Set vcard with avatar for kosmos.org itself

Reviewed-on: #568

.chef/config.rb

@@ -1,19 +1,32 @@
 current_dir = File.dirname(__FILE__)
 
-cookbook_path             ["#{current_dir}/../site-cookbooks"]
+cookbook_path             ["#{current_dir}/../site-cookbooks", "#{current_dir}/../cookbooks"]
 node_path                 "nodes"
 role_path                 "roles"
 environment_path          "environments"
 data_bag_path             "data_bags"
 encrypted_data_bag_secret "#{current_dir}/encrypted_data_bag_secret"
 local_mode                true # Chef local mode, replacing Solo
-chef_zero.enabled true
 
-cookbook_copyright     'Kosmos'
-cookbook_license       'none'
-cookbook_email         'mail@kosmos.org'
+# Knife-Zero config, see https://knife-zero.github.io/40_configuration/
+# Prevent attributes from being saved to the node files
+knife[:automatic_attribute_whitelist] = %w[
+  fqdn
+  os
+  os_version
+  hostname
+  ipaddress
+  roles
+  recipes
+  ipaddress
+  platform
+  platform_version
+  cloud
+  cloud_v2
+  chef_packages
+]
 
-# Enable knife-solo's Berkshelf integration
-knife[:berkshelf] = true
-# Set Chef version installed by `knife solo prepare`
-knife[:bootstrap_version] = "14.11.21"
+# Added to /etc/chef/client.rb on node bootstrap
+# https://docs.chef.io/attribute_persistence/
+knife[:normal_attribute_allowlist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
+knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']

.gitignore

@@ -1,4 +1,6 @@
 /.chef/encrypted_data_bag_secret
+.chef/chef_guid
 /.bundle/
 /.vagrant/
+/.kitchen
 /nodes/vagrant-node.json

.gitmodules

@@ -0,0 +1,12 @@
+[submodule "site-cookbooks/postgresql"]
+	path = site-cookbooks/postgresql
+	url = git@github.com:67P/postgresql.git
+[submodule "site-cookbooks/openresty"]
+	path = site-cookbooks/openresty
+	url = https://github.com/67P/chef-openresty.git
+[submodule "site-cookbooks/strfry"]
+	path = site-cookbooks/strfry
+	url = git@gitea.kosmos.org:kosmos/strfry-cookbook.git
+[submodule "site-cookbooks/deno"]
+	path = site-cookbooks/deno
+	url = git@gitea.kosmos.org:kosmos/deno-cookbook.git

.ruby-version

@@ -0,0 +1 @@
+chef-workstation

Berksfile

@@ -2,53 +2,43 @@
 
 source 'https://supermarket.chef.io'
 
-cookbook 'mediawiki',
-         git: 'https://github.com/67P/mediawiki-cookbook.git',
-         ref: '55a4680ee298199fa5f7fa51b5c589fbfa52eed0'
-cookbook 'redis',
-         git: 'https://github.com/phlipper/chef-redis.git',
-         ref: 'v0.5.6'
-cookbook 'postfix',                '= 5.0.2'
-cookbook 'php-fpm',                '~> 0.8.0'
-cookbook 'php',                    '~> 6.1.1'
-cookbook 'composer',               '~> 2.6.1'
-cookbook 'poise-ruby-build',       '~> 1.1.0'
-cookbook 'application',            '~> 5.2.0'
-cookbook 'application_javascript', '~> 1.0.0'
-cookbook 'application_git',        '= 1.1.0' # 1.2.0 doesn't work with knife-solo
-cookbook 'poise',                  '~> 2.8.2'
-cookbook 'poise-languages',        '~> 2.1.1'
-cookbook 'poise-javascript',       git: 'https://github.com/67p/poise-javascript.git',
-                                   ref: 'd85078f'
-cookbook 'poise-archive',          '~> 1.5.0'
-cookbook 'poise-service',          '~> 1.5.2'
-cookbook 'users',                  '~> 5.3.1'
-cookbook 'hostname',               '= 0.4.2'
-cookbook 'firewall',               '~> 2.6.3'
-cookbook 'nginx',                  '= 9.0.0'
-# Remove when cookbooks stop depending on it, the build_essential resource is
-# part of Chef 14 (https://docs.chef.io/resource_build_essential.html)
-cookbook 'build-essential',        '~> 8.2.1'
-cookbook 'mysql',                  '~> 8.5.1'
-cookbook 'postgresql',             '= 7.1.4'
-cookbook 'apt',                    '~> 7.0.0'
-cookbook 'git',                    '= 6.0.0'
-cookbook 'hostsfile',              '= 2.4.5'
-cookbook 'ohai',                   '~> 5.2.5'
-cookbook 'nodejs',                 '~> 5.0.0'
-cookbook 'chef_client_updater',    '= 1.1.1'
-cookbook 'timezone_iii',           '= 1.0.4'
-cookbook 'ark',                    '= 3.1.0'
-cookbook 'logrotate',              '= 2.2.0'
-cookbook 'openssl',                '~> 8.5.5'
-cookbook 'ntp',                    '= 3.4.0'
-cookbook 'apache2',                '= 3.3.0'
-cookbook 'chef-sugar',             '= 3.3.0'
-cookbook 'compat_resource',        '= 12.19.0'
-cookbook 'homebrew',               '= 3.0.0'
-cookbook 'mariadb',                '= 0.3.1'
+cookbook 'elasticsearch', '~> 5.1.3'
+cookbook 'firewall',      '~> 6.2.16'
+cookbook 'redisio',       '~> 6.4.1'
+cookbook 'ruby_build',    '~> 2.5.0'
+
 cookbook 'ipfs',
-         git: 'https://github.com/67P/ipfs-cookbook.git',
-         ref: 'v0.4.1'
-cookbook 'elasticsearch',          '= 4.2.0'
+  git: 'https://gitea.kosmos.org/kosmos/ipfs-cookbook.git',
+  ref: 'v0.7.0'
+cookbook 'mediawiki',
+  git: 'https://github.com/67P/mediawiki-cookbook.git',
+  ref: 'nginx'
+
+cookbook 'apache2',                '= 3.3.0'
+cookbook 'apt',                    '~> 7.3.0'
+cookbook 'ark',                    '>= 5.0.0'
+cookbook 'composer',               '~> 2.7.0'
+cookbook 'fail2ban',               '~> 7.0.4'
+cookbook 'git',                    '~> 10.0.0'
+cookbook 'golang',                 '~> 5.3.1'
+cookbook 'hostname',               '= 0.4.2'
+cookbook 'hostsfile',              '~> 3.0.1'
 cookbook 'java',                   '~> 4.3.0'
+cookbook 'logrotate',              '= 2.2.0'
+cookbook 'mysql',                  '~> 8.7.3'
+cookbook 'nginx',                  '= 9.0.0'
+cookbook 'nodejs',                 '~> 7.3.1'
+cookbook 'ntp',                    '= 3.4.0'
+cookbook 'ohai',                   '~> 5.2.5'
+cookbook 'openssl',                '~> 8.5.5'
+cookbook 'php',                    '~> 8.0.0'
+cookbook 'postfix',                '~> 6.0.26'
+cookbook 'timezone_iii',           '= 1.0.4'
+cookbook 'ulimit',                 '~> 1.0.0'
+cookbook 'users',                  '~> 5.3.1'
+cookbook 'zerotier',               '~> 1.0.7'
+cookbook 'unbound',                '~> 3.0.2'
+
+# openresty dependency
+cookbook 'jemalloc',               '~> 0.1.7'
+cookbook 'yum'

Berksfile.lock

@@ -1,168 +1,109 @@
 DEPENDENCIES
   apache2 (= 3.3.0)
-  application (~> 5.2.0)
-  application_git (= 1.1.0)
-  application_javascript (~> 1.0.0)
-  apt (~> 7.0.0)
-  ark (= 3.1.0)
-  build-essential (~> 8.2.1)
-  chef-sugar (= 3.3.0)
-  chef_client_updater (= 1.1.1)
-  compat_resource (= 12.19.0)
-  composer (~> 2.6.1)
-  elasticsearch (= 4.2.0)
-  firewall (~> 2.6.3)
-  git (= 6.0.0)
-  homebrew (= 3.0.0)
+  apt (~> 7.3.0)
+  ark (>= 5.0.0)
+  composer (~> 2.7.0)
+  elasticsearch (~> 5.1.3)
+  fail2ban (~> 7.0.4)
+  firewall (~> 6.2.16)
+  git (~> 10.0.0)
+  golang (~> 5.3.1)
   hostname (= 0.4.2)
-  hostsfile (= 2.4.5)
+  hostsfile (~> 3.0.1)
   ipfs
-    git: https://github.com/67P/ipfs-cookbook.git
-    revision: 5c31191ff8571bc8425375fbf938913ac64aa2ee
-    ref: v0.4.1
+    git: https://gitea.kosmos.org/kosmos/ipfs-cookbook.git
+    revision: d7c25b6ce5fa490b6de3529fdc163fb64f1ece8a
+    ref: v0.7.0
   java (~> 4.3.0)
+  jemalloc (~> 0.1.7)
   logrotate (= 2.2.0)
-  mariadb (= 0.3.1)
   mediawiki
     git: https://github.com/67P/mediawiki-cookbook.git
-    revision: 55a4680ee298199fa5f7fa51b5c589fbfa52eed0
-    ref: 55a4680
-  mysql (~> 8.5.1)
+    revision: 78641e53635ba6cbd4a2a51fd597adb8fef1e8ad
+    ref: nginx
+  mysql (~> 8.7.3)
   nginx (= 9.0.0)
-  nodejs (~> 5.0.0)
+  nodejs (~> 7.3.1)
   ntp (= 3.4.0)
   ohai (~> 5.2.5)
   openssl (~> 8.5.5)
-  php (~> 6.1.1)
-  php-fpm (~> 0.8.0)
-  poise (~> 2.8.2)
-  poise-archive (~> 1.5.0)
-  poise-javascript
-    git: https://github.com/67p/poise-javascript.git
-    revision: d85078fe59bd4f16d05a9ffe6e0fc449015e4440
-    ref: d85078f
-  poise-languages (~> 2.1.1)
-  poise-ruby-build (~> 1.1.0)
-  poise-service (~> 1.5.2)
-  postfix (= 5.0.2)
-  postgresql (= 7.1.4)
-  redis
-    git: https://github.com/phlipper/chef-redis.git
-    revision: 7476279fc9c8727f082b8d77b5e1922dc2ef437b
-    ref: v0.5.6
+  php (~> 8.0.0)
+  postfix (~> 6.0.26)
+  redisio (~> 6.4.1)
+  ruby_build (~> 2.5.0)
   timezone_iii (= 1.0.4)
+  ulimit (~> 1.0.0)
+  unbound (~> 3.0.2)
   users (~> 5.3.1)
+  yum
+  zerotier (~> 1.0.7)
 
 GRAPH
   apache2 (3.3.0)
-  application (5.2.0)
-    poise (~> 2.4)
-    poise-service (~> 1.0)
-  application_git (1.1.0)
-    application (~> 5.0)
-    git (>= 0.0.0)
-    poise (~> 2.0)
-  application_javascript (1.0.0)
-    application (~> 5.0)
-    poise (~> 2.0)
-    poise-javascript (~> 1.0)
-    poise-service (~> 1.0)
-  apt (7.0.0)
-  ark (3.1.0)
-    build-essential (>= 0.0.0)
-    seven_zip (>= 0.0.0)
-    windows (>= 0.0.0)
+  apt (7.3.0)
+  ark (6.0.3)
+    seven_zip (>= 3.1)
   build-essential (8.2.1)
     mingw (>= 1.1)
     seven_zip (>= 0.0.0)
-  chef-sugar (3.3.0)
-  chef_client_updater (1.1.1)
-    compat_resource (>= 12.16.3)
-  compat_resource (12.19.0)
-  composer (2.6.1)
+  chocolatey (3.0.0)
+  composer (2.7.0)
     apt (>= 0.0.0)
     php (>= 0.0.0)
     windows (>= 0.0.0)
-  dmg (4.1.1)
-  elasticsearch (4.2.0)
-    apt (>= 0.0.0)
+  elasticsearch (5.1.3)
     ark (>= 0.0.0)
-    chef-sugar (>= 0.0.0)
-    yum (>= 0.0.0)
-  firewall (2.6.5)
-    chef-sugar (>= 0.0.0)
-  git (6.0.0)
-    build-essential (>= 0.0.0)
-    dmg (>= 0.0.0)
+  fail2ban (7.0.4)
     yum-epel (>= 0.0.0)
-  homebrew (3.0.0)
+  firewall (6.2.16)
+  git (10.0.0)
+  golang (5.3.1)
+    ark (>= 6.0)
+  homebrew (5.4.1)
   hostname (0.4.2)
     hostsfile (>= 0.0.0)
-  hostsfile (2.4.5)
-  ipfs (0.4.1)
+  hostsfile (3.0.1)
+  ipfs (0.7.0)
     ark (>= 0.0.0)
   java (4.3.0)
     homebrew (>= 0.0.0)
     windows (>= 0.0.0)
+  jemalloc (0.1.7)
+    build-essential (>= 0.0.0)
   logrotate (2.2.0)
-  mariadb (0.3.1)
-    apt (>= 0.0.0)
-    yum (>= 0.0.0)
-    yum-epel (>= 0.0.0)
   mediawiki (0.5.0)
     apache2 (>= 0.0.0)
     nginx (>= 0.0.0)
     php (>= 0.0.0)
-    php-fpm (>= 0.0.0)
-  mingw (2.1.0)
+  mingw (2.1.7)
     seven_zip (>= 0.0.0)
-  mysql (8.5.1)
+  mysql (8.7.4)
   nginx (9.0.0)
     build-essential (>= 5.0)
     ohai (>= 4.1.0)
     yum-epel (>= 0.0.0)
-  nodejs (5.0.0)
+  nodejs (7.3.3)
     ark (>= 2.0.2)
-    build-essential (>= 0.0.0)
+    chocolatey (>= 3.0)
   ntp (3.4.0)
   ohai (5.2.5)
   openssl (8.5.5)
-  php (6.1.1)
-    build-essential (>= 5.0)
+  php (8.0.1)
     yum-epel (>= 0.0.0)
-  php-fpm (0.8.0)
-  poise (2.8.2)
-  poise-archive (1.5.0)
-    poise (~> 2.6)
-  poise-build-essential (1.0.0)
-    poise (~> 2.6)
-  poise-git (1.0.0)
-    poise (~> 2.6)
-    poise-languages (~> 2.1)
-  poise-javascript (1.2.1)
-    poise (~> 2.0)
-    poise-languages (~> 2.0)
-  poise-languages (2.1.2)
-    poise (~> 2.5)
-    poise-archive (~> 1.0)
-  poise-ruby (2.4.0)
-    poise (~> 2.0)
-    poise-languages (~> 2.0)
-  poise-ruby-build (1.1.0)
-    poise (~> 2.0)
-    poise-build-essential (~> 1.0)
-    poise-git (~> 1.0)
-    poise-ruby (~> 2.1)
-  poise-service (1.5.2)
-    poise (~> 2.0)
-  postfix (5.0.2)
-  postgresql (7.1.4)
-  redis (0.5.6)
-    apt (>= 0.0.0)
-  seven_zip (3.1.1)
-    windows (>= 0.0.0)
+  postfix (6.0.26)
+  redisio (6.4.1)
+    selinux (>= 0.0.0)
+  ruby_build (2.5.0)
+    homebrew (>= 0.0.0)
+    yum-epel (>= 0.0.0)
+  selinux (6.1.12)
+  seven_zip (4.2.2)
   timezone_iii (1.0.4)
+  ulimit (1.0.0)
+  unbound (3.0.2)
   users (5.3.1)
-  windows (6.0.0)
-  yum (5.1.0)
-  yum-epel (3.3.0)
+  windows (7.0.2)
+  yum (7.4.13)
+  yum-epel (4.2.3)
+  zerotier (1.0.7)
+    ohai (>= 0.0.0)

Gemfile

@@ -1,8 +1,3 @@
 source 'https://rubygems.org'
 
-gem 'chef', '~> 14.11.21'
-gem 'berkshelf', '~> 7.0'
-gem 'knife-solo', '~> 0.7.0'
-gem 'knife-solo_data_bag'
-gem 'cookstyle'
-gem 'test-kitchen'
+gem 'knife-zero', '>= 2.4.2'

