====== Installiert Apache Webserver ====== \\ Ein Puppetmanifest, welches den apache Webserver auf einem Debian System installiert. Es wird zusätzlich eine minimale Härtung durchgeführt, eine authentifizierung über ldap aktiviert und php installiert. **Seitenkonfigurationen werden über die Variable webpages verteilt und aktiviert.** # Install Apache Webserver and configure some defaults class infoserver_2410::install_webserver { $webpages = [ '000-default.conf', '001-db.conf', '002-backup.conf', '004-doku.conf', ] $module = "modules/infoserver_2410" $msg = "infoserver_2410:" # Install package package { "$msg Install apache2 webserver": name => 'apache2', ensure => present, } package { "$msg Install php for webserver": name => 'php', ensure => present, notify => Exec["$msg Activate ldap authentication for webserver"] } exec { "$msg Activate ldap authentication for webserver": path => [ '/usr/sbin', '/usr/bin' ], command => "a2enmod authnz_ldap", refreshonly => true, } # Check if daemon is running service { "$msg Run apache2 webserver": name => 'apache2', ensure => running, enable => true, } # Disable server information file_line { "$msg Disable Apache and OS information": path => "/etc/apache2/conf-enabled/security.conf", match => "^ServerTokens.*", line => "ServerTokens Prod", ensure => present, notify => Service["$msg Run apache2 webserver"] } file_line { "$msg Disable error pages": path => "/etc/apache2/conf-enabled/security.conf", match => "^ServerSignature.*", line => "ServerSignature Off", ensure => present, notify => Service["$msg Run apache2 webserver"] } # Configure webpages $webpath = "/etc/apache2/sites-available" $webpages.each | $webpage | { file { "$msg Create Webpage $webpage": ensure => present, path => "$webpath/$webpage", owner => root, group => root, mode => '640', source => "puppet:///$module/$webpath/$webpage", notify => Exec["$msg Enable webpage $webpage"] } exec { "$msg Enable webpage $webpage": path => [ '/usr/sbin', '/usr/bin' ], command => "a2ensite $webpage && systemctl reload apache2", refreshonly => true, } } }