kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Initial Chef repository

Browse Source
This commit is contained in:
Greg Karékinian
2015-07-21 19:45:23 +02:00
parent 7e5401fc71
commit ee4079fa85
1151 changed files with 185163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cookbooks/apache2/templates/default/mods/README Normal file
View File

@@ -0,0 +1,2 @@
These configs are taken from a Debian apache2.2-common 2.2.11-3 install. They
work on CentOS 5.3 with a few conditions using erb.

9
cookbooks/apache2/templates/default/mods/actions.conf.erb Normal file
View File

@@ -0,0 +1,9 @@
<IfModule actions_module>
#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#
</IfModule>

27
cookbooks/apache2/templates/default/mods/alias.conf.erb Normal file
View File

@@ -0,0 +1,27 @@
<IfModule alias_module>
#
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings. If
# you do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "<%= node['apache']['icondir'] %>/"
<Directory "<%= node['apache']['icondir'] %>">
Options Indexes MultiViews
AllowOverride None
<% if node['apache']['version'] == "2.4" -%>
Require all granted
<% else -%>
Order allow,deny
Allow from all
<% end -%>
</Directory>
</IfModule>

1
cookbooks/apache2/templates/default/mods/auth_cas.conf.erb Normal file
View File

@@ -0,0 +1 @@
CASCookiePath <%= node['apache']['cache_dir'] %>/mod_auth_cas/

1
cookbooks/apache2/templates/default/mods/auth_cas.load.erb Normal file
View File

@@ -0,0 +1 @@
LoadModule auth_cas_module <%= node['apache']['libexec_dir'] %>/mod_auth_cas.so

1
cookbooks/apache2/templates/default/mods/authopenid.load.erb Normal file
View File

@@ -0,0 +1 @@
LoadModule authopenid_module <%= node['apache']['libexec_dir'] %>/mod_auth_openid.so

100
cookbooks/apache2/templates/default/mods/autoindex.conf.erb Normal file
View File

@@ -0,0 +1,100 @@
<IfModule mod_autoindex.c>
#
# Directives controlling the display of server-generated directory listings.
#
#
# IndexOptions: Controls the appearance of server-generated directory
# listings.
# Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
#
IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
#
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
# It's a suffix rule, so simply matching "core" matches "score" as well !
AddIcon /icons/bomb.gif /core
AddIcon (SND,/icons/sound2.gif) .ogg
AddIcon (VID,/icons/movie.gif) .ogm
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
# Default icons for OpenDocument format
AddIcon /icons/odf6odt-20x22.png .odt
AddIcon /icons/odf6ods-20x22.png .ods
AddIcon /icons/odf6odp-20x22.png .odp
AddIcon /icons/odf6odg-20x22.png .odg
AddIcon /icons/odf6odc-20x22.png .odc
AddIcon /icons/odf6odf-20x22.png .odf
AddIcon /icons/odf6odb-20x22.png .odb
AddIcon /icons/odf6odi-20x22.png .odi
AddIcon /icons/odf6odm-20x22.png .odm
AddIcon /icons/odf6ott-20x22.png .ott
AddIcon /icons/odf6ots-20x22.png .ots
AddIcon /icons/odf6otp-20x22.png .otp
AddIcon /icons/odf6otg-20x22.png .otg
AddIcon /icons/odf6otc-20x22.png .otc
AddIcon /icons/odf6otf-20x22.png .otf
AddIcon /icons/odf6oti-20x22.png .oti
AddIcon /icons/odf6oth-20x22.png .oth
#
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
#
DefaultIcon /icons/unknown.gif
#
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
#
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
ReadmeName README.html
HeaderName HEADER.html
#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
#
IndexIgnore .??* *~ *# RCS CVS *,v *,t
</IfModule>

23
cookbooks/apache2/templates/default/mods/cache_disk.conf.erb Normal file
View File

@@ -0,0 +1,23 @@
<IfModule mod_cache_disk.c>
# cache cleaning is done by htcacheclean, which can be configured in
# /etc/default/apache2
#
# For further information, see the comments in that file,
# /usr/share/doc/apache2/README.Debian, and the htcacheclean(8)
# man page.
# This path must be the same as the one in /etc/default/apache2
CacheRoot /var/cache/apache2/mod_cache_disk
# This will also cache local documents. It usually makes more sense to
# put this into the configuration for just one virtual host.
CacheEnable disk /
# The result of CacheDirLevels * CacheDirLength must not be higher than
# 20. Moreover, pay attention on file system limits. Some file systems
# do not support more than a certain number of inodes and
# subdirectories (e.g. 32000 for ext3)
CacheDirLevels 2
CacheDirLength 1
</IfModule>