Gemfile.lock

@@ -1,241 +1,316 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.5.2)
-      public_suffix (>= 2.0.2, < 4.0)
-    ast (2.3.0)
-    berkshelf (7.0.7)
-      chef (>= 13.6.52)
-      chef-config
-      cleanroom (~> 1.0)
-      concurrent-ruby (~> 1.0)
-      minitar (>= 0.6)
-      mixlib-archive (~> 0.4)
-      mixlib-config (>= 2.2.5)
-      mixlib-shellout (~> 2.0)
-      octokit (~> 4.0)
-      retryable (~> 2.0)
-      solve (~> 4.0)
-      thor (>= 0.20)
-    builder (3.2.3)
-    chef (14.11.21)
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    aws-eventstream (1.2.0)
+    aws-partitions (1.551.0)
+    aws-sdk-core (3.125.6)
+      aws-eventstream (~> 1, >= 1.0.2)
+      aws-partitions (~> 1, >= 1.525.0)
+      aws-sigv4 (~> 1.1)
+      jmespath (~> 1.0)
+    aws-sdk-kms (1.53.0)
+      aws-sdk-core (~> 3, >= 3.125.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-s3 (1.111.3)
+      aws-sdk-core (~> 3, >= 3.125.0)
+      aws-sdk-kms (~> 1)
+      aws-sigv4 (~> 1.4)
+    aws-sdk-secretsmanager (1.56.0)
+      aws-sdk-core (~> 3, >= 3.125.0)
+      aws-sigv4 (~> 1.1)
+    aws-sigv4 (1.4.0)
+      aws-eventstream (~> 1, >= 1.0.2)
+    bcrypt_pbkdf (1.1.0)
+    builder (3.2.4)
+    chef (17.9.42)
       addressable
-      bundler (>= 1.10)
-      chef-config (= 14.11.21)
-      chef-zero (>= 13.0)
-      diff-lcs (~> 1.2, >= 1.2.4)
+      aws-sdk-s3 (~> 1.91)
+      aws-sdk-secretsmanager (~> 1.46)
+      chef-config (= 17.9.42)
+      chef-utils (= 17.9.42)
+      chef-vault
+      chef-zero (>= 14.0.11)
+      corefoundation (~> 0.3.4)
+      diff-lcs (>= 1.2.4, < 1.4.0)
       erubis (~> 2.7)
-      ffi (~> 1.9, >= 1.9.25)
+      ffi (>= 1.5.0)
+      ffi-libarchive (~> 1.0, >= 1.0.3)
       ffi-yajl (~> 2.2)
-      highline (~> 1.6, >= 1.6.9)
       iniparse (~> 1.4)
+      inspec-core (~> 4.23)
+      license-acceptance (>= 1.0.5, < 3)
       mixlib-archive (>= 0.4, < 2.0)
-      mixlib-authentication (~> 2.1)
-      mixlib-cli (~> 1.7)
-      mixlib-log (~> 2.0, >= 2.0.3)
-      mixlib-shellout (~> 2.4)
-      net-sftp (~> 2.1, >= 2.1.2)
-      net-ssh (~> 4.2)
-      net-ssh-multi (~> 1.2, >= 1.2.1)
-      ohai (~> 14.0)
+      mixlib-authentication (>= 2.1, < 4)
+      mixlib-cli (>= 2.1.1, < 3.0)
+      mixlib-log (>= 2.0.3, < 4.0)
+      mixlib-shellout (>= 3.1.1, < 4.0)
+      net-sftp (>= 2.1.2, < 4.0)
+      ohai (~> 17.0)
       plist (~> 3.2)
       proxifier (~> 1.0)
-      rspec-core (~> 3.5)
-      rspec-expectations (~> 3.5)
-      rspec-mocks (~> 3.5)
-      rspec_junit_formatter (~> 0.2.0)
-      serverspec (~> 2.7)
-      specinfra (~> 2.10)
       syslog-logger (~> 1.6)
-      uuidtools (~> 2.1.5)
-    chef-config (14.11.21)
+      train-core (~> 3.2, >= 3.2.28)
+      train-winrm (>= 0.2.5)
+      uuidtools (>= 2.1.5, < 3.0)
+      vault (~> 0.16)
+    chef-config (17.9.42)
       addressable
+      chef-utils (= 17.9.42)
       fuzzyurl
-      mixlib-config (>= 2.2.12, < 3.0)
-      mixlib-shellout (~> 2.0)
+      mixlib-config (>= 2.2.12, < 4.0)
+      mixlib-shellout (>= 2.0, < 4.0)
       tomlrb (~> 1.2)
-    chef-zero (14.0.12)
+    chef-telemetry (1.1.1)
+      chef-config
+      concurrent-ruby (~> 1.0)
+    chef-utils (17.9.42)
+      concurrent-ruby
+    chef-vault (4.1.5)
+    chef-zero (15.0.11)
       ffi-yajl (~> 2.2)
-      hashie (>= 2.0, < 4.0)
+      hashie (>= 2.0, < 5.0)
       mixlib-log (>= 2.0, < 4.0)
       rack (~> 2.0, >= 2.0.6)
       uuidtools (~> 2.1)
-    cleanroom (1.0.0)
-    concurrent-ruby (1.1.4)
-    cookstyle (1.3.1)
-      rubocop (= 0.47.1)
+      webrick
+    coderay (1.1.3)
+    concurrent-ruby (1.1.9)
+    corefoundation (0.3.10)
+      ffi (>= 1.15.0)
     diff-lcs (1.3)
+    erubi (1.10.0)
     erubis (2.7.0)
-    faraday (0.15.4)
+    faraday (1.4.3)
+      faraday-em_http (~> 1.0)
+      faraday-em_synchrony (~> 1.0)
+      faraday-excon (~> 1.1)
+      faraday-net_http (~> 1.0)
+      faraday-net_http_persistent (~> 1.1)
       multipart-post (>= 1.2, < 3)
-    ffi (1.10.0)
-    ffi-yajl (2.3.1)
-      libyajl2 (~> 1.2)
+      ruby2_keywords (>= 0.0.4)
+    faraday-em_http (1.0.0)
+    faraday-em_synchrony (1.0.0)
+    faraday-excon (1.1.0)
+    faraday-net_http (1.0.1)
+    faraday-net_http_persistent (1.2.0)
+    faraday_middleware (1.2.0)
+      faraday (~> 1.0)
+    ffi (1.15.5)
+    ffi-libarchive (1.1.3)
+      ffi (~> 1.0)
+    ffi-yajl (2.4.0)
+      libyajl2 (>= 1.2)
     fuzzyurl (0.9.0)
-    gssapi (1.2.0)
+    gssapi (1.3.1)
       ffi (>= 1.0.1)
     gyoku (1.3.1)
       builder (>= 2.1.2)
-    hashie (3.6.0)
-    highline (1.7.10)
+    hashie (4.1.0)
+    highline (2.0.3)
     httpclient (2.8.3)
-    iniparse (1.4.4)
+    iniparse (1.5.0)
+    inspec-core (4.52.9)
+      addressable (~> 2.4)
+      chef-telemetry (~> 1.0, >= 1.0.8)
+      faraday (>= 0.9.0, < 1.5)
+      faraday_middleware (~> 1.0)
+      hashie (>= 3.4, < 5.0)
+      license-acceptance (>= 0.2.13, < 3.0)
+      method_source (>= 0.8, < 2.0)
+      mixlib-log (~> 3.0)
+      multipart-post (~> 2.0)
+      parallel (~> 1.9)
+      parslet (>= 1.5, < 2.0)
+      pry (~> 0.13)
+      rspec (>= 3.9, < 3.11)
+      rspec-its (~> 1.2)
+      rubyzip (>= 1.2.2, < 3.0)
+      semverse (~> 3.0)
+      sslshake (~> 1.2)
+      thor (>= 0.20, < 2.0)
+      tomlrb (>= 1.2, < 2.1)
+      train-core (~> 3.0)
+      tty-prompt (~> 0.17)
+      tty-table (~> 0.10)
     ipaddress (0.8.3)
-    knife-solo (0.7.0)
-      chef (>= 10.20)
-      erubis (~> 2.7.0)
-      net-ssh (>= 2.7)
-    knife-solo_data_bag (2.1.0)
-    libyajl2 (1.2.0)
+    jmespath (1.5.0)
+    json (2.6.1)
+    knife (17.9.26)
+      bcrypt_pbkdf (~> 1.1)
+      chef (>= 17)
+      chef-config (>= 17)
+      chef-utils (>= 17)
+      chef-vault
+      erubis (~> 2.7)
+      ffi (>= 1.15)
+      ffi-yajl (~> 2.2)
+      highline (>= 1.6.9, < 3)
+      license-acceptance (>= 1.0.5, < 3)
+      mixlib-archive (>= 0.4, < 2.0)
+      mixlib-cli (>= 2.1.1, < 3.0)
+      net-ssh (>= 5.1, < 7)
+      net-ssh-multi (~> 1.2, >= 1.2.1)
+      ohai (~> 17.0)
+      pastel
+      train-core (~> 3.2, >= 3.2.28)
+      train-winrm (>= 0.2.5)
+      tty-prompt (~> 0.21)
+      tty-screen (~> 0.6)
+      tty-table (~> 0.11)
+    knife-zero (2.4.2)
+      chef (>= 15.0)
+      knife (>= 17.0)
+    libyajl2 (2.1.0)
+    license-acceptance (2.1.13)
+      pastel (~> 0.7)
+      tomlrb (>= 1.2, < 3.0)
+      tty-box (~> 0.6)
+      tty-prompt (~> 0.20)
     little-plugger (1.1.4)
-    logging (2.2.2)
+    logging (2.3.0)
       little-plugger (~> 1.1)
-      multi_json (~> 1.10)
-    minitar (0.8)
-    mixlib-archive (0.4.20)
+      multi_json (~> 1.14)
+    method_source (1.0.0)
+    mixlib-archive (1.1.7)
       mixlib-log
-    mixlib-authentication (2.1.1)
-    mixlib-cli (1.7.0)
-    mixlib-config (2.2.18)
+    mixlib-authentication (3.0.10)
+    mixlib-cli (2.1.8)
+    mixlib-config (3.0.9)
       tomlrb
-    mixlib-install (3.11.5)
-      mixlib-shellout
-      mixlib-versioning
-      thor
-    mixlib-log (2.0.9)
-    mixlib-shellout (2.4.4)
-    mixlib-versioning (1.2.7)
-    molinillo (0.6.6)
-    multi_json (1.13.1)
-    multipart-post (2.0.0)
-    net-scp (1.2.1)
-      net-ssh (>= 2.6.5)
-    net-sftp (2.1.2)
-      net-ssh (>= 2.6.5)
-    net-ssh (4.2.0)
-    net-ssh-gateway (1.3.0)
-      net-ssh (>= 2.6.5)
+    mixlib-log (3.0.9)
+    mixlib-shellout (3.2.5)
+      chef-utils
+    multi_json (1.15.0)
+    multipart-post (2.1.1)
+    net-scp (3.0.0)
+      net-ssh (>= 2.6.5, < 7.0.0)
+    net-sftp (3.0.0)
+      net-ssh (>= 5.0.0, < 7.0.0)
+    net-ssh (6.1.0)
+    net-ssh-gateway (2.0.0)
+      net-ssh (>= 4.0.0)
     net-ssh-multi (1.2.1)
       net-ssh (>= 2.6.5)
       net-ssh-gateway (>= 1.2.0)
-    net-telnet (0.1.1)
     nori (2.6.0)
-    octokit (4.13.0)
-      sawyer (~> 0.8.0, >= 0.5.3)
-    ohai (14.8.11)
-      chef-config (>= 12.8, < 15)
+    ohai (17.9.0)
+      chef-config (>= 14.12, < 18)
+      chef-utils (>= 16.0, < 18)
       ffi (~> 1.9)
       ffi-yajl (~> 2.2)
       ipaddress
       mixlib-cli (>= 1.7.0)
       mixlib-config (>= 2.0, < 4.0)
       mixlib-log (>= 2.0.1, < 4.0)
-      mixlib-shellout (>= 2.0, < 4.0)
+      mixlib-shellout (~> 3.2, >= 3.2.5)
       plist (~> 3.1)
-      systemu (~> 2.6.4)
+      train-core
       wmi-lite (~> 1.0)
-    parser (2.4.0.0)
-      ast (~> 2.2)
-    plist (3.5.0)
-    powerpack (0.1.1)
+    parallel (1.21.0)
+    parslet (1.8.2)
+    pastel (0.8.0)
+      tty-color (~> 0.5)
+    plist (3.6.0)
     proxifier (1.0.3)
-    public_suffix (3.0.3)
-    rack (2.0.6)
-    rainbow (2.2.2)
-      rake
-    rake (12.0.0)
-    retryable (2.0.4)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.2)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    public_suffix (4.0.6)
+    rack (2.2.3)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.2)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-its (1.2.0)
+      rspec-support (~> 3.10.0)
+    rspec-its (1.3.0)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
-    rspec-mocks (3.8.0)
+    rspec-mocks (3.10.3)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
-    rspec_junit_formatter (0.2.3)
-      builder (< 4)
-      rspec-core (>= 2, < 4, != 2.12.0)
-    rubocop (0.47.1)
-      parser (>= 2.3.3.1, < 3.0)
-      powerpack (~> 0.1)
-      rainbow (>= 1.99.1, < 3.0)
-      ruby-progressbar (~> 1.7)
-      unicode-display_width (~> 1.0, >= 1.0.1)
-    ruby-progressbar (1.8.1)
-    rubyntlm (0.6.2)
-    rubyzip (1.2.2)
-    sawyer (0.8.1)
-      addressable (>= 2.3.5, < 2.6)
-      faraday (~> 0.8, < 1.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.3)
+    ruby2_keywords (0.0.5)
+    rubyntlm (0.6.3)
+    rubyzip (2.3.2)
     semverse (3.0.0)
-    serverspec (2.41.3)
-      multi_json
-      rspec (~> 3.0)
-      rspec-its
-      specinfra (~> 2.72)
-    sfl (2.3)
-    solve (4.0.2)
-      molinillo (~> 0.6)
-      semverse (>= 1.1, < 4.0)
-    specinfra (2.77.0)
-      net-scp
-      net-ssh (>= 2.7)
-      net-telnet (= 0.1.1)
-      sfl
+    sslshake (1.3.1)
+    strings (0.2.1)
+      strings-ansi (~> 0.2)
+      unicode-display_width (>= 1.5, < 3.0)
+      unicode_utils (~> 1.4)
+    strings-ansi (0.2.0)
     syslog-logger (1.6.8)
-    systemu (2.6.5)
-    test-kitchen (1.24.0)
-      mixlib-install (~> 3.6)
-      mixlib-shellout (>= 1.2, < 3.0)
-      net-scp (~> 1.1)
-      net-ssh (>= 2.9, < 5.0)
-      net-ssh-gateway (~> 1.2)
-      thor (~> 0.19)
-      winrm (~> 2.0)
-      winrm-elevated (~> 1.0)
-      winrm-fs (~> 1.1)
-    thor (0.20.3)
-    tomlrb (1.2.8)
-    unicode-display_width (1.2.1)
-    uuidtools (2.1.5)
-    winrm (2.3.1)
+    thor (1.2.1)
+    tomlrb (1.3.0)
+    train-core (3.8.7)
+      addressable (~> 2.5)
+      ffi (!= 1.13.0)
+      json (>= 1.8, < 3.0)
+      mixlib-shellout (>= 2.0, < 4.0)
+      net-scp (>= 1.2, < 4.0)
+      net-ssh (>= 2.9, < 7.0)
+    train-winrm (0.2.12)
+      winrm (>= 2.3.6, < 3.0)
+      winrm-elevated (~> 1.2.2)
+      winrm-fs (~> 1.0)
+    tty-box (0.7.0)
+      pastel (~> 0.8)
+      strings (~> 0.2.0)
+      tty-cursor (~> 0.7)
+    tty-color (0.6.0)
+    tty-cursor (0.7.1)
+    tty-prompt (0.23.1)
+      pastel (~> 0.8)
+      tty-reader (~> 0.8)
+    tty-reader (0.9.0)
+      tty-cursor (~> 0.7)
+      tty-screen (~> 0.8)
+      wisper (~> 2.0)
+    tty-screen (0.8.1)
+    tty-table (0.12.0)
+      pastel (~> 0.8)
+      strings (~> 0.2.0)
+      tty-screen (~> 0.8)
+    unicode-display_width (2.1.0)
+    unicode_utils (1.4.0)
+    uuidtools (2.2.0)
+    vault (0.16.0)
+      aws-sigv4
+    webrick (1.7.0)
+    winrm (2.3.6)
       builder (>= 2.1.2)
-      erubis (~> 2.7)
+      erubi (~> 1.8)
       gssapi (~> 1.2)
       gyoku (~> 1.0)
       httpclient (~> 2.2, >= 2.2.0.2)
       logging (>= 1.6.1, < 3.0)
       nori (~> 2.0)
-      rubyntlm (~> 0.6.0, >= 0.6.1)
-    winrm-elevated (1.1.1)
+      rubyntlm (~> 0.6.0, >= 0.6.3)
+    winrm-elevated (1.2.3)
+      erubi (~> 1.8)
       winrm (~> 2.0)
       winrm-fs (~> 1.0)
-    winrm-fs (1.3.2)
-      erubis (~> 2.7)
+    winrm-fs (1.3.5)
+      erubi (~> 1.8)
       logging (>= 1.6.1, < 3.0)
-      rubyzip (~> 1.1)
+      rubyzip (~> 2.0)
       winrm (~> 2.0)
-    wmi-lite (1.0.2)
+    wisper (2.0.1)
+    wmi-lite (1.0.5)
 
 PLATFORMS
-  ruby
+  x86_64-darwin-18
+  x86_64-darwin-19
+  x86_64-linux
 
 DEPENDENCIES
-  berkshelf (~> 7.0)
-  chef (~> 14.11.21)
-  cookstyle
-  knife-solo (~> 0.7.0)
-  knife-solo_data_bag
-  test-kitchen
+  knife-zero (>= 2.4.2)
 
 BUNDLED WITH
-   1.17.3
+   2.2.15

README.md

@@ -1,16 +1,56 @@
-### Install dependencies
+This repository contains all infrastructure automation code that we use to set
+up and configure servers, virtual machines, and applications for Kosmos hosted
+services.
+
+Chef cookbooks are written in Ruby, and based on [Chef Infra
+resources](https://docs.chef.io/resources/). Some cookbooks contain integration
+test suites based on [Test Kitchen](https://docs.chef.io/workstation/kitchen/).
+
+Note: Manual configuration of servers and applications is highly discouraged,
+and can be overwritten or lost without notice!
+
+## Setup
+
+### Install Chef Workstation
+
+* macOS, Windows, RHEL, Ubuntu: https://docs.chef.io/workstation/install_workstation/
+* Arch Linux: https://aur.archlinux.org/packages/chef-workstation
+
+#### rbenv
+
+If you use rbenv to manage Ruby versions on your system, install the
+[rbenv-chef-workstation](https://github.com/docwhat/rbenv-chef-workstation)
+plugin.
+
+### Install gem dependencies
+
+Clone this repository, `cd` into it, and run:
 
     bundle install
 
-### Run Chef Solo
+## Common tasks
 
-    knife solo cook dev.kosmos.org
+### Bootstrap a new host server
 
-### Bootstrap a new server
+    knife zero bootstrap root@server-name.kosmos.org --run-list "role[base],role[kvm_host]" --secret-file .chef/encrypted_data_bag_secret
 
-    knife solo prepare root@dev.kosmos.org
+### Bootstrap a new VM
 
-### Managing cookbooks
+    knife zero bootstrap ubuntu@zerotier-ip-address -x ubuntu --sudo --run-list "role[base],role[kvm_guest]" --secret-file .chef/encrypted_data_bag_secret
+
+### Run Chef Zero on a host server
+
+    knife zero converge -p2222 name:server-name.kosmos.org
+
+### Run Chef Zero on a VM
+
+    knife zero converge -a knife_zero.host name:vm-name-23
+
+### Update Chef Client on a server:
+
+    knife zero converge name:dev.kosmos.org --client-version 15.3.14
+
+## Managing cookbooks
 
 Cookbooks are managed via Berkshelf. Run `berks --help` for command help.
 
@@ -20,4 +60,15 @@ Install cookbooks listed in Berksfile:
 
 Vendor installed cookbooks to the `cookbooks/` dir:
 
-    berks vendor cookbooks/
+    berks vendor cookbooks/ --delete
+
+## "Expired" TLS certificates
+
+If you encounter expired TLS certificates during a Chef run (e.g. for remote
+files), the issue is likely that the certificate has been issued by Let's
+Encrypt and Chef is still using its own, outdated CA cert store (see
+[here](https://github.com/chef/chef/issues/12126#issuecomment-932067530) for
+example).
+
+As a hotfix, you can manually remove the "DST Root CA X3" cert from
+`/opt/chef/embedded/ssl/cert.pem` on the machine you're trying to converge.

Vagrantfile

@@ -2,109 +2,91 @@
 # vi: set ft=ruby :
 
 # All Vagrant configuration is done below. The "2" in Vagrant.configure
-# configures the configuration version (we support older styles for
-# backwards compatibility). Please don't change it unless you know what
-# you're doing.
+# configures the configuration version.
+#
+# Documentation for all configuration options can be found here:
+# https://www.vagrantup.com/docs/vagrantfile
 Vagrant.configure(2) do |config|
-  # The most common configuration options are documented and commented below.
-  # For a complete reference, please see the online documentation at
-  # https://docs.vagrantup.com.
-
-  # Every Vagrant development environment requires a box. You can search for
-  # boxes at https://atlas.hashicorp.com/search.
-  config.vm.box = "bento/ubuntu-18.04"
 
   config.vm.provider :virtualbox do |vb|
-    # Customize the amount of memory on the VM:
     vb.memory = "1024"
     vb.cpus = 2
   end
 
-  config.vm.provider :docker do |d, override|
-    d.image = "nishidayuya/docker-vagrant-ubuntu:xenial"
-    d.has_ssh = true
-    override.vm.box = nil
-    override.ssh.port = 22
-  end
-
-  if Vagrant.has_plugin?("vagrant-berkshelf")
-    config.berkshelf.enabled = true
-  else
-    puts "Install vagrant-berkshelf:\n  vagrant plugin install vagrant-berkshelf"
-    exit 1
-  end
-
-  # Disable automatic box update checking. If you disable this, then
-  # boxes will only be checked for updates when the user runs
-  # `vagrant box outdated`. This is not recommended.
-  # config.vm.box_check_update = false
-
-  # Create a forwarded port mapping which allows access to a specific port
-  # within the machine from a port on the host machine. In the example below,
-  # accessing "localhost:8080" will access port 80 on the guest machine.
-  # config.vm.network "forwarded_port", guest: 80, host: 8080
-
-  # Create a private network, which allows host-only access to the machine
-  # using a specific IP.
-  # config.vm.network "private_network", ip: "192.168.33.10"
-
-  # Create a public network, which generally matched to bridged network.
-  # Bridged networks make the machine appear as another physical device on
-  # your network.
-  # config.vm.network "public_network"
-
-  # Share an additional folder to the guest VM. The first argument is
-  # the path on the host to the actual folder. The second argument is
-  # the path on the guest to mount the folder. And the optional third
-  # argument is a set of non-required options.
-  # config.vm.synced_folder "../data", "/vagrant_data"
-
-  # Provider-specific configuration so you can fine-tune various
-  # backing providers for Vagrant. These expose provider-specific options.
-  # Example for VirtualBox:
-  #
-  # config.vm.provider "virtualbox" do |vb|
-  #   # Display the VirtualBox GUI when booting the machine
-  #   vb.gui = true
-  #
-  #   # Customize the amount of memory on the VM:
-  #   vb.memory = "1024"
-  # end
-  #
-  # View the documentation for the provider you are using for more
-  # information on available options.
-
-  # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
-  # such as FTP and Heroku are also available. See the documentation at
-  # https://docs.vagrantup.com/v2/push/atlas.html for more information.
-  # config.push.define "atlas" do |push|
-  #   push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
+  # config.vm.provider :docker do |d, override|
+  #   d.image = "nishidayuya/docker-vagrant-ubuntu:xenial"
+  #   d.has_ssh = true
+  #   override.vm.box = nil
+  #   override.ssh.port = 22
   # end
 
-  # Enable provisioning with a shell script. Additional provisioners such as
-  # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
-  # documentation for more information about their specific syntax and use.
-  # config.vm.provision "shell", inline: <<-SHELL
-  #   sudo apt-get update
-  #   sudo apt-get install -y apache2
-  # SHELL
+  config.vm.define "ldap" do |ldap|
+    ldap.vm.box = "bento/ubuntu-18.04"
+    ldap.vm.network "forwarded_port", guest: 389, host: 389
+    ldap.vm.network "private_network", ip: "192.168.56.5"
 
-  config.vm.provision :chef_zero do |chef|
-    chef.version                            = '14.11.21'
-    chef.cookbooks_path                     = ['site-cookbooks']
-    chef.data_bags_path                     = 'data_bags'
-    chef.roles_path                         = 'roles'
-    chef.node_name                          = "vagrant-node"
-    chef.nodes_path                         = 'nodes'
-    chef.environments_path                  = 'environments'
-    chef.encrypted_data_bag_secret_key_path = '.chef/encrypted_data_bag_secret'
-    chef.environment                        = 'development'
-    chef.add_recipe 'kosmos-base'
-    chef.add_recipe 'kosmos-wordpress'
-    # chef.add_recipe 'sockethub'
-    # chef.add_recipe 'kosmos-mastodon'
-    # chef.add_recipe 'kosmos-mastodon::nginx'
-    # chef.add_recipe '5apps-hubot::xmpp_botka'
-    # chef.add_recipe 'kosmos-hubot'
+    ldap.vm.provision :chef_zero do |chef|
+      chef.version                            = "18.2.7"
+      chef.node_name                          = "vagrant-node-ldap"
+      chef.arguments                          = "--chef-license accept"
+      chef.cookbooks_path                     = ["cookbooks", "site-cookbooks"]
+      chef.data_bags_path                     = "data_bags"
+      chef.roles_path                         = "roles"
+      chef.nodes_path                         = "nodes"
+      chef.environments_path                  = "environments"
+      chef.encrypted_data_bag_secret_key_path = ".chef/encrypted_data_bag_secret"
+      chef.environment                        = "development"
+
+      chef.add_recipe "kosmos-base"
+      chef.add_recipe "kosmos-dirsrv"
+    end
   end
+
+  config.vm.define "bitcoin" do |bitcoin|
+    bitcoin.vm.box = "generic/ubuntu2004"
+    bitcoin.vm.network "forwarded_port", guest: 4201, host: 4201
+    bitcoin.vm.network "private_network", ip: "192.168.56.6"
+    # bitcoin.vm.synced_folder "../kredits/yap/", "/opt/yap"
+
+    bitcoin.vm.provision :chef_zero do |chef|
+      chef.version                            = "18.2.7"
+      chef.node_name                          = "vagrant-node-bitcoin"
+      chef.arguments                          = "--chef-license accept"
+      chef.cookbooks_path                     = ["cookbooks", "site-cookbooks"]
+      chef.data_bags_path                     = "data_bags"
+      chef.roles_path                         = "roles"
+      chef.nodes_path                         = "nodes"
+      chef.environments_path                  = "environments"
+      chef.encrypted_data_bag_secret_key_path = ".chef/encrypted_data_bag_secret"
+      chef.environment                        = "development"
+
+      chef.add_recipe "kosmos-base"
+      chef.add_recipe "kosmos-bitcoin::source"
+      # chef.add_recipe "kosmos-bitcoin::foo"
+    end
+  end
+
+  config.vm.define "openresty" do |openresty|
+    openresty.vm.box = "bento/ubuntu-20.04"
+    openresty.vm.network "forwarded_port", guest: 6379, host: 6379
+    openresty.vm.network "private_network", ip: "192.168.56.7"
+
+    openresty.vm.provision :chef_zero do |chef|
+      chef.version                            = "18.2.7"
+      chef.node_name                          = "vagrant-openresty"
+      chef.arguments                          = "--chef-license accept"
+      chef.cookbooks_path                     = ["cookbooks", "site-cookbooks"]
+      chef.data_bags_path                     = "data_bags"
+      chef.roles_path                         = "roles"
+      chef.nodes_path                         = "nodes"
+      chef.environments_path                  = "environments"
+      chef.encrypted_data_bag_secret_key_path = ".chef/encrypted_data_bag_secret"
+      chef.environment                        = "development"
+
+      chef.add_recipe "kosmos-base"
+      chef.add_role "openresty"
+      chef.add_role "openresty_proxy"
+    end
+  end
+
 end

clients/akkounts-1.json

@@ -0,0 +1,4 @@
+{
+  "name": "akkounts-1",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LKcqydrG3zgtmThEg+q\nOcw8QvIB2usMkF4kNMFeqhhdr2q/AtRcq4RJ0u0MiZbkHduGWfG9QZpjmbFZcEke\nURJbddqSDPHFAtrK2+BpcMqNN/mSp59f4MJf6wdLnBoeZCF5pCCXibyj+/754Ly+\nEJNiB1sf1Lu82YW2YM7iLhOLk1QQD2DTfBGbj9swdPrgKK+1npQ4A7O8sOB5gDjb\n9QVLCvCEoYFi+9is0vw/YryEr6tfnNw+CroP2uDfyVfWznF8oPUuttAcHgqDA3CV\n7lCRk9yVt1FKwuq2lFcsMqZ7wO4EoxpzCz/XTnpFPFvgeVinyXjSPsQCBAdwJe5T\nWQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/bitcoin-2.json

@@ -0,0 +1,4 @@
+{
+  "name": "bitcoin-2",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNy0NZUQo93anCe3YkGI\nGTzHnH1SUqc7315ShEEgp9GC9ghEaFe9YX6fdYma4KLfehi1LNoYhibpaVvF6qMB\n5p2pCk4eM9EjRYve3byqt0ZJZzLEcR4zfoiqJHLMBfB1tDiGj3BbahY6LJ0WH/q2\nTek61LOp2nB/9HYSIRlYz8EJtt2YyjV57oqQD5rnEDCJyBf34VI81SZFBeSHCeHQ\nUDALdnkro840FHfFKMUTdUmtpq/bhBA13EkFqVObnc0xZQP3eW6pRNeZ5oUpBLK3\nbAXahd8YEW6c6XerK3JqROs/l2ZRXmfmOMB5RjzmTEuCDsZFuCnJDQEY1nWCyUmu\nhQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/discourse-2.json

