Skip to content

Files

Latest commit

author
GitHub Actions
Release prep v12.3.0
Mar 5, 2025
a981abf · Mar 5, 2025

History

History
11849 lines (7467 loc) · 385 KB
·

REFERENCE.md

File metadata and controls

11849 lines (7467 loc) · 385 KB
·

Reference

Table of Contents

Classes

Public Classes

This module does not manage the software repositories needed to automatically install the mod-pagespeed-stable package. The module does however require that the package be installed, or be installable using the system's default package provider. You should ensure that this pre-requisite is met or declaring apache::mod::pagespeed will cause the puppet run to fail.

Note: This module support Passenger 4.0.0 and higher.

Private Classes

  • apache::confd::no_accf: Manages the no-accf.conf file.
  • apache::default_confd_files: Helper for setting up default conf.d files.
  • apache::default_mods: Installs and congfigures default mods for Apache
  • apache::mod::ssl::reload: Manages the puppet_ssl folder for ssl file copies, which is needed to track changes for reloading service on changes
  • apache::package: Installs an Apache MPM.
  • apache::params: This class manages Apache parameters
  • apache::service: Installs and configures Apache service.
  • apache::version: Try to automatically detect the version by OS

Defined types

Public Defined types

Private Defined types

  • apache::default_mods::load: Helper used by apache::default_mods
  • apache::mpm: Enables the use of Apache MPMs.
  • apache::peruser::multiplexer: Checks if an Apache module has a class.
  • apache::peruser::processor: Enables the Peruser module for FreeBSD only.
  • apache::security::rule_link: Links the activated_rules from apache::mod::security to the respective CRS rules on disk.

Functions

Data types

Tasks

  • init: Allows you to perform apache service functions

Classes

apache

When this class is declared with the default options, Puppet:

  • Installs the appropriate Apache software package and required Apache modules for your operating system.
  • Places the required configuration files in a directory, with the default location determined by your operating system.
  • Configures the server with a default virtual host and standard port (80) and address (\*) bindings.
  • Creates a document root directory determined by your operating system, typically /var/www.
  • Starts the Apache service.

If an ldaps:// URL is specified, the mode becomes SSL and the setting of LDAPTrustedMode is ignored.

Examples

class { 'apache': }

Parameters

The following parameters are available in the apache class:

allow_encoded_slashes

Data type: Optional[Variant[Apache::OnOff, Enum['nodecode']]]

Sets the server default for the AllowEncodedSlashes declaration, which modifies the responses to URLs containing '' and '/' characters. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'.

Default value: undef

conf_dir

Data type: Stdlib::Absolutepath

Sets the directory where the Apache server's main configuration file is located.

Default value: $apache::params::conf_dir

conf_template

Data type: String

Defines the template used for the main Apache configuration file. Modifying this parameter is potentially risky, as the apache module is designed to use a minimal configuration file customized by conf.d entries.

Default value: $apache::params::conf_template

confd_dir

Data type: Stdlib::Absolutepath

Sets the location of the Apache server's custom configuration directory.

Default value: $apache::params::confd_dir

default_charset

Data type: Optional[String]

Used as the AddDefaultCharset directive in the main configuration file.

Default value: undef

default_confd_files

Data type: Boolean

Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the confd_dir parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system.

Default value: true

default_mods

Data type: Variant[Array[String[1]], Boolean]

Determines whether to configure and enable a set of default Apache modules depending on your operating system.
If false, Puppet includes only the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the apache::mod::<MODULE NAME> class or apache::mod defined type.
If true, Puppet installs additional modules, depending on the operating system and the value of the mpm_module parameter. Because these lists of modules can change frequently, consult the Puppet module's code for up-to-date lists.
If this parameter contains an array, Puppet instead enables all passed Apache modules.

Default value: true

default_ssl_ca

Data type: Optional[Stdlib::Absolutepath]

Sets the default certificate authority for the Apache server.
Although the default value results in a functioning Apache server, you must update this parameter with your certificate authority information before deploying this server in a production environment.

Default value: undef

default_ssl_cert

Data type: Stdlib::Absolutepath

Sets the SSL encryption certificate location.
Although the default value results in a functioning Apache server, you must update this parameter with your certificate location before deploying this server in a production environment.

Default value: $apache::params::default_ssl_cert

default_ssl_chain

Data type: Optional[Stdlib::Absolutepath]

Sets the default SSL chain location.
Although this default value results in a functioning Apache server, you must update this parameter with your SSL chain before deploying this server in a production environment.

Default value: undef

default_ssl_crl

Data type: Optional[Stdlib::Absolutepath]

Sets the path of the default certificate revocation list (CRL) file to use.
Although this default value results in a functioning Apache server, you must update this parameter with the CRL file path before deploying this server in a production environment. You can use this parameter with or in place of the default_ssl_crl_path.

Default value: undef

default_ssl_crl_path

Data type: Optional[Stdlib::Absolutepath]

Sets the server's certificate revocation list path, which contains your CRLs.
Although this default value results in a functioning Apache server, you must update this parameter with the CRL file path before deploying this server in a production environment.

Default value: undef

default_ssl_crl_check

Data type: Optional[String]

Sets the default certificate revocation check level via the SSLCARevocationCheck directive. This parameter applies only to Apache 2.4 or higher and is ignored on older versions.
Although this default value results in a functioning Apache server, you must specify this parameter when using certificate revocation lists in a production environment.

Default value: undef

default_ssl_key

Data type: Stdlib::Absolutepath

Sets the SSL certificate key file location. Although the default values result in a functioning Apache server, you must update this parameter with your SSL key's location before deploying this server in a production environment.

Default value: $apache::params::default_ssl_key

default_ssl_reload_on_change

Data type: Boolean

Enable reloading of apache if the content of ssl files have changed.

Default value: false

default_ssl_vhost

Data type: Boolean

Configures a default SSL virtual host. If true, Puppet automatically configures the following virtual host using the apache::vhost defined type:

apache::vhost { 'default-ssl':
  port            => 443,
  ssl             => true,
  docroot         => $docroot,
  scriptalias     => $scriptalias,
  serveradmin     => $serveradmin,
  access_log_file => "ssl_${access_log_file}",
}

Note: SSL virtual hosts only respond to HTTPS queries.

Default value: false

default_vhost

Data type: Boolean

Configures a default virtual host when the class is declared.
To configure customized virtual hosts, set this parameter's value to false.

Note: Apache will not start without at least one virtual host. If you set this to false you must configure a virtual host elsewhere.

Default value: true

dev_packages

Data type: Optional[Variant[Array, String]]

Configures a specific dev package to use.
For example, using httpd 2.4 from the IUS yum repo:

include ::apache::dev
class { 'apache':
  apache_name  => 'httpd24u',
  dev_packages => 'httpd24u-devel',
}

Default value: $apache::params::dev_packages

docroot

Data type: Stdlib::Absolutepath

Sets the default DocumentRoot location.

Default value: $apache::params::docroot

error_documents

Data type: Boolean

Determines whether to enable custom error documents on the Apache server.

Default value: false

group

Data type: String

Sets the group ID that owns any Apache processes spawned to answer requests.
By default, Puppet attempts to manage this group as a resource under the apache class, determining the group based on the operating system as detected by the apache::params class. To prevent the group resource from being created and use a group created by another Puppet module, set the manage_group parameter's value to false.

Note: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process.

Default value: $apache::params::group

httpd_dir

Data type: Stdlib::Absolutepath

Sets the Apache server's base configuration directory. This is useful for specially repackaged Apache server builds but might have unintended consequences when combined with the default distribution packages.

Default value: $apache::params::httpd_dir

http_protocol_options

Data type: Optional[String]

Specifies the strictness of HTTP protocol checks.
Valid options: any sequence of the following alternative values: Strict or Unsafe, RegisteredMethods or LenientMethods, and Allow0.9 or Require1.0.

Default value: $apache::params::http_protocol_options

keepalive

Data type: Apache::OnOff

Determines whether to enable persistent HTTP connections with the KeepAlive directive. If you set this to On, use the keepalive_timeout and max_keepalive_requests parameters to set relevant options.

Default value: $apache::params::keepalive

keepalive_timeout

Data type: Integer

Sets the KeepAliveTimeout directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. This parameter is only relevant if the keepalive parameter is enabled.

Default value: $apache::params::keepalive_timeout

max_keepalive_requests

Data type: Integer

Limits the number of requests allowed per connection when the keepalive parameter is enabled.

Default value: $apache::params::max_keepalive_requests

hostname_lookups

Data type: Variant[Apache::OnOff, Enum['Double', 'double']]

This directive enables DNS lookups so that host names can be logged and passed to CGIs/SSIs in REMOTE_HOST.

Note: If enabled, it impacts performance significantly.

Default value: $apache::params::hostname_lookups

ldap_trusted_mode

Data type: Optional[String]

The following modes are supported:

NONE - no encryption SSL - ldaps:// encryption on default port 636 TLS - STARTTLS encryption on default port 389 Not all LDAP toolkits support all the above modes. An error message will be logged at runtime if a mode is not supported, and the connection to the LDAP server will fail.

Default value: undef

ldap_verify_server_cert

Data type: Optional[Apache::OnOff]

Specifies whether to force the verification of a server certificate when establishing an SSL connection to the LDAP server. On|Off

Default value: undef

lib_path

Data type: String

Specifies the location whereApache module files are stored.

Note: Do not configure this parameter manually without special reason.

Default value: $apache::params::lib_path

log_level

Data type: Apache::LogLevel

Configures the apache LogLevel directive which adjusts the verbosity of the messages recorded in the error logs.

Default value: $apache::params::log_level

log_formats

Data type: Hash

Define additional LogFormat directives. Values: A hash, such as:

$log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' }

There are a number of predefined LogFormats in the httpd.conf that Puppet creates:

  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  LogFormat "%h %l %u %t \"%r\" %>s %b" common
  LogFormat "%{Referer}i -> %U" referer
  LogFormat "%{User-agent}i" agent
  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded

If your log_formats parameter contains one of those, it will be overwritten with your definition.

Default value: {}

logroot

Data type: Stdlib::Absolutepath

Changes the directory of Apache log files for the virtual host.

Default value: $apache::params::logroot

logroot_mode

Data type: Optional[Stdlib::Filemode]

Overrides the default logroot directory's mode.

Note: Do not grant write access to the directory where the logs are stored without being aware of the consequences. See the Apache documentation for details.

Default value: $apache::params::logroot_mode

manage_group

Data type: Boolean

When false, stops Puppet from creating the group resource.
If you have a group created from another Puppet module that you want to use to run Apache, set this to false. Without this parameter, attempting to use a previously established group results in a duplicate resource error.

Default value: true

supplementary_groups

Data type: Array

A list of groups to which the user belongs. These groups are in addition to the primary group.
Notice: This option only has an effect when manage_user is set to true.

Default value: []

manage_user

Data type: Boolean

When false, stops Puppet from creating the user resource.
This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error.

Default value: true

mod_dir

Data type: Stdlib::Absolutepath

Sets where Puppet places configuration files for your Apache modules.

Default value: $apache::params::mod_dir

mod_libs

Data type: Hash

Allows the user to override default module library names.

include apache::params
class { 'apache':
  mod_libs => merge($::apache::params::mod_libs, {
    'wsgi' => 'mod_wsgi_python3.so',
  })
}

Default value: $apache::params::mod_libs

mod_packages

Data type: Hash

Allows the user to override default module package names.

include apache::params
class { 'apache':
  mod_packages => merge($::apache::params::mod_packages, {
    'auth_kerb' => 'httpd24-mod_auth_kerb',
  })
}

Default value: $apache::params::mod_packages

mpm_module

Data type: Variant[Boolean, Enum['event', 'itk', 'peruser', 'prefork', 'worker']]

Determines which multi-processing module (MPM) is loaded and configured for the HTTPD process. Valid values are: event, itk, peruser, prefork, worker or false.
You must set this to false to explicitly declare the following classes with custom parameters:

  • apache::mod::event
  • apache::mod::itk
  • apache::mod::peruser
  • apache::mod::prefork
  • apache::mod::worker

Default value: $apache::params::mpm_module

package_ensure

Data type: String

Controls the package resource's ensure attribute. Valid values are: absent, installed (or equivalent present), or a version string.

Default value: 'installed'

pidfile

Data type: String

Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm.

Default value: $apache::params::pidfile

ports_file

Data type: Stdlib::Absolutepath

Sets the path to the file containing Apache ports configuration.

Default value: $apache::params::ports_file

protocols

Data type: Array[Enum['h2', 'h2c', 'http/1.1']]

Sets the Protocols directive, which lists available protocols for the server.

Default value: []

protocols_honor_order

Data type: Optional[Boolean]

Sets the ProtocolsHonorOrder directive which determines whether the order of Protocols sets precedence during negotiation.

Default value: undef

purge_configs

Data type: Boolean

Removes all other Apache configs and virtual hosts.
Setting this to false is a stopgap measure to allow the apache module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see purge_vhost_dir.

Default value: true

purge_vhost_dir

Data type: Optional[Boolean]

If the vhost_dir parameter's value differs from the confd_dir parameter's, this parameter determines whether Puppet removes any configurations inside vhost_dir that are not managed by Puppet.
Setting purge_vhost_dir to false is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within vhost_dir.

Default value: undef

sendfile

Data type: Apache::OnOff

Forces Apache to use the Linux kernel's sendfile support to serve static files, via the EnableSendfile directive.

Default value: 'On'

serveradmin

Data type: Optional[String[1]]

Sets the Apache server administrator's contact information via Apache's ServerAdmin directive.

Default value: undef

servername

Data type: Optional[String]

Sets the Apache server name via Apache's ServerName directive. Setting to false will not set ServerName at all.

Default value: $apache::params::servername

server_root

Data type: Stdlib::Absolutepath

Sets the Apache server's root directory via Apache's ServerRoot directive.

Default value: $apache::params::server_root

server_signature

Data type: Variant[Apache::OnOff, String]

Configures a trailing footer line to display at the bottom of server-generated documents, such as error documents and output of certain Apache modules, via Apache's ServerSignature directive. Valid values are: On or Off.

Default value: 'On'

server_tokens

Data type: Apache::ServerTokens

Controls how much information Apache sends to the browser about itself and the operating system, via Apache's ServerTokens directive.

Default value: 'Prod'

service_enable

Data type: Boolean

Determines whether Puppet enables the Apache HTTPD service when the system is booted.

Default value: true

service_ensure

Data type: Variant[Stdlib::Ensure::Service, Boolean]

Determines whether Puppet should make sure the service is running. Valid values are: true (or running) or false (or stopped).
The false or stopped values set the 'httpd' service resource's ensure parameter to false, which is useful when you want to let the service be managed by another application, such as Pacemaker.

Default value: 'running'

service_name

Data type: String

Sets the name of the Apache service.

Default value: $apache::params::service_name

service_manage

Data type: Boolean

Determines whether Puppet manages the HTTPD service's state.

Default value: true

service_restart

Data type: Optional[String]

Determines whether Puppet should use a specific command to restart the HTTPD service. Values: a command to restart the Apache service.

Default value: undef

timeout

Data type: Integer[0]

Sets Apache's TimeOut directive, which defines the number of seconds Apache waits for certain events before failing a request.

Default value: 60

trace_enable

Data type: Variant[Apache::OnOff, Enum['extended']]

Controls how Apache handles TRACE requests (per RFC 2616) via the TraceEnable directive.

Default value: 'On'

use_canonical_name

Data type: Optional[Variant[Apache::OnOff, Enum['DNS', 'dns']]]

Controls Apache's UseCanonicalName directive which controls how Apache handles self-referential URLs. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'.

Default value: undef

use_systemd

Data type: Boolean

Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs.

Default value: $apache::params::use_systemd

file_mode

Data type: Stdlib::Filemode

Sets the desired permissions mode for config files. Valid values are: a string, with permissions mode in symbolic or numeric notation.

Default value: $apache::params::file_mode

root_directory_options

Data type: Array

Array of the desired options for the / directory in httpd.conf.

Default value: $apache::params::root_directory_options

root_directory_secured

Data type: Boolean

Sets the default access policy for the / directory in httpd.conf. A value of false allows access to all resources that are missing a more specific access policy. A value of true denies access to all resources by default. If true, more specific rules must be used to allow access to these resources (for example, in a directory block using the directories parameter).

Default value: false

vhost_dir

Data type: Stdlib::Absolutepath

Changes your virtual host configuration files' location.

Default value: $apache::params::vhost_dir

vhost_include_pattern

Data type: String

Defines the pattern for files included from the vhost_dir. If set to a value like [^.#]\*.conf[^~] to make sure that files accidentally created in this directory (such as files created by version control systems or editor backups) are not included in your server configuration.
Some operating systems use a value of *.conf. By default, this module creates configuration files ending in .conf.

Default value: $apache::params::vhost_include_pattern

user

Data type: String

Changes the user that Apache uses to answer requests. Apache's parent process continues to run as root, but child processes access resources as the user defined by this parameter. To prevent Puppet from managing the user, set the manage_user parameter to false.

Default value: $apache::params::user

apache_name

Data type: String

The name of the Apache package to install. If you are using a non-standard Apache package you might need to override the default setting.
For CentOS/RHEL Software Collections (SCL), you can also use apache::version::scl_httpd_version.

Default value: $apache::params::apache_name

error_log

Data type: String

The name of the error log file for the main server instance. If the string starts with /, |, or syslog: the full path is set. Otherwise, the filename is prefixed with $logroot.

Default value: $apache::params::error_log

scriptalias

Data type: String

Directory to use for global script alias

Default value: $apache::params::scriptalias

access_log_file

Data type: String

The name of the access log file for the main server instance.

Default value: $apache::params::access_log_file

limitreqfields

Data type: Integer

The limitreqfields parameter sets the maximum number of request header fields in an HTTP request. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request.

Default value: 100

limitreqfieldsize

Data type: Integer

The limitreqfieldsize parameter sets the maximum ammount of bytes that will be allowed within a request header.

Default value: 8190

limitreqline

Data type: Optional[Integer]

The 'limitreqline' parameter sets the limit on the allowed size of a client's HTTP request-line

Default value: undef

ip

Data type: Optional[String]

Specifies the ip address

Default value: undef

conf_enabled

Data type: Optional[Stdlib::Absolutepath]

Whether the additional config files in /etc/apache2/conf-enabled should be managed.

Default value: $apache::params::conf_enabled

vhost_enable_dir

Data type: Optional[Stdlib::Absolutepath]

Set's the vhost definitions which will be stored in sites-availible and if they will be symlinked to and from sites-enabled.

Default value: $apache::params::vhost_enable_dir

manage_vhost_enable_dir

Data type: Boolean

Overides the vhost_enable_dir inherited parameters and allows it to be disabled

Default value: true

mod_enable_dir

Data type: Optional[Stdlib::Absolutepath]

Set's whether the mods-enabled directory should be managed.

Default value: $apache::params::mod_enable_dir

ssl_file

Data type: Optional[String]

This parameter allows you to set an ssl.conf file to be managed in order to implement an SSL Certificate.

Default value: undef

file_e_tag

Data type: Optional[String]

Sets the server default for the FileETag declaration, which modifies the response header field for static files.

Default value: undef

use_optional_includes

Data type: Boolean

Specifies whether Apache uses the IncludeOptional directive instead of Include for additional_includes in Apache 2.4 or newer.

Default value: $apache::params::use_optional_includes

mime_types_additional

Data type: Hash

Specifies any idditional Internet media (mime) types that you wish to be configured.

Default value: $apache::params::mime_types_additional

apache::dev

The libraries installed depends on the dev_packages parameter of the apache::params class, based on your operating system:

  • Debian : libaprutil1-dev, libapr1-dev; apache2-dev
  • FreeBSD: undef; on FreeBSD, you must declare the apache::package or apache classes before declaring apache::dev.
  • Gentoo: undef.
  • Red Hat: httpd-devel.

apache::mod::actions

Installs Apache mod_actions

apache::mod::alias

Installs and configures mod_alias.

Parameters

The following parameters are available in the apache::mod::alias class:

icons_options

Data type: String

Disables directory listings for the icons directory, via Apache Options directive.

Default value: 'Indexes MultiViews'

icons_path

Data type: Variant[Boolean, Stdlib::Absolutepath]

Sets the local path for an /icons/ Alias. Default depends on operating system:

  • Debian: /usr/share/apache2/icons
  • FreeBSD: /usr/local/www/apache24/icons
  • Gentoo: /var/www/icons
  • Red Hat: /var/www/icons, except on Apache 2.4, where it's /usr/share/httpd/icons Set to 'false' to disable the alias

Default value: $apache::params::alias_icons_path

icons_prefix

Data type: String

Change the alias for /icons/.

Default value: $apache::params::icons_prefix

apache::mod::apreq2

Installs mod_apreq2.

apache::mod::auth_basic

Installs mod_auth_basic

apache::mod::auth_cas

Installs and configures mod_auth_cas.

Parameters

The following parameters are available in the apache::mod::auth_cas class:

cas_login_url

Data type: String

Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session.

cas_validate_url

Data type: String

Sets the URL to use when validating a client-presented ticket in an HTTP query string.

cas_cookie_path

Data type: String

Sets the location where information on the current session should be stored. This should be writable by the web server only.

Default value: $apache::params::cas_cookie_path

cas_cookie_path_mode

Data type: Stdlib::Filemode

The mode of cas_cookie_path.

Default value: '0750'

cas_version

Data type: Integer

The version of the CAS protocol to adhere to.

Default value: 2

cas_debug

Data type: String

Whether to enable or disable debug mode.

Default value: 'Off'

cas_validate_server

Data type: Optional[String]

Whether to validate the presented certificate. This has been deprecated and removed from Version 1.1-RC1 onward.

Default value: undef

cas_validate_depth

Data type: Optional[String]

The maximum depth for chained certificate validation.

Default value: undef

cas_certificate_path

Data type: Optional[String]

The path leading to the certificate

Default value: undef

cas_proxy_validate_url

Data type: Optional[String]

The URL to use when performing a proxy validation.

Default value: undef

cas_root_proxied_as

Data type: Optional[String]

Sets the URL end users see when access to this Apache server is proxied per vhost. This URL should not include a trailing slash.

Default value: undef

cas_cookie_entropy

Data type: Optional[String]

When creating a local session, this many random bytes are used to create a unique session identifier.

Default value: undef

cas_timeout

Data type: Optional[Integer[0]]

The hard limit, in seconds, for a mod_auth_cas session.

Default value: undef

cas_idle_timeout

Data type: Optional[Integer[0]]

The limit, in seconds, of how long a mod_auth_cas session can be idle.

Default value: undef

cas_cache_clean_interval

Data type: Optional[String]

The minimum amount of time that must pass inbetween cache cleanings.

Default value: undef

cas_cookie_domain

Data type: Optional[String]

The value for the 'Domain=' parameter in the Set-Cookie header.

Default value: undef

cas_cookie_http_only

Data type: Optional[String]

Setting this flag prevents the mod_auth_cas cookies from being accessed by client side Javascript.

Default value: undef

cas_authoritative

Data type: Optional[String]

Determines whether an optional authorization directive is authoritative and thus binding.

Default value: undef

cas_validate_saml

Data type: Optional[String]

Parse response from CAS server for SAML.

Default value: undef

cas_sso_enabled

Data type: Optional[String]

Enables experimental support for single sign out (may mangle POST data).

Default value: undef

cas_attribute_prefix

Data type: Optional[String]

Adds a header with the value of this header being the attribute values when SAML validation is enabled.

Default value: undef

cas_attribute_delimiter

Data type: Optional[String]

Sets the delimiter between attribute values in the header created by cas_attribute_prefix.

Default value: undef

cas_scrub_request_headers

Data type: Optional[String]

Remove inbound request headers that may have special meaning within mod_auth_cas.

Default value: undef

suppress_warning

Data type: Boolean

Suppress warning about being on RedHat (mod_auth_cas package is now available in epel-testing repo).

Default value: false

apache::mod::auth_gssapi

Installs mod_auth_gsappi.

apache::mod::auth_kerb

Installs mod_auth_kerb

apache::mod::auth_mellon

Installs and configures mod_auth_mellon.

Parameters

The following parameters are available in the apache::mod::auth_mellon class:

mellon_cache_size

Data type: Optional[Integer]

Maximum number of sessions which can be active at once.

Default value: $apache::params::mellon_cache_size

mellon_lock_file

Data type: Optional[Stdlib::Absolutepath]

Full path to a file used for synchronizing access to the session data.

Default value: $apache::params::mellon_lock_file

mellon_post_directory

Data type: Optional[Stdlib::Absolutepath]

Full path of a directory where POST requests are saved during authentication.

Default value: $apache::params::mellon_post_directory

mellon_cache_entry_size

Data type: Optional[Integer]

Maximum size for a single session entry in bytes.

Default value: undef

mellon_post_ttl

Data type: Optional[Integer]

Delay in seconds before a saved POST request can be flushed.

Default value: undef

mellon_post_size

Data type: Optional[Integer]

Maximum size for saved POST requests.

Default value: undef

mellon_post_count

Data type: Optional[Integer]

Maximum amount of saved POST requests.

Default value: undef

apache::mod::auth_openidc

Installs and configures mod_auth_openidc.

Parameters

The following parameters are available in the apache::mod::auth_openidc class:

manage_dnf_module

Data type: Boolean

Whether to manage the DNF module

Default value: $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '8'

dnf_module_ensure

Data type: String[1]

The DNF module name to ensure. Only relevant if manage_dnf_module is set to true.

Default value: 'present'

dnf_module_name

Data type: String[1]

The DNF module name to manage. Only relevant if manage_dnf_module is set to true.

