I wasn't able to reach https://nostr.kosmos.org/nodeinfo/2.1, which I
stumbled upon in an upstream PR. This one only matches exactly the paths
that substr is serving.
Tested/running in production.
Fixes not being able to join a cluster from other nodes, because the
ports are not within the firewall range of allowed ports.
Co-authored-by: Greg Karékinian <greg@karekinian.com>
Mailgun was rejecting the email as it did not have a valid sender
(the default, which is something like root@akkounts-1). Unattended
upgrades have been working properly, now we will start getting emails
next time an upgrade is done on akkounts-1.
I ended up upgrading Chef manually on the server as I couldn't using
knife-zero
`curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 18.7.10`
This has been done with the help of `cookstyle` which is very useful to
learn about breaking changes and updates in Chef.
On wiki-1 I managed to update Chef up to 17.10.163. For version 18 I ran
into an issue with the omnibus installer returning a 404
Refs #500
Some recipes weren't updated for the proxy validation yet. Needed to
split the ejabberd cert in two, so it can do normal validation on
`.org` and proxy validation on `.chat`.
The cleanups were broken in that every single archive was also copied to
a shared folder and never deleted from there.
Co-authored-by: Greg Karékinian <greg@karekinian.com>
If pivoting the VM backing storage back to the original image fails
(e.g. VM being down at that time), the script currently still deletes
the hotswap image, which means that all changes since the creation of
the hotswap image are lost.
Allows to point other domains' `_acme-challenge.example.com` entries at
`example.com.letsencrypt.kosmos.chat` so we can validate from our side
without access to the other domain's DNS records.
Used for 5apps.com XMPP for now. Can be used for others later.
Co-authored-by: Greg Karékinian <greg@karekinian.com>
In addition to installing and configuring the new module, this also
enables public access to the S3 API via `bucket-name.s3.kosmos.org` as
well as Web access on `bucket-name.web.s3.kosmos.org` (when enabled).
Also includes some drive-by improvements to Chef attribute naming and
usage.
Co-authored-by: Greg Karékinian <greg@karekinian.com>
Move the listener to a separate endpoint on port 80, which is only
accessible from the private network. Change accounts.kosmos.org to use
the new endpoint via a `.local` domain instead of faking external
access.
Allows to swap sats in and out of Lightning channels without a 3rd party
(and their fees). Instead, swaps can be initiated directly with the
channel peer.
https://www.peerswap.dev/
The respective bucket needs to be configured with a domain alias. When a
new alias is added to the `s3_web_domains` config, a new nginx site can
then be deployed to the `nginx_proxy` hosts.
Works both as local deployment and proxy (via roles and environments)
* Use upstreams for proxy_pass
* Access static assets from proxy, configure caching for them
* Move Tor config to environment, install via role
* ...
Add a garage cookbook that installs the garage binary distribution and
creates the necessary configuration and system service.
Also deploy two new VMs to act as storage nodes.
refs #428
(HAProxy is now also using the private network.)
This fixes IPFS connections to Kosmos nodes from outside the network, as
well as in between nodes on the private network.
Some software, e.g. go-ipfs, is rather aggressive in scanning local
networks for peers, which can trigger abuse reports and IP locks in the
data center.
It makes it possible to serve multiple Discord instances to different
hosts from a single nginx load balancer
Right now we run one for Kosmos and one for remoteStorage
It's running on fornax now, and the VMs have been deleted. This way,
there's no internal routing needed for it to be publicly accessible by
any network member nodes.
Only subdomains of `hosts` are automatically announced, but other
domains have to be added manually via the `extra_domains` disco module
config.
fixes#413
Tested/running on all cluster nodes. Due to changes in the upstream
package we were able to remove some complexity from the recipe. Deleting
code FTW!
closes#334
Changes botka on libera to connect to a bouncer, which also uses SASL,
in order to fix the connection issues and keep a stable connection with
minimal maintenance.
Configures the JWT signing algorithm to be the old, less secure
algorithm, until we update the token for Drone CI (and any other OAuth
apps).
closes#338
The latest release added a new config option for auto-unlocking the
wallet/node using a password file. This changeset adds support for just
that to the lnd recipe, so that nobody has to manually unlock it after
reboots or service restarts.
This is meant to be executed as a script manually, not as part of Hubot.
Example usage:
cd /opt/hal8000_xmpp/node_modules/hubot-kredits
./scripts/review-kredits.js --start 2021-02-01 --end 2021-02-28T23:59:59Z --dry
Closes#315
Currently using a custom rule for system fonts. This change also adds a
missing new class to the custom rule to cover Markdown-generated content
like e.g. comments.
Fixes various issues, like compilation not starting on subsequent
version updates, service not restarting after compilation, and a TODO
note on the compilation script itself.
It was created with an encfs volume inside a VM, we want full disk encryption
instead. I have deleted the VM from centaurus as well as its disk and
have also unauthorized its id from the zerotier controller
Only setting it for standby servers isn't useful, as we need to be able
to touch this file to trigger the promotion of a new primary server
after running Chef on it.
Using outdated/invalid rules syntax. Remove the property entirely, so
the API will create the default rule (which is the same) on creation.
Co-authored-by: Greg Karékinian <greg@karekinian.com>
Throws a warning when reloading the config, because it is enabled by
default, but not configured entirely. Disabling it explicitly removes
the warning.
It uses `virt-install` with the official Ubuntu 20.04 cloud image as a
starting point, with cloud-init to add our SSH keys to the ubuntu user
and set up Zerotier.
USAGE: create_vm VMNAME
Closes#244
The data URI declares an SVG source, but this was actually a PNG. Hence
the failure in Chrome. This change turns it into an actual inline SVG
and uses UTF8 encoding instead of base64, because SVG is just text anyway.
fixes#61
* Move the PostgreSQL user and database creation to a pg_db recipe
* Generate access rights for the ejabberd servers in the pg_db recipe
* Connect to the PostgreSQL primary instead of localhost
Refs #180
Previously we were passing it as an additional config, but it is set by
default. The last value was used, the custom one, so the server still
used the correct file
Fix some things, and prepare for path-based activation. Also, comment
the buggy initial dir creation and explain manual provisioning in README
for now.
Usage: Add the kosmos_encfs::default recipe to the run list of a node.
Creating the encrypted directory will keep it mounted. After a reboot,
start the encfs service and enter the password:
```
$ systemctl start encfs
encfs password:
```
For now postgresql@12-main is a hardcoded dependency of the encfs
Systemd unit that is automatically started once the user inputs the
correct password. This list of dependency will need to be different for
every server, based on the services it is running
We will enable it again after we have a valid TLS cert generated with
Let's Encrypt. It prevents logins using http, and we will need that as
an admin account
The default recipe deploys the gitea binary, generates a config file and
our custom Kosmos label set. The service runs as a Systemd unit.
The pg_db recipe needs to run on the primary PostgreSQL (currently
andromeda).
The backup recipe is empty for now
Refs #147
encfs always runs a configuration assistant when creating a new
volume, so this needs to be done manually:
systemctl stop postgresql@12-main
mv /var/lib/postgresql /var/lib/postgresql.old
encfs /var/lib/postgresql_encrypted /var/lib/postgresql --public
Pick p (paranoia mode) and enter the password from the data bag twice
mv /var/lib/postgresql/* /var/lib/postgresql/
systemctl start postgresql@12-main
This is running on centaurus and is mounted automatically on boot by a
system unit
Refs #129
Follow-up to #156
I found another issue with the initial ACI creation, while creating a
fresh VM. I thought I had fixed it in #156 but I was wrong. This time
the ACIs are really set and the code runs successfully.
The ACIs are set on the suffix, so modifying it is needed
This won't be executed on a server that is already running, this is only
done on the initial setup
Supports both primary and replica. The access rules and firewall have to
be set up outside of the custom resource, so they are part of the
recipes instead
Refs #160
This is only executed on initial creation of the instance, the
production one is using these fixed ACIs, this was only an issue with
the setup
The issue was the ACI was set at the wrong level
This is currently 3.1.4 and is set as an attribute. The recipe is very
simple now, it installs the npm package, and the systemd service runs
/usr/bin/sockethub and sets the environment variables
Closes#145
* Use a new read-only account instead of the admin LDAP account
* Disable the LDAPAuthorization plugin. The LDAPAuthentication2 plugin
is still used to authenticate users, but every kosmos.org user has
access to the wiki. See
https://www.mediawiki.org/wiki/Extension:PluggableAuth for the
distinction between authentication and authorization
Refs #127
Allow users to change their own password, but nothing else (no search,
no read, no write)
This will only run when setting up the 389-dirsrv instance for the first
time, this has been applied on barnard by editing the dn (see
#128 (comment))
Closes#128
Users can log in using their LDAP account (in the
ou=users,dc=kosmos,dc=org group and with the wiki attribute set to
enabled)
Add an attribute for the ldap master server, so it can be overridden in
the development environment
Refs #107
This has been the only way I managed to make `chef generate cookbook
COOKBOOK_NAME` set the default values
This is not documented, there is an issue open about it:
https://github.com/chef/chef-cli/issues/54
Change the notifies property to :immediately in nginx_certbot_site. This
way the vhost template is recreated and then triggers a reload of the
nginx service. The previous code resulted in nginx not being reloaded,
as the action had already been queued earlier.
