Skip to main content

Buildout recipes for apache.

Project description

Apache buildout recipe

This package provides buildout recipes for the configuration of apache. This has a number of features that we have found useful in production, such as support for long CA chains, htpasswd authentication protection and the support for optional templates provided with the buildout.

We use the system apache, so this recipe will not install apache for you. If you wish to install apache, use zc.recipe.cmmi perhaps.

Mandatory Parameters

interface

The IP address of the interface on which to listen

sitename

The name of the site, used to identify the correct virtual host

serveradmin

The email address of the administrator of the server

proxyport

The port to which requests are forwarded

Optional Parameters

realm

The name of the HTTP Authentication realm, if you wish to password protect this site

passwdfile

The filename of the htpasswd file to secure the realm, defaults to “passwd” in the part directory

username

The username used in the htpasswd file

allowpurge

The IP address of a server that is permitted to send PURGE requests to this server

portal

The name of the portal object in the zope server, defaults to “portal”

template

The filename of the template file to use, if you do not wish to use the default

configfile

The name of the config file written by the recipe, defaults to “apache.cfg” in the part directory

ssl

Should ssl be on or off. By default this isn’t needed, setting the ssl options is enough to turn it on. Useful to force SSL off, even if your base buildout set defaults.

sslca

A list of full pathnames to certificate authority certificate files

sslcert

The full pathname of the ssl certificate, if required

sslkey

The full pathname of the key for the ssl certificate

redirects

A list of other domains to forward to this domain

rewrites

A list source;destination;flags that gets expanded to ‘RewriteRule source destination [flags]’

auto-www

If true, the recipe will have a Redirect for www.${sitename}. If your sitename already has a www prefix, the alias will be sitename with the prefix trimmed.

logdir

Where to store apache logs (Default: /var/log/apache2)

logformat

What apache logformat to use (Default: combined)

protected

A list of locations to set a basic auth password on, should be a list of lines of the format: <URI>:<realm>:<username>:<password>

enhanced-privacy

Set to true to stop it logging IP addresses (Default: IP addresses are logged)

Domain-level Redirects

When using isotoma.recipe.apache:redirect you can listen on an interface and redirect any hits for a domain to any url.

Mandatory Paramaters

interface

The IP and port to listen on, e.g. 192.168.0.19:80

serveradmin

The email address of the administrator of the server

redirects

A list of domain;url pairs, seperated by ‘;’. E.g. www.isotoma.com;http://www.isotoma.com/foo

Repository

This software is available from our recipe repository on github.

License

Copyright 2010 Isotoma Limited

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Changelog

1.0.4 (2013-03-19)

  • Set Keep-Alive to Off for the WSGI recipe.

1.0.3 (2012-11-26)

  • Set a Jinja2 line_statement_prefix of %. This allows for much better whitespace control in templates:

    % if requestheader is defined
    // DO STUFF
    % endif

    This avoids the whitespace mess that plagues the current templates.

  • Update built in templates to have less whitespace noise

  • IP whitelisting fixes (Deny before allow, prevent 2 <Location /> stanzas from interracting).

1.0.2 (2012-10-09)

  • Support IP whitelisting as well as username/password

1.0.1 (2012-07-05)

  • Prever SERVER_NAME over HTTP_HOST and force UseCanonicalName to Off (the default) so that SERVER_NAME will be the same as HTTP_HOST.

1.0.0 (2012-05-25)

  • Add a strict_domains setting which 403’s unpermitted domain access.

  • Make redirects permanent

0.6.19 (2012-05-25)

  • Plone recipe can now construct VHM rewrites that use %{HTTP_HOST} - allowing a single vhost to serve multiple domains via ServerAlias.

0.6.18 (2012-03-02)

  • Fix case where ${:ssl} is auto.

  • Find all doctests automatically

0.6.17 (2012-03-02)

  • Fix handling of ${:auto-www} and updated regression tests accordingly.

0.6.16 (2012-02-27)

  • Add sendfile option to the wsgi recipe to enable mod_xsendfile

0.6.15 (2012-02-23)

  • bugfix to regain python2.4 compatibility

0.6.14 (2012-02-20)

  • Allow recipe to set Header:

    header.X-Hello = SOME EXAMPLE HEADER
  • Moved some general functionality into the ApacheBase class for reuse elsewhere

  • Added isotoma.recipe.apache:maintenance to provide an apache configuration for a site which will return 503s for each request, and display a predefined maintenance page.

0.6.13 (2011-12-19)

  • Allow recipe to set RequestHeaders:

    requestheader.plone_skin = Sunburst

0.6.12 (2011-11-29)

  • Fixed an issue with PURGE not being received if basic authentication is enabled.

  • Added an “indexes” option to the wsgi recipe to limit access to directory indexes unless “indexes = on”.

0.6.11 (2011-11-28)

  • Lots of template whitespace removal to produce more legible apache configs.

  • Fixed bug where RewriteRule directives were being concatenated on a single line.

0.6.10 (2011-11-26)

  • Redirects (such as those used by the auto-www option) now pay attention to the “ssl” option, redirecting to https:// or http:// as required.

  • Updated doctests with unused option ordering.

0.6.9 (2011-09-14)

  • Brown paper bag.

0.6.8 (2011-09-14)

  • Support ${:ssl} ‘only’ option, to turn off the HTTP -> HTTP redirect

0.6.7 (2011-09-06)

  • Fix WSGI static_aliases to add a newline between each.

  • Improve output formatting of basic_auth option

0.6.6 (2011-09-05)

  • SSL now works with WSGI using either the ‘protected’ argument for multiple ‘Location’s or the ‘realm’, ‘username’, ‘password’ for ‘<Location />’

0.6.5 (2011-08-24)

  • Nothing changed yet.

0.6.4 (2011-08-22)

  • Use FileSystemLoader

0.6.3 (2011-08-17)

  • Don’t turn on auth if realm is empty

0.6.0 (2011-08-13)

  • Don’t hard code Jinja2 dependency

  • Move entirely to Jinja2

  • Remove Cheetah

  • Remove zope.testing from test dependencies

  • Remove Standalone

  • Define a ‘body’ block that can be overriden

  • Tests now use difflib to give ‘git diff’ style output when there are problems

  • Add an ssl flag so we can provide sensible ssl defaults but still turn it on and off

  • Merge apache and apache-ssl into a single template

0.5.10 (2011-07-13)

  • Pinning Jinja to stop projects using this having to pin Jinja as well

0.5.9 (2011-07-13)

  • Pinned all versions and disabled buildout’s allow-picked-verions to stablise release from dependencies.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

isotoma.recipe.apache-1.0.4.tar.gz (17.8 kB view details)

Uploaded Source

File details

Details for the file isotoma.recipe.apache-1.0.4.tar.gz.

File metadata

File hashes

Hashes for isotoma.recipe.apache-1.0.4.tar.gz
Algorithm Hash digest
SHA256 bc923862b43eb6ee51467fc7e4049714d52451b0d9a8859c71e3f155dbcf1127
MD5 49fd66bea51d3ed106ec104929b2ec91
BLAKE2b-256 9a4c839be7de427ab711b5cb2917dba34deb68f6ad18f915d750c27746bd9466

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page