Particularly on RHEL versions, the bundled httpd is many versions behind. For feature or security reasons, many build their own Apache versions and install them in locations with conf dirs other than /etc/httpd.

I propose an httpd_dir parameter passable at class declaration which overrides the OS-default for apache::params::httpd_dir, as follows:

class { 'apache':
httpd_dir = '/usr/local',
}

Presently the version of the puppetlabs-mrepo module published on module forge requires functionality in puppetlabs-apache that is not in the released version of puppetlabs-apache (namely $custom_fragment in apache::vhost). As such, the mrepo module on moduleforge is useless. Any chance of cutting a new release of this apache module to module forge? (And shooting the mrepo maintainer for not coordinating his/her release with the apache module owners).

As per https://github.com/blog/1184-contributing-guidelines

Especially if feature pull requests are to go to some other repository/branch for incorporating into puppetlabs-apache.

http://www.apachetutor.org/admin/reverseproxies documents the recommended pattern for configuring reverse proxies in a flexible and stable manner. (More resilient to shaky redirects from the backend)

# /foo/bar is handled by the front-end
ProxyPass ! /foo/bar
ProxyPass /foo/ http://backend01-prod/foo/
<Location /foo/>
  ProxyPassReverse /
</Location>

I strongly recommend using this pattern. But more importantly, it would be nice to be able to configure the URI that's supposed to be proxied, rather than just '/'. The exclusion of patterns is a nice-to-have.

Is it possible to have the module test the apache config before it stops apache?

It could not stop apache is error were detected in the config files, then error out on puppet level, but leaving apache running... Good idea?

would be nice to open ports other than the default 80 and 443

Hi, i was trying to use this module in my puppet...
but i got this error

Error 400 on SERVER: Class['apache::params']: Unsupported operatingsystem: Debian at /etc/puppet/modules/apache/manifests/params.pp:93 on ....

it may be related to the use of an older version of puppet ... (2.6.X)
isn't it supposed to work?

Thanks

I want to use Apache as a webserver for git visualization tool like GitLab or GitList.
Unfortunatelly I need to have option to set that user www-data is part of group git.

But when I tried to set following:

user { 
    'www-data':
        groups => [ 'git', 'www-data' ];
}

I recieve an error, that User with this name is already defined in modules/apache/manifest/init.pp on line 72.

Currently the apache::vhost::directories parameter takes a hash that can contain:

• path
• options
• allow_override
• order
• deny
• addhandlers
• extensions
• passenger_enabled

(NB: these are not fully documented yet.)

It should be modified to support configuration via the other templates/vhost/_*.erb template fragments, ie _rewrite.erb and _custom_fragment.erb via the matching parameters for the fragment without code duplication.

When using the command mco puppet runonce --wi computername from an mcollective server, the .load files do not get set right and apache is unable to start. The error from apache is Starting httpd: httpd: Syntax error on line 139 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /etc/httpd/mod.d/actions.load: Cannot load /var/lib/puppet/lib/facter:/var/lib/puppet/facts into server: /var/lib/puppet/lib/facter:/var/lib/puppet/facts: cannot open shared object file: No such file or directory

Actions.load file is as follows:
LoadModule actions_module /var/lib/puppet/lib/facter:/var/lib/puppet/facts

BUT when the puppet agent is run on the machine itself with the command puppet agent --no-daemonize --debug the .load files get set right and apache is able to start without issues.

The environment is CentOS 6.2 Final 64-bit with Apache/2.2.15

I'd like to add the ability to specify multiple RackBaseURI for supporting instances with Passenger, where there are multiple rails/rack environments on one virtual host.

As far as I can tell, there's no way to do this in this module right now and its difficult for me to add from the outside (because of the fact that VHost files are managed centrally by the apache module). Therefore the only way for me is to incorporate this feature locally, I'd prefer to get it in the master. Please let me know what you think.

** MORE DETAILS **

For example, I have in my VHost the following configuration. I would like to reproduce this using Apache module.