It sets up 389 Directory Server, including a TLS cert acquired using
Let's Encrypt in production (that requires ldap.kosmos.org pointing to
the server's IP)
Because of the wormhole feature between XMPP and IRC, any links to
tweets will be read by the hal8000 bots on both platforms.
This change removes the Tweet reading extension from the XMPP version of
the bot.
Because of the wormhole feature between XMPP and IRC, any links to
tweets will be read by the hal8000 bots on both platforms.
This change removes the Tweet reading extension from the IRC version of
the bot.
The assets precompilation task runs yarn with NODE_ENV=production,
before this change yarn would install a different set of packages, with
this change the run from the assets precompilation is idempotent
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LKcqydrG3zgtmThEg+q\nOcw8QvIB2usMkF4kNMFeqhhdr2q/AtRcq4RJ0u0MiZbkHduGWfG9QZpjmbFZcEke\nURJbddqSDPHFAtrK2+BpcMqNN/mSp59f4MJf6wdLnBoeZCF5pCCXibyj+/754Ly+\nEJNiB1sf1Lu82YW2YM7iLhOLk1QQD2DTfBGbj9swdPrgKK+1npQ4A7O8sOB5gDjb\n9QVLCvCEoYFi+9is0vw/YryEr6tfnNw+CroP2uDfyVfWznF8oPUuttAcHgqDA3CV\n7lCRk9yVt1FKwuq2lFcsMqZ7wO4EoxpzCz/XTnpFPFvgeVinyXjSPsQCBAdwJe5T\nWQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNy0NZUQo93anCe3YkGI\nGTzHnH1SUqc7315ShEEgp9GC9ghEaFe9YX6fdYma4KLfehi1LNoYhibpaVvF6qMB\n5p2pCk4eM9EjRYve3byqt0ZJZzLEcR4zfoiqJHLMBfB1tDiGj3BbahY6LJ0WH/q2\nTek61LOp2nB/9HYSIRlYz8EJtt2YyjV57oqQD5rnEDCJyBf34VI81SZFBeSHCeHQ\nUDALdnkro840FHfFKMUTdUmtpq/bhBA13EkFqVObnc0xZQP3eW6pRNeZ5oUpBLK3\nbAXahd8YEW6c6XerK3JqROs/l2ZRXmfmOMB5RjzmTEuCDsZFuCnJDQEY1nWCyUmu\nhQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwinJNGMUzUdrZwx/ZCkU\nxZRnuWqZHXHdZtkEG6beMY1sB/PpGknLgcfTjhh4FR/5hIXqBcVdUj3DZiTmhd8o\n0QpEkJPNKd08PN12CyShPwCcIA1KTqsCsNys+bp6Wff84JClAe/Oza6DonoRmhqO\ncFxSQcscuv8a6Gc/1X/aySmS01hwL+r9p0VZBEPNKEObgJXHsGIIbajlxgq037X/\n2/IsIk2etXTUSWPJLxNKSXzxC3l4Izw4NfvUgipByPTeJQ2YAVxbvrDEqquBGk5S\nll/mlF+fKX0QvUhm7sdLiSy++rHc8R1ny+4LnR1gAOscYMuLbDbpJnW0Rc0GEJOL\nVwIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJiREO7WJyKWzOltXREs\n6bCMBzHTeyBSLxK/50xPvk43A8e+8qW1V52oO/uQkHh8YJ8BCDdSsWTNTudTuMhm\nEFLYP7n+ESYyz7nBgcwLX19lSo3dGnyuQBwlno6W/F1uEdTxfY6MtxJdiPZQDIt0\noijEwOF4ZhA5A+kqx6fpp+rX48r9wdidjdhrJimQixL0SsJFkoStc17BxrnqPpv9\n/sd4xYKgK9hEmEovhghBN3ULsxDOj63cGmM4uWLjbO4ZpL6g1lZRJR5kmcziL9KH\n23M7ShaJu90PnPiFSCUFgNN24zA7aKTkKulNs4g2OYovWVG/z8WglGqHNY83dBP0\nLwIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DLEt7jfKPH7X7pBknG3\nWoB6Q6Vffl6Q0GRxQiMJ1uRC79dulKH097CYfLzIXFZD9gRRP4K78vW5BA2spXVV\nn3qrak9JT6BGgdFrkBEdMNGZyz814aMiyhPZrQUrmIzyH8R04xZgv7UH86qdNQ5p\nPeIXS7gU7/0PmwRgEBiM1KLq+Kba6pYdGefKqxx5D59xweH+yE+rbd5ac9xn2GP7\nyOiZoG2sMuksq7d3O4SeTS2lBAmG5IeiP2iWvHWpZD48PTr78ItkTgIbaqZU2PXV\ng+2OcJPTel5xISooe5FvW8gdpC9SYoBPvgJuJ6czc1+LdUSK7pE7577eAJNDlh+H\nRwIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6FuI13W2sft83OIWe59/\nYTfpTfKcYTCq5zAQEu87OYHHQeBAYo0W/g/qICh3qw0ie2QMPyggAezoeR5VQdLt\nkJq1X9AHqyX59YThzj7dLCCEKq+mAdriuKzNGu8eml4DRM3m+xw7jFzcwwrD8ECZ\nY+Kn7bcOtozx0mXpEm+cO2cOKmRQn0VJwAQSe6eW301iGmpR9et4hDqMjhiUiwaU\nWAqpsmP/JQMLAX2gLzwilD63VCQlcQCDq/D1m/N6bWb1L47zNAzwOCSYV92bGNDe\nRe+4gCVVLpfGWKbkjQFDraCmME7+O50WpbfowylF8gOzgl3AvnpC/LOSzT8VtMPr\nZQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2r+emfhx7bl7MxEeIDGY\nKnj3xEyFvVgXL7GwOsbKszFVgZ17yuPwa6vuiJsZsbcFC/nXgGNH2WF5FEv7XhOi\nwE8KMeNrR4xQ9BEANRlRgUTfrkhZG1NCy7PpVBb7L2r36STBuFSdQJmruJAfvTHm\na4hhmfaSIJ0Wa+Q24gL1GNwkSRdOhXRYxB4OvNIJzzuC3XqgugQVG5xzZh0kULQs\nkZVvkL5dM0FEZzBn8aK2sohTFDivvYJy7PAogC9Z5M1nPatZBowruUZvCym3Wh1J\nRtBwsS9SsTcsUqaT9FpEa7vYUney1/R8G2FAFufTyztjgBQzh78GhU+dek+ycIf1\nVQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDRdvMYKRjejoFsOxS6s\n4gj0Gsaxk/j25A5VPHBcEhr+NOh8W/6NnTTHuFMaorEIl/2kscgrcwriDN7xIFmO\nz/C1+spDLPMGSWd+422KSS3fjVfByLlMwxh171RDZBlZVze7H7CIV/rxCG7Ri85y\nPvyp2rT4ioyVGyYK3e8CiXwQckpFC1ex9VRk/GR8zbCYUIw+qbTFRcl/mQuxKqWK\n22vrgAR+6OL8lcyhssmKiQ1r3GtxwJusgffw4/5S8sRR1z8OB4wiwgOWR1E36EbF\nhTBjFzPiKVjVjP/TQpUoYdnBhuD223M8nPWJl1HMVQPMjL6R2BBOF+iK0Wx9SiFD\nJwIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2+3Wo+KkXVJCOX1SxT9\nSdwKXgPbCDM3EI9uwoxhMxQfRyN53dxIsBDsQUVOIe1Z8yqm4FenMQlNmeDR+QLE\nvNFf1fisinW+D9VVRm+CjcJy96i/Dyt786Z6YRrDlB860HxCbfTL2Zv5BRtbyIKg\nhz5gO+9PMEpPVR2ij9iue4K6jbM1AAL2ia/P6zDWLJqeIzUocCeHV5N0Z3jXH6qr\nf444v78x35MMJ+3tg5h95SU1/PDCpdSTct4uHEuKIosiN7p4DlYMoM5iSyvVoujr\nflRQPEpGzS9qEt3rDo/F4ltzYMx6bf1tB/0QaBKD+zwPZWTTwf61tSBo5/NkGvJc\nFQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfZcNEQojtmaogd9vGP/\nMsVPhAOlQ4kxKgrUas+p+XT7lXRan6b3M8UZEleIaL1HWsjSVwtFWRnNl8kg8rF8\nNEkLeOX8kHf7IoXDFOQa2TXanY8tSqrfh9/heFunt4Q3DluVt7S3bBdwukbDXm/n\nXJS2EQP33eJT4reL6FpVR0oVlFCzI3Vmf7ieSHIBXrbXy7AIvGC2+NVXvQle6pqp\nx0rqU6Wc6ef/VtIv+vK3YFnt9ue3tC63mexyeNKgRYf1YjDx61wo2bOY2t8rqN8y\nHeZ3dmAN8/Vwjk5VGnZqK7kRQ92G4IcE+mEp7MuwXcLqQ9WB960o+evay+o1R5JS\nhwIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9GtHHi298BjiIqpZ3WkT\nkYAPfWD60hFe/8icYcq/F/6cHLYKZQ4chek9X/hDCMq4tHEN6Oh58T5x/nuNdPrK\nIAMGyVAGk6ekWlmD4jwdEf6TGb/J3ffJTRDvwX/I8xD/DW3wtXsN+X24T59ByGTm\nrnwRmmmwHF3otRx9wnCsIgDQ0AjiUujsfNNv1FcLXD/WJLys9lEeU5aJ4XtHTwDv\ntJM8YyVEFhEnuvgdKmzn5+F5k9VGdUwForlFOBfvzbCnTZMDMmDVeiUtAUv/7xWQ\nQl2mLUGCtgWuYJYXsQacAJ6pa3h+7cQyshC6w3dwUG+1fS9lNO0Yp1GGX1AGYKpp\nPQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbqWc6OwRxgHfsQuTNL4\naxeVvNen5d9srYpZSHjuBB/k9NHB+9P6vU5qF37XHkw1lVUGeYbPHzhYsx3O0/kZ\nH5f4+4SMy/P9jc6SE7AJF4qtYKgJ88koZdqCww07c6K9g+BnEGFFZui/h3hUBxWj\nTfhBHEWPyQ2bl/lr9sIJwsEz+EN0isGn/eIXkmw9J6LdLJ5Q0LLks33K28FNOU7q\nfeAN4MiBVMUtgCGyT2Voe6WrOXwQLSDXQONOp3sfSfFExsIJ1s24xdd7AMD7/9a7\n4sFDZ4swhqAWgWmW2giR7Kb8wTvGQLO/O/uUbmKz3DZXgkOKXHdHCEB/PZx1mRNM\nEwIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZbclnx/1Oas1+q5vUz\nsvCpTwKBrb3dah2YoZfZg0K15+MZshSyCZxo5T+SGp2OwhV65UptMJZbeyhVtzEp\ncN62G7exf65rNesXOL82PNQC6iInxNvyOgzdTOo7tdQ2ln/3QRpZOtUOB9PEkK17\nNmHfVIWKEc9YajRff5zE1LzSWulTNJ3D4GAIhsli//Rv45MhjyYoQKf1AXtqI72A\n2FE2YWXOjjSHJIPRfcUrmBOmEt/gkWySxGAs8Dg112vOC1ftk0KiQFWKVydMicIj\nyySQH1/neQFSq2HLNajDc9S2l7cjhPEjov7taS9LkXfPtnfN8ajEEP0S2MgZnf4N\ngwIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoAigZUSwsfbBHx2PQ6W\n38Ght6eCvbpW1lsS58hTieRmRn+pgZVjvixhsBh57rUasCjaBywXk9BpNj2Foxck\nReHeoDI0RHsgniClyMrYj80y2NhoB6J8NB+cHkhdzIKplm6AH6M5xaAedtZU639a\n1nHMtpDlJhzgIYsiq1q06Aqd1w0Z9tf1RXQ1WvMDhTY4wlE5RZ2epBb6Usnlbjo2\nSqCIGIjRLmZxdsSWoiUUTlVPdUCzTNsN5G/ZVdRswhgseDmVJCIkK2Aji/XzhIrR\nh4RvUv9dhFemOVsFctJ/dQILXz5MZLUgakKf970M5R/Zggv//pqRSsYcB2UfaBpV\nLQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4hXODzgHsIeWxXJm/F6\nSTFJ8JC89mWru7pOFzPWenOVMHgp4UpUB4rDTwQqojsWTDiq0x3ckUyOPw3Nj0jv\nxP4MMGS4SI0oRSJKzrYYss0hgUDTOBBd+Wxn0UiNEpN/PfQo9VZj9v/jak57cz7z\n5+rpl5v27fhgUIChjsHxdy+EamvCrYc+1JhyrLOlwlt8JxkZ8UPhoeZLWAbDgGLS\nEzHWSSVtBUPK+KYmVb2OK4lB56zPfek0U3gKN+04a1650jzOit8LzE6NaT180QDv\nX+gG6tk53vSXDmkBXsQ1mtB8aF+HaEG2Pra5HyihlweCPYdJT+e28wpq6+P5l3YR\ndQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMHzKE8JBrsQkmRDeMjX\n71mBzvRzNM90cwA8xtvIkXesdTyGqohX9k/PJbCY5ySGK9PpMaYDPVAnwnUP8LFQ\n3G98aSbLxUjqU/PBzRsnWpihehr05uz9zYcNFzr4LTNvGQZsq47nN9Tk+LG3zHP7\nAZViv2mJ4ZRnukXf6KHlyoVvhuTu+tiBM8QzjTF97iP/aguNPzYHmrecy9Uf5bSA\nZrbNZT+ayxtgswC2OclhRucx7XLSuHXtpwFqsQzSAhiX1aQ3wwCyH9WJtVwpfUsE\nlxTjcQiSM9aPZ8iSC0shpBaKD1j3iF/2K2Jk+88++zMhJJPLermvaJxzsdePgvyk\nKQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7MKbO2vvX7TD1cFKjITh\ntvsf6hgAQRcu7F0kiekx15aC3VLnRgsB9A6SXySVrqvhq/vOSTXZsIC62IQi4Oks\nhhtAA/uvwcOmZ7JkMi0vJ3Ary94dTsg/L8i/0/k2V/D4FRKTV4414wSkpglFGLhl\nvbZ6P17LrqfyAzNJwIDzwd9d6cvt4a0qxvuxbTOHkBuY8tpyGdNzhg6fATadxbBa\nRASEVFb+xqxG3K+8zRmaCFyYqmSPS/8liVVbLPAeUlK6pDyQ5g4T37E5o+CpWfPF\nkBgYw/hHQe6zt1Z4wNJ6mb8YIN/l9kFF3EE99laYxp9Ua7ffrZkRgw12C5Yrn3N6\noQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuj7OCWX2qz/WbsjMgpi\nI4CM13Pxrj+8Enrl4IorkK6O338rhdtfXmOJt2AuDuj6u12Xtnk0LN2n01hffXNu\nU0Hwy+szavnbjiqC8jw1nyCFwYgdy8lCj3WV4t/gRWFhiHZGkhBKaksAoo8jJqZv\nXi/4ZuRov01HJgT6CJBEfR5TUaRCHM4hz2Y60mmegmUNLTRUNIDy6rg5W8JplMlJ\ny0dJc6uEp8asKhPnEfMz1kXukjnsBLXZmxglqdAQeaZ1I78QvRV3rYh0Ge2ZPF8t\nv2c+mUMbH7e80lJPgp7rwqjKrjLfaYo/1ZqTqr3ArWw3253ttLp8KX1ltX69nIHq\nMwIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLndVZtKubbJf2izx6vN\ntU0gwZUhcCz4Dq+Ilu9D8tPVEWUqKp9RyPkSO8iIxdLXJ8ZjtG3oBVPFGka/fW1a\n/SSf4Yn6ArkNhP9dmDKzrOYOuoPF+h+Fa9Jecy2PtNzhGdBdynIK4ezJIdq5vPEG\nAsJf/Ad9EIU8D4Aj/nhNUwfUwsFTTE++LL9yCzRiDHg6pjNToM75V/+fFPk0UL1/\neLcaJzqi5WeXhfq7DbjMtqnt/+vUxO2YAk9MDb3U15hnH4xkxtDfRth1UGkpR/PK\naLn/RTS9sqk3oMZVzDSioXO0TGp00sWDmvpBvEBwlYgWnx1o8JQnkClvn2OSo6va\nzQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzFyZh5/J2BsKRunghis\nwUGbv4j/ynAF7QY+CYoOwDBcbLHk6odn1JyUqCgfhCIX0mh8F/fDKyU9Aw6+HHZ/\nX0DTt/enLTaWc2vxRfyJLRXP7/ymHOr4u6HYEINMdVJp4yQ9XLcWpuRHfA+fHrZ7\n9fI8sCMSEawvVpEKytYdVnm3VCjfIVrfCAkY0lP0mNG908edX2ZuJ4GS1UwADUZX\nLZuMhbGX9JqIQYWCyiMDakD7P7PlEDf/JVkvkao4HQatkqJGmGDhvfIPodIo8JC0\n6FsYxWtvrLJBArYjnVBKRuxIlBqq/7Yx0gj09kGf84aSXvkMDgio7AO4xSp9GJTJ\n4wIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6mrJdvfx2pvuYIOCwDe4\nXJ4NJSEq+9oyqW/JWNDnUN/GAZLCfTOa+qu1nA8sOspWWpaikHpo2meYlzA1HCPh\nF4LX7C83dA9CXB8BDCddmkAxhPPXIeFM3AmaEwfv+dLYNuO6bWvOKcHjJdw7Mp4W\nrdg9MsIh28W9jf7KehvPWx3ZvrJm2vyiFGQNBDWGdkVq40P2lhvCISvWb+Ugpjos\nJzq/HZNFq6Fc72jWfwwGcDgwfc1/jmWJlz2J5v8xHwwhVtcWTg1AWqfcVQZ6OKtf\nwP6s/pAK4dAXqPz8OE17GPJ42r94AeWr39Cn5b8EzrVhKOeODlpihfzIaa/sfb44\n6wIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyquIPPckL4Bybw4H0t6\nHexR7u97//eXBGpN+PJcp3PAUTJVWr1m7uDnpD9JAP370Cp05Tz0ydYXk/2NTpFf\nvRu20401VWTWbClIdN7n89edtER/XX90KrcKplV4bZcFN0UC2Il6SGH0uvUYzZRr\nPV2eXftDvu7Mhl1xlmeJ0S6bH95v1G2k6TrTLAOBs6gpqiCWyjrNB9AY3SpEv9Ya\nK8T0M10LAY0UwKccSp/eTZzCfbmzvNIyyRlJbzEAsHmoDPyR2/4LB1ndtbkTszmk\noHvpBJu3noKXo0SW/WqhSvwxBVV0bZUYjgH3Bx8nudNkHgL6ZH6FVQ6ED+70jWiq\ngwIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBsrwKV1RtDfw/5y/L2N\n/x7UL2q6G4JypcD5Q8/aDQOTaGuTR+4RCup+Zcn2wzpdGnX6IzS7cy4/LqMoR2pB\nq8K1FZOXvcCtwsBqsyGWiFdy5aLXy2CkHhTRbkwOLPyb1rBy+qPCBdr055BPZUWm\nTfJaxTmph+Z1J+INz0YndYxz3iKET2V99OP27D7tUdZ7yPgMDbDJWqVxPdYrmAUr\n3QLpmYWsYlmPKhpTAXlvbvzE5vgh5EC8RGfhfYRpacc6QdwbahtxMQAV9+1S2+Vj\nntHfB6PSnYwewUHs9MMn8e33KmNlOZdMAVlyJymBZ4pNceC44vxvZYElp077A6tN\nFwIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIlB6swdT/Z7tRx/Sm24\n/ro3Jotpsi0DiNS6i7BA1fH0OdbX5CRel62jGC1Nja9QCY8aBd00E8u7KPCuK3iY\n5aA7v91sxWZ7nbXdSwBawaNsTZAe4rMaEkA74INpq7TOvLzHcmDcgRbo+MC2Nw3T\nl0mCOaWkUWFaukTLN8zBldzEbYxztKsaL+b2TbevnSCaPkdD9WmDbmjrUiWTlnpE\nDidMjZ9rp+PcODyjlvwka1yJCoPFoN/+ZL4yXxo49tJ2kbrxSh4tdDZqiZwnajRb\n4SAuRCaHTASDSmZ1Dj0ET/miXuvy6Jgvt06eSMPDKvb+84Dk8zLf4CW6DaE2TfX4\nzwIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVzM0fwlimmq11jTGTko\nK87LRYSar61tNF3qVWp9axNSMa6BSxVark9eYOqY4eLh/5vJVDqXDFq30/IUWg40\nH8hHWaOEvQrP2dm/XFw1RmunfbfN9gN07TuhaT3xFD5t+jFBuOSoJ4cPnFIABuVt\nFLrjgtYYjtZe5hGE9ZPmS7o2ATM5EU9mxeQ+TkgDbr8StvSPGdZ1ykhagf1pegGU\nRIfZ+4ZKzyDUAq+fYNhIbmlm5h2gP+XdtakPy43j7n0iN1vwDgBqJ2pdaVs/GcFf\nvaztoltguoknI2NPSez1N217asTTLuth0nHxVXiKCVXnqwDjxgWmuP6X2B7VYjyc\nxQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArraIm6mXi0qgK4oWDs2I\nOIx+g/LPnfRd5aBXhoHcekGiJKttQTi5dRdN4+T6qVEC2h4Cc9qN47h2TZPLDh/M\neIZvu0AyicpectzXf6DtDZh0hFCnv47RDi9927op9tjMXk0SV1tLel7MN0dawATw\ny0vQkkr/5a3ZdiP4dFv+bdfVrj+Tuh85BYPVyX2mxq9F7Efxrt6rzVBiqr6uJLUY\nStpeB3CCalC4zQApKX2xrdtr2k8aJbqC6C//LiKbb7VKn+ZuZJ32L/+9HDEzQoFC\no0ZZPMhfnjcU+iSHYZuPMTJTNbwgRuOgpn9O8kZ239qYc59z7HEXwwWiYPDevbiM\nCQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx88DgM/x1UbKRzgPexXE\nSyfrAsqaDVjqZz7yF3tqAc9A52Ol0KOM6NESoPWBVMbS86WtAjBcMHcOoQBJ+ovp\nXcjNlRtO1Il6/d4uCRr4CEDX+yeS0Qrt0SOORnoTbVlkq9VlVljyCmxk8VBCILzk\ndHvFr62mahMy6vOEcpCQgCwYE3ISH2jlTDz2agoK/CjIyyqFTlB1N7mJVGLrJdcA\nA2JOxDRE8HqOdpY7bHcHj4uyMWaKuM3zxXK04lhrvuPRfJUhXgsK9r5jeTEa8407\nqV9K+mB17R1dBeHmWEPDRt02HELe2SUjYmlmyVX73H2mWKDLBFpAFjOfz86CJ6jf\nDQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7J/jWx6xCoz3ECDA9gr6\nAVVjd3MhE9LmE/bFLdQLariJjyNxJ1qLp/SN1P/H/aBS9YP6HEGkkTekRkWrHkDr\n5pliR9lmdS7c1W2pRKOaBm8r3pl98fBcFtxrkEhlULX5XMUCeGqANjDYeswaKYGb\nYF/OPsL2ZyIzUiejIVoPR9kuCWA8DNa1whgO84r2gMkBSzGu8hAhBoAlXQAoZWWj\nem3sNNwA9X+0WVGuG0X+RxdzNnZ6o28f5UZuDTCuMjJubKM4qg5uuwFtSXHoW8nU\nGl6Y7Owmqsdkh8ZCM8gA4lPu5Kh6XatqQ6Gzq0PXFyCykuXzJRwW4ZVCKC+UyhA0\nQQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjHtl5iChC5+uxr9YrQu\n3x4zihlVZGk+fYlpbHg2hV880NslRb1MJYFTaKcJrYmgVAnMaKZjfA4fGsWQ3tDl\n/2JcA95U0Soj9BMwr1EUfvna587xS5DnYNCd+OkVtNwqujdoU8Use13UcpwnaN4V\n/9bslQdw2qDeVmeqx7bfTvsATIedWt9eseMR/qnsMd9Rkz/Q3xJ9NgIdQL6cC7uf\nN6H/B+Y+qV5Kv84nwrkTGPyzNOt21mfzeYOiAMGUTUoS+l38hA4ehfVxb8dWTmNa\n8QENbx6DKP5xUEyCiluzFp5jiGJu9xSDngndLVsQ7de5+KvxTjfipczmrWSjPuYB\nXQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJquhCuRRN/O3rh2QShw\nYxGkEIoBImpVv8uF+VmdPLGQ3fYCO20OSr3y+yk1zGN1aQTEgD7LeCd+U2vBUPAh\nwr2uNkZotIsemkWZIMAPLb9d/2uv/GxBqku0L8JRAxGleHVO5eKsi6w1XdwO00dw\nwgEJa+mju86Vz6hzRzW+KzkdpkcfowH2+BVUV+zuzaR9/mPUiuQXZwSnR+Li4S6j\nR4x/AkRsN/43gzgiBwZz1UdAy6r6ZbUBPm4lZT/QKbURJ+x15swbFHKvR34GvdbT\n2mI15VFvLxr+h4bH5CCswcV4eThzISHGbiN3LZQVpneoWP8BjerFVqx0NfbKDu9t\nsQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdrYfy0Spmt8VETCdUgW\nHbxV3uYA3kn2swvOdIjIR29gNO+t6wWv6FHnV/pfefIweIPaNlr9VMoUejUKX809\ngzdsiVWh1T6s4Yzbbt+O8mF3my5RXiSvizda8c6U65vofBSL2WVzE1AW9v7lXRHX\nJ4auKrpgKWkNLU52QLIP9/X5YLUHQtpTnplO31eb+jSD185aN1qoIxugunxnWSgm\n2NgUPlVbNCFrhv0PVv4Ts10eX6smRX3LKyNBtRRXM3GIrQHlAYRohIpy3lt8tKm4\nE/v9qpXQHvqEmX9FH1/Sonea849cWX3LuxUYLT2XFpaNwUxJK56Ef0HsgZESaxL+\n3QIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NgmlPomxGRtu5oyro+m\ndQwBXwrhEuE73aLrUsqGOVSezph6LnETiEMFUIe1weoG+xdcykcUUMt7o1+nKs+E\nl8dxMIgbXAxdpI4n8gOpii70Sh30BDbh8+qZHsKBq32UmkCpz2ViVe/Vb3ViqB3e\n0GIkknPle5G4IC612O8EUkCenwcD1jSXYyug5zWI2T/TwnTuw4JdxfhkMgBM7Y2n\nR1YY6GwAMkK97wE/yBM74+Tiv/6lDy/JDbYmUVcQ55C937oodSWLAEM24EcOOtMA\nKfGumnthbdHzmHjONmLIegD3OJGYC2ulcB9qmaL/7cyIRhf6fEQrBolCH5881fxl\nxwIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/UHlgcSeh9Do7CTCKXC\n/4/aO2OvT+ijDVmrMYCNtE4sMeuFqKPnV1zxJZmRm4VNhkSQDkdWYD+6XvuFYW60\nyjB/N6D5lLlyjG4HD6fTkfh0K6f7t5mOYV7o4T59OoA3cBZuSROjtWmJ8jEFJ+k9\nII2kcyhPQcFN01ckzvZKRSPbVRccMoc+AKTjB3ZUfs/ERtlVoDrK4jEHluXOxUJO\nBKCcLonjJuLlpRLh7QfKrKFcR4idn5Ir43R6aSUesI/ipKwKsXnR3Bu7vXp74VF3\nMJ3EkdSBG+qJzy51fbRfQiUPAr/vSoVQZwW7FkIhIqqLkMaYCymn7qKfTGujoNU7\nlwIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZFwP58ym+92YFa0adU3\nVGEJW13NkfaHChx+akB3IioSPKyJ9eOXEI8pOmU3QyqOUKSbqth78DY84hobXlqs\n4O0A7TV029uepcj5zPN047gDsV1TJ6Dakma5eH+Pe5kP/TigCEOF0Cgo+fqtEBEJ\nT/rhSs3zHD1EfBnZdyj/7YyeDv1XLWI8dXoizDUAoBSCDeJ5d7fG56zmFYLV05Ex\nMrjJuHitEmeJXTZABKstRbEd+3Rld+gfJZ/jI4djEW2j1EKAYMT1SxoXdjKlCrpQ\nGux2RSe+Gspt1hyp/flU5gHGO+qLDNSU9tZInClToyFMVBfoW8kWg28Gm2kGkIvr\npQIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDV/RMGMXVDbvoA6PNh8\nQzhtHwYDCFcUSkbrwP6tzh6GpVunGEOdOdhj2V63T2tF1H+lujxQXh5pK7C0D6VZ\niO04ftJlo7/svyxUcwWr+znyN5sFdQRh3cBZiGSBYolizwoqgtPFlbNhmWAzV0Du\n9t8mhz70IK3B+UdwWyHtoK0NNsJGnQ9YzAvcjyDmEO/3sCjAhNnxVpmXftpcSmd9\nMonzFtIDBbRRll4AHZYRbmXCzx63+VmelvdnufnbY82liol0zzBwJaBD1wyNlG0y\ni96p3Kx03bLNlIaYVGbjZeJi+6oo2VDWJ4OloLLAYoHDSipeHT9qWfUdnE6ge4Lm\nywIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJwWaz8TeGv3SFlKzLMx\nqN8GTL/c0N9ppBvv8xNSS/yF9Y40SbL418uxYzm9hIhOXgIygIgLT2EKIXX32t+R\neOJCdYycQFM3At2fhMkjhuUW0gmDRcYBcBJLC5hLh2EZ+A8V7k4qgrBpPLOjEv48\nhQY0vuAw2DGndWr4QLh5NLUmQiOrfuzcZSSNCBOTIgUZgNmRd9QcCHDq4WDH3poa\nosJo4a9JGEGUL1irOivvEdyJPwEd2f++nYAdWwj8pjCYgpRshQlLhxOlylMx7MxB\nQt2bgJC9sahfbfJCOqdlCU3DMJL0bRUiuxK77WeSsxWBJmrsiF3+Ljs2Ix+s7fnS\nywIDAQAB\n-----END PUBLIC KEY-----\n"
