X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/c375b083a4ae5170c4c3c04e0737875b2e69f62c..04743763991d4bd0b536ceaec43439d6b3b4842c:/cookbooks/apache/recipes/default.rb diff --git a/cookbooks/apache/recipes/default.rb b/cookbooks/apache/recipes/default.rb index 0a8962b53..d1a0aac1d 100644 --- a/cookbooks/apache/recipes/default.rb +++ b/cookbooks/apache/recipes/default.rb @@ -18,7 +18,6 @@ # include_recipe "fail2ban" -include_recipe "munin" include_recipe "prometheus" include_recipe "ssl" @@ -62,13 +61,6 @@ systemd_service "apache2" do notifies :restart, "service[apache2]" end -service "apache2" do - action [:enable, :start] - retries 2 - retry_delay 10 - supports :status => true, :restart => true, :reload => true -end - apache_module "info" do conf "info.conf.erb" variables :hosts => admins["hosts"] @@ -79,7 +71,7 @@ apache_module "status" do variables :hosts => admins["hosts"] end -if node[:apache][:evasive] +if node[:apache][:evasive][:enable] apache_module "evasive" do conf "evasive.conf.erb" end @@ -104,6 +96,14 @@ apache_conf "ssl" do template "ssl.erb" end +# Apache should only be started after modules enabled +service "apache2" do + action [:enable, :start] + retries 2 + retry_delay 10 + supports :status => true, :restart => true, :reload => true +end + fail2ban_filter "apache-forbidden" do action :delete end @@ -113,7 +113,7 @@ fail2ban_jail "apache-forbidden" do end fail2ban_filter "apache-evasive" do - failregex "^Blacklisting address : possible DoS attack\.$" + failregex ": Blacklisting address : possible DoS attack\.$" end fail2ban_jail "apache-evasive" do @@ -125,10 +125,6 @@ fail2ban_jail "apache-evasive" do maxretry 3 end -munin_plugin "apache_accesses" -munin_plugin "apache_processes" -munin_plugin "apache_volume" - template "/var/lib/prometheus/node-exporter/apache.prom" do source "apache.prom.erb" owner "root"