--- /dev/null
+= DESCRIPTION:
+
+= REQUIREMENTS:
+
+= ATTRIBUTES:
+
+= USAGE:
+
--- /dev/null
+default[:apache][:mpm] = "worker"
+
+default[:apache][:timeout] = 300
+
+default[:apache][:keepalive] = true
+
+default[:apache][:prefork][:start_servers] = 5
+default[:apache][:prefork][:min_spare_servers] = 5
+default[:apache][:prefork][:max_spare_servers] = 10
+default[:apache][:prefork][:max_clients] = 150
+default[:apache][:prefork][:max_requests_per_child] = 0
+
+default[:apache][:worker][:start_servers] = 2
+default[:apache][:worker][:min_spare_threads] = 25
+default[:apache][:worker][:max_spare_threads] = 75
+default[:apache][:worker][:thread_limit] = 64
+default[:apache][:worker][:threads_per_child] = 25
+default[:apache][:worker][:max_clients] = 150
+default[:apache][:worker][:max_requests_per_child] = 0
+
+default[:apache][:event][:start_servers] = 2
+default[:apache][:event][:max_clients] = 150
+default[:apache][:event][:min_spare_threads] = 25
+default[:apache][:event][:max_spare_threads] = 75
+default[:apache][:event][:thread_limit] = 64
+default[:apache][:event][:threads_per_child] = 25
+default[:apache][:event][:max_requests_per_child] = 0
--- /dev/null
+#
+# Cookbook Name:: apache
+# Definition:: apache_module
+#
+# Copyright 2010, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_module, :action => [ :install, :enable ], :variables => {} do
+ name = params[:name]
+ module_action = params[:action]
+
+ if params[:package].nil? or params[:package].empty?
+ package_name = "libapache2-mod-#{name}"
+ else
+ package_name = params[:package]
+ end
+
+ if module_action.include?(:install)
+ package package_name do
+ action :install
+ not_if { File.exists?("/etc/apache2/mods-available/#{name}.load") }
+ end
+
+ if params[:conf]
+ template "/etc/apache2/mods-available/#{name}.conf" do
+ source params[:conf]
+ owner "root"
+ group "root"
+ mode 0644
+ variables params[:variables]
+ if File.exists?("/etc/apache2/mods-enabled/#{name}.load")
+ notifies :reload, resources(:service => "apache2")
+ end
+ end
+ end
+ end
+
+ if module_action.include?(:enable)
+ execute "a2enmod-#{name}" do
+ command "/usr/sbin/a2enmod #{name}"
+ notifies :restart, resources(:service => "apache2")
+ not_if { File.exists?("/etc/apache2/mods-enabled/#{name}.load") }
+ end
+ elsif module_action.include?(:disable) or module_action.include?(:remove)
+ execute "a2dismod-#{name}" do
+ command "/usr/sbin/a2dismod #{name}"
+ notifies :restart, resources(:service => "apache2")
+ only_if { File.exists?("/etc/apache2/mods-enabled/#{name}.load") }
+ end
+ end
+
+ if module_action.include?(:remove)
+ package package_name do
+ action :remove
+ only_if { File.exists?("/etc/apache2/mods-available/#{name}.load") }
+ end
+ end
+end
--- /dev/null
+#
+# Cookbook Name:: apache
+# Definition:: apache_site
+#
+# Copyright 2010, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_site, :action => [ :create, :enable ], :variables => {} do
+ name = params[:name]
+ directory = params[:directory] || "/var/www/#{name}"
+ site_action = params[:action]
+ link_name = name == "default" ? "000-default" : name
+
+ if site_action.include?(:create) or site_action.include?(:enable)
+ template "/etc/apache2/sites-available/#{name}" do
+ cookbook params[:cookbook]
+ source params[:template]
+ owner "root"
+ group "root"
+ mode 0644
+ variables params[:variables].merge(:name => name, :directory => directory)
+ if File.exists?("/etc/apache2/sites-enabled/#{link_name}")
+ notifies :reload, resources(:service => "apache2")
+ end
+ end
+ end
+
+ if site_action.include?(:enable)
+ execute "a2ensite-#{name}" do
+ command "/usr/sbin/a2ensite #{name}"
+ notifies :restart, resources(:service => "apache2")
+ not_if { File.exists?("/etc/apache2/sites-enabled/#{link_name}") }
+ end
+ elsif site_action.include?(:disable) or site_action.include?(:delete)
+ execute "a2dissite-#{name}" do
+ action :run
+ command "/usr/sbin/a2dissite #{name}"
+ notifies :restart, resources(:service => "apache2")
+ only_if { File.exists?("/etc/apache2/sites-enabled/#{link_name}") }
+ end
+ end
+
+ if site_action.include?(:delete)
+ file "/etc/apache2/sites-available/#{name}" do
+ action :delete
+ end
+ end
+end
--- /dev/null
+maintainer "OpenStreetMap Administrators"
+maintainer_email "admins@openstreetmap.org"
+license "Apache 2.0"
+description "Installs and configures apache"
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
+version "1.0.0"
+depends "ssl"
--- /dev/null
+#
+# Cookbook Name:: apache
+# Recipe:: default
+#
+# Copyright 2011, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+package "apache2"
+package "apache2-mpm-#{node[:apache][:mpm]}"
+
+admins = data_bag_item("apache", "admins")
+
+template "/etc/apache2/httpd.conf" do