Default value: 'mod_auth_openidc'

apache::mod::authn_core

Installs mod_authn_core.

apache::mod::authn_dbd

Installs mod_authn_dbd.

Parameters

The following parameters are available in the apache::mod::authn_dbd class:

authn_dbd_params

Data type: Optional[String]

The params needed for the mod to function.

authn_dbd_dbdriver

Data type: String

Selects an apr_dbd driver by name.

Default value: 'mysql'

authn_dbd_query

Data type: Optional[String]

Default value: undef

authn_dbd_min

Data type: Integer

Set the minimum number of connections per process.

Default value: 4

authn_dbd_max

Data type: Integer

Set the maximum number of connections per process.

Default value: 20

authn_dbd_keep

Data type: Integer

Set the maximum number of connections per process to be sustained.

Default value: 8

authn_dbd_exptime

Data type: Integer

Set the time to keep idle connections alive when the number of connections specified in DBDKeep has been exceeded.

Default value: 300

authn_dbd_alias

Data type: Optional[String]

Sets an alias for `AuthnProvider.

Default value: undef

apache::mod::authn_file

Installs mod_authn_file.

apache::mod::authnz_ldap

Installs mod_authnz_ldap.

Parameters

The following parameters are available in the apache::mod::authnz_ldap class:

verify_server_cert

Data type: Boolean

Whether to force te verification of a server cert or not.

Default value: true

package_name

Data type: Optional[String]

The name of the ldap package.

Default value: undef

apache::mod::authnz_pam

Installs mod_authnz_pam.

apache::mod::authz_core

Installs mod_authz_core.

apache::mod::authz_groupfile

Installs mod_authz_groupfile

apache::mod::authz_user

Installs mod_authz_user

apache::mod::autoindex

Installs mod_autoindex

Parameters

The following parameters are available in the apache::mod::autoindex class:

icons_prefix

Data type: String

Change the alias for /icons/.

Default value: $apache::params::icons_prefix

apache::mod::cache

Installs mod_cache

Parameters

The following parameters are available in the apache::mod::cache class:

cache_ignore_headers

Data type: Array[String[1]]

Specifies HTTP header(s) that should not be stored in the cache.

Default value: []

cache_default_expire

Data type: Optional[Integer]

The default duration to cache a document when no expiry date is specified.

Default value: undef

cache_max_expire

Data type: Optional[Integer]

The maximum time in seconds to cache a document

Default value: undef

cache_ignore_no_lastmod

Data type: Optional[Apache::OnOff]

Ignore the fact that a response has no Last Modified header.

Default value: undef

cache_header

Data type: Optional[Apache::OnOff]

Add an X-Cache header to the response.

Default value: undef

cache_lock

Data type: Optional[Apache::OnOff]

Enable the thundering herd lock.

Default value: undef

cache_ignore_cache_control

Data type: Optional[Apache::OnOff]

Ignore request to not serve cached content to client

Default value: undef

apache::mod::cache_disk

Installs and configures mod_cache_disk.

Parameters

The following parameters are available in the apache::mod::cache_disk class:

cache_root

Data type: Optional[Stdlib::Absolutepath]

Defines the name of the directory on the disk to contain cache files. Default depends on the Apache version and operating system:

  • Debian: /var/cache/apache2/mod_cache_disk
  • FreeBSD: /var/cache/mod_cache_disk
  • Red Hat: /var/cache/httpd/proxy

Default value: undef

cache_enable

Data type: Array[String]

Defines an array of directories to cache, the default is none

Default value: []

cache_dir_length

Data type: Optional[Integer]

The number of characters in subdirectory names

Default value: undef

cache_dir_levels

Data type: Optional[Integer]

The number of levels of subdirectories in the cache.

Default value: undef

cache_max_filesize

Data type: Optional[Integer]

The maximum size (in bytes) of a document to be placed in the cache

Default value: undef

cache_ignore_headers

Data type: Optional[String]

DEPRECATED Ignore request to not serve cached content to client (included for compatibility reasons to support disk_cache)

Default value: undef

configuration_file_name

Data type: Optional[String]

DEPRECATED Name of module configuration file (used for the compatibility layer for disk_cache)

Default value: undef

apache::mod::cgi

Installs mod_cgi.

apache::mod::cgid

Installs mod_cgid.

apache::mod::cluster

Installs mod_cluster.

  • Note There is no official package available for mod_cluster, so you must make it available outside of the apache module. Binaries can be found here.

  • See also

Examples

class { '::apache::mod::cluster':
  ip                      => '172.17.0.1',
  allowed_network         => '172.17.0.',
  balancer_name           => 'mycluster',
  version                 => '1.3.1'
}

Parameters

The following parameters are available in the apache::mod::cluster class:

allowed_network

Data type: String

Balanced members network.

balancer_name

Data type: String

Name of balancer.

ip

Data type: Stdlib::IP::Address

Specifies the IP address to listen to.

version

Data type: String

Specifies the mod_cluster version. Version 1.3.0 or greater is required for httpd 2.4.

enable_mcpm_receive

Data type: Boolean

Whether MCPM should be enabled.

Default value: true

port

Data type: Stdlib::Port

mod_cluster listen port.

Default value: 6666

keep_alive_timeout

Data type: Integer

Specifies how long Apache should wait for a request, in seconds.

Default value: 60

manager_allowed_network

Data type: Stdlib::IP::Address

Whether to allow the network to access the mod_cluster_manager.

Default value: '127.0.0.1'

max_keep_alive_requests

Data type: Integer

Maximum number of requests kept alive.

Default value: 0

server_advertise

Data type: Boolean

Whether the server should advertise.

Default value: true

advertise_frequency

Data type: Optional[String]

Sets the interval between advertise messages in seconds.

Default value: undef

apache::mod::data

Installs and configures mod_data.

apache::mod::dav

Installs mod_dav.

apache::mod::dav_fs

Installs mod_dav_fs.

apache::mod::dav_svn

Installs and configures mod_dav_svn.

Parameters

The following parameters are available in the apache::mod::dav_svn class:

authz_svn_enabled

Data type: Boolean

Specifies whether to install Apache mod_authz_svn

Default value: false

apache::mod::dbd

Installs mod_dbd.

apache::mod::deflate

Installs and configures mod_deflate.

Parameters

The following parameters are available in the apache::mod::deflate class:

types

Data type: Array[String]

An array of MIME types to be deflated. See https://www.iana.org/assignments/media-types/media-types.xhtml.

Default value:

[
    'text/html text/plain text/xml',
    'text/css',
    'application/x-javascript application/javascript application/ecmascript',
    'application/rss+xml',
    'application/json',
  ]
notes

Data type: Hash

A Hash where the key represents the type and the value represents the note name.

Default value:

{
    'Input'  => 'instream',
    'Output' => 'outstream',
    'Ratio'  => 'ratio',
  }

apache::mod::dir

Installs and configures mod_dir.

  • TODO This sets the global DirectoryIndex directive, so it may be necessary to consider being able to modify the apache::vhost to declare DirectoryIndex statements in a vhost configuration

  • See also

Parameters

The following parameters are available in the apache::mod::dir class:

dir

Data type: String

Default value: 'public_html'

indexes

Data type: Array[String]

Provides a string for the DirectoryIndex directive

Default value:

[
    'index.html',
    'index.html.var',
    'index.cgi',
    'index.pl',
    'index.php',
    'index.xhtml',
  ]

apache::mod::disk_cache

Installs and configures mod_disk_cache.

Parameters

The following parameters are available in the apache::mod::disk_cache class:

cache_root

Data type: Optional[Stdlib::Absolutepath]

Defines the name of the directory on the disk to contain cache files. Default depends on the Apache version and operating system:

  • Debian: /var/cache/apache2/mod_cache_disk
  • FreeBSD: /var/cache/mod_cache_disk

Default value: undef

cache_ignore_headers

Data type: Optional[String]

Specifies HTTP header(s) that should not be stored in the cache.

Default value: undef

default_cache_enable

Data type: Boolean

Default value is true, which enables "CacheEnable disk /" in disk_cache.conf for the webserver. This would cache every request to apache by default for every vhost. If set to false the default cache all behaviour is supressed. You can then control this behaviour in individual vhosts by explicitly defining CacheEnable.

Default value: true

apache::mod::dumpio

Installs and configures mod_dumpio.

Examples

class{'apache':
  default_mods => false,
  log_level    => 'dumpio:trace7',
}
class{'apache::mod::dumpio':
  dump_io_input  => 'On',
  dump_io_output => 'Off',
}

Parameters

The following parameters are available in the apache::mod::dumpio class:

dump_io_input

Data type: Apache::OnOff

Dump all input data to the error log

Default value: 'Off'

dump_io_output

Data type: Apache::OnOff

Dump all output data to the error log

Default value: 'Off'

apache::mod::env

Installs mod_env.

apache::mod::event

Installs and configures mod_event.

Parameters

The following parameters are available in the apache::mod::event class:

startservers

Data type: Variant[Integer, Boolean]

Sets the number of child server processes created at startup, via the module's StartServers directive. Setting this to false removes the parameter.

Default value: 2

maxrequestworkers

Data type: Optional[Variant[Integer, Boolean]]

Sets the maximum number of connections Apache can simultaneously process, via the module's MaxRequestWorkers directive. Setting these to false removes the parameters.

Default value: undef

minsparethreads

Data type: Variant[Integer, Boolean]

Sets the minimum number of idle threads, via the MinSpareThreads directive. Setting this to false removes the parameters.

Default value: 25

maxsparethreads

Data type: Variant[Integer, Boolean]

Sets the maximum number of idle threads, via the MaxSpareThreads directive. Setting this to false removes the parameters.

Default value: 75

threadsperchild

Data type: Variant[Integer, Boolean]

Number of threads created by each child process.

Default value: 25

maxconnectionsperchild

Data type: Optional[Variant[Integer, Boolean]]

Limit on the number of connections that an individual child server will handle during its life.

Default value: undef

serverlimit

Data type: Variant[Integer, Boolean]

Limits the configurable number of processes via the ServerLimit directive. Setting this to false removes the parameter.

Default value: 25

threadlimit

Data type: Variant[Integer, Boolean]

Limits the number of event threads via the module's ThreadLimit directive. Setting this to false removes the parameter.

Default value: 64

listenbacklog

Data type: Variant[Integer, Boolean]

Sets the maximum length of the pending connections queue via the module's ListenBackLog directive. Setting this to false removes the parameter.

Default value: 511

apache::mod::expires

Installs and configures mod_expires.

Parameters

The following parameters are available in the apache::mod::expires class:

expires_active

Data type: Boolean

Enables generation of Expires headers.

Default value: true

expires_default

Data type: Optional[String]

Specifies the default algorithm for calculating expiration time using ExpiresByType syntax or interval syntax.

Default value: undef

expires_by_type

Data type: Optional[Array[Hash]]

Describes a set of MIME content-types and their expiration times. This should be used as an array of Hashes, with each Hash's key a valid MIME content-type (i.e. 'text/json') and its value following valid interval syntax.

Default value: undef

apache::mod::ext_filter

Installs and configures mod_ext_filter.

Examples

class { 'apache::mod::ext_filter':
  ext_filter_define => {
    'slowdown'       => 'mode=output cmd=/bin/cat preservescontentlength',
    'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"',
  },
}

Parameters

The following parameters are available in the apache::mod::ext_filter class:

ext_filter_define

Data type: Optional[Hash]

Hash of filter names and their parameters.

Default value: undef

apache::mod::fcgid

loaded first; Puppet will not automatically enable it if you set the fcgiwrapper parameter in apache::vhost. include apache::mod::fcgid

apache::vhost { 'example.org': docroot => '/var/www/html', directories => { path => '/var/www/html', fcgiwrapper => { command => '/usr/local/bin/fcgiwrapper', } }, }

Examples

The class does not individually parameterize all available options. Instead, configure mod_fcgid using the options hash.
class { 'apache::mod::fcgid':
  options => {
    'FcgidIPCDir'  => '/var/run/fcgidsock',
    'SharememPath' => '/var/run/fcgid_shm',
    'AddHandler'   => 'fcgid-script .fcgi',
  },
}
If you include apache::mod::fcgid, you can set the [FcgidWrapper][] per directory, per virtual host. The module must be

    
      
      
    
  


Parameters


The following parameters are available in the apache::mod::fcgid class:



options


Data type: Hash


A hash used to parameterize the availible options:
expires_active
Enables generation of Expires headers.
expires_default
Default algorithm for calculating expiration time.
expires_by_type
Value of the Expires header configured by MIME type.


Default value: {}


apache::mod::filter


Installs mod_filter.



apache::mod::geoip


Installs and configures mod_geoip.



Parameters


The following parameters are available in the apache::mod::geoip class:



enable


Data type: Boolean


Toggles whether to enable geoip.


Default value: false


db_file


Data type: Stdlib::Absolutepath


Path to database for GeoIP to use.


Default value: '/usr/share/GeoIP/GeoIP.dat'


flag


Data type: String


Caching directive to use. Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'.


Default value: 'Standard'


output


Data type: String


Output variable locations. Values: 'All', 'Env', 'Request', 'Notes'.


Default value: 'All'


enable_utf8


Data type: Optional[String]


Changes the output from ISO88591 (Latin1) to UTF8.


Default value: undef


scan_proxy_headers


Data type: Optional[String]


Enables the GeoIPScanProxyHeaders option.


Default value: undef


scan_proxy_header_field


Data type: Optional[String]


Specifies the header mod_geoip uses to determine the client's IP address.


Default value: undef


use_last_xforwarededfor_ip


Data type: Optional[String]


Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found.


Default value: undef


apache::mod::headers


Installs and configures mod_headers.



apache::mod::http2


Installs and configures mod_http2.



Parameters


The following parameters are available in the apache::mod::http2 class:



h2_copy_files


Data type: Optional[Boolean]


Determine file handling in responses.


Default value: undef


h2_direct


Data type: Optional[Boolean]


H2 Direct Protocol Switch.


Default value: undef


h2_early_hints


Data type: Optional[Boolean]


Determine sending of 103 status codes.


Default value: undef


h2_max_session_streams


Data type: Optional[Integer]


Sets maximum number of active streams per HTTP/2 session.


Default value: undef


h2_max_worker_idle_seconds


Data type: Optional[Integer]


Sets maximum number of seconds h2 workers remain idle until shut down.


Default value: undef


h2_max_workers


Data type: Optional[Integer]


Sets maximum number of worker threads to use per child process.


Default value: undef


h2_min_workers


Data type: Optional[Integer]


Sets minimal number of worker threads to use per child process.


Default value: undef


h2_modern_tls_only


Data type: Optional[Boolean]


Toggles the security checks on HTTP/2 connections in TLS mode


Default value: undef


h2_push


Data type: Optional[Boolean]


Toggles the usage of the HTTP/2 server push protocol feature.


Default value: undef


h2_push_diary_size


Data type: Optional[Integer]


Sets maximum number of HTTP/2 server pushes that are remembered per HTTP/2 connection.


Default value: undef


h2_push_priority


Data type: Array[String]


Require HTTP/2 connections to be "modern TLS" only


Default value: []


h2_push_resource


Data type: Array[String]


When added to a directory/location, HTTP/2 PUSHes will be attempted for all paths added
via this directive


Default value: []


h2_serialize_headers


Data type: Optional[Boolean]


Toggles if HTTP/2 requests shall be serialized in HTTP/1.1 format for processing by httpd
core or if received binary data shall be passed into the request_recs directly.


Default value: undef


h2_stream_max_mem_size


Data type: Optional[Integer]


Sets the maximum number of outgoing data bytes buffered in memory for an active streams.


Default value: undef


h2_tls_cool_down_secs


Data type: Optional[Integer]


Sets the number of seconds of idle time on a TLS connection before the TLS write size falls
back to small (~1300 bytes) length.


Default value: undef


h2_tls_warm_up_size


Data type: Optional[Integer]


Sets the number of bytes to be sent in small TLS records (~1300 bytes) until doing maximum
sized writes (16k) on https: HTTP/2 connections.


Default value: undef


h2_upgrade


Data type: Optional[Boolean]


Toggles the usage of the HTTP/1.1 Upgrade method for switching to HTTP/2.


Default value: undef


h2_window_size


Data type: Optional[Integer]


Sets the size of the window that is used for flow control from client to server and limits
the amount of data the server has to buffer.


Default value: undef


apache::mod::include


Installs mod_include.



apache::mod::info


Installs and configures mod_info.



Parameters


The following parameters are available in the apache::mod::info class:



allow_from


Data type: Array[Stdlib::IP::Address]


Allowlist of IPv4 or IPv6 addresses or ranges that can access the info path.


Default value: ['127.0.0.1', '::1']


restrict_access


Data type: Boolean


Toggles whether to restrict access to info path. If false, the allow_from allowlist is ignored and any IP address can
access the info path.


Default value: true


info_path


Data type: Stdlib::Unixpath


Path on server to file containing server configuration information.


Default value: '/server-info'


apache::mod::intercept_form_submit


Installs mod_intercept_form_submit.



apache::mod::itk


Installs MPM mod_itk.


    

  • 

    Note Unsupported platforms: CentOS: 8; RedHat: 8, 9; SLES: all
    

    • 

  • 

    See also
    


    • 



Parameters


The following parameters are available in the apache::mod::itk class:



startservers


Data type: Integer


Number of child server processes created on startup.


Default value: 8


minspareservers


Data type: Integer


Minimum number of idle child server processes.


Default value: 5


maxspareservers


Data type: Integer


Maximum number of idle child server processes.


Default value: 20


serverlimit


Data type: Integer


Maximum configured value for MaxRequestWorkers for the lifetime of the Apache httpd process.


Default value: 256


maxclients


Data type: Integer


Limit on the number of simultaneous requests that will be served.


Default value: 256


maxrequestsperchild


Data type: Integer


Limit on the number of connections that an individual child server process will handle.


Default value: 4000


enablecapabilities


Data type: Optional[Variant[Boolean, String]]


Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra
capabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor
capabilities, such as NFS.


Default value: undef


apache::mod::jk


Installs mod_jk.


    

  • Note shm_file and log_file
Depending on how these files are specified, the class creates their final path differently:
    • 



Relative path: prepends supplied path with logroot (see below)
Absolute path or pipe: uses supplied path as-is


shm_file => 'shm_file'
# Ends up in
$shm_path = '/var/log/httpd/shm_file'

shm_file => '/run/shm_file'
# Ends up in
$shm_path = '/run/shm_file'

shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'
# Ends up in
$shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'


    
      
      
    
  



Examples




class { '::apache::mod::jk':
  ip                   => '192.168.2.15',
  workers_file         => 'conf/workers.properties',
  mount_file           => 'conf/uriworkermap.properties',
  shm_file             => 'run/jk.shm',
  shm_size             => '50M',
  workers_file_content => {
    <Content>
  },
}

    
      
      
    
  


Parameters


The following parameters are available in the apache::mod::jk class:



ip


Data type: Optional[Stdlib::IP::Address]


IP for binding to mod_jk. Useful when the binding address is not the primary network interface IP.


Default value: undef


port


Data type: Stdlib::Port


Port for binding to mod_jk. Useful when something else, like a reverse proxy or cache, is receiving requests at port 80, then
needs to forward them to Apache at a different port.


Default value: 80


add_listen


Data type: Boolean


Defines if a Listen directive according to parameters ip and port (see below), so that Apache listens to the IP/port combination
and redirect to mod_jk. Useful when another Listen directive, like Listen *: or Listen , can conflict with the one
necessary for mod_jk binding.


Default value: true


workers_file


Data type: Optional[String]


The name of a worker file for the Tomcat servlet containers.


Default value: undef


worker_property


Data type: Hash


Enables setting worker properties inside Apache configuration file.


Default value: {}


logroot


Data type: Optional[Stdlib::Absolutepath]


The base directory for shm_file and log_file is determined by the logroot parameter. If unspecified, defaults to
apache::params::logroot. The default logroot is sane enough therefore it is not recommended to override it.


Default value: undef


shm_file


Data type: String


Shared memory file name.


Default value: 'jk-runtime-status'


shm_size


Data type: Optional[String]


Size of the shared memory file name.


Default value: undef


mount_file


Data type: Optional[String]


File containing multiple mappings from a context to a Tomcat worker.


Default value: undef


mount_file_reload


Data type: Optional[String]


This directive configures the reload check interval in seconds.


Default value: undef


mount


Data type: Hash


A mount point from a context to a Tomcat worker.


Default value: {}


un_mount


Data type: Hash


An exclusion mount point from a context to a Tomcat worker.


Default value: {}


auto_alias


Data type: Optional[String]


Automatically Alias webapp context directories into the Apache document space


Default value: undef


mount_copy


Data type: Optional[String]


If this directive is set to "On" in some virtual server, the mounts from the global server will be copied
to this virtual server, more precisely all mounts defined by JkMount or JkUnMount.


Default value: undef


worker_indicator


Data type: Optional[String]


Name of the Apache environment variable that can be used to set worker names in combination with SetHandler
jakarta-servlet.


Default value: undef


watchdog_interval


Data type: Optional[Integer]


This directive configures the watchdog thread interval in seconds.


Default value: undef


log_file


Data type: String


Full or server relative path to the mod_jk log file.


Default value: 'mod_jk.log'


log_level


Data type: Optional[String]


The mod_jk log level, can be debug, info, warn error or trace.


Default value: undef


log_stamp_format


Data type: Optional[String]


The mod_jk date log format, using an extended strftime syntax.


Default value: undef


request_log_format


Data type: Optional[String]


Request log format string.


Default value: undef


extract_ssl


Data type: Optional[String]


Turns on SSL processing and information gathering by mod_jk.


Default value: undef


https_indicator


Data type: Optional[String]


Name of the Apache environment variable that contains SSL indication.


Default value: undef


sslprotocol_indicator


Data type: Optional[String]


Name of the Apache environment variable that contains the SSL protocol name.


Default value: undef


certs_indicator


Data type: Optional[String]


Name of the Apache environment variable that contains SSL client certificates.


Default value: undef


cipher_indicator


Data type: Optional[String]


Name of the Apache environment variable that contains SSL client cipher.


Default value: undef


certchain_prefix


Data type: Optional[String]


Name of the Apache environment (prefix) that contains SSL client chain certificates.


Default value: undef


session_indicator


Data type: Optional[String]


Name of the Apache environment variable that contains SSL session.


Default value: undef


keysize_indicator


Data type: Optional[String]


Name of the Apache environment variable that contains SSL key size in use.


Default value: undef


local_name_indicator


Data type: Optional[String]


Name of the Apache environment variable which can be used to overwrite the forwarded local name.


Default value: undef


ignore_cl_indicator


Data type: Optional[String]


Name of the Apache environment variable which forces to ignore an existing Content-Length request header.


Default value: undef


local_addr_indicator


Data type: Optional[String]


Name of the Apache environment variable which can be used to overwrite the forwarded local IP address.


Default value: undef


local_port_indicator


Data type: Optional[String]


Name of the Apache environment variable which can be used to overwrite the forwarded local port.


Default value: undef


remote_host_indicator


Data type: Optional[String]


Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) host name.


Default value: undef


remote_addr_indicator


Data type: Optional[String]


Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) IP address.


Default value: undef


remote_port_indicator


Data type: Optional[String]


Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) IP address.


Default value: undef


remote_user_indicator


Data type: Optional[String]


Name of the Apache environment variable which can be used to overwrite the forwarded user name.


Default value: undef


auth_type_indicator


Data type: Optional[String]


Name of the Apache environment variable which can be used to overwrite the forwarded authentication type.


Default value: undef


options


Data type: Array


Set one of more options to configure the mod_jk module.


Default value: []


env_var


Data type: Hash


Adds a name and an optional default value of environment variable that should be sent to servlet-engine as a request attribute.


Default value: {}


strip_session


Data type: Optional[String]


If this directive is set to On in some virtual server, the session IDs ;jsessionid=... will be removed for URLs which are not
forwarded but instead are handled by the local server.


Default value: undef


location_list


Data type: Array


Global locations for mod_jk are defined in array location_list.
Each array item is a hash with quoted* property name as key and value as value itself.
You can define a comment in a special 'comment' key


Example:
<Location /jkstatus/>


Configures jkstatus


JkMount status
Order deny,allow
Deny from all
Allow from 127.0.0.1



Is defined as:
location_list = [
{
'Location'   => '/jkstatus/',
'Comment'    => 'Configures jkstatus',
'JkMount'    => 'status',
'Order'      => 'deny,allow',
'Deny from'  => 'all',
'Allow from' => '127.0.0.1',
},
]


    

  • Keys must be quoted to allow arbitrary case and/or multi-word keys
(BTW, note the case of 'Location' and 'Comment' keys)
    • 



Default value: []


workers_file_content


Data type: Hash


Each directive has the format worker..=. This maps as a hash of hashes, where the outer hash specifies
workers, and each inner hash specifies each worker properties and values. Plus, there are two global directives, 'worker.list' and
'worker.maintain' For example, the workers file below should be parameterized as follows:


Worker file:


worker.list = status
worker.list = some_name,other_name

worker.maintain = 60

# Optional comment
worker.some_name.type=ajp13
worker.some_name.socket_keepalive=true

# I just like comments
worker.other_name.type=ajp12 (why would you?)
worker.other_name.socket_keepalive=false


    
      
      
    
  


Puppet file:


$workers_file_content = {
  worker_lists    => ['status', 'some_name, other_name'],
  worker_maintain => 60,
  some_name       => {
    comment          => 'Optional comment',
    type             => 'ajp13',
    socket_keepalive => 'true',
  },
  other_name      => {
    comment          => 'I just like comments',
    type             => 'ajp12',
    socket_keepalive => 'false',
  },
}


    
      
      
    
  


Default value: {}


mount_file_content


Data type: Hash


Each directive has the format  = . This maps as a hash of hashes, where the outer hash specifies workers, and
each inner hash contains two items:


    

  • uri_list-an array with URIs to be mapped to the worker
    • 

  • comment-an optional string with a comment for the worker. For example, the mount file below should be parameterized as Figure 2:
    • 



Worker file:


# Worker 1
/context_1/ = worker_1
/context_1/* = worker_1

# Worker 2
/ = worker_2
/context_2/ = worker_2
/context_2/* = worker_2


    
      
      
    
  


Puppet file:


$mount_file_content = {
  worker_1 => {
    uri_list => ['/context_1/', '/context_1/*'],
    comment  => 'Worker 1',
  },
  worker_2 => {
    uri_list => ['/context_2/', '/context_2/*'],
    comment  => 'Worker 2',
  },
},


    
      
      
    
  


Default value: {}


apache::mod::lbmethod_bybusyness


Installs lbmethod_bybusyness.