@@ -0,0 +1,4 @@
+{
+  "name": "discourse-2",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwinJNGMUzUdrZwx/ZCkU\nxZRnuWqZHXHdZtkEG6beMY1sB/PpGknLgcfTjhh4FR/5hIXqBcVdUj3DZiTmhd8o\n0QpEkJPNKd08PN12CyShPwCcIA1KTqsCsNys+bp6Wff84JClAe/Oza6DonoRmhqO\ncFxSQcscuv8a6Gc/1X/aySmS01hwL+r9p0VZBEPNKEObgJXHsGIIbajlxgq037X/\n2/IsIk2etXTUSWPJLxNKSXzxC3l4Izw4NfvUgipByPTeJQ2YAVxbvrDEqquBGk5S\nll/mlF+fKX0QvUhm7sdLiSy++rHc8R1ny+4LnR1gAOscYMuLbDbpJnW0Rc0GEJOL\nVwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/draco.kosmos.org.json

@@ -0,0 +1,4 @@
+{
+  "name": "draco.kosmos.org",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJiREO7WJyKWzOltXREs\n6bCMBzHTeyBSLxK/50xPvk43A8e+8qW1V52oO/uQkHh8YJ8BCDdSsWTNTudTuMhm\nEFLYP7n+ESYyz7nBgcwLX19lSo3dGnyuQBwlno6W/F1uEdTxfY6MtxJdiPZQDIt0\noijEwOF4ZhA5A+kqx6fpp+rX48r9wdidjdhrJimQixL0SsJFkoStc17BxrnqPpv9\n/sd4xYKgK9hEmEovhghBN3ULsxDOj63cGmM4uWLjbO4ZpL6g1lZRJR5kmcziL9KH\n23M7ShaJu90PnPiFSCUFgNN24zA7aKTkKulNs4g2OYovWVG/z8WglGqHNY83dBP0\nLwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/drone-1.json

@@ -0,0 +1,4 @@
+{
+  "name": "drone-1",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DLEt7jfKPH7X7pBknG3\nWoB6Q6Vffl6Q0GRxQiMJ1uRC79dulKH097CYfLzIXFZD9gRRP4K78vW5BA2spXVV\nn3qrak9JT6BGgdFrkBEdMNGZyz814aMiyhPZrQUrmIzyH8R04xZgv7UH86qdNQ5p\nPeIXS7gU7/0PmwRgEBiM1KLq+Kba6pYdGefKqxx5D59xweH+yE+rbd5ac9xn2GP7\nyOiZoG2sMuksq7d3O4SeTS2lBAmG5IeiP2iWvHWpZD48PTr78ItkTgIbaqZU2PXV\ng+2OcJPTel5xISooe5FvW8gdpC9SYoBPvgJuJ6czc1+LdUSK7pE7577eAJNDlh+H\nRwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/ejabberd-4.json

@@ -0,0 +1,4 @@
+{
+  "name": "ejabberd-4",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6FuI13W2sft83OIWe59/\nYTfpTfKcYTCq5zAQEu87OYHHQeBAYo0W/g/qICh3qw0ie2QMPyggAezoeR5VQdLt\nkJq1X9AHqyX59YThzj7dLCCEKq+mAdriuKzNGu8eml4DRM3m+xw7jFzcwwrD8ECZ\nY+Kn7bcOtozx0mXpEm+cO2cOKmRQn0VJwAQSe6eW301iGmpR9et4hDqMjhiUiwaU\nWAqpsmP/JQMLAX2gLzwilD63VCQlcQCDq/D1m/N6bWb1L47zNAzwOCSYV92bGNDe\nRe+4gCVVLpfGWKbkjQFDraCmME7+O50WpbfowylF8gOzgl3AvnpC/LOSzT8VtMPr\nZQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/ejabberd-8.json

@@ -0,0 +1,4 @@
+{
+  "name": "ejabberd-8",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2r+emfhx7bl7MxEeIDGY\nKnj3xEyFvVgXL7GwOsbKszFVgZ17yuPwa6vuiJsZsbcFC/nXgGNH2WF5FEv7XhOi\nwE8KMeNrR4xQ9BEANRlRgUTfrkhZG1NCy7PpVBb7L2r36STBuFSdQJmruJAfvTHm\na4hhmfaSIJ0Wa+Q24gL1GNwkSRdOhXRYxB4OvNIJzzuC3XqgugQVG5xzZh0kULQs\nkZVvkL5dM0FEZzBn8aK2sohTFDivvYJy7PAogC9Z5M1nPatZBowruUZvCym3Wh1J\nRtBwsS9SsTcsUqaT9FpEa7vYUney1/R8G2FAFufTyztjgBQzh78GhU+dek+ycIf1\nVQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/email-1.json

@@ -0,0 +1,4 @@
+{
+  "name": "email-1",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDRdvMYKRjejoFsOxS6s\n4gj0Gsaxk/j25A5VPHBcEhr+NOh8W/6NnTTHuFMaorEIl/2kscgrcwriDN7xIFmO\nz/C1+spDLPMGSWd+422KSS3fjVfByLlMwxh171RDZBlZVze7H7CIV/rxCG7Ri85y\nPvyp2rT4ioyVGyYK3e8CiXwQckpFC1ex9VRk/GR8zbCYUIw+qbTFRcl/mQuxKqWK\n22vrgAR+6OL8lcyhssmKiQ1r3GtxwJusgffw4/5S8sRR1z8OB4wiwgOWR1E36EbF\nhTBjFzPiKVjVjP/TQpUoYdnBhuD223M8nPWJl1HMVQPMjL6R2BBOF+iK0Wx9SiFD\nJwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/garage-2.json

@@ -0,0 +1,4 @@
+{
+  "name": "garage-2",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuZbclnx/1Oas1+q5vUz\nsvCpTwKBrb3dah2YoZfZg0K15+MZshSyCZxo5T+SGp2OwhV65UptMJZbeyhVtzEp\ncN62G7exf65rNesXOL82PNQC6iInxNvyOgzdTOo7tdQ2ln/3QRpZOtUOB9PEkK17\nNmHfVIWKEc9YajRff5zE1LzSWulTNJ3D4GAIhsli//Rv45MhjyYoQKf1AXtqI72A\n2FE2YWXOjjSHJIPRfcUrmBOmEt/gkWySxGAs8Dg112vOC1ftk0KiQFWKVydMicIj\nyySQH1/neQFSq2HLNajDc9S2l7cjhPEjov7taS9LkXfPtnfN8ajEEP0S2MgZnf4N\ngwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/garage-4.json

@@ -0,0 +1,4 @@
+{
+  "name": "garage-4",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8it7QtT6zDiJJqlyHKfQ\nLqwu6bLblD15WWxlUSiOdhz3njWDv1BIDCAdkCR3HAXgxvk8sMj9QkvWS7u1+bc4\nxvHrY4Tgfg+Tk1h3gGa7ukll8s1WLIbGjj89vrK8PFr4iuDqRytYRMmcdMsNzPkS\nKcsOjFYWGV7KM/OwoQGVIOUPB+WtkrFAvNkXtIU6Wd5orzFMjt/9DPF2aO7QegL8\nG1mQmXcPGl9NSDUXptn/kzFKm/p4n7pjy6OypFT192ak7OA/s+CvQlaVE2tb/M3c\ne4J6A+PInV5AGKY6BxI3QRQLZIlqE0FXawFKr1iRU4JP4tVnICXZqy+SDXQU1zar\nTQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/garage-5.json

@@ -0,0 +1,4 @@
+{
+  "name": "garage-5",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJxLFOBbml94W/GAe7nm\ntZs1Ziy8IbqXySsm8bSwWhRMQ8UuseqQLG30R3Q5X5AoJbtNfd26l63qLtP2fFtL\n5km9dV+2FoIJWFetl8Wzr7CaLYAiNzTQSFHlV7+6DKmPMDcJ63GKrFR77vkSGOG6\nOWL1bJy5BOaClp/sKL/0WQ0+mRbTP6RCQ2eI+46clAg702SenBU6Nz9HDm+teKN7\nYlP1CvzXgfgfpDOsat7wGn5+oKcmKavZxcdn8bt5jRpg8v3JezaZIjMXt7XcNS4n\n0F4XO/efnZE5B5SN68j4BpD8N79zJw4HlRIGP+RaYv2qLtBeWgLHCCs9wXQXfj6b\nLwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/garage-6.json

@@ -0,0 +1,4 @@
+{
+  "name": "garage-6",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwasYgWLM8ShvirFiKRE6\nGWqc3pMlvcrk4YnWAUW5Y/H26EnyexxWNfnwlEcq8thJ3M3hs7zkoF3Yk4uqX869\n4/niYqXwYgeE1K3gzLp4K1+w3yVupYAFVFStVEHJyuMlLJ+ulDEGvNdQDuIfw7+E\nr6DcDLa1o92Eo0wL1ihYyMilduH0LdFTixL+tEBXbbPWBa3RDJJCFsRF1+UC6hAH\nzmaWL661Gdzdabxjm/FlGUYkdbDqeInZq/1GMQqv+9/DcNRkWA9H7i4Ykrfpx4/2\nRZ8xtx/DbnJVB1zYoORygFMMAkTu5E+R8ropeI7Wi77Yq0S7laiRlYQYQml3x9ak\nzQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/garage-7.json

@@ -0,0 +1,4 @@
+{
+  "name": "garage-7",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoAigZUSwsfbBHx2PQ6W\n38Ght6eCvbpW1lsS58hTieRmRn+pgZVjvixhsBh57rUasCjaBywXk9BpNj2Foxck\nReHeoDI0RHsgniClyMrYj80y2NhoB6J8NB+cHkhdzIKplm6AH6M5xaAedtZU639a\n1nHMtpDlJhzgIYsiq1q06Aqd1w0Z9tf1RXQ1WvMDhTY4wlE5RZ2epBb6Usnlbjo2\nSqCIGIjRLmZxdsSWoiUUTlVPdUCzTNsN5G/ZVdRswhgseDmVJCIkK2Aji/XzhIrR\nh4RvUv9dhFemOVsFctJ/dQILXz5MZLUgakKf970M5R/Zggv//pqRSsYcB2UfaBpV\nLQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/garage-8.json

@@ -0,0 +1,4 @@
+{
+  "name": "garage-8",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4hXODzgHsIeWxXJm/F6\nSTFJ8JC89mWru7pOFzPWenOVMHgp4UpUB4rDTwQqojsWTDiq0x3ckUyOPw3Nj0jv\nxP4MMGS4SI0oRSJKzrYYss0hgUDTOBBd+Wxn0UiNEpN/PfQo9VZj9v/jak57cz7z\n5+rpl5v27fhgUIChjsHxdy+EamvCrYc+1JhyrLOlwlt8JxkZ8UPhoeZLWAbDgGLS\nEzHWSSVtBUPK+KYmVb2OK4lB56zPfek0U3gKN+04a1650jzOit8LzE6NaT180QDv\nX+gG6tk53vSXDmkBXsQ1mtB8aF+HaEG2Pra5HyihlweCPYdJT+e28wpq6+P5l3YR\ndQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/gitea-2.json

@@ -0,0 +1,4 @@
+{
+  "name": "gitea-2",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7MKbO2vvX7TD1cFKjITh\ntvsf6hgAQRcu7F0kiekx15aC3VLnRgsB9A6SXySVrqvhq/vOSTXZsIC62IQi4Oks\nhhtAA/uvwcOmZ7JkMi0vJ3Ary94dTsg/L8i/0/k2V/D4FRKTV4414wSkpglFGLhl\nvbZ6P17LrqfyAzNJwIDzwd9d6cvt4a0qxvuxbTOHkBuY8tpyGdNzhg6fATadxbBa\nRASEVFb+xqxG3K+8zRmaCFyYqmSPS/8liVVbLPAeUlK6pDyQ5g4T37E5o+CpWfPF\nkBgYw/hHQe6zt1Z4wNJ6mb8YIN/l9kFF3EE99laYxp9Ua7ffrZkRgw12C5Yrn3N6\noQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/her.json

@@ -0,0 +1,4 @@
+{
+  "name": "her",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuj7OCWX2qz/WbsjMgpi\nI4CM13Pxrj+8Enrl4IorkK6O338rhdtfXmOJt2AuDuj6u12Xtnk0LN2n01hffXNu\nU0Hwy+szavnbjiqC8jw1nyCFwYgdy8lCj3WV4t/gRWFhiHZGkhBKaksAoo8jJqZv\nXi/4ZuRov01HJgT6CJBEfR5TUaRCHM4hz2Y60mmegmUNLTRUNIDy6rg5W8JplMlJ\ny0dJc6uEp8asKhPnEfMz1kXukjnsBLXZmxglqdAQeaZ1I78QvRV3rYh0Ge2ZPF8t\nv2c+mUMbH7e80lJPgp7rwqjKrjLfaYo/1ZqTqr3ArWw3253ttLp8KX1ltX69nIHq\nMwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/ldap-3.json

@@ -0,0 +1,4 @@
+{
+  "name": "ldap-3",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLndVZtKubbJf2izx6vN\ntU0gwZUhcCz4Dq+Ilu9D8tPVEWUqKp9RyPkSO8iIxdLXJ8ZjtG3oBVPFGka/fW1a\n/SSf4Yn6ArkNhP9dmDKzrOYOuoPF+h+Fa9Jecy2PtNzhGdBdynIK4ezJIdq5vPEG\nAsJf/Ad9EIU8D4Aj/nhNUwfUwsFTTE++LL9yCzRiDHg6pjNToM75V/+fFPk0UL1/\neLcaJzqi5WeXhfq7DbjMtqnt/+vUxO2YAk9MDb3U15hnH4xkxtDfRth1UGkpR/PK\naLn/RTS9sqk3oMZVzDSioXO0TGp00sWDmvpBvEBwlYgWnx1o8JQnkClvn2OSo6va\nzQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/ldap-4.json

@@ -0,0 +1,4 @@
+{
+  "name": "ldap-4",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzFyZh5/J2BsKRunghis\nwUGbv4j/ynAF7QY+CYoOwDBcbLHk6odn1JyUqCgfhCIX0mh8F/fDKyU9Aw6+HHZ/\nX0DTt/enLTaWc2vxRfyJLRXP7/ymHOr4u6HYEINMdVJp4yQ9XLcWpuRHfA+fHrZ7\n9fI8sCMSEawvVpEKytYdVnm3VCjfIVrfCAkY0lP0mNG908edX2ZuJ4GS1UwADUZX\nLZuMhbGX9JqIQYWCyiMDakD7P7PlEDf/JVkvkao4HQatkqJGmGDhvfIPodIo8JC0\n6FsYxWtvrLJBArYjnVBKRuxIlBqq/7Yx0gj09kGf84aSXvkMDgio7AO4xSp9GJTJ\n4wIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/lq-1.json

@@ -0,0 +1,4 @@
+{
+  "name": "lq-1",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6mrJdvfx2pvuYIOCwDe4\nXJ4NJSEq+9oyqW/JWNDnUN/GAZLCfTOa+qu1nA8sOspWWpaikHpo2meYlzA1HCPh\nF4LX7C83dA9CXB8BDCddmkAxhPPXIeFM3AmaEwfv+dLYNuO6bWvOKcHjJdw7Mp4W\nrdg9MsIh28W9jf7KehvPWx3ZvrJm2vyiFGQNBDWGdkVq40P2lhvCISvWb+Ugpjos\nJzq/HZNFq6Fc72jWfwwGcDgwfc1/jmWJlz2J5v8xHwwhVtcWTg1AWqfcVQZ6OKtf\nwP6s/pAK4dAXqPz8OE17GPJ42r94AeWr39Cn5b8EzrVhKOeODlpihfzIaa/sfb44\n6wIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/lq-2.json

@@ -0,0 +1,4 @@
+{
+  "name": "lq-2",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyquIPPckL4Bybw4H0t6\nHexR7u97//eXBGpN+PJcp3PAUTJVWr1m7uDnpD9JAP370Cp05Tz0ydYXk/2NTpFf\nvRu20401VWTWbClIdN7n89edtER/XX90KrcKplV4bZcFN0UC2Il6SGH0uvUYzZRr\nPV2eXftDvu7Mhl1xlmeJ0S6bH95v1G2k6TrTLAOBs6gpqiCWyjrNB9AY3SpEv9Ya\nK8T0M10LAY0UwKccSp/eTZzCfbmzvNIyyRlJbzEAsHmoDPyR2/4LB1ndtbkTszmk\noHvpBJu3noKXo0SW/WqhSvwxBVV0bZUYjgH3Bx8nudNkHgL6ZH6FVQ6ED+70jWiq\ngwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/mastodon-3.json

@@ -0,0 +1,4 @@
+{
+  "name": "mastodon-3",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBsrwKV1RtDfw/5y/L2N\n/x7UL2q6G4JypcD5Q8/aDQOTaGuTR+4RCup+Zcn2wzpdGnX6IzS7cy4/LqMoR2pB\nq8K1FZOXvcCtwsBqsyGWiFdy5aLXy2CkHhTRbkwOLPyb1rBy+qPCBdr055BPZUWm\nTfJaxTmph+Z1J+INz0YndYxz3iKET2V99OP27D7tUdZ7yPgMDbDJWqVxPdYrmAUr\n3QLpmYWsYlmPKhpTAXlvbvzE5vgh5EC8RGfhfYRpacc6QdwbahtxMQAV9+1S2+Vj\nntHfB6PSnYwewUHs9MMn8e33KmNlOZdMAVlyJymBZ4pNceC44vxvZYElp077A6tN\nFwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/nodejs-4.json

@@ -0,0 +1,4 @@
+{
+  "name": "nodejs-4",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIlB6swdT/Z7tRx/Sm24\n/ro3Jotpsi0DiNS6i7BA1fH0OdbX5CRel62jGC1Nja9QCY8aBd00E8u7KPCuK3iY\n5aA7v91sxWZ7nbXdSwBawaNsTZAe4rMaEkA74INpq7TOvLzHcmDcgRbo+MC2Nw3T\nl0mCOaWkUWFaukTLN8zBldzEbYxztKsaL+b2TbevnSCaPkdD9WmDbmjrUiWTlnpE\nDidMjZ9rp+PcODyjlvwka1yJCoPFoN/+ZL4yXxo49tJ2kbrxSh4tdDZqiZwnajRb\n4SAuRCaHTASDSmZ1Dj0ET/miXuvy6Jgvt06eSMPDKvb+84Dk8zLf4CW6DaE2TfX4\nzwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/postgres-5.json

@@ -0,0 +1,4 @@
+{
+  "name": "postgres-5",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXZv6Gk+dhIVkTXH9hJ1\nt2oqsMSLmTUj71uPN+4j0rxCQriXa095Nle9ifJAxfwzQyKEpWKyZd1Hpyye6bL1\nwgWATZ/u5ZS4B63NhRFyDxgPlHWBBohaZBN42zeq0Y0PNGHPVGDH/zFDrpP22Q9Q\nYScsyXTauE/Yf8a/rKR5jdnoVsVVMxk0LHxka8FcM2cqVsDAcK7GqIG6epqNFY8P\nUb1P+mVxRwnkzvf1VtG212ezV/yw9uiQcUkHS+JwZMAgbC34k9iDyRmk6l4sj/Zk\nNem20ImMqdDzsrX8zEe21K+KNvpejPH9fxaNCwR8W+woBMMzqD3I7P9PbLjc70Rx\nRwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/postgres-6.json

@@ -0,0 +1,4 @@
+{
+  "name": "postgres-6",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVzM0fwlimmq11jTGTko\nK87LRYSar61tNF3qVWp9axNSMa6BSxVark9eYOqY4eLh/5vJVDqXDFq30/IUWg40\nH8hHWaOEvQrP2dm/XFw1RmunfbfN9gN07TuhaT3xFD5t+jFBuOSoJ4cPnFIABuVt\nFLrjgtYYjtZe5hGE9ZPmS7o2ATM5EU9mxeQ+TkgDbr8StvSPGdZ1ykhagf1pegGU\nRIfZ+4ZKzyDUAq+fYNhIbmlm5h2gP+XdtakPy43j7n0iN1vwDgBqJ2pdaVs/GcFf\nvaztoltguoknI2NPSez1N217asTTLuth0nHxVXiKCVXnqwDjxgWmuP6X2B7VYjyc\nxQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/redis-1.json

@@ -0,0 +1,4 @@
+{
+  "name": "redis-1",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7J/jWx6xCoz3ECDA9gr6\nAVVjd3MhE9LmE/bFLdQLariJjyNxJ1qLp/SN1P/H/aBS9YP6HEGkkTekRkWrHkDr\n5pliR9lmdS7c1W2pRKOaBm8r3pl98fBcFtxrkEhlULX5XMUCeGqANjDYeswaKYGb\nYF/OPsL2ZyIzUiejIVoPR9kuCWA8DNa1whgO84r2gMkBSzGu8hAhBoAlXQAoZWWj\nem3sNNwA9X+0WVGuG0X+RxdzNnZ6o28f5UZuDTCuMjJubKM4qg5uuwFtSXHoW8nU\nGl6Y7Owmqsdkh8ZCM8gA4lPu5Kh6XatqQ6Gzq0PXFyCykuXzJRwW4ZVCKC+UyhA0\nQQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/redis-2.json

@@ -0,0 +1,4 @@
+{
+  "name": "redis-2",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjHtl5iChC5+uxr9YrQu\n3x4zihlVZGk+fYlpbHg2hV880NslRb1MJYFTaKcJrYmgVAnMaKZjfA4fGsWQ3tDl\n/2JcA95U0Soj9BMwr1EUfvna587xS5DnYNCd+OkVtNwqujdoU8Use13UcpwnaN4V\n/9bslQdw2qDeVmeqx7bfTvsATIedWt9eseMR/qnsMd9Rkz/Q3xJ9NgIdQL6cC7uf\nN6H/B+Y+qV5Kv84nwrkTGPyzNOt21mfzeYOiAMGUTUoS+l38hA4ehfVxb8dWTmNa\n8QENbx6DKP5xUEyCiluzFp5jiGJu9xSDngndLVsQ7de5+KvxTjfipczmrWSjPuYB\nXQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/rs-discourse-1.json

@@ -0,0 +1,4 @@
+{
+  "name": "rs-discourse-1",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJquhCuRRN/O3rh2QShw\nYxGkEIoBImpVv8uF+VmdPLGQ3fYCO20OSr3y+yk1zGN1aQTEgD7LeCd+U2vBUPAh\nwr2uNkZotIsemkWZIMAPLb9d/2uv/GxBqku0L8JRAxGleHVO5eKsi6w1XdwO00dw\nwgEJa+mju86Vz6hzRzW+KzkdpkcfowH2+BVUV+zuzaR9/mPUiuQXZwSnR+Li4S6j\nR4x/AkRsN/43gzgiBwZz1UdAy6r6ZbUBPm4lZT/QKbURJ+x15swbFHKvR34GvdbT\n2mI15VFvLxr+h4bH5CCswcV4eThzISHGbiN3LZQVpneoWP8BjerFVqx0NfbKDu9t\nsQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/rsk-mainnet-3.json

