All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
v5.5.0 (2020-07-01)
- Allow IPv6 CIDRs for proxy_protocol_exceptions in mod remoteip #2033 (thechristschn)
- (IAC-746) - Add ubuntu 20.04 support #2032 (david22swan)
- Replace legacy
bool2httpd\(\)
function with shim #2025 (alexjfisher) - Tidy up
pw\_hash
function #2024 (alexjfisher) - Replace validate_apache_loglevel() with data type #2023 (alexjfisher)
- Add ProxyIOBufferSize option #2014 (jplindquist)
- Add support for SetInputFilter directive #2007 (HoucemEddine)
- [MODULES-10530] Add request limiting directives on virtual host level #1996 (aursu)
- [MODULES-10528] Add ErrorLogFormat directive on virtual host level #1995 (aursu)
- Add template variables and parameters for ModSecurity Audit Logs #1988 (jplindquist)
- (MODULES-10432) Add mod_auth_openidc support #1987 (asieraguado)
- (MODULES-10712) Fix mod_ldap on RH/CentOS 5 and 6 #2041 (h-haaks)
- Update mod_dir, alias_icons_path, error_documents_path for CentOS 8 #2038 (initrd)
- Ensure switching of thread module works on Debian 10 / Ubuntu 20.04 #2034 (tuxmea)
- MODULES-10586 Centos 8: wrong package used to install mod_authnz_ldap #2021 (farebers)
- Re-add package for fcgid on debian/ubuntu machines #2006 (vStone)
- Use ldap_trusted_mode in conditional #1999 (dacron)
- Typo in oidcsettings.pp #1997 (asieraguado)
- Fix proxy_html Module to work on Debian 10 #1994 (buchstabensalat)
- (MODULES-10360) Fix icon paths for RedHat systems #1991 (2and3makes23)
- SSLProxyEngine on has to be set before any Proxydirective using it #1989 (zivis)
v5.4.0 (2020-01-22)
v5.3.0 (2019-12-11)
- (FM-8672) - Addition of Support for CentOS 8 #1977 (david22swan)
- (MODULES-9948) Allow switching of thread modules #1961 (tuxmea)
- Fix newline being added before proxy params #1984 (oxc)
- When using mod jk, we expect the libapache2-mod-jk package to be installed #1979 (tuxmea)
- move unless into manage_security_corerules #1976 (SimonHoenscheid)
- Change mod_proxy's ProxyTimeout to follow Apache's global timeout #1975 (gcoxmoz)
- (FM-8721) fix php version and ssl error on redhat8 #1973 (sheenaajay)
v5.2.0 (2019-11-01)
- Add parameter version for mod security #1953 (tuxmea)
- add possibility to define variables inside VirtualHost definition #1947 (trefzer)
- (FM-8662) Correct in manifests/mod/ssl.pp for SLES 11 #1963 (sanfrancrisko)
- always quote ExpiresDefault in vhost::directories #1958 (evgeni)
- MODULES-9904 Fix lbmethod module load order #1956 (optiz0r)
- Add owner, group, file_mode and show_diff to apache::custom_config #1942 (treydock)
- Add shibboleth support for Debian 10 #1939 (fabbks)
v5.1.0 (2019-09-13)
- (FM-8393) add support on Debian 10 #1945 (ThoughtCrhyme)
- FM-8140 Add Redhat 8 support #1941 (sheenaajay)
- (FM-8214) converted to use litmus #1938 (tphoney)
- (MODULES-9668 ) Please make ProxyRequests setting in vhost.pp configurable #1935 (aukesj)
- Added unmanaged_path and custom_fragment options to userdir #1931 (GeorgeCox)
- Add LDAP parameters to httpd.conf #1930 (daveseff)
- Add LDAPReferrals configuration parameter #1928 (HT43-bqxFqB)
- (MODULES-9104) Add file_mode to config files. #1922 (stevegarn)
- (bugfix) Add default package name for mod_ldap #1913 (turnopil)
- Remove event mpm when using prefork, worker or itk #1905 (tuxmea)
v5.0.0 (2019-05-20)
- pdksync - (MODULES-8444) - Raise lower Puppet bound #1908 (david22swan)
- (FM-7923) Implement Puppet Strings #1916 (eimlav)
- Define SCL package name for mod_ldap #1893 (treydock)
- (MODULES-9014) Improve SSLSessionTickets handling #1923 (FredericLespez)
- (MODULES-8931) Fix stahnma/epel failures #1914 (eimlav)
- Fix wsgi_daemon_process to support hash data type #1884 (mdechiaro)
4.1.0 (2019-04-05)
- (MODULES-7196) Allow setting CASRootProxiedAs per virtualhost (replaces #1857) #1900 (Lavinia-Dan)
- (feat) - Amazon Linux 2 compatibility added #1898 (david22swan)
- (MODULES-8731) Allow CIDRs for proxy_ips/internal_proxy in remoteip #1891 (JAORMX)
- Manage all mod_remoteip parameters supported by Apache #1882 (johanfleury)
- MODULES-8541 : Allow HostnameLookups to be modified #1881 (k2patel)
- Add support for mod_http2 #1867 (smortex)
- Added code to paramertize the libphp prefix #1852 (grahamuk2018)
- Added WSGI Options WSGIApplicationGroup and WSGIPythonOptimize #1847 (emetriqLikedeeler)
- (bugfix) set kernel for facter version test #1895 (tphoney)
- (MODULES-5990) - Managing conf_enabled #1875 (david22swan)
4.0.0 (2019-01-10)
- (Modules 8141/Modules 8379) - Addition of support for SLES 15 #1862 (david22swan)
- (MODULES-5990) - conf-enabled defaulted to undef #1869 (david22swan)
- pdksync - (FM-7655) Fix rubygems-update for ruby < 2.3 #1866 (tphoney)
3.5.0 (2018-12-17)
- (MODULES-5990) Addition of 'IncludeOptional conf-enabled/*.conf' to apache2.conf' on Debian Family OS #1851 (david22swan)
- (MODULES-8107) - Support added for Ubuntu 18.04. #1850 (david22swan)
- (MODULES-8108) - Support added for Debian 9 #1849 (david22swan)
- Add option to add comments to the header of a vhost file #1841 (jovandeginste)
- (FM-7605) - Disabling conf_enabled on Ubuntu 18.04 by default as it conflicts with Shibboleth causing errors with apache2. #1856 (david22swan)
- (MODULES-8429) Update GPG key for phusion passenger #1848 (abottchen)
- Fix default vhost priority in readme #1843 (HT43-bqxFqB)
- fix apache::mod::jk example typo and add link for more info #1812 (xorpaul)
- MODULES-7379: Fixing syntax by adding newline #1803 (wimvr)
- ensure mpm_event is disabled under debian 9 if mpm itk is used #1766 (zivis)
3.4.0 (2018-09-27)
- pdksync - (FM-7392) - Puppet 6 Testing Changes #1838 (pmcmaw)
- pdksync - (MODULES-6805) metadata.json shows support for puppet 6 #1836 (tphoney)
- SCL support for httpd and php7.1 #1822 (mmoll)
3.3.0 (2018-09-11)
- pdksync - (MODULES-7705) - Bumping stdlib dependency from < 5.0.0 to < 6.0.0 #1821 (pmcmaw)
- Add support for ProxyTimeout #1805 (agoodno)
- (MODULES-7343) - Allow overrides by adding mod_libs in apache class #1800 (karelyatin)
- Rework passenger VHost and Directories #1778 (smortex)
This is a clean release to prepare for several planned backwards incompatible changes.
