2014-04-13 18:01:30 +00:00
|
|
|
module Propellor.Property.Apache where
|
|
|
|
|
|
|
|
|
|
import Propellor
|
|
|
|
|
import qualified Propellor.Property.File as File
|
|
|
|
|
import qualified Propellor.Property.Apt as Apt
|
2014-04-13 18:36:19 +00:00
|
|
|
import qualified Propellor.Property.Service as Service
|
2014-04-13 18:01:30 +00:00
|
|
|
|
|
|
|
|
type ConfigFile = [String]
|
|
|
|
|
|
|
|
|
|
siteEnabled :: HostName -> ConfigFile -> RevertableProperty
|
|
|
|
|
siteEnabled hn cf = RevertableProperty enable disable
|
|
|
|
|
where
|
2014-07-22 20:29:22 +00:00
|
|
|
enable = trivial (cmdProperty "a2ensite" ["--quiet", hn])
|
2014-04-13 21:50:44 +00:00
|
|
|
`describe` ("apache site enabled " ++ hn)
|
2014-04-13 18:36:19 +00:00
|
|
|
`requires` siteAvailable hn cf
|
|
|
|
|
`requires` installed
|
|
|
|
|
`onChange` reloaded
|
2014-07-22 19:25:07 +00:00
|
|
|
disable = trivial $ combineProperties
|
|
|
|
|
("apache site disabled " ++ hn)
|
|
|
|
|
(map File.notPresent (siteCfg hn))
|
2014-04-13 18:01:30 +00:00
|
|
|
`onChange` cmdProperty "a2dissite" ["--quiet", hn]
|
2014-04-13 18:36:19 +00:00
|
|
|
`requires` installed
|
|
|
|
|
`onChange` reloaded
|
2014-04-13 18:01:30 +00:00
|
|
|
|
|
|
|
|
siteAvailable :: HostName -> ConfigFile -> Property
|
2014-07-22 19:25:07 +00:00
|
|
|
siteAvailable hn cf = combineProperties ("apache site available " ++ hn) $
|
|
|
|
|
map (`File.hasContent` (comment:cf)) (siteCfg hn)
|
2014-04-13 18:01:30 +00:00
|
|
|
where
|
|
|
|
|
comment = "# deployed with propellor, do not modify"
|
|
|
|
|
|
2014-04-13 18:36:19 +00:00
|
|
|
modEnabled :: String -> RevertableProperty
|
|
|
|
|
modEnabled modname = RevertableProperty enable disable
|
|
|
|
|
where
|
2014-04-14 18:09:41 +00:00
|
|
|
enable = trivial $ cmdProperty "a2enmod" ["--quiet", modname]
|
2014-04-13 21:50:44 +00:00
|
|
|
`describe` ("apache module enabled " ++ modname)
|
2014-04-13 18:36:19 +00:00
|
|
|
`requires` installed
|
|
|
|
|
`onChange` reloaded
|
2014-04-14 18:09:41 +00:00
|
|
|
disable = trivial $ cmdProperty "a2dismod" ["--quiet", modname]
|
2014-04-13 21:50:44 +00:00
|
|
|
`describe` ("apache module disabled " ++ modname)
|
2014-04-13 18:36:19 +00:00
|
|
|
`requires` installed
|
|
|
|
|
`onChange` reloaded
|
|
|
|
|
|
2014-07-22 19:25:07 +00:00
|
|
|
-- This is a list of config files because different versions of apache
|
|
|
|
|
-- use different filenames. Propellor simply writen them all.
|
|
|
|
|
siteCfg :: HostName -> [FilePath]
|
|
|
|
|
siteCfg hn =
|
|
|
|
|
-- Debian pre-2.4
|
|
|
|
|
[ "/etc/apache2/sites-available/" ++ hn
|
|
|
|
|
-- Debian 2.4+
|
|
|
|
|
, "/etc/apache2/sites-available/" ++ hn ++ ".conf"
|
|
|
|
|
]
|
2014-04-13 18:36:19 +00:00
|
|
|
|
|
|
|
|
installed :: Property
|
|
|
|
|
installed = Apt.installed ["apache2"]
|
|
|
|
|
|
|
|
|
|
restarted :: Property
|
|
|
|
|
restarted = cmdProperty "service" ["apache2", "restart"]
|
2014-04-13 18:01:30 +00:00
|
|
|
|
2014-04-13 18:36:19 +00:00
|
|
|
reloaded :: Property
|
|
|
|
|
reloaded = Service.reloaded "apache2"
|
2014-04-14 01:04:34 +00:00
|
|
|
|
|
|
|
|
-- | Configure apache to use SNI to differentiate between
|
|
|
|
|
-- https hosts.
|
|
|
|
|
multiSSL :: Property
|
|
|
|
|
multiSSL = "/etc/apache2/conf.d/ssl" `File.hasContent`
|
|
|
|
|
[ "NameVirtualHost *:443"
|
|
|
|
|
, "SSLStrictSNIVHostCheck off"
|
|
|
|
|
]
|
|
|
|
|
`describe` "apache SNI enabled"
|
|
|
|
|
`onChange` reloaded
|
2014-07-22 20:40:11 +00:00
|
|
|
|
|
|
|
|
-- | Config file fragment that can be inserted into a <Directory>
|
|
|
|
|
-- stanza to allow global read access to the directory.
|
|
|
|
|
--
|
|
|
|
|
-- Works with multiple versions of apache that have different ways to do
|
|
|
|
|
-- it.
|
|
|
|
|
allowAll :: String
|
|
|
|
|
allowAll = unlines
|
|
|
|
|
[ "<IfVersion < 2.4>"
|
|
|
|
|
, "Order allow,deny"
|
|
|
|
|
, "allow from all"
|
|
|
|
|
, "</IfVersion>"
|
|
|
|
|
, "<IfVersion >= 2.4>"
|
|
|
|
|
, "Require all granted"
|
|
|
|
|
, "</IfVersion>"
|
|
|
|
|
]
|
