GitHub - camptocamp/puppet-apache

4 Branches 11 Tags

Name	Name	Last commit message	Last commit date
Latest commit JGodin-C2C Merge pull request #139 from camptocamp/inf_2688 Sep 7, 2018 2dc77e8 · Sep 7, 2018 History 720 Commits
files	files	Remove CSR and self-signed certificate creation	Aug 29, 2016
manifests	manifests	Removing status special condition	Sep 7, 2018
spec	spec	Do not override pre_condition in test	Aug 31, 2018
templates	templates	Use custom accesslog also for ssl vhosts	Feb 16, 2018
.fixtures.yml	.fixtures.yml	Use puppet forge for fixtures	Apr 27, 2015
.gitignore	.gitignore	Use docker for acceptance tests	Aug 21, 2015
.puppet-lint.rc	.puppet-lint.rc	Update with modulesync	Aug 23, 2016
.travis.yml	.travis.yml	Fix beaker version to ~>3.13	Aug 17, 2018
Gemfile	Gemfile	Do not use legacy puppet-lint-absolute_classname-check plugin	Aug 31, 2018
README	README	Fix variables containing capital letters	Mar 20, 2015
Rakefile	Rakefile	Update with modulesync	Aug 23, 2016
metadata.json	metadata.json	ISEPFL-157/migrate the monitoring to the monitoring module	Aug 20, 2018

Repository files navigation

This module requires stdlib for validate_re support.

Types
#####

# Authentication, Authorization and Access Control

Definitions related to the apache authentication should always be in the form :

apache::auth::type::provider::authorization

To be consistent with the three types of Apache modules involved in the 
authentication and authorization process :
http://httpd.apache.org/docs/2.2/howto/auth.html

The main advantages of this new way to manage authentication are the possibility 
of sharing resources between virtual hosts and access restrictions

######################################
## Simple Basic File Authentication ##
######################################

Example:

1. create one or more users :

   apache::auth::htpasswd {"user1 in /a/path/htpasswd":
    ensure => present,
    user_file_location => "/srv/a/path",
    user_file_name => "htpasswd",
    username => "user1",
    clearPassword => "user1", # use encryption in definition
  }

  apache::auth::htpasswd {"user2 in /var/www/camptocamp.com/private/htpasswd":
    ensure => present,
    vhost => "camptocamp.com"
    username => "user2",
    crypt_password => 'kdrY191UyPY3E', # (htpasswd -ndb user2 user2)
  }
 
2. create one or more groups :

  apache::auth::htgroup {"group1 in /var/www/camptocamp.com/private/htgroup":
    ensure => present,
    groupname => "group1",
    members => "user1 user2",
  }

3. restrict access to a location with these users our groups

  apache::auth::basic::file::group {"group1-webdav1":
    vhost => "camptocamp.com",
    location => "/webdav1",
    groups => "group1",
  }

  apache::auth::basic::file::user {"user1-on-webdav2":
    vhost => "camptocamp.com",
    location => "/webdav2",
    auth_user_file => "/srv/dav0/htpasswd",
    users => "user1", # it not defined -> 'valid-user'
  }

###############################
## Basic LDAP Authentication ##
###############################

Example:

apache::auth::basic::ldap {"collectd":
  vhost => $fqdn,
  location => "/collection3",
  auth_ldap_url => 'ldap://ldap.foobar.ch/c=ch?uid??',
  auth_ldap_group_attribute => "memberUid",
  auth_ldap_group_attribute_is_dn => "off",
  authz_require => "ldap-group ou=foo,ou=bar,o=entreprises,c=ch",
}