- Parameter
passenger_pre_start
has been moved outside of<VirtualHost>
. - Apache version fact has been enabled on FreeBSD.
- Parameter
ssl_proxyengine
has had it's default changed to false.
- Parameter
passenger_group
can now be set inapache::vhost
. - Multiple
passenger_pre_start
URIs can now be set at once. - Manifest
mod::auth_gssapi
has been added to allow the deployment of authorisation with kerberos, through GSSAPI.
- Scientific 5 and Debian 7 are no longer supported on Apache.
Supported Release 3.1.0
This release includes the module being converted using version 1.4.1 of the PDK. It also includes a couple of additional parameters added.
- Module has been pdk converted with version 1.4.1 (MODULES-6331)
- Parameter
ssl_cert
to provide a SSLCertificateFile option for use with SSL, optional of type String. - Parameter
ssl_key
to provide a SSLCertificateKey option for use with SSL, optional of type String.
- Documentation updates.
- Updates to the Japanese translation based on documentation update.
Supported Release 3.0.0
This major release changes the default value of keepalive
to On
. It also includes many other features and bugfixes.
- Default
apache::keepalive
fromOff
toOn
.
- Class
apache::mod::data
- Function
apache::apache_pw_hash
function (puppet 4 port ofapache_pw_hash()
) - Function
apache::bool2httpd
function (puppet 4 port ofbool2httpd()
) - Function
apache::validate_apache_log_level
function (puppet 4 port ofvalidate_apache_log_level()
) - Parameter
apache::balancer::options
for additional directives. - Parameter
apache::limitreqfields
setting the LimitRequestFields directive to 100. - Parameter
apache::use_canonical_name
to control how httpd uses self-referential URLs. - Parameter
apache::mod::disk_cache::cache_ignore_headers
to ignore cache headers. - Parameter
apache::mod::itk::enablecapabilities
to manage ITK capabilities. - Parameter
apache::mod::ldap::ldap_trusted_mode
to manage trusted mode. - Parameters for
apache::mod::passenger
:passenger_allow_encoded_slashes
passenger_app_group_name
passenger_app_root
passenger_app_type
passenger_base_uri
passenger_buffer_response
passenger_buffer_upload
passenger_concurrency_model
passenger_debug_log_file
passenger_debugger
passenger_default_group
passenger_default_user
passenger_disable_security_update_check
passenger_enabled
passenger_error_override
passenger_file_descriptor_log_file
passenger_fly_with
passenger_force_max_concurrent_requests_per_process
passenger_friendly_error_pages
passenger_group
passenger_installed_version
passenger_instance_registry_dir
passenger_load_shell_envvars
passenger_lve_min_uid
passenger_max_instances
passenger_max_preloader_idle_time
passenger_max_request_time
passenger_memory_limit
passenger_meteor_app_settings
passenger_nodejs
passenger_pre_start
passenger_python
passenger_resist_deployment_errors
passenger_resolve_symlinks_in_document_root
passenger_response_buffer_high_watermark
passenger_restart_dir
passenger_rolling_restarts
passenger_security_update_check_proxy
passenger_show_version_in_header
passenger_socket_backlog
passenger_start_timeout
passenger_startup_file
passenger_sticky_sessions
passenger_sticky_sessions_cookie_name
passenger_thread_count
passenger_user
passenger_user_switching
rack_auto_detect
rack_base_uri
rack_env
rails_allow_mod_rewrite
rails_app_spawner_idle_time
rails_auto_detect
rails_base_uri
rails_default_user
rails_env
rails_framework_spawner_idle_time
rails_ruby
rails_spawn_method
rails_user_switching
wsgi_auto_detect
- Parameter
apache::mod::prefork::listenbacklog
to set the listen backlog to 511. - Parameter
apache::mod::python::loadfile_name
to workaround python.load filename conflicts. - Parameter
apache::mod::ssl::ssl_cert
to manage the client auth cert. - Parameter
apache::mod::ssl::ssl_key
to manage the client auth key. - Parameter
apache::mod::status::requires
as an alternative toapache::mod::status::allow_from
- Parameter
apache::vhost::ssl_proxy_cipher_suite
to manage that directive. - Parameter
apache::vhost::shib_compat_valid_user
to manage that directive. - Parameter
apache::vhost::use_canonical_name
to manage that directive. - Parameter value
mellon_session_length
forapache::vhost::directories
apache_version
is confined to just Linux to avoid erroring on AIX.- Parameter
apache::mod::jk::workers_file_content
docs typo of "mantain" instead of maintain. - Deduplicate
apache::mod::ldap
managingFile['ldap.conf']
to avoid resource conflicts. - ITK package name on Debian 9
- Dav_svn package for SLES
- Log client IP instead of loadbalancer IP when behind a loadbalancer.
apache::mod::remoteip
now notifies theClass['apache::service']
class instead ofService['httpd']
to avoid restarting the service whenapache::service_manage
is false.apache::vhost::cas_scrub_request_headers
actually manages the directive.