3
cookbooks/apache2/templates/default/mods/cgid.conf.erb Normal file
View File

@@ -0,0 +1,3 @@
# Socket for cgid communication
#
ScriptSock <%= node['apache']['run_dir'] %>/cgisock

1
cookbooks/apache2/templates/default/mods/dav_fs.conf.erb Normal file
View File

@@ -0,0 +1 @@
DAVLockDB <%= node['apache']['lock_dir'] %>/DAVLock

18
cookbooks/apache2/templates/default/mods/deflate.conf.erb Normal file
View File

@@ -0,0 +1,18 @@
<IfModule mod_deflate.c>
<IfModule mod_filter.c>
# these are known to be safe with MSIE 6
AddOutputFilterByType DEFLATE text/html text/plain text/xml
# everything else may cause problems with MSIE 6
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE application/atom_xml
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/x-httpd-eruby
</IfModule>
</IfModule>

3
cookbooks/apache2/templates/default/mods/dir.conf.erb Normal file
View File

@@ -0,0 +1,3 @@
<IfModule mod_dir.c>
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
</IfModule>

5
cookbooks/apache2/templates/default/mods/fastcgi.conf.erb Normal file
View File

@@ -0,0 +1,5 @@
<IfModule mod_fastcgi.c>
AddHandler fastcgi-script .fcgi
#FastCgiWrapper /usr/lib/apache2/suexec
FastCgiIpcDir <%= "#{node['apache']['lib_dir']}/fastcgi" %>
</IfModule>

10
cookbooks/apache2/templates/default/mods/fcgid.conf.erb Normal file
View File

@@ -0,0 +1,10 @@
<IfModule mod_fcgid.c>
AddHandler fcgid-script .fcgi
IPCConnectTimeout 20
</IfModule>
<% if %w[rhel fedora].include?(node['platform_family']) -%>
# Sane place to put sockets and shared memory file
SocketPath run/mod_fcgid
SharememPath run/mod_fcgid/fcgid_shm
<% end -%>

4
cookbooks/apache2/templates/default/mods/include.conf.erb Normal file
View File

@@ -0,0 +1,4 @@
<IfModule mod_include.c>
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>

4
cookbooks/apache2/templates/default/mods/include.erb Normal file
View File

@@ -0,0 +1,4 @@
<IfModule mod_include.c>
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>

19
cookbooks/apache2/templates/default/mods/info.conf.erb Normal file
View File

@@ -0,0 +1,19 @@
<IfModule mod_info.c>
#
# Allow server info reports generated by mod_info,
# with the URL of http://servername/server-info
# Uncomment and change the ".example.com" to allow
# access from other hosts.
#
<Location /server-info>
SetHandler server-info
<% if node['apache']['version'] == '2.4' -%>
Require local
Require ip <%= node['apache']['info_allow_list'] %>
<% else -%>
Order deny,allow
Deny from all
Allow from <%= node['apache']['info_allow_list'] %>
<% end -%>
</Location>
</IfModule>

4
cookbooks/apache2/templates/default/mods/ldap.conf.erb Normal file
View File

@@ -0,0 +1,4 @@
<Location /ldap-status>
SetHandler ldap-status
Require local
</Location>