@@ -0,0 +1,4 @@
+{
+  "name": "rsk-mainnet-3",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdrYfy0Spmt8VETCdUgW\nHbxV3uYA3kn2swvOdIjIR29gNO+t6wWv6FHnV/pfefIweIPaNlr9VMoUejUKX809\ngzdsiVWh1T6s4Yzbbt+O8mF3my5RXiSvizda8c6U65vofBSL2WVzE1AW9v7lXRHX\nJ4auKrpgKWkNLU52QLIP9/X5YLUHQtpTnplO31eb+jSD185aN1qoIxugunxnWSgm\n2NgUPlVbNCFrhv0PVv4Ts10eX6smRX3LKyNBtRRXM3GIrQHlAYRohIpy3lt8tKm4\nE/v9qpXQHvqEmX9FH1/Sonea849cWX3LuxUYLT2XFpaNwUxJK56Ef0HsgZESaxL+\n3QIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/rsk-testnet-4.json

@@ -0,0 +1,4 @@
+{
+  "name": "rsk-testnet-4",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NgmlPomxGRtu5oyro+m\ndQwBXwrhEuE73aLrUsqGOVSezph6LnETiEMFUIe1weoG+xdcykcUUMt7o1+nKs+E\nl8dxMIgbXAxdpI4n8gOpii70Sh30BDbh8+qZHsKBq32UmkCpz2ViVe/Vb3ViqB3e\n0GIkknPle5G4IC612O8EUkCenwcD1jSXYyug5zWI2T/TwnTuw4JdxfhkMgBM7Y2n\nR1YY6GwAMkK97wE/yBM74+Tiv/6lDy/JDbYmUVcQ55C937oodSWLAEM24EcOOtMA\nKfGumnthbdHzmHjONmLIegD3OJGYC2ulcB9qmaL/7cyIRhf6fEQrBolCH5881fxl\nxwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/rsk-testnet-5.json

@@ -0,0 +1,4 @@
+{
+  "name": "rsk-testnet-5",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/UHlgcSeh9Do7CTCKXC\n/4/aO2OvT+ijDVmrMYCNtE4sMeuFqKPnV1zxJZmRm4VNhkSQDkdWYD+6XvuFYW60\nyjB/N6D5lLlyjG4HD6fTkfh0K6f7t5mOYV7o4T59OoA3cBZuSROjtWmJ8jEFJ+k9\nII2kcyhPQcFN01ckzvZKRSPbVRccMoc+AKTjB3ZUfs/ERtlVoDrK4jEHluXOxUJO\nBKCcLonjJuLlpRLh7QfKrKFcR4idn5Ir43R6aSUesI/ipKwKsXnR3Bu7vXp74VF3\nMJ3EkdSBG+qJzy51fbRfQiUPAr/vSoVQZwW7FkIhIqqLkMaYCymn7qKfTGujoNU7\nlwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/sentry-1.json

@@ -0,0 +1,4 @@
+{
+  "name": "sentry-1",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZFwP58ym+92YFa0adU3\nVGEJW13NkfaHChx+akB3IioSPKyJ9eOXEI8pOmU3QyqOUKSbqth78DY84hobXlqs\n4O0A7TV029uepcj5zPN047gDsV1TJ6Dakma5eH+Pe5kP/TigCEOF0Cgo+fqtEBEJ\nT/rhSs3zHD1EfBnZdyj/7YyeDv1XLWI8dXoizDUAoBSCDeJ5d7fG56zmFYLV05Ex\nMrjJuHitEmeJXTZABKstRbEd+3Rld+gfJZ/jI4djEW2j1EKAYMT1SxoXdjKlCrpQ\nGux2RSe+Gspt1hyp/flU5gHGO+qLDNSU9tZInClToyFMVBfoW8kWg28Gm2kGkIvr\npQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/strfry-1.json

@@ -0,0 +1,4 @@
+{
+  "name": "strfry-1",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDV/RMGMXVDbvoA6PNh8\nQzhtHwYDCFcUSkbrwP6tzh6GpVunGEOdOdhj2V63T2tF1H+lujxQXh5pK7C0D6VZ\niO04ftJlo7/svyxUcwWr+znyN5sFdQRh3cBZiGSBYolizwoqgtPFlbNhmWAzV0Du\n9t8mhz70IK3B+UdwWyHtoK0NNsJGnQ9YzAvcjyDmEO/3sCjAhNnxVpmXftpcSmd9\nMonzFtIDBbRRll4AHZYRbmXCzx63+VmelvdnufnbY82liol0zzBwJaBD1wyNlG0y\ni96p3Kx03bLNlIaYVGbjZeJi+6oo2VDWJ4OloLLAYoHDSipeHT9qWfUdnE6ge4Lm\nywIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/uploads-1.json

@@ -0,0 +1,4 @@
+{
+  "name": "uploads-1",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJwWaz8TeGv3SFlKzLMx\nqN8GTL/c0N9ppBvv8xNSS/yF9Y40SbL418uxYzm9hIhOXgIygIgLT2EKIXX32t+R\neOJCdYycQFM3At2fhMkjhuUW0gmDRcYBcBJLC5hLh2EZ+A8V7k4qgrBpPLOjEv48\nhQY0vuAw2DGndWr4QLh5NLUmQiOrfuzcZSSNCBOTIgUZgNmRd9QcCHDq4WDH3poa\nosJo4a9JGEGUL1irOivvEdyJPwEd2f++nYAdWwj8pjCYgpRshQlLhxOlylMx7MxB\nQt2bgJC9sahfbfJCOqdlCU3DMJL0bRUiuxK77WeSsxWBJmrsiF3+Ljs2Ix+s7fnS\nywIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/wiki-1.json

@@ -0,0 +1,4 @@
+{
+  "name": "wiki-1",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LprIvOWrnsywbvFGXtK\nsbd6xmILw/W/dSogLi0DQBXxPsOipH8pL4K6IeZmMeU3TXaW7faf/54KrMnh+4s1\nLEXpWSATvCaw1LzihzoXELpVLNvBLHZjAAO2TJ5ay1knTlA92hqN8qZOKzRtfHBX\n49dIgJgY95UIIJqSk4425llgQY/tntEWPjSduPIyST/PKkuW+RbUj4XyKm/qrASV\nXrbDK0dZAD0kJrOEjKspUyBQjyutFy+hkv0ldiGogcpCNPDaDsJqnw+Gp0gv6w7V\n92omCx8oJuXoqL1SIB6ayHV3q1pEWC9VbDRdcSYBjbRPFITEj6Er0m6OhJjlOyyR\nfwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

cookbooks/apache2/.foodcritic

@@ -0,0 +1,4 @@
+~FC007
+~FC015
+~FC023
+~FC024

cookbooks/apache2/CHANGELOG.md

@@ -0,0 +1,491 @@
+apache2 Cookbook Changelog
+==========================
+This file is used to list changes made in each version of the apache2 cookbook.
+
+v3.3.0 (2017-04-11)
+-------------------
+
+- [GH-478] Added support for the amazon platform_family, outside of rhel
+- [GH-474] Update Berksfile to allow fetching of newer
+- [GH-473] Update copyright header format
+- [GH-472] foodcritic: add sous-chefs rules
+- add CODE_OF_CONDUCT
+- [GH-471] FCGI paths should not be messed with on RHEL/CenOS 7. CentOS 7 (and recent Fedoras) have Apache 2.4, where FCGI socket path and shared memory path is managed adequately without further involvment neccessary (subdirectory is created under /var/run/httpd).
+- [GH-470] Remove support for EOL Fedora < 18 / FreeBSD 9
+- [GH-465] Testing updates
+- [GH-469] Use the default cookbook style rules
+- [GH-460] Serverspec to InSpec migration
+- [GH-461] Update comment header format & other cookstyle fixes
+- [GH-454] Test in Travis with Chef-DK and a Rakefile
+- [GH-455] openSUSE Leap has it's own platform name
+- [GH-279] leave stubs for rhel family `conf.d` files to avoid conflicts on package upgrade; no longer remove `conf.d`, just don't use it
+- [GH-427] Add option to configure custom log level
+- [GH-450] Ensure the lock_dir is owned by www-data for Apache 2.2 and 2.4 on Debian/Ubuntu
+- Remove mod_auth_openid tests, as it is not part of the ASF release and plan to drop support for it and right now it is failing our tests
+- [GH-440] Update default values in `apache.prefork` section of README
+- [GH-443] fixed typo in copyright year
+- Test on the latest chef with chef-zero
+- Update supported platforms to Ubuntu 16.04, Debian 8.4, Centos 7.2; deprecating Ubuntu 12.04
+- [GH-422] Fix uniq for nil:NilClass error introduced in 3.2.2
+- [GH-423] allow for apache 2.4 usage on rhel < 7.0
+- Cookbook is now part of the sous-chefs, but still maintained by the same folks
+- mod_perl: No longer install libapache2-mpm-prefork
+- mod_php: renamed mod_php5 to more generic mod_php; using php 7.0 where available
+
+v3.2.2 (2016-04-13)
+-------------------
+
+- [GH-420] Allow auto-conversion if either of `apache.listen_ports` or `apache.listen_addresses` are set rather than '&&'. This ensures conversion occurs if only one of the two is set.
+
+
+v3.2.1 (2016-04-11)
+-------------------
+
+- [GH-225] notify `restart` instead of `reload` service on `apache_conf`, `apache_config`
+- Update to foodcritic 6
+
+v3.2.0 (2016-03-26)
+-------------------
+
+- [GH-378] Deprecates `apache.listen_addresses` and `apache.listen_ports` infavor of [GH-409]
+- [GH-409] `apache.listen` now accepts an array of `addr:port` strings
+- [GH-358] FreeBSD: Update 10.1 support; Adds php 5.6 in collaboration with chef-cookbooks/php#119
+- [GH-394] Have `apache.prefork.serverlimit` set ServerLimit directive on 2.4
+- [GH-363] Escape '.' in regex for .htaccess/.htpasswd files
+- [GH-365] Force log directory creation to be recursive
+- [GH-368] Change the service creation to use the `apache.service_name` attribute throughout
+- [GH-374] Make metadata.rb compatible with chef versions < 12.
+- [GH-382] Fixed typo in node['platform_family'] for NameError in `mod_proxy_html`
+- [GH-369] README: Added on Ubuntu `mod_fastcgi` requires `multiverse` apt repository to enabled.
+- [GH-381] README: Add missing backtick
+- [GH-384] README: Fix names for a2enconf and a2disconf
+- [GH-393] README: mention availability of `mod_actions` support
+- [GH-383] Debian: Add possibility to use other releases via `apache.default_release`
+- [GH-377] Restart service when including `mod_headers` to allow healing of failed service because of missing directives.
+- [GH-416] Change the default of `apache.mod_fastcgi.install_method` to 'package' all platforms, as `source` is no longer available.
+- [GH-401] Move `mod_deflate` to `apache.default_modules` and no longer force installation on `debian` families.
+- [GH-386] Do not install an extra mod_ssl package on SUSE Linux Enterprise
+- [GH-335] Do not hardcoded reload/restart on more modern rhel platforms, allowing systemd on CentOS 7
+- [GH-375] Install package `mod_ldap` on CentOS 7 (triggered by `apache.version` == 2.4)
+- Update `apache.mod_ssl.cipher_suite` to latest from https://bettercrypto.org/
+- README: Re-organize README to make it easier to find usage and remove old references.
+- Added new standard and missing modules (Note: these may not be available natively on all operating systems)
+  * [mod_http2](http://httpd.apache.org/docs/2.4/mod/mod_http2.html) - Support for the HTTP/2 transport layer. (available since 2.4.17) 
+  * [mod_authnz_fcgi](http://httpd.apache.org/docs/2.4/mod/mod_authnz_fcgi.html) - Enable FastCGI authorizer applications to authenticate and/or authorize clients.  (available since 2.4.10) 
+  * [mod_cern_meta](http://httpd.apache.org/docs/2.4/mod/mod_cern_meta.html) - CERN httpd metafile semantics
+  * [mod_ident](http://httpd.apache.org/docs/2.4/mod/mod_ident.html) - RFC 1413 ident lookups
+  * [mod_privileges](http://httpd.apache.org/docs/2.4/mod/mod_privileges.html) - Support for Solaris privileges and for running virtual hosts under different user IDs.
+  * [mod_socache_dc](http://httpd.apache.org/docs/2.4/mod/mod_socache_dc.html) - Distcache based shared object cache provider.
+  * [mod_version](http://httpd.apache.org/docs/2.4/mod/mod_version.html) - Version dependent configuration
+  * [mod_watchdog](http://httpd.apache.org/docs/2.4/mod/mod_watchdog.html) - Provides infrastructure for other modules to periodically run tasks
+
+v3.1.0 (2015-05-25)
+-------------------
+
+- [GH-315] Fix `apache.default_site_name` .conf extension references to ensure deletion
+- [GH-258] Use `apache.default_site_name` for consistency, minimize hardcoding of filenames
+- [GH-259] Add `&& sleep 1` to end of apache restart command on rhel-based systems using apache2.2
+- [GH-271] Remove FreeBSD 9.x, Red Hat and CentOS 5.x and OpenSUSE 11.x Series from tests and focus on newer releases
+- [GH-276] Add psych gem to development gems
+- [GH-293] Add `apache.mod_fastcgi.install_method` flag to allow install of mod_fastcgi from source (even on Debian family)
+- [GH-285] Made `apache.devel_package` configurable based on platform, including support for Amazon Linux.
+- [GH-316] Update Opscode references to Chef
+- [GH-318] Apply default recipe in all definitions
+- [GH-320] Add attribute to adjust `apache.default_site_port`
+- [GH-321] Fix issue with default_site name in not_if guards
+- [GH-322] Add `apache.mod_ssl.pkg_name` to allow custom mod_ssl package names. Set defaults for supported platforms including Amazon Linux
+- [GH-323] Don't create the default site configuration file in `sites-available` unless it is enabled.
+- [GH-324] Add `apache.mod_ssl.port` to set the default ssl port to something other than 443
+- [GH-328] Add the ability to pass in a pipe as to log
+- [GH-332] `SSLStrictSNIVHostCheck` is only written to config if enabled to avoid breaking apache prior to 2.2.12.
+- [GH-334] Removed `iptables`, `god-monitor`, and `logrotate` recipes to avoid having external dependencies. These services should be managed in a wrapper cookbook going forward.
+- [GH-339] Allow custom names for php so_filename (`node['apache']['mod_php5']['so_filename']`)
+
+
+v3.0.1 (2015-02-11)
+-------------------
+
+- [GH-310] Ubuntu Apache 2.2 requires the lock_dir to be owned by www-data
+- [GH-309] Clarify that apache.version is a string
+- [GH-305] Restart service after MPM changes
+- [GH-304] Don't install systemd module on Amazon Linux
+- [GH-298] Add non-threaded MPM break notice for PHP users
+- [GH-296] Create lock_dir automatically
+
+v3.0.0 (2014-11-30)
+-------------------
+Major version update because of SSL Improvements and new platform MPM and Version defaults.
+
+- [GH-286] Refactor MPM and Apache version defaults: default is now apache 2.4
+- Note: set `apache.mpm` to `prefork` if you are using `mod_php` in Ubuntu >=14.04
+- [GH-281] mod_ssl: Disable SSLv3 by default to protect against POODLE attack (CVE-2014-3566)
+- [GH-280] mod_ssl: Major update with modern Cipher Suite, and best practices.
+  Updated to a more modern default `apache.mod_ssl.cipher_suite`.
+  Added the following additional mod_ssl attributes
+  * `apache.mod_ssl.honor_cipher_order`
+  * `apache.mod_ssl.insecure_renegotiation`
+  * `apache.mod_ssl.strict_sni_vhost_check`
+  * `apache.mod_ssl.session_cache_timeout`
+  * `apache.mod_ssl.compression`
+  * `apache.mod_ssl.use_stapling`
+  * `apache.mod_ssl.stapling_responder_timeout`
+  * `apache.mod_ssl.stapling_return_responder_errors`
+  * `apache.mod_ssl.stapling_cache`
+  * `apache.mod_ssl.pass_phrase_dialog`
+  * `apache.mod_ssl.mutex`
+  * `apache.mod_ssl.directives`
+- [GH-278] Improved chefspec tests execution time
+- [GH-277] Optimize files watching for Guard on Win32 platform
+- [GH-270] Don't attempt start until after configuration is written
+- [GH-268] Now uses chefspec 4.1
+- [GH-267] Use Supermarket as the Berkshelf 3 source
+- [GH-266] Rubocop based ruby style/syntax improvements
+- [GH-264] mod_ssl: Add new attribute for to be ready to any custom directive
+- [GH-249] Don't prepend Apache log path when requesting error logging to syslog
+- [GH-247] Explicitly include mod_ldap before mod_authnz_ldap
+- [GH-243] Expand mpm options for different distros/versions.
+- [GH-239] Added `apache.mod_php5.install_method` attribute defaults to `package`. Install packages unless PHP is compiled from source.
+- OneHealth Solutions was acquired by Viverae
+- Remove ArchLinux pacman as a dependency and handle similar to apt, yum, zypper
+- Adjust ubuntu apache 2.4 docroot_dir to match package (from /var/www to /var/www/html)
+- [GH-238] Bump service config syntax check guard timeout to 10 seconds
+- [GH-235] Removed `apache2::mpm_itk` which is not part of core and therefore should be its own cookbook
+- [GH-234] /var/run/httpd/mod_fcgid directory now belongs to apache on Fedora/RHEL systems.
+- [GH-233] Default web_app template should return 503 status code when maintenance file is present
+- [GH-232] Cookbook now deletes a2* if they are symlinks before dropping template versions
+- [GH-222] Set TraceEnable to off by default.
+- [GH-213] Adjust chefspec to use the package resource on FreeBSD (previously freebsd_package)
+- [GH-212] New attribute apache.locale which sets LANG. defaults to 'C'
+- [GH-210] Clarify web_app definition usage around configuration templates.
+- [GH-208] `apache_conf` now accepts `source` and `cookbook` parameters.
+
+v2.0.0 (2014-08-06)
+--------------------
+Major version update because of major overhaul to support Apache 2.4 and a2enconf and a2endisconf changes.
+
+- [GH-204] mod_auth_openid: Added `apache.mod_auth_openid.version` attribute
+- FreeBSD support has been improved with the release of chef 11.14.2, portsnap is no longer used in favor of pkgng.
+- [GH-157] - Apache will only be started when a configuration test passes, this allows the chef run to fix any broken configuration without failing the chef run.
+- `apache.log_dir` directory is now 0755 on all platforms (including the debian platform family)
+- [GH-166, GH-173] - `conf.d` is no longer used and replaced by `conf-available` and `conf-enabled` managed via the `a2enconf` and `a2disconf` scripts
+- [GH-166, GH-173] - All configuration files need to end in `.conf` for them to be loaded
+- [GH-173] - Perl is a required package on all platforms to support the a2* scripts as we now use the debian versions directly.
+- [GH-193] - per MPM settings: `maxclients` is now `maxrequestworkers`
+- [GH-194] - per MPM settings: `maxrequestsperchild` is now `maxconnectionsperchild`
+- [GH-161] - Added support for CentOS 7
+- [GH-180] - Improved SuSE support
+- [GH-100] - Apache HTTP 2.4 support
+  This provides Apache 2.4 support in a backwards compatible way.
+  It adds the following new attributes:
+  - `apache.version` - This defaults to `2.2` and if changed to `2.4`; it triggers and assumes 2.4 packages will be installed.
+  - `apache.mpm` -  In 2.4 mode, this specifies which mpm to install. Default is `prefork`.
+  - `apache.run_dir`
+  - `apache.lock_dir`
+  - `apache.libexec_dir` replaces `apache.libexecdir`
+  - `apache.prefork.maxrequestworkers` replaces `apache.prefork.maxclients`
+  - `apache.prefork.maxconnectionsperchild` replaces `apache.prefork.maxrequestsperchild`
+  - `apache.worker.threadlimit`
+  - `apache.worker.maxrequestworkers` replaces `apache.worker.maxclients`
+  - `apache.worker.maxconnectionsperchild `replaces `apache.worker.maxrequestsperchild`
+  - `apache.event.startservers`
+  - `apache.event.serverlimit`
+  - `apache.event.minsparethreads`
+  - `apache.event.maxsparethreads`
+  - `apache.event.threadlimit`
+  - `apache.event.threadsperchild`
+  - `apache.event.maxrequestworkers`
+  - `apache.event.maxconnectionsperchild`
+  - `apache.itk.startservers`
+  - `apache.itk.minspareservers`
+  - `apache.itk.maxspareservers`
+  - `apache.itk.maxrequestworkers`
+  - `apache.itk.maxconnectionsperchild`
+
+  Apache 2.4 Upgrade Notes:
+
+  Since the changes between apache 2.2 and apache 2.4 are pretty significant, we are unable to account for all changes needed for your upgrade.  Please take a moment to familiarize yourself with the Apache Software Foundation provided upgrade documentation before attempting to use this cookbook with apache 2.4. See http://httpd.apache.org/docs/current/upgrading.html
+
+  - This cookbook does not automatically specify which version of apache to install. We are at the mercy of the `package` provider. It is important, however, to make sure that you configure the `apache.version` attribute to match. For your convenience, we try to set reasonable defaults based on different platforms in our test suite.
+  - `mod_proxy` -   In 2.4 mode, `apache.proxy.order`, `apache.proxy.deny_from`, `apache.proxy.allow_from` are ignored, as the attributes can not be supported in a backwards compatible way. Please use `apache.proxy.require` instead.
+
+v1.11.0 (2014-07-25)
+--------------------
+- [GH-152] - Checking if server_aliases is defined in example
+- [GH-106] - Only turn rewrite on once in web_app.conf.erb
+- [GH-156] - Correct mod_basic/digest recipe names in README
+- Recipe iptables now includes the iptables::default recipe
+- Upgrade test-kitchen to latest version
+- Replaced minitest integration tests with serverspec tests
+- Added chefspec tests
+
+
+v1.10.4 (2014-04-23)
+--------------------
+- [COOK-4249] mod_proxy_http requires mod_proxy
+
+
+v1.10.2 (2014-04-09)
+--------------------
+- [COOK-4490] - Fix minitest `apache_configured_ports` helper
+- [COOK-4491] - Fix minitest: escape regex interpolation
+- [COOK-4492] - Fix service[apache2] CHEF-3694 duplication
+- [COOK-4493] - Fix template[ports.conf] CHEF-3694 duplication
+
+As of 2014-04-04 and per [Community Cookbook Diversification](https://wiki.chef.io/display/chef/Community+Cookbook+Diversification) this cookbook now maintained by OneHealth Solutions. Please be patient as we get into the swing of things.
+
+v1.10.0 (2014-03-28)
+--------------------
+- [COOK-3990] - Fix minitest failures on EL5
+- [COOK-4416] - Support the ability to point to local apache configs
+- [COOK-4469] - Use reload instead of restart on RHEL
+
+
+v1.9.6 (2014-02-28)
+-------------------
+[COOK-4391] - uncommenting the PIDFILE line
+
+
+v1.9.4 (2014-02-27)
+-------------------
+Bumping version for toolchain
+
+
+v1.9.1 (2014-02-27)
+-------------------
+[COOK-4348] Allow arbitrary params in sysconfig
+
+
+v1.9.0 (2014-02-21)
+-------------------
+### Improvement
+- **[COOK-4076](https://tickets.chef.io/browse/COOK-4076)** - foodcritic: dependencies are not defined properly
+- **[COOK-2572](https://tickets.chef.io/browse/COOK-2572)** - Add mod_pagespeed recipe to apache2
+
+### Bug
+- **[COOK-4043](https://tickets.chef.io/browse/COOK-4043)** - apache2 cookbook does not depend on 'iptables'
+- **[COOK-3919](https://tickets.chef.io/browse/COOK-3919)** - Move the default pidfile for apache2 on Ubuntu 13.10 or greater
+- **[COOK-3863](https://tickets.chef.io/browse/COOK-3863)** - Add recipe for mod_jk
+- **[COOK-3804](https://tickets.chef.io/browse/COOK-3804)** - Fix incorrect datatype for apache/default_modules, use recipes option in metadata
+- **[COOK-3800](https://tickets.chef.io/browse/COOK-3800)** - Cannot load modules that use non-standard module identifiers
+- **[COOK-1689](https://tickets.chef.io/browse/COOK-1689)** - The perl package name should be configurable
+
+
+v1.8.14
+-------
+Version bump for toolchain sanity
+
+
+v1.8.12
+-------
+Fixing various style issues for travis
+
+
+v1.8.10
+-------
+fixing metadata version error. locking to 3.0"
+
+
+v1.8.8
+------
+Version bump for toolchain sanity
+
+
+v1.8.6
+------
+Locking yum dependency to '< 3'
+
+
+v1.8.4
+------
+### Bug
+- **[COOK-3769](https://tickets.chef.io/browse/COOK-3769)** - Fix a critical bug where the `apache_module` could not enable modules
+
+
+v1.8.2
+------
+### Bug
+- **[COOK-3766](https://tickets.chef.io/browse/COOK-3766)** - Fix an issue where the `mod_ssl` recipe fails due to a missing attribute
+
+
+v1.8.0
+------
+### Bug
+- **[COOK-3680](https://tickets.chef.io/browse/COOK-3680)** - Update template paths
+- **[COOK-3570](https://tickets.chef.io/browse/COOK-3570)** - Apache cookbook breaks on RHEL / CentOS 6
+- **[COOK-2944](https://tickets.chef.io/browse/COOK-2944)** - Fix foodcritic failures
+- **[COOK-2893](https://tickets.chef.io/browse/COOK-2893)** - Improve mod_auth_openid recipe with guards and idempotency
+- **[COOK-2758](https://tickets.chef.io/browse/COOK-2758)** - Fix use of non-existent attribute
+
+### New Feature
+- **[COOK-3665](https://tickets.chef.io/browse/COOK-3665)** - Add recipe for mod_userdir
+- **[COOK-3646](https://tickets.chef.io/browse/COOK-3646)** - Add recipe for mod_cloudflare
+- **[COOK-3213](https://tickets.chef.io/browse/COOK-3213)** - Add recipe for mod_info
+
+### Improvement
+- **[COOK-3656](https://tickets.chef.io/browse/COOK-3656)** - Parameterize apache2 binary
+- **[COOK-3562](https://tickets.chef.io/browse/COOK-3562)** - Allow mod_proxy settings to be configured as attributes
+- **[COOK-3326](https://tickets.chef.io/browse/COOK-3326)** - Fix default_test to use ServerTokens attribute
+- **[COOK-2635](https://tickets.chef.io/browse/COOK-2635)** - Add support for SVG mime types
+- **[COOK-2598](https://tickets.chef.io/browse/COOK-2598)** - FastCGI Module only works on Debian-based platforms
+- **[COOK-1984](https://tickets.chef.io/browse/COOK-1984)** - Add option to configure the address apache listens to
+
+
+v1.7.0
+------
+### Improvement
+
+- [COOK-3073]: make access.log location configurable per-platform
+- [COOK-3074]: don't hardcode the error.log location in the default site config
+- [COOK-3268]: don't hardcode DocumentRoot and cgi-bin locations in `default_site`
+
+### New Feature
+
+- [COOK-3184]: Add `mod_filter` recipe to Apache2-cookbook
+- [COOK-3236]: Add `mod_action` recipe to Apache2-cookbook
+
+v1.6.6
+------
+1.6.4 had a missed step in the automated release, long live 1.6.6.
+
+### Bug
+
+- [COOK-3018]: apache2_module does duplicate delayed restart of apache2 service when conf = true
+- [COOK-3027]: Default site enable true, then false, does not disable default site
+- [COOK-3109]: fix apache lib_dir arch attribute regexp
+
+v1.6.2
+------
+- [COOK-2535] - `mod_auth_openid` requires libtool to run autogen.sh
+- [COOK-2667] - Typo in usage documentation
+- [COOK-2461] - `apache2::mod_auth_openid` fails on some ubuntu systems
+- [COOK-2720] - Apache2 minitest helper function `ran_recipe` is not portable
+
+v1.6.0
+------
+- [COOK-2372] - apache2 mpm_worker: add ServerLimit attribute (default to 16)
+
+v1.5.0
+------
+The `mod_auth_openid` attributes are changed. The upstream maintainer deprecated the older release versions, and the source repository has releases available at specific SHA1SUM references. The new attribute, `node['apache']['mod_auth_openid']['ref']` is used to set this.
+
+- [COOK-2198] - `apache::mod_auth_openid` compiles from source, but does not install make on debian/ubuntu
+- [COOK-2224] - version conflict between cucumber and other gems
+- [COOK-2248] - `apache2::mod_php5` uses `not_if` "which php" without ensuring package 'which' is installed
+- [COOK-2269] - Set allow list for mod_status incase external monitor scripts need
+- [COOK-2276] - cookbook apache2 documentation regarding listening ports doesn't match default attributes
+- [COOK-2296] - `mod_auth_openid` doesn't have tags/releases for the version I need for features and fixes
+- [COOK-2323] - Add Oracle linux support
+
+v1.4.2
+------
+- [COOK-1721] - fix logrotate recipe
+
+v1.4.0
+------
+- [COOK-1456] - iptables enhancements
+- [COOK-1473] - apache2 does not disable default site when setting "`default_site_enabled`" back to false
+- [COOK-1824] - the apache2 cookbook needs to specify which binary is used on rhel platform
+- [COOK-1916] - Download location wrong for apache2 `mod_auth_openid` >= 0.7
+- [COOK-1917] - Improve `mod_auth_openid` recipe to handle module upgrade more gracefully
+- [COOK-2029] - apache2 restarts on every run on RHEL and friends, generate-module-list on every run.
+- [COOK-2036] - apache2: Cookbook style
+
+v1.3.2
+------
+- [COOK-1804] - fix `web_app` definition parameter so site can be disabled.
+
+v1.3.0
+------
+- [COOK-1738] - Better configuration for `mod_include` and some overrides in `web_app` definition
+- [COOK-1470] - Change SSL Ciphers to Mitigate BEAST attack
+
+v1.2.0
+------
+- [COOK-692] - delete package conf.d files in module recipes, for EL
+- [COOK-1693] - Foodcritic finding for unnecessary string interpolation
+- [COOK-1757] - platform_family and better style / usage practices
+
+v1.1.16
+-------
+re-releasing as .16 due to error on tag 1.1.14
+
+- [COOK-1466] - add `mod_auth_cas` recipe
+- [COOK-1609] - apache2 changes ports.conf twice per run when using apache2::mod_ssl
+
+v1.1.12
+-------
+- [COOK-1436] - restore apache2 web_app definition
+- [COOK-1356] - allow ExtendedStatus via attribute
+- [COOK-1403] - add mod_fastcgi recipe
+
+v1.1.10
+-------
+- [COOK-1315] - allow the default site to not be enabled
+- [COOK-1328] - cookbook tests (minitest, cucumber)
+
+v1.1.8
+------
+- Some platforms with minimal installations that don't have perl won't have a `node['languages']['perl']` attribute, so remove the conditional and rely on the power of idempotence in the package resource.
+- [COOK-1214] - address foodcritic warnings
+- [COOK-1180] - add `mod_logio` and fix `mod_proxy`
+
+v1.1.6
+------
+FreeBSD users: This release requires the `freebsd` cookbook. See README.md.
+
+- [COOK-1025] - freebsd support in mod_php5 recipe
+
+v1.1.4
+------
+- [COOK-1100] - support amazon linux
+
+v1.1.2
+------
+- [COOK-996] - apache2::mod_php5 can cause PHP and module API mismatches
+- [COOK-1083] - return string for v_f_p and use correct value for default
+
+v1.1.0
+------
+- [COOK-861] - Add `mod_perl` and apreq2
+- [COOK-941] - fix `mod_auth_openid` on FreeBSD
+- [COOK-1021] - add a commented-out LoadModule directive to keep apxs happy
+- [COOK-1022] - consistency for icondir attribute
+- [COOK-1023] - fix platform test for attributes
+- [COOK-1024] - fix a2enmod script so it runs cleanly on !bash
+- [COOK-1026] - fix `error_log` location on FreeBSD
+
+v1.0.8
+------
+- COOK-548 - directory resource doesn't have backup parameter
+
+v1.0.6
+------
+- COOK-915 - update to `mod_auth_openid` version 0.6, see __Recipes/mod_auth_openid__ below.
+- COOK-548 - Add support for FreeBSD.
+
+v1.0.4
+------
+- COOK-859 - don't hardcode module paths
+
+v1.0.2
+------
+- Tickets resolved in this release: COOK-788, COOK-782, COOK-780
+
+v1.0.0
+------
+- Red Hat family support is greatly improved, all recipes except `god_monitor` converge.
+- Recipe `mod_auth_openid` now works on RHEL family distros
+- Recipe `mod_php5` will now remove config from package on RHEL family so it doesn't conflict with the cookbook's.
+- Added `php5.conf.erb` template for `mod_php5` recipe.
+- Create the run state directory for `mod_fcgid` to prevent a startup error on RHEL version 6.
+- New attribute `node['apache']['lib_dir']` to handle lib vs lib64 on RHEL family distributions.
+- New attribute `node['apache']['group']`.
+- Scientific Linux support added.
+- Use a file resource instead of the generate-module-list executed perl script on RHEL family.
+- "default" site can now be disabled.
+- web_app now has an "enable" parameter.
+- Support for dav_fs apache module.
+- Tickets resolved in this release: COOK-754, COOK-753, COOK-665, COOK-624, COOK-579, COOK-519, COOK-518
+- Fix node references in template for a2dissite
+- Use proper user and group attributes on files and templates.
+- Replace the anemic README.rdoc with this new and improved superpowered README.md :).