< VirtualHost *:80>
.....

http://www.modrails.com/documentation/Users%20guide%20Apache.html#deploying_rails_to_sub_uri

Main vhost

DocumentRoot /webroot/
< Directory /webroot/>
.....
< /Directory>

Rack vhost 1

RackBaseURI /vhost1
< Directory /vhost1.files/>
Options -MultiViews
< /Directory>

Rack vhost 2

RackBaseURI /vhost2
< Directory /vhost2.files/>
Options -MultiViews
< /Directory>

..

< /VirtualHost>

Currently a configuration file for mod_php5 gets installed as ${apache::params::vdir}/php.conf. This $apache::params::vdir is ${httpd_dir}/conf.d on RHEL/CentOS and /etc/apache2/sites-enabled on Ubuntu/Debian.

I don't think this is the correct behaviour for Ubuntu/Debian. There, /etc/apache2/sites-enabled should be used solely for virtual host configurations. Regular configuration snippets should be placed in /etc/apache2/conf.d.

In the case of an Apache module the configuration is probably even better placed in /etc/apache2/mods-enabled/<modname>.conf. The php5 module itself is configured this way by the native operating system package (libapache2-mod-php5), so the configuration apache::mod::php manages might even better be merged with that. This goes for other modules as well, such as proxy, userdir and disk_cache, but that is probably better discussed in a separate issue.

In any case I think a variable $apache::params::conf_dir should be introduced for Ubuntu/Debian that points to /etc/apache2/conf.d and used for installing configuration snippets, so /etc/apache2/sites-enabled only contains virtual host definitions. I might submit a PR later when I had some time to test this out.

As it is, it doesn't appear that there's a built in way in this module to create vhosts purely in hiera. This would be something like the various apach::mod::* classes, just calling create resources on a data structure pulled from hiera.

something like this (these names are just placeholders, of course)

class apache::hiera_vhosts ($vhost_data) {

  create_resources('apache::vhost', $vhost_data)

}

i´m using apache2, debian 7 and php 5.3.x

when im trying

apache::mod { 'php': }

its not working. php module not found.

if i try

apache::mod { 'php5': }

its working. but php5.conf will be not created

Needed to add this in to load the mod_proxy_http module for a reverse proxy configuration. This should be loaded by default

Hello,

I think you should change the vhost file mode in manifests/vhost.pp from 777 to 644.
Why do you want 777 on your vhost configuration files?

Regards,

mookie-

Getting the following error which seems to occur when mod_proxy_balancer.so isn't loaded.

ProxyPass Can't find 'byrequests' lb method

Is it possible to set the default port to listen to within /etc/apache2/ports.conf?

I am using apache behing nginx and so want the default port to be 81 rather than 80. I can't see any way of doing this at the moment.

class { 'apache': }

attempts to create ports.conf file before actual installation of Apache -- before the /etc/apache or similar folder has been created.

Error: Could not set 'file' on ensure: No such file or directory - /etc/apache2/ports.conf.puppettmp_7934 at 154:/tmp/vagrant-puppet/modules-0/concat/manifests/init.pp
Error: Could not set 'file' on ensure: No such file or directory - /etc/apache2/ports.conf.puppettmp_7934 at 154:/tmp/vagrant-puppet/modules-0/concat/manifests/init.pp
Wrapped exception:
No such file or directory - /etc/apache2/ports.conf.puppettmp_7934
Error: /Stage[main]/Apache/Concat[/etc/apache2/ports.conf]/File[/etc/apache2/ports.conf]/ensure: change from absent to file failed: Could not set 'file' on ensure: No such file or directory - /etc/apache2/ports.conf.puppettmp_7934 at 154:/tmp/vagrant-puppet/modules-0/concat/manifests/init.pp