199
cookbooks/apache2/templates/default/mods/mime.conf.erb Normal file
View File

@@ -0,0 +1,199 @@
<IfModule mod_mime.c>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
<% case node['platform_family'] -%>
<% when 'arch' -%>
TypesConfig <%= node['apache']['dir'] %>/conf/mime.types
<% when 'freebsd' -%>
TypesConfig <%= node['apache']['dir'] %>/mime.types
<% else -%>
TypesConfig /etc/mime.types
<% end -%>
#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have
# nothing to do with the FancyIndexing customization directives above.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#AddEncoding x-bzip2 .bz2
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-bzip2 .bz2
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
#
# DefaultLanguage and AddLanguage allows you to specify the language of
# a document. You can then use content negotiation to give a browser a
# file in a language the user can understand.
#
# Specify a default language. This means that all data
# going out without a specific language tag (see below) will
# be marked with this one. You probably do NOT want to set
# this unless you are sure it is correct for all cases.
#
# * It is generally better to not mark a page as
# * being a certain language than marking it with the wrong
# * language!
#
# DefaultLanguage nl
#
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
#
# Note 2: The example entries below illustrate that in some cases
# the two character 'Language' abbreviation is not identical to
# the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
#
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. There is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
#
# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
# Norwegian (no) - Polish (pl) - Portugese (pt)
# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
#
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
# See README.Debian for Spanish
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
# See README.Debian for Turkish
AddLanguage tr .tr
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
# are good at carefully testing your setup after each change.
# See http://www.iana.org/assignments/character-sets for the
# official list of charset names and their respective RFCs.
#
AddCharset us-ascii .ascii .us-ascii
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
AddCharset ISO-8859-7 .iso8859-7 .grk .greek
AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
AddCharset ISO-8859-10 .iso8859-10 .latin6
AddCharset ISO-8859-13 .iso8859-13
AddCharset ISO-8859-14 .iso8859-14 .latin8
AddCharset ISO-8859-15 .iso8859-15 .latin9
AddCharset ISO-8859-16 .iso8859-16 .latin10
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5 .Big5 .big5 .b5
AddCharset cn-Big5 .cn-big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8 .koi8
AddCharset KOI8-E .koi8-e
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-U .koi8-u
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-7 .utf7
AddCharset UTF-8 .utf8
AddCharset UTF-16 .utf16
AddCharset UTF-16BE .utf16be
AddCharset UTF-16LE .utf16le
AddCharset UTF-32 .utf32
AddCharset UTF-32BE .utf32be
AddCharset UTF-32LE .utf32le
AddCharset euc-cn .euc-cn
AddCharset euc-gb .euc-gb
AddCharset euc-jp .euc-jp
AddCharset euc-kr .euc-kr
#Not sure how euc-tw got in - IANA doesn't list it???
AddCharset EUC-TW .euc-tw
AddCharset gb2312 .gb2312 .gb
AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
AddCharset shift_jis .shift_jis .sjis
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
#
# For files that include their own HTTP headers:
#
#AddHandler send-as-is asis
#
# For server-parsed imagemap files:
#
#AddHandler imap-file map
#
# For type maps (negotiated resources):
# (This is enabled by default to allow the Apache "It Worked" page
# to be distributed in multiple languages.)
#
AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>

3
cookbooks/apache2/templates/default/mods/mime_magic.conf.erb Normal file
View File

@@ -0,0 +1,3 @@
<IfModule mod_mime_magic.c>
MIMEMagicFile <%= node['apache']['dir'] %>/magic
</IfModule>

32
cookbooks/apache2/templates/default/mods/mpm_event.conf.erb Normal file
View File

@@ -0,0 +1,32 @@
# event MPM
<IfModule mpm_event_module>
<% if node['apache']['version'] == '2.4' -%>
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestWorkers: maximum number of worker threads
# MaxConnectionsPerChild: maximum number of requests a server process serves
StartServers <%= node['apache']['event']['startservers'] %>
MinSpareThreads <%= node['apache']['event']['minsparethreads'] %>
MaxSpareThreads <%= node['apache']['event']['maxsparethreads'] %>
ThreadsPerChild <%= node['apache']['event']['threadsperchild'] %>
MaxRequestWorkers <%= node['apache']['event']['maxrequestworkers'] %>
MaxConnectionsPerChild <%= node['apache']['event']['maxconnectionsperchild'] %>
ThreadLimit <%= node['apache']['event']['threadlimit'] %>
ServerLimit <%= node['apache']['event']['serverlimit'] %>
<% else -%>
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
StartServers <%= node['apache']['event']['startservers'] %>
MinSpareThreads <%= node['apache']['event']['minsparethreads'] %>
MaxSpareThreads <%= node['apache']['event']['maxsparethreads'] %>
MaxClients <%= node['apache']['event']['maxrequestworkers'] %>
MaxRequestsPerChild <%= node['apache']['event']['maxconnectionsperchild'] %>
ThreadLimit <%= node['apache']['event']['threadlimit'] %>
ServerLimit <%= node['apache']['event']['serverlimit'] %>
<% end -%>
</IfModule>

27
cookbooks/apache2/templates/default/mods/mpm_prefork.conf.erb Normal file
View File