Parameters


The following parameters are available in the apache::mod::lbmethod_bybusyness class:



apache_version


Data type: Optional[String]


Version of Apache to install module on.


Default value: $apache::apache_version


apache::mod::lbmethod_byrequests


Installs lbmethod_byrequests.



Parameters


The following parameters are available in the apache::mod::lbmethod_byrequests class:



apache_version


Data type: Optional[String]


Version of Apache to install module on.


Default value: $apache::apache_version


apache::mod::lbmethod_bytraffic


Installs lbmethod_bytraffic.



Parameters


The following parameters are available in the apache::mod::lbmethod_bytraffic class:



apache_version


Data type: Optional[String]


Version of Apache to install module on.


Default value: $apache::apache_version


apache::mod::lbmethod_heartbeat


Installs lbmethod_heartbeat.



Parameters


The following parameters are available in the apache::mod::lbmethod_heartbeat class:



apache_version


Data type: Optional[String]


Version of Apache to install module on.


Default value: $apache::apache_version


apache::mod::ldap


Installs and configures mod_ldap.



Examples




class { 'apache::mod::ldap':
  ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt',
  ldap_trusted_global_cert_type => 'CA_DER',
  ldap_trusted_mode             => 'TLS',
  ldap_shared_cache_size        => 500000,
  ldap_cache_entries            => 1024,
  ldap_cache_ttl                => 600,
  ldap_opcache_entries          => 1024,
  ldap_opcache_ttl              => 600,
}

    
      
      
    
  


Parameters


The following parameters are available in the apache::mod::ldap class:



package_name


Data type: Optional[String]


Specifies the custom package name.


Default value: undef


ldap_trusted_global_cert_file


Data type: Optional[String]


Sets the file or database containing global trusted Certificate Authority or global client certificates.


Default value: undef


ldap_trusted_global_cert_type


Data type: String


Sets the certificate parameter of the global trusted Certificate Authority or global client certificates.


Default value: 'CA_BASE64'


ldap_shared_cache_size


Data type: Optional[Integer]


Size in bytes of the shared-memory cache


Default value: undef


ldap_cache_entries


Data type: Optional[Integer]


Maximum number of entries in the primary LDAP cache


Default value: undef


ldap_cache_ttl


Data type: Optional[Integer]


Time that cached items remain valid (in seconds).


Default value: undef


ldap_opcache_entries


Data type: Optional[Integer]


Number of entries used to cache LDAP compare operations


Default value: undef


ldap_opcache_ttl


Data type: Optional[Integer]


Time that entries in the operation cache remain valid (in seconds).


Default value: undef


ldap_trusted_mode


Data type: Optional[String]


Specifies the SSL/TLS mode to be used when connecting to an LDAP server.


Default value: undef


ldap_path


Data type: String


The server location of the ldap status page.


Default value: '/ldap-status'


apache::mod::log_forensic


Installs mod_log_forensic



apache::mod::lookup_identity


Installs mod_lookup_identity



apache::mod::macro


Installs mod_macro.



apache::mod::md


Installs and configures mod_md.



Parameters


The following parameters are available in the apache::mod::md class:



md_activation_delay


Data type: Optional[String]


    

  • 



Default value: undef


md_base_server


Data type: Optional[Apache::OnOff]


Control if base server may be managed or only virtual hosts.


Default value: undef


md_ca_challenges


Data type: Optional[Array[Enum['dns-01', 'http-01', 'tls-alpn-01']]]


Type of ACME challenge used to prove domain ownership.


Default value: undef


md_certificate_agreement


Data type: Optional[Enum['accepted']]


You confirm that you accepted the Terms of Service of the Certificate
Authority.


Default value: undef


md_certificate_authority


Data type: Optional[Stdlib::HTTPUrl]


The URL of the ACME Certificate Authority service.


Default value: undef


md_certificate_check


Data type: Optional[String]


    

  • 



Default value: undef


md_certificate_monitor


Data type: Optional[String]


The URL of a certificate log monitor.


Default value: undef


md_certificate_protocol


Data type: Optional[Enum['ACME']]


The protocol to use with the Certificate Authority.


Default value: undef


md_certificate_status


Data type: Optional[Apache::OnOff]


Exposes public certificate information in JSON.


Default value: undef


md_challenge_dns01


Data type: Optional[Stdlib::Absolutepath]


Define a program to be called when the dns-01 challenge needs to be
setup/torn down.


Default value: undef


md_contact_email


Data type: Optional[String]


The ACME protocol requires you to give a contact url when you sign up.


Default value: undef


md_http_proxy


Data type: Optional[Stdlib::HTTPUrl]


Define a proxy for outgoing connections.


Default value: undef


md_members


Data type: Optional[Enum['auto', 'manual']]


Control if the alias domain names are automatically added.


Default value: undef


md_message_cmd


Data type: Optional[Stdlib::Absolutepath]


Handle events for Manage Domains.


Default value: undef


md_must_staple


Data type: Optional[Apache::OnOff]


Control if new certificates carry the OCSP Must Staple flag.


Default value: undef


md_notify_cmd


Data type: Optional[Stdlib::Absolutepath]


Run a program when a Managed Domain is ready.


Default value: undef


md_port_map


Data type: Optional[String]


Map external to internal ports for domain ownership verification.


Default value: undef


md_private_keys


Data type: Optional[String]


Set type and size of the private keys generated.


Default value: undef


md_renew_mode


Data type: Optional[Enum['always', 'auto', 'manual']]


Controls if certificates shall be renewed.


Default value: undef


md_renew_window


Data type: Optional[String]


Control when a certificate will be renewed.


Default value: undef


md_require_https


Data type: Optional[Enum['off', 'permanent', 'temporary']]


Redirects http: traffic to https: for Managed Domains.
An http: Virtual Host must nevertheless be setup for that domain.


Default value: undef


md_server_status


Data type: Optional[Apache::OnOff]


Control if Managed Domain information is added to server-status.


Default value: undef


md_staple_others


Data type: Optional[Apache::OnOff]


Enable stapling for certificates not managed by mod_md.


Default value: undef


md_stapling


Data type: Optional[Apache::OnOff]


Enable stapling for all or a particular MDomain.


Default value: undef


md_stapling_keep_response


Data type: Optional[String]


Controls when old responses should be removed.


Default value: undef


md_stapling_renew_window


Data type: Optional[String]


Control when the stapling responses will be renewed.


Default value: undef


md_store_dir


Data type: Optional[Stdlib::Absolutepath]


Path on the local file system to store the Managed Domains data.


Default value: undef


md_warn_window


Data type: Optional[String]


Define the time window when you want to be warned about an expiring
certificate.


Default value: undef


apache::mod::mime


Installs and configures mod_mime.



Parameters


The following parameters are available in the apache::mod::mime class:



mime_support_package


Data type: Optional[String]


Name of the MIME package to be installed.


Default value: $apache::params::mime_support_package


mime_types_config


Data type: String


The location of the mime.types file.


Default value: $apache::params::mime_types_config


mime_types_additional


Data type: Optional[Hash]


List of additional MIME types to include.


Default value: undef


apache::mod::mime_magic


Installs and configures mod_mime_magic.



Parameters


The following parameters are available in the apache::mod::mime_magic class:



magic_file


Data type: Optional[String]


Enable MIME-type determination based on file contents using the specified magic file.


Default value: undef


apache::mod::negotiation


Installs and configures mod_negotiation.



Parameters


The following parameters are available in the apache::mod::negotiation class:



force_language_priority


Data type: Variant[Array[String], String]


Action to take if a single acceptable document is not found.


Default value: 'Prefer Fallback'


language_priority


Data type: Variant[Array[String], String]


The precedence of language variants for cases where the client does not express a preference.


Default value:


['en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et',
    'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn',
    'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN',
  'zh-TW']

    
      
      
    
  


apache::mod::nss


Installs and configures mod_nss.



Parameters


The following parameters are available in the apache::mod::nss class:



transfer_log


Data type: Stdlib::Absolutepath


Path to access.log.


Default value: "${apache::params::logroot}/access.log"


error_log


Data type: Stdlib::Absolutepath


Path to error.log


Default value: "${apache::params::logroot}/error.log"


passwd_file


Data type: Optional[String]


Path to file containing token passwords used for NSSPassPhraseDialog.


Default value: undef


port


Data type: Stdlib::Port


Sets the SSL port that should be used by mod_nss.


Default value: 8443


apache::mod::pagespeed


Installs and manages mod_pagespeed, which is a Google module that rewrites web pages to reduce latency and bandwidth.


This module does not manage the software repositories needed to automatically install the
mod-pagespeed-stable package. The module does however require that the package be installed,
or be installable using the system's default package provider.  You should ensure that this
pre-requisite is met or declaring apache::mod::pagespeed will cause the puppet run to fail.


    

  • Note Verify that your system is compatible with the latest Google Pagespeed requirements.
    • 



Although this apache module requires the mod-pagespeed-stable package, Puppet does not manage the software repositories required to
automatically install the package. If you declare this class when the package is either not installed or not available to your
package manager, your Puppet run will fail.



Examples




class { 'apache::mod::pagespeed':
  inherit_vhost_config          => 'on',
  filter_xhtml                  => false,
  cache_path                    => '/var/cache/mod_pagespeed/',
  log_dir                       => '/var/log/pagespeed',
  memache_servers               => [],
  rewrite_level                 => 'CoreFilters',
  disable_filters               => [],
  enable_filters                => [],
  forbid_filters                => [],
  rewrite_deadline_per_flush_ms => 10,
  additional_domains            => undef,
  file_cache_size_kb            => 102400,
  file_cache_clean_interval_ms  => 3600000,
  lru_cache_per_process         => 1024,
  lru_cache_byte_limit          => 16384,
  css_flatten_max_bytes         => 2048,
  css_inline_max_bytes          => 2048,
  css_image_inline_max_bytes    => 2048,
  image_inline_max_bytes        => 2048,
  js_inline_max_bytes           => 2048,
  css_outline_min_bytes         => 3000,
  js_outline_min_bytes          => 3000,
  inode_limit                   => 500000,
  image_max_rewrites_at_once    => 8,
  num_rewrite_threads           => 4,
  num_expensive_rewrite_threads => 4,
  collect_statistics            => 'on',
  statistics_logging            => 'on',
  allow_view_stats              => [],
  allow_pagespeed_console       => [],
  allow_pagespeed_message       => [],
  message_buffer_size           => 100000,
  additional_configuration      => { }
}

    
      
      
    
  


Parameters


The following parameters are available in the apache::mod::pagespeed class:



inherit_vhost_config


Data type: String


Whether or not to inherit the vhost config


Default value: 'on'


filter_xhtml


Data type: Boolean


Whether to filter by xhtml


Default value: false


cache_path


Data type: Stdlib::Absolutepath


Where to cache any files


Default value: '/var/cache/mod_pagespeed/'


log_dir


Data type: Stdlib::Absolutepath


The log directory


Default value: '/var/log/pagespeed'


memcache_servers


Data type: Array


Default value: []


rewrite_level


Data type: String


The inbuilt filter level to be used.
Can be PassThrough, CoreFilters or OptimizeForBandwidth.


Default value: 'CoreFilters'


disable_filters


Data type: Array


An array of filters that you wish to disable


Default value: []


enable_filters


Data type: Array


An array of filters that you wish to enable


Default value: []


forbid_filters


Data type: Array


An array of filters that you wish to forbid


Default value: []


rewrite_deadline_per_flush_ms


Data type: Integer


How long to wait after attempting to rewrite an uncache/expired resource.


Default value: 10


additional_domains


Data type: Optional[String]


Any additional domains that PageSpeed should optimize resources from.


Default value: undef


file_cache_size_kb


Data type: Integer


The maximum size of the cache


Default value: 102400


file_cache_clean_interval_ms


Data type: Integer


The interval between which the cache is cleaned


Default value: 3600000


lru_cache_per_process


Data type: Integer


The amount of memory dedcated to each process


Default value: 1024


lru_cache_byte_limit


Data type: Integer


How large a cache entry the cache will accept


Default value: 16384


css_flatten_max_bytes


Data type: Integer


The maximum size in bytes of the flattened CSS


Default value: 2048


css_inline_max_bytes


Data type: Integer


The maximum size in bytes of any image that will be inlined into CSS


Default value: 2048


css_image_inline_max_bytes


Data type: Integer


The maximum size in bytes of any image that will be inlined into an HTML file


Default value: 2048


image_inline_max_bytes


Data type: Integer


The maximum size in bytes of any inlined CSS file


Default value: 2048


js_inline_max_bytes


Data type: Integer


The maximum size in bytes of any inlined JavaScript file


Default value: 2048


css_outline_min_bytes


Data type: Integer


The minimum size in bytes for a CSS file to qualify as an outline


Default value: 3000


js_outline_min_bytes


Data type: Integer


The minimum size in bytes for a JavaScript file to qualify as an outline


Default value: 3000


inode_limit


Data type: Integer


The file cache inode limit


Default value: 500000


image_max_rewrites_at_once


Data type: Integer


The maximum number of images to optimize concurrently


Default value: 8


num_rewrite_threads


Data type: Integer


The amount of threads to use for rewrite at one time
These threads are used for short, latency-sensitive work.


Default value: 4


num_expensive_rewrite_threads


Data type: Integer


The amount of threads to use for rewrite at one time
These threads are used for full optimization.


Default value: 4


collect_statistics


Data type: String


Whether to collect cross-process statistics


Default value: 'on'


statistics_logging


Data type: String


Whether graphs should be drawn from collected statistics


Default value: 'on'


allow_view_stats


Data type: Array


What sources should be allowed to view the resultant graph


Default value: []


allow_pagespeed_console


Data type: Array


What sources to draw the graphs from


Default value: []


allow_pagespeed_message


Data type: Array


Default value: []


message_buffer_size


Data type: Integer


The amount of bytes to allocate as a buffer to hold recent log messages


Default value: 100000


additional_configuration


Data type: Variant[Array, Hash]


Any additional configuration no included as it's own option


Default value: {}


package_ensure


Data type: Optional[String]


Default value: undef


apache::mod::passenger


The current set of server configurations settings were taken directly from the Passenger Reference. To enable deprecation warnings
and removal failure messages, set the passenger_installed_version to the version number installed on the server.


Change Log:


    

  • As of 08/13/2017 there are 84 available/deprecated/removed settings.
    • 

  • Around 08/20/2017 UnionStation was discontinued options were removed.
    • 

  • As of 08/20/2017 there are 77 available/deprecated/removed settings.
    • 




Parameters


The following parameters are available in the apache::mod::passenger class:



manage_repo


Data type: Boolean


Toggle whether to manage yum repo if on a RedHat node.


Default value: true


mod_id


Data type: Optional[String]


Specifies the package id.


Default value: undef


mod_lib


Data type: Optional[String]


Defines the module's shared object name. Do not configure manually without special reason.


Default value: undef


mod_lib_path


Data type: Optional[String]


Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The path parameter overrides
this value.


Default value: undef


mod_package


Data type: Optional[String]


Name of the module package to install.


Default value: undef


mod_package_ensure


Data type: Optional[String]


Determines whether Puppet ensures the module should be installed.


Default value: undef


mod_path


Data type: Optional[String]


Specifies a path to the module. Do not manually set this parameter without a special reason.


Default value: undef


passenger_admin_panel_url


Data type: Optional[String]


Specifies a Fuse Panel URL that the Passenger to to enable monitoring, administering, analysis and troubleshooting of this Passenger instance and apps.


Default value: undef


passenger_admin_panel_auth_type


Data type: Optional[Enum['basic']]


Specifies the authentication type to use for the Fuse Panel. Currently it support only basic type of authentiction.
Ref : https://www.phusionpassenger.com/library/config/apache/reference/#passengeradminpanelauthtype


Default value: undef


passenger_admin_panel_username


Data type: Optional[String]


The username that Passenger should use when connecting to the Fuse Panel with basic authentication.


Default value: undef


passenger_admin_panel_password


Data type: Optional[String]


The password that Passenger should use when connecting to the Fuse Panel with basic authentication.


Default value: undef


passenger_allow_encoded_slashes


Data type: Optional[Apache::OnOff]


Toggle whether URLs with encoded slashes (%2f) can be used (by default Apache does not support this).


Default value: undef


passenger_anonymous_telemetry_proxy


Data type: Optional[String]


Set an intermediate proxy for the Passenger anonymous telemetry reporting.


Default value: undef


passenger_app_env


Data type: Optional[String]


This option sets, for the current application, the value of the following environment variables:


    

  • RAILS_ENV
    • 

  • RACK_ENV
    • 

  • WSGI_ENV
    • 

  • NODE_ENV
    • 

  • PASSENGER_APP_ENV
    • 



Default value: undef


passenger_app_group_name


Data type: Optional[String]


Sets the name of the application group that the current application should belong to.


Default value: undef


passenger_app_log_file


Data type: Optional[String]


File path to application specifile log file. By default passenger will write all application log messages to the Passenger log file.


Default value: undef


passenger_app_root


Data type: Optional[String]


Path to the application root which allows access independent from the DocumentRoot.


Default value: undef


passenger_app_type


Data type: Optional[String]


Specifies the type of the application. If you set this option, then you must also set PassengerAppRoot, otherwise Passenger will
not properly recognize your application.


Default value: undef


passenger_base_uri


Data type: Optional[String]


Used to specify that the given URI is an distinct application that should be served by Passenger.


Default value: undef


passenger_buffer_response


Data type: Optional[Apache::OnOff]


Toggle whether application-generated responses are buffered by Apache. Buffering will happen in memory.


Default value: undef


passenger_buffer_upload


Data type: Optional[Apache::OnOff]


Toggle whether HTTP client request bodies are buffered before they are sent to the application.


Default value: undef


passenger_concurrency_model


Data type: Optional[String]


Specifies the I/O concurrency model that should be used for Ruby application processes.


Default value: undef


passenger_conf_file


Data type: String


Default value: $apache::params::passenger_conf_file


passenger_conf_package_file


Data type: Optional[String]


Default value: $apache::params::passenger_conf_package_file


passenger_data_buffer_dir


Data type: Optional[Stdlib::Absolutepath]


Specifies the directory in which to store data buffers.


Default value: undef


passenger_debug_log_file


Data type: Optional[String]


Default value: undef


passenger_debugger


Data type: Optional[Apache::OnOff]


Turns support for Ruby application debugging on or off.


Default value: undef


passenger_default_group


Data type: Optional[String]


Allows you to specify the group that applications must run as, if user switching fails or is disabled.


Default value: undef


passenger_default_ruby


Data type: Optional[String]


File path to desired ruby interpreter to use by default.


Default value: $apache::params::passenger_default_ruby


passenger_default_user


Data type: Optional[String]


Allows you to specify the user that applications must run as, if user switching fails or is disabled.


Default value: undef


passenger_disable_anonymous_telemetry


Data type: Optional[Boolean]


Whether or not to disable the Passenger anonymous telemetry reporting.


Default value: undef


passenger_disable_log_prefix


Data type: Optional[Boolean]


Whether to stop Passenger from prefixing logs when they are written to a log file.


Default value: undef


passenger_disable_security_update_check


Data type: Optional[Apache::OnOff]


Allows disabling the Passenger security update check, a daily check with https://securitycheck.phusionpassenger.com for important
security updates that might be available.


Default value: undef


passenger_enabled


Data type: Optional[Apache::OnOff]


Toggles whether Passenger should be enabled for that particular context.


Default value: undef


passenger_dump_config_manifest


Data type: Optional[String]


Dumps the configuration manifest to the given file.


Default value: undef


passenger_error_override


Data type: Optional[Apache::OnOff]


Toggles whether Apache will intercept and handle responses with HTTP status codes of 400 and higher.


Default value: undef


passenger_file_descriptor_log_file


Data type: Optional[String]


Log file descriptor debug tracing messages to the given file.


Default value: undef


passenger_fly_with


Data type: Optional[String]


Enables the Flying Passenger mode, and configures Apache to connect to the Flying Passenger daemon that's listening on the
given socket filename.


Default value: undef


passenger_force_max_concurrent_requests_per_process


Data type: Optional[Variant[Integer, String]]


Use this option to tell Passenger how many concurrent requests the application can handle per process.


Default value: undef


passenger_friendly_error_pages


Data type: Optional[Apache::OnOff]


Toggles whether Passenger should display friendly error pages whenever an application fails to start.


Default value: undef


passenger_group


Data type: Optional[String]


Allows you to override that behavior and explicitly set a group to run the web application as, regardless of the ownership of the
startup file.


Default value: undef


passenger_high_performance


Data type: Optional[Apache::OnOff]


Toggles whether to enable PassengerHighPerformance which will make Passenger will be a little faster, in return for reduced
compatibility with other Apache modules.


Default value: undef


passenger_installed_version


Data type: Optional[String]


Default value: undef


passenger_instance_registry_dir


Data type: Optional[String]


Specifies the directory that Passenger should use for registering its current instance.


Default value: undef


passenger_load_shell_envvars


Data type: Optional[Apache::OnOff]


Enables or disables the loading of shell environment variables before spawning the application.


Default value: undef


passenger_preload_bundler


Data type: Optional[Boolean]


Enables or disables loading bundler before loading your Ruby app.


Default value: undef


passenger_log_file


Data type: Optional[Stdlib::Absolutepath]


File path to log file. By default Passenger log messages are written to the Apache global error log.


Default value: undef


passenger_log_level


Data type: Optional[Integer]


Specifies how much information Passenger should log to its log file. A higher log level value means that more
information will be logged.


Default value: undef


passenger_lve_min_uid


Data type: Optional[Integer]


When using Passenger on a LVE-enabled kernel, a security check (enter) is run for spawning application processes. This options
tells the check to only allow processes with UIDs equal to, or higher than, the specified value.


Default value: undef


passenger_max_instances


Data type: Optional[Integer]


The maximum number of application processes that may simultaneously exist for an application.


Default value: undef


passenger_max_instances_per_app


Data type: Optional[Integer]


The maximum number of application processes that may simultaneously exist for a single application.


Default value: undef


passenger_max_pool_size


Data type: Optional[Integer]


The maximum number of application processes that may simultaneously exist.


Default value: undef


passenger_max_preloader_idle_time


Data type: Optional[Integer]


Set the preloader's idle timeout, in seconds. A value of 0 means that it should never idle timeout.


Default value: undef


passenger_max_request_queue_size


Data type: Optional[Integer]


Specifies the maximum size for the queue of all incoming requests.


Default value: undef


passenger_max_request_time


Data type: Optional[Integer]


The maximum amount of time, in seconds, that an application process may take to process a request.


Default value: undef


passenger_max_requests


Data type: Optional[Integer]


The maximum number of requests an application process will process.


Default value: undef


passenger_max_request_queue_time


Data type: Optional[Integer]


The maximum amount of time, in seconds, that a request may be queued before Passenger will return an error.
This option specifies the maximum time a request may spend in that queue. If a request in the queue reaches this specified limit, then Passenger will send a "504 Gateway Timeout" error for that request.


Default value: undef


passenger_memory_limit


Data type: Optional[Integer]


The maximum amount of memory that an application process may use, in megabytes.


Default value: undef


passenger_meteor_app_settings


Data type: Optional[String]


When using a Meteor application in non-bundled mode, use this option to specify a JSON file with settings for the application.


Default value: undef


passenger_min_instances


Data type: Optional[Integer]


Specifies the minimum number of application processes that should exist for a given application.


Default value: undef


passenger_nodejs


Data type: Optional[String]


Specifies the Node.js command to use for serving Node.js web applications.


Default value: undef


passenger_pool_idle_time


Data type: Optional[Integer]


The maximum number of seconds that an application process may be idle.


Default value: undef


passenger_pre_start


Data type: Optional[Variant[String, Array[String]]]


URL of the web application you want to pre-start.


Default value: undef


passenger_python


Data type: Optional[String]


Specifies the Python interpreter to use for serving Python web applications.


Default value: undef


passenger_resist_deployment_errors


Data type: Optional[Apache::OnOff]


Enables or disables resistance against deployment errors.


Default value: undef


passenger_resolve_symlinks_in_document_root


Data type: Optional[Apache::OnOff]


This option is no longer available in version 5.2.0. Switch to PassengerAppRoot if you are setting the application root via a
document root containing symlinks.


Default value: undef


passenger_response_buffer_high_watermark


Data type: Optional[Variant[Integer, String]]


Configures the maximum size of the real-time disk-backed response buffering system.


Default value: undef


passenger_restart_dir


Data type: Optional[String]


Path to directory containing restart.txt file. Can be either absolute or relative.


Default value: undef


passenger_rolling_restarts


Data type: Optional[Apache::OnOff]


Enables or disables support for zero-downtime application restarts through restart.txt.


Default value: undef


passenger_root


Data type: Optional[String]


Refers to the location to the Passenger root directory, or to a location configuration file.