"public_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LprIvOWrnsywbvFGXtK\nsbd6xmILw/W/dSogLi0DQBXxPsOipH8pL4K6IeZmMeU3TXaW7faf/54KrMnh+4s1\nLEXpWSATvCaw1LzihzoXELpVLNvBLHZjAAO2TJ5ay1knTlA92hqN8qZOKzRtfHBX\n49dIgJgY95UIIJqSk4425llgQY/tntEWPjSduPIyST/PKkuW+RbUj4XyKm/qrASV\nXrbDK0dZAD0kJrOEjKspUyBQjyutFy+hkv0ldiGogcpCNPDaDsJqnw+Gp0gv6w7V\n92omCx8oJuXoqL1SIB6ayHV3q1pEWC9VbDRdcSYBjbRPFITEj6Er0m6OhJjlOyyR\nfwIDAQAB\n-----END PUBLIC KEY-----\n"
This file is used to list changes made in each version of the apache2 cookbook.
v3.3.0 (2017-04-11)
-------------------
- [GH-478] Added support for the amazon platform_family, outside of rhel
- [GH-474] Update Berksfile to allow fetching of newer
- [GH-473] Update copyright header format
- [GH-472] foodcritic: add sous-chefs rules
- add CODE_OF_CONDUCT
- [GH-471] FCGI paths should not be messed with on RHEL/CenOS 7. CentOS 7 (and recent Fedoras) have Apache 2.4, where FCGI socket path and shared memory path is managed adequately without further involvment neccessary (subdirectory is created under /var/run/httpd).
- [GH-470] Remove support for EOL Fedora < 18 / FreeBSD 9
- [GH-465] Testing updates
- [GH-469] Use the default cookbook style rules
- [GH-460] Serverspec to InSpec migration
- [GH-461] Update comment header format & other cookstyle fixes
- [GH-454] Test in Travis with Chef-DK and a Rakefile
- [GH-455] openSUSE Leap has it's own platform name
- [GH-279] leave stubs for rhel family `conf.d` files to avoid conflicts on package upgrade; no longer remove `conf.d`, just don't use it
- [GH-427] Add option to configure custom log level
- [GH-450] Ensure the lock_dir is owned by www-data for Apache 2.2 and 2.4 on Debian/Ubuntu
- Remove mod_auth_openid tests, as it is not part of the ASF release and plan to drop support for it and right now it is failing our tests
- [GH-440] Update default values in `apache.prefork` section of README
- [GH-422] Fix uniq for nil:NilClass error introduced in 3.2.2
- [GH-423] allow for apache 2.4 usage on rhel < 7.0
- Cookbook is now part of the sous-chefs, but still maintained by the same folks
- mod_perl: No longer install libapache2-mpm-prefork
- mod_php: renamed mod_php5 to more generic mod_php; using php 7.0 where available
v3.2.2 (2016-04-13)
-------------------
- [GH-420] Allow auto-conversion if either of `apache.listen_ports` or `apache.listen_addresses` are set rather than '&&'. This ensures conversion occurs if only one of the two is set.
v3.2.1 (2016-04-11)
-------------------
- [GH-225] notify `restart` instead of `reload` service on `apache_conf`, `apache_config`
- Update to foodcritic 6
v3.2.0 (2016-03-26)
-------------------
- [GH-378] Deprecates `apache.listen_addresses` and `apache.listen_ports` infavor of [GH-409]
- [GH-409] `apache.listen` now accepts an array of `addr:port` strings
- [GH-358] FreeBSD: Update 10.1 support; Adds php 5.6 in collaboration with chef-cookbooks/php#119
- [GH-394] Have `apache.prefork.serverlimit` set ServerLimit directive on 2.4
- [GH-363] Escape '.' in regex for .htaccess/.htpasswd files
- [GH-365] Force log directory creation to be recursive
- [GH-368] Change the service creation to use the `apache.service_name` attribute throughout
- [GH-374] Make metadata.rb compatible with chef versions < 12.
- [GH-382] Fixed typo in node['platform_family'] for NameError in `mod_proxy_html`
- [GH-369] README: Added on Ubuntu `mod_fastcgi` requires `multiverse` apt repository to enabled.
- [GH-381] README: Add missing backtick
- [GH-384] README: Fix names for a2enconf and a2disconf
- [GH-393] README: mention availability of `mod_actions` support
- [GH-383] Debian: Add possibility to use other releases via `apache.default_release`
- [GH-377] Restart service when including `mod_headers` to allow healing of failed service because of missing directives.
- [GH-416] Change the default of `apache.mod_fastcgi.install_method` to 'package' all platforms, as `source` is no longer available.
- [GH-401] Move `mod_deflate` to `apache.default_modules` and no longer force installation on `debian` families.
- [GH-386] Do not install an extra mod_ssl package on SUSE Linux Enterprise
- [GH-335] Do not hardcoded reload/restart on more modern rhel platforms, allowing systemd on CentOS 7
- [GH-375] Install package `mod_ldap` on CentOS 7 (triggered by `apache.version` == 2.4)
- Update `apache.mod_ssl.cipher_suite` to latest from https://bettercrypto.org/
- README: Re-organize README to make it easier to find usage and remove old references.
- Added new standard and missing modules (Note: these may not be available natively on all operating systems)
* [mod_http2](http://httpd.apache.org/docs/2.4/mod/mod_http2.html) - Support for the HTTP/2 transport layer. (available since 2.4.17)
* [mod_authnz_fcgi](http://httpd.apache.org/docs/2.4/mod/mod_authnz_fcgi.html) - Enable FastCGI authorizer applications to authenticate and/or authorize clients. (available since 2.4.10)
* [mod_privileges](http://httpd.apache.org/docs/2.4/mod/mod_privileges.html) - Support for Solaris privileges and for running virtual hosts under different user IDs.
* [mod_socache_dc](http://httpd.apache.org/docs/2.4/mod/mod_socache_dc.html) - Distcache based shared object cache provider.