<Proxy *> (or any parameter other than *) should only be needed when we configure a forward proxy. That is, when we explicitly configure a forward proxy, that is, when we explicitly set ProxyRequests On. That is by default off in httpd; off in Debian, but Debian goes the extra mile of making all proxy configurations more complicated by having to account for a global setting of <proxy *> deny from all</proxy>

a <Proxy *> block should only be necessary, when ProxyRequests is set to On. In an ideal world, the * would be configurable, too, but lets not get too far ahead of ourselves.

file { 'dav_fs.conf':
  ensure  => file,
  path    => "${apache::mod_dir}/dav_fs.conf",
  content => template('apache/mod/php.conf.erb'),
}

should be:

file { 'dav_fs.conf':
  ensure  => file,
  path    => "${apache::mod_dir}/dav_fs.conf",
  content => template('apache/mod/dav_fs.conf.erb'),
}

Feature request: use symlinks in Debian-style configuration tree. Create the actual file in sites-available; create a symlink with target => ../sites-available/${priority}-${name}. Ensure the symlink does not exist if the vhost is disabled.

This issue effects Debian based distributions only.

Any packages provided by apt-get that use a2enmod to verify that an apache module has been enabled will fail if there are real files in/etc/apache2/mods-enabled with the error:

ERROR: Module headers not properly enabled: /etc/apache2/mods-enabled/ssl.load is a real file, not touching it

When a package is installed with apt-get you see:

# apt-get install puppetmaster-passenger
Reading package lists... Done
Building dependency tree
Reading state information... Done
puppetmaster-passenger is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue [Y/n]? y
Setting up puppetmaster-passenger (3.1.0-1puppetlabs1) ...
ERROR: Module ssl not properly enabled: /etc/apache2/mods-enabled/ssl.load is a real file, not touching it
dpkg: error processing puppetmaster-passenger (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 puppetmaster-passenger
E: Sub-process /usr/bin/dpkg returned an error code (1)

or with puppet:

# puppet apply /etc/puppet/manifests/site.pp
Error: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install puppetmaster-passenger' returned 100: Reading package lists...
Building dependency tree...
Reading state information...
puppetmaster-passenger is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up puppetmaster-passenger (3.1.0-1puppetlabs1) ...
ERROR: Module ssl not properly enabled: /etc/apache2/mods-enabled/ssl.load is a real file, not touching it
dpkg: error processing puppetmaster-passenger (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 puppetmaster-passenger
E: Sub-process /usr/bin/dpkg returned an error code (1)

Where should new virtual host templates be located when using this module? Suppose we want to host multiple site-specific Redmine instances in one virtual host that runs behind a reverse proxy (also Apache). I'd write a template that looks like the one below. Where would I put this template? Probably in /etc/puppet/modules/apache/templates, right? But doesn't this violate the principle that one shouldn't have to touch a (3rd-party) module at all just to use it?

The vhost declaration would look like this:

  apache::vhost { $::fqdn:
    ssl                => false,
    priority           => '10',
    port               => '80',
    docroot            => "/var/www/${::fqdn}",
    template           => 'apache/vhost-multiple-redmines.erb',
    configure_firewall => false,
    serveraliases      => [ 'projects.example.com', 'www.projects.example.com', ],
  }

Here's the vhost template:

# vhost-multiple-redmines.conf.erb

<VirtualHost <%= vhost_name %>:<%= port %>>
    ServerName <%= srvname %>
<% if serveradmin %>
    ServerAdmin <%= serveradmin %>
<% end %>

    DocumentRoot <%= docroot %>
    <Directory <%= docroot %>>
        Options <%= options %>
        AllowOverride <%= Array(override).join(' ') %>
        Order allow,deny
        allow from all
    </Directory>

    ErrorLog <%= logroot %>/<%= name %>_error.log
    LogLevel notice
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_forwarded
    SetEnvIfNoCase X-Forwarded-For "." from_proxy=1
    ErrorLog  <%= logroot %>/<%= name %>_error.log
    CustomLog <%= logroot %>/<%= name %>_access.log combined env=!from_proxy
    CustomLog <%= logroot %>/<%= name %>_access.log combined_forwarded env=from_proxy