Default value: $apache::params::passenger_root


passenger_ruby


Data type: Optional[String]


Specifies the Ruby interpreter to use for serving Ruby web applications.


Default value: $apache::params::passenger_ruby


passenger_security_update_check_proxy


Data type: Optional[String]


Allows use of an intermediate proxy for the Passenger security update check.


Default value: undef


passenger_show_version_in_header


Data type: Optional[Apache::OnOff]


Toggle whether Passenger will output its version number in the X-Powered-By header in all Passenger-served requests:


Default value: undef


passenger_socket_backlog


Data type: Optional[Variant[Integer, String]]


This option can be raised if Apache manages to overflow the backlog queue.


Default value: undef


passenger_spawn_dir


Data type: Optional[String]


The directory in which Passenger will record progress during startup


Default value: undef


passenger_spawn_method


Data type: Optional[Enum['smart', 'direct', 'smart-lv2', 'conservative']]


Controls whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.


Default value: undef


passenger_start_timeout


Data type: Optional[Integer]


Specifies a timeout for the startup of application processes.


Default value: undef


passenger_startup_file


Data type: Optional[String]


Specifies the startup file that Passenger should use when loading the application.


Default value: undef


passenger_stat_throttle_rate


Data type: Optional[Integer]


Setting this option to a value of x means that certain filesystem checks will be performed at most once every x seconds.


Default value: undef


passenger_sticky_sessions


Data type: Optional[Apache::OnOff]


Toggles whether all requests that a client sends will be routed to the same originating application process, whenever possible.


Default value: undef


passenger_sticky_sessions_cookie_name


Data type: Optional[String]


Sets the name of the sticky sessions cookie.


Default value: undef


passenger_sticky_sessions_cookie_attributes


Data type: Optional[String]


Sets the attributes of the sticky sessions cookie.


Default value: undef


passenger_thread_count


Data type: Optional[Integer]


Specifies the number of threads that Passenger should spawn per Ruby application process.


Default value: undef


passenger_use_global_queue


Data type: Optional[String]


N/A.


Default value: undef


passenger_user


Data type: Optional[String]


Allows you to override that behavior and explicitly set a user to run the web application as, regardless of the ownership of the
startup file.


Default value: undef


passenger_user_switching


Data type: Optional[Apache::OnOff]


Toggles whether to attempt to enable user account sandboxing, also known as user switching.


Default value: undef


rack_env


Data type: Optional[String]


Alias for PassengerAppEnv.


Default value: undef


rails_env


Data type: Optional[String]


Alias for PassengerAppEnv.


Default value: undef


rails_framework_spawner_idle_time


Data type: Optional[String]


This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed
altogether. You should use smart spawning instead.


Default value: undef


apache::mod::perl


Installs mod_perl.



apache::mod::peruser


Installs mod_peruser.


Parameters


The following parameters are available in the apache::mod::peruser class:



minspareprocessors


Data type: Integer


Default value: 2


minprocessors


Data type: Integer


The minimum amount of processors


Default value: 2


maxprocessors


Data type: Integer


The maximum amount of processors


Default value: 10


maxclients


Data type: Integer


The maximum amount of clients


Default value: 150


maxrequestsperchild


Data type: Integer


The maximum amount of requests per child


Default value: 1000


idletimeout


Data type: Integer


Default value: 120


expiretimeout


Data type: Integer


Default value: 120


keepalive


Data type: Apache::OnOff


Default value: 'Off'


apache::mod::php


Installs mod_php.


    

  • Note Unsupported platforms: RedHat: 9
    • 



Parameters


The following parameters are available in the apache::mod::php class:



package_name


Data type: Optional[String]


The package name


Default value: undef


package_ensure


Data type: String


Whether the package is present or absent


Default value: 'present'


path


Data type: Optional[String]


Default value: undef


extensions


Data type: Array


Default value: ['.php']


content


Data type: Optional[String]


Default value: undef


template


Data type: String


Default value: 'apache/mod/php.conf.erb'


source


Data type: Optional[String]


Default value: undef


root_group


Data type: Optional[String]


UNIX group of the root user


Default value: $apache::params::root_group


php_version


Data type: Optional[String]


The php version. This is a required parameter, but optional allows showing a clear error message


Default value: $apache::params::php_version


libphp_prefix


Data type: String


Default value: 'libphp'


apache::mod::prefork


Installs and configures MPM prefork.



Parameters


The following parameters are available in the apache::mod::prefork class:



startservers


Data type: Integer


Number of child server processes created at startup.


Default value: 8


minspareservers


Data type: Integer


Minimum number of idle child server processes.


Default value: 5


maxspareservers


Data type: Integer


Maximum number of idle child server processes.


Default value: 20


serverlimit


Data type: Integer


Upper limit on configurable number of processes.


Default value: 256


maxclients


Data type: Integer


Old alias for MaxRequestWorkers.


Default value: 256


maxrequestworkers


Data type: Optional[Integer]


Maximum number of connections that will be processed simultaneously.


Default value: undef


maxrequestsperchild


Data type: Integer


Old alias for MaxConnectionsPerChild.


Default value: 4000


maxconnectionsperchild


Data type: Optional[Integer]


Limit on the number of connections that an individual child server will handle during its life.


Default value: undef


listenbacklog


Data type: Integer


Maximum length of the queue of pending connections.


Default value: 511


apache::mod::proxy


Installs and configures mod_proxy.



Parameters


The following parameters are available in the apache::mod::proxy class:



proxy_requests


Data type: String


Enables forward (standard) proxy requests.


Default value: 'Off'


allow_from


Data type: Optional[Variant[Stdlib::IP::Address, Array[Stdlib::IP::Address]]]


IP address or list of IPs allowed to access proxy.


Default value: undef


package_name


Data type: Optional[String]


Name of the proxy package to install.


Default value: undef


proxy_via


Data type: String


Set local IP address for outgoing proxy connections.


Default value: 'On'


proxy_timeout


Data type: Optional[Integer[0]]


Network timeout for proxied requests.


Default value: undef


proxy_iobuffersize


Data type: Optional[String]


Set the size of internal data throughput buffer


Default value: undef


apache::mod::proxy_ajp


Installs mod_proxy_ajp.



apache::mod::proxy_balancer


Installs and configures mod_proxy_balancer.



Parameters


The following parameters are available in the apache::mod::proxy_balancer class:



manager


Data type: Boolean


Toggle whether to enable balancer manager support.


Default value: false


manager_path


Data type: Stdlib::Unixpath


Server relative path to balancer manager.


Default value: '/balancer-manager'


allow_from


Data type: Array[Stdlib::IP::Address]


List of IPs from which the balancer manager can be accessed.


Default value: ['127.0.0.1', '::1']


apache::mod::proxy_connect


Installs mod_proxy_connect.



apache::mod::proxy_fcgi


Installs mod_proxy_fcgi.



apache::mod::proxy_html


Installs mod_proxy_html.



apache::mod::proxy_http


Installs mod_proxy_http.



apache::mod::proxy_http2


Installs mod_proxy_http2.



apache::mod::proxy_wstunnel


Installs mod_proxy_wstunnel.



apache::mod::python


Installs and configures mod_python.



Parameters


The following parameters are available in the apache::mod::python class:



loadfile_name


Data type: Optional[String]


Sets the name of the configuration file that is used to load the python module.


Default value: undef


apache::mod::remoteip


Installs and configures mod_remoteip.



Parameters


The following parameters are available in the apache::mod::remoteip class:



header


Data type: String


The header field in which mod_remoteip will look for the useragent IP.


Default value: 'X-Forwarded-For'


internal_proxy


Data type: Optional[Array[Stdlib::Host]]


A list of IP addresses, IP blocks or hostname that are trusted to set a
valid value inside specified header. Unlike the $trusted_proxy_ips
parameter, any IP address (including private addresses) presented by these
proxies will trusted by mod_remoteip.


Default value: undef


proxy_ips


Data type: Optional[Array[Stdlib::Host]]


Deprecated: use $internal_proxy instead.


Default value: undef


internal_proxy_list


Data type: Optional[Stdlib::Absolutepath]


The path to a file containing a list of IP addresses, IP blocks or hostname
that are trusted to set a valid value inside the specified header. See
$internal_proxy for details.


Default value: undef


proxies_header


Data type: Optional[String]


A header into which mod_remoteip will collect a list of all of the
intermediate client IP addresses trusted to resolve the useragent IP of the
request (e.g. X-Forwarded-By).


Default value: undef


proxy_protocol


Data type: Boolean


Wether or not to enable the PROXY protocol header handling. If enabled
upstream clients must set the header every time they open a connection.


Default value: false


proxy_protocol_exceptions


Data type: Optional[Array[Stdlib::Host]]


A list of IP address or IP blocks that are not required to use the PROXY
protocol.


Default value: undef


trusted_proxy


Data type: Optional[Array[Stdlib::Host]]


A list of IP addresses, IP blocks or hostname that are trusted to set a
valid value inside the specified header. Unlike the $proxy_ips parameter,
any private IP presented by these proxies will be disgarded by
mod_remoteip.


Default value: undef


trusted_proxy_ips


Data type: Optional[Array[Stdlib::Host]]


Deprecated: use $trusted_proxy instead.


Default value: undef


trusted_proxy_list


Data type: Optional[Stdlib::Absolutepath]


The path to a file containing a list of IP addresses, IP blocks or hostname
that are trusted to set a valid value inside the specified header. See
$trusted_proxy for details.


Default value: undef


apache::mod::reqtimeout


Installs and configures mod_reqtimeout.



Parameters


The following parameters are available in the apache::mod::reqtimeout class:



timeouts


Data type: Variant[Array[String], String]


List of timeouts and data rates for receiving requests.


Default value: ['header=20-40,minrate=500', 'body=10,minrate=500']


apache::mod::rewrite


Installs mod_rewrite.



apache::mod::rpaf


Installs and configures mod_rpaf.



Parameters


The following parameters are available in the apache::mod::rpaf class:



sethostname


Data type: Variant[Boolean, String]


Toggles whether to update vhost name so ServerName and ServerAlias work.


Default value: true


proxy_ips


Data type: Array[Stdlib::IP::Address]


List of IPs & bitmasked subnets to adjust requests for


Default value: ['127.0.0.1']


header


Data type: String


Header to use for the real IP address.


Default value: 'X-Forwarded-For'


template


Data type: String


Path to template to use for configuring mod_rpaf.


Default value: 'apache/mod/rpaf.conf.epp'


apache::mod::security


Installs and configures mod_security.



Parameters


The following parameters are available in the apache::mod::security class:



version


Data type: Integer


Manage mod_security or mod_security2


Default value: $apache::params::modsec_version


logroot


Data type: Stdlib::Absolutepath


Configures the location of audit and debug logs.


Default value: $apache::params::logroot


crs_package


Data type: Optional[String]


Name of package that installs CRS rules.


Default value: $apache::params::modsec_crs_package


activated_rules


Data type: Array[String]


An array of rules from the modsec_crs_path or absolute to activate via symlinks.


Default value: $apache::params::modsec_default_rules


custom_rules


Data type: Boolean


Default value: $apache::params::modsec_custom_rules


custom_rules_set


Data type: Optional[Array[String]]


Default value: $apache::params::modsec_custom_rules_set


modsec_dir


Data type: Stdlib::Absolutepath


Defines the path where Puppet installs the modsec configuration and activated rules links.


Default value: $apache::params::modsec_dir


modsec_secruleengine


Data type: String


Configures the rules engine.


Default value: $apache::params::modsec_secruleengine


debug_log_level


Data type: Integer[0, 9]


Configures the debug log level.


Default value: 0


audit_log_relevant_status


Data type: String


Configures which response status code is to be considered relevant for the purpose of audit logging.


Default value: '^(?:5|4(?!04))'


audit_log_parts


Data type: String


Defines which parts of each transaction are going to be recorded in the audit log. Each part is assigned a single letter; when a
letter appears in the list then the equivalent part will be recorded.


Default value: $apache::params::modsec_audit_log_parts


audit_log_type


Data type: String


Defines the type of audit logging mechanism to be used.


Default value: $apache::params::modsec_audit_log_type


audit_log_format


Data type: Enum['Native', 'JSON']


Defines what format the logs should be written in.


Default value: 'Native'


audit_log_storage_dir


Data type: Optional[Stdlib::Absolutepath]


Defines the directory where concurrent audit log entries are to be stored. This directive is only needed when concurrent audit logging is used.


Default value: undef


secpcrematchlimit


Data type: Integer


Sets the match limit in the PCRE library.


Default value: $apache::params::secpcrematchlimit


secpcrematchlimitrecursion


Data type: Integer


Sets the match limit recursion in the PCRE library.


Default value: $apache::params::secpcrematchlimitrecursion


allowed_methods


Data type: String


A space-separated list of allowed HTTP methods.


Default value: 'GET HEAD POST OPTIONS'


content_types


Data type: String


A list of one or more allowed MIME types.


Default value: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf'


restricted_extensions


Data type: String


A space-sparated list of prohibited file extensions.


Default value: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'


restricted_headers


Data type: String


A list of restricted headers separated by slashes and spaces.


Default value: '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'


secdefaultaction


Data type: String


Defines the default list of actions, which will be inherited by the rules in the same configuration context.


Default value: 'deny'


inbound_anomaly_threshold


Data type: Integer


Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.


Default value: 5


outbound_anomaly_threshold


Data type: Integer


Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.


Default value: 4


critical_anomaly_score


Data type: Integer


Sets the Anomaly Score for rules assigned with a critical severity.


Default value: 5


error_anomaly_score


Data type: Integer


Sets the Anomaly Score for rules assigned with a error severity.


Default value: 4


warning_anomaly_score


Data type: Integer


Sets the Anomaly Score for rules assigned with a warning severity.


Default value: 3


notice_anomaly_score


Data type: Integer


Sets the Anomaly Score for rules assigned with a notice severity.


Default value: 2


paranoia_level


Data type: Integer[1,4]


Sets the paranoia level in the OWASP ModSecurity Core Rule Set.


Default value: 1


executing_paranoia_level


Data type: Integer[1,4]


Sets the executing paranoia level in the OWASP ModSecurity Core Rule Set.
The default is equal to, and cannot be lower than, $paranoia_level.


Default value: $paranoia_level


secrequestmaxnumargs


Data type: Integer


Sets the maximum number of arguments in the request.


Default value: 255


secrequestbodylimit


Data type: Integer


Sets the maximum request body size ModSecurity will accept for buffering.


Default value: 13107200


secrequestbodynofileslimit


Data type: Integer


Configures the maximum request body size ModSecurity will accept for buffering, excluding the size of any files being transported
in the request.


Default value: 131072


secrequestbodyinmemorylimit


Data type: Integer


Configures the maximum request body size that ModSecurity will store in memory.


Default value: 131072


secrequestbodyaccess


Data type: Apache::OnOff


Toggle SecRequestBodyAccess On or Off


Default value: 'On'


secrequestbodylimitaction


Data type: Enum['Reject', 'ProcessPartial']


Controls what happens once a request body limit, configured with
SecRequestBodyLimit, is encountered


Default value: 'Reject'


secresponsebodyaccess


Data type: Apache::OnOff


Toggle SecResponseBodyAccess On or Off


Default value: 'Off'


secresponsebodylimitaction


Data type: Enum['Reject', 'ProcessPartial']


Controls what happens once a response body limit, configured with
SecResponseBodyLimitAction, is encountered.


Default value: 'ProcessPartial'


manage_security_crs


Data type: Boolean


Toggles whether to manage ModSecurity Core Rule Set


Default value: true


enable_dos_protection


Data type: Boolean


Toggles the optional OWASP ModSecurity Core Rule Set DOS protection rule
(rule id 900700)


Default value: true


dos_burst_time_slice


Data type: Integer[1, default]


Configures time in which a burst is measured for the OWASP ModSecurity Core Rule Set DOS protection rule
(rule id 900700)


Default value: 60


dos_counter_threshold


Data type: Integer[1, default]


Configures the amount of requests that can be made within dos_burst_time_slice before it is considered a burst in
the OWASP ModSecurity Core Rule Set DOS protection rule (rule id 900700)


Default value: 100


dos_block_timeout


Data type: Integer[1, default]


Configures how long the client should be blocked when the dos_counter_threshold is exceeded in the OWASP
ModSecurity Core Rule Set DOS protection rule (rule id 900700)


Default value: 600


apache::mod::setenvif


Installs mod_setenvif.



apache::mod::shib


This class installs and configures only the Apache components of a web application that consumes Shibboleth SSO identities. You
can manage the Shibboleth configuration manually, with Puppet, or using a Shibboleth Puppet Module.



Parameters


The following parameters are available in the apache::mod::shib class:



suppress_warning


Data type: Boolean


Toggles whether to trigger warning on RedHat nodes.


Default value: false


mod_full_path


Data type: Optional[Stdlib::Absolutepath]


Specifies a path to the module. Do not manually set this parameter without a special reason.


Default value: undef


package_name


Data type: Optional[String]


Name of the Shibboleth package to be installed.


Default value: undef


mod_lib


Data type: Optional[String]


Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The path parameter
overrides this value.


Default value: undef


apache::mod::socache_shmcb


Installs mod_socache_shmcb.



apache::mod::speling


Installs mod_spelling.



apache::mod::ssl


On most operating systems, the ssl.conf is placed in the module configuration directory. On Red Hat based operating systems, this
file is placed in /etc/httpd/conf.d, the same location in which the RPM stores the configuration.


To use SSL with a virtual host, you must either set the default_ssl_vhost parameter in ::apache to true or the ssl parameter in
apache::vhost to true.



Parameters


The following parameters are available in the apache::mod::ssl class:



ssl_compression


Data type: Boolean


Enable compression on the SSL level.


Default value: false


ssl_sessiontickets


Data type: Optional[Boolean]


Enable or disable use of TLS session tickets


Default value: undef


ssl_cryptodevice


Data type: String


Enable use of a cryptographic hardware accelerator.


Default value: 'builtin'


ssl_options


Data type: Array[String]


Configure various SSL engine run-time options.


Default value: ['StdEnvVars']


ssl_openssl_conf_cmd


Data type: Optional[String]


Configure OpenSSL parameters through its SSL_CONF API.


Default value: undef


ssl_cert


Data type: Optional[Stdlib::Absolutepath]


Path to server PEM-encoded X.509 certificate data file.


Default value: undef


ssl_key


Data type: Optional[Stdlib::Absolutepath]


Path to server PEM-encoded private key file


Default value: undef


ssl_ca


Data type: Optional[Stdlib::Absolutepath]


File of concatenated PEM-encoded CA Certificates for Client Auth.


Default value: undef


ssl_cipher


Data type: Variant[String[1], Hash[String[1], String[1]]]


Cipher Suite available for negotiation in SSL handshake.


Default value: $apache::params::ssl_cipher


ssl_honorcipherorder


Data type: Variant[Boolean, Apache::OnOff]


Option to prefer the server's cipher preference order.


Default value: true


ssl_protocol


Data type: Array[String]


Configure usable SSL/TLS protocol versions.
Default based on the OS:


    

  • RedHat 8: [ 'all' ].
    • 

  • Other Platforms: [ 'all', '-SSLv2', '-SSLv3' ].
    • 



Default value: $apache::params::ssl_protocol


ssl_proxy_protocol


Data type: Array


Configure usable SSL protocol flavors for proxy usage.


Default value: []


ssl_proxy_cipher_suite


Data type: Optional[String[1]]


Configure usable SSL ciphers for proxy usage. Equivalent to ssl_cipher but for proxy connections.


Default value: $apache::params::ssl_proxy_cipher_suite


ssl_pass_phrase_dialog


Data type: String


Type of pass phrase dialog for encrypted private keys.


Default value: 'builtin'


ssl_random_seed_bytes


Data type: Integer


Pseudo Random Number Generator (PRNG) seeding source.


Default value: 512


ssl_sessioncache


Data type: String


Configures the storage type of the global/inter-process SSL Session Cache


Default value: $apache::params::ssl_sessioncache


ssl_sessioncachetimeout


Data type: Integer


Number of seconds before an SSL session expires in the Session Cache.


Default value: 300


ssl_stapling


Data type: Boolean


Enable stapling of OCSP responses in the TLS handshake.


Default value: false


stapling_cache


Data type: Optional[String]


Configures the cache used to store OCSP responses which get included in
the TLS handshake if SSLUseStapling is enabled.


Default value: undef


ssl_stapling_return_errors


Data type: Optional[Boolean]


Pass stapling related OCSP errors on to client.


Default value: undef


ssl_mutex


Data type: String


Configures mutex mechanism and lock file directory for all or specified mutexes.


Default value: 'default'


ssl_reload_on_change


Data type: Boolean


Enable reloading of apache if the content of ssl files have changed. It only affects ssl files configured here and not vhost ones.


Default value: false


package_name


Data type: Optional[String]


Name of ssl package to install.


Default value: undef


apache::mod::status


Installs and configures mod_status.



Examples




# Simple usage allowing access from localhost and a private subnet
class { 'apache::mod::status':
  requires => 'ip 127.0.0.1 ::1 10.10.10.10/24',
}

    
      
      
    
  


Parameters


The following parameters are available in the apache::mod::status class:



requires


Data type: Optional[Variant[String, Array, Hash]]


A Variant type that can be:


    

  • String with:

      

    • '' or 'unmanaged' - Host auth control done elsewhere
      • 

    • 'ip ' - Allowed IPs/ranges
      • 

    • 'host ' - Allowed names/domains
      • 

    • 'all [granted|denied]'
      • 

    

    • 

  • Array of strings with ip or host as above
    • 

  • Hash with following keys:

      

    • 'requires' - Value => Array as above
      • 

    • 'enforce' - Value => String 'Any', 'All' or 'None'
This encloses "Require" directives in "<Require(Any|All|None)>" block
Optional - If unspecified, "Require" directives follow current flow
      • 

    

    • 



Default value: undef


extended_status


Data type: Apache::OnOff


Determines whether to track extended status information for each request, via the ExtendedStatus directive.


Default value: 'On'


status_path


Data type: String


Path assigned to the Location directive which defines the URL to access the server status.


Default value: '/server-status'


apache::mod::suexec


Installs mod_suexec.



apache::mod::userdir


Installs and configures mod_userdir.



Parameters


The following parameters are available in the apache::mod::userdir class:



userdir


Data type: Optional[String[1]]


Path or directory name to be used as the UserDir.


Default value: undef


disable_root


Data type: Boolean


Toggles whether to allow use of root directory.


Default value: true


path


Data type: String


Path to directory or pattern from which to find user-specific directories.


Default value: '/home/*/public_html'


overrides


Data type: Array[String]


Array of directives that are allowed in .htaccess files.


Default value: ['FileInfo', 'AuthConfig', 'Limit', 'Indexes']


options


Data type: Array[String]


Configures what features are available in a particular directory.


Default value: ['MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec']


unmanaged_path


Data type: Boolean


Toggles whether to manage path in userdir.conf


Default value: false


custom_fragment


Data type: Optional[String]


Custom configuration to be added to userdir.conf


Default value: undef


apache::mod::version


Installs mod_version.



apache::mod::vhost_alias


Installs Apache mod_vhost_alias.



apache::mod::watchdog


Installs and configures mod_watchdog.



Parameters


The following parameters are available in the apache::mod::watchdog class:



watchdog_interval


Data type: Optional[Integer]


Sets the interval at which the watchdog_step hook runs.


Default value: undef


apache::mod::worker


Installs and manages the MPM worker.



Parameters


The following parameters are available in the apache::mod::worker class:



startservers


Data type: Integer


The number of child server processes created on startup


Default value: 2


minsparethreads


Data type: Integer


Minimum number of idle threads to handle request spikes.


Default value: 25


maxsparethreads


Data type: Integer


Maximum number of idle threads.


Default value: 75


threadsperchild


Data type: Integer


The number of threads created by each child process.


Default value: 25


maxrequestsperchild


Data type: Integer


Limit on the number of connectiojns an individual child server
process will handle. This is the old name and is still supported. The new
name is MaxConnectionsPerChild as of 2.3.9+.


Default value: 0


serverlimit


Data type: Integer


With worker, use this directive only if your MaxRequestWorkers
and ThreadsPerChild settings require more than 16 server processes
(default). Do not set the value of this directive any higher than the
number of server processes required by what you may want for
MaxRequestWorkers and ThreadsPerChild.


Default value: 25


threadlimit


Data type: Integer


This directive sets the maximum configured value for
ThreadsPerChild for the lifetime of the Apache httpd process.


Default value: 64


listenbacklog


Data type: Integer


Maximum length of the queue of pending connections.


Default value: 511


maxrequestworkers


Data type: Integer


Maximum number of connections that will be processed simultaneously


Default value: 150


apache::mod::wsgi


Installs and configures mod_wsgi.



Parameters


The following parameters are available in the apache::mod::wsgi class:



wsgi_restrict_embedded


Data type: Optional[String]


Enable restrictions on use of embedded mode.


Default value: undef


wsgi_socket_prefix


Data type: Optional[String]


Configure directory to use for daemon sockets.


Default value: $apache::params::wsgi_socket_prefix


wsgi_python_path


Data type: Optional[Stdlib::Absolutepath]


Additional directories to search for Python modules.


Default value: undef


wsgi_python_home


Data type: Optional[Stdlib::Absolutepath]


Absolute path to Python prefix/exec_prefix directories.


Default value: undef


wsgi_python_optimize


Data type: Optional[Integer]


Enables basic Python optimisation features.


Default value: undef


wsgi_application_group


Data type: Optional[String]


Sets which application group WSGI application belongs to.


Default value: undef


package_name


Data type: Optional[String]


Names of package that installs mod_wsgi.


