Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- base:
- 'ubuntu-xenial-salt':
- - systems.ubuntu-xenial-salt
- include:
- - setups.apache.prod
- apache:
- sites:
- ubuntu-salt-xenial:
- enabled: True
- template_file: salt://apache/vhosts/standard.tmpl
- template_engine: jinja
- interface: '*'
- port: '80'
- exclude_listen_directive: True # Do not add a Listen directive in httpd.conf
- ServerName: ubuntu-salt-xenial
- ServerAlias: ubuntu-salt-xenial
- ServerAdmin: minion@ubuntu-salt-xenial.com
- LogLevel: debug
- ErrorLog: /var/log/apache2/example.com-error.log
- CustomLog: /var/log/apache2/example.com-access.log
- DocumentRoot: /var/www/ubuntu-salt-xenial/
- Directory:
- default:
- Options: -Indexes +FollowSymLinks
- Require: all granted
- AllowOverride: None
- include:
- - applications.apache
- # ``apache`` formula configuration:
- apache:
- register-site:
- # any name as an array index, and you can duplicate this section
- UNIQUE_VALUE_HERE:
- name: 'PROD'
- path: 'salt://path/to/sites-available/conf/file'
- state: 'enabled'
- # Optional - use managed file as Jinja Template
- #template: true
- #defaults:
- # custom_var: "default value"
- modules:
- enabled: # List modules to enable
- - rewrite
- - ssl
- disabled: # List modules to disable
- - ldap
- # KeepAlive: Whether or not to allow persistent connections (more than
- # one request per connection). Set to "Off" to deactivate.
- keepalive: 'On'
- security:
- # can be Full | OS | Minimal | Minor | Major | Prod
- # where Full conveys the most information, and Prod the least.
- ServerTokens: Prod
- # ``apache.mod_remoteip`` formula additional configuration:
- mod_remoteip:
- RemoteIPHeader: X-Forwarded-For
- RemoteIPTrustedProxy:
- - 10.0.8.0/24
- - 127.0.0.1
- # ``apache.mod_security`` formula additional configuration:
- mod_security:
- crs_install: True
- # If not set, default distro's configuration is installed as is
- manage_config: True
- sec_rule_engine: 'On'
- sec_request_body_access: 'On'
- sec_request_body_limit: '14000000'
- sec_request_body_no_files_limit: '114002'
- sec_request_body_in_memory_limit: '114002'
- sec_request_body_limit_action: 'Reject'
- sec_pcre_match_limit: '15000'
- sec_pcre_match_limit_recursion: '15000'
- sec_debug_log_level: '3'
- rules:
- enabled:
- modsecurity_crs_10_setup.conf:
- rule_set: ''
- enabled: True
- modsecurity_crs_20_protocol_violations.conf:
- rule_set: 'base_rules'
- enabled: False
- custom_rule_files:
- # any name as an array index, and you can duplicate this section
- UNIQUE_VALUE_HERE:
- file: 'PROD'
- path: 'salt://path/to/modsecurity/custom/file'
- enabled: True
- apache:
- lookup:
- version: '2.4'
- default_charset: 'UTF-8'
- global:
- AllowEncodedSlashes: 'On'
- name_virtual_hosts:
- - interface: '*'
- port: 80
- - interface: '*'
- port: 443
- salt 'ubuntu-xenial-salt' pillar.data
- ubuntu-xenial-salt:
- ----------
- apache:
- ----------
- keepalive:
- On
- lookup:
- ----------
- default_charset:
- UTF-8
- global:
- ----------
- AllowEncodedSlashes:
- On
- name_virtual_hosts:
- |_
- ----------
- interface:
- *
- port:
- 80
- |_
- ----------
- interface:
- *
- port:
- 443
- version:
- 2.4
- mod_remoteip:
- ----------
- RemoteIPHeader:
- X-Forwarded-For
- RemoteIPTrustedProxy:
- - 10.0.8.0/24
- - 127.0.0.1
- mod_security:
- ----------
- crs_install:
- True
- custom_rule_files:
- ----------
- UNIQUE_VALUE_HERE:
- ----------
- enabled:
- True
- file:
- PROD
- path:
- salt://path/to/modsecurity/custom/file
- manage_config:
- True
- rules:
- ----------
- enabled:
- None
- modsecurity_crs_10_setup.conf:
- ----------
- enabled:
- True
- rule_set:
- modsecurity_crs_20_protocol_violations.conf:
- ----------
- enabled:
- False
- rule_set:
- base_rules
- sec_debug_log_level:
- 3
- sec_pcre_match_limit:
- 15000
- sec_pcre_match_limit_recursion:
- 15000
- sec_request_body_access:
- On
- sec_request_body_in_memory_limit:
- 114002
- sec_request_body_limit:
- 14000000
- sec_request_body_limit_action:
- Reject
- sec_request_body_no_files_limit:
- 114002
- sec_rule_engine:
- On
- modules:
- ----------
- disabled:
- - ldap
- enabled:
- - ssl
- - rewrite
- register-site:
- ----------
- UNIQUE_VALUE_HERE:
- ----------
- name:
- PROD
- path:
- salt://path/to/sites-available/conf/file
- state:
- enabled
- security:
- ----------
- ServerTokens:
- Prod
- sites:
- ----------
- ubuntu-salt-xenial:
- ----------
- CustomLog:
- /var/log/apache2/example.com-access.log
- Directory:
- ----------
- default:
- ----------
- AllowOverride:
- None
- Options:
- -Indexes +FollowSymLinks
- Require:
- all granted
- DocumentRoot:
- /var/www/ubuntu-salt-xenial/
- ErrorLog:
- /var/log/apache2/example.com-error.log
- LogLevel:
- debug
- ServerAdmin:
- minion@ubuntu-salt-xenial.com
- ServerAlias:
- ubuntu-salt-xenial
- ServerName:
- ubuntu-salt-xenial
- enabled:
- True
- exclude_listen_directive:
- True
- interface:
- *
- port:
- 80
- template_engine:
- jinja
- template_file:
- salt://apache/vhosts/standard.tmpl
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement