
|
|
|
methods:
|
|
use_ssl&use_certbot::
|
|
"any" usebundle => certbot_cert(@(site),"$(apache.default_html_dir)"), #,"$(site[domain])"),
|
|
handle => "apache_ssl_created$(site[domain])";
|
|
|
|
"apache_vhost_restart"::
|
|
"any" usebundle => restart_apache("$(site[domain])"),
|
|
depends_on => {"vhost_cfg_done$(site[domain])","apache_ssl_created$(site[domain])" };
|
|
|
|
|
|
(!use_ssl)|(!use_certbot)::
|
|
"apache_vhost_restart"::
|
|
"any" usebundle => restart_apache("$(site[domain])"),
|
|
depends_on => {"vhost_cfg_done$(site[domain])" };
|
|
|
|
|
|
|
|
reports:
|
|
# "SSL_CERT: $(ssl_cert) $(ssl_key) ";
|
|
# use_ssl::
|
|
# "USE SSL";
|
|
# !use_ssl::
|
|
# "NOT USE_SSL";
|
|
|
|
# "RAW: $(site[raw])";
|
|
# "APACHE DOCROOT $(site[doc_root])";
|
|
}
|
|
|
|
|
|
bundle agent apache_vhosts(sites)
|
|
{
|
|
vars:
|
|
"idx" slist => getindices(@(sites));
|
|
methods:
|
|
"any" usebundle => apache_vhost(@(sites[$(idx)]));
|
|
|
|
reports:
|
|
# "IDXE $(idx)";
|
|
|
|
}
|