Default value: undef


mod_path


Data type: Optional[String]


Defines the path to the mod_wsgi shared object (.so) file.


Default value: undef


apache::mod::xsendfile


Installs mod_xsendfile.



apache::mpm::disable_mpm_event


disable Apache-Module event


apache::mpm::disable_mpm_prefork


disable Apache-Module prefork


apache::mpm::disable_mpm_worker


disable Apache-Module worker


apache::vhosts


host parameters or Configuring virtual hosts in the README section.


    

  • Note See the apache::vhost defined type's reference for a list of all virtual
    • 



Examples


To create a name-based virtual host custom_vhost_1


class { 'apache::vhosts':
  vhosts => {
    'custom_vhost_1' => {
      'docroot' => '/var/www/custom_vhost_1',
      'port'    => 81,
    },
  },
}

    
      
      
    
  


Parameters


The following parameters are available in the apache::vhosts class:



vhosts


Data type: Hash


A hash, where the key represents the name and the value represents a hash of
apache::vhost defined type's parameters.


Default value: {}


Defined types


apache::balancer


Each balancer cluster needs one or more balancer members (that can
be declared with the apache::balancermember defined resource type). Using
storeconfigs, you can export the apache::balancermember resources on all
balancer members, and then collect them on a single apache load balancer
server.


    

  • Note Currently requires the puppetlabs/concat module on the Puppet Forge and uses
storeconfigs on the Puppet Server to export/collect resources from all
balancer members.
    • 



Examples




apache::balancer { 'puppet00': }

    
      
      
    
  


Parameters


The following parameters are available in the apache::balancer defined type:



name


The namevar of the defined resource type is the balancer clusters name.

This name is also used in the name of the conf.d file


proxy_set


Data type: Hash


Configures key-value pairs to be used as a ProxySet lines in the configuration.


Default value: {}


target


Data type: Optional[String]


The path to the file the balancer definition will be written in.


Default value: undef


collect_exported


Data type: Boolean


Determines whether to use exported resources.

If you statically declare all of your backend servers, set this parameter to false to rely
on existing, declared balancer member resources. Also, use apache::balancermember with array
arguments.

To dynamically declare backend servers via exported resources collected on a central node,
set this parameter to true to collect the balancer member resources exported by the balancer
member nodes.

If you don't use exported resources, a single Puppet run configures all balancer members. If
you use exported resources, Puppet has to run on the balanced nodes first, then run on the
balancer.


Default value: true


options


Data type: Array[Pattern[/=/]]


Specifies an array of options
after the balancer URL, and accepts any key-value pairs available to ProxyPass.


Default value: []


apache::balancermember


Sets up a balancer member inside a listening service configuration block in
the load balancer's apache.cfg.


This type will setup a balancer member inside a listening service
configuration block in /etc/apache/apache.cfg on the load balancer.
Currently it only has the ability to specify the instance name, url and an
array of options. More features can be added as needed. The best way to
implement this is to export this resource for all apache balancer member
servers, and then collect them on the main apache load balancer.


    

  • Note Currently requires the puppetlabs/concat module on the Puppet Forge and
uses storeconfigs on the Puppet Server to export/collect resources
from all balancer members.
    • 



Examples




@@apache::balancermember { 'apache':
  balancer_cluster => 'puppet00',
  url              => "ajp://${::fqdn}:8009"
  options          => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
}

    
      
      
    
  


Parameters


The following parameters are available in the apache::balancermember defined type:



name


The title of the resource is arbitrary and only utilized in the concat
fragment name.


balancer_cluster


Data type: String


The apache service's instance name (or, the title of the apache::balancer
resource). This must match up with a declared apache::balancer resource.


url


Data type: Apache::ModProxyProtocol


The url used to contact the balancer member server.


Default value: "http://${$facts['networking']['fqdn']}/"


options


Data type: Array


Specifies an array of options
after the URL, and accepts any key-value pairs available to ProxyPass.


Default value: []


apache::custom_config


If the file is invalid and this defined type's verify_config parameter's value is
true, Puppet throws an error during a Puppet run.


Parameters


The following parameters are available in the apache::custom_config defined type:



ensure


Data type: Enum['absent', 'present']


Specifies whether the configuration file should be present.


Default value: 'present'


confdir


Data type: Stdlib::Absolutepath


Sets the directory in which Puppet places configuration files.


Default value: $apache::confd_dir


content


Data type: Optional[Variant[Sensitive, String]]


Sets the configuration file's content. The content and source parameters are exclusive
of each other.


Default value: undef


filename


Data type: Optional[String]


Sets the name of the file under confdir in which Puppet stores the configuration.


Default value: undef


priority


Data type: Apache::Vhost::Priority


Sets the configuration file's priority by prefixing its filename with this parameter's
numeric value, as Apache processes configuration files in alphanumeric order.

To omit the priority prefix in the configuration file's name, set this parameter to false.


Default value: 25


source


Data type: Optional[String]


Points to the configuration file's source. The content and source parameters are
exclusive of each other.


Default value: undef


verify_command


Data type: Variant[String, Array[String], Array[Array[String]]]


Specifies the command Puppet uses to verify the configuration file. Use a fully qualified
command.

This parameter is used only if the verify_config parameter's value is true. If the
verify_command fails, the Puppet run deletes the configuration file and raises an error,
but does not notify the Apache service.
Command can be passed through as either a String, i.e. '/usr/sbin/apache2ctl -t'
An array, i.e. ['/usr/sbin/apache2ctl', '-t']
Or an array of arrays with each one having to pass succesfully, i.e. [['/usr/sbin/apache2ctl', '-t'], '/usr/sbin/apache2ctl -t']


Default value: $apache::params::verify_command


verify_config


Data type: Boolean


Specifies whether to validate the configuration file before notifying the Apache service.


Default value: true


owner


Data type: Optional[String]


File owner of configuration file


Default value: undef


group


Data type: Optional[String]


File group of configuration file


Default value: undef


file_mode


Data type: Optional[Stdlib::Filemode]


File mode of configuration file


Default value: undef


show_diff


Data type: Boolean


show_diff property for configuration file resource


Default value: true


apache::fastcgi::server


Defines one or more external FastCGI servers to handle specific file types. Use this
defined type with mod_fastcgi.


Parameters


The following parameters are available in the apache::fastcgi::server defined type:



host


Data type: String


Determines the FastCGI's hostname or IP address and TCP port number (1-65535).


Default value: '127.0.0.1:9000'


timeout


Data type: Integer


Sets the number of seconds a FastCGI application can be inactive before aborting the
request and logging the event at the error LogLevel. The inactivity timer applies only as
long as a connection is pending with the FastCGI application. If a request is queued to an
application, but the application doesn't respond by writing and flushing within this period,
the request is aborted. If communication is complete with the application but incomplete with
the client (the response is buffered), the timeout does not apply.


Default value: 15


flush


Data type: Boolean


Forces mod_fastcgi to write to the client as data is received from the
application. By default, mod_fastcgi buffers data in order to free the application
as quickly as possible.


Default value: false


faux_path


Data type: Stdlib::Absolutepath


Apache has FastCGI handle URIs that resolve to this filename. The path set in this
parameter does not have to exist in the local filesystem.


Default value: "/var/www/${name}.fcgi"


fcgi_alias


Data type: Stdlib::Unixpath


Internally links actions with the FastCGI server. This alias must be unique.


Default value: "/${name}.fcgi"


file_type


Data type: String


Sets the MIME content-type of the file to be processed by the FastCGI server.


Default value: 'application/x-httpd-php'


pass_header


Data type: Optional[String]


Sets a header for the server


Default value: undef


apache::listen


The apache::vhost class uses this defined type, and titles take the form
<PORT>, <IPV4>:<PORT>, or <IPV6>:<PORT>.


apache::mod


Checks for or places the module's default configuration files in the Apache server's
module and enable directories. The default locations depend on your operating system.


Parameters


The following parameters are available in the apache::mod defined type:



package


Data type: Optional[String]


Required.

Names the package Puppet uses to install the Apache module.


Default value: undef


package_ensure


Data type: String


Determines whether Puppet ensures the Apache module should be installed.


Default value: 'present'


lib


Data type: Optional[String]


Defines the module's shared object name. Do not configure manually without special reason.


Default value: undef


lib_path


Data type: String


Specifies a path to the module's libraries. Do not manually set this parameter
without special reason. The path parameter overrides this value.


Default value: $apache::lib_path


loadfile_name


Data type: Optional[String]


Sets the filename for the module's LoadFile directive, which can also set
the module load order as Apache processes them in alphanumeric order.


Default value: undef


id


Data type: Optional[String]


Specifies the package id


Default value: undef


loadfiles


Data type: Optional[Array]


Specifies an array of LoadFile directives.


Default value: undef


path


Data type: Optional[String]


Specifies a path to the module. Do not manually set this parameter without a special reason.


Default value: undef


apache::namevirtualhost


Adds all related directives to the ports.conf file in the Apache HTTPD configuration
directory. Titles can take the forms \*, \*:\<PORT\>, \_default\_:\<PORT\>,
\<IP\>, or \<IP\>:\<PORT\>.


apache::vhost


The apache module allows a lot of flexibility in the setup and configuration of virtual hosts.
This flexibility is due, in part, to vhost being a defined resource type, which allows Apache
to evaluate it multiple times with different parameters.

The apache::vhost defined type allows you to have specialized configurations for virtual hosts
that have requirements outside the defaults. You can set up a default virtual host within
the base ::apache class, as well as set a customized virtual host as the default.
Customized virtual hosts have a lower numeric priority than the base class's, causing
Apache to process the customized virtual host first.

The apache::vhost defined type uses concat::fragment to build the configuration file. To
inject custom fragments for pieces of the configuration that the defined type doesn't
inherently support, add a custom fragment.

For the custom fragment's order parameter, the apache::vhost defined type uses multiples
of 10, so any order that isn't a multiple of 10 should work.




Note: When creating an apache::vhost, it cannot be named default or default-ssl,
because vhosts with these titles are always managed by the module. This means that you cannot
override Apache::Vhost['default']  or Apache::Vhost['default-ssl] resources. An optional
workaround is to create a vhost named something else, such as my default, and ensure that the
default and default_ssl vhosts are set to false:




Examples




class { 'apache':
  default_vhost     => false,
  default_ssl_vhost => false,
}

    
      
      
    
  


Parameters


The following parameters are available in the apache::vhost defined type:



access_log


Data type: Boolean


Determines whether to configure *_access.log directives (*_file, *_pipe, or *_syslog).


Default value: true


access_log_env_var


Data type: Optional[Variant[Boolean, String]]


Specifies that only requests with particular environment variables be logged.


Default value: undef


access_log_file


Data type: Optional[String[1]]


Sets the filename of the *_access.log placed in logroot. Given a virtual host ---for
instance, example.com--- it defaults to 'example.com_ssl.log' for
SSL-encrypted virtual hosts and
example.com_access.log for unencrypted virtual hosts.


Default value: undef


access_log_format


Data type: Optional[String[1]]


Specifies the use of either a LogFormat nickname or a custom-formatted string for the
access log.


Default value: undef


access_log_pipe


Data type: Optional[String[1]]


Specifies a pipe where Apache sends access log messages.


Default value: undef


access_log_syslog


Data type: Optional[Variant[String, Boolean]]


Sends all access log messages to syslog.


Default value: undef


access_logs


Data type: Optional[Array[Hash]]


Allows you to give a hash that specifies the state of each of the access_log_*
directives shown above, i.e. access_log_pipe and access_log_syslog.


Default value: undef


add_default_charset


Data type: Optional[String]


Sets a default media charset value for the AddDefaultCharset directive, which is
added to text/plain and text/html responses.


Default value: undef


add_listen


Data type: Boolean


Determines whether the virtual host creates a Listen statement.

Setting add_listen to false prevents the virtual host from creating a Listen
statement. This is important when combining virtual hosts that aren't passed an ip
parameter with those that are.


Default value: true


use_optional_includes


Data type: Boolean


Specifies whether Apache uses the IncludeOptional directive instead of Include for
additional_includes in Apache 2.4 or newer.


Default value: $apache::use_optional_includes


aliases


Data type: Array[Hash[String[1], String[1]]]


Passes a list of [hashes][hash] to the virtual host to create Alias, AliasMatch,
ScriptAlias or ScriptAliasMatch directives as per the mod_alias documentation.

For example:


aliases => [
  { aliasmatch       => '^/image/(.*)\.jpg$',
    path             => '/files/jpg.images/$1.jpg',
  },
  { alias            => '/image',
    path             => '/ftp/pub/image',
  },
  { scriptaliasmatch => '^/cgi-bin(.*)',
    path             => '/usr/local/share/cgi-bin$1',
  },
  { scriptalias      => '/nagios/cgi-bin/',
    path             => '/usr/lib/nagios/cgi-bin/',
  },
  { alias            => '/nagios',
    path             => '/usr/share/nagios/html',
  },
],

    
      
      
    
  


For the alias, aliasmatch, scriptalias and scriptaliasmatch keys to work, each needs
a corresponding context, such as <Directory /path/to/directory> or
<Location /some/location/here>. Puppet creates the directives in the order specified in
the aliases parameter. As described in the mod_alias documentation, add more specific
alias, aliasmatch, scriptalias or scriptaliasmatch parameters before the more
general ones to avoid shadowing.

If apache::mod::passenger is loaded and PassengerHighPerformance is true, the Alias
directive might not be able to honor the PassengerEnabled => off statement. See
this article for details.


Default value: []


allow_encoded_slashes


Data type: Optional[Variant[Apache::OnOff, Enum['nodecode']]]


Sets the AllowEncodedSlashes declaration for the virtual host, overriding the server
default. This modifies the virtual host responses to URLs with \ and / characters. The
default setting omits the declaration from the server configuration and selects the
Apache default setting of Off.


Default value: undef


block


Data type: Variant[Array[String], String]


Specifies the list of things to which Apache blocks access. Valid options are: scm (which
blocks web access to .svn), .git, and .bzr directories.


Default value: []


cas_attribute_prefix


Data type: Optional[String]


Adds a header with the value of this header being the attribute values when SAML
validation is enabled.


Default value: undef


cas_attribute_delimiter


Data type: Optional[String]


Sets the delimiter between attribute values in the header created by cas_attribute_prefix.


Default value: undef


cas_login_url


Data type: Optional[String]


Sets the URL to which the module redirects users when they attempt to access a
CAS-protected resource and don't have an active session.


Default value: undef


cas_root_proxied_as


Data type: Optional[String]


Sets the URL end users see when access to this Apache server is proxied per vhost.
This URL should not include a trailing slash.


Default value: undef


cas_scrub_request_headers


Data type: Boolean


Remove inbound request headers that may have special meaning within mod_auth_cas.


Default value: false


cas_sso_enabled


Data type: Boolean


Enables experimental support for single sign out (may mangle POST data).


Default value: false


cas_validate_saml


Data type: Boolean


Parse response from CAS server for SAML.


Default value: false


cas_validate_url


Data type: Optional[String]


Sets the URL to use when validating a client-presented ticket in an HTTP query string.


Default value: undef


cas_cookie_path


Data type: Optional[String]


Sets the location where information on the current session should be stored. This should
be writable by the web server only.


Default value: undef


comment


Data type: Optional[Variant[String, Array[String]]]


Adds comments to the header of the configuration file. Pass as string or an array of strings.
For example:


comment => "Account number: 123B",

    
      
      
    
  


Or:


comment => [
  "Customer: X",
  "Frontend domain: x.example.org",
]

    
      
      
    
  


Default value: undef


default_vhost


Data type: Boolean


Sets a given apache::vhost defined type as the default to serve requests that do not
match any other apache::vhost defined types.


Default value: false


directoryindex


Data type: Optional[String]


Sets the list of resources to look for when a client requests an index of the directory
by specifying a '/' at the end of the directory name. See the DirectoryIndex directive
documentation for details.


Default value: undef


docroot


Data type: Variant[Stdlib::Absolutepath, Boolean]


Required.

Sets the DocumentRoot location, from which Apache serves files.

If docroot and manage_docroot are both set to false, no DocumentRoot will be set
and the accompanying <Directory /path/to/directory> block will not be created.


docroot_group


Data type: String


Sets group access to the docroot directory.


Default value: $apache::params::root_group


docroot_owner


Data type: String


Sets individual user access to the docroot directory.


Default value: 'root'


docroot_mode


Data type: Optional[Stdlib::Filemode]


Sets access permissions for the docroot directory, in numeric notation.


Default value: undef


manage_docroot


Data type: Boolean


Determines whether Puppet manages the docroot directory.


Default value: true


error_log


Data type: Boolean


Specifies whether *_error.log directives should be configured.


Default value: true


error_log_file


Data type: Optional[String]


Points the virtual host's error logs to a *_error.log file. If this parameter is
undefined, Puppet checks for values in error_log_pipe, then error_log_syslog.

If none of these parameters is set, given a virtual host example.com, Puppet defaults
to $logroot/example.com_error_ssl.log for SSL virtual hosts and
$logroot/example.com_error.log for non-SSL virtual hosts.


Default value: undef


error_log_pipe


Data type: Optional[String]


Specifies a pipe to send error log messages to.

This parameter has no effect if the error_log_file parameter has a value. If neither
this parameter nor error_log_file has a value, Puppet then checks error_log_syslog.


Default value: undef


error_log_syslog


Data type: Optional[Variant[String, Boolean]]


Determines whether to send all error log messages to syslog.
This parameter has no effect if either of the error_log_file or error_log_pipe
parameters has a value. If none of these parameters has a value, given a virtual host
example.com, Puppet defaults to $logroot/example.com_error_ssl.log for SSL virtual
hosts and $logroot/example.com_error.log for non-SSL virtual hosts.


Default value: undef


error_log_format


Data type:


Optional[
    Array[
      Variant[
        String,
        Hash[String, Enum['connection', 'request']]
      ]
    ]
  ]

    
      
      
    
  


Sets the ErrorLogFormat
format specification for error log entries inside virtual host
For example:


apache::vhost { 'site.name.fdqn':
  ...
  error_log_format => [
    '[%{uc}t] [%-m:%-l] [R:%L] [C:%{C}L] %7F: %E: %M',
    { '[%{uc}t] [R:%L] Request %k on C:%{c}L pid:%P tid:%T' => 'request' },
    { "[%{uc}t] [R:%L] UA:'%+{User-Agent}i'" => 'request' },
    { "[%{uc}t] [R:%L] Referer:'%+{Referer}i'" => 'request' },
    { '[%{uc}t] [C:%{c}L] local\ %a remote\ %A' => 'connection' },
  ],
}

    
      
      
    
  


Default value: undef


error_documents


Data type: Variant[Array[Hash], String]


A list of hashes which can be used to override the
ErrorDocument
settings for this virtual host.

For example:


apache::vhost { 'sample.example.net':
  error_documents => [
    { 'error_code' => '503', 'document' => '/service-unavail' },
    { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },
  ],
}

    
      
      
    
  


Default value: []


ensure


Data type: Enum['absent', 'present']


Specifies if the virtual host is present or absent.


Default value: 'present'


show_diff


Data type: Boolean


Specifies whether to set the show_diff parameter for the file resource.


Default value: true


fallbackresource


Data type: Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]]


Sets the FallbackResource
directive, which specifies an action to take for any URL that doesn't map to anything in
your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin
with a / or be disabled.


Default value: undef


filters


Data type: Array[String[1]]


Filters enable smart,
context-sensitive configuration of output content filters.


apache::vhost { "$::fqdn":
  filters => [
    'FilterDeclare   COMPRESS',
    'FilterProvider  COMPRESS DEFLATE resp=Content-Type $text/html',
    'FilterChain     COMPRESS',
    'FilterProtocol  COMPRESS DEFLATE change=yes;byteranges=no',
  ],
}

    
      
      
    
  


Default value: []


h2_copy_files


Data type: Optional[Boolean]


Sets the H2CopyFiles
directive which influences how the requestion process pass files to the main connection.


Default value: undef


h2_direct


Data type: Optional[Boolean]


Sets the H2Direct
directive which toggles the usage of the HTTP/2 Direct Mode.


Default value: undef


h2_early_hints


Data type: Optional[Boolean]


Sets the H2EarlyHints
directive which controls if HTTP status 103 interim responses are forwarded to
the client or not.


Default value: undef


h2_max_session_streams


Data type: Optional[Integer]


Sets the H2MaxSessionStreams
directive which sets the maximum number of active streams per HTTP/2 session
that the server allows.


Default value: undef


h2_modern_tls_only


Data type: Optional[Boolean]


Sets the H2ModernTLSOnly
directive which toggles the security checks on HTTP/2 connections in TLS mode.


Default value: undef


h2_push


Data type: Optional[Boolean]


Sets the H2Push
directive which toggles the usage of the HTTP/2 server push protocol feature.


Default value: undef


h2_push_diary_size


Data type: Optional[Integer]


Sets the H2PushDiarySize
directive which toggles the maximum number of HTTP/2 server pushes that are
remembered per HTTP/2 connection.


Default value: undef


h2_push_priority


Data type: Array[String]


Sets the H2PushPriority
directive which defines the priority handling of pushed responses based on the
content-type of the response.


Default value: []


h2_push_resource


Data type: Array[String]


Sets the H2PushResource
directive which declares resources for early pushing to the client.


Default value: []


h2_serialize_headers


Data type: Optional[Boolean]


Sets the H2SerializeHeaders
directive which toggles if HTTP/2 requests are serialized in HTTP/1.1
format for processing by httpd core.


Default value: undef


h2_stream_max_mem_size


Data type: Optional[Integer]


Sets the H2StreamMaxMemSize
directive which sets the maximum number of outgoing data bytes buffered in
memory for an active stream.


Default value: undef


h2_tls_cool_down_secs


Data type: Optional[Integer]


Sets the H2TLSCoolDownSecs
directive which sets the number of seconds of idle time on a TLS connection
before the TLS write size falls back to a small (~1300 bytes) length.


Default value: undef


h2_tls_warm_up_size


Data type: Optional[Integer]


Sets the H2TLSWarmUpSize
directive which sets the number of bytes to be sent in small TLS records (~1300
bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections.


Default value: undef


h2_upgrade


Data type: Optional[Boolean]


Sets the H2Upgrade
directive which toggles the usage of the HTTP/1.1 Upgrade method for switching
to HTTP/2.


Default value: undef


h2_window_size


Data type: Optional[Integer]


Sets the H2WindowSize
directive which sets the size of the window that is used for flow control from
client to server and limits the amount of data the server has to buffer.


Default value: undef


ip


Data type:


Optional[
    Variant[
      Array[Variant[Stdlib::IP::Address, Enum['*']]],
      Variant[Stdlib::IP::Address, Enum['*']]
    ]
  ]

    
      
      
    
  


Sets the IP address the virtual host listens on. By default, uses Apache's default behavior
of listening on all IPs.


Default value: undef


ip_based


Data type: Boolean


Enables an IP-based virtual
host. This parameter inhibits the creation of a NameVirtualHost directive, since those are
used to funnel requests to name-based virtual hosts.


Default value: false


itk


Data type: Optional[Hash]


Configures ITK in a hash.

Usage typically looks something like:


apache::vhost { 'sample.example.net':
  docroot => '/path/to/directory',
  itk     => {
    user  => 'someuser',
    group => 'somegroup',
  },
}

    
      
      
    
  


Valid values are: a hash, which can include the keys:


    

  • user + group
    • 

  • assignuseridexpr
    • 

  • assigngroupidexpr
    • 

  • maxclientvhost
    • 

  • nice
    • 

  • limituidrange (Linux 3.5.0 or newer)
    • 

  • limitgidrange (Linux 3.5.0 or newer)
    • 



Default value: undef


action


Data type: Optional[String]


Specifies whether you wish to configure mod_actions action directive which will
activate cgi-script when triggered by a request.


Default value: undef


jk_mounts


Data type: Array[Hash]


Sets up a virtual host with JkMount and JkUnMount directives to handle the paths
for URL mapping between Tomcat and Apache.

The parameter must be an array of hashes where each hash must contain the worker
and either the mount or unmount keys.

Usage typically looks like:


apache::vhost { 'sample.example.net':
  jk_mounts => [
    { mount   => '/*',     worker => 'tcnode1', },
    { unmount => '/*.jpg', worker => 'tcnode1', },
  ],
}

    
      
      
    
  


Default value: []


http_protocol_options


Data type: Optional[Pattern[/^((Strict|Unsafe)?\s*(\b(Registered|Lenient)Methods)?\s*(\b(Allow0\.9|Require1\.0))?)$/]]


Specifies the strictness of HTTP protocol checks.


Default value: undef


keepalive


Data type: Optional[Apache::OnOff]


Determines whether to enable persistent HTTP connections with the KeepAlive directive
for the virtual host. By default, the global, server-wide KeepAlive setting is in effect.

Use the keepalive_timeout and max_keepalive_requests parameters to set relevant options
for the virtual host.


Default value: undef


keepalive_timeout


Data type: Optional[Variant[Integer, String]]


Sets the KeepAliveTimeout directive for the virtual host, which determines the amount
of time to wait for subsequent requests on a persistent HTTP connection. By default, the
global, server-wide KeepAlive setting is in effect.

This parameter is only relevant if either the global, server-wide keepalive parameter or
the per-vhost keepalive parameter is enabled.


Default value: undef


max_keepalive_requests


Data type: Optional[Variant[Integer, String]]


Limits the number of requests allowed per connection to the virtual host. By default,
the global, server-wide KeepAlive setting is in effect.

This parameter is only relevant if either the global, server-wide keepalive parameter or
the per-vhost keepalive parameter is enabled.


Default value: undef


auth_kerb


Data type: Boolean


Enable mod_auth_kerb parameters for a virtual host.