* [mod_version](http://httpd.apache.org/docs/2.4/mod/mod_version.html) - Version dependent configuration
* [mod_watchdog](http://httpd.apache.org/docs/2.4/mod/mod_watchdog.html) - Provides infrastructure for other modules to periodically run tasks
v3.1.0 (2015-05-25)
-------------------
- [GH-315] Fix `apache.default_site_name` .conf extension references to ensure deletion
- [GH-258] Use `apache.default_site_name` for consistency, minimize hardcoding of filenames
- [GH-259] Add `&& sleep 1` to end of apache restart command on rhel-based systems using apache2.2
- [GH-271] Remove FreeBSD 9.x, Red Hat and CentOS 5.x and OpenSUSE 11.x Series from tests and focus on newer releases
- [GH-276] Add psych gem to development gems
- [GH-293] Add `apache.mod_fastcgi.install_method` flag to allow install of mod_fastcgi from source (even on Debian family)
- [GH-285] Made `apache.devel_package` configurable based on platform, including support for Amazon Linux.
- [GH-316] Update Opscode references to Chef
- [GH-318] Apply default recipe in all definitions
- [GH-320] Add attribute to adjust `apache.default_site_port`
- [GH-321] Fix issue with default_site name in not_if guards
- [GH-322] Add `apache.mod_ssl.pkg_name` to allow custom mod_ssl package names. Set defaults for supported platforms including Amazon Linux
- [GH-323] Don't create the default site configuration file in `sites-available` unless it is enabled.
- [GH-324] Add `apache.mod_ssl.port` to set the default ssl port to something other than 443
- [GH-328] Add the ability to pass in a pipe as to log
- [GH-332] `SSLStrictSNIVHostCheck` is only written to config if enabled to avoid breaking apache prior to 2.2.12.
- [GH-334] Removed `iptables`, `god-monitor`, and `logrotate` recipes to avoid having external dependencies. These services should be managed in a wrapper cookbook going forward.
- [GH-339] Allow custom names for php so_filename (`node['apache']['mod_php5']['so_filename']`)
v3.0.1 (2015-02-11)
-------------------
- [GH-310] Ubuntu Apache 2.2 requires the lock_dir to be owned by www-data
- [GH-309] Clarify that apache.version is a string
- [GH-305] Restart service after MPM changes
- [GH-304] Don't install systemd module on Amazon Linux
- [GH-298] Add non-threaded MPM break notice for PHP users
- [GH-296] Create lock_dir automatically
v3.0.0 (2014-11-30)
-------------------
Major version update because of SSL Improvements and new platform MPM and Version defaults.
- [GH-286] Refactor MPM and Apache version defaults: default is now apache 2.4
- Note: set `apache.mpm` to `prefork` if you are using `mod_php` in Ubuntu >=14.04
- [GH-281] mod_ssl: Disable SSLv3 by default to protect against POODLE attack (CVE-2014-3566)
- [GH-280] mod_ssl: Major update with modern Cipher Suite, and best practices.
Updated to a more modern default `apache.mod_ssl.cipher_suite`.
- FreeBSD support has been improved with the release of chef 11.14.2, portsnap is no longer used in favor of pkgng.
- [GH-157] - Apache will only be started when a configuration test passes, this allows the chef run to fix any broken configuration without failing the chef run.
-`apache.log_dir` directory is now 0755 on all platforms (including the debian platform family)
- [GH-166, GH-173] - `conf.d` is no longer used and replaced by `conf-available` and `conf-enabled` managed via the `a2enconf` and `a2disconf` scripts
- [GH-166, GH-173] - All configuration files need to end in `.conf` for them to be loaded
- [GH-173] - Perl is a required package on all platforms to support the a2* scripts as we now use the debian versions directly.
- [GH-193] - per MPM settings: `maxclients` is now `maxrequestworkers`
- [GH-194] - per MPM settings: `maxrequestsperchild` is now `maxconnectionsperchild`
- [GH-161] - Added support for CentOS 7
- [GH-180] - Improved SuSE support
- [GH-100] - Apache HTTP 2.4 support
This provides Apache 2.4 support in a backwards compatible way.
It adds the following new attributes:
-`apache.version` - This defaults to `2.2` and if changed to `2.4`; it triggers and assumes 2.4 packages will be installed.
-`apache.mpm` - In 2.4 mode, this specifies which mpm to install. Default is `prefork`.
Since the changes between apache 2.2 and apache 2.4 are pretty significant, we are unable to account for all changes needed for your upgrade. Please take a moment to familiarize yourself with the Apache Software Foundation provided upgrade documentation before attempting to use this cookbook with apache 2.4. See http://httpd.apache.org/docs/current/upgrading.html
- This cookbook does not automatically specify which version of apache to install. We are at the mercy of the `package` provider. It is important, however, to make sure that you configure the `apache.version` attribute to match. For your convenience, we try to set reasonable defaults based on different platforms in our test suite.
-`mod_proxy` - In 2.4 mode, `apache.proxy.order`, `apache.proxy.deny_from`, `apache.proxy.allow_from` are ignored, as the attributes can not be supported in a backwards compatible way. Please use `apache.proxy.require` instead.
v1.11.0 (2014-07-25)
--------------------
- [GH-152] - Checking if server_aliases is defined in example
- [GH-106] - Only turn rewrite on once in web_app.conf.erb
- [GH-156] - Correct mod_basic/digest recipe names in README
- Recipe iptables now includes the iptables::default recipe
- Upgrade test-kitchen to latest version
- Replaced minitest integration tests with serverspec tests
As of 2014-04-04 and per [Community Cookbook Diversification](https://wiki.chef.io/display/chef/Community+Cookbook+Diversification) this cookbook now maintained by OneHealth Solutions. Please be patient as we get into the swing of things.
v1.10.0 (2014-03-28)
--------------------
- [COOK-3990] - Fix minitest failures on EL5
- [COOK-4416] - Support the ability to point to local apache configs
- [COOK-4469] - Use reload instead of restart on RHEL
v1.9.6 (2014-02-28)
-------------------
[COOK-4391] - uncommenting the PIDFILE line
v1.9.4 (2014-02-27)
-------------------
Bumping version for toolchain
v1.9.1 (2014-02-27)
-------------------
[COOK-4348] Allow arbitrary params in sysconfig
v1.9.0 (2014-02-21)
-------------------
### Improvement
- **[COOK-4076](https://tickets.chef.io/browse/COOK-4076)** - foodcritic: dependencies are not defined properly
- **[COOK-2572](https://tickets.chef.io/browse/COOK-2572)** - Add mod_pagespeed recipe to apache2
### Bug
- **[COOK-4043](https://tickets.chef.io/browse/COOK-4043)** - apache2 cookbook does not depend on 'iptables'
- **[COOK-3919](https://tickets.chef.io/browse/COOK-3919)** - Move the default pidfile for apache2 on Ubuntu 13.10 or greater
- **[COOK-3863](https://tickets.chef.io/browse/COOK-3863)** - Add recipe for mod_jk
- **[COOK-3804](https://tickets.chef.io/browse/COOK-3804)** - Fix incorrect datatype for apache/default_modules, use recipes option in metadata
- **[COOK-3800](https://tickets.chef.io/browse/COOK-3800)** - Cannot load modules that use non-standard module identifiers
- **[COOK-1689](https://tickets.chef.io/browse/COOK-1689)** - The perl package name should be configurable
v1.8.14
-------
Version bump for toolchain sanity
v1.8.12
-------
Fixing various style issues for travis
v1.8.10
-------
fixing metadata version error. locking to 3.0"
v1.8.8
------
Version bump for toolchain sanity
v1.8.6
------
Locking yum dependency to '< 3'
v1.8.4
------
### Bug
- **[COOK-3769](https://tickets.chef.io/browse/COOK-3769)** - Fix a critical bug where the `apache_module` could not enable modules
v1.8.2
------
### Bug
- **[COOK-3766](https://tickets.chef.io/browse/COOK-3766)** - Fix an issue where the `mod_ssl` recipe fails due to a missing attribute
The `mod_auth_openid` attributes are changed. The upstream maintainer deprecated the older release versions, and the source repository has releases available at specific SHA1SUM references. The new attribute, `node['apache']['mod_auth_openid']['ref']` is used to set this.
- [COOK-2198] - `apache::mod_auth_openid` compiles from source, but does not install make on debian/ubuntu
- [COOK-2224] - version conflict between cucumber and other gems
- [COOK-2248] - `apache2::mod_php5` uses `not_if` "which php" without ensuring package 'which' is installed
- [COOK-2269] - Set allow list for mod_status incase external monitor scripts need
- Some platforms with minimal installations that don't have perl won't have a `node['languages']['perl']` attribute, so remove the conditional and rely on the power of idempotence in the package resource.
- [COOK-1214] - address foodcritic warnings
- [COOK-1180] - add `mod_logio` and fix `mod_proxy`
v1.1.6
------
FreeBSD users: This release requires the `freebsd` cookbook. See README.md.
- [COOK-1025] - freebsd support in mod_php5 recipe
v1.1.4
------
- [COOK-1100] - support amazon linux
v1.1.2
------
- [COOK-996] - apache2::mod_php5 can cause PHP and module API mismatches
- [COOK-1083] - return string for v_f_p and use correct value for default
v1.1.0
------
- [COOK-861] - Add `mod_perl` and apreq2
- [COOK-941] - fix `mod_auth_openid` on FreeBSD
- [COOK-1021] - add a commented-out LoadModule directive to keep apxs happy
- [COOK-1022] - consistency for icondir attribute
- [COOK-1023] - fix platform test for attributes
- [COOK-1024] - fix a2enmod script so it runs cleanly on !bash
- [COOK-1026] - fix `error_log` location on FreeBSD
v1.0.8
------
- COOK-548 - directory resource doesn't have backup parameter
v1.0.6
------
- COOK-915 - update to `mod_auth_openid` version 0.6, see __Recipes/mod_auth_openid__ below.
