apache2 Cookbook

This cookbook provides a complete Debian/Ubuntu style Apache HTTPD configuration. Non-Debian based distributions supported by this cookbook have a configuration that mimics Debian/Ubuntu style because it is easier to manage with Chef.

Debian-style Apache configuration uses scripts to manage modules and sites (vhosts). The scripts are:

• a2ensite
• a2dissite
• a2enmod
• a2dismod
• a2enconf
• a2disconf

This cookbook ships with templates of these scripts for non-Debian based platforms.

Maintainers

This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.

Cookbooks

Depending on your OS configuration and security policy, you may need additional cookbooks or wrapper-cookbook resources for Apache to converge and serve traffic correctly. In particular, the following operating system settings may affect the behavior of this cookbook:

• SELinux enabled
• Firewalls (such as iptables, ufw, etc.)
• Compile tools
• 3rd party repositories

On RHEL, SELinux is enabled by default. The selinux cookbook contains a permissive recipe that can be used to set SELinux to "Permissive" state. Otherwise, additional recipes need to be created by the user to address SELinux permissions.

To deal with firewalls Chef Software does provide an iptables and ufw cookbook but is migrating from the approach used there to a more robust solution utilizing the general firewall cookbook to setup rules. See those cookbooks' READMEs for documentation.

Platforms

The following platforms and versions are tested and supported using test-kitchen:

• AlmaLinux 8+
• Amazon Linux 2023
• CentOS Stream 9+
• Debian 12+
• Fedora latest
• openSUSE Leap 15+
• Oracle Linux 8+
• Rocky Linux 8+
• Ubuntu 22.04+

Usage

It is recommended to create a project or organization specific wrapper cookbook and use the desired custom resources from this cookbook. Depending on your environment, you may have multiple Policyfile run lists or wrapper-cookbook recipes using different resource combinations. Adjust resource properties as desired.

The default install now favors secure and higher-throughput generated configuration:

• ServerSignature Off
• ServerTokens Prod
• TraceEnable Off
• Timeout 60
• KeepAliveTimeout 2
• MaxKeepAliveRequests 1000
• mpm 'event'

These values can still be explicitly overridden. Modules that require prefork compatibility, such as apache2_mod_php, should be used with apache2_install mpm 'prefork'.

apache2_install 'default_install' do
  notifies :restart, 'apache2_service[default]'
end

apache2_module 'headers' do
  notifies :reload, 'apache2_service[default]'
end

apache2_module 'ssl' do
  notifies :reload, 'apache2_service[default]'
end

apache2_default_site 'foo' do
  default_site_name 'my_site'
  template_cookbook 'my_cookbook'
  port '443'
  template_source 'my_site.conf.erb'
  action :enable
  notifies :reload, 'apache2_service[default]'
end

apache2_service 'default' do
  action [:enable, :start]
end

Example wrapper cookbooks: basic site ssl site

Resources

• install
• conf
• config
• default_site
• mod
• mod_actions
• mod_alias
• mod_auth_cas
• mod_autoindex
• mod_cache_disk
• mod_cgid
• mod_dav_fs
• mod_deflate
• mod_dir
• mod_fastcgi
• mod_fcgid
• mod_include
• mod_info
• mod_ldap
• mod_mime
• mod_mime_magic
• mod_mpm_event
• mod_mpm_prefork
• mod_mpm_worker
• mod_negotiation
• mod_pagespeed
• mod_php
• mod_proxy
• mod_proxy_balancer
• mod_proxy_ftp
• mod_reqtimeout
• mod_setenvif
• mod_ssl
• mod_status
• mod_userdir
• mod_wsgi
• module
• service
• site

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers!

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website.