Supported Release 2.3.1
This release fixes CVE-2018-6508 which is a potential arbitrary code execution via tasks.
- Fix init task for arbitrary remote code
Supported Release 2.3.0
This is a feature release. It includes a task that will reload the apache service.
- Add a task that allows the reloading of the Apache service.
Supported Release 2.2.0
This is a maintainence and feature release. It will include updates to translations in Japanese, some maintainence and adding PassengerSpawnMethod
to vhost.
PassengerSpawnMethod
added tovhost
.
- Improve version match fact for
apache_version
- Update to prefork.conf params for Apache 2.4
- Updates to
CONTRIBUTING.md
- Do not install mod_fastcgi on el7
- Include mod_wsgi when using wsgi options
Supported Release 2.1.0
This is a feature release including a security patch (CVE-2017-2299)
apache::mod::jk
class for managing the mod_jk connectorapache_pw_hash
function- the ProxyPass directive in location contexts
- more Puppet 4 type validation
apache::mod::macro
class for managing mod_macro
- $ssl_certs_dir default to
undef
for all platorms - $ssl_verify_client must now be set to use any of the following:
$ssl_certs_dir
,$ssl_ca
,$ssl_crl_path
,$ssl_crl
,$ssl_verify_depth
,$ssl_crl_check
- issue where mod_alias was not being loaded when RedirectMatch* directives were being used (MODULES-3942)
- issue with
$directories
parameter inapache::vhost
- issue in UserDir template where the UserDir path did not match the Directory path
- Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory
- support for EOL platforms: Ubuntu 10.04, 12.04 and Debian 6 (Squeeze)
Supported Release 2.0.0
Major release removing Puppet 3 support and other backwards-incompatible changes.
- support for FileETag directive configurable with the
file_e_tag
parameter - ability to configure multiple ports per vhost
- RequestHeader directive to vhost template (MODULES-4156)
- customizability for AllowOverride directive in userdir.conf (MODULES-4516)
- AdvertiseFrequency directive for cluster.conf (MODULES-4500)
ssl_proxy_protocol
andssl_sessioncache
parameters for mod::ssl (MODULES-4737)- SSLCACertificateFile directive in ssl.conf configurable with
ssl_ca
parameter - mod::authnz_pam
- mod::intercept_form_submit
- mod::lookup_identity
- Suse compatibility for mod::proxy_html
- support for AddCharset directive configurable with
add_charset
parameter - support for SSLProxyVerifyDepth and SSLProxyCACertificateFile directives configurable with
ssl_proxy_verify_depth
andssl_proxy_ca_cert
respectively manage_security_crs
parameter for mod::security- support for LimitExcept directive configurable with
limit_except
parameter - support for WSGIRestrictEmbedded directive configurable with
wsgi_restrict_embedded
parameter - support for custom UserDir path (MODULES-4933)
- support for PassengerMaxRequests directive configurable with
passenger_max_requests
- option to override module package names with
mod_packages
parameter (MODULES-3838)
- enclose_ipv6 as it was added to puppetlabs-stdlib
- deprecated
$verifyServerCert
parameter from theapache::mod::authnz_ldap
class (MODULES-4445)
keepalive
default to 'On' from 'Off'- Puppet version compatibility to ">= 4.7.0 < 6.0.0"
- puppetlabs-stdlib dependency to ">= 4.12.0 < 5.0.0"
ssl_cipher
to explicitly disable 3DES because of Sweet32
- various issues in the vhost template
- use of deprecated
include_src
parameter in vhost_spec - management of ssl.conf on RedHat systems
- various SLES/Suse params
- mod::cgi ordering for FreeBSD
- issue where ProxyPreserveHost could not be set without other Proxy* directives
- the module attempting to install proxy_html on Ubuntu Xenial and Debian Stretch
Supported Release 1.11.1
This is a security patch release (CVE-2017-2299). These changes are also in version 2.1.0 and higher.
- $ssl_certs_dir default to
undef
for all platorms - $ssl_verify_client must now be set to use any of the following:
$ssl_certs_dir
,$ssl_ca
,$ssl_crl_path
,$ssl_crl
,$ssl_verify_depth
,$ssl_crl_check
- Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory (MODULES-5471)
Supported Release 1.11.0
This release adds SLES12 Support and many more features and bugfixes.
- (MODULES-4049) Adds SLES 12 Support
- Adds additional directories options for LDAP Auth
auth_ldap_url
auth_ldap_bind_dn
auth_ldap_bind_password
auth_ldap_group_attribute
auth_ldap_group_attribute_is_dn
- Allows
mod_event
parameters to be unset - Allows management of default root directory access rights
- Adds class
apache::vhosts
to create apache::vhost resources - Adds class
apache::mod::proxy_wstunnel
- Adds class
apache::mod::dumpio
- Adds class
apache::mod::socache_shmcb
- Adds class
apache::mod::authn_dbd
- Adds support for apache 2.4 on Amazon Linux
- Support the newer
mod_auth_cas
config options - Adds
wsgi_script_aliases_match
parameter toapache::vhost
- Allow to override all SecDefaultAction attributes
- Add audit_log_relevant_status parameter to apache::mod::security
- Allow absolute path to $apache::mod::security::activated_rules
- Allow setting SecAuditLog
- Adds
passenger_max_instances_per_app
tomod::passenger
- Allow the proxy_via setting to be configured
- Allow no_proxy_uris to be used within proxy_pass
- Add rpaf.conf template parameter to
mod::rpaf
- Allow user to specify alternative package and library names for shibboleth module
- Allows configuration of shibboleth lib path
- Adds parameter
passenger_data_buffer_dir
tomod::passenger
- Adds SSL stapling
- Allows use of
balance_manager
withmod_proxy_balancer
- Raises lower bound of
stdlib
dependency to version 4.2 - Adds support for Passenger repo on Amazon Linux
- Add ability to set SSLStaplingReturnResponderErrors on server level
- (MODULES-4213) Allow global rewrite rules inheritance in vhosts
- Moves
mod_env
to its own class and load it when required
- Deny access to .ht and .hg, which are created by mercurial hg.