@@ -0,0 +1,27 @@
# prefork MPM
<IfModule mpm_prefork_module>
<% if node['apache']['version'] == '2.4' -%>
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxRequestWorkers: maximum number of server processes allowed to start
# MaxConnectionsPerChild: maximum number of requests a server process serves
StartServers <%= node['apache']['prefork']['startservers'] %>
MinSpareServers <%= node['apache']['prefork']['minspareservers'] %>
MaxSpareServers <%= node['apache']['prefork']['maxspareservers'] %>
MaxRequestWorkers <%= node['apache']['prefork']['maxrequestworkers'] %>
MaxConnectionsPerChild <%= node['apache']['prefork']['maxconnectionsperchild'] %>
<% else -%>
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
StartServers <%= node['apache']['prefork']['startservers'] %>
MinSpareServers <%= node['apache']['prefork']['minspareservers'] %>
MaxSpareServers <%= node['apache']['prefork']['maxspareservers'] %>
ServerLimit <%= node['apache']['prefork']['serverlimit'] %>
MaxClients <%= node['apache']['prefork']['maxrequestworkers'] %>
MaxRequestsPerChild <%= node['apache']['prefork']['maxconnectionsperchild'] %>
<% end -%>
</IfModule>

20
cookbooks/apache2/templates/default/mods/mpm_worker.conf.erb Normal file
View File

@@ -0,0 +1,20 @@
# worker MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
# graceful restart. ThreadLimit can only be changed by stopping
# and starting Apache.
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestWorkers: maximum number of threads
# MaxConnectionsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers <%= node['apache']['worker']['startservers'] %>
MinSpareThreads <%= node['apache']['worker']['minsparethreads'] %>
MaxSpareThreads <%= node['apache']['worker']['maxsparethreads'] %>
ThreadsPerChild <%= node['apache']['worker']['threadsperchild'] %>
MaxRequestWorkers <%= node['apache']['worker']['maxrequestworkers'] %>
MaxConnectionsPerChild <%= node['apache']['worker']['maxconnectionsperchild'] %>
ThreadLimit <%= node['apache']['worker']['threadlimit'] %>
ServerLimit <%= node['apache']['worker']['serverlimit'] %>
</IfModule>

17
cookbooks/apache2/templates/default/mods/negotiation.conf.erb Normal file
View File

@@ -0,0 +1,17 @@
<IfModule mod_negotiation.c>
#
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
#
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
#
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
#
# ForceLanguagePriority allows you to serve a result page rather than
# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
# [in case no accepted languages matched the available variants]
#
ForceLanguagePriority Prefer Fallback
</IfModule>

293
cookbooks/apache2/templates/default/mods/pagespeed.conf.erb Normal file
View File