- COOK-548 - Add support for FreeBSD.
v1.0.4
------
- COOK-859 - don't hardcode module paths
v1.0.2
------
- Tickets resolved in this release: COOK-788, COOK-782, COOK-780
v1.0.0
------
- Red Hat family support is greatly improved, all recipes except `god_monitor` converge.
- Recipe `mod_auth_openid` now works on RHEL family distros
- Recipe `mod_php5` will now remove config from package on RHEL family so it doesn't conflict with the cookbook's.
- Added `php5.conf.erb` template for `mod_php5` recipe.
- Create the run state directory for `mod_fcgid` to prevent a startup error on RHEL version 6.
- New attribute `node['apache']['lib_dir']` to handle lib vs lib64 on RHEL family distributions.
- New attribute `node['apache']['group']`.
- Scientific Linux support added.
- Use a file resource instead of the generate-module-list executed perl script on RHEL family.
- "default" site can now be disabled.
- web_app now has an "enable" parameter.
- Support for dav_fs apache module.
- Tickets resolved in this release: COOK-754, COOK-753, COOK-665, COOK-624, COOK-579, COOK-519, COOK-518
- Fix node references in template for a2dissite
- Use proper user and group attributes on files and templates.
- Replace the anemic README.rdoc with this new and improved superpowered README.md :).
On RHEL, SELinux is enabled by default. The [selinux](https://supermarket.chef.io/cookbooks/selinux) cookbook
contains a `permissive` recipe that can be used to set SELinux to
"Permissive" state. Otherwise, additional recipes need to be created
by the user to address SELinux permissions.
To deal with firewalls Chef Software does provide an [iptables](https://supermarket.chef.io/cookbooks/iptables) and [ufw](https://supermarket.chef.io/cookbooks/ufw) cookbook but is migrating from the approach used there to a more robust solution
utilizing the general [firewall](https://supermarket.chef.io/cookbooks/firewall) cookbook to setup rules.
See those cookbooks' READMEs for documentation.
Build/compile tools may not be installed on the system by default.
Some recipes (e.g., `apache2::mod_auth_openid`) build the module from
source. Use the [build-essential](https://supermarket.chef.io/cookbooks/build-essential) cookbook to get essential
build packages installed.
On ArchLinux, if you are using the `apache2::mod_auth_openid` recipe,
you also need the [pacman](https://supermarket.chef.io/cookbooks/pacman) cookbook for the `pacman_aur` LWRP. Put
`recipe[pacman]` on the node's expanded run list (on the node or in a
role). This is not an explicit dependency because it is only required
for this single recipe and platform; the pacman default recipe
performs `pacman -Sy` to keep pacman's package cache updated.
## Platforms:
The following platforms and versions are tested and supported using
[test-kitchen](http://kitchen.ci/)
* Ubuntu 14.04
* Ubuntu 16.04
* Debian 8.6
* CentOS 7.3
* Fedora 25
The following platform families are supported in the code, and are
assumed to work based on the successful testing on Ubuntu and CentOS.
* Red Hat (rhel)
The following platforms are also supported in the code, have been
tested manually but are not regularly tested under test-kitchen.
* Amazon Linux
* SUSE/OpenSUSE
* ArchLinux
* FreeBSD
### Notes for RHEL Family:
On Red Hat Enterprise Linux and derivatives, the EPEL repository may
be necessary to install packages used in certain recipes. The
`apache2::default` recipe, however, does not require any additional
repositories. The [yum-epel](https://supermarket.chef.io/cookbooks/yum-epel) cookbook can be used to add the
EPEL repository. See __Examples__ for more information.
Usage
=====
Using this cookbook is relatively straightforward. It is recommended to create
a project or organization specific [wrapper cookbook](https://www.chef.io/blog/2013/12/03/doing-wrapper-cookbooks-right/)
and add the desired recipes to the run list of a node, or create a role. Depending on your
environment, you may have multiple roles that use different recipes
from this cookbook. Adjust any attributes as desired. For example, to
create a basic role for web servers that provide both HTTP and HTTPS:
```ruby
% cat roles/webserver.rb
name"webserver"
description"Systems that serve HTTP and HTTPS"
run_list(
"recipe[apache2]",
"recipe[apache2::mod_ssl]"
)
default_attributes(
"apache"=>{
"listen"=>["*:80","*:443"]
}
)
```
For examples of using the definitions in your own recipes, see their
respective sections below.
Attributes
==========
This cookbook uses many attributes, broken up into a few different
kinds.
Platform specific
-----------------
In order to support the broadest number of platforms, several
attributes are determined based on the node's platform. See the
attributes/default.rb file for default values in the case statement at
the top of the file.
*`node['apache']['package']` - Package name for Apache2
*`node['apache']['perl_pkg']` - Package name for Perl
*`node['apache']['dir']` - Location for the Apache configuration
*`node['apache']['log_dir']` - Location for Apache logs
*`node['apache']['error_log']` - Location for the default error log
*`node['apache']['access_log']` - Location for the default access log
*`node['apache']['user']` - User Apache runs as
*`node['apache']['group']` - Group Apache runs as
*`node['apache']['binary']` - Apache httpd server daemon
*`node['apache']['conf_dir']` - Location for the main config file (e.g apache2.conf or httpd.conf)
*`node['apache']['docroot_dir']` - Location for docroot
*`node['apache']['cgibin_dir']` - Location for cgi-bin
*`node['apache']['icondir']` - Location for icons
*`node['apache']['cache_dir']` - Location for cached files used by Apache itself or recipes
*`node['apache']['pid_file']` - Location of the PID file for Apache httpd
*`node['apache']['lib_dir']` - Location for shared libraries
*`node['apache']['default_site_enabled']` - Default site enabled. Default is false.
*`node['apache']['ext_status']` - if true, enables ExtendedStatus for `mod_status`
*`node['apache']['locale']` - Locale to set in sysconfig or envvars and used for subprocesses and modules (like mod_dav and mod_wsgi). On debian systems Uses system-local if set to 'system', defaults to 'C'.
General settings
----------------
These are general settings used in recipes and templates. Default
values are noted.
*`node['apache']['version']` - Specifing 2.4 triggers apache 2.4 support. If the platform is known during our test to install 2.4 by default, it will be set to 2.4 for you. Otherwise it falls back to 2.2. This value should be specified as a string.
*`node['apache']['listen']` - Array of address:port combinations that httpd should listen on. Default is any address and port 80 (`["*:80"]`).
*`node['apache']['contact']` - Value for ServerAdmin directive. Default "ops@example.com".
*`node['apache']['timeout']` - Value for the Timeout directive. Default is 300.
*`node['apache']['keepalive']` - Value for the KeepAlive directive. Default is On.
*`node['apache']['keepaliverequests']` - Value for MaxKeepAliveRequests. Default is 100.
*`node['apache']['keepalivetimeout']` - Value for the KeepAliveTimeout directive. Default is 5.
*`node['apache']['sysconfig_additional_params']` - Additionals variables set in sysconfig file. Default is empty.
*`node['apache']['log_level']` - Value for LogLevel directive. Default is 'warn'.
*`node['apache']['default_modules']` - Array of module names. Can take "mod_FOO" or "FOO" as names, where FOO is the apache module, e.g. "`mod_status`" or "`status`".
*`node['apache']['mpm']` - With apache.version 2.4, specifies what Multi-Processing Module to enable. Defaults to platform default, otherwise it is "prefork"
The modules listed in `default_modules` will be included as recipes in `recipe[apache::default]`.
Prefork attributes
------------------
Prefork attributes are used for tuning the Apache HTTPD [prefork MPM](http://httpd.apache.org/docs/current/mod/prefork.html) configuration.
*`node['apache']['prefork']['startservers']` - initial number of server processes to start. Default is 16.
*`node['apache']['prefork']['minspareservers']` - minimum number of spare server processes. Default 16.
*`node['apache']['prefork']['maxspareservers']` - maximum number of spare server processes. Default 32.
*`node['apache']['prefork']['serverlimit']` - upper limit on configurable server processes. Default 256.
*`node['apache']['prefork']['maxrequestworkers']` - Maximum number of connections that will be processed simultaneously. Default 256.
*`node['apache']['prefork']['maxconnectionsperchild']` - Maximum number of request a child process will handle. Default 10000.
Worker attributes
-----------------
Worker attributes are used for tuning the Apache HTTPD [worker MPM](http://httpd.apache.org/docs/current/mod/worker.html)
configuration.
*`node['apache']['worker']['startservers']` - Initial number of server processes to start. Default 4
*`node['apache']['worker']['serverlimit']` - Upper limit on configurable server processes. Default 16.
*`node['apache']['worker']['minsparethreads']` - Minimum number of spare worker threads. Default 64
*`node['apache']['worker']['maxsparethreads']` - Maximum number of spare worker threads. Default 192.
*`node['apache']['worker']['maxrequestworkers']` - Maximum number of simultaneous connections. Default 1024.
*`node['apache']['worker']['maxconnectionsperchild']` - Limit on the number of connections that an individual child server will handle during its life.