- Instead of failing, include apache::mod::prefork in manifests/mod/itk.pp instead.
- Only set SSLCompression when it is set to true.
- Remove duplicate shib2 hash element
- (MODULES-3388) Include mpm_module classes instead of class declaration
- Updates
apache::balancer
to respectapache::confd_dir
- Wrap mod_security directives in an IfModule
- Fixes to various mods for Ubuntu Xenial
- Fix /etc/modsecurity perms to match package
- Fix PassengerRoot under Debian stretch
- (MODULES-3476) Updates regex in apache_version custom fact to work with EL5
- Dont sql_injection_attacks.data
- Add force option to confd file resource to purge directory without warnings
- Patch httpoxy through mod_security
- Fixes config ordering of IncludeOptional
- Fixes bug where port numbers were unquoted
- Fixes bug where empty servername for vhost were written to template
- Auto-load
slotmem_shm
andlbmethod_byrequests
withproxy_balancer
on 2.4 - Simplify MPM setup on FreeBSD
- Adds requirement for httpd package
- Do not set ssl_certs_dir on FreeBSD
- Fixes bug that produces a duplicate
Listen 443
after a package update on EL7 - Fixes bug where custom facts break structured facts
- Avoid relative classname inclusion
- Fixes a failure in
vhost
if the first element of$rewrites
is not a hash - (MODULES-3744) Process $crs_package before $modsec_dir
- (MODULES-1491) Adds
::apache
include to mods that need it
Supported Release 1.10.0
This release fixes backwards compatibility bugs introduced in 1.9.0. Also includes a new mod class and a new vhost feature.
- Allow setting KeepAlive related options per vhost
apache::vhost::keepalive
apache::vhost::keepalive_timeout
apache::vhost::max_keepalive_requests
- Adds new class
apache::mod::cluster
- MODULES-2890: Allow php_version != 5
- MODULES-2890: mod::php: Explicit test on jessie
- MODULES-2890: Fix PHP on Debian stretch and Ubuntu Xenial
- MODULES-2890: Fix mod_php SetHandler and cleanup
- Fixed trailing slash in lib_path on Suse
- Revert "MODULES-2956: Enable options within location block on proxy_match". Bug introduced in release 1.9.0.
- Revert "changed rpaf Configuration Directives: RPAF -> RPAF_". Bug introduced in release 1.9.0.
- Set actual path to apachectl on FreeBSD. Fixes snippets verification.
Supported Release 1.9.0 [DELETED]
- Added
apache_version
fact - Added
apache::balancer::target
attribute - Added
apache::fastcgi::server::pass_header
attribute - Added ability for
apache::fastcgi::server::host
using sockets - Added
apache::root_directory_options
attribute - Added for
apache::mod::ldap
:ldap_shared_cache_size
ldap_cache_entries
ldap_cache_ttl
ldap_opcache_entries
ldap_opcache_ttl
- Added
apache::mod::pagespeed::package_ensure
attribute - Added
apache::mod::passenger
attributes:passenger_log_level
manage_repo
- Added upstream repo for
apache::mod::passenger
- Added
apache::mod::proxy_fcgi
class - Added
apache::mod::security
attributes:audit_log_parts
secpcrematchlimit
secpcrematchlimitrecursion
secdefaultaction
anomaly_score_blocking
inbound_anomaly_threshold
outbound_anomaly_threshold
- Added
apache::mod::ssl
attributes:ssl_mutex
apache_version
- Added ubuntu 16.04 support
- Added
apache::mod::authnz_ldap::package_name
attribute - Added
apache::mod::ldap::package_name
attribute - Added
apache::mod::proxy::package_name
attribute - Added
apache::vhost
attributes:ssl_proxy_check_peen_expire
ssl_proxy_protocol
logroot_owner
logroot_group
setenvifnocase
passenger_user
passenger_high_performance
jk_mounts
fastcgi_idle_timeout
modsec_disable_msgs
modsec_disable_tags
- Added ability for 2.4-style
RequireAll|RequireNone|RequireAny
directory permissions - Added ability for includes in vhost directory
- Added directory values:
AuthMerging
MellonSPMetadataFile
- Adds Configurability of Collaborative Detection Severity Levels for OWASP Core Rule Set to
apache::mod::security
classcritical_anomaly_score
error_anomaly_score
warning_anomaly_score
notice_anomaly_score
- Adds ability to configure
info_path
inapache::mod::info
class - Adds ability to configure
verify_config
inapache::vhost::custom
- Fixed apache mod setup for event/worker failing syntax
- Fixed concat deprecation warnings
- Fixed pagespeed mod
- Fixed service restart on mod update
- Fixed mod dir purging to happen after package installs
- Fixed various
apache::mod::*
file modes - Fixed
apache::mod::authnz_ldap
parameterverifyServerCert
to beverify_server_cert
- Fixed loadfile name in
apache::mod::fcgid
- Fixed
apache::mod::remoteip
to fail on apache < 2.4 (because it is not available) - Fixed
apache::mod::ssl::ssl_honorcipherorder
interpolation - Lint fixes
- Strict variable fixes
- Fixed
apache::vhost
attributeredirectmatch_status
to be optional - Fixed SSLv3 on by default in mod_nss
- Fixed mod_rpaf directive names in template
- Fixed mod_worker needing MaxClients with ThreadLimit
- Fixed quoting on vhost php_value
- Fixed xml2enc for proxy_html on debian
- Fixed a problem where the apache service restarts too fast
Supported Release 1.8.1
This release includes bug fixes and a documentation update.
- Fixes a bug that occurs when using the module in combination with puppetlabs-concat 2.x.
- Fixes a bug where passenger.conf was vulnerable to purging.
- Removes the pin of the concat module dependency.
Supported Release 1.8.0
This release includes a lot of bug fixes and feature updates, including support for Debian 8, as well as many test improvements.
- Debian 8 Support.
- Added the 'file_mode' property to allow a custom permission setting for config files.
- Enable 'PassengerMaxRequestQueueSize' to be set for mod_passenger.