cookbooks/apache2/CONTRIBUTING.md

@@ -0,0 +1,105 @@
+# Contributing to the apache2 cookbook
+
+We are glad you want to contribute to the apache2 cookbook! The first
+step is the desire to improve the project.
+
+## Quick-contribute
+
+* Create an issue on the github [issue tracker](https://github.com/sous-chefs/apache2/issues)
+* Link to your patch as a rebased git branch or pull request from the ticket
+
+We regularly review contributions and will get back to you if we have
+any suggestions or concerns.
+
+### Branches and Commits
+
+You should submit your patch as a git branch named after the change.
+
+It is a best practice to have your commit message have a _summary
+line_, followed by an empty line and then a brief description of 
+the commit. This also helps other contributors understand the 
+purpose of changes to the code.
+
+Remember that not all users use Chef in the same way or on the same
+operating systems as you, so it is helpful to be clear about your use
+case and change so they can understand it even when it doesn't apply
+to them.
+
+### Github and Pull Requests
+
+We don't require you to use Github, and we will even take patch diffs
+attached to tickets on the issue tracker. However Github has a lot of
+convenient features, such as being able to see a diff of changes
+between a pull request and the main repository quickly without
+downloading the branch.
+
+## Functional and Unit Tests
+
+This cookbook is set up to run tests under
+[Test Kitchen](http://kitchen.ci/). It uses serverspec to run
+integration tests after the node has been converged to verify that
+the state of the node.
+
+Test kitchen should run completely without exception using the default
+[baseboxes provided by Chef](http://chef.github.io/bento/).
+Because Test Kitchen creates VirtualBox machines and runs through
+every configuration in the .kitchen.yml file, it may take some time for
+these tests to complete.
+
+If your changes are only for a specific recipe, run only its
+configuration with Test Kitchen. If you are adding a new recipe, or
+other functionality such as a LWRP or definition, please add
+appropriate tests and ensure they run with Test Kitchen.
+
+If any don't pass, investigate them before submitting your patch.
+
+Any new feature should have unit tests included with the patch with
+good code coverage to help protect it from future changes. Similarly,
+patches that fix a bug or regression should have a _regression test_.
+Simply put, this is a test that would fail without your patch but
+passes with it. The goal is to ensure this bug doesn't regress in the
+future. Consider a regular expression that doesn't match a certain
+pattern that it should, so you provide a patch and a test to ensure
+that the part of the code that uses this regular expression works as
+expected. Later another contributor may modify this regular expression
+in a way that breaks your use cases. The test you wrote will fail,
+signalling to them to research your ticket and use case and accounting
+for it.
+
+If you need help writing tests, please ask on the Chef Developer's
+mailing list, or https://community-slack.chef.io/
+
+## Cookbook Contribution Do's and Don't's
+
+Please do include tests for your contribution. If you need help, ask
+on the
+[chef-dev mailing list](http://lists.chef.io/sympa/info/chef-dev)
+or the https://community-slack.chef.io/
+
+Not all platforms that a cookbook supports may be supported by Test
+Kitchen. Please provide evidence of testing your contribution if it
+isn't trivial so we don't have to duplicate effort in testing. Chef
+10.14+ "doc" formatted output is sufficient.
+
+Please do indicate new platform (families) or platform versions in the
+commit message, and update the relevant ticket.  If a contribution adds 
+new platforms or platform versions, indicate such in the body of the commit message(s).
+
+Please do use [foodcritic](http://www.foodcritic.io/) to
+lint-check the cookbook. Except FC007, it should pass all correctness
+rules. FC007 is okay as long as the dependent cookbooks are *required*
+for the default behavior of the cookbook, such as to support an
+uncommon platform, secondary recipe, etc.
+
+Please do ensure that your changes do not break or modify behavior for
+other platforms supported by the cookbook. For example if your changes
+are for Debian, make sure that they do not break on CentOS.
+
+Please do not modify the version number in the metadata.rb, the maintainer
+will select the appropriate version based on the release cycle
+information above.
+
+Please do not update the CHANGELOG.md for a new version. Not all
+changes to a cookbook may be merged and released in the same versions.
+We will update the CHANGELOG.md when releasing a new version of
+the cookbook.

