confdroid/confdroid_apache
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: confdroid:master
Branches Tags
confdroid:master
confdroid:1.1.0-3.2026 confdroid:1.0.0
..
compare: confdroid:0b198633e997389192d5f8125c990a4a35eef818
Branches Tags
confdroid:master
confdroid:1.1.0-3.2026 confdroid:1.0.0

1 Commits
master ... 0b198633e9

Author SHA1 Message Date
Jenkins Server
0b198633e9 Recommit for updates in build 40 2026-03-14 13:33:54 +01:00
6 changed files with 27 additions and 83 deletions
Expand all files Collapse all files

4
README.md
View File

@@ -2,7 +2,7 @@
[![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=confdroid_apache)](https://jenkins.confdroid.com/job/confdroid_apache/) [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=confdroid_apache)](https://jenkins.confdroid.com/job/confdroid_apache/)
[![Security Hotspots](https://sonarqube.confdroid.com/api/project_badges/measure?project=confdroid_apache&metric=security_hotspots&token=sqb_783a19acf8d97e87e5c570981a8e9019d40c4654)](https://sonarqube.confdroid.com/dashboard?id=confdroid_apache) [![Security Hotspots](https://sonarqube.confdroid.com/api/project_badges/measure?project=confdroid_apache&metric=security_hotspots&token=sqb_783a19acf8d97e87e5c570981a8e9019d40c4654)](https://sonarqube.confdroid.com/dashboard?id=confdroid_apache)
[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/grizzlycoda/puppet_collection) [![Quality gate](https://sonarqube.confdroid.com/api/project_badges/quality_gate?project=confdroid_apache&token=sqb_783a19acf8d97e87e5c570981a8e9019d40c4654)](https://sonarqube.confdroid.com/dashboard?id=confdroid_apache)
- [README](#readme) - [README](#readme)
- [Synopsis](#synopsis) - [Synopsis](#synopsis)
@@ -45,7 +45,7 @@ Configuration
Optional Optional
- manage remoteIP logging if running behind a Loadbalancer like HAproxy: if `ae_use_lb` is set to `true`, a configuration file `etc/httpd/conf.d/loadbalancer-remoteip.conf`is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer. Make sure to set `ae_trusted_proxy` and `ae_internal_proxy` to the proper IP or range for the loadbalancer! - manage remoteIP logging if running behind a Loadbalancer like HAproxy: if `ae_use_lb` is set to `true`, a configuration file `etc/httpd/conf.d/loadbalancer-remoteip.conf`is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer. Make sure to set `ae_trusted_proxy`to the proper IP or range for the loadbalancer!
Maintenance Maintenance

4
doc/file.README.html
View File

@@ -60,7 +60,7 @@
<div id="content"><div id='filecontents'> <div id="content"><div id='filecontents'>
<h1 id="label-README">README</h1> <h1 id="label-README">README</h1>
<p><a href="https://jenkins.confdroid.com/job/confdroid_apache/"><img src="https://jenkins.confdroid.com/buildStatus/icon?job=confdroid_apache"></a> <a href="https://sonarqube.confdroid.com/dashboard?id=confdroid_apache"><img src="https://sonarqube.confdroid.com/api/project_badges/measure?project=confdroid_apache&amp;metric=security_hotspots&amp;token=sqb_783a19acf8d97e87e5c570981a8e9019d40c4654"></a> <a href="https://deepwiki.com/grizzlycoda/puppet_collection"><img src="https://deepwiki.com/badge.svg"></a></p> <p><a href="https://jenkins.confdroid.com/job/confdroid_apache/"><img src="https://jenkins.confdroid.com/buildStatus/icon?job=confdroid_apache"></a> <a href="https://sonarqube.confdroid.com/dashboard?id=confdroid_apache"><img src="https://sonarqube.confdroid.com/api/project_badges/measure?project=confdroid_apache&amp;metric=security_hotspots&amp;token=sqb_783a19acf8d97e87e5c570981a8e9019d40c4654"></a> <a href="https://sonarqube.confdroid.com/dashboard?id=confdroid_apache"><img src="https://sonarqube.confdroid.com/api/project_badges/quality_gate?project=confdroid_apache&amp;token=sqb_783a19acf8d97e87e5c570981a8e9019d40c4654"></a></p>
<ul><li> <ul><li>
<p><a href="#readme">README</a></p> <p><a href="#readme">README</a></p>
</li><li> </li><li>
@@ -124,7 +124,7 @@
<p>Optional</p> <p>Optional</p>
<ul><li> <ul><li>
<p>manage remoteIP logging if running behind a Loadbalancer like HAproxy: if <code>ae_use_lb</code> is set to <code>true</code>, a configuration file <code>etc/httpd/conf.d/loadbalancer-remoteip.conf</code>is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer. Make sure to set <code>ae_trusted_proxy</code> and <code>ae_internal_proxy</code> to the proper IP or range for the loadbalancer!</p> <p>manage remoteIP logging if running behind a Loadbalancer like HAproxy: if <code>ae_use_lb</code> is set to <code>true</code>, a configuration file <code>etc/httpd/conf.d/loadbalancer-remoteip.conf</code>is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer. Make sure to set <code>ae_trusted_proxy</code>to the proper IP or range for the loadbalancer!</p>
</li></ul> </li></ul>
<p>Maintenance</p> <p>Maintenance</p>