- MODULES-2956: Enable options within location block on proxy_match.
- Support itk on redhat.
- Support the mod_ssl SSLProxyVerify directive.
- Support ProxPassReverseCookieDomain directive (mod_proxy).
- Support proxy provider for vhost directories.
- Added new 'apache::vhost::custom' resource.
- Fixed ProxyPassReverse configuration.
- Fixed error in Amazon operatingsystem detection.
- Fixed mod_security catalog ordering issues for RedHat 7.
- Fixed paths and packages for the shib2 apache module on Debian pre Jessie.
- Fixed EL7 directory path for apache modules.
- Fixed validation error when empty array is passed for the rewrites parameter.
- Idempotency fixes with regards to '::apache::mod_enable_dir'.
- ITK fixes.
- (MODULES-2865) fix $mpm_module logic for 'false'.
- Set SSLProxy directives even if ssl is false, due to issue with RewriteRules and ProxyPass directives.
- Enable setting LimitRequestFieldSize globally, and remove it from vhost.
- apache::mod::php now uses FilesMatch to configure the php handler. This is following the recommended upstream configuration guidelines (http://php.net/manual/en/install.unix.apache2.php#example-20) and distribution's default config (e.g.: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/vivid/php5/vivid/view/head:/debian/php5.conf). It avoids inadvertently exposing the PHP handler to executing uploads with names like 'file.php.jpg', but might impact setups with unusual requirements.
- Improved compatibility for Gentoo.
- Vhosts can now be supplied with a wildcard listen value.
- Numerous test improvements.
- Removed workarounds for https://bz.apache.org/bugzilla/show_bug.cgi?id=38864 as the issues have been fixed in Apache.
- Documentation updates.
- Ensureed order of ProxyPass and ProxyPassMatch parameters.
- Ensure that ProxyPreserveHost is set to off mode explicitly if not set in manifest.
- Put headers and request headers before proxy with regards to template generation.
- Added X-Forwarded-For into log_formats defaults.
- (MODULES-2703) Allow mod pagespeed to take an array of lines as additional_configuration.
Supported Release 1.7.1
###Summary
Small release for support of newer PE versions. This increments the version of PE in the metadata.json file.
Supported Release 1.7.0
This release includes many new features and bugfixes. There are test, documentation and misc improvements.
- allow groups with - like vhost-users
- ability to enable/disable the secruleengine through a parameter
- add mod_auth_kerb parameters to vhost
- client auth for reverse proxy
- support for mod_auth_mellon
- change SSLProtocol in apache::vhost to be space separated
- RewriteLock support
- fix apache::mod::cgid so it can be used with the event MPM
- load unixd before fcgid on all operating systems
- fixes conditional in vhost aliases
- corrects mod_cgid worker/event defaults
- ProxyPassMatch parameters were ending up on a newline
- catch that mod_authz_default has been removed in Apache 2.4
- mod::ssl fails on SLES
- fix typo of MPM_PREFORK for FreeBSD package install
- install all modules before adding custom configs
- fix acceptance testing for SSLProtocol behaviour for real
- fix ordering issue with conf_file and ports_file
- mod_passenger is having issues installing on Redhat/Centos 6, This is due to package dependency issues.
- added docs for forcetype directive
- removes ruby 1.8.7 from the travisci test matrix
- readme reorganisation, minor fixups
- support the mod_proxy ProxyPassReverseCookiePath directive
- the purge_vhost_configs parameter is actually called purge_vhost_dir
- add ListenBacklog for mod worker
- deflate application/json by default
- install mod_authn_alias as default mod in debian for apache < 2.4
- optionally set LimitRequestFieldSize on an apache::vhost
- add SecUploadDir parameter to support file uploads with mod_security
- optionally set parameters for mod_ext_filter module
- allow SetOutputFilter to be set on a directory
- RC4 is deprecated
- allow empty docroot
- add option to configure the include pattern for the vhost_enable dir
- allow multiple IP addresses per vhost
- default document root update for Ubuntu 14.04 and Debian 8
Supported Release 1.6.0
This release includes a couple of new features, along with test and documentation updates, and support for the latest AIO puppet builds.
- Add
scan_proxy_header_field
parameter toapache::mod::geoip
- Add
ssl_openssl_conf_cmd
parameter toapache::vhost
andapache::mod::ssl
- Add
filters
parameter toapache::vhost
- Test updates
- Do not use systemd on Amazon Linux
- Add missing docs for
timeout
parameter (MODULES-2148)
Supported Release 1.5.0
This release primarily adds Suse compatibility. It also adds a handful of other parameters for greater configuration control.
- Add
apache::lib_path
parameter - Add
apache::service_restart
parameter - Add
apache::vhost::geoip_enable
parameter - Add
apache::mod::geoip
class - Add
apache::mod::remoteip
class - Add parameters to
apache::mod::expires
class - Add
index_style_sheet
handling toapache::vhost::directories
- Add some compatibility for SLES 11
- Add
apache::mod::ssl::ssl_sessioncachetimeout
parameter - Add
apache::mod::ssl::ssl_cryptodevice
parameter - Add
apache::mod::ssl::ssl_honorcipherorder
parameter - Add
apache::mod::userdir::options
parameter
- Document
apache::user
parameter - Document
apache::group
parameter - Fix apache::dev on FreeBSD
- Fix proxy_connect on apache >= 2.2
- Validate log levels better
- Fix
apache::apache_name
for package and vhost - Fix Debian Jessie mod_prefork package name
- Fix alias module being declared even when vhost is absent
- Fix proxy_pass_match handling in vhost's proxy template
- Fix userdir access permissions
- Fix issue where the module was trying to use systemd on Amazon Linux.
Supported Release 1.4.1
This release corrects a metadata issue that has been present since release 1.2.0. The refactoring of apache::vhost
to use puppetlabs-concat
requires a version of concat newer than the version required in PE. If you are using PE 3.3.0 or earlier you will need to use version 1.1.1 or earlier of the puppetlabs-apache
module.