cookbooks/apache2/README.md

@@ -0,0 +1,693 @@
+apache2 Cookbook
+================
+[![Cookbook Version](https://img.shields.io/cookbook/v/apache2.svg?style=flat)](https://supermarket.chef.io/cookbooks/apache2)
+[![Build Status](https://travis-ci.org/sous-chefs/apache2.svg?branch=master)](https://travis-ci.org/sous-chefs/apache2)
+[![Dependency Status](http://img.shields.io/gemnasium/sous-chefs/apache2.svg?style=flat)](https://gemnasium.com/sous-chefs/apache2)
+[![License](https://img.shields.io/badge/license-Apache_2-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)
+
+This cookbook provides a complete Debian/Ubuntu style Apache HTTPD
+configuration. Non-Debian based distributions such as Red Hat/CentOS,
+ArchLinux and others supported by this cookbook will have a
+configuration that mimics Debian/Ubuntu style as it is easier to
+manage with Chef.
+
+Debian-style Apache configuration uses scripts to manage modules and
+sites (vhosts). The scripts are:
+
+* a2ensite
+* a2dissite
+* a2enmod
+* a2dismod
+* a2enconf
+* a2disconf
+
+This cookbook ships with templates of these scripts for non
+Debian/Ubuntu platforms. The scripts are used in the __Definitions__
+below.
+
+## Cookbooks:
+
+This cookbook has no direct external dependencies.
+
+Depending on your OS configuration and security policy, you may need
+additional recipes or cookbooks for this cookbook's recipes to
+converge on the node. In particular, the following Operating System
+settings may affect the behavior of this cookbook:
+
+* apt cache outdated
+* SELinux enabled
+* firewalls (such as iptables, ufw, etc.)
+* Compile tools
+* 3rd party repositories
+
+On Ubuntu/Debian, use [apt](https://supermarket.chef.io/cookbooks/apt) cookbook to ensure the package
+cache is updated so Chef can install packages, or consider putting
+apt-get in your bootstrap process or
+[knife bootstrap template](http://docs.chef.io/knife_bootstrap.html)
+
+On RHEL, SELinux is enabled by default. The [selinux](https://supermarket.chef.io/cookbooks/selinux) cookbook
+contains a `permissive` recipe that can be used to set SELinux to
+"Permissive" state. Otherwise, additional recipes need to be created
+by the user to address SELinux permissions.
+
+
+To deal with firewalls  Chef Software does provide an [iptables](https://supermarket.chef.io/cookbooks/iptables) and [ufw](https://supermarket.chef.io/cookbooks/ufw) cookbook but is migrating from the approach used there to a more robust solution
+utilizing the general [firewall](https://supermarket.chef.io/cookbooks/firewall) cookbook to setup rules.
+See those cookbooks' READMEs for documentation.
+
+Build/compile tools may not be installed on the system by default.
+Some recipes (e.g., `apache2::mod_auth_openid`) build the module from
+source. Use the [build-essential](https://supermarket.chef.io/cookbooks/build-essential) cookbook to get essential
+build packages installed.
+
+On ArchLinux, if you are using the `apache2::mod_auth_openid` recipe,
+you also need the [pacman](https://supermarket.chef.io/cookbooks/pacman) cookbook for the `pacman_aur` LWRP. Put
+`recipe[pacman]` on the node's expanded run list (on the node or in a
+role). This is not an explicit dependency because it is only required
+for this single recipe and platform; the pacman default recipe
+performs `pacman -Sy` to keep pacman's package cache updated.
+
+## Platforms:
+
+The following platforms and versions are tested and supported using
+[test-kitchen](http://kitchen.ci/)
+
+* Ubuntu 14.04
+* Ubuntu 16.04
+* Debian 8.6
+* CentOS 7.3
+* Fedora 25
+
+The following platform families are supported in the code, and are
+assumed to work based on the successful testing on Ubuntu and CentOS.
+
+* Red Hat (rhel)
+
+The following platforms are also supported in the code, have been
+tested manually but are not regularly tested under test-kitchen.
+
+* Amazon Linux
+* SUSE/OpenSUSE
+* ArchLinux
+* FreeBSD
+
+### Notes for RHEL Family:
+
+On Red Hat Enterprise Linux and derivatives, the EPEL repository may
+be necessary to install packages used in certain recipes. The
+`apache2::default` recipe, however, does not require any additional
+repositories. The [yum-epel](https://supermarket.chef.io/cookbooks/yum-epel) cookbook can be used to add the
+EPEL repository. See __Examples__ for more information.
+
+Usage
+=====
+
+Using this cookbook is relatively straightforward. It is recommended to create
+a project or organization specific [wrapper cookbook](https://www.chef.io/blog/2013/12/03/doing-wrapper-cookbooks-right/)
+and add the desired recipes to the run list of a node, or create a role. Depending on your
+environment, you may have multiple roles that use different recipes
+from this cookbook. Adjust any attributes as desired. For example, to
+create a basic role for web servers that provide both HTTP and HTTPS:
+
+```ruby
+    % cat  roles/webserver.rb
+    name "webserver"
+    description "Systems that serve HTTP and HTTPS"
+    run_list(
+      "recipe[apache2]",
+      "recipe[apache2::mod_ssl]"
+    )
+    default_attributes(
+      "apache" => {
+        "listen" => ["*:80", "*:443"]
+      }
+    )
+```
+
+For examples of using the definitions in your own recipes, see their
+respective sections below.
+
+
+Attributes
+==========
+
+This cookbook uses many attributes, broken up into a few different
+kinds.
+
+Platform specific
+-----------------
+
+In order to support the broadest number of platforms, several
+attributes are determined based on the node's platform. See the
+attributes/default.rb file for default values in the case statement at
+the top of the file.
+
+* `node['apache']['package']` - Package name for Apache2
+* `node['apache']['perl_pkg']` - Package name for Perl
+* `node['apache']['dir']` - Location for the Apache configuration
+* `node['apache']['log_dir']` - Location for Apache logs
+* `node['apache']['error_log']` - Location for the default error log
+* `node['apache']['access_log']` - Location for the default access log
+* `node['apache']['user']` - User Apache runs as
+* `node['apache']['group']` - Group Apache runs as
+* `node['apache']['binary']` - Apache httpd server daemon
+* `node['apache']['conf_dir']` - Location for the main config file (e.g apache2.conf or httpd.conf)
+* `node['apache']['docroot_dir']` - Location for docroot
+* `node['apache']['cgibin_dir']` - Location for cgi-bin
+* `node['apache']['icondir']` - Location for icons
+* `node['apache']['cache_dir']` - Location for cached files used by Apache itself or recipes
+* `node['apache']['pid_file']` - Location of the PID file for Apache httpd
+* `node['apache']['lib_dir']` - Location for shared libraries
+* `node['apache']['default_site_enabled']` - Default site enabled. Default is false.
+* `node['apache']['ext_status']` - if true, enables ExtendedStatus for `mod_status`
+* `node['apache']['locale']` - Locale to set in sysconfig or envvars and used for subprocesses and modules (like mod_dav and mod_wsgi). On debian systems Uses system-local if set to 'system', defaults to 'C'.
+
+General settings
+----------------
+
+These are general settings used in recipes and templates. Default
+values are noted.
+
+* `node['apache']['version']` - Specifing 2.4 triggers apache 2.4 support. If the platform is known during our test to install 2.4 by default, it will be set to 2.4 for you. Otherwise it falls back to 2.2. This value should be specified as a string.
+* `node['apache']['listen']` - Array of address:port combinations that httpd should listen on. Default is any address and port 80 (`["*:80"]`).
+* `node['apache']['contact']` - Value for ServerAdmin directive. Default "ops@example.com".
+* `node['apache']['timeout']` - Value for the Timeout directive. Default is 300.
+* `node['apache']['keepalive']` - Value for the KeepAlive directive. Default is On.
+* `node['apache']['keepaliverequests']` - Value for MaxKeepAliveRequests. Default is 100.
+* `node['apache']['keepalivetimeout']` - Value for the KeepAliveTimeout directive. Default is 5.
+* `node['apache']['sysconfig_additional_params']` - Additionals variables set in sysconfig file. Default is empty.
+* `node['apache']['log_level']` - Value for LogLevel directive. Default is 'warn'.
+* `node['apache']['default_modules']` - Array of module names. Can take "mod_FOO" or "FOO" as names, where FOO is the apache module, e.g. "`mod_status`" or "`status`".
+* `node['apache']['mpm']` - With apache.version 2.4, specifies what Multi-Processing Module to enable. Defaults to platform default, otherwise it is "prefork"
+
+The modules listed in `default_modules` will be included as recipes in `recipe[apache::default]`.
+
+Prefork attributes
+------------------
+
+Prefork attributes are used for tuning the Apache HTTPD [prefork MPM](http://httpd.apache.org/docs/current/mod/prefork.html) configuration.
+
+* `node['apache']['prefork']['startservers']` - initial number of server processes to start. Default is 16.
+* `node['apache']['prefork']['minspareservers']` - minimum number of spare server processes. Default 16.
+* `node['apache']['prefork']['maxspareservers']` - maximum number of spare server processes. Default 32.
+* `node['apache']['prefork']['serverlimit']` - upper limit on configurable server processes. Default 256.
+* `node['apache']['prefork']['maxrequestworkers']` - Maximum number of connections that will be processed simultaneously. Default 256.
+* `node['apache']['prefork']['maxconnectionsperchild']` - Maximum number of request a child process will handle. Default 10000.
+
+Worker attributes
+-----------------
+
+Worker attributes are used for tuning the Apache HTTPD [worker MPM](http://httpd.apache.org/docs/current/mod/worker.html)
+configuration.
+
+* `node['apache']['worker']['startservers']` - Initial number of server processes to start. Default 4
+* `node['apache']['worker']['serverlimit']` - Upper limit on configurable server processes. Default 16.
+* `node['apache']['worker']['minsparethreads']` - Minimum number of spare worker threads. Default 64
+* `node['apache']['worker']['maxsparethreads']` - Maximum number of spare worker threads. Default 192.
+* `node['apache']['worker']['maxrequestworkers']` - Maximum number of simultaneous connections. Default 1024.
+* `node['apache']['worker']['maxconnectionsperchild']`  - Limit on the number of connections that an individual child server will handle during its life.
+
+Event attributes
+----------------
+
+Event attributes are used for tuning the Apache HTTPD [event MPM](http://httpd.apache.org/docs/current/mod/event.html)
+configuration.
+
+* `node['apache']['event']['startservers']` - Initial number of child server processes created at startup. Default 4.
+* `node['apache']['event']['serverlimit']` - Upper limit on configurable number of processes. Default 16.
+* `node['apache']['event']['minsparethreads']` - Minimum number of spare worker threads. Default 64
+* `node['apache']['event']['maxsparethreads']` - Maximum number of spare worker threads. Default 192.
+* `node['apache']['event']['threadlimit']` - Upper limit on the configurable number of threads per child process. Default 192.
+* `node['apache']['event']['threadsperchild']` - Number of threads created by each child process. Default 64.
+* `node['apache']['event']['maxrequestworkers']` - Maximum number of connections that will be processed simultaneously.
+* `node['apache']['event']['maxconnectionsperchild']`  - Limit on the number of connections that an individual child server will handle during its life.
+
+Other/Unsupported MPM
+---------------------
+
+To use the cookbook with an unsupported mpm (other than prefork, event or worker):
+
+* set `node['apache']['mpm']` to the name of the module (e.g. `itk`)
+* in your cookbook, after `include_recipe 'apache2'` use the `apache_module` definition to enable/disable the required module(s)
+
+Module specific attributes
+--------------------------
+
+Some module recipes have their own attributes that can be used to alter and modify the behavior of this cookbook. Please see the sections for the indivual modules below for more information on those attributes.
+
+
+
+Recipes
+=======
+
+Most of the recipes in the cookbook are for enabling Apache modules.
+Where additional configuration or behavior is used, it is documented
+below in more detail.
+
+The following recipes merely enable the specified module: `mod_actions`, `mod_alias`,
+`mod_auth_basic`, `mod_auth_digest`, `mod_authn_file`, `mod_authnz_ldap`,
+`mod_authz_default`, `mod_authz_groupfile`, `mod_authz_host`,
+`mod_authz_user`, `mod_autoindex`, `mod_cgi`, `mod_dav_fs`,
+`mod_dav_svn`, `mod_deflate`, `mod_dir`, `mod_env`, `mod_expires`,
+`mod_headers`, `mod_ldap`, `mod_log_config`, `mod_mime`,
+`mod_negotiation`, `mod_proxy`, `mod_proxy_ajp`, `mod_proxy_balancer`,
+`mod_proxy_connect`, `mod_proxy_http`, `mod_python`, `mod_rewrite`,
+`mod_setenvif`, `mod_status`, `mod_wsgi`, `mod_xsendfile`.
+
+On RHEL Family distributions, certain modules ship with a config file
+with the package. The recipes here may delete those configuration
+files to ensure they don't conflict with the settings from the
+cookbook, which will use per-module configuration in
+`/etc/httpd/mods-enabled`.
+
+default
+-------
+
+The default recipe does a number of things to set up Apache HTTPd. It
+also includes a number of modules based on the attribute
+`node['apache']['default_modules']` as recipes.
+
+mod\_auth\_cas
+--------------
+
+This recipe installs the proper package and enables the `auth_cas`
+module. It can install from source or package. Package is the default,
+set the attribute `node['apache']['mod_auth_cas']['from_source']` to
+true to enable source installation. Modify the version to install by
+changing the attribute
+`node['apache']['mod_auth_cas']['source_revision']`. It is a version
+tag by default, but could be master, or another tag, or branch.
+
+The module configuration is written out with the `CASCookiePath` set,
+otherwise an error loading the module may cause Apache to not start.
+
+**Note**: This recipe does not work on EL 6 platforms unless
+epel-testing repository is enabled (outside the scope of this
+cookbook), or the package version 1.0.8.1-3.el6 or higher is otherwise
+available to the system due to this bug:
+
+https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=708550
+
+mod\_auth\_openid
+-----------------
+
+This recipe compiles the module from source. In addition to
+`build-essential`, some other packages are included for installation
+like the GNU C++ compiler and development headers.
+
+To use the module in your own cookbooks to authenticate systems using
+OpenIDs, specify an array of OpenIDs that are allowed to authenticate
+with the attribute `node['apache']['allowed_openids']`. Use the
+following in a vhost to protect with OpenID authentication:
+
+    AuthType OpenID require user <%= node['apache']['allowed_openids'].join(' ') %>
+    AuthOpenIDDBLocation <%= node['apache']['mod_auth_openid']['dblocation'] %>
+
+Change the DBLocation with the attribute as required; this file is in
+a different location than previous versions, see below. It should be a
+sane default for most platforms, though, see
+`attributes/mod_auth_openid.rb`.
+
+The following attributes are in the `attributes/mod_auth_openid.rb` file.
+
+* `node['apache']['mod_auth_openid']['checksum']` - sha256sum of the tarball containing the source.
+* `node['apache']['mod_auth_openid']['ref']` - Any sha, tag, or branch found from https://github.com/bmuller/mod_auth_openid
+* `node['apache']['mod_auth_openid']['version']` - directory name version within the tarball
+* `node['apache']['mod_auth_openid']['cache_dir']` - the cache directory is where the sqlite3 database is stored. It is separate so it can be managed as a directory resource.
+* `node['apache']['mod_auth_openid']['dblocation']` - filename of the sqlite3 database used for directive `AuthOpenIDDBLocation`, stored in the `cache_dir` by default.
+* `node['apache']['mod_auth_openid']['configure_flags']` - optional array of configure flags passed to the `./configure` step in the compilation of the module.
+
+
+mod\_fastcgi
+------------
+
+Install the fastcgi package and enable the module.
+
+Note: In Ubuntu 14.04, the `libapache2-mod-fastcgi` module is not available by default due to the [Multiverse](https://help.ubuntu.com/community/Repositories/Ubuntu) repositories.
+You need to enable the multiverse repositories either from `/etc/apt/sources.list` or use the [apt](https://supermarket.chef.io/cookbooks/apt) cookbook.
+
+mod\_fcgid
+----------
+
+Installs the fcgi package and enables the module. Requires EPEL on
+RHEL family.
+
+mod\_php5
+--------
+
+Simply installs the appropriate package on Debian, Ubuntu and
+ArchLinux.
+
+On Red Hat family distributions including Fedora, the php.conf that
+comes with the package is removed. On RHEL platforms less than v6, the
+`php53` package is used.
+
+* `node['apache']['mod_php5']['install_method']` - default `package` can be overridden to avoid package installs.
+
+mod\_ssl
+--------
+
+Besides installing and enabling `mod_ssl`, this recipe will append
+port 443 to the `node['apache']['listen']` attributes for all addresses and
+update the ports.conf.
+
+
+* `node['apache']['mod_ssl']['cipher_suite']` - sets the SSLCiphersuite value to the specified string. The default is
+  considered "sane" but you may need to change it for your local security policy, e.g. if you have PCI-DSS requirements. Additional
+  commentary on the
+  [original pull request](https://github.com/sous-chefs/apache2/pull/15#commitcomment-1605406).
+* `node['apache']['mod_ssl']['honor_cipher_order']` - Option to prefer the server's cipher preference order. Default 'On'.
+* `node['apache']['mod_ssl']['insecure_renegotiation']` - Option to enable support for insecure renegotiation. Default 'Off'.
+* `node['apache']['mod_ssl']['strict_sni_vhost_check']` - Whether to allow non-SNI clients to access a name-based virtual host. Default 'Off'.
+* `node['apache']['mod_ssl']['session_cache']` - Configures the OCSP stapling cache. Default `shmcb:/var/run/apache2/ssl_scache`
+* `node['apache']['mod_ssl']['session_cache_timeout']` - Number of seconds before an SSL session expires in the Session Cache. Default 300.
+* `node['apache']['mod_ssl']['compression']` - 	Enable compression on the SSL level. Default 'Off'.
+* `node['apache']['mod_ssl']['use_stapling']` - Enable stapling of OCSP responses in the TLS handshake. Default 'Off'.
+* `node['apache']['mod_ssl']['stapling_responder_timeout']` - 	Timeout for OCSP stapling queries. Default 5
+* `node['apache']['mod_ssl']['stapling_return_responder_errors']` - Pass stapling related OCSP errors on to client. Default 'Off'
+* `node['apache']['mod_ssl']['stapling_cache']` - Configures the OCSP stapling cache. Default `shmcb:/var/run/ocsp(128000)`
+* `node['apache']['mod_ssl']['pass_phrase_dialog']` - Configures SSLPassPhraseDialog. Default `builtin`
+* `node['apache']['mod_ssl']['mutex']` - Configures SSLMutex. Default `file:/var/run/apache2/ssl_mutex`
+* `node['apache']['mod_ssl']['directives']` - Hash for add any custom directive.
+
+For general information on these attributes see http://httpd.apache.org/docs/current/mod/mod_ssl.html
+
+For more information on these directives and how to best secure your site see
+- https://bettercrypto.org/
+- https://wiki.mozilla.org/Security/Server_Side_TLS
+- https://www.insecure.ws/linux/apache_ssl.html
+- https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+- https://istlsfastyet.com/
+- https://www.ssllabs.com/projects/best-practices/
+
+Definitions
+===========
+
+The cookbook provides a few definitions. At some point in the future
+these definitions will be refactored into custom resources see
+[issue 414](https://github.com/sous-chefs/apache2/issues/414).
+
+apache\_conf
+------------
+
+Writes conf files to the `conf-available` folder, and passes enabled values to `apache_config`.
+
+This definition should generally be called over `apache_config`.
+
+### Parameters:
+
+* `name` - Name of the config placed and enabled or disabled with the `a2enconf` or `a2disconf` scripts.
+* `enable` - Default true, which uses `a2enconf` to enable the config. If false, the config will be disabled with `a2disconf`.
+* `conf_path` - path to put the config in if you need to override the default `conf-available`.
+* `source` - The source configuration template name. The default value is `params[:name].conf.erb`
+* `cookbook` - The cookbook in which the configuration template is located. The default value is the current cookbook.
+
+### Examples:
+
+Place and enable the example conf:
+
+```ruby
+    apache_conf 'example' do
+      enable true
+    end
+```
+
+Place and disable (or never enable to begin with) the example conf:
+
+```ruby
+    apache_conf 'example' do
+      enable false
+    end
+```
+
+Place the example conf, which has a different path than the default (conf-*):
+
+```ruby
+    apache_conf 'example' do
+      conf_path '/random/example/path'
+      enable false
+    end
+```
+
+
+apache\_config (internal)
+--------------------------
+
+Sets up configuration file for Apache from a template. The
+template should be in the same cookbook where the definition is used. This is used by the `apache_conf` definition and should not be used directly.
+
+It will use `a2enconf` and `a2disconf` to control the symlinking of configuration files between `conf-available` and `conf-enabled`.
+
+Enable or disable an Apache config file in
+`#{node['apache']['dir']}/conf-available` by calling `a2enconf` or
+`a2disconf` to manage the symbolic link in
+`#{node['apache']['dir']}/conf-enabled`. These config files should be created in your cookbook, and placed on the system using `apache_conf`
+
+### Parameters:
+
+* `name` - Name of the config enabled or disabled with the `a2enconf` or `a2disconf` scripts.
+* `source`  - The location of a template file. The default `name.erb`.
+* `cookbook` - The cookbook in which the configuration template is located (if it is not located in the current cookbook). The default value is the current cookbook.
+* `enable` - Default true, which uses `a2enconf` to enable the config. If false, the config will be disabled with `a2disconf`.
+
+### Examples:
+
+Enable the example config.
+
+```ruby
+    apache_config 'example' do
+      enable true
+    end
+```
+
+Disable a module:
+
+```ruby
+    apache_config 'disabled_example' do
+      enable false
+    end
+```
+
+See the recipes directory for many more examples of `apache_config`.
+
+
+apache\_module
+--------------
+
+Enable or disable an Apache module in
+`#{node['apache']['dir']}/mods-available` by calling `a2enmod` or
+`a2dismod` to manage the symbolic link in
+`#{node['apache']['dir']}/mods-enabled`. If the module has a
+configuration file, a template should be created in the cookbook where
+the definition is used. See __Examples__.
+
+### Parameters:
+
+* `name` - Name of the module enabled or disabled with the `a2enmod` or `a2dismod` scripts.
+* `identifier` - String to identify the module for the `LoadModule` directive. Not typically needed, defaults to `#{name}_module`
+* `enable` - Default true, which uses `a2enmod` to enable the module. If false, the module will be disabled with `a2dismod`.
+* `conf` - Default false. Set to true if the module has a config file, which will use `apache_mod` for the file.
+* `filename` - specify the full name of the file, e.g.
+
+### Examples:
+
+Enable the ssl module, which also has a configuration template in `templates/default/mods/ssl.conf.erb`.
+
+```ruby
+    apache_module "ssl" do
+      conf true
+    end
+```
+
+Enable the php5 module, which has a different filename than the module default:
+
+```ruby
+    apache_module "php5" do
+      filename "libphp5.so"
+    end
+```
+
+Disable a module:
+
+```ruby
+    apache_module "disabled_module" do
+      enable false
+    end
+```
+
+See the recipes directory for many more examples of `apache_module`.
+
+apache\_mod (internal)
+----------------------
+
+Sets up configuration file for an Apache module from a template. The
+template should be in the same cookbook where the definition is used.
+This is used by the `apache_module` definition and is not often used
+directly.
+
+This will use a template resource to write the module's configuration
+file in the `mods-available` under the Apache configuration directory
+(`node['apache']['dir']`). This is a platform-dependent location. See
+__apache\_module__.
+
+### Parameters:
+
+* `name` - Name of the template. When used from the `apache_module`,
+  it will use the same name as the module.
+
+### Examples:
+
+Create `#{node['apache']['dir']}/mods-available/alias.conf`.
+
+```ruby
+    apache_mod "alias"
+```
+
+apache\_site
+------------
+
+Enable or disable a VirtualHost in
+`#{node['apache']['dir']}/sites-available` by calling a2ensite or
+a2dissite to manage the symbolic link in
+`#{node['apache']['dir']}/sites-enabled`.
+
+The template for the site must be managed as a separate resource. To
+combine the template with enabling a site, see `web_app`.
+
+### Parameters:
+
+* `name` - Name of the site.
+* `enable` - Default true, which uses `a2ensite` to enable the site. If false, the site will be disabled with `a2dissite`.
+
+web\_app
+--------
+
+Manage a template resource for a VirtualHost site, and enable it with
+`apache_site`. This is commonly done for managing web applications
+such as Ruby on Rails, PHP or Django, and the default behavior
+reflects that. However it is flexible.
+
+This definition includes some recipes to make sure the system is
+configured to have Apache and some sane default modules:
+
+* `apache2`
+* `apache2::mod_rewrite`
+* `apache2::mod_deflate`
+* `apache2::mod_headers`
+
+It will then configure the template (see __Parameters__ and
+__Examples__ below), and enable or disable the site per the `enable`
+parameter.
+
+### Parameters:
+
+Current parameters used by the definition:
+
+* `name` - The name of the site. The template will be written to
+  `#{node['apache']['dir']}/sites-available/#{params['name']}.conf`
+* `cookbook` - Optional. Cookbook where the source template is. If
+  this is not defined, Chef will use the named template in the
+  cookbook where the definition is used.
+* `template` - Default `web_app.conf.erb`, source template file.
+* `enable` - Default true. Passed to the `apache_site` definition.
+
+Additional parameters can be defined when the definition is called in
+a recipe, see __Examples__.
+
+### Examples:
+
+The recommended way to use the `web_app` definition is in a application specific cookbook named "my_app".
+The following example would look for a template named 'web_app.conf.erb' in your cookbook containing
+the apache httpd directives defining the `VirtualHost` that would serve up "my_app".
+
+```ruby
+    web_app "my_app" do
+       template 'web_app.conf.erb'
+       server_name node['my_app']['hostname']
+    end
+```
+
+All parameters are passed into the template. You can use whatever you
+like. The apache2 cookbook comes with a `web_app.conf.erb` template as
+an example. The following parameters are used in the template:
+
+* `server_name` - ServerName directive.
+* `server_aliases` - ServerAlias directive. Must be an array of aliases.
+* `docroot` - DocumentRoot directive.
+* `application_name` - Used in RewriteLog directive. Will be set to the `name` parameter.
+* `directory_index` - Allow overriding the default DirectoryIndex setting, optional
+* `directory_options` - Override Options on the docroot, for example to add parameters like Includes or Indexes, optional.
+* `allow_override` - Modify the AllowOverride directive on the docroot to support apps that need .htaccess to modify configuration or require authentication.
+
+To use the default web_app, for example:
+
+```ruby
+    web_app "my_site" do
+      server_name node['hostname']
+      server_aliases [node['fqdn'], "my-site.example.com"]
+      docroot "/srv/www/my_site"
+      cookbook 'apache2'
+    end
+```
+
+The parameters specified will be used as:
+
+* `@params[:server_name]`
+* `@params[:server_aliases]`
+* `@params[:docroot]`
+
+In the template. When you write your own, the `@` is significant.
+
+For more information about Definitions and parameters, see the
+[Chef Wiki](http://docs.chef.io/definitions.html)
+
+Tests
+=====
+
+This cookbook in the [source repository](https://github.com/sous-chefs/apache2/)
+contains chefspec, serverspec tests.
+
+Please see the CONTRIBUTING file for information on how to add tests
+for your contributions.
+
+
+License and Authors
+===================
+
+* Author:: Adam Jacob <adam@chef.io>
+* Author:: Joshua Timberman <joshua@chef.io>
+* Author:: Bryan McLellan <bryanm@widemile.com>
+* Author:: Dave Esposito <esposito@espolinux.corpnet.local>
+* Author:: David Abdemoulaie <github@hobodave.com>
+* Author:: Edmund Haselwanter <edmund@haselwanter.com>
+* Author:: Eric Rochester <err8n@virginia.edu>
+* Author:: Jim Browne <jbrowne@42lines.net>
+* Author:: Matthew Kent <mkent@magoazul.com>
+* Author:: Nathen Harvey <nharvey@customink.com>
+* Author:: Ringo De Smet <ringo.de.smet@amplidata.com>
+* Author:: Sean OMeara <someara@chef.io>
+* Author:: Seth Chisamore <schisamo@chef.io>
+* Author:: Gilles Devaux <gilles@peerpong.com>
+* Author:: Sander van Zoest <sander+cookbooks@vanzoest.com>
+* Author:: Taylor Price <tayworm@gmail.com>
+* Author:: Ben Dean <ben.dean@ontariosystems.com>
+
+* Copyright:: 2009-2012, Chef Software, Inc
+* Copyright:: 2011, Atriso
+* Copyright:: 2011, CustomInk, LLC.
+* Copyright:: 2013-2014, OneHealth Solutions, Inc.
+* Copyright:: 2014, Viverae, Inc.
+* Copyright:: 2015-2016, Alexander van Zoest
+* Copyright:: 2015, Ontario Systems, LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