    RackBaseURI /redmineA
    <Directory <%= docroot %>/redmineA>
        Options -MultiViews
    </Directory>   

    RackBaseURI /redmineB
    <Directory <%= docroot %>/redmineB>
        Options -MultiViews
    </Directory>   

    RackBaseURI /redmineC
    <Directory <%= docroot %>/redmineC>
        Options -MultiViews
    </Directory>   

    ServerSignature Off
</VirtualHost>

Currently the apache::vhost accepts a port parameter or an ip_based parameter. If both of these are omitted then it creates a name-based vhost.

apache::vhost should not implicitly resort to port-based, name-based, or ip-based vhosts. It should require one of port => '<integer>', name_based => <bool>, or ip_based => <bool> to determine the type of vhost.

All the use cases from http://httpd.apache.org/docs/current/vhosts/examples.html should still be available.

This would simplify or remove the https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/vhost.pp#L203-L223 logic.

As the module is written now it cannot handle both RHEL 5 and RHEL 5 based OSes. (This includes the latest Amazon image which appears to be RHEL 6 based.) The issues are:

• On a RHEL 6 based host Apache cannot start because apache::mod::default references modules that are not present in the Apache package that ships with this OS version.
• On RHEL based hosts files created by Apache module packages are installed into /etc/httpd/conf.d but are then deleted by this puppet module.
• The httpd.conf file for RHEL is not usable in a large environment with multiple Apache setups where some hosts may require individualized setup and tweaking.

I think the root of this issue is the module is attempting to manage the contents of httpd.conf unlike it does on Debian. (I understand the reason for this is in the differences between how Debian and RHEL manage Apache setup.) For RHEL what I would propose is the following:

• Have the module stop managing the contents of httpd.conf. If a consumer needs to manage it's settings they should do it from their infrastructure module.
• Change $vdir for RHEL to point to ${httpd_dir}/vhosts.d
  • A file can then be dropped into ${httpd_dir}/conf.d to include the config files in ${httpd_dir}/vhosts.d
• Introduce $confd for both RHEL and Debian and set to ${httpd_dir}/conf.d.
  • Modules that were dropping config files into $vdir should be updated to use $confd
• Stop using ${httpd_dir}/mod.d on RHEL.
  • RHEL does not have the concept of modules-{available, enabled}. A module is enabled when it is installed on RHEL
• Stop managing the default modules on RHEL hosts.
  • If httpd.conf is not having its contents managed by the module then it's no longer necessary to do this on RHEL.

Thoughts on these ideas?

class {'apache': 
    default_ssl_vhost => true,
 }

Drops an error:
Error: Invalid parameter default_ssl_vhost at ......

Or did I misunderstood the usage of the default_ssl_vhost option? Please drop me an example in that case please.

Bug on SL 6 x86-64.

Files /etc/httpd/conf.d/*.conf contains wrond LoadModule line:

LoadModule actions_module modules/

Please add quotation marks in manifests/mod.pp
diff is listed below:

$mod_lib = $mod_libs[$mod] # 2.6 compatibility hack
if $lib {
$lib_REAL = $lib

• } elsif $mod_lib {

• } elsif "$mod_lib" {
  $lib_REAL = $mod_lib
  } else {
  $lib_REAL = "mod_${mod}.so"

This isn't directly an issue with the puppetlabs-apache project, but it does affect its users, so I thought I'd raise it for discussion.

librarian-puppet uses Rubygems' versioning scheme internally, which does not expect - characters. For pre-release versions, Rubygems uses the format 0.5.0.rc1. In my own fork, I've done a quick-and-dirty hack that allows some mapping between these version formats (dgoodlad/librarian-puppet@996eb9a) but it feels like overkill. Since there's a fair bit of Ruby-focused tooling growing around Puppet, it might be worthwhile following Rubygems' versioning conventions (barring the 0.1.x format, which is already more widely used).

There doesn't seem to be any official guidance from Puppet Labs' documentation around prerelease versions, but I'd argue that it would be best to settle on the Rubygems style.