Usage typically looks like:


apache::vhost { 'sample.example.net':
  auth_kerb              => `true`,
  krb_method_negotiate   => 'on',
  krb_auth_realms        => ['EXAMPLE.ORG'],
  krb_local_user_mapping => 'on',
  directories            => [
    {
      path         => '/var/www/html',
      auth_name    => 'Kerberos Login',
      auth_type    => 'Kerberos',
      auth_require => 'valid-user',
    },
  ],
}

    
      
      
    
  


Default value: false


krb_method_negotiate


Data type: Apache::OnOff


Determines whether to use the Negotiate method.


Default value: 'on'


krb_method_k5passwd


Data type: Apache::OnOff


Determines whether to use password-based authentication for Kerberos v5.


Default value: 'on'


krb_authoritative


Data type: Apache::OnOff


If set to off, authentication controls can be passed on to another module.


Default value: 'on'


krb_auth_realms


Data type: Array[String]


Specifies an array of Kerberos realms to use for authentication.


Default value: []


krb_5keytab


Data type: Optional[String]


Specifies the Kerberos v5 keytab file's location.


Default value: undef


krb_local_user_mapping


Data type: Optional[Apache::OnOff]


Strips @REALM from usernames for further use.


Default value: undef


krb_verify_kdc


Data type: Apache::OnOff


This option can be used to disable the verification tickets against local keytab to prevent
KDC spoofing attacks.


Default value: 'on'


krb_servicename


Data type: String


Specifies the service name that will be used by Apache for authentication. Corresponding
key of this name must be stored in the keytab.


Default value: 'HTTP'


krb_save_credentials


Data type: Apache::OnOff


This option enables credential saving functionality.


Default value: 'off'


logroot


Data type: Stdlib::Absolutepath


Specifies the location of the virtual host's logfiles.


Default value: $apache::logroot


logroot_ensure


Data type: Enum['directory', 'absent']


Determines whether or not to remove the logroot directory for a virtual host.


Default value: 'directory'


logroot_mode


Data type: Optional[Stdlib::Filemode]


Overrides the mode the logroot directory is set to. Do not grant write access to the
directory the logs are stored in without being aware of the consequences; for more
information, see Apache's log security documentation.


Default value: undef


logroot_owner


Data type: Optional[String]


Sets individual user access to the logroot directory.


Default value: undef


logroot_group


Data type: Optional[String]


Sets group access to the logroot directory.


Default value: undef


log_level


Data type: Optional[Apache::LogLevel]


Specifies the verbosity of the error log.


Default value: undef


modsec_body_limit


Data type: Optional[String]


Configures the maximum request body size (in bytes) ModSecurity accepts for buffering.


Default value: undef


modsec_disable_vhost


Data type: Boolean


Disables mod_security on a virtual host. Only valid if apache::mod::security is included.


Default value: false


modsec_disable_ids


Data type: Optional[Variant[Hash, Array]]


Removes mod_security IDs from the virtual host.

Also takes a hash allowing removal of an ID from a specific location.


apache::vhost { 'sample.example.net':
  modsec_disable_ids => [ 90015, 90016 ],
}

    
      
      
    
  


apache::vhost { 'sample.example.net':
  modsec_disable_ids => { '/location1' => [ 90015, 90016 ] },
}

    
      
      
    
  


Default value: undef


modsec_disable_ips


Data type: Array[String[1]]


Specifies an array of IP addresses to exclude from mod_security rule matching.


Default value: []


modsec_disable_msgs


Data type: Optional[Variant[Hash, Array]]


Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing
removal of an Msg from a specific location.


apache::vhost { 'sample.example.net':
  modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'],
}

    
      
      
    
  


apache::vhost { 'sample.example.net':
  modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] },
}

    
      
      
    
  


Default value: undef


modsec_disable_tags


Data type: Optional[Variant[Hash, Array]]


Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing
removal of an Tag from a specific location.


apache::vhost { 'sample.example.net':
  modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'],
}

    
      
      
    
  


apache::vhost { 'sample.example.net':
  modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] },
}

    
      
      
    
  


Default value: undef


modsec_audit_log_file


Data type: Optional[String]


If set, it is relative to logroot.

One of the parameters that determines how to send mod_security audit
log (SecAuditLog).
If none of those parameters are set, the global audit log is used
(/var/log/httpd/modsec\_audit.log; Debian and derivatives: /var/log/apache2/modsec\_audit.log; others: ).


Default value: undef


modsec_audit_log_pipe


Data type: Optional[String]


If modsec_audit_log_pipe is set, it should start with a pipe. Example
|/path/to/mlogc /path/to/mlogc.conf.

One of the parameters that determines how to send mod_security audit
log (SecAuditLog).
If none of those parameters are set, the global audit log is used
(/var/log/httpd/modsec\_audit.log; Debian and derivatives: /var/log/apache2/modsec\_audit.log; others: ).


Default value: undef


modsec_audit_log


Data type: Optional[Variant[String, Boolean]]


If modsec_audit_log is true, given a virtual host ---for instance, example.com--- it
defaults to example.com\_security\_ssl.log for SSL-encrypted virtual hosts
and example.com\_security.log for unencrypted virtual hosts.

One of the parameters that determines how to send mod_security audit
log (SecAuditLog).

If none of those parameters are set, the global audit log is used
(/var/log/httpd/modsec\_audit.log; Debian and derivatives: /var/log/apache2/modsec\_audit.log; others: ).


Default value: undef


modsec_inbound_anomaly_threshold


Data type: Optional[Integer[1, default]]


Override the global scoring threshold level of the inbound blocking rules
for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule
Set.


Default value: undef


modsec_outbound_anomaly_threshold


Data type: Optional[Integer[1, default]]


Override the global scoring threshold level of the outbound blocking rules
for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule
Set.


Default value: undef


modsec_allowed_methods


Data type: Optional[String]


Override global allowed methods. A space-separated list of allowed HTTP methods.


Default value: undef


no_proxy_uris


Data type: Variant[Array[String], String]


Specifies URLs you do not want to proxy. This parameter is meant to be used in combination
with proxy_dest.


Default value: []


no_proxy_uris_match


Data type: Variant[Array[String], String]


This directive is equivalent to no_proxy_uris, but takes regular expressions.


Default value: []


proxy_preserve_host


Data type: Boolean


Sets the ProxyPreserveHost Directive.

Setting this parameter to true enables the Host: line from an incoming request to be
proxied to the host instead of hostname. Setting it to false sets this directive to 'Off'.


Default value: false


proxy_add_headers


Data type: Optional[Variant[String, Boolean]]


Sets the ProxyAddHeaders Directive.

This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For,
X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server.


Default value: undef


proxy_error_override


Data type: Boolean


Sets the ProxyErrorOverride Directive.
This directive controls whether Apache should override error pages for proxied content.


Default value: false


options


Data type: Array[String]


Sets the Options for the specified virtual host. For example:


apache::vhost { 'site.name.fdqn':
  ...
  options => ['Indexes', 'FollowSymLinks', 'MultiViews'],
}

    
      
      
    
  




Note: If you use the directories parameter of apache::vhost, 'Options',
'Override', and 'DirectoryIndex' are ignored because they are parameters within directories.




Default value: ['Indexes', 'FollowSymLinks', 'MultiViews']


override


Data type: Array[String]


Sets the overrides for the specified virtual host. Accepts an array of
AllowOverride arguments.


Default value: ['None']


passenger_enabled


Data type: Optional[Boolean]


Sets the value for the PassengerEnabled
directive to on or off. Requires apache::mod::passenger to be included.


apache::vhost { 'sample.example.net':
  docroot     => '/path/to/directory',
  directories => [
    { path              => '/path/to/directory',
      passenger_enabled => 'on',
    },
  ],
}

    
      
      
    
  




Note: There is an issue
using the PassengerEnabled directive with the PassengerHighPerformance directive.




Default value: undef


passenger_base_uri


Data type: Optional[String]


Sets PassengerBaseURI,
to specify that the given URI is a distinct application served by Passenger.


Default value: undef


passenger_ruby


Data type: Optional[Stdlib::Absolutepath]


Sets PassengerRuby,
specifying the Ruby interpreter to use when serving the relevant web applications.


Default value: undef


passenger_python


Data type: Optional[Stdlib::Absolutepath]


Sets PassengerPython,
specifying the Python interpreter to use when serving the relevant web applications.


Default value: undef


passenger_nodejs


Data type: Optional[Stdlib::Absolutepath]


Sets the PassengerNodejs,
specifying Node.js command to use when serving the relevant web applications.


Default value: undef


passenger_meteor_app_settings


Data type: Optional[String]


Sets PassengerMeteorAppSettings,
specifying a JSON file with settings for the application when using a Meteor
application in non-bundled mode.


Default value: undef


passenger_app_env


Data type: Optional[String]


Sets PassengerAppEnv,
the environment for the Passenger application. If not specified, defaults to the global
setting or 'production'.


Default value: undef


passenger_app_root


Data type: Optional[Stdlib::Absolutepath]


Sets PassengerRoot,
the location of the Passenger application root if different from the DocumentRoot.


Default value: undef


passenger_app_group_name


Data type: Optional[String]


Sets PassengerAppGroupName,
the name of the application group that the current application should belong to.


Default value: undef


passenger_app_start_command


Data type: Optional[String]


Sets PassengerAppStartCommand,
how Passenger should start your app on a specific port.


Default value: undef


passenger_app_type


Data type: Optional[Enum['meteor', 'node', 'rack', 'wsgi']]


Sets PassengerAppType,
to force Passenger to recognize the application as a specific type.


Default value: undef


passenger_startup_file


Data type: Optional[String]


Sets the PassengerStartupFile,
path. This path is relative to the application root.


Default value: undef


passenger_restart_dir


Data type: Optional[String]


Sets the PassengerRestartDir,
to customize the directory in which restart.txt is searched for.


Default value: undef


passenger_spawn_method


Data type: Optional[Enum['direct', 'smart']]


Sets PassengerSpawnMethod,
whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.


Default value: undef


passenger_load_shell_envvars


Data type: Optional[Boolean]


Sets PassengerLoadShellEnvvars,
to enable or disable the loading of shell environment variables before spawning the application.


Default value: undef


passenger_preload_bundler


Data type: Optional[Boolean]


Sets PassengerPreloadBundler,
to enable or disable the loading of bundler before loading the application.


Default value: undef


passenger_rolling_restarts


Data type: Optional[Boolean]


Sets PassengerRollingRestarts,
to enable or disable support for zero-downtime application restarts through restart.txt.


Default value: undef


passenger_resist_deployment_errors


Data type: Optional[Boolean]


Sets PassengerResistDeploymentErrors,
to enable or disable resistance against deployment errors.


Default value: undef


passenger_user


Data type: Optional[String]


Sets PassengerUser,
the running user for sandboxing applications.


Default value: undef


passenger_group


Data type: Optional[String]


Sets PassengerGroup,
the running group for sandboxing applications.


Default value: undef


passenger_friendly_error_pages


Data type: Optional[Boolean]


Sets PassengerFriendlyErrorPages,
which can display friendly error pages whenever an application fails to start. This
friendly error page presents the startup error message, some suggestions for solving
the problem, a backtrace and a dump of the environment variables.


Default value: undef


passenger_min_instances


Data type: Optional[Integer]


Sets PassengerMinInstances,
the minimum number of application processes to run.


Default value: undef


passenger_max_instances


Data type: Optional[Integer]


Sets PassengerMaxInstances,
the maximum number of application processes to run.


Default value: undef


passenger_max_preloader_idle_time


Data type: Optional[Integer]


Sets PassengerMaxPreloaderIdleTime,
the maximum amount of time the preloader waits before shutting down an idle process.


Default value: undef


passenger_force_max_concurrent_requests_per_process


Data type: Optional[Integer]


Sets PassengerForceMaxConcurrentRequestsPerProcess,
the maximum amount of concurrent requests the application can handle per process.


Default value: undef


passenger_start_timeout


Data type: Optional[Integer]


Sets PassengerStartTimeout,
the timeout for the application startup.


Default value: undef


passenger_concurrency_model


Data type: Optional[Enum['process', 'thread']]


Sets PassengerConcurrencyModel,
to specify the I/O concurrency model that should be used for Ruby application processes.
Passenger supports two concurrency models:


    

  • process - single-threaded, multi-processed I/O concurrency.
    • 

  • thread - multi-threaded, multi-processed I/O concurrency.
    • 



Default value: undef


passenger_thread_count


Data type: Optional[Integer]


Sets PassengerThreadCount,
the number of threads that Passenger should spawn per Ruby application process.

This option only has effect if PassengerConcurrencyModel is thread.


Default value: undef


passenger_max_requests


Data type: Optional[Integer]


Sets PassengerMaxRequests,
the maximum number of requests an application process will process.


Default value: undef


passenger_max_request_time


Data type: Optional[Integer]


Sets PassengerMaxRequestTime,
the maximum amount of time, in seconds, that an application process may take to
process a request.


Default value: undef


passenger_memory_limit


Data type: Optional[Integer]


Sets PassengerMemoryLimit,
the maximum amount of memory that an application process may use, in megabytes.


Default value: undef


passenger_stat_throttle_rate


Data type: Optional[Integer]


Sets PassengerStatThrottleRate,
to set a limit, in seconds, on how often Passenger will perform it's filesystem checks.


Default value: undef


passenger_pre_start


Data type: Optional[Variant[String, Array[String]]]


Sets PassengerPreStart,
the URL of the application if pre-starting is required.


Default value: undef


passenger_high_performance


Data type: Optional[Boolean]


Sets PassengerHighPerformance,
to enhance performance in return for reduced compatibility.


Default value: undef


passenger_buffer_upload


Data type: Optional[Boolean]


Sets PassengerBufferUpload,
to buffer HTTP client request bodies before they are sent to the application.


Default value: undef


passenger_buffer_response


Data type: Optional[Boolean]


Sets PassengerBufferResponse,
to buffer Happlication-generated responses.


Default value: undef


passenger_error_override


Data type: Optional[Boolean]


Sets PassengerErrorOverride,
to specify whether Apache will intercept and handle response with HTTP status codes of
400 and higher.


Default value: undef


passenger_max_request_queue_size


Data type: Optional[Integer]


Sets PassengerMaxRequestQueueSize,
to specify the maximum amount of requests that are allowed to queue whenever the maximum
concurrent request limit is reached. If the queue is already at this specified limit, then
Passenger immediately sends a "503 Service Unavailable" error to any incoming requests.

A value of 0 means that the queue size is unbounded.


Default value: undef


passenger_max_request_queue_time


Data type: Optional[Integer]


Sets PassengerMaxRequestQueueTime,
to specify the maximum amount of time that requests are allowed to stay in the queue
whenever the maximum concurrent request limit is reached. If a request reaches this specified
limit, then Passenger immeaditly sends a "504 Gateway Timeout" error for that request.

A value of 0 means that the queue time is unbounded.


Default value: undef


passenger_sticky_sessions


Data type: Optional[Boolean]


Sets PassengerStickySessions,
to specify that, whenever possible, all requests sent by a client will be routed to the same
originating application process.


Default value: undef


passenger_sticky_sessions_cookie_name


Data type: Optional[String]


Sets PassengerStickySessionsCookieName,
to specify the name of the sticky sessions cookie.


Default value: undef


passenger_sticky_sessions_cookie_attributes


Data type: Optional[String]


Sets PassengerStickySessionsCookieAttributes,
the attributes of the sticky sessions cookie.


Default value: undef


passenger_allow_encoded_slashes


Data type: Optional[Boolean]


Sets PassengerAllowEncodedSlashes,
to allow URLs with encoded slashes. Please note that this feature will not work properly
unless Apache's AllowEncodedSlashes is also enabled.


Default value: undef


passenger_app_log_file


Data type: Optional[String]


Sets PassengerAppLogFile,
app specific messages logged to a different file in addition to Passenger log file.


Default value: undef


passenger_debugger


Data type: Optional[Boolean]


Sets PassengerDebugger,
to turn support for Ruby application debugging on or off.


Default value: undef


passenger_lve_min_uid


Data type: Optional[Integer]


Sets PassengerLveMinUid,
to only allow the spawning of application processes with UIDs equal to, or higher than, this
specified value on LVE-enabled kernels.


Default value: undef


passenger_dump_config_manifest


Data type: Optional[String]


Sets PassengerLveMinUid,
to dump the configuration manifest to a file.


Default value: undef


passenger_admin_panel_url


Data type: Optional[String]


Sets PassengerAdminPanelUrl,
to specify the URL of the Passenger admin panel.


Default value: undef


passenger_admin_panel_auth_type


Data type: Optional[Enum['basic']]


Sets PassengerAdminPanelAuthType,
to specify the authentication type for the Passenger admin panel.


Default value: undef


passenger_admin_panel_username


Data type: Optional[String]


Sets PassengerAdminPanelUsername,
to specify the username for the Passenger admin panel.


Default value: undef


passenger_admin_panel_password


Data type: Optional[String]


Sets PassengerAdminPanelPassword,
to specify the password for the Passenger admin panel.


Default value: undef


php_values


Data type: Hash


Allows per-virtual host setting php_values.
These flags or values can be overwritten by a user or an application.
Within a vhost declaration:


  php_values    => { 'include_path' => '.:/usr/local/example-app/include' },

    
      
      
    
  


Default value: {}


php_flags


Data type: Hash


Allows per-virtual host setting `php_flags``.
These flags or values can be overwritten by a user or an application.


Default value: {}


php_admin_values


Data type: Variant[Array[String], Hash]


Allows per-virtual host setting php_admin_value.
These flags or values cannot be overwritten by a user or an application.


Default value: {}


php_admin_flags


Data type: Variant[Array[String], Hash]


Allows per-virtual host setting php_admin_flag.
These flags or values cannot be overwritten by a user or an application.


Default value: {}


port


Data type: Optional[Variant[Array[Stdlib::Port], Stdlib::Port]]


Sets the port the host is configured on. The module's defaults ensure the host listens
on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only
listens on the port set in this parameter.


Default value: undef


priority


Data type: Optional[Apache::Vhost::Priority]


Sets the relative load-order for Apache HTTPD VirtualHost configuration files.

If nothing matches the priority, the first name-based virtual host is used. Likewise,
passing a higher priority causes the alphabetically first name-based virtual host to be
used if no other names match.




Note: You should not need to use this parameter. However, if you do use it, be
aware that the default_vhost parameter for apache::vhost passes a priority of 15.

To omit the priority prefix in file names, pass a priority of false.




Default value: undef


protocols


Data type: Array[Enum['h2', 'h2c', 'http/1.1']]


Sets the Protocols
directive, which lists available protocols for the virutal host.


Default value: []


protocols_honor_order


Data type: Optional[Boolean]


Sets the ProtocolsHonorOrder
directive which determines wether the order of Protocols sets precedence during negotiation.


Default value: undef


proxy_dest


Data type: Optional[String]


Specifies the destination address of a ProxyPass configuration.


Default value: undef


proxy_pass


Data type: Optional[Variant[Array[Hash], Hash]]


Specifies an array of path => URI values for a ProxyPass
configuration. Optionally, parameters can be added as an array.


apache::vhost { 'site.name.fdqn':
  ...
  proxy_pass => [
    { 'path' => '/a', 'url' => 'http://backend-a/' },
    { 'path' => '/b', 'url' => 'http://backend-b/' },
    { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}},
    { 'path' => '/l', 'url' => 'http://backend-xy',
      'reverse_urls' => ['http://backend-x', 'http://backend-y'] },
    { 'path' => '/d', 'url' => 'http://backend-a/d',
      'params' => { 'retry' => 0, 'timeout' => 5 }, },
    { 'path' => '/e', 'url' => 'http://backend-a/e',
      'keywords' => ['nocanon', 'interpolate'] },
    { 'path' => '/f', 'url' => 'http://backend-f/',
      'setenv' => ['proxy-nokeepalive 1', 'force-proxy-request-1.0 1']},
    { 'path' => '/g', 'url' => 'http://backend-g/',
      'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], },
    { 'path' => '/h', 'url' => 'http://backend-h/h',
      'no_proxy_uris' => ['/h/admin', '/h/server-status'] },
  ],
}

    
      
      
    
  


    

  • reverse_urls. Optional. This setting is useful when used with mod_proxy_balancer. Values: an array or string.
    • 

  • reverse_cookies. Optional. Sets ProxyPassReverseCookiePath and ProxyPassReverseCookieDomain.
    • 

  • params. Optional. Allows for ProxyPass key-value parameters, such as connection settings.
    • 

  • setenv. Optional. Sets environment variables for the proxy directive. Values: array.
    • 



Default value: undef


proxy_dest_match


Data type: Optional[String]


This directive is equivalent to proxy_dest, but takes regular expressions, see
ProxyPassMatch
for details.


Default value: undef


proxy_dest_reverse_match


Data type: Optional[String]


Allows you to pass a ProxyPassReverse if proxy_dest_match is specified. See
ProxyPassReverse
for details.


Default value: undef


proxy_pass_match


Data type: Optional[Variant[Array[Hash], Hash]]


This directive is equivalent to proxy_pass, but takes regular expressions, see
ProxyPassMatch
for details.


Default value: undef


redirect_dest


Data type: Optional[Variant[Array[String], String]]


Specifies the address to redirect to.


Default value: undef


redirect_source


Data type: Variant[String, Array[String]]


Specifies the source URIs that redirect to the destination specified in redirect_dest.
If more than one item for redirect is supplied, the source and destination must be the same
length, and the items are order-dependent.


apache::vhost { 'site.name.fdqn':
  ...
  redirect_source => ['/images', '/downloads'],
  redirect_dest   => ['http://img.example.com/', 'http://downloads.example.com/'],
}

    
      
      
    
  


Default value: '/'


redirect_status


Data type: Optional[Variant[Array[String], String]]


Specifies the status to append to the redirect.


  apache::vhost { 'site.name.fdqn':
  ...
  redirect_status => ['temp', 'permanent'],
}

    
      
      
    
  


Default value: undef


redirectmatch_regexp


Data type: Optional[Variant[Array[String], String]]


Determines which server status should be raised for a given regular expression
and where to forward the user to. Entered as an array alongside redirectmatch_status
and redirectmatch_dest.


apache::vhost { 'site.name.fdqn':
  ...
  redirectmatch_status => ['404', '404'],
  redirectmatch_regexp => ['\.git(/.*|$)/', '\.svn(/.*|$)'],
  redirectmatch_dest => ['http://www.example.com/$1', 'http://www.example.com/$2'],
}

    
      
      
    
  


Default value: undef


redirectmatch_status


Data type: Optional[Variant[Array[String], String]]


Determines which server status should be raised for a given regular expression
and where to forward the user to. Entered as an array alongside redirectmatch_regexp
and redirectmatch_dest.


apache::vhost { 'site.name.fdqn':
  ...
  redirectmatch_status => ['404', '404'],
  redirectmatch_regexp => ['\.git(/.*|$)/', '\.svn(/.*|$)'],
  redirectmatch_dest => ['http://www.example.com/$1', 'http://www.example.com/$2'],
}

    
      
      
    
  


Default value: undef


redirectmatch_dest


Data type: Optional[Variant[Array[String], String]]


Determines which server status should be raised for a given regular expression
and where to forward the user to. Entered as an array alongside redirectmatch_status
and redirectmatch_regexp.


apache::vhost { 'site.name.fdqn':
  ...
  redirectmatch_status => ['404', '404'],
  redirectmatch_regexp => ['\.git(/.*|$)/', '\.svn(/.*|$)'],
  redirectmatch_dest => ['http://www.example.com/$1', 'http://www.example.com/$2'],
}

    
      
      
    
  


Default value: undef


request_headers


Data type: Array[String[1]]


Modifies collected request headers
in various ways, including adding additional request headers, removing request headers,
and so on.


apache::vhost { 'site.name.fdqn':
  ...
  request_headers => [
    'append MirrorID "mirror 12"',
    'unset MirrorID',
  ],
}

    
      
      
    
  


Default value: []


rewrites


Data type: Array[Hash]


Creates URL rewrite rules. Expects an array of hashes.

Valid Hash keys include comment, rewrite_base, rewrite_cond, rewrite_rule
or rewrite_map.

For example, you can specify that anyone trying to access index.html is served welcome.html


apache::vhost { 'site.name.fdqn':
  ...
  rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ]
}

    
      
      
    
  


The parameter allows rewrite conditions that, when true, execute the associated rule.
For instance, if you wanted to rewrite URLs only if the visitor is using IE


apache::vhost { 'site.name.fdqn':
  ...
  rewrites => [
    {
      comment      => 'redirect IE',
      rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
      rewrite_rule => ['^index\.html$ welcome.html'],
    },
  ],
}

    
      
      
    
  


You can also apply multiple conditions. For instance, rewrite index.html to welcome.html
only when the browser is Lynx or Mozilla (version 1 or 2)


apache::vhost { 'site.name.fdqn':
  ...
  rewrites => [
    {
      comment      => 'Lynx or Mozilla v1/2',
      rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
      rewrite_rule => ['^index\.html$ welcome.html'],
    },
  ],
}

    
      
      
    
  


Multiple rewrites and conditions are also possible


apache::vhost { 'site.name.fdqn':
  ...
  rewrites => [
    {
      comment      => 'Lynx or Mozilla v1/2',
      rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
      rewrite_rule => ['^index\.html$ welcome.html'],
    },
    {
      comment      => 'Internet Explorer',
      rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
      rewrite_rule => ['^index\.html$ /index.IE.html [L]'],
    },
    {
      rewrite_base => /apps/,
      rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'],
    },
    { comment      => 'Rewrite to lower case',
      rewrite_cond => ['%{REQUEST_URI} [A-Z]'],
      rewrite_map  => ['lc int:tolower'],
      rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'],
    },
  ],
}

    
      
      
    
  


Refer to the mod_rewrite documentation
for more details on what is possible with rewrite rules and conditions.