Supported Release 1.4.0
###Summary
This release fixes the issue where the docroot was still managed even if the default vhosts were disabled and has many other features and bugfixes including improved support for 'deny' and 'require' as arrays in the 'directories' parameter under apache::vhost
- New parameters to
apache
default_charset
default_type
- New parameters to
apache::vhost
proxy_error_override
passenger_app_env
(MODULES-1776)proxy_dest_match
proxy_dest_reverse_match
proxy_pass_match
no_proxy_uris_match
- New parameters to
apache::mod::passenger
passenger_app_env
passenger_min_instances
- New parameter to
apache::mod::alias
icons_options
- New classes added under
apache::mod::*
authn_file
authz_default
authz_user
- Added support for 'deny' as an array in 'directories' under
apache::vhost
- Added support for RewriteMap
- Improved support for FreeBSD. (Note: If using apache < 2.4.12, see the discussion here)
- Added check for deprecated options in directories and fail when they are unsupported
- Added gentoo compatibility
- Added proper array support for
require
in thedirectories
parameter inapache::vhost
- Added support for
setenv
inside proxy locations
- Fix issue in
apache::vhost
that was preventing the scriptalias fragment from being included (MODULES-1784) - Install required
mod_ldap
package for EL7 (MODULES-1779) - Change default value of
maxrequestworkers
inapache::mod::event
to be a multiple of the defaultThreadsPerChild
of 25. - Use the correct
mod_prefork
package name for trusty and jessie - Don't manage docroot when default vhosts are disabled
- Ensure resources notify
Class['Apache::Service']
instead ofService['httpd']
(MODULES-1829) - Change the loadfile name for
mod_passenger
somod_proxy
will load by default beforemod_passenger
- Remove old Debian work-around that removed
passenger_extra.conf
Supported Release 1.3.0
This release has many new features and bugfixes, including the ability to optionally not trigger service restarts on config changes.
- New parameters -
apache
service_manage
use_optional_includes
- New parameters -
apache::service
service_manage
- New parameters -
apache::vhost
access_logs
php_flags
php_values
modsec_disable_vhost
modsec_disable_ids
modsec_disable_ips
modsec_body_limit
- Improved FreeBSD support
- Add ability to omit priority prefix if
$priority
is set to false - Add
apache::security::rule_link
define - Improvements to
apache::mod::*
- Add
apache::mod::auth_cas
class - Add
threadlimit
,listenbacklog
,maxrequestworkers
,maxconnectionsperchild
parameters toapache::mod::event
- Add
apache::mod::filter
class - Add
root_group
toapache::mod::php
- Add
apache::mod::proxy_connect
class - Add
apache::mod::security
class - Add
ssl_pass_phrase_dialog
andssl_random_seed_bytes
parameters toapache::mod::ssl
(MODULES-1719) - Add
status_path
parameter toapache::mod::status
- Add
apache_version
parameter toapache::mod::version
- Add
package_name
andmod_path
parameters toapache::mod::wsgi
(MODULES-1458)
- Add
- Improved SCL support
- Add support for specifying the docroot
- Updated
_directories.erb
to add support for SetEnv - Support multiple access log directives (MODULES-1382)
- Add passenger support for Debian Jessie
- Add support for not having puppet restart the apache service (MODULES-1559)
- For apache 2.4
mod_itk
requiresmod_prefork
(MODULES-825) - Allow SSLCACertificatePath to be unset in
apache::vhost
(MODULES-1457) - Load fcgid after unixd on RHEL7
- Allow disabling default vhost for Apache 2.4
- Test fixes
mod_version
is now built-in (MODULES-1446)- Sort LogFormats for idempotency
allow_encoded_slashes
was omitted fromapache::vhost
- Fix documentation bug (MODULES-1403, MODULES-1510)
- Sort
wsgi_script_aliases
for idempotency (MODULES-1384) - lint fixes
- Fix automatic version detection for Debian Jessie
- Fix error docs and icons path for RHEL7-based systems (MODULES-1554)
- Sort php_* hashes for idempotency (MODULES-1680)
- Ensure
mod::setenvif
is included if needed (MODULES-1696) - Fix indentation in
vhost/_directories.erb
template (MODULES-1688) - Create symlinks on all distros if
vhost_enable_dir
is specified
Supported Release 1.2.0
This release features many improvements and bugfixes, including several new defines, a reworking of apache::vhost for more extensibility, and many new parameters for more customization. This release also includes improved support for strict variables and the future parser.
- Convert apache::vhost to use concat for easier extensions
- Test improvements
- Synchronize files with modulesync
- Strict variable and future parser support
- Added apache::custom_config defined type to allow validation of configs before they are created
- Added bool2httpd function to convert true/false to apache 'On' and 'Off'. Intended for internal use in the module.