cookbooks/apache2/attributes/default.rb

@@ -0,0 +1,355 @@
+#
+# Cookbook:: apache2
+# Attributes:: default
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+# Copyright:: 2014, Viverae, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['apache']['mpm'] =
+  case node['platform_family']
+  when 'debian'
+    case node['platform']
+    when 'ubuntu'
+      if node['platform_version'].to_f >= 14.04
+        'event'
+      elsif node['platform_version'].to_f >= 12.04
+        'worker'
+      else
+        'prefork'
+      end
+    when 'debian'
+      node['platform_version'].to_f >= 7.0 ? 'worker' : 'prefork'
+    when 'linuxmint'
+      node['platform_version'].to_i >= 17 ? 'event' : 'prefork'
+    else
+      'prefork'
+    end
+  when 'suse'
+    'prefork'
+  when 'rhel'
+    'prefork'
+  when 'amazon'
+    'prefork'
+  else
+    'prefork'
+  end
+
+default['apache']['version'] =
+  case node['platform_family']
+  when 'debian'
+    case node['platform']
+    when 'ubuntu'
+      node['platform_version'].to_f >= 13.10 ? '2.4' : '2.2'
+    when 'linuxmint'
+      node['platform_version'].to_i >= 16 ? '2.4' : '2.2'
+    when 'debian', 'raspbian'
+      node['platform_version'].to_f >= 8.0 ? '2.4' : '2.2'
+    else
+      '2.4'
+    end
+  when 'amazon'
+    node['platform_version'].to_f >= 2013.09 ? '2.4' : '2.2'
+  when 'rhel'
+    case node['platform']
+    when 'amazon'
+      node['platform_version'].to_f >= 2013.09 ? '2.4' : '2.2'
+    else
+      node['platform_version'].to_f >= 7.0 ? '2.4' : '2.2'
+    end
+  when 'fedora'
+    '2.4'
+  when 'suse'
+    case node['platform']
+    when 'suse'
+      node['platform_version'].to_f >= 12.1 ? '2.4' : '2.2'
+    else
+      '2.4'
+    end
+  when 'freebsd'
+    '2.4'
+  end
+
+default['apache']['root_group'] = 'root'
+default['apache']['default_site_name'] = 'default'
+
+# Where the various parts of apache are
+case node['platform']
+when 'redhat', 'centos', 'scientific', 'fedora', 'amazon', 'oracle'
+  if node['platform'] == 'amazon'
+    if node['apache']['version'] == '2.4'
+      default['apache']['package'] = 'httpd24'
+      default['apache']['devel_package'] = 'httpd24-devel'
+    else
+      default['apache']['package'] = 'httpd22'
+      default['apache']['devel_package'] = 'httpd22-devel'
+    end
+  else
+    default['apache']['package'] = 'httpd'
+    default['apache']['devel_package'] = 'httpd-devel'
+  end
+  default['apache']['service_name'] = 'httpd'
+  default['apache']['perl_pkg']    = 'perl'
+  default['apache']['apachectl']   = '/usr/sbin/apachectl'
+  default['apache']['dir']         = '/etc/httpd'
+  default['apache']['log_dir']     = '/var/log/httpd'
+  default['apache']['error_log']   = 'error.log'
+  default['apache']['access_log']  = 'access.log'
+  default['apache']['user']        = 'apache'
+  default['apache']['group']       = 'apache'
+  default['apache']['binary']      = '/usr/sbin/httpd'
+  default['apache']['conf_dir']    = '/etc/httpd/conf'
+  default['apache']['docroot_dir'] = '/var/www/html'
+  default['apache']['cgibin_dir']  = '/var/www/cgi-bin'
+  default['apache']['icondir'] =
+    if node['apache']['version'] == '2.4'
+      '/usr/share/httpd/icons'
+    else
+      '/var/www/icons'
+    end
+  default['apache']['cache_dir']   = '/var/cache/httpd'
+  default['apache']['run_dir']     = '/var/run/httpd'
+  default['apache']['lock_dir']    = '/var/run/httpd'
+  default['apache']['pid_file'] =
+    if node['platform_version'].to_f >= 6
+      '/var/run/httpd/httpd.pid'
+    else
+      '/var/run/httpd.pid'
+    end
+  default['apache']['lib_dir'] = node['kernel']['machine'] =~ /^i[36]86$/ ? '/usr/lib/httpd' : '/usr/lib64/httpd'
+  default['apache']['libexec_dir'] = "#{node['apache']['lib_dir']}/modules"
+when 'suse', 'opensuse', 'opensuseleap'
+  default['apache']['package']     = 'apache2'
+  default['apache']['perl_pkg']    = 'perl'
+  default['apache']['devel_package'] = 'httpd-devel'
+  default['apache']['apachectl']   = '/usr/sbin/apache2ctl'
+  default['apache']['dir']         = '/etc/apache2'
+  default['apache']['log_dir']     = '/var/log/apache2'
+  default['apache']['error_log']   = 'error.log'
+  default['apache']['access_log']  = 'access.log'
+  default['apache']['user']        = 'wwwrun'
+  default['apache']['group']       = 'www'
+  default['apache']['binary']      = '/usr/sbin/httpd2'
+  default['apache']['conf_dir']    = '/etc/apache2'
+  default['apache']['docroot_dir'] = '/srv/www/htdocs'
+  default['apache']['cgibin_dir']  = '/srv/www/cgi-bin'
+  default['apache']['icondir']     = '/usr/share/apache2/icons'
+  default['apache']['cache_dir']   = '/var/cache/apache2'
+  default['apache']['run_dir']     = '/var/run/httpd'
+  default['apache']['lock_dir']    = '/var/run/httpd'
+  default['apache']['pid_file']    =
+    if node['platform_version'].to_f > 11.4
+      '/var/run/httpd.pid'
+    else
+      '/var/run/httpd2.pid'
+    end
+  default['apache']['lib_dir']     = node['kernel']['machine'] =~ /^i[36]86$/ ? '/usr/lib/apache2' : '/usr/lib64/apache2'
+  default['apache']['libexec_dir'] = node['apache']['lib_dir']
+when 'debian', 'ubuntu'
+  default['apache']['package']     = 'apache2'
+  default['apache']['perl_pkg']    = 'perl'
+  default['apache']['devel_package'] =
+    if node['apache']['mpm'] == 'prefork'
+      'apache2-prefork-dev'
+    else
+      'apache2-dev'
+    end
+  default['apache']['apachectl']   = '/usr/sbin/apache2ctl'
+  default['apache']['dir']         = '/etc/apache2'
+  default['apache']['log_dir']     = '/var/log/apache2'
+  default['apache']['error_log']   = 'error.log'
+  default['apache']['access_log']  = 'access.log'
+  default['apache']['user']        = 'www-data'
+  default['apache']['group']       = 'www-data'
+  default['apache']['binary']      = '/usr/sbin/apache2'
+  default['apache']['conf_dir']    = '/etc/apache2'
+  default['apache']['cgibin_dir']  = '/usr/lib/cgi-bin'
+  default['apache']['icondir']     = '/usr/share/apache2/icons'
+  default['apache']['cache_dir']   = '/var/cache/apache2'
+  default['apache']['run_dir']     = '/var/run/apache2'
+  default['apache']['lock_dir']    = '/var/lock/apache2'
+  # this should use COOK-3917 to educate the initscript of the pid location
+  if node['apache']['version'] == '2.4'
+    default['apache']['pid_file']    = '/var/run/apache2/apache2.pid'
+    default['apache']['docroot_dir'] = '/var/www/html'
+  else
+    default['apache']['pid_file']    = '/var/run/apache2.pid'
+    default['apache']['docroot_dir'] = '/var/www'
+  end
+  default['apache']['lib_dir']       = '/usr/lib/apache2'
+  default['apache']['build_dir']     = '/usr/share/apache2'
+  default['apache']['libexec_dir']   = "#{node['apache']['lib_dir']}/modules"
+  default['apache']['default_site_name'] = '000-default'
+when 'arch'
+  default['apache']['package'] = 'apache'
+  default['apache']['service_name'] = 'httpd'
+  default['apache']['perl_pkg']    = 'perl'
+  # default['apache']['apachectl']   = '/usr/sbin/apachectl'
+  default['apache']['dir']         = '/etc/httpd'
+  default['apache']['log_dir']     = '/var/log/httpd'
+  default['apache']['error_log']   = 'error.log'
+  default['apache']['access_log']  = 'access.log'
+  default['apache']['user']        = 'http'
+  default['apache']['group']       = 'http'
+  default['apache']['binary']      = '/usr/sbin/httpd'
+  default['apache']['conf_dir']    = '/etc/httpd'
+  default['apache']['docroot_dir'] = '/srv/http'
+  default['apache']['cgibin_dir']  = '/usr/share/httpd/cgi-bin'
+  default['apache']['icondir']     = '/usr/share/httpd/icons'
+  default['apache']['cache_dir']   = '/var/cache/httpd'
+  default['apache']['run_dir']     = '/var/run/httpd'
+  default['apache']['lock_dir']    = '/var/run/httpd'
+  default['apache']['pid_file']    = '/var/run/httpd/httpd.pid'
+  default['apache']['lib_dir']     = '/usr/lib/httpd'
+  default['apache']['libexec_dir'] = "#{node['apache']['lib_dir']}/modules"
+when 'freebsd'
+  default['apache']['package']     = 'apache24'
+  default['apache']['dir']         = '/usr/local/etc/apache24'
+  default['apache']['conf_dir']    = '/usr/local/etc/apache24'
+  default['apache']['docroot_dir'] = '/usr/local/www/apache24/data'
+  default['apache']['cgibin_dir']  = '/usr/local/www/apache24/cgi-bin'
+  default['apache']['icondir']     = '/usr/local/www/apache24/icons'
+  default['apache']['cache_dir']   = '/var/cache/apache24'
+  default['apache']['run_dir']     = '/var/run'
+  default['apache']['lock_dir']    = '/var/run'
+  default['apache']['lib_dir']     = '/usr/local/libexec/apache24'
+  default['apache']['devel_package'] = 'httpd-devel'
+  default['apache']['perl_pkg']    = 'perl5'
+  default['apache']['apachectl']   = '/usr/local/sbin/apachectl'
+  default['apache']['pid_file']    = '/var/run/httpd.pid'
+  default['apache']['log_dir']     = '/var/log'
+  default['apache']['error_log']   = 'httpd-error.log'
+  default['apache']['access_log']  = 'httpd-access.log'
+  default['apache']['root_group']  = 'wheel'
+  default['apache']['user']        = 'www'
+  default['apache']['group']       = 'www'
+  default['apache']['binary']      = '/usr/local/sbin/httpd'
+  default['apache']['libexec_dir'] = node['apache']['lib_dir']
+else
+  default['apache']['package'] = 'apache2'
+  default['apache']['devel_package'] = 'apache2-dev'
+  default['apache']['perl_pkg']    = 'perl'
+  default['apache']['dir']         = '/etc/apache2'
+  default['apache']['log_dir']     = '/var/log/apache2'
+  default['apache']['error_log']   = 'error.log'
+  default['apache']['access_log']  = 'access.log'
+  default['apache']['user']        = 'www-data'
+  default['apache']['group']       = 'www-data'
+  default['apache']['binary']      = '/usr/sbin/apache2'
+  default['apache']['conf_dir']    = '/etc/apache2'
+  default['apache']['docroot_dir'] = '/var/www'
+  default['apache']['cgibin_dir']  = '/usr/lib/cgi-bin'
+  default['apache']['icondir']     = '/usr/share/apache2/icons'
+  default['apache']['cache_dir']   = '/var/cache/apache2'
+  default['apache']['run_dir']     = 'logs'
+  default['apache']['lock_dir']    = 'logs'
+  default['apache']['pid_file']    = 'logs/httpd.pid'
+  default['apache']['lib_dir']     = '/usr/lib/apache2'
+  default['apache']['libexec_dir']  = "#{node['apache']['lib_dir']}/modules"
+end
+
+###
+# These settings need the unless, since we want them to be tunable,
+# and we don't want to override the tunings.
+###
+
+# General settings
+if node['apache']['service_name'].nil?
+  default['apache']['service_name'] = node['apache']['package']
+end
+default['apache']['listen']            = ['*:80']
+default['apache']['contact']           = 'ops@example.com'
+default['apache']['timeout']           = 300
+default['apache']['keepalive']         = 'On'
+default['apache']['keepaliverequests'] = 100
+default['apache']['keepalivetimeout']  = 5
+default['apache']['locale'] = 'C'
+default['apache']['sysconfig_additional_params'] = {}
+default['apache']['default_site_enabled'] = false
+default['apache']['default_site_port']    = '80'
+default['apache']['access_file_name'] = '.htaccess'
+default['apache']['default_release'] = nil
+default['apache']['log_level'] = 'warn'
+
+# Security
+default['apache']['servertokens']    = 'Prod'
+default['apache']['serversignature'] = 'On'
+default['apache']['traceenable']     = 'Off'
+
+# mod_status Allow list, space seprated list of allowed entries.
+default['apache']['status_allow_list'] = '127.0.0.1 ::1'
+
+# mod_status ExtendedStatus, set to 'true' to enable
+default['apache']['ext_status'] = false
+
+# mod_info Allow list, space seprated list of allowed entries.
+default['apache']['info_allow_list'] = '127.0.0.1 ::1'
+
+# Supported mpm list
+default['apache']['mpm_support'] = %w(prefork worker event)
+
+# Prefork Attributes
+default['apache']['prefork']['startservers']        = 16
+default['apache']['prefork']['minspareservers']     = 16
+default['apache']['prefork']['maxspareservers']     = 32
+default['apache']['prefork']['serverlimit']         = 256
+default['apache']['prefork']['maxrequestworkers']   = 256
+default['apache']['prefork']['maxconnectionsperchild'] = 10_000
+
+# Worker Attributes
+default['apache']['worker']['startservers']        = 4
+default['apache']['worker']['serverlimit']         = 16
+default['apache']['worker']['minsparethreads']     = 64
+default['apache']['worker']['maxsparethreads']     = 192
+default['apache']['worker']['threadlimit']         = 192
+default['apache']['worker']['threadsperchild']     = 64
+default['apache']['worker']['maxrequestworkers']   = 1024
+default['apache']['worker']['maxconnectionsperchild'] = 0
+
+# Event Attributes
+default['apache']['event']['startservers']        = 4
+default['apache']['event']['serverlimit']         = 16
+default['apache']['event']['minsparethreads']     = 64
+default['apache']['event']['maxsparethreads']     = 192
+default['apache']['event']['threadlimit']         = 192
+default['apache']['event']['threadsperchild']     = 64
+default['apache']['event']['maxrequestworkers']   = 1024
+default['apache']['event']['maxconnectionsperchild'] = 0
+
+# mod_proxy settings
+default['apache']['proxy']['require']    = 'all denied'
+default['apache']['proxy']['order']      = 'deny,allow'
+default['apache']['proxy']['deny_from']  = 'all'
+default['apache']['proxy']['allow_from'] = 'none'
+
+# Default modules to enable via include_recipe
+default['apache']['default_modules'] = %w(
+  status alias auth_basic authn_core authn_file authz_core authz_groupfile
+  authz_host authz_user autoindex deflate dir env mime negotiation setenvif
+)
+
+%w(log_config logio).each do |log_mod|
+  default['apache']['default_modules'] << log_mod if %w(rhel amazon fedora suse arch freebsd).include?(node['platform_family'])
+end
+
+if node['apache']['version'] == '2.4'
+  %w(unixd).each do |unix_mod|
+    default['apache']['default_modules'] << unix_mod if %w(rhel amazon fedora suse arch freebsd).include?(node['platform_family'])
+  end
+
+  unless node['platform'] == 'amazon'
+    default['apache']['default_modules'] << 'systemd' if %w(rhel fedora amazon).include?(node['platform_family'])
+  end
+end

cookbooks/apache2/attributes/mod_auth_cas.rb

@@ -0,0 +1,21 @@
+#
+# Cookbook:: apache2
+# Attributes:: mod_auth_cas
+#
+# Copyright:: 2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['apache']['mod_auth_cas']['from_source']     = false
+default['apache']['mod_auth_cas']['source_revision'] = 'v1.0.9.1'

cookbooks/apache2/attributes/mod_auth_openid.rb

@@ -0,0 +1,38 @@
+#
+# Cookbook:: apache2
+# Attributes:: mod_auth_openid
+#
+# Copyright:: 2013, Chef Software, Inc.
+# Copyright:: 2014-2016, Alexander van Zoest
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# mod_auth_openids
+default['apache']['allowed_openids'] = []
+default['apache']['mod_auth_openid']['ref']        = 'v0.8'
+default['apache']['mod_auth_openid']['version']    = '0.8'
+default['apache']['mod_auth_openid']['source_url'] = "https://github.com/bmuller/mod_auth_openid/archive/#{node['apache']['mod_auth_openid']['ref']}.tar.gz"
+default['apache']['mod_auth_openid']['cache_dir']  = '/var/cache/mod_auth_openid'
+default['apache']['mod_auth_openid']['dblocation'] = "#{node['apache']['mod_auth_openid']['cache_dir']}/mod_auth_openid.db"
+
+default['apache']['mod_auth_openid']['configure_flags'] =
+  case node['platform_family']
+  when 'freebsd'
+    [
+      'CPPFLAGS=-I/usr/local/include',
+      'LDFLAGS=-I/usr/local/lib -lsqlite3',
+    ]
+  else
+    []
+  end

cookbooks/apache2/attributes/mod_fastcgi.rb

@@ -0,0 +1,39 @@
+#
+# Cookbook:: apache2
+# Attributes:: mod_fastcgi
+#
+# Copyright:: 2013, Chef Software, Inc.
+# Copyright:: 2016, Alexander van Zoest
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['apache']['mod_fastcgi']['download_url'] = 'http://www.fastcgi.com/dist/mod_fastcgi-current.tar.gz'
+default['apache']['mod_fastcgi']['install_method'] = 'package'
+default['apache']['mod_fastcgi']['package'] =
+  case node['platform_family']
+  when 'debian'
+    'libapache2-mod-fastcgi'
+  when 'amazon'
+    'mod_fastcgi'
+  when 'rhel'
+    'mod_fastcgi'
+  when 'freebsd'
+    if node['apache']['version'] == '2.4'
+      'ap24-mod_fastcgi'
+    else
+      'ap22-mod_fastcgi'
+    end
+  else
+    'mod_fastcgi'
+  end

cookbooks/apache2/attributes/mod_pagespeed.rb

@@ -0,0 +1,25 @@
+#
+# Cookbook:: apache2
+# Attributes:: mod_pagespeed
+#
+# Copyright:: 2013, ZOZI
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['apache2']['mod_pagespeed']['package_link'] =
+  if node['kernel']['machine'] =~ /^i[36']86$/
+    'https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_i386.deb'
+  else
+    'https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb'
+  end

cookbooks/apache2/attributes/mod_php.rb

@@ -0,0 +1,34 @@
+#
+# Cookbook:: apache2
+# Attributes:: mod_php5
+#
+# Copyright:: 2014, Viverae, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default['apache']['mod_php']['install_method'] = 'package'
+default['apache']['mod_php']['module_name'] = 'php5'
+default['apache']['mod_php']['so_filename'] = 'libphp5.so'
+default['apache']['mod_php']['so_filename'] = 'mod_php5.so' if node['platform_family'] == 'suse'
+
+if node['platform'] == 'ubuntu' && node['platform_version'].to_f >= 16.04
+  default['apache']['mod_php']['module_name'] = 'php7'
+  default['apache']['mod_php']['so_filename'] = 'libphp7.0.so'
+end
+if node['platform'] == 'debian' && node['platform_version'].to_f >= 9
+  default['apache']['mod_php']['module_name'] = 'php7'
+  default['apache']['mod_php']['so_filename'] = 'libphp7.0.so'
+end
+if node['platform'] == 'amazon' && node['apache']['version'] == '2.4'
+  default['apache']['mod_php']['so_filename'] = 'libphp.so'
+end

cookbooks/apache2/attributes/mod_ssl.rb

@@ -0,0 +1,63 @@
+#
+# Cookbook:: apache2
+# Attributes:: mod_ssl
+#
+# Copyright:: 2012-2013, Chef Software, Inc.
+# Copyright:: 2014, Viverae, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['apache']['mod_ssl']['port'] = 443
+default['apache']['mod_ssl']['protocol'] = 'All -SSLv2 -SSLv3'
+default['apache']['mod_ssl']['cipher_suite'] = 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'
+default['apache']['mod_ssl']['honor_cipher_order']     = 'On'
+default['apache']['mod_ssl']['insecure_renegotiation'] = 'Off'
+default['apache']['mod_ssl']['strict_sni_vhost_check'] = 'Off'
+default['apache']['mod_ssl']['session_cache'] = 'shmcb:/var/run/apache2/ssl_scache'
+default['apache']['mod_ssl']['session_cache_timeout'] = 300
+default['apache']['mod_ssl']['compression'] = 'Off'
+default['apache']['mod_ssl']['use_stapling'] = 'Off'
+default['apache']['mod_ssl']['stapling_responder_timeout'] = 5
+default['apache']['mod_ssl']['stapling_return_responder_errors'] = 'Off'
+default['apache']['mod_ssl']['stapling_cache'] = 'shmcb:/var/run/ocsp(128000)'
+default['apache']['mod_ssl']['pass_phrase_dialog'] = 'builtin'
+default['apache']['mod_ssl']['mutex'] = 'file:/var/run/apache2/ssl_mutex'
+default['apache']['mod_ssl']['directives'] = {}
+default['apache']['mod_ssl']['pkg_name'] = 'mod_ssl'
+
+case node['platform_family']
+when 'debian'
+  case node['platform']
+  when 'ubuntu'
+    if node['apache']['version'] == '2.4'
+      default['apache']['mod_ssl']['pass_phrase_dialog'] = 'exec:/usr/share/apache2/ask-for-passphrase'
+    end
+  end
+when 'freebsd'
+  default['apache']['mod_ssl']['session_cache'] = 'shmcb:/var/run/ssl_scache(512000)'
+  default['apache']['mod_ssl']['mutex'] = 'file:/var/run/ssl_mutex'
+when 'amazon'
+  if node['apache']['version'] == '2.4'
+    default['apache']['mod_ssl']['pkg_name'] = 'mod24_ssl'
+  end
+when 'rhel', 'fedora', 'suse'
+  case node['platform']
+  when 'amazon'
+    if node['apache']['version'] == '2.4'
+      default['apache']['mod_ssl']['pkg_name'] = 'mod24_ssl'
+    end
+  end
+  default['apache']['mod_ssl']['session_cache'] = 'shmcb:/var/cache/mod_ssl/scache(512000)'
+  default['apache']['mod_ssl']['mutex'] = 'default'
+end

cookbooks/apache2/definitions/apache_conf.rb

@@ -0,0 +1,45 @@
+#
+# Cookbook:: apache2
+# Definition:: apache_conf
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_conf, enable: true do
+  include_recipe 'apache2::default'
+
+  conf_name = "#{params[:name]}.conf"
+  params[:conf_path] = params[:conf_path] || "#{node['apache']['dir']}/conf-available"
+
+  file "#{params[:conf_path]}/#{params[:name]}" do
+    action :delete
+  end
+
+  template "#{params[:conf_path]}/#{conf_name}" do
+    source params[:source] || "#{conf_name}.erb"
+    cookbook params[:cookbook] if params[:cookbook]
+    owner 'root'
+    group node['apache']['root_group']
+    backup false
+    mode '0644'
+    notifies :restart, 'service[apache2]', :delayed
+  end
+
+  if params[:enable]
+    apache_config params[:name] do
+      enable true
+    end
+  end
+end

cookbooks/apache2/definitions/apache_config.rb

@@ -0,0 +1,42 @@
+#
+# Cookbook:: apache2
+# Definition:: apache_config
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_config, enable: true do
+  include_recipe 'apache2::default'
+
+  conf_name = "#{params[:name]}.conf"
+  params[:conf_path] = params[:conf_path] || "#{node['apache']['dir']}/conf-available"
+
+  if params[:enable]
+    execute "a2enconf #{conf_name}" do
+      command "/usr/sbin/a2enconf #{conf_name}"
+      notifies :restart, 'service[apache2]', :delayed
+      not_if do
+        ::File.symlink?("#{node['apache']['dir']}/conf-enabled/#{conf_name}") &&
+          (::File.exist?(params[:conf_path]) ? ::File.symlink?("#{node['apache']['dir']}/conf-enabled/#{conf_name}") : true)
+      end
+    end
+  else
+    execute "a2disconf #{conf_name}" do
+      command "/usr/sbin/a2disconf #{conf_name}"
+      notifies :reload, 'service[apache2]', :delayed
+      only_if { ::File.symlink?("#{node['apache']['dir']}/conf-enabled/#{conf_name}") }
+    end
+  end
+end

cookbooks/apache2/definitions/apache_mod.rb

@@ -0,0 +1,28 @@
+#
+# Cookbook:: apache2
+# Definition:: apache_mod
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_mod do
+  include_recipe 'apache2::default'
+
+  template "#{node['apache']['dir']}/mods-available/#{params[:name]}.conf" do
+    source "mods/#{params[:name]}.conf.erb"
+    mode '0644'
+    notifies :reload, 'service[apache2]', :delayed
+  end
+end

cookbooks/apache2/definitions/apache_module.rb

@@ -0,0 +1,58 @@
+#
+# Cookbook:: apache2
+# Definition:: apache_module
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_module, enable: true, conf: false, restart: false do
+  include_recipe 'apache2::default'
+
+  params[:filename]    = params[:filename] || "mod_#{params[:name]}.so"
+  params[:module_path] = params[:module_path] || "#{node['apache']['libexec_dir']}/#{params[:filename]}"
+  params[:identifier]  = params[:identifier] || "#{params[:name]}_module"
+
+  apache_mod params[:name] if params[:conf]
+
+  file "#{node['apache']['dir']}/mods-available/#{params[:name]}.load" do
+    content "LoadModule #{params[:identifier]} #{params[:module_path]}\n"
+    mode '0644'
+  end
+
+  if params[:enable]
+    execute "a2enmod #{params[:name]}" do
+      command "/usr/sbin/a2enmod #{params[:name]}"
+      if params[:restart]
+        notifies :restart, 'service[apache2]', :delayed
+      else
+        notifies :reload, 'service[apache2]', :delayed
+      end
+      not_if do
+        ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") &&
+          (::File.exist?("#{node['apache']['dir']}/mods-available/#{params[:name]}.conf") ? ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.conf") : true)
+      end
+    end
+  else
+    execute "a2dismod #{params[:name]}" do
+      command "/usr/sbin/a2dismod #{params[:name]}"
+      if params[:restart]
+        notifies :restart, 'service[apache2]', :delayed
+      else
+        notifies :reload, 'service[apache2]', :delayed
+      end
+      only_if { ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") }
+    end
+  end
+end