@@ -0,0 +1,293 @@
<IfModule pagespeed_module>
# Turn on mod_pagespeed. To completely disable mod_pagespeed, you
# can set this to "off".
ModPagespeed on
# We want VHosts to inherit global configuration.
# If this is not included, they'll be independent (except for inherently
# global options), at least for backwards compatibility.
ModPagespeedInheritVHostConfig on
# Direct Apache to send all HTML output to the mod_pagespeed
# output handler.
AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html
# If you want mod_pagespeed process XHTML as well, please uncomment this
# line.
# AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER application/xhtml+xml
# The ModPagespeedFileCachePath directory must exist and be writable
# by the apache user (as specified by the User directive).
ModPagespeedFileCachePath "/var/cache/mod_pagespeed/"
# Override the mod_pagespeed 'rewrite level'. The default level
# "CoreFilters" uses a set of rewrite filters that are generally
# safe for most web pages. Most sites should not need to change
# this value and can instead fine-tune the configuration using the
# ModPagespeedDisableFilters and ModPagespeedEnableFilters
# directives, below. Valid values for ModPagespeedRewriteLevel are
# PassThrough, CoreFilters and TestingCoreFilters.
#
# ModPagespeedRewriteLevel PassThrough
# Explicitly disables specific filters. This is useful in
# conjuction with ModPagespeedRewriteLevel. For instance, if one
# of the filters in the CoreFilters needs to be disabled for a
# site, that filter can be added to
# ModPagespeedDisableFilters. This directive contains a
# comma-separated list of filter names, and can be repeated.
#
# ModPagespeedDisableFilters rewrite_images
# Explicitly enables specific filters. This is useful in
# conjuction with ModPagespeedRewriteLevel. For instance, filters
# not included in the CoreFilters may be enabled using this
# directive. This directive contains a comma-separated list of
# filter names, and can be repeated.
#
# ModPagespeedEnableFilters rewrite_javascript,rewrite_css
# ModPagespeedEnableFilters collapse_whitespace,elide_attributes
# ModPagespeedDomain
# authorizes rewriting of JS, CSS, and Image files found in this
# domain. By default only resources with the same origin as the
# HTML file are rewritten. For example:
#
# ModPagespeedDomain cdn.myhost.com
#
# This will allow resources found on http://cdn.myhost.com to be
# rewritten in addition to those in the same domain as the HTML.
#
# Wildcards (* and ?) are allowed in the domain specification. Be
# careful when using them as if you rewrite domains that do not
# send you traffic, then the site receiving the traffic will not
# know how to serve the rewritten content.
# Other defaults (cache sizes and thresholds):
#
# ModPagespeedFileCacheSizeKb 102400
# ModPagespeedFileCacheCleanIntervalMs 3600000
# ModPagespeedLRUCacheKbPerProcess 1024
# ModPagespeedLRUCacheByteLimit 16384
# ModPagespeedCssFlattenMaxBytes 2048
# ModPagespeedCssInlineMaxBytes 2048
# ModPagespeedCssImageInlineMaxBytes 2048
# ModPagespeedImageInlineMaxBytes 2048
# ModPagespeedJsInlineMaxBytes 2048
# ModPagespeedCssOutlineMinBytes 3000
# ModPagespeedJsOutlineMinBytes 3000
# Limit the number of inodes in the file cache. Set to 0 for no limit.
# The default value if this paramater is not specified is 0 (no limit).
ModPagespeedFileCacheInodeLimit 500000
# Bound the number of images that can be rewritten at any one time; this
# avoids overloading the CPU. Set this to 0 to remove the bound.
#
# ModPagespeedImageMaxRewritesAtOnce 8
# You can also customize the number of threads per Apache process
# mod_pagespeed will use to do resource optimization. Plain
# "rewrite threads" are used to do short, latency-sensitive work,
# while "expensive rewrite threads" are used for actual optimization
# work that's more computationally expensive. If you live these unset,
# or use values <= 0 the defaults will be used, which is 1 for both
# values when using non-threaded MPMs (e.g. prefork) and 4 for both
# on threaded MPMs (e.g. worker and event). These settings can only
# be changed globally, and not per virtual host.
#
# ModPagespeedNumRewriteThreads 4
# ModPagespeedNumExpensiveRewriteThreads 4
# Settings for image optimization:
#
# Jpeg recompression quality (0 to 100, -1 strips metadata):
# ModPagespeedJpegRecompressionQuality -1
#
# Percent of original image size below which optimized images are retained:
# ModPagespeedImageLimitOptimizedPercent 100
#
# Percent of original image area below which image resizing will be
# attempted:
# ModPagespeedImageLimitResizeAreaPercent 100
# When Apache is set up as a browser proxy, mod_pagespeed can record
# web-sites as they are requested, so that an image of the web is built up
# in the directory of the proxy administrator's choosing. When ReadOnly is
# on, only files already present in the SlurpDirectory are served by the
# proxy.
#
# ModPagespeedSlurpDirectory ...
# ModPagespeedSlurpReadOnly on
# The maximum URL size is generally limited to about 2k characters
# due to IE: See http://support.microsoft.com/kb/208427/EN-US.
# Apache servers by default impose a further limitation of about
# 250 characters per URL segment (text between slashes).
# mod_pagespeed circumvents this limitation, but if you employ
# proxy servers in your path you may need to re-impose it by
# overriding the setting here. The default setting is 1024
# characters.
#
# ModPagespeedMaxSegmentLength 250
# Uncomment this if you want to prevent mod_pagespeed from combining files
# (e.g. CSS files) across paths
#
# ModPagespeedCombineAcrossPaths off
# Renaming JavaScript URLs can sometimes break them. With this
# option enabled, mod_pagespeed uses a simple heuristic to decide
# not to rename JavaScript that it thinks is introspective.
#
# You can turn this off to let mod_pagespeed rename all JS files.
ModPagespeedAvoidRenamingIntrospectiveJavascript on