+ source "httpd.conf.erb"
+ owner "root"
+ group "root"
+ mode 0644
+end
+
+service "apache2" do
+ action [ :enable, :start ]
+ supports :status => true, :restart => true, :reload => true
+ subscribes :restart, "package[apache2-mpm-#{node[:apache][:mpm]}]"
+ subscribes :reload, "template[/etc/apache2/httpd.conf]"
+end
+
+apache_module "info" do
+ conf "info.conf.erb"
+ variables :hosts => admins["hosts"]
+end
+
+apache_module "status" do
+ conf "status.conf.erb"
+ variables :hosts => admins["hosts"]
+end
+
+apache_module "reqtimeout" do
+ action [ :disable ]
+end
+
+munin_plugin "apache_accesses"
+munin_plugin "apache_processes"
+munin_plugin "apache_volume"
--- /dev/null
+#
+# Cookbook Name:: apache
+# Recipe:: ssl
+#
+# Copyright 2011, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apache"
+include_recipe "ssl"
+
+apache_module "ssl"
+
+template "/etc/apache2/conf.d/ssl" do
+ source "ssl.erb"
+ owner "root"
+ group "root"
+ mode 0644
+ notifies :reload, resources(:service => "apache2")
+end
+
+service "apache2" do
+ action :nothing
+ subscribes :restart, resources(:cookbook_file => "/etc/ssl/certs/rapidssl.pem")
+ subscribes :restart, resources(:cookbook_file => "/etc/ssl/certs/openstreetmap.pem")
+ subscribes :restart, resources(:file => "/etc/ssl/private/openstreetmap.key")
+end
--- /dev/null
+# DO NOT EDIT - This file is being maintained by Chef
+
+# Set the number of seconds before receives and sends time out
+Timeout <%= node[:apache][:timeout] %>
+
+# Decide whether or not to allow persistent connections
+Keepalive <%= node[:apache][:keepalive] ? "On" : "Off" %>
+<% if node[:apache][:mpm] == "prefork" -%>
+
+# Configure prefork MPM
+StartServers <%= node[:apache][:prefork][:start_servers] %>
+<% if node[:apache][:prefork][:server_limit] -%>
+ServerLimit <%= node[:apache][:prefork][:server_limit] %>
+<% end -%>
+MinSpareServers <%= node[:apache][:prefork][:min_spare_servers] %>
+MaxSpareServers <%= node[:apache][:prefork][:max_spare_servers] %>
+MaxClients <%= node[:apache][:prefork][:max_clients] %>
+MaxRequestsPerChild <%= node[:apache][:prefork][:max_requests_per_child] %>
+<% end -%>
+<% if node[:apache][:mpm] == "worker" -%>
+
+# Configure worker MPM
+StartServers <%= node[:apache][:worker][:start_servers] %>
+<% if node[:apache][:worker][:server_limit] -%>
+ServerLimit <%= node[:apache][:worker][:server_limit] %>
+<% end -%>
+MinSpareThreads <%= node[:apache][:worker][:min_spare_threads] %>
+MaxSpareThreads <%= node[:apache][:worker][:max_spare_threads] %>
+ThreadLimit <%= node[:apache][:worker][:thread_limit] %>
+ThreadsPerChild <%= node[:apache][:worker][:threads_per_child] %>
+MaxClients <%= node[:apache][:worker][:max_clients] %>
+MaxRequestsPerChild <%= node[:apache][:worker][:max_requests_per_child] %>
+<% end -%>
+<% if node[:apache][:mpm] == "event" -%>
+
+# Configure event MPM
+StartServers <%= node[:apache][:event][:start_servers] %>
+<% if node[:apache][:event][:server_limit] -%>
+ServerLimit <%= node[:apache][:event][:server_limit] %>
+<% end -%>
+MinSpareThreads <%= node[:apache][:event][:min_spare_threads] %>
+MaxSpareThreads <%= node[:apache][:event][:max_spare_threads] %>
+ThreadLimit <%= node[:apache][:event][:thread_limit] %>
+ThreadsPerChild <%= node[:apache][:event][:threads_per_child] %>
+MaxClients <%= node[:apache][:event][:max_clients] %>
+MaxRequestsPerChild <%= node[:apache][:event][:max_requests_per_child] %>
+<% end -%>
+
+# Default to UTF-8
+AddDefaultCharset utf-8
--- /dev/null
+# DO NOT EDIT - This file is being maintained by Chef
+
+<IfModule mod_info.c>
+
+<Location /server-info>
+ SetHandler server-info
+ Order deny,allow
+ Deny from all
+<% node.ipaddresses do |address| -%>
+ Allow from <%= address %>
+<% end -%>
+ Allow from 127.0.1.1
+ Allow from 127.0.0.1
+ Allow from ::1
+<% @hosts.each do |host| -%>
+ Allow from <%= host %>
+<% end -%>
+</Location>
+
+</IfModule>
--- /dev/null
+# DO NOT EDIT - This file is being maintained by Chef
+
+SSLHonorCipherOrder On
+SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
+
+SSLCertificateFile /etc/ssl/certs/openstreetmap.pem
+SSLCertificateKeyFile /etc/ssl/private/openstreetmap.key
+SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
--- /dev/null
+# DO NOT EDIT - This file is being maintained by Chef
+
+<IfModule mod_status.c>
+
+ExtendedStatus On
+
+<Location /server-status>
+ SetHandler server-status
+ Order deny,allow
+ Deny from all
+<% node.ipaddresses do |address| -%>
+ Allow from <%= address %>
+<% end -%>
+ Allow from 127.0.1.1
+ Allow from 127.0.0.1
+ Allow from ::1
+<% @hosts.each do |host| -%>
+ Allow from <%= host %>
+<% end -%>
+</Location>
+
+<IfModule mod_proxy.c>
+ ProxyStatus On
+</IfModule>
+
+</IfModule>
projects / chef.git / commitdiff