The debian convention is to make a file in /etc/apache2/sites-available for each virtual host, and then use the a2ensite script to enable that virtual host.

The a2ensite script sets up a symbolic link pointing to the file from sites-enabled.

This puppet module instead just drops the file right in sites-enabled.

It works OK, but it isn't conventional.

How can I disable or uninstall an apache module?

For example, if I stop using mod rewrite, I should be able to stop it from being loaded.

Is that functionality that has yet to be written?

As some colleagues were using this apache module with their hand-rolled templates (which have not so much in common with the template that's coming with the module), 0.7.0 is not really usable for us.

I don't know If I'm the only one running into problems because of this and if it's worth to bring back template support in the old way, but if yes, please tell me here.

Hi,

to use the puppetlabs-apache module to configure a reverse proxy with some ssl-enabled application servers in the backend the directive SSLProxyEngine On has to be added to the vhost class.
i.e.

apache::vhost { "test.example.com":
   ...
  proxy_dest => "balancer://mybalancer",
  sslproxyengine => true,
}

best wishes,
Matthias

Right now there are two options, either to enable a rather broad batch of modules that someone found to be a good default set, or to leave them unmanaged all-together.

It would be better to give users the ability to manage their set of default modules.

The puppetlabs-apache module activates configured apache::vhosts before installing or activating Apache modules like WSGI or Passenger (for the latter I will submit a pull request soon). This is problematic when a (custom) vhost template is to be used that requires, for example, WSGI or Passenger.

An example configuration:

node web01.example.com {
  include 'repos::mod_passenger'
  include 'apache'
  include 'apache::mod::passenger'
  include 'rubygems'

  Class['repos::mod_passenger']
  -> Class['apache']
  -> Class['apache::mod::passenger']
  -> Class['rubygems']

  apache::vhost { $::fqdn:
    priority           => '10',
    port               => '80',
    docroot            => "/var/www/${::fqdn}",
    template           => 'apache/vhost-redmine.conf.erb',
    configure_firewall => false,
  }

Notice the vhost template, which is used to deploy Redmine with Passenger. It contains a stanza like this:

    RackBaseURI /redmine
    <Directory <%= docroot %>/redmine>
        Options -MultiViews
    </Directory> 

What happens here on a pristine node is this:

1. Apache gets installed, along with explicit dependencies of the vhost, like SSL
2. The configured vhost gets installed and activated, which notifies the Apache service
3. Apache wants to restart but chokes because the newly activated vhost contains keywords and configuration stanzas provided by modules that are not yet activated, in this case RackBaseURI. The puppetrun then throws an error because Apache couldn't restart:

Error: /Stage[main]/Apache/Service[httpd]: Could not start Service[httpd]: Execution of '/etc/init.d/apache2 start' returned 1: 

1. Only now, after Apache couldn't be restarted, the passenger package gets installed and activated:

/Stage[main]/Apache::Mod::Passenger/Package[mod_passenger_package]/ensure: ensure changed 'purged' to 'present'

A subsequent puppetrun is needed for Apache to restart correctly, because now the missing module (passenger) is installed and activated.

What is the proper way to deal with this kind of situation? Explicitly having Apache::Vhost[$::fqdn] depend on Class['apache::mod::passenger'] doesn't work because that introduces a dependency cycle.

Ideally vhosts would only get activated after all modules are installed and enabled. But the way the vhost defined type is written I don't see how this could be done without causing dependency cycles.

Hi,
I use puppet 2.6.18, and my puppet return errors at some manifest files. Errors are related with last comma in class parameters list.

Explanation:
class (
<parameter 1>,
<parameter 2>,
<parameter 3>, # <-- This comma cause error
) {
...
}

See 656dd99#commitcomment-3421905

If you want to use one configuration for more subdomain, like *.loc (especialy for local development), you need to set VirtualDocumentRoot instead of standard DocumentRoot.

http://httpd.apache.org/docs/2.2/mod/mod_vhost_alias.html

Currently it is only available in the type apache::vhost

If you just use the base class you install apache but you can't open the http port.