# Certain common JavaScript libraries are available from Google, which acts
# as a CDN and allows you to benefit from browser caching if a new visitor
# to your site previously visited another site that makes use of the same
# libraries as you do. Enable the following filter to turn on this feature.
#
# ModPagespeedEnableFilters canonicalize_javascript_libraries
# The following lines configure libraries that are recognized by
# canonicalize_javascript_libraries. These will have no effect unless you
# enable this filter (generally by uncommenting the last line in the
# previous stanza). It simply provides a sensible default configuration
# when the filter is switched on.
# The format is:
# ModPagespeedLibrary bytes md5 canonical_url
# Where bytes and md5 are with respect to the *minified* JS; use
# js_minify --print_size_and_hash to obtain this data.
# Note that we can register multiple hashes for the same canonical url;
# we do this if there are versions available that have already been minified
# with more sophisticated tools.
ModPagespeedLibrary 105527 ltVVzzYxo0 //ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js
ModPagespeedLibrary 92501 J8KF47pYOq //ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js
ModPagespeedLibrary 141547 GKjMUuF4PK //ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js
ModPagespeedLibrary 43 1o978_K0_L http://www.modpagespeed.com/rewrite_javascript.js
# Explicitly tell mod_pagespeed to load some resources from disk.
# This will speed up load time and update frequency.
#
# This should only be used for static resources which do not need
# specific headers set or other processing by Apache.
#
# Both URL and filesystem path should specify directories and
# filesystem path must be absolute (for now).
#
# ModPagespeedLoadFromFile "http://example.com/static/" "/var/www/static/"
# Enables server-side instrumentation and statistics. If this rewriter is
# enabled, then each rewritten HTML page will have instrumentation javacript
# added that sends latency beacons to /mod_pagespeed_beacon. These
# statistics can be accessed at /mod_pagespeed_statistics. You must also
# enable the mod_pagespeed_statistics and mod_pagespeed_beacon handlers
# below.
#
# ModPagespeedEnableFilters add_instrumentation
# The add_instrumentation filter sends a beacon after the page onload
# handler is called. The user might navigate to a new URL before this. If
# you enable the following directive, the beacon is sent as part of an
# onbeforeunload handler, for pages where navigation happens before the
# onload event.
#
# ModPagespeedReportUnloadTime on
# Uncomment the following line so that ModPagespeed will not cache or
# rewrite resources with Vary: in the header, e.g. Vary: User-Agent.
# ModPagespeedRespectVary on
# This handles the client-side instrumentation callbacks which are injected
# by the add_instrumentation filter.
# You can use a different location by adding the ModPagespeedBeaconUrl
# directive; see the documentation on add_instrumentation.
<Location /mod_pagespeed_beacon>
SetHandler mod_pagespeed_beacon
</Location>
# Uncomment the following line if you want to disable statistics entirely.
#
# ModPagespeedStatistics off
# This page lets you view statistics about the mod_pagespeed module.
<Location /mod_pagespeed_statistics>
Order allow,deny
# You may insert other "Allow from" lines to add hosts you want to
# allow to look at generated statistics. Another possibility is
# to comment out the "Order" and "Allow" options from the config
# file, to allow any client that can reach your server to examine
# statistics. This might be appropriate in an experimental setup or
# if the Apache server is protected by a reverse proxy that will
# filter URLs in some fashion.
Allow from localhost
Allow from 127.0.0.1
SetHandler mod_pagespeed_statistics
</Location>
# Uncomment the following line if you want to enable statistics logging.
# ModPagespeedStatistics is required to be enabled.
#
# ModPagespeedStatisticsLogging on
#
# The base filename to use to store logged statistics.
# Required if logging is enabled.
#
# ModPagespeedStatisticsLoggingFile "@@MOD_PAGESPEED_STATS_LOG@@"
#
# The interval at which statistics will be logged, in milliseconds.
# Optional; default is 3000.
#
# ModPagespeedStatisticsLoggingIntervalMs 3000
# If both of the below are set, the console will use offline copies of the
# files needed for the Google Chart Tools API rather than connecting to the
# Internet to obtain them. This is experimental, as the only supported
# loading mechanism for the Chart Tools API requires an Internet connexion.
#
# Where to find an offline copy of the CSS file required for the Google
# Chart Tools API. At the time of writing, the Google Chart Tools API CSS
# file can be found at:
# https://ajax.googleapis.com/ajax/static/modules/gviz/1.0/core/tooltip.css
#
# ModPagespeedStatisticsLoggingChartsCSS http://example.com/charts.css
#
# Where to find an offline copy of the JS file required for the Google
# Chart Tools API. At the time of writing, the Google Chart Tools API JS
# file can be found at:
# https://www.google.com/uds/api/visualization/1.0/d7d36793f7a886b687850d2813583db9/format+en,default,corechart.I.js
#
# ModPagespeedStatisticsLoggingChartsJS http://example.com/charts.js
# This page lets you view a graphical console displaying statistics about
# the mod_pagespeed module.
<Location /mod_pagespeed_console>
Order allow,deny
# This can be configured similarly to mod_pagespeed_statistics above.
Allow from localhost
Allow from 127.0.0.1
SetHandler mod_pagespeed_console
</Location>
# Page /mod_pagespeed_message lets you view the latest messages from
# mod_pagespeed, regardless of log-level in your httpd.conf
# ModPagespeedMessageBufferSize is the maximum number of bytes you would
# like to dump to your /mod_pagespeed_message page at one time,
# its default value is 100k bytes.
# Set it to 0 if you want to disable this feature.
ModPagespeedMessageBufferSize 100000
<Location /mod_pagespeed_message>
Allow from localhost
Allow from 127.0.0.1
SetHandler mod_pagespeed_message
</Location>
<Location /mod_pagespeed_referer_statistics>
Allow from localhost
Allow from 127.0.0.1
SetHandler mod_pagespeed_referer_statistics
</Location>
</IfModule>