4
doc/index.html
View File

@@ -60,7 +60,7 @@
<div id="content"><div id='filecontents'> <div id="content"><div id='filecontents'>
<h1 id="label-README">README</h1> <h1 id="label-README">README</h1>
<p><a href="https://jenkins.confdroid.com/job/confdroid_apache/"><img src="https://jenkins.confdroid.com/buildStatus/icon?job=confdroid_apache"></a> <a href="https://sonarqube.confdroid.com/dashboard?id=confdroid_apache"><img src="https://sonarqube.confdroid.com/api/project_badges/measure?project=confdroid_apache&amp;metric=security_hotspots&amp;token=sqb_783a19acf8d97e87e5c570981a8e9019d40c4654"></a> <a href="https://deepwiki.com/grizzlycoda/puppet_collection"><img src="https://deepwiki.com/badge.svg"></a></p> <p><a href="https://jenkins.confdroid.com/job/confdroid_apache/"><img src="https://jenkins.confdroid.com/buildStatus/icon?job=confdroid_apache"></a> <a href="https://sonarqube.confdroid.com/dashboard?id=confdroid_apache"><img src="https://sonarqube.confdroid.com/api/project_badges/measure?project=confdroid_apache&amp;metric=security_hotspots&amp;token=sqb_783a19acf8d97e87e5c570981a8e9019d40c4654"></a> <a href="https://sonarqube.confdroid.com/dashboard?id=confdroid_apache"><img src="https://sonarqube.confdroid.com/api/project_badges/quality_gate?project=confdroid_apache&amp;token=sqb_783a19acf8d97e87e5c570981a8e9019d40c4654"></a></p>
<ul><li> <ul><li>
<p><a href="#readme">README</a></p> <p><a href="#readme">README</a></p>
</li><li> </li><li>
@@ -124,7 +124,7 @@
<p>Optional</p> <p>Optional</p>
<ul><li> <ul><li>
<p>manage remoteIP logging if running behind a Loadbalancer like HAproxy: if <code>ae_use_lb</code> is set to <code>true</code>, a configuration file <code>etc/httpd/conf.d/loadbalancer-remoteip.conf</code>is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer. Make sure to set <code>ae_trusted_proxy</code> and <code>ae_internal_proxy</code> to the proper IP or range for the loadbalancer!</p> <p>manage remoteIP logging if running behind a Loadbalancer like HAproxy: if <code>ae_use_lb</code> is set to <code>true</code>, a configuration file <code>etc/httpd/conf.d/loadbalancer-remoteip.conf</code>is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer. Make sure to set <code>ae_trusted_proxy</code>to the proper IP or range for the loadbalancer!</p>
</li></ul> </li></ul>
<p>Maintenance</p> <p>Maintenance</p>