- Improved SCL support
- allow overriding of the mod_ssl package name
- Add support for reverse_urls/ProxyPassReverse in apache::vhost
- Add satisfy directive in apache::vhost::directories
- Add apache::fastcgi::server defined type
- New parameters - apache
- allow_encoded_slashes
- apache_name
- conf_dir
- default_ssl_crl_check
- docroot
- logroot_mode
- purge_vhost_dir
- New parameters - apache::vhost
- add_default_charset
- allow_encoded_slashes
- logroot_ensure
- logroot_mode
- manage_docroot
- passenger_app_root
- passenger_min_instances
- passenger_pre_start
- passenger_ruby
- passenger_start_timeout
- proxy_preserve_host
- proxy_requests
- redirectmatch_dest
- ssl_crl_check
- wsgi_chunked_request
- wsgi_pass_authorization
- Add support for ScriptAlias and ScriptAliasMatch in the apache::vhost::aliases parameter
- Add support for rewrites in the apache::vhost::directories parameter
- If the service_ensure parameter in apache::service is set to anything other than true, false, running, or stopped, ensure will not be passed to the service resource, allowing for the service to not be managed by puppet
- Turn of SSLv3 by default
- Improvements to apache::mod*
- Add restrict_access parameter to apache::mod::info
- Add force_language_priority and language_priority parameters to apache::mod::negotiation
- Add threadlimit parameter to apache::mod::worker
- Add content, template, and source parameters to apache::mod::php
- Add mod_authz_svn support via the authz_svn_enabled parameter in apache::mod::dav_svn
- Add loadfile_name parameter to apache::mod
- Add apache::mod::deflate class
- Add options parameter to apache::mod::fcgid
- Add timeouts parameter to apache::mod::reqtimeout
- Add apache::mod::shib
- Add apache_version parameter to apache::mod::ldap
- Add magic_file parameter to apache::mod::mime_magic
- Add apache_version parameter to apache::mod::pagespeed
- Add passenger_default_ruby parameter to apache::mod::passenger
- Add content, template, and source parameters to apache::mod::php
- Add apache_version parameter to apache::mod::proxy
- Add loadfiles parameter to apache::mod::proxy_html
- Add ssl_protocol and package_name parameters to apache::mod::ssl
- Add apache_version parameter to apache::mod::status
- Add apache_version parameter to apache::mod::userdir
- Add apache::mod::version class
- Set osfamily defaults for wsgi_socket_prefix
- Support multiple balancermembers with the same url
- Validate apache::vhost::custom_fragment
- Add support for itk with mod_php
- Allow apache::vhost::ssl_certs_dir to not be set
- Improved passenger support for Debian
- Improved 2.4 support without mod_access_compat
- Support for more than one 'Allow from'-directive in _directories.erb
- Don't load systemd on Amazon linux based on CentOS6 with apache 2.4
- Fix missing newline in ModPagespeed filter and memcached servers directive
- Use interpolated strings instead of numbers where required by future parser
- Make auth_require take precedence over default with apache 2.4
- Lint fixes
- Set default for php_admin_flags and php_admin_values to be empty hash instead of empty array
- Correct typo in mod::pagespeed
- spec_helper fixes
- Install mod packages before dealing with the configuration
- Use absolute scope to check class definition in apache::mod::php
- Fix dependency loop in apache::vhost
- Properly scope variables in the inline template in apache::balancer
- Documentation clarification, typos, and formatting
- Set apache::mod::ssl::ssl_mutex to default for debian on apache >= 2.4
- Strict variables fixes
- Add authn_core mode to Ubuntu trusty defaults
- Keep default loadfile for authz_svn on Debian
- Remove '.conf' from the site-include regexp for better Ubuntu/Debian support
- Load unixd before fcgid for EL7
- Fix RedirectMatch rules
- Fix misleading error message in apache::version
- By default, the version of Apache that ships with Ubuntu 10.04 does not work with
wsgi_import_script
. - SLES is unsupported.
Supported Release 1.1.1
This release merely updates metadata.json so the module can be uninstalled and upgraded via the puppet module command.
Supported Release 1.1.0
This release primarily focuses on extending the httpd 2.4 support, tested through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger 4 support, as well as several new modules and important bugfixes.
- Add support for RHEL7 and Ubuntu 14.04
- More complete apache24 support
- Passenger 4 support
- Add support for max_keepalive_requests and log_formats parameters
- Add mod_pagespeed support
- Add mod_speling support
- Added several parameters for mod_passenger
- Added ssl_cipher parameter to apache::mod::ssl
- Improved examples in documentation
- Added docroot_mode, action, and suexec_user_group parameters to apache::vhost
- Add support for custom extensions for mod_php
- Improve proxy_html support for Debian
- Remove NameVirtualHost directive for apache >= 2.4
- Order proxy_set option so it doesn't change between runs
- Fix inverted SSL compression
- Fix missing ensure on concat::fragment resources
- Fix bad dependencies in apache::mod and apache::mod::mime
- By default, the version of Apache that ships with Ubuntu 10.04 does not work with
wsgi_import_script
. - SLES is unsupported.
Supported Release 1.0.1
This is a supported release. This release removes a testing symlink that can cause trouble on systems where /var is on a seperate filesystem from the modulepath.
- By default, the version of Apache that ships with Ubuntu 10.04 does not work with
wsgi_import_script
. - SLES is unsupported.
Supported Release 1.0.0
This is a supported release. This release introduces Apache 2.4 support for Debian and RHEL based osfamilies.
- Add apache24 support
- Add rewrite_base functionality to rewrites
- Updated README documentation
- Add WSGIApplicationGroup and WSGIImportScript directives
- Replace mutating hashes with merge() for Puppet 3.5
- Fix WSGI import_script and mod_ssl issues on Lucid
- By default, the version of Apache that ships with Ubuntu 10.04 does not work with
wsgi_import_script
. - SLES is unsupported.
Supported Release 0.11.0
This release adds preliminary support for Windows compatibility and multiple rewrite support.
- The rewrite_rule parameter is deprecated in favor of the new rewrite parameter and will be removed in a future release.
- add Match directive
- quote paths for windows compatibility
- add auth_group_file option to README.md
- allow AuthGroupFile directive for vhosts
- Support Header directives in vhost context
- Don't purge mods-available dir when separate enable dir is used
- Fix the servername used in log file name
- Added support for mod_include
- Remove index parameters.
- Support environment variable control for CustomLog
- added redirectmatch support
- Setting up the ability to do multiple rewrites and conditions.
- Convert spec tests to beaker.
- Support php_admin_(flag|value)s
- directories are either a Hash or an Array of Hashes
- Configure Passenger in separate .conf file on RH so PassengerRoot isn't lost
- (docs) Update list of
apache::mod::[name]
classes - (docs) Fix apache::namevirtualhost example call style
- Fix $ports_file reference in apache::listen.
- Fix $ports_file reference in Namevirtualhost.
Supported Release 0.10.0
This release adds FreeBSD osfamily support and various other improvements to some mods.
- Add suPHP_UserGroup directive to directory context
- Add support for ScriptAliasMatch directives
- Set SSLOptions StdEnvVars in server context
- No implicit entry for ScriptAlias path
- Add support for overriding ErrorDocument
- Add support for AliasMatch directives
- Disable default "allow from all" in vhost-directories
- Add WSGIPythonPath as an optional parameter to mod_wsgi.
