diff --git a/manifests/init.pp b/manifests/init.pp
index 71ef8bc..13dd288 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -165,6 +165,20 @@ class cgit(
notify => Service['httpd'],
}
+ if ($::osfamily == 'Debian') {
+ # httpd_mod is not supported on Centos and mod_version is installed
+ # by default there so this is not necessary unless on Debian.
+ httpd_mod { 'version':
+ ensure => present,
+ }
+ }
+
+ if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7') {
+ package { 'mod_ldap':
+ ensure => present,
+ }
+ }
+
file { $cgitdir:
ensure => directory,
owner => 'root',
diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb
index 3a82363..104bdb8 100644
--- a/templates/httpd.conf.erb
+++ b/templates/httpd.conf.erb
@@ -140,19 +140,38 @@ Listen <%= scope.lookupvar("cgit::http_port") %>
# Example:
# LoadModule foo_module modules/mod_foo.so
#
+# The version_module has to be available for IfVersion to be parsed,
+# so breaking alphabetical order and loading it first
+
+LoadModule version_module modules/mod_version.so
+
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule cache_module modules/mod_cache.so
+= 2.4>
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_core_module modules/mod_authz_host.so
+LoadModule cache_disk_module modules/mod_cache_disk.so
+LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
+LoadModule unixd_module modules/mod_unixd.so
+
+
LoadModule authn_alias_module modules/mod_authn_alias.so
+LoadModule authn_default_module modules/mod_authn_default.so
+LoadModule authz_default_module modules/mod_authz_default.so
+LoadModule disk_cache_module modules/mod_disk_cache.so
+
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
-LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
-LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
@@ -187,11 +206,8 @@ LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
-LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
-LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule cgi_module modules/mod_cgi.so
-LoadModule version_module modules/mod_version.so
#
# The following modules are not loaded by default:
@@ -213,6 +229,10 @@ LoadModule version_module modules/mod_version.so
#
Include conf.d/*.conf
+<% if @operatingsystem == 'CentOS' && @operatingsystemmajrelease.to_i >= 7 -%>
+Include conf.modules.d/*.conf
+<% end -%>
+
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
@@ -333,8 +353,13 @@ DocumentRoot "/var/www/html"
#
# Controls who can get stuff from this server.
#
+= 2.4>
+ Require all granted
+
+
Order allow,deny
Allow from all
+
@@ -406,9 +431,14 @@ AccessFileName .htaccess
# viewed by Web clients.
#
+ = 2.4>
+ Require all denied
+
+
Order allow,deny
Deny from all
Satisfy All
+
#
@@ -546,8 +576,13 @@ Alias /icons/ "/var/www/icons/"
Options Indexes MultiViews FollowSymLinks
AllowOverride None
+ = 2.4>
+ Require all granted
+
+
Order allow,deny
Allow from all
+
#
@@ -575,8 +610,13 @@ ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
AllowOverride None
Options None
+ = 2.4>
+ Require all granted
+
+
Order allow,deny
Allow from all
+
#
@@ -854,8 +894,14 @@ Alias /error/ "/var/www/error/"
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
+ = 2.4>
+ Require all granted
+
+
Order allow,deny
Allow from all
+
+
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
diff --git a/templates/ssl.conf.erb b/templates/ssl.conf.erb
index b3a88e9..fb38b95 100644
--- a/templates/ssl.conf.erb
+++ b/templates/ssl.conf.erb
@@ -39,7 +39,9 @@ SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
+
SSLMutex default
+
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the