62
doc/puppet_classes/confdroid_apache_3A_3Aparams.html
View File

@@ -350,51 +350,15 @@ inherited by all classes except defines.
<span class='name'>ae_trusted_proxy</span> <span class='name'>ae_trusted_proxy</span>
<span class='type'>(<tt>Array</tt>)</span>
<em class="default">(defaults to: <tt>[&#39;127.0.0.1&#39;,&#39;10.0.1.0/24&#39;]</tt>)</em>
&mdash;
<div class='inline'>
<p>the IP addresses of the trusted proxies, i.e. the load balancers. This is required when <code>ae_use_lb</code> is set to true, and defaults to [127.0.0.1,10.0.1.0/24].</p>
</div>
</li>
<li>
<span class='name'>ae_internal_proxy</span>
<span class='type'>(<tt>Array</tt>)</span>
<em class="default">(defaults to: <tt>[&#39;127.0.0.1&#39;,&#39;10.0.1.0/24&#39;]</tt>)</em>
&mdash;
<div class='inline'>
<p>the IP addresses of the internal proxies, i.e. the internal load balancers. This is required when <code>ae_use_lb</code> is set to true, and defaults to [127.0.0.1].</p>
</div>
</li>
<li>
<span class='name'>ae_remoteip_header</span>
<span class='type'>(<tt>String</tt>)</span> <span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;X-Forwarded-For&#39;</tt>)</em> <em class="default">(defaults to: <tt>&#39;10.0.1.0/24&#39;</tt>)</em>
&mdash; &mdash;
<div class='inline'> <div class='inline'>
<p>the header to use for the remote ip, typically <code>X-Forwarded-For</code>. This is required when <code>ae_use_lb</code> is set to true, and defaults to <code>X-Forwarded-For</code>.</p> <p>the IP address of the trusted proxy, i.e. the load balancer. This is required when <code>ae_use_lb</code> is set to true, and defaults to 10.0.1.0/24.</p>
</div> </div>
</li> </li>
@@ -410,6 +374,12 @@ inherited by all classes except defines.
<pre class="lines"> <pre class="lines">
37
38
39
40
41
42
43 43
44 44
45 45
@@ -473,18 +443,10 @@ inherited by all classes except defines.
103 103
104 104
105 105
106 106</pre>
107
108
109
110
111
112
113
114</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 43</span> <pre class="code"><span class="info file"># File 'manifests/params.pp', line 37</span>
class confdroid_apache::params ( class confdroid_apache::params (
@@ -510,9 +472,7 @@ class confdroid_apache::params (
# loadbalancer # loadbalancer
Boolean $ae_use_lb = false, Boolean $ae_use_lb = false,
Array $ae_trusted_proxy = [&#39;127.0.0.1&#39;,&#39;10.0.1.0/24&#39;], String $ae_trusted_proxy = &#39;10.0.1.0/24&#39;,
Array $ae_internal_proxy = [&#39;127.0.0.1&#39;,&#39;10.0.1.0/24&#39;],
String $ae_remoteip_header = &#39;X-Forwarded-For&#39;,
) { ) {
# facts # facts

16
manifests/params.pp
View File

@@ -30,15 +30,9 @@
# to apply the changes. This is required when using httpd behind a # to apply the changes. This is required when using httpd behind a
# load balancer like haproxy, otherwise all client ips will be logged # load balancer like haproxy, otherwise all client ips will be logged
# as the load balancer ip. # as the load balancer ip.
# @param [Array] ae_trusted_proxy the IP addresses of the trusted proxies, # @param [String] ae_trusted_proxy the IP address of the trusted proxy,
# i.e. the load balancers. This is required when `ae_use_lb` is set to # i.e. the load balancer. This is required when `ae_use_lb` is set to
# true, and defaults to ['127.0.0.1','10.0.1.0/24']. # true, and defaults to '10.0.1.0/24'.
# @param [Array] ae_internal_proxy the IP addresses of the internal proxies,
# i.e. the internal load balancers. This is required when `ae_use_lb` is set to
# true, and defaults to ['127.0.0.1'].
# @param [String] ae_remoteip_header the header to use for the remote ip,
# typically `X-Forwarded-For`. This is required when `ae_use_lb` is set
# to true, and defaults to `X-Forwarded-For`.
########################################################################### ###########################################################################
class confdroid_apache::params ( class confdroid_apache::params (
@@ -64,9 +58,7 @@ class confdroid_apache::params (
# loadbalancer # loadbalancer
Boolean $ae_use_lb = false, Boolean $ae_use_lb = false,
Array $ae_trusted_proxy = ['127.0.0.1','10.0.1.0/24'], String $ae_trusted_proxy = '10.0.1.0/24',
Array $ae_internal_proxy = ['127.0.0.1','10.0.1.0/24'],
String $ae_remoteip_header = 'X-Forwarded-For',
) { ) {
# facts # facts

16
templates/loadbalancer/remoteip.conf.erb
View File

@@ -3,18 +3,10 @@
########## manual changes will be overwritten !!! ########## ########## manual changes will be overwritten !!! ##########
############################################################################### ###############################################################################
<IfModule remoteip_module> RemoteIPHeader X-Forwarded-For
RemoteIPHeader <%= @ae_remoteip_header -%> RemoteIPTrustedProxy <%= @ae_trusted_proxy %>
<% @ae_trusted_proxy.each do |proxy| %> RemoteIPInternalProxy <%= @ae_trusted_proxy %>
RemoteIPTrustedProxy <%= proxy -%>
<% end -%>
<% @ae_internal_proxy.each do |proxy| %>
RemoteIPInternalProxy <%= proxy -%>
<% end -%>
# mod_remoteip rewrites client address for %a; use it in common/combined logs.
# Use real client IP in all standard log formats
LogFormat "%a %l %u %t \"%r\" %>s %b" common LogFormat "%a %l %u %t \"%r\" %>s %b" common
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
</IfModule>