37
cookbooks/apache2/templates/default/mods/php5.conf.erb Normal file
View File

@@ -0,0 +1,37 @@
<IfModule mod_php5.c>
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".+\.phps$">
SetHandler application/x-httpd-php-source
# Deny access to raw php sources by default
# To re-enable it's recommended to enable access to the files
# only in specific virtual host or directory
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order Deny,Allow
Deny from all
<% end -%>
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(p[345]?|t|tml|ps)$">
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order Deny,Allow
Deny from all
<% end -%>
</FilesMatch>
# Running PHP scripts in user directories is disabled by default
#
# To re-enable PHP in user directories comment the following lines
# (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
# prevents .htaccess files from disabling it.
<IfModule mod_userdir.c>
<Directory /home/*/public_html>
php_admin_value engine Off
</Directory>
</IfModule>
</IfModule>

23
cookbooks/apache2/templates/default/mods/proxy.conf.erb Normal file
View File

@@ -0,0 +1,23 @@
<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
<% if node['apache']['version'] == "2.4" -%>
Require <%= node['apache']['proxy']['require'] %>
<% else -%>
Order <%= node['apache']['proxy']['order'] %>
Deny from <%= node['apache']['proxy']['deny_from'] %>
Allow from <%= node['apache']['proxy']['allow_from'] %>
<% end -%>
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
ProxyVia On
</IfModule>

18
cookbooks/apache2/templates/default/mods/proxy_balancer.conf.erb Normal file
View File

@@ -0,0 +1,18 @@
<IfModule mod_proxy_balancer.c>
# Balancer manager enables dynamic update of balancer members
# (needs mod_status). Uncomment to enable.
#
#<IfModule mod_status.c>
# <Location /balancer-manager>
# SetHandler balancer-manager
<% if node['apache']['version'] == '2.4' -%>
# Require local
<% else -%>
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1 ::1
# Satisfy all
<% end -%>
# </Location>
#</IfModule>
</IfModule>

4
cookbooks/apache2/templates/default/mods/proxy_ftp.conf.erb Normal file
View File

@@ -0,0 +1,4 @@
<IfModule mod_proxy_ftp.c>
# Define the character set for proxied FTP listings. Default is ISO-8859-1
ProxyFtpDirCharset UTF-8
</IfModule>

22
cookbooks/apache2/templates/default/mods/reqtimeout.conf.erb Normal file
View File

@@ -0,0 +1,22 @@
<IfModule reqtimeout_module>
# mod_reqtimeout limits the time waiting on the client to prevent an
# attacker from causing a denial of service by opening many connections
# but not sending requests. This file tries to give a sensible default
# configuration, but it may be necessary to tune the timeout values to
# the actual situation. Note that it is also possible to configure
# mod_reqtimeout per virtual host.
# Wait max 20 seconds for the first byte of the request line+headers
# From then, require a minimum data rate of 500 bytes/s, but don't
# wait longer than 40 seconds in total.
# Note: Lower timeouts may make sense on non-ssl virtual hosts but can
# cause problem with ssl enabled virtual hosts: This timeout includes
# the time a browser may need to fetch the CRL for the certificate. If
# the CRL server is not reachable, it may take more than 10 seconds
# until the browser gives up.
RequestReadTimeout header=20-40,minrate=500
# Wait max 10 seconds for the first byte of the request body (if any)
# From then, require a minimum data rate of 500 bytes/s
RequestReadTimeout body=10,minrate=500
</IfModule>

28
cookbooks/apache2/templates/default/mods/setenvif.conf.erb Normal file
View File