- Add mod_rpaf support
- Add directives: IndexOptions, IndexOrderDefault
- Add ability to include additional external configurations in vhost
- need to use the provider variable not the provider key value from the directory hash for matches
- Support for FreeBSD and few other features
- Add new params to apache::mod::mime class
- Allow apache::mod to specify module id and path
- added $server_root parameter
- Add Allow and ExtendedStatus support to mod_status
- Expand vhost/_directories.pp directive support
- Add initial support for nss module (no directives in vhost template yet)
- added peruser and event mpms
- added $service_name parameter
- add parameter for TraceEnable
- Make LogLevel configurable for server and vhost
- Add documentation about $ip
- Add ability to pass ip (instead of wildcard) in default vhost files
- Don't listen on port or set NameVirtualHost for non-existent vhost
- only apply Directory defaults when provider is a directory
- Working mod_authnz_ldap support on Debian/Ubuntu
Supported Release 0.9.0
This release adds more parameters to the base apache class and apache defined resource to make the module more flexible. It also adds or enhances SuPHP, WSGI, and Passenger mod support, and support for the ITK mpm module.
- Remove many default mods that are not normally needed.
- Remove
rewrite_base
apache::vhost
parameter; did not work anyway. - Specify dependencies on stdlib >=2.4.0 (this was already the case, but making explicit)
- Deprecate
a2mod
in favor of theapache::mod::*
classes andapache::mod
defined resource.
apache
class- Add
httpd_dir
parameter to change the location of the configuration files. - Add
logroot
parameter to change the logroot - Add
ports_file
parameter to changes theports.conf
file location - Add
keepalive
parameter to enable persistent connections - Add
keepalive_timeout
parameter to change the timeout - Update
default_mods
to be able to take an array of mods to enable.
- Add
apache::vhost
- Add
wsgi_daemon_process
,wsgi_daemon_process_options
,wsgi_process_group
, andwsgi_script_aliases
parameters for per-vhost WSGI configuration. - Add
access_log_syslog
parameter to enable syslogging. - Add
error_log_syslog
parameter to enable syslogging of errors. - Add
directories
hash parameter. Please see README for documentation. - Add
sslproxyengine
parameter to enable SSLProxyEngine - Add
suphp_addhandler
,suphp_engine
, andsuphp_configpath
for configuring SuPHP. - Add
custom_fragment
parameter to allow for arbitrary apache configuration injection. (Feature pull requests are prefered over using this, but it is available in a pinch.)
- Add
- Add
apache::mod::suphp
class for configuring SuPHP. - Add
apache::mod::itk
class for configuring ITK mpm module. - Update
apache::mod::wsgi
class for global WSGI configuration withwsgi_socket_prefix
andwsgi_python_home
parameters. - Add README.passenger.md to document the
apache::mod::passenger
usage. Addedpassenger_high_performance
,passenger_pool_idle_time
,passenger_max_requests
,passenger_stat_throttle_rate
,rack_autodetect
, andrails_autodetect
parameters. - Separate the httpd service resource into a new
apache::service
class for dependency chaining ofClass['apache'] -> <resource> ~> Class['apache::service']
- Added
apache::mod::proxy_balancer
class forapache::balancer
- Change dependency to puppetlabs-concat
- Fix ruby 1.9 bug for
a2mod
- Change servername to be
$::hostname
if there is no$::fqdn
- Make
/etc/ssl/certs
the default ssl certs directory for RedHat non-5. - Make
php
the default php package for RedHat non-5. - Made
aliases
able to take a single alias hash instead of requiring an array.
Supported Release 0.8.1
- Update
apache::mpm_module
detection for worker/prefork - Update
apache::mod::cgi
andapache::mod::cgid
detection for worker/prefork
Supported Release 0.8.0
- Add
servername
parameter toapache
class - Add
proxy_set
parameter toapache::balancer
define
- Fix ordering for multiple
apache::balancer
clusters - Fix symlinking for sites-available on Debian-based OSs
- Fix dependency ordering for recursive confdir management
- Fix
apache::mod::*
to notify the service on config change - Documentation updates
Supported Release 0.7.0
- Essentially rewrite the module -- too many to list
apache::vhost
has many abilities -- see README.md for detailsapache::mod::*
classes provide httpd mod-loading capabilitiesapache
base class is much more configurable
- Many. And many more to come
Supported Release 0.6.0
- update travis tests (add more supported versions)
- add access log_parameter
- make purging of vhost dir configurable
Supported Release 0.4.0
include apache
is now required when usingapache::mod::*
- Fix syntax for validate_re
- Fix formatting in vhost template
- Fix spec tests such that they pass
Supported Release 0.0.4
- e62e362 Fix broken tests for ssl, vhost, vhost::*
- 42c6363 Changes to match style guide and pass puppet-lint without error
- 42bc8ba changed name => path for file resources in order to name namevar by it's name
- 72e13de One end too much
- 0739641 style guide fixes: 'true' <> true,
$operatingsystem needs to be $ ::operatingsystem, etc. - 273f94d fix tests
- a35ede5 (#13860) Make a2enmod/a2dismo commands optional
- 98d774e (#13860) Autorequire Package['httpd']
- 05fcec5 (#13073) Add missing puppet spec tests
- 541afda (#6899) Remove virtual a2mod definition
- 976cb69 (#13072) Move mod python and wsgi package names to params
- 323915a (#13060) Add .gitignore to repo
- fdf40af (#13060) Remove pkg directory from source tree
- fd90015 Add LICENSE file and update the ModuleFile
- d3d0d23 Re-enable local php class
- d7516c7 Make management of firewalls configurable for vhosts
- 60f83ba Explicitly lookup scope of apache_name in templates.
- f4d287f (#12581) Add explicit ordering for vdir directory
- 88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall
- a776a8b (#11071) Fix to work with latest firewall module
- 2b79e8b (#11070) Add support for Scientific Linux
- 405b3e9 Fix for a2mod
- 57b9048 Commit apache::vhost::redirect Manifest
- 8862d01 Commit apache::vhost::proxy Manifest
- d5c1fd0 Commit apache::mod::wsgi Manifest
- a825ac7 Commit apache::mod::python Manifest
- b77062f Commit Templates
- 9a51b4a Vhost File Declarations
- 6cf7312 Defaults for Parameters
- 6a5b11a Ensure installed
- f672e46 a2mod fix
- 8a56ee9 add pthon support to apache
* This Changelog was automatically generated by github_changelog_generator