This cookbook provides a complete Debian/Ubuntu style Apache HTTPD configuration. Non-Debian based distributions such as Red Hat/CentOS, ArchLinux and others supported by this cookbook will have a configuration that mimics Debian/Ubuntu style as it is easier to manage with Chef.
Debian-style Apache configuration uses scripts to manage modules and sites (vhosts). The scripts are:
- a2ensite
- a2dissite
- a2enmod
- a2dismod
- a2enconf
- a2disconf
This cookbook ships with templates of these scripts for non-Debian/Ubuntu platforms.
- Build Essential
This is required as some recipes (e.g.,
apache2::mod_auth_openid
) build the module from source
Depending on your OS configuration and security policy, you may need additional recipes or cookbooks for this cookbook's recipes to converge on the node. In particular, the following Operating System settings may affect the behavior of this cookbook:
- SELinux enabled
- Firewalls (such as iptables, ufw, etc.)
- Compile tools
- 3rd party repositories
On RHEL, SELinux is enabled by default. The selinux cookbook contains a permissive
recipe that can be used to set SELinux to "Permissive" state. Otherwise, additional recipes need to be created by the user to address SELinux permissions.
To deal with firewalls Chef Software does provide an iptables and ufw cookbook but is migrating from the approach used there to a more robust solution utilizing the general firewall cookbook to setup rules. See those cookbooks' READMEs for documentation.
On ArchLinux, if you are using the apache2::mod_auth_openid
recipe, you also need the pacman cookbook for the pacman_aur
LWRP. Put recipe[pacman]
on the node's expanded run list (on the node or in a role). This is not an explicit dependency because it is only required for this single recipe and platform; the pacman default recipe performs pacman -Sy
to keep pacman's package cache updated.
The following platforms and versions are tested and supported using test-kitchen
- Amazon Linux 2013.09+
- Ubuntu 16.04 / 18.04
- Debian 8/9
- CentOS 7+
- Fedora Latest
- OpenSUSE Leap
Apache2.4 support for Centos 6 is not officially supported.
It is recommended to create a project or organization specific wrapper cookbook and add the desired custom resources to the run list of a node. Depending on your environment, you may have multiple roles that use different recipes from this cookbook. Adjust any attributes as desired.
Example wrapper cookbooks can be found in the test/cookbooks/test
folder.
This cookbook comes with recipes as a way of maintaining backwards compataility. It is recommended to use custom resources directly for more control.
On RHEL Family distributions, certain modules ship with a config file with the package. The recipes here may delete those configuration files to ensure they don't conflict with the settings from the cookbook, which will use per-module configuration in /etc/httpd/mods-enabled
.
The default recipe simply includes the apache2_install
resource, using all the default values. The apache2_install
resource is more flexible and should be used in favour of the default recipe.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.