Note: If you include rewrites in your directories, also include apache::mod::rewrite
and consider setting the rewrites using the rewrites parameter in apache::vhost rather
than setting the rewrites in the virtual host's directories.




Default value: []


rewrite_base


Data type: Optional[String[1]]


The parameter rewrite_base
specifies the URL prefix to be used for per-directory (htaccess) RewriteRule directives
that substitue a relative path.


Default value: undef


rewrite_rule


Data type: Optional[Variant[Array[String[1]], String[1]]]


The parameter rewrite_rile
allows the user to define the rules that will be used by the rewrite engine.


Default value: undef


rewrite_cond


Data type: Array[String[1]]


The parameter rewrite_cond
defines a rule condition, that when satisfied will implement that rule within the
rewrite engine.


Default value: []


rewrite_inherit


Data type: Boolean


Determines whether the virtual host inherits global rewrite rules.

Rewrite rules may be specified globally (in $conf_file or $confd_dir) or
inside the virtual host .conf file. By default, virtual hosts do not inherit
global settings. To activate inheritance, specify the rewrites parameter and set
rewrite_inherit parameter to true:


apache::vhost { 'site.name.fdqn':
  ...
  rewrites => [
    <rules>,
  ],
  rewrite_inherit => `true`,
}

    
      
      
    
  




Note: The rewrites parameter is required for this to have effect

Apache activates global Rewrite rules inheritance if the virtual host files contains
the following directives:




RewriteEngine On
RewriteOptions Inherit

    
      
      
    
  


Refer to the official mod_rewrite
documentation, section "Rewriting in Virtual Hosts".


Default value: false


scriptalias


Data type: Optional[String]


Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as
'/usr/scripts'.


Default value: undef


serveradmin


Data type: Optional[String]


Specifies the email address Apache displays when it renders one of its error pages.


Default value: undef


serveraliases


Data type: Variant[Array[String], String]


Sets the ServerAliases
of the site.


Default value: []


servername


Data type: Optional[String]


Sets the servername corresponding to the hostname you connect to the virtual host at.


Default value: $name


setenv


Data type: Variant[Array[String], String]


Used by HTTPD to set environment variables for virtual hosts.

Example:


apache::vhost { 'setenv.example.com':
  setenv => ['SPECIAL_PATH /foo/bin'],
}

    
      
      
    
  


Default value: []


setenvif


Data type: Variant[Array[String], String]


Used by HTTPD to conditionally set environment variables for virtual hosts.


Default value: []


setenvifnocase


Data type: Variant[Array[String], String]


Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching).


Default value: []


suexec_user_group


Data type: Optional[Pattern[/^[\w-]+ [\w-]+$/]]


Allows the spcification of user and group execution privileges for CGI programs through
inclusion of the mod_suexec module.


Default value: undef


vhost_name


Data type: String


Enables name-based virtual hosting. If no IP is passed to the virtual host, but the
virtual host is assigned a port, then the virtual host name is vhost_name:port.
If the virtual host has no assigned IP or port, the virtual host name is set to the
title of the resource.


Default value: '*'


virtual_docroot


Data type: Variant[Stdlib::Absolutepath, Boolean]


Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the
same name. For example, http://example.com would map to /var/www/example.com.
Note that the DocumentRoot directive will not be present even though there is a value
set for docroot in the manifest. See virtual_use_default_docroot to change this behavior.


apache::vhost { 'subdomain.loc':
  vhost_name      => '*',
  port            => 80,
  virtual_docroot => '/var/www/%-2+',
  docroot         => '/var/www',
  serveraliases   => ['*.loc',],
}

    
      
      
    
  


Default value: false


virtual_use_default_docroot


Data type: Boolean


By default, when using virtual_docroot, the value of docroot is ignored. Setting this
to true will mean both directives will be added to the configuration.


apache::vhost { 'subdomain.loc':
  vhost_name                  => '*',
  port                        => 80,
  virtual_docroot             => '/var/www/%-2+',
  docroot                     => '/var/www',
  virtual_use_default_docroot => true,
  serveraliases               => ['*.loc',],
}

    
      
      
    
  


Default value: false


wsgi_daemon_process


Data type: Optional[Variant[String, Hash]]


Sets up a virtual host with WSGI alongside
wsgi_daemon_process_options, wsgi_process_group,
wsgi_script_aliases and wsgi_pass_authorization.

A hash that sets the name of the WSGI daemon, accepting
certain keys.

An example virtual host configuration with WSGI:


apache::vhost { 'wsgi.example.com':
  port                        => 80,
  docroot                     => '/var/www/pythonapp',
  wsgi_daemon_process         => 'wsgi',
  wsgi_daemon_process_options =>
    { processes    => 2,
      threads      => 15,
      display-name => '%{GROUP}',
    },
  wsgi_process_group          => 'wsgi',
  wsgi_script_aliases         => { '/' => '/var/www/demo.wsgi' },
  wsgi_chunked_request        => 'On',
}

    
      
      
    
  


Default value: undef


wsgi_daemon_process_options


Data type: Optional[Hash]


Sets up a virtual host with WSGI alongside
wsgi_daemon_process, wsgi_process_group,
wsgi_script_aliases and wsgi_pass_authorization.

Sets the group ID that the virtual host runs under.


Default value: undef


wsgi_application_group


Data type: Optional[String]


Sets up a virtual host with WSGI alongside
wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
and wsgi_pass_authorization.

This parameter defines the WSGIApplicationGroup directive,
thus allowing you to specify which application group the WSGI application belongs to,
with all WSGI applications within the same group executing within the context of the
same Python sub interpreter.


Default value: undef


wsgi_import_script


Data type: Optional[String]


Sets up a virtual host with WSGI alongside
wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
and wsgi_pass_authorization.

This parameter defines the WSGIImportScript directive,
which can be used in order to specify a script file to be loaded upon a process starting.


Default value: undef


wsgi_import_script_options


Data type: Optional[Hash]


Sets up a virtual host with WSGI alongside
wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
and wsgi_pass_authorization.

This parameter defines the WSGIImportScript directive,
which can be used in order to specify a script file to be loaded upon a process starting.

Specifies the process and aplication groups of the script.


Default value: undef


wsgi_chunked_request


Data type: Optional[Apache::OnOff]


Sets up a virtual host with WSGI alongside
wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
and wsgi_pass_authorization.

This parameter defines the WSGIChunkedRequest directive,
allowing you to enable support for chunked request content.

WSGI is technically incapable of supporting chunked request content without all chunked
request content having first been read in and buffered.


Default value: undef


wsgi_process_group


Data type: Optional[String]


Sets up a virtual host with WSGI alongside
wsgi_daemon_process, wsgi_daemon_process_options,
wsgi_script_aliases and wsgi_pass_authorization.

Requires a hash of web paths to filesystem .wsgi paths/.


Default value: undef


wsgi_script_aliases


Data type: Optional[Hash]


Sets up a virtual host with WSGI alongside
wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
and wsgi_pass_authorization.

Uses the WSGI application to handle authorization instead of Apache when set to On.

For more information, see mod_wsgi's WSGIPassAuthorization documentation.


Default value: undef


wsgi_script_aliases_match


Data type: Optional[Hash]


Sets up a virtual host with WSGI alongside
wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
and wsgi_pass_authorization.

Uses the WSGI application to handle authorization instead of Apache when set to On.

This directive is similar to wsgi_script_aliases, but makes use of regular expressions
in place of simple prefix matching.

For more information, see mod_wsgi's WSGIPassAuthorization documentation.


Default value: undef


wsgi_pass_authorization


Data type: Optional[Apache::OnOff]


Sets up a virtual host with WSGI alongside
wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group and
wsgi_script_aliases.

Enables support for chunked requests.


Default value: undef


directories


Data type: Array[Hash]


The directories parameter within the apache::vhost class passes an array of hashes
to the virtual host to create Directory,
File, and
Location directive blocks.
These blocks take the form, < Directory /path/to/directory>...< /Directory>.

The path key sets the path for the directory, files, and location blocks. Its value
must be a path for the directory, files, and location providers, or a regex for
the directorymatch, filesmatch, or locationmatch providers. Each hash passed to
directories must contain path as one of the keys.

The provider key is optional. If missing, this key defaults to directory.
Values: directory, files, proxy, location, directorymatch, filesmatch,
proxymatch or locationmatch. If you set provider to directorymatch, it
uses the keyword DirectoryMatch in the Apache config file.

proxy_pass and proxy_pass_match are supported like their parameters to apache::vhost, and will
be rendered without their path parameter as this will be inherited from the Location/LocationMatch container.
An example use of directories:


apache::vhost { 'files.example.net':
  docroot     => '/var/www/files',
  directories => [
    { 'path'     => '/var/www/files',
      'provider' => 'files',
      'deny'     => 'from all',
    },
    { 'path'           => '/var/www/html',
      'provider'       => 'directory',
      'options'        => ['-Indexes'],
      'allow_override' => ['All'],
    },
  ],
}

    
      
      
    
  




Note: At least one directory should match the docroot parameter. After you
start declaring directories, apache::vhost assumes that all required Directory blocks
will be declared. If not defined, a single default Directory block is created that matches
the docroot parameter.

Available handlers, represented as keys, should be placed within the directory,
files, or location hashes. This looks like




apache::vhost { 'sample.example.net':
  docroot     => '/path/to/directory',
  directories => [ { path => '/path/to/directory', handler => value } ],
}

    
      
      
    
  


Any handlers you do not set in these hashes are considered undefined within Puppet and
are not added to the virtual host, resulting in the module using their default values.


The directories param can accepts the different authentication ways, including gssapi, Basic (authz_core),
and others.


    

  • 

    gssapi - Specifies mod_auth_gssapi parameters for particular directories in a virtual host directory
TODO: check, if this Documentation is obsolete
    

    apache::vhost { 'sample.example.net':
  docroot     => '/path/to/directory',
  directories => [
    { path   => '/path/to/different/dir',
      gssapi => {
        acceptor_name            => '{HOSTNAME}',
        allowed_mech             => ['krb5', 'iakerb', 'ntlmssp'],
        authname                 => 'Kerberos 5',
        authtype                 => 'GSSAPI',
        basic_auth               => true,
        basic_auth_mech          => ['krb5', 'iakerb', 'ntlmssp'],
        basic_ticket_timeout     => 300,
        connection_bound         => true,
        cred_store               => {
          ccache        => ['/path/to/directory'],
          client_keytab => ['/path/to/example.keytab'],
          keytab        => ['/path/to/example.keytab'],
        },
        deleg_ccache_dir         => '/path/to/directory',
        deleg_ccache_env_var     => 'KRB5CCNAME',
        deleg_ccache_perms       => {
          mode => '0600',
          uid  => 'example-user',
          gid  => 'example-group',
        },
        deleg_ccache_unique      => true,
        impersonate              => true,
        local_name               => true,
        name_attributes          => 'json',
        negotiate_once           => true,
        publish_errors           => true,
        publish_mech             => true,
        required_name_attributes =>	'auth-indicators=high',
        session_key              => 'file:/path/to/example.key',
        signal_persistent_auth   => true,
        ssl_only                 => true,
        use_s4u2_proxy           => true,
        use_sessions             => true,
      }
    },
  ],
}
    
    
      
      
    
  
    

    • 

  • 

    Basic - Specifies mod_authz_core parameters for particular directories in a virtual host directory
    

    apache::vhost { 'sample.example.net':
  docroot     => '/path/to/directory',
  directories => [
    {
      path        => '/path/to/different/dir',
      auth_type => 'Basic',
      authz_core  => {
        require_all => {
          'require_any' => {
            'require' => ['user superadmin'],
            'require_all' => {
              'require' => ['group admins', 'ldap-group "cn=Administrators,o=Airius"'],
            },
          },
          'require_none' => {
            'require' => ['group temps', 'ldap-group "cn=Temporary Employees,o=Airius"']
          }
        }
      }
    },
  ],
}
    
    
      
      
    
  
    

    • 



Default value: []


custom_fragment


Data type: Optional[String]


Pass a string of custom configuration directives to be placed at the end of the directory
configuration.


apache::vhost { 'monitor':
  ...
  directories => [
    {
      path => '/path/to/directory',
      custom_fragment => '
<Location /balancer-manager>
  SetHandler balancer-manager
  Order allow,deny
  Allow from all
</Location>
<Location /server-status>
  SetHandler server-status
  Order allow,deny
  Allow from all
</Location>
ProxyStatus On',
    },
  ]
}

    
      
      
    
  


Default value: undef


headers


Data type: Array[String[1]]


Adds lines for Header directives.


apache::vhost { 'sample.example.net':
  docroot     => '/path/to/directory',
  directories => [
    {
      path    => '/path/to/directory',
      headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
    },
  ],
}

    
      
      
    
  


Default value: []


shib_compat_valid_user


Data type: Optional[String]


Default is Off, matching the behavior prior to this command's existence. Addresses a conflict
when using Shibboleth in conjunction with other auth/auth modules by restoring standard
Apache behavior when processing the valid-user and user Require rules. See the
mod_shibdocumentation,
and NativeSPhtaccess
topic for more details. This key is disabled if apache::mod::shib is not defined.


Default value: undef


ssl_options


Data type: Optional[Variant[Array[String], String]]


String or list of SSLOptions,
which configure SSL engine run-time options. This handler takes precedence over SSLOptions
set in the parent block of the virtual host.


apache::vhost { 'secure.example.net':
  docroot     => '/path/to/directory',
  directories => [
    { path        => '/path/to/directory',
      ssl_options => '+ExportCertData',
    },
    { path        => '/path/to/different/dir',
      ssl_options => ['-StdEnvVars', '+ExportCertData'],
    },
  ],
}

    
      
      
    
  


Default value: undef


additional_includes


Data type: Variant[Array[String], String]


Specifies paths to additional static, specific Apache configuration files in virtual
host directories.


apache::vhost { 'sample.example.net':
  docroot     => '/path/to/directory',
  directories => [
    { path  => '/path/to/different/dir',
      additional_includes => ['/custom/path/includes', '/custom/path/another_includes',],
    },
  ],
}

    
      
      
    
  


Default value: []


ssl


Data type: Boolean


Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries.


Default value: false


ssl_ca


Data type: Optional[Stdlib::Absolutepath]


Specifies the SSL certificate authority to be used to verify client certificates used
for authentication.


Default value: $apache::default_ssl_ca


ssl_cert


Data type: Optional[Stdlib::Absolutepath]


Specifies the SSL certification.


Default value: $apache::default_ssl_cert


ssl_protocol


Data type: Optional[Variant[Array[String], String]]


Specifies SSLProtocol.
Expects an array or space separated string of accepted protocols.


Default value: undef


ssl_cipher


Data type: Optional[Variant[Array[String[1]], String[1], Hash[String[1], String[1]]]]


Specifies SSLCipherSuite.


Default value: undef


ssl_honorcipherorder


Data type: Variant[Boolean, Apache::OnOff, Undef]


Sets SSLHonorCipherOrder,
to cause Apache to use the server's preferred order of ciphers rather than the client's
preferred order.


Default value: undef


ssl_certs_dir


Data type: Optional[Stdlib::Absolutepath]


Specifies the location of the SSL certification directory to verify client certs.


Default value: $apache::params::ssl_certs_dir


ssl_chain


Data type: Optional[Stdlib::Absolutepath]


Specifies the SSL chain. This default works out of the box, but it must be updated in
the base apache class with your specific certificate information before being used in
production.


Default value: $apache::default_ssl_chain


ssl_crl


Data type: Optional[Stdlib::Absolutepath]


Specifies the certificate revocation list to use. (This default works out of the box but
must be updated in the base apache class with your specific certificate information
before being used in production.)


Default value: $apache::default_ssl_crl


ssl_crl_path


Data type: Optional[Stdlib::Absolutepath]


Specifies the location of the certificate revocation list to verify certificates for
client authentication with. (This default works out of the box but must be updated in
the base apache class with your specific certificate information before being used in
production.)


Default value: $apache::default_ssl_crl_path


ssl_crl_check


Data type: Optional[String]


Sets the certificate revocation check level via the SSLCARevocationCheck directive
for ssl client authentication. The default works out of the box but must be specified when
using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on
older versions.


Default value: $apache::default_ssl_crl_check


ssl_key


Data type: Optional[Stdlib::Absolutepath]


Specifies the SSL key.

Defaults are based on your operating system. Default work out of the box but must be
updated in the base apache class with your specific certificate information before
being used in production.


Default value: $apache::default_ssl_key


ssl_verify_client


Data type: Optional[Enum['none', 'optional', 'require', 'optional_no_ca']]


Sets the SSLVerifyClient
directive, which sets the certificate verification level for client authentication.


apache::vhost { 'sample.example.net':
  ...
  ssl_verify_client => 'optional',
}

    
      
      
    
  


Default value: undef


ssl_verify_depth


Data type: Optional[Integer]


Sets the SSLVerifyDepth
directive, which specifies the maximum depth of CA certificates in client certificate
verification. You must set ssl_verify_client for it to take effect.


apache::vhost { 'sample.example.net':
  ...
  ssl_verify_client => 'require',
  ssl_verify_depth => 1,
}

    
      
      
    
  


Default value: undef


ssl_proxy_protocol


Data type: Optional[String]


Sets the SSLProxyProtocol
directive, which controls which SSL protocol flavors mod_ssl should use when establishing
its server environment for proxy. It connects to servers using only one of the provided
protocols.


Default value: undef


ssl_proxy_verify


Data type: Optional[Enum['none', 'optional', 'require', 'optional_no_ca']]


Sets the SSLProxyVerify
directive, which configures certificate verification of the remote server when a proxy is
configured to forward requests to a remote SSL server.


Default value: undef


ssl_proxy_verify_depth


Data type: Optional[Integer[0]]


Sets the SSLProxyVerifyDepth
directive, which configures how deeply mod_ssl should verify before deciding that the
remote server does not have a valid certificate.

A depth of 0 means that only self-signed remote server certificates are accepted,
the default depth of 1 means the remote server certificate can be self-signed or
signed by a CA that is directly known to the server.


Default value: undef


ssl_proxy_cipher_suite


Data type: Optional[String]


Sets the SSLProxyCipherSuite
directive, which controls cipher suites supported for ssl proxy traffic.


Default value: undef


ssl_proxy_ca_cert


Data type: Optional[Stdlib::Absolutepath]


Sets the SSLProxyCACertificateFile
directive, which specifies an all-in-one file where you can assemble the Certificates
of Certification Authorities (CA) whose remote servers you deal with. These are used
for Remote Server Authentication. This file should be a concatenation of the PEM-encoded
certificate files in order of preference.


Default value: undef


ssl_proxy_machine_cert


Data type: Optional[Stdlib::Absolutepath]


Sets the SSLProxyMachineCertificateFile
directive, which specifies an all-in-one file where you keep the certs and keys used
for this server to authenticate itself to remote servers. This file should be a
concatenation of the PEM-encoded certificate files in order of preference.


apache::vhost { 'sample.example.net':
  ...
  ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem',
}

    
      
      
    
  


Default value: undef


ssl_proxy_machine_cert_chain


Data type: Optional[Stdlib::Absolutepath]


Sets the SSLProxyMachineCertificateChainFile
directive, which specifies an all-in-one file where you keep the certificate chain for
all of the client certs in use. This directive will be needed if the remote server
presents a list of CA certificates that are not direct signers of one of the configured
client certificates. This referenced file is simply the concatenation of the various
PEM-encoded certificate files. Upon startup, each client certificate configured will be
examined and a chain of trust will be constructed.


Default value: undef


ssl_proxy_check_peer_cn


Data type: Optional[Apache::OnOff]


Sets the SSLProxyCheckPeerCN
directive, which specifies whether the remote server certificate's CN field is compared
against the hostname of the request URL.


Default value: undef


ssl_proxy_check_peer_name


Data type: Optional[Apache::OnOff]


Sets the SSLProxyCheckPeerName
directive, which specifies whether the remote server certificate's CN field is compared
against the hostname of the request URL.


Default value: undef


ssl_proxy_check_peer_expire


Data type: Optional[Apache::OnOff]


Sets the SSLProxyCheckPeerExpire
directive, which specifies whether the remote server certificate is checked for expiration
or not.


Default value: undef


ssl_openssl_conf_cmd


Data type: Optional[String]


Sets the SSLOpenSSLConfCmd
directive, which provides direct configuration of OpenSSL parameters.


Default value: undef


ssl_proxyengine


Data type: Boolean


Specifies whether or not to use SSLProxyEngine.


Default value: false


ssl_stapling


Data type: Optional[Boolean]


Specifies whether or not to use SSLUseStapling.
By default, uses what is set globally.

This parameter only applies to Apache 2.4 or higher and is ignored on older versions.


Default value: undef


ssl_stapling_timeout


Data type: Optional[Integer]


Can be used to set the SSLStaplingResponderTimeout directive.

This parameter only applies to Apache 2.4 or higher and is ignored on older versions.


Default value: undef


ssl_stapling_return_errors


Data type: Optional[Apache::OnOff]


Can be used to set the SSLStaplingReturnResponderErrors directive.

This parameter only applies to Apache 2.4 or higher and is ignored on older versions.


Default value: undef


ssl_user_name


Data type: Optional[String]


Sets the SSLUserName directive.


Default value: undef


ssl_reload_on_change


Data type: Boolean


Enable reloading of apache if the content of ssl files have changed.


Default value: $apache::default_ssl_reload_on_change


use_canonical_name


Data type: Optional[Variant[Apache::OnOff, Enum['DNS', 'dns']]]


Specifies whether to use the UseCanonicalName directive,
which allows you to configure how the server determines it's own name and port.


Default value: undef


define


Data type: Hash


this lets you define configuration variables inside a vhost using Define,
these can then be used to replace configuration values. All Defines are Undefined at the end of the VirtualHost.


Default value: {}


auth_oidc


Data type: Boolean


Enable mod_auth_openidc parameters for OpenID Connect authentication.


Default value: false


oidc_settings


Data type: Apache::OIDCSettings


An Apache::OIDCSettings Struct containing (mod_auth_openidc settings)[https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf].


Default value: {}


limitreqfields


Data type: Optional[Integer]


The limitreqfields parameter sets the maximum number of request header fields in
an HTTP request. This directive gives the server administrator greater control over
abnormal client request behavior, which may be useful for avoiding some forms of
denial-of-service attacks. The value should be increased if normal clients see an error
response from the server that indicates too many fields were sent in the request.


Default value: undef


limitreqfieldsize


Data type: Optional[Integer]


The limitreqfieldsize parameter sets the maximum ammount of bytes that will
be allowed within a request header.


Default value: undef


limitreqline


Data type: Optional[Integer]


Limit the size of the HTTP request line that will be accepted from the client
This directive sets the number of bytes that will be allowed on the HTTP
request-line. The LimitRequestLine directive allows the server administrator
to set the limit on the allowed size of a client's HTTP request-line. Since
the request-line consists of the HTTP method, URI, and protocol version, the
LimitRequestLine directive places a restriction on the length of a request-URI
allowed for a request on the server. A server needs this value to be large
enough to hold any of its resource names, including any information that might
be passed in the query part of a GET request.


Default value: undef


limitreqbody


Data type: Optional[Integer]


Restricts the total size of the HTTP request body sent from the client
The LimitRequestBody directive allows the user to set a limit on the allowed
size of an HTTP request message body within the context in which the
directive is given (server, per-directory, per-file or per-location). If the
client request exceeds that limit, the server will return an error response
instead of servicing the request.


Default value: undef


use_servername_for_filenames


Data type: Boolean


When set to true, default log / config file names will be derived from the sanitized
value of the $servername parameter.
When set to false (default), the existing behaviour of using the $name parameter
will remain.


Default value: false


use_port_for_filenames


Data type: Boolean


When set to true and use_servername_for_filenames is also set to true, default log /
config file names will be derived from the sanitized value of both the $servername and
$port parameters.
When set to false (default), the port is not included in the file names and may lead to
duplicate declarations if two virtual hosts use the same domain.


Default value: false


mdomain


Data type: Optional[Variant[Boolean, String]]


All the names in the list are managed as one Managed Domain (MD). mod_md will request
one single certificate that is valid for all these names.


Default value: undef


proxy_requests


Data type: Boolean


Whether to accept proxy requests


Default value: false


userdir


Data type: Optional[Variant[String[1], Array[String[1]]]]


Instances of apache::mod::userdir


Default value: undef


proxy_protocol


Data type: Optional[Boolean]


Enable or disable PROXY protocol handling


Default value: undef


proxy_protocol_exceptions


Data type: Array[Stdlib::Host]


Disable processing of PROXY header for certain hosts or networks


Default value: []


apache::vhost::custom


The apache::vhost::custom defined type is a thin wrapper around the apache::custom_config defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache.


Parameters


The following parameters are available in the apache::vhost::custom defined type:



content


Data type: String


Sets the configuration file's content.


ensure


Data type: String


Specifies if the virtual host file is present or absent.


Default value: 'present'


priority


Data type: Apache::Vhost::Priority


Sets the relative load order for Apache HTTPD VirtualHost configuration files.


Default value: 25


verify_config


Data type: Boolean


Specifies whether to validate the configuration file before notifying the Apache service.