You could add an independent firewall resource, but if you include apache more than once (ex : apache required by many other modules), then :

• you get errors because of multiple declaration if you use the same resource name
  or
• you have many rules in the live firewall, just to open port 80, and this is not clean

Currently I use a separate module 'apachefw' that just opens the http port and I

include apache
include apachefw

I can't use apache::vhost for the same reason : I include it in other modules and then I would have multiple declarations of the vhost

Hi everyone,

please support ProxyErrorOverride as a parameter to mod_proxy.

http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyerroroverride

best wishes,
Matthias

The apache::mod::* classes that have .conf file resources don't refresh the service when the configs are updated, but they should.

I've tried the obvious

rewrite_rule =>['rule1', 'rule2', ...]

but that didn't work, is there any way to specify multiple rewrite rules for a vhost?

Error: Illegal attempt to assign via [index/key]. Not an assignable reference at /etc/puppet/modules/apache/manifests/params.pp:63:5

63: $mod_packages['php5'] = $distrelease ? {
64- '5' => 'php53',
65- '6' => 'php',
66- }

parser=future

puppetlabs-apache currently enforces a few standards on module formats which may not be appropriate.

For instance, in the shibboleth module, this is the standard form for declaring the module to apache:

LoadModule mod_shib /opt/shibboleth-sp/lib/shibboleth/mod_shib_22.so

However, this is how puppetlabs-apache creates the LoadModule line:

content => "LoadModule ${mod}_module ${lib_path}/${lib_REAL}\n",

I propose that the apache::mod type accept two new parameters: "identifier" and "path." $path would be override $lib if present, and would allow for explicit setting of the second parameter of the LoadModule configuration directive.

I should have code to submit soon.

I would like to overwrite some of the apache confs installed by various packages. As an example, on $::osfamily = redhat the ganglia-web rpm provides this file: /etc/httpd/conf.d/ganglia.conf. I would like to directly overwrite that file instead of having to delete it and provide a separate configuration. Would a patch to allow specifying the absolute path of the apache::vhost config file be accepted?

Using stdlib-2.6.0 and concat-0.2.0 and apache-0.8.0 via tarballs renamed to stdlib, concat, and apache respectively. No additions, deletions, or edits made to any of the files in the 3 tarballs. Using centos-6.3 with puppet-2.6.17 for master and agent.

The error comes at the end of the parameter list with:
) inherits apache::params {

I can see no syntax error there or anywhere else in that file. I'm using pluginsync = true in case that matters.

Any suggestions?

Any suggestions

By default Centos 6, there is file named passenger.conf created in the /etc/httpd/conf.d/ directory. This sets the value of PassengerRoot and PassengerRuby for all configurations. When a vhost is instantiated this file is removed from the directory.

Added additional OS family of 'Linux' in case statements and selectors. Currently only the 'debian' and 'redhat' families are supported, but Amazon Linux AMI's report back 'Linux' as their OS family fact.

Also added support for $distrelease to be '3' in params.pp since Amazon reports that fact differently as well.

In all the cases I modified, I used the same parameter as RedHat, since Amazon seems to still very closely match RHEL.

Example:

directories => [ { path => '/var/www/youshouldnotbehere', deny => 'from all' } ]

Creates:

  <Directory /var/www/youshouldnotbehere>
    AllowOverride None
    Order allow,deny
    Deny from all
    Allow from all
  </Directory>

The Allow from all part is in fact disabling the Deny from all part.
Defining allow => '' or allow => false has no effect.

I think defining allow => false should remove the Allow rule from the vhost configuration entirely.

I've created a simple vhost:

    apache::vhost{'default_p':
            port => 80,
            docroot => '/var/www',
    }

Which seems to create a dependency cycle. This happens regardless of if I've previously declared /var/www as a File resource

I'm using the master branch of the git repository for the module, and running Puppet 3.1.0