Event attributes
----------------
Event attributes are used for tuning the Apache HTTPD [event MPM](http://httpd.apache.org/docs/current/mod/event.html)
configuration.
*`node['apache']['event']['startservers']` - Initial number of child server processes created at startup. Default 4.
*`node['apache']['event']['serverlimit']` - Upper limit on configurable number of processes. Default 16.
*`node['apache']['event']['minsparethreads']` - Minimum number of spare worker threads. Default 64
*`node['apache']['event']['maxsparethreads']` - Maximum number of spare worker threads. Default 192.
*`node['apache']['event']['threadlimit']` - Upper limit on the configurable number of threads per child process. Default 192.
*`node['apache']['event']['threadsperchild']` - Number of threads created by each child process. Default 64.
*`node['apache']['event']['maxrequestworkers']` - Maximum number of connections that will be processed simultaneously.
*`node['apache']['event']['maxconnectionsperchild']` - Limit on the number of connections that an individual child server will handle during its life.
Other/Unsupported MPM
---------------------
To use the cookbook with an unsupported mpm (other than prefork, event or worker):
* set `node['apache']['mpm']` to the name of the module (e.g. `itk`)
* in your cookbook, after `include_recipe 'apache2'` use the `apache_module` definition to enable/disable the required module(s)
Module specific attributes
--------------------------
Some module recipes have their own attributes that can be used to alter and modify the behavior of this cookbook. Please see the sections for the indivual modules below for more information on those attributes.
Recipes
=======
Most of the recipes in the cookbook are for enabling Apache modules.
Where additional configuration or behavior is used, it is documented
below in more detail.
The following recipes merely enable the specified module: `mod_actions`, `mod_alias`,
Change the DBLocation with the attribute as required; this file is in
a different location than previous versions, see below. It should be a
sane default for most platforms, though, see
`attributes/mod_auth_openid.rb`.
The following attributes are in the `attributes/mod_auth_openid.rb` file.
*`node['apache']['mod_auth_openid']['checksum']` - sha256sum of the tarball containing the source.
*`node['apache']['mod_auth_openid']['ref']` - Any sha, tag, or branch found from https://github.com/bmuller/mod_auth_openid
*`node['apache']['mod_auth_openid']['version']` - directory name version within the tarball
*`node['apache']['mod_auth_openid']['cache_dir']` - the cache directory is where the sqlite3 database is stored. It is separate so it can be managed as a directory resource.
*`node['apache']['mod_auth_openid']['dblocation']` - filename of the sqlite3 database used for directive `AuthOpenIDDBLocation`, stored in the `cache_dir` by default.
*`node['apache']['mod_auth_openid']['configure_flags']` - optional array of configure flags passed to the `./configure` step in the compilation of the module.
mod\_fastcgi
------------
Install the fastcgi package and enable the module.
Note: In Ubuntu 14.04, the `libapache2-mod-fastcgi` module is not available by default due to the [Multiverse](https://help.ubuntu.com/community/Repositories/Ubuntu) repositories.
You need to enable the multiverse repositories either from `/etc/apt/sources.list` or use the [apt](https://supermarket.chef.io/cookbooks/apt) cookbook.
mod\_fcgid
----------
Installs the fcgi package and enables the module. Requires EPEL on
RHEL family.
mod\_php5
--------
Simply installs the appropriate package on Debian, Ubuntu and
ArchLinux.
On Red Hat family distributions including Fedora, the php.conf that
comes with the package is removed. On RHEL platforms less than v6, the
`php53` package is used.
*`node['apache']['mod_php5']['install_method']` - default `package` can be overridden to avoid package installs.
mod\_ssl
--------
Besides installing and enabling `mod_ssl`, this recipe will append
port 443 to the `node['apache']['listen']` attributes for all addresses and
update the ports.conf.
*`node['apache']['mod_ssl']['cipher_suite']` - sets the SSLCiphersuite value to the specified string. The default is
considered "sane" but you may need to change it for your local security policy, e.g. if you have PCI-DSS requirements. Additional
Writes conf files to the `conf-available` folder, and passes enabled values to `apache_config`.
This definition should generally be called over `apache_config`.
### Parameters:
*`name` - Name of the config placed and enabled or disabled with the `a2enconf` or `a2disconf` scripts.
*`enable` - Default true, which uses `a2enconf` to enable the config. If false, the config will be disabled with `a2disconf`.
*`conf_path` - path to put the config in if you need to override the default `conf-available`.
*`source` - The source configuration template name. The default value is `params[:name].conf.erb`
*`cookbook` - The cookbook in which the configuration template is located. The default value is the current cookbook.
### Examples:
Place and enable the example conf:
```ruby
apache_conf'example'do
enabletrue
end
```
Place and disable (or never enable to begin with) the example conf:
```ruby
apache_conf'example'do
enablefalse
end
```
Place the example conf, which has a different path than the default (conf-*):
```ruby
apache_conf'example'do
conf_path'/random/example/path'
enablefalse
end
```
apache\_config (internal)
--------------------------
Sets up configuration file for Apache from a template. The
template should be in the same cookbook where the definition is used. This is used by the `apache_conf` definition and should not be used directly.
It will use `a2enconf` and `a2disconf` to control the symlinking of configuration files between `conf-available` and `conf-enabled`.
Enable or disable an Apache config file in
`#{node['apache']['dir']}/conf-available` by calling `a2enconf` or
`a2disconf` to manage the symbolic link in
`#{node['apache']['dir']}/conf-enabled`. These config files should be created in your cookbook, and placed on the system using `apache_conf`
### Parameters:
*`name` - Name of the config enabled or disabled with the `a2enconf` or `a2disconf` scripts.
*`source` - The location of a template file. The default `name.erb`.
*`cookbook` - The cookbook in which the configuration template is located (if it is not located in the current cookbook). The default value is the current cookbook.
*`enable` - Default true, which uses `a2enconf` to enable the config. If false, the config will be disabled with `a2disconf`.
### Examples:
Enable the example config.
```ruby
apache_config'example'do
enabletrue
end
```
Disable a module:
```ruby
apache_config'disabled_example'do
enablefalse
end
```
See the recipes directory for many more examples of `apache_config`.
apache\_module
--------------
Enable or disable an Apache module in
`#{node['apache']['dir']}/mods-available` by calling `a2enmod` or
`a2dismod` to manage the symbolic link in
`#{node['apache']['dir']}/mods-enabled`. If the module has a
configuration file, a template should be created in the cookbook where
the definition is used. See __Examples__.
### Parameters:
*`name` - Name of the module enabled or disabled with the `a2enmod` or `a2dismod` scripts.
*`identifier` - String to identify the module for the `LoadModule` directive. Not typically needed, defaults to `#{name}_module`
*`enable` - Default true, which uses `a2enmod` to enable the module. If false, the module will be disabled with `a2dismod`.
*`conf` - Default false. Set to true if the module has a config file, which will use `apache_mod` for the file.
*`filename` - specify the full name of the file, e.g.
### Examples:
Enable the ssl module, which also has a configuration template in `templates/default/mods/ssl.conf.erb`.
```ruby
apache_module"ssl"do
conftrue
end
```
Enable the php5 module, which has a different filename than the module default:
```ruby
apache_module"php5"do
filename"libphp5.so"
end
```
Disable a module:
```ruby
apache_module"disabled_module"do
enablefalse
end
```
See the recipes directory for many more examples of `apache_module`.
apache\_mod (internal)
----------------------
Sets up configuration file for an Apache module from a template. The
template should be in the same cookbook where the definition is used.
This is used by the `apache_module` definition and is not often used
directly.
This will use a template resource to write the module's configuration
file in the `mods-available` under the Apache configuration directory
(`node['apache']['dir']`). This is a platform-dependent location. See
__apache\_module__.
### Parameters:
*`name` - Name of the template. When used from the `apache_module`,
*`enable` - Default true. Passed to the `apache_site` definition.
Additional parameters can be defined when the definition is called in
a recipe, see __Examples__.
### Examples:
The recommended way to use the `web_app` definition is in a application specific cookbook named "my_app".
The following example would look for a template named 'web_app.conf.erb' in your cookbook containing
the apache httpd directives defining the `VirtualHost` that would serve up "my_app".
```ruby
web_app"my_app"do
template'web_app.conf.erb'
server_namenode['my_app']['hostname']
end
```
All parameters are passed into the template. You can use whatever you
like. The apache2 cookbook comes with a `web_app.conf.erb` template as
an example. The following parameters are used in the template:
*`server_name` - ServerName directive.
*`server_aliases` - ServerAlias directive. Must be an array of aliases.
*`docroot` - DocumentRoot directive.
*`application_name` - Used in RewriteLog directive. Will be set to the `name` parameter.
*`directory_index` - Allow overriding the default DirectoryIndex setting, optional
*`directory_options` - Override Options on the docroot, for example to add parameters like Includes or Indexes, optional.
*`allow_override` - Modify the AllowOverride directive on the docroot to support apps that need .htaccess to modify configuration or require authentication.
Chef::Log.warn"node['apache']['listen_ports'] and node['apache']['listen_addresses'] are deprecated in favor of node['apache']['listen']. Please adjust your cookbooks"
# Defaults to * for addresses or 80 / 443 for ports if not specified
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apache_module'cache_socache'
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.