Default value: true


apache::vhost::fragment


Define a fragment within a vhost


Examples


With a vhost without priority


include apache
apache::vhost { 'myvhost':
}
apache::vhost::fragment { 'myfragment':
  vhost   => 'myvhost',
  content => '# Foo',
}

    
      
      
    
  


With a vhost with priority


include apache
apache::vhost { 'myvhost':
  priority => 42,
}
apache::vhost::fragment { 'myfragment':
  vhost    => 'myvhost',
  priority => 42,
  content  => '# Foo',
}

    
      
      
    
  


With a vhost with default vhost


include apache
apache::vhost { 'myvhost':
  default_vhost => true,
}
apache::vhost::fragment { 'myfragment':
  vhost    => 'myvhost',
  priority => 10, # default_vhost implies priority 10
  content  => '# Foo',
}

    
      
      
    
  


Adding a fragment to the built in default vhost


include apache
apache::vhost::fragment { 'myfragment':
  vhost    => 'default',
  priority => 15,
  content  => '# Foo',
}

    
      
      
    
  


Parameters


The following parameters are available in the apache::vhost::fragment defined type:



vhost


Data type: String[1]


The title of the vhost resource to append to


priority


Data type: Optional[Apache::Vhost::Priority]


Set the priority to match the one apache::vhost sets. This must match the
one apache::vhost sets or else the concat fragment won't be found.


Default value: undef


content


Data type: Optional[String]


The content to put in the fragment. Only when it's non-empty the actual
fragment will be created.


Default value: undef


order


Data type: Integer[0]


The order to insert the fragment at


Default value: 900


port


Data type: Optional[Stdlib::Port]


The port to use


Default value: undef


apache::vhost::proxy


Configure a reverse proxy for a vhost


Examples


Simple configuration proxying "/" but not "/admin"


include apache
apache::vhost { 'basic-proxy-vhost':
}
apache::vhost::proxy { 'proxy-to-backend-server':
  vhost => 'basic-proxy-vhost',
  proxy_dest => 'http://backend-server/',
  no_proxy_uris => '/admin',
}

    
      
      
    
  


Granular configuration using Apache::Vhost::ProxyPass data type


include apache
apache::vhost { 'myvhost':
}
apache::vhost::proxy { 'myvhost-proxy':
  vhost      => 'myvhost',
  proxy_pass => [
    { 'path' => '/a', 'url' => 'http://backend-a/' },
    { 'path' => '/b', 'url' => 'http://backend-b/' },
    { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}},
    { 'path' => '/l', 'url' => 'http://backend-xy',
      'reverse_urls' => ['http://backend-x', 'http://backend-y'] },
    { 'path' => '/d', 'url' => 'http://backend-a/d',
      'params' => { 'retry' => 0, 'timeout' => 5 }, },
    { 'path' => '/e', 'url' => 'http://backend-a/e',
      'keywords' => ['nocanon', 'interpolate'] },
    { 'path' => '/f', 'url' => 'http://backend-f/',
      'setenv' => ['proxy-nokeepalive 1', 'force-proxy-request-1.0 1']},
    { 'path' => '/g', 'url' => 'http://backend-g/',
      'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], },
    { 'path' => '/h', 'url' => 'http://backend-h/h',
      'no_proxy_uris' => ['/h/admin', '/h/server-status'] },
  ],
}

    
      
      
    
  


Parameters


The following parameters are available in the apache::vhost::proxy defined type:



vhost


Data type: String[1]


The title of the vhost resource to which reverse proxy configuration will
be appended.


priority


Data type: Optional[Apache::Vhost::Priority]


Set the priority to match the one apache::vhost sets. This must match the
one apache::vhost sets or else the vhost's concat resource won't be found.


Default value: undef


order


Data type: Integer[0]


The order in which the concat::fragment containing the proxy configuration
will be inserted. Useful when multiple fragments will be attached to a single
vhost's configuration.


Default value: 170


port


Data type: Optional[Stdlib::Port]


Set the port to match the one apache::vhost sets. This must match the one
apache::vhost sets or else the vhost's concat resource won't be found.


Default value: undef


proxy_dest


Data type: Optional[String[1]]


Specifies the destination address of a ProxyPass configuration for the / path.


Default value: undef


proxy_dest_match


Data type: Optional[String[1]]


This directive is equivalent to proxy_dest, but takes regular expressions, see
ProxyPassMatch
for details.


Default value: undef


proxy_dest_reverse_match


Data type: Optional[String[1]]


Allows you to pass a ProxyPassReverse if proxy_dest_match is specified. See
ProxyPassReverse
for details.


Default value: undef


no_proxy_uris


Data type: Variant[Array[String[1]], String[1]]


Paths to be excluded from reverse proxying. Only valid when already using proxy_dest
or proxy_dest_match to map the / path, otherwise it will be absent in the final
vhost configuration file. In that case, instead add no_proxy_uris => [uri1, uri2, ...]
to the Apache::Vhost::ProxyPass definitions passed via the proxy_pass parameter.
See examples for this class, or refer to documentation for the Apache::Vhost::ProxyPass
data type. This configuration uses the ProxyPass directive with !.


Default value: []


no_proxy_uris_match


Data type: Variant[Array[String[1]], String[1]]


This directive is equivalent to no_proxy_uris but takes regular expressions,
as it instead uses ProxyPassMatch.


Default value: []


proxy_pass


Data type: Optional[Array[Apache::Vhost::ProxyPass]]


Specifies an array of path => URI values for a ProxyPass
configuration.
See the documentation for the Apache::Vhost::ProxyPass data type for a detailed
description of the structure including optional parameters.


Default value: undef


proxy_pass_match


Data type: Optional[Array[Apache::Vhost::ProxyPass]]


This directive is equivalent to proxy_pass, but takes regular expressions, see
ProxyPassMatch
for details.


Default value: undef


proxy_requests


Data type: Boolean


Enables forward (standard) proxy requests. See ProxyRequests for details.


Default value: false


proxy_preserve_host


Data type: Boolean


When enabled, pass the Host: line from the incoming request to the proxied host.
See ProxyPreserveHost for details.


Default value: false


proxy_add_headers


Data type: Optional[Boolean]


Add X-Forwarded-For, X-Forwarded-Host, and X-Forwarded-Server HTTP headers.
See ProxyAddHeaders for details.


Default value: undef


proxy_error_override


Data type: Boolean


Override error pages from the proxied host. The current Puppet implementation
supports enabling or disabling the directive, but not specifying a custom list
of status codes. See ProxyErrorOverride for details.


Default value: false


Functions


apache::apache_pw_hash


Type: Ruby 4.x API


DEPRECATED.  Use the function apache::pw_hash instead.


apache::apache_pw_hash(Any *$args)


The apache::apache_pw_hash function.


Returns: Any


*args


Data type: Any


apache::authz_core_config


Type: Ruby 4.x API


Function to generate the authz_core configuration directives.


Examples




arg = {
  require_all => {
   'require_any' => {
     'require' => ['user superadmin'],
     'require_all' => {
       'require' => ['group admins'],
     },
    },
   'require_none' => {
     'require' => ['group temps']
   }
  }
}

apache::bool2httpd(arg)
returns :
[
  "  <RequireAll>",
  "    <RequireAny>",
  "      Require user superadmin",
  "      <RequireAll>",
  "        Require group admins",
  "        Require ldap-group \"cn=Administrators,o=Airius\"",
  "      </RequireAll>",
  "    </RequireAny>",
  "    <RequireNone>",
  "      Require group temps",
  "      Require ldap-group \"cn=Temporary Employees,o=Airius\"",
  "    </RequireNone>",
  "  </RequireAll>"
]

    
      
      
    
  


apache::authz_core_config(Hash $config)


The apache::authz_core_config function.


Returns: Array Returns the authz_core config directives in array.


Examples




arg = {
  require_all => {
   'require_any' => {
     'require' => ['user superadmin'],
     'require_all' => {
       'require' => ['group admins'],
     },
    },
   'require_none' => {
     'require' => ['group temps']
   }
  }
}

apache::bool2httpd(arg)
returns :
[
  "  <RequireAll>",
  "    <RequireAny>",
  "      Require user superadmin",
  "      <RequireAll>",
  "        Require group admins",
  "        Require ldap-group \"cn=Administrators,o=Airius\"",
  "      </RequireAll>",
  "    </RequireAny>",
  "    <RequireNone>",
  "      Require group temps",
  "      Require ldap-group \"cn=Temporary Employees,o=Airius\"",
  "    </RequireNone>",
  "  </RequireAll>"
]

    
      
      
    
  


config


Data type: Hash


The input as JSON format.


apache::bool2httpd


Type: Ruby 4.x API


Transform a supposed boolean to On or Off. Passes all other values through.


Examples




$trace_enable     = false
$server_signature = 'mail'

apache::bool2httpd($trace_enable) # returns 'Off'
apache::bool2httpd($server_signature) # returns 'mail'
apache::bool2httpd(undef) # returns 'Off'

    
      
      
    
  


apache::bool2httpd(Any $arg)


The apache::bool2httpd function.


Returns: Any Will return either On or Off if given a boolean value. Returns a string of any
other given value.


Examples




$trace_enable     = false
$server_signature = 'mail'

apache::bool2httpd($trace_enable) # returns 'Off'
apache::bool2httpd($server_signature) # returns 'mail'
apache::bool2httpd(undef) # returns 'Off'

    
      
      
    
  


arg


Data type: Any


The value to be converted into a string.


apache::pw_hash


Type: Ruby 4.x API


Currently uses SHA-hashes, because although this format is considered insecure, it's the
most secure format supported by the most platforms.


apache::pw_hash(String[1] $password)


Currently uses SHA-hashes, because although this format is considered insecure, it's the
most secure format supported by the most platforms.


Returns: String Returns the hash of the input that was given.


password


Data type: String[1]


The input that is to be hashed.


apache_pw_hash


Type: Ruby 4.x API


DEPRECATED.  Use the namespaced function apache::pw_hash instead.


apache_pw_hash(Any *$args)


The apache_pw_hash function.


Returns: Any


*args


Data type: Any


bool2httpd


Type: Ruby 4.x API


DEPRECATED.  Use the namespaced function apache::bool2httpd instead.


bool2httpd(Any *$args)


The bool2httpd function.


Returns: Any


*args


Data type: Any


Data types


Apache::LogLevel


A string that conforms to the Apache LogLevel syntax.
Different levels can be specified for individual apache modules.


ie. [module:]level [module:level] ...


The levels are (in order of decreasing significance):



Alias of Pattern[/\A([a-z_\.]+:)?(emerg|alert|crit|error|warn|notice|info|debug|trace[1-8])(\s+([a-z_\.]+:)?(emerg|alert|crit|error|warn|notice|info|debug|trace[1-8]))*\Z/]


Apache::ModProxyProtocol


Supported protocols / schemes by mod_proxy



Alias of Pattern[/(\A(ajp|fcgi|ftp|h2c?|https?|scgi|uwsgi|wss?):\/\/.+\z)/, /(\Aunix:\/([^\n\/\0]+\/*)*\z)/]


Apache::OIDCSettings


https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf


Alias of


Struct[{
    Optional['RedirectURI']                                => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]],
    Optional['CryptoPassphrase']                           => String[1],
    Optional['MetadataDir']                                => String[1],
    Optional['ProviderMetadataURL']                        => Stdlib::HTTPSUrl,
    Optional['ProviderIssuer']                             => String[1],
    Optional['ProviderAuthorizationEndpoint']              => Stdlib::HTTPSUrl,
    Optional['ProviderJwksUri']                            => Stdlib::HTTPSUrl,
    Optional['ProviderTokenEndpoint']                      => Stdlib::HTTPSUrl,
    Optional['ProviderTokenEndpointAuth']                  => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none'],
    Optional['ProviderTokenEndpointParams']                => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
    Optional['ProviderUserInfoEndpoint']                   => Stdlib::HTTPSUrl,
    Optional['ProviderCheckSessionIFrame']                 => Stdlib::HTTPSUrl,
    Optional['ProviderEndSessionEndpoint']                 => Stdlib::HTTPSUrl,
    Optional['ProviderRevocationEndpoint']                 => Stdlib::HTTPSUrl,
    Optional['ProviderBackChannelLogoutSupported']         => Apache::OnOff,
    Optional['ProviderRegistrationEndpointJson']           => String[1],
    Optional['Scope']                                      => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/],
    Optional['AuthRequestParams']                          => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
    Optional['SSLValidateServer']                          => Apache::OnOff ,
    Optional['UserInfoRefreshInterval']                    => Variant[Integer[-1], Pattern[/^[0-9]+(\s+(logout_on_error|authenticate_on_error|502_on_error))?$/]],
    Optional['JWKSRefreshInterval']                        => Integer[-1],
    Optional['UserInfoTokenMethod']                        => Enum['authz_header', 'post_param'],
    Optional['ProviderAuthRequestMethod']                  => Enum['GET', 'POST', 'PAR'],
    Optional['PublicKeyFiles']                             => String[1],
    Optional['PrivateKeyFiles']                            => String[1],
    Optional['ResponseType']                               => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'],
    Optional['ResponseMode']                               => Enum['fragment', 'query', 'form_post'],
    Optional['ClientID']                                   => String[1],
    Optional['ClientSecret']                               => String[1],
    Optional['ClientTokenEndpointCert']                    => String[1],
    Optional['ClientTokenEndpointKey']                     => String[1],
    Optional['ClientTokenEndpointKeyPassword']             => String[1],
    Optional['ClientName']                                 => String[1],
    Optional['ClientContact']                              => String[1],
    Optional['PKCEMethod']                                 => Enum['plain', 'S256', 'referred_tb', 'none'],
    Optional['TokenBindingPolicy']                         => Enum['disabled', 'optional', 'required', 'enforced'],
    Optional['ClientJwksUri']                              => Stdlib::HTTPSUrl,
    Optional['IDTokenSignedResponseAlg']                   => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'],
    Optional['IDTokenEncryptedResponseAlg']                => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'],
    Optional['IDTokenEncryptedResponseEnc']                => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'],
    Optional['UserInfoSignedResponseAlg']                  => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'],
    Optional['UserInfoEncryptedResponseAlg']               => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'],
    Optional['UserInfoEncryptedResponseEnc']               => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'],
    Optional['OAuthServerMetadataURL']                     => Stdlib::HTTPSUrl,
    Optional['AuthIntrospectionEndpoint']                  => Stdlib::HTTPSUrl,
    Optional['OAuthClientID']                              => String[1],
    Optional['OAuthClientSecret']                          => String[1],
    Optional['OAuthIntrospectionEndpoint']                 => String[1],
    Optional['OAuthIntrospectionEndpointAuth']             => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'],
    Optional['OAuthIntrospectionClientAuthBearerToken']    => String[1],
    Optional['OAuthIntrospectionEndpointCert']             => String[1],
    Optional['OAuthIntrospectionEndpointKey']              => String[1],
    Optional['OAuthIntrospectionEndpointKeyPassword']      => String[1],
    Optional['OAuthIntrospectionEndpointMethod']           => Enum['POST', 'GET'],
    Optional['OAuthIntrospectionEndpointParams']           => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
    Optional['OAuthIntrospectionTokenParamName']           => String[1],
    Optional['OAuthTokenExpiryClaim']                      => Pattern[/^[A-Za-z0-9\-\._]+(\s(absolute|relative))?(\s(mandatory|optional))?$/],
    Optional['OAuthTokenIntrospectionInterval']            => Integer[-1],
    Optional['OAuthSSLValidateServer']                     => Apache::OnOff,
    Optional['OAuthVerifySharedKeys']                      => String[1],
    Optional['OAuthVerifyCertFiles']                       => String[1],
    Optional['OAuthVerifyJwksUri']                         => Stdlib::HTTPSUrl,
    Optional['OAuthRemoteUserClaim']                       => String[1],
    Optional['OAuthAcceptTokenAs']                         => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/],
    Optional['OAuthAccessTokenBindingPolicy']              => Enum['disabled', 'optional', 'required', 'enforced'],
    Optional['Cookie']                                     => String[1],
    Optional['CookieDomain']                               => String[1],
    Optional['CookiePath']                                 => String[1],
    Optional['SessionCookieChunkSize']                     => Integer[-1],
    Optional['CookieHTTPOnly']                             => Apache::OnOff,
    Optional['CookieSameSite']                             => Apache::OnOff,
    Optional['PassCookies']                                => String[1],
    Optional['StripCookies']                               => String[1],
    Optional['StateMaxNumberOfCookies']                    => Pattern[/^[0-9]+(\s(false|true))?$/],
    Optional['SessionInactivityTimeout']                   => Integer[-1],
    Optional['SessionMaxDuration']                         => Integer[-1],
    Optional['SessionType']                                => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent|:store_id_token|:persistent:store_id_token)?)$/],
    Optional['SessionCacheFallbackToCookie']               => Apache::OnOff,
    Optional['CacheType']                                  => Enum['shm', 'memcache', 'file', 'redis'],
    Optional['CacheDir']                                   => String[1],
    Optional['CacheEncrypt']                               => Apache::OnOff,
    Optional['CacheShmMax']                                => Integer[-1],
    Optional['CacheShmEntrySizeMax']                       => Integer[-1],
    Optional['CacheFileCleanInterval']                     => Integer[-1],
    Optional['MemCacheServers']                            => String[1],
    Optional['MemCacheConnectionsHMax']                    => Integer[-1],
    Optional['MemCacheConnectionsMin']                     => Integer[-1],
    Optional['MemCacheConnectionsSMax']                    => Integer[-1],
    Optional['MemCacheConnectionsTTL']                     => Integer[-1],
    Optional['RedisCacheServer']                           => String[1],
    Optional['RedisCachePassword']                         => String,
    Optional['RedisCacheConnectTimeout']                   => Pattern[/^[0-9]+(\s[0-9]+)?$/],
    Optional['RedisCacheDatabase']                         => Integer[-1],
    Optional['RedisCacheTimeout']                          => Integer[-1],
    Optional['RedisCacheUsername']                         => String[1],
    Optional['DiscoverURL']                                => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl],
    Optional['HTMLErrorTemplate']                          => String[1],
    Optional['DefaultURL']                                 => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl],
    Optional['PathScope']                                  => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/],
    Optional['PathAuthRequestParams']                      => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
    Optional['IDTokenIatSlack']                            => Integer[-1],
    Optional['ClaimPrefix']                                => String,
    Optional['ClaimDelimiter']                             => Pattern[/^.$/],
    Optional['RemoteUserClaim']                            => String[1],
    Optional['PassIDTokenAs']                              => Pattern[/^((claims|payload|serialized)\s?)+$/],
    Optional['PassUserInfoAs']                             => Pattern[/^((claims|json(:([A-Za-z0-9\-\._])+)?|(signed_)?jwt(:([A-Za-z0-9\-\._])+)?)\s?)+$/],
    Optional['PassClaimsAs']                               => Pattern[/^(none|headers|environment|both)?\s?(latin1|base64url|none)?$/],
    Optional['AuthNHeader']                                => String[1],
    Optional['HTTPTimeoutLong']                            => Integer[-1],
    Optional['HTTPTimeoutShort']                           => Integer[-1],
    Optional['StateTimeout']                               => Integer[-1],
    Optional['ScrubRequestHeaders']                        => Apache::OnOff,
    Optional['OutgoingProxy']                              => String[1],
    Optional['UnAuthAction']                               => Pattern[/^(auth|pass|401|407|410)(\s.*)?$/],
    Optional['UnAutzAction']                               => Pattern[/^(401|403|302|auth)(\s.*)?$/],
    Optional['PreservePost']                               => Apache::OnOff,
    Optional['PreservePostTemplates']                      => String[1],
    Optional['PassRefreshToken']                           => Apache::OnOff,
    Optional['RequestObject']                              => String[1],
    Optional['ProviderMetadataRefreshInterval']            => Integer[-1],
    Optional['InfoHook']                                   => Pattern[/^((iat|access_token|access_token_expires|id_token|id_token_hint|userinfo|refresh_token|exp|timeout|remote_user|session)\s?)+$/],
    Optional['BlackListedClaims']                          => String[1],
    Optional['WhiteListedClaims']                          => String[1],
    Optional['RefreshAccessTokenBeforeExpiry']             => Pattern[/^[0-9]+(\s(logout_on_error|authenticate_on_error|502_on_error))?$/],
    Optional['XForwardedHeaders']                          => String[1],
    Optional['CABundlePath']                               => String[1],
    Optional['DefaultLoggedOutURL']                        => String[1],
    Optional['DPoPMode']                                   => String[1],
    Optional['FilterClaimsExpr']                           => String[1],
    Optional['LogoutRequestParams']                        => Pattern[/^[^=]+=[^&]+(&[^=]+=[^&]+)*$/],
    Optional['LogoutXFrameOptions']                        => String[1],
    Optional['MetricsData']                                => String[1],
    Optional['MetricsPublish']                             => String[1],
    Optional['PassAccessToken']                            => Apache::OnOff,
    Optional['ProviderPushedAuthorizationRequestEndpoint'] => Stdlib::HttpUrl,
    Optional['ProviderSignedJwksUri']                      => String[1],
    Optional['ProviderVerifyCertFiles']                    => String[1],
    Optional['RedirectURLsAllowed']                        => String[1],
    Optional['StateCookiePrefix']                          => String,
    Optional['StateInputHeaders']                          => Enum['user-agent', 'x-forwarded-for', 'both', 'none'],
    Optional['TraceParent']                                => Enum['off', 'generate', 'propagate'],
    Optional['UserInfoClaimsExpr']                         => String[1],
    Optional['ValidateIssuer']                             => Apache::OnOff,
  }]

    
      
      
    
  


Apache::OnOff


A string that is accepted in Apache config to turn something on or off


Alias of Enum['On', 'on', 'Off', 'off']


Apache::ServerTokens


A string that conforms to the Apache ServerTokens syntax.



Alias of Enum['Major', 'Minor', 'Min', 'Minimal', 'Prod', 'ProductOnly', 'OS', 'Full']


Apache::Vhost::Priority


The priority on vhost


Alias of Variant[Pattern[/^\d+$/], Integer, Boolean]


Apache::Vhost::ProxyPass


host context. Because the implementation uses SetEnv, you must include apache::mod::env;
for the same reason, this cannot set the newer no-proxy environment variable, which
would require an implementation using SetEnvIf.



Examples


Basic example


{ 'path' => '/a', 'url' => 'http://backend-a/', }

    
      
      
    
  


With parameters


{ 'path' => '/b', 'url' => 'http://backend-a/b',
  'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300,}, }

    
      
      
    
  


With ProxyPassReverse


{ 'path' => '/l', 'url' => 'http://backend-xy',
  'reverse_urls' => ['http://backend-x', 'http://backend-y'], }

    
      
      
    
  


With additional keywords


{ 'path' => '/e', 'url' => 'http://backend-a/e',
  'keywords' => ['nocanon', 'interpolate'], }

    
      
      
    
  


With mod_proxy environment variables


{ 'path' => '/f', 'url' => 'http://backend-f/',
  'setenv' => ['proxy-nokeepalive 1', 'force-proxy-request-1.0 1'], }

    
      
      
    
  


With ProxyPassReverseCookieDomain and ProxyPassReverseCookiePath


{ 'path' => '/g', 'url' => 'http://backend-g/',
  'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',}], }

    
      
      
    
  


With exclusions


{ 'path' => '/h', 'url' => 'http://backend-h/h',
  'no_proxy_uris' => ['/h/admin', '/h/server-status'], }

    
      
      
    
  


Alias of


Struct[{
    path                          => String[1],
    url                           => String[1],
    Optional[params]              => Hash[String[1], Variant[String[1], Integer]],
    Optional[keywords]            => Array[String[1]],
    Optional[reverse_cookies]     => Array[
      Struct[
        {
          url    => String[1],
          path   => Optional[String[1]],
          domain => Optional[String[1]],
        }
      ]
    ],
    Optional[reverse_urls]        => Array[String[1]],
    Optional[setenv]              => Array[String[1]],
    Optional[no_proxy_uris]       => Array[String[1]],
    Optional[no_proxy_uris_match] => Array[String[1]],
  }]

    
      
      
    
  


Parameters


The following parameters are available in the Apache::Vhost::ProxyPass data type:



path


Data type: String[1]


The virtual path on the local server to map.


url


Data type: String[1]


The URL to which the path and its children will be mapped.


params


Data type: Optional[Hash]


Optional ProxyPass key-value parameters, such as connection settings.


reverse_urls


Data type: Array[String[1]]


Optional (but usually recommended) URLs for ProxyPassReverse configuration.
Allows Apache to adjust certain headers on HTTP redirect responses, to prevent
redirects on the back-end from bypassing the reverse proxy.


reverse_cookies


Data type: Optional[Array[Hash]]


Optional Array of Hashes, each representing a ProxyPassReverseCookieDomain or
ProxyPassReverseCookiePath configuration. These are similar to ProxyPassReverse but
operate on Domain or Path strings respectively in Set-Cookie headers. Each Hash
must contain one url => value pair, and exactly one path => value or domain => value
pair, representing the internal domain or internal path.


Options:



keywords


Data type: Optional[Array[String[1]]]


Array of optional keywords such as nocanon, interpolate, or noquery supported
by ProxyPass (refer
to subsection under heading "Additional ProxyPass Keywords").


setenv


Data type: Optional[Array[String[1]]]


Optional Array of Strings of the form "${env_var_name} ${value}".
Uses SetEnv to make Protocol Adjustments to mod_proxy in the virtual


no_proxy_uris


Data type: Optional[Array[String[1]]]


Optional Array of paths to exclude from proxying, using the ! directive to ProxyPass.


no_proxy_uris_match


Data type: Optional[Array[String[1]]]


Similar to no_proxy_uris but uses ProxyPassMatch to allow regular
expressions.


Tasks


init


Allows you to perform apache service functions


Supports noop? false


Parameters


action


Data type: Enum[reload]


Action to perform


service_name


Data type: Optional[String[1]]


The name of the apache service