@@ -0,0 +1,28 @@
<IfModule mod_setenvif.c>
#
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^gvfs/1" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch " Konqueror/4" redirect-carefully
</IfModule>

108
cookbooks/apache2/templates/default/mods/ssl.conf.erb Normal file
View File

@@ -0,0 +1,108 @@
<IfModule mod_ssl.c>
#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog <%= node['apache']['mod_ssl']['pass_phrase_dialog'] %>
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache <%= node['apache']['mod_ssl']['session_cache'] %>
SSLSessionCacheTimeout <%= node['apache']['mod_ssl']['session_cache_timeout'] %>
<% if node['apache']['version'] != '2.4' -%>
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex <%= node['apache']['mod_ssl']['mutex'] %>
<% end -%>
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
# enable only secure ciphers:
SSLCipherSuite <%= node['apache']['mod_ssl']['cipher_suite'] %>
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy - if the server's key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
SSLHonorCipherOrder <%= node['apache']['mod_ssl']['honor_cipher_order'] %>
# The protocols to enable.
# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
# SSL v2 is no longer supported
SSLProtocol <%= node['apache']['mod_ssl']['protocol'] %>
# Allow insecure renegotiation with clients which do not yet support the
# secure renegotiation protocol. Default: Off
SSLInsecureRenegotiation <%= node['apache']['mod_ssl']['insecure_renegotiation'] %>
<% unless node['apache']['mod_ssl']['strict_sni_vhost_check'] == "Off"%>
# Whether to forbid non-SNI clients to access name based virtual hosts.
# Default: Off
SSLStrictSNIVHostCheck <%= node['apache']['mod_ssl']['strict_sni_vhost_check'] %>
<% end %>
<% if node['apache']['version'] == '2.4' -%>
# Enable compression on the SSL level
# Enabling compression causes security issues in most setups (the so called CRIME attack).
# Default: Off
SSLCompression <%= node['apache']['mod_ssl']['compression'] %>
# OCSP Stapling, only in httpd 2.3.3 and later
# This option enables OCSP stapling, as defined by the "Certificate Status Request" TLS
# extension specified in RFC 6066. If enabled (and requested by the client), mod_ssl will
# include an OCSP response for its own certificate in the TLS handshake.
# Configuring an SSLStaplingCache is a prerequisite for enabling OCSP stapling.
# Default: Off
<% if node['apache']['mod_ssl']['use_stapling'] == 'On' -%>
SSLUseStapling <%= node['apache']['mod_ssl']['use_stapling'] %>
SSLStaplingResponderTimeout <%= node['apache']['mod_ssl']['stapling_responder_timeout'] %>
SSLStaplingReturnResponderErrors <%= node['apache']['mod_ssl']['stapling_return_responder_errors'] %>
SSLStaplingCache <%= node['apache']['mod_ssl']['stapling_cache'] %>
<% end -%>
<% end -%>
<% node['apache']['mod_ssl']['directives'].sort_by { |key, val| key }.each do |directive, value| -%>
<%= directive %> <%= value %>
<% end -%>
</IfModule>

42
cookbooks/apache2/templates/default/mods/status.conf.erb Normal file
View File

@@ -0,0 +1,42 @@
<IfModule mod_status.c>
#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Uncomment and change the ".example.com" to allow
# access from other hosts.
#
<Location /server-status>
SetHandler server-status
<% if node['apache']['version'] == '2.4' -%>
Require local
Require ip <%=node['apache']['status_allow_list']%>
<% else -%>
Order deny,allow
Deny from all
Allow from <%= node['apache']['status_allow_list'] %>
<% end -%>
</Location>
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
<% if node['apache']['ext_status'] -%>
ExtendedStatus On
<% else -%>
ExtendedStatus Off
<% end -%>
<% if node['apache']['version'] == '2.4' -%>
# Determine if mod_status displays the first 63 characters of a request or
# the last 63, assuming the request itself is greater than 63 chars.
# Default: Off
#SeeRequestTail On
<IfModule mod_proxy.c>
# Show Proxy LoadBalancer status in mod_status
ProxyStatus On
</IfModule>
<% end -%>
</IfModule>

17
cookbooks/apache2/templates/default/mods/userdir.conf.erb Normal file
View File

@@ -0,0 +1,17 @@
<% if node['apache']['version'] == '2.4' -%>
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled root
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST OPTIONS>
Require all denied
</LimitExcept>
</Directory>
</IfModule>
<% end -%>