cookbooks/apache2/definitions/apache_site.rb

@@ -0,0 +1,44 @@
+#
+# Cookbook:: apache2
+# Definition:: apache_site
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_site, enable: true do
+  include_recipe 'apache2::default'
+  conf_name = "#{params[:name]}.conf"
+
+  if params[:enable]
+    execute "a2ensite #{conf_name}" do
+      command "/usr/sbin/a2ensite #{conf_name}"
+      notifies :reload, 'service[apache2]', :delayed
+      not_if do
+        ::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{conf_name}") ||
+          ::File.symlink?("#{node['apache']['dir']}/sites-enabled/000-#{conf_name}")
+      end
+      only_if { ::File.exist?("#{node['apache']['dir']}/sites-available/#{conf_name}") }
+    end
+  else
+    execute "a2dissite #{conf_name}" do
+      command "/usr/sbin/a2dissite #{conf_name}"
+      notifies :reload, 'service[apache2]', :delayed
+      only_if do
+        ::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{conf_name}") ||
+          ::File.symlink?("#{node['apache']['dir']}/sites-enabled/000-#{conf_name}")
+      end
+    end
+  end
+end

cookbooks/apache2/definitions/web_app.rb

@@ -0,0 +1,48 @@
+#
+# Cookbook:: apache2
+# Definition:: web_app
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :web_app, template: 'web_app.conf.erb', local: false, enable: true, server_port: 80 do
+  application_name = params[:name]
+
+  include_recipe 'apache2::default'
+  include_recipe 'apache2::mod_rewrite'
+  include_recipe 'apache2::mod_deflate'
+  include_recipe 'apache2::mod_headers'
+
+  template "#{node['apache']['dir']}/sites-available/#{application_name}.conf" do
+    source params[:template]
+    local params[:local]
+    owner 'root'
+    group node['apache']['root_group']
+    mode '0644'
+    cookbook params[:cookbook] if params[:cookbook]
+    variables(
+      application_name: application_name,
+      params: params
+    )
+    if ::File.exist?("#{node['apache']['dir']}/sites-enabled/#{application_name}.conf")
+      notifies :reload, 'service[apache2]', :delayed
+    end
+  end
+
+  site_enabled = params[:enable]
+  apache_site params[:name] do
+    enable site_enabled
+  end
+end

cookbooks/apache2/files/default/apache2_module_conf_generate.pl

@@ -0,0 +1,41 @@
+#!/usr/bin/perl
+
+=begin
+
+Generates Ubuntu style module.load files.
+
+./apache2_module_conf_generate.pl /usr/lib64/httpd/modules /etc/httpd/mods-available
+
+ARGV[0] is the apache modules directory, ARGV[1] is where you want 'em.
+
+=cut
+
+use File::Find;
+
+use strict;
+use warnings;
+
+die "Must have '/path/to/modules' and '/path/to/modules.load'"
+  unless $ARGV[0] && $ARGV[1];
+
+find(
+  {
+    wanted => sub {
+      return 1 if $File::Find::name !~ /\.so$/;
+      my $modfile = $_;
+      $modfile =~ /(lib|mod_)(.+)\.so$/;
+      my $modname  = $2;
+      my $filename = "$ARGV[1]/$modname.load";
+      unless ( -f $filename ) {
+        open( FILE, ">", $filename ) or die "Cannot open $filename";
+        print FILE "LoadModule " . $modname . "_module $File::Find::name\n";
+        close(FILE);
+      }
+    },
+    follow => 1,
+  },
+  $ARGV[0]
+);
+
+exit 0;
+

cookbooks/apache2/libraries/listen.rb

@@ -0,0 +1,45 @@
+# encoding: utf-8
+#
+# Cookbook:: apache2
+# Libraries:: listen
+#
+# Copyright:: 2015, Ontario Systems, LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module Apache2
+  # Provides method to convert node['apache']['listen_ports'] and node['apache']['listen_addresses'] into new node['apache']['listen']
+  module Listen
+    # @param node [Chef::Node] the chef node
+    # @return [Hash] a hash indexed by address where the values are arrays of ports to listen to
+    def merge_listen_attributes(node)
+      (Apache2::Listen.converted_listen_ports_and_addresses(node) + node['apache']['listen']).uniq
+    end
+
+    module_function :merge_listen_attributes
+
+    private_class_method
+
+    def self.converted_listen_ports_and_addresses(node)
+      return [] unless node['apache']['listen_ports'] || node['apache']['listen_addresses']
+      Chef::Log.warn "node['apache']['listen_ports'] and node['apache']['listen_addresses'] are deprecated in favor of node['apache']['listen']. Please adjust your cookbooks"
+
+      # Defaults to * for addresses or 80 / 443 for ports if not specified
+      (node['apache']['listen_addresses'] || %w(*)).uniq.each_with_object([]) do |address, listen|
+        (node['apache']['listen_ports'] || %w(80 443)).uniq.each do |port|
+          listen << "#{address}:#{port}"
+        end
+      end
+    end
+  end
+end

cookbooks/apache2/recipes/default.rb

@@ -0,0 +1,219 @@
+#
+# Cookbook:: apache2
+# Recipe:: default
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+# Copyright:: 2014-2015, Alexander van Zoest
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+package 'apache2' do # ~FC009 only available in apt_package. See #388
+  package_name node['apache']['package']
+  default_release node['apache']['default_release'] unless node['apache']['default_release'].nil?
+end
+
+%w(sites-available sites-enabled mods-available mods-enabled conf-available conf-enabled).each do |dir|
+  directory "#{node['apache']['dir']}/#{dir}" do
+    mode '0755'
+    owner 'root'
+    group node['apache']['root_group']
+  end
+end
+
+%w(default default.conf 000-default 000-default.conf).each do |site|
+  link "#{node['apache']['dir']}/sites-enabled/#{site}" do
+    action :delete
+    not_if { site == "#{node['apache']['default_site_name']}.conf" && node['apache']['default_site_enabled'] }
+  end
+
+  file "#{node['apache']['dir']}/sites-available/#{site}" do
+    action :delete
+    backup false
+    not_if { site == "#{node['apache']['default_site_name']}.conf" && node['apache']['default_site_enabled'] }
+  end
+end
+
+directory node['apache']['log_dir'] do
+  mode '0755'
+  recursive true
+end
+
+# perl is needed for the a2* scripts
+package node['apache']['perl_pkg']
+
+package 'perl-Getopt-Long-Descriptive' if platform?('fedora')
+
+%w(a2ensite a2dissite a2enmod a2dismod a2enconf a2disconf).each do |modscript|
+  link "/usr/sbin/#{modscript}" do
+    action :delete
+    only_if { ::File.symlink?("/usr/sbin/#{modscript}") }
+  end
+
+  template "/usr/sbin/#{modscript}" do
+    source "#{modscript}.erb"
+    mode '0700'
+    owner 'root'
+    group node['apache']['root_group']
+    action :create
+  end
+end
+
+unless platform_family?('debian')
+  cookbook_file '/usr/local/bin/apache2_module_conf_generate.pl' do
+    source 'apache2_module_conf_generate.pl'
+    mode '0755'
+    owner 'root'
+    group node['apache']['root_group']
+  end
+
+  execute 'generate-module-list' do
+    command "/usr/local/bin/apache2_module_conf_generate.pl #{node['apache']['lib_dir']} #{node['apache']['dir']}/mods-available"
+    action :nothing
+  end
+end
+
+if platform_family?('freebsd')
+
+  directory "#{node['apache']['dir']}/Includes" do
+    action :delete
+    recursive true
+  end
+
+  directory "#{node['apache']['dir']}/extra" do
+    action :delete
+    recursive true
+  end
+end
+
+if platform_family?('suse')
+
+  directory "#{node['apache']['dir']}/vhosts.d" do
+    action :delete
+    recursive true
+  end
+
+  %w(charset.conv default-vhost.conf default-server.conf default-vhost-ssl.conf errors.conf listen.conf mime.types mod_autoindex-defaults.conf mod_info.conf mod_log_config.conf mod_status.conf mod_userdir.conf mod_usertrack.conf uid.conf).each do |file|
+    file "#{node['apache']['dir']}/#{file}" do
+      action :delete
+      backup false
+    end
+  end
+end
+
+%W(
+  #{node['apache']['dir']}/ssl
+  #{node['apache']['cache_dir']}
+).each do |path|
+  directory path do
+    mode '0755'
+    owner 'root'
+    group node['apache']['root_group']
+  end
+end
+
+directory node['apache']['lock_dir'] do
+  mode '0755'
+  if node['platform_family'] == 'debian'
+    owner node['apache']['user']
+  else
+    owner 'root'
+  end
+  group node['apache']['root_group']
+end
+
+# Set the preferred execution binary - prefork or worker
+template "/etc/sysconfig/#{node['apache']['package']}" do
+  source 'etc-sysconfig-httpd.erb'
+  owner 'root'
+  group node['apache']['root_group']
+  mode '0644'
+  notifies :restart, 'service[apache2]', :delayed
+  only_if  { platform_family?('rhel', 'amazon', 'fedora', 'suse') }
+end
+
+template "#{node['apache']['dir']}/envvars" do
+  source 'envvars.erb'
+  owner 'root'
+  group node['apache']['root_group']
+  mode '0644'
+  notifies :reload, 'service[apache2]', :delayed
+  only_if  { platform_family?('debian') }
+end
+
+template 'apache2.conf' do
+  if platform_family?('rhel', 'amazon', 'fedora', 'arch', 'freebsd')
+    path "#{node['apache']['conf_dir']}/httpd.conf"
+  elsif platform_family?('debian')
+    path "#{node['apache']['conf_dir']}/apache2.conf"
+  elsif platform_family?('suse')
+    path "#{node['apache']['conf_dir']}/httpd.conf"
+  end
+  action :create
+  source 'apache2.conf.erb'
+  owner 'root'
+  group node['apache']['root_group']
+  mode '0644'
+  notifies :reload, 'service[apache2]', :delayed
+end
+
+%w(security charset).each do |conf|
+  apache_conf conf do
+    enable true
+  end
+end
+
+apache_conf 'ports' do
+  enable false
+  conf_path node['apache']['dir']
+end
+
+if node['apache']['version'] == '2.4'
+  if node['apache']['mpm_support'].include?(node['apache']['mpm'])
+    include_recipe "apache2::mpm_#{node['apache']['mpm']}"
+  else
+    Chef::Log.warn("apache2: #{node['apache']['mpm']} module is not supported and must be handled separately!")
+  end
+end
+
+node['apache']['default_modules'].each do |mod|
+  module_recipe_name = mod =~ /^mod_/ ? mod : "mod_#{mod}"
+  include_recipe "apache2::#{module_recipe_name}"
+end
+
+if node['apache']['default_site_enabled']
+  web_app node['apache']['default_site_name'] do
+    template 'default-site.conf.erb'
+    enable node['apache']['default_site_enabled']
+  end
+end
+
+apache_service_name = node['apache']['service_name']
+
+service 'apache2' do
+  service_name apache_service_name
+  case node['platform_family']
+  when 'rhel'
+    if node['platform_version'].to_f < 7.0 && node['apache']['version'] != '2.4'
+      restart_command "/sbin/service #{apache_service_name} restart && sleep 1"
+      reload_command "/sbin/service #{apache_service_name} graceful && sleep 1"
+    end
+  when 'debian'
+    provider Chef::Provider::Service::Debian
+  when 'arch'
+    service_name apache_service_name
+  end
+  supports [:start, :restart, :reload, :status]
+  action [:enable, :start]
+  only_if "#{node['apache']['binary']} -t", environment: { 'APACHE_LOG_DIR' => node['apache']['log_dir'] }, timeout: 10
+end

cookbooks/apache2/recipes/mod_access_compat.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_access_compat
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'access_compat'

cookbooks/apache2/recipes/mod_actions.rb

@@ -0,0 +1,22 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_actions
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'actions' do
+  conf true
+end

cookbooks/apache2/recipes/mod_alias.rb

@@ -0,0 +1,22 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_alias
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'alias' do
+  conf true
+end

cookbooks/apache2/recipes/mod_allowmethods.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_allowmethods
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'allowmethods'

cookbooks/apache2/recipes/mod_apreq2.rb

@@ -0,0 +1,50 @@
+#
+# Cookbook:: apache2
+# Recipe:: apreq2
+#
+# modified from the python recipe by Jeremy Bingham
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'apache2::default'
+
+case node['platform_family']
+when 'debian'
+  package 'libapache2-mod-apreq2'
+when 'suse'
+  package 'apache2-mod_apreq2' do
+    notifies :run, 'execute[generate-module-list]', :immediately
+  end
+when 'rhel', 'fedora', 'amazon'
+  package 'libapreq2' do
+    notifies :run, 'execute[generate-module-list]', :immediately
+  end
+
+  # seems that the apreq lib is weirdly broken or something - it needs to be
+  # loaded as 'apreq', but on RHEL & derivitatives the file needs a symbolic
+  # link to mod_apreq.so.
+  link "#{node['apache']['libexec_dir']}/mod_apreq.so" do
+    to "#{node['apache']['libexec_dir']}/mod_apreq2.so"
+    only_if "test -f #{node['apache']['libexec_dir']}/mod_apreq2.so"
+  end
+end
+
+file "#{node['apache']['dir']}/conf.d/apreq.conf" do
+  content '# conf is under mods-available/apreq.conf - apache2 cookbook\n'
+  only_if { ::Dir.exist?("#{node['apache']['dir']}/conf.d") }
+end
+
+apache_module 'apreq'

cookbooks/apache2/recipes/mod_asis.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_asis
+#
+# Copyright:: 2008-2009, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'asis'

cookbooks/apache2/recipes/mod_auth_basic.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_auth_basic
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'auth_basic'

cookbooks/apache2/recipes/mod_auth_cas.rb

@@ -0,0 +1,68 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_auth_cas
+#
+# Copyright:: 2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'apache2::default'
+
+if node['apache']['mod_auth_cas']['from_source']
+  package node['apache']['devel_package']
+
+  git '/tmp/mod_auth_cas' do
+    repository 'git://github.com/Jasig/mod_auth_cas.git'
+    revision node['apache']['mod_auth_cas']['source_revision']
+    notifies :run, 'execute[compile mod_auth_cas]', :immediately
+  end
+
+  execute 'compile mod_auth_cas' do
+    command './configure && make && make install'
+    cwd '/tmp/mod_auth_cas'
+    not_if "test -f #{node['apache']['libexec_dir']}/mod_auth_cas.so"
+  end
+
+  template "#{node['apache']['dir']}/mods-available/auth_cas.load" do
+    source 'mods/auth_cas.load.erb'
+    owner 'root'
+    group node['apache']['root_group']
+    mode '0644'
+  end
+else
+  case node['platform_family']
+  when 'debian'
+    package 'libapache2-mod-auth-cas'
+
+  when 'rhel', 'fedora', 'amazon'
+    yum_package 'mod_auth_cas' do
+      notifies :run, 'execute[generate-module-list]', :immediately
+    end
+
+    file "#{node['apache']['dir']}/conf.d/auth_cas.conf" do
+      content '# conf is under mods-available/auth_cas.conf - apache2 cookbook\n'
+      only_if { ::Dir.exist?("#{node['apache']['dir']}/conf.d") }
+    end
+  end
+end
+
+apache_module 'auth_cas' do
+  conf true
+end
+
+directory "#{node['apache']['cache_dir']}/mod_auth_cas" do
+  owner node['apache']['user']
+  group node['apache']['group']
+  mode '0700'
+end

cookbooks/apache2/recipes/mod_auth_digest.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_auth_digest
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'auth_digest'

cookbooks/apache2/recipes/mod_auth_form.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_auth_form
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'auth_form'

cookbooks/apache2/recipes/mod_auth_openid.rb

@@ -0,0 +1,122 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_auth_openid
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+openid_dev_pkgs = value_for_platform_family(
+  'debian'        => %W(automake make g++ #{node['apache']['devel_package']} libopkele-dev libopkele3 libtool),
+  'suse'          => %W(automake make g++ #{node['apache']['devel_package']} libopkele-dev libopkele3 libtool),
+  %w(rhel fedora amazon) => %W(gcc-c++ #{node['apache']['devel_package']} curl-devel libtidy libtidy-devel sqlite-devel pcre-devel openssl-devel make libtool),
+  'arch'          => %w(libopkele),
+  'freebsd'       => %w(libopkele pcre sqlite3)
+)
+
+make_cmd = value_for_platform_family(
+  'freebsd' => { 'default' => 'gmake' },
+  'default' => 'make'
+)
+
+case node['platform_family']
+when 'arch'
+  package 'tidyhtml'
+
+  pacman_aur openid_dev_pkgs.first do
+    action [:build, :install]
+  end
+else
+  openid_dev_pkgs.each do |pkg|
+    package pkg
+  end
+end
+
+case node['platform_family']
+when 'rhel', 'fedora', 'amazon'
+  remote_file "#{Chef::Config['file_cache_path']}/libopkele-2.0.4.tar.gz" do
+    source 'http://kin.klever.net/dist/libopkele-2.0.4.tar.gz'
+    mode '0644'
+    checksum '57a5bc753b7e80c5ece1e5968b2051b0ce7ed9ce4329d17122c61575a9ea7648'
+  end
+
+  bash 'install libopkele' do
+    cwd Chef::Config['file_cache_path']
+    # Ruby 1.8.6 does not have rpartition, unfortunately
+    syslibdir = node['apache']['lib_dir'][0..node['apache']['lib_dir'].rindex('/')]
+    code <<-EOH
+    tar zxvf libopkele-2.0.4.tar.gz
+    cd libopkele-2.0.4 && ./configure --prefix=/usr --libdir=#{syslibdir}
+    #{make_cmd} && #{make_cmd} install
+    EOH
+    creates "#{syslibdir}/libopkele.a"
+  end
+end
+
+version = node['apache']['mod_auth_openid']['version']
+configure_flags = node['apache']['mod_auth_openid']['configure_flags']
+
+remote_file "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}.tar.gz" do
+  source node['apache']['mod_auth_openid']['source_url']
+  mode '0644'
+  action :create_if_missing
+end
+
+directory node['apache']['mod_auth_openid']['cache_dir'] do
+  owner node['apache']['user']
+  group node['apache']['group']
+  mode '0700'
+end
+
+bash 'untar mod_auth_openid' do
+  cwd Chef::Config['file_cache_path']
+  code <<-EOH
+  tar zxvf mod_auth_openid-#{version}.tar.gz
+  EOH
+  creates "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}/src/types.h"
+end
+
+bash 'compile mod_auth_openid' do
+  cwd "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}"
+  code <<-EOH
+  ./autogen.sh
+  ./configure #{configure_flags.join(' ')}
+  perl -pi -e "s/-i -a -n 'authopenid'/-i -n 'authopenid'/g" Makefile
+  #{make_cmd}
+  EOH
+  creates "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}/src/.libs/mod_auth_openid.so"
+  notifies :run, 'bash[install-mod_auth_openid]', :immediately
+  not_if "test -f #{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}/src/.libs/mod_auth_openid.so"
+end
+
+bash 'install-mod_auth_openid' do
+  cwd "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}"
+  code <<-EOH
+  #{make_cmd} install
+  EOH
+  creates "#{node['apache']['libexec_dir']}/mod_auth_openid.so"
+  notifies :restart, 'service[apache2]'
+  not_if "test -f #{node['apache']['libexec_dir']}/mod_auth_openid.so"
+end
+
+template "#{node['apache']['dir']}/mods-available/authopenid.load" do
+  source 'mods/authopenid.load.erb'
+  owner 'root'
+  group node['apache']['root_group']
+  mode '0644'
+end
+
+apache_module 'authopenid' do
+  filename 'mod_auth_openid.so'
+end

cookbooks/apache2/recipes/mod_authn_anon.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authn_anon
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authn_anon'

cookbooks/apache2/recipes/mod_authn_core.rb

@@ -0,0 +1,23 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authn_core
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+if node['apache']['version'] == '2.4'
+  apache_module 'authn_core'
+else
+  Chef::Log.info('Ignoring apache2::mod_authn_core. not available until apache 2.4')
+end

cookbooks/apache2/recipes/mod_authn_dbd.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authn_dbd
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authn_dbd'

cookbooks/apache2/recipes/mod_authn_dbm.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authn_dbm
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authn_dbm'

cookbooks/apache2/recipes/mod_authn_file.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authn_file
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authn_file'

cookbooks/apache2/recipes/mod_authn_socache.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authn_socache
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authn_socache'

cookbooks/apache2/recipes/mod_authnz_fcgi.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authnz_fcgi
+#
+# Copyright:: 2016, Alexander van Zoest
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authnz_fcgi'

cookbooks/apache2/recipes/mod_authnz_ldap.rb

@@ -0,0 +1,22 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authnz_ldap
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'apache2::mod_ldap'
+
+apache_module 'authnz_ldap'

cookbooks/apache2/recipes/mod_authz_core.rb

@@ -0,0 +1,24 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authz_core
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if node['apache']['version'] == '2.4'
+  apache_module 'authz_core'
+else
+  apache_module 'authz_default'
+end

cookbooks/apache2/recipes/mod_authz_dbd.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authz_dbd
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authz_dbd'

cookbooks/apache2/recipes/mod_authz_dbm.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authz_dbm
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authz_dbm'

cookbooks/apache2/recipes/mod_authz_default.rb

@@ -0,0 +1,21 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authz_default
+#
+# Copyright:: 2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+log 'apache2::mod_authz_default is deprecated in favor of apache2::mod_authz_core. Please adjust your cookbooks'
+include_recipe 'apache2::mod_authz_core'

cookbooks/apache2/recipes/mod_authz_groupfile.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authz_groupfile
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authz_groupfile'

cookbooks/apache2/recipes/mod_authz_host.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authz_host
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authz_host'

cookbooks/apache2/recipes/mod_authz_owner.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authz_owner
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authz_owner'

cookbooks/apache2/recipes/mod_authz_user.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_authz_user
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'authz_user'

cookbooks/apache2/recipes/mod_autoindex.rb

@@ -0,0 +1,22 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_autoindex
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'autoindex' do
+  conf true
+end

cookbooks/apache2/recipes/mod_buffer.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_buffer
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'buffer'

cookbooks/apache2/recipes/mod_cache.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_cache
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'cache'

cookbooks/apache2/recipes/mod_cache_disk.rb

@@ -0,0 +1,22 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_cache_disk
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'cache_disk' do
+  conf true
+end

cookbooks/apache2/recipes/mod_cache_socache.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_cache_socache
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'cache_socache'

cookbooks/apache2/recipes/mod_cern_meta.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_cern_meta
+#
+# Copyright:: 2016, Alexander van Zoest
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'cern_meta'

cookbooks/apache2/recipes/mod_cgi.rb

@@ -0,0 +1,26 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_cgi
+#
+# Copyright:: 2008-2013, Chef Software, Inc.
+# Copyright:: 2014, Viverae, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if node['apache']['mpm'] == 'prefork'
+  apache_module 'cgi'
+else
+  Chef::Log.warn "apache::mod_cgi. Your MPM #{node['apache']['mpm']} seems to be threaded. Selecting cgid instead of cgi."
+  apache_module 'cgid'
+end

cookbooks/apache2/recipes/mod_cgid.rb

@@ -0,0 +1,23 @@
+#
+# Cookbook:: apache2
+# Recipe:: mod_cgid
+#
+# Copyright:: 2013, OneHealth Solutions, Inc.
+# Copyright:: 2014, Viverae, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apache_module 'cgid' do
+  conf true
+end